cyber response to insider threats 3.1

18
Cyber Security in Real-Time Systems CSIRS David Spinks CSIRS Cyber Security in Real-Time Systems Advanced Attacks and Role of Insiders

Upload: david-spinks

Post on 08-May-2015

66 views

Category:

Technology


1 download

TRANSCRIPT

Page 1: Cyber response to insider threats 3.1

Cyber Security in Real-Time Systems

CSIRS

David Spinks

CSIRS

Cyber Security in Real-Time Systems

Advanced Attacks and Role of Insiders

Page 2: Cyber response to insider threats 3.1

70% of all breaches are discovered by external 3rd parties!

Page 3: Cyber response to insider threats 3.1

Why me?Worked in process control and ICS environments for about 24 years then moved

into Information Security Risk Management for last 20 years.

My first job in 1970

Glaxo (now GSK) –Animal Rights 10 years

Page 4: Cyber response to insider threats 3.1

Sizewell B Software Emergency

Shut Down code validation

Why me?

UK AEA then AEA Technology plc 10 years

Safety Risk Management SRD

Page 5: Cyber response to insider threats 3.1

Cyber Security in Real Time Systems?

Linkedin CSIRS : http://www.linkedin.com/groups/Cyber-Security-in-RealTime-Systems-3623430

Safety Critical and Safety Related Systems

Mission and Business Critical systems

Critical National Infrastructure (CNI)

Systems in Energy, Oil and Gas

Regulated systems in Financial Industry such as E-banking and Point-of-Sale (POS)

SCADA and PLC in large-scale manufacturing

Systems supporting Defence and Law Enforcement

Health and Pharmaceutical Systems Aviation and Transport Systems

Page 6: Cyber response to insider threats 3.1

https://www.cert.org/insider-threat/

http://www.cpni.gov.uk/advice/Personnel-security1/Insider-threats/

Best Practice ResearchUS DoD

UK MoD

Page 7: Cyber response to insider threats 3.1

Types of Insider Threat

Unauthorised disclosure

of sensitive information

Process corruption

Facilitation of third party

access to assets

Physical, Logical and Sabotage

APT

Social

Engineering

Malware

Page 8: Cyber response to insider threats 3.1

Motive

Page 9: Cyber response to insider threats 3.1

Cert Cases

Page 10: Cyber response to insider threats 3.1
Page 11: Cyber response to insider threats 3.1

Who is a possible Insider Threat?

Disgruntled employees Passed over for salary increase or

promotion

Former employees - fired from the company, holds animosity to

company or personnel

Addictions – Drugs, Alcohol or Gambling

Gullible to Social engineers or Coercion or Blackmail

Page 12: Cyber response to insider threats 3.1

Top 3 Insider Threat Mitigation Steps

Page 13: Cyber response to insider threats 3.1

Role Based Access Controls – Segregated Access

Page 14: Cyber response to insider threats 3.1

You will be caught deterrent

Physical access logs Phone access logs Email and Internet Access

We are monitoring and make sure all staff know

reports are examined and action will be taken

Page 15: Cyber response to insider threats 3.1

Embedding Security within Corporate Culture

Care, Compassion and Consideration

Primary defence

social engineering

Page 16: Cyber response to insider threats 3.1

Finally what is certain

Threats

Losses

Sophistication

Page 17: Cyber response to insider threats 3.1

Final thought

Page 18: Cyber response to insider threats 3.1

CSIRS

Cyber Security in Real-Time Systems

[email protected]