Download presentation
Presentation is loading. Please wait.
Published byAldous McDaniel Modified over 9 years ago
1
Protecting the CNI BCS ELITE 9 June 2005 Mick Morgan Head of Response
2
Overview What is NISCC?What is NISCC? What is the CNI?What is the CNI? What is the threat?What is the threat? How does NISCC work?How does NISCC work? NISCC products and servicesNISCC products and services
3
What is NISCC ? NISCC is an inter-departmental centre which co-ordinates activity across a range of organisations. Each organisation contributes resources and expertise to NISCC’s programme of work according to what value it can add. NISCC’s aim is to minimise the risk to the Critical National Infrastructure (CNI) from electronic attack (eA).
4
Security ~ Police ~ MI5 ~ CESG Defence ~ MOD ~ DSTL contribute to Civil Government ~ Home Office ~ Trade & Industry ~ Cabinet Office An Interdepartmental Centre
5
What is the CNI? Those parts of the United Kingdom’s infrastructure for which continuity is so important to national life that loss, significant interruption or degradation of service would have life-threatening, serious economic or other grave social consequences for the community, or would otherwise be of immediate concern to the Government.
6
The CNI Sectors TelecommunicationsTelecommunications EnergyEnergy FinanceFinance Government & Public ServicesGovernment & Public Services Water and SewerageWater and Sewerage Health ServicesHealth Services Emergency ServicesEmergency Services TransportTransport HazardsHazards FoodFood
7
The Threat
8
“The use of computers to gain unauthorised access to the data or control software of computer-based systems in order to acquire or corrupt data or disrupt the functioning of systems.” January 2002 Electronic attack (eA) : What is it?
9
Two types of eA Untargeted attacks: Indiscriminate attacks affecting availability & many targets Examples: Worms, viruses Profile: High Impact: Short term high Targeted attacks: These focus on a particular target address Examples: Hacking attacks, e-mail Trojan attacks Profile: Generally low Impact: Can be high & long term
10
1. 1.Greater exploitation of richness of software & speed of wired/wireless networks 2. 2.Growing online markets in malicious software & stolen information 3. 3.Impact of globalisation eg data ‘offshoring’ & outsourcing of system procurement, services & maintenance 4. 4.Developing eA capabilities of terrorists 5. 5.Concerns about sophisticated eAs: Difficult to detect; may be impossible to mitigate 2005+: Emerging threat themes
11
Exploiting a rich environment Malicious code seeks to infect ‘fast & furiously’; attackers take control; victims become future ‘seeders’ … More data available on-line … more stealing … exploiting opportunities in feature-rich software Attack infrastructure development: Networks of ‘botnets’ can be easily controlled for DDoS, spam, data egress etc … 1000s of ‘zombies’ out there! Underpinned by growth & increased speed of broadband & mobile networks
12
Exploiting Broadband - Botnets A roBOT NETwork or ‘botnet’ is a network of compromised computers controlled by a client, a ‘botherder’ that issues commands via control or master servers Command & control was Internet Relay Chat (IRC) but now can be any real time protocol inc Instant Messaging (IM) The nodes of the ‘botnet’ (compromised PCs often called drones or zombies) are used to: Compromise other computers Flood targets (DDoS) Propagate spam email Sniffing, keylogging, mass id theft Egress data … DIY: Much bot source code is available on the Internet Rent: Nets of 10-50,000+ attack zombies available …
13
The growing online marketplace ‘Goodbye kudos, hello $$££ … roubles?!’ Exploits for £££ … not for fun! Markets for: botnets: Just name your price & target! malware: ‘zero-day’ exploits for purchase by all! harvested info: CC nos, bank details, ids, passwords processing time: on other people’s PCs! Researchers motivated to discover more vulnerabilities Faster ‘flash to bang’ times
14
Impact of globalisation Global market brings advantages.. & risks Profits linked to globalisation BUT … Equipment purchased overseas might have additional vulnerabilities; manufacturers might be subject to political pressure Installation, maintenance & upgrade services provided from overseas are exploitable Outsourcing services & offshoring data to foreign companies brings hard to manage risks: monitoring contracts is very difficult
15
How NISCC works Critical National Infrastructure Research and Development. Policy Response Outreach Threat Assessment
16
How does NISCC work? Investigation and Assessment Critical National Infrastructure Research and Development. Policy Response Outreach
17
Investigating and Assessing the Threat Making best use of technical, human and open sources to investigate.Making best use of technical, human and open sources to investigate. Analysis and assessment.Analysis and assessment. Reports and specific threat assessments.Reports and specific threat assessments. Disruptions.Disruptions.
18
How does NISCC work? Outreach Investigation and Assessment Critical National Infrastructure Research and Development. Policy Response
19
Outreach Promoting Protection and Assurance: Dialogue with all CNI sectorsDialogue with all CNI sectors Facilitating information exchangesFacilitating information exchanges Tailored reportsTailored reports
20
How does NISCC work? Response Critical National Infrastructure Research and Development. Policy Outreach Investigation and Assessment
21
Response Briefings and alerts via UNIRASBriefings and alerts via UNIRAS Responsible disclosure of vulnerabilitiesResponsible disclosure of vulnerabilities Assistance with recovery from direct attacksAssistance with recovery from direct attacks
22
NISCC Monthly Bulletin of significant eA activity NISCC Quarterly Review has broader articles on CIP issues NISCC Briefings address topics of current concern UNIRAS Alerts highlight vulnerabilities to be fixed now! UNIRAS Briefings inform on emerging technical issues UNIRAS Technical Notes provide detailed advice Details at www.niscc.gov.uk or www.uniras.gov.uk or e-mail enquiries@niscc.gov.uk NISCC Products
23
Outreach products NISCC reporting: Threat assessments for specific CNI companies;Threat assessments for specific CNI companies; UNIRAS (UK CERT) distribution to the CNI;UNIRAS (UK CERT) distribution to the CNI; Presentations to Seminars, Forums & Associations;Presentations to Seminars, Forums & Associations; WARPs, Information Exchanges;WARPs, Information Exchanges; CNI Assurance Reports.CNI Assurance Reports. NISCC Assurance Report for National Infrastructure plc September 2003
24
Protecting the CNI BCS ELITE 9 June 2005 www.niscc.gov.uk Mick Morgan Head of Response
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.