+

Secure C2 SystemsAli Alhamdan, PhD

National Information Center Ministry of Interior

April 28th, 2015

Alhamdan 2/32

+Command and Control Systems

Collection of technology, people, information and business

All military functions and operations

War is a complex phenomenon and interact with enemy’s complex system in a competitive way

A process of continuous adaptation

Technology People

Information Business

Alhamdan 3/32

+Command and Control Systems

Trusted and secure C2 systems

High availability C2 systems

Right access from right people or systems

Consider security methodology, standard and technology

Vulnerabilities can be exploited anywhere and anytime

Threats and APT

C2 is targeted

Alhamdan 4/32

+C2 and Security

Commanders rely HEAVILY on trusted and available systems

Alhamdan 5/32

+Security Statistics

Estimated annual cost globally around 100 Billion and expected to be 120.1 Billion by 20171

556 Million victims per year1

10% of social network users are fallen victim1

59% of ex-employees admitted to steal company data after leaving job1

92% of 100,000 security incidents are covered by 9 attack patterns2

Sources: 1) Go-Gulf (http://www.go-gulf.com/blog/cyber-crime/) 2) Verizon - 2014 Data breach investigations report 3) Symantec, 2014 Internet Security Threat Report, Volume 19

Alhamdan 6/32

+Motivations of Cyber Attacks

Motivation Percentage (%)

Cyber Crime 40%

Hacktivism 50%

Cyber Warfare 3%

Cyber Espionage 7%

Source: Go-Gulf (http://www.go-gulf.com/blog/cyber-crime/)

Alhamdan 7/32

+Characteristics of New Threats

TR

AD

IT

IO

NA

L

TH

RE

AT

S

AD

VA

NC

ED

T

HR

EA

TSKnown &

PatchableUnknown & Zero

Day

Open Hidden

One Time Persistent

Broad Targeted

Alhamdan 8/32

+Security Statistics

Source: Verizon - 2014 Data breach investigations report

10 years of threat actions leading to data breaches

Number of breaches per threat action category over time

Alhamdan 9/32

+Widening Security Gap

Sources: IDC

Alhamdan 10/32

+Security and C2

Insecure channels

Use cryptograph: Confidentiality: preventing unauthorized

disclosure of information Integrity: maintaining and assuring the

accuracy and consistency of data over its entire life-cycle and ensuring the information originality

Availability: ensuring resources are accessible when required by an authorized user

Access control Identification Authentication (multi factors) Authorization (level privileges)

Implementation attacks

Alhamdan 11/32

+Security Defense

Security culture (awareness)

Security operation center (SOC)

Analytic methods

Investigation and forensics

Defines of depth

Challenge: most tools discover around 90% of the total attacks, APT!!

Alhamdan 12/32

+Security Baseline

Apply and comply with the international standards e.g. ISO 27001 and 27002 NIST (e.g. 800-53, 800-37, 800-14,... etc.)

Business Continuity Management

Alhamdan 13/32

+To be

Should build required capabilities (Human & Tech)

Enhance security culture

Adapt automated and sophisticated tools and methods of cyber security

Share knowledge and information about attacks with others

Adopt intelligent systems (monitoring, analyzing, detecting and preventing)

Alhamdan 14/32

+Should Be

Reactive

Proactive

Predictive

Access controlOne factor authentication

Device password Acceptable use policy

Single sign on Encryption

Mobile device management Logging and

monitoring Network management SIEM solutions

Privileged access management Multi factor

authentication VA/PT & DLP

Real time policy enforcement Analytics based on live feeds

from multiple sources integrated with management

consoles

Alhamdan 15/32

+