framing the discussion - ccicada...3 simple security risk model • scenario –combination of a...
TRANSCRIPT
![Page 1: Framing the Discussion - CCICADA...3 Simple Security Risk Model • Scenario –combination of a target and attack mode • For each scenario, assess the following: – Threat –](https://reader034.vdocuments.net/reader034/viewer/2022042403/5f14e67b496fc42e815e8cb2/html5/thumbnails/1.jpg)
Framing the Discussion:A World of
Cybersecurity Risks
John DuncanVice President
Global Government SectorABS Group
![Page 2: Framing the Discussion - CCICADA...3 Simple Security Risk Model • Scenario –combination of a target and attack mode • For each scenario, assess the following: – Threat –](https://reader034.vdocuments.net/reader034/viewer/2022042403/5f14e67b496fc42e815e8cb2/html5/thumbnails/2.jpg)
2
RiskUnderstanding
Foundation for Risk Assessment
What cango wrong?
Basic Elements of Risk
2
Knowledge & Intuition
Analytical Methods
Historical Experience
Risk = f [Threat, Vulnerability, Consequence]
How likelyis it?
What are the impacts?
![Page 3: Framing the Discussion - CCICADA...3 Simple Security Risk Model • Scenario –combination of a target and attack mode • For each scenario, assess the following: – Threat –](https://reader034.vdocuments.net/reader034/viewer/2022042403/5f14e67b496fc42e815e8cb2/html5/thumbnails/3.jpg)
3
Simple Security Risk Model
• Scenario – combination of a target and attack mode• For each scenario, assess the following:
– Threat – likelihood of a specific attack– Vulnerability – probability that the attack will be successful
– Consequence – level of impact associated with a successful attack
SENSITIVE SECURITY INFORMATION 3
Risk = f [Threat, Vulnerability, Consequence]
What cango wrong?
How likelyis it?
What are the impacts?
![Page 4: Framing the Discussion - CCICADA...3 Simple Security Risk Model • Scenario –combination of a target and attack mode • For each scenario, assess the following: – Threat –](https://reader034.vdocuments.net/reader034/viewer/2022042403/5f14e67b496fc42e815e8cb2/html5/thumbnails/4.jpg)
4
NIST Framework Overview
• In February 2013, President Obama issued Executive Order 13636: Improving Critical Infrastructure Cybersecurity
• Called for NIST to lead a collaborative effort to develop voluntary, risk‐based Cybersecurity Framework– Set of existing standards, guidelinesand practices to help organizations manage cyber risks.
![Page 5: Framing the Discussion - CCICADA...3 Simple Security Risk Model • Scenario –combination of a target and attack mode • For each scenario, assess the following: – Threat –](https://reader034.vdocuments.net/reader034/viewer/2022042403/5f14e67b496fc42e815e8cb2/html5/thumbnails/5.jpg)
5
NIST Framework Core
• Developed as guidance for a specific critical infrastructure component
• Contains valuable information for government agencies• NIST framework identifies 5 major cybersecurity functions
Includes a Risk Assessment Category
![Page 6: Framing the Discussion - CCICADA...3 Simple Security Risk Model • Scenario –combination of a target and attack mode • For each scenario, assess the following: – Threat –](https://reader034.vdocuments.net/reader034/viewer/2022042403/5f14e67b496fc42e815e8cb2/html5/thumbnails/6.jpg)
6
Notional Cybersecurity Bow‐Tie Analysis Framework
Shellcode & Buffer Overflow
Denial of Service (DoS)
Social Engineering & Spoofing
Business Interruption Impacts
Secondary Economic Impacts
SYSTEM EXPLOITED
Property Damage Impacts
3
7
1
PREVENTIONMEASURESAttack Types Impacts
3 5
PROTECTIONMEASURES
IDENTIFICATIONMEASURES
RESPONSEMEASURES
Impacts on People
Successful Attack
Countermeasures Identification & Response Measures
1. Secure Input/Output Handling2. Data Execution Prevention3. Intrusion Prevention System4. Social Engineering Training5. Access Control
6. Executable Space Protection7. Anti-Virus Software8. Firewalls9. Security Protocols
1. Intrusion Detection System2. Deep Packet Inspection3. Network Analyzer4. Honeypots5. Firewall Modification
6. System Backup Restoration7. DoS Defense System8. Operating System
Reinstallation9. Hardware Replacement
21
8
4
9 2
6Malicious Code Injection
9
8
4
6
75
![Page 7: Framing the Discussion - CCICADA...3 Simple Security Risk Model • Scenario –combination of a target and attack mode • For each scenario, assess the following: – Threat –](https://reader034.vdocuments.net/reader034/viewer/2022042403/5f14e67b496fc42e815e8cb2/html5/thumbnails/7.jpg)
7
Cyber Threats to Maritime Entities
Tiffany Jones, CISSP, CIPP SVP & Chief Revenue Officer, iSIGHT [email protected]
![Page 8: Framing the Discussion - CCICADA...3 Simple Security Risk Model • Scenario –combination of a target and attack mode • For each scenario, assess the following: – Threat –](https://reader034.vdocuments.net/reader034/viewer/2022042403/5f14e67b496fc42e815e8cb2/html5/thumbnails/8.jpg)
8
Primary Threat Categories
Proprietary and Confidential Information. © Copyright 2014, iSIGHT Partners, Inc. All Rights Reserved www.isightpartners.com
![Page 9: Framing the Discussion - CCICADA...3 Simple Security Risk Model • Scenario –combination of a target and attack mode • For each scenario, assess the following: – Threat –](https://reader034.vdocuments.net/reader034/viewer/2022042403/5f14e67b496fc42e815e8cb2/html5/thumbnails/9.jpg)
9
Scenarios: Setting the Geopolitical Context
Proprietary and Confidential Information. © Copyright 2014, iSIGHT Partners, Inc. All Rights Reserved www.isightpartners.com
Geopolitics drives espionage activity
![Page 10: Framing the Discussion - CCICADA...3 Simple Security Risk Model • Scenario –combination of a target and attack mode • For each scenario, assess the following: – Threat –](https://reader034.vdocuments.net/reader034/viewer/2022042403/5f14e67b496fc42e815e8cb2/html5/thumbnails/10.jpg)
10
Naval and Coast Guard Threats
Proprietary and Confidential Information. © Copyright 2014, iSIGHT Partners, Inc. All Rights Reserved www.isightpartners.com
![Page 11: Framing the Discussion - CCICADA...3 Simple Security Risk Model • Scenario –combination of a target and attack mode • For each scenario, assess the following: – Threat –](https://reader034.vdocuments.net/reader034/viewer/2022042403/5f14e67b496fc42e815e8cb2/html5/thumbnails/11.jpg)
11
Naval and Coast Guard Threats
Proprietary and Confidential Information. © Copyright 2014, iSIGHT Partners, Inc. All Rights Reserved www.isightpartners.com
Benign lure document from Mirage RAT sample deployed ahead of US‐Philippine defense agreement (iSIGHT Partners)
![Page 12: Framing the Discussion - CCICADA...3 Simple Security Risk Model • Scenario –combination of a target and attack mode • For each scenario, assess the following: – Threat –](https://reader034.vdocuments.net/reader034/viewer/2022042403/5f14e67b496fc42e815e8cb2/html5/thumbnails/12.jpg)
12
Commercial Maritime Threats
Proprietary and Confidential Information. © Copyright 2014, iSIGHT Partners, Inc. All Rights Reserved www.isightpartners.com
![Page 13: Framing the Discussion - CCICADA...3 Simple Security Risk Model • Scenario –combination of a target and attack mode • For each scenario, assess the following: – Threat –](https://reader034.vdocuments.net/reader034/viewer/2022042403/5f14e67b496fc42e815e8cb2/html5/thumbnails/13.jpg)
13
Commercial Maritime Threats
Proprietary and Confidential Information. © Copyright 2014, iSIGHT Partners, Inc. All Rights Reserved www.isightpartners.com
Chinese New Year‐themed lure document sent to Japan Maritime United Corporation employee (iSIGHT Partners)
![Page 14: Framing the Discussion - CCICADA...3 Simple Security Risk Model • Scenario –combination of a target and attack mode • For each scenario, assess the following: – Threat –](https://reader034.vdocuments.net/reader034/viewer/2022042403/5f14e67b496fc42e815e8cb2/html5/thumbnails/14.jpg)
14
NEWSCASTER
• 3+ year Cyber‐espionage campaign with links to Iran• Targeting high and low ranking personnel in multiple
countries – US, UK, Israel, Saudi Arabia, Iraq – U.S. military – Congressional personnel – Washington D.C. area journalists – Diplomatic corps – U.S. Defense contractors– Israeli Defense contractors – Members of the U.S./Israeli lobby
• Utilizing social media platforms as targeting platform – Facebook – LinkedIn – YouTube – Etc.
• More than 2,000 targets and legitimate individuals caught in the net
– Credential harvesting – Access to corporate and personal emails – Malware with data exfiltration capabilities
Proprietary and Confidential Information. © Copyright 2014, iSIGHT Partners, Inc. All Rights Reserved www.isightpartners.com
![Page 15: Framing the Discussion - CCICADA...3 Simple Security Risk Model • Scenario –combination of a target and attack mode • For each scenario, assess the following: – Threat –](https://reader034.vdocuments.net/reader034/viewer/2022042403/5f14e67b496fc42e815e8cb2/html5/thumbnails/15.jpg)
Risk Panel ‐ VulnerabilitiesRonin Security Solutions
Andrew N Bertolazzi
![Page 16: Framing the Discussion - CCICADA...3 Simple Security Risk Model • Scenario –combination of a target and attack mode • For each scenario, assess the following: – Threat –](https://reader034.vdocuments.net/reader034/viewer/2022042403/5f14e67b496fc42e815e8cb2/html5/thumbnails/16.jpg)
Environment
• Ever‐expanding cyber tools and connections
• Most popular passwords in 2013: “password”, “123456”
• “We aren't even doing the simple stuff” Sen. Coburn‐2014
• CIOs: Hacking is going to happen. Plan for it (2015)
• All software has flaws
• Macro versus micro vulnerabilities
• People are the critical common factor
16
![Page 17: Framing the Discussion - CCICADA...3 Simple Security Risk Model • Scenario –combination of a target and attack mode • For each scenario, assess the following: – Threat –](https://reader034.vdocuments.net/reader034/viewer/2022042403/5f14e67b496fc42e815e8cb2/html5/thumbnails/17.jpg)
Maritime Terminal Realities
• Reliance on cyber‐linked tools, equipment, systems
• e‐Commerce and online filings
• Increasing need for tech‐savvy workforce
• Shrinking margins, reduced staff, higher workload
• Make‐up of IT and Security organizations
• Divergent priorities, mandates, and funding
• Port focus has been primarily on physical security
• Few Business Continuity or Disaster Recovery Plans
17
![Page 18: Framing the Discussion - CCICADA...3 Simple Security Risk Model • Scenario –combination of a target and attack mode • For each scenario, assess the following: – Threat –](https://reader034.vdocuments.net/reader034/viewer/2022042403/5f14e67b496fc42e815e8cb2/html5/thumbnails/18.jpg)
Typical Vulnerabilities
• Economic and strategic “soft” targets
• Flat, lean organizations – single point failures
• Cyber‐connected control systems, equipment, data
• Low security of networks, WiFi, back‐up, hardware
• Inadequate password practices
• Limited funds, shrinking PSGP pool
• Security is a cost – financial and operational
• People
18
![Page 19: Framing the Discussion - CCICADA...3 Simple Security Risk Model • Scenario –combination of a target and attack mode • For each scenario, assess the following: – Threat –](https://reader034.vdocuments.net/reader034/viewer/2022042403/5f14e67b496fc42e815e8cb2/html5/thumbnails/19.jpg)
What Can Be Done?
Processes• Robust plans for Business Continuity & Disaster Recovery• Regular, secure, offsite back‐up• Access controls for data – physical and cyber• Password disciplineTools• Firewalls, segmented networks, intrusion detection• Timely and complete updates, patches, & fixesPeople• Awareness, training, exercises• Security consciousness (a bit of paranoia goes a long way)• Outside help
19
![Page 20: Framing the Discussion - CCICADA...3 Simple Security Risk Model • Scenario –combination of a target and attack mode • For each scenario, assess the following: – Threat –](https://reader034.vdocuments.net/reader034/viewer/2022042403/5f14e67b496fc42e815e8cb2/html5/thumbnails/20.jpg)
Resources
• Homeport Cyber‐Security Webpagehttps://homeport.uscg.mil/mycg/portal/ep/home.do
• US Computer Emergency Readiness Team (US‐CERT)https://www.us‐cert.gov
• Industrial Control Systems ‐ Cyber Emergency Readiness Teamhttps://www.ics‐cert.us‐cert.gov
• National Institute of Standards and Technology (NIST)http://www.nist.gov/cyberframework/index.cfm
• Software & Supply Chain Assurance Clearinghouse (DHS)https://buildsecurityin.us‐cert.gov/swa/cwe
20
![Page 21: Framing the Discussion - CCICADA...3 Simple Security Risk Model • Scenario –combination of a target and attack mode • For each scenario, assess the following: – Threat –](https://reader034.vdocuments.net/reader034/viewer/2022042403/5f14e67b496fc42e815e8cb2/html5/thumbnails/21.jpg)
Commander Pacific Area
Risk Panel ‐ Consequences
Captain Joe KramekEleventh Coast Guard District
Legal Officer & Staff Judge Advocate
![Page 22: Framing the Discussion - CCICADA...3 Simple Security Risk Model • Scenario –combination of a target and attack mode • For each scenario, assess the following: – Threat –](https://reader034.vdocuments.net/reader034/viewer/2022042403/5f14e67b496fc42e815e8cb2/html5/thumbnails/22.jpg)
Commander Pacific Area
Case Study – National Impact of West Coast Port Stoppage (29 ports)
5 Days 10 Days 20 Days
Cost to U.S. Economy $1.9 B $2.1B $2.5B
Loss of Imports $1.8 B $3.9 B $8.3 B
Loss of Exports $1.5 B $3.2 B $6.9 B
Reduced Economic Output $9.4 B $21.2 B $49.9 B
Cost to Households $81 $170 $366
Employment Disruption 73,000 169,000 405,000
![Page 23: Framing the Discussion - CCICADA...3 Simple Security Risk Model • Scenario –combination of a target and attack mode • For each scenario, assess the following: – Threat –](https://reader034.vdocuments.net/reader034/viewer/2022042403/5f14e67b496fc42e815e8cb2/html5/thumbnails/23.jpg)
Commander Pacific Area
Immediate Backlog Across Economy
Automakers – More Expensive Parts / Reduced ProductionHonda, Toyota & Subaru
Wal‐Mart Inc. – Reduced Inventory /Earnings HitElectronics
U.S. Meat Exporters – millions of pounds in storage$85 mil per week
Farmers – Losses estimated in hundreds of millions CA citrus exports cut by halfWA apple crops
![Page 24: Framing the Discussion - CCICADA...3 Simple Security Risk Model • Scenario –combination of a target and attack mode • For each scenario, assess the following: – Threat –](https://reader034.vdocuments.net/reader034/viewer/2022042403/5f14e67b496fc42e815e8cb2/html5/thumbnails/24.jpg)
Questions for Panel
24