Informatics

Cyber in the Age of Digital Transformation –Threat or opportunity?26/04/2018

Ken Ducatel Director IT Security (DIGIT.S)

IT Security and change

2. New trends – reasons for concern- The threat landscape- The wider attack surface

AGENDA

1. Traditional Cybersecurity

3. Approaches – Holding things back, reacting or driving things on?

• Secure network architectures – secure the perimeter and segmentation

• End points –clean work stations and servers• Access control – least privilege• Secure coding and review• Monitor (incoming) network traffic• Reactivity: detect and respond – rules based• Cyber awareness and the tone from the top

Traditional cyber security

• Stealth• Encryption• Malwareless attacks• Supply chain compromise

• Scale • Amplification DDoS attacks• Concentration of assets, e.g. in the Cloud• Increased organisational dependency on IT

• Sophistication / Severity• Wiper attacks

New trends in the threat landscape

- Mobile }- Cloud } Beyond our perimeter?- Social media }- IoT / OT - } a bit of both … ? - BYOD }- Collaboration } Beyond our control?- Big data }

New trends in the attack surface

1. Cloud

What is Cloud?• IT services on-demand • Delivered and accessed over the internet• Shared resources• Flexibility of resources• "Pays as you go" & "Use as you need"

Reasons to go Cloud?• Lower costs• Better technology• Quicker delivery• Better security*

Cloud IT Security"

ü Validate provider towards our internal regulations

ü Provide a tool box for system ownerü Share best practices at inter-institutional level

Several open issues to solve

ü Technical security of providers is highü But how does it integrate with Commission's

detection, monitoring and response processes

ü How to detect an incident in the cloudü How to respond to an incident (scoping,

containment, recovery, etc).

1. Cloud & IT Security - 1

1. Cloud & IT Security - 2Depending on the cloud services

Some IT security tasks will be done by the provider. Some not!

Servers come pre-installedand patched

Code maintained by the provider

Important !

Who does What?

Question is less…

Is the provider compliant? Secure?

(bests are)

PaaSSaaS

What remains to the customer, to be

compliant, secure

But

1. Cloud & IT Security - 3

Security benefits

come from Economies

of scale

24/7 monitoring and responseTop notch datacentres, specialistsGeographic spreadQuick patching and updating

Does not mean

all applications can go Cloudusing any Cloud serviceusing any Cloud provider

IT securitydue diligence

Snowden,Belgacom hack

ButAccess requests by foreign

jurisdictions

US providers in Cloud I

Select right provider, Select right service , Make application cloud-ready

"Security is not a barrier, but a

driver for cloud"

This is very importantwith today's cyber threats

Data, Information and Knowledge Management Strategy (2016)• Pillar 1 - Improving information retrieval and

delivery • Pillar 2 – Working together and sharing

information and knowledge • Pillar 3 - Maximising use of data for better policy-

making • Pillar 4 - Creating a culture of knowledge sharing

and learning

2. Data and Collaboration

1. Improving retrieval and delivery• Unique or interlinked repositories: data lakes• Corporate search – access, semantic interoperability,

automatic indexing and linking of data• Text analysis - access to all information in the business

domainResponse?• Data classification / data loss prevention schemes• Intrusion detection systems: spotting lateral movement • User and Entity Behaviour Analysis (UEBA) – machine

learning

2. Data and Collaboration - 1

Working together and sharing information and knowledge

• Dynamic access controls for collaborative working• Information ownership – who is responsible? Response?• Reinforced emphasis on dynamic identification and access

management – analytics based• Restricted and structured internal and external

collaboration groups • Privileged user monitoring / profiling

2. Data and Collaboration - 2

• Mapping and scoping• Learning / training• Supervised learning – heuristics & threat hunting• Unsupervised machine learning (anomaly

detection)• Insider threat spotting / monitoring• Low and slow detection

UEBA: some lines…

3. Maximising use of data for better policy-making• Business intelligence – indexing, inventories and common tools for

discovery, capture and sharing of data starting with – HR, financial and internal processes.

• AI and data analytics: • tools to search large datasets, • classifying and linking content and AI-assisted summarisation, • automatic detection of document-similarity, • automatic detection of names to detect potential conflicts of

interest• Data managementResponse?• Extended collection and analysis of logs – application level monitoring• Application of AI / machine learning to the defence of these systems

2. Data and Collaboration - 3

4. Creating a culture of knowledge sharing and learning• Communication campaign – awareness• Cross-department collaboration• Supporting tools and physical environments.Response?• Policies, guidelines, acceptable behaviour • User sensitisation – enhanced cyber awareness • Control over access privileges• Data loss prevention tools

2. Data and Collaboration - 4

Static IT SEC Digital transformationPrediction ExploreCompliance orientated Business drivenChecklists & static security plans Risk basedTech centric People centricControl RespondPolice officer CoachDefender FacilitatorPrevent Enable

The new paradigm – approaches 1

• Security cannot hold back change• The risk profile is changing and less controllable• It is not bad: some IT Security and risks are better

outsourcedSolutions – towards a new security paradigm?• Vigilance – leveraging threat intelligence• Insight – broader analyses of logs• Managed diversity – who bears the cost• Stepping up to known-unknowns and unknown-unknowns• EUBA / Machine learning• Forming a team with the vendors / ISMS

3 Approaches 2

Informatics

Contact us

Ken.Ducatel@ec.europa.euDIGIT-S@ec.europa.eu