9
Securing the Industrial Internet of Things (IIoT) Security Divas – January 2018

Securing the Industrial Internet of Things (IIoT)€¦ · Title: Dag1_1_Gisele_Widdershoven_Security Divas_ IOT security_ 18012018_FINAL Created Date: 1/22/2018 8:32:06 AM

  • Upload
    others

  • View
    6

  • Download
    0

Embed Size (px)

Citation preview

Page 1: Securing the Industrial Internet of Things (IIoT)€¦ · Title: Dag1_1_Gisele_Widdershoven_Security Divas_ IOT security_ 18012018_FINAL Created Date: 1/22/2018 8:32:06 AM

Securing the Industrial Internet of Things (IIoT)

Security Divas – January 2018

Page 2: Securing the Industrial Internet of Things (IIoT)€¦ · Title: Dag1_1_Gisele_Widdershoven_Security Divas_ IOT security_ 18012018_FINAL Created Date: 1/22/2018 8:32:06 AM

Copyright © 2017 Accenture Security. All rights reserved. 2

COMMUNICATIONS AND PROTOCOLS DIVERSITY

INCREASING CONNECTIVITY

SECURITY GOVERNANCE

EXPLOSIVE GROWTH, BRINGS EXPONENTIAL RISKSINTERNET OF THINGS

Page 3: Securing the Industrial Internet of Things (IIoT)€¦ · Title: Dag1_1_Gisele_Widdershoven_Security Divas_ IOT security_ 18012018_FINAL Created Date: 1/22/2018 8:32:06 AM

Copyright © 2017 Accenture Security. All rights reserved. 3

Drive-through anything with connected car paymentsEXAMPLE # 1: Connected Vehicle EXAMPLE # 2: Connected Health

Cloud powered health awareness

EXAMPLE # 3: Connected CommerceSmart advertising

EXAMPLE # 4: Connected OperationsConnected mining

IOT EXAMPLES

Page 4: Securing the Industrial Internet of Things (IIoT)€¦ · Title: Dag1_1_Gisele_Widdershoven_Security Divas_ IOT security_ 18012018_FINAL Created Date: 1/22/2018 8:32:06 AM

THE SECURITY REALITY OF TODAY

Copyright © 2017 Accenture. All rights reserved. 4

CYBER ATTACK COMPROMISING

ICS COMPONENTS (2016)

CYBER ATTACKS ON UTILITIES IN

MULTIPLE REGIONS OUTSIDE U.S

(2008)

RANSOMWARE ATTACKS:

OFFSHORE (2015)

MULTI-YEAR “NIGHT

DRAGON” APT (2011)

SPEAR-PHISHING ATTACK

(2014)

“SHAMOON” VIRUS

ATTACK ON SAUDI ARAMCO

“STUXNET” MALWARE

ATTACK ON URANIUM ENRICHMENT

FACILITY (2010)

CYBER ATTACK ON UKRAINIAN

POWER GRID AND CRASH

OVERRIDE

MULTI-YEAR “NIGHT DRAGON”

APT KAZAKHSTAN (2011)

BP BAKU-TBILISI-CEYHAN PIPELINE

EXPLOSION (2014)

MULTI-YEAR “NIGHT DRAGON”

APT

TAIWAN (2011)

STOLEN SCADA CONTROLLER AND

CONTROL SOFTWARE (2001)

AND NOW –Triton / Trisis

Spectre

Meltdown

Page 5: Securing the Industrial Internet of Things (IIoT)€¦ · Title: Dag1_1_Gisele_Widdershoven_Security Divas_ IOT security_ 18012018_FINAL Created Date: 1/22/2018 8:32:06 AM

THREAT LANDSCAPE IS EVERYWHERE

Copyright © 2017 Accenture. All rights reserved. 5

Connected transportConnected homeCommercial/

industrialcommunicationBusiness systems (IT)Manufacturing

TARGETED SECTOR

ATTACKER

NATION STATE

HACKTIVISTCYBER GANGS

INSIDER

Page 6: Securing the Industrial Internet of Things (IIoT)€¦ · Title: Dag1_1_Gisele_Widdershoven_Security Divas_ IOT security_ 18012018_FINAL Created Date: 1/22/2018 8:32:06 AM

6

AND THE MODERN CYBER ATTACKER IS CAPABLE OF COMPLEX ATTACKS

Cyber attackers targeted key IT personnel via spear-phishing attacksEmployees opened an email attachment containing BlackEnergy3 malware, which installed itself onto the IT network

All employees should attend security awareness training

Enterprise NetworkAttackers Employees

1.The Ukraine blackout is was the first confirmed hack to take down a power grid.

This was a well planned multi-stage attack, using a combination of sophisticated logistics and devastating malware to cripple devices used by each power company.

Supplies were restored through manual operation within hours. But it took more than two months for the operations and control centers to become fully operational again.

So – how were modern, firewall-protected systems infiltrated so effectively?

Ivano-Frankivsregion of Western Ukraine

Copyright © 2017 Accenture All rights reserved.

Page 7: Securing the Industrial Internet of Things (IIoT)€¦ · Title: Dag1_1_Gisele_Widdershoven_Security Divas_ IOT security_ 18012018_FINAL Created Date: 1/22/2018 8:32:06 AM

THERE ARE 1.1 MILSECURITY JOBS THAT NEED TO BE FILLED, BUT ONLY 11% OF THE PEOPLE IN CYBERSECURITY ARE WOMEN

Copyright © 2017 Accenture. All rights reserved. 7

SO, HOW DO WE CLOSE THE GENDER GAP?

Page 8: Securing the Industrial Internet of Things (IIoT)€¦ · Title: Dag1_1_Gisele_Widdershoven_Security Divas_ IOT security_ 18012018_FINAL Created Date: 1/22/2018 8:32:06 AM

CHANGE THE PERCEPTIONThe view of tech and security as only for men must change to appeal to women

TECH IMMERSIONThe opportunity for women to acquire greater technology and stronger digital skills to advance as quickly as men

CAREER STRATEGYThe need for womento aim high, make informed choices and proactively manage their careers

FOUR POWERFUL WAYS TO GET WOMEN INTO CYBERSECURITY

Copyright © 2017 Accenture. All rights reserved. 8

FEMALE ROLE MODELSStrong, female leaders in security need to set the stage for future generations

Page 9: Securing the Industrial Internet of Things (IIoT)€¦ · Title: Dag1_1_Gisele_Widdershoven_Security Divas_ IOT security_ 18012018_FINAL Created Date: 1/22/2018 8:32:06 AM

9

CONTACT

GISELE WIDDERSHOVENSenior Manager, Accenture SecurityICS Cybersecurity Lead - [email protected]