Overview of practical CIIP activities in EE Aare Reintam ISKE area manager CIIP unit

1. www.ria.ee
FOR OFFICIAL USE ONLY
Estonian
Overview of practical CIIP
activities in EE
Aare Reintam
ISKE area manager
CIIP unit

2. www.ria.ee
FOR OFFICIAL USE ONLY
FOR OFFICIAL USE ONLY
Outline of my talk
• What is the aim of protecting CII?
• Community building
• Activities - security assessments and port
scanning
• Legislation, regulations, ICS/SCADA guidelines

3. www.ria.ee
FOR OFFICIAL USE ONLY
FOR OFFICIAL USE ONLY
When talking about CII protection
• We mean vital services that depend on IT
systems
• Electricity supply (production, transmission,
distribution)
• Data communications
• Water supply and sewerage
• Air navigation service
• …
• 43 vital services in total

4. www.ria.ee

5. www.ria.ee
FOR OFFICIAL USE ONLY
FOR OFFICIAL USE ONLY
CII Incidents and impact on economy
• Some examples from this year CII incidents in Europe
Sector Time Impact Reason
Energy Sept 2013 2,5 hours the hole
county electricity
distribution was
interrupted
Software error
Railway
transport
March
2013
3 hours long
Interruption of train
service between two
main cities in Europe
Optical cable breakage.
Trains leading dispatcher
was unable to carry out
work and had to stop the
traffic
Air
transport
August
2013
3 hours interruption in
X city air travel service.
No planes could land.
Flight control software
error.

6. www.ria.ee
FOR OFFICIAL USE ONLY
FOR OFFICIAL USE ONLY
Community building
• CIIP lead (expert / mid-management level)
• SCADA workgroup
• CII protection council
• Annual CIIP conference
• CERT-EE lead (expert level)
• Government system administrators
• ISP & hosting abuse handlers
• CERT + CIIP joint events
• 0ct0b3rf3st
• EISA management lead:
• Quarterly reports to high government officials
• Seminars for management

7. www.ria.ee
FOR OFFICIAL USE ONLY
FOR OFFICIAL USE ONLY
How to keep communities
running?
• Regular meetings on interesting topics
• Share information
• State sponsored training, seminars,
conferences etc.
• 5 day advanced SCADA security
• Netflow, IDS, logging
• Managing small office networks (SOHO)
• …
• Social events

8. www.ria.ee
FOR OFFICIAL USE ONLY
FOR OFFICIAL USE ONLY
Security assessment projects
• Find out what is the “real” security level of
vital service provider
• Based on attack scenarios
• Verifying them with penetration testing
• State sponsored
• We are using 3rd party consultants

9. www.ria.ee
FOR OFFICIAL USE ONLY
FOR OFFICIAL USE ONLY
Sample security assessment task
list
• Information gathering from public sources
• Corporate LAN security assessment
(Windows domain, servers, workstations, Wi-
Fi etc.)
• Network perimeter testing (from corporate
<-> SCADA <-> control network)
• Assessment of SCADA servers, operator
workstation etc.
• Remote access to networks (VPN)
• Physical security

10. www.ria.ee
FOR OFFICIAL USE ONLY
FOR OFFICIAL USE ONLY
Finding CII equipment from the
Internet
• Locating possibly vulnerable devices before
the “bad guys”
• Notifying the owner and explaining the risk
• Using shodanhq.com and other tools

11. www.ria.ee
FOR OFFICIAL USE ONLY
FOR OFFICIAL USE ONLY
Legislation & guidelines
• We are giving input to Ministry of justice to
amend appropriate legislation.
• Security measure regulation is established:
• Security responsibilities have to be in place when
providing vital services
• Implement security standard (ISO 27001, our
own local standard “ISKE” or industry specific)
• ICS/SCADA security guidelines
• 25 security controls

12. www.ria.ee
FOR OFFICIAL USE ONLY
FOR OFFICIAL USE ONLY
To sum up
• Incidents happen on daily basis
• Only legislation is not enough
• There has to be balanced responsibility
between state and service providers
• People are important

13. Thank You!
www.ria.ee
Aare Reintam
Aare.reintam@ria.ee