Protecting critical infrastructure from Cyber-attack

Similar documents
Practical Steps To Securing Process Control Networks

Defending Against Data Beaches: Internal Controls for Cybersecurity

Critical Controls for Cyber Security.

SANS Top 20 Critical Controls for Effective Cyber Defense

BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports

Protecting Organizations from Cyber Attack

Incident Response. Six Best Practices for Managing Cyber Breaches.

External Supplier Control Requirements

Looking at the SANS 20 Critical Security Controls

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.

Integrating MSS, SEP and NGFW to catch targeted APTs

An Overview of Information Security Frameworks. Presented to TIF September 25, 2013

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES.

Threat Intelligence: The More You Know the Less Damage They Can Do. Charles Kolodgy Research VP, Security Products

Protecting Your Organisation from Targeted Cyber Intrusion

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

Advanced Threats: The New World Order

The Protection Mission a constant endeavor

Introduction. Jason Lawrence, MSISA, CISSP, CISA Manager, EY Advanced Security Center Atlanta, Georgia

Intelligence Driven Security

Security and Privacy

Cybersecurity and internal audit. August 15, 2014

IBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer

How To Manage Security On A Networked Computer System

Combating a new generation of cybercriminal with in-depth security monitoring. 1 st Advanced Data Analysis Security Operation Center

Bellevue University Cybersecurity Programs & Courses

NSA/DHS Centers of Academic Excellence for Information Assurance/Cyber Defense

Combating a new generation of cybercriminal with in-depth security monitoring

Website Security. End-to-End Application Security from the Cloud. Cloud-Based, Big Data Security Approach. Datasheet: What You Get. Why Incapsula?

Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness

Cyber Security Metrics Dashboards & Analytics

Into the cybersecurity breach

Critical Security Controls

The webinar will begin shortly

High End Information Security Services

Cybersecurity The role of Internal Audit

WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales

Advanced Threat Protection with Dell SecureWorks Security Services

SHARE THIS WHITEPAPER. Top Selection Criteria for an Anti-DDoS Solution Whitepaper

Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform

Attachment A. Identification of Risks/Cybersecurity Governance

Caretower s SIEM Managed Security Services

Italy. EY s Global Information Security Survey 2013

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst

ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES

Rethinking Information Security for Advanced Threats. CEB Information Risk Leadership Council

Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015

Patch and Vulnerability Management Program

WHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY?

KEY STEPS FOLLOWING A DATA BREACH

MEMORANDUM. Date: October 28, Federally Regulated Financial Institutions. Subject: Cyber Security Self-Assessment Guidance

JUNIPER NETWORKS SPOTLIGHT SECURE THREAT INTELLIGENCE PLATFORM

Enterprise Security Tactical Plan

EC-Council. Certified Ethical Hacker. Program Brochure

CALNET 3 Category 7 Network Based Management Security. Table of Contents

THE TOP 4 CONTROLS.

Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits)

The Future Is SECURITY THAT MAKES A DIFFERENCE. Overview of the 20 Critical Controls. Dr. Eric Cole

Anatomy of Cyber Threats, Vulnerabilities, and Attacks

Intel Security Certified Product Specialist Security Information Event Management (SIEM)

Security Information Management (SIM)

The Next Generation of Security Leaders

Using SIEM for Real- Time Threat Detection

Unified Security Management and Open Threat Exchange

White Paper: Consensus Audit Guidelines and Symantec RAS

Symantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team

Penetration Testing Services. Demonstrate Real-World Risk

The FBI Cyber Program. Bauer Advising Symposium //UNCLASSIFIED

Protect the data that drives our customers business. Data Security. Imperva s mission is simple:

A COMPLETE APPROACH TO SECURITY

Firewall and UTM Solutions Guide

Next Generation Security Strategies. Marc Sarrias Regional Sales Manager

IBM Security Intelligence Strategy

End-to-End Application Security from the Cloud


Professional Services Overview

The Importance of Cybersecurity Monitoring for Utilities

Report on Cyber Security Alerts Processed by CERT-RO in 2014

By: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015

ForeScout CounterACT CONTINUOUS DIAGNOSTICS & MITIGATION (CDM)

North Dakota 2013 IT Security Audit Vulnerability Assessment & Penetration Test Project Briefing

EMERGING THREATS & STRATEGIES FOR DEFENSE. Stephen Coty Chief Security

Modelling cyber-threats in the Airport domain: a case study from the SECONOMICS project. Alessandra Tedeschi, Deep Blue S.r.

North American Electric Reliability Corporation (NERC) Cyber Security Standard

Business Case Outsourcing Information Security: The Benefits of a Managed Security Service

Agenda , Palo Alto Networks. Confidential and Proprietary.

Assessing the Effectiveness of a Cybersecurity Program

MassMutual Cyber Security. University of Massachusetts Internship Opportunities Within Enterprise Information Risk Management

IBM QRadar Security Intelligence April 2013

The Role of Security Monitoring & SIEM in Risk Management

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist,

Transcription:

Protecting critical infrastructure from Cyber-attack ACI-NA BIT Workshop, Session 6 (Cybersecurity) Long Beach, California October 4, 2015 Ben Trethowan Aviation Systems & Security Architect

The scale of the threat Nuisance Threats Unskilled attackers, scanners & crawlers, SPAM, worms / viruses, and basic malware. Cyber Crime Threats Opportunistic, broad-based, motivated by financial gain. Hacktivism Threats Organised attacks associated with a group of individuals with political, ethical, religious, or retaliatory motives. Nation State Threats State-sponsored campaigns, exfiltration of IP or R&D, etc., seeking competitive, economic, or state security advantage. Insider Threats Legitimate internal user with hidden malicious intentions. Advanced Persistent Threats Targeted, organised and funded attacks associated with powerful entities. 2

The possible impacts of Cyber-attack Advanced Persistent Threat (APT) Campaign Targeting Airports Center for Internet Security 2013 Annual Report (2013) Malicious traffic from two nation states, result of a phishing e-mail, public document used as e-mail address source, 75 airports impacted. Istanbul Ataturk International Airport targeted by a cyber attack Security Affairs, Hurriyet Daily News, The Hacker News, etc. (2013) Passport control system affected, potential result of malware, potential links to semi-trusted network (Polnet), departures delayed significantly (hours). Hackers Divert Sony Exec s Plane, Launch DoS Attack on PSN Forbes, Billboard, ExtremeTech, etc. (2014) Battle.net and PSN taken offline, result of DDoS attack, group tweeted explosives on board plane of SOE President John Smedley; flight diverted. 3

The possible impacts of Cyber-attack Attack On LOT Polish Airline Grounds 10 Flights Forbes, Reuters, Business Insider, etc. (2015) Ground operation systems affected, related to flight planning, suspected DDoS attack vector, 10 flights / ~1,500 passengers impacted, unavailable for ~5 hours. Mass hack sees British Airways freeze thousands of accounts RT, BBC, International Business Times, etc. (2015) Frequent flyer accounts targeted, result of an automated process using thirdparty information obtained elsewhere, tens of thousands of accounts affected. Islamic State message on hacked Hobart Airport website The Sydney Morning Herald, Antara News, The Australian, etc. (2015) Website defaced with statement supporting radical group Islamic State, nondiscriminate affecting multiple websites, airport s website shut down to resolve. 4

Foundational security elements Inventory of Devices Inventory of Software Secure Configurations for Hardware / Software Continuous Vulnerability Assessment & Remediation Malware Defenses Application Software Security Wireless Access Control Data Recovery Capability Security Skills Assessment & Training Secure Configurations for Network Devices Limitation and Control of Network Ports, Protocols, etc. Controlled Use of Administrative Privileges Boundary Defense Maintenance, Monitoring & Analysis of Audit Logs Controlled Access Based on Need to Know Account Monitoring & Control Data Protection Incident Response & Management Secure Network Engineering Penetration Tests & Red Team Exercises 5

Foundational security elements but it s not connected to the Internet. but it s got a Firewall. but users are screened / vetted / hold a security clearance. but it s located in a secure area. but it s only connected to trusted networks. 6

Foundational security elements Case Study: A (very) bad network security architecture. 7

Specialist advice and expertise Governance Structure, roles / responsibilities, statutory requirements, culture, policy, procedures, audit / review. Monitoring Detection, service, reporting, incident response, forensic considerations, SIEM, IDS / IPS. Liaison Specialist forums, professional associations, industry groups, CERTs, law enforcement. Network Security Management Boundary protection, capability depth, authentication techniques, logical segregation, external access. Cryptography Key management, PKI, selection of primitives, key lengths, key ownership, protocol combinations. Technical Vulnerability Management Vulnerability assessment, penetration testing, independence, legal issues, scope, remediation. 8

Intelligence sharing and collaboration National National security agency, CERTs, law enforcement authorities. Industry Group Regulator, domain-specific, security specialist involvement. Specialist Forum / Professional Association Technology-specific, user groups, special interest groups. Enterprise Cross business-area, multiple assets, multiple support teams. Web portal Multi-factor authentication Securely partitioned Community based Enforcement of classifications / protective markings Ad-hoc special interest group / thread creation, etc. 9

Protecting against advanced threats Effective Methodology Proven analysis process, rapid response, priority driven, proactive (not reactive), collaboration. Analyst Tools Knowledge management, advanced visibility, cross-domain correlation, workflow enhancement. Advanced Analytics Intelligence gathering, identifying campaigns, understanding adversaries, continuous refinement. Threat & Information Sharing Collaborative, intuitive, securely partitioned, actionable, case / campaign / advisory distribution. Improved Awareness Campaign strategy, effectiveness testing, interactive games, spotlight videos, webinars, podcasts. Advanced APT Sensors Complex near real-time detection, non signature-based, context aware, depth of analysis. 10

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information