Upload
others
View
6
Download
0
Embed Size (px)
Citation preview
Securing the Industrial Internet of Things (IIoT)
Security Divas – January 2018
Copyright © 2017 Accenture Security. All rights reserved. 2
COMMUNICATIONS AND PROTOCOLS DIVERSITY
INCREASING CONNECTIVITY
SECURITY GOVERNANCE
EXPLOSIVE GROWTH, BRINGS EXPONENTIAL RISKSINTERNET OF THINGS
Copyright © 2017 Accenture Security. All rights reserved. 3
Drive-through anything with connected car paymentsEXAMPLE # 1: Connected Vehicle EXAMPLE # 2: Connected Health
Cloud powered health awareness
EXAMPLE # 3: Connected CommerceSmart advertising
EXAMPLE # 4: Connected OperationsConnected mining
IOT EXAMPLES
THE SECURITY REALITY OF TODAY
Copyright © 2017 Accenture. All rights reserved. 4
CYBER ATTACK COMPROMISING
ICS COMPONENTS (2016)
CYBER ATTACKS ON UTILITIES IN
MULTIPLE REGIONS OUTSIDE U.S
(2008)
RANSOMWARE ATTACKS:
OFFSHORE (2015)
MULTI-YEAR “NIGHT
DRAGON” APT (2011)
SPEAR-PHISHING ATTACK
(2014)
“SHAMOON” VIRUS
ATTACK ON SAUDI ARAMCO
“STUXNET” MALWARE
ATTACK ON URANIUM ENRICHMENT
FACILITY (2010)
CYBER ATTACK ON UKRAINIAN
POWER GRID AND CRASH
OVERRIDE
MULTI-YEAR “NIGHT DRAGON”
APT KAZAKHSTAN (2011)
BP BAKU-TBILISI-CEYHAN PIPELINE
EXPLOSION (2014)
MULTI-YEAR “NIGHT DRAGON”
APT
TAIWAN (2011)
STOLEN SCADA CONTROLLER AND
CONTROL SOFTWARE (2001)
AND NOW –Triton / Trisis
Spectre
Meltdown
THREAT LANDSCAPE IS EVERYWHERE
Copyright © 2017 Accenture. All rights reserved. 5
Connected transportConnected homeCommercial/
industrialcommunicationBusiness systems (IT)Manufacturing
TARGETED SECTOR
ATTACKER
NATION STATE
HACKTIVISTCYBER GANGS
INSIDER
6
AND THE MODERN CYBER ATTACKER IS CAPABLE OF COMPLEX ATTACKS
Cyber attackers targeted key IT personnel via spear-phishing attacksEmployees opened an email attachment containing BlackEnergy3 malware, which installed itself onto the IT network
All employees should attend security awareness training
Enterprise NetworkAttackers Employees
1.The Ukraine blackout is was the first confirmed hack to take down a power grid.
This was a well planned multi-stage attack, using a combination of sophisticated logistics and devastating malware to cripple devices used by each power company.
Supplies were restored through manual operation within hours. But it took more than two months for the operations and control centers to become fully operational again.
So – how were modern, firewall-protected systems infiltrated so effectively?
Ivano-Frankivsregion of Western Ukraine
Copyright © 2017 Accenture All rights reserved.
THERE ARE 1.1 MILSECURITY JOBS THAT NEED TO BE FILLED, BUT ONLY 11% OF THE PEOPLE IN CYBERSECURITY ARE WOMEN
Copyright © 2017 Accenture. All rights reserved. 7
SO, HOW DO WE CLOSE THE GENDER GAP?
CHANGE THE PERCEPTIONThe view of tech and security as only for men must change to appeal to women
TECH IMMERSIONThe opportunity for women to acquire greater technology and stronger digital skills to advance as quickly as men
CAREER STRATEGYThe need for womento aim high, make informed choices and proactively manage their careers
FOUR POWERFUL WAYS TO GET WOMEN INTO CYBERSECURITY
Copyright © 2017 Accenture. All rights reserved. 8
FEMALE ROLE MODELSStrong, female leaders in security need to set the stage for future generations
9
CONTACT
GISELE WIDDERSHOVENSenior Manager, Accenture SecurityICS Cybersecurity Lead - [email protected]