View
216
Download
0
Category
Preview:
Citation preview
DIE SICHERHEIT UNSERER DIGITALEN INFRASTRUKTUREN BRAUCHT NEUE FORMEN DER INTERKATION UND KOOPERATION
Helmut Leopold Head of Center for Digital Safety & Security AIT Austrian Institute of Technology Graz am 27. Februar 2018 (v1.0)
53. Digitaldialog “Cyber Security & unbekannte Bedrohungen”
2 27.02.2018
Die Verfügbarkeit und Funktion; d.h. die Resilienz unserer digitalen und vernetzten
Infrastrukturen ist nicht mehr garantiert.
https://kurier.at/sport/wintersport/olympia-2018/olympia-cyberattacke-waehrend-eroeffnungsfeier/310.492.923
“Many foresaw the PyeongChang Winter Olympics being a prime target for cyberattacks, now a very successful one has been revealed.”
https://www.cbronline.com/news/pyeongchang-winter-olympics-cyberattack
„Olympia: Cyberattacke während Eröffnungsfeier“
Quelle: Kurier, 11.2.2018;
Quelle:
Cyber Security - Status Quo & Predictions
2017: 30% increase in cyber crime in Austria, and Advanced attacks (APTs) increase in scope and in frequency
3
Source: Austrian Security Report 2017, Gridling, BVT, BMI, Vienna Cyber Security Week 2018, 29.1-2.2, Wien, Austria
£71 million lost by European firms due to ransomware downtime between 2016 and 2017 - businesses of all sizes
less than 33% of attacks are reported to the authorities
Microsoft: 1500 people focusing on security, 1 billion investment in cyber security - without change of concept no cyber security is possible
Source: N. Malisevic, Microsoft, Vienna Cyber Security Week 2018, 29.1-2.2, Wien, Austria
Source: Data Inc. Study 2018, https://www.cbronline.com/news/ransomware-costs-smbs-71-million
The biggest security crises since WW II 30 nations develop cyber war capabilities
Source: Adi Shamir, Financial Crypto Conference 2016, https://www.linkedin.com/pulse/adi-shamir-makes-15-predictions-next-years-andreas-sfakianakis /
The Internet of Things (IoT) will be a security disaster. Cyber warfare will be the norm rather than the exception in conflicts
Source: OSCE, Vienna Cyber Security Week 2018, 29.1-2.2, Wien, Austria
4
Das prinzipielle Cyber Security Industrieproblem
Units not properly staffed or lack of qualified/trained personnel on information
security topics
Missing awareness
Security is not a business priority
A false sense of security on outsourcing (cloud)
CIO problem
Today’s competence vs. IT technologies of
tomorrow
Product units develop IT functions based on virtual IT services (outsourcing)
As part of the CFO Domain not linked to strategic
product/business objectives
IT-OT problem
SW which should stay unchanged
Automatic SW updates
Missing methods and tools to measure
incidents
Different culture & skills
Gegen welche Bedrohung sind wir wie geschützt? Sind wir sicher?
Cyber Security – a multi-stakeholder issue
5 2/27/2018
cyber crime cyber espionage
cyber sabotage cyber war
citizen business society economy government
privacy
business value
national security
global competitiveness
stability democracy
Government
critical infrastructure providers
(network/service)
manufacturers/system integrators
private users
cyber terrorism
Status of Cyber Security - Bedrohung - Konsequenzen Equifax Case 2017
6 27.02.2018
größtes US-Bonitätsauskunftsbüro
https://www.equifaxsecurity2017.com/
Neue Webseite:
„Vulnerability in der Web-Seite eines Zulieferers“
Source: https://www.heise.de/newsticker/meldung/Hacker-Jackpot-Credit-Bureau-Equifax-gehackt-3824607.html
Status of Cyber Security APT Advanced Persistent Threat
IV. Expand Access
V. Gain Control
II. Initial Intrusion
7
I. Social engineering Get access (public information, etc.)
I. Get Access – Understand the target
II. Initial Intrusion - exploit weaknesses II. Phishing, SW vulnerabilities,
configuration errors, stolen login information, weak passwords, etc.
III. Strengthen foothold – lateral mov. Stays invisible in the system, command
& control capabilities, be immune to security responses, access control from within the trusted environment
III. strengthen foothold
IV. Expand access IV. Search directories, e-mail boxes, admin
workspaces, etc. V. Map the internal network structure and
find login credentials for further services V. Gain Control
V. Discover machines/devices which hold the most valuable information
VI. send fabricated control messages
Attacks spans weeks or months and are developed for a dedicated purpose
25.3.2015: e-mail attack 23.12.2015: „shut down“
2016
Studie, 2017: 3300 deutsche Unternehmen 1/3 gaben einen Schaden durch
Spionage an 1/4 wussten gar nicht, dass sie
ausspioniert wurden
8
Google Translate machte aus „Russland“ „Mordor“, January 2016
Source: http://www.spiegel.de/netzwelt/web/google-translate-macht-aus-russland-mordor-a-1070756.html
“Russia Today', Moscow based Russia's biggest news channel website (RT.com) ….
Hackers have replaced “Russia” or “Russians” with “Nazi” or “Nazis” word from
the headlines…. March 2014 Source: https://www.grahamcluley.com/russia-
today-website-defaced/
Medien – Propaganda – Fake news
60.000 gemeldete Webpage-
Verfälschungen monatlich im DACH
Raum Quelle: nimbusec, zone-h.org
Studie, 2017: 3300 deutsche Unternehmen 1/3 gab an, das sie von bewusst
gesteuerten Falschmeldungen ihres Firmenauftritts betroffen waren (Fake News)
Cyber Security Market Driver
10
27.02.2018
technology IoT IT & OT Industry 4.0 Automated driving AI Blockchain Smart grid Smart city
digitalisation, global networking in
nova
tion
technologie´s vulnerability
CaaS Crime as a Service
com
plex
ity
System of Systems CPS Cyber Physical Systems Safety & Security Mono cultures New payment methods (Bitcoins)
Cyber crime Cyber espionage Cyber terrorism Cyber sabotage Cyber war
international dimension
Laws, conventions, cooperations
dipl
omac
y
IT dev., operation, & users
security experts
skills
Status of Cyber Security - Basic
11 27.02.2018
Dragoni, N., Giaretta, A., & Mazzara, M. (2017). The Internet of Hackable Things. ArXiv, 2017, [1707.08380], University Denmark Uni Cambridge http://androidvulnerabilities.org/press/2015-10-18 Presentation, Nimbusec, IDC conference, Vienna, September 201, www.zone-H.org
80% Passwörter sind zu einfach (default, “1234”) 70% Identifizierung von Benutzer Accounts durch ausprobieren 70% nicht verschlüsselte Netzdienste 60% User interfaces (Web-Applikationen) haben eingebaute
Schwachstellen (vulnerabilities wie XSS)
IoT devices vulnerabilities
„10k in 2k“ „The Internet of Hackable Things“ (N. Dragoni et al, TU Denmark)
5-15% aller Web- Seiten sind mit Malware infiziert
87% of all Android Phones operate with SW with known vulnerabilities – due to missing patch management
Sources:
System Vulnerability …
13 27.02.2018
CIA hack – March 2017 CIA hacking tool arsenal
8.761 files leaked from the CIA high security network (100+ mio lines of code)
“Britain´s newest warship running Swiss Cheese OS
(Windows XP)”,
The Register, June 27th, 2017
Vulnerabilities Crime as a Service
Names, home adresses, photos of air force pilots,
SEAL teams, military vehicles, capacity of roads and bridges, … , Falkvinge, The Hacker News, July 24th, 2017
Supply chain
CPU Vulnerabilities – „Side Channel Attacks“ Spectre & Meltdown & Micro-code
15 27.02.2018
CPU performance optimization side channel attacks
“predictions”
“parallelization – out of order processing”
sys-calls
applications
cache
meltdown
micro-code
Micro-code remote
maintenance
System Vulnerabilities Oktober 2016 „Mirai IoT Botnet“
16 27.02.2018
900 Gbit/s
Quellen: http://www.golem.de/news/nach-ddos-attacken-akamai-nimmt-sicherheitsforscher-krebs-vom-netz-1609-123419.html http://www.golem.de/news/hilfe-von-google-brian-krebs-blog-ist-nach-ddos-angriff-wieder-erreichbar-1609-123453.html
Passwörter: 12345, password
Journalist Krebs
Google Project Shield
17 27.02.2018
Vulnerabilities - Resilienz System Monokulturen …
WannaCry, Mai 2017 300.000 computer in 150 countries hospitals in UK, railway systems But not only computers were
infected: 90 k appointments of medical services had to be cancelled
BITCOIN – WERTENTWICKLUNG - MARKTTREIBER
18 2/27/2018
China stellt den Tausch von Bitcoins ein
WannaCry cyber attack
Steigerung der Resilienz durch drei Schlüsselmassnahmen
19
Technology & Operation
Austrian Cyber Security Cluster
Leading edge solutions
Capacity Building Awareness & Training
Cyber Ranges
Neue Trainingsmethoden
Datenhoheit dem Benutzer
Zertifizierung „made in Austria“
Neue Entwicklungsmethoden Privacy & Security by Design
Ressources, Skills, Capabilities
IT Security hub Österreich
Neue Ausbildungsmethoden
20 27/02/2018
CAIS Cyber Attack Information
System
CIIS Cyber Incident
Information Sharing
Cyber Range Capacity building
Training
Thread Analysis Risk
Management
Privacy & Security by
Design, Encryption
• Information exchange – machine and human readable
• privacy, secret information, laws
• Cyber Situational Awareness
• Thread catalogues • System understanding • Basis for specs of min. standards
IT-Systems (log files) Network Traffic
• Detection of the unknown unknown by machine learning & AI
• Cyber Attack Information Systems (CAIS)
Cyber Security Range
• Scenario validation, Compliance • Test-Data Generation • Training of employees + Stakeholders • Austrian Cyber Security Cluster • Austrian Security Hub
• Safety&Security Co-Development
• Smart encryption (IoT, Cloud) - new privacy – user control of data
• Post-quantum encryption
IoT
Cyber Security Resilienz
International führend Virtual currencies
Forensic
Run-time- verification analog/digital CPS
AIT´S LEADING EDGE SOLUTION PORTFOLIO
21 27.02.2018
Blockchain Digital Insight platform @ AIT
““…virtual currencies such as Bitcoin establish themselves as single common currency for cybercriminals”
“Bitcoin is […] accounting for over 40% of all identified criminal-to-criminal payments.”
(Source: Europol 2015 Internet Organized Crime Threat Assessment Report
)
BLOCKCHAIN FORENSIC – INT. LEADING TECHNOLOGY FROM AUSTRIA @ AIT
VirtCrime BitCrime
SYSTEM PROTECTION BY EXERCISE & TRAINING – CYBER RANGE @ AIT
22
Enterprise ICT Environments
Simulation specific systems
Physical environment
Connected Cars
Industry 4.0
Smart grid eHealth Smart
City Digital
Transport Social media
Virtual and Simulated Physical
Cyber Security R&D
Security Technology Validation
Training Ethical Hacking
Modelling & Simulation
Test Data Generation
Architecture Scenario Planning
Threat Emulation
Cyber Exercises
Cyber Training
Connected Cars
Industry 4.0 Energy
Smart City
Digital Transport
• 200 Teilnehmer • 10 Teams a 6-8 Personen, 24
Kriti. Infr. Unternehmen • Regierungsstellen -
Österreichischen Strategie für Cyber Sicherheit (ÖSCS)
• Spielleitung
• 120 virtuelle Maschinen + ICS • 17 Terminals
NATIONALES CYBER PLANSPIEL KRITISCHE INFRASTRUKTUR, 6-7. NOVEMBER 2017 AM AIT
Nationales Cyber Sicherheitsgesetz 2018
IT Operation, Sicherheits-prozesse der Unternehmen
Sicherheits-prozesse der öffentl. Stellen
Austria als Zentrum der Cyber Security Welt Vienna Cyber Security Week 2018 Multi stake-holder conference, training & exhibition
24
Cyber crime Cyber espionage Cyber terrorism Cyber sabotage Cyber war
diplomacy technoloy
training conference exhibition
41 Länder
Cyber Security – lack of Skills & Workforce
27 27.02.2018
2017 (ISC2) Global Information Security Workforce Study Benchmarking Workforce Capacity and Response to Cyber Risk Frost & Sullivan, Booz Allen Hamilton https://iamcybersafe.org/wp-content/uploads/2017/06/Europe-GISWS-Report.pdf
Markttreiber: • Digitalisierung in allen Segmenten • OT meets IT • Umsetzung der NIS Richtlinie • Neue Security Lösungen • lokale Serviceanbieter müssen Security Services anbieten
um eine lokale Wertschöpfung sicher zu stellen (SOCs) - int. Konkurrenz bietet „fully managed security services“ an.
350 k
1,8 Mio lack of skilled cyber security
workers in 2022
Cyber Sicherheit als Grundkompetenz für jeden jungen Staatsbürger – „IT Security Hub Österreich“
Sicherheit im Verkehr
28 27.02.2018
Sicherheit im öffentlichen Raum
Sicherheit in der Cyber Welt?
Resiliente Infrastrukturen durch Kooperation zur Gestaltung unserer digitalen Zukunft: NGI Gesellschaft 4.0
29 27.02.2018
Mensch-Maschine Kooperation - Cognitive psychology
Entities (SW+HW) as proxies of humans Privatsphäre
Selbstbestimmung – control of data by the user Crowd – everyone owns part of the data
Micro-economics Trust
Sicherheit kritischer Infrastrukturen „digital-twins“
Nationale Sicherheit
Smart Cyber Security Lösungen R&D
Industrie OT-IT
Netz-/Service Betreiber
Öffentl. Hand als innovativer User
„made in Austria“ Zertifizierung
Datenschutzgesetz Cyber-
Sicherheitsgesetz
Öffentliche Rahmenbedingunge
Cyber Attack 2018
30 27.02.2018
“Coincheck representatives looked numb when they faced journalists”
“One of Japan's largest digital currency exchanges says it has lost some $534m (£380m) worth of virtual assets in a hacking attack on its network.”
http://www.bbc.com/news/world-asia-42845505 Source: BBC News, 27 January 2018,
THANK YOU FOR YOUR ATTENTION!
VIELEN DANK!
WIR MÜSSEN UNSERE ARBEITSWEISE FÜR EINE SICHERE DIGITALE
ZUKUNFT ÜBERDENKEN UND IN EINEM GLOBALEN KONTEXT
KOOPERIEREN
DI Helmut Leopold, PhD Head of Center for Digital Safety & Security AIT Austrian Institute of Technology GmbH Giefinggasse, 1220 Wien, Austria helmut.leopold@ait.ac.at | www.ait.ac.at
Recommended