ADVANCED PERSISTENT THREATS & ZERO DAY ATTACKS

Transcription

1 情 報 ネットワーク 法 学 会 研 究 大 会 基 調 講 演 2010 年 12 月 11 日 VN PRSISTNT THRTS & ZRO Y TTKS Japan Law Workshop ecember 11, 2010 yber Security Strategies, LL 1 VN PRSISTNT THRTSと ゼロデイ 攻 撃 Japan Law Workshop ecember 11, 2010 yber Security Strategies, LL 1 1

2 情 報 ネットワーク 法 学 会 研 究 大 会 基 調 講 演 2010 年 12 月 11 日 Is The yber Tipping Point STONI GORGI L UTS THUM RIV N SOIL NTWORKING/WIKILKS YR SPIONG/OPRTION UROR KOR STUXNT YR RIMINL.YR TRRORISM yber Security Strategies, LL Is The yber Tipping Point 2008~2010 年 はサイバーの 転 換 点 ( 臨 界 点 ) エストニア グルジア ケーブル 切 断 USメモリ(Thumb-drive)の 禁 止 ソーシャルネットワーキング/ウィキリークス サイバースパイ/UROR 作 戦 韓 国 Stuxnet 攻 撃 サイバー 犯 罪.サイバーテロ * Stuxnet: Windowsのショートカットファイルに 存 在 する 脆 弱 性 を 狙 ったマルウェアで 制 御 システムや 電 力 会 社 を 狙 った 初 のマルウェア yber Security Strategies, LL 2 2

3 情 報 ネットワーク 法 学 会 研 究 大 会 基 調 講 演 2010 年 12 月 11 日 yber rime Is t The Scale of The rug Trade yber crime it s easier it s lower risk it s as lucrative Malware is the weapon yber Security Strategies, LL 3 yber rime Is t The Scale of The rug Trade サイバー 犯 罪 の 規 模 は 麻 薬 取 引 の 規 模 に 匹 敵 サイバー 犯 罪 より 簡 単 に より 低 いリスクに 儲 かるように なってきています 武 器 はマルウェア yber Security Strategies, LL 3 3

4 情 報 ネットワーク 法 学 会 研 究 大 会 基 調 講 演 2010 年 12 月 11 日 Wide Range of yber rime Victims March 5, 2010 Westin onaventure L hacked; redit/debit card data lost Jan. 30, 2010 Malware-infected P exposes SIU student SSN s Oct. 1, 2009 Targeted s distributed malware in Payhoice breach Sep. 25, 2009 UN hapel Hill server hacked; 236,000 records breached Jul. 24, 2009 Network Solutions server hacked; 573,000 records lost May 28, 2009 etna server breached; 65,000 records stolen yber Security Strategies, LL 4 Wide Range of yber rime Victims サーバー 犯 罪 被 害 の 拡 大 March 5, 2010 Westin onaventure ホテルLがハックされ クレジットカード/デビッ トカードのデータ 損 失 Jan. 30, 2010 マルウェアに 感 染 したPにより 南 イリノイ 大 学 生 の 社 会 保 障 番 号 の 公 開 Oct. 1, 2009 Payhoiceの 漏 洩 により 標 的 型 メールがマルウェアを 配 布 Sep. 25, 2009 UN hapel Hillのサーバがハックされ 236,000 件 のレコードが 漏 洩 Jul. 24, 2009 Network Solutionsのサーバがハックされ 573,000 件 のレコード が 損 失 May 28, 2009 etnaのサーバの 漏 洩 により 65,000 件 のレコードが 盗 難 yber Security Strategies, LL 4 4

5 情 報 ネットワーク 法 学 会 研 究 大 会 基 調 講 演 2010 年 12 月 11 日 yber spionage a Rapidly Rising Threat yber espionage it s happening it s intense it s a top priority Sophisticated nterprises are targets Malware is the weapon yber Security Strategies, LL 5 yber spionage a Rapidly Rising Threat サイバースパイで 急 速 に 増 加 する 脅 威 サイバースパイ 実 際 に 発 生 しており 激 化 しており 最 優 先 課 題 になっています 洗 練 された 事 業 (Sophisticated nterprises) が 標 的 武 器 はマルウェア yber Security Strategies, LL 5 5

6 Rising Tide of yber spionage Jan 14, 2010 Operation urora: dobe Identified s Victim of ttack Jan 12, 2010 Operation urora targets Google IP, Gmail accessed May 13, 2009 US Homeland Security information network hacked pr 21, 2009 ttackers breach $300 Joint Strike Fighter project Mar 28, 2009 GhostNet - Vast Spy System Loots Ps in 103 ountries ec. 02, 2008 Malware targets U.S. military computers gent.btz Nov. 20, 2008 Network Security reaches Plague NS 6 yber Security Strategies, LL Rising Tide of yber spionage サイバースパイの増加傾向 Jan 14, 2010 urora作戦: dobe への攻撃が判明 Jan 12, 2010 urora 作戦は Google を標的 知的財産と Gmail がアクセスさ れた May 13, 2009 米国土安全保障省の情報ネットワークがハックされた pr 21, 2009 攻撃者が3000億ドルのJSF(統合攻撃戦闘機)プロジェクトを漏洩 Mar 28, 2009 GhostNet 大規模なスパイシステムが103カ国のPを略奪 ec. 02, 2008 マルウェアが米軍のコンピュータを標的 gent.btz Nov. 20, 2008 ネットワークセキュリティ侵害がNSに蔓延 6 yber Security Strategies, LL 6

7 Strategic Security and Risk Management must be adopted in orporate cultures yber Warfare it s targeting everyone leadership must prioritize the board room must care Malware changes landscape omprehensive approach for ritical Infrastructure e.g Power Grid, anks etc. major cyber attack on ritical Infrastructure economically devastating oth state and non-state espionage has created the opportunity 7 yber Security Strategies, LL 戦略的セキュリティとリスクマネジメントを 企業文化として取り込まなければならない サイバー戦争 誰でも標的にされる リーダーシップが必須 経営陣が留意しなければ ならない マルウェアにより状況が 一変 情報インフラストラクチャへの広範な攻撃 例 パワーグリッド 銀行など 重要インフラストラクチャを狙った大規模なサイバー攻撃は 経済的に打撃を与える 国家及び国家以外のスパイが引き起こす可能性がある 7 yber Security Strategies, LL 7

8 haracterizing dvanced Persistent Threats 8 yber Security Strategies, LL haracterizing dvanced Persistent Threats dvanced Persistent Threatsの特徴 8 yber Security Strategies, LL 8

9 yber Security Maturity Model* Robust Information & ommunications Technologies for Mission Success NTION STT Resilience Threat VN PRSISTNT THRT Most Organizations ONVNTIONL THRT gility / Speed of ction Reactive & Manual People based following doctrine and doing their best to put out fires Tools-ased Integrated Picture pplying tools and technologies piecemeal to assist people in reacting faster Loosely integrated with focus on interoperability and standards based data exchange for I situational awareness ynamic efense Predictive and agile, the enterprise instantiates policy, illuminates events and helps the operators find, fix, and target for response Resilient nterprise Predictive & mission focused, isolates and contains damage, secure supply chains and protect key critical infrastructures to operate through cyber attack 9 *yber Security Strategies, LL yber Security Maturity Model* サイバーセキュリティ成熟度モデル Robust Information & ommunications Technologies for Mission Success NTION STT 耐性 脅威 VN PRSISTNT THRT 大半の組織 ONVNTIONL THRT 俊敏性 / 行動のスピード 事後対応 / 手作業 People based following doctrine and doing their best to put out fires ツールベース 統合 pplying tools and technologies piecemeal to assist people in reacting faster Loosely integrated with focus on interoperability and standards based data exchange for I situational awareness 動的な防御 Predictive and agile, the enterprise instantiates policy, illuminates events and helps the operators find, fix, and target for response 耐性のある エンタープライズ Predictive & mission focused, isolates and contains damage, secure supply chains and protect key critical infrastructures to operate through cyber attack 9 *yber Security Strategies, LL 9

10 ynamic efense: Why?? Like any crime, cyber attacks boil down to the loss of one of 3 things: 1. Informati on (onfide ntiality) ritical data, financial data, personal data 2. ontrol (Integrity) Resources are being controlled by someone else 3. ssets (vailability) systems aren t available, don t work, or don t work correctly or reliably. 10 ynamic efense: Why?? 動的な防御 なぜ必要 他の犯罪と同様に サイバー攻撃は以下のいずれかの損失におとしめる 1. 情報 (機密性) 貴重なデ 2. コントロール (完全性) ータ 金融関連データ 個 どこかの誰かにリソースが 人データ コントロールされてしまう 3. 資産 (可用性) システム が利用できない 動作しな い 正しく動作しない 信頼で きる状態で動作しない 10 10

11 When the Problem Started User Land Public Server Scan & xploit ttack Workstation Internal Server Systems were given Internet ddresses They could be connected to from anywhere in the world ttackers would scan looking for Vulnerable Services Malware 11 3 When the Problem Started 問題の発端 利用者側 公開サーバ ﾜｰｸｽﾃｰｼｮﾝ スキャン & 特権奪取攻撃 内部サーバ 3 システムにインターネットアドレスが与えら れる システムは世界中のどこからでも接続可能 攻撃者は脆弱なサービスを探索するために スキャンする マルウェア 11 11

12 yber Security Maturity Model* Robust Information & ommunications Technologies for Mission Success Threat-Policy Resilience Most Organizations gility / Speed of ction Reactive & Manual People based following doctrine and doing their best to put out fires Tools-ased Integrated Picture pplying tools and technologies piecemeal to assist people in reacting faster Loosely integrated with focus on interoperability and standards based data exchange for I situational awareness ynamic efense Predictive and agile, the enterprise instantiates policy, illuminates events and helps the operators find, fix, and target for response Resilient nterprise Predictive & mission focused, isolates and contains damage, secure supply chains and protect key critical infrastructures to operate through cyber attack 12 *yber Security Strategies, LL yber Security Maturity Model* サイバーセキュリティ成熟度モデル Robust Information & ommunications Technologies for Mission Success 脅威 - ポリシー 耐性 大半の組織 俊敏性 / 行動のスピード 事後対応 / 手作業 People based following doctrine and doing their best to put out fires ツールベース 統合 pplying tools and technologies piecemeal to assist people in reacting faster Loosely integrated with focus on interoperability and standards based data exchange for I situational awareness 動的な防御 Predictive and agile, the enterprise instantiates policy, illuminates events and helps the operators find, fix, and target for response 耐性のある エンタープライズ Predictive & mission focused, isolates and contains damage, secure supply chains and protect key critical infrastructures to operate through cyber attack 12 *yber Security Strategies, LL 12

13 Global yber hallenge Synchronizing Governance, Policy, Standards, Regulation, and Privacy alancing National Security and conomic Security 13 Global yber hallenge グローバルなサイバーでの挑戦 ガバナンスとポリシー スタンダード 規制とプライバシーの同調 国家的セキュリティと 経済的セキュリティのバランス 13 13

14 yber Security Maturity Model* Robust Information & ommunications Technologies for Mission Success Threat-Technology Resilience Most Organizations gility / Speed of ction Reactive & Manual People based following doctrine and doing their best to put out fires Tools-ased Integrated Picture pplying tools and technologies piecemeal to assist people in reacting faster Loosely integrated with focus on interoperability and standards based data exchange for I situational awareness ynamic efense Predictive and agile, the enterprise instantiates policy, illuminates events and helps the operators find, fix, and target for response Resilient nterprise Predictive & mission focused, isolates and contains damage, secure supply chains and protect key critical infrastructures to operate through cyber attack 14 *yber Security Strategies, LL yber Security Maturity Model* サイバーセキュリティ成熟度モデル Robust Information & ommunications Technologies for Mission Success 耐性 脅威 - 技術 大半の組織 俊敏性 / 行動のスピード 事後対応 / 手作業 People based following doctrine and doing their best to put out fires ツールベース 統合 pplying tools and technologies piecemeal to assist people in reacting faster Loosely integrated with focus on interoperability and standards based data exchange for I situational awareness 動的な防御 Predictive and agile, the enterprise instantiates policy, illuminates events and helps the operators find, fix, and target for response 耐性のある エンタープライズ Predictive & mission focused, isolates and contains damage, secure supply chains and protect key critical infrastructures to operate through cyber attack 14 *yber Security Strategies, LL 14

15 HSS powered by cloud=ynamic defense Vulnerability ontinuous Monitoring File Reputation Web Reputation mail Reputation Network Reputation Management Framework Layered efense HIPS V Policy uditor Managed Systems HSS Suite 15 onfidential Mcfee Internal Use Only 15 HSS powered by cloud=ynamic defense クラウドによるHSS = 動的な防御 Vulnerability 継続的な モニタリング File Reputation Web Reputation mail Reputation Network Reputation マネジメント フレームワーク 階層化した防御 HIPS V Policy uditor Managed Systems HSS Suite 15 onfidential Mcfee Internal Use Only 15 15

16 yber Security Maturity Model* Robust Information & ommunications Technologies for Mission Success Threat-Technology Resilience loud Securty, greateer use of hardware, virtulaization, situational awareness Most Organizations gility / Speed of ction Reactive & Manual People based following doctrine and doing their best to put out fires Tools-ased Integrated Picture pplying tools and technologies piecemeal to assist people in reacting faster Loosely integrated with focus on interoperability and standards based data exchange for I situational awareness ynamic efense Predictive and agile, the enterprise instantiates policy, illuminates events and helps the operators find, fix, and target for response Resilient nterprise Predictive & mission focused, isolates and contains damage, secure supply chains and protect key critical infrastructures to operate through cyber attack 16 *yber Security Strategies, LL yber Security Maturity Model* サイバーセキュリティ成熟度モデル Robust Information & ommunications Technologies for Mission Success 耐性 脅威 - 技術 クラウドセキュリティ ハードウェアと仮想化 の積極的な利用 situational awareness 大半の組織 俊敏性 / 行動のスピード 事後対応 / 手作業 People based following doctrine and doing their best to put out fires ツールベース 統合 pplying tools and technologies piecemeal to assist people in reacting faster Loosely integrated with focus on interoperability and standards based data exchange for I situational awareness 動的な防御 Predictive and agile, the enterprise instantiates policy, illuminates events and helps the operators find, fix, and target for response 耐性のある エンタープライズ Predictive & mission focused, isolates and contains damage, secure supply chains and protect key critical infrastructures to operate through cyber attack 16 *yber Security Strategies, LL 16

17 loud omputing = Resiliency enefits Priorities On emand Service road Network ccess Resource Pooling Rapid lasticity Measured Service 1.Strong registration process 2.Robust authentication and access control 3.Strict supply chain risk management & inside threat checks 4.efense in depth (especially Monitoring) 5.ncryption of data at rest/transit 6.Understand usage and plan to operate thru cyber events risk management 17 loud omputing = Resiliency クラウドコンピューティング = 耐性 利点 Priorities 優先度付け オンデマンド サービス 広域ネットワークアクセス リソースのプール 迅速で柔軟 対策済みのサービス 1.強固な登録プロセス 2.強固な主体確認とアクセス制御 3.厳格なサプライチェイン リスクマネジメ ント & 内在する脅威の確認 4.efense in depth (特にモニタリング) 5.保存と移行時のデータ暗号化 6.利用状況の理解とサイバーイベントを 通じた運用計画 risk management 17 17

18 Testing the Hypothesis of the loud o s R and Storefront Gateway to a more secure computing center Storefront allows users to download large business applications and services form the site, similar to pple s ppstore 18 クラウドについての仮説と検証 国防総省の R と Storefront R: よりセキュアなコンピューテ ィングセンターへのゲートウ ェイ Storefront: 利用者が多数のビジネスア プリケーションサイト用のサ ービスをダウンロードできる pple の ppstore のよう なもの 18 18

19 19

20 Roadmap from Legacy to loud omputing Rigid State Technology Obsolete IT Infrastructure ependence on Proprietary Technology Inefficient Use of IT apacity Outmoded / Non-secure Remote ccess Reactive Request and Reply Focused Unstable operation Low wareness of Incidents atch Processing Orientation Fragmented Help esk/support Structure Streamlined Utility State loud ompute State Technology Technology Massive IT Modernization ISO 9001 Standards Service Focused ynamic Load alance for Web pps -uthentication Nationwide IT Help esk -Mail Modernization IPv6 ompliance ITIL Standards ontinuous Technology Refreshment Proactive Sense and Response Focused Integrated pproach to Remote ccess Integrated IT Nationwide Ubiquitous network access. Location independent resource pooling. Predictive Scaling of IT Zero ependence on Proprietary Technology dge omputing lways On IT Resilience Increased utilization efficiencies Secure 2 onnectivity onvenient Web-ased, nduser ccess nterprise Identity Management nterprise ontent Management On-demand self-service. Rapid elasticity. Measured Service Reduced apex and Opx usiness usiness Many Silos / Limited Integration Inconsistent Standards onflicting Procedures Inability to Leverage Products Limited ommon View of nterprise Information Work Force No Measurement of Satisfaction No ccess to Trouble Tickets Large lerical Interface Stovepipe Processes Outcome High TO Misaligned ost / Performance Limited OOP capability uild Once, Service Many limination of uplicate ata ntry to isparate Systems nterprise Services Initiated Records Management Workflow usiness Partner Integration usiness Work Force Increased Knowledge Retention High Mobility Work Force Measurable Support Service levels ccess to Trouble Ticket status Increased Wireless evice Usage Upgraded esktops / Tools Self Service Web-nabled Tele-Worker Integrated ccess to ollaboration Tools Outcome Increased ompliance Improved ccess to Financial Information Improved IV doption of HSP-12 ssured OOP Predictable IT Spend High-onfidence OOP Measurable Performance Rapid isaster Relief Mobilization Outcome Simplified nd-to-nd usiness Process Faster Time from Policy to Implementation Increased Stakeholder Productivity Through Self-Service Simplified ccess Maximized Resource Utilization Organization-wide SO Standards nhanced ata Integrity entralized ata Management Roadmap from Legacy to loud omputing レガシーからクラウドコンピューティングへの道のり Rigid State Technology Obsolete IT Infrastructure ependence on Proprietary Technology Inefficient Use of IT apacity Outmoded / Non-secure Remote ccess Reactive Request and Reply Focused Unstable operation Low wareness of Incidents atch Processing Orientation Fragmented Help esk/support Structure Streamlined Utility State loud ompute State Technology Massive IT Modernization ISO 9001 Standards Service Focused ynamic Load alance for Web pps -uthentication Nationwide IT Help esk -Mail Modernization IPv6 ompliance Technology ITIL Standards ontinuous Technology Refreshment Proactive Sense and Response Focused Integrated pproach to Remote ccess Integrated IT Nationwide Ubiquitous network access. Location independent resource pooling. Predictive Scaling of IT Zero ependence on Proprietary Technology dge omputing lways On IT Resilience Increased utilization efficiencies Secure 2 onnectivity onvenient Web-ased, nduser ccess nterprise Identity Management nterprise ontent Management On-demand self-service. Rapid elasticity. Measured Service Reduced apex and Opx usiness usiness Many Silos / Limited Integration Inconsistent Standards onflicting Procedures Inability to Leverage Products Limited ommon View of nterprise Information Work Force No Measurement of Satisfaction No ccess to Trouble Tickets Large lerical Interface Stovepipe Processes Outcome High TO Misaligned ost / Performance Limited OOP capability uild Once, Service Many limination of uplicate ata ntry to isparate Systems nterprise Services Initiated Records Management Workflow usiness Partner Integration Work Force Increased Knowledge Retention High Mobility Work Force Measurable Support Service levels ccess to Trouble Ticket status Increased Wireless evice Usage Upgraded esktops / Tools Self Service Web-nabled Tele-Worker Integrated ccess to ollaboration Tools Outcome Predictable IT Spend High-onfidence OOP Measurable Performance Rapid isaster Relief Mobilization usiness Increased ompliance Improved ccess to Financial Information Improved IV doption of HSP-12 ssured OOP Outcome Simplified nd-to-nd usiness Process Faster Time from Policy to Implementation Increased Stakeholder Productivity Through Self-Service Simplified ccess Maximized Resource Utilization Organization-wide SO Standards nhanced ata Integrity entralized ata Management 20

21 The volution of R loud omputing at IS (R 2.0) loud Services loud Management OLLORTION TST MNGMNT PORTL LOU ORHSTRTION & OUNTING USINSS SRVI MGMT VRSION ONTROL SRVIS IT SRVI MGMT loud Infrastructure SURITY MGMT TS IT OPRTIONS Multiple s Multiple Operating System Platforms PLTFORMS PROVISIONING Multiple PROSSING KUP/RHIV Multiple Storage STORG ONFIGURTION MGMT IS:efence Information Systems gency 米国 防衛情報システム局 R の進化 ISにおけるクラウドコンピューティング (R 2.0) クラウドサービス クラウドマネージメント OLLORTION TST MNGMNT PORTL LOU ORHSTRTION & OUNTING USINSS SRVI MGMT VRSION ONTROL SRVIS クラウドインフラストラクチャ IT SRVI MGMT SURITY MGMT IT OPRTIONS TS PLTFORMS Multiple s Multiple Operating System Platforms PROSSING Multiple STORG Multiple Storage PROVISIONING KUP/RHIV ONFIGURTION MGMT 21

22 Secure loud omputing Model loud omputing Vision loud Services loud Management SL & SYSTM RPORTING PROXY/GTWYS OLLORTION TST MNGMNT W SRVR &PORTL SVS IRTORY SRVIS ROSS OMIN SRVIS TST T SS UGTING & FINNIL TOOLS PP PLOYMNT SRVIS NTWORK SIMULTION LIV T STRMS USINSS SRVI MGMT SURITY VLUTION SVS VRSION ONTROL SRVIS RLS N FILK SRVIS USR ONTROLL KUP/RHIV IT SRVI MGMT PORTL LOU ORHSTRTION & OUNTING loud Infrastructure SURITY MGMT MILWR TS Multiple IT OPRTIONS Multiple s Multiple Operating System PLTFORMS PROVISIONING Multiple PROSSING KUP/RHIV Multiple Storage STORG Multiple Network NTWORK ONFIGURTION MGMT セキュア クラウドコンピューティング モデル クラウドコンピューティングのビジョン クラウドサービス クラウドマネージメント SL & SYSTM RPORTING PROXY/GTWYS OLLORTION TST MNGMNT W SRVR &PORTL SVS IRTORY SRVIS ROSS OMIN SRVIS TST T SS UGTING & FINNIL TOOLS PP PLOYMNT SRVIS NTWORK SIMULTION LIV T STRMS USINSS SRVI MGMT VRSION ONTROL SRVIS RLS N FILK SRVIS USR ONTROLL KUP/RHIV IT SRVI MGMT SURITY VLUTION SVS クラウドインフラストラクチャ MILWR PORTL LOU ORHSTRTION & OUNTING SURITY MGMT Multiple IT OPRTIONS TS PLTFORMS Multiple s Multiple Operating System PROSSING Multiple STORG Multiple Storage NTWORK Multiple Network PROVISIONING KUP/RHIV ONFIGURTION MGMT 22

23 Other US xamples U.S. General Services dministration (GS) Federal loud omputing Initiative reate a more agile Federal enterprise where services can be reused and provisioned on demand to meet business needs. Increase efficiencies by optimizing common services and solutions Reduce the cost of IT infrastructure by utilizing commercially available technology that is based on virtualization of servers, databases and applications to allow for capital cost savings その他の米国事例 U.S. General Services dministration (GS) 連邦クラウドコンピューティング イニシアティブ reate a more agile Federal enterprise where services can be reused and provisioned on demand to meet business needs. Increase efficiencies by optimizing common services and solutions Reduce the cost of IT infrastructure by utilizing commercially available technology that is based on virtualization of servers, databases and applications to allow for capital cost savings 23

24 Other US xamples U.S. General Services dministration (GS) Federal loud omputing Initiative その他の米国事例 U.S. General Services dministration (GS) 連邦クラウドコンピューティング イニシアティブ 24

25 nterprise cloud strategy nable cloud providers Help customers secure, source, and govern cloud services Provide cloud services nterprise cloud strategy エンタープライズ クラウド戦略 クラウド提供者に寄与する クラウド利用者を安全にする クラウドサービスを統治する クラウドサービスを提供する 25

26 yber Security Maturity Model* Robust Information & ommunications Technologies for Mission Success LK LTS Human apital Resilience ROWN LTS Most Organizations GRN LTS gility / Speed of ction Reactive & Manual People based following doctrine and doing their best to put out fires Tools-ased Integrated Picture pplying tools and technologies piecemeal to assist people in reacting faster Loosely integrated with focus on interoperability and standards based data exchange for I situational awareness ynamic efense Predictive and agile, the enterprise instantiates policy, illuminates events and helps the operators find, fix, and target for response Resilient nterprise Predictive & mission focused, isolates and contains damage, secure supply chains and protect key critical infrastructures to operate through cyber attack 19 *yber Security Strategies, LL yber Security Maturity Model* サイバーセキュリティ成熟度モデル Robust Information & ommunications Technologies for Mission Success LK LTS 耐性 人口 ROWN LTS 大半の組織 GRN LTS 俊敏性 / 行動のスピード 事後対応 / 手作業 People based following doctrine and doing their best to put out fires ツールベース 統合 pplying tools and technologies piecemeal to assist people in reacting faster Loosely integrated with focus on interoperability and standards based data exchange for I situational awareness 動的な防御 Predictive and agile, the enterprise instantiates policy, illuminates events and helps the operators find, fix, and target for response 耐性のある エンタープライズ Predictive & mission focused, isolates and contains damage, secure supply chains and protect key critical infrastructures to operate through cyber attack 19 *yber Security Strategies, LL 26

27 yber Security Maturity Model* Strong Governance Mission Success GOVRNN Resilience Most Organizations gility / Speed of ction Reactive & Manual Tools-ased d Hoc with loose structure and little oversight No formal structure Integrated Picture entral oordination IO/TO Risk Mgmt ulture Policy/Standards Frameworks ynamic efense ommand Structure International ooperation Policy nforcement Resilient nterprise National Structure Mission ssurance ulture Physical/Logical onvergence Supply hain Risk Management 20 *yber Security Strategies, LL yber Security Maturity Model* サイバーセキュリティ成熟度モデル Strong Governance Mission Success ガバナンス 耐性 大半の組織 事後対応 / 手作業 No formal structure ツールベース d Hoc with loose structure and little oversight 統合 entral oordination IO/TO Risk Mgmt ulture Policy/Standards Frameworks 動的な防御 ommand Structure International ooperation Policy nforcement 耐性のある エンタープライズ National Structure Mission ssurance ulture Physical/Logical onvergence Supply hain Risk Management 20 *yber Security Strategies, LL 27

28 yber Governance 21 yber Governance サイバーガバナンス 21 28

29 uilding ynamic efense Reduce the ttack surface/gile defense Strong Identity protection/attribution for people, applications and devices Mission-based architectures: automated mgmt of vulnerabilities/threats-trust Zones! nterprise Security Protection (encryption) and Management Persistent ttack, Sensing, Warning and Response from the perimeter to the edge Inbound & Outbound threat protection eploy host based security xpand protection for mobile devices 22 yber Security Strategies, LL uilding ynamic efense 動的な防御の構築 攻撃対象領域の削減 俊敏な防御 強力なアイデンティティ保護 人とアプリケー ション デバイスの属性 ミッションベースド アーキテクチャ 脆弱性 脅威の自動管理 トラスト ゾーン エンタープライズセキュリティ保護 暗号化 と 管理 境界までだけでなく末端にまで対応する継続 的な攻撃の検知 警告 応答機能 インバウンド及びアウトバウンドの脅威保護 ホストベースセキュリティの導入 モバイルデバイスへの保護の拡張 22 yber Security Strategies, LL 29

30 ommon Sense pproach to Mitigating Insider Threats/Wikileaks Technology Full suite of I/N tools ata Leakage Protection Port controls / evice Usage Real-time Monitoring Strong Identity ssurance Physical and lectronic ccess ontrols People/Process Periodic Security wareness Training Shift in ulture Understand Network 23 5 内在脅威を軽減する常套手法/Wikileaks 技術 I/N: Information ssurance/omputer Network efense (US o) I/N ツールの総揃え データ流出保護 ポート制御 / デバイス利用 リアルタイム モニタリング 強固なアイデンティティ保証 物理的及び電子的アクセス制御 人 / プロセス 定期的なセキュリティ啓発教育 文化醸成へ ネットワークの理解

31 Towards Resilient nterprise usiness continuity during an attack Map & prioritize crown jewels Share information with key partners Flexible encryption and key mgmtontent ased Security! loud Security! Secure supply chains/software security Systems assurance up and down the ISO Stack-move to hardware! Link continuity efforts to operate through cyber attack 24 yber Security Strategies, LL Towards Resilient nterprise 耐性のあるエンタープライズに向けて 攻撃を受けている間もビジネス継続を維持 重要な資産の特定と優先順位付け 重要なビジネスパートナーとの情報共有 柔軟性の高い暗号化と鍵管理 コンテントベースド セキュリティ クラウド セキュリティ セキュアなサプライチェーン ソフトウェアセキュリティ システムの保証を向上し ISOの７階層 のより低いレベル ハードウェアに移行 サイバー攻撃中の運用をビジネス継続に 連携 24 yber Security Strategies, LL 31

32 Strategic Security is only way to address advanced persistent threat wareness/ommitment-from board room down Implement a pro-active prevention program to address both outside attacks and insider threat dopt yber Security Maturity Model* to achieve a dynamic defense capability with real-time interoperable detection and response aking resilience into the enterprise to operate through cyber attack or disruption Summary 25 yber Security Strategies, LL* Strategic Security is only way to address advanced persistent threat 戦略的セキュリティなくしては dvanced persistent threat を解決できない 経営陣からのトップダウンによる啓発とコミット プロアクティブな防止プログラムを実践し 外部か らの攻撃と内在する脅威の両方に対処する サイバーセキュリティ成熟度モデルを取り入れ 相互運用できるリアルタイムの検出 対応機能を 利用して 動的な防御 を実現する エンタープライズの耐性を強化し サイバー攻撃 や妨害活動の進行中も運用を継続する 25 yber Security Strategies, LL* 32

33 Further Information Robert F. Lentz (phone) 26 yber Security Strategies, LL 33