Protecting critical infrastructure from Cyber-attack

Size: px

Start display at page:

Download "Protecting critical infrastructure from Cyber-attack"

Paulina Hart
8 years ago
Views:

1 Protecting critical infrastructure from Cyber-attack ACI-NA BIT Workshop, Session 6 (Cybersecurity) Long Beach, California October 4, 2015 Ben Trethowan Aviation Systems & Security Architect

2 The scale of the threat Nuisance Threats Unskilled attackers, scanners & crawlers, SPAM, worms / viruses, and basic malware. Cyber Crime Threats Opportunistic, broad-based, motivated by financial gain. Hacktivism Threats Organised attacks associated with a group of individuals with political, ethical, religious, or retaliatory motives. Nation State Threats State-sponsored campaigns, exfiltration of IP or R&D, etc., seeking competitive, economic, or state security advantage. Insider Threats Legitimate internal user with hidden malicious intentions. Advanced Persistent Threats Targeted, organised and funded attacks associated with powerful entities. 2

3 The possible impacts of Cyber-attack Advanced Persistent Threat (APT) Campaign Targeting Airports Center for Internet Security 2013 Annual Report (2013) Malicious traffic from two nation states, result of a phishing , public document used as address source, 75 airports impacted. Istanbul Ataturk International Airport targeted by a cyber attack Security Affairs, Hurriyet Daily News, The Hacker News, etc. (2013) Passport control system affected, potential result of malware, potential links to semi-trusted network (Polnet), departures delayed significantly (hours). Hackers Divert Sony Exec s Plane, Launch DoS Attack on PSN Forbes, Billboard, ExtremeTech, etc. (2014) Battle.net and PSN taken offline, result of DDoS attack, group tweeted explosives on board plane of SOE President John Smedley; flight diverted. 3

4 The possible impacts of Cyber-attack Attack On LOT Polish Airline Grounds 10 Flights Forbes, Reuters, Business Insider, etc. (2015) Ground operation systems affected, related to flight planning, suspected DDoS attack vector, 10 flights / ~1,500 passengers impacted, unavailable for ~5 hours. Mass hack sees British Airways freeze thousands of accounts RT, BBC, International Business Times, etc. (2015) Frequent flyer accounts targeted, result of an automated process using thirdparty information obtained elsewhere, tens of thousands of accounts affected. Islamic State message on hacked Hobart Airport website The Sydney Morning Herald, Antara News, The Australian, etc. (2015) Website defaced with statement supporting radical group Islamic State, nondiscriminate affecting multiple websites, airport s website shut down to resolve. 4

5 Foundational security elements Inventory of Devices Inventory of Software Secure Configurations for Hardware / Software Continuous Vulnerability Assessment & Remediation Malware Defenses Application Software Security Wireless Access Control Data Recovery Capability Security Skills Assessment & Training Secure Configurations for Network Devices Limitation and Control of Network Ports, Protocols, etc. Controlled Use of Administrative Privileges Boundary Defense Maintenance, Monitoring & Analysis of Audit Logs Controlled Access Based on Need to Know Account Monitoring & Control Data Protection Incident Response & Management Secure Network Engineering Penetration Tests & Red Team Exercises 5

6 Foundational security elements but it s not connected to the Internet. but it s got a Firewall. but users are screened / vetted / hold a security clearance. but it s located in a secure area. but it s only connected to trusted networks. 6

7 Foundational security elements Case Study: A (very) bad network security architecture. 7

8 Specialist advice and expertise Governance Structure, roles / responsibilities, statutory requirements, culture, policy, procedures, audit / review. Monitoring Detection, service, reporting, incident response, forensic considerations, SIEM, IDS / IPS. Liaison Specialist forums, professional associations, industry groups, CERTs, law enforcement. Network Security Management Boundary protection, capability depth, authentication techniques, logical segregation, external access. Cryptography Key management, PKI, selection of primitives, key lengths, key ownership, protocol combinations. Technical Vulnerability Management Vulnerability assessment, penetration testing, independence, legal issues, scope, remediation. 8

9 Intelligence sharing and collaboration National National security agency, CERTs, law enforcement authorities. Industry Group Regulator, domain-specific, security specialist involvement. Specialist Forum / Professional Association Technology-specific, user groups, special interest groups. Enterprise Cross business-area, multiple assets, multiple support teams. Web portal Multi-factor authentication Securely partitioned Community based Enforcement of classifications / protective markings Ad-hoc special interest group / thread creation, etc. 9

10 Protecting against advanced threats Effective Methodology Proven analysis process, rapid response, priority driven, proactive (not reactive), collaboration. Analyst Tools Knowledge management, advanced visibility, cross-domain correlation, workflow enhancement. Advanced Analytics Intelligence gathering, identifying campaigns, understanding adversaries, continuous refinement. Threat & Information Sharing Collaborative, intuitive, securely partitioned, actionable, case / campaign / advisory distribution. Improved Awareness Campaign strategy, effectiveness testing, interactive games, spotlight videos, webinars, podcasts. Advanced APT Sensors Complex near real-time detection, non signature-based, context aware, depth of analysis. 10

Practical Steps To Securing Process Control Networks

Practical Steps To Securing Process Control Networks Villanova University Seminar Rich Mahler Director, Commercial Cyber Solutions Lockheed Martin Lockheed Martin Corporation 2014. All Rights Reserved.