Presentation is loading. Please wait.

Presentation is loading. Please wait.

TÜBİTAK – BİLGEM – SGE Cyber Security Institute

Published byMark Webster Modified over 8 years ago

Similar presentations

Presentation on theme: "TÜBİTAK – BİLGEM – SGE Cyber Security Institute"— Presentation transcript:

1 TÜBİTAK – BİLGEM – SGE Cyber Security Institute
Asım Gençer Gökce TÜBİTAK BİLGEM Cyber Security Institute (SGE) Role: Cyber Security Services Unit Manager/Project Manager Targeted Call (CIP Session): CIP : Prevention, detection, response and mitigation of the combination of physical and cyber threats to the critical infrastructure of Europe Disclaimer: with the submission of this presentation the consent is given by its author for the organisers to distribute the presentation. SMIG January 2016

2 TÜBİTAK – BİLGEM – SGE Previous / on going projects
National Critical Infrastructure, Asset and Facility Determination, Risk Assessment and Prioritization Project (2015-…) (funded by the Republic of Turkey, Prime Ministry, Disaster & Emergency Management Authority) National Critical Infrastructure Information Systems Protection Project ( ) (funded by the Republic of Turkey, Ministry of Development) Projects funded under European Commission FP7 Managing Threats And Vulnerabilities in the Future Internet (SYSSEC) Project ( ) Cloud For Europe (C4E) Project (2013-…) Penetration Testing and Security Assessment for critical public sector organizations, financial institutions, etc. ISO Consultancy for critical sector institutions such as the Turkish Atomic Energy Agency. SMIG January 2016 - National Critical Infrastructure, Asset and Facility Determination, Risk Assessment and Prioritization Project (2015-…) General sector assessment in regards to the critical infrastructures Interviews with each sector facilities/Corporation Determination of critical assets in each sectors Prioritization of critical assets Critical infrastructure assessment (critical infrastructure security assessment metodology) and Critical Sector Assessment Report Analysis of Energy (Electric, Petrol, Natural Gas, Solid Fuel), Transport (Maritime Lines, Airways, Highways, Railways), Water Managements and Dams, Communication, Banking and Finance, Agriculture and Food, Culture and Turism, Critical Production/Trading Facilities, Health, Critical Public Services - National Critical Infrastructure Information Systems Protection ( ) Risk Analysis methodology formulation. Penetration tests and audits of critical sectors Analysis of Energy, Communication, Water and Wastewater, Government Facilities sectors “ Information Systems Security ” regulaion development for energy sector Minimum Security Precautions guideline. - Advanced Persistent Threat Analysis ( ) (funded by Republic of Turkey Ministry of Transport, Maritime Affairs and Communications) Objectives of this project is threefold. First objective is developing custom tools and systems for aiding APT analysis tasks in areas including computer and network forensics, as well as malware analysis. Second objective is preparing and publishing analysis documents for guiding agencies on APT analysis. Third and most important objective is conducting on site APT analyses in critical governmental agencies, a total of 21 top agencies, and sharing the findings with a confidential analysis report. Project has 6 phases, each for 6 months. After every 2 phases, new versions of the tools and documents are published, therefore it is aimed to improve and enhance them after gaining more experience with ongoing APT analyses in agencies." - Projects funded under European Comission FP7 - Managing Threats And Vulnerabilities in the Future Internet (SYSSEC) ( ) Network of Excellence Increase cooperation between universities in EU Specification of future cyber threats Malware map of Türkiye - Cloud For Europe (C4E) Project (2013-…) Contribution to cloud deployment in public sector Requirements for government clouds Scenarios for government clouds Procedures for cloud service procurement - Penetration Testing and Security Assessment Custom testing methodology 15 different test categories; DDoS, Social Engineering, External Tests, Web Application, Mobile Application,… Expert personnel Automatic reporting Systems hardening support Industry specific reports and analysis (like Banking)

3 TÜBİTAK – BİLGEM – SGE Potential partnership activity
CIP : Prevention, detection, response and mitigation of the combination of physical and cyber threats to the critical infrastructure of Europe Critical infrastructure assessment methodology, risk analysis methodology formulation, Analysis of Critical Sectors Security audit checklist development of ICT components in the Industrial Control Systems (ICS). Vulnerability assessment methodology development of ICSs. Penetration testing methodology development of web and desktop applications of ICSs. Determination of fuzzing and reverse engineering methods for ICSs. Firmware analysis methodology development for ICSs components. Remote Terminal Unit (RTU) security audits and penetrations testing. ICSs network security and protocol security formulation. Hardware security testing method formulation for DCSs (Distributed Control Systems), and PLCs (Programmable Logic Controllers). SMIG January 2016 Analysis of Critical Sectors Energy (Electric, Petrol, Natural Gas, Solid Fuel), Transport (Maritime Lines, Airways, Highways, Railways), Water Managements and Dams, Communication, Banking and Finance, Agriculture and Food, Culture and Turism, Critical Production/Trading Facilities, Health, Critical Public Services

Download ppt "TÜBİTAK – BİLGEM – SGE Cyber Security Institute"

Similar presentations

Strengthening innovation in chemical clusters

Strengthening innovation in chemical clusters
Department of Homeland Security Site Assistance Visit (SAV)

Department of Homeland Security Site Assistance Visit (SAV)
David A. Brown Chief Information Security Officer State of Ohio

David A. Brown Chief Information Security Officer State of Ohio
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Fiscal Year 2008 Urban Areas Security Initiative Nonprofit Security Grant Program Investment Justification Questions, Criteria, and Prioritization Methodology.

Fiscal Year 2008 Urban Areas Security Initiative Nonprofit Security Grant Program Investment Justification Questions, Criteria, and Prioritization Methodology.
National Disaster Risk Management Program NDRMP Belgrade, March 4 2015.

National Disaster Risk Management Program NDRMP Belgrade, March
S5-1 © 2001 Carnegie Mellon University OCTAVE SM Process 5 Identify Key Components Software Engineering Institute Carnegie Mellon University Pittsburgh,

S5-1 © 2001 Carnegie Mellon University OCTAVE SM Process 5 Identify Key Components Software Engineering Institute Carnegie Mellon University Pittsburgh,
Risk Management Strategies in an Uncertain World April 12-13, 2002 Objectives of Roundtable Agenda for Roundtable.

Risk Management Strategies in an Uncertain World April 12-13, 2002 Objectives of Roundtable Agenda for Roundtable.
(Geneva, Switzerland, September 2014)

(Geneva, Switzerland, September 2014)
Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.

Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.
Comptroller of the Currency Administrator of National Banks E- Security Risk Mitigation: A Supervisor’s Perspective Global Dialogue World Bank Group September.

Comptroller of the Currency Administrator of National Banks E- Security Risk Mitigation: A Supervisor’s Perspective Global Dialogue World Bank Group September.
K E M A, I N C. Current Status of Cyber Security Issues 2004 Keynote Address Joe Weiss January 20, 2004.

K E M A, I N C. Current Status of Cyber Security Issues 2004 Keynote Address Joe Weiss January 20, 2004.
ICT 7: Advanced cloud infrastructures and services ICT 8: Boosting public sector productivity and innovation through cloud computing services Jorge GASOS.

ICT 7: Advanced cloud infrastructures and services ICT 8: Boosting public sector productivity and innovation through cloud computing services Jorge GASOS.
Critical Information Infrastructure Protection: Urgent vs. Important Miguel Correia 2012 Workshop on Cyber Security and Global Affairs and Global Security.

Critical Information Infrastructure Protection: Urgent vs. Important Miguel Correia 2012 Workshop on Cyber Security and Global Affairs and Global Security.
Securing Information Systems

Securing Information Systems
Giandonato CAGGIANO ENISA MANAGEMENT BOARD REPRESENTATIVE LEGAL ADVISER ON EUROPEAN AFFAIRS OF THE MINISTRY OF COMMUNICATIONS U. OF ROMA TRE LAW FACULTY.

Giandonato CAGGIANO ENISA MANAGEMENT BOARD REPRESENTATIVE LEGAL ADVISER ON EUROPEAN AFFAIRS OF THE MINISTRY OF COMMUNICATIONS U. OF ROMA TRE LAW FACULTY.
 Jonathan Trull, Deputy State Auditor, Colorado Office of the State Auditor  Travis Schack, Colorado’s Information Security Officer  Chris Ingram,

 Jonathan Trull, Deputy State Auditor, Colorado Office of the State Auditor  Travis Schack, Colorado’s Information Security Officer  Chris Ingram,
Lessons Learned in Smart Grid Cyber Security

Lessons Learned in Smart Grid Cyber Security
Isdefe ISXXXX-090000-1XX 5.10.2010 Your best ally Panel: Future scenarios for European critical infrastructures protection Carlos Martí Sempere. Essen.

Isdefe ISXXXX XX Your best ally Panel: Future scenarios for European critical infrastructures protection Carlos Martí Sempere. Essen.
SECURE –FORCE Project Christodoulos Keratidis Atlantis Consulting S.A. 1 st SEE-INNOVATION Know How Event Skopje, 14-15 December 2006.

SECURE –FORCE Project Christodoulos Keratidis Atlantis Consulting S.A. 1 st SEE-INNOVATION Know How Event Skopje, December 2006.

Similar presentations

Ads by Google