role of i s professional in tackling terrorism - isaca · role of i s professional in tackling...
TRANSCRIPT
Role of I S Professional in Tackling Terrorism
Dr. Vishnu Kanhere, CAPhD (Management Studies), FCA, FCMA, FIV, FLS (London)
CGEIT, CISA, CISM, CRISC, CFE (USA)ISO 9001 QMS & FSMS 22000 Lead Auditor IRCA (UK)
Chartered Accountant, KCPL
Definition of Terrorism
• Terrorism – Latin for “Fear”
• “The Unlawful Use of Force AgainstPersons or Property to Intimidate or CoercePersons or Property to Intimidate or Coercea Government, the Civilian Population, orSegment Thereof, in the Furtherance ofPolitical or Social Objectives.”(Source FBI)
• Propagated & practiced by Non State Actors
What is Terrorism?
• Ideology• Thought Indoctrination• Band of People• Band of People• Guns & Weapons• Resources, Funding & Money• Training• Destructive Acts• Agenda & Nefarious Objectives
Manifestation of Terror
• Terrorist Strikes• Sudden, Unusual• Full of Surprises• Full of Surprises• Highly Effective, Precise – Penetration,• But not Persistent or Predictable• Affects & negates human rights, right to
life & freedom & freedom of speech
Each Attack Is Different
• Target• Method• Duration• Duration• Depth/Scale• Player• Dimention• Attack Signature
The Methodology of Terror
It is very difficult to develop a pattern or apredictable signature or methodology of terror/modus operandi•No rules •No fear of law •No fear of law •No ethics/morality•They are on zero loss •They are ready to die •They are not afraid of death •Death is not a deterrent to them
New Terrorism
• Religion based– Self legitimacy– Sense of superiority– Sacred mission – ultimate reward– Sacred mission – ultimate reward
• More violence– Number of deaths per year growing, so is
the impact
• General terror– Creates feeling of vulnerability
New Terrorism
• Transnational• State of the Art
– Communications– Logistics– Logistics– Tools & methods
• Modern Society more vulnerable– Dependency on systems – Communication, energy, transport– Short lead time in interconnected world
Eternal vigilance is the price of liberty
• Vigilance at all points of time, at allplaces on an online basis
• You can’t wait for information to mature• You can’t wait for information to matureinto actionable information
• Non-layered beauracracy which isdelegated the powers to address issueson the spot
(In the digital world)… … Myth # 1
• “Our People are our Biggest Asset”
• as observed in the Digital world –- people can be big liabilities also
Who is Trusted? – an Insider
Trusted insider could be a ‘Terrorist’ –
(In the digital world)… … Myth # 2
Trusted insider could be a ‘Terrorist’ –
(In the digital world)… … Myth # 3• “Information systems are transparent, ethical
and fair”
• as observed in the Digital world –- “systems can be opaque, unethical and unfair also”
(In the digital world)… … Myth # 4• “systems are smart, intelligent”
• as observed in the Digital world –- systems can be dumb – they lack commonsense
(In the digital world)… … Myth # 5• “people can take the right decisions under pressure
”
• as observed in the Digital world –- they more often do not
Cyberspace 2014 - 15
• Growing Opportunities for Crime• ♦ 3 billion Internet users were likely by May 2015.• ♦ 759 million Web sites accessible on Internet• ♦ 3 billion Google searches/month• ♦ 12% of all global trade now happens online• ♦ USD 100 billion from global cyber-crime• ♦ USD 100 billion from global cyber-crime• ♦ 2014-5• – 204 billion emails per day• – 5,424 Malicious Websites per day• – Phishing Rate: 1 in 1053 emails• – Virus Rate: 1 in 164 emails• – SPAM Rate: 64%
Life Cycle of Terror & Information Systems
• Information Systems – tool & target or a defense?• Information Gathering• Indoctrination & On-boarding• Planning• Training & Drills• Training & Drills• Logistics, Communication & Interaction• Execution• Exploitation• Follow-up – Demands• Response
Terrorist Units and Cells:A Functional Approach
Funding Training Intelligence Logistics Operations
Sources: Recruitment Supplied Equipment One man team
Crime Instructors Gathered Supplies Multiple operators
Harvesting Sites Internet/other Other MultilateralHarvesting Sites Internet/other Other essentials
Multilateral
Processing Equipment Blogs / chat Sourcing Collaborative
Management Information Conglomerate
Involved states
Politics
Government Response to Terrorism:A Functional Approach
Funding Training Intelligence Logistics Operations
Sources: Recruitment Supplied Equipment One man team
Federal Instructors Gathered Supplies Multiple operators
State Sites Internet/other Other MultilateralState Sites Internet/other Other essentials
Multilateral
Local taxes Equipment Blogs / chat Sourcing Collaborative
Management Information Conglomerate
Contributing states
Politics
Fraud Triangle Terror Triangle
Opportunity Opportunity
CorruptionCorruptionCorruptionCorruption
Incentive / Pressure
Rationalisation/ Attitude
Radicalisation / Religious fervor
Low level crime Low level crime Low level crime Low level crime Social unrestSocial unrestSocial unrestSocial unrest
Fraud Terrorism• Behaviour pattern/
signature• Physical leg to stand on
• Behaviour Pattern
• Physical leg/local link to execute
• Financial Footprint• Cyber Footprint
to execute• Financial Footprint• Cyber Footprint
Bribery HawalaCorruption
Mobilization & ConversionFinances
Alert
Money LaunderingLogistics
Local Support
Finances
Resources
People (local)
AML
SCADA – Supervisory Control & Data Acquisition Systems
• SCADA – Centralised Computer, RTUs, PLCs.
• Water, Waste Control, Food, Pharma, Nuclear, Oil Refinery, Power …
• SCADA Systems – 34 vulnerabilities reported,•• Remotely exploitable, remote execution
• Stuxnet Worm 2010 – Iran Nuke project: warning shot
Cybercrime in the Cloud
• Cloud computing – a ticking time bomb.
• The cloud – critical mass for attacks.
• Bigger the cloud greater the success.
• The collection of bots – Crimeware-as-a-Service (CaaS).
Cybercrime in the Cloud
• public pipes – increased risks
• almost impossible to control data location.
• Cybercrimes hard to trace • Cybercrimes hard to trace
• less likely to be reported
• Harvesting botnets via common cloud applications
• Comprehensive security strategy – “Unified Threat
Management”?
More Dangerous
• Spy drone• Thermal cameras to steal PINS• Wireless & Bluetooth Hack• Remote access to Car, Train, Aircraft• Power / nuclear / water / sewage plant• Wireless attack on insulin pump,
pacemaker• Anything is possible
Cyber war
• Propaganda warfare• Defacing of websites• Hacking of sensitive information• Knocking out networks, communications• Power stations, refineries, water, sewage• Power stations, refineries, water, sewage• Public Transport & lighting – utilities• E-government services• Financial markets, banking system• Industrial & engineering complexes• Military and Strategic weapons & installations
Role of IS Auditors
Strategic level
Execution/operational
– Security objectives Policies. Alignment with business objectives/ protection of nation & people
– Implement controls technical, financial &
Execution/operational level
Ground level
Future Course
others, best Practices, Procedures
– Monitoring, Profiling, Response & Follow up
– Early Warning System taking the war in enemy camp
The Way Forward
IS Professionals need to�Secure own Systems�Secure Contiguous areas/networks�Contribute to National Security & Safety�Contribute to National Security & Safety�Create awareness and help secure
vulnerable systems�Capacity building and training among the
security / police & judiciary�Think out of the box, contribute to a common
cause
The Way Forward
IS Professionals need to�Adoption of best practices & standards�Securing weakest links in IS lifecycle
�Software Dev., Acq.,& Use�Software Dev., Acq.,& Use
� volunteer cyber force – monitor the net�Network, connect & help�Think out of the box, contribute to a common
cause: Information security a way of life
The Way Forward – some tools
• Develop an early warning system – based on Key Terrorism Signatures ,(KTS)Cyber signals – Cyber footprints
• Financial signals – financial footprints –fraud/AML-–fraud/AML-
• Neural Networks• Alerts• Key Terrorism Indicators (KTI)
Methodology of protection:
• e-surveillance – internet, other networks• Cyber cops –• Mapping linkages• Communication forensics• Communication forensics
– Telephone network – GPS– Sat phone– VOIP– Wifi networks
• Early warning systems• Cyber response and counter measures