Cyber Security. Chris Hankin, Imperial College London November 2014

Similar documents
Comparing Decision Support Approaches for Cyber Security Investment

Game Theory Meets Information Security Management

Cybersecurity Games and Investments: A Decision Support Approach

Individual security and network design

U.S. Army Research, Development and Engineering Command. Cyber Security CRA Overview

Intrusion Detection: Game Theory, Stochastic Processes and Data Mining

ESKISP Conduct security testing, under supervision

UK s new Research Institute investigates the science of cybersecurity

CHECKLIST: ONLINE SECURITY STRATEGY KEY CONSIDERATIONS MELBOURNE IT ENTERPRISE SERVICES

SCADA Security Training

Career proposition for software developers and web operations engineers

Cyber Security Metrics Dashboards & Analytics

A NEW APPROACH TO CYBER SECURITY

National Security & Homeland Security Councils Review of National Cyber Security Policy. Submission of the Business Software Alliance March 19, 2009

Protecting Your Organisation from Targeted Cyber Intrusion

Enterprise Cybersecurity: Building an Effective Defense

The Four-Step Guide to Understanding Cyber Risk

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

assessments, for example, form part of the standard process of adoption. Introduction

Committees Date: Subject: Public Report of: For Information Summary

Emerging SCADA and Security Solutions Presented by; Michael F. Graves, P.E. Chris Murphy, CISSP

Cyber security and critical national infrastructure

Cybersecurity Landscape for the Utility Industry and Considerations for State Regulators

NCCIC CYBER INCIDENT SCORING SYSTEM OVERVIEW

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.

Update On Smart Grid Cyber Security

Defending Against Data Beaches: Internal Controls for Cybersecurity

Master of Science in Cyber Security and Management

CLOSING THE DOOR TO CYBER ATTACKS HOW ENTERPRISES CAN IMPLEMENT COMPREHENSIVE INFORMATION SECURITY

SECURITY RISK MANAGEMENT

Enterprise Cybersecurity: Building an Effective Defense

How To Protect Your Network From Attack From A Network Security Threat

Information Security in Business: Issues and Solutions

ESKISP Assist security testing, under supervision

Addressing Cyber Risk Building robust cyber governance

Cyber Security. Protecting the UK water industry

Seminar on Unfair Competition Enforcement in the United States and Supply Chain Cybersecurity Issues. Palace Hotel Saigon, HCMC, November 19 th 2014

Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits)

Course 4202: Fraud Awareness and Cyber Security Workshop (3 days)

Network Cyber Security. Presented by: Motty Anavi RFL Electronics

MassMutual Cyber Security. University of Massachusetts Internship Opportunities Within Enterprise Information Risk Management

TUSKEGEE CYBER SECURITY PATH FORWARD

The International MBA in Corporate Security Management (IMBASM) Distance Learning

idata Improving Defences Against Targeted Attack

Key Cyber Risks at the ERP Level

Smart grid security analysis

Security Architecture: From Start to Sustainment. Tim Owen, Chief Engineer SMS DGI Cyber Security Conference June 2013

Endpoint Based Policy Management: The Road Ahead

Executive Summary. Cybersecurity cannot be completely solved, and will remain a risk we must actively manage.

ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES

ISACA Kampala Chapter Feb Bernard Wanyama Syntech Associates Limited

Bellevue University Cybersecurity Programs & Courses

Introduction to Cybersecurity Overview. October 2014

Agenda. Introduction to SCADA. Importance of SCADA security. Recommended steps

Cyberspace Situational Awarness in National Security System

FREQUENTLY ASKED QUESTIONS

The Leading Provider of Endpoint Security Solutions

PASTA Abstract. Process for Attack S imulation & Threat Assessment Abstract. VerSprite, LLC Copyright 2013

When a student leaves this intensive 5 day class they will have hands on understanding and experience in Ethical Hacking.

Opening Up a Second Front for Cyber Security and Risk Management

WORKSHOP Rethinking Cyber Security for Industrial Control Systems

Government of Canada Cyber Security Event Management Plan (formerly GC IT Incident Management Plan)

PROJECT BOEING SGS. Interim Technology Performance Report 3. Company Name: The Boeing Company. Contract ID: DE-OE

National Cyber Security Strategy

Cyber Security Solutions

Malicious Mitigation Strategy Guide

AUTHORED BY: George W. Gray CTO, VP Software & Information Systems Ivenix, Inc. ADDRESSING CYBERSECURITY IN INFUSION DEVICES

National Cyber Security Policy -2013

Network Economics of Cyber Crime with Applications to Financial Service Organizations

How To Manage Risk On A Scada System

Cyber-Intelligence and Cyber-Espionage

Discussion Draft of the Preliminary Cybersecurity Framework Illustrative Examples

CyberNEXS Global Services

The Changing Threat Surface in. Embedded Computing. Riley Repko. Vice President, Global Cyber Security Strategy

EEI Business Continuity. Threat Scenario Project (TSP) April 4, EEI Threat Scenario Project

Addressing Human Behavior in Cyber Security

U.S. Defense Priorities OSD PA&E

Cyber Security Threats

What Risk Managers need to know about ICS Cyber Security

Address C-level Cybersecurity issues to enable and secure Digital transformation

AKAMAI SOLUTION BROCHURE CLOUD SECURITY SOLUTIONS FAST RELIABLE SECURE.

Modelling cyber-threats in the Airport domain: a case study from the SECONOMICS project. Alessandra Tedeschi, Deep Blue S.r.

future data and infrastructure

Cisco Security Optimization Service

developing your potential Cyber Security Training

ICS CP/PE (Cyber-to-Physical or Process Effects) case study paper German Steel Mill Cyber Attack

Defending Against Cyber Attacks with SessionLevel Network Security

NATIONAL CYBERSECURITY STRATEGIES: AUSTRALIA AND CANADA

Introduction. Professor M. Angela Sasse Director Research Institute in Science of Cyber Security

Internet Safety and Security: Strategies for Building an Internet Safety Wall

Cyber security in an organization-transcending way

Managing cyber risk the global banking perspective

S. ll IN THE SENATE OF THE UNITED STATES

Guideline on Vulnerability and Patch Management

UNCLASSIFIED. UNCLASSIFIED Office of Secretary Of Defense Page 1 of 8 R-1 Line #50

Defense In Depth To Fight Against The Most Persistent DDoS

Mobile Devices and Malicious Code Attack Prevention

The EU s approach to Cyber Security and Defence

Making Sound Cyber Security Decisions Through a Quantitative Metrics Approach

Transcription:

Cyber Security Chris Hankin, Imperial College London November 2014

Overview Introduction Science of Cyber Security Game Theoretic Models Industrial Control Systems Conclusions

Hackmageddon.com

Hackmageddon.com

Hackmageddon.com

The Changing Cyber Security Landscape Recent issues: Heartbleed and ShellShock Worms: Stuxnet Remote Access Trojans: Havex Advanced Persistent Threats

Research Institute in the Science of Cyber Security Choice architecture for information security 4M programme, awarded 1 st Oct 2012 4 projects, coordinated by UCL How secure is my enterprise? How do we make beber security decisions? Productive Security Improving security compliance and productivity through measurement Games and Abstraction: The science of cyber security Cyber security cartographies: CySeCa

Science of Cyber Security Security is process, not a product people, processes, technology Moving to empirical, evidence-based security Collaboration between researchers and industry is essential better understanding of complexity of problems by academics (avoiding ivory tower mentality) because that s where the data is! Bringing scientific rigour to data collection, measurement, and decision-making

Games and Abstraction Game Theory can help Systems Administrators make better decisions about how to defend their systems. The Cyber Security Problem can be seen as a two player game consisting of an Attacker who wants to maximise damage and a Defender who wants to minimise downtime and protect resources. For example, once an http server has been compromised, the likely next steps of the attacker would be to deface the website or install a sniffer. Defences include re-installing the compromised account or installing a sniffer detector. Attackers are far more likely to just deface the website and so the best defence is therefore to re-install the compromised account. We have designed a scientific programme to make this kind of analysis a robust and tractable problem.

Expected outcomes New theory and understanding of Game Theory and its application to cyber defence. Proof-of-concept implementation of a decision support tool based on adaptive, imperfect information stochastic games with intermediate results relating to simpler systems. Empirical evaluation of the implementation against data sets from real stakeholders. Policy advice on cyber security strategy.

Our Model

Concepts (1) q Target q Vulnerability: The particular attack method q Depth: The network location of the data assets q Control q Level: The Degree to which a control is implemented q Mitigation: The amount of damage that is expected to be stopped by implementing this control q Direct Cost: The cost to implement and maintain a control q Indirect Cost: Costs related to the implementation of a control not seen as direct costs q Organisational Profile: Characteristics unique to the Company or organisation

Concepts (2) q Control Games q q Study Each Control Individually q Calculate a Mixed Strategy for Each Level of Implementation Optimisation q Find the Optimum Allocation of a Budget for Defence of an Organisation q Uses a Weakest Target Model q Formulated as a 0-1 Multiple-Choice Multi- Objective Knapsack Problem

Control Games q Control Games All sub-games of a single control identifying the best strategy for each possible level. q Control Sub-Game The analysis of each possible combination of levels of a single control up to the maximum level denoted by the sub-game. q Representation q Two Player, Zero Sum Game

Solving the Games A Python Based Min-Max Solver We have used a method based on Singular Value Decomposition (SVD) to compute equilibria in large games where a large number of assets of the defending party must be protected against adversaries. Our method provides reasonably close solutions to the original game solutions and a significant speed up to the computation.

Case Sudy (1) Tables from Cybersecurity Games and Investments: A Decision Support Approach Gamesec 2014

Case Study (2) Table and Graph from Cybersecurity Games and Investments: A Decision Support Approach Gamesec 2014

Game Modelling - Future Work q Larger Scale Games q More Resources and Vulnerabilities q Comparison of results to Cyber Essentials q Solving The Summation of Effectiveness Problem q Defender Payoffs represented by Benefits not Damage q New Data Sources q Common Attack Pattern Enumeration and Classification (CAPEC) 1 as the source for Attacks q Integration of findings from Qualitative Research 1 https://capec.mitre.org

Advanced Persistent Threats q The Current Model design doesn t effectively support the decision making required for Advance Persistent Threat attacks. q Currently working on designing a model for more accurately representing the interactions in Advance Persistent Threat attacks.

Industrial Control System operation NIST

Convergence of ICS and Enterprise IT...... but with major differences: Time critical versus high throughput Continuous operation Increased importance of edge clients Complex interactions with physical processes Resource constraints Legacy issues: 15-20+ years of operation Access to components can be difficult

A change of emphasis... C I A Espionage Sabotage A I C... not forgetting: Maintainability, Reliability and Safety

Focus of Phase 1 State of the Market To document current approaches and praceces To idenefy successes and failures Barriers To report on the cultural barriers that prevent innovaeon and adopeon of good praceces Foresight To idenefy emerging technologies and threats that are likely to improve or exacerbate idenefied challenges

Key Questions / Challenges for Phase 2 Do we understand the harm threats pose to our ICS systems and business? Can we confidently arcculate these threats as business risk? What could be novel effeccve and efficient intervencons?

Research Institute in Trustworthy Industrial Control Systems CAPRICA: Converged approach towards resilient industrial control systems and cyber assurance MUMBA: Multifaceted metrics for ICS business risk analysis 2.4M programme, 5 coordinated projects. Phase 1 (Directorship) awarded 01/01/14, Chris Hankin, Imperial College London. Phase 2 awarded 01/10/14. Key challenges: 1. Mapping cyber threat to physical harm: do we understand the harm that threats pose to ICS and business? 2. Do we understand and can we confidently areculate these threats as business risk? 3. What are the novel effeceve and efficient interveneons? CECRICS: Communicating and evaluating cyber risk and dependencies in ICS SCEPTICS: A systematic evaluation process for threats to ICS (incl. national grid and rail networks) RITICS: Novel, effective and efficient interventions

Imperial: A multi-scale approach Single organisations Local clique National Infrastructure International

Imperial: Themes Connectedness what is the level of connectedness in organisations at the various scales? Propagation of effects how far is a successful attack likely to migrate (cascading failures)? Defensive strategies Link to RISCS Economic consequences what are the consequences at each scale? Mitigation particularly for worst case threats.

Thank you Pasquale Malacaria Fabrizio Smeraldi Tom Hoehn Deeph Chana Andrew Burton Denise McGurk Andrew Fielder Manos Panaousis Zeynep Gurguc c.hankin@imperial.ac.uk

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information