Csirs Trabsport Security September 2011 V 3.6
•
1 like•247 views
This document discusses cyber security threats, especially advanced persistent threats (APTs), in real-time systems. It notes that the Stuxnet virus changed the landscape by showing the sophistication that threats can achieve. Insider threats are also discussed as being very dangerous due to immediate access inside security perimeters. The document recommends implementing baseline security measures but also more advanced measures like data loss prevention and log analysis to help detect and mitigate APTs, noting they are difficult to find and defend against. Executive sponsorship of security is key to protecting against these evolving threats.
Report
Share
Csirs Trabsport Security September 2011 V 3.6
- 1. Cyber Security in Real-Time Systems Transport Security Event – Olympia “Advanced Persistent and Insider Threats” David Spinks – Chairman CSIRS September 2011 CSIRS Cyber Security in Real-Time Systems
- 2. Introduction CSIRS Cyber Security in Real-Time Systems
- 3. CSIRS Cyber Security in Real-Time Systems Linkedin CSIRS : http://www.linkedin.com/groupRegistration?gid=3623430
- 4. Why me? CSIRS Cyber Security in Real-Time Systems
- 5. 1970/75 –Worlds First Large Scale Automation
- 6. 1990 - 2000 Railtrack Safety Critical Software Sizewell B Software Emergency Shut Down code validation UK Government assessment of Embedded Software Aviation
- 7. Current Business Environments & Drivers CSIRS Cyber Security in Real-Time Systems
- 8. Smart Grid Emerging Changing Cost Reduction by Threat Profile Private Utilities Integration Real Time Real Time (SCADA) <> Commercial IT based on Windows Use of wireless to Real Time designed effect remote by “engineers” management
- 9. Threats Current Trends CSIRS Cyber Security in Real-Time Systems
- 10. Stuxnet Changed Everything Expertise Focused Gather Intelligence Social Engineering The first advanced persistent threat APT
- 11. Why is APT different? Multiple entry points across supplier chain Focus on social engineering and use of insiders. Gathering of intelligence across a range of suppliers. Attack has a complex event sequence across multiple technologies. Malware is sophisticated and likely developed and proved on test beds.
- 12. Do not to place in designs of Nuclear Plant in the public domain! http://www.prleap.com/pr/167858/ eXtremeDB Embedded In-Memory Database Adds Safety and Efficiency In Nuclear Waste Processing Control System
- 13. So have there been any other APTs since Stuxnet? Many successful security attacks have been designated as APT by the company that has been breached. Closest to this model is the RSA breach entry via EMC and staff being exposed to Phishing attacks lack of RSA CSO ...... Farthest away is repeated breaches suffered by Sony .... Many organisations have a history of under investment in Information Security ....
- 14. Insider Threats CSIRS Cyber Security in Real-Time Systems
- 15. What is an insider threat? A breach or part of an attack executed from within the existing trust domain(s) by an individual who has some kind of existing authentications The breach event may be deliberate or accidental. The individual may be a current or past employee, contractor, customer, partner or supplier. The individual will have a “motive” which may or may not be logical. Many insider threats will be trivial actions that form an intelligence gathering exercise CSIRS Cyber Security in Real-Time Systems
- 16. Why is an insider threat so dangerous? Immediate compromise of traditional security perimeter! Traditional baseline security measures are ineffective Traditional concepts of “trust” are invalid - many frauds and thefts are executed with the assistance of employees and executives! No-one is immune to potential compromise. Pilot studies using DLP software and tools show a staggering high number of deliberate security breaches executed by a high % of all staff. Ignorance of policy ... Finding ways around the rules. Stupidity! CSIRS Cyber Security in Real-Time Systems
- 17. Possible defence and detection Security training and awareness Communication and Implementation of penalties. Concept of “you will be caught” and example will be made. Security culture Evaluation of suppliers and partners (supply chain!) Use of DLP and Log Analysis Good HR policies and procedures monitoring behaviours CSIRS Cyber Security in Real-Time Systems
- 18. What actions do we need to consider? CSIRS Cyber Security in Real-Time Systems
- 19. Possible Cyber Security Solution Understanding Implementation of baseline security Design Solution ISO 27001 CobiT 4.1/5.0 Implement Implementation of APT Manage & Improve detection and response
- 20. Implementation of baseline security examples Robust Identity Management solutions RBAC Basic log collection, analysis and reporting Intrusion detection and prevention Penetration testing of external facing firewalls Security training and awareness (defending social engineering and phishing) Encryption of critical and sensitive data Mandatory no exceptions executive led will not detect or mitigate APT
- 21. Advanced security measures : PKI/Digital signatures and key management Data loss prevention proactive and reactive. Integrated approach to log analysis (applications and IdM) real-time alerts to SOC Applications and web hosting code analysis Governance, Risk and Compliance in real-time Security incident and near miss reporting. Mandatory no exceptions executive led.
- 22. Conclusions : APTs are very difficult to detect and once detected to then defend against Expenditure on security processes and tools needs to be increased Security should be implemented top down with executive sponsorship. All employees are part of the defence silver bullets will not work.
- 23. Thank you Q&A david.spinks@hp.com dspinks41@gmail.com CSIRS Cyber Security in Real-Time Systems