Computer Security as a Component of Nuclear Security: Observations and Lessons Learned
|
|
- Roland Jennings
- 8 years ago
- Views:
Transcription
1 Computer Security as a Component of Nuclear Security: Observations and Lessons Learned Donald D. Dudenhoeffer International Atomic Energy Agency 11 May 2016
2 Computer Security in the Nuclear World Computers play an essential role in all aspects of the management and safe and secure operation of nuclear facilities, including maintaining physical protection. It is vitally important that all such systems are properly secured against malicious intrusions. Staff responsible for nuclear security should know how to repel cyberattacks and to limit the damage if systems are actually penetrated. The is doing what it can to help governments, organizations, and individuals adapt to evolving technology-driven threats from skilled cyber adversaries. I am confident that, by working together and sharing experience, all of us can help to ensure computer security in the nuclear world. Remarks at International Conference on Computer Security in a Nuclear World, Vienna Austria, 1 June by Director General Yukiya Amano 2
3 Observation on CS in Nuclear Security Discuss 4 observations on computer security from developing programme guidance and from working with Member States 3
4 The Threat Adversary Bad Guy Observation 1: Most people have a hard time understanding the threat and thinking like the adversary. Trusted Employee? Lone wolf? Who is the Adversary? Dedicated group? 4
5 Observation 1: Knowing thy Enemy 5
6 Threat Profiles and Classification External and Internal threats Recreational Hackers Motivation Hacktivist Disgruntled Individuals Terrorist Criminal Groups Nation States Social Activist Rogue Warriors Employees Contractors Third Parties Capability Intention Targets (People and Things) Tactics 6
7 Nuclear Facilities (publically known attacks) Multiple computer security incidents have impacted nuclear facilities Monju NPP (Japan) Compromise of control room computer and release of information (2014) Korea Hydro and Nuclear Power (KHNP) Computer compromise and release of NPP documents (2014) Gundremmingen NPP (Germany) Computer virus found on plant IT systems and media. (2016) 7
8 Competent Authorities beware. Facilities are not just the only targets of attack! 2012 Compromise of an old server resulted in the release of addresses and other information USNRC Victim of multiple attacks that compromised s and accounts. OPM Victim of persistent attacks information related to security clearances including the theft of over 4 million fingerprint files. 8
9 Fear Observation 2: Fears are not always aligned with the risk. What do you fear in a cyber attack? versus What should you fear? 9
10 Fear versus Risk Question asked during a Feb 2016 meeting on Cyber Threat: Which of these animals do you fear the most? A.) Sharks B.) Bees C.) Spiders D.) Dogs E.) Snakes 10
11 The animals that are most likely to kill you Average annual animal-caused fatalities in the US Bees, Wasp, and Hornets Other Mammals Dogs Cows Non-Venomous Arthropods Spiders Venomous Snakes and Lizards Bears Alligators Sharks
12 Survey What are your Cyber Fears? Ref: 2015 Cyberthreat Defense Report: North America & Europe CyberEdge Group 12
13 Complexity Observation 3: Challenge of Understandability Fog of Complexity - Digital I&C Architectures - The Threat - Attack Impact 13
14 Physical World Well defined Service history In service Designer 1949 present Mikhail Kalashnikov Designed Manufacturer Number built Specifications Weight Length Barrel length Izhmash approximately 75 million AK million AK-type rifles [ 4.78 kg (10.5 lb) with a loaded magazine AKM weight with unloaded magazine 3.1 Kg. 880 mm (35 in) fixed wooden stock 875 mm (34.4 in) folding stock extended 645 mm (25.4 in) stock folded 415 mm (16.3 in) Cartridge mm M43/M67 [ Action Gas-operated, rotating bolt Rate of fire Cyclic rate of fire is 600 rounds/min [ Muzzle velocity 715 m/s (2,350 ft/s) [ Effective range Feed system Sights Semi-auto rate of fire is 40 rounds/min [ Full-auto burst rate of fire is 100 rounds/min [ 350 metres (380 yd) Standard magazine capacity is 30 rounds. There are also 10, 20, 40, 75, or 100-round detachable box and drum style magazines. Adjustable iron sights with a 378 mm (14.9 in) sight radius: AK-47 has meter adjustments 14 AKM has meter adjustments
15 Impacts well understood mm Specifications Case type Bullet diameter Neck diameter Shoulder diameter Base diameter Rim diameter Rim thickness Case length Overall length Rimless, bottleneck 7.92 mm (0.312 in) 8.60 mm (0.339 in) mm (0.396 in) mm (0.447 in) mm (0.447 in) 1.50 mm (0.059 in) mm (1.524 in) mm (2.205 in) Case capacity 2.31 cm 3 ( gr H 2 O) Rifling twist Primer type Maximum pressure Filling Filling weight Ballistic performance 240 mm (1 in 9.45 in) Boxer Large Rifle MPa (51,488 psi) SSNF 50 powder gr Bullet weight/type Velocity Energy 123 gr (8 g) Full metal jacket m/s (2,400 ft/s) 2,073.6 J (1,529.4 ft lbf) 154 gr (10 g) Spitzer SP m/s (2,104 ft/s) 2,056.3 J (1,516.6 ft lbf) gr (8 g) Full metal jacket m/s (2,640 ft/s) 2,460 J (1,810 ft lbf) 123 gr (8 g) Full metal jacket 738 m/s (2,420 ft/s) 2,179 J (1,607 ft lbf) Test barrel length: 415 mm Source(s): Wolf Ammo [1] Omar [2] Sellier & Bellot [3] 15
16 The Cyber Threat How does one characterize the threat? We can talk about Operational Characteristics of computers Processor Intel Core i7-2640m Dual Core (2.80GHz,4M cache,) Operating System Windows 7 Professional, No Media, 64-bit Display 17.3" UltraSharp FHD(1920x1080) Wide View Anti-Glare LED-backlit Memory 4GB3 DDR3 SDRAM at 1333MHz Hard Drive 750GB 7200rpm Hard Drive Video Card AMD FirePro M8900 Mobility Pro Graphics with 2GB GDDR5 Optical Drive 8X DVD+/-RW System Weight 7.77 lbs 16
17 The Cyber Threat How does one characterize the threat? But how does one characterize the range of attack vectors targets and methods, impacts? 17
18 Culture Observation 4: Culture is key. Security is a people issue, not just a technical issue Without good training, technology cannot be effective Attacks against organizational staff including directed attacks are a common tactic by adversaries Over half of all computer security compromise results from or are complicated by human error People can be the strongest asset or your weakest link in security 18
19 Infection Vectors ICS-CERT responded to 295 reported incidents involving critical infrastructure (CI) in the US. (Oct Sept 2015). Unknown insufficient forensic data available to identify the initial intrusion vector. Ref: ICS-CERT Monitor, Nov/Dec
20 Placing a Man on the Moon President John F. Kennedy was visiting NASA headquarters for the first time, in While touring the facility, he introduced himself to a janitor who was mopping the floor and asked him what he did at NASA. The janitor replied, I m helping put a man on the moon! Obviously, the janitor understood the importance of his contribution. He truly felt he was a valuable part of something bigger than himself, and his attitude created a feeling of self-confidence in his mission. He wasn t merely a janitor; he was a member of the 1962 NASA Space Team! How to we empower and motivate each employee to be part of the Security Team. Ref: 20
21 Trends for 2015 and Beyond Increase in the number of adversaries (state and cyber criminals) with cyber capability. Cybercrime-as-a-service is likely to increase reducing the barriers for entry for cybercriminals. Sophistication of the current cyber adversaries will increase, making detection and response more difficult. Spear phishing will continue to be popular with adversaries, and the use of watering-hole techniques will increase. Ransomware will continue to be prominent. Increase in the number of cyber adversaries with a destructive capability and, possibly, the number of incidents with a destructive element. Increase in electronic graffiti, such as web defacements and social media hijacking, which is designed to grab a headline. Ref: Australian Cyber Security Centre 2015 Threat Report 21
22 Survey Inhibitors to Effective CS Ref: 2015 Cyberthreat Defense Report: North America & Europe CyberEdge Group 22
23 NSNS Computer Security Programme Plan Directs Informs Implements Member States NSGC INSSPS Expert Meetings 23
24 NSNS Computer Security Programme Plan 2016 Priority Action Items NSS guidance development Coordinated research in computer security incident response Development of hands-on training curriculums to support specialized computer security training for the protection ICS Investigation of an information sharing for computer security incident information, security notices on system vulnerabilities and threats relevant for nuclear security. Expert meetings to support global information exchange and training. 24
25 2016 Priority Action Items 1. Revision and development of NSS guidance. 2. Coordinated Research Project to technologies and processes that support computer security incident response at nuclear facilities. 3. Investigation of information sharing for sharing computer security incident and notices relevant for nuclear security. 4. Expert meetings to support global information exchange. 5. Development of hands-on training to support specialized computer security training for the protection of systems used for nuclear safety, nuclear security, NMAC. 25
26 2016 Security Conference Planned Technical Sessions: National legislative and regulatory framework for nuclear security; Regulatory oversight for nuclear security; Threat and risk assessment; Information security and computer security; Physical protection of nuclear material and nuclear facilities. Submission of Synopsis by 13 May 2016 Grant Applications by 13 May 2016 Notification of authors July 2016 Submission of full papers October 2016 Full Programme available November 2016 Ministerial Segment 5 December 2016 Conference 5-9 December 2016 Conference website: Nuclear-Security-Commitments-and-Actions 26
27 Conclusions Greater awareness and understanding of computer security is needed at all levels Cyber adversaries continue to advance at a rapid pace Attack methods may be sophisticated, but also they often take advantage of human failure Competent Authorities, Facilities, and Third Parties are all targets of attack Security, including computer security, is a processes that must continue to evolve and improve 27
28 Questions Donald D. Dudenhoeffer Nuclear Security Information Officer International Atomic Energy Agency Vienna International Centre A-1400 Wien Austria Tel: +43 (1) Fax: +43 (1)
29 Computer Security in the Nuclear Security Series Fundamentals: NSS No Objective and Essential Elements of a State s Nuclear Security Regime Recommendations: NSS No Physical Protection of Nuclear Material and Nuclear Facilities (INFCIRC/225/Revision 5) NSS No Radioactive Material and Associated Facilities NSS No Nuclear and Other Radioactive Material out of Regulatory Control Implementing Guides: NSS No. 10 Development, Use and Maintenance of the Design Basis Threat (Update pending) NSS No. 23-G Security of Nuclear Information NST045 Computer Security for Nuclear Security Non-serial publications: NST037 Conducting Computer Security Assessments NST038Computer Security Incident Response Planning Technical Guidance: NSS No. 17 Computer Security for Nuclear Facilities NST036 Computer Security of Nuclear I&C Systems NST047 Computer Security Methods for Nuclear Facilities 29
As global mobile internet penetration increases the cybercrime and cyberterrorism vector is extended
As global mobile internet penetration increases the cybercrime and cyberterrorism vector is extended Global Cybercrime has an estimated cost of US$ 110 Billion per year Every second, 18 adults become a
More informationCyber Security and the Canadian Nuclear Industry a Canadian Regulatory Perspective
Cyber Security and the Canadian Nuclear Industry a Canadian Regulatory Perspective Terry Jamieson Vice-President Technical Support Branch Canadian Nuclear Safety Commission August 11, 2015 www.nuclearsafety.gc.ca
More informationWho s Doing the Hacking?
Who s Doing the Hacking? 1 HACKTIVISTS Although the term hacktivist refers to cyber attacks conducted in the name of political activism, this segment of the cyber threat spectrum covers everything from
More informationTHE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS
THE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS Download the entire guide and follow the conversation at SecurityRoundtable.org Detection, analysis, and understanding of threat
More informationCyber/IT Risk: Threat Intelligence Countering Advanced Adversaries Jeff Lunglhofer, Principal, Booz Allen. 14th Annual Risk Management Convention
Cyber/IT Risk: Threat Intelligence Countering Advanced Adversaries Jeff Lunglhofer, Principal, Booz Allen 14th Annual Risk Management Convention New York, New York March 13, 2013 Today s Presentation 1)
More informationDefense Security Service
Defense Security Service Defense Security Service Cybersecurity Operations Division Counterintelligence UNCLASSIFIED Defense Security Service DSS Mission DSS Supports national security and the warfighter,
More informationNuclear Security Plan 2014 2017
Atoms for Peace Board of Governors General Conference GOV/2013/42-GC(57)/19 Date: 2 August 2013 For official use only Item 4(b) of the Board s provisional agenda (GOV/2013/37) Item 16 of the Conference's
More informationDefending Against Data Beaches: Internal Controls for Cybersecurity
Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity
More informationASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES
ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES Leonard Levy PricewaterhouseCoopers LLP Session ID: SEC-W03 Session Classification: Intermediate Agenda The opportunity Assuming
More informationAddressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst
ESG Brief Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst Abstract: APTs first came on the scene in 2010, creating a wave
More information2012 Bit9 Cyber Security Research Report
2012 Bit9 Cyber Security Research Report Table of Contents Executive Summary Survey Participants Conclusion Appendix 3 4 10 11 Executive Summary According to the results of a recent survey conducted by
More informationfor Critical Infrastructure Protection Supervisory Control and Data Acquisition SCADA SECURITY ADVICE FOR CEOs
for Critical Infrastructure Protection Supervisory Control and Data Acquisition SCADA SECURITY ADVICE FOR CEOs EXECUTIVE SUMMARY Supervisory Control and Data Acquisition (SCADA) systems are used for remote
More informationNew York State Energy Planning Board. Cyber Security and the Energy Infrastructure
New York State Energy Planning Board Cyber Security and the Energy Infrastructure New York State Division of Homeland Security and Emergency Services Office of Cyber Security Office of Cyber Security Overview
More informationCYBERSPACE SECURITY CONTINUUM
CYBERSPACE SECURITY CONTINUUM A People, Processes, and Technology Approach to Meeting Cyber Security Challenges in the 21 st Century 1 InterAgency Board 1550 Crystal Drive Suite 601, Arlington VA 22202
More informationRLI PROFESSIONAL SERVICES GROUP PROFESSIONAL LEARNING EVENT PSGLE 123. Cybersecurity: A Growing Concern for Small Businesses
RLI PROFESSIONAL SERVICES GROUP PROFESSIONAL LEARNING EVENT PSGLE 123 Cybersecurity: A Growing Concern for Small Businesses Copyright Materials This presentation is protected by US and International Copyright
More informationThe FBI Cyber Program. Bauer Advising Symposium //UNCLASSIFIED
The FBI Cyber Program Bauer Advising Symposium October 11, 2012 Today s Agenda What is the threat? Who are the adversaries? How are they attacking you? What can the FBI do to help? What can you do to stop
More informationCombating a new generation of cybercriminal with in-depth security monitoring. 1 st Advanced Data Analysis Security Operation Center
Combating a new generation of cybercriminal with in-depth security monitoring 1 st Advanced Data Analysis Security Operation Center The Challenge Don t leave your systems unmonitored. It takes an average
More informationNATIONAL CYBER SECURITY AWARENESS MONTH
NATIONAL CYBER SECURITY AWARENESS MONTH Tip 1: Security is everyone s responsibility. Develop an awareness framework that challenges, educates and empowers your customers and employees to be part of the
More informationAnalytic and Predictive Modeling of Cyber Threat Entities J. Wesley Regian, Ph.D.
18th Annual Space & Missile Defense Symposium IAMD Evolution and Integration/Key Topic: Predictive Cyber Threat Analysis Analytic and Predictive Modeling of Cyber Threat Entities J. Wesley Regian, Ph.D.
More informationThreat Intelligence: The More You Know the Less Damage They Can Do. Charles Kolodgy Research VP, Security Products
Threat Intelligence: The More You Know the Less Damage They Can Do Charles Kolodgy Research VP, Security Products IDC Visit us at IDC.com and follow us on Twitter: @IDC 2 Agenda Evolving Threat Environment
More informationTrends in Malware DRAFT OUTLINE. Wednesday, October 10, 12
Trends in Malware DRAFT OUTLINE Presentation Synopsis Security is often a game of cat and mouse as security professionals and attackers each vie to stay one step ahead of the other. In this race for dominance,
More informationInto the cybersecurity breach
Into the cybersecurity breach Tim Sanouvong State Sector Cyber Risk Services Deloitte & Touche LLP April 3, 2015 Agenda Setting the stage Cyber risks in state governments Cyber attack vectors Preparing
More informationGlobal Corporate IT Security Risks: 2013
Global Corporate IT Security Risks: 2013 May 2013 For Kaspersky Lab, the world s largest private developer of advanced security solutions for home users and corporate IT infrastructures, meeting the needs
More informationCYBER SECURITY INFORMATION SHARING & COLLABORATION
Corporate Information Security CYBER SECURITY INFORMATION SHARING & COLLABORATION David N. Saul Senior Vice President & Chief Scientist 28 June 2013 Discussion Flow The Evolving Threat Environment Drivers
More informationCybersecurity Global status update. Dr. Hamadoun I. Touré Secretary-General, ITU
Cybersecurity Global status update Dr. Hamadoun I. Touré Secretary-General, ITU Cybercrime takes a toll on the global economy - Online fraud, identity theft, and lost intellectual property; - On governments,
More informationState of Security Survey GLOBAL FINDINGS
2011 State of Security Survey GLOBAL FINDINGS CONTENTS Introduction... 4 Methodology... 6 Finding 1: Cybersecurity is important to business... 8 Finding 2: The drivers of security are changing... 10 Finding
More informationOil & Gas Industry Towards Global Security. A Holistic Security Risk Management Approach. www.thalesgroup.com/security-services
Oil & Gas Industry Towards Global Security A Holistic Security Risk Management Approach www.thalesgroup.com/security-services Oil & Gas Industry Towards Global Security This white paper discusses current
More informationGlobal IT Security Risks
Global IT Security Risks June 17, 2011 Kaspersky Lab leverages the leading expertise in IT security risks, malware and vulnerabilities to protect its customers in the best possible way. To ensure the most
More informationCybersecurity: A Growing Concern for All Businesses. RLI Design Professionals Design Professionals Learning Event DPLE 160 October 7, 2015
Cybersecurity: A Growing Concern for All Businesses RLI Design Professionals Design Professionals Learning Event DPLE 160 October 7, 2015 RLI Design Professionals is a Registered Provider with The American
More informationU. S. Attorney Office Northern District of Texas March 2013
U. S. Attorney Office Northern District of Texas March 2013 What Is Cybercrime? Hacking DDOS attacks Domain name hijacking Malware Other computer related offenses, i.e. computer and internet used to facilitate
More informationNuclear Security Requires Cyber Security
Nuclear Security Requires Cyber Security A. DAVID MCKINNON, PH.D., MARY SUE HOXIE Cyber Physical Security Team, National Security Directorate Project on Nuclear Issues (PONI) Fall 2015 Conference PNNL-SA-113027
More informationA NEW APPROACH TO CYBER SECURITY
A NEW APPROACH TO CYBER SECURITY We believe cyber security should be about what you can do not what you can t. DRIVEN BY BUSINESS ASPIRATIONS We work with you to move your business forward. Positively
More informationVulnerability Assessment & Compliance
www.pwc.com Vulnerability Assessment & Compliance August 3 rd, 2011 Building trust through Information security* Citizen-Centric egovernment state Consultantion workshop Agenda VAPT What and Why Threats
More informationCybersecurity The role of Internal Audit
Cybersecurity The role of Internal Audit Cyber risk High on the agenda Audit committees and board members are seeing cybersecurity as a top risk, underscored by recent headlines and increased government
More informationCombating a new generation of cybercriminal with in-depth security monitoring
Cybersecurity Services Combating a new generation of cybercriminal with in-depth security monitoring 1 st Advanced Data Analysis Security Operation Center The Challenge Don t leave your systems unmonitored.
More informationCYBER INFORMATION SECURITY AWARENESS AND PROTECTION PRACTICES. Strengthening Your Community at the Organizational Level
CYBER INFORMATION SECURITY AWARENESS AND PROTECTION PRACTICES Strengthening Your Community at the Organizational Level Las Vegas, Nevada 2012 Security Awareness and Why is it Important? In today s economic
More informationFrontiers in Cyber Security: Beyond the OS
2013 DHS S&T/DoD ASD (R&E) CYBER SECURITY SBIR WORKSHOP Frontiers in Cyber Security: Beyond the OS Clear Hat Consulting, Inc. Sherri Sparks 7/23/13 Company Profile CHC was founded in 2007 by S. Sparks
More informationCyber Security Threats: What s Next and How Do We Reduce the Risks?
Cyber Security Threats: What s Next and How Do We Reduce the Risks? Agenda Cyber Security: A necessity! What threats exist today? What does the future hold? How do we reduce the risks? Key for Risk Reduction
More informationRETHINKING CYBER SECURITY
RETHINKING CYBER SECURITY Introduction Advanced Persistent Threats (APTs) and advanced malware have been plaguing IT professionals for over a decade. During that time, the traditional cyber security vendor
More informationEnterprise Cybersecurity: Building an Effective Defense
: Building an Effective Defense Chris Williams Scott Donaldson Abdul Aslam 1 About the Presenters Co Authors of Enterprise Cybersecurity: How to Implement a Successful Cyberdefense Program Against Advanced
More informationCyber Adversary Characterization. Know thy enemy!
Cyber Adversary Characterization Know thy enemy! Brief History of Cyber Adversary Modeling Mostly Government Agencies. Some others internally. Workshops DARPA 2000 Other Adversaries, RAND 1999-2000 Insider
More informationGetting real about cyber threats: where are you headed?
Getting real about cyber threats: where are you headed? Energy, utilities and power generation companies that understand today s cyber threats will be in the best position to defeat them June 2011 At a
More informationFostering Incident Response and Digital Forensics Research
Fostering Incident Response and Digital Forensics Research Bruce J. Nikkel bruce.nikkel@ubs.com September 8, 2014 Abstract This article highlights different incident response topics with a focus on digital
More informationNine recommendations for alternative funds battling cyber crime. kpmg.ca/cybersecurity
Nine recommendations for alternative funds battling cyber crime kpmg.ca/cybersecurity Cyber criminals steal user names and passwords and use it to conduct financial trading activity illicitly. Hackers
More informationSecurity Architecture: From Start to Sustainment. Tim Owen, Chief Engineer SMS DGI Cyber Security Conference June 2013
Security Architecture: From Start to Sustainment Tim Owen, Chief Engineer SMS DGI Cyber Security Conference June 2013 Security Architecture Topics Introduction Reverse Engineering the Threat Operational
More informationChairman Johnson, Ranking Member Carper, and Members of the committee:
UNITED STATES OFFICE OF PERSONNEL MANAGEMENT STATEMENT OF THE HONORABLE KATHERINE ARCHULETA DIRECTOR U.S. OFFICE OF PERSONNEL MANAGEMENT before the COMMITTEE ON HOMELAND SECURITY AND GOVERNMENTAL AFFAIRS
More informationCYBER SECURITY THREAT REPORT Q1
CYBER SECURITY THREAT REPORT Q1 Moving Forward Published by UMC IT Security April 2015 0 U.S. computer networks and databases are under daily cyber-attack by nation states, international crime organizations,
More informationCatch Me If You Can. How to Prevent More of the Same Attacks to the Retail Sector. Abstract. Common Attack Characteristics RETAIL WHITE PAPER
RETAIL WHITE PAPER Catch Me If You Can How to Prevent More of the Same Attacks to the Retail Sector Abstract The retail sector has been hit by a series of cyber-attacks in the past few years, and even
More informationDeveloping a Mature Security Operations Center
Developing a Mature Security Operations Center Introduction Cybersecurity in the federal government is at a crossroads. Each month, there are more than 1.8 billion attacks on federal agency networks, and
More informationEvolving Threats and Attacks: A Cloud Service Provider s viewpoint. John Howie Senior Director Online Services Security and Compliance
Evolving Threats and Attacks: A Cloud Service Provider s viewpoint John Howie Senior Director Online Services Security and Compliance Introduction Microsoft s Cloud Infrastructure Evolution of Threats
More informationGEORGIA STATE UNIVERSITY Student Technology Fee FY 2015 WORKSTATION STANDARDS
GEORGIA STATE UNIVERSITY Student Technology Fee FY 2015 In constructing Tech Fee Funding Proposal Cost Sheet, use the following costs for computer workstations. Standard Desktop & Laptop Configurations:
More informationDigital Evidence and Threat Intelligence
Digital Evidence and Threat Intelligence 09 November 2015 Mark Clancy CEO www.soltra.com @soltraedge External Threats Growing 117,339 incoming attacks every day The total number of security incidents detected
More informationStatement for the Record. Martin Casado, Senior Vice President. Networking and Security Business Unit. VMware, Inc. Before the
Testimony Statement for the Record Martin Casado, Senior Vice President Networking and Security Business Unit VMware, Inc. Before the U.S. House of Representatives Committee on Science, Space, and Technology
More informationBy: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015
Community Bank Auditors Group Cybersecurity What you need to do now June 9, 2015 By: Gerald Gagne MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2015 Wolf & Company, P.C. Cybersecurity
More informationMEASURES TO ENHANCE MARITIME SECURITY. Industry guidelines on cyber security on board ships. Submitted by ICS, BIMCO, INTERTANKO and INTERCARGO
E MARITIME SAFETY COMMITTEE 95th session Agenda item 4 MSC 95/4/1 5 March 2015 Original: ENGLISH MEASURES TO ENHANCE MARITIME SECURITY Industry guidelines on cyber security on board ships Submitted by
More informationHow To Strengthen Nuclear Security
COUCIL OF TH UROPA UIO N The Hague, 25 March 2014 8193/14 (OR. en) PRSS 187 The Hague uclear Security Summit Communiqué We, the leaders, met in The Hague on 24 and 25 March 2014 to strengthen nuclear security,
More informationDEPARTMENT OF DEFENSE 6000 DEFENSE PENTAGON WASHINGTON, D.C. 20301-6000
DEPARTMENT OF DEFENSE 6000 DEFENSE PENTAGON WASHINGTON, D.C. 20301-6000 CHIEF INFORMATION OFFICER October 1, 2015 MEMORANDUM FOR SECRETARIES OF THE MILITARY DEPARTMENTS CHAIRMAN OF THE JOINT CHIEFS OF
More informationSupplier Vigilance: A Critical Layer of Defense
Supplier Vigilance: A Critical Layer of Defense Lockheed Martin Information Security 1 Supply Chain Cyber Security Lockheed Martin October 23, 2013 Debbie Stuckey Waide Jones, CISSP 2 Synopsis Lockheed
More informationEnergy Industry Cybersecurity Report. July 2015
Energy Industry Cybersecurity Report July 2015 Energy Industry Cybersecurity Report INTRODUCTION Due to information sharing concerns, energy industry cybersecurity information is not readily available.
More informationA Primer on Cyber Threat Intelligence
A Primer on Cyber Threat Intelligence AS ADVERTISED 2 BUZZWORD BINGO! 3 TODAY S CYBER SECURITY CHALLENGES CISOs finding it difficult to define security ROI to executives Short shelf life for CISOs Vastly
More informationKASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com
KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES www.kaspersky.com EXPERT SERVICES Expert Services from Kaspersky Lab are exactly that the services of our in-house experts, many of them global
More informationICS-CERT Incident Response Summary Report
ICS-CERT Incident Response Summary Report 20092011 OVERVIEW The Department of Homeland Security (DHS) Control Systems Security Program manages and operates the Industrial Control Systems Cyber Emergency
More informationFROM INBOX TO ACTION EMAIL AND THREAT INTELLIGENCE:
WHITE PAPER EMAIL AND THREAT INTELLIGENCE: FROM INBOX TO ACTION There is danger in your email box. You know it, and so does everyone else. The term phishing is now part of our daily lexicon, and even if
More informationSeptember 20, 2013 Senior IT Examiner Gene Lilienthal
Cyber Crime September 20, 2013 Senior IT Examiner Gene Lilienthal The following presentation are views and opinions of the speaker and does not necessarily reflect the views of the Federal Reserve Bank
More informationEffective IT Risk Management for Small Businesses
Effective IT Risk Management for Small Businesses A Small Business Gets Some Lessons in IT Risk Management Although large and publicly traded companies often get the most attention, small, private, entrepreneurial
More informationTop Five Things You Need to Know About Cybersecurity. Larry Mattox, VC3 Session #7
Top Five Things You Need to Know About Cybersecurity Larry Mattox, VC3 Session #7 Cyber breaches are more sophisticated and can happen to any size organization. Victims of Cyber-espionage CNN, Washington
More informationThings To Do After You ve Been Hacked
Problem: You ve been hacked! Now what? Solution: Proactive, automated incident response from inside the network Things To Do After You ve Been Hacked Tube web share It only takes one click to compromise
More informationSymantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team
Symantec Cyber Threat Analysis Program Symantec Cyber Threat Analysis Program Team White Paper: Symantec Security Intelligence Services Symantec Cyber Threat Analysis Program Contents Overview...............................................................................................
More informationSIZE DOESN T MATTER IN CYBERSECURITY
SIZE DOESN T MATTER IN CYBERSECURITY WE SECURE THE FUTURE SIZE DOESN T MATTER IN CYBERSECURITY WE SECURE THE FUTURE TABLE OF CONTENTS SIZE DOESN T MATTER IN CYBERSPACE 03 SUMMARY 05 TOP REASONS WHY SMBS
More informationOffice Of Nuclear Security Cyber Security Programme
Office Of Nuclear Security Cyber Security Programme Presented by: Donald Dudenhoeffer International Atomic Energy Agency Information and Computer Security Purpose: To provide States with the necessary
More informationAN ANALYSIS OF TECHNICAL SECURITY CONTROL REQUIREMENTS FOR DIGITAL I&C SYSTEMS IN NUCLEAR POWER PLANTS
http://dx.doi.org/10.5516/net.04.2012.091 AN ANALYSIS OF TECHNICAL SECURITY CONTROL REQUIREMENTS FOR DIGITAL I&C SYSTEMS IN NUCLEAR POWER PLANTS JAE-GU SONG *, JUNG-WOON LEE, GEE-YONG PARK, KEE-CHOON KWON,
More informationSecurity Intelligence Services. www.kaspersky.com
Kaspersky Security Intelligence Services. Threat Intelligence Services www.kaspersky.com THREAT INTELLIGENCE SERVICES Tracking, analyzing, interpreting and mitigating constantly evolving IT security threats
More informationAttachment G.18. SAPN_PUBLIC_IT Enterprise Information Security Business Case Step Change. 03 July, 2015
Attachment G.18 SAPN_PUBLIC_IT Enterprise Information Security Business Case Step Change 03 July, 2015 Table of contents 1 Executive summary... 3 2 SA Power Networks Original Proposal... 11 2.1 Summary...
More informationCybersecurity Awareness. Part 1
Part 1 Objectives Discuss the Evolution of Data Security Define and Discuss Cybersecurity Review Threat Environment Part 1 Discuss Information Security Programs s Enhancements for Cybersecurity Risks Threat
More informationValue and Challenges of Regularised Consultations and Information Sharing between Facility Security Managers 1
Page 1 of 8 Value and Challenges of Regularised Consultations and Information Sharing between Facility Security Managers 1 Dr Roger Howsley Executive Director, World Institute for Nuclear Security (WINS)
More informationEEI Business Continuity. Threat Scenario Project (TSP) April 4, 2012. EEI Threat Scenario Project
EEI Business Continuity Conference Threat Scenario (TSP) April 4, 2012 EEI Threat Scenario 1 Background EEI, working with a group of CIOs and Subject Matter Experts, conducted a survey with member companies
More informationCOMPUTER SECURITY OF INSTRUMENTATION AND CONTROL SYSTEMS AT NUCLEAR FACILITIES
1 1 1 1 1 1 1 1 0 1 0 1 0 1 NUCLEAR SECURITY SERIES NO. XX NST0 DRAFT, November 01 STEP : Submission to MS for comment COMPUTER SECURITY OF INSTRUMENTATION AND CONTROL SYSTEMS AT NUCLEAR FACILITIES DRAFT
More informationCybersecurity Kill Chain. William F. Crowe, CISA, CISM, CRISC, CRMA September 2015 ISACA Jacksonville Chapter Meeting August 13, 2015
Cybersecurity Kill Chain William F. Crowe, CISA, CISM, CRISC, CRMA September 2015 ISACA Jacksonville Chapter Meeting August 13, 2015 Who Am I? Over 20 years experience with 17 years in the financial industry
More informationCyber Security Management
Cyber Security Management Focusing on managing your IT Security effectively. By Anthony Goodeill With the news cycles regularly announcing a recurrently theme of targets of hacker attacks and companies
More informationTRAINING SERVICES elearning
Securely Enabling Your Business TRAINING SERVICES elearning Engaging and Effective Overview FishNet Security s Training Services team offers engaging, interactive elearning courses that cover a range of
More informationProject 25 Security Services Overview
Project 25 Security Services Overview Bill Janky Director, System Design Harris Corporation 1 Agenda Overview of P25 Security Services What s new; What s coming Other topics 2 If you re in Public Safety...
More informationTop 5 Data Breaches in 2014
Top 5 Data Breaches in 2014 Retrieved on 24 February from http://www.cnbc.com/id/102420088 CNBC Calls it the year of the hack Counter Productive and Non-Collaborative Behavior Vulnerabilities Announced
More informationSECURITY. Risk & Compliance Services
SECURITY Risk & Compliance s V1 8/2010 Risk & Compliances s Risk & compliance services Summary Summary Trace3 offers a full and complete line of security assessment services designed to help you minimize
More information2015 Information Security Awareness Catalogue
Contents 2015 Catalogue Wolfpack Engagement Model 4 Campaign Drivers 6 Offerings 8 Approach 9 Engaging Content 10 Stakeholder Change Management 12 Bundles 13 Content 14 Grey Wolf -Track compliance with
More information7 VITAL FACTS ABOUT HEALTHCARE BREACHES. www.eset.com
7 VITAL FACTS ABOUT HEALTHCARE BREACHES www.eset.com 7 vital facts about healthcare breaches Essential information for protecting your business and your patients Large breaches of Personal Health Information
More informationCourse 4202: Fraud Awareness and Cyber Security Workshop (3 days)
Course introduction It is vital to ensure that your business is protected against the threats of fraud and cyber crime and that operational risk processes are in place. This three-day course provides an
More informationRESILIENCE AGAINST CYBER ATTACKS Protecting Critical Infrastructure Information
www.wipro.com RESILIENCE AGAINST CYBER ATTACKS Protecting Critical Infrastructure Information Saritha Auti Practice Head - Enterprise Security Solutions, Wipro Table of Contents 03... Abstract 03... Why
More informationData Center security trends
Data Center security trends Tomislav Tucibat Major accounts Manager, Adriatic Copyright Fortinet Inc. All rights reserved. IT Security evolution How did threat market change over the recent years? Problem:
More informationCYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS
CYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS PREPARING FOR ADVANCED CYBER THREATS Cyber attacks are evolving faster than organizations
More informationBig Data Analytics in Network Security: Computational Automation of Security Professionals
February 13, 2015 Big Data Analytics in Network Security: Computational Automation of Security Professionals Stratecast Analysis by Frank Dickson Stratecast Perspectives & Insight for Executives (SPIE)
More informationSecurity Analytics for Smart Grid
Security Analytics for Smart Grid Dr. Robert W. Griffin Chief Security Architect RSA, the Security Division of EMC robert.griffin@rsa.com blogs.rsa.com/author/griffin @RobtWesGriffin 1 No Shortage of Hard
More informationQUARTERLY REPORT 2015 INFOBLOX DNS THREAT INDEX POWERED BY
QUARTERLY REPORT 2015 INFOBLOX DNS THREAT INDEX POWERED BY EXPLOIT KITS UP 75 PERCENT The Infoblox DNS Threat Index, powered by IID, stood at 122 in the third quarter of 2015, with exploit kits up 75 percent
More informationJanuary IIA / ISACA Joint Meeting Pre-meeting. Cybersecurity Update for Internal Auditors. Matt Wilson, PwC Risk Assurance Director
January IIA / ISACA Joint Meeting Pre-meeting Cybersecurity Update for Internal Auditors Matt Wilson, Risk Assurance Director Introduction and agenda Themes from The Global State of Information Security
More informationCyber4sight TM Threat. Anticipatory and Actionable Intelligence to Fight Advanced Cyber Threats
Cyber4sight TM Threat Intelligence Services Anticipatory and Actionable Intelligence to Fight Advanced Cyber Threats Preparing for Advanced Cyber Threats Cyber attacks are evolving faster than organizations
More informationKeynote: FBI Wednesday, February 4 noon 1:10 p.m.
Keynote: FBI Wednesday, February 4 noon 1:10 p.m. Speaker: Leo Taddeo Special Agent in Change, Cyber/Special Operations Division Federal Bureau of Investigation Biography: Leo Taddeo Leo Taddeo is the
More informationCybersecurity Primer
Cybersecurity Primer August 15, 2014 National Journal Presentation Credits Producer: David Stauffer Director: Jessica Guzik Cybersecurity: Key Terms Cybersecurity Information security applied to computers
More informationBlacKnight. Cyber Security international A BUSINESS / MARKETING PRESENTATION
BlacKnight Cyber Security international A BUSINESS / MARKETING PRESENTATION The BlacKnight Mission To provide proven techniques and innovative learning services to help organizations detect, deter and
More informationUnderstanding Layered Security and Defense in Depth
Understanding Layered Security and Defense in Depth Introduction Cybercriminals are becoming far more sophisticated as technology evolves. Well-publicized security breaches of major corporations are capturing
More informationA New Layer of Security to Protect Critical Infrastructure from Advanced Cyber Attacks. Alex Leemon, Sr. Manager
A New Layer of Security to Protect Critical Infrastructure from Advanced Cyber Attacks Alex Leemon, Sr. Manager 1 The New Cyber Battleground: Inside Your Network Over 90% of organizations have been breached
More informationCyber security trends & strategy for business (digital?)
Cyber security trends & strategy for business (digital?) Presentation by Anwer Yusoff Head, Industry & Business Development C y b e r S e c u r i t y M a l a y s i a NATIONAL CYBERSECURITY TECHNICAL SPECIALIST
More information