This document discusses cybersecurity awareness, vulnerabilities, and solutions. It begins by outlining threats to IoT/ICS/SCADA systems from actors like script kiddies, gray hats, black hats, and state-sponsored groups. Common threats include DDoS attacks and exploiting vulnerabilities in device access controls and software updates. The document then examines solutions like developing response and recovery plans, conducting risk assessments, implementing security controls, and obtaining external cybersecurity support. It emphasizes the importance of cybersecurity awareness training, continuous monitoring, and establishing cooperation between organizations.

1. Unifying the
Global Response
to Cybercrime
Cyber Security – awareness,
vulnerabilities and solutions
Prof. Manel Medina
Scientific Coordinator of APWG.eu
Founder of esCERT-inLab-UPC
Director MsC Cibersecurity – UPC-Talent
manel@apwg.eu – medina@escert.upc.edu

2. Content
2
• Awareness
– Threats to IoT/ICS/SCADA, CIIP:
• CPS, Protocols, supply chain, dependencies
– Threats from IoT:
• DDoS, cascade effects
• Vulnerabilities
– Resilience of IoT platforms:
• Access control, identification, back doors, malware…
• Solutions
– Response to cyber-attacks:
• Recovery, Restore
• Conclusions

3. AWARENESS
3

4. 4

5. Threats to IoT: Who?
• Script kiddies: no money interest, no professionals,
repeated errors.
• GrayHats: shared criminal and not criminal activities.
SPAMmers spread any kind of emails
• Blackhats: experts, toolkits, business models, unique and
novel,
• States Sponsored: economic and security interest.
Technical
• Hacktivists
• Leaks: criminals that have patience and technical
expertise. Wait years to rob the information they want.
Apply to industry and government. Regional business.
5

6. Threats to IoT: Why?
• Script kiddies: Show their skills and our weakiness.
• GrayHats: 3rd part services: Politics, socials, cultural
• Blackhats: Economics
• States Sponsored: Steal estrategic Information
• Hacktivists: same as above
• Leaks: criminals that have patience and technical
expertise, wait years to rob the information they
want. Apply to industry and government. Regional
business
6

7. 7

8. Tendencies: long term  Cyber-war
• Cyber-guns: Hacking Team
• Department of Defense Concludes Three-Weeks of Cyber War Games
http://bit.ly/1uLsdsS http://bit.ly/1eGaGPA
• Cyber attack on U.S. power grid could rack up $1 trillion in losses, study says -
SC Magazine http://ow.ly/PmQyO
• 3 dangerous habits that make companies less #cyber secure:
http://lmt.co/1Ga2v7w #GartnerSEC (by @LM_AngelaHeise)
• How Secure Is Your Small Business? 5 Tips to Protect Against Modern Cyber
Attacks. by @jcmason http://entm.ag/1Af8Cbu via @Entrepreneur
• Cibercrimen: https://www.amazon.es/CIBERCRIMEN-Manel-Medina-
ebook/dp/B010GJOUDM
8

9. Threats to IoT: What?
• CIIP: IoT/ICS/SCADA:
– CPS,
– Protocols,
– supply chain,
– Dependencies of IoT from service providers
• Defcon conf.: hacking an electronic wheelchair or
bluetooth lock from a quarter-mile away
• Hack a real car
• Intercept flying airplane communications
9

10. Threats to IoT: What?
10

11. Threats FROM IoT: What?
11
• 6.8B devices
• 20 B by 2020
• 50 families
• 3 attacks in
3 weeks
• Just PoC

12. Threats FROM IoT: What?
• DDoS:
– Authentication
– Malware
– Protocol bugs
• Cascade effects
– supply chain,
– Dependencies of CI from IoT
12

13. VULNERABILITIES
13

14. Who do we trust?
14
• 90% of incidents start from inside the
organization
– Spear-phishing
– Ransomware
– Lack of skills or capabilities
– Lack of awareness
– Human Errors
• Internal Audit: Readiness

15. So, what? Cybersecurity life cycle
15
• Plan:
– Goals, Strategy, Timeframe, Resources
• Do:
– Assets, Threats & Vulnerability identification
– Risk Analysis (evaluation), Management
• Check
– Measure: people, cybersecurity tools,
– Monitor: network, CPS, behaviour
• Act:
– Response, Recovery, Restore, (minimise impact)
– Learn, Report (internal & external), Review/update

16. External support
16
• CISO
– Business aware
• External providers
– Learn from others’ errors
– Intelligence information
– New Attack patterns

17. SOLUTIONS TO CYBER ATTACKS
17

18. Cooperation & coordination Plan
• Risk & impact evaluation & analysis
• Personnel roles & responsibilities
• Cooperation opportunities & covert channels
• Plan ciber-exercises & training.
• Document lessons learnt
• Schedule plan’s updates.
18

19. Risk Management: Resilience
• Impact on Organization’s mission: Business
continuity
– Identify areas of risk
– Incident response capabilities
• Risk tolerance: Regulatory environment
• Budget: ROSI, implementation Phases, priorities
• Policy adoption & Procedures implementation.
– Early Detection
– Quick response
– Identification & selection of controls
19

20. Risk Response Strategy
• Probability:
– Avoidance,
– Perimeter,
– Training,
– Readiness,
– Resilience.
• Impact:
– Detection,
– Mitigation,
– Response,
– Recovery
• Risk Acceptance &
Transfer
20

21. Resilience Assessment Summary
• Where: Available / Collectable data
• What: Scope: Scenario (set of assets)
• How: Time-frame: rigorousness, meaningful.
• Aim: Co. Social responsibility: risk culture
• Who: Compliance & sectorial regulation
• When: Changing environment: external
(hacktivism), internal (infrastructure, asset values),
growth, customers sensitivity
22

22. Roadmap 2018
• Cybersecurity culture: raise awareness
• Risk measurement and analysis
• Protection: risk reduction and impacts
mitigation
• Detection and management of events
• Collaboration and coordination
• Research, Development and Innovation
• Continuing and efficient training and education
23

23. Short-term corporative strategy
• Cyber- Responsibility:
– Cyber-risk
– Cyber-trust
– Cyber-insurance
– Hiring of cyber-security profiles
• 3 levels education
– Corporate management
– Cybersecurity management and operations
– ICT Operations
– Final end-user
24

24. Education and awareness
Continuous training TITULACIÓN Oficial
LE Operations and maintenance (on-line, in-house) Continuous education (PsG)
SME Operations (capsule, education module) Experts (MsC)
25
Shared (or not) responsibilities:
- Data Protection Officer
- Chief Information Security Officer
- Intelligence Officer
- Information Systems Auditor
- Computer Sec. Incident Coordinator
- Data breach communication advisor
- Operation…
- Training…

25. CORPORATE PROTECTION
TOOLS & STRATEGIES
26

26. 5 essential cybersecurity measures
• Perimeter: Firewall & gateways
• Safe Configuration
• Access Control
• Anti-malware Protection
• Patch & updates management

27. Best practices in IoT cybersecurity
• Back-up data and configuration choices
• Protect programs and data with e-Signature or
hash
• Documents Mid-Long term Archive
• Anti-DDoS
• User and devices Access Control
• Access & operations: logs & warnings
• User & TIC staff training & awareness

28. 29
Recommendations
• Review network infrastructure and ICT policy
• Foster internal capacity building
• Take any guidelines or collective recommendation
• External consultants to identify planning
• Establish secure communication channels with
team(s) of incident coordination
• Establish cooperation agreements cyber security
management and incident response
• Get some certification / audit

29. external help: Cyber-guards
• Capability to
– mitigate / recover
• Private vs. Public:
– Incibe
– CERT_SI
– CESIcat
– CERT.EU
– …
– esCERT.UPC
30
European
CERT (?)
n/g CERT
Sectorial
CERT
Industry
n/g CERT
Sectorial
CERT
SME
n/g CERT
CIIP CERT
CI
ENISA
 user ->CPD -> SOC -> CSIRT -> CERT

30. Final remarks
• Legal requirements:
– Risk analysis
– Incident reporting
• Self-protection:
– internal controls
– Use safe devices
– Update software and passwords
• Provide evidences of:
– capabilities
– good practices
– External audits
• Subcontract external experts
31

31. PREGUNTAS (& RESPUESTAS)
Muchas gracias
por la atención!
Prof. Manel Medina
Coordinador científico de APWG.eu
Fundador esCERT-inLab-UPC
Director Máster Ciberseguridad – UPC-Talent
manel@apwg.eu – medina@escert.upc.edu
605 284 388