SlideShare a Scribd company logo

C4I cyber secuirty by Eric Eifert - Keynote 9.pptx

Download as PPTX, PDF
B
bakhtinasiriav

This document discusses cyber security risks to emerging C4I (command, control, communications, computers, and intelligence) systems and strategies for mitigating those risks. It outlines threats like nation states, organized crime, and insider threats. It also describes a case study of a cyber attack on Ukrainian power grids. The document recommends assessing risks by understanding assets, threats, and vulnerabilities. It advocates improving visibility of networks, increasing threat intelligence, and better integrating security technologies to continuously monitor for and rapidly respond to cyber events.

Related slideshows

𝐋𝐚𝐭𝐞𝐬𝐭 𝐂𝐨𝐦𝐩𝐓𝐈𝐀 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲+ 𝐒𝐘𝟎-𝟕𝟎𝟏 𝐄𝐱𝐚𝐦
𝐋𝐚𝐭𝐞𝐬𝐭 𝐂𝐨𝐦𝐩𝐓𝐈𝐀 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲+ 𝐒𝐘𝟎-𝟕𝟎𝟏 𝐄𝐱𝐚𝐦𝐋𝐚𝐭𝐞𝐬𝐭 𝐂𝐨𝐦𝐩𝐓𝐈𝐀 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲+ 𝐒𝐘𝟎-𝟕𝟎𝟏 𝐄𝐱𝐚𝐦
𝐋𝐚𝐭𝐞𝐬𝐭 𝐂𝐨𝐦𝐩𝐓𝐈𝐀 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲+ 𝐒𝐘𝟎-𝟕𝟎𝟏 𝐄𝐱𝐚𝐦
 
𝐋𝐚𝐭𝐞𝐬𝐭 𝐂𝐨𝐦𝐩𝐓𝐈𝐀 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲+ 𝐒𝐘𝟎-𝟕𝟎𝟏 𝐄𝐱𝐚𝐦
𝐋𝐚𝐭𝐞𝐬𝐭 𝐂𝐨𝐦𝐩𝐓𝐈𝐀 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲+ 𝐒𝐘𝟎-𝟕𝟎𝟏 𝐄𝐱𝐚𝐦𝐋𝐚𝐭𝐞𝐬𝐭 𝐂𝐨𝐦𝐩𝐓𝐈𝐀 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲+ 𝐒𝐘𝟎-𝟕𝟎𝟏 𝐄𝐱𝐚𝐦
𝐋𝐚𝐭𝐞𝐬𝐭 𝐂𝐨𝐦𝐩𝐓𝐈𝐀 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲+ 𝐒𝐘𝟎-𝟕𝟎𝟏 𝐄𝐱𝐚𝐦
 
Security+ SY0-701 CERTIFICATION TRAINING.pdf
Security+ SY0-701 CERTIFICATION TRAINING.pdfSecurity+ SY0-701 CERTIFICATION TRAINING.pdf
Security+ SY0-701 CERTIFICATION TRAINING.pdf
 
1 of 22
Keynote 9: Cyber Security in Emerging C4I Systems: Deployment and Implementation Perspectives By Eric J. Eifert, Sr. VP of DarkMatter’s Managed Security Services
Agenda • Background • Threat Actors and Risks • Case Study • Assessing Cyber Risk • Mitigating Cyber Risk
My Background • Over 20+ years experience in Cyber Security  Special Agent investigating cyber crime and computer intrusions  Programme Manager for large U.S. Cyber Security Operations Centres  Executive running cyber security line of business (US$125+M)  Adjunct professor teaching graduate cyber investigations  Relocated to UAE for DarkMatter
Who are the Threat Actors  World Trade / Globalisation Activists  Environmental Groups  Regional Political Activism  Non-State Sponsored Terrorism  Organised Crime  Nation States / Governments  Insider Threats  Information Hacktivisists  General Attacker Threats  Illegal Information Brokers and Freelance Agents  Trusted 3rd Parties  Corporate Intelligence  Investigation Companies  Competitors, Contractors, Corporations  Untrained Personnel
What are the cyber risks • Theft of sensitive and valuable information • Manipulation of mission critical data • Disruption to operations • Impact to successful execution of mission priorities • Destruction of C4I systems via non-kinetic attacks
Knowledge is power • C4I System are complex and targets of sophisticated cyber attacks • What type of information are adversaries looking for? – C4I capabilities – Operational information – Vulnerabilities – Plans and strategy – Research and development
Well orchestrated cyber attack against Ukrainian power grid • 23 Dec 2015 “Prykarpattyaoblenergo” reported disruption of power supply because of an “accident” • Ukrainian CERT reported 8 different power companies across 8 different regions were affected by cyber attacks • One company affected linked attack to subnetwork belonging to ISP operated in Russia
Multi-Pronged Attack • Disconnected breakers to substations • Telephone Denial of Service Attack • Manipulated monitoring capabilities • Destroyed corporate systems
C4I Systems • Deployable C4I capabilities • Mission critical systems • Long Haul Communications • Mission impact • Lessons learned
Assessing the risk • Understand your assets • Sensors • Communications • Network environment • Data Storage • Analytics • Understand the threats • Which threat actors are targeting you and why • Know their capabilities • Understand your vulnerabilities • People, process, and technology
• Identify standards to measure yourself against • Leverage guidance from your country and others • International Organisation for Standardisation • US National Institute of Standards and Technology • Industry specific documentation Assessing the risk
• What to assess? • Risk Management • Asset, Change, and Configuration Management • Identity and Access Management • Threat and Vulnerability Management • Situational Awareness • Information Sharing and Communication • Event and Incident Response, COOP • Supply Chain and External Dependencies • Workforce Management • Cybersecurity Program Management Assessing the risk NIST’s model of security information and decision flows within an organization (Source: NIST Preliminary-Cybersecurity Framework, Page 9)
Mitigating the risk At an advanced level it is the integration of all this information to allow continuous monitoring and rapid decision making At the most basic level it is having true visibility across your own environment  Knowing what is on your network…  Knowing how your network is configured…  Knowing who is on your network… At an intermediate level it is understanding external influences and their relevance to your environment Visibility Intelligence Integration
Why Visibility Visibility Type Rationale Hardware Knowing what hardware is in the environment as well as when new hardware is introduced to the environment allows you to ensure they conform with your secure baseline and are authorised devices Software Software vulnerabilities, bugs and security updates are common, knowing if you are vulnerable and rapidly resolving your vulnerable state is critical Configuration Maintaining a secure configuration baseline is important to prevent unauthorised access and subversion of defences Identity and Access Confirming the identity of authorised users as well as ensuring they have access to the appropriate resources and data sources Data Knowing what data within your organisation is sensitive allows you to focus your resources on what is most important Visibility Intelligence Integration
Why Intelligence Intelligence Type Rationale Vulnerabilities Understanding what vulnerabilities exist within your environments as well as when new vulnerabilities are discovered allows for rapid remediation Threat Actors Understanding the types of adversaries targeting you and their motivation helps to focus resources and security investments Adversarial Capabilities Up to date knowledge of the specific tactics, techniques, procedures, and technologies being used by an adversary allows for better detection Government Government agencies have access to rich threat intelligence that can be leveraged to gain better insight into the threat landscape Industry Industry peer groups can provide insight into sector specific cyber threats as well as share lessons learned to increase your security posture Visibility Intelligence Integration
Why Integration Integration Type Rationale Diverse Technology Proper integration of diverse technologies reduces the potential for the introduction of security weaknesses Legacy Technology Legacy applications running on insecure hardware and software need to be known and mitigated through other means Logs and Diagnostics Diverse log and diagnostic formats can make it difficult to leverage the content for decision making Visualization Aggregation of information into a dashboard for decision makers helps prioritise and speed up the decision making process Automation Acting at the speed of cyber to mitigate issues reduces the potential of cyber events Visibility Intelligence Integration
Mitigating the risk - Increase your visibility • Deploy technology to provide visibility across all assets • Remote locations • Non-IP based systems • Mobile and wireless • Understand your critical assets, technology, and data • Correlate and analyse data to detect anomalous and suspicious events • Conduct continuous monitoring and rapid remediation/mitigation activities
Mitigating the risk - Increase your intelligence • Develop a threat intelligence programme • Obtain threat intelligence feeds • Develop partnerships with government information sharing programmes • Develop partnerships with industry peers to share threat intelligence • Interface with all stakeholders to understand critical components
Mitigating the risk - Facilitate better integration • Understand the technical landscape within the organisation and influence the roadmap with a focus on better integration and security • Attend user conferences to learn about best practices from other organisations with similar environments • Develop a secure reference architecture that is flexible and adaptable • Understand the Application Program Interfaces (APIs) of the technologies in use and how to leverage them for security orchestration and automated remediation • Develop an integration lab to test secure configurations and integrations prior to deployment
Summary • C4I systems complex and a target for cyber attackers and insiders • In order to assess your cyber risk you need to understand your assets, the threats to those assets, and the vulnerabilities • Leverage National and International standards, guidelines, and frameworks • Evaluate your organisation’s cyber maturity across visibility, intelligence, and integration • Develop a plan to mitigate the highest risk areas and build towards a continuous monitoring and mitigation capability supported by intelligence and securely integrated technology Intelligence Visibility Integration
C4I cyber secuirty by Eric Eifert - Keynote 9.pptx
C4I cyber secuirty by Eric Eifert - Keynote 9.pptx

More Related Content

C4I cyber secuirty by Eric Eifert - Keynote 9.pptx

  • 1. Keynote 9: Cyber Security in Emerging C4I Systems: Deployment and Implementation Perspectives By Eric J. Eifert, Sr. VP of DarkMatter’s Managed Security Services
  • 2. Agenda • Background • Threat Actors and Risks • Case Study • Assessing Cyber Risk • Mitigating Cyber Risk
  • 3. My Background • Over 20+ years experience in Cyber Security  Special Agent investigating cyber crime and computer intrusions  Programme Manager for large U.S. Cyber Security Operations Centres  Executive running cyber security line of business (US$125+M)  Adjunct professor teaching graduate cyber investigations  Relocated to UAE for DarkMatter
  • 4. Who are the Threat Actors  World Trade / Globalisation Activists  Environmental Groups  Regional Political Activism  Non-State Sponsored Terrorism  Organised Crime  Nation States / Governments  Insider Threats  Information Hacktivisists  General Attacker Threats  Illegal Information Brokers and Freelance Agents  Trusted 3rd Parties  Corporate Intelligence  Investigation Companies  Competitors, Contractors, Corporations  Untrained Personnel
  • 5. What are the cyber risks • Theft of sensitive and valuable information • Manipulation of mission critical data • Disruption to operations • Impact to successful execution of mission priorities • Destruction of C4I systems via non-kinetic attacks
  • 6. Knowledge is power • C4I System are complex and targets of sophisticated cyber attacks • What type of information are adversaries looking for? – C4I capabilities – Operational information – Vulnerabilities – Plans and strategy – Research and development
  • 7. Well orchestrated cyber attack against Ukrainian power grid • 23 Dec 2015 “Prykarpattyaoblenergo” reported disruption of power supply because of an “accident” • Ukrainian CERT reported 8 different power companies across 8 different regions were affected by cyber attacks • One company affected linked attack to subnetwork belonging to ISP operated in Russia
  • 8. Multi-Pronged Attack • Disconnected breakers to substations • Telephone Denial of Service Attack • Manipulated monitoring capabilities • Destroyed corporate systems
  • 9. C4I Systems • Deployable C4I capabilities • Mission critical systems • Long Haul Communications • Mission impact • Lessons learned
  • 10. Assessing the risk • Understand your assets • Sensors • Communications • Network environment • Data Storage • Analytics • Understand the threats • Which threat actors are targeting you and why • Know their capabilities • Understand your vulnerabilities • People, process, and technology
  • 11. • Identify standards to measure yourself against • Leverage guidance from your country and others • International Organisation for Standardisation • US National Institute of Standards and Technology • Industry specific documentation Assessing the risk
  • 12. • What to assess? • Risk Management • Asset, Change, and Configuration Management • Identity and Access Management • Threat and Vulnerability Management • Situational Awareness • Information Sharing and Communication • Event and Incident Response, COOP • Supply Chain and External Dependencies • Workforce Management • Cybersecurity Program Management Assessing the risk NIST’s model of security information and decision flows within an organization (Source: NIST Preliminary-Cybersecurity Framework, Page 9)
  • 13. Mitigating the risk At an advanced level it is the integration of all this information to allow continuous monitoring and rapid decision making At the most basic level it is having true visibility across your own environment  Knowing what is on your network…  Knowing how your network is configured…  Knowing who is on your network… At an intermediate level it is understanding external influences and their relevance to your environment Visibility Intelligence Integration
  • 14. Why Visibility Visibility Type Rationale Hardware Knowing what hardware is in the environment as well as when new hardware is introduced to the environment allows you to ensure they conform with your secure baseline and are authorised devices Software Software vulnerabilities, bugs and security updates are common, knowing if you are vulnerable and rapidly resolving your vulnerable state is critical Configuration Maintaining a secure configuration baseline is important to prevent unauthorised access and subversion of defences Identity and Access Confirming the identity of authorised users as well as ensuring they have access to the appropriate resources and data sources Data Knowing what data within your organisation is sensitive allows you to focus your resources on what is most important Visibility Intelligence Integration
  • 15. Why Intelligence Intelligence Type Rationale Vulnerabilities Understanding what vulnerabilities exist within your environments as well as when new vulnerabilities are discovered allows for rapid remediation Threat Actors Understanding the types of adversaries targeting you and their motivation helps to focus resources and security investments Adversarial Capabilities Up to date knowledge of the specific tactics, techniques, procedures, and technologies being used by an adversary allows for better detection Government Government agencies have access to rich threat intelligence that can be leveraged to gain better insight into the threat landscape Industry Industry peer groups can provide insight into sector specific cyber threats as well as share lessons learned to increase your security posture Visibility Intelligence Integration
  • 16. Why Integration Integration Type Rationale Diverse Technology Proper integration of diverse technologies reduces the potential for the introduction of security weaknesses Legacy Technology Legacy applications running on insecure hardware and software need to be known and mitigated through other means Logs and Diagnostics Diverse log and diagnostic formats can make it difficult to leverage the content for decision making Visualization Aggregation of information into a dashboard for decision makers helps prioritise and speed up the decision making process Automation Acting at the speed of cyber to mitigate issues reduces the potential of cyber events Visibility Intelligence Integration
  • 17. Mitigating the risk - Increase your visibility • Deploy technology to provide visibility across all assets • Remote locations • Non-IP based systems • Mobile and wireless • Understand your critical assets, technology, and data • Correlate and analyse data to detect anomalous and suspicious events • Conduct continuous monitoring and rapid remediation/mitigation activities
  • 18. Mitigating the risk - Increase your intelligence • Develop a threat intelligence programme • Obtain threat intelligence feeds • Develop partnerships with government information sharing programmes • Develop partnerships with industry peers to share threat intelligence • Interface with all stakeholders to understand critical components
  • 19. Mitigating the risk - Facilitate better integration • Understand the technical landscape within the organisation and influence the roadmap with a focus on better integration and security • Attend user conferences to learn about best practices from other organisations with similar environments • Develop a secure reference architecture that is flexible and adaptable • Understand the Application Program Interfaces (APIs) of the technologies in use and how to leverage them for security orchestration and automated remediation • Develop an integration lab to test secure configurations and integrations prior to deployment
  • 20. Summary • C4I systems complex and a target for cyber attackers and insiders • In order to assess your cyber risk you need to understand your assets, the threats to those assets, and the vulnerabilities • Leverage National and International standards, guidelines, and frameworks • Evaluate your organisation’s cyber maturity across visibility, intelligence, and integration • Develop a plan to mitigate the highest risk areas and build towards a continuous monitoring and mitigation capability supported by intelligence and securely integrated technology Intelligence Visibility Integration

Editor's Notes

  1. What is on your network includes hardware, software, and information.