Trends in Security Incidents and Hitachi s Activities
|
|
- Dina Holland
- 2 years ago
- Views:
Transcription
1 Hitachi Review Vol. 63 (2014), No Featured Articles Trends in Security Incidents and Hitachi s Activities About HIRT Activities Masato Terada, Dr. Eng. Masashi Fujiwara Akiko Numata Toru Senoo Kazumi Ishibuchi Mari Miyazaki OVERVIEW: As cyber-attacks continue to evolve, the types of security incident they trigger are becoming more diverse. They are also having an increasingly signifi cant impact on social infrastructure that has been built using the Internet on a platform of information or control systems. This has raised the importance of measures for dealing with these incidents, including the establishment of CSIRTs and handing down of techniques. The HIRT is a CSIRT team that handles incident operations throughout Hitachi. Through vulnerability countermeasures (work aimed at eliminating vulnerabilities that threaten cybersecurity) and incident response (work aimed at defending against and resolving cyber-attacks when they occur), the HIRT plays a leading role in cybersecurity at Hitachi. INTRODUCTION SOCIAL infrastructure that has been built using the Internet on a platform of information or control systems faces new threats that need to be defended against through an ongoing combination of both vulnerability countermeasures and incident response. The Hitachi Incident Response Team (HIRT) operates throughout Hitachi, helping ensure the safety of customers and the public and the provision of reliable social infrastructure by preventing security incidents that could potentially result from new threats, and by responding quickly when an incident does occur. This article describes recent trends in security incidents, and Hitachi s cybersecurity incident readiness/response team (CSIRT) activities in which the HIRT Center plays a central role. TRENDS IN SECURITY INCIDENTS Cyber-attacks have continued to evolve since the VBS/Loveletter virus of 2000, with the vulnerabilities exploited by these attacks expanding beyond operating systems to also include applications. Malware is also evolving by building on past techniques, which include malware-attached , network worms, and bots. In addition, web malware (such as Gumblar) and USB malware, attacks that exploit vulnerability in the Internet users psychology and behavior and use it for advantage, have become common since around Targeted attacks such as advanced persistent threats (APTs) have been raising concerns since 2010, and have been utilized for objectives that go beyond the theft of information. The Stuxnet malware spread in July 2010 targeted nuclear power facilities and disrupted the operation of control equipment by accessing it via data acquisition [supervisory control and data acquisition (SCADA)] software (1). The features of 2013 in terms of incidents were that website compromised actions became regular occurrences and damage by malicious programs that targeted online banking became serious. In particular, these cyber-attacks on websites form part of a category of targeted attacks called watering hole attacks. These involve tampering with websites that are highly likely to be used by the organization being targeted, using these sites as a lure in the same way animal predators take advantage of a watering hole to lure prey (see Fig. 1). The attack works by redirecting users of the lure website to another website that contains the malware, making it technically similar to the methods used by other web malware such as Gumblar that also redirects users to a different website. Other methods include list attacks that utilize lists of account information to attempt login to many different sites, and domain name system/service (DNS) and network time protocol (NTP) reflection attacks, a category of distributed reflected denial of service (DrDoS) attack that utilizes differences in request and response data sizes (2). As
2 271 Trends in Security Incidents and Hitachi s Activities (2) Inject code to redirect users. (1) Identify websites to use as lures. Turn website into a lure (redirector). Turn website into a malware distributor (infector). Websites used by targeted organization (3) Download malware and execute to exploit vulnerability. Branch or subsidiary Internet Public web server Mail relay server External DNS server Router Firewall VPN Firewall Router VPN Sales (staff working out of office or using mobiles, etc.) Intranet DNS: domain name system/service VPN: virtual private network : personal computer Targeted organization Fig. 1 Watering Hole Attack. A watering hole attack is so named because it lies in wait for users from the targeted organization to visit particular websites, in much the same way as a lion uses a watering hole as a lure for its prey. DNS and NTP, respectively name resolution and time synchronization services, are vital to the functioning of the Internet, it is essential that everyone cooperate to limit this threat. CSIRT ACTIVITIES AT HITACHI CSIRTs The activities of CSIRTs set up to counter cyberthreats in Japan since 1998 can be divided into three phases (see Fig. 2). The first acknowledgement phase drew on the example of activities being initiated by CSIRTs in the USA, and involved the introduction of the concept of incident response, meaning responding to events in accordance with a predetermined plan. The second predawn phase was the time in which Japan s own CSIRT activities got underway, utilizing empirical feedback on the network worms that were circulating in this period from 2001 to This phase saw the establishment of a framework for CSIRT activities in Japan that reflected local circumstances, including the launch of the Information Security Early- Warning Partnership in 2004; the release of the Japan Vulnerability Notes (JVN), a vulnerability information database; and the establishment of the Nippon CSIRT Association in An emerging trend in 2012, in the third phase of CSIRT activities, was toward the use of CSIRTs to provide specialist incident response functions for dealing with cyberthreats. Prompted in large part by the diverse range of security incidents that occurred during 2011, this represented a consolidation phase in the activity of CSIRTs and can be seen as a landmark year in the progress of the field. HIRT The HIRT was launched in April 1998 as a research project aimed at establishing CSIRTs at Hitachi. So that the HIRT could operate as a CSIRT, this work included ensuring that, in dealing with vulnerability countermeasures and incident response, the HIRT would have the capabilities to identify and communicate information about threats at a technical level, to manage technical coordination, and to undertake
3 Hitachi Review Vol. 63 (2014), No HIRT project launched HIRT Center established Domain-specific IRT activities commence CSIRT activities in Japan Acknowledgement phase for vulnerability countermeasures and incident response Predawn phase for vulnerability countermeasures and incident response Consolidation phase for vulnerability countermeasures and incident response Characteristics of incidents Vulnerabilities targeted One-off, widespread incidents of homogeneous type Website defacement Operating system vulnerabilities Widespread incidents of homogeneous type spread by chain reaction Malware-attached Network worms Application vulnerabilities Unique, localized attacks Targeted attacks Strategic attacks User vulnerabilities HIRT activities Establishment of IRT activity model based on dissemination of vulnerability countermeasure and incident response information Participation in Information Security Early-Warning Partnership through establishment of virtual organization structure based on concept of four IRTs Establishment of collaborative model involving participation in IRT activities overseas (FIRST, WARP) and in Japan (Nippon CSIRT Association) Integrate users and product or service areas through coordination of technology, content, and operation, and minimize problems associated with vulnerability countermeasures and incident response. Establishment of trust model through participation in collaborative IRT activities in Japan and overseas CSIRT: cybersecurity incident readiness/response team HIRT: Hitachi Incident Response Team IRT: incident readiness/response team FIRST: Forum of Incident Response and Security Teams WARP: warning, advice and reporting point Fig. 2 Overview of Evolution of Incidents and HIRT Response. The activities of the CSIRTs that deal with cyber-attacks in Japan continue to grow along with the evolution of those cyber-attacks. technical collaboration with the external community. Furthermore, its mission was set forth as being to utilize experience from incident operations (security measures conducted to predict and prevent the damage caused by security incidents, and to limit the extent of damage that results when an incident does occur) to identify emerging threats and take action as early as possible. Along with its being equipped with these capabilities and assigned this mission, the HIRT also has the role of acting as the point of contact between Hitachi and other CSIRTs in the external entities. CSIRT Activity Model at Hitachi In its role as a CSIRT, the HIRT has the job of supporting cybersecurity at Hitachi through its work on vulnerability countermeasures (activities aimed at eliminating threats to cybersecurity) and incident response (activities aimed at defending against and resolving cyberthreats when they occur). It is also tasked with helping ensure the safety and security of social infrastructure by utilizing its practical experience of incident response and other activities to improve incident readiness. In operating as a CSIRT, the HIRT has adopted an organizational model based on four incident readiness/ response teams (IRTs) (see Fig. 3). Hitachi has three of these IRTs: a product vendor IRT that deals with the development of information systems, control systems, and other products; a system integration (SI) vendor IRT that deals with the use of these products in system implementation or service provision; and an internal user IRT that deals with the administration of Hitachi s own use of the Internet. In this way, by establishing a HIRT Center to coordinate the different IRTs, the four IRTs constitute an organizational model that provides a clear definition of each IRT s role so that they can work together on cybersecurity measures. Note that the term HIRT is used both in the broad sense of incident operations conducted throughout Hitachi and in the narrow sense of the HIRT Center. ACTIVITIES CONDUCTED BY HIRT CENTER The main task of the HIRT Center is to conduct inhouse IRT activities that deal with the administrative and technical aspects of cybersecurity measures in cooperation with the departments charged with their administration, and to support vulnerability countermeasures and incident response at the different business divisions and group companies. The external IRT activities of the HIRT Center also involve collaborating on cybersecurity measures by acting as Hitachi s point of contact with the external community for matters relating to CSIRTs. Activities of In-house IRTs The activities of in-house IRTs include passing on knowledge obtained through the collection and analysis of cybersecurity information in the form
4 273 Trends in Security Incidents and Hitachi s Activities Cybersecurity of products and services Information security Resolve vulnerabilities in Hitachi products. Ensure security of customer systems. Ensure security of in-house infrastructure. Product vendor IRT Product development departments SI vendor IRT SI and service departments Internal user IRT Departments that administer in-house infrastructure Hitachi Liaise with and coordinate Hitachi IRTs HIRT Center Building a global network with external IRT community Information Security Early-Warning Partnership Nippon CSIRT Association External CSIRT community (FIRST, etc.) SI: system integration Fig. 3 Four IRTs for Vulnerability Countermeasures and Incident Response. Hitachi has adopted an organizational model for its vulnerability countermeasure and incident response activities that is based on a four-irt structure. of advisories, and providing feedback to product and service development processes in the form of guidelines or support tools. (1) Collection, analysis, and dissemination of security information The interdepartmental dissemination of knowhow and other information relating to vulnerability countermeasures and incident response. (2) Provision of infrastructure for utilizing information The provision of infrastructure for the utilization of information in the collection, analysis, and dissemination of cybersecurity information. (3) Security technology improvement for products and services Enhancements to web application security, implementation of security measures for digital consumer electronics and other products that incorporate embedded systems or control systems, and the establishment of development and management processes. (4) Provision of infrastructure for research work Establishment of collaborative arrangements with research institutions to facilitate technical developments aimed at achieving rapid deployment of countermeasures. Activities with External IRTs Along with an increasing number of cyber-attacks that keep their symptoms and damage hidden, progress is being made on establishing cooperative arrangements that allow CSIRTs from different organizations to work together to resolve problems by obtaining a broad overview of cyber-attacks, and to help each other operate more effectively. (1) Better coordination of CSIRT activities in Japan This includes the provision of infrastructure for utilizing information using JVN and the JVN Resource Description Framework Site Summary (JVNRSS) (3), work on countering vulnerabilities based on the Information Security Early-Warning Partnership, and collaboration between CSIRTs at different organizations through the Nippon CSIRT Association. (2) Better international coordination of CSIRT activities This includes work on establishing arrangements for collaboration with overseas CSIRTs, involvement in the work of warning, advice, and reporting points (WARPs) in the UK, and compliance with the standardization of the cybersecurity information exchange framework (CYBEX)
5 Hitachi Review Vol. 63 (2014), No TABLE 1. Project to Improve Hitachi s CSIRT Activities The project s objective is to establish incident operations throughout Hitachi. Category Phase 1 (2010 to 2011) Phase 2 (2012 to 2013) Phase 3 (2014 to 2015) Measures Improve collaboration with business division and group company IRTs. Provide support through collaboration between HIRT center and business division and group company IRTs. Utilize HIRT open meetings to establish an operational framework for IRT collaboration and mechanisms for sharing technical know-how. Disseminate information about solutions for problems identified in security review consultations. Strengthen partnership with IRT support staff. Trial collaboration with IRT support staff (at business divisions and group companies) Bottom-up implementation of IRT activities initiated by IRT support staff Establish a virtual, interdepartmental incident response system. Undertake support activities by the HIRT Center, IRTs, and IRT support staff. Develop the HIRT (in the broad sense of a virtual organization model) by combining the user collaboration model (phases 1 and 2) and organizational collaboration model (phase 3). (3) Provision of infrastructure for research work This involves the training of researchers and practitioners with specialist knowledge through joint research with academic institutions and by participating in academic activities, such as training workshops for researchers in the field of malware countermeasures. Main Activities In 2010, Hitachi launched a project to improve its CSIRT activities with the aim of establishing incident operations throughout the group (see Table 1). This section covers the period up to phase 2, looking in particular at a trial of domain-specific (industryspecific) IRT activities and work on vulnerability countermeasures for control system products. Trial of Domain-specific IRT (1) Three-tiered cycle for incident response and readiness While responding to incidents when they occur clearly has an important role in dealing with cyberattacks, taking account of incidents and related developments to improve readiness is also essential. Accordingly, Hitachi has chosen to adopt a domainspecific approach to readiness involving a threetiered cycle of incident response and readiness based on considerations specific to the business domain concerned, with clear demarcation of the roles of each division and how they are to work together (see Fig. 4). (2) HIRT-FIS: Advanced endeavor in the financial domain The Financial Industry Information Systems HIRT (HIRT-FIS) was established in October 2012 in the financial information systems division. In its role as a domain-specific subsidiary HIRT, the aim for the HIRT-FIS was to establish a prototype of a professional CSIRT specifically for the finance industry (see Fig. 5). This initiative was also part of the implementation of the three-tiered cycle for incident response and readiness. In particular, recognizing that measures for countering cyber-attacks need to take account of industry trends and other specific circumstances, the aim of the HIRT-FIS was to take the lead in studying and implementing CSIRT activities tailored to the financial sector. In the future, Hitachi Defense Finance Customer system (1) Incident QA: quality assurance Service delivery system (2) Incident response (responsibility: QA) (3) Industry standards, trends (4) Incident readiness (responsibility: Domain-specific IRT) (5) Security measures compromised (6) Incident readiness (responsibility: HIRT) Internal infrastructure Incident response (responsibility: Cyber Countermeasures Office) Incident readiness (responsibility: Cyber Countermeasures Office) Fig. 4 Three-tiered Cycle for Incident Response and Readiness. In addition to dealing with cyberthreats by responding to incidents when they occur, this also involves improving readiness by learning from the experience of actual incidents and by taking account of changing circumstances from the perspective of specifi c business domains
6 275 Trends in Security Incidents and Hitachi s Activities Role Framework Domain HIRT-FIS General HIRT FIS: Financial Industry Information Systems Specific HIRT Finance HIRT-FIS Other industry HIRT-xxx Fig. 5 Role of and Framework for Domain-specifi c IRT Activities. The HIRT-FIS is one of the measures adopted to implement the three-tiered cycle for incident response and readiness and is intended as a prototype of a professional CSIRT tailored specifi cally to the fi nance industry. intends to review progress and establish further domain-specific subsidiary IRTs for sectors such as control systems or defense. Vulnerability Countermeasures for Control System Products Hitachi is proceeding with three initiatives based on an approach that utilizes experience from past HIRT activities and applies it in the control systems sector. (1) Utilize HIRT security information in the collection of security information related to control systems, including the latest trends, product vulnerabilities, and incident case studies. (2) Establish arrangements for the HIRT to act as a primary point of contact for the external community in relation to vulnerability handling and incident handling. (3) In addition to dealing with vulnerabilities in terms of specifications, source code, and configurations, embark on investigations aimed at establishing preliminary examples for control equipment and control systems with the aim of implementing vulnerability countermeasures for control equipment and other control systems that have specific applications in mind. for specialist and practical collaboration between organizations. The HIRT takes note of changing circumstances and is working on measures for the rapid deployment of countermeasures as part of the process of identifying upcoming threats. Hitachi also believes that it can contribute to the creation of safe and secure social infrastructure through the activities of its CSIRTs for specific industries or other sectors, and by training the academics who will form the next generation of the CSIRT community. REFERENCES (1) Information-technology Promotion Agency, Japan, IPA Technical Watch: Report on APT, about/technicalwatch/ html in Japanese. (2) JERT/CC, DDoS Attacks Using Recursive DNS Requests, https://www.jpcert.or.jp/at/2013/at html in Japanese. (3) M. Terada et al., Proposal of JP Vendor Status Notes Database (JVN), IPSJ Journal 46, pp (May 2005) in Japanese. CONCLUSIONS This article has described recent trends in security incidents, and Hitachi s CSIRT activities in which the HIRT Center plays a central role. Along with the ongoing damage caused by known threats, damage is also being done by emerging threats from new types of cyber-attack. Also becoming clear is the damage caused by cyber-attacks that results from the degree of impact that organizations have on each other. This makes it essential to utilize CSIRTs
7 Hitachi Review Vol. 63 (2014), No ABOUT THE AUTHORS Masato Terada, Dr. Eng. Hitachi Incident Response Team, Services Creation Division, Information & Telecommunication Systems Company and Yokohama Research Laboratory, Hitachi, Ltd. He is currently engaged in CSIRT collaboration activities for the incident operation of cybersecurity. Dr. Terada is a member of the Information Processing Society of Japan (IPSJ). Masashi Fujiwara Hitachi Incident Response Team, Services Creation Division, Information & Telecommunication Systems Company, Hitachi, Ltd. He is currently engaged in the vulnerability handling and incident response for Hitachi products and the Internet application service. Akiko Numata Hitachi Incident Response Team, Services Creation Division, Information & Telecommunication Systems Company, Hitachi, Ltd. She is currently engaged in establishment of internal education framework for the vulnerability handling and incident response. Toru Senoo IT Platform Division Group and Hitachi Incident Response Team, Services Creation Division, Information & Telecommunication Systems Company, Hitachi, Ltd. He is currently engaged in the establishment of the vulnerability countermeasure process for the Industrial Control Systems. Kazumi Ishibuchi IT Platform Division Group and Hitachi Incident Response Team, Services Creation Division, Information & Telecommunication Systems Company, Hitachi, Ltd. He is currently engaged in cyber intelligence as a cybersecurity information analyst. Mari Miyazaki CSIRT Group, General System Department, Financial Project Management Unit, Financial Information Systems Division, Information & Telecommunication Systems Company, Hitachi, Ltd. She is currently engaged in CSIRT activities as HIRT-FIS (Financial Industry Information Systems HIRT) staff
Fujitsu s Approach to Cloud-related Information Security
Fujitsu s Approach to Cloud-related Information Security Masayuki Okuhara Takuya Suzuki Tetsuo Shiozaki Makoto Hattori Cloud computing opens up a variety of possibilities but at the same time it raises
International Standardization Activities for Hitachi System Security Concept and Social Infrastructure Security Based on It
64 Hitachi Review Vol. 65 (2016), No. 5 Featured Articles International Standardization Activities for Hitachi System Security Concept and Social Infrastructure Security Based on It Toshihiko Nakano, Ph.D.
This is a preview - click here to buy the full publication
TECHNICAL REPORT IEC/TR 62443-3-1 Edition 1.0 2009-07 colour inside Industrial communication networks Network and system security Part 3 1: Security technologies for industrial automation and control systems
External Supplier Control Requirements
External Supplier Control s Cyber Security For Suppliers Categorised as Low Cyber Risk 1. Asset Protection and System Configuration Barclays Data and the assets or systems storing or processing it must
Information Technology Engineers Examination. Information Security Specialist Examination. (Level 4) Syllabus
Information Technology Engineers Examination Information Security Specialist Examination (Level 4) Syllabus Details of Knowledge and Skills Required for the Information Technology Engineers Examination
NASCIO 2015 State IT Recognition Awards
NASCIO 2015 State IT Recognition Awards Title: State of Georgia Private Security Cloud Implementation Category: Cybersecurity Contact: Mr. Calvin Rhodes CIO, State of Georgia Executive Director, GTA calvin.rhodes@gta.ga.gov
Cyber attack and incident response
Cyber attack and incident response Private sector s perspective for public/private information sharing 6 June 2012 Octopus Conference at Strasbourg Tomohiko Yamakawa 0 Copyright 2012 NTT All rights reserved.
The Hillstone and Trend Micro Joint Solution
The Hillstone and Trend Micro Joint Solution Advanced Threat Defense Platform Overview Hillstone and Trend Micro offer a joint solution the Advanced Threat Defense Platform by integrating the industry
Initiative for Cyber Security Information sharing Partnership of Japan (J-CSIP) Annual Activity Report FY2012
Initiative for Cyber Security Information sharing Partnership of Japan (J-CSIP) Annual Activity Report FY2012 IT SECURITY CENTER (ISEC) INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN Initiative for Cyber
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
Countermeasures against Bots
Countermeasures against Bots Are you sure your computer is not infected with Bot? Information-technology Promotion Agency IT Security Center http://www.ipa.go.jp/security/ 1. What is a Bot? Bot is a computer
Cybersecurity Global status update. Dr. Hamadoun I. Touré Secretary-General, ITU
Cybersecurity Global status update Dr. Hamadoun I. Touré Secretary-General, ITU Cybercrime takes a toll on the global economy - Online fraud, identity theft, and lost intellectual property; - On governments,
About Botnet, and the influence that Botnet gives to broadband ISP
About net, and the influence that net gives to broadband ISP Masaru AKAI BB Technology / SBB-SIRT Agenda Who are we? What is net? About Telecom-ISAC-Japan Analyzing code How does net work? BB Technology
Cyber Security and Critical Information Infrastructure
Cyber Security and Critical Information Infrastructure Dr. Gulshan Rai Director General Indian Computer Emergency Response Team (CERT- In) grai [at] cert-in.org.in The Complexity of Today s Network Changes
DANCERT RFC2350 Description Date: 10-10-2014 Dissemination Level:
10-10-2014 Date: 10-10-2014 Dissemination Level: Owner: Authors: Public DANCERT DANTE Document Revision History Version Date Description of change Person 1.0 10-10-14 First version issued Jan Kohlrausch
SYMANTEC MANAGED SECURITY SERVICES. Superior information security delivered with exceptional value.
SYMANTEC MANAGED SECURITY SERVICES Superior information security delivered with exceptional value. A strong security posture starts with a smart business decision. In today s complex enterprise environments,
CHAPTER 3 : INCIDENT RESPONSE THREAT INTELLIGENCE GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC
: INCIDENT RESPONSE THREAT INTELLIGENCE 1 THREAT INTELLIGENCE How it applies to our clients, and discuss some of the key components and benefits of a comprehensive threat intelligence strategy. Threat
Anti-Malware Technologies
: Trend of Network Security Technologies Anti-Malware Technologies Mitsutaka Itoh, Takeo Hariu, Naoto Tanimoto, Makoto Iwamura, Takeshi Yagi, Yuhei Kawakoya, Kazufumi Aoki, Mitsuaki Akiyama, and Shinta
Report on Cyber Security Alerts Processed by CERT-RO in 2014
Section III - Cyber-Attacks Evolution and Cybercrime Trends Report on Cyber Security Alerts Processed by CERT-RO in 2014 Romanian National Computer Security Incident Response Team office@cert-ro.eu The
KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com
KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES www.kaspersky.com EXPERT SERVICES Expert Services from Kaspersky Lab are exactly that the services of our in-house experts, many of them global
Fujitsu Group s Information Security
Fujitsu Group s Information Under the corporate governance system, the Fujitsu Group promotes appropriate information management and information usage according to Group rules, as part of risk management.
Cybersecurity Kill Chain. William F. Crowe, CISA, CISM, CRISC, CRMA September 2015 ISACA Jacksonville Chapter Meeting August 13, 2015
Cybersecurity Kill Chain William F. Crowe, CISA, CISM, CRISC, CRMA September 2015 ISACA Jacksonville Chapter Meeting August 13, 2015 Who Am I? Over 20 years experience with 17 years in the financial industry
Next Generation Security Strategies. Marc Sarrias Regional Sales Manager msarrias@paloaltonetworks.com
Next Generation Security Strategies Marc Sarrias Regional Sales Manager msarrias@paloaltonetworks.com IT Ever-Evolving Challenges & Constraints Support IT Initiatives Minimize Business Risks from Cybersecurity
CYBER SECURITY, A GROWING CIO PRIORITY
www.wipro.com CYBER SECURITY, A GROWING CIO PRIORITY Bivin John Verghese, Practitioner - Managed Security Services, Wipro Ltd. Contents 03 ------------------------------------- Abstract 03 -------------------------------------
Cyber Security & Role of CERT-In. Dr. Gulshan Rai Director General, CERT-IN Govt. of India grai@mit.gov.in
Cyber Security & Role of CERT-In Dr. Gulshan Rai Director General, CERT-IN Govt. of India grai@mit.gov.in Web Evolution Web Sites (WWW) 1993 Web Invented and implemented 130 Nos. web sites 1994 2738 Nos.
Analytic and Predictive Modeling of Cyber Threat Entities J. Wesley Regian, Ph.D.
18th Annual Space & Missile Defense Symposium IAMD Evolution and Integration/Key Topic: Predictive Cyber Threat Analysis Analytic and Predictive Modeling of Cyber Threat Entities J. Wesley Regian, Ph.D.
HOW TO PREVENT DDOS ATTACKS IN A SERVICE PROVIDER ENVIRONMENT
HOW TO PREVENT DDOS ATTACKS IN A SERVICE PROVIDER ENVIRONMENT The frequency and sophistication of Distributed Denial of Service attacks (DDoS) on the Internet are rapidly increasing. Most of the earliest
Protecting critical infrastructure from Cyber-attack
Protecting critical infrastructure from Cyber-attack ACI-NA BIT Workshop, Session 6 (Cybersecurity) Long Beach, California October 4, 2015 Ben Trethowan Aviation Systems & Security Architect The scale
GAINING THE ADVANTAGE. Applying Cyber Kill Chain Methodology to Network Defense
GAINING THE ADVANTAGE Applying Cyber Kill Chain Methodology to Network Defense THE MODERN DAY ATTACKER Cyberattacks aren t new, but the stakes at every level are higher than ever. Adversaries are more
CYBERSPACE SECURITY CONTINUUM
CYBERSPACE SECURITY CONTINUUM A People, Processes, and Technology Approach to Meeting Cyber Security Challenges in the 21 st Century 1 InterAgency Board 1550 Crystal Drive Suite 601, Arlington VA 22202
Combating a new generation of cybercriminal with in-depth security monitoring. 1 st Advanced Data Analysis Security Operation Center
Combating a new generation of cybercriminal with in-depth security monitoring 1 st Advanced Data Analysis Security Operation Center The Challenge Don t leave your systems unmonitored. It takes an average
EEI Business Continuity. Threat Scenario Project (TSP) April 4, 2012. EEI Threat Scenario Project
EEI Business Continuity Conference Threat Scenario (TSP) April 4, 2012 EEI Threat Scenario 1 Background EEI, working with a group of CIOs and Subject Matter Experts, conducted a survey with member companies
International Strategy on Cybersecurity Cooperation
資 料 9-2 International Strategy on Cybersecurity Cooperation - j-initiative for Cybersecurity - October 2, 2013 Information Security Policy Council Contents 1 Objectives 1 2 Basic Principles 2 2.1 Ensuring
CYBER SECURITY INFORMATION SHARING & COLLABORATION
Corporate Information Security CYBER SECURITY INFORMATION SHARING & COLLABORATION David N. Saul Senior Vice President & Chief Scientist 28 June 2013 Discussion Flow The Evolving Threat Environment Drivers
NSA/DHS Centers of Academic Excellence for Information Assurance/Cyber Defense
NSA/DHS Centers of Academic Excellence for Information Assurance/Cyber Defense Cyber Investigations Data Management Systems Security Data Security Analysis Digital Forensics Health Care Security Industrial
(BDT) BDT/POL/CYB/Circular-002. +41 22 730 6057 +41 22 730 5484 cybersecurity@itu.int
2011 15 (BDT) BDT/POL/CYB/Circular-002 +41 22 730 6057 +41 22 730 5484 cybersecurity@itu.int 2008 2010 2010 International Telecommunication Union Place des Nations CH-1211 Geneva 20 Switzerland Tel: +41
Department of Homeland Security Federal Government Offerings, Products, and Services
Department of Homeland Security Federal Government Offerings, Products, and Services The Department of Homeland Security (DHS) partners with the public and private sectors to improve the cybersecurity
Emerging Security Technological Threats
Emerging Security Technological Threats Jamie Gillespie Training and Education Team Leader, AusCERT About AusCERT Australia s national CERT Collect, monitor, advise on threats and vulnerabilities Incident
7 Homeland. ty Grant Program HOMELAND SECURITY GRANT PROGRAM. Fiscal Year 2008
U.S. D EPARTMENT OF H OMELAND S ECURITY 7 Homeland Fiscal Year 2008 HOMELAND SECURITY GRANT PROGRAM ty Grant Program SUPPLEMENTAL RESOURCE: CYBER SECURITY GUIDANCE uidelines and Application Kit (October
Verve Security Center
Verve Security Center Product Features Supports multiple control systems. Most competing products only support a single vendor, forcing the end user to purchase multiple security systems Single solution
An International Perspective on Security and Compliance
UNIDIRECTIONAL SECURITY GATEWAYS An International Perspective on Security and Compliance ICSJWG Fall Conference 2014 Lior Frenkel, CEO and Co-Founder Waterfall Security Solutions Andrew Ginter, VP Industrial
Beyond the Hype: Advanced Persistent Threats
Advanced Persistent Threats and Real-Time Threat Management The Essentials Series Beyond the Hype: Advanced Persistent Threats sponsored by Dan Sullivan Introduction to Realtime Publishers by Don Jones,
Eight Essential Elements for Effective Threat Intelligence Management May 2015
INTRODUCTION The most disruptive change to the IT security industry was ignited February 18, 2013 when a breach response company published the first research that pinned responsibility for Advanced Persistent
CHECKLIST: ONLINE SECURITY STRATEGY KEY CONSIDERATIONS MELBOURNE IT ENTERPRISE SERVICES
ONLINE SECURITY STRATEGY KEY CONSIDERATIONS MELBOURNE IT ENTERPRISE SERVICES Cyber threats continue to rapidly evolve in frequency and sophistication, posing a constant and serious threat to business organisations
As global mobile internet penetration increases the cybercrime and cyberterrorism vector is extended
As global mobile internet penetration increases the cybercrime and cyberterrorism vector is extended Global Cybercrime has an estimated cost of US$ 110 Billion per year Every second, 18 adults become a
2015 Michigan NASCIO Award Nomination. Cyber Security Initiatives: Michigan Cyber Disruption Response Strategy
2015 Michigan NASCIO Award Nomination Cyber Security Initiatives: Michigan Cyber Disruption Response Strategy Sponsor: David Behen, DTMB Director and Chief Information Officer Program Manager: Rod Davenport,
BT Assure Threat Intelligence
BT Assure Threat Intelligence Providing you with the intelligence to help keep your organisation safe BT Assure. Security that matters At all times, organisations are vulnerable to all kinds of cyber attacks
Understanding SCADA System Security Vulnerabilities
Understanding SCADA System Security Vulnerabilities Talking Points Executive Summary Common Misconceptions about SCADA System Security Common Vulnerabilities Affecting SCADA Networks Tactics to Strengthen
Promoting Network Security (A Service Provider Perspective)
Promoting Network Security (A Service Provider Perspective) Prevention is the Foundation H S Gupta DGM (Technical) Data Networks, BSNL hsgupta@bsnl.co.in DNW, BSNL 1 Agenda Importance of Network Security
CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL
CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL WHAT IS CDM? The continuous stream of high profile cybersecurity breaches demonstrates the need to move beyond purely periodic, compliance-based approaches to
Some Thoughts on the Future of Cyber-security
Some Thoughts on the Future of Cyber-security Mike Thomas Information Assurance Directorate National Security Agency NSI IMPACT April 2015 1 Introduction, or Why are we here? National security missions
Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014
Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Process Solutions (HPS) June 4, Industrial Cyber Security Industrial Cyber Security is the leading provider of cyber security
The FBI Cyber Program. Bauer Advising Symposium //UNCLASSIFIED
The FBI Cyber Program Bauer Advising Symposium October 11, 2012 Today s Agenda What is the threat? Who are the adversaries? How are they attacking you? What can the FBI do to help? What can you do to stop
Document ID. Cyber security for substation automation products and systems
Document ID Cyber security for substation automation products and systems 2 Cyber security for substation automation systems by ABB ABB addresses all aspects of cyber security The electric power grid has
NEC s Efforts for Security NEC s Security Solution and Trend of Security Consulting Business
NEC s Efforts for Security NEC s Security Solution and Trend of Security Consulting Business By Masashi SUGIURA* This paper is intended to summarize the security solutions of NEC together with the present
September 20, 2013 Senior IT Examiner Gene Lilienthal
Cyber Crime September 20, 2013 Senior IT Examiner Gene Lilienthal The following presentation are views and opinions of the speaker and does not necessarily reflect the views of the Federal Reserve Bank
Internet Security Topics
Internet Security Topics JPCERT/CC Japan Computer Emergency Response Team Coordination Center Yurie Ito, Director Technical Operation 1 Today s Agenda 1. Incident Trends Purpose/motivation, methods 2.
Security Operation Management Initiatives in Cooperative Vehicle-Infrastructure Systems for Safe Driving
Hitachi Review Vol. 65 (2016), No. 1 747 Featured Articles Security Operation Management Initiatives in Cooperative Vehicle-Infrastructure Systems for Safe Driving Akira Mizutani Mai Kawamura Eriko Ando
Standing together for financial industry cyber resilience Quantum Dawn 3 after-action report. November 23, 2015
Standing together for financial industry cyber resilience Quantum Dawn 3 after-action report November 23, 2015 Table of contents Background Exercise objectives Quantum Dawn 3 (QD3) cyberattack scenario
QUARTERLY REPORT 2015 INFOBLOX DNS THREAT INDEX POWERED BY
QUARTERLY REPORT 2015 INFOBLOX DNS THREAT INDEX POWERED BY EXPLOIT KITS UP 75 PERCENT The Infoblox DNS Threat Index, powered by IID, stood at 122 in the third quarter of 2015, with exploit kits up 75 percent
I N T E L L I G E N C E A S S E S S M E N T
I N T E L L I G E N C E A S S E S S M E N T (U//FOUO) Malicious Cyber Actors Target US Universities and Colleges 16 January 2015 Office of Intelligence and Analysis IA-0090-15 (U) Warning: This document
Advanced Threat Protection with Dell SecureWorks Security Services
Advanced Threat Protection with Dell SecureWorks Security Services Table of Contents Summary... 2 What are Advanced Threats?... 3 How do advanced threat actors operate?... 3 Addressing the Threat... 5
Countermeasures against Spyware
(2) Countermeasures against Spyware Are you sure your computer is not infected with Spyware? Information-technology Promotion Agency IT Security Center http://www.ipa.go.jp/security/ 1. What is a Spyware?
Managed Security Services
Proactive Real-Time Monitoring and Risk Management Managed Security Services NCS Group Offices Australia Bahrain Brunei China Dubai Hong Kong SAR Korea Malaysia Philippines Singapore Sri Lanka Understanding
Detailed Description about course module wise:
Detailed Description about course module wise: Module 1: Basics of Networking and Major Protocols 1.1 Networks and its Types. 1.2 Network Topologies 1.3 Major Protocols and their Functions 1.4 OSI Reference
Tunisia s experience in building an ISAC. Haythem EL MIR Technical Manager NACS Head of the Incident Response Team cert-tcc
Tunisia s experience in building an ISAC Haythem EL MIR Technical Manager NACS Head of the Incident Response Team cert-tcc 1 Agenda Introduction ISAC objectives and benefits Tunisian approach SAHER system
Εmerging Ways to Protect your Network
Εmerging Ways to Protect your Network From Vulnerability Scanning to Real-time Monitoring and Detection of Cyber-attacks Konstantinos Xinidis Software Engineer xinidis@vtripgroup.com Development Dept.,
Securing Your Business with DNS Servers That Protect Themselves
Product Summary: The Infoblox DNS security product portfolio mitigates attacks on DNS servers by intelligently recognizing various attack types and dropping attack traffic while responding only to legitimate
WRITTEN TESTIMONY OF
WRITTEN TESTIMONY OF KEVIN MANDIA CHIEF EXECUTIVE OFFICER MANDIANT CORPORATION BEFORE THE SUBCOMMITTEE ON CRIME AND TERRORISM JUDICIARY COMMITTEE UNITED STATES SENATE May 8, 2013 Introduction Thank you
ISO27032 Guidelines for Cyber Security
ISO27032 Guidelines for Cyber Security Deloitte Point of View on analysing and implementing the guidelines Deloitte LLP Enterprise Risk Services Security & Resilience Contents Foreword 1 Cyber governance
30 Independent Study. 60 (e.g. lectures, seminars and supervised group activity)
1. Programme Title BSc Digital & Technology Solutions 2. Unit Title Data and Security 3. HE Level UG1 FHEQ Level 4 4. Unit Code DTS16104 5. Credit Value of Unit 30 6. Unit Type Mandatory 7. Unit Tutor
UNCLASSIFIED. Briefing to Critical Infrastructure Sector Organizations on the Canadian Cyber Incident Response Centre (CCIRC)
Briefing to Critical Infrastructure Sector Organizations on the Canadian Cyber Incident Response Centre (CCIRC) Cyber in the News 1 Tactics, Techniques and Procedures These observed tactics, techniques
Technology and Cyber Resilience Benchmarking Report 2012. December 2013
Technology and Cyber Resilience Benchmarking Report 2012 December 2013 1 Foreword by Andrew Gracie Executive Director, Special Resolution Unit, Bank of England On behalf of the UK Financial Authorities
White Paper. April 2006. Security Considerations for Utilities Utilities Tap Into the Power of SecureWorks
White Paper April 2006 Security Considerations for Utilities Utilities Tap Into the Power of SecureWorks According to a recent Harris Interactive survey, the country s leading business executives consider
CYBER SECURITY TRAINING SAFE AND SECURE
CYBER SECURITY TRAINING KEEPING YOU SAFE AND SECURE Experts in Cyber Security training. Hardly a day goes by without a cyber attack being reported. With this ever-increasing threat there is a growing need
Combating a new generation of cybercriminal with in-depth security monitoring
Cybersecurity Services Combating a new generation of cybercriminal with in-depth security monitoring 1 st Advanced Data Analysis Security Operation Center The Challenge Don t leave your systems unmonitored.
U.S. Department of Energy Office of Inspector General Office of Audits and Inspections
U.S. Department of Energy Office of Inspector General Office of Audits and Inspections Audit Report Management of Los Alamos National Laboratory's Cyber Security Program DOE/IG-0880 February 2013 Department
for Critical Infrastructure Protection Supervisory Control and Data Acquisition SCADA SECURITY ADVICE FOR CEOs
for Critical Infrastructure Protection Supervisory Control and Data Acquisition SCADA SECURITY ADVICE FOR CEOs EXECUTIVE SUMMARY Supervisory Control and Data Acquisition (SCADA) systems are used for remote
Cyber Security for SCADA/ICS Networks
Cyber Security for SCADA/ICS Networks GANESH NARAYANAN HEAD-CONSULTING CYBER SECURITY SERVICES www.thalesgroup.com Increasing Cyber Attacks on SCADA / ICS Systems 2 What is SCADA Supervisory Control And
Things To Do After You ve Been Hacked
Problem: You ve been hacked! Now what? Solution: Proactive, automated incident response from inside the network Things To Do After You ve Been Hacked Tube web share It only takes one click to compromise
The Importance of a Multistakeholder Approach to Cybersecurity Effectiveness
The Importance of a Multistakeholder Approach to Cybersecurity Effectiveness Abstract Area: ROADMAP FOR THE FURTHER EVOLUTION OF THE INTERNET GOVERNANCE ECOSYSTEM Entitled by: Cristine Hoepers, Klaus Steding-Jessen,
National Cyber Security Policy -2013
National Cyber Security Policy -2013 Preamble 1. Cyberspace 1 is a complex environment consisting of interactions between people, software and services, supported by worldwide distribution of information
Country Case Study on Incident Management Capabilities CERT-TCC, Tunisia
Country Case Study on Incident Management Capabilities CERT-TCC, Tunisia Helmi Rais CERT-TCC Team Manager National Agency for Computer Security, Tunisia helmi.rais@ansi.tn helmi.rais@gmail.com Framework
Office of Inspector General
Audit Report OIG-05-040 INFORMATION TECHNOLOGY: Mint s Computer Security Incident Response Capability Needs Improvement July 13, 2005 Office of Inspector General Department of the Treasury Contents Audit
Client Update NFA Adopts Interpretive Notice Regarding Information Systems Security Programs
1 Client Update NFA Adopts Interpretive Notice Regarding Information Systems Security Programs NEW YORK Byungkwon Lim blim@debevoise.com Gary E. Murphy gemurphy@debevoise.com Michael J. Decker mdecker@debevoise.com
A New Approach to Assessing Advanced Threat Solutions
A New Approach to Assessing Advanced Threat Solutions December 4, 2014 A New Approach to Assessing Advanced Threat Solutions How Well Does Your Advanced Threat Solution Work? The cyber threats facing enterprises
Introduction of the GCCD. (Global Cybersecurity Center for Development)
Introduction of the GCCD (Global Cybersecurity Center for Development) Contents Ⅰ Ⅱ Ⅲ Ⅳ Ⅴ Ⅵ Ⅶ Background Vision Roles and Responsibilities Organizational Structure and Facilities Partnership Plan GCCD
G-Cloud Definition of Services Security Penetration Testing
G-Cloud Definition of Services Security Penetration Testing Commercial in Confidence G-Cloud Services An Overview Inner Security is a leading CREST registered information security services provider. We
Defending Against Data Beaches: Internal Controls for Cybersecurity
Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity
POLICIES TO MITIGATE CYBER RISK
POLICIES TO MITIGATE CYBER RISK http://www.tutorialspoint.com/information_security_cyber_law/policies_to_mitigate_cyber_risk.htm Copyright tutorialspoint.com This chapter takes you through the various
Next-Generation Endpoint Protection Explained
Next-Generation Endpoint Protection Explained Executive Summary This paper aims to bring you up-to-speed on exactly why organizations like yours need next-gen endpoint protection in order to keep your
JPCERT/CC Internet Threat Monitoring Report [January 1, 2015 - March 31, 2015]
JPCERT-IA-2015-02 Issued: 2015-04-27 JPCERT/CC Internet Threat Monitoring Report [January 1, 2015 - March 31, 2015] 1 Overview JPCERT/CC has placed multiple sensors across the Internet for monitoring to
Information Technology Cyber Security Policy
Information Technology Cyber Security Policy (Insert Name of Organization) SAMPLE TEMPLATE Organizations are encouraged to develop their own policy and procedures from the information enclosed. Please
Trends in Cybersecurity and Latest Countermeasures
Hitachi Review Vol. 63 (2014), No. 5 264 Featured Articles Trends in Cybersecurity and Latest Countermeasures Satoshi Takemoto Makoto Kayashima, Ph.D. Kunihiko Miyazaki, Ph.D. Yasuko Fukuzawa, Ph.D. OVERVIEW:
Korea s experience of massive DDoS attacks from Botnet
Korea s experience of massive DDoS attacks from Botnet April 12, 2011 Heung Youl YOUM Ph.D. SoonChunHyang University, Korea President, KIISC, Korea Vice-chairman, ITU-T SG 17 1 Table of Contents Overview
GEARS Cyber-Security Services
Florida Department of Management Services Division of State Purchasing Table of Contents Introduction... 1 About GEARS... 2 1. Pre-Incident Services... 3 1.1 Incident Response Agreements... 3 1.2 Assessments
Data Driven Assessment of Cyber Risk:
Data Driven Assessment of Cyber Risk: Challenges in Assessing and Mitigating Cyber Risk Mustaque Ahamad, Saby Mitra and Paul Royal Georgia Tech InformationSecurity Center Georgia Tech Research Institute
Development of Technology for Detecting Advanced Persistent Threat Activities
FOR IMMEDIATE RELEASE Development of Technology for Detecting Advanced Persistent Threat Activities Visualizing correlations among hosts having suspicious activities to detect attacks such as stealth malware
Defend Your Network with DNS Defeat Malware and Botnet Infections with a DNS Firewall
Defeat Malware and Botnet Infections with a DNS Firewall By 2020, 30% of Global 2000 companies will have been directly compromised by an independent group of cyberactivists or cybercriminals. How to Select
Microsoft Technologies
NETWORK ENGINEERING TRACK Microsoft Technologies QUARTER 1 DESKTOP APPLICATIONS - ESSENTIALS Module 1 - Office Applications This subject enables users to acquire the necessary knowledge and skills to use