Phpnw 2013 cyber-security
- 1. Cyber Security (yes, really) (because we have to...) 13/10/13
- 4. Clinton Ingrams – cfi@dmu.ac.uk Cyber Security Centre De Montfort University (that's in Leicester) Teaching PHP & pentesting Undergrad & Postgrad 13/10/13
- 6. Cyber Security is... ● Protecting people – and their information ● 13/10/13 on line
- 7. And the big problem is... In humans we trust ... 13/10/13
- 9. Cyber Attacks ● Estonia – Multiple DDoS – 3 weeks, starting 27th April 2007 – First state-level cyber attack ● Now on NATO agenda 13/10/13
- 10. Cyber Attacks ● Georgia – Multiple DDoS – 7th August 2008 – In conjunction with military invasion TTNET Caucasus Cable Caucasus Net Delta Net Transtelecom TISCALI Seabone 13/10/13 RETN COGENT
- 11. Cyber Attacks ● Syria Israeli malware was (allegedly) installed in Syrian Integrated Air Defence System (IADS) – 6th September 2007 – Disrupted Syrian nuclear research – www.defensetech.org/2007/11/26/israels-cyber-shot-at-syria/ 13/10/13
- 12. Lost IPR ● ● “the average business takes 300 days to identify a data breach” Small SMEs can lose ~£1M over 5-10 years 13/10/13
- 14. SMART... ● Systems ● Buildings – – ● house manufacturing Cities “arcologies” Society – ● 13/10/13
- 15. SCADA ● Supervisory Control and Data Acquisition Often programmed in software logic blocks Typically 30 year turnover in hardware/software – ● – – ● IET 13/10/13 Windows 95 still very common Some equipment is 60 years old!
- 16. Malware ● Stuxnet ● Duku ● Flame – – 13/10/13 now in the wild have changed the face of modern warfare
- 17. People ● Anonymous ● Lulzsec ● Julian Assange – ● Bradley (Chelsea) Manning Edward Snowden – – 13/10/13 game changer (insider threat)
- 19. HMG ● Cabinet office ● GCHQ ● Centre for Protection of National Infrastructure – 13/10/13 CPNI
- 20. Police ● National Crime Agency – National Cybercrime Unit replaces ● Serious Organised Crime Agency – 13/10/13 SOCA
- 21. Cabinet Office ● ● Create partnerships between businesses, academics, HMG & international £860m – over 5 years – From the NSCP ● 13/10/13 National Cyber Security Programme
- 22. National Cyber Security Strategy Our vision is for the UK in 2015 to derive huge economic and social value from a vibrant, resilient and secure cyberspace, where our actions, guided by our core values of liberty, fairness, transparency and the rule of law, enhance prosperity, national security and a strong society. To achieve this vision by 2015 we want: Objective 1: Objective 2: Objective 3: The UK to tackle cyber crime and be one of the most secure places in the world to do business in cyberspace The UK to be more resilient to cyber attacks and better able to protect our interests in cyberspace The UK to have helped shape an open, stable and vibrant cyberspace which the UK public can use safely and that supports open societies Objective 4: The UK to have the cross-cutting knowledge, skills and capability it needs to underpin all our cyber security objectives 13/10/13
- 23. CPNI ● Awareness raising – Physical vulnerabilities ● – Software vulnerabilities ● 13/10/13 Lots of “fireworks” demonstrations ???
- 24. What's to be done??? 13/10/13
- 25. Coding “Why is there never time or money to implement proper application security before the launch date, but always time and money to retro-fit security after the first hack” Anon 13/10/13
- 26. Testing ● MoD – 4 levels of Vulnerability Assessment – Scanning – Toolkits ● – Penetration test ● – 13/10/13 automated assessments qualified & experienced expert Physical test
- 27. TSI ● Trustworthy Software Initiative – – 13/10/13 “Making software more secure, dependable and reliable” Partly as a documentation standards repository
- 28. Measuring ● Security Analytics – 13/10/13 are you safer/more secure now than you were before?
- 29. Reading Eg Trustwave Global Security Report – Checkpoint Security Report – The Global Cyber Game report – ● http://www.scribd.com/doc/142553109/The-Global-Cyber-Game DefenseTech – The Register – etc – 13/10/13
- 30. Cyber Security Vouchers ● HMG ● Department for Business, Innovation and Skils ● Up to £5000 as a voucher – ● to spend improving the security of a client http://news.bis.gov.uk/Press-Releases/Support-for-smallbusinesses-to-tackle-record-levels-of-cyber-attacks-68b5a.aspx 13/10/13
- 31. Training ● Certified Application Security Tester – ● Certified Information Systems Security Professional – ● CAST CISSP CESG Certified Professional – 13/10/13 CCP
- 32. DMU ● Cyber Security Centre ● MSc Cyber Security (Deloitte) ● MSc SCADA (EADS) ● Free magazine – CyberTalk – multidisciplinary http://softbox.co.uk/cybertalk ● 13/10/13