CYBER SECURITY BANGKOK 23.11€¦ · technical response strategy and policy . focus of the...

40
CYBER SECURITY BANGKOK 23.11.2015

Transcript of CYBER SECURITY BANGKOK 23.11€¦ · technical response strategy and policy . focus of the...

Page 1: CYBER SECURITY BANGKOK 23.11€¦ · technical response strategy and policy . focus of the conference critical ... build your defense strategy on best practices have emergency plans

CYBER SECURITY

BANGKOK

23.11.2015

Page 2: CYBER SECURITY BANGKOK 23.11€¦ · technical response strategy and policy . focus of the conference critical ... build your defense strategy on best practices have emergency plans

FOCUS OF THE CONFERENCE

CURRENT DEVELOPMENTS

CRITICAL INFRASTRUCTURE PROTECTION SPECIAL FOCUS ON CYBERSECURITY DIMENSION

RESPONSE TO THREATS TECHNICAL RESPONSE STRATEGY AND POLICY

Page 3: CYBER SECURITY BANGKOK 23.11€¦ · technical response strategy and policy . focus of the conference critical ... build your defense strategy on best practices have emergency plans

FOCUS OF THE CONFERENCE

CRITICAL INFRASTRUCTURE PROTECTION (CIP)

CRITICAL INFORMATION INFRASTRUCTURE PROTECTION (CIIP) VS

Page 4: CYBER SECURITY BANGKOK 23.11€¦ · technical response strategy and policy . focus of the conference critical ... build your defense strategy on best practices have emergency plans

DEVELOPMENTS WITH IMPACT ON NCI

Page 5: CYBER SECURITY BANGKOK 23.11€¦ · technical response strategy and policy . focus of the conference critical ... build your defense strategy on best practices have emergency plans

THE CHALLENGES WILL INCREASE

2014

Page 6: CYBER SECURITY BANGKOK 23.11€¦ · technical response strategy and policy . focus of the conference critical ... build your defense strategy on best practices have emergency plans

THE CHALLENGES WILL INCREASE

ESPECIALLY WITH REGARD TO ARTIFICIAL INTELLIGENCE

TECHNICAL INNOVATIONS CONTINUE AMAZING OPPORTUNITIES FOR SOCIETY

Page 7: CYBER SECURITY BANGKOK 23.11€¦ · technical response strategy and policy . focus of the conference critical ... build your defense strategy on best practices have emergency plans

THE CHALLENGES WILL INCREASE

ESPECIALLY WITH REGARD TO ARTIFICIAL INTELLIGENCE

TECHNICAL INNOVATIONS CONTINUE AMAZING OPPORTUNITIES FOR SOCIETY

Page 8: CYBER SECURITY BANGKOK 23.11€¦ · technical response strategy and policy . focus of the conference critical ... build your defense strategy on best practices have emergency plans

THE CHALLENGES WILL INCREASE

AI HAS THE POTENTIAL TO BE A GAME CHANGER SIGNIFICANT DEVELOPMENTS

„SECOND HALF OF THE CHESS BOARD“

Page 9: CYBER SECURITY BANGKOK 23.11€¦ · technical response strategy and policy . focus of the conference critical ... build your defense strategy on best practices have emergency plans

THE CHALLENGES WILL INCREASE

„NAME YOUR REWARD“

„OH EMPEROR, MY WISHES ARE SIMPLE. GIVE ME ONE GRAIN OF RICE FOR THE FIRST SQUARE OF THE CHESSBOARD AND DOUBLE

IT EVERY NEXT FIELD“

Page 10: CYBER SECURITY BANGKOK 23.11€¦ · technical response strategy and policy . focus of the conference critical ... build your defense strategy on best practices have emergency plans

THE CHALLENGES WILL INCREASE

EXAMPLE: SELF DRIVING CARS VARIOUS TEST PROJECTS

NOT A SINGLE ACCIDENT CAUSED BY SELF DRIVING CARS IN GOOGLES PROJECT

THIS WILL HAVE AN IMPACT ON ONE NCI (TRANSPORTATION)

Page 11: CYBER SECURITY BANGKOK 23.11€¦ · technical response strategy and policy . focus of the conference critical ... build your defense strategy on best practices have emergency plans

TRANPORTATION

OBVIOUSLY THERE IS A DEBATE ABOUT CYBERSECURITY THREATS OF HACKING ATTACKS

Page 12: CYBER SECURITY BANGKOK 23.11€¦ · technical response strategy and policy . focus of the conference critical ... build your defense strategy on best practices have emergency plans

RECENT RESEARCHES SHOW THE POTENTIAL COUNTER MEASURES NEED TO BE DISCUSSED

BUT THE DISCUSSION SHOULD NOT IGNORE REMAINING PHYSICAL VULNERABILITIES

TRANPORTATION

Page 13: CYBER SECURITY BANGKOK 23.11€¦ · technical response strategy and policy . focus of the conference critical ... build your defense strategy on best practices have emergency plans

BUT FOR SOCIETIES IT IS NECESSARY LOOK BEYOND OBVIOUS SECURITY RISKS

MAJOR IMPACT ON SOCIETIES IN GENERAL AND JOBS

TRANPORTATION

Page 14: CYBER SECURITY BANGKOK 23.11€¦ · technical response strategy and policy . focus of the conference critical ... build your defense strategy on best practices have emergency plans

SMART CITY

SMART CITIES OFFER INCREADIBLE OPPORTUNITES INCREASING USE OF ICT WILL ALLOW FURTHER GROWTH

ENGERGY PRODUCTION CAN BE ARRANGED LOCALLY RENEWABLE ENERGY CONCEPTS

Page 15: CYBER SECURITY BANGKOK 23.11€¦ · technical response strategy and policy . focus of the conference critical ... build your defense strategy on best practices have emergency plans

SMART CITY / TRAFFIC CONTROL

CYBER RISK – DOCUMENTED CASES

Page 16: CYBER SECURITY BANGKOK 23.11€¦ · technical response strategy and policy . focus of the conference critical ... build your defense strategy on best practices have emergency plans

CHALLENGES OF CYBER ATTACKS AGAINST CRITICAL INFRASTRUCTURE

Page 17: CYBER SECURITY BANGKOK 23.11€¦ · technical response strategy and policy . focus of the conference critical ... build your defense strategy on best practices have emergency plans

QUANTITY OF ATTACKS

VULNERABLE

CYBERSECURITY IS A MAJOR CONCERN BASICALLY ALL BUSINESSES THAT USE ICT ARE

HIGHLY RELEVANT FOR NCI PROVIDER INCREASING USE OF ICT AND DIGITALIZATION

IMPACT ON THE STRATEGY (PREVENTION VS RESPONSE)

Page 18: CYBER SECURITY BANGKOK 23.11€¦ · technical response strategy and policy . focus of the conference critical ... build your defense strategy on best practices have emergency plans

CHANGING SOLUTIONS PREVENTION

DETECTION

RECOVERY

PREVENTION

SENSORS NEXT GENERATION SECURITY OPERATION CENTER SECURITY INFORMATION AND EVENT MANAGEMENT (SIEM)

INSURANCES THAT ADDRESS THE SPECIFIC RISKS AND PROVIDE SUFFICIENT COVERAGE

PAST TODAY

Page 19: CYBER SECURITY BANGKOK 23.11€¦ · technical response strategy and policy . focus of the conference critical ... build your defense strategy on best practices have emergency plans

CYBERCRIME HAS „GROWN UP“

CENTR

AL  BAN

K  IRAQ

 (300-­‐1000  MILLION)  

BOSTON  M

USEUM  (3

00  M

ILLION)  

DAR  ES  SALAA

M  (3

00  M

ILLION)  

KNIGHT

SBRIDG

ESEC

URITY  111  M

ILLION)  

CENTR

AL  BAN

K  BR

AZIL    (70  M

ILLION)  

NORT

HERN

 BAN

K    (5

0  MILLION)  

RAK  BA

NK  CY

BER  AT

TACK

     (45  MILLION)  

BCCI  (>

100  BILLION)  

BANK  OF  NY  (7  BILLION)  

LIBE

RTY  RE

SERV

E  (6  BILLION)  

SANI  A

BACH

A  (5  BILLION)  

NAU

RU    (>70    BILLION)  

STAN

DARD

 CHA

RTER

ED    (>200  BILLION)  

MAR

COS  (7  BILLION)  

45.000.000 6.000.000.000 RAK BANK CYBER ATTACK LIBERTY RESERVE

Page 20: CYBER SECURITY BANGKOK 23.11€¦ · technical response strategy and policy . focus of the conference critical ... build your defense strategy on best practices have emergency plans

INCREASING LOSSES

VULNERABLE

LOSSES ARE INCREASING BASICALLY ALL BUSINESSES THAT USE ICT ARE

HOME  DEPOT  –  43  MIL  

TARGET–  1

48  MIL  

SONY  2014–  15  MIL  

DEVELOPING A RESPONSE STRATEGY CHALLENGING

Page 21: CYBER SECURITY BANGKOK 23.11€¦ · technical response strategy and policy . focus of the conference critical ... build your defense strategy on best practices have emergency plans

IMPACT COMPARISON

FOCUS ON INDIVIDUALS AND BUSINESSES LARG

E  ENTERPRI

SES  

INDIVIDUALS  

ATTACKS AGAINST NCI COULD BE MORE SEVERE

Page 22: CYBER SECURITY BANGKOK 23.11€¦ · technical response strategy and policy . focus of the conference critical ... build your defense strategy on best practices have emergency plans

RELEVANCE FOR GOVERNMENT

„SHOULDN‘T GOVERNMENTS FOCUS ON CRIME“?

RELEVANCE FOR GOVERNMENTS ? „ISN‘T THIS A PRIVATE SECTOR PROBLEM“?

GOVERNMENTS USE ICT NEGATIVE EXAMPLE: GERMANY EXCLUDED

ADMINISTRATION FROM BINDING CYBERSECURITY LEGISLATION

Page 23: CYBER SECURITY BANGKOK 23.11€¦ · technical response strategy and policy . focus of the conference critical ... build your defense strategy on best practices have emergency plans

RELEVANCE FOR GOVERNMENT

CYBER ATTACKS AGAINST GOVERNMENTS CONCERN FOR DECADES

INCREASING DEPENDENCE ON ICT

ALREADY IN THE PAST ATTACKS DID FOCUS ON NCI

Page 24: CYBER SECURITY BANGKOK 23.11€¦ · technical response strategy and policy . focus of the conference critical ... build your defense strategy on best practices have emergency plans

HARMONIZATION OF TECHNOLOGY

USED IN PLANES, CARS, FACTORY NETWORKS

RELEVANCE OF TCP/IP IS NOT LIMITED TO „THE INTERNET“ DE FACTO STANDARD FOR DATA EXCHANGE

THE NCI ENVIRONMENT

OPERATING SYSTEMS ARE TODAY DEVELOPED FOR DIFFERENT ENVIRONMENTS

IMPORT OF RISKS INTO

Page 25: CYBER SECURITY BANGKOK 23.11€¦ · technical response strategy and policy . focus of the conference critical ... build your defense strategy on best practices have emergency plans

NEED TO PAY ATTENTION TO SPECIFITIES OF NCI

LIFE CYCLE SOFTWARE UPDATES

HARDWARE

NCI

VULNERABILITIES

SOFTWARE

Page 26: CYBER SECURITY BANGKOK 23.11€¦ · technical response strategy and policy . focus of the conference critical ... build your defense strategy on best practices have emergency plans

RELEVANCE OF AN ASSESSMENT OF RISK EXPOSURE AND CAPACITIES

Page 27: CYBER SECURITY BANGKOK 23.11€¦ · technical response strategy and policy . focus of the conference critical ... build your defense strategy on best practices have emergency plans

RELEVANCE OF ASSESSMENT

HOW MANY NCI COMPUTER SYSTEMS STILL RUN WINDOWS XP?

MICROSOFT DOES NOT PROVIDE SECURITY UPDATES FOR WINDOWS XP ANYMORE

Page 28: CYBER SECURITY BANGKOK 23.11€¦ · technical response strategy and policy . focus of the conference critical ... build your defense strategy on best practices have emergency plans

RELEVANCE OF ASSESSMENT

HOW MANY NCI FACILITIES STILL USE SCADA DEVICES THAT

STUXNET CLEARLY DISCLOSED THE VULNERABILITY OF SCADA DEVICES

OPERATORS PROVIDED PATCHES

HAVE NOT BEEN PATCHED?

Page 29: CYBER SECURITY BANGKOK 23.11€¦ · technical response strategy and policy . focus of the conference critical ... build your defense strategy on best practices have emergency plans

GOVERNMENT RESPONSE

Page 30: CYBER SECURITY BANGKOK 23.11€¦ · technical response strategy and policy . focus of the conference critical ... build your defense strategy on best practices have emergency plans

QUANTITY

GOVERNMENTS STRUGGLE WITH RESPONSE LESS RESOURCES – COMPETITION FOR BEST PEOPLE

DESPITE IMPROVEMENTS LACK OF STRATEGY LACK OF AWARENESS AT TOP LEVEL

LIMITED RISK ASSESSMENTS OUTDATED POLICIES AND LEGISLATION

Page 31: CYBER SECURITY BANGKOK 23.11€¦ · technical response strategy and policy . focus of the conference critical ... build your defense strategy on best practices have emergency plans

QUALITY

CYBER ATTACKS BECOME MORE SOPHISTICATED

LONG LASTING REMOVAL AND RECOVERY CAN BE A PROBLEM

WHEN IT COMES TO NCI

ADVANCED PERSISTENT THREAT CHALLENGE WITH REGARD TO RECOVERY

Page 32: CYBER SECURITY BANGKOK 23.11€¦ · technical response strategy and policy . focus of the conference critical ... build your defense strategy on best practices have emergency plans

GOVERNMENT ACTION

CYBERSECURITY STRATEGY & POLICY

LEGISLATIO

N

INSTITUATIONAL CAP.

AWARENESS RAISING

Page 33: CYBER SECURITY BANGKOK 23.11€¦ · technical response strategy and policy . focus of the conference critical ... build your defense strategy on best practices have emergency plans

GOVERNMENT ACTION

CYBERSECURITY STRATEGY & POLICY

LEGISLATIO

N

CRIS

IS M

AN.

INSTITUATIONAL CAP.

AWARENESS RAISING

Page 34: CYBER SECURITY BANGKOK 23.11€¦ · technical response strategy and policy . focus of the conference critical ... build your defense strategy on best practices have emergency plans

CONCRETE MEASURES

BUILD YOUR DEFENSE STRATEGY ON BEST PRACTICES HAVE EMERGENCY PLANS IN PLACE

DO DRILLS ALWAYS REVIEW

ACTIONABLE THREAT INTELLIGENCE

Page 35: CYBER SECURITY BANGKOK 23.11€¦ · technical response strategy and policy . focus of the conference critical ... build your defense strategy on best practices have emergency plans

FIRST HOUR / FIRST DAY / FIRST WEEK

1 HOUR 1 WEEK 1 MONTH INCIDENT

Page 36: CYBER SECURITY BANGKOK 23.11€¦ · technical response strategy and policy . focus of the conference critical ... build your defense strategy on best practices have emergency plans

FIRST HOUR / FIRST DAY / FIRST WEEK

INCIDENT 1 HOUR 1 WEEK 1 MONTH 1 YEAR -1 YEAR

RESPONSE / RECOVERY DETECTION PREVENTION

Page 37: CYBER SECURITY BANGKOK 23.11€¦ · technical response strategy and policy . focus of the conference critical ... build your defense strategy on best practices have emergency plans

FIRST HOUR / FIRST DAY / FIRST WEEK

INCIDENT 1 HOUR 1 WEEK 1 MONTH 1 YEAR -1 YEAR

ATTACK

RESPONSE / RECOVERY

Page 38: CYBER SECURITY BANGKOK 23.11€¦ · technical response strategy and policy . focus of the conference critical ... build your defense strategy on best practices have emergency plans

FIRST HOUR

UNCERTAINTY ANALYSIS / UNDERSTANDING

LIMITED DECISION MAKING DEPENDING ON EXISTING CRISIS MANAGEMENT CAPACITIES

CONSTANT CONFLICT OF DIFFERING INTERESTS EMERGENCY PLANS

Page 39: CYBER SECURITY BANGKOK 23.11€¦ · technical response strategy and policy . focus of the conference critical ... build your defense strategy on best practices have emergency plans

FIRST DAY

OBLIGATIONS (EG REPORTING OBLIGATIONS)

FUNDAMENTAL DECISIONS (EG COMMUNICATION STRATEGY) RISK OF INCREASING LOSSES

CONSTANT ADJUSTMENTS

DRAFT EU DATA PROTECTION REGULATION LEA COOPERATION?

Page 40: CYBER SECURITY BANGKOK 23.11€¦ · technical response strategy and policy . focus of the conference critical ... build your defense strategy on best practices have emergency plans

FIRST WEEK

INCIDENT MANAGEMENT KEEPING THE OVERVIEW ABOUT RECOVERY

RISK OF INCREASING LOSSES CONSTANT ADJUSTMENTS

LAWYERS / RISK MANAGERS


November 11-13, 2014 Millennium Hilton Bangkok Bangkok ...

November 11-13, 2014 Millennium Hilton Bangkok Bangkok ...

eHealth Policy, Strategy, Guidelines and Standards · eHealth Policy, Strategy, Guidelines and Standards Ministry of Health Sri Lanka Regional High Level Meeting on eHealth, Bangkok

eHealth Policy, Strategy, Guidelines and Standards · eHealth Policy, Strategy, Guidelines and Standards Ministry of Health Sri Lanka Regional High Level Meeting on eHealth, Bangkok

Advocacy Strategy Planning N. Assifi UNFPA/CST, Bangkok.

Advocacy Strategy Planning N. Assifi UNFPA/CST, Bangkok.

VIEW BANGKOK - GCBSSgcbss.org/CIMSSR2020/pdf_files/Novotel View Bangkok... · VIEW BANGKOK . Title: PowerPoint Presentation Author: NOVOTEL Bangkok Platinum Pratunam SL10 Created

VIEW BANGKOK - GCBSSgcbss.org/CIMSSR2020/pdf_files/Novotel View Bangkok... · VIEW BANGKOK . Title: PowerPoint Presentation Author: NOVOTEL Bangkok Platinum Pratunam SL10 Created

National Financial Inclusion Strategy - Microfinance Gateway · 2019-12-14 · Bangkok, Enhancing Financial Innovation & Access (EFInA), Lagos and Messrs Roland Berger Strategy Consultants,

National Financial Inclusion Strategy - Microfinance Gateway · 2019-12-14 · Bangkok, Enhancing Financial Innovation & Access (EFInA), Lagos and Messrs Roland Berger Strategy Consultants,

We Care Evidence Review 23.11

We Care Evidence Review 23.11

POVERTY REDUCTION STRATEGY IN THAILAND Dr Monthip Sriratana Tabucanon Deputy Permanent Secretary Ministry of Natural Resources and Environment Bangkok,

POVERTY REDUCTION STRATEGY IN THAILAND Dr Monthip Sriratana Tabucanon Deputy Permanent Secretary Ministry of Natural Resources and Environment Bangkok,

Hotel Once Bangkok | Bangkok Boutique Hotel

Hotel Once Bangkok | Bangkok Boutique Hotel

Buffet Promotion Bangkok | wedding package bangkok

Buffet Promotion Bangkok | wedding package bangkok

King Royal Garden Inn Bangkok - thai.hotels2thailand.com fileBanyan Tree Bangkok Evergreen Laurel Hotel Bangkok Malaysia Hotel Bangkok Grand Tower Inn Sathorn Bridge Bangkok Pantip

King Royal Garden Inn Bangkok - thai.hotels2thailand.com fileBanyan Tree Bangkok Evergreen Laurel Hotel Bangkok Malaysia Hotel Bangkok Grand Tower Inn Sathorn Bridge Bangkok Pantip

The Bangkok Declaration and Strategy

The Bangkok Declaration and Strategy

1 A Strategy for Fiscal Adjustment When the Recovery Takes Hold Paolo Mauro November 17, 2009 Bangkok.

1 A Strategy for Fiscal Adjustment When the Recovery Takes Hold Paolo Mauro November 17, 2009 Bangkok.

H.E. Apirak Kosayodhin Governor of Bangkok Bangkok Green Agenda.

H.E. Apirak Kosayodhin Governor of Bangkok Bangkok Green Agenda.

Educational Technology Strategy for 21st Century for Schools under Bangkok Metropolitan Administrati

Educational Technology Strategy for 21st Century for Schools under Bangkok Metropolitan Administrati

5-Star Hotel Bangkok | Weddings in Bangkok

5-Star Hotel Bangkok | Weddings in Bangkok

Rotary social business strategy presentation from the 2012 RI Convention in Bangkok

Rotary social business strategy presentation from the 2012 RI Convention in Bangkok

Bangkok · 2017-03-27 · Bangkok

Bangkok · 2017-03-27 · Bangkok

ComauFlex BIW Plant Strategy - Thailand Automotive · PDF fileMade in Comau ComauFlex BIW Plant Strategy Bangkok, June 23rd, 2016 Xiaowei TAO Manager, GSD Dept, Body Assembly,Comau

ComauFlex BIW Plant Strategy - Thailand Automotive · PDF fileMade in Comau ComauFlex BIW Plant Strategy Bangkok, June 23rd, 2016 Xiaowei TAO Manager, GSD Dept, Body Assembly,Comau

Cincinnati 30096 23.11

Cincinnati 30096 23.11

Bangkok Mass Rapid Transit Project (Yellow Line): Social Due …€¦ · Northern Bangkok Monorail Company Limited Eastern Bangkok Monorail Company Limited Bangkok Mass Rapid Transit

Bangkok Mass Rapid Transit Project (Yellow Line): Social Due …€¦ · Northern Bangkok Monorail Company Limited Eastern Bangkok Monorail Company Limited Bangkok Mass Rapid Transit