Embed Size (px)
Citation preview
Unifying theGlobal Responseto Cybercrime
Cyber Security – awareness, vulnerabilities and solutions
Prof. Manel MedinaScientific Coordinator of APWG.eu
Founder of esCERT-inLab-UPCDirector MsC Cibersecurity – UPC-Talent
Content
2
• Awareness– Threats to IoT/ICS/SCADA, CIIP:
• CPS, Protocols, supply chain, dependencies– Threats from IoT:
• DDoS, cascade effects
• Vulnerabilities– Resilience of IoT platforms:
• Access control, identification, back doors, malware…
• Solutions– Response to cyber-attacks:
• Recovery, Restore
• Conclusions
AWARENESS
3
4
Threats to IoT: Who?• Script kiddies: no money interest, no professionals,
repeated errors.• GrayHats: shared criminal and not criminal activities.
SPAMmers spread any kind of emails• Blackhats: experts, toolkits, business models, unique and
novel, • States Sponsored: economic and security interest.
Technical• Hacktivists• Leaks: criminals that have patience and technical
expertise. Wait years to rob the information they want. Apply to industry and government. Regional business.
5
Threats to IoT: Why?• Script kiddies: Show their skills and our weakiness.• GrayHats: 3rd part services: Politics, socials, cultural• Blackhats: Economics• States Sponsored: Steal estrategic Information• Hacktivists: same as above• Leaks: criminals that have patience and technical
expertise, wait years to rob the information theywant. Apply to industry and government. Regional business
6
7
Tendencies: long term Cyber-war• Cyber-guns: Hacking Team • Department of Defense Concludes Three-Weeks of Cyber War Games
http://bit.ly/1uLsdsS http://bit.ly/1eGaGPA• Cyber attack on U.S. power grid could rack up $1 trillion in losses, study says -
SC Magazine http://ow.ly/PmQyO
• 3 dangerous habits that make companies less #cyber secure: http://lmt.co/1Ga2v7w #GartnerSEC (by @LM_AngelaHeise)
• How Secure Is Your Small Business? 5 Tips to Protect Against Modern Cyber Attacks. by @jcmason http://entm.ag/1Af8Cbu via @Entrepreneur
• Cibercrimen: https://www.amazon.es/CIBERCRIMEN-Manel-Medina-ebook/dp/B010GJOUDM
8
Threats to IoT: What?• CIIP: IoT/ICS/SCADA:
– CPS, – Protocols, – supply chain, – Dependencies of IoT from service providers
• Defcon conf.: hacking an electronic wheelchair or bluetooth lock from a quarter-mile away
• Hack a real car• Intercept flying airplane communications9
Threats to IoT: What?
10
Threats FROM IoT: What?
11
• 6.8B devices• 20 B by 2020• 50 families• 3 attacks in
3 weeks• Just PoC
Threats FROM IoT: What?• DDoS:
– Authentication– Malware– Protocol bugs
• Cascade effects– supply chain, – Dependencies of CI from IoT
12
VULNERABILITIES
13
Who do we trust?
14
• 90% of incidents start from inside the organization– Spear-phishing– Ransomware– Lack of skills or capabilities– Lack of awareness– Human Errors
• Internal Audit: Readiness
So, what? Cybersecurity life cycle
15
• Plan: – Goals, Strategy, Timeframe, Resources
• Do: – Assets, Threats & Vulnerability identification – Risk Analysis (evaluation), Management
• Check– Measure: people, cybersecurity tools, – Monitor: network, CPS, behaviour
• Act: – Response, Recovery, Restore, (minimise impact)– Learn, Report (internal & external), Review/update
External support
16
• CISO– Business aware
• External providers– Learn from others’ errors– Intelligence information– New Attack patterns
SOLUTIONS TO CYBER ATTACKS
17
Cooperation & coordination Plan• Risk & impact evaluation & analysis• Personnel roles & responsibilities• Cooperation opportunities & covert channels• Plan ciber-exercises & training. • Document lessons learnt • Schedule plan’s updates.
18
Risk Management: Resilience• Impact on Organization’s mission: Business
continuity– Identify areas of risk– Incident response capabilities
• Risk tolerance: Regulatory environment• Budget: ROSI, implementation Phases, priorities• Policy adoption & Procedures implementation.
– Early Detection– Quick response– Identification & selection of controls
19
Risk Response Strategy• Probability:
– Avoidance, – Perimeter, – Training, – Readiness, – Resilience.
• Impact: – Detection, – Mitigation, – Response, – Recovery
• Risk Acceptance & Transfer
20
Resilience Assessment Summary
• Where: Available / Collectable data• What: Scope: Scenario (set of assets)• How: Time-frame: rigorousness, meaningful.• Aim: Co. Social responsibility: risk culture
• Who: Compliance & sectorial regulation• When: Changing environment: external
(hacktivism), internal (infrastructure, asset values), growth, customers sensitivity
22
Roadmap 2018• Cybersecurity culture: raise awareness• Risk measurement and analysis• Protection: risk reduction and impacts
mitigation• Detection and management of events• Collaboration and coordination• Research, Development and Innovation • Continuing and efficient training and education
23
Short-term corporative strategy• Cyber- Responsibility:
– Cyber-risk– Cyber-trust– Cyber-insurance– Hiring of cyber-security profiles
• 3 levels education– Corporate management– Cybersecurity management and operations– ICT Operations– Final end-user
24
Education and awarenessContinuous training TITULACIÓN Oficial
LE Operations and maintenance (on-line, in-house) Continuous education (PsG)
SME Operations (capsule, education module) Experts (MsC)
25
Shared (or not) responsibilities:- Data Protection Officer- Chief Information Security Officer- Intelligence Officer- Information Systems Auditor- Computer Sec. Incident Coordinator- Data breach communication advisor- Operation…- Training…
CORPORATE PROTECTION TOOLS & STRATEGIES
26
5 essential cybersecurity measures• Perimeter: Firewall & gateways• Safe Configuration• Access Control• Anti-malware Protection• Patch & updates management
Best practices in IoT cybersecurity• Back-up data and configuration choices• Protect programs and data with e-Signature or
hash• Documents Mid-Long term Archive• Anti-DDoS• User and devices Access Control• Access & operations: logs & warnings• User & TIC staff training & awareness
29
Recommendations• Review network infrastructure and ICT policy• Foster internal capacity building• Take any guidelines or collective recommendation• External consultants to identify planning• Establish secure communication channels with
team(s) of incident coordination• Establish cooperation agreements cyber security
management and incident response• Get some certification / audit
external help: Cyber-guards• Capability to
– mitigate / recover• Private vs. Public:
– Incibe– CERT_SI– CESIcat– CERT.EU– …– esCERT.UPC
30
European CERT (?)
n/g CERT
Sectorial CERT
Industry
n/g CERT
Sectorial CERT
SME
n/g CERT
CIIP CERT
CI
ENISA
user ->CPD -> SOC -> CSIRT -> CERT
Final remarks• Legal requirements:
– Risk analysis– Incident reporting
• Self-protection: – internal controls– Use safe devices– Update software and passwords
• Provide evidences of:– capabilities – good practices– External audits
• Subcontract external experts 31
PREGUNTAS (& RESPUESTAS)Muchas graciaspor la atención!
Prof. Manel MedinaCoordinador científico de APWG.eu
Fundador esCERT-inLab-UPCDirector Máster Ciberseguridad – [email protected] – [email protected]
605 284 388
