Security challenges for eGovernmentRisks, threats and policies we needCyprus eGovernment Conference 2012Ilias Chantzos Senior Director EMEA& APJ Government Affairs

Four Key Security Trends impacting eGov

Malware AttacksAlways Rising

Targeted Attacks Expand

Data Breaches on Rise

Mobile -‘Paradigm’

Shift

2010 177M corp PCs2015 246M corp PCs

2010 173 M personal PCs

2015 293M personal PCs

2010 300M smartphones

2015 1017M smartphones

2010 15M tablets

2015 326M tablets

39% 69% 340% 2,170%

Mobile Device ExplosionPaves Way for Bring Your Own Device (BYOD)

3

4

Why would somebody attack an Government system?• To collect

intelligence– Political– Economic/industria

l– On individuals

• To achieve political objective– Protest– Conflict– Terrorism?

• To commit cybercrime

5

External attackers

Wellmeaninginsiders

Maliciousinsiders

Civilian systems being a target

6

Cyber and political tensions• Estonia 2007

• Georgia 2008

• Ghostnet 2009

• Google and Stuxnet 2010

• Japan vs China 2011

• Austerity measures 2012• 2013?

Internet Security Threat Report 17 8

How big is the problem?

Targeted Attacks by Sector and Function

25,428%

15,431%

13,507%

6,247%

5,990%

5,866%

4,291%

3,169%3,157% 3,005% Government & Public Sector

Manufacturing

Finance

IT Services

Chemical & Pharmaceutical

Transport & Utilities

Non-Profit

Marketing & Media

Education

Retail

9

25%

8%

9%

12%10%

23%

7%6% C-Level

Senior

R&D

Sales

Media

Shared Mailbox

PA

Recruitment11.6

7.3

3.83.1

5.9

36.7

0

5

10

15

20

25

30

35

40

1-250 251-500 501-1000 1001-1500 1501-2500 2501+

Data Breaches

Internet Security Threat Report 17 10

• 232 million idenities exposed in 2011

• On average 1.1 million identities were exposed per breach

Data Breaches

Internet Security Threat Report 17 11

How are the attacks actually done?

2011 - Taidoor (14 variants)

• Negotiations - US and Taiwan modernization of Taiwan‘s air- force.

• Targets: primarily private industry and influential international think tanks involved

Specifically those who have expertise in South Asia and South-East Asia policy and military strategy

– They reached their peak during the ̳US-Taiwan Defense Industry Conference‘ held on September 18th-20th

browseLegitimateWeb site

DriveBy Download infections

Browser is analysed308 Plug-in vulnerabilities (2011)

351 Browser vulnerabilities (2011)

Malicious Script

• hacked website• Misconfigured server

• Weak password• Banner Ads

• …

No user interactionrequired by the user!

Serverside polymorphism-> repacked malware for each victim

Social Engineering is Effective in Social Media

• Users willing to help infect themselves

Internet Security Threat Report 17 15

Targeted attack modus operandi

16

Targeted

Email, attachmentcontains exploit

(often 0-day)

payload

Payload exploit

auto-installsBackdoor onto

target. Backdoor

connectsback to C & C

server

Attacker elevates

access to important

user, service, and

admin accounts, and specific

systems

Data acquired

from targetmachines and

staged for

exfiltration

Data exfiltrated

back to attackeror to

compromised

dumpsiteowned by attacker

Infiltration Foothold Exploit DataDiscovery

Exfiltration

Mobile Malware on the Rise

• This represents families of mobile malware

• There are 3,000-4,000 variants in the wild today and growing

Internet Security Threat Report 17 17

18

What are the policies we need?

EU policies on security

• Data protection and public sector– Covered or not covered?– Security requirements

– Encryption and breach notification

• Cybersecurity strategy– Covers only critical infrastructure…..is public sector

included?– Breach notification requirements

– Empowerment of national CERTs and authorities– Information sharing and feasibility

19

eSign and eGov• eID and eSign a key component of

security• CA as critical infrastructure• Cloud and authentication• Drive of existing proposal towards

qualified signatures• Weakest link in the supply chain –

Diginotar vs Stuxnet• Technology neutrality and global

marketplace“Anything that is complex is not useful and anything that is useful is simple”

20

21

Changes In Working Style

21

New apps deployedin the cloud

Enterprises allow mobile access to

their network

Workers use threeor more devices

80% 65% 52%1 2 3

Sources:1.IDC Predictions 2012: Competing for 2020, Frank Gens, IDC, 2011

2.The Impact of Mobile Devices on Information Security: A December Survey of IT Professionals, Check Point, January 20123.Info Workers Using Mobile And Personal Devices For Work Will Transform Personal Tech Markets, Frank E. Gillett, Forrester Research, February 22, 2012

The Mobile Challenge

22

Increased Risk of Data Loss

Explosion of New Devices

New Apps Must Be Supported

• How to allow these large number of devices to securely connect to the enterprise?

• How do I manage application deployment & associated costs?

• How do I protect confidential information and image while complying with policies?

1B+ SmartPhones / Tablets by 2014

EndpointHeterogeneity

• How to manage multiple mobile platforms with varying capabilities and form factors?

4 Mayor pain points

Cloud + Mobile : Opportunity and Challenge

23

‘We should embrace BYOA and the new mobile platform to augment productivity and

innovate new business models’

Mobile

‘How do we layer common protection across cloud and mobile without undermining the convenience of

the mobile experience?’Challenge

Cloud

Private Cloud

What the future holds

• Cloud computing and mobility will be the paradigm shift in computing

• Cloud will become a security enabler and a threat

• Government clouds and interoperable eGov services across geographies

• Development of eID will depend on the success of new framework

• More eGov services and dependency on them• More attacks and more complex attack on high value targets

24

Thank you!

Copyright © 2010 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.

This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.

Thank you!Ilias_chantzos@symantec.com

25