Protecting the CNI BCS ELITE 9 June 2005 Mick Morgan Head of Response.

Slides:



Advertisements
Similar presentations
National Infrastructure Security Co-ordination Centre
Advertisements

© Ravi Sandhu Introduction to Information Security Ravi Sandhu.
Copyright, The Malware Menagerie Roger Clarke, Xamax Consultancy, Canberra Visiting Professor in Cyberspace Law & Policy at U.N.S.W., eCommerce.
Are you Resilient? Diane Howorth Business Development Manager European Telecommunications Resilience & Recovery Association.
7 Effective Habits when using the Internet Philip O’Kane 1.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,
The development of Internet A cow was lost in Jan 14th If you know where it is, please contact with me. My QQ number is QQ is one of the.
Managing Information Systems Information Systems Security and Control Part 1 Dr. Stephania Loizidou Himona ACSC 345.
Security Alert: Latest Trends in Global Attacks, Sources and Impact Vince Steckler Vice President, Asia Pacific.
1 Telstra in Confidence Managing Security for our Mobile Technology.
Course ILT Security overview Unit objectives Discuss network security Discuss security threat trends and their ramifications Determine the factors involved.
 What is a botnet?  How are botnets created?  How are they controlled?  How are bots acquired?  What type of attacks are they responsible for? 
BOTNETS/Cyber Criminals  How do we stop Cyber Criminals.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
1 Understanding Botnet Phenomenon MITP Kevin Lynch, Will Fiedler, Navin Johri, Sam Annor, Alex Roussev.
Bots and Botnets CS-431 Dick Steflik. DDoS ● One of the most common ways to mount a Distributed Denial of Service attacks is done via networks of zombie.
1. 2 A High Tech Crime Investigation Lessons learned by the National High Tech Crime Center Hans Oude Alink, project leader NHTCC November 2005.
1 Case Study ESTABLISHING NATIONAL CERT By Saleem Al-Balooshi Etisalat - AE.
(Geneva, Switzerland, September 2014)
CERN - IT Department CH-1211 Genève 23 Switzerland t Update on the underground economy and making profit on the black market Wojciech Lapka.
Internet Relay Chat Security Issues By Kelvin Lau and Ming Li.
Comptroller of the Currency Administrator of National Banks E- Security Risk Mitigation: A Supervisor’s Perspective Global Dialogue World Bank Group September.
Botnets Uses, Prevention, and Examples. Background Robot Network Programs communicating over a network to complete a task Adapted new meaning in the security.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
Peter Burnett Head of Information Sharing National Infrastructure Security Co-ordination Centre.
© 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 1 Information (Data) Security & Risk Mitigation.
1 Internet Security Threat Report X Internet Security Threat Report VI Figure 1.Distribution Of Attacks Targeting Web Browsers.
Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.
B OTNETS T HREATS A ND B OTNETS DETECTION Mona Aldakheel
MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.
Free Trade in the Cyber Underground Malware Outsourcing Marita Fowler Farrah Patterson CAP 6135 – Term Project Proposal.
Isdefe ISXXXX XX Your best ally Panel: Future scenarios for European critical infrastructures protection Carlos Martí Sempere. Essen.
COMP 2903 A27 – Why Spyware Poses Multiple Threats to Security Danny Silver JSOCS, Acadia University.
Internet Drivers License CSS411/BIS421 Computing Technology & Public Policy Mark Kochanski Spring 2010.
WEBSENSE ® SECURITY LABS™ 2006 Semi-Annual Web Security Trends Report OWASP Presentation November 9, 2006 Jim Young (301)
Bots Used to Facilitate Spam Matt Ziemniak. Discuss Snort lab improvements Spam as a vehicle behind cyber threats Bots and botnets What can be done.
Topics to be covered 1. What are bots,botnet ? 2.How does it work? 4.Prevention of botnet. 3.Types of botnets.
Maintaining a Secure Messaging Environment Across , IM, Web and Other Protocols Jim Jessup Regional Manager, Information Risk Management Specialist.
Chapter 13 Understanding E-Security. 2 OBJECTIVES What are security concerns (examples)? What are two types of threats (client/server) Virus – Computer.
NATO Advanced Research Workshop “Best Practices and Innovative Approaches to Develop Cyber Security and Resiliency Policy Framework” Scenario for Discussion.
1 Figure 4-16: Malicious Software (Malware) Malware: Malicious software Essentially an automated attack robot capable of doing much damage Usually target-of-opportunity.
BOTNETS Presented By : Ramesh kumar Ramesh kumar 08EBKIT049 08EBKIT049 A BIGGEST THREAT TO INERNET.
Protecting Your Business! SBA Ft. Lauderdale November 15, 2006 Gregory Levine, Sr. Director Marketing.
Communications-Electronics Security Group. Excellence in Infosec.
1 CERN’s Computer Security Challenges Denise Heagerty CERN Computer Security Officer Openlab Security Workshop, 27 Apr 2004.
Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.
Advanced attack techniques Advanced attack techniques Increased by passing techniques against the existing detection methods such as IDS and anti- virus.
Topic 5: Basic Security.
Conficker Update John Crain. What is Conficker? An Internet worm  Malicious code that is self-replicating and distributed over a network A blended threat.
International Recovery Forum 2014 ~ The Role of Private Sector in Disaster Recovery ~ 21 January 2014 Kobe, Japan Dr Janet L. Asherson THE LINK BETWEEN.
Pacific Northwest Digital Government Summit Security – How Much is Enough? June 20, 2006 SA Kenneth A. Schmutz.
Engineering and Management of Secure Computer Networks School of Engineering © Steve Woodhead 2009 Corporate Governance and Information Security (InfoSec)
West Midlands Police response to Cybercrime: Local, Regional and National capabilities DCI Iain Donnelly.
1 Integrated Site Security Project Denise Heagerty CERN 22 May 2007.
External Threats Internal Threats Nation States Cyber Terrorists Hacktivists Organised criminal networks Independent insider Insider planted by external.
1 Botnets Group 28: Sean Caulfield and Fredrick Young ECE 4112 Internetwork Security Prof. Henry Owen.
PCs ENVIRONMENT and PERIPHERALS Lecture 10. Computer Threats: - Computer threats: - It means anything that has the potential to cause serious harm to.
Threats To Data 30 Threats To Data 30. Threats To Data 30 We’re now going to look at a range of different threats to people’s data: Opportunity Threats.
BY: AUSTIN NEIGH. WHAT IS CYBER WARFARE? Hacking that is politically motivated to conduct sabotage or espionage Form of information warfare Typically.
Cyber Security – Client View Peter Gibbons | Head of Cyber Security, Group Business Services Suppliers’ Summer Conference 15/07/2015.
Lecturer: Eng. Mohamed Adam Isak PH.D Researcher in CS M.Sc. and B.Sc. of Information Technology Engineering, Lecturer in University of Somalia and Mogadishu.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.
Prevent - Stopping People Becoming Terrorists or Supporting Terrorism Detective Chief Superintendent Alan Lyon National Coordinator Prevent
Cyber Security Phillip Davies Head of Content, Cyber and Investigations.
Securing Information Systems
Chapter 9 E-Commerce Security and Fraud Protection
LO1 - Know about aspects of cyber security
Presentation transcript:

Protecting the CNI BCS ELITE 9 June 2005 Mick Morgan Head of Response

Overview What is NISCC?What is NISCC? What is the CNI?What is the CNI? What is the threat?What is the threat? How does NISCC work?How does NISCC work? NISCC products and servicesNISCC products and services

What is NISCC ? NISCC is an inter-departmental centre which co-ordinates activity across a range of organisations. Each organisation contributes resources and expertise to NISCC’s programme of work according to what value it can add. NISCC’s aim is to minimise the risk to the Critical National Infrastructure (CNI) from electronic attack (eA).

Security ~ Police ~ MI5 ~ CESG Defence ~ MOD ~ DSTL contribute to Civil Government ~ Home Office ~ Trade & Industry ~ Cabinet Office An Interdepartmental Centre

What is the CNI? Those parts of the United Kingdom’s infrastructure for which continuity is so important to national life that loss, significant interruption or degradation of service would have life-threatening, serious economic or other grave social consequences for the community, or would otherwise be of immediate concern to the Government.

The CNI Sectors TelecommunicationsTelecommunications EnergyEnergy FinanceFinance Government & Public ServicesGovernment & Public Services Water and SewerageWater and Sewerage Health ServicesHealth Services Emergency ServicesEmergency Services TransportTransport HazardsHazards FoodFood

The Threat

“The use of computers to gain unauthorised access to the data or control software of computer-based systems in order to acquire or corrupt data or disrupt the functioning of systems.” January 2002 Electronic attack (eA) : What is it?

Two types of eA Untargeted attacks: Indiscriminate attacks affecting availability & many targets   Examples: Worms, viruses   Profile: High   Impact: Short term high Targeted attacks: These focus on a particular target address   Examples: Hacking attacks, Trojan attacks   Profile: Generally low   Impact: Can be high & long term

1. 1.Greater exploitation of richness of software & speed of wired/wireless networks 2. 2.Growing online markets in malicious software & stolen information 3. 3.Impact of globalisation eg data ‘offshoring’ & outsourcing of system procurement, services & maintenance 4. 4.Developing eA capabilities of terrorists 5. 5.Concerns about sophisticated eAs: Difficult to detect; may be impossible to mitigate 2005+: Emerging threat themes

Exploiting a rich environment   Malicious code seeks to infect ‘fast & furiously’; attackers take control; victims become future ‘seeders’ …   More data available on-line … more stealing … exploiting opportunities in feature-rich software   Attack infrastructure development: Networks of ‘botnets’ can be easily controlled for DDoS, spam, data egress etc … 1000s of ‘zombies’ out there!   Underpinned by growth & increased speed of broadband & mobile networks

Exploiting Broadband - Botnets   A roBOT NETwork or ‘botnet’ is a network of compromised computers controlled by a client, a ‘botherder’ that issues commands via control or master servers   Command & control was Internet Relay Chat (IRC) but now can be any real time protocol inc Instant Messaging (IM)   The nodes of the ‘botnet’ (compromised PCs often called drones or zombies) are used to:   Compromise other computers   Flood targets (DDoS)   Propagate spam   Sniffing, keylogging, mass id theft   Egress data …   DIY: Much bot source code is available on the Internet   Rent: Nets of 10-50,000+ attack zombies available …

The growing online marketplace   ‘Goodbye kudos, hello $$££ … roubles?!’   Exploits for £££ … not for fun!   Markets for:   botnets: Just name your price & target!   malware: ‘zero-day’ exploits for purchase by all!   harvested info: CC nos, bank details, ids, passwords   processing time: on other people’s PCs!   Researchers motivated to discover more vulnerabilities   Faster ‘flash to bang’ times

Impact of globalisation   Global market brings advantages.. & risks   Profits linked to globalisation BUT …   Equipment purchased overseas might have additional vulnerabilities; manufacturers might be subject to political pressure   Installation, maintenance & upgrade services provided from overseas are exploitable   Outsourcing services & offshoring data to foreign companies brings hard to manage risks: monitoring contracts is very difficult

How NISCC works Critical National Infrastructure Research and Development. Policy Response Outreach Threat Assessment

How does NISCC work? Investigation and Assessment Critical National Infrastructure Research and Development. Policy Response Outreach

Investigating and Assessing the Threat Making best use of technical, human and open sources to investigate.Making best use of technical, human and open sources to investigate. Analysis and assessment.Analysis and assessment. Reports and specific threat assessments.Reports and specific threat assessments. Disruptions.Disruptions.

How does NISCC work? Outreach Investigation and Assessment Critical National Infrastructure Research and Development. Policy Response

Outreach Promoting Protection and Assurance: Dialogue with all CNI sectorsDialogue with all CNI sectors Facilitating information exchangesFacilitating information exchanges Tailored reportsTailored reports

How does NISCC work? Response Critical National Infrastructure Research and Development. Policy Outreach Investigation and Assessment

Response Briefings and alerts via UNIRASBriefings and alerts via UNIRAS Responsible disclosure of vulnerabilitiesResponsible disclosure of vulnerabilities Assistance with recovery from direct attacksAssistance with recovery from direct attacks

 NISCC Monthly Bulletin of significant eA activity  NISCC Quarterly Review has broader articles on CIP issues  NISCC Briefings address topics of current concern  UNIRAS Alerts highlight vulnerabilities to be fixed now!  UNIRAS Briefings inform on emerging technical issues  UNIRAS Technical Notes provide detailed advice  Details at or or NISCC Products

Outreach products NISCC reporting: Threat assessments for specific CNI companies;Threat assessments for specific CNI companies; UNIRAS (UK CERT) distribution to the CNI;UNIRAS (UK CERT) distribution to the CNI; Presentations to Seminars, Forums & Associations;Presentations to Seminars, Forums & Associations; WARPs, Information Exchanges;WARPs, Information Exchanges; CNI Assurance Reports.CNI Assurance Reports. NISCC Assurance Report for National Infrastructure plc September 2003

Protecting the CNI BCS ELITE 9 June Mick Morgan Head of Response