Asessment Findings Conclusion Recommendations RoadMap
-
Upload
ict-authority -
Category
Documents
-
view
227 -
download
0
Transcript of Asessment Findings Conclusion Recommendations RoadMap
-
8/12/2019 Asessment Findings Conclusion Recommendations RoadMap
1/22
COMESAMEETING/2ND ICTSUMMUTONCYBERSECURITY
25TH
28TH
NOV
2013SAFARIPARKHOTEL,NAIROBI,KENYA
STUDY:PKIforCIIPCOMESA
Member
states
Preparedness
ASSESSMENT&FINDINGS
MOTSIMABUSIN
-
8/12/2019 Asessment Findings Conclusion Recommendations RoadMap
2/22
PROBLEM,CONSTRAINTS&OBSTACLES
-
8/12/2019 Asessment Findings Conclusion Recommendations RoadMap
3/22
Awarenessislargelymissingwithregardsto:
Riskamountand
eminence
around
member
statescriticalinfrastructure.Minimumtonosecurity on critical infrastructures.
OpportunitybehindimplementingPKIasa
solutiontomanagerisks(Transfer/Mitigate).
Strategies or policies addressing the securityissues are not in the scope for most criticalprojects.
PROBLEM
-
8/12/2019 Asessment Findings Conclusion Recommendations RoadMap
4/22
CONSTRAINTS
&
OBSTACLES
AWARENESS
SENSE
OF
URGENCY
EXPERTISE
FORMULATING
A
BUSINESS
CASE
FOR
IT
SECURITY
COMPLEXITY
OF
SECURITY
ISSUES.
HIGH
TECHNOLOGY/AVAILABLITY
SYSTEMS
DEPLOYMENTS
WITHOUT
PROPPER
SECURITY
-
8/12/2019 Asessment Findings Conclusion Recommendations RoadMap
5/22
CHALLENGES
-
8/12/2019 Asessment Findings Conclusion Recommendations RoadMap
6/22
IMPLEMENTATION
-
8/12/2019 Asessment Findings Conclusion Recommendations RoadMap
7/22
BUDGET&BUDGETING
-
8/12/2019 Asessment Findings Conclusion Recommendations RoadMap
8/22
VISUALIZING
THE
SITUATION
-
8/12/2019 Asessment Findings Conclusion Recommendations RoadMap
9/22
CRITICALINFRASTRUCTURESNETWORK(Terminals,devices,Serversandmanagementconsoles)
EXAMPLES: POWERGRIDS/PLANTS
WATERSUPPLYSYSTEMS
AIRTRAFFICCONTROLS
REFINERIES
NEUCLEARPLANTS
TRANSPORTATIONSYSTEMS(TRAINS,METROS,..ETC)
ETC
ENGINEERIN
G
PCs/laptops
OTHER
EMPLOYEES
PCS/laptops
TESTING
Guest
WIFI
WEB AND
MAIL
SERVERS
Authentication
Database
AIRGAP
(FIREWALL)
Us
eofUSBto(movefiles,co
pydata,
loadnew
softw
are
etc.,
-
8/12/2019 Asessment Findings Conclusion Recommendations RoadMap
10/22
TheSCADA,
PLC
,or
any
control
system
VALVE
S
FANS
RADIATION
SENSORS
TEMPRATU
RE
READINGS
WATE
R
LEVEL
ENGINEERIN
G
PCs/laptops
OTHER
EMPLOYEES
PCS/laptops
TESTING
Guest
WIFI
WEB AND
MAIL
SERVERS
Authentication
Serversand
managementPCS
Database
AIRGAP
(FIREWALL) U
SINGUSB
-
8/12/2019 Asessment Findings Conclusion Recommendations RoadMap
11/22
SourceFortinet.com
SCADA,PLC,..etc.,in
industrial
environment
-
8/12/2019 Asessment Findings Conclusion Recommendations RoadMap
12/22
THE
FINDINGS
-
8/12/2019 Asessment Findings Conclusion Recommendations RoadMap
13/22
LackofAwareness[Triggers:incident,
regulation,customer
demand]
Lackof
laws,
policies,
&
law
enforcement
capabilities.
Lackofstandards&technologies.
Scarcityinresourcesandweaknessesin
capacitybuilding.
-
8/12/2019 Asessment Findings Conclusion Recommendations RoadMap
14/22
RECOMMENDATIONS
-
8/12/2019 Asessment Findings Conclusion Recommendations RoadMap
15/22
Boostawareness
and
capacity
buildingonCIIPandPKI.
Consultants,Implementation
partner,and
technology
selection
iscrucial
Recommendations:
-
8/12/2019 Asessment Findings Conclusion Recommendations RoadMap
16/22
DESIGNREALITY
GAP
must
always
beperformedwithsuchlargescale
projects.
UNCITRAL,IETF,FIPS,ITU,and
other
international
PKI
standards.
Recommendations:
-
8/12/2019 Asessment Findings Conclusion Recommendations RoadMap
17/22
SAMPLESTRATEGYOFCIIP
-
8/12/2019 Asessment Findings Conclusion Recommendations RoadMap
18/22
USAFederalAviationAdministration(FAA)
hasdevelopedseveralstrategyguidelinesto
helpstrengthencyberdefense;itincludes:
Systemandnetworkshardening.
Segmentationandisolationof
systemsandnetworks.
Establishredundancyandbackupto
avoidservice
disruption
-
8/12/2019 Asessment Findings Conclusion Recommendations RoadMap
19/22
e.g., Approach to Protecting the U.S. Air Traffic Control System Against Cyber
Terrorism.
Reference:http://www.incose.org
-
8/12/2019 Asessment Findings Conclusion Recommendations RoadMap
20/22
FederalAviation
Administrations
model
in
protecting
air
traffic
control
systems.
Source:http://www.incose.org
-
8/12/2019 Asessment Findings Conclusion Recommendations RoadMap
21/22
FAAS APPROACH
TO
ACHIEVE
THE
STRATEGY.
Establishstrategy,policy,andguidance
Systematicallyandcontinuallyexamine
threatsandvulnerabilities
Createan
information
systems
security
architecturethatrespondstothosethreats
andvulnerabilities
Implementinformationsystemsand
networksconsistent
with
the
architecture
-
8/12/2019 Asessment Findings Conclusion Recommendations RoadMap
22/22
CONT.
FAAS APPROACH
TO
ACHIEVE
THE
STRATEGY.
Establish,institutionalize,and
continuouslyimprove
processes
Deploysecuritymeasuresincrementally
Monitorcomplianceandmeasureprogress
Managerisksproactivelyateachmajor
decisionpoint