Smart Security Architectures for YOUR Business!

“Smart Security”“Smart Security”
Architectures forArchitectures for
1
“21“21ststC Smart Security Architectures”C Smart Security Architectures”
-- RealReal--Time CyberTime Cyber--Physical IntegrationPhysical Integration --
- Rome, Italy, 21st–22nd November2016 -
© Dr David E. Probert : www.VAZA.com ©
34th International East/West Security Conference
Architectures forArchitectures for
YOURYOUR Business!Business!
Dr David E. ProbertDr David E. Probert
VAZAVAZA InternationalInternational
Dedicated to GrandDedicated to Grand--DaughtersDaughters –– Abigail, Alice & TatianaAbigail, Alice & Tatiana –– Securing YOUR Life!Securing YOUR Life!

“Смарт АрхитектураСмарт Архитектура””
-- безопасностибезопасности --
2
-- безопасностибезопасности --
длядля вашеговашего бизнесабизнеса
Dedicated to GrandDedicated to Grand--DaughtersDaughters –– Abigail, Alice & TatianaAbigail, Alice & Tatiana –– Securing YOUR Life!Securing YOUR Life!

“Smart“Smart CCybersecurity”:ybersecurity”: Dual ThemesDual Themes
Theme (1)Theme (1) –– ..........2121ststC Smart Security ArchitecturesC Smart Security Architectures forfor YOURYOUR Business.....Business.....
--
“Integration”“Integration” :: “SMART Real“SMART Real--Time Security & Surveillance”Time Security & Surveillance” 11:4511:45 2121stst Nov 2016Nov 2016
“Smart Security” Integrates Cyber & Physical Technologies to provide“Smart Security” Integrates Cyber & Physical Technologies to provide
Effective RealEffective Real--Time Surveillance for both Business & Government.Time Surveillance for both Business & Government.
We review Practical Applications forWe review Practical Applications for YOURYOUR Critical Business Sectors.Critical Business Sectors.
3
ThemeTheme (2)(2) –– ..........CyberSecurity Vision:CyberSecurity Vision: 20172017 –– 2027 & Beyond.....2027 & Beyond.....
--
“Intelligence”:“Intelligence”: ”ADAPTIVE Self”ADAPTIVE Self--Learning CyberSecurity for IoT”Learning CyberSecurity for IoT” 09:00 2209:00 22ndnd Nov 2016Nov 2016
Download SlideDownload Slides:s: www.valentina.net/Rome2016/www.valentina.net/Rome2016/
CyberSecurity is becoming transformed with RealCyberSecurity is becoming transformed with Real--Time Cyber ToolsTime Cyber Tools
based upon Artificial Intelligence & Machine Learning. These arebased upon Artificial Intelligence & Machine Learning. These are
EssentialEssential to win the war against CyberCrime and CyberTerrorismto win the war against CyberCrime and CyberTerrorism

Background:Background: 2020thth to 21to 21ststC CybersecurityC Cybersecurity
•• 2020ththC : 1995C : 1995 -- 2010 :2010 : Focus on Firewalls &
Antivirus – based upon Physical “Spatial”
Security Models (Castles & Moats)
.........Protection @Protection @ “Speed of Sound”“Speed of Sound” ((SpaceSpace))
4
.........Protection @Protection @ “Speed of Sound”“Speed of Sound” ((SpaceSpace))
•• 2121ststC : 2010C : 2010 –– 2025 :2025 : Focus on Adaptive, and
Self-Organising “Cyber” Tools – based upon
Temporal Models (AI & Machine Learning)
.........Defending @Defending @ “Speed of Light”“Speed of Light” ((TimeTime))

“Smart Security”:“Smart Security”: 2121ststC Business ArchitecturesC Business Architectures
11 –– Background:Background: “21“21ststC Security Landscape”C Security Landscape” 2 – Basic “Smart Security” Concepts 3 – Integrated Cyber-Physical Security
4 – Towards “Smart Security” Architectures 5 – “Smart Security” for YOUR Business! 6 – Security Scenarios: Critical Sectors
5
7 – Smart Security for “Internet of Things” 8 – Practical “Smart Security” Operations 9 –YOUR TOP 3 Actions & RoadMap!

1) 211) 21ststCC CyberSecurityCyberSecurity LandscapeLandscape
•• Convergence of Physical & Cybersecurity OperationsConvergence of Physical & Cybersecurity Operations
•• “Cyber” migrates from IT Dept to Main Board: C“Cyber” migrates from IT Dept to Main Board: C--SuiteSuite
•• Global RealGlobal Real--Time Targeted Cyber AttacksTime Targeted Cyber Attacks –– 24/724/7
•• Transition from 20Transition from 20ththC Tools (Firewalls & AntiC Tools (Firewalls & Anti--virus) tovirus) to
“Smart” 21“Smart” 21ststC Tools (AI & Machine Learning)C Tools (AI & Machine Learning)
6
“Smart” 21“Smart” 21ststC Tools (AI & Machine Learning)C Tools (AI & Machine Learning)
•• Emergence of Enterprise “Internet of Things”Emergence of Enterprise “Internet of Things” -- IoTIoT
•• Evolution of Smart Devices, Cities, Economy & SocietyEvolution of Smart Devices, Cities, Economy & Society
•• Dramatic increase in Cyber Crime & Cyber TerrorismDramatic increase in Cyber Crime & Cyber Terrorism
There areThere are Cyber/Terror AttacksCyber/Terror Attacks each Week! We urgently need to boost oureach Week! We urgently need to boost our
Business & Government Cyber Defences with “Business & Government Cyber Defences with “RealReal--Time Smart Security”!Time Smart Security”!

UK CyberSecurity Strategy:UK CyberSecurity Strategy: 20162016 -- 20212021
DefendDefend –– DeterDeter -- DevelopDevelop
7
5 Year Programme5 Year Programme Launched by UK ChancellorLaunched by UK Chancellor
Philip Hammond:Philip Hammond: Tuesday 1Tuesday 1stst November 2016November 2016
DefendDefend –– DeterDeter -- DevelopDevelop

CyberCyber--PhysicalPhysical Threat ScenariosThreat Scenarios
•• Physical “Penetration”:Physical “Penetration”: Operations Perimeter penetrated to
allow theft or corruption of Cyber Information / IT Data Bases ,
Personal ID / Financial Data and Confidential Company Plans
•• Cyber “Hack”:Cyber “Hack”: Malicious changes to Cyber Access Controls &
IT Databases to allow Criminals/Terrorists to enter Target
Facilities (such as Banking/Finance, Telco/Mobile Operations)
•• Convergent ThreatsConvergent Threats – Criminals/Terrorists will attack at the
8
•• Convergent ThreatsConvergent Threats – Criminals/Terrorists will attack at the
weakest links which in the 21stC will be BOTHBOTH Cyber Network
Operations, Physical Security Operations & Internet of Things!
.......Cyber AttacksCyber Attacks are now fully industrialised with Malicious
Code “Kits” & Botnets for sale “by the hour”“by the hour” on the DARKWEBDARKWEB

Malware Attack:Malware Attack: SWIFTSWIFT Bank NetBank Net –– 20162016
Cyber Analysis by BAE SystemsCyber Analysis by BAE Systems
9
Multiple Cyber Attacks including Cyber Heist ofMultiple Cyber Attacks including Cyber Heist of $951M$951M fromfrom
Bangladesh Central BankBangladesh Central Bank of whichof which $81M$81M remains missing!remains missing!

Malware Attack:Malware Attack: SWIFTSWIFT Bank NetBank Net –– 20162016
Cyber Analysis by BAE SystemsCyber Analysis by BAE Systems
10
Multiple Cyber Attacks including Cyber Heist ofMultiple Cyber Attacks including Cyber Heist of $951M$951M fromfrom
Bangladesh Central BankBangladesh Central Bank of whichof which $81M$81M remains missing!remains missing!

ProjectProject SauronSauron:: CyberEspionageCyberEspionage -- 20162016
Analysed by SymantecAnalysed by Symantec
andand KasperskyKaspersky Labs...Labs...
-- August 2016August 2016 --
KnownKnown CyberTargetsCyberTargets
include: Russia, China,include: Russia, China,
Iran, Rwanda, ItalyIran, Rwanda, Italy
Sweden & BelgiumSweden & Belgium
11
PowerfulPowerful APT MalwareAPT Malware that targetedthat targeted Critical National InfrastructureCritical National Infrastructure::
Top LevelTop Level Government. Military, Telecoms, Finance and R&D CentresGovernment. Military, Telecoms, Finance and R&D Centres
OtherOther “State“State--Designed”Designed”
Cyber Malware include:Cyber Malware include:
StuxnetStuxnet,, DuquDuqu, Flame,, Flame,
Equation andEquation and ReginRegin......

ProjectProject SauronSauron:: CyberEspionageCyberEspionage -- 20162016
Analysed by SymantecAnalysed by Symantec
andand KasperskyKaspersky Labs...Labs...
-- August 2016August 2016 --
KnownKnown CyberTargetsCyberTargets
include: Russia, China,include: Russia, China,
Iran, Rwanda, ItalyIran, Rwanda, Italy
12
PowerfulPowerful APT MalwareAPT Malware that targetedthat targeted Critical National InfrastructureCritical National Infrastructure::
Top LevelTop Level Government. Military, Telecoms, Finance and R&D CentresGovernment. Military, Telecoms, Finance and R&D Centres
OtherOther “State“State--Designed”Designed”
Cyber Malware include:Cyber Malware include:
StuxnetStuxnet,, DuquDuqu, Flame,, Flame,
Equation andEquation and ReginRegin......

CyberEspionageCyberEspionage in Asiain Asia--Pacific RegionPacific Region
Attacks fromAttacks from 20122012
onwards byonwards by HellsingHellsing
APTAPT Victims were inVictims were in
Malaysia, PhilippinesMalaysia, Philippines
Indonesia, India, USAIndonesia, India, USA
13
onwards byonwards by HellsingHellsing
andand NaikonNaikon GroupsGroups
Targets ofTargets of APTAPT AttacksAttacks
werewere GovernmentGovernment &&
Diplomatic AgenciesDiplomatic Agencies
Analysed byAnalysed by KasperskyKaspersky LabsLabs:: April 2015April 2015

MassiveMassive DDoSDDoS Attack usingAttack using MiraiMirai BotNetBotNet
fromfrom “Internet of Things”“Internet of Things” -- 2121stst Oct 2016Oct 2016
14
More thanMore than 500,000 “IoT”500,000 “IoT” Devices suchDevices such
asas CCTVCCTV && Web CamsWeb Cams used asused as “Bots”!...“Bots”!...
“Internet of Threats”!“Internet of Threats”!

CyberAttack:CyberAttack: Tesco BankTesco Bank –– 66thth Nov 2016Nov 2016
15
66thth Nov 2016:Nov 2016: Cyber CriminalsCyber Criminals fromfrom Brazil & SpainBrazil & Spain hackhack 40,00040,000
TESCO Bank AccountsTESCO Bank Accounts with reported Theft ofwith reported Theft of £2.5m£2.5m fromfrom 9,0009,000

CyberAttack:CyberAttack: SberBankSberBank -- СбербанкСбербанк:: 88thth Nov 2016Nov 2016
16
MassiveMassive DDoSDDoS AttackAttack fromfrom 24,000 “24,000 “BotBot” Devices (Internet of Things)” Devices (Internet of Things)
HitsHits SberBankSberBank, Alfa Bank, Moscow Bank,, Alfa Bank, Moscow Bank, RosBankRosBank, Moscow Exchange, Moscow Exchange
- PeakPeak Web IP Requests of 660,000/Sec660,000/Sec quoted by KasperskyKaspersky LabsLabs -

CyberAttack:CyberAttack: SberBankSberBank -- СбербанкСбербанк:: 88thth Nov 2016Nov 2016
17
MassiveMassive DDoSDDoS AttackAttack fromfrom 24,000 “24,000 “BotBot” Devices (Internet of Things)” Devices (Internet of Things)
HitsHits SberBankSberBank, Alfa Bank, Moscow Bank,, Alfa Bank, Moscow Bank, RosBankRosBank, Moscow Exchange, Moscow Exchange
- PeakPeak Web IP Requests of 660,000/Sec660,000/Sec quoted by KasperskyKaspersky LabsLabs -

Categories ofCategories of CybersecurityCybersecurity ThreatsThreats
• The complexity of Cyber threats means that several frameworks have
been developed to classify cyber risks such as the UN/ITU Guidelines:UN/ITU Guidelines:
Category 1 :Category 1 : Unauthorised AccessUnauthorised Access – The systems & networks are accessed by
persons or “bots” that do not have legal access or permissions
Category 2 :Category 2 : Distributed Denial of Service Attacks (DDoS)Distributed Denial of Service Attacks (DDoS) – Such attacks are
used to target & disable a website or server using an army of infected machines
Category 3Category 3 :: Malicious CodeMalicious Code – Malware such as trojans, viruses & spyware are
embedded within host machines for both commercial & criminal purposes
Category 4 :Category 4 : Improper Use of SystemsImproper Use of Systems – In these cases, the systems are being
18
Category 4 :Category 4 : Improper Use of SystemsImproper Use of Systems – In these cases, the systems are being
used for access and applications against the communicated policies
Category 5 :Category 5 : Unauthorised Access AND ExploitationUnauthorised Access AND Exploitation – Many attacks will fall
into this category when the hacker will penetrate systems and then use the acquired
data, information & documents for cybercriminal activities
Category 6 :Category 6 : Other Unconfirmed IncidentsOther Unconfirmed Incidents – These are alerts that require further
investigation to understand whether they are actually malicious or “false positives”...
We next put theseWe next put these Hybrid Cyber and Physical Security RisksHybrid Cyber and Physical Security Risks into ainto a Personal Context...Personal Context...

International Security:International Security: “Family Perspective”“Family Perspective”
Jeju IslandJeju Island –– South KoreaSouth Korea:: “Simon”“Simon” CambridgeCambridge –– UKUK:: “Joanna”“Joanna”
19
NewcastleNewcastle –– UKUK:: “Philip”“Philip” GambellaGambella –– EthiopiaEthiopia:: “Susan”“Susan”
Global 24/7 Security Risks & ThreatsGlobal 24/7 Security Risks & Threats !

Security in Ethiopia:Security in Ethiopia: “State of Emergency”“State of Emergency”
20

CybersecurityCybersecurity
inin EthiopiaEthiopia
More than 60% of the UN/ITUMore than 60% of the UN/ITU
Member Nations still have noMember Nations still have no
Public Domain GovernmentPublic Domain Government
Info & Cybersecurity StrategyInfo & Cybersecurity Strategy
21
Info & Cybersecurity StrategyInfo & Cybersecurity Strategy
So 120 Nations have minimalSo 120 Nations have minimal
Cyber Protection for theirCyber Protection for their
Business & Critical SectorsBusiness & Critical Sectors !!
www.itu.int/en/ITUwww.itu.int/en/ITU--D/Cybersecurity/Documents/Country_Profiles/Ethiopia.pdfD/Cybersecurity/Documents/Country_Profiles/Ethiopia.pdf (2015)(2015)

CybersecurityCybersecurity Market SectorsMarket Sectors
•• AntiAnti--Virus/FirewallVirus/Firewall
•• ID AuthenticationID Authentication
•• Encryption/PrivacyEncryption/Privacy
•• Risk & ComplianceRisk & Compliance
•• Mobile Device SecurityMobile Device Security
•• AI & Machine LearningAI & Machine Learning
•• Enterprise IoT SecurityEnterprise IoT Security
•• Cloud Security ServicesCloud Security Services
•• Big Data ProtectionBig Data Protection
•• RT Log/Event AnalyticsRT Log/Event Analytics
22
•• Mobile Device SecurityMobile Device Security
•• AntiAnti--Fraud MonitoringFraud Monitoring
•• Website ProtectionWebsite Protection
•• S/W Code VerificationS/W Code Verification
•• RT Log/Event AnalyticsRT Log/Event Analytics
•• RealReal--Time Threat MapsTime Threat Maps
•• Smart BiometricsSmart Biometrics
•• Training & CertificationTraining & Certification
Global Trend is towardsGlobal Trend is towards Adaptive & Intelligent Cybersecurity Solutions/ServicesAdaptive & Intelligent Cybersecurity Solutions/Services...
....Traditional....Traditional AntiAnti--Virus/Firewall ToolsVirus/Firewall Tools no longer fully effective againstno longer fully effective against “Bad Guys”“Bad Guys”!!

CybersecurityCybersecurity Market Size & GrowthMarket Size & Growth
•• 2015:2015: Worldwide EstimatedWorldwide Estimated - $97$97 Billion
•• 2020:2020: Worldwide ProjectedWorldwide Projected - $170$170 Billion
–– North America:North America: - $64Bn – 10.0% CAGR (38%)
–– Europe:Europe: - $39Bn – 7.2% CAGR (23%)
–– AsiaAsia--Pacific:Pacific: - $38Bn –14.1% CAGR (22%)
23
–– AsiaAsia--Pacific:Pacific: - $38Bn –14.1% CAGR (22%)
–– Middle East & Africa:Middle East & Africa: - $15Bn – 13.7% CAGR (9%)
–– Latin America:Latin America: - $14Bn –17.6% CAGR (8%)
(SourceSource: “Micro Market Monitor” & “Markets and Markets” –
Estimated and Extrapolated from projections for 20142014 –– 20192019)
•• 2025:2025: WorldwideWorldwide @ 10% CAGR - $275$275 Billion

Cyber SolutionsCyber Solutions from Corporationsfrom Corporations
-- Consultancy, Networking and ServicesConsultancy, Networking and Services --
•• SophosSophos Group (UK)Group (UK)––Security Solutions
•• CISCOCISCO –– Threat Protection Security
•• Northrop GrummanNorthrop Grumman – Cyber &
Homeland Security Services
•• PwCPwC – Cyber Consultancy
•• Intel Security Group (McAfee)Intel Security Group (McAfee) –
•• KasperskyKaspersky Lab(RU)Lab(RU) – Security Solutions
•• Symantec (US)Symantec (US) –– Security Solutions
•• BAE SystemsBAE Systems – Cyber Risk Mgt
•• IBMIBM – Solutions & Services
•• DeloitteDeloitte – Cyber Consultancy
•• RaytheonRaytheon – Cyber & Homeland Security
24
•• Intel Security Group (McAfee)Intel Security Group (McAfee) –
Malware & Threat Protection
•• British TelecomBritish Telecom – Security Mgt
•• Juniper NetworksJuniper Networks –Threat Intel,
Protection and Network Security
•• Ernst YoungErnst Young – Cyber Consultancy
•• Booz Allen and HamiltonBooz Allen and Hamilton – Cyber
Solutions & Services
•• RaytheonRaytheon – Cyber & Homeland Security
Services (USA + Global)
•• ThalesThales – Secure IT Solutions
•• Lockheed MartinLockheed Martin –Cyber Solutions
•• Dell Secure NetworksDell Secure Networks – Managed
Network & Computing Security Services
•• AT&TAT&T-Network Security & Services
•• HPHP – Enterprise Cybersecurity Solutions
ALL Major IT Vendors now invest inALL Major IT Vendors now invest in Cyber SolutionsCyber Solutions as Hias Hi--Growth SectorGrowth Sector

1 – Background: “21stC Security Landscape” 22 –– Basic “Smart Security” ConceptsBasic “Smart Security” Concepts 3 – Integrated Cyber-Physical Security
“Smart Security”:“Smart Security”: Business ArchitecturesBusiness Architectures
25
7 – Smart Security for “Internet of Things” 8 – Practical “Smart Security” Operations 9 – YOUR TOP 3 Actions & RoadMap!

2)2) -- “Smart Security”“Smart Security” --
• Defence against 21stC CyberCrime & Terror Attacks
requires Operations in RealReal--Time @ Light Speed!Time @ Light Speed!
• Smart Target SurveillanceSurveillance, Profiling & Tracking
• User & Device AuthenticationAuthentication – “Internet of Things”
• Cyber BiometricsBiometrics & ForensicsForensics – Pre/Post Attack
== IntegratedIntegrated “Cyber“Cyber--Physical”Physical” Operations =Operations =
26
• Cyber BiometricsBiometrics & ForensicsForensics – Pre/Post Attack
• Real-Time Analysis of Social MediaSocial Media, eMail & Blogs
•• SelfSelf--AdaptiveAdaptive User, IT Asset & Net Traffic ModellingModelling
•• HumanHuman--Machine TeaminMachine Teamingg for Effective Cyber-Defence
..........Mitigation of AttacksMitigation of Attacks requiresrequires “Smart Security”“Smart Security”
Computing Solutions runningComputing Solutions running @@ Light Speed!Light Speed!

“Smart Security”“Smart Security” == CyberCyber ++ PSIMPSIM ++ SIEMSIEM
•• Cyber:Cyber: Spans ALL ICTALL ICT Networks, Servers & Devices
•• PSIM:PSIM: PPhysical SSecurity IIntegration MManagement
•• SIEM:SIEM: SSecurity IInformation & EEvent MManagement
27
Image:Image: AventuraCCTV.com/PSIMAventuraCCTV.com/PSIM : New York, USA: New York, USA

TransitionTransition from 20from 20ththC to 21C to 21ststCC ““Smart Security”Smart Security”
•• Integrated CyberIntegrated Cyber--Physical Security 2016Physical Security 2016--2021:2021:
– Every Business & Nation will need to transition from the traditional 20thC
culture & policy of massive physical defence to the connected “neural”
21stC world of in-depth intelligent & integrated real-time cyber defence
•• National Borders:National Borders:
– Traditional physical defence and geographical boundaries remain strategic
national assets but they need to be integrated with cyber defence assets.
28
•• Critical National Information Infrastructure:Critical National Information Infrastructure:
– 21stC national economies function electronically, & yet they are poorly
defended in cyberspace, and open to criminal, terror & political attacks
•• MultiMulti--Dimensional Cyber Defence:Dimensional Cyber Defence:
– Nations need to audit their critical infrastructure – government, banks,
telecommunications, energy, & transport – and to upgrade to international
cybersecurity standards based upon accepted “best practice” (ISO/IEC)

Smart Security:Smart Security: Tracking “Bad Guys”Tracking “Bad Guys”
• Mitigating Global Cyber Crime & CyberTerrorism requires us
to Profile & TrackProfile & Track the “Bad Guys”“Bad Guys” in “Real-Time” with
“Smart Security” - Intelligent Networked Computing Systems:
–– 3D Video Analytics3D Video Analytics from CCTV Facial Profiles
– Track On-Line Social MediaSocial Media, eMail & “Cell” Comms
– Scan ““DarkWebDarkWeb”” for “Business Deals”, Plans & Messages
– Check, Track & Locate MobileMobile Communications
29
– Track “Bad Guys”“Bad Guys” in National Transport HubsTransport Hubs
–– DeployDeploy RFID DevicesRFID Devices to Track Highto Track High--Value & Strategic “Assets”Value & Strategic “Assets”
– Use RealReal--Time ANPRTime ANPR for Target Vehicle Tracking
...Cyber Computing Smart ApplicationsCyber Computing Smart Applications can now Track Massive
Databases of Target “Bad Guy”“Bad Guy” Profiles @ Light Speed!...@ Light Speed!...

Smart Security:Smart Security: Tracking “Bad Guys”Tracking “Bad Guys”
• Mitigating Global Cyber Crime & CyberTerrorism requires us
to Profile & TrackProfile & Track the “Bad Guys”“Bad Guys” in “Real-Time” with
“Smart Security” - Intelligent Networked Computing Systems:
–– 3D Video Analytics3D Video Analytics from CCTV Facial Profiles
– Track On-Line Social MediaSocial Media, eMail & “Cell” Comms
– Scan ““DarkWebDarkWeb”” for “Business Deals”, Plans & Messages
30
– Track “Bad Guys”“Bad Guys” in National Transport HubsTransport Hubs
–– DeployDeploy RFID DevicesRFID Devices to Track Highto Track High--Value & Strategic “Assets”Value & Strategic “Assets”
– Use RealReal--Time ANPRTime ANPR for Target Vehicle Tracking
...Cyber Computing Smart ApplicationsCyber Computing Smart Applications can now Track Massive
Databases of Target “Bad Guy”“Bad Guy” Profiles @ Light Speed!...@ Light Speed!...

1 – Background: “21stC Security Landscape” 2 – Basic “Smart Security” Concepts 33 –– IntegratedIntegrated CyberCyber--Physical SecurityPhysical Security
31
7 – Smart Security for “Internet of Things” 8 – Practical “Smart Security” Operations 9 – YOUR TOP 3 Actions & RoadMap!

3) Integrated3) Integrated CyberCyber--PhysicalPhysical SolutionsSolutions
•• ALL Security ToolsALL Security Tools will evolve from Physical to Integrated
“Smart” Cyber-Physical during 3 to 5 years.
•• Advanced 21Advanced 21stst “Smart”“Smart” CyberCyber--Physical SecurityPhysical Security Solutions:
– Intelligent “Bad Guy” Profiling & Tracking
– Real-Time Social Media & On-Line Monitoring
– CCTV, Facial Recognition & Video Analytics
32
– CCTV, Facial Recognition & Video Analytics
– Integrated Cyber-Biometrics & Digital Forensics
– ANPR Vehicle Location and GPS/Aerial Tracking
– Adaptive AI/ML Behavioural Modelling of Net Traffic & Users
....We explore these Integrated....We explore these Integrated Cyber SolutionsCyber Solutions inin--depth &depth &
their Business Implementation in Critical Sector Scenariostheir Business Implementation in Critical Sector Scenarios

Integration ofIntegration of Physical and CybersecurityPhysical and Cybersecurity
Integrated CSOIntegrated CSO--led Management Teamled Management Team –– Merged HQ OperationsMerged HQ Operations
Physical Security OperationsPhysical Security Operations Cyber Security OperationsCyber Security Operations
Smart SecuritySmart Security == Virtual IntegrationVirtual Integration
SharedShared
AlertsAlerts
33
Corporate CSOCorporate CSO--led Security Teamled Security Team
ONEONE –– Shopping List!Shopping List!
Integrated Management,Integrated Management,
Training, Standards, PlansTraining, Standards, Plans
ONEONE –– Architecture!Architecture!
Smart SecuritySmart Security == Virtual IntegrationVirtual Integration
FinalFinal phase ofphase of CyberCyber--Physical IntegrationPhysical Integration -- Embedded Intelligence inEmbedded Intelligence in ALLALL DevicesDevices -- Internet of ThingsInternet of Things

Contrast between our Physical & Cyber WorldsContrast between our Physical & Cyber Worlds
Convergence to 21Convergence to 21ststC “Intelligent Worlds” will take time!C “Intelligent Worlds” will take time!
Physical World = “Space”Physical World = “Space”
• Top-Down
• Dynamic
• Secrecy
• Territorial – “Geographical Space”
• Government Power
• Control
• “Speed of Sound”
Cyber World = “Time”Cyber World = “Time”
• Bottom-Up
• Self-Organising
• Transparency
• Global – “Real-Time”
• Citizen Power
• Freedom
• “Speed of Light”
34
• “Speed of Sound”
• Padlocks & Keys
• Assets & Objects
• Hierarchical
• Carbon Life
• Tanks & Missiles
• Mass Media
• “Speed of Light”
• Passwords & Pins
• Events & Experience
• Organic
• Silicon Life
• Cyber Weapons & “Smart Bots”
• Social Media
“Smart Security”“Smart Security” requires Embedded Networked Intelligence in ALLrequires Embedded Networked Intelligence in ALL “IoT ““IoT “DevicesDevices

“Smart”“Smart” AutonomousAutonomous Chemical Oscillator:Chemical Oscillator:
-- BelousovBelousov––Zhabotinsky Reaction (BZ)Zhabotinsky Reaction (BZ) --
35

SelfSelf--Organisation inOrganisation in ““BioBio--Sciences”Sciences”
•• Organic DNAOrganic DNA--based Life has Adaptation, Learning &based Life has Adaptation, Learning &
Intelligence based upon SelfIntelligence based upon Self--organisation:organisation:
–– Bee HivesBee Hives with regular Honeycombs
–– Ant ColoniesAnt Colonies & Termite Hills
–– Migrating BirdsMigrating Birds fly in “V” Echelon Formations
–– Plant LifePlant Life adapts to Light, Gravity, Chemicals & Fluids
36
–– Plant LifePlant Life adapts to Light, Gravity, Chemicals & Fluids
–– Sociable Weaver BirdsSociable Weaver Birds build huge nests for security
–– Mammalian BrainsMammalian Brains evolved from Neural Networks
...“Smart Security for theSmart Security for the IoTIoT will be based upon Principleswill be based upon Principles
ofof BioBio--Adaptation, SelfAdaptation, Self--Organisation & SelfOrganisation & Self--learning!learning!”...”...

SelfSelf--Organisation inOrganisation in “Bio“Bio--Systems”Systems”
37

“Smart Sustainable Security” in“Smart Sustainable Security” in NatureNature!!
The Sociable Weaver Bird
“World’s largest Bird Nests”
*** Southern Africa ***
38
•Secure Living Community
•Self-Organising Architecture
•Fully scalable for long term growth
•Supports 250+ Weaver Birds
•Real-Time Disaster Alert System
•Sustainable in Semi-Desert Steppe
•Robust against “Enemy Risks”
such as Eagles, Vultures & Snakes
...all the features of a 21stC-“Cyber Defence Centre”–including Disaster Recovery & Business Continuity!

1 – Background: “21stC Security Landscape” 2 – Basic “Smart Security” Concepts 3 – Integrated Cyber-Physical Security
44 –– Towards “Smart Security” ArchitecturesTowards “Smart Security” Architectures 5 – “Smart Security” for YOUR Business! 6 – Security Scenarios: Critical Sectors
39
34th International East/West Security Conference39
44 –– Towards “Smart Security” ArchitecturesTowards “Smart Security” Architectures 5 – “Smart Security” for YOUR Business! 6 – Security Scenarios: Critical Sectors
7 –Smart Security for “Internet of Things” 8 - Practical “Smart Security” Operations 9 – YOUR TOP 3 Actions & RoadMap!

4) Towards4) Towards “Smart Security”“Smart Security” ArchitecturesArchitectures
• Leading International Organisations have already
designed 21stC “State of the Art” Frameworks,
Standards and Cybersecurity ArchitecturesCybersecurity Architectures:
–– UN/ITUUN/ITU – Global Cybersecurity Agenda (GCA)
–– NATONATO – National Cybersecurity Framework
–– EU/ENISAEU/ENISA – National Cybersecurity Strategies
40
–– NISTNIST- National Institute of Standards & Technology
–– SANSSANS – Critical Security Controls
–– ISO/IECISO/IEC – International Standards – ISO 27000 Series
......UN, NATO, EUUN, NATO, EU are forare for GovernmentGovernment whilstwhilst
NIST/SANSNIST/SANS are more focused uponare more focused upon BusinessBusiness

The UN/ITU GCAThe UN/ITU GCA -- GlobalGlobal
Cybersecurity Agenda:Cybersecurity Agenda:
--------------------
11 – Legal Measures
22 – Technical Measures
33 – Organisational Measures
44 – Capacity Building
55 – International Cooperation
UN/ITU:UN/ITU:–– Global Cybersecurity Agenda (GCA)Global Cybersecurity Agenda (GCA)
41
--------------------
...The UN/UN/ITUITU constitutes a uniqueunique
global forumglobal forum for partnership and
the discussion of cybersecurity.cybersecurity.
--------------------
www.itu.int/ITUwww.itu.int/ITU--D/cyb/cybersecurity/docs/ITUNationalCybersecurityStrategyGuide.pdfD/cyb/cybersecurity/docs/ITUNationalCybersecurityStrategyGuide.pdf

The UN/ITU GCAThe UN/ITU GCA -- GlobalGlobal
Cybersecurity Agenda:Cybersecurity Agenda:
--------------------
11 – Legal Measures
22 – Technical Measures
33 – Organisational Measures
44 – Capacity Building
UN/ITU:UN/ITU:–– Global Cybersecurity Agenda (GCA)Global Cybersecurity Agenda (GCA)
42
--------------------
...The UN/UN/ITUITU constitutes a uniqueunique
global forumglobal forum for partnership and
the discussion of cybersecurity.cybersecurity.
--------------------
www.itu.int/ITUwww.itu.int/ITU--D/cyb/cybersecurity/docs/ITUNationalCybersecurityStrategyGuide.pdfD/cyb/cybersecurity/docs/ITUNationalCybersecurityStrategyGuide.pdf

UN/ITU Worldwide Security inUN/ITU Worldwide Security in CyberspaceCyberspace!!
Capacity BuildingCapacity Building
43
Regional and International CollaborationRegional and International Collaboration

UN/ITU Worldwide Security inUN/ITU Worldwide Security in CyberspaceCyberspace!!
-- (1)(1) ––
LegalLegal MeasuresMeasures
-- (3)(3) ––
OrganisationalOrganisational
-- (4)(4) –– Capacity BuildingCapacity Building
-- (2)(2) ––
TechnicalTechnical
&&
44
LegalLegal MeasuresMeasures
OrganisationalOrganisational
StructuresStructures
-- (5)(5) –– Regional and International CollaborationRegional and International Collaboration
&&
ProceduralProcedural
MeasuresMeasures

-- UN/ITUUN/ITU CyberSecurityCyberSecurity AgendaAgenda --
Understanding CyberCrime (Eng/Understanding CyberCrime (Eng/RusRus))
45
LinkLink: www.itu.int/en/publications/

-- UN/ITUUN/ITU CyberSecurityCyberSecurity AgendaAgenda --
Quest forQuest for CyberConfidenceCyberConfidence (Eng/(Eng/RusRus))
46
LinkLink: www.itu.int/en/publications/

UN/ITUUN/ITU National CyberSecurity StrategyNational CyberSecurity Strategy
Toolkit (Toolkit (NCSNCS)) –– Global PartnershipGlobal Partnership -- 20162016
47
12 International Partners12 International Partners :: CyberSecurity Toolkit to help Nations to Design &CyberSecurity Toolkit to help Nations to Design &
Implement Effective CyberSecurity Programmes based uponImplement Effective CyberSecurity Programmes based upon “Best Practice”...“Best Practice”...
Link:Link: www.itu.int/en/ITU-D/Cybersecurity/

NATONATO CybersecurityCybersecurity
Framework ManualFramework Manual
48

NATO Framework:NATO Framework: The Five Mandates andThe Five Mandates and
Six Elements of the Cybersecurity CycleSix Elements of the Cybersecurity Cycle
49

NATO Cybersecurity Framework:NATO Cybersecurity Framework:
-- Organisational ArchitectureOrganisational Architecture --
50

EU Agency for Info Security:EU Agency for Info Security: ENISAENISA
ENISAENISA Strategic Security FrameworkStrategic Security Framework
Provides effectiveProvides effective “Cyber”“Cyber” model formodel for
NationalNational GovernmentsGovernments & Ministries& Ministries
51
-- ALL EU CountriesALL EU Countries now have approvednow have approved National Cybersecurity StrategiesNational Cybersecurity Strategies --
www.enisa.europa.eu/topics/nationalwww.enisa.europa.eu/topics/national--cybercyber--securitysecurity--strategies/ncssstrategies/ncss--mapmap

NISTNIST CybersecurityCybersecurity FrameworkFramework
National Institute of Standards & TechnologyNational Institute of Standards & Technology
52
Web:Web: www.nist.gov/cyberframework/www.nist.gov/cyberframework/

NISTNIST CybersecurityCybersecurity FrameworkFramework
National Institute of Standards & TechnologyNational Institute of Standards & Technology
53
Web:Web: www.nist.gov/cyberframework/www.nist.gov/cyberframework/

Critical Security Controls (CSC)Critical Security Controls (CSC)
-- Top 20 CyberTop 20 Cyber DefenseDefense ActionsActions –– The SANS InstituteThe SANS Institute ––
1) Inventory of Authorised and Unauthorised Devices
2) Inventory of Authorised and Unauthorised Software
3) Secure Configurations for Hardware and Software
4) Continuous Vulnerability Protection & Remediation
5) Malware Defenses
6) Applications Software Security
7) Wireless Access Control
8) Data Recovery Capability
9) Security Skills Assessment and Training
10) Secure Configurations for Network Devices
11) Limitation of Network Ports, Protocols & Services
54
12) Controlled Use of Administrative Privileges
13) Boundary Defence
14) Maintenance, Monitoring and Analysis of Audit Logs
15) Controlled Access Based on the Need to Know
16) Account Monitoring and Control
17) Data Protection
18) Incident Response and Management
19) Secure Network Engineering
20) Penetration Testing and Red Team Exercises
SANSSANS == SSysAdminysAdmin,, AAudit,udit, NNetworking andetworking and SSecurityecurity Link:Link: www.sans.org/criticalwww.sans.org/critical--securitysecurity--controls/controls/

Critical Security Controls (CSC)Critical Security Controls (CSC)
-- Top 20 CyberTop 20 Cyber DefenseDefense ActionsActions –– The SANS InstituteThe SANS Institute ––
1) Inventory of Authorised and Unauthorised Devices
2) Inventory of Authorised and Unauthorised Software
3) Secure Configurations for Hardware and Software
4) Continuous Vulnerability Protection & Remediation
5) Malware Defenses
6) Applications Software Security
7) Wireless Access Control
8) Data Recovery Capability
9) Security Skills Assessment and Training
10) Secure Configurations for Network Devices
55
12) Controlled Use of Administrative Privileges
13) Boundary Defence
14) Maintenance, Monitoring and Analysis of Audit Logs
15) Controlled Access Based on the Need to Know
16) Account Monitoring and Control
17) Data Protection
18) Incident Response and Management
19) Secure Network Engineering
20) Penetration Testing and Red Team Exercises
SANSSANS == SSysAdminysAdmin,, AAudit,udit, NNetworking andetworking and SSecurityecurity Link:Link: www.sans.org/criticalwww.sans.org/critical--securitysecurity--controls/controls/

Mapping theMapping the SANSSANS Critical Security Controls:Critical Security Controls:
US GovtUS Govt –– Dept of Homeland Security CDM ProgramDept of Homeland Security CDM Program --
56
SANS Link:SANS Link: www.sans.org/criticalwww.sans.org/critical--securitysecurity--controls/controls/

Cybersecurity Standards:Cybersecurity Standards: Key PlayersKey Players
•• Multiple Players:Multiple Players: There are multiple international that publish
standards relating to physical and cyber security. In general these
standards, recommendations and guidelines are complementary:
–– ENISAENISA – European Network and Information Security Agency
–– ISOISO – International Standards Organisation (ISO27xxx Series)
57
–– IETFIETF – Internet Engineering Task Force
–– ETSIETSI – European Telecommunications Standards Institute
–– IEEEIEEE – Institute of Electrical and Electronic Engineers
–– ANSIANSI – American National Standards Institute
–– NISTNIST – National Institute of Standards and Technology

UN/ITUUN/ITU –– X.805X.805 Cybersecurity ArchitectureCybersecurity Architecture
58

Recommended Book: Security in a Web2.0 WorldRecommended Book: Security in a Web2.0 World
-- A Standards Based Approach(UN/ITUA Standards Based Approach(UN/ITU -- X.805)X.805) –– Author: C. SolariAuthor: C. Solari --
59
Carlos Solari: Ex CIOCarlos Solari: Ex CIO
US GovernmentUS Government --
White HouseWhite House

ISO/IEC 27000/2ISO/IEC 27000/2-- Info Security ManagementInfo Security Management
60

NIST Security Publications:NIST Security Publications: “800 Series”“800 Series”
61

NIST:NIST: Cloud Security ArchitectureCloud Security Architecture
62
NIST:NIST: Cloud Security Standards & Reference ModelCloud Security Standards & Reference Model

Info Security Architecture:Info Security Architecture: PublicationsPublications
63

64
34th International East/West Security Conference64
4 – Towards “Smart Security” Architectures 55 –– “Smart Security” for“Smart Security” for YOURYOUR Business!Business! 6 – Security Scenarios: Critical Sectors
7 –Smart Security for “Internet of Things” 8 – Practical “Smart Security” Operations 9 – YOUR TOP 3 Actions & RoadMap!

5)5) “Smart Security”“Smart Security” forfor YOURYOUR BusinessBusiness
• Recruit Professionally Qualified CSO/DirectorCSO/Director
• Organise Top-Level Security WorkshopSecurity Workshop to explore
possible and actual Cyber/Physical Threats
• Develop InventoryInventory of current Security Assets and
identify “gaps” that require new investment
• Discuss and Agree Multi-Year “Smart Security”
65
• Discuss and Agree Multi-Year “Smart Security”
Investment & Business Action Plan & RoadMapAction Plan & RoadMap
• Implement YOURYOUR Security Plan as Board Level
Strategic ProgrammeStrategic Programme across ALL Units/Functions
...Staff Training with “Simulated” Threat Scenarios!.....Staff Training with “Simulated” Threat Scenarios!..

CISSPCISSP–– InternationalInternational “Cyber”“Cyber” CertificationCertification
• The CISSPCISSP –– Certified Information Systems Security Professional is one of
the highest international qualifications from the (ISC)²(ISC)², and is based
upon the core tenets of Confidentiality, Integrity & AvailabilityConfidentiality, Integrity & Availability::
1) Access Control
2) Application Security
3) Business Continuity and Disaster Recovery
4) Cryptography
66
4) Cryptography
5) Information Security and Risk Management
6) Legal, Regulations, Compliance and Investigations
7) Operations Security
8) Physical (Environmental) Security
9) Security Architecture and Design
10)Telecommunications and Network Security
•• An inAn in--depth study of all these security topics would fill an intensive 3 month schedule!depth study of all these security topics would fill an intensive 3 month schedule!

CipherCipher IntegratedIntegrated CyberSecurityCyberSecurity RoadMapRoadMap
67
Link:Link: Cipherproject.eu/Cipherproject.eu/cipher_webappcipher_webapp//Link:Link: Cipherproject.eu/Cipherproject.eu/

CipherCipher IntegratedIntegrated CyberSecurityCyberSecurity RoadMapRoadMap
68
Link:Link: Cipherproject.eu/Cipherproject.eu/cipher_webappcipher_webapp//Link:Link: Cipherproject.eu/Cipherproject.eu/

Smart Security:Smart Security: Technology & OperationsTechnology & Operations
•• “Smart Security”“Smart Security” spans the “Real-Time” Protection of physical
buildings, staff and cyber facilities, networks & information assets.
–– Technologies:Technologies: Advanced ICT Security technologies include Biometrics, RFID
Encryption, PKI Authentication, ID Management, DDoS & Malware Detection
–– Operations:Operations: Physical Buildings, Staff and all information & ICT assets need to be
secured through solutions such as RFID tagging, Interactive HD CCTV, movement
detection and other automatic means for asset monitoring & surveillance
69
detection and other automatic means for asset monitoring & surveillance
–– Critical National Infrastructure Protection :Critical National Infrastructure Protection : Most national smart
security programmes now focus upon securing critical infrastructure such as banking
& finance, airports & transportation, power stations, military & defence facilities,
ICT, Mobile & telecommunications services & Government Ministries & Parliament.
…In the next sections we’ll explore both…In the next sections we’ll explore both “Critical Sectors”“Critical Sectors” and the Integrationand the Integration
ofof Cyber & Physical OperationsCyber & Physical Operations which is the real essence ofwhich is the real essence of “Smart Security“Smart Security

70
4 – Towards “Smart Security” Architectures 5 – “Smart Security” for YOUR Business! 66 –– Security Scenarios: Critical SectorsSecurity Scenarios: Critical Sectors
7 –Smart Security for “Internet of Things” 8 – Practical “Smart Security” Operations 9 – YOUR TOP 3 Actions & RoadMap!

(6) Security Sectors:(6) Security Sectors: Threat ScenariosThreat Scenarios
•• Hybrid Security ThreatsHybrid Security Threats may potentially targetmay potentially target ANYANY
andand ALLALL YOURYOUR Business and Government Sectors!....Business and Government Sectors!....
a)a) Finance & BankingFinance & Banking – ATMs, Fraud, Money Laundering
b)b) Transport & TourismTransport & Tourism – Airports, Metro, Tourist Sights
c)c) Energy & UtilitiesEnergy & Utilities – Nuclear, Chemical & Water Resource
d)d) Government & DefenceGovernment & Defence – Intel Theft, Hacking, Military
e)e) Education & ResearchEducation & Research – Campus-Wide Armed Attacks
71
e)e) Education & ResearchEducation & Research – Campus-Wide Armed Attacks
f)f) Industry & ManufacturingIndustry & Manufacturing – Competitive Espionage
g)g) Retail, Sports & CultureRetail, Sports & Culture – Shopping Malls, Olympics
........CSOsCSOs are advised toare advised to URGENTLYURGENTLY define practicaldefine practical
& effective action plans to mitigate such attacks!...& effective action plans to mitigate such attacks!...

Critical Sector Case Study:Critical Sector Case Study: Banks & FinanceBanks & Finance
•• Banks & FinancialBanks & Financial Institutions are prime targets for cybercriminals.
•• AccessAccess to Accounts is usually indirect through phishing scams, infected
websites with malicious scripts, and personal ID Theft.
•• OnOn--Line bank transfersLine bank transfers are also commonly used for international money
laundering of funds secured from illegal criminal and political activities
•• Instant Money Transfer ServicesInstant Money Transfer Services are preferred for crimes such as the classic
“Advanced Fee Scam” as well as Lottery and Auction Scams
•• CyberCyber--ExtortionExtortion && RansomwareRansomware are now epidemic via web & email phishing
72
•• CyberCyber--ExtortionExtortion && RansomwareRansomware are now epidemic via web & email phishing
•• National & Commercial BanNational & Commercial Banksks have also been regular targets of DDOS
Cyberattacks from politically motivated and terrorist organisations
•• Penetration Scans:Penetration Scans: Banks are pivotal to national economies and will receive
penetration scans and Cyberhacks both “direct” & with “Bots” & Trojans
•• OnOn--Line BankingLine Banking networks including ATMs, Business and Personal Banking
are at the “sharp end” of financial security and require significant efforts
towards end-user authentication & transaction network security
...”Smart Security”...”Smart Security” will become mandatory forwill become mandatory for ALLALL Financial Institutions!Financial Institutions!
72

Critical Sector Case Study:Critical Sector Case Study: GovernmentsGovernments
•• Cyber Agencies:Cyber Agencies: Over 70 National Governments (from 193 UN/ITU
Member States) have now Cybersecurity Agencies & Programmes
•• eGovernmenteGovernment ServicesServices are critically dependant upon strong cybersecurity
with authentication for the protection of applications, and citizen data
•• Compliance Audit:Compliance Audit: All Government Ministries & Public Agencies should
receive in-depth ICT security audits and full annual compliance reviews
1) National Defence Forces
2) Parliamentary Resources
3) Land Registry & Planning System
73
3) Land Registry & Planning System
4) Citizen IDs and Passports
5) Laws, Legislations, and Policies
6) Civilian Police, Prisons & National e-Crimes Unit (NCU)
7) National CERT – Computer Emergency Response Team
8) Inter-Government Communications Network
9) eServices for Regional & International Partnerships
10) Establishment of cybersecurity standards & compliance
11) Government Security Training and Certification
73

“Smart Security” for Critical Sectors:“Smart Security” for Critical Sectors:
YOURYOUR Shopping and To Do List!Shopping and To Do List!
• Security Audit: In-Depth Security Audit and Action Report - Spanning BOTH
Physical and Cybersecurity Operations, Assets and Technologies
• International Standards: Understand and Implement Security Policies and
Programmes to International Standards – ISO/IEC, UN/ITU, IEEE, NIST, ASIS, ISF
• Training: Professional Training: Form strategic partnerships with leading
educational & research institutions to develop pipeline of professional
graduations in cybersecurity & integrated security technologies
74
graduations in cybersecurity & integrated security technologies
• CERT/CSIRTs: Understand the critical role of Cybersecurity CERTs and link their
alerts and operational processes within your overall security policies
• Security Associations: Join Security Associations and follow emerging
developments in Cybersecurity for ““Smart Systems”Smart Systems” & “Internet of Things”“Internet of Things”
........YOURYOUR Top Priority is ProfessionalTop Priority is Professional Cybersecurity Training & CertificationCybersecurity Training & Certification withwith
regular course “Topregular course “Top--Ups” since the field is moving at Supersonic Speed!Ups” since the field is moving at Supersonic Speed!

4 –Towards “Smart Security” Architectures 5 – “Smart Security” for YOUR Business! 6 – Security Scenarios: Critical Sectors
75
77 –– SmartSmart Security for “Internet of Things”Security for “Internet of Things” 8 – Practical “Smart Security” Operations 9 – YOUR TOP 3 Actions & RoadMap!

7) Smart Security for7) Smart Security for “Internet of Things”“Internet of Things”
• Securing the “Internet of Things”“Internet of Things” (IoT) is moving
to the Top of the Business Security Agenda!...
• Major IoT AttacksIoT Attacks have been recorded such as the
Mirai BotNet/DYN DDoSDDoS AttacksAttacks (Sept/Oct 2016)
•• Legacy “IoT” DevicesLegacy “IoT” Devices are vulnerable to BotNet
penetration due to weak or zero(!) cyber defence
76
penetration due to weak or zero(!) cyber defence
•• YOURYOUR BusinessBusiness needs to engineer a security
programme to mitigate “IoT” Hacks & Attacks“IoT” Hacks & Attacks!
...Effective solutions use a...Effective solutions use a “Smart”“Smart” integration ofintegration of
Cyber Interfaces, Biometrics & Encryption...Cyber Interfaces, Biometrics & Encryption...

CyberCyber--PhysicalPhysical Threats from the “IoT”Threats from the “IoT”
•• ALL Networked DevicesALL Networked Devices are at risk from Cyber-
Hacking, Penetration and Remote Control
•• IoT Devices:IoT Devices: Smart Phones, Home Controls,
Vehicles, Industrial Controls, Smart Cities,
77
Vehicles, Industrial Controls, Smart Cities,
Power Stations, Utilities, Medical Devices.....
•• Legacy Assets:Legacy Assets: Many legacy assets including
cars, medical implants, industrial SCADA
controls are INSECURE against Cyber Attacks!

Internet of Things:Internet of Things: Spans ALL SectorsSpans ALL Sectors
78

20202020 Estimates forEstimates for “IoT”“IoT” ConnectivityConnectivity
79

“IoT Devices”:“IoT Devices”: Wristbands and WatchesWristbands and Watches
80

“Google Car”:“Google Car”: Computer Vision ViewComputer Vision View
81

“IoT”“IoT” Connectivity in the Home:Connectivity in the Home: IBMIBM
82

83
CarnaCarna BotnetBotnet exposed Legacyexposed Legacy
Vulnerabilities inVulnerabilities in “IoT” Devices“IoT” Devices

Vulnerable Legacy Devices:Vulnerable Legacy Devices: “IoT”“IoT”
84

PracticalPractical Security SolutionsSecurity Solutions for the “IoT”for the “IoT”
•• European UnionEuropean Union -- IERC:IERC: Extensive “IoT” research
during the last 5 years including security.
•• IEEE IoT Community, Journal & Conference :IEEE IoT Community, Journal & Conference :
Recent international focus upon IoT Security
Standards and Engineering Practical Solutions.
85
Standards and Engineering Practical Solutions.
•• Advanced Cyber Tools:Advanced Cyber Tools: Sustainable IoT Network
Security requires innovative 21stC Adaptive &
Self-learning tools based upon research into
Artificial Intelligence and Machine Learning.

Useful Publications onUseful Publications on ““Internet of Things”Internet of Things”
86

European Research Cluster:European Research Cluster: Internet of ThingsInternet of Things
87

IERCIERC –– Research Cluster Reports onResearch Cluster Reports on
““Smart Systems” & the Internet of ThingsSmart Systems” & the Internet of Things
88

-- Security for the Internet of ThingsSecurity for the Internet of Things --
Security & Privacy inSecurity & Privacy in HyperconnectedHyperconnected SocietySociety
89

Consultant Reports:Consultant Reports: Internet of ThingsInternet of Things
90
Booz, Allen and HamiltonBooz, Allen and HamiltonErnst and Young Global LimitedErnst and Young Global Limited

Internet of Things:Internet of Things: Cybersecurity ModelCybersecurity Model
91
Copyright:Copyright: Wind RiverWind River –– Intel CorporationIntel Corporation

IoT Cybersecurity:IoT Cybersecurity: 77--Level ArchitectureLevel Architecture
92

4 - Towards “Smart Security” Architectures 5 – “Smart Security” for YOUR Business! 6 – Security Scenarios: Critical Sectors
93
4 - Towards “Smart Security” Architectures 5 – “Smart Security” for YOUR Business! 6 – Security Scenarios: Critical Sectors
7 – Smart Security for “Internet of Things” 88 –– Practical “Smart Security” OperationsPractical “Smart Security” Operations 9 – YOUR TOP 3 Actions & RoadMap!

(8)(8) PracticalPractical CyberSecurityCyberSecurity StrategiesStrategies
• Successful Cyber Strategies are Scaled from:
DeviceDevice-->User>User––>Business>Business––>City>City––>Country>Country––>Global>Global
a)a) Device:Device: Secure ALL devices connected to “IoT”
b)b) User:User: BioBio--IDID, Real-Time Behaviour Modelling
c)c) Business:Business: CSOCSO-Led, Professional Cyber Team
d)d) City:City: Secure Transit HubsTransit Hubs, Culture & Sports Sites
94
d)d) City:City: Secure Transit HubsTransit Hubs, Culture & Sports Sites
e)e) Country:Country: Secure CNICNI, Profile & Track “Bad GuysBad Guys”
f)f) Global:Global: Deploy UN/ITUUN/ITU CyberSecurity Agenda
....Upgrade....Upgrade ALLALL your Legacy Security Tools & Injectyour Legacy Security Tools & Inject
Cyber SolutionsCyber Solutions toto YOURYOUR Business Operations!...Business Operations!...

PracticalPractical “Smart Security”“Smart Security” OperationsOperations
•• CSO Action:CSO Action: Develop & Communicate Board Level Security
Strategy spanning Cyber/On-Line & Physical Operations
•• Audit & UpgradeAudit & Upgrade each Business Unit & Function: Sales,
Marketing, HR, Finance, R&D, Production...
•• Top Security Priorities:Top Security Priorities: IT Networks, Data Bases, ALL IT
Devices/BYOD, Building Access & Control, Staff,
95
Devices/BYOD, Building Access & Control, Staff,
Contractors & Guests, Wi-Fi/Mobile Access...
•• Security Tools:Security Tools: “AI/ML Cyber”, CCTV Video Analytics,
Biometrics, RFID, ANPR, DB/Mail/Media Monitoring...
•• Authorise Security AuditsAuthorise Security Audits to check company-wide
compliance including Real-Time “Cyber” Monitoring!

Benefits ofBenefits of “Smart”“Smart” CyberCyber –– Physical SecurityPhysical Security
• Some of the key benefits from integrating Cybersecurity solutions
with physical operational processes and policies are:
–– Reduced Operational CostsReduced Operational Costs, through “Single CSO-led Security Organisation”
–– Early WarningEarly Warning of both Physical & Cyber Penetration through RT surveillance
–– Extended ProtectionExtended Protection of ALL Critical Physical and On-Line Assets
–– Focused Security PolicyFocused Security Policy for Government, Businesses and Citizens
–– Risks:Risks: Reduced “Open World” Security Risks from Smart Devices
96
–– Risks:Risks: Reduced “Open World” Security Risks from Smart Devices
–– CyberCrime:CyberCrime: Comprehensive Management and Control of Cybercrime
–– CNI:CNI: Critical Infrastructure such as Banks & Airports are protected
–– National Defence: NationsNational Defence: Nations now need hi-protection in “cyber” & “physical”
….In summary, the practical 21st approach to integrated “smart” securityintegrated “smart” security is a
combination of technologicaltechnological solutions together with strong operationaloperational
procedures, all implemented to international ISO/IECISO/IEC security standards

97
7 – Smart Security for “Internet of Things” 8 – Practical “Smart Security” Operations 99 –– YOURYOUR TOP 3 Actions & RoadMap!TOP 3 Actions & RoadMap!

YOURYOUR TOPTOP 33 Actions & RoadMapActions & RoadMap
•• Action 1:Action 1: Board-Level Review & Audit of current
Cybersecurity Tools & Operations – 60 days
•• Action 2:Action 2: Highlight security issues & insecure
legacy net assets, devices & processes – 30 days
•• Action 3:Action 3: Develop Multi-Year Plan, Budget &
Roadmap for Advanced “Cyber” to include:
98
Roadmap for Advanced “Cyber” to include:
a) CSO-Led ““CyberCyber--Physical”Physical” Operational Integration
b)b) “IoT Security”“IoT Security” for Legacy & New Network Assets
c) Training and Testing of “AI/ML”AI/ML” Cyber Solutions.
Tomorrow Morning @Tomorrow Morning @ 09:0009:00 we’ll explorewe’ll explore Future ScenariosFuture Scenarios forfor
“Smart Security”“Smart Security” in ourin our CyberVision 2017CyberVision 2017 –– 20272027 and Beyond!and Beyond!

“Integrated & Intelligent“Integrated & Intelligent
Security ArchitecturesSecurity Architectures
provide Realprovide Real--TimeTime
Defence for Business,Defence for Business,
Government andGovernment and
“Design & Deploy 21“Design & Deploy 21ststC Smart SecurityC Smart Security
Architectures forArchitectures for YOURYOUR BusinessBusiness””
99
Government andGovernment and
Critical Sectors”Critical Sectors”
“History of ArchitectureHistory of Architecture”
- From BaroqueBaroque to BubblesBubbles -
Pen & Ink Drawing by
Dr Alexander RimskiDr Alexander Rimski--KorsakovKorsakov
-- CelebratedCelebrated 8080thth BirthdayBirthday –– 20162016 --

The Surrealistic Paintings of Dr Alexander RimskyThe Surrealistic Paintings of Dr Alexander Rimsky--KorsakovKorsakov
100
Web LinkWeb Link:: www.valentina.net/ARK3/ark2.htmlwww.valentina.net/ARK3/ark2.html

International EastInternational East--West Security Conference: RomeWest Security Conference: Rome
International EastInternational East--West Security Conference: RomeWest Security Conference: Rome
ThankThank--You!You!ThankThank--You!You!
101
ThankThank--You!You!ThankThank--You!You!
Download Presentation Slides:Download Presentation Slides:
www.Valentina.net/Rome2016/www.Valentina.net/Rome2016/

EastEast--West Security ConferenceWest Security Conference –– Rome 2016Rome 2016
-- “Smart CyberSecurity”“Smart CyberSecurity” -- Slides (PDF)Slides (PDF) --
102
Download Link:Download Link: www.valentina.net/Rome2016/www.valentina.net/Rome2016/
Theme (1)Theme (1) ––“21“21ststC Smart Security”C Smart Security” Theme (2)Theme (2) ––“CyberVision: 2017“CyberVision: 2017--2027”2027”

103
Thank you for your time!Thank you for your time!Thank you for your time!Thank you for your time!

AdditionalAdditional CybersecurityCybersecurity ResourcesResources
104
LinkLink:: www.valentina.net/vaza/CyberDocswww.valentina.net/vaza/CyberDocs

Professional ProfileProfessional Profile -- Dr David E. ProbertDr David E. Probert
Computer Integrated Telephony (CIT)Computer Integrated Telephony (CIT) – Established and led British Telecom’s £25M EIGER Project during the mid-1980s’ to integrate computers with
telephone switches (PABX’s). This resulted in the successful development and launch of CIT software applications for telesales & telemarketing
Blueprint for Business CommunitiesBlueprint for Business Communities – Visionary Programme for Digital Equipment Corporation during late-1980’s that included the creation of the
“knowledge lens” and “community networks”. The Blueprint provided the strategic framework for Digital’s Value-Added Networks Business
European Internet Business Group (EIBGEuropean Internet Business Group (EIBG)) – Established and led Digital Equipment Corporation’s European Internet Group for 5 years. Projects included
support for the national Internet infrastructure for countries across EMEA as well as major enterprise, government & educational Intranet deployments.
Dr David Probert was a sponsoring member of the European Board for Academic & Research Networking (EARN/TERENA) for 7 years (1991 1998)
Supersonic Car (Supersonic Car (ThrustSSCThrustSSC)) – Worked with Richard Noble OBE, and the Mach One Club to set up and manage the 1st Multi-Media and e-Commerce Web-
Site for the World’s 1st Supersonic Car – ThrustSSC – for the World Speed Record.
Secure Wireless NetworkingSecure Wireless Networking – Business Director & VP for Madge Networks to establish a portfolio of innovative fully secure wireless Wi-Fi IEEE802.11
105
Secure Wireless NetworkingSecure Wireless Networking – Business Director & VP for Madge Networks to establish a portfolio of innovative fully secure wireless Wi-Fi IEEE802.11
networking products with technology partners from both UK and Taiwan.
Networked Enterprise SecurityNetworked Enterprise Security - Appointed as the New Products Director (CTO) to the Management Team of the Blick Group plc with overall
responsibility for 55 professional engineers & a diverse portfolio of hi-tech security products.
Republic of GeorgiaRepublic of Georgia – Senior Security Adviser – Appointed by the European Union to investigate and then to make recommendations on all aspects of IT
security, physical security and BCP/DR relating to the Georgian Parliament.
UN/ITUUN/ITU – Senior Adviser – Development of Cybersecurity Infrastructure, Standards, Policies, & Organisations in countries within both Europe & Americas
Dr David E. Probert is a Fellow of the Royal Statistical Society, IEEE Life Member and 1Dr David E. Probert is a Fellow of the Royal Statistical Society, IEEE Life Member and 1stst Class Honours Maths DegreeClass Honours Maths Degree
(Bristol University) & PhD from Cambridge University in Self(Bristol University) & PhD from Cambridge University in Self--Organising Systems (Evolution of Stochastic Automata) ,Organising Systems (Evolution of Stochastic Automata) ,
and his full professional biography is featured in the Marquis Directory of Who’s Who in the World: 2007and his full professional biography is featured in the Marquis Directory of Who’s Who in the World: 2007--2017 Editions2017 Editions.

“Master Class”: Armenia“Master Class”: Armenia -- DigiTec2012DigiTec2012
-- Smart Security, Economy & GovernanceSmart Security, Economy & Governance --
106
Download:Download: www.valentina.net/DigiTec2012/

“Smart Security”:“Smart Security”: 2121ststC Business ArchitecturC Business Architectureses
3434thth International EastInternational East--West Security Conference: Rome, ItalyWest Security Conference: Rome, Italy
107

-- SecureSecure Navigation in theNavigation in the ““Southern Seas”Southern Seas” --
““Captain James Horsburgh” (1762Captain James Horsburgh” (1762 –– 1836)1836)
Horsburgh Lighthouse:Horsburgh Lighthouse: SingaporeSingapore
Charting theCharting the “Southern Seas”“Southern Seas”
--“The India Directory”(1809)“The India Directory”(1809) --
for “The East India Company”for “The East India Company”
1)1) Horsburgh Island:Horsburgh Island: CocosCocos/Keeling Is/Keeling Is
2)2) Horsburgh Lighthouse: SingaporeHorsburgh Lighthouse: Singapore
3)3) Horsburgh/Horsburgh/GoidhooGoidhoo Atoll: MaldivesAtoll: Maldives
108
Horsburgh AtollHorsburgh Atoll
-- MaldivesMaldives --
Horsburgh IslandHorsburgh Island
--CocosCocos/Keeling/Keeling--
Horsburgh Lighthouse:Horsburgh Lighthouse: SingaporeSingapore3)3) Horsburgh/Horsburgh/GoidhooGoidhoo Atoll: MaldivesAtoll: Maldives
FromFrom “Smart Navigation”“Smart Navigation” toto “Smart Security”!“Smart Security”!
Dedicated to Memory of Edward Michael Horsburgh (1923Dedicated to Memory of Edward Michael Horsburgh (1923––2013)2013)

-- SecureSecure Navigation in theNavigation in the ““Southern Seas”Southern Seas” --
““Captain James Horsburgh” (1762Captain James Horsburgh” (1762 –– 1836)1836)
Horsburgh Lighthouse:Horsburgh Lighthouse: SingaporeSingapore
Charting theCharting the “Southern Seas”“Southern Seas”
--“The India Directory”(1809)“The India Directory”(1809) --
for “The East India Company”for “The East India Company”
1)1) Horsburgh Island:Horsburgh Island: CocosCocos/Keeling Is/Keeling Is
2)2) Horsburgh Lighthouse: SingaporeHorsburgh Lighthouse: Singapore
3)3) Horsburgh/Horsburgh/GoidhooGoidhoo Atoll: MaldivesAtoll: Maldives
109
Horsburgh AtollHorsburgh Atoll
-- MaldivesMaldives --
Horsburgh IslandHorsburgh Island
--CocosCocos/Keeling/Keeling--
Horsburgh Lighthouse:Horsburgh Lighthouse: SingaporeSingapore3)3) Horsburgh/Horsburgh/GoidhooGoidhoo Atoll: MaldivesAtoll: Maldives
FromFrom “Smart Navigation”“Smart Navigation” toto “Smart Security”!“Smart Security”!
Dedicated to Memory of Edward Michael Horsburgh (1923Dedicated to Memory of Edward Michael Horsburgh (1923––2013)2013)

Smart Security Architectures for YOUR Business!

More Related Content

What's hot (20)

Viewers also liked (20)

Similar to Smart Security Architectures for YOUR Business! (20)

More from Dr David Probert (16)

Recently uploaded (20)

Smart Security Architectures for YOUR Business!