This document discusses cybersecurity awareness, vulnerabilities, and solutions. It begins by outlining threats to IoT/ICS/SCADA systems from actors like script kiddies, gray hats, black hats, and state-sponsored groups. Common threats include DDoS attacks and exploiting vulnerabilities in device access controls and software updates. The document then examines solutions like developing response and recovery plans, conducting risk assessments, implementing security controls, and obtaining external cybersecurity support. It emphasizes the importance of cybersecurity awareness training, continuous monitoring, and establishing cooperation between organizations.
1. Unifying the
Global Response
to Cybercrime
Cyber Security – awareness,
vulnerabilities and solutions
Prof. Manel Medina
Scientific Coordinator of APWG.eu
Founder of esCERT-inLab-UPC
Director MsC Cibersecurity – UPC-Talent
manel@apwg.eu – medina@escert.upc.edu
2. Content
2
• Awareness
– Threats to IoT/ICS/SCADA, CIIP:
• CPS, Protocols, supply chain, dependencies
– Threats from IoT:
• DDoS, cascade effects
• Vulnerabilities
– Resilience of IoT platforms:
• Access control, identification, back doors, malware…
• Solutions
– Response to cyber-attacks:
• Recovery, Restore
• Conclusions
5. Threats to IoT: Who?
• Script kiddies: no money interest, no professionals,
repeated errors.
• GrayHats: shared criminal and not criminal activities.
SPAMmers spread any kind of emails
• Blackhats: experts, toolkits, business models, unique and
novel,
• States Sponsored: economic and security interest.
Technical
• Hacktivists
• Leaks: criminals that have patience and technical
expertise. Wait years to rob the information they want.
Apply to industry and government. Regional business.
5
6. Threats to IoT: Why?
• Script kiddies: Show their skills and our weakiness.
• GrayHats: 3rd part services: Politics, socials, cultural
• Blackhats: Economics
• States Sponsored: Steal estrategic Information
• Hacktivists: same as above
• Leaks: criminals that have patience and technical
expertise, wait years to rob the information they
want. Apply to industry and government. Regional
business
6
8. Tendencies: long term Cyber-war
• Cyber-guns: Hacking Team
• Department of Defense Concludes Three-Weeks of Cyber War Games
http://bit.ly/1uLsdsS http://bit.ly/1eGaGPA
• Cyber attack on U.S. power grid could rack up $1 trillion in losses, study says -
SC Magazine http://ow.ly/PmQyO
• 3 dangerous habits that make companies less #cyber secure:
http://lmt.co/1Ga2v7w #GartnerSEC (by @LM_AngelaHeise)
• How Secure Is Your Small Business? 5 Tips to Protect Against Modern Cyber
Attacks. by @jcmason http://entm.ag/1Af8Cbu via @Entrepreneur
• Cibercrimen: https://www.amazon.es/CIBERCRIMEN-Manel-Medina-
ebook/dp/B010GJOUDM
8
9. Threats to IoT: What?
• CIIP: IoT/ICS/SCADA:
– CPS,
– Protocols,
– supply chain,
– Dependencies of IoT from service providers
• Defcon conf.: hacking an electronic wheelchair or
bluetooth lock from a quarter-mile away
• Hack a real car
• Intercept flying airplane communications
9
14. Who do we trust?
14
• 90% of incidents start from inside the
organization
– Spear-phishing
– Ransomware
– Lack of skills or capabilities
– Lack of awareness
– Human Errors
• Internal Audit: Readiness
22. Roadmap 2018
• Cybersecurity culture: raise awareness
• Risk measurement and analysis
• Protection: risk reduction and impacts
mitigation
• Detection and management of events
• Collaboration and coordination
• Research, Development and Innovation
• Continuing and efficient training and education
23
24. Education and awareness
Continuous training TITULACIÓN Oficial
LE Operations and maintenance (on-line, in-house) Continuous education (PsG)
SME Operations (capsule, education module) Experts (MsC)
25
Shared (or not) responsibilities:
- Data Protection Officer
- Chief Information Security Officer
- Intelligence Officer
- Information Systems Auditor
- Computer Sec. Incident Coordinator
- Data breach communication advisor
- Operation…
- Training…
27. Best practices in IoT cybersecurity
• Back-up data and configuration choices
• Protect programs and data with e-Signature or
hash
• Documents Mid-Long term Archive
• Anti-DDoS
• User and devices Access Control
• Access & operations: logs & warnings
• User & TIC staff training & awareness
28. 29
Recommendations
• Review network infrastructure and ICT policy
• Foster internal capacity building
• Take any guidelines or collective recommendation
• External consultants to identify planning
• Establish secure communication channels with
team(s) of incident coordination
• Establish cooperation agreements cyber security
management and incident response
• Get some certification / audit
29. external help: Cyber-guards
• Capability to
– mitigate / recover
• Private vs. Public:
– Incibe
– CERT_SI
– CESIcat
– CERT.EU
– …
– esCERT.UPC
30
European
CERT (?)
n/g CERT
Sectorial
CERT
Industry
n/g CERT
Sectorial
CERT
SME
n/g CERT
CIIP CERT
CI
ENISA
user ->CPD -> SOC -> CSIRT -> CERT
30. Final remarks
• Legal requirements:
– Risk analysis
– Incident reporting
• Self-protection:
– internal controls
– Use safe devices
– Update software and passwords
• Provide evidences of:
– capabilities
– good practices
– External audits
• Subcontract external experts
31
31. PREGUNTAS (& RESPUESTAS)
Muchas gracias
por la atención!
Prof. Manel Medina
Coordinador científico de APWG.eu
Fundador esCERT-inLab-UPC
Director Máster Ciberseguridad – UPC-Talent
manel@apwg.eu – medina@escert.upc.edu
605 284 388