Your SlideShare is downloading. ×
0
Aare reintam estonia_ciip_activites
Aare reintam estonia_ciip_activites
Aare reintam estonia_ciip_activites
Aare reintam estonia_ciip_activites
Aare reintam estonia_ciip_activites
Aare reintam estonia_ciip_activites
Aare reintam estonia_ciip_activites
Aare reintam estonia_ciip_activites
Aare reintam estonia_ciip_activites
Aare reintam estonia_ciip_activites
Aare reintam estonia_ciip_activites
Aare reintam estonia_ciip_activites
Aare reintam estonia_ciip_activites
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Aare reintam estonia_ciip_activites

128

Published on

Overview of practical CIIP activities in EE …

Overview of practical CIIP activities in EE
Aare Reintam
ISKE area manager
CIIP unit

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
128
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
3
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. www.ria.ee FOR OFFICIAL USE ONLY Estonian Overview of practical CIIP activities in EE Aare Reintam ISKE area manager CIIP unit
  • 2. www.ria.ee FOR OFFICIAL USE ONLY FOR OFFICIAL USE ONLY Outline of my talk • What is the aim of protecting CII? • Community building • Activities - security assessments and port scanning • Legislation, regulations, ICS/SCADA guidelines
  • 3. www.ria.ee FOR OFFICIAL USE ONLY FOR OFFICIAL USE ONLY When talking about CII protection • We mean vital services that depend on IT systems • Electricity supply (production, transmission, distribution) • Data communications • Water supply and sewerage • Air navigation service • … • 43 vital services in total
  • 4. www.ria.ee
  • 5. www.ria.ee FOR OFFICIAL USE ONLY FOR OFFICIAL USE ONLY CII Incidents and impact on economy • Some examples from this year CII incidents in Europe Sector Time Impact Reason Energy Sept 2013 2,5 hours the hole county electricity distribution was interrupted Software error Railway transport March 2013 3 hours long Interruption of train service between two main cities in Europe Optical cable breakage. Trains leading dispatcher was unable to carry out work and had to stop the traffic Air transport August 2013 3 hours interruption in X city air travel service. No planes could land. Flight control software error.
  • 6. www.ria.ee FOR OFFICIAL USE ONLY FOR OFFICIAL USE ONLY Community building • CIIP lead (expert / mid-management level) • SCADA workgroup • CII protection council • Annual CIIP conference • CERT-EE lead (expert level) • Government system administrators • ISP & hosting abuse handlers • CERT + CIIP joint events • 0ct0b3rf3st • EISA management lead: • Quarterly reports to high government officials • Seminars for management
  • 7. www.ria.ee FOR OFFICIAL USE ONLY FOR OFFICIAL USE ONLY How to keep communities running? • Regular meetings on interesting topics • Share information • State sponsored training, seminars, conferences etc. • 5 day advanced SCADA security • Netflow, IDS, logging • Managing small office networks (SOHO) • … • Social events
  • 8. www.ria.ee FOR OFFICIAL USE ONLY FOR OFFICIAL USE ONLY Security assessment projects • Find out what is the “real” security level of vital service provider • Based on attack scenarios • Verifying them with penetration testing • State sponsored • We are using 3rd party consultants
  • 9. www.ria.ee FOR OFFICIAL USE ONLY FOR OFFICIAL USE ONLY Sample security assessment task list • Information gathering from public sources • Corporate LAN security assessment (Windows domain, servers, workstations, Wi- Fi etc.) • Network perimeter testing (from corporate <-> SCADA <-> control network) • Assessment of SCADA servers, operator workstation etc. • Remote access to networks (VPN) • Physical security
  • 10. www.ria.ee FOR OFFICIAL USE ONLY FOR OFFICIAL USE ONLY Finding CII equipment from the Internet • Locating possibly vulnerable devices before the “bad guys” • Notifying the owner and explaining the risk • Using shodanhq.com and other tools
  • 11. www.ria.ee FOR OFFICIAL USE ONLY FOR OFFICIAL USE ONLY Legislation & guidelines • We are giving input to Ministry of justice to amend appropriate legislation. • Security measure regulation is established: • Security responsibilities have to be in place when providing vital services • Implement security standard (ISO 27001, our own local standard “ISKE” or industry specific) • ICS/SCADA security guidelines • 25 security controls
  • 12. www.ria.ee FOR OFFICIAL USE ONLY FOR OFFICIAL USE ONLY To sum up • Incidents happen on daily basis • Only legislation is not enough • There has to be balanced responsibility between state and service providers • People are important
  • 13. Thank You! www.ria.ee Aare Reintam Aare.reintam@ria.ee

×