Presentation is loading. Please wait.

Presentation is loading. Please wait.

Dennis Denham Ssempereza - CISA, CISM , CRISC

Published byAmi Page Modified over 6 years ago

Similar presentations

Presentation on theme: "Dennis Denham Ssempereza - CISA, CISM , CRISC"— Presentation transcript:

1 Dennis Denham Ssempereza - CISA, CISM , CRISC
Critical Infrastructure Analysis and Protection - A Case for Secure Information Exchange Dennis Denham Ssempereza - CISA, CISM , CRISC August 16, 2016 

2 About me ! Involved in Risk Management and Security Implementation Consultancy Security Strategist - Cipher Solutions Cipher Solutions

3 Topic of Discussion Critical National Infrastructure and Key Resource Analysis and Protection Supervisory Control and Data Acquistion(SCADA) Secure Information Exchange National Response Framework

4 Digital Trends Society is increasingly dependent on digital systems that are highly complex and often based on trust Gigabit connectivity will offer new possibilities for everyone including criminals. Impact: Increased exposure to attacks and disruption to critical business systems. This has proven to be an unreliable method of operating systems that are integral to the global economy.

5 Acronyms CNI: Critical National Infrastructure KR: Key Resources NISF: National Information Security Framework

6 Protected Systems

7 CNI in Uganda Telecommunications Energy oil and gas, electric power
Environment water, air, waste Banking and Finance Transportation roads, dams, airports, railway lines, shipping, postal Healthcare and public health Emergency Services Continuity of Government Immigrations, customs, law enforcement, justice Agriculture and food

8 KEY RESOURCES Publicly or privately controlled resources
Essential to minimal operation of the economy and the government “ Key resources are publicly or privately controlled resources essential to minimal operation of the economy and the government”

9 CNI Protection The NISF provides a strategic context for CNI protection / resilience Dynamic threat environment Natural Disasters Terrorists Accidents Cyber Attacks A complex problem, requiring a national plan and organizing framework Multi sector environment, all different, ranging from asset-focused to systems and networks 80% privately owned 20% in State owned

10 Aspects of CNI Protection
Assessment Preparedness Prevention Response Recovery Detection Communication Coordination of outages

11 Rapidly Evolving Threat Landscape
M O T I V A T I O N S O P H I S T I C A T I O N National Security, Economic Espionage Notoriety, Activism, Defamation Hacktivists Islamic Ghosts Team, Anonymous Monetary Gain Organized crime Zeus, Ransom ware Nuisance, Curiosity Insiders, Spammers, Script-kiddies Nigerian 419 Scams Nation-state actors Stuxnet, Titan Rain, Estonia

12 Other Incidents UKRAINE , 2015
Phishing containing a malware-rigged attachment. Word Documents and Excel spreadsheets-dropped BlackEnergy3 malware people without electricity for several hours The Northeast (U.S.) blackout : 11 deaths and an estimated $6 billion in economic damages, having disrupted power over a wide area for at least two days Back Home : Banks and other financial institutions have been victims of cyber attacks and in the process losing millions of shillings. UKRAINE , 2015

13 SCADA SYSTEM SCADA main feature of most Critical infrastructures
Relies on a variety of sensors strategically placed along the network(Sensors may sense pressure, temperature, flow rates, and voltages. ) RTU are field elements of the SCADA The state of all RTUs is stored in the database and viewed through an OCC operator user interface—typically computer monitors, big-screen displays, and switches and dials mounted on a wall.

14 TYPICAL SCADA SYSTEM

15 Where is the Weakness ? Skills and Competence Gap
Lack of awareness of cyber-threats and Threat Intelligence Absence of a meaningful public-private sector cyber security partnership Inadequate Incident Management Capabilities Legal Measures.

16 Secure Information Sharing
As a minimum requirement from NISF , organizations must: Identify and record risks involving external parties; Create information exchange policies and procedures; Use formal exchange agreements such as codes of connection and memoranda of understanding; Assess compliance of exchange partners at least annually or when required; and, Disconnect/end sharing with non-compliant entities.

17 Theat Information Exchange
Sharing situational awareness information Inter Government information exchange Making information open to the public and receiving data from the public CNI providers sharing key management data from the process control systems

18 Sharing is Caring !! EWI Information Sharing Community portal formed - US ICS CERT Initiative DHS - Cyber Information Sharing and Collaboration Program (CISCP) (FBI) - Infraguard

19 Sharing is Caring !! NITA CERT – formed 2014 - Key cybersecurity hub
UCC CERT – formed 2013 - Communication Sector based Police Cybercrime Unit - formed 2015 - Set up to prevent and investigate IT crime conducted online

20 Way Foward Strengthened cyber security and more knowledge Uganda as a strong International Partner Strong investigation and high level of information Robust infrastructure in the energy and telecommunications sectors

21

Download ppt "Dennis Denham Ssempereza - CISA, CISM , CRISC"

Similar presentations

Philippine Cybercrime Efforts

Philippine Cybercrime Efforts
UNCLASSIFIED Cybercrime: The Australian Experience Australian Cybercrime Online Reporting Network (ACORN) Conference Assistant Commissioner Tim Morris.

UNCLASSIFIED Cybercrime: The Australian Experience Australian Cybercrime Online Reporting Network (ACORN) Conference Assistant Commissioner Tim Morris.
Facilitating a Dialog between the NSDI and Utility Companies J. Peter Gomez Manager, Information Requirements, Xcel Energy.

Facilitating a Dialog between the NSDI and Utility Companies J. Peter Gomez Manager, Information Requirements, Xcel Energy.
National Infrastructure Protection Plan

National Infrastructure Protection Plan
DHS, National Cyber Security Division Overview

DHS, National Cyber Security Division Overview
National Space-Based Positioning, Navigation, and Timing (PNT) Federal Advisory Board DHS Challenges & Opportunities Captain Curtis Dubay, P.E. Department.

National Space-Based Positioning, Navigation, and Timing (PNT) Federal Advisory Board DHS Challenges & Opportunities Captain Curtis Dubay, P.E. Department.
Global Cyber Security Capacity Maturity Model - CMM WSIS Forum 2015 – Geneva Dr Maria Bada 25/05/2015.

Global Cyber Security Capacity Maturity Model - CMM WSIS Forum 2015 – Geneva Dr Maria Bada 25/05/2015.
A project under the 7th Framework Programme CPS Workshop Stockholm 12/04/2010 Gunnar Björkman Project Coordinator A Security Project for the Protection.

A project under the 7th Framework Programme CPS Workshop Stockholm 12/04/2010 Gunnar Björkman Project Coordinator A Security Project for the Protection.
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.

Resiliency Rules: 7 Steps for Critical Infrastructure Protection.
Created by Curt Harrell & Jesse Kuzy for THE DEPARTMENT OF HOMELAND SECURITY.

Created by Curt Harrell & Jesse Kuzy for THE DEPARTMENT OF HOMELAND SECURITY.
Isdefe ISXXXX-090000-1XX 5.10.2010 Your best ally Panel: Future scenarios for European critical infrastructures protection Carlos Martí Sempere. Essen.

Isdefe ISXXXX XX Your best ally Panel: Future scenarios for European critical infrastructures protection Carlos Martí Sempere. Essen.
1 Information System Security Assurance Architecture A Proposed IEEE Standard for Managing Enterprise Risk February 7, 2005 Dr. Ron Ross Computer Security.

1 Information System Security Assurance Architecture A Proposed IEEE Standard for Managing Enterprise Risk February 7, 2005 Dr. Ron Ross Computer Security.
BOTSWANA NATIONAL CYBER SECURITY STRATEGY PROJECT

BOTSWANA NATIONAL CYBER SECURITY STRATEGY PROJECT
Introduction to the National Cybersecurity & Communications Integration Center (NCCIC) “A Partnership for Strength” 1.

Introduction to the National Cybersecurity & Communications Integration Center (NCCIC) “A Partnership for Strength” 1.
Critical Infrastructure Protection Overview Building a safer, more secure, more resilient America The National Infrastructure Protection Plan, released.

Critical Infrastructure Protection Overview Building a safer, more secure, more resilient America The National Infrastructure Protection Plan, released.
Australia Cybercrime Capacity Building Conference 27-28 April 2010 Brunei Darussalam Ms Marcella Hawkes Director, Cyber Security Policy Australian Government.

Australia Cybercrime Capacity Building Conference April 2010 Brunei Darussalam Ms Marcella Hawkes Director, Cyber Security Policy Australian Government.
Jerry Cochran Principal Security Strategist Trustworthy Computing Group Microsoft Corporation.

Jerry Cochran Principal Security Strategist Trustworthy Computing Group Microsoft Corporation.
Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.

Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.
Governor’s Office of Homeland Security & Emergency Preparedness LOUISIANA BANKERS ASSOCIATION 2010 Louisiana Emergency Preparedness Coalition Meetings.

Governor’s Office of Homeland Security & Emergency Preparedness LOUISIANA BANKERS ASSOCIATION 2010 Louisiana Emergency Preparedness Coalition Meetings.
What is “national security”?  No longer defined only by threat of arms  It really is the economy  Infrastructure not controlled by the government.

What is “national security”?  No longer defined only by threat of arms  It really is the economy  Infrastructure not controlled by the government.

Similar presentations

Ads by Google