Phpnw 2013 cyber-security

413 views
305 views

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
413
On SlideShare
0
From Embeds
0
Number of Embeds
16
Actions
Shares
0
Downloads
17
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Phpnw 2013 cyber-security

  1. 1. Cyber Security (yes, really) (because we have to...) 13/10/13
  2. 2. Classification: unclassified 13/10/13
  3. 3. Challenge... 13/10/13
  4. 4. Clinton Ingrams – cfi@dmu.ac.uk Cyber Security Centre De Montfort University (that's in Leicester) Teaching PHP & pentesting Undergrad & Postgrad 13/10/13
  5. 5. Threats Agencies Solutions 13/10/13
  6. 6. Cyber Security is... ● Protecting people – and their information ● 13/10/13 on line
  7. 7. And the big problem is... In humans we trust ... 13/10/13
  8. 8. Threats 13/10/13
  9. 9. Cyber Attacks ● Estonia – Multiple DDoS – 3 weeks, starting 27th April 2007 – First state-level cyber attack ● Now on NATO agenda 13/10/13
  10. 10. Cyber Attacks ● Georgia – Multiple DDoS – 7th August 2008 – In conjunction with military invasion TTNET Caucasus Cable Caucasus Net Delta Net Transtelecom TISCALI Seabone 13/10/13 RETN COGENT
  11. 11. Cyber Attacks ● Syria Israeli malware was (allegedly) installed in Syrian Integrated Air Defence System (IADS) – 6th September 2007 – Disrupted Syrian nuclear research – www.defensetech.org/2007/11/26/israels-cyber-shot-at-syria/ 13/10/13
  12. 12. Lost IPR ● ● “the average business takes 300 days to identify a data breach” Small SMEs can lose ~£1M over 5-10 years 13/10/13
  13. 13. Other attack vectors 13/10/13
  14. 14. SMART... ● Systems ● Buildings – – ● house manufacturing Cities “arcologies” Society – ● 13/10/13
  15. 15. SCADA ● Supervisory Control and Data Acquisition Often programmed in software logic blocks Typically 30 year turnover in hardware/software – ● – – ● IET 13/10/13 Windows 95 still very common Some equipment is 60 years old!
  16. 16. Malware ● Stuxnet ● Duku ● Flame – – 13/10/13 now in the wild have changed the face of modern warfare
  17. 17. People ● Anonymous ● Lulzsec ● Julian Assange – ● Bradley (Chelsea) Manning Edward Snowden – – 13/10/13 game changer (insider threat)
  18. 18. Who's doing what??? 13/10/13
  19. 19. HMG ● Cabinet office ● GCHQ ● Centre for Protection of National Infrastructure – 13/10/13 CPNI
  20. 20. Police ● National Crime Agency – National Cybercrime Unit replaces ● Serious Organised Crime Agency – 13/10/13 SOCA
  21. 21. Cabinet Office ● ● Create partnerships between businesses, academics, HMG & international £860m – over 5 years – From the NSCP ● 13/10/13 National Cyber Security Programme
  22. 22. National Cyber Security Strategy Our vision is for the UK in 2015 to derive huge economic and social value from a vibrant, resilient and secure cyberspace, where our actions, guided by our core values of liberty, fairness, transparency and the rule of law, enhance prosperity, national security and a strong society. To achieve this vision by 2015 we want: Objective 1: Objective 2: Objective 3: The UK to tackle cyber crime and be one of the most secure places in the world to do business in cyberspace The UK to be more resilient to cyber attacks and better able to protect our interests in cyberspace The UK to have helped shape an open, stable and vibrant cyberspace which the UK public can use safely and that supports open societies Objective 4: The UK to have the cross-cutting knowledge, skills and capability it needs to underpin all our cyber security objectives 13/10/13
  23. 23. CPNI ● Awareness raising – Physical vulnerabilities ● – Software vulnerabilities ● 13/10/13 Lots of “fireworks” demonstrations ???
  24. 24. What's to be done??? 13/10/13
  25. 25. Coding “Why is there never time or money to implement proper application security before the launch date, but always time and money to retro-fit security after the first hack” Anon 13/10/13
  26. 26. Testing ● MoD – 4 levels of Vulnerability Assessment – Scanning – Toolkits ● – Penetration test ● – 13/10/13 automated assessments qualified & experienced expert Physical test
  27. 27. TSI ● Trustworthy Software Initiative – – 13/10/13 “Making software more secure, dependable and reliable” Partly as a documentation standards repository
  28. 28. Measuring ● Security Analytics – 13/10/13 are you safer/more secure now than you were before?
  29. 29. Reading Eg Trustwave Global Security Report – Checkpoint Security Report – The Global Cyber Game report – ● http://www.scribd.com/doc/142553109/The-Global-Cyber-Game DefenseTech – The Register – etc – 13/10/13
  30. 30. Cyber Security Vouchers ● HMG ● Department for Business, Innovation and Skils ● Up to £5000 as a voucher – ● to spend improving the security of a client http://news.bis.gov.uk/Press-Releases/Support-for-smallbusinesses-to-tackle-record-levels-of-cyber-attacks-68b5a.aspx 13/10/13
  31. 31. Training ● Certified Application Security Tester – ● Certified Information Systems Security Professional – ● CAST CISSP CESG Certified Professional – 13/10/13 CCP
  32. 32. DMU ● Cyber Security Centre ● MSc Cyber Security (Deloitte) ● MSc SCADA (EADS) ● Free magazine – CyberTalk – multidisciplinary http://softbox.co.uk/cybertalk ● 13/10/13
  33. 33. Questions?? 13/10/13
  34. 34. ● http://www.dmu.ac.uk/research/research-faculties-andinstitutes/technology/cyber-security-centre/cyber-security-centre.aspx ● https://www.gov.uk/government/publications/cyber-security-strategy ● http://www.cpni.gov.uk/ ● http://www.ssgkc.com/strategic-initiatives/smart-city/ ● https://www.trustwave.com/spiderlabs/advisories/TWSL2013-020.txt ● http://www.soca.gov.uk/ ● http://www.uk-tsi.org/ ● ● ● http://news.bis.gov.uk/Press-Releases/Support-for-small-businessesto-tackle-record-levels-of-cyber-attacks-68b5a.aspx http://www.independent.co.uk/news/uk/home-news/more-than-amillion-british-youngsters-being-bullied-online-every-day8852097.html http://www.scribd.com/doc/142553109/The-Global-Cyber-Game 13/10/13

×