selex es main conference brief for kingdom cyber security forum
DESCRIPTION
From Reactive to Proactive: The power of managed situation awarenessTRANSCRIPT
© Copyright Selex ES S.p.A 2014 All rights reserved
A perspective from a Cyber Integrator
From Reactive to Proactive: The power of managed situation awareness
Presentation to Kingdom Cyber Security Forum May 2014
© Copyright Selex ES S.p.A 2014 All rights reserved
What is a Cyber Integrator?
Situation Awareness – of what?
Building a specific response
Benefit from wider system collaboration
© Copyright Selex ES S.p.A 2014 All rights reserved
What is a Cyber Integrator?
Situation Awareness – of what?
Building a specific response
Benefit from wider system collaboration
© Copyright Selex ES S.p.A 2014 All rights reserved © Copyright Selex ES S.p.A 2014 All rights reserved
Threats, vulnerabilities and underlying information technology are changing at a ferocious pace; so must all the countermeasures
Viruses
Trojans
Botnets
Phishing
Waterhole
Man in the email
Policy
Training
Hardening
Intrusion detection
Anomaly detection
Malware analysis
Certification
And in complex environments, no single product or service specialist can keep up
© Copyright Selex ES S.p.A 2014 All rights reserved © Copyright Selex ES S.p.A 2014 All rights reserved
Defence (National & NATO)
National Security Agencies
Governments & institutions
Law Enforcement
Telecommunications
Banking & Insurance
Healthcare
Transport & Utilities
Prime Contractors
Large Enterprises
A Cyber Integrator is typically a systems integrator and manufacturer with a broad perspective of security requirements
– and a dedicated security practice
© Copyright Selex ES S.p.A 2014 All rights reserved
Understand factors, methods and history
Driven by nature and extent of measures required to achieve desired security
In some cases, an annual check up Is sufficient. In others, constant monitoring is recommended!
Level of threat X Level of vulnerability = Extent of security measures required
Understand technical vulnerabilities and weaknesses in security governance and user habits
A practiced Cyber Integrator seeks to diagnose before prescribing
© Copyright Selex ES S.p.A 2014 All rights reserved
• Customer desired business objectives
SOLUTIONS ARE BUILT ON:
• Customers’ direct threats and vulnerabilities
• Customers’ indirect risks and challenges
• Engineered solutions and services
A Cyber Integrator takes a systems engineering approach
© Copyright Selex ES S.p.A 2014 All rights reserved © Copyright Selex ES S.p.A 2014 All rights reserved
Compromising Ability to Perform Intellectual
Property Theft
Loss of Financial Control
Ability to Recover
Threat to Human Safety
Affecting Compliance Status
Threatening Reputation
Clients suffering data loss, theft and cyber attack with serious to existential consequences
© Copyright Selex ES S.p.A 2014 All rights reserved
Selex ES: What is a Cyber Integrator?
Situation Awareness – of what?
Building a specific response
Benefit from wider system collaboration
© Copyright Selex ES S.p.A 2014 All rights reserved © Copyright Selex ES S.p.A 2014 All rights reserved
Our customers are beset by the same global issues
Front office Operations
IT and Administration
Back office Operations
Internal Contractors
Bought-in Services
Trusted Partners
Executive
Tactics
Relentless Spam
Socially engineered
Botnet Attack
Insider Attack
Techniques
Phishing
Waterhole
Spam
Insider
Procedures
Reconnoitre
Penetrate
Sleep
Propagate
Control
Transmit
Transform
Weapons
Virus
Trojan
Worm
Rootkit
Logger
Dialler
Toolkits
VANDALS
PROTESTORS
THIEVES
SPIES
NATIONS
Deface
Destroy
Steal
Cheat
Impair
Customer
POS, ATM etc
Branch Phone
Online
Contact with Enterprise
© Copyright Selex ES S.p.A 2014 All rights reserved © Copyright Selex ES S.p.A 2014 All rights reserved
And the evidence suggests that the money to be made attracts the very best talent – of the wrong sort
• Face to face
• Online payment • Man in the email (China, Nigeria and South Africa)
Fraud
Banking
Account takeover
Automated clearing
Global fraud losses linked to ACH and wire fraud for banking institutions
Corporate finance
Mobile banking and financial transaction threats
• $455 million 2012
• 2013 projection - $523 million
• 2016 projection - $795 million
© Copyright Selex ES S.p.A 2014 All rights reserved © Copyright Selex ES S.p.A 2014 All rights reserved
https://
https://
And enterprises share common vulnerabilities
POORLY INSTALLED
FIREWALLS USING DEFAULT
PASSWORDS POORLY PROTECTED
CUSTOMER DATA AT REST
POORLY MAINTAINED
APPLICATIONS AND SYSTEMS
IRRATIONALLY APPLIED
ORGANISATION SECURITY POLICY
POORLY MAINTAINED
ANTI-VIRUS AND IPS/DLP SYSTEMS
LOOSE UNDERSTANDING OF
NETWORK ACTIVITY
INSUFFICIENT
ENCRYPTION OF DATA IN TRANSIT
LOOSE ‘NEED TO KNOW’
POLICY
POORLY PROTECTED
CUSTOMER DATA AT REST
POORLY MAINTAINED
APPLICATIONS AND SYSTEMS
IRRATIONALLY APPLIED
ORGANISATION SECURITY POLICY
POORLY MAINTAINED
ANTI-VIRUS AND IPS/DLP SYSTEMS
LOOSE UNDERSTANDING OF
NETWORK ACTIVITY
INSUFFICIENT
ENCRYPTION OF DATA IN TRANSIT
LOOSE ‘NEED TO KNOW’
POLICY
USING DEFAULT
PASSWORDS POORLY INSTALLED
FIREWALLS
© Copyright Selex ES S.p.A 2014 All rights reserved © Copyright Selex ES S.p.A 2014 All rights reserved
So, we work with enterprises to improve awareness of Vulnerabilities, Threats and Attacks
Processes
People
Culture
Systems
Tools
Techniques Drivers
Organisation
Threats Vulnerabilities
Level of Damage
Tolerance of Damage
Technology Procedures
And then we start to build the appropriate responses…
© Copyright Selex ES S.p.A 2014 All rights reserved
Selex ES: What is a Cyber Integrator?
Situation Awareness – of what?
Building a specific response
Benefit from wider system collaboration
© Copyright Selex ES S.p.A 2014 All rights reserved © Copyright Selex ES S.p.A 2014 All rights reserved
CYBER DOCTRINE
Assess
CYBER SERVICES
Assessment Guidance Remediation Projects
Managed Services
Managed Services
A Cyber Integrator draws on a coherent set of services designed to address threats and resolve vulnerabilities
• Vulnerability • Maturity
Assure
Prevent
Protect
Detect
Resist
Defend
Respond
Contain
Eradicate
Recover
Learn
• Policy • Certification • Training • System hardening
• System provision • Enterprise protective monitoring
• Incident response forensics
COMPETITIVE ADVANTAGE. INFORMATION SUPERIORITY.
© Copyright Selex ES S.p.A 2014 All rights reserved
Taking an Integrators’ approach, we then develop the Advisory, Skills transfer, Change and enduring
Services solution to meet the need.
Understand factors, methods and history
Driven by nature and extent of measures required to achieve desired security
But to keep up with changing threats, exploits and attack methods, our services have to be agile, flexible and truly innovative.
Level of threat X Level of vulnerability = Extent of security measures required
Understand technical vulnerabilities and weaknesses in security governance and user habits
© Copyright Selex ES S.p.A 2014 All rights reserved © Copyright Selex ES S.p.A 2014 All rights reserved
• Policy and legislation background
• Essential industry architecture
• Key industry governance processes
• Key financial functions and processes
• Key systems
We immerse ourselves in your environment:
How does a cyber services integrator achieve agility and flexibility?
© Copyright Selex ES S.p.A 2014 All rights reserved © Copyright Selex ES S.p.A 2014 All rights reserved
• Understand and model predominant attack/exploit methods
• Develop and maintain a library and understanding of characteristic system vulnerabilities
• Anticipate next generation exploits
• Characterise key domain processes that are subject to attack
We maintain sector specific technical expertise, backed by our own wider technical expertise and context
Which enables us to provide a coherent set of appropriate services to the companies operating within the particular sector
How does a cyber services integrator achieve agility and flexibility?
© Copyright Selex ES S.p.A 2014 All rights reserved © Copyright Selex ES S.p.A 2014 All rights reserved
What would the outcome look like?
Achievement and maintenance of security compliance
Monitoring and real time analysis of anomalies plus development of intelligence data -plus reaching out to external sources
Response to incidents: containment, eradication and recovery
Development and maintenance of situation awareness, dynamic risk analysis and feed back for training and process improvement - plus deeper malware / TTP analysis (DIY or bought-in)
Hardening of key systems
Regular vulnerability assessment
Deter Detect
Through life
security
Assure Respond
Learn Assess
Your Cyber Security Capability
© Copyright Selex ES S.p.A 2014 All rights reserved © Copyright Selex ES S.p.A 2014 All rights reserved
Detect
Resist
Defend
Respond
- Contain
- Eradicate
- Recover
- Learn
Deter
Protect
Organisation Users Core Systems
Assess Assure
© Copyright Selex ES S.p.A 2013 All rights reserved
An Enterprise CIRT or equivalent managed service provides the right focus
Enterprise CIRT
© Copyright Selex ES S.p.A 2014 All rights reserved
Selex ES: What is a Cyber Integrator?
Situation Awareness – of what?
Building a specific response
Benefit from wider system collaboration
© Copyright Selex ES S.p.A 2014 All rights reserved © Copyright Selex ES S.p.A 2014 All rights reserved
The key characteristic of national and international response to cyber
threats is collaboration
© Copyright Selex ES S.p.A 2013 All rights reserved
© Copyright Selex ES S.p.A 2014 All rights reserved © Copyright Selex ES S.p.A 2014 All rights reserved
The key characteristic of response is collaboration
• Joint research centre – vulnerabilities etc
• Pan European exercises
• Sector and National CSIRTs
• Europol and Interpol: cooperation for Cyber
EU CYBER STRATEGY RESTS ON COLLABORATION
© Copyright Selex ES S.p.A 2013 All rights reserved
© Copyright Selex ES S.p.A 2014 All rights reserved © Copyright Selex ES S.p.A 2014 All rights reserved
• To optimise information sharing, collaboration and interoperability
NATO: LISBON DECLARATION
The key characteristic of response is collaboration
© Copyright Selex ES S.p.A 2013 All rights reserved
© Copyright Selex ES S.p.A 2014 All rights reserved © Copyright Selex ES S.p.A 2014 All rights reserved
Comprehensive National Cyber security Initiative
• Connecting Cyber Operations Centres
• Shared Situational Awareness
• Federal, State, Local and Private Sector
• Supply chain initiative
US INITIATIVES:
© Copyright Selex ES S.p.A 2013 All rights reserved
The key characteristic of response is collaboration
• Education and R&D initiative
• FUNDING!
The concept of sector and national nodes and hubs for reporting, correlating data and sharing intelligence is gaining momentum
© Copyright Selex ES S.p.A 2014 All rights reserved © Copyright Selex ES S.p.A 2014 All rights reserved
And what does all that collaboration provide to the
participants?
A massive surface area to gather cyber intelligence
So, where does one start?
© Copyright Selex ES S.p.A 2014 All rights reserved
Plans
Procedures
Lessons learned
Vulnerabilities
Threats
Impact
Breach and incident data
Technical indicators of compromise
Suggested remediation actions
© Copyright Selex ES S.p.A 2013 All rights reserved
Vulnerabilities
Threats
Impact
Breach and incident data
Sector CIRT Secure and
trusted information
sharing
Enterprise CIRT Enterprise CIRT
Within any Business or Government Sector, a federated and trustworthy Sector CIRT would encourage collaboration
© Copyright Selex ES S.p.A 2014 All rights reserved © Copyright Selex ES S.p.A 2014 All rights reserved
The national effect: shared situational awareness of network vulnerabilities, threats, and events
Banking
Oil & Gas Power
generation
Aviation
Telecoms Medical
Are you seeing what
we are seeing?
© Copyright Selex ES S.p.A 2014 All rights reserved
Presentation to Kingdom Cyber Security Forum
Thank you for listening
May 2014