Cybersecurity Risks John Duncan Vice President Global Government Sector ABS Group Risk Understanding Foundation for Risk Assessment What can go wrong Basic Elements of Risk 2 Knowledge amp Intuition ID: 748786
Download Presentation The PPT/PDF document "Framing the Discussion: A World of" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Framing the Discussion:A World of Cybersecurity Risks
John Duncan
Vice
President
Global
Government
Sector
ABS GroupSlide2
RiskUnderstanding
Foundation for Risk Assessment
What can
go wrong?
Basic Elements of Risk
2
Knowledge & Intuition
Analytical Methods
Historical Experience
Risk =
f
[Threat, Vulnerability, Consequence]
How likely
is it?
What are
the impacts?Slide3
Simple Security Risk ModelScenario – combination of a target and attack modeFor each scenario, assess the following:Threat – likelihood of a specific attackVulnerability –
probability that the attack will be successfulConsequence – level of impact associated with a successful attackSENSITIVE SECURITY INFORMATION
3
Risk =
f
[Threat, Vulnerability, Consequence]
What can
go wrong?
How likely
is it?
What are
the impacts?Slide4
NIST Framework OverviewIn February 2013, President Obama issued Executive Order 13636: Improving Critical Infrastructure CybersecurityCalled for NIST to lead a collaborative effort to develop voluntary, risk-based Cybersecurity FrameworkSet
of existing standards, guidelinesand practices to help organizations manage cyber risks.Slide5
NIST Framework Core Developed as guidance for a specific critical infrastructure componentContains valuable information for government agenciesNIST framework identifies 5 major cybersecurity functions
Includes a Risk Assessment CategorySlide6
Notional Cybersecurity Bow-Tie Analysis Framework
Shellcode
& Buffer Overflow
Denial of Service (
DoS
)
Social Engineering
&
Spoofing
Business Interruption Impacts
Secondary Economic Impacts
SYSTEM EXPLOITED
Property Damage Impacts
3
7
1
PREVENTION
MEASURES
Attack Types
Impacts
3
5
PROTECTION
MEASURES
IDENTIFICATION
MEASURES
RESPONSE
MEASURES
Impacts on People
Successful Attack
Countermeasures
Identification & Response Measures
Secure
Input/Output
Handling
Data Execution Prevention
Intrusion Prevention System
Social Engineering Training
Access Control
Executable Space Protection
Anti-Virus Software
Firewalls
Security Protocols
Intrusion Detection System
Deep Packet Inspection
Network Analyzer
Honeypots
Firewall Modification
System Backup Restoration
DoS
Defense System
Operating System Reinstallation
Hardware Replacement
2
1
8
4
9
2
6
Malicious Code Injection
9
8
4
6
7
5Slide7
Cyber Threats to Maritime Entities
Tiffany Jones, CISSP, CIPP
SVP & Chief Revenue Officer,
iSIGHT
Partners
tjones@isightpartners.com
Slide8
Primary Threat Categories
Proprietary and Confidential Information. © Copyright 2014, iSIGHT Partners, Inc. All Rights Reserved www.isightpartners.com Slide9
Scenarios: Setting the Geopolitical ContextProprietary and Confidential Information. © Copyright 2014, iSIGHT Partners, Inc. All Rights Reserved www.isightpartners.com
Geopolitics drives espionage activitySlide10
Naval and Coast Guard ThreatsProprietary and Confidential Information. © Copyright 2014, iSIGHT Partners, Inc. All Rights Reserved www.isightpartners.com Slide11
Naval and Coast Guard ThreatsProprietary and Confidential Information. © Copyright 2014, iSIGHT Partners, Inc. All Rights Reserved www.isightpartners.com Benign lure document from Mirage RAT sample deployed ahead of US-Philippine defense agreement (
iSIGHT Partners)Slide12
Commercial Maritime ThreatsProprietary and Confidential Information. © Copyright 2014, iSIGHT Partners, Inc. All Rights Reserved www.isightpartners.com Slide13
Commercial Maritime ThreatsProprietary and Confidential Information. © Copyright 2014, iSIGHT Partners, Inc. All Rights Reserved www.isightpartners.com
Chinese New Year-themed lure document sent to Japan Maritime United Corporation employee (iSIGHT Partners)Slide14
NEWSCASTER3+ year Cyber-espionage campaign with links to IranTargeting high and low ranking personnel in multiple countries – US, UK, Israel, Saudi Arabia, Iraq U.S. military Congressional personnel Washington D.C. area journalists
Diplomatic corps U.S. Defense contractorsIsraeli Defense contractors Members of the U.S./Israeli lobby Utilizing social media platforms as targeting platform Facebook
LinkedIn
YouTube
Etc.
More than 2,000 targets and legitimate individuals caught in the net Credential harvesting Access to corporate and personal emails Malware with data exfiltration capabilities
Proprietary and Confidential Information. © Copyright 2014,
iSIGHT
Partners, Inc. All Rights Reserved
www.isightpartners.com Slide15
Risk Panel - VulnerabilitiesRonin Security SolutionsAndrew N BertolazziSlide16
EnvironmentEver-expanding cyber tools and connectionsMost popular passwords in 2013: “password”, “123456”“We aren't even doing the simple stuff” Sen. Coburn-2014
CIOs: Hacking is going to happen. Plan for it (2015)All software has flawsMacro versus micro vulnerabilities
People are the critical common factor
16Slide17
Maritime Terminal RealitiesReliance on cyber-linked tools, equipment, systemse-Commerce and online filingsIncreasing need for tech-savvy workforce
Shrinking margins, reduced staff, higher workloadMake-up of IT and Security organizationsDivergent priorities, mandates, and fundingPort focus has been primarily on physical security
Few Business Continuity or Disaster Recovery Plans
17Slide18
Typical VulnerabilitiesEconomic and strategic “soft” targetsFlat, lean organizations – single point failuresCyber-connected control systems, equipment, dataLow security of networks, WiFi, back-up, hardware
Inadequate password practicesLimited funds, shrinking PSGP poolSecurity is a cost – financial and operationalPeople
18Slide19
What Can Be Done?ProcessesRobust plans for Business Continuity & Disaster RecoveryRegular, secure, offsite back-upAccess controls for data – physical and cyber
Password disciplineToolsFirewalls, segmented networks, intrusion detectionTimely and complete updates, patches, & fixes
People
Awareness, training, exercises
Security consciousness (a bit of paranoia goes a long way)
Outside help19Slide20
ResourcesHomeport Cyber-Security Webpage https://homeport.uscg.mil/mycg/portal/ep/home.doUS Computer Emergency Readiness Team (US-CERT)
https://www.us-cert.govIndustrial Control Systems - Cyber Emergency Readiness Team https://www.ics-cert.us-cert.govNational Institute of Standards and Technology (NIST)
http://www.nist.gov/cyberframework/index.cfm
Software & Supply Chain Assurance Clearinghouse (DHS)
https://buildsecurityin.us-cert.gov/swa/cwe20Slide21
Risk Panel - ConsequencesCaptain Joe KramekEleventh Coast Guard District Legal Officer & Staff Judge
AdvocateSlide22
Case Study – National Impact of West Coast Port Stoppage (29 ports)5 Days
10 Days20 DaysCost to U.S. Economy
$1.9 B
$2.1B
$2.5B
Loss of Imports$1.8 B$3.9 B$8.3 BLoss of Exports$1.5 B$3.2 B$6.9 BReduced Economic Output$9.4 B$21.2 B$49.9 BCost to Households$81$170
$366Employment Disruption73,000169,000405,000Slide23
Immediate Backlog Across EconomyAutomakers – More Expensive Parts / Reduced ProductionHonda, Toyota & SubaruWal-Mart Inc. – Reduced Inventory /Earnings HitElectronicsU.S. Meat Exporters – millions of pounds in storage
$85 mil per weekFarmers – Losses estimated in hundreds of millions CA citrus exports cut by halfWA apple cropsSlide24
Questions for Panel24