Cyber Security: Threats and Needed Actions John M. Gilligan www.gilligangroupinc.com Research Board September 17, 2009.

Slides:



Advertisements
Similar presentations
ETHICAL HACKING A LICENCE TO HACK
Advertisements

Incident Response Managing Security at Microsoft Published: April 2004.
David A. Brown Chief Information Security Officer State of Ohio
Current Security Threats WMO CBS ET-CTS Toulouse, France May 2008 Allan Darling, NOAA’s National Weather Service WMO CBS ET-CTS Toulouse, France.
STOP.THINK.CONNECT™ NATIONAL CYBERSECURITY AWARENESS CAMPAIGN SMALL BUSINESS PRESENTATION.
Cyber Security: Past and Future John M. Gilligan CERT’s 20 th Anniversary Technical Symposium Pittsburgh, PA March 10, 2009.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Solving the CIO’s Cybersecurity Dilemma: 20 Critical Controls for Effective Cyber Defense John M. Gilligan National Summit on.
Chapter 8 Information Systems Controls for System Reliability— Part 1: Information Security Copyright © 2012 Pearson Education, Inc. publishing as Prentice.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions Steve Katz, CISSP Security.
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.
NUAGA May 22,  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.
SEC835 Database and Web application security Information Security Architecture.
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.
K E M A, I N C. NERC Cyber Security Standards and August 14 th Blackout Implications OSI PI User Group April 20, 2004 Joe Weiss
Agenda Do You Need to Be Concerned? Information Risk at Nationwide
US-CERT National Cyber Security Division/ U.S. Computer Emergency Readiness Team (US-CERT) Overview Lawrence Hale Deputy Director, US-CERT.
E-Security: 10 Steps to Protect Your School’s Network NEN – the education network.
Business Computing 550 Lesson 6. 2 Security Threats on Web Sites Issues and vulnerabilities 1.Illegal Access and Use (Hacking the system or users exposing.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Automating Enterprise IT Management by Leveraging Security Content Automation Protocol (SCAP) John M. Gilligan May, 2009.
Assessment Presentation Philip Robbins - July 14, 2012 University of Phoenix Hawaii Campus Fundamentals of Information Systems Security.
Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.
Firewall Technologies Prepared by: Dalia Al Dabbagh Manar Abd Al- Rhman University of Palestine
Information Systems Security Operations Security Domain #9.
Managing Data Against Insider Threats Dr. John D. Johnson, CISSP.
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.
GSHRM Conference Cyber Security Education Shri Cockroft, CISO Piedmont Healthcare, Inc. September 21, 2015.
Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.
Lecture 19 Page 1 CS 236 Online 16. Account Monitoring and Control Why it’s important: –Inactive accounts are often attacker’s path into your system –Nobody’s.
Note1 (Admi1) Overview of administering security.
Understanding Technology Stakeholders: Their Progress and Challenges John M. Gilligan Software Assurance Forum November 4, 2009.
Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.
Module 11: Designing Security for Network Perimeters.
HO © 2012 Fluor. All rights reserved. Quick Wins in Vulnerability Management Classification: Confidential Owner: Michael Holcomb Approver: Phil.
Critical Security Controls & Effective Cyber Defense Hasain “The Wolf”
IPv6 security for WLCG sites (preparing for ISGC2016 talk) David Kelsey (STFC-RAL) HEPiX IPv6 WG, CERN 22 Jan 2016.
Part 1: Corporate Operational benefits, Non-technical information for FSOs and ISSMs/ISSOs Part 2: Technical Tips on how to conduct a better audit review.
“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.
Education – Partnership – Solutions Information Security Office of Budget and Finance Christopher Giles Governance Risk Compliance Specialist The Internet.
Dr. Mark Gaynor, Dr. Feliciano Yu, Bryan Duepner.
Information Security tools for records managers Frank Rankin.
ASHRAY PATEL Securing Public Web Servers. Roadmap Web server security problems Steps to secure public web servers Securing web servers and contents Implementing.
Program Overview and 2015 Outlook Finance & Administration Committee Meeting February 10, 2015 Sheri Le, Manager of Cybersecurity RTD.
© ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 10 Network Security Management.
SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #
Lecture 19 Page 1 CS 236 Online 6. Application Software Security Why it’s important: –Security flaws in applications are increasingly the attacker’s entry.
September 20, 2016 How to Defend Your Organization from a Cyber Breach LTC Tim Bloechl (U.S. Army, Ret.) Director, Cyber Security Business.
Increasing Information and Data Security in Today’s Cybersecurity World 2017 Conference Review 6/6/2017.
BruinTech Vendor Meet & Greet December 3, 2015
3 Do you monitor for unauthorized intrusion activity?
Cybersecurity - What’s Next? June 2017
Critical Security Controls
Cyber Security Enterprise Risk Management: Key to an Organization’s Resilience Richard A. Spires CEO, Learning Tree International Former CIO, IRS and.
Security Standard: “reasonable security”
Cyber Protections: First Step, Risk Assessment
Joe, Larry, Josh, Susan, Mary, & Ken
I have many checklists: how do I get started with cyber security?
By: Tekeste Berhan Habtu Chief Executive Officer Venue: African Union
Implementing and Auditing the Critical Controls
Cybersecurity Special Public Meeting/Commission Workshop for Natural Gas Utilities September 27, 2018.
National Cyber Security
David J. Carter, CISO Commonwealth Office of Technology
Cybersecurity ATD technical
Intrusion Detection system
Cybersecurity Threat Assessment
16. Account Monitoring and Control
6. Application Software Security
Presentation transcript:

Cyber Security: Threats and Needed Actions John M. Gilligan Research Board September 17, 2009

Topics Historical Perspectives Cyber Security Threats--A National Crisis White House Cyber Security Policy Review Near Term Opportunities Ongoing Efforts Longer term Needs Closing Thoughts 2

Historical Perspectives Internet, software industry, (personal) computers—rooted in creativity not engineering Security in the Cold War Era – Security “Gurus”—Keepers of the Kingdom The World Wide Web changes the security landscape-- forever Post Cold War: The Age of Information Sharing Legacy of the past is now our “Achilles Heel” 3

Cyber Security Threats Today--A New “Ball Game” Our way of life depends on a reliable cyberspace Intellectual property is being downloaded at an alarming rate Cyberspace is now a warfare domain Attacks increasing at an exponential rate (e.g. Conficker) Fundamental network and system vulnerabilities cannot be fixed quickly Entire industries exist to “Band Aid” over engineering and operational weaknesses Industry impacts can be profound (e.g., Heartland) Cyber Security is a National Security Crisis! 4

Heartland Payment Systems Disclosure of intrusions--Jan 20,

Obama Cyberspace Policy Review— “60 Day Review” The Nation is at a crossroads Cyberspace risks pose some of most serious challenges to economic and national security Need to begin national dialogue on cybersecurity Solutions must involve partnership with private sector and international engagement White House must lead the way 6

Recommended Near-Term Actions Appoint White House Cybersecurity official and supporting organization Prepare updated national strategy Designate cybersecurity as Presidential priority Initiate public awareness campaign and strengthen international partnerships New policies regarding roles/responsibilities Prepare cyber incident response plan Develop research plan and vision for identity management On hold pending appointment of White House Cyber Czar 7

Government Actions Comprehensive National Cyber Initiative (CNCI) Department of Homeland Security Reorganization Smart Grid Cyber Security Initiative (Some) Public-Private Partnerships – Defense Industrial Base (DIB) – Other special relationships (Many) Legislative Proposals 8

An Effective Public-Private Partnership: 20 Critical Controls for Effective Cyber Defense* Underlying Rationale – Let “Offense drive Defense” – Focus on most critical areas CAG: Twenty security controls based on attack patterns Government and Private Sector consensus Emphasis on auditable controls and automated implementation/enforcement Pilots and standards for tools ongoing * Also called the “Consensus Audit Guidelines” or “CAG” ( 9

Longer-Term Actions: IT Reliably Enabling Business Change the dialogue: Reliable, resilient IT is fundamental to future National Security and Economic Growth New business model for software industry – First step—self certified, locked-down configurations – Longer term—software with reliability warranties Redesign the Internet to provide reliable attribution, increased security Get the “man out of the loop”—use automated tools (e.g., SCAP) Foster new IT services models – Assume insecure environment – Increased use of virtualization – Secure “cloud” Develop professional cyberspace workforce Need to Fundamentally “Change the Game” to Make Progress 10

Closing Thoughts Government and Industry need to treat cyber security as an urgent priority Near-term actions important but need to fundamentally change the game to get ahead of the growing threat IT community needs to reorient the dialogue on cyber security—the objective is reliable and resilient information As an example, Cyber Security in DoD is more mature—but still woefully inadequate Cyber Security is Fundamentally a Leadership Issue! 11

Contact Information John M. Gilligan 12

Security Content Automation Protocol (SCAP) What is it: A set of open standards that allows for the monitoring, positive control, and reporting of security posture of every device in a network. How is it implemented: Commercial products implement SCAP protocols to exchange and enforce configuration, security policy, and vulnerability information. Where is it going: Extensions in development to address software design weaknesses, attack patterns, and malware attributes. SCAP Enables Automated Tools To Implement And Enforce Secure Operations 13

Top 20 Cyber Attacks and Related Control (not in priority order) AttackControl SummaryComments 1. Scan for unprotected systems on networks Maintain inventory of authorized and unauthorized devices on networks Find devices that can be exploited to gain access to other interconnected systems. 2. Scan for vulnerable versions of software Maintain inventory of authorized and unauthorized software Find software versions that are able to be exploited remotely to gain entry to other systems. 3. Scan for software with weak configurations Implement secure configurations for HW/SW computer devices Original configurations from vendors often have inadequate security controls enabled. 4. Scan for network devices with exploitable vulnerabilities Implement secure configurations for network devices (routers, switches, firewalls, etc.) Network devices often become less securely configured over time unless they are diligently maintained. 5. Attack boundary devicesImplement multi-layered boundary defenses Attackers attempt to exploit boundary systems (e.g., DMZ or network perimeter) to gain access to network or interrelated networks 14

Top 20 Cyber Attacks and Related Control (Continued) (not in priority order) AttackControl SummaryComments 6. Attack without being detected and maintain long-term access due to weak audit logs Maintain and monitor audit logs Weak protection of or inadequate logging and monitoring permits attackers to hide actions 7. Attack web-based or other application software Robust security controls and testing of application software Longstanding code weaknesses (e.g., SQL injection, buffer overflows) can be exploited 8. Gain administrator privileges to control target machines Implement controlled use of administrator privileges Attacks exploit weak protection or control over administrator privileges 9. Gain access to sensitive data that is not adequately protected Implement controlled access based on need to know Once inside a system, attackers exploit weak access controls 10. Exploit newly discovered and unpatched vulnerabilities Continuous vulnerability assessment and remediation Attackers exploit the time between vulnerability discovery and patching 15

Top 20 Cyber Attacks and Related Control (Continued) (not in priority order) AttackControl SummaryComments 11. Exploit inactive user accounts Monitor and control user accounts Legitimate but inactive or accounts of former employees are exploited 12. Implement malware attacks Implement up-to-date anti- virus, anti-spyware, and Intrusion Prevention System controls Malware attacks continue to evolve leaving non- updated systems exposed 13. Exploit poorly configured network services Limit and control network ports, protocols and services Attackers focus on unprotected or unneeded ports and protocols 14. Exploit weak security of wireless devices Implement controls for wireless devices Example attacks include unauthorized access from parking lots, exploiting traveling employees, etc. 15. Steal sensitive dataImplement controls to detect and prevent unauthorized exfiltration Includes both electronic and physical (i.e., stolen laptops) attacks 16

Top 20 Cyber Attacks and Related Control (Continued) (not in priority order) AttackControl SummaryComments 16. Map networks looking for vulnerabilities Implement secure network engineering Look for unprotected (i.e., weak) links or weak filtering/controls in network 17. Attack networks and systems by exploiting vulnerabilities undiscovered by target system personnel Conduct penetration tests to evaluate and exercise defenses Attack exploits social engineering and inability of system to respond to automated attacks 18. Attack systems or organizations that have no or poor attack response Implement effective cyber incident response capabilities True magnitude and impact of attack can be masked by inadequate response 19. Change system configurations and/or data so that organization cannot restore it properly Implement data and system recovery procedures Leave backdoors or data errors that permit future attacks or disrupt operations 20. Exploit poorly trained or poorly skilled employees Conduct skills assessment and ensure adequate training across the enterprise Attacks focus on manipulating end users, administrators, security operators, programmers, or even system owners 17

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.