CYBER SECURITY: SECURING YOUR CRITICAL INFRASTRUCTURE

AGAINST CYBER ATTACKS

MAY 6th 2014

Francesca Schuler Business and Technology Strategy

Motorola Solutions Inc.

Dr. Brenda Connor Business and Solution Creation Expert

Ericsson

• INTERCONNECTED SYSTEMS

• AGENCY-AGENCY COLLABORATION

• CLOUD SERVICES & DISSOLVING

PERIMETER

• MOBILITY

• BYOD

• UBIQUITOUS OPERATING SYSTEM

• CONSUMER BASED TECHNOLOGIES

• SHARED SPECTRUM

• SELF CONTAINED SYSTEMS

• AGENCIES IN SILOS

• LOCAL / ON-PREMISE & DEFINED

PERIMETER

• FIXED DEVICES

• ENTERPRISE PROVIDED DEVICES

• CONTROLLED OPERATING SYSTEMS

• NON-CONSUMER TECHNOLOGIES

• PRIVATE SPECTRUM

CHANGING PUBLIC SAFETY LANDSCAPE

INCREASING RISKS

NEW LANDSCAPE • INTERCONNECTED SYSTEMS

• AGENCY-AGENCY COLLABORATION

• CLOUD SERVICES & DISSOLVING

PERIMETER

• MOBILITY

• BYOD

• UBIQUITOUS OPERATING SYSTEM

• CONSUMER BASED TECHNOLOGIES

• SHARED SPECTRUM

RIS

K

CHANGES IN SECURITY

THREAT PROFILE

GREATER ATTACK

SURFACE

CHANGES IN RISK

MITIGATION STRATEGY

LOW HIGH SECURITY RISK

CO

NT

RO

LS

/ C

OS

T

NETWORK ITSELF BECOMES SUBJECT TO OPEN INTERNET-BASED THREATS.

FIXED DEVICES

LOCAL / ON PREMISES

& DEFINED PERIMETER

AGENCY SILOS

SELF CONTAINED

MOBILITY

BYOD

AGENCY

COLLABORATION

UBIQUITIOUS OS

CLOUD SERVICES &

DISSOLVING PERIMETER

FULLY

INTERCONNECTED

PUBLIC SAFETY DEVICES OPERATING ON

PUBLIC SAFETY NETWORK

PUBLIC SAFETY DEVICES OPERATING ON

COMMERCIAL NETWORK

COMMERCIAL DEVICES OPERATING ON

PUBLIC SAFETY NETWORK

DEVICES BECOME TARGETS OF INTERNET-BASED THREATS.

DEVICES ARE LOST, TAMPERED, OR MODIFIED AT THE OPERATING SYSTEM LEVEL, OR INFECTED VIA USB DATA TRANSFER.

INCREASING CONTROLS & COSTS

SINCE 2006: CYBER SECURITY EVENTS INCREASED

782%

NATION

STATES

ORGANIZED CRIME

SINDICATES

NONTECHNICAL

OPPORTUNISTS

CRIMINAL HIERARCHY LEVERAGE NEW TECHNOLOGIES

TRENDS

KNOWN MALWARE

100,000+ NEW SAMPLES PER DAY

100,000,000+

UNINTENTIONAL VULNERABILITIES

HACKERS FIND A HOLE IN THE SECURITY

MEASURES USED TO PROTECT SENSITIVE DATA,

THE VULNERABILITY IS EVENTUALLY EXPLOITED

BY HACKERS WHO TAKE ADVANTAGE OF THE

HOLE BECAUSE SOME SITES AND USERS ARE

SLOW TO UPDATE THEIR SYSTEMS.

THREATS ARE OUT THERE …

INCIDENT RESPONSE PROCEDURES

TO DETECT AND ADDRESS SWIFTLY

THREATS

DEVICES &

APPLICATIONS

RADIO ACCESS

NETWORK

PUBLIC SAFETY

BROADBAND

CORE

AGENCIES &

ENTERPRISE

MALWARE

UNAUTHORIZED ACCESS

DATA VULNERABILITIES

ADVANCED PERSISTENT THREATS

NETWORK EXPLOITS

INFORMATION LEAKS

HOLISTIC END-TO-END SOLUTION

MINIMIZE ATTACK SURFACE

DEFENSE IN DEPTH

APPLICATIONS & DEVICES

NETWORKS CORE / AGENCY / ENTERPRISE / INTERNET

SERVICES

SECURE ALL LAYERS

MINIMIZE ATTACK SURFACE Defense in Depth with Flexibility

SECURITY INTEGRATED INTO OPERATIONS Providing the Right Balance of Security and Ease of Use

& Manage the Lifecycle

SECURE INTEROPERABILITY Removing Security Silos & Enabling Secure Interoperability of

voice and data

SECURE THE EDGE Identity is the New Perimeter for Access & Control Decisions

SECURE ALL LAYERS Leverage Encryption, Certificates at all Levels

MINIMIZE SECURITY POLICY COMPLEXITY Keep a base set of policies understanding that one size

may not fit all; Ensure Contingency plans in place

IDENTITY

MANAGEMENT

ENABLER

SECURITY’S CHANGING PARADIGM

IDENTITY MANAGEMENT Secure the Edge

• CREDENTIAL

FEDERATION

• SECURITY TOKEN

SERVICE

• STRONG MULTI-

LEVEL AND MULTI-

FACTOR

AUTHENTICATION

• MULTI-LEVEL AND

MULTI-FACTOR

AUTHORIZATION

Encryption

LTE access Network

Network Services Layer (e.g. Dynamic QoS)

IMS apps (e.g. VoLTE, SMS/MMS)

Non-IMS apps (e.g. status-info

“homepage”)

ISIM USIM

First Responder LTE device

FirstNet Network (FNN)

PSE apps (e.g.

Video/CAD)

Authentication using

Federated PSE Credentials

(e.g. SAML)

ISIM and USIM credentials

provisioned within FNN/HSS

Directory (e.g. Active

Directory)

Public Safety Enterprise (PSE)

Authentication using

PSE credentials

HSS

Note: ISIM and USIM identities both identify the device subscriber NOT the human user

TRIAD OF IDENTITIES

DIGITAL IDENTITY

Improved identity provider services:

Easier and safer to sign in and access sites

Security Services to Subscriber:

Leveraging the SIM for application security

OTT SERVICE

PROVIDERS AGENCIES

Human

Authorization (OAuth)

Subscription Security (GBA)

Human

Authentication (Open ID)

Service Enablement

Authentication Federation Gateway

Consent

(resource owner)

Application

Authentication

Authorization

DATA EXCHANGE Secure Data Management at Edge

Secure data

management

at edge.

PRIVACY STATEMENT

Privacy matters to all of us. It is a given that all

data regulations are strictly complied with but

in addition to this, it is our belief that data, in the

context of analytics or specific applications can be

used responsibly in two ways:

– Either it must be anonymous and aggregated so that

no individual can be identified or

– The appropriate resource owner permissions must be

in place.

ENHANCE FIRST

RESPONDER

EXPERIENCE BY

TRANSFORMING

DATA INTO RELEVANT

INFORMATION

FirstNet

Agency

Personalize

Simplify

TRUST RELATIONSHIP

WITH AGENCY

QoS Delivery

Service Enablement

2

3

Assets 1

ENHANCE RESPONDER

EXPERIENCE

EXAMPLE USE CASE

Q & A

Follow APCO at…

facebook.com/apcointernational @apcointl