Date post: | 14-Feb-2017 |
Category: |
Internet |
Upload: | informa-australia |
View: | 488 times |
Download: | 0 times |
1 Copyright © 2016 BAE Systems. All Rights Reserved. BAE Systems is a trade mark of BAE Systems plc
|
Defending Nations from Cyber Attacks
ADM Cybersecurity summit
20 June 2016
BAE SYSTEMS PROPRIETARY
BAE SYSTEMS PROPRIETARY
2 Copyright © 2016 BAE Systems. All Rights Reserved. BAE Systems is a trade mark of BAE Systems plc
|
BAE SYSTEMS PROPRIETARY
BAE SYSTEMS PROPRIETARY
Agenda
Introductions1
The cyber threat2
What can we do about it?3
Bringing it together – roadmaps and challenges4
Conclusions5
3 Copyright © 2016 BAE Systems. All Rights Reserved. BAE Systems is a trade mark of BAE Systems plc
|
BAE SYSTEMS PROPRIETARY
BAE SYSTEMS PROPRIETARY
• Dr Rajiv Shah – Director, Australia & New Zealand• Cyber, intelligence and security industry executive
• 20 years experience with BAE Systems Applied Intelligence
• Worked in UK, USA and Australia
• Relationships with commercial and government clients
Introduction
4 Copyright © 2016 BAE Systems. All Rights Reserved. BAE Systems is a trade mark of BAE Systems plc
|
BAE SYSTEMS PROPRIETARY
BAE SYSTEMS PROPRIETARY
We are BAE Systems
“BAE Systems has been
helping nations,
governments, and
leading financial and
business organisations
counter cyber threats for
over forty years.”
It’s not just security, it’s defence
5 Copyright © 2016 BAE Systems. All Rights Reserved. BAE Systems is a trade mark of BAE Systems plc
|
BAE SYSTEMS PROPRIETARY
BAE SYSTEMS PROPRIETARY
˃ Our cyber security division - applying intelligence to all forms of data
Applied Intelligence: A BAE Systems Company
KEVIN TAYLOR
MANAGING DIRECTOR
40+ OFFICES
GLOBALLY
4,500 +
EMPLOYEES
CORE HERITAGE
IN SECURE
GOVERNMENT
AND AGENCIES
CLOUD & DIGITALTHREAT &
COMMUNICATIONS INTELLIGENCE
FINANCIAL CRIMECYBER DEFENCE
Trusted suppliers and partners strengthen our solutions
6 Copyright © 2016 BAE Systems. All Rights Reserved. BAE Systems is a trade mark of BAE Systems plc
|
BAE SYSTEMS PROPRIETARY
BAE SYSTEMS PROPRIETARY
Agenda
Introductions1
The cyber threat2
What can we do about it?3
Bringing it together – roadmaps and challenges4
Conclusions5
7 Copyright © 2016 BAE Systems. All Rights Reserved. BAE Systems is a trade mark of BAE Systems plc
|
BAE SYSTEMS PROPRIETARY
BAE SYSTEMS PROPRIETARY
Cyberspace: ‘an interactive domain made up of digital networks that is used to store, modify and communicate information. It includes the Internet, but also the other information systems that support our businesses, infrastructure and services’
Definition of Cyber Security
Information Security:‘the theory and practice of defending data or information (including systems for the processing and storage of these) against unauthorised or unintended access, destruction, disruption or tampering’
Cyber Security:‘preservation of confidentiality, integrity and availability of information in the Cyberspace’
8 Copyright © 2016 BAE Systems. All Rights Reserved. BAE Systems is a trade mark of BAE Systems plc
|
BAE SYSTEMS PROPRIETARY
BAE SYSTEMS PROPRIETARY
The World is Changing
Advanced threats against governments, nations and businesses used to be purely physical
Battles would take place in the air, on land, or in the sea— the battlefield has now extended to cyberspace
Digital threats can now move beyond borders quickly and this interconnected world leaves organisations porous and vulnerable to threats
Governments and businesses have an urgent requirement to comply with increasing regulation, whilst transforming and meeting the customer’s needs
9 Copyright © 2016 BAE Systems. All Rights Reserved. BAE Systems is a trade mark of BAE Systems plc
|
BAE SYSTEMS PROPRIETARY
BAE SYSTEMS PROPRIETARY
We all know about the external threat
69% of large organisations were attacked by an unauthorised
outsider in the last year (up from 55% a year ago).
Information Security Breaches Survey 2015
In November 2014 the Guardians of Peace wiped the IT infrastructure of Sony
Pictures and leaked embarrassing confidential information. Release of “The
Interview” was cancelled.
"Last year our cyber defences blocked around 400,000 advanced malicious cyber threats against the Government's secure
internet alone, so the threat is real."
Defence Secretary Philip Hammond, Conservative Party Conference 2013
In June 2010 the Stuxnet computer worm infected the software of at least 14 industrial sites in Iran, including a uranium-enrichment plant, reportedly destroying roughly a fifth of Iran’s nuclear centrifuges by causing them to
spin out of control.
10 Copyright © 2016 BAE Systems. All Rights Reserved. BAE Systems is a trade mark of BAE Systems plc
|
BAE SYSTEMS PROPRIETARY
BAE SYSTEMS PROPRIETARY
But don’t forget the Insider Threat!
75% of large organisations suffered staff-related security breaches in the last year
Extracts from Information Security Breaches Survey (ISBS) 2013
13% of large organisations had a security or data breach in the last year relating to social networking
sites
50% of the worst breaches in the year were caused by inadvertent human error.
57% of breaches in the last year were caused by staff breaking data protection regulations
65% of breaches involved unauthorised access to data by staff
11 Copyright © 2016 BAE Systems. All Rights Reserved. BAE Systems is a trade mark of BAE Systems plc
|
BAE SYSTEMS PROPRIETARY
BAE SYSTEMS PROPRIETARY
THE TRADITIONAL RESPONSE TO THE CYBER THREAT…
…attempt to reduce “risky”
employee behaviour.
Build higher perimeters
and seek greater isolation
from the threat…
… add new protection at
the perimeter, and…
12 Copyright © 2016 BAE Systems. All Rights Reserved. BAE Systems is a trade mark of BAE Systems plc
|
BAE SYSTEMS PROPRIETARY
BAE SYSTEMS PROPRIETARY
… but there are problems with this approach
• Perimeter is hard to define
• “Risky” activities can drive business
• Threat is not always external
• Enterprise perimeter hard to protect
Mobile SalesTeam
Cyber Threat
OutsourceSupplier
ChannelPartner
Customer
13 Copyright © 2016 BAE Systems. All Rights Reserved. BAE Systems is a trade mark of BAE Systems plc
|
BAE SYSTEMS PROPRIETARY
BAE SYSTEMS PROPRIETARY
Agenda
Introductions1
The cyber threat2
What can we do about it?3
Bringing it together – roadmaps and challenges4
Conclusions5
14 Copyright © 2016 BAE Systems. All Rights Reserved. BAE Systems is a trade mark of BAE Systems plc
|
BAE SYSTEMS PROPRIETARY
BAE SYSTEMS PROPRIETARY
˃ Cyber attacks are increasingly sophisticated and prevalent
The growing problem
Deal with the huge volume of data flowing across their networks
Operationalise threat data quickly so they can spot and shut down attacks fast
Analyse Tactics, Training, Tools and Procedures to quickly adapt and get ahead of the threat
Step back and create situational awareness to see the bigger national and international picture
Nations are finding it increasingly difficult to:
15 Copyright © 2016 BAE Systems. All Rights Reserved. BAE Systems is a trade mark of BAE Systems plc
|
BAE SYSTEMS PROPRIETARY
BAE SYSTEMS PROPRIETARY
BAE Systems approach for cyber defence˃ Cyber defence is organised into 4 areas…
Predict
DetectRespond
PreventUnderstand the
cyber risks
Protect information and IT
Monitor networks for attacks
Managing the consequences of
attacks
The threats an organisation faces should determine the tools, methods and systems used
16 Copyright © 2016 BAE Systems. All Rights Reserved. BAE Systems is a trade mark of BAE Systems plc
|
BAE SYSTEMS PROPRIETARY
BAE SYSTEMS PROPRIETARY
Mid Space CyberNational level monitoring
A model for national cyber defense
Departm
ent
Netw
ork
Departm
ent
Netw
ork
Departm
ent
Netw
ork
Departm
ent
Netw
ork
“Bad guy”
Departm
ent
Netw
ork
Govt executive branchNational level policy and standard setting
SOCSectorCERT
SOCSector CERT
ASOCMOD CERT
ASOCSectorCERT
ASOCSector CERT
National CERTOrchestrating and sharing policy, threat intelligence and training across nation,
17 Copyright © 2016 BAE Systems. All Rights Reserved. BAE Systems is a trade mark of BAE Systems plc
|
BAE SYSTEMS PROPRIETARY
BAE SYSTEMS PROPRIETARY
What is a Security Operations Centre
ProbesProbesConnectorsEvent
CorrelationRules Engine
Event Archive
Anti-Virus
Firewalls
Web Proxies
AD / DHCP / DNS
Host Agents
Network Probes
IPS
Threat Intel
Sensors
Centralised location(s) where key organisational IT assets are monitored and defended from cyber attacks
18 Copyright © 2016 BAE Systems. All Rights Reserved. BAE Systems is a trade mark of BAE Systems plc
|
BAE SYSTEMS PROPRIETARY
BAE SYSTEMS PROPRIETARY
˃ Pros and cons
Traditional SOCs
• Capable of ingesting a wide range of data and offering real time detection
• Ideally utilized to address immediate security posture and support real time activity
• BUT
• Limited ability to apply sophisticated algorithms to identify longer term traits
• Poor understanding of high-risk behaviours
• So the sophisticated enemy has adapted and can go undetected
19 Copyright © 2016 BAE Systems. All Rights Reserved. BAE Systems is a trade mark of BAE Systems plc
|
BAE SYSTEMS PROPRIETARY
BAE SYSTEMS PROPRIETARY
The Advanced Security Operations Centre
20 Copyright © 2016 BAE Systems. All Rights Reserved. BAE Systems is a trade mark of BAE Systems plc
|
BAE SYSTEMS PROPRIETARY
BAE SYSTEMS PROPRIETARY
WHAT IS THREAT INTELLIGENCE
“Threat Intelligence is defined as the output of a process that combines threat data with additional context that is
relevant to your organisation.”
21 Copyright © 2016 BAE Systems. All Rights Reserved. BAE Systems is a trade mark of BAE Systems plc
|
BAE SYSTEMS PROPRIETARY
BAE SYSTEMS PROPRIETARY
˃ We track of over 100 sophisticated attack groups
The evolving threat
Malware feeds
SOC Threat
Intelligence
Active & passive
tracking
Incident Response
Team
Social media &
hacker forums
Open Source &
security research
communities
Intelligence
exchange with
trusted partners
We are the greatest industrial contributor of Threat Intelligence to US Department of Defense and UK Gov-CERT
Example trends- Adverse publicity for China caused
some groups to disband but new groups have emerged and attacks are increasingly sophisticated and more targeted
- Multiple reports of reports of alleged Russian cyber-espionage emerged in 2014 but all groups are undeterred and still active
22 Copyright © 2016 BAE Systems. All Rights Reserved. BAE Systems is a trade mark of BAE Systems plc
|
BAE SYSTEMS PROPRIETARY
BAE SYSTEMS PROPRIETARY
Organisations recognise the benefits threat intelligence (TI) can bring
Process is largely manualTechnology needed to automate and optimize
workflow to turn information into intelligence which powers defense
… but they struggle to adequately processand review TI with limited resources
MANAGING THREAT INTELLIGENCE ISN’T EASY
OUTINTHREAT
INFORMATIONDEFENSIVE POWERANALYZE ACTIONACQUIRE PROCESS STORE
23 Copyright © 2016 BAE Systems. All Rights Reserved. BAE Systems is a trade mark of BAE Systems plc
|
BAE SYSTEMS PROPRIETARY
BAE SYSTEMS PROPRIETARY
Advanced threat analytics to discover the new threats
23
Collects full breadth of data
Maximum efficiency at point of investigation
Proven, behavioral analytics across full
context of data
Massively scalable, parallelized data
processing platform
1 Billion events 10 investigations
24 Copyright © 2016 BAE Systems. All Rights Reserved. BAE Systems is a trade mark of BAE Systems plc
|
BAE SYSTEMS PROPRIETARY
BAE SYSTEMS PROPRIETARY
ADVANCED SOC – DETECTING NEW ATTACK METHODS
Example – Periodic Beaconing
• Purpose – Detection of structured malware beaconing to C2 infrastructure
• Scale – Every unique combination of IP Address / Hostname on the network
• Complexity – Autocorrelation function run over every IP / Hostname pair
• Performance – Addition of entity risk scoring to prioritise‘bad’ beaconing
1010
0101
Monitor
ProtectiveMonitoring
Advanced ThreatDetection
Analytics & RulesDevelopment
25 Copyright © 2016 BAE Systems. All Rights Reserved. BAE Systems is a trade mark of BAE Systems plc
|
BAE SYSTEMS PROPRIETARY
BAE SYSTEMS PROPRIETARY
INSIDER THREATS REQUIRE A DIFFERENT APPROACH
Performance degradation
Policy violations
Escalated privileges
Attempted exfiltration
Suspect social network
1
2
3
4
5
Attack stage: Achieve effect
Attack technique: Exfiltration
Data source: Network data
Alert type: Suspicious social network
Analytic technique: Graph scoring
Analysis of email relationships between employees and external recipients establishes trusted social network
Suspicious webmail communication channel in receipt of an archive (.zip) document
Fuzzy matching entities highlights alternative, legitimate comms. channel
26 Copyright © 2016 BAE Systems. All Rights Reserved. BAE Systems is a trade mark of BAE Systems plc
|
BAE SYSTEMS PROPRIETARY
BAE SYSTEMS PROPRIETARY
Incident Response highlights
Founding member and CESG certified
incident response provider.
We leverage our threat intelligence team to provide a real-time overview of the
latest threats.
Our experience is based on nearly a decade defending clients against
advanced cyber attacks.
We provide incident readiness and advanced training for organisations.
Experienced in handling cases from espionage to financial fraud.
We deliver global incident response to deal with the increasingly
international threats our clients face.
Incident management, digital forensics, malware reverse
engineering, network traffic analysis and SCADA expertise.
Our experts work with companies to ensure they can react rapidly to major
attacks.
27 Copyright © 2016 BAE Systems. All Rights Reserved. BAE Systems is a trade mark of BAE Systems plc
|
BAE SYSTEMS PROPRIETARY
BAE SYSTEMS PROPRIETARY
MID-SPACE CONCEPT OF OPERATIONS
National Telecommunications Infrastructure
Existing tap points in CSP networks
Multi-mission / LI network probes
Comms. Intel Mission
• Signature-based / “IDS-like” alerting• Anti-virus / malware scanning• Blacklisting known bad domains / URLs• Statistical DDoS detection and mitigation• Metadata generation / content capture
Threat Intelligence
• Threat indicator management• Threat actor campaign tracking• National-level situational awareness
Mid-space Monitoring
• Mid-space “known-bad” alert triage• National scale DDoS monitoring• Attack proliferation monitoring• Mid-space tasking and management Alerts to subscribing
organisations
Qualified threat intelligence
SelectedContent
BulkMetadata
Verified Alerts
Departmental Perimeter
28 Copyright © 2016 BAE Systems. All Rights Reserved. BAE Systems is a trade mark of BAE Systems plc
|
BAE SYSTEMS PROPRIETARY
BAE SYSTEMS PROPRIETARY
National Cyber Security Operations Centre
Providing advanced cross-organisation cyber security monitoring and detection of cyber campaigns against the State.
Creating and sharing situational awareness of cyber threats facing the State through the use of big data and analytics.
Orchestrating national cyber protection, and supporting recovery activities, for both government and critical organisations.
Strengthening the future of the State by developing local skills and experience in cyber security specialist subjects.
Co-operating with international law enforcement,cyber security partners and other nations’ cyber response teams.
29 Copyright © 2016 BAE Systems. All Rights Reserved. BAE Systems is a trade mark of BAE Systems plc
|
BAE SYSTEMS PROPRIETARY
BAE SYSTEMS PROPRIETARY
Bringing the mission to life
National Cyber Security Operations
Centre (NCSOC)
Departm
ent
Netw
ork
Departm
ent
Netw
ork
Departm
ent
Netw
ork
Departm
ent
Netw
ork
Departm
ent
Netw
ork
“Bad guy”
ASOCDept.ASOC
ASOCDept.ASOC
CERTDept.CERT
ASOCDept.ASOC
ASOCDept.ASOC
(1) ASOC detects a phishing email, raises an alert and related
information sent to the NCSOC
(2) NCSOC reviews data, links it to other incidents in two other ASOC and issues alerts
(4) NCSOC extracts new intelligence on the
attacker’s malware and infrastructure. This is
exchanged with international partners as part of the global fight
against cyber-crime
(3) Response teams carry out recommended
actions and close the security Incidents
30 Copyright © 2016 BAE Systems. All Rights Reserved. BAE Systems is a trade mark of BAE Systems plc
|
BAE SYSTEMS PROPRIETARY
BAE SYSTEMS PROPRIETARY
Agenda
Introductions1
The cyber threat2
What can we do about it?3
Bringing it together – roadmaps and challenges4
Conclusions5
31 Copyright © 2016 BAE Systems. All Rights Reserved. BAE Systems is a trade mark of BAE Systems plc
|
BAE SYSTEMS PROPRIETARY
BAE SYSTEMS PROPRIETARY
A roadmap for building National Cyber Defence
Year 3
Year 1Q1 Q2 Q3 Q4
Year 2Q5 Q6 Q7 Q8
Year 3Q9 Q10
Phase 1Prepare and enhance
Phase 2Build and transition
Phase 3Optimise and improve
Businessas usual
So
ph
isti
ca
ted
A
tta
ck
Pro
tecti
on
Fa
ste
r re
me
dia
tio
n
& r
esp
on
se
Th
rea
t In
tell
ige
nce
Policy &Processes
DisasterRecovery
Capacity & Capability Building
Support & Maintenance
Infrastructure
Build
Vulnerability
Assessment Rollout
Initial Mid-Space
Capability
Pen-testing
Equipment
In-house Threat
Intelligence
Management
BAE Systems
Incident Response
Service Go-live
In-house
Incident
Response
BAE Systems AI
Threat Intel
Service Go-live
Threat
Intelligence
SharingASOC Target
Operating Model
Policy
Audit
ASOC Policy
Rollout
Business
Continuity
Training
development
Training Range
Operational
Pen- testers
Ready
Incident
Responders+
ASOC
Support
Integrated
National cyber
defences
Threat
Intelligence
platform
Security Assessment
Capability
National cyber
awareness
programme
In-house
Development
Programme
Develop DR
strategy
32 Copyright © 2016 BAE Systems. All Rights Reserved. BAE Systems is a trade mark of BAE Systems plc
|
BAE SYSTEMS PROPRIETARY
BAE SYSTEMS PROPRIETARY
Case study 1: Delivering national cyber defence
The cyber challenges:
1. Cyber crime and terrorism
2. Cross-border cyber threats
3. Managing cyber crises
4. Collation, analysis and sharing of cyber threat intelligence
5. National cyber security
6. Capability and capacitydevelopment
33 Copyright © 2016 BAE Systems. All Rights Reserved. BAE Systems is a trade mark of BAE Systems plc
|
BAE SYSTEMS PROPRIETARY
BAE SYSTEMS PROPRIETARY
Case Study 2: Improving the SOC…
C Y B E R A T T A C K
Multiple systems
providing multiple
defensive layers
Open architecture with
best in class
technology
Continuous learning to
create world-class cyber
security practitioners
Efficient integrated
processes – Target
Operating Model
34 Copyright © 2016 BAE Systems. All Rights Reserved. BAE Systems is a trade mark of BAE Systems plc
|
BAE SYSTEMS PROPRIETARY
BAE SYSTEMS PROPRIETARY
Case study 3: National Cyber training programmeEthical hacking
Web app hacking
Wireless security
Implementing ISO27001
Awareness: end user
Awareness: senior
Cyber behavioural
analysis
Monitoring system design &
build
Penetration testing
Cyber data science
SOC operations
Forensic investigation
Malware investigation
Computer security incident
investigation
Security architecture
Secure coding
ICS/SCADA security
Cyber threat intelligence
Cyber strategy and governance
Cyber Fundamentals
Implementing PCI-DSS
Cyber wargaming
SOC incident response
Information assurance and accreditation
Mobile device security
Cloud security
Malware reverse engineering
Cryptosystems
Highly classified networks
Specialist forensics
35 Copyright © 2016 BAE Systems. All Rights Reserved. BAE Systems is a trade mark of BAE Systems plc
|
BAE SYSTEMS PROPRIETARY
BAE SYSTEMS PROPRIETARY
Agenda
Introductions1
The cyber threat2
What can we do about it?3
Bringing it together – roadmaps and challenges4
Conclusions5
36 Copyright © 2016 BAE Systems. All Rights Reserved. BAE Systems is a trade mark of BAE Systems plc
|
BAE SYSTEMS PROPRIETARY
BAE SYSTEMS PROPRIETARY
Why we are different
We are a security innovator
We take a consulting approach
We are a systems integrator
We build sovereign capability
We think local and act global
Researching threats and building world class tools
To understand customers problems and build effective solutions
Building and delivering successful large scale programmes
Using locally security cleared companies and staff and building links with universities
Culture, language and local knowledge are key to success
Questions
37 Copyright © 2016 BAE Systems. All Rights Reserved. BAE Systems is a trade mark of BAE Systems plc
|
Conclusions
• Threats are growing – and will continue
• Effective national cyber defencerequires a layered approach
• Key success factors will be:• Threat intelligence
• Advanced analytics
• Collaboration and skills development
38 Copyright © 2016 BAE Systems. All Rights Reserved. BAE Systems is a trade mark of BAE Systems plc
|
BAE Systems14 Childers StCanberraACT 2601Australia
T: +61 (0)2 6245 [email protected]
Unpublished Work Copyright © 2016 BAE Systems. All Rights Reserved.
BAE SYSTEMS, the BAE SYSTEMS Logo and the product names referenced herein are trademarks of BAE Systems plc.
The information in this document contains proprietary information of BAE Systems. Neither this document nor any of the proprietary information contained therein shall be (in whole or in part) published, reproduced, disclosed, adapted, displayed, used or otherwise made available or accessible (in each case, in any form or by any means) outside of BAE Systems without the express written consent from the document originator or an approved representative of BAE Systems.
BAE SYSTEMS PROPRIETARY
BAE SYSTEMS PROPRIETARY