Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
CYBERSECURITY AND PROTECTING TODAY'S INFRASTRUCTURE Andrew J Hacker, CISSP, ISSAP CEO, Thought Networks, LLC
THE WORLD'S FIRST ARTIFICIAL INTELLIGENCE BLOCKCHAIN
thought.live
the basic physical and organizational structures and facilities (e.g. buildings, roads, power supplies) needed for the operation of a society or enterprise.
How do we define infrastructure?
WHAT IS INFRASTRUCTURE?
thought.live
Name some important infrastructures?...
What do these infrastructures impact?...
Are they physical or digital?...
Another more general definition: the underlying foundation or basic framework (as of a system or organization)
WHAT IS CRITICAL INFRASTRUCTURE?
�4thought.live
PROBLEM
�5thought.live
Answer: BITS
What is biggest change to infrastructure in the last 20-30 years?
REALITY
INFRASTRUCTURE ATTACKS
• Ukraine Power Grid - SCADA - 230,000 no power - 2015
• Rye Brook, NY, Dam attack, cellular modem - 2013, reported 2016
• US Nuclear Power Plants - Wolf Creek, spear fishing, year unpublished
• UK Energy sector - unspecified successful control system compromise, year unpublished
• SWIFT global bank msg system - financial theft $MM, 2015/2016
• STUXNET - Iran 2010
�6thought.live
SCADA - Supervisory Control And Data Acquisition
IoT/IoX - Internet of Things, Internet of X
According to SpiceWorks' Future of Network and Endpoint Security report, published Tuesday, 32% of organizations still have at least one Windows XP device connected to their network, despite extended support for XP ending in 2014. -- report released in 2019!
Biostar 2 security system sold by South Korea-based Suprema - hack reported 8/14/2019
28 million records—including plain-text passwords, face photos, and personal information—that was used to secure buildings around the world.
“Plenty of accounts had ridiculously simple passwords, like ‘Password’ and ‘abcd1234’.
BUILDING INFRASTRUCTURE HACKUSAUnion Member House – Coworking space and social club with 7,000 users.Lits Link – Software development consultancy.Phoenix Medical – Medical products manufacturer.
IndonesiaUptown – Jakarta-based coworking space with 123 users.
India and Sri LankaPower World Gyms – High-class gym franchise with branches across both countries. We accessed 113,796 user records and their fingerprints.
United KingdomAssociated Polymer Resources – Plastics recycling specialists.Tile Mountain – Home decor and DIY supplier.Farla Medical – Medical supply store.
UAEGlobal Village – An annual cultural festival, with access to 15,000 fingerprints.IFFCO – Consumer food products group.
FinlandEuro Park – Car parking space developer with sites across Finland.
TurkeyOstim – Industrial zone construction developer.
JapanInspired.Lab – Coworking and design space in Chiyoda City, Tokyo.
BelgiumAdecco Staffing – We found approximately 2,000 fingerprints connected to the staffing and human resources giant.
GermanyIdentbase – Data belonging to this supplier of commercial ID and access card printing technology was also found in the exposed database.
IT/OT CONVERGENCE
CYBER BEST PRACTICES
�10thought.live
"Network teams must collaborate heavily with other business units as new opportunities in 5G and edge computing arise"
"Edge computing can be used to reduce latency and will experience increasing growth to satisfy the demand for high-quality digital experiences moving forward"
"Becoming digital at scale raises the bar for I&O teams and their partners"
GARTNER 10 TRENDS IMPACTING I&O FOR 2019
CRITICAL INFRASTRUCTURE BEST PRACTICES
• Integrate Cybersecurity with Artificial Intelligence and Machine Learning
• Increase Visibility
• Improve Preparation Planning
• Align all your crisis response plans
• Build or update a cross-functional crisis team
• Develop a written plan
• Train your team
�11thought.live
• AI combines sensing, data, rules, action
• Increases visibility
• Suggests improvement or "learning"
ACTIVE DATA TRANSFORMATION FABRIC SOLVES MULTIPLE SECURITY AND AI ISSUES
▸ Intelligent data creates valuable information before overwhelming databases
▸ Real-time decisions implemented by smart data with dynamic security
�12
Local Decision Making, Action and Analytics
$
$
$
$
High Value Information
High Value Information
Local Decision Making,
Action and Analytics
Local Decision Making, Action and Analytics
Local Decision Making,
Action and Analytics
A NEW KNOWLEDGE INFRASTRUCTURE
Extracts business value automatically ‣ Smart data exploits patterns and
connections spontaneously Improves response time ‣ Smart data immediately knows
what to make happen next Creates infrastructure for artificial intelligence ‣ Smart data operates like neurons in
brain Unified Information Exchange (UIx) ‣ Manage the value of data and
algorithms directly, data lineage, algorithm evolution
Patented Smart Data operates on Global AI Blockchain Network
BLOCKCHAIN AND AI INFRASTRUCTURE
Use blockchain to distribute specialized processing nodes ‣ Nodes are embedded in devices and sensors
Create smart data action, analytics and AI templates ‣ Data models and algorithms are created by templates
Use token to assign value to data and action ‣ Manage the value of data directly, data lineage and evolution
Improve performance of ledger using hierarchical structure ‣ Require microsecond processing for real-time transactions
DIGITAL NEURON
INFRASTRUCTURE OF THE FUTURE
• Driverless Cars and Driverless Highways
• Tube Transportation Networks
• Atmospheric Water Harvesters
• Micro Colleges
• Space-Based Power Stations
• Drone Delivery Networks
• Mass Energy Storage
• Global Language Archive
• Whole Earth Genealogy Project
• Our Trillion-Sensor Infrastructure
Source: 2050 and the Future of Infrastructureby Thomas Frey | Aug 4, 2014 | Business Trends
�15thought.live
�16thought.live
https://arstechnica.com/information-technology/2019/08/found-world-readable-database-used-to-secure-buildings-around-the-globe/
https://www.boozallen.com/content/dam/boozallen_site/ccg/pdf/thought_p/cybersmart-buildings-whitepaper.pdf
https://www.huntsmansecurity.com/industries/critical-infrastructure/
http://resilens.eu/about-resilience/critical-infrastructures/
https://www.cbronline.com/cybersecurity/top-5-infrastructure-hacks/
https://www.welivesecurity.com/2018/05/30/trends-2018-critical-infrastructure-attacks/
https://www.csis.org/programs/technology-policy-program/significant-cyber-incidents
https://5g.security/cyber-kinetic/timeline-cyber-kinetic/
https://www.arcweb.com/blog/it-ot-cybersecurity-convergence
https://iiot-world.com/cybersecurity/
RESOURCES