protecting the cni bcs elite 9 june 2005
DESCRIPTION
Protecting the CNI BCS ELITE 9 June 2005. Mick Morgan Head of Response. Overview. What is NISCC? What is the CNI? What is the threat? How does NISCC work? NISCC products and services. What is NISCC ?. - PowerPoint PPT PresentationTRANSCRIPT
Protecting the CNIProtecting the CNIBCS ELITE BCS ELITE 9 June 20059 June 2005
Mick MorganMick MorganHead of ResponseHead of Response
OverviewOverview
• What is NISCC?What is NISCC?• What is the CNI?What is the CNI?• What is the threat?What is the threat?• How does NISCC work?How does NISCC work?• NISCC products and servicesNISCC products and services
What is NISCC ?NISCC is an inter-departmental centre which co-ordinates activity across a range of organisations. Each organisation contributes resources and expertise to NISCC’s programme of work according to what value it can add.
NISCC’s aim is to minimise the risk to the Critical National Infrastructure (CNI) from electronic attack (eA).
Security
~ Police~ MI5~ CESG
Defence
~ MOD~ DSTL
contribute to
Civil Government
~ Home Office~ Trade & Industry ~ Cabinet Office
An Interdepartmental CentreAn Interdepartmental Centre
What is the CNI?What is the CNI?
Those parts of the United Kingdom’s infrastructure Those parts of the United Kingdom’s infrastructure for which continuity is so important to national life for which continuity is so important to national life that loss, significant interruption or degradation of that loss, significant interruption or degradation of service would have service would have life-threateninglife-threatening, , serious serious economiceconomic or other or other grave social consequencesgrave social consequences for for the the communitycommunity, or would otherwise be of , or would otherwise be of immediate immediate concern to the Government.concern to the Government.
The CNI SectorsThe CNI Sectors
• TelecommunicationsTelecommunications• EnergyEnergy• FinanceFinance• Government & Public Government & Public
ServicesServices• Water and SewerageWater and Sewerage• Health ServicesHealth Services• Emergency ServicesEmergency Services• TransportTransport• HazardsHazards• FoodFood
The ThreatThe Threat
Foreign States
Terrorists
Activists
Criminals
Hackers
Script Kiddies
NISCC Interest Visible Activity
““The use of computers to gain The use of computers to gain unauthorised access to the data or unauthorised access to the data or control software of computer-based control software of computer-based systems in order to systems in order to acquireacquire or or corruptcorrupt data or data or disruptdisrupt the functioning of the functioning of systems.”systems.”
January 2002January 2002
Electronic attack (eA) : What is it?Electronic attack (eA) : What is it?
Two types of eATwo types of eA
Untargeted attacks: Indiscriminate attacks affecting availability & many targetsExamples: Worms, virusesProfile: High Impact: Short term high
Targeted attacks: These focus on a particular target addressExamples: Hacking attacks, e-mail Trojan attacksProfile: Generally low Impact: Can be high & long term
1. Greater exploitation of richness of software & speed of wired/wireless networks
2. Growing online markets in malicious software & stolen information
3. Impact of globalisation eg data ‘offshoring’ & outsourcing of system procurement, services & maintenance
4. Developing eA capabilities of terrorists5. Concerns about sophisticated eAs:
Difficult to detect; may be impossible to mitigate
2005+: Emerging threat themes2005+: Emerging threat themes
Exploiting a rich environmentExploiting a rich environment
Malicious code seeks to infect ‘fast & furiously’; attackers take control; victims become future ‘seeders’ …
More data available on-line … more stealing … exploiting opportunities in feature-rich software
Attack infrastructure development: Networks of ‘botnets’ can be easily controlled for DDoS, spam, data egress etc … 1000s of ‘zombies’ out there!
Underpinned by growth & increased speed of broadband & mobile networks
Exploiting Broadband - Exploiting Broadband - BotnetsBotnets
A roBOT NETwork or ‘botnet’ is a network of compromised computers controlled by a client, a ‘botherder’ that issues commands via control or master servers
Command & control was Internet Relay Chat (IRC) but now can be any real time protocol inc Instant Messaging (IM)
The nodes of the ‘botnet’ (compromised PCs often called drones or zombies) are used to: Compromise other computers Flood targets (DDoS) Propagate spam email Sniffing, keylogging, mass id theft Egress data …
DIY: Much bot source code is available on the Internet Rent: Nets of 10-50,000+ attack zombies available …
The growing online The growing online marketplacemarketplace
‘Goodbye kudos, hello $$££ … roubles?!’ Exploits for £££ … not for fun! Markets for:
botnets: Just name your price & target! malware: ‘zero-day’ exploits for purchase by
all! harvested info: CC nos, bank details, ids,
passwords processing time: on other people’s PCs!
Researchers motivated to discover more vulnerabilities
Faster ‘flash to bang’ times
Impact of globalisationImpact of globalisation
Global market brings advantages .. & risks Profits linked to globalisation BUT … Equipment purchased overseas might have
additional vulnerabilities; manufacturers might be subject to political pressure
Installation, maintenance & upgrade services provided from overseas are exploitable
Outsourcing services & offshoring data to foreign companies brings hard to manage risks: monitoring contracts is very difficult
How NISCC worksHow NISCC works
Critical National Infrastructure
Research and Development. Policy
ResponseOutreachThreat
Assessment
How does NISCC work?How does NISCC work?
Investigation and Assessment
Critical National Infrastructure
Research and Development. Policy
ResponseOutreach
Investigating and Assessing the ThreatInvestigating and Assessing the Threat
• Making best use of technical, human and open Making best use of technical, human and open sources to investigate.sources to investigate.
• Analysis and assessment.Analysis and assessment.• Reports and specific threat assessments.Reports and specific threat assessments.• Disruptions.Disruptions.
How does NISCC work?How does NISCC work?
OutreachInvestigation and
Assessment
Critical National Infrastructure
Research and Development. Policy
Response
OutreachOutreach
Promoting Protection and Assurance:Promoting Protection and Assurance:
• Dialogue with all CNI sectorsDialogue with all CNI sectors• Facilitating information exchangesFacilitating information exchanges• Tailored reportsTailored reports
How does NISCC work?How does NISCC work?
Response
Critical National Infrastructure
Research and Development. Policy
OutreachInvestigation and
Assessment
ResponseResponse
• Briefings and alerts via UNIRASBriefings and alerts via UNIRAS• Responsible disclosure of vulnerabilitiesResponsible disclosure of vulnerabilities• Assistance with recovery from direct attacksAssistance with recovery from direct attacks
NISCC Monthly BulletinNISCC Monthly Bulletin of significant eA activity of significant eA activity NISCC QuarterlyNISCC Quarterly ReviewReview has broader articles on CIP has broader articles on CIP
issuesissues NISCC BriefingsNISCC Briefings address topics of current concern address topics of current concern UNIRAS AlertsUNIRAS Alerts highlight vulnerabilities to be fixed highlight vulnerabilities to be fixed
nownow!! UNIRAS BriefingsUNIRAS Briefings inform on emerging technical inform on emerging technical
issuesissues UNIRAS Technical NotesUNIRAS Technical Notes provide detailed advice provide detailed advice Details at Details at www.niscc.gov.ukwww.niscc.gov.uk or or www.uniras.gov.uk www.uniras.gov.uk or or
e-mail e-mail [email protected]@niscc.gov.uk
NISCC ProductsNISCC Products
Outreach products Outreach products
NISCC reporting:NISCC reporting:• Threat assessments for Threat assessments for
specific CNI companies;specific CNI companies;• UNIRAS (UK CERT) UNIRAS (UK CERT)
distribution to the CNI;distribution to the CNI;• Presentations to Seminars, Presentations to Seminars,
Forums & Associations;Forums & Associations;• WARPs, Information WARPs, Information
Exchanges;Exchanges;• CNI Assurance Reports.CNI Assurance Reports.
NISCC Assurance Reportfor
National Infrastructure plc
September 2003
Protecting the CNIProtecting the CNIBCS ELITE BCS ELITE 9 June 20059 June 2005
www.niscc.gov.ukwww.niscc.gov.uk
Mick MorganMick MorganHead of ResponseHead of Response