cybersecurity in critical? infrastructure
TRANSCRIPT
Federal IT Steering Unit FITSU Federal Intelligence Service FIS
Reporting and Analysis Centre for Information Assurance MELANI
Cybersecurity in Critical? Infrastructure
13. October 2016
Daniel Rudin, Sector Advisor ICS MELANI / GovCERT.ch
FITSU / FISReporting and Analysis Centre for Information Assurance MELANI
Agenda
• Introducing MELANI• Current Situation• Does it matter to us?• What can/should we do?• Questions
Cybersecurity in Critical Infrastructure / 13.10.2016 / D. Rudin
FITSU / FISReporting and Analysis Centre for Information Assurance MELANI
Mandate / PPP
Create and operate a Reporting and Analysis Centre for Information Assurance MELANI with the purpose to protect Swiss Critical Infrastructures from Cyber-Attacks
Cybersecurity in Critical Infrastructure / 13.10.2016 / D. Rudin
FITSU / FISReporting and Analysis Centre for Information Assurance MELANI
MELANI
DFF / FITSUDirection and Strategy
GovCERT.chTechnical Analysis
DDPS / FISMELANI OICOperation Information Centre
Closed Constituency
Sectors (in alphabetic order)ArmamentChemistry / PharmaceuticsEmergency ServicesEnergyFinanceGovernmentHealth CareIndustryInsurance CompaniesMediaTelecommunicationTransportation/Logistics
Public SectorPME and citizens
www.melani.admin.ch
International Relationships- Interpol- Europol
IT Industry-Microsoft- Google-Avira- F-Secure….
GovernmentCERT‘sEGC
Other Governments- CPNI- BSI- A-SIT- ...
High Tech Crime Units- Club de Berne
Science and Research- Universities- Technical colleges
F I R S TForum of Incident Responseand Security Teams
Cybersecurity in Critical Infrastructure / 13.10.2016 / D. Rudin
FITSU / FISReporting and Analysis Centre for Information Assurance MELANI
191 companies within the Closed Constituency (as of: 2016-06-03)Emergency Services Chemistry / Parmaceutics Energy Finance
Health Care Industry Media Armament Telecommunication
Transportation/Logistics Insurance Companies Government (federal/cantonal/cities)
Cybersecurity in Critical Infrastructure / 13.10.2016 / D. Rudin
FITSU / FISReporting and Analysis Centre for Information Assurance MELANI
Public Products: Semi annual report
Cybersecurity in Critical Infrastructure / 13.10.2016 / D. Rudin
FITSU / FISReporting and Analysis Centre for Information Assurance MELANI
Public Products: Newsletters and Papers
Cybersecurity in Critical Infrastructure / 13.10.2016 / D. Rudin
FITSU / FISReporting and Analysis Centre for Information Assurance MELANI
Public Products: GovCERT.ch Blog
Cybersecurity in Critical Infrastructure / 13.10.2016 / D. Rudin
FITSU / FISReporting and Analysis Centre for Information Assurance MELANI
Public Products: antiphishing.ch
Cybersecurity in Critical Infrastructure / 13.10.2016 / D. Rudin
FITSU / FISReporting and Analysis Centre for Information Assurance MELANI
Current Situation
10Cybersecurity in Critical Infrastructure / 13.10.2016 / D. Rudin
Betrieb
FITSU / FISReporting and Analysis Centre for Information Assurance MELANI
Cyber Actors
11Cybersecurity in Critical Infrastructure / 13.10.2016 / D. Rudin
Betrieb
VandalismScript Kiddies
Hacktivism
Organised Crime
TerrorismNation States
FITSU / FISReporting and Analysis Centre for Information Assurance MELANI
Ransomware
Cybersecurity in Critical Infrastructure / 13.10.2016 / D. Rudin
FITSU / FISReporting and Analysis Centre for Information Assurance MELANI
Ransomware
Cybersecurity in Critical Infrastructure / 13.10.2016 / D. Rudin
August 2016 FireEye
FITSU / FISReporting and Analysis Centre for Information Assurance MELANI
Social-Engineering
• Phishing• Sextortion• CEO-Fraud• ………
Cybersecurity in Critical Infrastructure / 13.10.2016 / D. Rudin
FITSU / FISReporting and Analysis Centre for Information Assurance MELANI
Data Breaches
Cybersecurity in Critical Infrastructure / 13.10.2016 / D. Rudin
FITSU / FISReporting and Analysis Centre for Information Assurance MELANI
DDOS
Cybersecurity in Critical Infrastructure / 13.10.2016 / D. Rudin
FITSU / FISReporting and Analysis Centre for Information Assurance MELANI
Internet of Things (IoT)
Cybersecurity in Critical Infrastructure / 13.10.2016 / D. Rudin
FITSU / FISReporting and Analysis Centre for Information Assurance MELANI
Internet of Things (IoT)
Cybersecurity in Critical Infrastructure / 13.10.2016 / D. Rudin
FITSU / FISReporting and Analysis Centre for Information Assurance MELANI
Why is the adversary still winning?
Monthly cost (average per capita):Toilet Paper: Fr. 4.60E-Mail-Security: Fr. 2.70
Cybersecurity in Critical Infrastructure / 13.10.2016 / D. Rudin
FITSU / FISReporting and Analysis Centre for Information Assurance MELANI
Protection vs. Detection vs. Response
Cybersecurity in Critical Infrastructure / 13.10.2016 / D. Rudin
FITSU / FISReporting and Analysis Centre for Information Assurance MELANI
‘Defense in Depth’• Access Control, EncryptionData
• App-Hardening, Anti-Malware, UACApplication
• Hardening, Updates, AuthenticationEndpoint
• Segregation, IPSInternal Network
• Firewalls, NAT, VPNPerimeter
• Locks, Badges, TrackingPhysical Security
• Education, DocumentationPolicies, Procedures, Awareness
Cybersecurity in Critical Infrastructure / 13.10.2016 / D. Rudin
FITSU / FISReporting and Analysis Centre for Information Assurance MELANI
Change of Perception?
Cybersecurity in Critical Infrastructure / 13.10.2016 / D. Rudin