Presentation is loading. Please wait.

Presentation is loading. Please wait.

Module 11 Trends.

Published byОльга Жемайлова Modified over 5 years ago

Similar presentations

Presentation on theme: "Module 11 Trends."— Presentation transcript:

1 Module 11 Trends

2 Lesson Objectives Identify emerging trends and demonstrate an understanding of emerging technologies. Understand the Internet of Things (IoT) and how it expands the cyber “attack surface.” Be able to make educated predictions of what the future might look like for the cybersecurity critical infrastructure framework. Discuss ethical issues that can arise in relation to new technology and new defense strategies.

3 Critical Infrastructure Threat Trends
Attacks on critical infrastructure systems continue to evolve and multiply. These include: Increased number of data integrity attacks Multiple Advanced Persistent Threat (APT) actors on the system Compromised infrastructure Many are covertly communicating data to embargoed countries Increased use of social engineering Growing attack surface with the Internet of Things (IoT)

4 Data Integrity Attacks
"If you take a controlled system like the power grid or water system that involves machinery that's operated by computers and make some change in the operational instructions for that equipment, that can lead to some catastrophic results — power outages or changes in chemical balance.“ —Eddie Schwartz, international vice president, ISACA Rather than be satisfied with denial-of-service attacks that make the system unavailable, attackers will increasingly launch attacks that include modification of machine instructions or data sets that cause equipment to act on skewed data. From the NSTAC IoT Report to the President: “These systems also include any adaptive behaviors exhibited by the objects, either through pre-programmed or machine learning algorithms. Although these are automated behaviors, the fact that their functions can be reconfigured based on machine learning algorithms introduces a certain level of unpredictability. “ Citation: President’s National Security Telecommunications Advisory Committee. (2014). “Report to the President on the Internet of Things – Draft. Retrieved from:

5 Multiple Advanced Persistent Threats
An advanced persistent threat (APT) is a network attack in which an attacker gains unauthorized access and remains for a long period of time, undetected. Agencies are seeing multiple attackers on networks, sometimes warring with each other for dominance over the compromised system. This has given rise to research efforts to develop operating systems that can securely continue to operate, even with the presence of APTs on the network.

6 Compromised Infrastructure
Critical infrastructure systems will be compromised and used to launch attacks against other systems. This is facilitated, in part, by the lack of security hardening on sensors and devices. In many cases, these devices and systems have been found to have default passwords or vulnerable legacy software in use. In some cases, systems are covertly communicating data, some of which is even encrypted, to embargoed countries. Increased use of social engineering Growing attack surface with the Internet of Things – Machine-to-Machine devices present a large attack surface for exploitation.

7 Increased Use of Social Engineering
People will continue to be “the weak link” in the security chain. Historically, as systems become hardened, making them more difficult to hack into through system vulnerabilities, attacks against personnel in the workforce increase. Spear-phishing attacks contributed to a significant number of attacks against the manufacturing sector in 2015, according to ICS-CERT.

8 Growing Attack Surface with the “Internet of Things”
IoT expands the attack surface and diversifies threat types with billions of connected devices. Secure and insecure locations Security may or may not be built in Not IT – but usually connected to the network New bleeding-edge protocols and technologies in use The small nature of the devices leave many vulnerable to attack Billions of connected devices – The IoT contains billions of devices and sensors that collect and distribute information. Most of these are in public and other insecure locations. Gartner forecasts that more than 20 billion devices will be in use worldwide by ( However, others estimate that as many as 50 billion IoT devices will be in use by (NSTAC Report to the President). The scale of deployment is larger than any seen before. Secure and insecure locations – Many of these sensors are located on oil pipelines or on railroad tracks and in other publicly accessible locations in remote locations, making them vulnerable to physical attacks (close-in attacks where the attacker has physical access to the device), as well as to cyber attacks if they are connected to a network to send data. Security may or may not be built in – Manufacturers and implementers of these devices are not as familiar with network threats as those that have worked within traditional cyber fields. As a result, security is sometimes not “baked” into the product when it is designed. Not IT – but usually connected to the network – Again, as with other cyber physical systems (such as HVAC systems), IoT implementers may lack the experience with networking technologies and attacks sufficiently to understand the threats to the network that the sensors present. As an example, a former student once told an instructor that his father installed pipeline sensors, placing a password of an “!” on the sensors. New bleeding-edge protocols and technologies in use – Many new protocols specific to this industry are on the rise. Additionally, these devices often use other vulnerable wireless protocols to communicate data to the controllers. The small nature of the devices leave many vulnerable to attack – Due to the size of the device, these sensors may be unable to support remote firmware updates or encryption for its communications across the network, or be able to support digitally signed (authenticated) pushes of updates. As a result, many systems, even those in smart cars, accept changes to firmware and programmatic code without validating the source.

9 Case Study: IoT Attacks
On October 21, 2016, a Mirai botnet hacked into conneted home devices and launched a distributed denial-of-service attack against Dyn, a large domain name server that took down Twitter, Spotify, Reddit, the NY Times, Pinterest, PayPal, and other major websites, with attacks coming from millions of IP addresses at the same time. October 21, 2016, article on Engadget, “Blame the Internet of Thing’s for today’s web blackout” available at Image source: Conditt, Jessica. (2016). Engadget. “Web Blackout.” via Engadget. Retrieved from © 2017 AOL Inc. All rights reserved. © 2017 AOL Inc. All rights reserved. Conditt, Jessica. (Oct ). Engadget. “Web Blackout.” Retrieved from

10 Case Study 2: IoT Attacks
Mirai is a malicious worm that spreads to connected Internet devices, such as cameras, insecure routers, digital video recorders, etc., by continuously scanning the Internet for these systems, looking for devices that have not changed their factory default passwords. Once compromised, these devices are turned into “bots” that allow an attacker to control them to attack other systems. In September 2016, a massive Mirai attack took down security site KrebsonSecurity, peaking at nearly 620Gbps. In that case, more than 145,000 devices were compromised and used in the attack.

11 Move to “Active Defense”
Traditional incident response processes, while a significant part of an organization’s security program, are reactive in nature. In response to the increase of highly sophisticated attacks and vulnerable attack surfaces, and the rapidity of attacks, organizations and agencies are adopting more proactive measures, known as “active defense.” Active defense takes into consideration threat intelligence information (information about threats that is collected, analyzed, and shared among communities) to rapidly act on threat information.

12 Active Defense Components
An active defense relies on the following components: Identification of mission-critical assets and systems that will be targets of attack Identification of “threat actors,” or those who would be most likely to attack these assets Knowledge of attacker tactics, techniques, and procedures (TTPs), identifying the methods that would be used by the attacker to attack the asset Using this knowledge, the organization can take steps to fortify (harden) the assets, increasing monitoring for anomalous events at vulnerable assets, installing additional security devices, such as firewalls, Intrusion Prevention Systems, or honeypots (the installation of fake servers designed to deceive or redirect attacker activities). While not entirely in scope of this introduction to the active defense concept, a good reference to use is Lockheed-Martin’s “Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains.” Focused principally on how to target and engage adversaries by understanding how they will attack, this paper describes the approaches that can be taken to defend the assets. The document is available for download from the National CyberWatch Center website, URL

13 Ethical Issues Ethical and privacy issues are arising on a daily basis with critical infrastructure protection. Some of these issues include: The use of unmanned aerial vehicles (UAVs, or drones) to monitor critical infrastructure assets, such as oil pipelines, bridges, or power lines. This technology could be abused to spy on individuals, collecting unauthorized data. (Infosec Institute, 2014) Existing data privacy standards do not translate well into IoT. A Hewlett-Packard study performed in 2014 found that “more than 90 percent of all IoT devices examined collected at least one piece of personal information.” Of these devices, over 70% lacked sufficient authentication to the data on the device, as well as lacked encryption. (NSTAC, 2014) Can you think of other ethical issues associated with different sectors, such as the Financial Services Sector or the Healthcare and Public Health Sector? Infosec Institute. “Privacy and Security Issues for the Usage of Civil Drones.” April 25, Retrieved from Have students review the source document. President’s National Security Telecommunications Advisory Committee. (2014). “Report to the President on the Internet of Things.” Draft. Retrieved from: Additional issues might concern identifiable patient health information collected or with the potential manipulation of financial information.

14 Privacy-by-Design Implement privacy-by-design at project initiation. Privacy-by-design provides standards for: Privatizing, or anonymizing, data at collection so that it is collected anonymously but data can still be aggregated for analysis. NIST has begun a privacy engineering initiative, integrating the Fair Information Practice Principles (FIPPS) to risk management frameworks. This provides an excellent example of government and private sector collaboration to arrive at a solution. (NSTAC, 2014) Citation: President’s National Security Telecommunications Advisory Committee. (2014). “Report to the President on the Internet of Things – Draft. Retrieved from:

15

Download ppt "Module 11 Trends."

Similar presentations

©2014 Bit9. All Rights Reserved The Evolution of Endpoint Security: Detecting and Responding to Malware Across the Kill Chain Mary Ann Fitzsimmons Regional.

©2014 Bit9. All Rights Reserved The Evolution of Endpoint Security: Detecting and Responding to Malware Across the Kill Chain Mary Ann Fitzsimmons Regional.
1 Computer Networks: A Systems Approach, 5e Larry L. Peterson and Bruce S. Davie Chapter 8 Network Security Copyright © 2010, Elsevier Inc. All rights.

1 Computer Networks: A Systems Approach, 5e Larry L. Peterson and Bruce S. Davie Chapter 8 Network Security Copyright © 2010, Elsevier Inc. All rights.
1 No Silver Bullet : Inherent Limitations of Computer Security Technologies Jeffrey W. Humphries Texas A&M University.

1 No Silver Bullet : Inherent Limitations of Computer Security Technologies Jeffrey W. Humphries Texas A&M University.
1 Telstra in Confidence Managing Security for our Mobile Technology.

1 Telstra in Confidence Managing Security for our Mobile Technology.
N ETWORK S ECURITY Presented by: Brent Vignola. M ATERIAL OVERVIEW … Basic security components that exist in all networks Authentication Firewall Intrusion.

N ETWORK S ECURITY Presented by: Brent Vignola. M ATERIAL OVERVIEW … Basic security components that exist in all networks Authentication Firewall Intrusion.
Lecture 11 Reliability and Security in IT infrastructure.

Lecture 11 Reliability and Security in IT infrastructure.
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.

IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.
CYBER CRIME AND SECURITY TRENDS

CYBER CRIME AND SECURITY TRENDS
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Website Hardening HUIT IT Security | Sep 30 2011.

Website Hardening HUIT IT Security | Sep
A project under the 7th Framework Programme CPS Workshop Stockholm 12/04/2010 Gunnar Björkman Project Coordinator A Security Project for the Protection.

A project under the 7th Framework Programme CPS Workshop Stockholm 12/04/2010 Gunnar Björkman Project Coordinator A Security Project for the Protection.
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
Storage Security and Management: Security Framework

Storage Security and Management: Security Framework
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Lessons Learned in Smart Grid Cyber Security

Lessons Learned in Smart Grid Cyber Security
Study Results Advanced Persistent Threat Awareness.

Study Results Advanced Persistent Threat Awareness.
1 Smart Grid Cyber Security Annabelle Lee Senior Cyber Security Strategist Computer Security Division National Institute of Standards and Technology June.

1 Smart Grid Cyber Security Annabelle Lee Senior Cyber Security Strategist Computer Security Division National Institute of Standards and Technology June.
GSHRM Conference Cyber Security Education Shri Cockroft, CISO Piedmont Healthcare, Inc. September 21, 2015.

GSHRM Conference Cyber Security Education Shri Cockroft, CISO Piedmont Healthcare, Inc. September 21, 2015.
Security Innovation & Startup. OPEN THREAT EXCHANGE (OTX): THE HISTORY AND FUTURE OF OPEN THREAT INTELLIGENCE COMMUNITY ALIENVAULT OTX.

Security Innovation & Startup. OPEN THREAT EXCHANGE (OTX): THE HISTORY AND FUTURE OF OPEN THREAT INTELLIGENCE COMMUNITY ALIENVAULT OTX.

Similar presentations

Ads by Google