Cyber security. Ideal logo position here



Similar documents
Security Issues with Integrated Smart Buildings

Bellevue University Cybersecurity Programs & Courses

Master of Science in Information Systems & Security Management. Courses Descriptions

Intelligent. Buildings: Understanding and managing the security risks

Cybersecurity. Are you prepared?

G-Cloud Definition of Services Security Penetration Testing

7 Homeland. ty Grant Program HOMELAND SECURITY GRANT PROGRAM. Fiscal Year 2008

The Internet of Things Risks and Challenges

for Critical Infrastructure Protection Supervisory Control and Data Acquisition SCADA SECURITY ADVICE FOR CEOs

Cisco Advanced Services for Network Security

Data Access Request Service

93% of large organisations and 76% of small businesses

Wireless (In)Security Trends in the Enterprise

Addressing Cyber Risk Building robust cyber governance

3. Are employees set as Administrator level on their workstations? a. Yes, if it is necessary for their work. b. Yes. c. No.

2012 Endpoint Security Best Practices Survey

Information Security Assessment and Testing Services RFQ # Questions and Answers September 8, 2014

Defending Against Data Beaches: Internal Controls for Cybersecurity

BCS IT User Syllabus IT Security for Users Level 2. Version 1.0

Network/Cyber Security

The Protection Mission a constant endeavor

Best Practices for DanPac Express Cyber Security

DPS APPROVED INSTALLER

Penetration Testing //Vulnerability Assessment //Remedy

Unit 3 Cyber security

A COMPLETE APPROACH TO SECURITY

SOMEBODY'S WATCHING YOU! Maritime Cyber Security White Paper. Safeguarding data through increased awareness

A HELPING HAND TO PROTECT YOUR REPUTATION

Enterprise Computing Solutions

Effective Software Security Management

FORBIDDEN - Ethical Hacking Workshop Duration

Safety by trust: British model of cyber security. David Wallace, First Secretary, Head of of the Policy Delivery Group British Embassy in Warsaw

Critical Infrastructure & Supervisory Control and Data Acquisition (SCADA) CYBER PROTECTION

Computer Crime & Security Survey

SECURITY POLICY REMOTE WORKING

C ETS C/ETS: CYBER INTELLIGENCE + ENTERPRISE SOLUTIONS CSCSS / ENTERPRISE TECHNOLOGY + SECURITY

Goals. Understanding security testing

1 Purpose Scope Roles and Responsibilities Physical & Environmental Security Access Control to the Network...

Resilience and Cyber Essentials

PCI DSS Overview and Solutions. Anwar McEntee

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility

We are Passionate about Total Security Management Architecture & Infrastructure Optimisation Review

ESKISP Conduct security testing, under supervision

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

Cyber Essentials Scheme

EEI Business Continuity. Threat Scenario Project (TSP) April 4, EEI Threat Scenario Project

Utica College. Information Security Plan

Securing the Service Desk in the Cloud

Cyber Security Response to Physical Security Breaches

WHITE PAPER. The Need for Wireless Intrusion Prevention in Retail Networks

FedVTE Training Catalog SUMMER advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov

Cyber Security for SCADA/ICS Networks

Cisco Security Optimization Service

Network Security Administrator

FedVTE Training Catalog SPRING advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov

Introduction to Cyber Security / Information Security

EU Threat Landscape Threat Analysis in Research ENISA Workshop Brussels 24th February 2015

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Network Security Forensics

Cyber R &D Research Roundtable

Building Secure Networks for the Industrial World

MANAGE THIRD PARTY RISKS

Guideline on Safe BYOD Management

Unified Cyber Security Monitoring and Management Framework By Vijay Bharti Happiest Minds, Security Services Practice

CYBER SECURITY TRAINING SAFE AND SECURE

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

Securing Internet Facing. Applications. Technical White Paper. configuration drift, in which IT members open up ports or make small, supposedly

AUDITOR GENERAL S REPORT. Protection of Critical Infrastructure Control Systems. Report 5 August 2005

Practitioner Certificate in Information Assurance Architecture (PCiIAA)

Penetration Testing Service. By Comsec Information Security Consulting

MEDICAL DEVICE Cybersecurity.

Unisys Security Insights: Germany A Consumer Viewpoint

Securing Smart City Platforms IoT, M2M, Cloud and Big Data

TUSKEGEE CYBER SECURITY PATH FORWARD

A practical guide to IT security

Top tips for improved network security

ICT budget and staffing trends in the UK

Research Topics in the National Cyber Security Research Agenda

BAE Systems PCI Essentail. PCI Requirements Coverage Summary Table

Supplier Security Assessment Questionnaire

It Won t Happen To Me! A Network and PCI Security Webinar Presented By FMS and VendorSafe

OCR LEVEL 3 CAMBRIDGE TECHNICAL

Transcription:

Cyber security Ideal logo position here

Cyber security Cundall IT and audio visual Setting the scene UK construction industry Computer networks Ethical hacker Case studies Summary Final thoughts

IT and audio visual - services Lifecycle, consultancy led Strategy and business case support Concept and detailed design Procurement and implementation Key areas Revenue generation / cost reduction Audio Visual and collaborative technology IP data networks (Wired/Wireless/Mobile) Main projects (large IT / audio visual influence) Offices and data centres Schools, colleges, universities Hotels, sports venues

Cundall sectors Critical Systems Education Government Healthcare Industrial Lifestyle Masterplanning and infrastructure Residential Retail Workplace

Sample projects Workplace Education Residential Deloitte London Campus ENI Saipem Antofagasta Sussex Coast College Sevenoaks School Lycee Francais School One Hyde Park Smart Home Porto Dubai Critical Systems Lifestyle Healthcare Confidential clients Cobalt Data Centre Kingfisher Twickenham Stadium Lingfield Racecourse Dubawi Island Northern Island Telephony Hospices The London Clinic Sussex Coast College, Hastings and Ore, United Kingdom New Street Square (Deloitte HQ) London, United Kingdom Lingfield Park redevelopment Surrey, United Kingdom Porto Dubai Island Dubai, United Arab Emirates

Cyber security

Setting the scene

Setting the scene

Setting the scene National Cyber Security Programme Investment (2011-2015) 2% Department for Business, Innovation and Skills, working with the private sector and improving resilience 2% 10% 10% Home Office, tackling cyber crime 10% 14% 5% 59% Single Intelligence Account, building cross cutting capabalities, including Information Assurance 59% Cabinet Office, co ordinating and maintaining a view of operational threat 5% Ministry of Defence mainstreaming cyber in defence 14% Government ICT, building secure online services 10%

Setting the scene CESG Communications Electronics Security Group: UK Government's National Technical Authority for Information Assurance (IA).

Setting the scene Cyber Security: http://www.cpni.gov.uk/advice/cyber/ Protection of business systems Applications IP networking (computer networks) Operating systems SCADA or similar building control networks (i.e. BMS) Telecommunications

UK construction industry What is the construction industry doing about cyber security

UK construction industry Most don t know they have a problem: If they do, few understand it What is the problem: Computer systems and networks increasingly control buildings/estates/cities Compromise the networks, compromise the buildings Solution?: no networks Answer: NO! No benefit to clients

UK construction industry Benefit verses risk. Understand risk understand technology and how it can be abused Construction industry is a slow moving industry Best practice? Often what was done last time (and before ) Technology adoption 5-10 years - Inertia is problem Designs often obsolete when constructed Supply chain not up to the job (IT companies moving in) What the industry needs is a very public security breach of a building to raise profile (not advertised ).

UK construction industry Examples of compromising a building : Take control (or just turn off) security and building management systems: De-activate cameras, delete CCTV footage (theft) Change access control permissions (theft) Lighting control (nuisance, cost) BMS (change, parameters, alarm handling) Nuisance? Mission critical lead to downtime Remote power management turn devices or even building off (downtime, death?)

Computer networks Need to understand technology and design building computer networks and systems that deliver benefits to clients but mitigate against security risks. Networks are multi-layer, from applications to bits & bytes

Computer networks

Computer networks A few simple steps to improving security: Think holistically Have a policy Educate Staff Control who has access Manage passwords Patch and update systems Deploy firewalls and intrusion detection Leave programmable systems in run mode not programme mode

Ethical hacker You have designed secure networks/systems for buildings, how do you commission and prove the configurations are correct? Penetration testing

Case study - bank BMS and lighting network Financial trading environment Global IT standards Network design reviewed by client IT Part of network traverses Corporate network

Case study large campus Multi million lifecycle network All services run over multiple virtual networks Architecture allows for multiple 3rd parties to operate securely External and internal threats considered Users and devices authenticated Technology such as Intrusion detection, filtering, cryptography designed in Architecture appropriate for a large campus, hospital, airport

Summary Cyber security Design development benefit v risk Multi-layer problem, multi-layer approach required Different mind-set for commissioning Don t forget people and policy!

Some final thoughts Question Is a computer network more or less secure if it has wireless?

Some final thoughts Answer Depends you can use wireless access points to detect rogue wireless access points (You need to consider the risk that someone has attached an unauthorised wireless device to the network and is broadcasting information outside of the building or locally to a receiving device. You also get the benefit of having wireless!)

Some final thoughts Question Is the following good practice? Set the BMS password at the head-end to 0, it will be easy to remember then

Some final thoughts Answer No!

Some final thoughts Question Is this following a sufficient performance specification for a network: Provide a network for corporate, security and BMS use. Deliver 1 gigabit to the desk performance.

Some final thoughts Answer No! Has not addressed any of the multi-layer design issues

Some final thoughts Question Is the following good practice? Have separate physical data networks for corporate, security, BMS and other services?

Some final thoughts Answer it depends Risk assessment Ownership and maintenance Every client will have different requirements

Some final thoughts Question Is the following good practice? we have a separate network, it is not connected to the internet or other networks, we don t need IT security

Some final thoughts Answer No If you ask them do they use laptops during maintenance and fault finding, the answer is likely to be yes. Therefore, network is vulnerable. Stuxnet Trojan that attacked (re-programmed) Siemens PLCs N.B. Traverses networks not connected to the Internet/other networks

THROUGH INNOVATION WE CREATE CHANGE IN THE WORLD http://www.cundall.com/services/it-and-audio-visual.aspx

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information