Скачать презентацию Cyber Security for Major Events Lynne Genik MSc Скачать презентацию Cyber Security for Major Events Lynne Genik MSc

33b72f244601d06b6c64eaf4ff29c9a4.ppt

  • Количество слайдов: 28

Cyber Security for Major Events Lynne Genik, MSc Operational Research Scientist, DRDC Centre for Cyber Security for Major Events Lynne Genik, MSc Operational Research Scientist, DRDC Centre for Security Science Luc Beaudoin, P. Eng, MSc, MBA Chief of Cyber Operations, Canadian Cyber Incident Response Centre Presentation for PST 2010 Innovation Day August 17, 2010 Defence Research and Development Canada Recherche et développement pour la défense Canada

Overview Lynne • Major Events • Why is Cyber Security Important? • Vancouver 2010 Overview Lynne • Major Events • Why is Cyber Security Important? • Vancouver 2010 Cyber Security Preparations • V 2010 MECSS Cyber Security Project • Observations/Lessons Learned Luc • • • Operational Implementation Vancouver 2010 Games G 8 G 20 Summits Lessons Learned Conclusion Defence R&D Canada – CSS • R & D pour la défense Canada – CSS

Defence R&D Canada • • Weapons Effects • Vehicles Autonomous Systems Military Engineering Chem Defence R&D Canada • • Weapons Effects • Vehicles Autonomous Systems Military Engineering Chem & Bio Defence Radar, EW Space Systems Information Operations Communications Synthetic Environment Electro-optics Combat Systems Command & Control Information Management Systems Environment Centre for Security Science Underwater Sensing Materials Air Vehicles Marine Vehicles Signature Mgt. Centre for Operations Research and Analysis 3 Human Factors Decision Support Command Effectiveness Operational Medicine Simulation & Modelling Defence R&D Canada – CSS • R & D pour la défense Canada – CSS

DRDC Major Events Coordinated Security Solutions (MECSS) Model “Operationalizing S&T Investment” al eder F DRDC Major Events Coordinated Security Solutions (MECSS) Model “Operationalizing S&T Investment” al eder F Security Partners RCMP Integrated Security Unit Major Events Public Safety SA Canada SA SA Reg ion a l British Columbia Public Safety SA Joint Task Force(G) SA Privy Council Office MECSS Exercises/CI/CBRNE G 8/G 20 ISU SA National Science and Technology Community S&T Clusters Federal Labs Centres of International Industry Academia Excellence R&D Canada – CSS S&T& D pour la défense Canada – CSS Defence • R S&T Source

Major Events • Focus the world spotlight on host country – V 2010: 10, Major Events • Focus the world spotlight on host country – V 2010: 10, 000 accredited, 4000 unaccredited media • Collaboration and cooperation of many organizations – All levels of government and private sector – V 2010 Exercise Gold: 140 agencies, 45 coordination centres, 2000 participants • Budgets in the billions – Security: V 2010 $1 B, G 8/G 20 $1 B – Broadcasting rights: NBC US$2. 2 B for 2010/2012 Olympics – Infrastructure costs: V 2010 Canada Line $2 B, Seato-Sky Highway expansion $1 B Defence R&D Canada – CSS • R & D pour la défense Canada – CSS

Vancouver 2010 – Some numbers Olympics Paralympics Athletes and officials 6500 1350 Registered athletes Vancouver 2010 – Some numbers Olympics Paralympics Athletes and officials 6500 1350 Registered athletes 2632 506 82 42 1. 6 M 250 k Participating countries Tickets available • 25, 000 volunteers • 6000 law enforcement, 5000 Canadian Forces, 4800 private security officers • 119 agencies contributing police/peace officer from across Canada • 43 days of aircraft patrol • 205, 000 accreditations (Olympic family, security workforce, VANOC, volunteers, etc. ) Defence R&D Canada – CSS • R & D pour la défense Canada – CSS

Why is Cyber Security Important? • Relied on by all sectors for operations – Why is Cyber Security Important? • Relied on by all sectors for operations – Safety – Security – Event broadcasting – Key messages/event results – Etc. • Significant cyber security incident would reflect badly on Canada Defence R&D Canada – CSS • R & D pour la défense Canada – CSS

V 2010 – Cyber Security Preparations • V 2010 Cyber Security Working Group • V 2010 – Cyber Security Preparations • V 2010 Cyber Security Working Group • V 2010 Integrated Exercises Series • Integrated Threat Assessment Centre (ITAC) • Joint Intelligence Group • ISU Critical Infrastructure Unit (physical security) • Individual organizations Defence R&D Canada – CSS • R & D pour la défense Canada – CSS

V 2010 - Cyber Issues • Gaps in cyber threat situational awareness – Interdependencies V 2010 - Cyber Issues • Gaps in cyber threat situational awareness – Interdependencies • Silos • Response Defence R&D Canada – CSS • R & D pour la défense Canada – CSS

V 2010 – MECSS Cyber Security Project • Getting started – Generally, those familiar V 2010 – MECSS Cyber Security Project • Getting started – Generally, those familiar with cyber operations saw value – Resistance from some key offices/people – Several key influential people were critical • Not a lot of time…. Defence R&D Canada – CSS • R & D pour la défense Canada – CSS

MECSS Cyber Security Project Goals: • Identify/close gaps • Establish cyber response capability across MECSS Cyber Security Project Goals: • Identify/close gaps • Establish cyber response capability across key stakeholders Approach: • Small team of experts from different departments • Identified key cyber stakeholders Defence R&D Canada – CSS • R & D pour la défense Canada – CSS

Defence R&D Canada – CSS • R & D pour la défense Canada – Defence R&D Canada – CSS • R & D pour la défense Canada – CSS

MECSS Cyber Security Project Approach (continued): • Performed cyber security review – Short list MECSS Cyber Security Project Approach (continued): • Performed cyber security review – Short list of questions – Face-to-face meetings Outputs: • Summary and recommendations provided to: – Integrated Security Unit – Canadian Cyber Incident Response Centre • Chart of key cyber stakeholders Defence R&D Canada – CSS • R & D pour la défense Canada – CSS

V 2010 Planning Observations • Organisations’ priorities varied by mandate and structure • Lack V 2010 Planning Observations • Organisations’ priorities varied by mandate and structure • Lack of actionable cyber intelligence information • No one organisation aware of all IT assets • Density of assets very high • Shared critical assets, sometimes without awareness • Some assets holistically critical • No system, authority, or forum for de-conflicting potential issues Defence R&D Canada – CSS • R & D pour la défense Canada – CSS

Lessons Learned during V 2010 Review • Establishing trust and credibility critical • Access Lessons Learned during V 2010 Review • Establishing trust and credibility critical • Access to right subject matter experts (SMEs) key • Not all levels of government have computer emergency response team capability • Stakeholder buy-in varied • Value of cyber information sharing not recognized from onset • Threat and risk assessments not formally completed by many key organisations • Cyber security knowledge in tacit form with SMEs • Audit checklist too formal and overwhelming Defence R&D Canada – CSS • R & D pour la défense Canada – CSS

Operational Implementation • About the Canadian Cyber Incident Response Centre (CCIRC) • Vancouver 2010 Operational Implementation • About the Canadian Cyber Incident Response Centre (CCIRC) • Vancouver 2010 Games • G 8 G 20 Summits • Lessons learned • Conclusion Defence R&D Canada – CSS • R & D pour la défense Canada – CSS

CCIRC’s Mandate “…coordinating the national response…” Defence R&D Canada – CSS • R & CCIRC’s Mandate “…coordinating the national response…” Defence R&D Canada – CSS • R & D pour la défense Canada – CSS

CCIRC’s Mandate… • Coordination point for Government of Canada (GC) cyber response; • Receive CCIRC’s Mandate… • Coordination point for Government of Canada (GC) cyber response; • Receive significant incidents reports from federal departments (GC IT Incident Management Plan); • Engage Cyber Triage Unit; • Provide cyber inputs into the Government Operations Centre (GOC) for situational awareness and risk assessment. • International point of contact for Canada for cyber security events (shared with Can. CERT, RECOL, and Anti -Fraud Centre); • Assist government departments, critical infrastructure owners and international partners with cyber security issues. Defence R&D Canada – CSS • R & D pour la défense Canada – CSS

Major Events Information Space Cyber Security Schedule of Events Results + Key Messages Media Major Events Information Space Cyber Security Schedule of Events Results + Key Messages Media broadcasting Defence R&D Canada – CSS • R & D pour la défense Canada – CSS

Major Events Cyber Threats 1. Direct and indirect (ex: power outages) denial of service Major Events Cyber Threats 1. Direct and indirect (ex: power outages) denial of service on critical IT services; 2. Hacktivism (criminal, copyright infringement, intellectual property, brand, etc); 3. Malware distribution scheme leveraging the event: – Phishing organizers and participants; – Broad distribution (ex: social media, video, search engine optimization (SEO) poisoning, etc. ) 4. Cyber incident affecting a guest/diplomat/VIP involving Canadian IT assets. Defence R&D Canada – CSS • R & D pour la défense Canada – CSS

Operational Challenges • Distributed Ownership – No clear national owner of the cyber security Operational Challenges • Distributed Ownership – No clear national owner of the cyber security puzzle: everyone has a piece; • Liability – Damages can be embarrassing and affect others (data exfiltration, infrastructure leveraged for sending spam and attacks, web defacement, etc. ) • Expertise – Terminology and complexity requires direct interactions between cyber professionals for accurate diagnostic of incident root cause and mitigation strategy. Defence R&D Canada – CSS • R & D pour la défense Canada – CSS

Key Cyber Stakeholders • Event Office of Prime Interest – Main web portal – Key Cyber Stakeholders • Event Office of Prime Interest – Main web portal – Shared services (schedule, media, connectivity, etc. ) • Support Organisations – – Weather systems; Air traffic systems and other transport services; Hotel/venue data services; Cellular and fibre service providers; • First Responders – VHF/UHF radios – Dispatch system – Emergency phone (911) • Physical Security – Area monitoring (camera network) – Access control systems – Police and military information networks; Defence R&D Canada – CSS • R & D pour la défense Canada – CSS – Satellite, unmanned aerial vehicles

Defence R&D Canada – CSS • R & D pour la défense Canada – Defence R&D Canada – CSS • R & D pour la défense Canada – CSS

Games Cyber Events • Vaucouver 2010. com – Hosted in Ukraine – Copy of Games Cyber Events • Vaucouver 2010. com – Hosted in Ukraine – Copy of Vancouver 2010. com; – Video codec; “Olympic hats and mittens” “ 2014 Winter Olympics” “David Atkins artist” “Luge Accident video Olympics” “Apollo Ono Speed Skater” “Opening Ceremony Olympics 2010” “Opening Ceremony Olympics Tickets” “Olympian Tweeting” “Nodar Kumaritashvili Death” “US short track speed skating” “K. D. Lang Olympics” Defence R&D Canada – “Olympic Parade défense Canada – CSS • R & D pour la of Nations” • Search engine optimization (SEO) poisoning of Google index

G 8/G 20 Key Cyber Stakeholders Provincial FIN Federal DND CFNOC CCIRC Ontario IPC G 8/G 20 Key Cyber Stakeholders Provincial FIN Federal DND CFNOC CCIRC Ontario IPC DFAIT SMO OPP ISU RCMP IC Telcos Toronto Municipal Defence R&D Canada – CSS • R & D pour la défense Canada – CSS

G 8/G 20 Cyber Events • Phishing – Financial sector – Federal departments http: G 8/G 20 Cyber Events • Phishing – Financial sector – Federal departments http: //apelbaum. files. wordpress. com/2010/02/phish 1. jpg Defence R&D Canada – CSS • R & D pour la défense Canada – CSS

Lessons Learned • Build trust – Face-to-face – Dedicated support staff • Enable Reporting Lessons Learned • Build trust – Face-to-face – Dedicated support staff • Enable Reporting – Regular teleconferences – Simple incident exchange mechanism • Incident report template • Provide secure communication channels – PGP; – PKI; Defence R&D Canada – CSS • R & D pour la défense Canada – CSS

Conclusion • Cyber security does not fit well in existing emergency management frameworks: – Conclusion • Cyber security does not fit well in existing emergency management frameworks: – Distributed ownership; – No geographical boundaries; – Time scale; • Defence R&D Canada was the right group to perform this work: – Expertise; – Trust (security clearances!) – Impartial; • There will always be cyber risks but identifying key stakeholders, building trust amongst them, and providing an information sharing forum has shown to be an efficient and effective way to mitigate risks. Defence R&D Canada – CSS • R & D pour la défense Canada – CSS