Embed Size (px)
Citation preview
Copyright © FireEye, Inc. All rights reserved.1 Copyright © FireEye, Inc. All rights reserved.1
CYBER RESILIENCE FOR SMART CITIESARE WE PREPARED
Presented by Vipul Kumra
Copyright © FireEye, Inc. All rights reserved.2
ELEMENTS OF A SMART CITY
Copyright © FireEye, Inc. All rights reserved.3
It has been on the forefront of using technology to improve urban life, and many of its smart city projects have been highly successful. One such example is collecting and monitoring energy consumption within city buildings. This real-time monitoring of data can detect energy overuse anomalies and allows for rapid corrections, so reducing energy wastefulness.
Smart Cities Across Globe
Copyright © FireEye, Inc. All rights reserved.4
One of the keystone smart city initiatives deals with water. To help meet demand, smart meters measure water consumption - and more importantly, detect and eliminate leaking pipes. Astonishingly, up to 40% of urban water is lost in transport from the distribution pumps to the consumer. Thanks to leak-detection sensors, Copenhagen's water loss is down to only 7%.
COPENHAGEN
Copyright © FireEye, Inc. All rights reserved.5
Singapore's sophisticated traffic and control systems maximize road network efficiency capacity as well as monitor and manage traffic flow in real time to make roads safer and keep traffic flowing smoothly. Allows timely dissemination of traffic information which is key to help motorists take the best route to their destinations.
SINGAPORE
Copyright © FireEye, Inc. All rights reserved.6
Information
Technology(IT)
Operational
Technology
(OT)
Smart Objects
Large and Complex Attack Surfaces
Part of being “smart” is utilizing IoT Networks?
Copyright © FireEye, Inc. All rights reserved.7
IT and OT are Inherently Different
IT (Information Technology)
• Connectivity: “Any-to-Any”, IP based networks
• Network Posture: Confidentiality, Integrity, Availability (CIA)
• Interfaces: Operating systems and applications, Unix, GUI, Web browser, terminal, and keyboard
• Response to Attacks: Quarantine/Shutdown to Mitigate
• Connectivity: Hierarchical, proprietary networks, Modbus etc.
• Network Posture: Availability, Integrity, Confidentiality (AIC)
• Interfaces: Electromechanical, sensors, actuators, coded displays – PLC, SCADA, DCS
• Response to Attacks: Non-stop Operations/Mission Critical – Never Stop, Even if Breached
OT (Operational Technology)
Copyright © FireEye, Inc. All rights reserved.8
When IoT Fails
Some information about the blackout impact:
• 508 generating units at 265 power plants were shut down
• Water systems in several cities lost pressure
• New York City had 3,000 fires calls
• The New York City 311 information hotline received over 75,000 calls
• Mobile networks overloaded and were disrupted
• Hundreds of flights were cancelled
• New York State lost billions of dollars in costs
A blackout affected an estimated 10 million people in Ontario and 45 million people in eight US states.
Copyright © FireEye, Inc. All rights reserved.9
When IoT FailsUkraine• Attackers controlled some systems within three Ukrainian power companies' networks for more than
six months, a fact only revealed after they cut power to more than 225,000 people in December 2015. The hackers weren’t just opportunists; they were skilled and stealthy strategists who carefully planned their assault over many months.
Turkey• The airports in Istanbul were the victims of an attack. A malware infection shut down the passport
control system. Germany• The server of the German Customs Investigation Bureau and Federal Police was infected by an
advance malware. Consequently, GPS data, telephone numbers and registration numbers of suspects were accessed.
San Francisco Bay Area • Rapid Transit (BART) was shut down. It affected 19 trains with about 500 to 1,000 passengers on
board. Passengers were trapped on trains in the late evening and early morning hours.
Copyright © FireEye, Inc. All rights reserved.10
“Thousands of cyber-attacks […] strike at government, ..the defense department, our intelligence agencies. Cyber is now at a point where the technology is there to cripple a country, to take down our power grid systems, to take down our government systems, take down our financial systems and literally paralyze the country.”
• Leon Panettaformer Secretary of Defense
Copyright © FireEye, Inc. All rights reserved.11
• Resilience: The ability of an ecosystem to return to its original state after being disturbed
(Collins Dictionary)
A Cyber Resilient Smart City
• Cyber resilience: Capability to withstand negative impacts due to known, predictable, unknown, unpredictable, uncertain and unexpected threats from activities in cyberspace
(Information Security Forum)
Copyright © FireEye, Inc. All rights reserved.12
FOUNDATIONAL TRUTHS
Copyright © FireEye, Inc. All rights reserved.13
FOUNDATIONAL TRUTH #1
Copyright © FireEye, Inc. All rights reserved.14
FOUNDATIONAL TRUTH #2
Copyright © FireEye, Inc. All rights reserved.15
FOUNDATIONAL TRUTH #3
Copyright © FireEye, Inc. All rights reserved.16
Recommendations: Securely Embrace IoT!
• Create specific city CERTs that can deal with cyber incidents, vulnerability reporting and patching, coordination, information sharing, and so on.
• Create a Cybersecurity framework and adhere to it. Explicit policies should cover everything from the selection of systems, procurement of systems, management of systems, and who accesses systems to the manner in which technology is disposed of securely once it has reached the end of its life.
• Make funding for Cybersecurity personnel a priority rather than an afterthought. As cities become more connected and smart these people will be the gatekeepers for protecting data and public technology assets.
Securely Embrace IoT!
Copyright © FireEye, Inc. All rights reserved.17
Recommendations: Securely Embrace IoT!
• Perform quarterly Cyber Event exercises to test the readiness and reliability of response plans and employee/citizen education efforts. Train personnel to react to crisis with and without access to cyber-resources.
• Perform regular penetration test / red teaming exercise on all city systems and networks. Remember: You are getting a Free Penetration Test Every Hour
• Finally, prepare for the worst and create a threat model for every conceivable scenario.
Copyright © FireEye, Inc. All rights reserved.18
• Australia: CRITICAL Strategies for Cybersecurity: “Automated dynamic analysis of email and web content run in a sandbox to detect suspicious behavior including network traffic, new or modified files, or other configuration changes”
• USA: “The information system implements non-signature-based malicious code detection
• Japan: Tougher Security Standards
• Global Council on Cybersecurity: “Ensure that automated monitoring tools use behavior based anomaly detection to complement traditional signature based detection.”
• Europe/Germany: “State of the art security”, Data Breach Reporting & Auditing, National Strategy
Policy Trends
Copyright © FireEye, Inc. All rights reserved.19
Shodan shows how vulnerable the Internet of Things is…
