The PANOPTESEC project

(FP7 Project number 610416)

DynamicRiskApproachesforAutomatedCyberDefence

Andrea Guarino

ICT Security, Privacy & Compliance Manager

Acea SpA

Rome, 27/09/2017

Cybertech - Rome, 27/09/2017

Cybertech - Rome, 27/09/2017

People learn how to cope with new technologies at their own pace, some more easily than others. (…) Successful defectors are always going to be able to outpace the average capability of society (...)

Because information system attacks can be automated and encapsulated in software, the capability to launch these attacks can propagate. (…) On the Internet, only the first attacker has to be skilled.

Everyone else can just use software (…)

One thing that makes it easier to defect from society is finding a subgroup of defectors. This both makes it easier to overcome moral and reputational pressures, and allows defectors to trade tips on

overcoming the legal pressure and security systems (…)

Technology can affect the scope of defection in many ways, but in general, it gives the attackers more leverage. So the more technological a society is, the greater the security gap is (…) The important thing to remember is this: no security system is perfect. It's hard to admit in our

technologically advanced society that we can't do something, but in security there are a lot of things we can't do. (…)

This is the normal state of our actual and future life

From“LiarsandOutliers”,2012(BruceSchneier,CTOofResilientSystems):

The current state-of-play of Cyber Threat: cybercrime , cyber espionage, cyber terrorism and casual / intentional vulnerabilities and attacks

Cybertech - Rome, 27/09/2017

This Intel AMT vulnerability, announced in May 2017, has a “perfect” CVSS v2 score of 10 (highest value and exposure).

Removing it requires a FIRMWARE update from HW vendor, not just a normal OS patch

… so we must evaluate, prioritize and treat risks dynamically to prepare and (re)act:

FP7Projectnumber610416DynamicRiskApproachesforAutomatedCyberDefence

Cybertech - Rome, 27/09/2017

Cybertech - Rome, 27/09/2017

Cybertech - Rome, 27/09/2017

Cybertech - Rome, 27/09/2017

ThePANOPTESECprojectwassponsoredinpartbytheEuropeanCommission,SeventhFrameworkProgramme,DGConnect,Projectnumber610416

VariousPANOPTESECdocuments,presentaJons,scienJficpapersandvideosarepublicallyavailableat:www.panoptesec.eu

Pleasefollowtheprojecton:

Linkedin:hPps://www.linkedin.com/groups/7461693TwiPer:#PANOPTESEC

ForaddiJonalinformaJonpleasecontact:

andrea.guarino@aceaspa.it(UserAgencyTeamLeader)

Cybertech - Rome, 27/09/2017