SlideShare ist ein Scribd-Unternehmen logo

Critical Infrastructure and Cyber Security: trends and challenges

Community Protection Forum
Community Protection Forum

by Massimo Cappelli GCSEC - Global Cyber Security Center mail: massimo.cappelli@gcsec.org

Technologie
1 von 10
Downloaden Sie, um offline zu lesen
Critical Infrastructure and Cyber Security: trends and challenges Genova, 30 October 2013
In 2013, GCSEC has been involved in several activities both at national and international level on critical infrastructure protection Some initiatives Projects cofunded by EU (70-90%) Italian  Groups   Online   Frauds   Cyber   Centre   and   Expert   Network   (OF2CEN):   crea'on   of   a   system   of   informa'on   exchange   between  financial  ins'tu'ons  and  European  law  enforcement  agencies  (Italy,  UK,  Romania),  with  development  of   a  informa'on  sharing  plaCorm  in  Italy  with  par'cipa'on  of  Polizia  Postale  e  delle  Comunicazioni     Security   of   Energy   System   (SoES):   The   project   will   provide   a   comprehensive   analysis   of   ICT   architectures,   vulnerabili'es,   and   best   prac'ces   related   to   the   Smart   Grids   and   will   create,   at   European   level   an   Informa'on   Sharing  Hub  on  the  subject.  The  project  is  developed  in  partnership  with  ENEL,  RSE  Energia,  EFACEC     Distributed   Energy   Security   Knowledge   (DEnSeK):   The   aim   of   the   project   is   defining   and   deploying   a   distributed   cross-­‐company   situa'on   awareness   network   for   the   Energy   Industrial   field.   It   will   enforce   the   capability   of   forecas'ng  cyber  threats  evolu'on  at  con'nental  level,  giving  the  opportunity  to  take  mi'ga'ng  measures  and   facilitates   the   coordina'on   among   the   members   of   the   plaCorm   in   case   of   crisis.   Project   Partners   are:   ENEL,   Security  MaTers,  Alliander  NV,  Gdansk  University  of  Technology     Computer  Emergency  Response  Team  (CERT):  Support  to  Security  Department  in  the  design,  development  and   implementa'on  of  corporate  CERT.  Interna'onal  Benchmark,  design  of  main  processes  (incident  handling,  early   warning,  threat  and  vulnerability  management,…),  review  of  FIRST  requirements,  prepara'on  of  Top   Management  presenta'ons  and  report,…       Black  market  study:  analysis  of  aTack  mo'va'ons,  poten'al  impacts  of  the  aTacks  and  descrip'on  of  tools,   network  resources,  informa'on  and  services  sold  online  for  perpetra'ng  the  aTacks   NATO  Advanced  Research  Workshop:  GCSEC,  together  with  GCSP,  has  organized  an  event  in  Geneva  on  “Best   Prac'ces  for  Computer  Network  Defence:  Incident  Detec'on  and  Response”.  29  experts  in  cyber  security,  from   NATO  Countries  and  Partner,  discussed  on  the  evolu'on  of  Incident  Detec'on  and  Response   2
Scenarios: cyberspace will increase more and more Today  and  the  Near   Future1   Today   2020   Es'mated  World   Popula'on   7  billion  people   8  billion  people  circa   Es'mated  Internet   Popula'on   2.5  billion  people   (35%  of  popula'on  online)   5  billion  people  circa   (60%  of  popula'on  online)   Total  Number  of   Devices   12.5  billion  internet   connected  physical  objects   and  devices   (6  devices  per  person  circa)   50  billion  internet  connected   physical  objects  ad  devices   (10  devices  per  person  circa)   ICT  Contribu'on  to   the  Economy   4%  of  GDP  on  average  for   G20  na'ons   10%  of  worldwide  GDP   MORE THREATS •  •  •  •  •  3 1)  Evans,  The  Internet  of  Things,  How  the  Next  Evolu'on  of  the  Internet  Is  Changing  Everything   More People More People online More Devices More Revenues generated More  People  aTracted  to  business  crime   New  market  to  explore   Easier  to  find  vic'ms,  not  confident  with   internet   Easier  to  buy  full  package  services   …  
Threats will increase and also impact critical infrastructures too "   Intellectual Property and Digital Identities are stolen regularly "   Systems are erased "   Services are disrupted "   Sophisticated hackers team are even more well oranized "   Malwares are cheaper and easier "   Full maleware package/services available on dark market "  … 2009 Spies breach electricity grid in U.S.: According to current and former national security officials, as reported in The Wall Street Journal, cyberspies from China, Russia and other countries penetrated the U.S. electrical grid and left behind software programs that could be used to disrupt the system. 2010 The Stuxnet worm temporarily knocks out some of the centrifuges at Iran's Natanz nuclear facility, causing considerable delay to that country's uranium enrichment program 2011 The Nitro Attacks: A series of targeted attacks using an off-the-shelf Trojan horse called "Poison Ivy" is directed mainly at companies involved in the research, development and manufacture of chemicals and advanced materials. After tricking targeted users into downloading Poison Ivy, the attackers issue instructions to the compromised computers, troll for higher-level passwords and eventually offload the stolen content to hackercontrolled systems. 2012 DDoS attacks on U.S. banks: The U.S. accuses Iran of staging a wave of denial-of-service attacks against U.S. financial institutions. Defense Secretary Leon Panetta warns of potential for a "cyber Pearl Harbor" against critical infrastructure and calls for new protection standards. 4 Sources:  ICS-­‐CERT,  The  New  York  Times,  CSO,  Computerworld,  The  Wall  Street  Journal  
What are the critical infrastructures? The  UK's  na'onal  infrastructure  is  defined  by  the  Government  as:  “those  facili'es,  systems,  sites  and  networks  necessary  for  the   func'oning  of  the  country  and  the  delivery  of  the  essen'al  services  upon  which  daily  life  in  the  UK  depends”                              UK  CPNI  WEBSITE   Parameter   Green   Yellow   Orange   Red   Health   No  injuries   Light  injuries   Heavy  Injuries   Danger  of  life   Economics   Loss   <  1%  EBITDA   1%<EBITDA<3 %     3%<EBITDA<5 %   >  5%  EBITDA   Service   disrup'on   0  –  10  minutes   10  –  60   minutes   1  day   >  1  day   Reputa'on   Inside  the   company   Local  level   Na'onal  level   Interna'onal   level   …   The  Infrastructure  is  not  at  the  center  of  interests     the  conPnuity  of  the  SERVICE   is  the  main  goal   5 UK  Cri'cality  Scale  (Strategic  Framework  and  Policy  Statement  –   Cabinet  Office)    
Critical Infrastructure are that infrastructure vital for the continuity of a service delivery which disruption would be critical at national level CITIZENS  and  COMPANIES   Do  the  Owners  of  criPcal  services…   "   …know if the service they deliver is critical? Core/Cri'cal   Service   Cri'cal   Applica'on  1   "   …know at which level of criticality scale the Support  Service   Not  Cri'cal   Applica'on  2   Applica'on  2   service could be considered critical? "   …know the technology/assets chain vital for delivering critical services? Opera'ng  system   "   …know from who they depend on? "   …put already in place all the countermeasures Infrastructure /tools   Infrastructure /tools   Infrastructure /tools   known and necessary to guarantee the service continuity? 6 Facility   Facility   Facility  
The new trend in the protection of critical infrastructures is also to do properly what we are already doing (1/3) Examples   Better Perimeter and service Knowledge Prioritize Patch management "   Map the technology/asset chain the critical service depends on and the impact related to their disruptions "   Map the interdependencies between networks, applications, operating system,… "   Identify the servers containing sensitive data "   Define a patch management cycle (notification, testing, prioritizing, deploying, monitor,…) "   Prioritize deployment on critical infrastructures the critical service depend on Reduce complexity and opportunities Strengthen internal collaboration "   Avoid conflicts between business units (business owner, information technology, security departments, …) "   Join skills and capabilities and work together to define and implement security requirements (i.e. CERT) Increase education and training 7 "   Reduce the complexity of networks, applications, operating systems, in order to reduce also the “surface” available for the attacks "   Often there are many applications inside a company doing similar activities, platform optimization will save time and resources to monitor it and patch it "   Reducing the attack surface will reduce the opportunities for the hacker to find blind spots "   Managers and employees don’t know security policy related to the use of ICT infrastructures, PCs or mobile devices "   There is a lack of training and exercises inside companies, this doesn’t help to speed the incident handling process and so on
The new trend in the protection of critical infrastructures is also to do properly what we are already doing (2/3) Examples   Use of Honeypots Use of Disinformation/ Deception "   Traps set to detect, deflect or counteracts attempts at unauthorized use of information systems "   They gather information regarding an intruder or attacker in the system "   False repository with false intellectual proprieties or data not useful for the attackers "   It allows to identify the attack motives "   It allows also to make attackers to invest money without profit Knowledge of your enemies "   Monitor blogs/forum, media, chat to understand the sentiment around the company and if someone intend to attack your organization "   Monitor black market t(i.e. services, malware, databases of credentials, emails and so on) "   Learn hacker operating model (pattern of attacks could be similar against different companies) Hacker Yourself "   Start to think and act as a hacker. In this way you can really test the protection levels of your infrastructures and take the right countermeasures (penetration testing, vulnerability assessment,…) Stregthen integration and data/traffic analysis "   Data are usually collected but rarely analyzed and correlated. Usually only for forensics "   Big Data is the future and security has to be confident with them to understand patterns, correlations and so on "   There are new solutions dealing also with behavioral pattern or “pattern of life” that describe the normal online activity of employees,… (anomaly-based IDS) 8
The new trend in the protection of critical infrastructures is also to do properly what we are already doing (3/3) Examples   Build a security inhouse capability Limit the “bring your own device”(BYOD) Stregthen external collaboration Moving target architectures "   Security could not be transfer to external suppliers. It will create an uncomfortable dependency "   Companies are re-thinking security bringing back at home competencies and skilled resources "   Internet of things will enlarge the interactions with personal devices used also for work "   Clear policy shall be defined and strict controls put in place (mandatory authirization process, password protection, control of risky application, limit the use of business application with sensitive data,…) "   SOC/CERT and Security departments have to strengthen concrete collaborations "   It is impossible to have the overview of all the threats and vulnerabilities present in cyberspace "   The collaboration shall go one step further the signature of MoUs "   The design of architectures could be done in order to shift the program’s attack surface, also reducing it (Moving target) "   Different types of architectures based on microkernels and separation kernels APPROACHING  CYBER  SECURITY  TODAY  IS  SUCH  AS  APPROACHING  COLD  WAR  YEARS  AGO     START  TO  THINK  THAT  YOU  ARE  ALREADY  UNDER  ATTACK     9
THANKS     massimo.cappelli@gcsec.org     www.gcsec.org     10

Empfohlen

Critical Infrastructure and Cyber Threat
Critical Infrastructure and Cyber ThreatCritical Infrastructure and Cyber Threat
Critical Infrastructure and Cyber ThreatMotorola Solutions
 
Potential Impact of Cyber Attacks on Critical Infrastructure
Potential Impact of Cyber Attacks on Critical InfrastructurePotential Impact of Cyber Attacks on Critical Infrastructure
Potential Impact of Cyber Attacks on Critical InfrastructureUnisys Corporation
 
Critical Infrastructure Protection against targeted attacks on cyber-physical...
Critical Infrastructure Protection against targeted attacks on cyber-physical...Critical Infrastructure Protection against targeted attacks on cyber-physical...
Critical Infrastructure Protection against targeted attacks on cyber-physical...Enrique Martin
 
Industrial Cybersecurity and Critical Infrastructure Protection in Europe
Industrial Cybersecurity and Critical Infrastructure Protection in EuropeIndustrial Cybersecurity and Critical Infrastructure Protection in Europe
Industrial Cybersecurity and Critical Infrastructure Protection in EuropePositive Hack Days
 
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...National Critical Information Infrastructure Protection Centre (NCIIPC): Role...
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...Cybersecurity Education and Research Centre
 
Cyber Critical Infrastructure Framework Panel
Cyber Critical Infrastructure Framework PanelCyber Critical Infrastructure Framework Panel
Cyber Critical Infrastructure Framework PanelPaul Di Gangi
 
Protection of critical information infrastructure
Protection of critical information infrastructureProtection of critical information infrastructure
Protection of critical information infrastructureNeha Agarwal
 
Critical Infrastructure and Cybersecurity
Critical Infrastructure and Cybersecurity Critical Infrastructure and Cybersecurity
Critical Infrastructure and Cybersecurity European Services Institute
 

Empfohlen

Critical Infrastructure and Cyber Threat
Critical Infrastructure and Cyber ThreatCritical Infrastructure and Cyber Threat
Critical Infrastructure and Cyber ThreatMotorola Solutions
 
Potential Impact of Cyber Attacks on Critical Infrastructure
Potential Impact of Cyber Attacks on Critical InfrastructurePotential Impact of Cyber Attacks on Critical Infrastructure
Potential Impact of Cyber Attacks on Critical InfrastructureUnisys Corporation
 
Critical Infrastructure Protection against targeted attacks on cyber-physical...
Critical Infrastructure Protection against targeted attacks on cyber-physical...Critical Infrastructure Protection against targeted attacks on cyber-physical...
Critical Infrastructure Protection against targeted attacks on cyber-physical...Enrique Martin
 
Industrial Cybersecurity and Critical Infrastructure Protection in Europe
Industrial Cybersecurity and Critical Infrastructure Protection in EuropeIndustrial Cybersecurity and Critical Infrastructure Protection in Europe
Industrial Cybersecurity and Critical Infrastructure Protection in EuropePositive Hack Days
 
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...National Critical Information Infrastructure Protection Centre (NCIIPC): Role...
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...Cybersecurity Education and Research Centre
 
Cyber Critical Infrastructure Framework Panel
Cyber Critical Infrastructure Framework PanelCyber Critical Infrastructure Framework Panel
Cyber Critical Infrastructure Framework PanelPaul Di Gangi
 
Protection of critical information infrastructure
Protection of critical information infrastructureProtection of critical information infrastructure
Protection of critical information infrastructureNeha Agarwal
 
Critical Infrastructure and Cybersecurity
Critical Infrastructure and Cybersecurity Critical Infrastructure and Cybersecurity
Critical Infrastructure and Cybersecurity European Services Institute
 
Cybersecurity for Critical National Information Infrastructure
Cybersecurity for Critical National Information InfrastructureCybersecurity for Critical National Information Infrastructure
Cybersecurity for Critical National Information InfrastructureDr David Probert
 
Infrastructure security
Infrastructure security Infrastructure security
Infrastructure security Adhar kashyap
 
Need for Improved Critical Industrial Infrastructure Protection
Need for Improved Critical Industrial Infrastructure ProtectionNeed for Improved Critical Industrial Infrastructure Protection
Need for Improved Critical Industrial Infrastructure ProtectionWilliam McBorrough
 
Critical infrastructure
Critical infrastructureCritical infrastructure
Critical infrastructureProf. David E. Alexander (UCL)
 
National cyber security policy final
National cyber security policy finalNational cyber security policy final
National cyber security policy finalIndian Air Force
 
Capitol Tech Talk Feb 17 2022 Cybersecurity Challenges in Financial Sector
Capitol Tech Talk Feb 17 2022 Cybersecurity Challenges in Financial SectorCapitol Tech Talk Feb 17 2022 Cybersecurity Challenges in Financial Sector
Capitol Tech Talk Feb 17 2022 Cybersecurity Challenges in Financial SectorCapitolTechU
 
Combating cyber crimes chinatu
Combating cyber crimes chinatuCombating cyber crimes chinatu
Combating cyber crimes chinatuChinatu Uzuegbu
 
Webinar slides march 2022 nikki robinson
Webinar slides march 2022 nikki robinson Webinar slides march 2022 nikki robinson
Webinar slides march 2022 nikki robinson CapitolTechU
 
Conférence ENGIE ACSS 2018
Conférence ENGIE ACSS 2018 Conférence ENGIE ACSS 2018
Conférence ENGIE ACSS 2018 African Cyber Security Summit
 
Emile Monette: How do we Strengthen the Public-Private Partnership to Mitigat...
Emile Monette: How do we Strengthen the Public-Private Partnership to Mitigat...Emile Monette: How do we Strengthen the Public-Private Partnership to Mitigat...
Emile Monette: How do we Strengthen the Public-Private Partnership to Mitigat...Government Technology and Services Coalition
 
Development of National Cybersecurity Strategy and Organisation
Development of National Cybersecurity Strategy and OrganisationDevelopment of National Cybersecurity Strategy and Organisation
Development of National Cybersecurity Strategy and OrganisationDr David Probert
 
Cyber Security Strategies and Approaches
Cyber Security Strategies and ApproachesCyber Security Strategies and Approaches
Cyber Security Strategies and Approachesvngundi
 
National Cyber Security Policy 2013 (NCSP)
National Cyber Security Policy 2013 (NCSP)National Cyber Security Policy 2013 (NCSP)
National Cyber Security Policy 2013 (NCSP)Gopal Choudhary
 
Insight Session with Dr. Daniel Gerstein, Deputy Under Secretary, S&T, DHS
Insight Session with Dr. Daniel Gerstein, Deputy Under Secretary, S&T, DHSInsight Session with Dr. Daniel Gerstein, Deputy Under Secretary, S&T, DHS
Insight Session with Dr. Daniel Gerstein, Deputy Under Secretary, S&T, DHSGovernment Technology and Services Coalition
 
Security of the Electric Grid: It's more than just NERC CIP
Security of the Electric Grid: It's more than just NERC CIPSecurity of the Electric Grid: It's more than just NERC CIP
Security of the Electric Grid: It's more than just NERC CIPEnergySec
 
National Cyber Security Policy-2013
National Cyber Security Policy-2013National Cyber Security Policy-2013
National Cyber Security Policy-2013Vidushi Singh
 
CYBER SECURITY TRANDS FOR FUTURE SMART GRID SYSTEMS
CYBER SECURITY TRANDS FOR FUTURE SMART GRID SYSTEMSCYBER SECURITY TRANDS FOR FUTURE SMART GRID SYSTEMS
CYBER SECURITY TRANDS FOR FUTURE SMART GRID SYSTEMSGeorge Wainblat
 
Airport security 2013 john mc carthy
Airport security 2013 john mc carthyAirport security 2013 john mc carthy
Airport security 2013 john mc carthyRussell Publishing
 
Cybersecurity-Real World Approach FINAL 2-24-16
Cybersecurity-Real World Approach FINAL 2-24-16Cybersecurity-Real World Approach FINAL 2-24-16
Cybersecurity-Real World Approach FINAL 2-24-16James Rutt
 
For Critical Infrastructure Protection
For Critical Infrastructure ProtectionFor Critical Infrastructure Protection
For Critical Infrastructure ProtectionPriyanka Aash
 
Cybersecurity Trends and CyberVision : 2015 - 2025
Cybersecurity Trends and CyberVision : 2015 - 2025Cybersecurity Trends and CyberVision : 2015 - 2025
Cybersecurity Trends and CyberVision : 2015 - 2025Dr David Probert
 
Cyber-Attacks & SAP systems: Is Our Business-Critical Infrastructure Exposed?
Cyber-Attacks & SAP systems: Is Our Business-Critical Infrastructure Exposed?Cyber-Attacks & SAP systems: Is Our Business-Critical Infrastructure Exposed?
Cyber-Attacks & SAP systems: Is Our Business-Critical Infrastructure Exposed?michelemanzotti
 

Weitere ähnliche Inhalte

Was ist angesagt?

Cybersecurity for Critical National Information Infrastructure
Cybersecurity for Critical National Information InfrastructureCybersecurity for Critical National Information Infrastructure
Cybersecurity for Critical National Information InfrastructureDr David Probert
 
Infrastructure security
Infrastructure security Infrastructure security
Infrastructure security Adhar kashyap
 
Need for Improved Critical Industrial Infrastructure Protection
Need for Improved Critical Industrial Infrastructure ProtectionNeed for Improved Critical Industrial Infrastructure Protection
Need for Improved Critical Industrial Infrastructure ProtectionWilliam McBorrough
 
National cyber security policy final
National cyber security policy finalNational cyber security policy final
National cyber security policy finalIndian Air Force
 
Capitol Tech Talk Feb 17 2022 Cybersecurity Challenges in Financial Sector
Capitol Tech Talk Feb 17 2022 Cybersecurity Challenges in Financial SectorCapitol Tech Talk Feb 17 2022 Cybersecurity Challenges in Financial Sector
Capitol Tech Talk Feb 17 2022 Cybersecurity Challenges in Financial SectorCapitolTechU
 
Combating cyber crimes chinatu
Combating cyber crimes chinatuCombating cyber crimes chinatu
Combating cyber crimes chinatuChinatu Uzuegbu
 
Webinar slides march 2022 nikki robinson
Webinar slides march 2022 nikki robinson Webinar slides march 2022 nikki robinson
Webinar slides march 2022 nikki robinson CapitolTechU
 
Development of National Cybersecurity Strategy and Organisation
Development of National Cybersecurity Strategy and OrganisationDevelopment of National Cybersecurity Strategy and Organisation
Development of National Cybersecurity Strategy and OrganisationDr David Probert
 
Cyber Security Strategies and Approaches
Cyber Security Strategies and ApproachesCyber Security Strategies and Approaches
Cyber Security Strategies and Approachesvngundi
 
National Cyber Security Policy 2013 (NCSP)
National Cyber Security Policy 2013 (NCSP)National Cyber Security Policy 2013 (NCSP)
National Cyber Security Policy 2013 (NCSP)Gopal Choudhary
 
Security of the Electric Grid: It's more than just NERC CIP
Security of the Electric Grid: It's more than just NERC CIPSecurity of the Electric Grid: It's more than just NERC CIP
Security of the Electric Grid: It's more than just NERC CIPEnergySec
 
National Cyber Security Policy-2013
National Cyber Security Policy-2013National Cyber Security Policy-2013
National Cyber Security Policy-2013Vidushi Singh
 
CYBER SECURITY TRANDS FOR FUTURE SMART GRID SYSTEMS
CYBER SECURITY TRANDS FOR FUTURE SMART GRID SYSTEMSCYBER SECURITY TRANDS FOR FUTURE SMART GRID SYSTEMS
CYBER SECURITY TRANDS FOR FUTURE SMART GRID SYSTEMSGeorge Wainblat
 
Airport security 2013 john mc carthy
Airport security 2013 john mc carthyAirport security 2013 john mc carthy
Airport security 2013 john mc carthyRussell Publishing
 
Cybersecurity-Real World Approach FINAL 2-24-16
Cybersecurity-Real World Approach FINAL 2-24-16Cybersecurity-Real World Approach FINAL 2-24-16
Cybersecurity-Real World Approach FINAL 2-24-16James Rutt
 

Was ist angesagt? (19)

Cybersecurity for Critical National Information Infrastructure
Cybersecurity for Critical National Information InfrastructureCybersecurity for Critical National Information Infrastructure
Cybersecurity for Critical National Information Infrastructure
 
Infrastructure security
Infrastructure security Infrastructure security
Infrastructure security
 
Need for Improved Critical Industrial Infrastructure Protection
Need for Improved Critical Industrial Infrastructure ProtectionNeed for Improved Critical Industrial Infrastructure Protection
Need for Improved Critical Industrial Infrastructure Protection
 
Critical infrastructure
Critical infrastructureCritical infrastructure
Critical infrastructure
 
National cyber security policy final
National cyber security policy finalNational cyber security policy final
National cyber security policy final
 
Capitol Tech Talk Feb 17 2022 Cybersecurity Challenges in Financial Sector
Capitol Tech Talk Feb 17 2022 Cybersecurity Challenges in Financial SectorCapitol Tech Talk Feb 17 2022 Cybersecurity Challenges in Financial Sector
Capitol Tech Talk Feb 17 2022 Cybersecurity Challenges in Financial Sector
 
Combating cyber crimes chinatu
Combating cyber crimes chinatuCombating cyber crimes chinatu
Combating cyber crimes chinatu
 
Webinar slides march 2022 nikki robinson
Webinar slides march 2022 nikki robinson Webinar slides march 2022 nikki robinson
Webinar slides march 2022 nikki robinson
 
Conférence ENGIE ACSS 2018
Conférence ENGIE ACSS 2018 Conférence ENGIE ACSS 2018
Conférence ENGIE ACSS 2018
 
Emile Monette: How do we Strengthen the Public-Private Partnership to Mitigat...
Emile Monette: How do we Strengthen the Public-Private Partnership to Mitigat...Emile Monette: How do we Strengthen the Public-Private Partnership to Mitigat...
Emile Monette: How do we Strengthen the Public-Private Partnership to Mitigat...
 
Development of National Cybersecurity Strategy and Organisation
Development of National Cybersecurity Strategy and OrganisationDevelopment of National Cybersecurity Strategy and Organisation
Development of National Cybersecurity Strategy and Organisation
 
Cyber Security Strategies and Approaches
Cyber Security Strategies and ApproachesCyber Security Strategies and Approaches
Cyber Security Strategies and Approaches
 
National Cyber Security Policy 2013 (NCSP)
National Cyber Security Policy 2013 (NCSP)National Cyber Security Policy 2013 (NCSP)
National Cyber Security Policy 2013 (NCSP)
 
Insight Session with Dr. Daniel Gerstein, Deputy Under Secretary, S&T, DHS
Insight Session with Dr. Daniel Gerstein, Deputy Under Secretary, S&T, DHSInsight Session with Dr. Daniel Gerstein, Deputy Under Secretary, S&T, DHS
Insight Session with Dr. Daniel Gerstein, Deputy Under Secretary, S&T, DHS
 
Security of the Electric Grid: It's more than just NERC CIP
Security of the Electric Grid: It's more than just NERC CIPSecurity of the Electric Grid: It's more than just NERC CIP
Security of the Electric Grid: It's more than just NERC CIP
 
National Cyber Security Policy-2013
National Cyber Security Policy-2013National Cyber Security Policy-2013
National Cyber Security Policy-2013
 
CYBER SECURITY TRANDS FOR FUTURE SMART GRID SYSTEMS
CYBER SECURITY TRANDS FOR FUTURE SMART GRID SYSTEMSCYBER SECURITY TRANDS FOR FUTURE SMART GRID SYSTEMS
CYBER SECURITY TRANDS FOR FUTURE SMART GRID SYSTEMS
 
Airport security 2013 john mc carthy
Airport security 2013 john mc carthyAirport security 2013 john mc carthy
Airport security 2013 john mc carthy
 
Cybersecurity-Real World Approach FINAL 2-24-16
Cybersecurity-Real World Approach FINAL 2-24-16Cybersecurity-Real World Approach FINAL 2-24-16
Cybersecurity-Real World Approach FINAL 2-24-16
 

Andere mochten auch

For Critical Infrastructure Protection
For Critical Infrastructure ProtectionFor Critical Infrastructure Protection
For Critical Infrastructure ProtectionPriyanka Aash
 
Cybersecurity Trends and CyberVision : 2015 - 2025
Cybersecurity Trends and CyberVision : 2015 - 2025Cybersecurity Trends and CyberVision : 2015 - 2025
Cybersecurity Trends and CyberVision : 2015 - 2025Dr David Probert
 
Cyber-Attacks & SAP systems: Is Our Business-Critical Infrastructure Exposed?
Cyber-Attacks & SAP systems: Is Our Business-Critical Infrastructure Exposed?Cyber-Attacks & SAP systems: Is Our Business-Critical Infrastructure Exposed?
Cyber-Attacks & SAP systems: Is Our Business-Critical Infrastructure Exposed?michelemanzotti
 
A Cyber Infrastructure SCADA Testbed Environment for Research on the Nation\'...
A Cyber Infrastructure SCADA Testbed Environment for Research on the Nation\'...A Cyber Infrastructure SCADA Testbed Environment for Research on the Nation\'...
A Cyber Infrastructure SCADA Testbed Environment for Research on the Nation\'...Christopher Klaus
 
Are You Prepared? Cybersecurity Trends & Opportunities (Ed Valdez)
Are You Prepared? Cybersecurity Trends & Opportunities (Ed Valdez) Are You Prepared? Cybersecurity Trends & Opportunities (Ed Valdez)
Are You Prepared? Cybersecurity Trends & Opportunities (Ed Valdez) Ed Valdez
 
Présentation Cyber espace
Présentation Cyber espacePrésentation Cyber espace
Présentation Cyber espaceadelvigne
 
Les nouveaux usages géographiques du cyberespace
Les nouveaux usages géographiques du cyberespaceLes nouveaux usages géographiques du cyberespace
Les nouveaux usages géographiques du cyberespaceJérémie34
 
Pirater un compte facebook
Pirater un compte facebookPirater un compte facebook
Pirater un compte facebookzabakpolak
 
Sécuriser son espace Cyber-base face aux usages illicites - ExplorCamp (2009)
Sécuriser son espace Cyber-base face aux usages illicites - ExplorCamp (2009)Sécuriser son espace Cyber-base face aux usages illicites - ExplorCamp (2009)
Sécuriser son espace Cyber-base face aux usages illicites - ExplorCamp (2009)Ardesi Midi-Pyrénées
 
Cyber defense: Understanding and Combating the Threat
Cyber defense: Understanding and Combating the ThreatCyber defense: Understanding and Combating the Threat
Cyber defense: Understanding and Combating the ThreatIBM Government
 
Rapport Bockel sur la cyber-défense
Rapport Bockel sur la cyber-défenseRapport Bockel sur la cyber-défense
Rapport Bockel sur la cyber-défenseFrançois Bourboulon
 
Fiche type nouveau media il fr
Fiche type nouveau media il frFiche type nouveau media il fr
Fiche type nouveau media il frFSJU AUJF
 
Valdes cyberguerre-barcamp2012
Valdes cyberguerre-barcamp2012Valdes cyberguerre-barcamp2012
Valdes cyberguerre-barcamp2012Valdes Nzalli
 
Cybertech 2014, Irsaël
Cybertech 2014, IrsaëlCybertech 2014, Irsaël
Cybertech 2014, IrsaëlFSJU AUJF
 
Critical Controls Of Cyber Defense
Critical Controls Of Cyber DefenseCritical Controls Of Cyber Defense
Critical Controls Of Cyber DefenseRishu Mehra
 
Yash corporate profile
Yash corporate profileYash corporate profile
Yash corporate profilesdk1234
 

Andere mochten auch (20)

For Critical Infrastructure Protection
For Critical Infrastructure ProtectionFor Critical Infrastructure Protection
For Critical Infrastructure Protection
 
Cybersecurity Trends and CyberVision : 2015 - 2025
Cybersecurity Trends and CyberVision : 2015 - 2025Cybersecurity Trends and CyberVision : 2015 - 2025
Cybersecurity Trends and CyberVision : 2015 - 2025
 
Cyber-Attacks & SAP systems: Is Our Business-Critical Infrastructure Exposed?
Cyber-Attacks & SAP systems: Is Our Business-Critical Infrastructure Exposed?Cyber-Attacks & SAP systems: Is Our Business-Critical Infrastructure Exposed?
Cyber-Attacks & SAP systems: Is Our Business-Critical Infrastructure Exposed?
 
A Cyber Infrastructure SCADA Testbed Environment for Research on the Nation\'...
A Cyber Infrastructure SCADA Testbed Environment for Research on the Nation\'...A Cyber Infrastructure SCADA Testbed Environment for Research on the Nation\'...
A Cyber Infrastructure SCADA Testbed Environment for Research on the Nation\'...
 
Are You Prepared? Cybersecurity Trends & Opportunities (Ed Valdez)
Are You Prepared? Cybersecurity Trends & Opportunities (Ed Valdez) Are You Prepared? Cybersecurity Trends & Opportunities (Ed Valdez)
Are You Prepared? Cybersecurity Trends & Opportunities (Ed Valdez)
 
Infrastructure Interdependencies: Connections that Alter Consequences
Infrastructure Interdependencies: Connections that Alter ConsequencesInfrastructure Interdependencies: Connections that Alter Consequences
Infrastructure Interdependencies: Connections that Alter Consequences
 
Présentation Cyber espace
Présentation Cyber espacePrésentation Cyber espace
Présentation Cyber espace
 
Les nouveaux usages géographiques du cyberespace
Les nouveaux usages géographiques du cyberespaceLes nouveaux usages géographiques du cyberespace
Les nouveaux usages géographiques du cyberespace
 
Pirater un compte facebook
Pirater un compte facebookPirater un compte facebook
Pirater un compte facebook
 
Sécuriser son espace Cyber-base face aux usages illicites - ExplorCamp (2009)
Sécuriser son espace Cyber-base face aux usages illicites - ExplorCamp (2009)Sécuriser son espace Cyber-base face aux usages illicites - ExplorCamp (2009)
Sécuriser son espace Cyber-base face aux usages illicites - ExplorCamp (2009)
 
Cyber defense: Understanding and Combating the Threat
Cyber defense: Understanding and Combating the ThreatCyber defense: Understanding and Combating the Threat
Cyber defense: Understanding and Combating the Threat
 
Aerospace Defense Cyber Security Executive Search
Aerospace Defense Cyber Security Executive SearchAerospace Defense Cyber Security Executive Search
Aerospace Defense Cyber Security Executive Search
 
Rapport Bockel sur la cyber-défense
Rapport Bockel sur la cyber-défenseRapport Bockel sur la cyber-défense
Rapport Bockel sur la cyber-défense
 
Fiche type nouveau media il fr
Fiche type nouveau media il frFiche type nouveau media il fr
Fiche type nouveau media il fr
 
Valdes cyberguerre-barcamp2012
Valdes cyberguerre-barcamp2012Valdes cyberguerre-barcamp2012
Valdes cyberguerre-barcamp2012
 
Cybertech 2014, Irsaël
Cybertech 2014, IrsaëlCybertech 2014, Irsaël
Cybertech 2014, Irsaël
 
Critical Controls Of Cyber Defense
Critical Controls Of Cyber DefenseCritical Controls Of Cyber Defense
Critical Controls Of Cyber Defense
 
InfoBeans corporate presentation for slideshare
InfoBeans corporate presentation for slideshareInfoBeans corporate presentation for slideshare
InfoBeans corporate presentation for slideshare
 
Yash corporate profile
Yash corporate profileYash corporate profile
Yash corporate profile
 
TechValens Software Systems LLC Corporate Presentation
TechValens Software Systems LLC Corporate PresentationTechValens Software Systems LLC Corporate Presentation
TechValens Software Systems LLC Corporate Presentation
 

Ähnlich wie Critical Infrastructure and Cyber Security: trends and challenges

Capstone Team Report -The Vicious Circle of Smart Grid Security
Capstone Team Report -The Vicious Circle of Smart Grid SecurityCapstone Team Report -The Vicious Circle of Smart Grid Security
Capstone Team Report -The Vicious Circle of Smart Grid Securityreuben_mathew
 
SECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docx
SECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docxSECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docx
SECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docxbagotjesusa
 
An Analytical Study on Attacks and Threats in Cyber Security and its Evolving...
An Analytical Study on Attacks and Threats in Cyber Security and its Evolving...An Analytical Study on Attacks and Threats in Cyber Security and its Evolving...
An Analytical Study on Attacks and Threats in Cyber Security and its Evolving...ijtsrd
 
Cybersecurity for Smart Grids: Vulnerabilities and Strategies to Provide Cybe...
Cybersecurity for Smart Grids: Vulnerabilities and Strategies to Provide Cybe...Cybersecurity for Smart Grids: Vulnerabilities and Strategies to Provide Cybe...
Cybersecurity for Smart Grids: Vulnerabilities and Strategies to Provide Cybe...Leonardo ENERGY
 
Use of network forensic mechanisms to formulate network security
Use of network forensic mechanisms to formulate network securityUse of network forensic mechanisms to formulate network security
Use of network forensic mechanisms to formulate network securityIJMIT JOURNAL
 
USE OF NETWORK FORENSIC MECHANISMS TO FORMULATE NETWORK SECURITY
USE OF NETWORK FORENSIC MECHANISMS TO FORMULATE NETWORK SECURITYUSE OF NETWORK FORENSIC MECHANISMS TO FORMULATE NETWORK SECURITY
USE OF NETWORK FORENSIC MECHANISMS TO FORMULATE NETWORK SECURITYIJMIT JOURNAL
 
Cyber Security – Indian Perspective.pptx
Cyber Security – Indian Perspective.pptxCyber Security – Indian Perspective.pptx
Cyber Security – Indian Perspective.pptxSharifulShishir
 
Innovation in the Power Systems industry CIGRE
Innovation in the Power Systems industry CIGREInnovation in the Power Systems industry CIGRE
Innovation in the Power Systems industry CIGREPower System Operation
 
Need for Improved Critical Industrial Infrastructure Protection
Need for Improved Critical Industrial Infrastructure ProtectionNeed for Improved Critical Industrial Infrastructure Protection
Need for Improved Critical Industrial Infrastructure ProtectionWilliam McBorrough
 
Innovation in the Power Systems industry
Innovation in the Power Systems industryInnovation in the Power Systems industry
Innovation in the Power Systems industryPower System Operation
 
STATISTICAL QUALITY CONTROL APPROACHES TO NETWORK INTRUSION DETECTION
STATISTICAL QUALITY CONTROL APPROACHES TO NETWORK INTRUSION DETECTIONSTATISTICAL QUALITY CONTROL APPROACHES TO NETWORK INTRUSION DETECTION
STATISTICAL QUALITY CONTROL APPROACHES TO NETWORK INTRUSION DETECTIONIJNSA Journal
 
Strengthening Critical Infrastructure Security.pdf
Strengthening Critical Infrastructure Security.pdfStrengthening Critical Infrastructure Security.pdf
Strengthening Critical Infrastructure Security.pdfssuserc1c354
 
Cyber Defense: three fundamental steps
Cyber Defense: three fundamental stepsCyber Defense: three fundamental steps
Cyber Defense: three fundamental stepsLeonardo
 
Computer ForensicsDiscussion 1Forensics Certifications Ple.docx
Computer ForensicsDiscussion 1Forensics Certifications Ple.docxComputer ForensicsDiscussion 1Forensics Certifications Ple.docx
Computer ForensicsDiscussion 1Forensics Certifications Ple.docxdonnajames55
 
International Cyber Security 2012
International Cyber Security 2012International Cyber Security 2012
International Cyber Security 2012Sharmin Ahammad
 
Rutkowski OASIS CTI F2F Cybersecurity Act Preso 20160115
Rutkowski OASIS CTI F2F Cybersecurity Act Preso 20160115Rutkowski OASIS CTI F2F Cybersecurity Act Preso 20160115
Rutkowski OASIS CTI F2F Cybersecurity Act Preso 20160115James Bryce Clark
 

Ähnlich wie Critical Infrastructure and Cyber Security: trends and challenges (20)

The red book
The red book The red book
The red book
 
Capstone Team Report -The Vicious Circle of Smart Grid Security
Capstone Team Report -The Vicious Circle of Smart Grid SecurityCapstone Team Report -The Vicious Circle of Smart Grid Security
Capstone Team Report -The Vicious Circle of Smart Grid Security
 
SECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docx
SECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docxSECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docx
SECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docx
 
An Analytical Study on Attacks and Threats in Cyber Security and its Evolving...
An Analytical Study on Attacks and Threats in Cyber Security and its Evolving...An Analytical Study on Attacks and Threats in Cyber Security and its Evolving...
An Analytical Study on Attacks and Threats in Cyber Security and its Evolving...
 
Cybersecurity for Smart Grids: Vulnerabilities and Strategies to Provide Cybe...
Cybersecurity for Smart Grids: Vulnerabilities and Strategies to Provide Cybe...Cybersecurity for Smart Grids: Vulnerabilities and Strategies to Provide Cybe...
Cybersecurity for Smart Grids: Vulnerabilities and Strategies to Provide Cybe...
 
Use of network forensic mechanisms to formulate network security
Use of network forensic mechanisms to formulate network securityUse of network forensic mechanisms to formulate network security
Use of network forensic mechanisms to formulate network security
 
USE OF NETWORK FORENSIC MECHANISMS TO FORMULATE NETWORK SECURITY
USE OF NETWORK FORENSIC MECHANISMS TO FORMULATE NETWORK SECURITYUSE OF NETWORK FORENSIC MECHANISMS TO FORMULATE NETWORK SECURITY
USE OF NETWORK FORENSIC MECHANISMS TO FORMULATE NETWORK SECURITY
 
L479096.pdf
L479096.pdfL479096.pdf
L479096.pdf
 
Overview of IoT and Security issues
Overview of IoT and Security issuesOverview of IoT and Security issues
Overview of IoT and Security issues
 
Cyber Security – Indian Perspective.pptx
Cyber Security – Indian Perspective.pptxCyber Security – Indian Perspective.pptx
Cyber Security – Indian Perspective.pptx
 
Innovation in the Power Systems industry CIGRE
Innovation in the Power Systems industry CIGREInnovation in the Power Systems industry CIGRE
Innovation in the Power Systems industry CIGRE
 
Need for Improved Critical Industrial Infrastructure Protection
Need for Improved Critical Industrial Infrastructure ProtectionNeed for Improved Critical Industrial Infrastructure Protection
Need for Improved Critical Industrial Infrastructure Protection
 
Innovation in the Power Systems industry
Innovation in the Power Systems industryInnovation in the Power Systems industry
Innovation in the Power Systems industry
 
STATISTICAL QUALITY CONTROL APPROACHES TO NETWORK INTRUSION DETECTION
STATISTICAL QUALITY CONTROL APPROACHES TO NETWORK INTRUSION DETECTIONSTATISTICAL QUALITY CONTROL APPROACHES TO NETWORK INTRUSION DETECTION
STATISTICAL QUALITY CONTROL APPROACHES TO NETWORK INTRUSION DETECTION
 
Strengthening Critical Infrastructure Security.pdf
Strengthening Critical Infrastructure Security.pdfStrengthening Critical Infrastructure Security.pdf
Strengthening Critical Infrastructure Security.pdf
 
Cyber Defense: three fundamental steps
Cyber Defense: three fundamental stepsCyber Defense: three fundamental steps
Cyber Defense: three fundamental steps
 
Forensics
ForensicsForensics
Forensics
 
Computer ForensicsDiscussion 1Forensics Certifications Ple.docx
Computer ForensicsDiscussion 1Forensics Certifications Ple.docxComputer ForensicsDiscussion 1Forensics Certifications Ple.docx
Computer ForensicsDiscussion 1Forensics Certifications Ple.docx
 
International Cyber Security 2012
International Cyber Security 2012International Cyber Security 2012
International Cyber Security 2012
 
Rutkowski OASIS CTI F2F Cybersecurity Act Preso 20160115
Rutkowski OASIS CTI F2F Cybersecurity Act Preso 20160115Rutkowski OASIS CTI F2F Cybersecurity Act Preso 20160115
Rutkowski OASIS CTI F2F Cybersecurity Act Preso 20160115
 

Mehr von Community Protection Forum

Critical Infrastucture Protection: a strategic opportunity for countries’ mod...
Critical Infrastucture Protection: a strategic opportunity for countries’ mod...Critical Infrastucture Protection: a strategic opportunity for countries’ mod...
Critical Infrastucture Protection: a strategic opportunity for countries’ mod...Community Protection Forum
 
Industrial Safety and Security in Horizon 2020
Industrial Safety and Security in Horizon 2020Industrial Safety and Security in Horizon 2020
Industrial Safety and Security in Horizon 2020Community Protection Forum
 
New Models and New Technologies for an Integrated Risk Management in Complex ...
New Models and New Technologies for an Integrated Risk Management in Complex ...New Models and New Technologies for an Integrated Risk Management in Complex ...
New Models and New Technologies for an Integrated Risk Management in Complex ...Community Protection Forum
 
Cyber Security Challenges: how are we facing them?
Cyber Security Challenges: how are we facing them?Cyber Security Challenges: how are we facing them?
Cyber Security Challenges: how are we facing them?Community Protection Forum
 
How Security can be stronger than a Firewall: 13 different ways breaking thro...
How Security can be stronger than a Firewall: 13 different ways breaking thro...How Security can be stronger than a Firewall: 13 different ways breaking thro...
How Security can be stronger than a Firewall: 13 different ways breaking thro...Community Protection Forum
 
Security of the Supply Chain & Commerce Facilitation with a PM approach
Security of the Supply Chain & Commerce Facilitation with a PM approachSecurity of the Supply Chain & Commerce Facilitation with a PM approach
Security of the Supply Chain & Commerce Facilitation with a PM approachCommunity Protection Forum
 
Emergency Electrical Power Supply to Nuclear Safety Systems: design basis and...
Emergency Electrical Power Supply to Nuclear Safety Systems: design basis and...Emergency Electrical Power Supply to Nuclear Safety Systems: design basis and...
Emergency Electrical Power Supply to Nuclear Safety Systems: design basis and...Community Protection Forum
 
Cyber Security Applications for Smart Communities
Cyber Security Applications for Smart CommunitiesCyber Security Applications for Smart Communities
Cyber Security Applications for Smart CommunitiesCommunity Protection Forum
 
Cyber Security: Differences between Industrial Control Systems and ICT Approach
Cyber Security: Differences between Industrial Control Systems and ICT ApproachCyber Security: Differences between Industrial Control Systems and ICT Approach
Cyber Security: Differences between Industrial Control Systems and ICT ApproachCommunity Protection Forum
 
Accidents in the Energy Sector and Energy Infrastructure Attacks in the conte...
Accidents in the Energy Sector and Energy Infrastructure Attacks in the conte...Accidents in the Energy Sector and Energy Infrastructure Attacks in the conte...
Accidents in the Energy Sector and Energy Infrastructure Attacks in the conte...Community Protection Forum
 
Safety and Security Task in the Operation of Multipurpose Italian Navy Units
Safety and Security Task in the Operation of Multipurpose Italian Navy UnitsSafety and Security Task in the Operation of Multipurpose Italian Navy Units
Safety and Security Task in the Operation of Multipurpose Italian Navy UnitsCommunity Protection Forum
 
Smart Cities: Technologies for Efficient and Sustainable Cities
Smart Cities: Technologies for Efficient and Sustainable CitiesSmart Cities: Technologies for Efficient and Sustainable Cities
Smart Cities: Technologies for Efficient and Sustainable CitiesCommunity Protection Forum
 
The DRIHM Infrastructure Design and Projects Experience
The DRIHM Infrastructure Design and Projects ExperienceThe DRIHM Infrastructure Design and Projects Experience
The DRIHM Infrastructure Design and Projects ExperienceCommunity Protection Forum
 

Mehr von Community Protection Forum (20)

The Role of the Commonwealth in Cyberspace
The Role of the Commonwealth in CyberspaceThe Role of the Commonwealth in Cyberspace
The Role of the Commonwealth in Cyberspace
 
Critical Infrastucture Protection: a strategic opportunity for countries’ mod...
Critical Infrastucture Protection: a strategic opportunity for countries’ mod...Critical Infrastucture Protection: a strategic opportunity for countries’ mod...
Critical Infrastucture Protection: a strategic opportunity for countries’ mod...
 
Industrial Safety and Security in Horizon 2020
Industrial Safety and Security in Horizon 2020Industrial Safety and Security in Horizon 2020
Industrial Safety and Security in Horizon 2020
 
New Frontiers for Nuclear Power Plants Safety
New Frontiers for Nuclear Power Plants SafetyNew Frontiers for Nuclear Power Plants Safety
New Frontiers for Nuclear Power Plants Safety
 
New Models and New Technologies for an Integrated Risk Management in Complex ...
New Models and New Technologies for an Integrated Risk Management in Complex ...New Models and New Technologies for an Integrated Risk Management in Complex ...
New Models and New Technologies for an Integrated Risk Management in Complex ...
 
Cyber Security Challenges: how are we facing them?
Cyber Security Challenges: how are we facing them?Cyber Security Challenges: how are we facing them?
Cyber Security Challenges: how are we facing them?
 
How Security can be stronger than a Firewall: 13 different ways breaking thro...
How Security can be stronger than a Firewall: 13 different ways breaking thro...How Security can be stronger than a Firewall: 13 different ways breaking thro...
How Security can be stronger than a Firewall: 13 different ways breaking thro...
 
Security Projects & Projects Safety
Security Projects & Projects SafetySecurity Projects & Projects Safety
Security Projects & Projects Safety
 
Security of the Supply Chain & Commerce Facilitation with a PM approach
Security of the Supply Chain & Commerce Facilitation with a PM approachSecurity of the Supply Chain & Commerce Facilitation with a PM approach
Security of the Supply Chain & Commerce Facilitation with a PM approach
 
A Cyberwarfare Weapon: Slowreq
A Cyberwarfare Weapon: SlowreqA Cyberwarfare Weapon: Slowreq
A Cyberwarfare Weapon: Slowreq
 
Emergency Electrical Power Supply to Nuclear Safety Systems: design basis and...
Emergency Electrical Power Supply to Nuclear Safety Systems: design basis and...Emergency Electrical Power Supply to Nuclear Safety Systems: design basis and...
Emergency Electrical Power Supply to Nuclear Safety Systems: design basis and...
 
Touristic Port Security
Touristic Port SecurityTouristic Port Security
Touristic Port Security
 
Cyber Security Applications for Smart Communities
Cyber Security Applications for Smart CommunitiesCyber Security Applications for Smart Communities
Cyber Security Applications for Smart Communities
 
Cyber Security: Differences between Industrial Control Systems and ICT Approach
Cyber Security: Differences between Industrial Control Systems and ICT ApproachCyber Security: Differences between Industrial Control Systems and ICT Approach
Cyber Security: Differences between Industrial Control Systems and ICT Approach
 
Accidents in the Energy Sector and Energy Infrastructure Attacks in the conte...
Accidents in the Energy Sector and Energy Infrastructure Attacks in the conte...Accidents in the Energy Sector and Energy Infrastructure Attacks in the conte...
Accidents in the Energy Sector and Energy Infrastructure Attacks in the conte...
 
Safety and Security Task in the Operation of Multipurpose Italian Navy Units
Safety and Security Task in the Operation of Multipurpose Italian Navy UnitsSafety and Security Task in the Operation of Multipurpose Italian Navy Units
Safety and Security Task in the Operation of Multipurpose Italian Navy Units
 
IT vs. OT: ICS Cyber Security in TSOs
IT vs. OT: ICS Cyber Security in TSOsIT vs. OT: ICS Cyber Security in TSOs
IT vs. OT: ICS Cyber Security in TSOs
 
Cyber Security and the National Central Banks
Cyber Security and the National Central BanksCyber Security and the National Central Banks
Cyber Security and the National Central Banks
 
Smart Cities: Technologies for Efficient and Sustainable Cities
Smart Cities: Technologies for Efficient and Sustainable CitiesSmart Cities: Technologies for Efficient and Sustainable Cities
Smart Cities: Technologies for Efficient and Sustainable Cities
 
The DRIHM Infrastructure Design and Projects Experience
The DRIHM Infrastructure Design and Projects ExperienceThe DRIHM Infrastructure Design and Projects Experience
The DRIHM Infrastructure Design and Projects Experience
 

Kürzlich hochgeladen

Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 

Kürzlich hochgeladen (20)

Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 

Critical Infrastructure and Cyber Security: trends and challenges

  • 1. Critical Infrastructure and Cyber Security: trends and challenges Genova, 30 October 2013
  • 2. In 2013, GCSEC has been involved in several activities both at national and international level on critical infrastructure protection Some initiatives Projects cofunded by EU (70-90%) Italian  Groups   Online   Frauds   Cyber   Centre   and   Expert   Network   (OF2CEN):   crea'on   of   a   system   of   informa'on   exchange   between  financial  ins'tu'ons  and  European  law  enforcement  agencies  (Italy,  UK,  Romania),  with  development  of   a  informa'on  sharing  plaCorm  in  Italy  with  par'cipa'on  of  Polizia  Postale  e  delle  Comunicazioni     Security   of   Energy   System   (SoES):   The   project   will   provide   a   comprehensive   analysis   of   ICT   architectures,   vulnerabili'es,   and   best   prac'ces   related   to   the   Smart   Grids   and   will   create,   at   European   level   an   Informa'on   Sharing  Hub  on  the  subject.  The  project  is  developed  in  partnership  with  ENEL,  RSE  Energia,  EFACEC     Distributed   Energy   Security   Knowledge   (DEnSeK):   The   aim   of   the   project   is   defining   and   deploying   a   distributed   cross-­‐company   situa'on   awareness   network   for   the   Energy   Industrial   field.   It   will   enforce   the   capability   of   forecas'ng  cyber  threats  evolu'on  at  con'nental  level,  giving  the  opportunity  to  take  mi'ga'ng  measures  and   facilitates   the   coordina'on   among   the   members   of   the   plaCorm   in   case   of   crisis.   Project   Partners   are:   ENEL,   Security  MaTers,  Alliander  NV,  Gdansk  University  of  Technology     Computer  Emergency  Response  Team  (CERT):  Support  to  Security  Department  in  the  design,  development  and   implementa'on  of  corporate  CERT.  Interna'onal  Benchmark,  design  of  main  processes  (incident  handling,  early   warning,  threat  and  vulnerability  management,…),  review  of  FIRST  requirements,  prepara'on  of  Top   Management  presenta'ons  and  report,…       Black  market  study:  analysis  of  aTack  mo'va'ons,  poten'al  impacts  of  the  aTacks  and  descrip'on  of  tools,   network  resources,  informa'on  and  services  sold  online  for  perpetra'ng  the  aTacks   NATO  Advanced  Research  Workshop:  GCSEC,  together  with  GCSP,  has  organized  an  event  in  Geneva  on  “Best   Prac'ces  for  Computer  Network  Defence:  Incident  Detec'on  and  Response”.  29  experts  in  cyber  security,  from   NATO  Countries  and  Partner,  discussed  on  the  evolu'on  of  Incident  Detec'on  and  Response   2
  • 3. Scenarios: cyberspace will increase more and more Today  and  the  Near   Future1   Today   2020   Es'mated  World   Popula'on   7  billion  people   8  billion  people  circa   Es'mated  Internet   Popula'on   2.5  billion  people   (35%  of  popula'on  online)   5  billion  people  circa   (60%  of  popula'on  online)   Total  Number  of   Devices   12.5  billion  internet   connected  physical  objects   and  devices   (6  devices  per  person  circa)   50  billion  internet  connected   physical  objects  ad  devices   (10  devices  per  person  circa)   ICT  Contribu'on  to   the  Economy   4%  of  GDP  on  average  for   G20  na'ons   10%  of  worldwide  GDP   MORE THREATS •  •  •  •  •  3 1)  Evans,  The  Internet  of  Things,  How  the  Next  Evolu'on  of  the  Internet  Is  Changing  Everything   More People More People online More Devices More Revenues generated More  People  aTracted  to  business  crime   New  market  to  explore   Easier  to  find  vic'ms,  not  confident  with   internet   Easier  to  buy  full  package  services   …  
  • 4. Threats will increase and also impact critical infrastructures too "   Intellectual Property and Digital Identities are stolen regularly "   Systems are erased "   Services are disrupted "   Sophisticated hackers team are even more well oranized "   Malwares are cheaper and easier "   Full maleware package/services available on dark market "  … 2009 Spies breach electricity grid in U.S.: According to current and former national security officials, as reported in The Wall Street Journal, cyberspies from China, Russia and other countries penetrated the U.S. electrical grid and left behind software programs that could be used to disrupt the system. 2010 The Stuxnet worm temporarily knocks out some of the centrifuges at Iran's Natanz nuclear facility, causing considerable delay to that country's uranium enrichment program 2011 The Nitro Attacks: A series of targeted attacks using an off-the-shelf Trojan horse called "Poison Ivy" is directed mainly at companies involved in the research, development and manufacture of chemicals and advanced materials. After tricking targeted users into downloading Poison Ivy, the attackers issue instructions to the compromised computers, troll for higher-level passwords and eventually offload the stolen content to hackercontrolled systems. 2012 DDoS attacks on U.S. banks: The U.S. accuses Iran of staging a wave of denial-of-service attacks against U.S. financial institutions. Defense Secretary Leon Panetta warns of potential for a "cyber Pearl Harbor" against critical infrastructure and calls for new protection standards. 4 Sources:  ICS-­‐CERT,  The  New  York  Times,  CSO,  Computerworld,  The  Wall  Street  Journal  
  • 5. What are the critical infrastructures? The  UK's  na'onal  infrastructure  is  defined  by  the  Government  as:  “those  facili'es,  systems,  sites  and  networks  necessary  for  the   func'oning  of  the  country  and  the  delivery  of  the  essen'al  services  upon  which  daily  life  in  the  UK  depends”                              UK  CPNI  WEBSITE   Parameter   Green   Yellow   Orange   Red   Health   No  injuries   Light  injuries   Heavy  Injuries   Danger  of  life   Economics   Loss   <  1%  EBITDA   1%<EBITDA<3 %     3%<EBITDA<5 %   >  5%  EBITDA   Service   disrup'on   0  –  10  minutes   10  –  60   minutes   1  day   >  1  day   Reputa'on   Inside  the   company   Local  level   Na'onal  level   Interna'onal   level   …   The  Infrastructure  is  not  at  the  center  of  interests     the  conPnuity  of  the  SERVICE   is  the  main  goal   5 UK  Cri'cality  Scale  (Strategic  Framework  and  Policy  Statement  –   Cabinet  Office)    
  • 6. Critical Infrastructure are that infrastructure vital for the continuity of a service delivery which disruption would be critical at national level CITIZENS  and  COMPANIES   Do  the  Owners  of  criPcal  services…   "   …know if the service they deliver is critical? Core/Cri'cal   Service   Cri'cal   Applica'on  1   "   …know at which level of criticality scale the Support  Service   Not  Cri'cal   Applica'on  2   Applica'on  2   service could be considered critical? "   …know the technology/assets chain vital for delivering critical services? Opera'ng  system   "   …know from who they depend on? "   …put already in place all the countermeasures Infrastructure /tools   Infrastructure /tools   Infrastructure /tools   known and necessary to guarantee the service continuity? 6 Facility   Facility   Facility  
  • 7. The new trend in the protection of critical infrastructures is also to do properly what we are already doing (1/3) Examples   Better Perimeter and service Knowledge Prioritize Patch management "   Map the technology/asset chain the critical service depends on and the impact related to their disruptions "   Map the interdependencies between networks, applications, operating system,… "   Identify the servers containing sensitive data "   Define a patch management cycle (notification, testing, prioritizing, deploying, monitor,…) "   Prioritize deployment on critical infrastructures the critical service depend on Reduce complexity and opportunities Strengthen internal collaboration "   Avoid conflicts between business units (business owner, information technology, security departments, …) "   Join skills and capabilities and work together to define and implement security requirements (i.e. CERT) Increase education and training 7 "   Reduce the complexity of networks, applications, operating systems, in order to reduce also the “surface” available for the attacks "   Often there are many applications inside a company doing similar activities, platform optimization will save time and resources to monitor it and patch it "   Reducing the attack surface will reduce the opportunities for the hacker to find blind spots "   Managers and employees don’t know security policy related to the use of ICT infrastructures, PCs or mobile devices "   There is a lack of training and exercises inside companies, this doesn’t help to speed the incident handling process and so on
  • 8. The new trend in the protection of critical infrastructures is also to do properly what we are already doing (2/3) Examples   Use of Honeypots Use of Disinformation/ Deception "   Traps set to detect, deflect or counteracts attempts at unauthorized use of information systems "   They gather information regarding an intruder or attacker in the system "   False repository with false intellectual proprieties or data not useful for the attackers "   It allows to identify the attack motives "   It allows also to make attackers to invest money without profit Knowledge of your enemies "   Monitor blogs/forum, media, chat to understand the sentiment around the company and if someone intend to attack your organization "   Monitor black market t(i.e. services, malware, databases of credentials, emails and so on) "   Learn hacker operating model (pattern of attacks could be similar against different companies) Hacker Yourself "   Start to think and act as a hacker. In this way you can really test the protection levels of your infrastructures and take the right countermeasures (penetration testing, vulnerability assessment,…) Stregthen integration and data/traffic analysis "   Data are usually collected but rarely analyzed and correlated. Usually only for forensics "   Big Data is the future and security has to be confident with them to understand patterns, correlations and so on "   There are new solutions dealing also with behavioral pattern or “pattern of life” that describe the normal online activity of employees,… (anomaly-based IDS) 8
  • 9. The new trend in the protection of critical infrastructures is also to do properly what we are already doing (3/3) Examples   Build a security inhouse capability Limit the “bring your own device”(BYOD) Stregthen external collaboration Moving target architectures "   Security could not be transfer to external suppliers. It will create an uncomfortable dependency "   Companies are re-thinking security bringing back at home competencies and skilled resources "   Internet of things will enlarge the interactions with personal devices used also for work "   Clear policy shall be defined and strict controls put in place (mandatory authirization process, password protection, control of risky application, limit the use of business application with sensitive data,…) "   SOC/CERT and Security departments have to strengthen concrete collaborations "   It is impossible to have the overview of all the threats and vulnerabilities present in cyberspace "   The collaboration shall go one step further the signature of MoUs "   The design of architectures could be done in order to shift the program’s attack surface, also reducing it (Moving target) "   Different types of architectures based on microkernels and separation kernels APPROACHING  CYBER  SECURITY  TODAY  IS  SUCH  AS  APPROACHING  COLD  WAR  YEARS  AGO     START  TO  THINK  THAT  YOU  ARE  ALREADY  UNDER  ATTACK     9
  • 10. THANKS     massimo.cappelli@gcsec.org     www.gcsec.org     10