Thai delegation Presentation at 4 th ARF seminar on Cyber-terrorism

Slides:

Advertisements

Similar presentations

Role of WMO in Natural Disaster Risk Reduction Ivan Obrusník, Czech Hydrometeorological Institute Role of WMO in Natural Disaster Risk Reduction Ivan Obrusník,

Advertisements

Human Security Act of 2007 Protect life, liberty, and property from acts of terrorism. Condemn terrorism as inimical and dangerous to the national security.

STRENGTHENING COOPERATION ON CYBER SECURITY WITHIN THE ASEAN REGION

1 ASEAN Regional Forum Meeting 28 – 30 April 2010 Bandar Seri Begawan, Brunei CERT-Ins Initiative on International Information Security Dr A S Kamble Director.

Philippine Cybercrime Efforts

Critical Infrastructure Protection Policy Priorities Sara Pinheiro European Commission DG Home Affairs.

PARTNERSHIPS OF GOVERNMENTAL AND NON-GOVERNMENTAL ORGANIZATIONS (ASSOCIATIONS) IN THE SPHERE OF TOURISM: RUSSIAN AND FOREIGN EXPERIENCE Moscow, Russian.

Idaho Critical Infrastructure and Key Resources Protection Program and Fusion Center Brief.

National Infrastructure Protection Plan

A Framework to Implement a National Cyber Security Structure for Developing Nations ID Ellefsen - SH von Solms - Academy.

Christopher Cotter Chief Summit NJ Fire Dept. & Int’l. Assoc. of Fire Chiefs Representative Chief Summit NJ Fire Dept. & Int’l. Assoc. of Fire Chiefs.

Addressing Terrorist Use of the Internet, Cyber Crime and Other Threats: National Expert Workshop Forging a Comprehensive Approach to Cyber Security Richard.

DHS, National Cyber Security Division Overview

Management’s Role in Information Security V.T. Raja, Ph.D., Oregon State University.

National Space-Based Positioning, Navigation, and Timing (PNT) Federal Advisory Board DHS Challenges & Opportunities Captain Curtis Dubay, P.E. Department.

Lecture 1: Overview modified from slides of Lawrie Brown.

Note1 (Intr1) Security Problems in Computing. Overview of Computer Security2 Outline Characteristics of computer intrusions –Terminology, Types Security.

1 An Overview of Computer Security computer security.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

Critical Infrastructure Protection (and Policy) H. Scott Matthews March 25, 2004.

Cyberspace and the Police Mamoru TAKAHASHI Head of Computer Forensic Center, Hi-tech Crime Technology Division National Police Agency, Japan.

UK Office for Security & Counter Terrorism Future threats and the potential role of the CBRN Action plan in supporting the BTWC Dr Catherine Terry International.

Counter-Terrorism Implementation Task Force (CTITF) Open Briefing to Member States 27 July 2010 Conference Room 2 NLB.

CYBER CRIME AND SECURITY TRENDS

Workshop on Developing Corporate Bond Market Mr. Masato Miyachi Office of Regional Economic Integration Asian Development Bank Session 1: Overview of Corporate.

Resiliency Rules: 7 Steps for Critical Infrastructure Protection.

Submitted by: Abhashree Pradhan CA (1)

IAEA International Atomic Energy Agency International Cooperation in Nuclear Security David Ek Office of Nuclear Security.

1 Group-IB: Digital investigations and forensic Ilya Sachkov Group-IB

IDENTIFYING THREATS IN A GLOBAL MARKETPLACE Ira S. Somerson, BCFE, CPP Loss Management Consultants, Inc. Institute for Global Management Studies And Temple.

Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #33 Information Warfare November 19, 2007.

Isdefe ISXXXX XX Your best ally Panel: Future scenarios for European critical infrastructures protection Carlos Martí Sempere. Essen.

Homeland Security. Learning Topics Purpose Introduction History Homeland Security Act Homeland Defense Terrorism Advisory System Keeping yourself safe.

1 Information System Security Assurance Architecture A Proposed IEEE Standard for Managing Enterprise Risk February 7, 2005 Dr. Ron Ross Computer Security.

Programming of International Development Assistance Donor Sectoral Meeting Ministry of Interior September 17, 2007.

BOTSWANA NATIONAL CYBER SECURITY STRATEGY PROJECT

Managing Risks, Countering Threats: Protecting Critical National Infrastructure Against Terrorism Martin Rudner Canadian Centre of Intelligence and Security.

Critical Infrastructure Protection Overview Building a safer, more secure, more resilient America The National Infrastructure Protection Plan, released.

Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.

Australia’s National Security Apparatus Ms Vikki Templeman Director Strategic Assessments and Long Range Planning.

The NIGF CONFERENCE © 2013 ADDRESSING THE VULNERABILITY OF CRITICAL ICT INFRASTRUCTURE by Ernest Ndukwe, OFR Chairman Openmedia Communications Ltd 18 th.

International Seminar on Energy Cooperation in Northeast Asia : Directions and Implementation Korea Energy Economics Institute Financing of Energy Infrastructure.

1 (ISC) 2 Conference Oct, 2008 Presented by Shin, Soojung Dr. Soojung shin, CISSP, Executive Vice President, Infosec, Korea.

THE REPUBLIC OF SLOVENIA MINISTRY OF HIGHER EDUCATION, SCIENCE AND TECHNOLOGY e: Kotnikova 38, 1000 Ljubljana p:

InfraGard A Government and Private Sector Alliance Information sharing begins with human relationships – people talking with people whom they trust. Information.

Unclassified  1 Critical Infrastructure Protection Chuck Whitley EMS User’s Group June 9, 1999.

International Telecommunication Union Geneva, 9(pm)-10 February 2009 BEST PRACTICES FOR ORGANIZING NATIONAL CYBERSECURITY EFFORTS James Ennis US Department.

ITU CoE/ARB 11 th Annual Meeting of the Arab Network for Human Resources 16 – 18 December 2003; Khartoum - Sudan 1 The content is based on New OECD Guidelines.

Advanced attack techniques Advanced attack techniques Increased by passing techniques against the existing detection methods such as IDS and anti- virus.

A Global Approach to Protecting the Global Critical Infrastructure Dr. Stephen D. Bryen.

Hurdles in implementation of cyber security in India.

Governor’s Office of Homeland Security & Emergency Preparedness LOUISIANA BANKERS ASSOCIATION 2010 Louisiana Emergency Preparedness Coalition Meetings.

Csci5233 computer security & integrity 1 An Overview of Computer Security.

Week 4. Tonight’s seminar National Security Strategy National Security Strategy Local Response Local Response United Kingdom’s plan United Kingdom’s plan.

What is “national security”?  No longer defined only by threat of arms  It really is the economy  Infrastructure not controlled by the government.

NATIONAL CYBER SECURITY GOVERNANCE & EMERGING CYBER SECURITY THREATS

Foresight Planning & Strategy Dr. Sameh Aboul Enein.

EUROPEAN SECURITY POLICY A SNAPSHOT ON SURVEILLANCE AND PRIVACY DESSI WORKSHOP, CPH 24 JUNE 2014 Birgitte Kofod Olsen, Chair Danish Council for Digital.

BY: AUSTIN NEIGH. WHAT IS CYBER WARFARE? Hacking that is politically motivated to conduct sabotage or espionage Form of information warfare Typically.

Cyber Security – Client View Peter Gibbons | Head of Cyber Security, Group Business Services Suppliers’ Summer Conference 15/07/2015.

November 19, 2002 – Congress passed the Homeland Security Act of 2002, creating a new cabinet-level agency DHS activated in early 2003 Original Mission.

Information Management System Ali Saeed Khan 29 th April, 2016.

Security Partnership By Kevin Hegner Public Private.

Information Security and Privacy in HRIS

Critical Infrastructure Protection Policy Priorities

The U.S. Department of Homeland Security

How to Mitigate the Consequences What are the Countermeasures?

Securing Critical Chemical Assets: The Responsible Care® Security Code

Deborah Housen-Couriel, ADV.

Presentation transcript:

Countermeasures against Cyber-terrorist Attacks on Critical Infrastructure Thai delegation Presentation at 4 th ARF seminar on Cyber-terrorism Busan, Republic of Korea. 16-19 October 2007

Agenda Introduction Cyber-terrorist Critical infrastructure Cyber-terrorist Attacks Countermeasures Conclusion

Introduction The information technology revolution has changed the way business is transacted, government operates, and national defense is conducted. Those functions now depend on an interdependent network of critical information infrastructures. Protection of these systems is essential to the telecommunications, energy, financial services, manufacturing, water, transportation, health care, and emergency services sectors.

How the world responses ? In recent years, large amount of information security incidents have caused a great lost to many countries, and the occurrence of such incidents is now on the rise, indicating that information system and network have become the major targets in future war and conflict. This stresses the need for cooperation between governments and the private sectors and international cooperation in identifying , preventing , and mitigating cyber-attacks and terrorist misuse of cyber space.

Super Powers The USA: Critical Infrastructure Protection Program The UK: Centre for the of National Infrastructure The ASEAN Region ARF: ASEAN Regional Forum (ARF) Statement on Cooperation in Fighting Cyber Attack and Terrorist Misuse of Cyber Space

Cyber-terrorists ? The confrontation of information has become an important strategy. Terrorist groups ,with tactical and strategic support of enemy states, have indepth technological understanding of their targets, strong motives, and the capability to launch joint attack by using various tactics and technologies.

Critical infrastructures Critical infrastructures are those physical and cyber-based systems essential to the minimum operations of the economy and government. They include, but are not limited to, telecommunications, energy, banking and finance, transportation, water systems and emergency services, both governmental and private.

Many of the nation's critical infrastructures have historically been physically and logically separate systems that had little interdependence. As a result of advances in information technology and the necessity of improved efficiency, however, these infrastructures have become increasingly automated and interlinked. These same advances have created new vulnerabilities to equipment failure, human error, weather and other natural causes, and physical and cyber attacks.

Cyber confrontation system Cyber defense Cyber attack Computer viruses Viruses Trojan horse Trojan horse complex Network structure Operating system Application program Data Personnel Hiding Sniffing Password guessing Promote authority Attack system Network intrusion detection Network intrusion deception

Cyber-terrorist Attacks Main Types of Cyber Attacks 1 System destructive type: Destroy the opponent’s computer and network systems by means of sending computer viruses and logic bombs to paralyze the opponent’s national command and control system. 2 Information misleading type: Modify the functions of the opponent’s computer and network systems by means of sending false information to them to mislead the opponent’s flow of decision-making and command and control. 3 Comprehensive type: Make comprehensive use of system destruction and information misleading and combine them with other means of information warfare to multiply the destruction of the opponent’s command and control system.

How to counter ? Mainstream protection techniques Encryption Digital signature Access control: various levels on system & network Verification exchange: data source & id verification Loophole scanning and detection Intrusion detection, response and restore Anti-info leakage and electromagnetic solidification Security analysis and simulation Etc.

The lack of powerful general countermeasures means that attacks on computer systems and networks will continue to increase in the future. A shift in attackers from amateurs to professionals will continue as basic countermeasures become more effective at deterring amateurs. Among the countermeasures currently available, education, legal responses, backups, access controls, and honeypots will remain important in the future. But patches, encryption, intrusion detection, computer forensics, honeypots, simple active network defense, backtracing, and deception will increase in importance as technical details of their implementation are worked out. Despite their weaknesses, countermeasures do help protect systems since they have raised the necessary level of sophistication required by an attacker to succeed.

Suggested countermeasure Response: We shall develop a system for responding to a significant infrastructure attack while it is underway, with the goal of isolating and minimizing damage. Reconstitution: For varying levels of successful infrastructure attacks, we shall have a system to reconstitute minimum required capabilities rapidly. Education and Awareness: There shall be Vulnerability Awareness and Education Program within both the government and the private sector to sensitize people regarding the importance of security and to train them in security standards, particularly regarding cyber systems.

Research and Development: government-sponsored research and development in support of infrastructure protection shall be coordinated, take into account private sector research, and be adequately funded to minimize our vulnerabilities on a rapid but achievable timetable. Intelligence: The Intelligence Community shall develop and implement a plan for enhancing collection and analysis of the foreign threat to our national infrastructure, to include but not be limited to the foreign cyber/information warfare threat. International Cooperation: There shall be a plan to expand cooperation on critical infrastructure protection with like-minded and friendly nations, international organizations and multinational corporations.

Conclusion It has long been the policy to assure the continuity and viability of critical infrastructures. Nations will take all necessary measures to swiftly eliminate any significant vulnerability to both physical and cyber attacks on our critical infrastructures, including especially our cyber systems.

Since the targets of attacks on our critical infrastructure would likely include both facilities in the economy and those in the government, the elimination of our potential vulnerability requires a closely coordinated effort of both the government and the private sector. To succeed, this partnership must be genuine, mutual and cooperative.

While the world is being leaded into the Information Age, at the same time our nations have become uniquely dependent on information technology -- computers and the global network that connect them together. This dependency has become a clear and compelling threat to our economic well-being, our public safety, and our national security.

So,when we make the construction plan of the information system and network, we should give enough consideration to the security issues beforehand, rather than take damage control measures afterwards. And that an effective fight against cyber-attacks and terrorist misuse of cyber space requires increased , rapid and well-functioning regional and international cooperation.

Thank You