Cyber Security. Chris Hankin, Imperial College London November 2014
|
|
- Austen Norton
- 8 years ago
- Views:
Transcription
1 Cyber Security Chris Hankin, Imperial College London November 2014
2 Overview Introduction Science of Cyber Security Game Theoretic Models Industrial Control Systems Conclusions
3 Hackmageddon.com
4 Hackmageddon.com
5 Hackmageddon.com
6 The Changing Cyber Security Landscape Recent issues: Heartbleed and ShellShock Worms: Stuxnet Remote Access Trojans: Havex Advanced Persistent Threats
7 Research Institute in the Science of Cyber Security Choice architecture for information security 4M programme, awarded 1 st Oct projects, coordinated by UCL How secure is my enterprise? How do we make beber security decisions? Productive Security Improving security compliance and productivity through measurement Games and Abstraction: The science of cyber security Cyber security cartographies: CySeCa
8 Science of Cyber Security Security is process, not a product people, processes, technology Moving to empirical, evidence-based security Collaboration between researchers and industry is essential better understanding of complexity of problems by academics (avoiding ivory tower mentality) because that s where the data is! Bringing scientific rigour to data collection, measurement, and decision-making
9 Games and Abstraction Game Theory can help Systems Administrators make better decisions about how to defend their systems. The Cyber Security Problem can be seen as a two player game consisting of an Attacker who wants to maximise damage and a Defender who wants to minimise downtime and protect resources. For example, once an http server has been compromised, the likely next steps of the attacker would be to deface the website or install a sniffer. Defences include re-installing the compromised account or installing a sniffer detector. Attackers are far more likely to just deface the website and so the best defence is therefore to re-install the compromised account. We have designed a scientific programme to make this kind of analysis a robust and tractable problem.
10 Expected outcomes New theory and understanding of Game Theory and its application to cyber defence. Proof-of-concept implementation of a decision support tool based on adaptive, imperfect information stochastic games with intermediate results relating to simpler systems. Empirical evaluation of the implementation against data sets from real stakeholders. Policy advice on cyber security strategy.
11 Our Model
12 Concepts (1) q Target q Vulnerability: The particular attack method q Depth: The network location of the data assets q Control q Level: The Degree to which a control is implemented q Mitigation: The amount of damage that is expected to be stopped by implementing this control q Direct Cost: The cost to implement and maintain a control q Indirect Cost: Costs related to the implementation of a control not seen as direct costs q Organisational Profile: Characteristics unique to the Company or organisation
13 Concepts (2) q Control Games q q Study Each Control Individually q Calculate a Mixed Strategy for Each Level of Implementation Optimisation q Find the Optimum Allocation of a Budget for Defence of an Organisation q Uses a Weakest Target Model q Formulated as a 0-1 Multiple-Choice Multi- Objective Knapsack Problem
14 Control Games q Control Games All sub-games of a single control identifying the best strategy for each possible level. q Control Sub-Game The analysis of each possible combination of levels of a single control up to the maximum level denoted by the sub-game. q Representation q Two Player, Zero Sum Game
15 Solving the Games A Python Based Min-Max Solver We have used a method based on Singular Value Decomposition (SVD) to compute equilibria in large games where a large number of assets of the defending party must be protected against adversaries. Our method provides reasonably close solutions to the original game solutions and a significant speed up to the computation.
16 Case Sudy (1) Tables from Cybersecurity Games and Investments: A Decision Support Approach Gamesec 2014
17 Case Study (2) Table and Graph from Cybersecurity Games and Investments: A Decision Support Approach Gamesec 2014
18 Game Modelling - Future Work q Larger Scale Games q More Resources and Vulnerabilities q Comparison of results to Cyber Essentials q Solving The Summation of Effectiveness Problem q Defender Payoffs represented by Benefits not Damage q New Data Sources q Common Attack Pattern Enumeration and Classification (CAPEC) 1 as the source for Attacks q Integration of findings from Qualitative Research 1
19 Advanced Persistent Threats q The Current Model design doesn t effectively support the decision making required for Advance Persistent Threat attacks. q Currently working on designing a model for more accurately representing the interactions in Advance Persistent Threat attacks.
20 Industrial Control System operation NIST
21 Convergence of ICS and Enterprise IT but with major differences: Time critical versus high throughput Continuous operation Increased importance of edge clients Complex interactions with physical processes Resource constraints Legacy issues: years of operation Access to components can be difficult
22 A change of emphasis... C I A Espionage Sabotage A I C... not forgetting: Maintainability, Reliability and Safety
23 Focus of Phase 1 State of the Market To document current approaches and praceces To idenefy successes and failures Barriers To report on the cultural barriers that prevent innovaeon and adopeon of good praceces Foresight To idenefy emerging technologies and threats that are likely to improve or exacerbate idenefied challenges
24 Key Questions / Challenges for Phase 2 Do we understand the harm threats pose to our ICS systems and business? Can we confidently arcculate these threats as business risk? What could be novel effeccve and efficient intervencons?
25 Research Institute in Trustworthy Industrial Control Systems CAPRICA: Converged approach towards resilient industrial control systems and cyber assurance MUMBA: Multifaceted metrics for ICS business risk analysis 2.4M programme, 5 coordinated projects. Phase 1 (Directorship) awarded 01/01/14, Chris Hankin, Imperial College London. Phase 2 awarded 01/10/14. Key challenges: 1. Mapping cyber threat to physical harm: do we understand the harm that threats pose to ICS and business? 2. Do we understand and can we confidently areculate these threats as business risk? 3. What are the novel effeceve and efficient interveneons? CECRICS: Communicating and evaluating cyber risk and dependencies in ICS SCEPTICS: A systematic evaluation process for threats to ICS (incl. national grid and rail networks) RITICS: Novel, effective and efficient interventions
26 Imperial: A multi-scale approach Single organisations Local clique National Infrastructure International
27 Imperial: Themes Connectedness what is the level of connectedness in organisations at the various scales? Propagation of effects how far is a successful attack likely to migrate (cascading failures)? Defensive strategies Link to RISCS Economic consequences what are the consequences at each scale? Mitigation particularly for worst case threats.
28 Thank you Pasquale Malacaria Fabrizio Smeraldi Tom Hoehn Deeph Chana Andrew Burton Denise McGurk Andrew Fielder Manos Panaousis Zeynep Gurguc
Comparing Decision Support Approaches for Cyber Security Investment
Comparing Decision Support Approaches for Cyber Security Investment Andrew Fielder, Emmanouil Panaousis, Pasquale Malacaria, Chris Hankin, and Fabrizio Smeraldi Imperial College London, UK University of
More informationGame Theory Meets Information Security Management
Game Theory Meets Information Security Management Andrew Fielder 1, Emmanouil Panaousis 2, Pasquale Malacaria 2, Chris Hankin 1, and Fabrizio Smeraldi 2 1 Imperial College London {andrew.fielder,c.hankin}@imperial.ac.uk
More informationCybersecurity Games and Investments: A Decision Support Approach
Cybersecurity Games and Investments: A Decision Support Approach Emmanouil Panaousis 1, Andrew Fielder 2, Pasquale Malacaria 1, Chris Hankin 2, and Fabrizio Smeraldi 1 1 Queen Mary University of London
More informationIndividual security and network design
Individual security and network design Diego Cerdeiro Marcin Dziubiński Sanjeev Goyal FIT 2015 Motivation Networks often face external threats in form of strategic or random attacks The attacks can be
More informationU.S. Army Research, Development and Engineering Command. Cyber Security CRA Overview
U.S. Army Research, Development and Engineering Command Cyber Security CRA Overview Dr. Ananthram Swami, ST Network Science 18FEB 2014 Cyber Security Collaborative Research Alliance A Collaborative Venture
More informationIntrusion Detection: Game Theory, Stochastic Processes and Data Mining
Intrusion Detection: Game Theory, Stochastic Processes and Data Mining Joseph Spring 7COM1028 Secure Systems Programming 1 Discussion Points Introduction Firewalls Intrusion Detection Schemes Models Stochastic
More informationESKISP6054.01 Conduct security testing, under supervision
Overview This standard covers the competencies required to conduct security testing under supervision. In order to contribute to the determination of the level of resilience of an information system to
More informationUK s new Research Institute investigates the science of cybersecurity
UK s new Research Institute investigates the science of cybersecurity Government Communications Headquarters (GCHQ) How do we know when we are secure enough? How do we decide how best to spend our precious
More informationCHECKLIST: ONLINE SECURITY STRATEGY KEY CONSIDERATIONS MELBOURNE IT ENTERPRISE SERVICES
ONLINE SECURITY STRATEGY KEY CONSIDERATIONS MELBOURNE IT ENTERPRISE SERVICES Cyber threats continue to rapidly evolve in frequency and sophistication, posing a constant and serious threat to business organisations
More informationSCADA Security Training
SCADA Security Training 1-Day Course Outline Wellington, NZ 6 th November 2015 > Version 3.1 web: www.axenic.co.nz phone: +64 21 689998 page 1 of 6 Introduction Corporate Background Axenic Ltd Since 2009,
More informationCareer proposition for software developers and web operations engineers
Career proposition for software developers and web operations engineers Introduction The Government Digital Service is at the centre of the digital transformation of government, making information and
More informationCyber Security Metrics Dashboards & Analytics
Cyber Security Metrics Dashboards & Analytics Feb, 2014 Robert J. Michalsky Principal, Cyber Security NJVC, LLC Proprietary Data UNCLASSIFIED Agenda Healthcare Sector Threats Recent History Security Metrics
More informationA NEW APPROACH TO CYBER SECURITY
A NEW APPROACH TO CYBER SECURITY We believe cyber security should be about what you can do not what you can t. DRIVEN BY BUSINESS ASPIRATIONS We work with you to move your business forward. Positively
More informationNational Security & Homeland Security Councils Review of National Cyber Security Policy. Submission of the Business Software Alliance March 19, 2009
National Security & Homeland Security Councils Review of National Cyber Security Policy Submission of the Business Software Alliance March 19, 2009 Question # 1: What is the federal government s role in
More informationProtecting Your Organisation from Targeted Cyber Intrusion
Protecting Your Organisation from Targeted Cyber Intrusion How the 35 mitigations against targeted cyber intrusion published by Defence Signals Directorate can be implemented on the Microsoft technology
More informationEnterprise Cybersecurity: Building an Effective Defense
Enterprise Cybersecurity: Building an Effective Defense Chris Williams Oct 29, 2015 14 Leidos 0224 1135 About the Presenter Chris Williams is an Enterprise Cybersecurity Architect at Leidos, Inc. He has
More informationThe Four-Step Guide to Understanding Cyber Risk
Lifecycle Solutions & Services The Four-Step Guide to Understanding Cyber Risk Identifying Cyber Risks and Addressing the Cyber Security Gap TABLE OF CONTENTS Introduction: A Real Danger It is estimated
More informationEnterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
More informationassessments, for example, form part of the standard process of adoption. Introduction
A service designed to deliver more efficient operations and impressive economies of scale from your Linux infrastructure through the application of best practice. Higher ratios of servers and users per
More informationCommittees Date: Subject: Public Report of: For Information Summary
Committees Audit & Risk Management Committee Finance Committee Subject: Cyber Security Risks Report of: Chamberlain Date: 17 September 2015 22 September 2015 Public For Information Summary Cyber security
More informationEmerging SCADA and Security Solutions Presented by; Michael F. Graves, P.E. Chris Murphy, CISSP
Emerging SCADA and Security Solutions Presented by; Michael F. Graves, P.E. Chris Murphy, CISSP July 25, 2014 Topics Improved 4G Communications Mobile Devices Cyber Security Threats Cyber Security Guidance
More informationCyber security and critical national infrastructure
120 Dr Richard Piggin Manager Defence, Aerospace & Communications Atkins Cyber security and critical national infrastructure Abstract Cyber security is an all-embracing term, meaning different things to
More informationCybersecurity Landscape for the Utility Industry and Considerations for State Regulators
Cybersecurity Landscape for the Utility Industry and Considerations for State Regulators Chairman s Forum on Cybersecurity and Critical Infrastructure Kentucky Public Service Commission, Hearing Room One
More informationNCCIC CYBER INCIDENT SCORING SYSTEM OVERVIEW
NCCIC CYBER INCIDENT SCORING SYSTEM OVERVIEW Many incident taxonomies and classification schemes provide excellent guidance within the scope of a single enterprise s security operations center (SOC). However,
More informationCyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.
Cyber Security Automation of energy systems provides attack surfaces that previously did not exist Cyber attacks have matured from teenage hackers to organized crime to nation states Centralized control
More informationUpdate On Smart Grid Cyber Security
Update On Smart Grid Cyber Security Kshamit Dixit Manager IT Security, Toronto Hydro, Ontario, Canada 1 Agenda Cyber Security Overview Security Framework Securing Smart Grid 2 Smart Grid Attack Threats
More informationDefending Against Data Beaches: Internal Controls for Cybersecurity
Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity
More informationMaster of Science in Cyber Security and Management
Master of Science in Cyber Security and Management Introduction Realizing the importance of protecting her critical national information infrastructure, Malaysia has introduced the National Cyber Security
More informationCLOSING THE DOOR TO CYBER ATTACKS HOW ENTERPRISES CAN IMPLEMENT COMPREHENSIVE INFORMATION SECURITY
CLOSING THE DOOR TO CYBER ATTACKS HOW ENTERPRISES CAN IMPLEMENT COMPREHENSIVE INFORMATION SECURITY CLOSING THE DOOR TO CYBER ATTACKS Cybersecurity and information security have become key challenges for
More informationSECURITY RISK MANAGEMENT
SECURITY RISK MANAGEMENT ISACA Atlanta Chapter, Geek Week August 20, 2013 Scott Ritchie, Manager, HA&W Information Assurance Services Scott Ritchie CISSP, CISA, PCI QSA, ISO 27001 Auditor Manager, HA&W
More informationEnterprise Cybersecurity: Building an Effective Defense
: Building an Effective Defense Chris Williams Scott Donaldson Abdul Aslam 1 About the Presenters Co Authors of Enterprise Cybersecurity: How to Implement a Successful Cyberdefense Program Against Advanced
More informationHow To Protect Your Network From Attack From A Network Security Threat
Cisco Security Services Cisco Security Services help you defend your business from evolving security threats, enhance the efficiency of your internal staff and processes, and increase the return on your
More informationInformation Security in Business: Issues and Solutions
Covenant University Town & Gown Seminar 2015 Information Security in Business: Issues and Solutions A Covenant University Presentation By Favour Femi-Oyewole, BSc, MSc (Computer Science), MSc (Information
More informationESKISP6053.01 Assist security testing, under supervision
Overview This standard covers the competencies required to assist security testing under supervision. In order to contribute to the determination of the level of resilience of an information system to
More informationAddressing Cyber Risk Building robust cyber governance
Addressing Cyber Risk Building robust cyber governance Mike Maddison Partner Head of Cyber Risk Services The future of security The business environment is changing The IT environment is changing The cyber
More informationCyber Security. Protecting the UK water industry
Cyber Security Protecting the UK water industry In today s connected world, cyber attacks are a daily occurrence. These attacks can have potentially disastrous consequences for water companies and the
More informationSeminar on Unfair Competition Enforcement in the United States and Supply Chain Cybersecurity Issues. Palace Hotel Saigon, HCMC, November 19 th 2014
Seminar on Unfair Competition Enforcement in the United States and Supply Chain Cybersecurity Issues Palace Hotel Saigon, HCMC, November 19 th 2014 Cyber Security and Supply Chain Integrity as Risk Factors
More informationCourse Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits)
Page 1 of 6 Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits) TNCC Cybersecurity Program web page: http://tncc.edu/programs/cyber-security Course Description: Encompasses
More informationCourse 4202: Fraud Awareness and Cyber Security Workshop (3 days)
Course introduction It is vital to ensure that your business is protected against the threats of fraud and cyber crime and that operational risk processes are in place. This three-day course provides an
More informationNetwork Cyber Security. Presented by: Motty Anavi RFL Electronics
Network Cyber Security Presented by: Motty Anavi RFL Electronics Agenda Cyber Security Threats Defense Strategy & Consequences Next Generation Networking ICS Vulnerabilities Liabilities Next Gen Networking
More informationMassMutual Cyber Security. University of Massachusetts Internship Opportunities Within Enterprise Information Risk Management
MassMutual Cyber Security University of Massachusetts Internship Opportunities Within Enterprise Information Risk Management Position Title: Threat Intelligence Intern Job Location: Boston, MA Timeframe:
More informationTUSKEGEE CYBER SECURITY PATH FORWARD
TUSKEGEE CYBER SECURITY PATH FORWARD Preface Tuskegee University is very aware of the ever-escalating cybersecurity threat, which consumes continually more of our societies resources to counter these threats,
More informationThe International MBA in Corporate Security Management (IMBASM) Distance Learning
MEDITERRANEAN INSTITUTE FOR SCIENTIFIC RESEARCH The International MBA in Corporate Security Management (IMBASM) Distance Learning Module Content Modules: Aims and Objectives Mandatory Modules SS247M1:
More informationidata Improving Defences Against Targeted Attack
idata Improving Defences Against Targeted Attack Summary JULY 2014 Disclaimer: Reference to any specific commercial product, process or service by trade name, trademark, manufacturer, or otherwise, does
More informationKey Cyber Risks at the ERP Level
Key Cyber Risks at the ERP Level Process & Industrial Products (P&IP) Sector December, 2014 Today s presenters Bhavin Barot, Sr. Manager Deloitte & Touche LLP Goran Ristovski, Manager Deloitte & Touche
More informationSmart grid security analysis
Smart grid security analysis Paul Smith et al. paul.smith@ait.ac.at SPARKS Stakeholder Workshop 20 th May, 2014, Graz SPARKS Objectives The SPARKS project has three main objectives regarding security analysis:
More informationSecurity Architecture: From Start to Sustainment. Tim Owen, Chief Engineer SMS DGI Cyber Security Conference June 2013
Security Architecture: From Start to Sustainment Tim Owen, Chief Engineer SMS DGI Cyber Security Conference June 2013 Security Architecture Topics Introduction Reverse Engineering the Threat Operational
More informationEndpoint Based Policy Management: The Road Ahead
Endpoint Based Policy Management: The Road Ahead Introduction In a rapidly growing and crowded security solutions market, organizations need to deploy the most effective technologies taking into consideration
More informationExecutive Summary. Cybersecurity cannot be completely solved, and will remain a risk we must actively manage.
Executive Summary Statement of Nadya Bartol Vice President, Industry Affairs and Cybersecurity Strategist Utilities Telecom Council Before the Subcommittee on Oversight and Subcommittee on Energy Committee
More informationASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES
ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES Leonard Levy PricewaterhouseCoopers LLP Session ID: SEC-W03 Session Classification: Intermediate Agenda The opportunity Assuming
More informationISACA Kampala Chapter Feb 2011. Bernard Wanyama Syntech Associates Limited
ISACA Kampala Chapter Feb 2011 Bernard Wanyama Syntech Associates Limited Agenda 1. ERP: What is it? 2. ERP: Examples 3. Security: Definitions, Triads & Frameworks 4. Security: Control Framework 5. Traditional
More informationBellevue University Cybersecurity Programs & Courses
Undergraduate Course List Core Courses: CYBR 250 Introduction to Cyber Threats, Technologies and Security CIS 311 Network Security CIS 312 Securing Access Control CIS 411 Assessments and Audits CYBR 320
More informationIntroduction to Cybersecurity Overview. October 2014
Introduction to Cybersecurity Overview October 2014 Introduces the importance of cybersecurity and current trends Eight modules with presentations and panel discussions that feature industry experts Activities,
More informationAgenda. Introduction to SCADA. Importance of SCADA security. Recommended steps
Agenda Introduction to SCADA Importance of SCADA security Recommended steps SCADA systems are usually highly complex and SCADA systems are used to control complex industries Yet.SCADA systems are actually
More informationCyberspace Situational Awarness in National Security System
Cyberspace Situational Awarness in National Security System Rafał Piotrowski, Joanna Sliwa, Military Communication Institute C4I Systems Department Zegrze, Poland, r.piotrowski@wil.waw.pl, j.sliwa@wil.waw.pl
More informationFREQUENTLY ASKED QUESTIONS
FREQUENTLY ASKED QUESTIONS Continuous Monitoring 1. What is continuous monitoring? Continuous monitoring is one of six steps in the Risk Management Framework (RMF) described in NIST Special Publication
More informationThe Leading Provider of Endpoint Security Solutions
The Leading Provider of Endpoint Security Solutions Innovative Policies to Defend Against Next-Generation Threats Conrad Herrmann CTO and Co-Founder Zone Labs, Inc. Network Security Is an Uphill Battle
More informationPASTA Abstract. Process for Attack S imulation & Threat Assessment Abstract. VerSprite, LLC Copyright 2013
2013 PASTA Abstract Process for Attack S imulation & Threat Assessment Abstract VerSprite, LLC Copyright 2013 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
More informationWhen a student leaves this intensive 5 day class they will have hands on understanding and experience in Ethical Hacking.
Ethical Hacking and Countermeasures Course Description: This class will immerse the student into an interactive environment where they will be shown how to scan, test, hack and secure their own systems.
More informationOpening Up a Second Front for Cyber Security and Risk Management
Opening Up a Second Front for Cyber Security and Risk Management Annual Computer Security Applications Conference December 4, 2012 Dr. Ron Ross Computer Security Division Information Technology Laboratory
More informationWORKSHOP Rethinking Cyber Security for Industrial Control Systems
WORKSHOP Rethinking Cyber Security for Industrial Control Systems Bob Mick, Workshop Moderator VP Emerging Technologies ARC Advisory Group bmick@arcweb.com 1 Re-Thinking Cyber Security Why Re-Thinking?
More informationGovernment of Canada Cyber Security Event Management Plan (formerly GC IT Incident Management Plan)
Government of Canada Cyber Security Event Management Plan (formerly GC IT Incident Management Plan) Presentation to PSCIOC March 5 th, 2015 Overview Drivers Current Landscape Proposed Changes Expected
More informationPROJECT BOEING SGS. Interim Technology Performance Report 3. Company Name: The Boeing Company. Contract ID: DE-OE0000191
Interim Techlogy Performance Report 3 PROJECT BOEING SGS Contract ID: DE-OE0000191 Project Type: Revision: V1 Company Name: The Boeing Company November 19, 2013 1 Interim Techlogy Performance Report 3
More informationNational Cyber Security Strategy 2015-2017
National Cyber Security Strategy 2015-2017 Table of Contents Table of Contents...i Executive Summary... 1 1. Introduction... 2 2. Context - People, Economy, and State... 4 3. Guiding Principles... 10 4.
More informationCyber Security Solutions
Cyber Security Solutions Defending the Enterprise General Dynamics Information Technology defends mission-critical systems including government, health, finance, defence, large-enterprise and national
More informationMalicious Email Mitigation Strategy Guide
CYBER SECURITY OPERATIONS CENTRE Malicious Email Mitigation Strategy Guide Introduction (UPDATED) SEPTEMBER 2012 1. Socially engineered emails containing malicious attachments and embedded links are commonly
More informationAUTHORED BY: George W. Gray CTO, VP Software & Information Systems Ivenix, Inc. ADDRESSING CYBERSECURITY IN INFUSION DEVICES
AUTHORED BY: George W. Gray CTO, VP Software & Information Systems Ivenix, Inc. ADDRESSING CYBERSECURITY IN INFUSION DEVICES INTRODUCTION Cybersecurity has become an increasing concern in the medical device
More informationNational Cyber Security Policy -2013
National Cyber Security Policy -2013 Preamble 1. Cyberspace 1 is a complex environment consisting of interactions between people, software and services, supported by worldwide distribution of information
More informationNetwork Economics of Cyber Crime with Applications to Financial Service Organizations
Network Economics of Cyber Crime with Applications to Financial Service Organizations Anna Nagurney, Wayne Burleson, Mila Sherman, Senay Solak, and Chris Misra University of Massachusetts Amherst, Massachusetts
More informationHow To Manage Risk On A Scada System
Risk Management for Industrial Control Systems (ICS) And Supervisory Control Systems (SCADA) Information For Senior Executives (Revised March 2012) Disclaimer: To the extent permitted by law, this document
More informationCyber-Intelligence and Cyber-Espionage
London First Cyber-Intelligence and Cyber-Espionage Roundtable 23 October 2013 Sponsored and Hosted by Avanta CONTENTS Executive Summary Introduction Cyber-Warfare: The Emerging Frontier I. CASCADING FAILURE
More informationDiscussion Draft of the Preliminary Cybersecurity Framework Illustrative Examples
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 Discussion Draft of the Preliminary Cybersecurity Framework Illustrative Examples The
More informationCyberNEXS Global Services
CyberNEXS Global Services CYBERSECURITY A cyber training, exercising, competition and certification product for maximizing the cyber skills of your workforce The Cyber Network EXercise System CyberNEXS
More informationThe Changing Threat Surface in. Embedded Computing. Riley Repko. Vice President, Global Cyber Security Strategy
The Changing Threat Surface in Embedded Computing Riley Repko Vice President, Global Cyber Security Strategy Embedded Computing History First embedded system was the Apollo Guidance Computer First integrated
More informationEEI Business Continuity. Threat Scenario Project (TSP) April 4, 2012. EEI Threat Scenario Project
EEI Business Continuity Conference Threat Scenario (TSP) April 4, 2012 EEI Threat Scenario 1 Background EEI, working with a group of CIOs and Subject Matter Experts, conducted a survey with member companies
More informationAddressing Human Behavior in Cyber Security
Addressing Human Behavior in Cyber Security Image: Sileo.com Michael Orosz, Ph.D. USC Information Sciences Institute This discussion is proudly sponsored through a partnership between AFCEA, IEEE Computer
More informationU.S. Defense Priorities OSD PA&E
1 U.S. Defense Priorities Deter potential adversaries and defend America and American interests Counter asymmetric threats including terrorism, cyber attacks and ballistic and cruise missiles Fight and
More informationCyber Security Threats
Cyber Security Threats What keeps us up at night? Doug Jacobson Information Assurance Center www.iac.iastate.edu Information Assurance Center Iowa State University 1 Outline Who are the players The good,
More informationWhat Risk Managers need to know about ICS Cyber Security
What Risk Managers need to know about ICS Cyber Security EIM Risk Managers Conference February 18, 2014 Joe Weiss PE, CISM, CRISC, ISA Fellow (408) 253-7934 joe.weiss@realtimeacs.com ICSs What are they
More informationAddress C-level Cybersecurity issues to enable and secure Digital transformation
Home Overview Challenges Global Resource Growth Impacting Industries Address C-level Cybersecurity issues to enable and secure Digital transformation We support cybersecurity transformations with assessments,
More informationAKAMAI SOLUTION BROCHURE CLOUD SECURITY SOLUTIONS FAST RELIABLE SECURE.
CLOUD SECURITY SOLUTIONS FAST RELIABLE SECURE. Threat > The number and size of cyberattacks are increasing rapidly Website availability and rapid performance are critical factors in determining the success
More informationModelling cyber-threats in the Airport domain: a case study from the SECONOMICS project. Alessandra Tedeschi, Deep Blue S.r.
Modelling cyber-threats in the Airport domain: a case study from the SECONOMICS project Alessandra Tedeschi, Deep Blue S.r.L, Rome, Italy Project overview SECONOMICS is a 36 months project funded in the
More informationfuture data and infrastructure
White Paper Smart Grid Security: Preparing for the Standards-Based Future without Neglecting the Needs of Today Are you prepared for future data and infrastructure security challenges? Steve Chasko Principal
More informationCisco Security Optimization Service
Cisco Security Optimization Service Proactively strengthen your network to better respond to evolving security threats and planned and unplanned events. Service Overview Optimize Your Network for Borderless
More informationdeveloping your potential Cyber Security Training
developing your potential Cyber Security Training The benefits of cyber security awareness The cost of a single cyber security incident can easily reach six-figure sums and any damage or loss to a company
More informationICS CP/PE (Cyber-to-Physical or Process Effects) case study paper German Steel Mill Cyber Attack
ICS Defense Use Case (DUC) Dec 30, 2014 Authors: Robert M. Lee Michael J. Assante Tim Conway ICS CP/PE (Cyber-to-Physical or Process Effects) case study paper German Steel Mill Cyber Attack Note: We are
More informationDefending Against Cyber Attacks with SessionLevel Network Security
Defending Against Cyber Attacks with SessionLevel Network Security May 2010 PAGE 1 PAGE 1 Executive Summary Threat actors are determinedly focused on the theft / exfiltration of protected or sensitive
More informationNATIONAL CYBERSECURITY STRATEGIES: AUSTRALIA AND CANADA
NATIONAL CYBERSECURITY STRATEGIES: AUSTRALIA AND CANADA JOÃO MANUEL ASSIS BARBAS Coronel de Artilharia. Assessor de Estudos do IDN INTRODUCTION Globalization and information and communication technologies
More informationIntroduction. Professor M. Angela Sasse Director Research Institute in Science of Cyber Security
λ» ½ ² ² ͽ»²½» ±º Ý ¾» Í»½«Î»» ½ ² ² ͽ»²½» ±º Ý ¾» Í»½«ß²²«Î» ± îðï ß²²«Î» ± îðïí λ» ½ ² ² ͽ»²½» ±º Ý ¾» Í»½«ß²²«Î» ± îðï Annual Report 2014 Introduction As Research Director of the Research Institute
More informationInternet Safety and Security: Strategies for Building an Internet Safety Wall
Internet Safety and Security: Strategies for Building an Internet Safety Wall Sylvanus A. EHIKIOYA, PhD Director, New Media & Information Security Nigerian Communications Commission Abuja, NIGERIA Internet
More informationCyber security in an organization-transcending way
Cyber security in an organization-transcending way EASEE-gas meeting March 19, 2015 Paul Bloemen ICT Security Manager Gasunie Chair Dutch Energy ISAC March 19, 2015 2 What to talk about Why is cyber security
More informationManaging cyber risk the global banking perspective
1 Managing cyber risk the global banking perspective Speech given by Andrew Gracie, Executive Director, Resolution, Bank of England British Bankers Association Cyber Conference, London 10 June 2014 2 I
More informationS. ll IN THE SENATE OF THE UNITED STATES
OLL0 TH CONGRESS ST SESSION S. ll To secure the United States against cyber attack, to improve communication and collaboration between the private sector and the Federal Government, to enhance American
More informationGuideline on Vulnerability and Patch Management
CMSGu2014-03 Mauritian Computer Emergency Response Team CERT-MU SECURITY GUIDELINE 2011-02 Enhancing Cyber Security in Mauritius Guideline on Vulnerability and Patch Management National Computer Board
More informationUNCLASSIFIED. UNCLASSIFIED Office of Secretary Of Defense Page 1 of 8 R-1 Line #50
Exhibit R-2, RDT&E Budget Item Justification: PB 2015 Office of Secretary Of Defense Date: March 2014 0400:,, Test & Evaluation, Defense-Wide / BA 3: Advanced Technology (ATD) COST ($ in Millions) Prior
More informationDefense In Depth To Fight Against The Most Persistent DDoS
Defense In Depth To Fight Against The Most Persistent DDoS All enterprises with an Internet presence should worry about Distributed Denial-of-Service (DDoS) - some more than others. It is a fact of life
More informationMobile Devices and Malicious Code Attack Prevention
Global Headquarters: 5 Speen Street Framingham, MA 01701 USA P.508.872.8200 F.508.935.4015 www.idc.com WHITE PAPER Malicious Code and Mobile Devices: Best Practices for Securing Mobile Environments Sponsored
More informationThe EU s approach to Cyber Security and Defence
Workshop "Cyberwar & Cyberpeace Berlin, 23 Oct 15 Wolfgang Röhrig EDA Programme Manager Cyber Defence Woilfgang.Roehrig@eda.europa.eu +32 (0)2 504 2966 Political & Strategic Framework Dual-Use Specific
More informationMaking Sound Cyber Security Decisions Through a Quantitative Metrics Approach
Making Sound Cyber Security Decisions Through a Quantitative Metrics Approach April 25, 2011 Bill Sanders Joint work with Elizabeth LeMay, Ken Keefe, and Carol Muehrcke University of Illinois at Urbana-Champaign
More information