SlideShare une entreprise Scribd logo

Cyber war scenario what are the defenses

A. V. Rajabahadur
A. V. Rajabahadur

Industrial Control Systems have cyber vulnerabilities. With critical infrastructure industries depending on control systems for their operations, they have become easy targets for cyber criminals interested. No industry or country can ignore these threats. The following advice of the US Department of Homeland Security’s advice to CEOs says it all – “Incorporate cyber risks into existing risk management and governance processes. Cyber Security is NOT implementing a checklist of requirements; rather it is managing cyber risks to an acceptable level. Managing cyber security risk as part of an organization’s governance, risk management, and business continuity frameworks provides the strategic framework for managing cyber security risk throughout the enterprise.”

Technologie
1  sur  18
Télécharger pour lire hors ligne
Cyber war Scenario: What are the Defenses? Rajabahadur V. Arcot RR Concepts Independent Industry Analyst/Columnist and Manufacturing IT Consultant
Disclaimers • I am an Industrial Control System Professional • Stuxnet Episode and Aurora Experiment Spurred me to take interest in ICS Cyber Security Issues and Cyber War Scenario and Possible Defenses “Cyber war, cyber terrorism, and cyber espionage are topics of increasing timeliness, and our nation and its citizens will be ill prepared to deal with these threats if those topics never get any discussion….” so said Joe Sauver, Ph.D. at IT Security Conference, USA
Overview • Structured to create awareness • To spur all stakeholders (interested in providing defenses against cyber attack) to take serious note of the threats and contribute to finding solutions
Cyber War Threat is Real • Cyber weapons are powerful • They can be launched simultaneously from different locations and on multiple targets • They are the least-cost weapons-option and capable of very precisely putting out of service – Essential critical infrastructure industries and services – Conventional offensive and defensive capabilities – Cause panic and confusion
World is Getting Ready
Critical Infrastructure Industries • Power utilities • Water utilities • Communication • Oil and Gas installations • Chemical and Pharmaceutical industries • Transportation • Offensive and defensive capabilities • Others
Operated by Control Systems – PLC, DCS, SCADA - built on IT open platforms BYOD Connected Connected to Internet Networked Innumerable embedded systemsInnumerable end points GPS controlled
Control Systems Connectivity
Typical Critical Infrastructure Control System Architecture
Seeking Defense From Cyber Attack Quotation from CERN (European Council for Nuclear Research) Presentation "Incorporate cyber risks into existing risk management and governance processes. Cyber Security is NOT implementing a checklist of requirements; rather it is managing cyber risks to an acceptable level. Managing cyber security risk as part of an organization’s governance, risk management, and business continuity frameworks provides the strategic framework for managing cyber security risk throughout the enterprise.” US Department of Homeland Security’s advice to CEOs Overview
General • Recognize ICS cyber security challenges are different from ensuring data security • Protecting the enterprise begins with implementing straight forward proper work related systems, such as installing • Passwords, Media Access Control, Software Updates, Virus Scanners, Firewalls, “Data Diode” systems, and such others • Eternal vigilance and the readiness and ability of the enterprise to identify, recover, and nullify the effects of the cyber-attack are key to achieve fair degree of protection • Ability and preparedness to initiate counter measures to recover quickly from the attack are critical Seeking Defense From Cyber Attack
Critical Infrastructure Industries • CII to gain awareness and instill awareness among the workforce • Create an in-house industrial control-system cyber security team • Team to consist of experts in automation & process technologies in addition to experts in information and communication technologies • Team to carry out carry out security audit, vulnerability assessment, and penetration testing, and evolve specific policies & procedures and crisis management program Seeking Defense From Cyber Attack
Critical Infrastructure Industries • The team may seek the support of technology solution providers and competent system integrators / consultants having the appropriate skills in industrial control-system cyber security • Companies, planning to install new control systems, must seek readiness of their potential suppliers to provide safeguards and their plans to ensure adherence to cyber security standards • Build competence in system engineering of ICS and ensure defense through system engineering • Train operators and operating workforce to track anomalous performances Seeking Defense From Cyber Attack
• Build backup infrastructure • Build cyber workforce • Put in place a mechanism to prevent panic and confusion Seeking Defense From Cyber Attack Policy Makers
Seeking Defense From Cyber Attack Policy Makers • Take secrecy veil off electronic warfare • Universities, industries and institutes to plug the gap in knowledge in the sector
Control System Suppliers / IT Technology Suppliers • Until now, automation systems are designed typically to meet the operational including functional safety and business needs • Before Stuxnet, securing the control systems from cyber-threats was not part of the requirement criteria and as such was not on the radar screen of automation companies and standards’ committees • However, the growing recognition that cyber threats are real calls for ensuring secure functioning of the control systems even in the event of cyber-attacks. ICS suppliers must recognize that cyber Security is integral to functional safety • Automation companies may have to go back to their drawing boards to design automation systems that include security as one of the manufacturing industries’ fundamental requirements • Automation suppliers must offer control systems that have strong security features to ensure protection from cyber-attacks and ensure compliance to ISA 99 and other standards Providing Defense From Cyber Attack
• Build competence to carry out security audit, vulnerability assessment, and penetration testing • Industry must come together to develop standards to govern embedded system and product design – Trusted Computing • In all future product development, security should take equal if not precedence over functionality and features • Let us not repeat the Y2K story! Providing Defense From Cyber Attack IT Service Providers
Thanks

Recommandé

Chapter 1 introduction(web security)
Chapter 1 introduction(web security)Chapter 1 introduction(web security)
Chapter 1 introduction(web security)Kirti Ahirrao
 
Computer security
Computer securityComputer security
Computer securityabdulrehman1673
 
Cybersecurity Framework - Introduction
Cybersecurity Framework - IntroductionCybersecurity Framework - Introduction
Cybersecurity Framework - IntroductionMuhammad Akbar Yasin
 
Fundamentals of threats and risk management course, cybersecurity
Fundamentals of threats and risk management course, cybersecurityFundamentals of threats and risk management course, cybersecurity
Fundamentals of threats and risk management course, cybersecurityTonex
 
Cybersecurity 3 cybersecurity costs and causes
Cybersecurity 3 cybersecurity costs and causesCybersecurity 3 cybersecurity costs and causes
Cybersecurity 3 cybersecurity costs and causessommerville-videos
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinarEmpired
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security conceptsG Prachi
 
Lesson 4
Lesson 4Lesson 4
Lesson 4MLG College of Learning, Inc
 

Recommandé

Chapter 1 introduction(web security)
Chapter 1 introduction(web security)Chapter 1 introduction(web security)
Chapter 1 introduction(web security)Kirti Ahirrao
 
Computer security
Computer securityComputer security
Computer securityabdulrehman1673
 
Cybersecurity Framework - Introduction
Cybersecurity Framework - IntroductionCybersecurity Framework - Introduction
Cybersecurity Framework - IntroductionMuhammad Akbar Yasin
 
Fundamentals of threats and risk management course, cybersecurity
Fundamentals of threats and risk management course, cybersecurityFundamentals of threats and risk management course, cybersecurity
Fundamentals of threats and risk management course, cybersecurityTonex
 
Cybersecurity 3 cybersecurity costs and causes
Cybersecurity 3 cybersecurity costs and causesCybersecurity 3 cybersecurity costs and causes
Cybersecurity 3 cybersecurity costs and causessommerville-videos
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinarEmpired
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security conceptsG Prachi
 
Lesson 4
Lesson 4Lesson 4
Lesson 4MLG College of Learning, Inc
 
Lesson 1 - Technical Controls
Lesson 1 - Technical ControlsLesson 1 - Technical Controls
Lesson 1 - Technical ControlsMLG College of Learning, Inc
 
Chapter 12 iso 27001 awareness
Chapter 12 iso 27001 awarenessChapter 12 iso 27001 awareness
Chapter 12 iso 27001 awarenessnewbie2019
 
Cybersecurity Summit 2020 Slide Deck
Cybersecurity Summit 2020 Slide DeckCybersecurity Summit 2020 Slide Deck
Cybersecurity Summit 2020 Slide DeckCimetrics Inc
 
It and-cyber-module-2
It and-cyber-module-2It and-cyber-module-2
It and-cyber-module-2Marneil Sanchez
 
Security technologies
Security technologiesSecurity technologies
Security technologiesDhani Ahmad
 
Lesson 2
Lesson 2Lesson 2
Lesson 2MLG College of Learning, Inc
 
The red book
The red book The red book
The red book habiba Elmasry
 
Using the CGC's Fully Automated Vulnerability Detection Tools in Security Eva...
Using the CGC's Fully Automated Vulnerability Detection Tools in Security Eva...Using the CGC's Fully Automated Vulnerability Detection Tools in Security Eva...
Using the CGC's Fully Automated Vulnerability Detection Tools in Security Eva...Seungjoo Kim
 
Introduction to Cybersecurity Fundamentals
Introduction to Cybersecurity FundamentalsIntroduction to Cybersecurity Fundamentals
Introduction to Cybersecurity FundamentalsToño Herrera
 
ARC's Bob Mick Cyber Security Presentation @ ARC Industry Forum 2010
ARC's Bob Mick Cyber Security Presentation @ ARC Industry Forum 2010ARC's Bob Mick Cyber Security Presentation @ ARC Industry Forum 2010
ARC's Bob Mick Cyber Security Presentation @ ARC Industry Forum 2010ARC Advisory Group
 
Lesson 2
Lesson 2Lesson 2
Lesson 2MLG College of Learning, Inc
 
22 need-for-security
22 need-for-security22 need-for-security
22 need-for-securityAl Balqa Applied University
 
The Future of Cyber Security - Matthew Rosenquist
The Future of Cyber Security - Matthew RosenquistThe Future of Cyber Security - Matthew Rosenquist
The Future of Cyber Security - Matthew RosenquistMatthew Rosenquist
 
Lesson 3
Lesson 3Lesson 3
Lesson 3MLG College of Learning, Inc
 
Lesson 1
Lesson 1Lesson 1
Lesson 1MLG College of Learning, Inc
 
Information Assurance And Security - Chapter 1 - Lesson 3
Information Assurance And Security - Chapter 1 - Lesson 3Information Assurance And Security - Chapter 1 - Lesson 3
Information Assurance And Security - Chapter 1 - Lesson 3MLG College of Learning, Inc
 
MIS: Information Security Management
MIS: Information Security ManagementMIS: Information Security Management
MIS: Information Security ManagementJonathan Coleman
 
ICS Supply Chain Security: Learning from Recent Incidents and Other Sectors
ICS Supply Chain Security: Learning from Recent Incidents and Other SectorsICS Supply Chain Security: Learning from Recent Incidents and Other Sectors
ICS Supply Chain Security: Learning from Recent Incidents and Other SectorsEnergySec
 
Cybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHSCybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHSJohn Gilligan
 
Federal Cybersecurity: The latest challenges, initiatives and best practices
Federal Cybersecurity: The latest challenges, initiatives and best practicesFederal Cybersecurity: The latest challenges, initiatives and best practices
Federal Cybersecurity: The latest challenges, initiatives and best practicesJohn Gilligan
 
Reports on Industrial Control Systems’ Cyber Security
Reports on Industrial Control Systems’ Cyber SecurityReports on Industrial Control Systems’ Cyber Security
Reports on Industrial Control Systems’ Cyber SecurityA. V. Rajabahadur
 
Google versus china the first cyber war
Google versus china the first cyber war Google versus china the first cyber war
Google versus china the first cyber war David Strom
 

Contenu connexe

Tendances

Chapter 12 iso 27001 awareness
Chapter 12 iso 27001 awarenessChapter 12 iso 27001 awareness
Chapter 12 iso 27001 awarenessnewbie2019
 
Cybersecurity Summit 2020 Slide Deck
Cybersecurity Summit 2020 Slide DeckCybersecurity Summit 2020 Slide Deck
Cybersecurity Summit 2020 Slide DeckCimetrics Inc
 
Security technologies
Security technologiesSecurity technologies
Security technologiesDhani Ahmad
 
Using the CGC's Fully Automated Vulnerability Detection Tools in Security Eva...
Using the CGC's Fully Automated Vulnerability Detection Tools in Security Eva...Using the CGC's Fully Automated Vulnerability Detection Tools in Security Eva...
Using the CGC's Fully Automated Vulnerability Detection Tools in Security Eva...Seungjoo Kim
 
Introduction to Cybersecurity Fundamentals
Introduction to Cybersecurity FundamentalsIntroduction to Cybersecurity Fundamentals
Introduction to Cybersecurity FundamentalsToño Herrera
 
ARC's Bob Mick Cyber Security Presentation @ ARC Industry Forum 2010
ARC's Bob Mick Cyber Security Presentation @ ARC Industry Forum 2010ARC's Bob Mick Cyber Security Presentation @ ARC Industry Forum 2010
ARC's Bob Mick Cyber Security Presentation @ ARC Industry Forum 2010ARC Advisory Group
 
The Future of Cyber Security - Matthew Rosenquist
The Future of Cyber Security - Matthew RosenquistThe Future of Cyber Security - Matthew Rosenquist
The Future of Cyber Security - Matthew RosenquistMatthew Rosenquist
 
Information Assurance And Security - Chapter 1 - Lesson 3
Information Assurance And Security - Chapter 1 - Lesson 3Information Assurance And Security - Chapter 1 - Lesson 3
Information Assurance And Security - Chapter 1 - Lesson 3MLG College of Learning, Inc
 
MIS: Information Security Management
MIS: Information Security ManagementMIS: Information Security Management
MIS: Information Security ManagementJonathan Coleman
 
ICS Supply Chain Security: Learning from Recent Incidents and Other Sectors
ICS Supply Chain Security: Learning from Recent Incidents and Other SectorsICS Supply Chain Security: Learning from Recent Incidents and Other Sectors
ICS Supply Chain Security: Learning from Recent Incidents and Other SectorsEnergySec
 
Cybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHSCybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHSJohn Gilligan
 
Federal Cybersecurity: The latest challenges, initiatives and best practices
Federal Cybersecurity: The latest challenges, initiatives and best practicesFederal Cybersecurity: The latest challenges, initiatives and best practices
Federal Cybersecurity: The latest challenges, initiatives and best practicesJohn Gilligan
 

Tendances (20)

Lesson 1 - Technical Controls
Lesson 1 - Technical ControlsLesson 1 - Technical Controls
Lesson 1 - Technical Controls
 
Chapter 12 iso 27001 awareness
Chapter 12 iso 27001 awarenessChapter 12 iso 27001 awareness
Chapter 12 iso 27001 awareness
 
Cybersecurity Summit 2020 Slide Deck
Cybersecurity Summit 2020 Slide DeckCybersecurity Summit 2020 Slide Deck
Cybersecurity Summit 2020 Slide Deck
 
It and-cyber-module-2
It and-cyber-module-2It and-cyber-module-2
It and-cyber-module-2
 
Security technologies
Security technologiesSecurity technologies
Security technologies
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
 
The red book
The red book The red book
The red book
 
Using the CGC's Fully Automated Vulnerability Detection Tools in Security Eva...
Using the CGC's Fully Automated Vulnerability Detection Tools in Security Eva...Using the CGC's Fully Automated Vulnerability Detection Tools in Security Eva...
Using the CGC's Fully Automated Vulnerability Detection Tools in Security Eva...
 
Introduction to Cybersecurity Fundamentals
Introduction to Cybersecurity FundamentalsIntroduction to Cybersecurity Fundamentals
Introduction to Cybersecurity Fundamentals
 
ARC's Bob Mick Cyber Security Presentation @ ARC Industry Forum 2010
ARC's Bob Mick Cyber Security Presentation @ ARC Industry Forum 2010ARC's Bob Mick Cyber Security Presentation @ ARC Industry Forum 2010
ARC's Bob Mick Cyber Security Presentation @ ARC Industry Forum 2010
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
 
22 need-for-security
22 need-for-security22 need-for-security
22 need-for-security
 
The Future of Cyber Security - Matthew Rosenquist
The Future of Cyber Security - Matthew RosenquistThe Future of Cyber Security - Matthew Rosenquist
The Future of Cyber Security - Matthew Rosenquist
 
Lesson 3
Lesson 3Lesson 3
Lesson 3
 
Lesson 1
Lesson 1Lesson 1
Lesson 1
 
Information Assurance And Security - Chapter 1 - Lesson 3
Information Assurance And Security - Chapter 1 - Lesson 3Information Assurance And Security - Chapter 1 - Lesson 3
Information Assurance And Security - Chapter 1 - Lesson 3
 
MIS: Information Security Management
MIS: Information Security ManagementMIS: Information Security Management
MIS: Information Security Management
 
ICS Supply Chain Security: Learning from Recent Incidents and Other Sectors
ICS Supply Chain Security: Learning from Recent Incidents and Other SectorsICS Supply Chain Security: Learning from Recent Incidents and Other Sectors
ICS Supply Chain Security: Learning from Recent Incidents and Other Sectors
 
Cybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHSCybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHS
 
Federal Cybersecurity: The latest challenges, initiatives and best practices
Federal Cybersecurity: The latest challenges, initiatives and best practicesFederal Cybersecurity: The latest challenges, initiatives and best practices
Federal Cybersecurity: The latest challenges, initiatives and best practices
 

En vedette

Reports on Industrial Control Systems’ Cyber Security
Reports on Industrial Control Systems’ Cyber SecurityReports on Industrial Control Systems’ Cyber Security
Reports on Industrial Control Systems’ Cyber SecurityA. V. Rajabahadur
 
Google versus china the first cyber war
Google versus china the first cyber war Google versus china the first cyber war
Google versus china the first cyber war David Strom
 
Saving without Sacrificing Coverage (revised)
Saving without Sacrificing Coverage (revised)Saving without Sacrificing Coverage (revised)
Saving without Sacrificing Coverage (revised)Patrick O'Rourke
 
Premiazione ufficiale
Premiazione ufficialePremiazione ufficiale
Premiazione ufficialeamg80
 
Akademia Rozwoju Agenta Otodom_Kraków 7 maja
Akademia Rozwoju Agenta Otodom_Kraków 7 majaAkademia Rozwoju Agenta Otodom_Kraków 7 maja
Akademia Rozwoju Agenta Otodom_Kraków 7 majaOtodom
 
ARA Otodom_Rzeszow_26 maja
ARA Otodom_Rzeszow_26 majaARA Otodom_Rzeszow_26 maja
ARA Otodom_Rzeszow_26 majaOtodom
 

En vedette (14)

Reports on Industrial Control Systems’ Cyber Security
Reports on Industrial Control Systems’ Cyber SecurityReports on Industrial Control Systems’ Cyber Security
Reports on Industrial Control Systems’ Cyber Security
 
Google versus china the first cyber war
Google versus china the first cyber war Google versus china the first cyber war
Google versus china the first cyber war
 
Saving without Sacrificing Coverage (revised)
Saving without Sacrificing Coverage (revised)Saving without Sacrificing Coverage (revised)
Saving without Sacrificing Coverage (revised)
 
მოთხრობები ერნესტ ჰემინგუეი
მოთხრობები ერნესტ ჰემინგუეიმოთხრობები ერნესტ ჰემინგუეი
მოთხრობები ერნესტ ჰემინგუეი
 
Premiazione ufficiale
Premiazione ufficialePremiazione ufficiale
Premiazione ufficiale
 
ბალზაკი პოლკოვნიკი შაბერი
ბალზაკი პოლკოვნიკი შაბერიბალზაკი პოლკოვნიკი შაბერი
ბალზაკი პოლკოვნიკი შაბერი
 
Akademia Rozwoju Agenta Otodom_Kraków 7 maja
Akademia Rozwoju Agenta Otodom_Kraków 7 majaAkademia Rozwoju Agenta Otodom_Kraków 7 maja
Akademia Rozwoju Agenta Otodom_Kraków 7 maja
 
Mobiliva - OTS Kampanya Tanıtım Sunumu
Mobiliva - OTS Kampanya Tanıtım SunumuMobiliva - OTS Kampanya Tanıtım Sunumu
Mobiliva - OTS Kampanya Tanıtım Sunumu
 
Welcome to Goa
Welcome to GoaWelcome to Goa
Welcome to Goa
 
დიდოსტატის მარჯვენა კონსტანტინე გამსახურდია
დიდოსტატის მარჯვენა კონსტანტინე გამსახურდიადიდოსტატის მარჯვენა კონსტანტინე გამსახურდია
დიდოსტატის მარჯვენა კონსტანტინე გამსახურდია
 
ჯორჯ ორუელი ცხოველების ფერმა
ჯორჯ ორუელი ცხოველების ფერმა ჯორჯ ორუელი ცხოველების ფერმა
ჯორჯ ორუელი ცხოველების ფერმა
 
გრაფი მონტე კრისტო - ალექსანდრე დიუმა Ii
გრაფი მონტე კრისტო - ალექსანდრე დიუმა Iiგრაფი მონტე კრისტო - ალექსანდრე დიუმა Ii
გრაფი მონტე კრისტო - ალექსანდრე დიუმა Ii
 
ARA Otodom_Rzeszow_26 maja
ARA Otodom_Rzeszow_26 majaARA Otodom_Rzeszow_26 maja
ARA Otodom_Rzeszow_26 maja
 
თერთმეტი წუთი პაულო კოელიო
თერთმეტი წუთი პაულო კოელიოთერთმეტი წუთი პაულო კოელიო
თერთმეტი წუთი პაულო კოელიო
 

Similaire à Cyber war scenario what are the defenses

Cyber security applied to embedded systems
Cyber security applied to embedded systemsCyber security applied to embedded systems
Cyber security applied to embedded systemsTonex
 
1973-16 Tackling the challenges of cyber security_19_03_15
1973-16 Tackling the challenges of cyber security_19_03_151973-16 Tackling the challenges of cyber security_19_03_15
1973-16 Tackling the challenges of cyber security_19_03_15shed59
 
Utilizing the Critical Security Controls to Secure Healthcare Technology
Utilizing the Critical Security Controls to Secure Healthcare TechnologyUtilizing the Critical Security Controls to Secure Healthcare Technology
Utilizing the Critical Security Controls to Secure Healthcare TechnologyEnclaveSecurity
 
Webinar - Reducing the Risk of a Cyber Attack on Utilities
Webinar - Reducing the Risk of a Cyber Attack on UtilitiesWebinar - Reducing the Risk of a Cyber Attack on Utilities
Webinar - Reducing the Risk of a Cyber Attack on UtilitiesWPICPE
 
Power System Cybersecurity: Barriers and Challenges
Power System Cybersecurity: Barriers and Challenges Power System Cybersecurity: Barriers and Challenges
Power System Cybersecurity: Barriers and Challenges Nathan Wallace, PhD, PE
 
Proactive Approach to OT incident response - HOUSECCON 2023
Proactive Approach to OT incident response - HOUSECCON 2023Proactive Approach to OT incident response - HOUSECCON 2023
Proactive Approach to OT incident response - HOUSECCON 2023Chris Sistrunk
 
CYBER SECURITY.pptx
CYBER SECURITY.pptxCYBER SECURITY.pptx
CYBER SECURITY.pptxMalu704065
 
Lec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendationsLec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendationsBilalMehmood44
 
SCADA Security Webinar
SCADA Security WebinarSCADA Security Webinar
SCADA Security WebinarAVEVA
 
chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security elmuhammadmuhammad
 
Cyber security for business
Cyber security for businessCyber security for business
Cyber security for businessDaniel Thomas
 
First line of defense for cybersecurity : AI
First line of defense for cybersecurity : AIFirst line of defense for cybersecurity : AI
First line of defense for cybersecurity : AIAhmed Banafa
 
Cyber Security Standards Compliance
Cyber Security Standards ComplianceCyber Security Standards Compliance
Cyber Security Standards ComplianceDr. Prashant Vats
 
Security management concepts and principles
Security management concepts and principlesSecurity management concepts and principles
Security management concepts and principlesDivya Tiwari
 

Similaire à Cyber war scenario what are the defenses (20)

Cyber security applied to embedded systems
Cyber security applied to embedded systemsCyber security applied to embedded systems
Cyber security applied to embedded systems
 
1973-16 Tackling the challenges of cyber security_19_03_15
1973-16 Tackling the challenges of cyber security_19_03_151973-16 Tackling the challenges of cyber security_19_03_15
1973-16 Tackling the challenges of cyber security_19_03_15
 
Managing security threats in today’s enterprise
Managing security threats in today’s enterpriseManaging security threats in today’s enterprise
Managing security threats in today’s enterprise
 
Utilizing the Critical Security Controls to Secure Healthcare Technology
Utilizing the Critical Security Controls to Secure Healthcare TechnologyUtilizing the Critical Security Controls to Secure Healthcare Technology
Utilizing the Critical Security Controls to Secure Healthcare Technology
 
Webinar - Reducing the Risk of a Cyber Attack on Utilities
Webinar - Reducing the Risk of a Cyber Attack on UtilitiesWebinar - Reducing the Risk of a Cyber Attack on Utilities
Webinar - Reducing the Risk of a Cyber Attack on Utilities
 
I-CERT
I-CERTI-CERT
I-CERT
 
Power System Cybersecurity: Barriers and Challenges
Power System Cybersecurity: Barriers and Challenges Power System Cybersecurity: Barriers and Challenges
Power System Cybersecurity: Barriers and Challenges
 
Proactive Approach to OT incident response - HOUSECCON 2023
Proactive Approach to OT incident response - HOUSECCON 2023Proactive Approach to OT incident response - HOUSECCON 2023
Proactive Approach to OT incident response - HOUSECCON 2023
 
CYBER SECURITY.pptx
CYBER SECURITY.pptxCYBER SECURITY.pptx
CYBER SECURITY.pptx
 
Lec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendationsLec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendations
 
CSO CXO Series Breakfast
CSO CXO Series BreakfastCSO CXO Series Breakfast
CSO CXO Series Breakfast
 
CyCron 2016
CyCron 2016CyCron 2016
CyCron 2016
 
U nit 4
U nit 4U nit 4
U nit 4
 
SCADA Security Webinar
SCADA Security WebinarSCADA Security Webinar
SCADA Security Webinar
 
chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security
 
Cyber security for business
Cyber security for businessCyber security for business
Cyber security for business
 
First line of defense for cybersecurity : AI
First line of defense for cybersecurity : AIFirst line of defense for cybersecurity : AI
First line of defense for cybersecurity : AI
 
Cyber Security Standards Compliance
Cyber Security Standards ComplianceCyber Security Standards Compliance
Cyber Security Standards Compliance
 
Security management concepts and principles
Security management concepts and principlesSecurity management concepts and principles
Security management concepts and principles
 
Internet safety and security strategies for building an internet safety wall
Internet safety and security strategies for building an internet safety wallInternet safety and security strategies for building an internet safety wall
Internet safety and security strategies for building an internet safety wall
 

Dernier

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Principled Technologies
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 

Dernier (20)

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 

Cyber war scenario what are the defenses

  • 1. Cyber war Scenario: What are the Defenses? Rajabahadur V. Arcot RR Concepts Independent Industry Analyst/Columnist and Manufacturing IT Consultant
  • 2. Disclaimers • I am an Industrial Control System Professional • Stuxnet Episode and Aurora Experiment Spurred me to take interest in ICS Cyber Security Issues and Cyber War Scenario and Possible Defenses “Cyber war, cyber terrorism, and cyber espionage are topics of increasing timeliness, and our nation and its citizens will be ill prepared to deal with these threats if those topics never get any discussion….” so said Joe Sauver, Ph.D. at IT Security Conference, USA
  • 3. Overview • Structured to create awareness • To spur all stakeholders (interested in providing defenses against cyber attack) to take serious note of the threats and contribute to finding solutions
  • 4. Cyber War Threat is Real • Cyber weapons are powerful • They can be launched simultaneously from different locations and on multiple targets • They are the least-cost weapons-option and capable of very precisely putting out of service – Essential critical infrastructure industries and services – Conventional offensive and defensive capabilities – Cause panic and confusion
  • 6. Critical Infrastructure Industries • Power utilities • Water utilities • Communication • Oil and Gas installations • Chemical and Pharmaceutical industries • Transportation • Offensive and defensive capabilities • Others
  • 7. Operated by Control Systems – PLC, DCS, SCADA - built on IT open platforms BYOD Connected Connected to Internet Networked Innumerable embedded systemsInnumerable end points GPS controlled
  • 9. Typical Critical Infrastructure Control System Architecture
  • 10. Seeking Defense From Cyber Attack Quotation from CERN (European Council for Nuclear Research) Presentation "Incorporate cyber risks into existing risk management and governance processes. Cyber Security is NOT implementing a checklist of requirements; rather it is managing cyber risks to an acceptable level. Managing cyber security risk as part of an organization’s governance, risk management, and business continuity frameworks provides the strategic framework for managing cyber security risk throughout the enterprise.” US Department of Homeland Security’s advice to CEOs Overview
  • 11. General • Recognize ICS cyber security challenges are different from ensuring data security • Protecting the enterprise begins with implementing straight forward proper work related systems, such as installing • Passwords, Media Access Control, Software Updates, Virus Scanners, Firewalls, “Data Diode” systems, and such others • Eternal vigilance and the readiness and ability of the enterprise to identify, recover, and nullify the effects of the cyber-attack are key to achieve fair degree of protection • Ability and preparedness to initiate counter measures to recover quickly from the attack are critical Seeking Defense From Cyber Attack
  • 12. Critical Infrastructure Industries • CII to gain awareness and instill awareness among the workforce • Create an in-house industrial control-system cyber security team • Team to consist of experts in automation & process technologies in addition to experts in information and communication technologies • Team to carry out carry out security audit, vulnerability assessment, and penetration testing, and evolve specific policies & procedures and crisis management program Seeking Defense From Cyber Attack
  • 13. Critical Infrastructure Industries • The team may seek the support of technology solution providers and competent system integrators / consultants having the appropriate skills in industrial control-system cyber security • Companies, planning to install new control systems, must seek readiness of their potential suppliers to provide safeguards and their plans to ensure adherence to cyber security standards • Build competence in system engineering of ICS and ensure defense through system engineering • Train operators and operating workforce to track anomalous performances Seeking Defense From Cyber Attack
  • 14. • Build backup infrastructure • Build cyber workforce • Put in place a mechanism to prevent panic and confusion Seeking Defense From Cyber Attack Policy Makers
  • 15. Seeking Defense From Cyber Attack Policy Makers • Take secrecy veil off electronic warfare • Universities, industries and institutes to plug the gap in knowledge in the sector
  • 16. Control System Suppliers / IT Technology Suppliers • Until now, automation systems are designed typically to meet the operational including functional safety and business needs • Before Stuxnet, securing the control systems from cyber-threats was not part of the requirement criteria and as such was not on the radar screen of automation companies and standards’ committees • However, the growing recognition that cyber threats are real calls for ensuring secure functioning of the control systems even in the event of cyber-attacks. ICS suppliers must recognize that cyber Security is integral to functional safety • Automation companies may have to go back to their drawing boards to design automation systems that include security as one of the manufacturing industries’ fundamental requirements • Automation suppliers must offer control systems that have strong security features to ensure protection from cyber-attacks and ensure compliance to ISA 99 and other standards Providing Defense From Cyber Attack
  • 17. • Build competence to carry out security audit, vulnerability assessment, and penetration testing • Industry must come together to develop standards to govern embedded system and product design – Trusted Computing • In all future product development, security should take equal if not precedence over functionality and features • Let us not repeat the Y2K story! Providing Defense From Cyber Attack IT Service Providers