cyber response to insider threats 3.1
DESCRIPTION
Insider Threats to Industrial Control SystemsTRANSCRIPT
![Page 1: Cyber response to insider threats 3.1](https://reader035.vdocuments.us/reader035/viewer/2022081401/558c145fd8b42a07148b46db/html5/thumbnails/1.jpg)
Cyber Security in Real-Time Systems
CSIRS
David Spinks
CSIRS
Cyber Security in Real-Time Systems
Advanced Attacks and Role of Insiders
![Page 2: Cyber response to insider threats 3.1](https://reader035.vdocuments.us/reader035/viewer/2022081401/558c145fd8b42a07148b46db/html5/thumbnails/2.jpg)
70% of all breaches are discovered by external 3rd parties!
![Page 3: Cyber response to insider threats 3.1](https://reader035.vdocuments.us/reader035/viewer/2022081401/558c145fd8b42a07148b46db/html5/thumbnails/3.jpg)
Why me?Worked in process control and ICS environments for about 24 years then moved
into Information Security Risk Management for last 20 years.
My first job in 1970
Glaxo (now GSK) –Animal Rights 10 years
![Page 4: Cyber response to insider threats 3.1](https://reader035.vdocuments.us/reader035/viewer/2022081401/558c145fd8b42a07148b46db/html5/thumbnails/4.jpg)
Sizewell B Software Emergency
Shut Down code validation
Why me?
UK AEA then AEA Technology plc 10 years
Safety Risk Management SRD
![Page 5: Cyber response to insider threats 3.1](https://reader035.vdocuments.us/reader035/viewer/2022081401/558c145fd8b42a07148b46db/html5/thumbnails/5.jpg)
Cyber Security in Real Time Systems?
Linkedin CSIRS : http://www.linkedin.com/groups/Cyber-Security-in-RealTime-Systems-3623430
Safety Critical and Safety Related Systems
Mission and Business Critical systems
Critical National Infrastructure (CNI)
Systems in Energy, Oil and Gas
Regulated systems in Financial Industry such as E-banking and Point-of-Sale (POS)
SCADA and PLC in large-scale manufacturing
Systems supporting Defence and Law Enforcement
Health and Pharmaceutical Systems Aviation and Transport Systems
![Page 6: Cyber response to insider threats 3.1](https://reader035.vdocuments.us/reader035/viewer/2022081401/558c145fd8b42a07148b46db/html5/thumbnails/6.jpg)
https://www.cert.org/insider-threat/
http://www.cpni.gov.uk/advice/Personnel-security1/Insider-threats/
Best Practice ResearchUS DoD
UK MoD
![Page 7: Cyber response to insider threats 3.1](https://reader035.vdocuments.us/reader035/viewer/2022081401/558c145fd8b42a07148b46db/html5/thumbnails/7.jpg)
Types of Insider Threat
Unauthorised disclosure
of sensitive information
Process corruption
Facilitation of third party
access to assets
Physical, Logical and Sabotage
APT
Social
Engineering
Malware
![Page 8: Cyber response to insider threats 3.1](https://reader035.vdocuments.us/reader035/viewer/2022081401/558c145fd8b42a07148b46db/html5/thumbnails/8.jpg)
Motive
![Page 9: Cyber response to insider threats 3.1](https://reader035.vdocuments.us/reader035/viewer/2022081401/558c145fd8b42a07148b46db/html5/thumbnails/9.jpg)
Cert Cases
![Page 10: Cyber response to insider threats 3.1](https://reader035.vdocuments.us/reader035/viewer/2022081401/558c145fd8b42a07148b46db/html5/thumbnails/10.jpg)
![Page 11: Cyber response to insider threats 3.1](https://reader035.vdocuments.us/reader035/viewer/2022081401/558c145fd8b42a07148b46db/html5/thumbnails/11.jpg)
Who is a possible Insider Threat?
Disgruntled employees Passed over for salary increase or
promotion
Former employees - fired from the company, holds animosity to
company or personnel
Addictions – Drugs, Alcohol or Gambling
Gullible to Social engineers or Coercion or Blackmail
![Page 12: Cyber response to insider threats 3.1](https://reader035.vdocuments.us/reader035/viewer/2022081401/558c145fd8b42a07148b46db/html5/thumbnails/12.jpg)
Top 3 Insider Threat Mitigation Steps
![Page 13: Cyber response to insider threats 3.1](https://reader035.vdocuments.us/reader035/viewer/2022081401/558c145fd8b42a07148b46db/html5/thumbnails/13.jpg)
Role Based Access Controls – Segregated Access
![Page 14: Cyber response to insider threats 3.1](https://reader035.vdocuments.us/reader035/viewer/2022081401/558c145fd8b42a07148b46db/html5/thumbnails/14.jpg)
You will be caught deterrent
Physical access logs Phone access logs Email and Internet Access
We are monitoring and make sure all staff know
reports are examined and action will be taken
![Page 15: Cyber response to insider threats 3.1](https://reader035.vdocuments.us/reader035/viewer/2022081401/558c145fd8b42a07148b46db/html5/thumbnails/15.jpg)
Embedding Security within Corporate Culture
Care, Compassion and Consideration
Primary defence
social engineering
![Page 16: Cyber response to insider threats 3.1](https://reader035.vdocuments.us/reader035/viewer/2022081401/558c145fd8b42a07148b46db/html5/thumbnails/16.jpg)
Finally what is certain
Threats
Losses
Sophistication
![Page 17: Cyber response to insider threats 3.1](https://reader035.vdocuments.us/reader035/viewer/2022081401/558c145fd8b42a07148b46db/html5/thumbnails/17.jpg)
Final thought