Protecting the cni bcs elite 9 june 2005
This presentation is the property of its rightful owner.
Sponsored Links
1 / 24

Protecting the CNI BCS ELITE 9 June 2005 PowerPoint PPT Presentation


  • 55 Views
  • Uploaded on
  • Presentation posted in: General

Protecting the CNI BCS ELITE 9 June 2005. Mick Morgan Head of Response. Overview. What is NISCC? What is the CNI? What is the threat? How does NISCC work? NISCC products and services. What is NISCC ?.

Download Presentation

Protecting the CNI BCS ELITE 9 June 2005

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Protecting the cni bcs elite 9 june 2005

Protecting the CNIBCS ELITE 9 June 2005

Mick Morgan

Head of Response


Overview

Overview

  • What is NISCC?

  • What is the CNI?

  • What is the threat?

  • How does NISCC work?

  • NISCC products and services


What is niscc

What is NISCC ?

NISCC is an inter-departmental centre which co-ordinates activityacross a range of organisations. Each organisation contributes resources and expertise to NISCC’s programme of work according to what value it can add.

NISCC’s aim is to minimise the risk to the Critical National Infrastructure (CNI) from electronic attack (eA).


An interdepartmental centre

Security

~ Police~ MI5~ CESG

Defence

~ MOD~ DSTL

Civil Government

~ Home Office~ Trade & Industry ~ Cabinet Office

An Interdepartmental Centre

contribute to


What is the cni

What is the CNI?

Those parts of the United Kingdom’s infrastructure for which continuity is so important to national life that loss, significant interruption or degradation of service would have life-threatening, serious economic or other grave social consequences for the community, or would otherwise be of immediate concern to the Government.


The cni sectors

Telecommunications

Energy

Finance

Government & Public Services

Water and Sewerage

Health Services

Emergency Services

Transport

Hazards

Food

The CNI Sectors


The threat

The Threat


Protecting the cni bcs elite 9 june 2005

Electronic attack (eA) : What is it?

“The use of computers to gain unauthorised access to the data or control software of computer-based systems in order to acquire or corrupt data or disrupt the functioning of systems.”

January 2002


Protecting the cni bcs elite 9 june 2005

Two types of eA

Untargeted attacks: Indiscriminate attacks affecting availability & many targets

  • Examples: Worms, viruses

  • Profile: High

  • Impact: Short term high

    Targeted attacks: These focus on a particular target address

  • Examples: Hacking attacks, e-mail Trojan attacks

  • Profile: Generally low

  • Impact: Can be high & long term


Protecting the cni bcs elite 9 june 2005

2005+: Emerging threat themes

  • Greater exploitation of richness of software & speed of wired/wireless networks

  • Growing online markets in malicious software & stolen information

  • Impact of globalisation eg data ‘offshoring’ & outsourcing of system procurement, services & maintenance

  • Developing eA capabilities of terrorists

  • Concerns about sophisticated eAs: Difficult to detect; may be impossible to mitigate


Exploiting a rich environment

Exploiting a rich environment

  • Malicious code seeks to infect ‘fast & furiously’; attackers take control; victims become future ‘seeders’ …

  • More data available on-line … more stealing … exploiting opportunities in feature-rich software

  • Attack infrastructure development: Networks of ‘botnets’ can be easily controlled for DDoS, spam, data egress etc … 1000s of ‘zombies’ out there!

  • Underpinned by growth & increased speed of broadband & mobile networks


Exploiting broadband botnets

Exploiting Broadband - Botnets

  • A roBOT NETwork or ‘botnet’is a network of compromised computers controlled by a client, a ‘botherder’ that issues commands via control or master servers

  • Command & control was Internet Relay Chat (IRC) but now can be any real time protocol inc Instant Messaging (IM)

  • The nodes of the ‘botnet’ (compromised PCs often called drones or zombies) are used to:

    • Compromise other computers

    • Flood targets (DDoS)

    • Propagate spam email

    • Sniffing, keylogging, mass id theft

    • Egress data …

  • DIY: Much bot source code is available on the Internet

  • Rent: Nets of 10-50,000+ attack zombies available …


The growing online marketplace

The growing online marketplace

  • ‘Goodbye kudos, hello $$££ … roubles?!’

  • Exploits for £££ … not for fun!

  • Markets for:

    • botnets: Just name your price & target!

    • malware: ‘zero-day’ exploits for purchase by all!

    • harvested info: CC nos, bank details, ids, passwords

    • processing time: on other people’s PCs!

  • Researchers motivated to discover more vulnerabilities

  • Faster ‘flash to bang’ times


Impact of globalisation

Impact of globalisation

  • Global market brings advantages .. & risks

  • Profits linked to globalisation BUT …

  • Equipment purchased overseas might have additional vulnerabilities; manufacturers might be subject to political pressure

  • Installation, maintenance & upgrade services provided from overseas are exploitable

  • Outsourcing services & offshoring data to foreign companies brings hard to manage risks: monitoring contracts is very difficult


How niscc works

Critical National Infrastructure

Outreach

Response

Threat Assessment

Research and Development. Policy

How NISCC works


How does niscc work

Critical National Infrastructure

Outreach

Response

Research and Development. Policy

How does NISCC work?

Investigation and Assessment


Investigating and assessing the threat

Investigating and Assessing the Threat

  • Making best use of technical, human and open sources to investigate.

  • Analysis and assessment.

  • Reports and specific threat assessments.

  • Disruptions.


How does niscc work1

Critical National Infrastructure

Response

Investigation and Assessment

Research and Development. Policy

How does NISCC work?

Outreach


Outreach

Outreach

Promoting Protection and Assurance:

  • Dialogue with all CNI sectors

  • Facilitating information exchanges

  • Tailored reports


How does niscc work2

Critical National Infrastructure

Outreach

Investigation and Assessment

Research and Development. Policy

How does NISCC work?

Response


Response

Response

  • Briefings and alerts via UNIRAS

  • Responsible disclosure of vulnerabilities

  • Assistance with recovery from direct attacks


Protecting the cni bcs elite 9 june 2005

NISCC Products

  • NISCC Monthly Bulletin of significant eA activity

  • NISCC QuarterlyReview has broader articles on CIP issues

  • NISCC Briefings address topics of current concern

  • UNIRAS Alerts highlight vulnerabilities to be fixed now!

  • UNIRAS Briefings inform on emerging technical issues

  • UNIRAS Technical Notes provide detailed advice

  • Details at www.niscc.gov.uk or www.uniras.gov.uk or e-mail [email protected]


Protecting the cni bcs elite 9 june 2005

NISCC Assurance Report

for

National Infrastructure plc

September 2003

Outreach products

  • NISCC reporting:

  • Threat assessments for specific CNI companies;

  • UNIRAS (UK CERT) distribution to the CNI;

  • Presentations to Seminars, Forums & Associations;

  • WARPs, Information Exchanges;

  • CNI Assurance Reports.


Protecting the cni bcs elite 9 june 2005 www niscc gov uk

Protecting the CNIBCS ELITE 9 June 2005www.niscc.gov.uk

Mick Morgan

Head of Response


  • Login