Date post: | 22-Mar-2018 |
Category: |
Documents |
Upload: | nguyenhuong |
View: | 217 times |
Download: | 4 times |
Protecting Utility Mission Critical Systems From Cybersecurity Threats
Presented By:
Miroslav Karlicic
Director, Business Development and Innovation
Utilismart Corporation
+1 (888) 652-0689
www.utilismartcorp.com
January 2018 – Markham, Ontario
EDIST 2018
Cybercrime
“Cybercrime is a fast-growing area of crime. More and more criminals are exploiting the speed, convenience and anonymity of the internet to commit a diverse range of criminal activities that know no borders, either physical or virtual, cause serious harm and pose very real threats to victims worldwide.”
Interpol
Cybercrime_______________
Cyberwarfare_______________________
Cyber warfare involves the actions by a
nation-state or international
organization to attack and attempt to
damage another nation's computers or
information networks through, for
example, computer viruses or denial-
of-service attacks.
Cybercriminal
A cybercriminal is an individual who commits cybercrimes, where he/she makes use of the computer either as a tool or as a target or as both.
techopedia
Programmers
Distributors
IT Experts
HackersFraudsters
System Hosts and Providers
Leaders
Cashiers
Money Mules
Tellers
Cybercriminals Network
Corporate BuyersAccount Buyers
Bosses
Cybercrime Threats_____________________________
• Deep Web
• Darknet
• Malware
• Bots and Botnets
Cybercrime Threats_____________________________
• Malware - Trojans, Viruses and Worms• Code with malicious intent that typically steals data or destroys
something on the computer.
• Phishing• Phishing emails include a link that directs the user to a dummy site that
will steal a user’s information. In some cases, all a user has to do is click on the link.
• Password Attacks• Third party trying to gain access to your systems by cracking a user’s
password.
• Denial-of-Service (DoS) Attacks• Focuses on disrupting the service to a network.
Cybercrime Threats_____________________________
• “Man in the Middle” MITM• Impersonating the endpoints in an online information exchange
• Drive-By Downloads• Through malware on a legitimate website, a program is downloaded to
a user’s system
•Malvertising• A way to compromise your computer with malicious code that is downloaded
to your system when you click on an affected ad.
• Rogue Software• Malware that masquerades as legitimate and necessary security software that
will keep your system safe.
Cybercrime Threats – 2017____________________________________________
• Ransomware – Ransomware top threat in 2017 cybercrime 'epidemic’ – Europol
• Data breaches
• Payment fraud
• Direct attacks on bank networks
• First serious attacks by botnets using insecure IoT
Darknet remains the cybercrime’s enabling platform!
Ala'a Elbeheri - LinkeIn
Anatomy of a Crypto-Ransomware Attack
Sophos - Twitter
Distribution of global data breach incidents in 2017
Statista – The Statistics Portal
Data Breaches are Expensive
419 companies in 13 country or regional samples
2,600 to 100,000 compromised records per company
Ponemon 2017 Cost of Data Study
Average total cost of
data breach
One-year decrease in
average total cost
The average cost per
lost or stolen record
Likelihood of a
recurring over the
next two years
$3.62 Million
10% $141 27.7%
Case Studies
Three-quarters of energy companies and utilities have
experienced at least one data breach in the past 12
months, resulting in average clean-up costs of $156,000
per breach
Unisys Ponemon Survey
Case Studies• December 2015 – Over 225,000 people lost power when hackers gained access to three
regional electric power distribution companies. Attackers demonstrated planning,
coordination, and the ability to use malware and possible direct remote access to blind system
dispatchers, cause undesirable state changes to the distribution electricity infrastructure. The
hackers also attempted to delay the restoration by wiping SCADA servers after they caused
the outage.
• March 2016 – A US water utility was the subject of a cyber attack carried out by a group with
ties to Syria. Hackers gained access to the SCADA control system and adjusted the chemical
levels being used to treat tap water. The hack also resulted in the exposure of the personal
information of 2.5 million customers.
• April 2016 – a US water and light utility were the victim of a ransomware attack which
knocked their internal computer systems offline and encrypted their data. The utility decided
to shut down its network and suspended some services in order to prevent further damage. A
hefty ransom was demanded.
emerginrisk.com
Utility Industry – Cyberthreats
Utility Industry -Cyberthreats
•Malware
•Ransomware
•Data Breaches
Utility Industry – Vulnerabilities
• General Business Disruption
• Inoperable Mission critical systems
• Financial, CIS, GIS, AMI/AMR, OMS, SCADA
• Loss of corporate documents and records
• Service Disruption
• SCADA
• AMI
• DMS
• Confidential Information Exposure
• Corporate
• Customer
Utility Industry – Business Impact
• Billing• Delayed
• Erroneous / incomplete
• Service Delivery• Power Outages
• Equipment Failures
• Health and Safety Issues
Utility IndustryConsequences of Cyber Events
• Regulatory Penalties
• Customer Dissatisfaction
• Lawsuits
• Loss of License
• Labor Disputes
• Financial Losses
• Workplace fatalities
• Other
What to do? Where to start?
1. Select and Engage MSSP – Managed Security Services Provider
2. Conduct Security Training
3. Build / Improve Business Continuity and Disaster Recovery Plan
4. Redesign / Harden Your Network and Security Architecture
5. Third Party Network Security Assessment and Make Improvements
6. Implement / Improve ISMS (Information Security Management System)
7. Adopt ISO 27001:2013 International Standard
8. Implement NIST Cybersecurity Framework
9. Maintain a Sustainable Security Organization
Select and Engage MSSPManaged Security Services Provider
Gartner’s MSSP Magic
Quadrant 2017
Establish MSSPSelection Criteria
1. Track Record
2. Size, Experience and Qualifications• SEIM Development
• R&D Funds and Capabilities
3. Solution Content• Managed SEIM (IPS, IDS) Capabilities
• Dashboard, client console, reports, policies, rulesets (inbound outbound, others), messages, implementation plan, administration, communication, cloud / on-premise, etc.
4. MDR (Managed Detection and Response) - END POINT Solution
The Forrester Wave™ Endpoint Security Suites, Q4 2016
Establish MSSPSelection Criteria
5. Managed Firewall / SEIM Appliances
6. Has / Uses Threat Intelligence database• Owns, third party, both, none
7. Incident Management and Response Capabilities• Cyber Incident Forensic Capabilities
8. Number and Capabilities of SOC’s (Security Operation Centres)• SLA, skilled staff
9. Secure Email Gateway
10. Price
MSSPImplementation
• Phased approach
• Protect external perimeter• Firewalls / SEIM Dual Appliances in High Availability (Auto Failover)
Mode• Managed Firewall Recommended
• Protect End Points (All Devices) - MDR
• Implement Managed Compliance Monitoring on all servers
• Develop a responsibility matrix and communication plan
• Document workflows for all procedures that require MSSP
• Conduct training
• Assess / improve security posture
Conduct Security Training
1. ISO 27001:2013 Lead Auditor
2. Security Awareness Training – Provided by IT and Third Party
3. System Hardening Training
4. Consider hiring Information Security Management program graduates
Build / Improve Business Continuity and Disaster Recovery Plan
1. Conduct TRA (Threat Risk Assessment)• Determine which systems need to be backed up and how frequently
• Determine RPO (Recovery Point Objective) and RTO (Recovery Time Objective)
2. Design backup / recovery plan using TRA for guidance
3. Ensure that backup media is encrypted
4. Use different network and domain credentials
5. Implement Backup plan
6. Test backup and recovery procedures
Redesign / Harden Your Network and Security Architecture
1. Using TRA, determine exposure of sensitive information assets
2. Design dedicated virtual local area networks (VLAN) for databases, financial systems and other mission critical systems
3. Disable access to internet for these systems
4. Ensure that access is given only to security and system administration personnel
5. Configure application access through port management and routing rules
6. Upgrade / update all systems to the latest patch level possible and implemental automatic patching process
7. Filter egress traffic
8. Implement system uptime and resource utilization monitoring and conduct frequent application penetration (PEN) tests
Third Party Network Security Audit
1. Conduct Network Security Audit / Assessment Test• i.e. Selected MSSP, Rogers Managed Services, Digital Boundary
Group, Scalar, Dell SecureWorks, etc.
2. Create CAPA (Corrective Action Preventive Action) Log
3. Prepare Improvement Plan based on CAPA log
4. Execute Improvement Plan
Third Party Network Security Audit Assessment
MCGlobalTech
Implement / Improve ISMS (Information Security Management System)
1. Complete ISO 27001:2013 Lead
Auditor Training
2. Complete Asset Register
Identify and classify information
assets
Assess their consolidation to fewer
secure networks
3. Establish Security Organization
4. Conduct TRA
5. Develop Policies
6. Develop Procedures
• Incident Management
• Change Management
• Information Handling
• User Access
• Risk Assessment
• Internal Audit
• Physical Security
Implement / Improve ISMS (Information Security Management System)
7. Create Manuals
• ISMS
• IT
• BCP
8. Create forms
9. Create IT Manual
• Backup
• Offsite Data Storage
• Monitoring and Alerts
• Computer Deployment
• Server Build
• Patch Management
• System Hardening
• User Setup / Termination
Maintain ISMS
Adopt ISO 27001:2013 International Standard
• Contact BSI Canada
• Use ISO 27002 Code Practice guidelines• Enhance ISMS to meet the
requirements
• Schedule Audit
• Maintain ISMS
Implement NIST Cybersecurity Framework
• Join OEB Cyber Security Working Group (CSWG)
• Get familiar with Proposed Ontario Cyber Security Framework
• Compare the framework requirement against the your ISMS security controls and identify gaps
• Create plan to implement gaps
• Collaborate with other LDC’s
Maintain a Sustainable Security Organization
• Maintain ISMS using PDCA model
• Provide security training to staff
• Focus on network design, access management and data encryption
• Conduct TRA every time a change / modification to the system is required
• Review BCP based on TRA input and test it frequently
• Use CAPA log to identify and track all changes required
• Evaluate MSSP every six month
• Continue investing into staff with cybersecurity background and experience
• Collaborate with other LDC’s
• Ensure that there is a full corporate buy-in and commitment to a sustainable ISMS
• Keep investing into security appliances and software and keep it up to date
• Conduct frequent internal and external network security assessments and PEN tests
Utilismart MSSP
Rogers Security Powered by Trustwave As your network carrier, Rogers:
• Knows your network best
• Continues to be a single point of contact
• Keeps your billing simple
Objective: Protect data,
manage risk and achieve
compliance while driving
efficiency and innovation.DataCentres
Apps
& Systems
ContactCentre
Cloud SecurityNetworks CollaborationAssets
Customers
Internet
Fixed
Mobile
PublicTelephoneNetwork
Why TrustwaveServing
Global
Growing
Innovating
over 3 Million subscribers
with over 1,600 Employees
employees in 26 countries customers in 98 countries
over 56 patents granted / pending
Vulnerability Management
Global Threat Database feeding Big Data back-end
ThreatManagement
Integrated portfolio of technologies delivering
comprehensive protection
ComplianceManagement
Leading provider of cloud delivered IT-GRC services
Threat Intelligence
Trustwave’s Global ReachHeadquarters:
•Chicago*, London, Sydney, São Paulo
Sales and Consulting:
•US, Canada, Mexico, Columbia, Brazil,
UK, The Netherlands, Sweden, France,
Germany, Greece, Jordan, UAE, S. Africa,
China, Singapore, Australia, New Zealand
SpiderLabs & Innovation Centers:
•US, Canada, Israel, New Zealand
9 Advanced Security Operations Centers:
•Chicago, Denver, Minneapolis, Warsaw, Singapore,
Waterloo, Ontario, Manila, Sydney, Japan
• 67 % staff dedicated to Developing/Delivery Solutions
Headcount:1,600+
Trustwave’s SpiderLabs
SpiderLabs Team
• Industry veterans and thought leaders in ethical
hacking and security research
• Over 150 experts across 17 countries, with average 12
years of experience
• Backgrounds in law enforcement, government and
military services
• Sought out industry speakers and published authors
EXPERT
TESTINGOffensive security testing
delivered on time, on
budget and on demand
INCIDENT READINESS
& RESPONSEServices designed to prevent
compromise and protect
integrity of business and data
FORENSICS
INVESTIGATIONS
Post-incident analysis of
actual security breaches
and data loss
SpiderLabs Research - Annual GSR Report
• Hundreds of investigations in 17 countries
• Billions of events each day – 8 Global SOCs
• 4 million vulnerability scans
• Tens of millions of web transactions
• Millions of malicious websites blocked
• Thousands of penetration tests
Questions?
Thank You