This document discusses various topics related to cyber security. It begins by introducing Clinton Ingrams from De Montfort University's Cyber Security Centre, which teaches cyber security topics like PHP and penetration testing. It then outlines several cyber threats like DDoS attacks against Estonia and Georgia, and malware like Stuxnet. The document also discusses various government agencies and initiatives involved in cyber security for the UK, including the Cabinet Office, GCHQ, CPNI, and the National Cyber Security Strategy. It emphasizes the importance of secure coding, testing, training, and awareness around cyber threats.
10. Cyber Attacks
●
Georgia
– Multiple
DDoS
– 7th August 2008
– In conjunction with military invasion
TTNET
Caucasus Cable
Caucasus Net
Delta Net
Transtelecom
TISCALI
Seabone
13/10/13
RETN
COGENT
11. Cyber Attacks
●
Syria
Israeli malware was (allegedly) installed in
Syrian Integrated Air Defence System
(IADS)
– 6th September 2007
– Disrupted Syrian nuclear research
–
www.defensetech.org/2007/11/26/israels-cyber-shot-at-syria/
13/10/13
12. Lost IPR
●
●
“the average business takes 300 days to
identify a data breach”
Small SMEs can lose ~£1M over 5-10 years
13/10/13
15. SCADA
●
Supervisory Control and Data Acquisition
Often programmed in software logic
blocks
Typically 30 year turnover in hardware/software
–
●
–
–
●
IET
13/10/13
Windows 95 still very common
Some equipment is 60 years old!
21. Cabinet Office
●
●
Create partnerships between businesses,
academics, HMG & international
£860m
–
over 5 years
–
From the NSCP
●
13/10/13
National Cyber Security Programme
22. National Cyber Security Strategy
Our vision is for the UK in 2015 to derive huge economic and social value from a
vibrant, resilient and secure cyberspace, where our actions, guided by our core
values of liberty, fairness, transparency and the rule of law, enhance prosperity,
national security and a strong society.
To achieve this vision by 2015 we want:
Objective 1:
Objective 2:
Objective 3:
The UK to tackle cyber
crime and be one of the
most secure places in the
world to do business in
cyberspace
The UK to be more
resilient to cyber attacks
and better able to protect
our interests in
cyberspace
The UK to have helped
shape an open, stable
and vibrant cyberspace
which the UK public can
use safely and that
supports open societies
Objective 4:
The UK to have the cross-cutting knowledge, skills and capability it needs to
underpin all our cyber security objectives
13/10/13
25. Coding
“Why is there never time or money to implement
proper application security before the launch date,
but always time and money to retro-fit security after
the first hack”
Anon
13/10/13
26. Testing
●
MoD – 4 levels of Vulnerability Assessment
–
Scanning
–
Toolkits
●
–
Penetration test
●
–
13/10/13
automated assessments
qualified & experienced expert
Physical test
29. Reading
Eg
Trustwave Global Security Report
– Checkpoint Security Report
– The Global Cyber Game report
–
●
http://www.scribd.com/doc/142553109/The-Global-Cyber-Game
DefenseTech
– The Register
– etc
–
13/10/13
30. Cyber Security Vouchers
●
HMG
●
Department for Business, Innovation and Skils
●
Up to £5000 as a voucher
–
●
to spend improving the security of a client
http://news.bis.gov.uk/Press-Releases/Support-for-smallbusinesses-to-tackle-record-levels-of-cyber-attacks-68b5a.aspx
13/10/13