1 / 9

Takehiro Sueta                Kyushu Electric Power Co., Inc. Japan

CIGRE SC D2 Colloquium November 2013 Mysore - KARNATAKA – INDIA. D2-02_09 Construction of Next-generation Security Infrastructure to Cope with Next Types of Cyber Attacks. Takehiro Sueta                Kyushu Electric Power Co., Inc. Japan. Haruki Terakura NEC Corporation Japan.

krayburn
Download Presentation

Takehiro Sueta                Kyushu Electric Power Co., Inc. Japan

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CIGRE SC D2 Colloquium November 2013 Mysore - KARNATAKA – INDIA D2-02_09Construction of Next-generation Security Infrastructure to Cope with Next Types of Cyber Attacks Takehiro Sueta               Kyushu Electric Power Co., Inc. Japan Haruki Terakura NEC Corporation Japan

  2. Table of Contents ■ Overview of Security Measures and Current Issues in Japan ■Background and Purpose ■ Construction of Next-generation Security Infrastructure ■ Overview of Outbound Content Security System Functions ■ Operational Status and Evaluation of Outbound Content Security System ■ Summary and Future Issues ■ Special Report Q&A

  3. Overview of Security Measures and Current Issues in Japan ■ Transition of server attacks. Aims of Attacks Mischievous intent, Showing off technical skills Industrial spy activities, Confidential Information Financial gain intent, Obstructive behavior Attackers • Organized groups, Spies Individual action • Small groups, Criminals Attack Methods Hacking, Web falsification • DoS attacks, Spam e-mails, etc. Targeted attacks Attack methods are becoming more sophisticated. This makes it difficult to prevent damage from such attacks by using conventional security measures and therefore, construction of the next-generation security infrastructure is required.

  4. Background and Purpose ■ Security measures in Kyushu Electric Power Company (KEPCO) External Network (Internet) Pattern matching based on comparison with virus definition files Inside the Company Security functions Customer Servers Inbound communications Access to KEPCO’s website, e-mail reception, etc. PC Company Malware check on PC Illegal access such as an attack against servers Public Office Blocked However, since these security measures present the risk of allowing unknown malware not identified by virus definition files to infiltrate the company, security measures need to be strengthened.

  5. Construction of Next-generation Security Infrastructure ■ KEPCO has introduced an outbound content security system. Inside the Company External Network (Internet) Information processing equipment Security functions Customer Inbound communications Servers Access to KEPCO’s website, e-mail reception, etc. Company OutboundContent Security System PC Outbound communications Public Office This system detects the activities of a PC infected with bot by constantly monitoring and analyzing of communication packets.

  6. Overview of Outbound Content Security System Functions ■ A bot-infected PC invariably communicate with the command-issuing server before transmission of internal information. Frequent communication probably by bot and transmission of internal information Communication with the command -issuing server PC infected with bot Bot activities Time Detection by the outbound content security system Not detected Frequent communication detected Communication detected Breaches of confidential information can be prevented by identifying and investigating the PCthat may be infected with bot at the point at which communication was first detected.

  7. Operational Status and Evaluation of Outbound Content Security System ■ KEPCO launched operation of the outbound content security system in August 2012. System Administrator External Network (Internet) Identification of PC and investigation Detection of illegal communication GET / HTTP/1.1 USER-AGENT: mozilla/4.0 sbot2.0 http://xxx.fjdiso.com/ss/cc/cc?v=3&i=f2a3eac8&r=e382d820391ddbcaddefa873802 The accessing server is a registered command-issuing server. Registered communication pattern as communication from bot ■ So far, a number of incidents have been detected. Since the results of investigations of the PCs concerned showed that they were infected with malware, the malware was eliminated. The introduction of the outbound content security system has made it possible to discover malware infections from the content of communications, even if the malware is unknown.

  8. Summary and Future Issues ■ Summary The introduction of the outbound content security system has enabled the detection of malware infections even if the malware concerned is unknown and not identified by virus definition files.As a result, it is now possible to discover the fact of malware infection at an early stage and prevent breaches of confidential information. ■ Future Issues The outbound content security system overreacts to and detects even normal communications as communications carried out by malware, resulting in increased system operation workload. => We will determine optimum detection criteria to reduce incorrect detections caused by overreaction of the system.

  9. Special Report Q&A Q2-1 ■ Will standardising communication protocols to support constant exchange of information and control commands between external consumers, their appliances and utilities, help prevent security incidents? => (Answer) No, we don’t think so. We think it will increase the possibility of security incidents.Because- Acquisition of technical skills related to standardising communication protocols is easier than for unique protocols.- Exploitation techniques will also become common knowledge. - Presently Attackers use common communication protocols such as HTTP and FTP to issue commands to or exploit confidential information from PCs they have successfully hacked. - In the future If communication protocols are standardized, the possibility of exploitation by attackers will increase as we see nowadays.

More Related