Upload
phamhanh
View
231
Download
2
Embed Size (px)
Citation preview
Defense of Cyber Intelligence
Threats Chris Hankin
Director
Institute for Security Science & Technology
November 2016
Research Institute in Trustworthy
Industrial Control Systems
RITICS: Novel, effective and efficient
interventions
£2.4M programme, 5 coordinated projects.
Phase 1 (Directorship) awarded 01/01/14, Chris Hankin, Imperial College London.
Phase 2 awarded 01/10/14.
MUMBA: Multifaceted metrics for
ICS business risk analysis
CAPRICA: Converged approach towards
resilient industrial control systems and
cyber assurance CEDRICS: Communicating and evaluating
cyber risk and dependencies in ICS
SCEPTICS: A systematic
evaluation process for threats to ICS
(incl. national grid and rail networks)
Key Questions / Challenges
Do we understand the harm threats pose to
our ICS systems and business?
Can we confidently articulate these threats
as business risk?
What could be novel effective and efficient
interventions?
RITICS @ Imperial
Database
Web Server
Workstation
Historian
Remote Workstation
PLCs
Workstation
Insecure Internet
Insecure Remote Access
Infected USB Drive
Social Engineering
Insecure Remote Support
Workstation
Internet
Corporate Network Control Network Field Devices
D
exploitsnetwork ASP
Resources
Control Pairs
Defender Target
Attack Paths
Attacker Target
Resources
Simulation
... ...
D
PSO
D PSO
A
PSO
D PSO
A
PSO A
D A
evolve
Best Response
efender Profile
ttacker ProfileA
0
1
2
n
0
1
2
n
n-I
tera
tio
n O
pti
mis
atio
n
Defender Turn
Attacker TurnOptimal Defensive Strategies for ICS
• Based on APT attack graphs.
• Optimal deployment of Defence-in-depth, critical-
component defence and bottle-neck defence.
• Optimal defence: Particle Swarm Optimisation
• Adaptive Defences for various cost-effectiveness
of investment.
Tolerance against Zero-day exploits
(a) posterior risk distribution with no control deployed.
• Based on Bayesian Networks risk assessment.
• Strategically deploy defence to maximise
tolerance against zero-day exploits.
• Reduce the risk of zero-day exploits to an
acceptable level, and the overall likelihood of a
complete attack chain being exploited.
Database
Web Server
workstation
Histroian Remote Workstation
Workstation
Insecure Internet
Insecure Remote Access
Infected USB Drive
Social Engineering
Workstation
InternetCorporate Network Control Network Field Controllers
PLCs
HMI
0DAY ?
CVE
CVE
CVE
CVE0DAY ?
0DAY ?
Corporate Control Field
Impact
Contribution to new Cyber Security Strategy for
UK railways.
Tools for building models of complex cyber
physical systems.
Testbeds.
A serious game for studying security decisions.
Secure implementation of gateway module
using IEC standard.
Contribution to European work on certification
of ICS components.