cyber response to insider threats 3.1
TRANSCRIPT
Cyber Security in Real-Time Systems
CSIRS
David Spinks
CSIRS
Cyber Security in Real-Time Systems
Advanced Attacks and Role of Insiders
70% of all breaches are discovered by external 3rd parties!
Why me?Worked in process control and ICS environments for about 24 years then moved
into Information Security Risk Management for last 20 years.
My first job in 1970
Glaxo (now GSK) –Animal Rights 10 years
Sizewell B Software Emergency
Shut Down code validation
Why me?
UK AEA then AEA Technology plc 10 years
Safety Risk Management SRD
Cyber Security in Real Time Systems?
Linkedin CSIRS : http://www.linkedin.com/groups/Cyber-Security-in-RealTime-Systems-3623430
Safety Critical and Safety Related Systems
Mission and Business Critical systems
Critical National Infrastructure (CNI)
Systems in Energy, Oil and Gas
Regulated systems in Financial Industry such as E-banking and Point-of-Sale (POS)
SCADA and PLC in large-scale manufacturing
Systems supporting Defence and Law Enforcement
Health and Pharmaceutical Systems Aviation and Transport Systems
https://www.cert.org/insider-threat/
http://www.cpni.gov.uk/advice/Personnel-security1/Insider-threats/
Best Practice ResearchUS DoD
UK MoD
Types of Insider Threat
Unauthorised disclosure
of sensitive information
Process corruption
Facilitation of third party
access to assets
Physical, Logical and Sabotage
APT
Social
Engineering
Malware
Motive
Cert Cases
Who is a possible Insider Threat?
Disgruntled employees Passed over for salary increase or
promotion
Former employees - fired from the company, holds animosity to
company or personnel
Addictions – Drugs, Alcohol or Gambling
Gullible to Social engineers or Coercion or Blackmail
Top 3 Insider Threat Mitigation Steps
Role Based Access Controls – Segregated Access
You will be caught deterrent
Physical access logs Phone access logs Email and Internet Access
We are monitoring and make sure all staff know
reports are examined and action will be taken
Embedding Security within Corporate Culture
Care, Compassion and Consideration
Primary defence
social engineering
Finally what is certain
Threats
Losses
Sophistication
Final thought