In the Dark report, 2011

Transcription

1 In the Dark report, 2011 CIP Webinar Pamela Warren, CISSP, CIPP Director of CIP Initiatives, McAfee

2 Critical Infrastructure Studies 2

3 In The Crossfire (2010) 54% experienced large scale DDOS Nearly a third (29%) suffer large scale DDOS attacks multiple times each month, and nearly two thirds impact operations 60% experienced theft-of-service cyber attacks Extortion 1 in 5 infrastructure entities are victims of extortion 3

4 In the Dark (2011): Critical Sector targeting Extortion is widespread 1 in 4 infrastructure entities are victims of extortion Extortion was pervasive in some countries, with 80% of respondents in Mexico and 60% in India report cyber extortion attempts Hundreds of millions of dollars have been extorted, and maybe more. This kind of extortion is the biggest untold story of the cybercrime industry. - Allan Paller, Director of the SANS Institute 4

5 Threats & Vulnerabilities Accelerating In 2010, 80% faced a large-scale denial of service attack, and 85% had experienced a network infiltration 42% 46% % 26% 10% 13% 26% 20% 0 Daily or weekly Every month Few a year No ocurrences

6 Level of vulnerability attacks in the last 12 months on critical infrastructure % 26% 36% Increased Decreased Remained the same 37% have experienced an increase Energy sector is most vulnerable with a 41% increase in the number of attacks 2 Don't know Total Energy Oil/Gas Water/Sewage 6

7 Stuxnet Instances ~40% have found Stuxnet in their environment 57% launched special security audits or other measures in response to the widespread publicity concerning Stuxnet 7

8 Smart Grid 4 of 5 CIP industry executives said their company intended to implement some form of smart grid controls, such as time-sensitive rates, service cutoffs, and service reductions 56% of the executives whose companies are planning new smart grid systems also plan to connect to the consumer over the Internet Most realized that the new systems will add challenging security vulnerabilities, but only 2/3 plan to adopt special security measures for the systems 8

9 Unprepared to respond to threats? DDoS Stealthy infiltration Malware 37% 35% 25% US, the UK and Australia consistently ranked their sectors the highest for preparedness 9

10 Regional Review

11 Regional Attacks: Stealthy Network Infiltration By high level adversary like organised crime or nation state Fewer attacks compared to 2009 India had highest occurrence with 40% experiencing these several times a week. 30% Australians experience stealthy infiltration every month Lower percentage experiencing multiple occurrences every day relative to 2009 The majority in APAC now experience these attacks less than once a month. 11

12 Regional Attacks: Large-scale DDoS 30% in India had multiple occurrences of large scale DDoS attacks every day, increasing by 3% over previous year 50% in Australia had experienced large scale DDoS attacks, increasing by 3% In all other APAC countries, more had experienced large-scale DDoS attacks than

13 Stuxnet: significant impact on the industry in APAC Almost three quarters of APAC respondents said they had launched special security audits or other measures in response to the widespread publicity concerning the Stuxnet exploit. All respondents in India said they had encountered the Stuxnet exploit in their systems while working at their energy companies. Over 50% in the rest of APAC said they had not encountered Stuxnet in their systems.

14 Attacker Profile: Who s Attacking Majority of respondents believe foreign governments 100% in India 60% in Australia 40% Australians view Russia as major concern In 2009, APAC countries felt the United States was a major concern. In 2010, this view had dropped significantly, with none of the respondents in India, China and Australia citing the United States as a concern. 14

15 Regional Preparedness: DDoS China were the most confident in their preparedness for facing large scale DDoS attacks at 90% India - 60% unprepared Australia - 80% unprepared 15

16 Regional Preparedness: Sabotage Malware Majority in APAC feel confident in preventing or protecting In Australia, China and India, half of respondents extremely prepared to manage these kinds of attacks. In Japan, 83% 16

17 Smart Grid controls in APAC region China leading the charge in adopting security for smart grid controls 75% of Indian and Australian respondents have or plan to implement some smart grid controls 17

18 Government interaction Sharing information on attacks with government and industry partners increased in all countries in the region except Australia, where it has decreased by 50% Australia was only country in APAC where none shared information Sharing information with government on cyber security or network defence matters Australia: Majority, ~80%, share this information 89% in China share this information Overall, only 25% of critical Infrastructure companies interact with the government Government security audits Majority in APAC, except Australia, had experienced <30% in Australia had government audits 70% in China 18

19 Impact of Government Involvement Countries with high public-private interaction feel they are better prepared for cyberattacks, notably Japan and China Countries such as Brazil, Mexico and India have experienced a loss of confidence in their government s capabilities to deter attacks 19

20 Preparedness: Deterring Attacks Authority s capabilities to prevent or deter actual or potential attack Australia and India believe their authorities are not very capable 56% in Japan believe their authorities are capable or completely capable Laws for deterring these attacks 70% believe laws inadequate in deterring 20

21 Preparedness: Level of Vulnerability Most of APAC believe their level of vulnerability against cyber attacks has decreased 90% in Australia believe it has increased in the last 12 months In India, 60% believe it has decreased In Japan, 67% believe it has remained the same. 21

22 Looking Ahead: Likelihood of Attack In Australia and China, 60-70% believed they would experience major cyber security incident affecting critical infrastructure in their country within 2 years In Japan, the same number of respondents thought it would occur in the next 5 years 22

23 Summary Threats and vulnerabilities accelerating Sabotage and espionage are both of concern Stuxnet may not have been enough of a wake-up call Security technologies exist today to prevent these attacks Smart grid is coming; security for it may lag Prepare for attack for sabotage as well as network infiltration, possibly for data theft Monitor for anomalies in data movement as well as potential threats to your network Whether or not you feel laws or the government will help, we are all responsible for the security of our networks and data A new paradigm for protection is needed

24 Protecting Critical Infrastructure TAKING CONTROL

25 Compensating Controls to reduce risk Know location of and protect your most sensitive data Prevent unauthorized applications and unauthorized changes in your network Block the use of malware for sabotage or data exfiltration at the gateways Prevent and alert on creation of suspicious files and folder structures Work with your control system vendors to ensure appropriate controls in these environments Leverage audits to identify your gaps Understand your vulnerabilities on an ongoing basis - not just 1-2x/year

26

27 WindRiver A phased rollout delivered in 2011 AWL to prevent unauthorised applications from running against the commercial OS, epo agent on WindRiver OS - insight into greylisting (reputation-based GTI insights) and AWL for Linux Wind River McAfee-provided NAC functionality additional integration with other Wind River OS and embedded virtualization technologies. Achilles program certification conformance requirements for control systems

28 Silicon-Enabled Security Software and Services Protection, Management and Activation At All Layers SECURITY SERVICES APPLICATIONS MIDDLEWARE SERVICES APPLICATIONS MIDDLEWARE PLATFORM PLATFORM SECURITY SILICON SILICON

29 Thank You!

30