A Cyber Security Integrator s perspective and approach Presentation to Saudi Arabian Monetary Agency March 2014
What is a Cyber Integrator? Security system requirements - Finance Building a specific response Benefit from wider system collaboration
What is a Cyber Integrator? Security system requirements - Finance Building a specific response Benefit from wider system collaboration
Threats, vulnerabilities and underlying information technology are changing at a ferocious pace; so must all the countermeasures Hardening Viruses Trojans Botnets Phishing Waterhole Man in the email Intrusion detection Policy Certification Malware analysis Training Anomaly detection And in complex environments, no single product or service specialist can keep up
A Cyber Integrator is typically a systems integrator and manufacturer with a broad perspective of security requirements Defence (National & NATO) Banking & Insurance National Security Agencies Healthcare Governments & institutions Transport & Utilities Law Enforcement Prime Contractors Telecommunications Large Enterprises
A practiced Cyber Integrator seeks to diagnose before prescribing Level of threat X Level of vulnerability = Extent of security measures required Understand factors, methods and history Understand technical vulnerabilities and weaknesses in security governance and user habits Driven by nature and extent of measures required to achieve desired security In some cases, an annual check up Is sufficient. In others, constant monitoring is recommended!
A Cyber Integrator takes a systems engineering approach SOLUTIONS ARE BUILT ON: Customer desired business objectives Customers direct threats and vulnerabilities Customers indirect risks and challenges Engineered solutions and services
Clients suffering data loss, theft and cyber attack with serious to existential consequences Compromising Ability to Perform Intellectual Property Theft Threatening Reputation Loss of Financial Control Affecting Compliance Status Ability to Recover Threat to Human Safety
This is the big picture From the 2013 Data Breach Report With the kind permission of Verizon
Selex ES: What is a Cyber Integrator? Security system requirements - Finance Building a specific response Benefit from wider system collaboration
The Banks and other Financial Institutions in Saudi Arabia are beset by the same global issues Customer Tactics Techniques Procedures Weapons Cash machine Phone Contact with Central bank Online Branch Relentless Spam Socially engineered Botnet Attack Phishing Waterhole Spam Reconnoitre Penetrate Sleep Propagate Control Transmit Virus Trojan Worm Rootkit Logger Dialler VANDALS Break PROTEST Destroy THIEVES Steal SPIES Front office Operations Insider Attack Insider Transform Toolkits Cheat NATIONS Executive IT and Administration Back office Operations Internal Contractors Impair Bought-in Services Trusted Partners
And the evidence suggests that the finance sector attracts the very best talent of the wrong sort Banking Fraud Face to face Online payment Man in the email (China, Nigeria and South Africa) Account takeover Automated clearing Global fraud losses linked to ACH and wire fraud for banking institutions $455 million 2012 2013 projection - $523 million 2016 projection - $795 million Corporate finance Mobile banking and financial transaction threats
And the sector shares common vulnerabilities POORLY INSTALLED https:// FIREWALLS USING DEFAULT PASSWORDS POORLY PROTECTED CUSTOMER DATA AT REST INSUFFICIENT ENCRYPTION https:// OF DATA IN TRANSIT POORLY MAINTAINED ANTI-VIRUS AND IPS/DLP SYSTEMS POORLY MAINTAINED APPLICATIONS AND SYSTEMS LOOSE NEED TO KNOW POLICY LOOSE UNDERSTANDING OF NETWORK ACTIVITY IRRATIONALLY APPLIED ORGANISATION SECURITY POLICY
And from this we start to build up a master set of environment challenges People Level of Damage Tolerance of Damage Tools Processes Systems Drivers Techniques Culture Technology Procedures Organisation Vulnerabilities Threats And then we start to build the appropriate responses
A Cyber Integrator draws on a coherent set of services designed to address threats and resolve vulnerabilities CYBER DOCTRINE Respond CYBER SERVICES Contain Detect Eradicate Prevent Resist Recover Assess Assure Protect Defend Learn Assessment Guidance Remediation Vulnerability Projects Maturity Policy Certification Training System hardening System provision Managed Services Enterprise protective monitoring Managed Services Incident response forensics COMPETITIVE ADVANTAGE. INFORMATION SUPERIORITY.
Taking an Integrators approach, we then develop the Advisory, Skills transfer, Change and enduring Services solution to meet the need. Level of threat X Level of vulnerability = Extent of security measures required Understand factors, methods and history Understand technical vulnerabilities and weaknesses in security governance and user habits Driven by nature and extent of measures required to achieve desired security But two characteristics of the banking and finance sector are a high rate of change and high degree of sophistication in attack methodology So, agility and flexibility in response are fundamentally important.
How does a cyber services integrator achieve agility and flexibility? We remain immersed in your environment: Policy and legislation background Essential industry architecture Key industry governance processes Key financial functions and processes Key systems
How does a cyber services integrator achieve agility and flexibility? We maintain sector specific technical expertise, backed by our own wider technical expertise and context Understand and model predominant attack/exploit methods Develop and maintain a library and understanding of characteristic system vulnerabilities Characterise key domain processes that are subject to attack Anticipate next generation exploits Which enables us to provide a coherent set of appropriate services to the companies operating within the sector
What would the outcome look like? Monitoring and real time analysis of anomalies plus development of intelligence data Detect Deter Hardening of key systems Response to incidents: containment, eradication and recovery Respond Through life security Assure Achievement and maintenance of security compliance Development and maintenance of situation awareness, dynamic risk analysis and feed back for training and process improvement Learn Assess Regular vulnerability assessment Your Cyber Security Capability
Enterprise CIRT An Enterprise CIRT or equivalent managed service provides the right focus Detect Resist Defend Deter Protect Assess Respond - Contain - Eradicate - Recover - Learn Assure Core Systems Users Organisation Copyright Selex ES S.p.A 2014 2013 All rights reserved
Selex ES: What is a Cyber Integrator? Security system requirements - Finance Building a specific response Benefit from wider system collaboration
The key characteristic of response is collaboration Copyright Selex ES ES S.p.A S.p.A 2014 2013 All rights All rights reserved reserved
The key characteristic of response is collaboration EU CYBER STRATEGY RESTS ON COLLABORATION Joint research centre vulnerabilities etc Pan European exercises Sector and National CSIRTs Europol and Interpol: cooperation for Cyber Copyright Selex ES ES S.p.A S.p.A 2014 2013 All rights All rights reserved reserved
The key characteristic of response is collaboration NATO: LISBON DECLARATION To optimise information sharing, collaboration and interoperability Copyright Selex ES ES S.p.A S.p.A 2014 2013 All rights All rights reserved reserved
The key characteristic of response is collaboration US INITIATIVES: Comprehensive National Cyber security Initiative Shared Situational Awareness Connecting Cyber Operations Centres Federal, State, Local and Private Sector Supply chain initiative Education and R&D initiative FUNDING! The concept of sector and national nodes and hubs for reporting, correlating data and sharing intelligence is gaining momentum Copyright Selex ES ES S.p.A S.p.A 2014 2013 All rights All rights reserved reserved
So within the Saudi Banking and Finance Sector, a federated and trustworthy Sector CIRT would encourage collaboration Vulnerabilities Threats Impact Breach and incident data Enterprise CIRT Plans Sector CIRT Secure and trusted information sharing Procedures Lessons learned Technical indicators of compromise Suggested remediation actions Vulnerabilities Threats Impact Breach and incident data Enterprise CIRT Copyright Selex ES S.p.A 2014 2013 All rights reserved
The national effect: shared situational awareness of network vulnerabilities, threats, and events Medical Telecoms Power generation Are you seeing what we are seeing? Oil & Gas Aviation Banking
An integrator can work at scale NATO NCIRC FOC - public domain information 50 Sites 28 Nations 70,000 users Selex-ES leads a British-led Consortium to deliver NCIRC s Full Operating Capability Full Operating Capability 2011 2012 2013 2014 2015
Thank you for listening Presentation to Saudi Arabian Monetary Agency March 2014