Your SlideShare is downloading. ×
Seminário de Segurança em Informática - Apresentação Andrew Cushman
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Seminário de Segurança em Informática - Apresentação Andrew Cushman

802
views

Published on

Seminário: Dia Internacional da Segurança em Informática "A Internet e os Paradoxos do Controle de Segurança" …

Seminário: Dia Internacional da Segurança em Informática "A Internet e os Paradoxos do Controle de Segurança"

Dia: 30 de Novembro de 2009
Auditório - 4ª andar Edifício da FIESP
Saão Paulo, SP

Apresentação do diretor de resposta a incidentes em segurança de computadores da Microsoft Andrew Cushman no Seminário "A Internet e os paradoxos do controle da segurança"

Published in: Education

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
802
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Securing Critical Infrastructures Andrew Cushman Sr. Director Security Strategy Trustworthy Computing – Security  Click to edit Master text styles – Second level  Third level – Fourth level  Fifth level Trustworthy Infrastructure Programs and Policy
  • 2. Intro – Who Am I ? • Joined Microsoft in 1990  Click to edit Master text styles • Worked level MSMoney, IIS, and now Security – Second on • Previously Patch Tuesday & BlueHat  Third level – Fourth level • Now Focused level End to End Trust  Fifth on Trustworthy Computing - Security Group Security Security Critical Security Security Software Engineering Science & Infra- Research Response Integrity Policy Engineering structure Community Trustworthy Infrastructure Programs & Policy
  • 3. Agenda • Click to edit Master text styles Traditional Critical Infrastructure Protection Definition – Second level • The Evolvinglevel Landscape  Third Risk • Microsoft’sFourth level – Critical Infrastructure Protection Program  Fifth – Trustworthy Policy level – Resilient Operations – Investments in Innovation • Government Engagement Programs and Resources Trustworthy Infrastructure Programs & Policy
  • 4. Global Critical Infrastructure  Critical infrastructures are generally thought of as the key Click to edit Master text styles – Second level systems, services, and functions whose disruption or  Third level destruction would have a debilitating impact on public – safety, commerce, and/or national security. health andFourth level  Fifth These include: level – Communications – Energy – Banking – Transportation – Public health and safety – Essential government services Trustworthy Infrastructure Programs and Policy
  • 5. Critical Infrastructure Cyber Reliance on IT Security  Click to edit Master text styles – Second level  Third level Key physical and cyber level – Fourth systems, services, and functions  Fifth level Critical Cyber Systems Software, hardware, and services functioning as intended Trustworthy Infrastructure Programs and Policy
  • 6. Users in the World Today  Click to edit Master text styles – Second level  Third level – Fourth level  Fifth level As of July 2008, 1,463,632,361 people worldwide use the Internet Trustworthy Infrastructure Programs & Policy Source: http://www.internetworldstats.com/stats.htm
  • 7. Users are Changing General Growth International Growth More than 250 million active users More than 50 translations available on the site, with more More than 120 million users log on to Facebook at than 40 in development  Click to edit Master text styles least once each day About 70% of Facebook users are outside the United States More than two-thirds of Facebook users are outside Platform – of college Second level More than one million developers and entrepreneurs from The fastest growing demographic is those 35 years more than 180 countries old and older  Third level Every month, more than 70% of Facebook users engage with – User Engagement Fourth level Platform applications Average user has 120 friends on the site More than 350,000 active applications currently on  Fifth level More than 5 billion minutes are spent on Facebook Facebook Platform each day (worldwide) More than 200 applications have more than one million More than 30 million users update their statuses at monthly active users least once each day More than 8 million users become fans of Pages Mobile each day There are more than 30 million active users currently Applications accessing Facebook through their mobile devices. More than 1 billion photos uploaded to the site People that use Facebook on their mobile devices are each month almost 50% more active on Facebook than non-mobile More than 10 million videos uploaded each month users. More than 1 billion pieces of content (web links, There are more than 150 mobile operators in 50 countries news stories, blog posts, notes, photos, etc.) shared working to deploy and promote Facebook mobile products each week More than 2.5 million events created each month More than 45 million active user groups exist on the site Trustworthy Infrastructure Programs & Policy
  • 8. Threats Facing Global Operations Exponential Growth of IDs Increasingly Sophisticated Malware Identity and access management challenging Anti-malware alone is not sufficient 160,000  Click to edit Master text styles B2C 120,000 Number of variants from over 7,000 malware families (1H07) B2E – Second level Number of Digital IDs B2B 80,000 mobility  Third level Internet 40,000 0 – Fourth level  client/server Fifth level mainframe Pre-1980s 1980s 1990s 2000s Source: Microsoft Security Intelligence Report (January – June 2007) Crime On The Rise Attacks Getting More Sophisticated Largest segment by Traditional defenses are inadequate $ spent on defense National Interest Largest area by Spy $ lost User Examples: Fastest GUI • Spyware Personal Gain Thief growing Applications • Rootkits segment Drivers • Application attacks Trespasser Personal Fame • Phishing/Social O/S engineering Largest area by Author Hardware Vandal volume Curiosity Physical Script-Kiddy Amateur Expert Specialist Trustworthy Infrastructure Programs and Policy
  • 9. Malware in the World Today  Click to edit Master text styles – Second level  Third level – Fourth level  Fifth level Trustworthy Infrastructure Programs & Policy Source: Microsoft Security Intelligence Report v6
  • 10. Malware Infection Rates – Brasil MSRT Data • Brazil heat map index (CCM) is 23.9, up 81.8% from 2H07 – i.e. 24 systems infected for every 1,000 systems MSRT executed on • World to edit Master text styles Click wide average is 10.0 with 22.7% increase since 2H07 – Second level Lowest Infection Rates Highest Infection Rates  Third levelLocation 1H08 2H07 % Chg. Location 1H08 2H07 % Chg. Japan 1.8 1.5 22.8 Afghanistan 76.4 58.8 29.9 – Fourth level Rwanda 4.2 4.2 0.3 Bahrain 29.2 28.2 3.4 5.2 4.1 25.7 Morocco 27.8 31.3 -11.4 Austria  Fifth level Germany 5.3 4.4 19.7 Albania 25.4 30.7 -17.4 Finland 5.7 3.8 50.9 Mongolia 24.7 29.9 -17.6 New Zealand 6.0 3.8 58.4 Brazil 23.9 13.2 81.8 India 6.2 5.5 12.3 Iraq 23.6 23.8 -1.1 Malaysia 6.3 4.6 35.6 Dominican Republic 23.2 24.5 -5.2 Latvia 6.3 5.1 22.9 Egypt 22.5 24.3 -7.5 Indonesia 6.4 6.9 -7.0 Saudi Arabia 22.3 22.2 0.4 China 6.6 4.7 41.1 Tunisia 21.9 15.9 37.3 Uruguay 6.6 5.6 17.6 Turkey 21.9 25.9 -15.4 Denmark 6.8 4.9 38.7 Jordan 21.6 20.4 5.5 Australia 6.9 4.9 41.7 Former Yugoslav 21.1 16.3 Switzerland 6.9 5.5 26.4 Republic of Macedonia 29.8 Hong SAR 7.0 6.1 15.1 Lebanon 20.2 20.6 -1.8 Czech Republic 7.1 5 41.6 Yemen 20.1 17.7 13.7 Italy 7.1 5.3 34.5 Portugal 19.6 14.9 31.7 Ireland 7.3 5.3 36.4 Algeria 19.5 22.2 -12.2 Philippines 7.4 7.3 2.0 Libya 19.5 17.3 13.1 Belarus 7.6 7.1 7.0 Mexico 17.3 14.8 17.0 Singapore 7.6 5.0 52.2 United Arab Emirates 17.3 18.2 -4.8 Sweden 7.6 6.1 25.3 Monaco 17.0 13.7 23.7 Argentina 7.7 6.6 16.6 Serbia 16.6 11.8 41.4 Netherlands 7.8 5.9 32.3Trustworthy Infrastructure Programs and Policy Bosnia and Herzegovina 16.3 12.8 27.5 Jamaica 16.3 15.0 8.9
  • 11. Malware Trends Around the Globe Misc Misc. Trojans Trojans Trojans 24.7% 28.5% 39.0%  Click to edit Master text styles Germany – France Second level Misc. Potentially Norway  ThirdUnwanted SW level 20.8% Trojan Trojan Downloaders – Fourth level Downloaders & & Droppers Droppers 24.4% 22.2%  Fifth level Misc Trojans Misc. 28.5% Potentially Unwanted SW UK Hungary Italy 23.3% Other Trojan Misc Trojans Trojan Trojans Downloaders & 23.0% Downloaders & 19.6 % Droppers 25.9% Droppers 23.6% Worms Misc Trojans 32.2 % 29.4% Russia China Trojans US Trojan 17.9 % Downloaders & Trojan Misc. Droppers 14.3% Downloaders & Critical Infrastructure Protecti Potentially Droppers 24.4% Unwanted SW 32.5%
  • 12. Top Threats in Brasil Disinfected Threats by Category in 1H08  Click to edit Master text1H08 Disinfection Machines in Brazil, by styles category Category – Second Infected computers level PWS and Monitoring Backdoor Spyware Tools Other Trojans  Third level 1,294,084 3.1% 1.7% 0.4% Virus All Other Worm – Fourth level Trojan Downloader 246,470 1.9% 0.8% Exploit and Dropper 0.1% Other PUS  Fifth level 185,305 5.5% Adware Adware 181,405 8.2% Trojan Downloader and Dropper 122,010 Other PUS 8.4% Other Trojans Backdoor 69,289 58.6% Worm Virus 43,079 11.2% PWS and Monitoring Tools 37,775 Spyware 9,705 Exploit 2,381 All Other 17,853 Trustworthy Infrastructure Programs and Policy
  • 13. Microsoft's Vision for Critical Infrastructure Protection  Click to edit Master text styles – Second level  Third level – Fourth level  Fifth level Trustworthy Infrastructure Programs & Policy
  • 14. Infrastructure Protection  Click to edit Master text styles – Second level  Third level – Fourth level  Fifth level National Strategies Directives/Policies Policy Responses Emergency Response Plans Trustworthy Infrastructure Programs and Policy
  • 15. Complexity and Critical Infrastructures  Click to edit Master text styles – Second level  Third level – Fourth level  Fifth level Policy Decision Maker Source: modified from Guarding Our Future Protecting Our Nation ’s Infrastructure Trustworthy Infrastructure Programs and Policy Toffler Associates 2008
  • 16. CIP Continuum  Outlines edit Master text  Click to three distinct styles functions to create a critical – Second level infrastructure protection capability level  Third – Fourth level  Emphasizes the importance of engaging with the private Fifth level sector to effectively plan, manage, respond, and protect  Guides the development of programs that can evolve in a dynamic environment Trustworthy Infrastructure Programs and Policy
  • 17. Trustworthy Plans and Policies Policy Elements Sample Statement  Click to edit Master text styles – Second level Critical information infrastructure (CII) provide the essential services that enable Critical modern information societies and economies. Some CII support critical functions  Third level and essential services so vital that the incapacitation, exploitation, or destruction, Infrastructure through natural disaster, technological failure, accidents or intentional attacks – Importance Fourth could have a debilitating effect on national security and economic well-being. level  Fifth level Critical A combination of all-hazards threats (e.g., natural disaster, technological failure, accidents or intentional attacks) and vulnerabilities, and the potential resulting Infrastructure Risks debilitating effects on national security and economic well-being. CIP Resiliency Prevent or minimize disruptions to critical information infrastructures, no matter the source, and thereby help to protect the people, the economy, essential Policy Goal/ human and government services, and national security. In the event disruptions Statement do occur, they should be infrequent, of minimal duration, and manageable. Public-Private Implementing the National CIIP framework includes government entities as well as voluntary public-private partnerships involving corporate and Partnerships nongovernmental organizations. Trustworthy Infrastructure Programs and Policy
  • 18. Trustworthy Plans and Policies – International Telecommunications Union  national approach toedit Masterraising awareness A Click to cybersecurity includes text styles about existing cyber risks, creating national structures to address – Second level cybersecurity, and establishing the necessary relationships that Five Elements of a National Cyber may be utilized to address events that occur. Assessing risk, implementing Third level mitigation measures, and managing Security Capability consequences are also part of a national cybersecurity program. – Fourth level A good national cybersecurity program will help protect a  Developing a National Strategy for nation’s economy from disruption by contributing to continuity  Fifth level Cybersecurity planning across sectors, protecting the information that is stored in information systems, preserving public confidence,  Establishing National Government– maintaining national security, and ensuring public health and Industry Collaboration safety.  Deterring Cybercrime International Telecommunications Union  Creating National Incident January 2008 Management Capabilities  Promoting a National Culture of Cybersecurity Trustworthy Infrastructure Programs and Policy
  • 19. Trustworthy Plans and Policies – European Union  […]Click to edit Master text styles ICT systems, services, networks and Challenge/ Action Plan infrastructures […] form a vital part of European Pillar – Second level economy and society, either providing essential goods and services or constituting the • Baseline of [CERT] capabilities and services for  Third level underpinning platform of other critical pan-European cooperation Preparedness infrastructures. They are typically regarded as • European Public Private Partnership for – Fourth level critical information infrastructures (CIIs) as their and Resilience (EP3R) prevention • European Forum for information sharing  Fifth level disruption or destruction would have a serious between Member States impact on vital societal functions. Recent examples include the large-scale cyber-attacks Detection • European Information Sharing and Alert targeting Estonia in 2007 and the breaks of and response System (EISAS) transcontinental cables in 2008. • National contingency planning and exercises. European Commission Communication on CIIP • Pan-European exercises on large-scale Mitigation Mar 2009 network security incidents and recovery • Reinforced cooperation between National/Governmental CERTs • Internet resilience and stability International • Global exercises on recovery and mitigation of cooperation large scale Internet incidents Criteria for • ICT sector specific criteria the ICT sector Trustworthy Infrastructure Programs and Policy
  • 20. Trustworthy Plans and Policies – United States The globally-interconnected digital information and  Click to edit Master text styles Table 1: Near-Term Action Plan communications infrastructure known as “cyberspace” underpins almost every facet of modern society and provides –Second level critical support for the U.S. economy, civil infrastructure, public 1. Appoint a cybersecurity policy official responsible for coordinating the Nation’s cybersecurity policies and safety, and national security. This technology has transformed  Third level the global economy and connected people in ways never activities; establish a strong NSC directorate, under the direction of the cybersecurity policy official dual-hatted to – Fourth level imagined. Yet, cybersecurity risks pose some of the most serious the NSC and the NEC, to coordinate interagency economic and national security challenges of the 21st Century. development of cybersecurity-related strategy and policy.  Fifth level [...] It is the fundamental responsibility of our government to address strategic vulnerabilities in cyberspace and ensure that 2. Prepare for the President’s approval an updated national the United States and the world realize the full potential of the strategy to secure the information and communications information technology revolution. infrastructure. This strategy should include continued evaluation of CNCI activities and, where appropriate, build White House Cyberspace Policy Review on its successes. May 2009 3. Designate cybersecurity as one of the President’s key management priorities and establish performance metrics. 4. Designate a privacy and civil liberties official to the NSC cybersecurity directorate. ….. 10. Build a cybersecurity-based identity management vision and strategy that addresses privacy and civil liberties interests, leveraging privacy-enhancing technologies for the Nation. Trustworthy Infrastructure Programs and Policy
  • 21. Resilient Operations  Click to edit Master text styles – Second level  Third level Respond and – Fourth level Assess Risk Effective Recover Proactive  Fifth level Operational and Risk Strategic Management Monitor and Risk Manage Risk Detect Management Trustworthy Infrastructure Programs and Policy
  • 22. Resilient Operations – Strategic Risk Management Microsoft CII Risk  Optimizes edit Master text styles Management Methodology Click to limited resources to protect the most critical – Second level infrastructure level  Third Determine Risk Management Scope  Focuses on Fourth level – infrastructure objects Identify Critical Information – Assets  Fifth level Infrastructure Functions – Locations Analyze Critical Function – Systems Value Chain and – Functions Interdependencies  Based on defined methodology strategies Assess Critical Function Risk – Bottom up – Top-down Prioritize and Treat Critical Function Risk Trustworthy Infrastructure Programs and Policy
  • 23. Resilient Operations – Operational Risk Management  Click to edit Master text styles – Second level  Third level – Fourth level  Fifth level Trustworthy Infrastructure Programs and Policy
  • 24. Resilient Operations – Critical Infrastructure Exercises  Value  Click to Awareness  Builds edit Master text styles – Second level  Promotes Partnerships  Third level  Improves Information-Sharing – Fourth level  Identifies Preparedness Gaps  Addresses  Fifth level Collaboration Gaps through  Microsoft's Critical Infrastructure Resiliency Exercise Guide  A detailed, step-by-step, “how-to” process to plan, conduct, and learn from critical infrastructure exercises.  Suggestions for how to carry out each step in an exercise,  Background materials, references, templates, and PowerPoint briefings related to each step of the exercise process. Trustworthy Infrastructure Programs and Policy
  • 25. Investments in Innovation  Click to edit Master text styles – Practices Second level Programs • Security Development • Microsoft Active  Third Lifecycle (SDL) level Protection Program • Risk Management – Fourth level (MAPP) Frameworks • Government Security  Fifth level • Exercise Guide Program • SAFECode & ICASI Research Education • Botnet Mitigation • Security Intelligence • Secure Internet Report Protocols • Security Curriculum • Community Guidance Information Management Trustworthy Infrastructure Programs & Policy
  • 26. Evolving Communications Advance MSRC Notification Blog Microsoft  Click to edit Master text styles Security Security Response – Second level Alliance Advisory level  Third – Fourth level CSO  Fifth level Council Microsoft Security Bulletin MMPC Blog Webcast SVRD Blog CSO Call Microsoft Active Protections Program SDL Blog Trustworthy Infrastructure Programs and Policy
  • 27. Investments in Innovation – Developing Secure Software  Click to edit Master text styles  Three publications – Second level  Software Assurance: An  Third level Overview of Current Industry  Dedicated to increasing trust in – Fourth level Best Practices information andFifth level  communications  Fundamental Practices for Secure Software Design technology products and services and Development through the advancement of proven  The Software Supply Chain software assurance methods Integrity Framework: Defining  Consists of six members (EMC, Risks and Responsibilities for Securing Software in the Global Juniper, Microsoft, Nokia, SAP, and Supply Chain Symantec)  An International Advisory Board to  Co-chaired by Microsoft and Nokia guide global efforts Trustworthy Infrastructure Programs & Policy
  • 28. Investments in Innovation – Coordinating multi-vendor response  Click to edit Master text styles – Second level Developing operational  Third level coordination and thought – Fourth level leadership products  Enhances the global security landscape  Fifth level by driving excellence and innovation in  The Unified Security security response practices; and by Incident Response Plan enabling its members to proactively (USIRP) collaborate to analyze, mitigate, and  A new paper on security resolve multi-vendor, global security response planning with the challenges working title of Certainties for an Uncertain Future:  Made up of five companies currently Building Tomorrow’s (Cisco, IBM, Intel, Juniper, Microsoft) Security Response Today Trustworthy Infrastructure Programs & Policy
  • 29. Shaping innovative CIP approaches  Click to edit Master text styles – Second level  Third level – Fourth level  Fifth level Trustworthy Infrastructure Programs & Policy
  • 30.  Click to edit Master text styles – Second level  Third level – Fourth level  Fifth level © 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not Trustworthy Infrastructure Programs and Policy be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
  • 31.  Click to edit Master text styles IT Underground – Second level DIMVA T2 CCC  Third level What the hack – Fourth level BlackHat Europe  Fifth level EUSec Metricon ShmooCon HotSec POC Ph Neutral Usenix PacSec HOPE DeepSec CanSecWest BlackHat Japan BlackHat DC Hackivity Layer 1 RSA USA XCon VNSec Hack .Lu ToorCon SANS HITB BlackHat USA BCS PakCon Security Opus Defcon G -Con Identity Summit SC &I Congreso De Seguridad HITB H 2H Conference BlackHat Asia KiwiCon YSTS FIRST SyScAn AusCERT BA-Con Bellua Asia RUXCON ekoPartye Trustworthy Infrastructure Programs and Policy