Aare reintam estonia_ciip_activites

347 views
206 views

Published on

Overview of practical CIIP activities in EE
Aare Reintam
ISKE area manager
CIIP unit

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
347
On SlideShare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
4
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Aare reintam estonia_ciip_activites

  1. 1. www.ria.ee FOR OFFICIAL USE ONLY Estonian Overview of practical CIIP activities in EE Aare Reintam ISKE area manager CIIP unit
  2. 2. www.ria.ee FOR OFFICIAL USE ONLY FOR OFFICIAL USE ONLY Outline of my talk • What is the aim of protecting CII? • Community building • Activities - security assessments and port scanning • Legislation, regulations, ICS/SCADA guidelines
  3. 3. www.ria.ee FOR OFFICIAL USE ONLY FOR OFFICIAL USE ONLY When talking about CII protection • We mean vital services that depend on IT systems • Electricity supply (production, transmission, distribution) • Data communications • Water supply and sewerage • Air navigation service • … • 43 vital services in total
  4. 4. www.ria.ee
  5. 5. www.ria.ee FOR OFFICIAL USE ONLY FOR OFFICIAL USE ONLY CII Incidents and impact on economy • Some examples from this year CII incidents in Europe Sector Time Impact Reason Energy Sept 2013 2,5 hours the hole county electricity distribution was interrupted Software error Railway transport March 2013 3 hours long Interruption of train service between two main cities in Europe Optical cable breakage. Trains leading dispatcher was unable to carry out work and had to stop the traffic Air transport August 2013 3 hours interruption in X city air travel service. No planes could land. Flight control software error.
  6. 6. www.ria.ee FOR OFFICIAL USE ONLY FOR OFFICIAL USE ONLY Community building • CIIP lead (expert / mid-management level) • SCADA workgroup • CII protection council • Annual CIIP conference • CERT-EE lead (expert level) • Government system administrators • ISP & hosting abuse handlers • CERT + CIIP joint events • 0ct0b3rf3st • EISA management lead: • Quarterly reports to high government officials • Seminars for management
  7. 7. www.ria.ee FOR OFFICIAL USE ONLY FOR OFFICIAL USE ONLY How to keep communities running? • Regular meetings on interesting topics • Share information • State sponsored training, seminars, conferences etc. • 5 day advanced SCADA security • Netflow, IDS, logging • Managing small office networks (SOHO) • … • Social events
  8. 8. www.ria.ee FOR OFFICIAL USE ONLY FOR OFFICIAL USE ONLY Security assessment projects • Find out what is the “real” security level of vital service provider • Based on attack scenarios • Verifying them with penetration testing • State sponsored • We are using 3rd party consultants
  9. 9. www.ria.ee FOR OFFICIAL USE ONLY FOR OFFICIAL USE ONLY Sample security assessment task list • Information gathering from public sources • Corporate LAN security assessment (Windows domain, servers, workstations, Wi- Fi etc.) • Network perimeter testing (from corporate <-> SCADA <-> control network) • Assessment of SCADA servers, operator workstation etc. • Remote access to networks (VPN) • Physical security
  10. 10. www.ria.ee FOR OFFICIAL USE ONLY FOR OFFICIAL USE ONLY Finding CII equipment from the Internet • Locating possibly vulnerable devices before the “bad guys” • Notifying the owner and explaining the risk • Using shodanhq.com and other tools
  11. 11. www.ria.ee FOR OFFICIAL USE ONLY FOR OFFICIAL USE ONLY Legislation & guidelines • We are giving input to Ministry of justice to amend appropriate legislation. • Security measure regulation is established: • Security responsibilities have to be in place when providing vital services • Implement security standard (ISO 27001, our own local standard “ISKE” or industry specific) • ICS/SCADA security guidelines • 25 security controls
  12. 12. www.ria.ee FOR OFFICIAL USE ONLY FOR OFFICIAL USE ONLY To sum up • Incidents happen on daily basis • Only legislation is not enough • There has to be balanced responsibility between state and service providers • People are important
  13. 13. Thank You! www.ria.ee Aare Reintam Aare.reintam@ria.ee

×