This document discusses various topics related to cyber security. It begins by introducing Clinton Ingrams from De Montfort University's Cyber Security Centre, which teaches cyber security topics like PHP and penetration testing. It then outlines several cyber threats like DDoS attacks against Estonia and Georgia, and malware like Stuxnet. The document also discusses various government agencies and initiatives involved in cyber security for the UK, including the Cabinet Office, GCHQ, CPNI, and the National Cyber Security Strategy. It emphasizes the importance of secure coding, testing, training, and awareness around cyber threats.

1. Cyber Security
(yes, really)
(because we have to...)
13/10/13

2. Classification: unclassified
13/10/13

3. Challenge...
13/10/13

4. Clinton Ingrams
–
cfi@dmu.ac.uk
Cyber Security Centre
De Montfort University
(that's in Leicester)
Teaching PHP & pentesting
Undergrad & Postgrad
13/10/13

5. Threats
Agencies
Solutions
13/10/13

6. Cyber Security is...
●
Protecting people
–
and their information
●
13/10/13
on line

7. And the big problem is...
In humans we trust ...
13/10/13

8. Threats
13/10/13

9. Cyber Attacks
●
Estonia
– Multiple
DDoS
– 3 weeks, starting 27th April 2007
– First state-level cyber attack
● Now on NATO agenda
13/10/13

10. Cyber Attacks
●
Georgia
– Multiple
DDoS
– 7th August 2008
– In conjunction with military invasion
TTNET
Caucasus Cable
Caucasus Net
Delta Net
Transtelecom
TISCALI
Seabone
13/10/13
RETN
COGENT

11. Cyber Attacks
●
Syria
Israeli malware was (allegedly) installed in
Syrian Integrated Air Defence System
(IADS)
– 6th September 2007
– Disrupted Syrian nuclear research
–
www.defensetech.org/2007/11/26/israels-cyber-shot-at-syria/
13/10/13

12. Lost IPR
●
●
“the average business takes 300 days to
identify a data breach”
Small SMEs can lose ~£1M over 5-10 years
13/10/13

13. Other attack vectors
13/10/13

14. SMART...
●
Systems
●
Buildings
–
–
●
house
manufacturing
Cities
“arcologies”
Society
–
●
13/10/13

15. SCADA
●
Supervisory Control and Data Acquisition
Often programmed in software logic
blocks
Typically 30 year turnover in hardware/software
–
●
–
–
●
IET
13/10/13
Windows 95 still very common
Some equipment is 60 years old!

16. Malware
●
Stuxnet
●
Duku
●
Flame
–
–
13/10/13
now in the wild
have changed the face of modern warfare

17. People
●
Anonymous
●
Lulzsec
●
Julian Assange
–
●
Bradley (Chelsea) Manning
Edward Snowden
–
–
13/10/13
game changer
(insider threat)

18. Who's doing what???
13/10/13

19. HMG
●
Cabinet office
●
GCHQ
●
Centre for Protection of National
Infrastructure
–
13/10/13
CPNI

20. Police
●
National Crime Agency
–
National Cybercrime Unit
replaces
●
Serious Organised Crime Agency
–
13/10/13
SOCA

21. Cabinet Office
●
●
Create partnerships between businesses,
academics, HMG & international
£860m
–
over 5 years
–
From the NSCP
●
13/10/13
National Cyber Security Programme

22. National Cyber Security Strategy
Our vision is for the UK in 2015 to derive huge economic and social value from a
vibrant, resilient and secure cyberspace, where our actions, guided by our core
values of liberty, fairness, transparency and the rule of law, enhance prosperity,
national security and a strong society.
To achieve this vision by 2015 we want:
Objective 1:
Objective 2:
Objective 3:
The UK to tackle cyber
crime and be one of the
most secure places in the
world to do business in
cyberspace
The UK to be more
resilient to cyber attacks
and better able to protect
our interests in
cyberspace
The UK to have helped
shape an open, stable
and vibrant cyberspace
which the UK public can
use safely and that
supports open societies
Objective 4:
The UK to have the cross-cutting knowledge, skills and capability it needs to
underpin all our cyber security objectives
13/10/13

23. CPNI
●
Awareness raising
–
Physical vulnerabilities
●
–
Software vulnerabilities
●
13/10/13
Lots of “fireworks” demonstrations
???

24. What's to be done???
13/10/13

25. Coding
“Why is there never time or money to implement
proper application security before the launch date,
but always time and money to retro-fit security after
the first hack”
Anon
13/10/13

26. Testing
●
MoD – 4 levels of Vulnerability Assessment
–
Scanning
–
Toolkits
●
–
Penetration test
●
–
13/10/13
automated assessments
qualified & experienced expert
Physical test

27. TSI
●
Trustworthy Software Initiative
–
–
13/10/13
“Making software more secure, dependable and
reliable”
Partly as a documentation standards repository

28. Measuring
●
Security Analytics
–
13/10/13
are you safer/more secure now than you were
before?

29. Reading
Eg
Trustwave Global Security Report
– Checkpoint Security Report
– The Global Cyber Game report
–
●
http://www.scribd.com/doc/142553109/The-Global-Cyber-Game
DefenseTech
– The Register
– etc
–
13/10/13

30. Cyber Security Vouchers
●
HMG
●
Department for Business, Innovation and Skils
●
Up to £5000 as a voucher
–
●
to spend improving the security of a client
http://news.bis.gov.uk/Press-Releases/Support-for-smallbusinesses-to-tackle-record-levels-of-cyber-attacks-68b5a.aspx
13/10/13

31. Training
●
Certified Application Security Tester
–
●
Certified Information Systems Security
Professional
–
●
CAST
CISSP
CESG Certified Professional
–
13/10/13
CCP

32. DMU
●
Cyber Security Centre
●
MSc Cyber Security (Deloitte)
●
MSc SCADA (EADS)
●
Free magazine
–
CyberTalk
–
multidisciplinary
http://softbox.co.uk/cybertalk
●
13/10/13

33. Questions??
13/10/13

34. ●
http://www.dmu.ac.uk/research/research-faculties-andinstitutes/technology/cyber-security-centre/cyber-security-centre.aspx
●
https://www.gov.uk/government/publications/cyber-security-strategy
●
http://www.cpni.gov.uk/
●
http://www.ssgkc.com/strategic-initiatives/smart-city/
●
https://www.trustwave.com/spiderlabs/advisories/TWSL2013-020.txt
●
http://www.soca.gov.uk/
●
http://www.uk-tsi.org/
●
●
●
http://news.bis.gov.uk/Press-Releases/Support-for-small-businessesto-tackle-record-levels-of-cyber-attacks-68b5a.aspx
http://www.independent.co.uk/news/uk/home-news/more-than-amillion-british-youngsters-being-bullied-online-every-day8852097.html
http://www.scribd.com/doc/142553109/The-Global-Cyber-Game
13/10/13