SlideShare a Scribd company logo

Csirs Trabsport Security September 2011 V 3.6

David Spinks
David Spinks
1 of 23
Download to read offline
Cyber Security in Real-Time Systems Transport Security Event – Olympia “Advanced Persistent and Insider Threats” David Spinks – Chairman CSIRS September 2011 CSIRS Cyber Security in Real-Time Systems
Introduction CSIRS Cyber Security in Real-Time Systems
CSIRS Cyber Security in Real-Time Systems Linkedin CSIRS : http://www.linkedin.com/groupRegistration?gid=3623430
Why me? CSIRS Cyber Security in Real-Time Systems
1970/75 –Worlds First Large Scale Automation
1990 - 2000 Railtrack Safety Critical Software Sizewell B Software Emergency Shut Down code validation UK Government assessment of Embedded Software Aviation
Current Business Environments & Drivers CSIRS Cyber Security in Real-Time Systems
Smart Grid Emerging Changing Cost Reduction by Threat Profile Private Utilities Integration Real Time Real Time (SCADA) <> Commercial IT based on Windows Use of wireless to Real Time designed effect remote by “engineers” management
Threats Current Trends CSIRS Cyber Security in Real-Time Systems
Stuxnet Changed Everything Expertise Focused Gather Intelligence Social Engineering The first advanced persistent threat APT
Why is APT different? Multiple entry points across supplier chain Focus on social engineering and use of insiders. Gathering of intelligence across a range of suppliers. Attack has a complex event sequence across multiple technologies. Malware is sophisticated and likely developed and proved on test beds.
Do not to place in designs of Nuclear Plant in the public domain! http://www.prleap.com/pr/167858/ eXtremeDB Embedded In-Memory Database Adds Safety and Efficiency In Nuclear Waste Processing Control System
So have there been any other APTs since Stuxnet? Many successful security attacks have been designated as APT by the company that has been breached. Closest to this model is the RSA breach entry via EMC and staff being exposed to Phishing attacks lack of RSA CSO ...... Farthest away is repeated breaches suffered by Sony .... Many organisations have a history of under investment in Information Security ....
Insider Threats CSIRS Cyber Security in Real-Time Systems
What is an insider threat? A breach or part of an attack executed from within the existing trust domain(s) by an individual who has some kind of existing authentications The breach event may be deliberate or accidental. The individual may be a current or past employee, contractor, customer, partner or supplier. The individual will have a “motive” which may or may not be logical. Many insider threats will be trivial actions that form an intelligence gathering exercise CSIRS Cyber Security in Real-Time Systems
Why is an insider threat so dangerous? Immediate compromise of traditional security perimeter! Traditional baseline security measures are ineffective Traditional concepts of “trust” are invalid - many frauds and thefts are executed with the assistance of employees and executives! No-one is immune to potential compromise. Pilot studies using DLP software and tools show a staggering high number of deliberate security breaches executed by a high % of all staff. Ignorance of policy ... Finding ways around the rules. Stupidity! CSIRS Cyber Security in Real-Time Systems
Possible defence and detection Security training and awareness Communication and Implementation of penalties. Concept of “you will be caught” and example will be made. Security culture Evaluation of suppliers and partners (supply chain!) Use of DLP and Log Analysis Good HR policies and procedures monitoring behaviours CSIRS Cyber Security in Real-Time Systems
What actions do we need to consider? CSIRS Cyber Security in Real-Time Systems
Possible Cyber Security Solution Understanding Implementation of baseline security Design Solution ISO 27001 CobiT 4.1/5.0 Implement Implementation of APT Manage & Improve detection and response
Implementation of baseline security examples Robust Identity Management solutions RBAC Basic log collection, analysis and reporting Intrusion detection and prevention Penetration testing of external facing firewalls Security training and awareness (defending social engineering and phishing) Encryption of critical and sensitive data Mandatory no exceptions executive led will not detect or mitigate APT
Advanced security measures : PKI/Digital signatures and key management Data loss prevention proactive and reactive. Integrated approach to log analysis (applications and IdM) real-time alerts to SOC Applications and web hosting code analysis Governance, Risk and Compliance in real-time Security incident and near miss reporting. Mandatory no exceptions executive led.
Conclusions : APTs are very difficult to detect and once detected to then defend against Expenditure on security processes and tools needs to be increased Security should be implemented top down with executive sponsorship. All employees are part of the defence silver bullets will not work.
Thank you Q&A david.spinks@hp.com dspinks41@gmail.com CSIRS Cyber Security in Real-Time Systems

Recommended

Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...
Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...
Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...Minh Le
 
Trend Micro - Targeted attacks: Have you found yours?
Trend Micro - Targeted attacks: Have you found yours?Trend Micro - Targeted attacks: Have you found yours?
Trend Micro - Targeted attacks: Have you found yours?Global Business Events
 
Trend micro real time threat management press presentation
Trend micro real time threat management press presentationTrend micro real time threat management press presentation
Trend micro real time threat management press presentationAndrew Wong
 
Trend Micro: Security Challenges and Solutions for the Cloud (Saas) & Cloud S...
Trend Micro: Security Challenges and Solutions for the Cloud (Saas) & Cloud S...Trend Micro: Security Challenges and Solutions for the Cloud (Saas) & Cloud S...
Trend Micro: Security Challenges and Solutions for the Cloud (Saas) & Cloud S...Ingram Micro Cloud
 
Getting ahead of compromise
Getting ahead of compromiseGetting ahead of compromise
Getting ahead of compromiseCMR WORLD TECH
 
What i learned at issa international summit 2019
What i learned at issa international summit 2019What i learned at issa international summit 2019
What i learned at issa international summit 2019Ulf Mattsson
 
Trend Micro Dec 6 Toronto VMUG
Trend Micro Dec 6 Toronto VMUGTrend Micro Dec 6 Toronto VMUG
Trend Micro Dec 6 Toronto VMUGtovmug
 
Cybersecurity domains-map-3.0
Cybersecurity domains-map-3.0Cybersecurity domains-map-3.0
Cybersecurity domains-map-3.0Oscar Ferreira
 

Recommended

Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...
Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...
Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...Minh Le
 
Trend Micro - Targeted attacks: Have you found yours?
Trend Micro - Targeted attacks: Have you found yours?Trend Micro - Targeted attacks: Have you found yours?
Trend Micro - Targeted attacks: Have you found yours?Global Business Events
 
Trend micro real time threat management press presentation
Trend micro real time threat management press presentationTrend micro real time threat management press presentation
Trend micro real time threat management press presentationAndrew Wong
 
Trend Micro: Security Challenges and Solutions for the Cloud (Saas) & Cloud S...
Trend Micro: Security Challenges and Solutions for the Cloud (Saas) & Cloud S...Trend Micro: Security Challenges and Solutions for the Cloud (Saas) & Cloud S...
Trend Micro: Security Challenges and Solutions for the Cloud (Saas) & Cloud S...Ingram Micro Cloud
 
Getting ahead of compromise
Getting ahead of compromiseGetting ahead of compromise
Getting ahead of compromiseCMR WORLD TECH
 
What i learned at issa international summit 2019
What i learned at issa international summit 2019What i learned at issa international summit 2019
What i learned at issa international summit 2019Ulf Mattsson
 
Trend Micro Dec 6 Toronto VMUG
Trend Micro Dec 6 Toronto VMUGTrend Micro Dec 6 Toronto VMUG
Trend Micro Dec 6 Toronto VMUGtovmug
 
Cybersecurity domains-map-3.0
Cybersecurity domains-map-3.0Cybersecurity domains-map-3.0
Cybersecurity domains-map-3.0Oscar Ferreira
 
IT Security Bedrohungen optimal abwehren_Tom Turner und Andreas Wespi
IT Security Bedrohungen optimal abwehren_Tom Turner und Andreas WespiIT Security Bedrohungen optimal abwehren_Tom Turner und Andreas Wespi
IT Security Bedrohungen optimal abwehren_Tom Turner und Andreas WespiIBM Switzerland
 
Introduction - Trend Micro Deep Security
Introduction - Trend Micro Deep SecurityIntroduction - Trend Micro Deep Security
Introduction - Trend Micro Deep SecurityAndrew Wong
 
Security assessment for financial institutions
Security assessment for financial institutionsSecurity assessment for financial institutions
Security assessment for financial institutionsZsolt Nemeth
 
SCIT Labs - intrusion tolerant systems
SCIT Labs - intrusion tolerant systemsSCIT Labs - intrusion tolerant systems
SCIT Labs - intrusion tolerant systemsZsolt Nemeth
 
Pöyry ICS Cyber Security brochure (English)
Pöyry ICS Cyber Security brochure (English)Pöyry ICS Cyber Security brochure (English)
Pöyry ICS Cyber Security brochure (English)Pöyry
 
Hacktive Security - Ethical Hacking Services
Hacktive Security - Ethical Hacking ServicesHacktive Security - Ethical Hacking Services
Hacktive Security - Ethical Hacking ServicesCarlo Pelliccioni, CISSP
 
Solutions for PCI DSS Compliance
Solutions for PCI DSS ComplianceSolutions for PCI DSS Compliance
Solutions for PCI DSS ComplianceTrend Micro
 
Moving target-defense
Moving target-defenseMoving target-defense
Moving target-defenseZsolt Nemeth
 
Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...
Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...
Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...Abhishek Goel
 
IBM Immune System
IBM Immune SystemIBM Immune System
IBM Immune SystemLuke Kenny
 
Using Security to Build with Confidence in AWS - Trend Micro
Using Security to Build with Confidence in AWS - Trend Micro Using Security to Build with Confidence in AWS - Trend Micro
Using Security to Build with Confidence in AWS - Trend Micro Amazon Web Services
 
The-Enterprise-Immune-System-Using-Machine-Learning-for-Next-Generation-Cyber...
The-Enterprise-Immune-System-Using-Machine-Learning-for-Next-Generation-Cyber...The-Enterprise-Immune-System-Using-Machine-Learning-for-Next-Generation-Cyber...
The-Enterprise-Immune-System-Using-Machine-Learning-for-Next-Generation-Cyber...Amazon Web Services
 
Security of,for & by cloud
Security of,for & by cloudSecurity of,for & by cloud
Security of,for & by cloudLakshmi Subramanian
 
Cyber security
Cyber securityCyber security
Cyber securityAman Pradhan
 
DTS Solution - Red Team - Penetration Testing
DTS Solution - Red Team - Penetration TestingDTS Solution - Red Team - Penetration Testing
DTS Solution - Red Team - Penetration TestingShah Sheikh
 
Trend Micro - Virtualization and Security Compliance
Trend Micro - Virtualization and Security Compliance Trend Micro - Virtualization and Security Compliance
Trend Micro - Virtualization and Security Compliance 1CloudRoad.com
 
IBM Security Immune System
IBM Security Immune SystemIBM Security Immune System
IBM Security Immune SystemJuan Pablo Coelho
 
Secure Access – Anywhere by Prisma, PaloAlto
Secure Access – Anywhere by Prisma, PaloAltoSecure Access – Anywhere by Prisma, PaloAlto
Secure Access – Anywhere by Prisma, PaloAltoPrime Infoserv
 
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014Andris Soroka
 
Cloud Security And Cyber Security Legal And Regulatory Hp Version V 2.1
Cloud Security And Cyber Security Legal And Regulatory Hp Version V 2.1Cloud Security And Cyber Security Legal And Regulatory Hp Version V 2.1
Cloud Security And Cyber Security Legal And Regulatory Hp Version V 2.1David Spinks
 
Operational Risk V2.1
Operational Risk V2.1Operational Risk V2.1
Operational Risk V2.1David Spinks
 
Cyber response to insider threats 3.1
Cyber response to insider threats 3.1Cyber response to insider threats 3.1
Cyber response to insider threats 3.1David Spinks
 

More Related Content

What's hot

IT Security Bedrohungen optimal abwehren_Tom Turner und Andreas Wespi
IT Security Bedrohungen optimal abwehren_Tom Turner und Andreas WespiIT Security Bedrohungen optimal abwehren_Tom Turner und Andreas Wespi
IT Security Bedrohungen optimal abwehren_Tom Turner und Andreas WespiIBM Switzerland
 
Introduction - Trend Micro Deep Security
Introduction - Trend Micro Deep SecurityIntroduction - Trend Micro Deep Security
Introduction - Trend Micro Deep SecurityAndrew Wong
 
Security assessment for financial institutions
Security assessment for financial institutionsSecurity assessment for financial institutions
Security assessment for financial institutionsZsolt Nemeth
 
SCIT Labs - intrusion tolerant systems
SCIT Labs - intrusion tolerant systemsSCIT Labs - intrusion tolerant systems
SCIT Labs - intrusion tolerant systemsZsolt Nemeth
 
Pöyry ICS Cyber Security brochure (English)
Pöyry ICS Cyber Security brochure (English)Pöyry ICS Cyber Security brochure (English)
Pöyry ICS Cyber Security brochure (English)Pöyry
 
Hacktive Security - Ethical Hacking Services
Hacktive Security - Ethical Hacking ServicesHacktive Security - Ethical Hacking Services
Hacktive Security - Ethical Hacking ServicesCarlo Pelliccioni, CISSP
 
Solutions for PCI DSS Compliance
Solutions for PCI DSS ComplianceSolutions for PCI DSS Compliance
Solutions for PCI DSS ComplianceTrend Micro
 
Moving target-defense
Moving target-defenseMoving target-defense
Moving target-defenseZsolt Nemeth
 
Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...
Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...
Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...Abhishek Goel
 
IBM Immune System
IBM Immune SystemIBM Immune System
IBM Immune SystemLuke Kenny
 
Using Security to Build with Confidence in AWS - Trend Micro
Using Security to Build with Confidence in AWS - Trend Micro Using Security to Build with Confidence in AWS - Trend Micro
Using Security to Build with Confidence in AWS - Trend Micro Amazon Web Services
 
The-Enterprise-Immune-System-Using-Machine-Learning-for-Next-Generation-Cyber...
The-Enterprise-Immune-System-Using-Machine-Learning-for-Next-Generation-Cyber...The-Enterprise-Immune-System-Using-Machine-Learning-for-Next-Generation-Cyber...
The-Enterprise-Immune-System-Using-Machine-Learning-for-Next-Generation-Cyber...Amazon Web Services
 
DTS Solution - Red Team - Penetration Testing
DTS Solution - Red Team - Penetration TestingDTS Solution - Red Team - Penetration Testing
DTS Solution - Red Team - Penetration TestingShah Sheikh
 
Trend Micro - Virtualization and Security Compliance
Trend Micro - Virtualization and Security Compliance Trend Micro - Virtualization and Security Compliance
Trend Micro - Virtualization and Security Compliance 1CloudRoad.com
 
Secure Access – Anywhere by Prisma, PaloAlto
Secure Access – Anywhere by Prisma, PaloAltoSecure Access – Anywhere by Prisma, PaloAlto
Secure Access – Anywhere by Prisma, PaloAltoPrime Infoserv
 
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014Andris Soroka
 

What's hot (19)

IT Security Bedrohungen optimal abwehren_Tom Turner und Andreas Wespi
IT Security Bedrohungen optimal abwehren_Tom Turner und Andreas WespiIT Security Bedrohungen optimal abwehren_Tom Turner und Andreas Wespi
IT Security Bedrohungen optimal abwehren_Tom Turner und Andreas Wespi
 
Introduction - Trend Micro Deep Security
Introduction - Trend Micro Deep SecurityIntroduction - Trend Micro Deep Security
Introduction - Trend Micro Deep Security
 
Security assessment for financial institutions
Security assessment for financial institutionsSecurity assessment for financial institutions
Security assessment for financial institutions
 
SCIT Labs - intrusion tolerant systems
SCIT Labs - intrusion tolerant systemsSCIT Labs - intrusion tolerant systems
SCIT Labs - intrusion tolerant systems
 
Pöyry ICS Cyber Security brochure (English)
Pöyry ICS Cyber Security brochure (English)Pöyry ICS Cyber Security brochure (English)
Pöyry ICS Cyber Security brochure (English)
 
Hacktive Security - Ethical Hacking Services
Hacktive Security - Ethical Hacking ServicesHacktive Security - Ethical Hacking Services
Hacktive Security - Ethical Hacking Services
 
Solutions for PCI DSS Compliance
Solutions for PCI DSS ComplianceSolutions for PCI DSS Compliance
Solutions for PCI DSS Compliance
 
Moving target-defense
Moving target-defenseMoving target-defense
Moving target-defense
 
Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...
Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...
Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...
 
IBM Immune System
IBM Immune SystemIBM Immune System
IBM Immune System
 
Using Security to Build with Confidence in AWS - Trend Micro
Using Security to Build with Confidence in AWS - Trend Micro Using Security to Build with Confidence in AWS - Trend Micro
Using Security to Build with Confidence in AWS - Trend Micro
 
The-Enterprise-Immune-System-Using-Machine-Learning-for-Next-Generation-Cyber...
The-Enterprise-Immune-System-Using-Machine-Learning-for-Next-Generation-Cyber...The-Enterprise-Immune-System-Using-Machine-Learning-for-Next-Generation-Cyber...
The-Enterprise-Immune-System-Using-Machine-Learning-for-Next-Generation-Cyber...
 
Security of,for & by cloud
Security of,for & by cloudSecurity of,for & by cloud
Security of,for & by cloud
 
Cyber security
Cyber securityCyber security
Cyber security
 
DTS Solution - Red Team - Penetration Testing
DTS Solution - Red Team - Penetration TestingDTS Solution - Red Team - Penetration Testing
DTS Solution - Red Team - Penetration Testing
 
Trend Micro - Virtualization and Security Compliance
Trend Micro - Virtualization and Security Compliance Trend Micro - Virtualization and Security Compliance
Trend Micro - Virtualization and Security Compliance
 
IBM Security Immune System
IBM Security Immune SystemIBM Security Immune System
IBM Security Immune System
 
Secure Access – Anywhere by Prisma, PaloAlto
Secure Access – Anywhere by Prisma, PaloAltoSecure Access – Anywhere by Prisma, PaloAlto
Secure Access – Anywhere by Prisma, PaloAlto
 
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014
 

Viewers also liked

Cloud Security And Cyber Security Legal And Regulatory Hp Version V 2.1
Cloud Security And Cyber Security Legal And Regulatory Hp Version V 2.1Cloud Security And Cyber Security Legal And Regulatory Hp Version V 2.1
Cloud Security And Cyber Security Legal And Regulatory Hp Version V 2.1David Spinks
 
Operational Risk V2.1
Operational Risk V2.1Operational Risk V2.1
Operational Risk V2.1David Spinks
 
Cyber response to insider threats 3.1
Cyber response to insider threats 3.1Cyber response to insider threats 3.1
Cyber response to insider threats 3.1David Spinks
 
Cyber response to insider threats 3.1
Cyber response to insider threats 3.1Cyber response to insider threats 3.1
Cyber response to insider threats 3.1David Spinks
 
Legal And Regulatory Issues Cloud Computing...V2.0
Legal And Regulatory Issues Cloud Computing...V2.0Legal And Regulatory Issues Cloud Computing...V2.0
Legal And Regulatory Issues Cloud Computing...V2.0David Spinks
 
Cyber Security Threats to Industrial Control Systems
Cyber Security Threats to Industrial Control SystemsCyber Security Threats to Industrial Control Systems
Cyber Security Threats to Industrial Control SystemsDavid Spinks
 
How to Battle Bad Reviews
How to Battle Bad ReviewsHow to Battle Bad Reviews
How to Battle Bad ReviewsGlassdoor
 

Viewers also liked (8)

Cloud Security And Cyber Security Legal And Regulatory Hp Version V 2.1
Cloud Security And Cyber Security Legal And Regulatory Hp Version V 2.1Cloud Security And Cyber Security Legal And Regulatory Hp Version V 2.1
Cloud Security And Cyber Security Legal And Regulatory Hp Version V 2.1
 
Operational Risk V2.1
Operational Risk V2.1Operational Risk V2.1
Operational Risk V2.1
 
Cyber response to insider threats 3.1
Cyber response to insider threats 3.1Cyber response to insider threats 3.1
Cyber response to insider threats 3.1
 
Cyber response to insider threats 3.1
Cyber response to insider threats 3.1Cyber response to insider threats 3.1
Cyber response to insider threats 3.1
 
CSIRS ICS BCS 2.2
CSIRS ICS BCS 2.2CSIRS ICS BCS 2.2
CSIRS ICS BCS 2.2
 
Legal And Regulatory Issues Cloud Computing...V2.0
Legal And Regulatory Issues Cloud Computing...V2.0Legal And Regulatory Issues Cloud Computing...V2.0
Legal And Regulatory Issues Cloud Computing...V2.0
 
Cyber Security Threats to Industrial Control Systems
Cyber Security Threats to Industrial Control SystemsCyber Security Threats to Industrial Control Systems
Cyber Security Threats to Industrial Control Systems
 
How to Battle Bad Reviews
How to Battle Bad ReviewsHow to Battle Bad Reviews
How to Battle Bad Reviews
 

Similar to Csirs Trabsport Security September 2011 V 3.6

Data security in cloud
Data security in cloudData security in cloud
Data security in cloudInterop
 
AWS at 2017 FS-ISAC APAC Summit: Move Better, Faster and More Securely: Cloud...
AWS at 2017 FS-ISAC APAC Summit: Move Better, Faster and More Securely: Cloud...AWS at 2017 FS-ISAC APAC Summit: Move Better, Faster and More Securely: Cloud...
AWS at 2017 FS-ISAC APAC Summit: Move Better, Faster and More Securely: Cloud...Amazon Web Services
 
Tenable Solutions for Enterprise Cloud Security
Tenable Solutions for Enterprise Cloud SecurityTenable Solutions for Enterprise Cloud Security
Tenable Solutions for Enterprise Cloud SecurityMarketingArrowECS_CZ
 
[배포용_최종] CISSP협회 제72회 정보보호리더십세미나_Cybersecurity Mesh, Identity First_v1.0.pdf
[배포용_최종] CISSP협회 제72회 정보보호리더십세미나_Cybersecurity Mesh, Identity First_v1.0.pdf[배포용_최종] CISSP협회 제72회 정보보호리더십세미나_Cybersecurity Mesh, Identity First_v1.0.pdf
[배포용_최종] CISSP협회 제72회 정보보호리더십세미나_Cybersecurity Mesh, Identity First_v1.0.pdfjames yoo
 
Aristiun Whitepaper- Automated Threat Modelling with Aribot
Aristiun Whitepaper- Automated Threat Modelling with AribotAristiun Whitepaper- Automated Threat Modelling with Aribot
Aristiun Whitepaper- Automated Threat Modelling with AribotAristiun B.V.
 
PCTY 2012, IBM Security and Strategy v. Fabio Panada
PCTY 2012, IBM Security and Strategy v. Fabio PanadaPCTY 2012, IBM Security and Strategy v. Fabio Panada
PCTY 2012, IBM Security and Strategy v. Fabio PanadaIBM Danmark
 
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...EC-Council
 
Ibm security overview 2012 jan-18 sellers deck
Ibm security overview 2012 jan-18 sellers deckIbm security overview 2012 jan-18 sellers deck
Ibm security overview 2012 jan-18 sellers deckArrow ECS UK
 
Hot Cyber Security Technologies
Hot Cyber Security TechnologiesHot Cyber Security Technologies
Hot Cyber Security TechnologiesRuchikaSachdeva4
 
Cybersecurity Risk from User Perspective
Cybersecurity Risk from User PerspectiveCybersecurity Risk from User Perspective
Cybersecurity Risk from User PerspectiveAvinantaTarigan
 
Critical Infrastructure Protection from Terrorist Attacks
Critical Infrastructure Protection from Terrorist AttacksCritical Infrastructure Protection from Terrorist Attacks
Critical Infrastructure Protection from Terrorist AttacksBGA Cyber Security
 
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...Sirius
 
Artificial-Intelligence-in-Cyber-Security.pptx
Artificial-Intelligence-in-Cyber-Security.pptxArtificial-Intelligence-in-Cyber-Security.pptx
Artificial-Intelligence-in-Cyber-Security.pptxKarthik Sarma
 
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...Amazon Web Services
 
Cy Cops Company Presentation
Cy Cops Company PresentationCy Cops Company Presentation
Cy Cops Company PresentationChaitanyaS
 
IBM: Cognitive Security Transformation for the Enrgy Sector
IBM: Cognitive Security Transformation for the Enrgy SectorIBM: Cognitive Security Transformation for the Enrgy Sector
IBM: Cognitive Security Transformation for the Enrgy SectorFMA Summits
 
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0Happiest Minds Technologies
 
Information Security By Design
Information Security By DesignInformation Security By Design
Information Security By DesignNalneesh Gaur
 
DSS ITSEC CONFERENCE - Q1 Labs - Intelligent network security - next genera...
DSS ITSEC CONFERENCE - Q1 Labs - Intelligent network security - next genera...DSS ITSEC CONFERENCE - Q1 Labs - Intelligent network security - next genera...
DSS ITSEC CONFERENCE - Q1 Labs - Intelligent network security - next genera...Andris Soroka
 

Similar to Csirs Trabsport Security September 2011 V 3.6 (20)

Data security in cloud
Data security in cloudData security in cloud
Data security in cloud
 
AWS at 2017 FS-ISAC APAC Summit: Move Better, Faster and More Securely: Cloud...
AWS at 2017 FS-ISAC APAC Summit: Move Better, Faster and More Securely: Cloud...AWS at 2017 FS-ISAC APAC Summit: Move Better, Faster and More Securely: Cloud...
AWS at 2017 FS-ISAC APAC Summit: Move Better, Faster and More Securely: Cloud...
 
Tenable Solutions for Enterprise Cloud Security
Tenable Solutions for Enterprise Cloud SecurityTenable Solutions for Enterprise Cloud Security
Tenable Solutions for Enterprise Cloud Security
 
[배포용_최종] CISSP협회 제72회 정보보호리더십세미나_Cybersecurity Mesh, Identity First_v1.0.pdf
[배포용_최종] CISSP협회 제72회 정보보호리더십세미나_Cybersecurity Mesh, Identity First_v1.0.pdf[배포용_최종] CISSP협회 제72회 정보보호리더십세미나_Cybersecurity Mesh, Identity First_v1.0.pdf
[배포용_최종] CISSP협회 제72회 정보보호리더십세미나_Cybersecurity Mesh, Identity First_v1.0.pdf
 
Aristiun Whitepaper- Automated Threat Modelling with Aribot
Aristiun Whitepaper- Automated Threat Modelling with AribotAristiun Whitepaper- Automated Threat Modelling with Aribot
Aristiun Whitepaper- Automated Threat Modelling with Aribot
 
PCTY 2012, IBM Security and Strategy v. Fabio Panada
PCTY 2012, IBM Security and Strategy v. Fabio PanadaPCTY 2012, IBM Security and Strategy v. Fabio Panada
PCTY 2012, IBM Security and Strategy v. Fabio Panada
 
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...
 
VSD Infotech
VSD InfotechVSD Infotech
VSD Infotech
 
Ibm security overview 2012 jan-18 sellers deck
Ibm security overview 2012 jan-18 sellers deckIbm security overview 2012 jan-18 sellers deck
Ibm security overview 2012 jan-18 sellers deck
 
Hot Cyber Security Technologies
Hot Cyber Security TechnologiesHot Cyber Security Technologies
Hot Cyber Security Technologies
 
Cybersecurity Risk from User Perspective
Cybersecurity Risk from User PerspectiveCybersecurity Risk from User Perspective
Cybersecurity Risk from User Perspective
 
Critical Infrastructure Protection from Terrorist Attacks
Critical Infrastructure Protection from Terrorist AttacksCritical Infrastructure Protection from Terrorist Attacks
Critical Infrastructure Protection from Terrorist Attacks
 
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
 
Artificial-Intelligence-in-Cyber-Security.pptx
Artificial-Intelligence-in-Cyber-Security.pptxArtificial-Intelligence-in-Cyber-Security.pptx
Artificial-Intelligence-in-Cyber-Security.pptx
 
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...
 
Cy Cops Company Presentation
Cy Cops Company PresentationCy Cops Company Presentation
Cy Cops Company Presentation
 
IBM: Cognitive Security Transformation for the Enrgy Sector
IBM: Cognitive Security Transformation for the Enrgy SectorIBM: Cognitive Security Transformation for the Enrgy Sector
IBM: Cognitive Security Transformation for the Enrgy Sector
 
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0
 
Information Security By Design
Information Security By DesignInformation Security By Design
Information Security By Design
 
DSS ITSEC CONFERENCE - Q1 Labs - Intelligent network security - next genera...
DSS ITSEC CONFERENCE - Q1 Labs - Intelligent network security - next genera...DSS ITSEC CONFERENCE - Q1 Labs - Intelligent network security - next genera...
DSS ITSEC CONFERENCE - Q1 Labs - Intelligent network security - next genera...
 

Csirs Trabsport Security September 2011 V 3.6

  • 1. Cyber Security in Real-Time Systems Transport Security Event – Olympia “Advanced Persistent and Insider Threats” David Spinks – Chairman CSIRS September 2011 CSIRS Cyber Security in Real-Time Systems
  • 2. Introduction CSIRS Cyber Security in Real-Time Systems
  • 3. CSIRS Cyber Security in Real-Time Systems Linkedin CSIRS : http://www.linkedin.com/groupRegistration?gid=3623430
  • 4. Why me? CSIRS Cyber Security in Real-Time Systems
  • 5. 1970/75 –Worlds First Large Scale Automation
  • 6. 1990 - 2000 Railtrack Safety Critical Software Sizewell B Software Emergency Shut Down code validation UK Government assessment of Embedded Software Aviation
  • 7. Current Business Environments & Drivers CSIRS Cyber Security in Real-Time Systems
  • 8. Smart Grid Emerging Changing Cost Reduction by Threat Profile Private Utilities Integration Real Time Real Time (SCADA) <> Commercial IT based on Windows Use of wireless to Real Time designed effect remote by “engineers” management
  • 9. Threats Current Trends CSIRS Cyber Security in Real-Time Systems
  • 10. Stuxnet Changed Everything Expertise Focused Gather Intelligence Social Engineering The first advanced persistent threat APT
  • 11. Why is APT different? Multiple entry points across supplier chain Focus on social engineering and use of insiders. Gathering of intelligence across a range of suppliers. Attack has a complex event sequence across multiple technologies. Malware is sophisticated and likely developed and proved on test beds.
  • 12. Do not to place in designs of Nuclear Plant in the public domain! http://www.prleap.com/pr/167858/ eXtremeDB Embedded In-Memory Database Adds Safety and Efficiency In Nuclear Waste Processing Control System
  • 13. So have there been any other APTs since Stuxnet? Many successful security attacks have been designated as APT by the company that has been breached. Closest to this model is the RSA breach entry via EMC and staff being exposed to Phishing attacks lack of RSA CSO ...... Farthest away is repeated breaches suffered by Sony .... Many organisations have a history of under investment in Information Security ....
  • 14. Insider Threats CSIRS Cyber Security in Real-Time Systems
  • 15. What is an insider threat? A breach or part of an attack executed from within the existing trust domain(s) by an individual who has some kind of existing authentications The breach event may be deliberate or accidental. The individual may be a current or past employee, contractor, customer, partner or supplier. The individual will have a “motive” which may or may not be logical. Many insider threats will be trivial actions that form an intelligence gathering exercise CSIRS Cyber Security in Real-Time Systems
  • 16. Why is an insider threat so dangerous? Immediate compromise of traditional security perimeter! Traditional baseline security measures are ineffective Traditional concepts of “trust” are invalid - many frauds and thefts are executed with the assistance of employees and executives! No-one is immune to potential compromise. Pilot studies using DLP software and tools show a staggering high number of deliberate security breaches executed by a high % of all staff. Ignorance of policy ... Finding ways around the rules. Stupidity! CSIRS Cyber Security in Real-Time Systems
  • 17. Possible defence and detection Security training and awareness Communication and Implementation of penalties. Concept of “you will be caught” and example will be made. Security culture Evaluation of suppliers and partners (supply chain!) Use of DLP and Log Analysis Good HR policies and procedures monitoring behaviours CSIRS Cyber Security in Real-Time Systems
  • 18. What actions do we need to consider? CSIRS Cyber Security in Real-Time Systems
  • 19. Possible Cyber Security Solution Understanding Implementation of baseline security Design Solution ISO 27001 CobiT 4.1/5.0 Implement Implementation of APT Manage & Improve detection and response
  • 20. Implementation of baseline security examples Robust Identity Management solutions RBAC Basic log collection, analysis and reporting Intrusion detection and prevention Penetration testing of external facing firewalls Security training and awareness (defending social engineering and phishing) Encryption of critical and sensitive data Mandatory no exceptions executive led will not detect or mitigate APT
  • 21. Advanced security measures : PKI/Digital signatures and key management Data loss prevention proactive and reactive. Integrated approach to log analysis (applications and IdM) real-time alerts to SOC Applications and web hosting code analysis Governance, Risk and Compliance in real-time Security incident and near miss reporting. Mandatory no exceptions executive led.
  • 22. Conclusions : APTs are very difficult to detect and once detected to then defend against Expenditure on security processes and tools needs to be increased Security should be implemented top down with executive sponsorship. All employees are part of the defence silver bullets will not work.
  • 23. Thank you Q&A david.spinks@hp.com dspinks41@gmail.com CSIRS Cyber Security in Real-Time Systems