Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
The PANOPTESEC project
(FP7 Project number 610416)
DynamicRiskApproachesforAutomatedCyberDefence
Andrea Guarino
ICT Security, Privacy & Compliance Manager
Acea SpA
Rome, 27/09/2017
Cybertech - Rome, 27/09/2017
Cybertech - Rome, 27/09/2017
People learn how to cope with new technologies at their own pace, some more easily than others. (…) Successful defectors are always going to be able to outpace the average capability of society (...)
Because information system attacks can be automated and encapsulated in software, the capability to launch these attacks can propagate. (…) On the Internet, only the first attacker has to be skilled.
Everyone else can just use software (…)
One thing that makes it easier to defect from society is finding a subgroup of defectors. This both makes it easier to overcome moral and reputational pressures, and allows defectors to trade tips on
overcoming the legal pressure and security systems (…)
Technology can affect the scope of defection in many ways, but in general, it gives the attackers more leverage. So the more technological a society is, the greater the security gap is (…) The important thing to remember is this: no security system is perfect. It's hard to admit in our
technologically advanced society that we can't do something, but in security there are a lot of things we can't do. (…)
This is the normal state of our actual and future life
From“LiarsandOutliers”,2012(BruceSchneier,CTOofResilientSystems):
The current state-of-play of Cyber Threat: cybercrime , cyber espionage, cyber terrorism and casual / intentional vulnerabilities and attacks
Cybertech - Rome, 27/09/2017
This Intel AMT vulnerability, announced in May 2017, has a “perfect” CVSS v2 score of 10 (highest value and exposure).
Removing it requires a FIRMWARE update from HW vendor, not just a normal OS patch
… so we must evaluate, prioritize and treat risks dynamically to prepare and (re)act:
FP7Projectnumber610416DynamicRiskApproachesforAutomatedCyberDefence
Cybertech - Rome, 27/09/2017
Cybertech - Rome, 27/09/2017
Cybertech - Rome, 27/09/2017
Cybertech - Rome, 27/09/2017
ThePANOPTESECprojectwassponsoredinpartbytheEuropeanCommission,SeventhFrameworkProgramme,DGConnect,Projectnumber610416
VariousPANOPTESECdocuments,presentaJons,scienJficpapersandvideosarepublicallyavailableat:www.panoptesec.eu
Pleasefollowtheprojecton:
Linkedin:hPps://www.linkedin.com/groups/7461693TwiPer:#PANOPTESEC
ForaddiJonalinformaJonpleasecontact:
[email protected](UserAgencyTeamLeader)
Cybertech - Rome, 27/09/2017