Cybersecurity in Government -...
Transcript of Cybersecurity in Government -...
![Page 1: Cybersecurity in Government - workspace.unpan.orgworkspace.unpan.org/sites/Internet/Documents/UNPAN98139.pdf · Agenda. Cyber Threats & ... Email & Intranet Internet Surfing Other](https://reader031.fdocuments.us/reader031/viewer/2022021907/5bc6200f09d3f22f508bee20/html5/thumbnails/1.jpg)
Cybersecurity in
Government
Executive Development Course: Digital Government
Ng Lup Houh, Principal Cybersecurity Specialist
Cybersecurity Group
03 April 2018
![Page 2: Cybersecurity in Government - workspace.unpan.orgworkspace.unpan.org/sites/Internet/Documents/UNPAN98139.pdf · Agenda. Cyber Threats & ... Email & Intranet Internet Surfing Other](https://reader031.fdocuments.us/reader031/viewer/2022021907/5bc6200f09d3f22f508bee20/html5/thumbnails/2.jpg)
Copyright of GovTech © Not to be reproduced unless with explicit consent by GovTech.
• Cyber Threats & Vulnerabilities
• Cyber Security & Risk Mitigation
• Proactive & Holistic Cybersecurity: GovTech’s
Approach
• Disrupting the Kill Chain: Internet Surfing
Separation (ISS)
• Conclusion
Agenda
![Page 3: Cybersecurity in Government - workspace.unpan.orgworkspace.unpan.org/sites/Internet/Documents/UNPAN98139.pdf · Agenda. Cyber Threats & ... Email & Intranet Internet Surfing Other](https://reader031.fdocuments.us/reader031/viewer/2022021907/5bc6200f09d3f22f508bee20/html5/thumbnails/3.jpg)
Cyber Threats &
Vulnerabilities
![Page 4: Cybersecurity in Government - workspace.unpan.orgworkspace.unpan.org/sites/Internet/Documents/UNPAN98139.pdf · Agenda. Cyber Threats & ... Email & Intranet Internet Surfing Other](https://reader031.fdocuments.us/reader031/viewer/2022021907/5bc6200f09d3f22f508bee20/html5/thumbnails/4.jpg)
Copyright of GovTech © Not to be reproduced unless with explicit consent by GovTech.4
![Page 5: Cybersecurity in Government - workspace.unpan.orgworkspace.unpan.org/sites/Internet/Documents/UNPAN98139.pdf · Agenda. Cyber Threats & ... Email & Intranet Internet Surfing Other](https://reader031.fdocuments.us/reader031/viewer/2022021907/5bc6200f09d3f22f508bee20/html5/thumbnails/5.jpg)
Copyright of GovTech © Not to be reproduced unless with explicit consent by GovTech.
Anatomy of an Attack
5
Source: NEC
![Page 6: Cybersecurity in Government - workspace.unpan.orgworkspace.unpan.org/sites/Internet/Documents/UNPAN98139.pdf · Agenda. Cyber Threats & ... Email & Intranet Internet Surfing Other](https://reader031.fdocuments.us/reader031/viewer/2022021907/5bc6200f09d3f22f508bee20/html5/thumbnails/6.jpg)
Copyright of GovTech © Not to be reproduced unless with explicit consent by GovTech.
Cyber Kill Chain
6
Source: Lockheed Martin
![Page 7: Cybersecurity in Government - workspace.unpan.orgworkspace.unpan.org/sites/Internet/Documents/UNPAN98139.pdf · Agenda. Cyber Threats & ... Email & Intranet Internet Surfing Other](https://reader031.fdocuments.us/reader031/viewer/2022021907/5bc6200f09d3f22f508bee20/html5/thumbnails/7.jpg)
Increased Attack Surface
Weak Defences
7
![Page 8: Cybersecurity in Government - workspace.unpan.orgworkspace.unpan.org/sites/Internet/Documents/UNPAN98139.pdf · Agenda. Cyber Threats & ... Email & Intranet Internet Surfing Other](https://reader031.fdocuments.us/reader031/viewer/2022021907/5bc6200f09d3f22f508bee20/html5/thumbnails/8.jpg)
Copyright of GovTech © Not to be reproduced unless with explicit consent by GovTech.8
![Page 9: Cybersecurity in Government - workspace.unpan.orgworkspace.unpan.org/sites/Internet/Documents/UNPAN98139.pdf · Agenda. Cyber Threats & ... Email & Intranet Internet Surfing Other](https://reader031.fdocuments.us/reader031/viewer/2022021907/5bc6200f09d3f22f508bee20/html5/thumbnails/9.jpg)
9
![Page 10: Cybersecurity in Government - workspace.unpan.orgworkspace.unpan.org/sites/Internet/Documents/UNPAN98139.pdf · Agenda. Cyber Threats & ... Email & Intranet Internet Surfing Other](https://reader031.fdocuments.us/reader031/viewer/2022021907/5bc6200f09d3f22f508bee20/html5/thumbnails/10.jpg)
Mainboard (Hardware)
Recent Trend – Hardware Vulnerabilities
10
Operating System (OS)
Applications
Kernel
CPU TPMME
AMT
![Page 11: Cybersecurity in Government - workspace.unpan.orgworkspace.unpan.org/sites/Internet/Documents/UNPAN98139.pdf · Agenda. Cyber Threats & ... Email & Intranet Internet Surfing Other](https://reader031.fdocuments.us/reader031/viewer/2022021907/5bc6200f09d3f22f508bee20/html5/thumbnails/11.jpg)
Addressing Vulnerabilities can be Costly
Vulnerability AffectedComponent
Initial Exploit
OS Patch? Full remediation
Infineon TPM vulnerability to ROCA
TPM Local Yes - workaround Manual
Intel ME / AMT CPU Chipset Local No Manual
Meltdown & Spectre
Micro-processor Local & Remote
Yes - workaround Some Manual
11
![Page 12: Cybersecurity in Government - workspace.unpan.orgworkspace.unpan.org/sites/Internet/Documents/UNPAN98139.pdf · Agenda. Cyber Threats & ... Email & Intranet Internet Surfing Other](https://reader031.fdocuments.us/reader031/viewer/2022021907/5bc6200f09d3f22f508bee20/html5/thumbnails/12.jpg)
Meltdown & Spectre Vulnerabilities
• : Basic security function of microprocessor is to restrict access to
memory areas e.g. normal programs cannot read system memory.
To enhance performance, modern microprocessors use system memory to:
run instructions concurrently (“Out-of-order Execution”)
guess and perform next set of instructions beforehand (“Speculative Execution”)
• : Security checks are not done. This allows malicious programs to read
sensitive data from restricted memory areas such as system memory
(Meltdown) and through other programs (Spectre)
• : Attacker can compromise and access sensitive data such as user and
password information. For Spectre, attacker can remotely exploit the
computer through user’s browser using web-based attack to access sensitive
data.
12
![Page 13: Cybersecurity in Government - workspace.unpan.orgworkspace.unpan.org/sites/Internet/Documents/UNPAN98139.pdf · Agenda. Cyber Threats & ... Email & Intranet Internet Surfing Other](https://reader031.fdocuments.us/reader031/viewer/2022021907/5bc6200f09d3f22f508bee20/html5/thumbnails/13.jpg)
Copyright of GovTech © FOR INTERNAL USE ONLY
Rapid rise in exploit attempts
13
![Page 14: Cybersecurity in Government - workspace.unpan.orgworkspace.unpan.org/sites/Internet/Documents/UNPAN98139.pdf · Agenda. Cyber Threats & ... Email & Intranet Internet Surfing Other](https://reader031.fdocuments.us/reader031/viewer/2022021907/5bc6200f09d3f22f508bee20/html5/thumbnails/14.jpg)
14
Cyber attack is a natural consequence of being connected to the global cyberspace.
We have a asymmetric problem at hand,where the defender require significantly more resources compared to an attacker.
Examples of attacks increasing in scale and sophistication:
Low
High
FuturePast
Threat
Actors
Cyber
Defenders
Threats begin to
overwhelm you
Present
day
Scale
/ S
ophis
tication
Continued Growth of Cyber attacks
• DDoS Attacks
• Phishing Attacks
• Ransomware
![Page 15: Cybersecurity in Government - workspace.unpan.orgworkspace.unpan.org/sites/Internet/Documents/UNPAN98139.pdf · Agenda. Cyber Threats & ... Email & Intranet Internet Surfing Other](https://reader031.fdocuments.us/reader031/viewer/2022021907/5bc6200f09d3f22f508bee20/html5/thumbnails/15.jpg)
Cyber Security & Risk
Mitigation
![Page 16: Cybersecurity in Government - workspace.unpan.orgworkspace.unpan.org/sites/Internet/Documents/UNPAN98139.pdf · Agenda. Cyber Threats & ... Email & Intranet Internet Surfing Other](https://reader031.fdocuments.us/reader031/viewer/2022021907/5bc6200f09d3f22f508bee20/html5/thumbnails/16.jpg)
High level of Maturity – Track technology change & continual improvement
![Page 17: Cybersecurity in Government - workspace.unpan.orgworkspace.unpan.org/sites/Internet/Documents/UNPAN98139.pdf · Agenda. Cyber Threats & ... Email & Intranet Internet Surfing Other](https://reader031.fdocuments.us/reader031/viewer/2022021907/5bc6200f09d3f22f508bee20/html5/thumbnails/17.jpg)
Adaptive Security, Continuous Assessment
Continuous Adaptive Risk & Trust Assessment (CARTA) – Gartner 2017
![Page 18: Cybersecurity in Government - workspace.unpan.orgworkspace.unpan.org/sites/Internet/Documents/UNPAN98139.pdf · Agenda. Cyber Threats & ... Email & Intranet Internet Surfing Other](https://reader031.fdocuments.us/reader031/viewer/2022021907/5bc6200f09d3f22f508bee20/html5/thumbnails/18.jpg)
![Page 19: Cybersecurity in Government - workspace.unpan.orgworkspace.unpan.org/sites/Internet/Documents/UNPAN98139.pdf · Agenda. Cyber Threats & ... Email & Intranet Internet Surfing Other](https://reader031.fdocuments.us/reader031/viewer/2022021907/5bc6200f09d3f22f508bee20/html5/thumbnails/19.jpg)
Mapping Tech to Assets & Capabilities
![Page 20: Cybersecurity in Government - workspace.unpan.orgworkspace.unpan.org/sites/Internet/Documents/UNPAN98139.pdf · Agenda. Cyber Threats & ... Email & Intranet Internet Surfing Other](https://reader031.fdocuments.us/reader031/viewer/2022021907/5bc6200f09d3f22f508bee20/html5/thumbnails/20.jpg)
Proactive & Holistic
Cybersecurity:
GovTech’s Approach
![Page 21: Cybersecurity in Government - workspace.unpan.orgworkspace.unpan.org/sites/Internet/Documents/UNPAN98139.pdf · Agenda. Cyber Threats & ... Email & Intranet Internet Surfing Other](https://reader031.fdocuments.us/reader031/viewer/2022021907/5bc6200f09d3f22f508bee20/html5/thumbnails/21.jpg)
Copyright of GovTech © Not to be reproduced unless with explicit consent by GovTech.21
As a sector lead for the Government, GovTech has 3 main functions:
1. Governance - to develop ICT security policies, standards and implement oversight initiatives to assess ICT security-related implementations across government agencies
2. Consulting - to provide technical subject matter expert support for key ICT projects and to key decision-making fora such as eGov Council and Committee of Permanent Secretaries
3. Cyber Security Operations - to perform operational cyber security functions that include cyber intelligence, network monitoring, intrusion detection, threat hunting, incident response and security analytics
3 main functions
![Page 22: Cybersecurity in Government - workspace.unpan.orgworkspace.unpan.org/sites/Internet/Documents/UNPAN98139.pdf · Agenda. Cyber Threats & ... Email & Intranet Internet Surfing Other](https://reader031.fdocuments.us/reader031/viewer/2022021907/5bc6200f09d3f22f508bee20/html5/thumbnails/22.jpg)
Cyber Security Framework
Prepare
Prevent
DetectRespond
Learn
Technology
5 enablers
cutting across
5 phases
![Page 23: Cybersecurity in Government - workspace.unpan.orgworkspace.unpan.org/sites/Internet/Documents/UNPAN98139.pdf · Agenda. Cyber Threats & ... Email & Intranet Internet Surfing Other](https://reader031.fdocuments.us/reader031/viewer/2022021907/5bc6200f09d3f22f508bee20/html5/thumbnails/23.jpg)
Stakeholders
End Users
Needs to be adequately
trained and made aware of
the threats in cyberspace.
To report on potential
security breaches or
suspicious events.
IT Professionals
Needs to ensure that
security concerns are
addressed.
To ensure that applications
are secure by design.
Security Specialists
To promote a security by design
mindset in app development.
To test and ensure that
applications are well secured
and compliant to security
policies.
![Page 24: Cybersecurity in Government - workspace.unpan.orgworkspace.unpan.org/sites/Internet/Documents/UNPAN98139.pdf · Agenda. Cyber Threats & ... Email & Intranet Internet Surfing Other](https://reader031.fdocuments.us/reader031/viewer/2022021907/5bc6200f09d3f22f508bee20/html5/thumbnails/24.jpg)
1. Requirements Gathering Risk based security policies, Mandatory
security requirements.
3. Construction
Static Application Security Testing.
2. Design
To adopt industry best practices
and established standards for
security controls.
4. Deployment
Separation of Staging and
Production environments.
5. Testing
Penetration Test.
3
4
2
5
1Requirements Gathering
Security
Security by Design
Automated Security Testing within
Continuous Integration.
e.g. NIST 800, ISO 27002, CIS Critical Controls.
Security Acceptance Test.
Vulnerability Assessment.
Implement secure coding practices.
![Page 25: Cybersecurity in Government - workspace.unpan.orgworkspace.unpan.org/sites/Internet/Documents/UNPAN98139.pdf · Agenda. Cyber Threats & ... Email & Intranet Internet Surfing Other](https://reader031.fdocuments.us/reader031/viewer/2022021907/5bc6200f09d3f22f508bee20/html5/thumbnails/25.jpg)
Coping with the trend
Time
QuantityThe tipping point where the cyber attacks start to overwhelm you.
Re-ArchitectReduce ExposureTechnologyTrainRetain
![Page 26: Cybersecurity in Government - workspace.unpan.orgworkspace.unpan.org/sites/Internet/Documents/UNPAN98139.pdf · Agenda. Cyber Threats & ... Email & Intranet Internet Surfing Other](https://reader031.fdocuments.us/reader031/viewer/2022021907/5bc6200f09d3f22f508bee20/html5/thumbnails/26.jpg)
User Awareness
Email Signature
A3 Size Posters
JAGA - Our cybersecurity ambassador
![Page 27: Cybersecurity in Government - workspace.unpan.orgworkspace.unpan.org/sites/Internet/Documents/UNPAN98139.pdf · Agenda. Cyber Threats & ... Email & Intranet Internet Surfing Other](https://reader031.fdocuments.us/reader031/viewer/2022021907/5bc6200f09d3f22f508bee20/html5/thumbnails/27.jpg)
Copyright of GovTech © Not to be reproduced unless with explicit consent by GovTech.
The Balance
27
Security
Usability Cost
Optimising the
cost-benefit tradeoff
while ensuring ease of
use
![Page 28: Cybersecurity in Government - workspace.unpan.orgworkspace.unpan.org/sites/Internet/Documents/UNPAN98139.pdf · Agenda. Cyber Threats & ... Email & Intranet Internet Surfing Other](https://reader031.fdocuments.us/reader031/viewer/2022021907/5bc6200f09d3f22f508bee20/html5/thumbnails/28.jpg)
Disrupting the Kill
Chain: Internet Surfing
Separation (ISS)
![Page 29: Cybersecurity in Government - workspace.unpan.orgworkspace.unpan.org/sites/Internet/Documents/UNPAN98139.pdf · Agenda. Cyber Threats & ... Email & Intranet Internet Surfing Other](https://reader031.fdocuments.us/reader031/viewer/2022021907/5bc6200f09d3f22f508bee20/html5/thumbnails/29.jpg)
Top 3 attack vectorsInternet Surfing
Internet Emails
Unsecured
Deployment
ISS
Filtering
End point
security
Penetration
Test
Audit
![Page 30: Cybersecurity in Government - workspace.unpan.orgworkspace.unpan.org/sites/Internet/Documents/UNPAN98139.pdf · Agenda. Cyber Threats & ... Email & Intranet Internet Surfing Other](https://reader031.fdocuments.us/reader031/viewer/2022021907/5bc6200f09d3f22f508bee20/html5/thumbnails/30.jpg)
Overview of ISS
Internet SurfingEmail & Intranet
Other Internet
Services
Agency notebook
containing classified
documents
Internet enabled notebook
containing non-classified
documents
![Page 31: Cybersecurity in Government - workspace.unpan.orgworkspace.unpan.org/sites/Internet/Documents/UNPAN98139.pdf · Agenda. Cyber Threats & ... Email & Intranet Internet Surfing Other](https://reader031.fdocuments.us/reader031/viewer/2022021907/5bc6200f09d3f22f508bee20/html5/thumbnails/31.jpg)
ISS was the single most effective measure is to separate Internet surfing (main exfiltration channel) from the
Government ICT infrastructure.
Disrupting the Kill Chain
![Page 32: Cybersecurity in Government - workspace.unpan.orgworkspace.unpan.org/sites/Internet/Documents/UNPAN98139.pdf · Agenda. Cyber Threats & ... Email & Intranet Internet Surfing Other](https://reader031.fdocuments.us/reader031/viewer/2022021907/5bc6200f09d3f22f508bee20/html5/thumbnails/32.jpg)
Change Management
• Lead by example
• Champion the change
• Active engagement and support
• Reinforce that cyber threats are real
• Address user needs and concerns
• Communicate device allocation policies
• Re-assure users on the availability of
alternative solutions
• Phased approach
• Getting ready early the infrastructure,
applications and devices (size correctly)
• Pilot testing to minimise disruption
IT Professionals & Project Managers
Security Specialists
CorporateCommunications
• Engage agency key stakeholders.
• Oversee and track implementation progress.
• Facilitate agencies with implementation.
• Advise on current threat landscape.
• Ensure that security solutions are designed
and implemented correctly.
• Dispel any miscommunication or myths.
• Communicate new policies and behavioral
expectations.
• Communicate the availability of allocated
solutions.
Supported by
Management-led approach Early Planning and Pilot TestingCommunications
![Page 33: Cybersecurity in Government - workspace.unpan.orgworkspace.unpan.org/sites/Internet/Documents/UNPAN98139.pdf · Agenda. Cyber Threats & ... Email & Intranet Internet Surfing Other](https://reader031.fdocuments.us/reader031/viewer/2022021907/5bc6200f09d3f22f508bee20/html5/thumbnails/33.jpg)
End User Experience
End users MUST be clear on what is classified information and what is not.
Internet enabled devices MUST be clearly labelled.
End users MUST be well trained on cyber hygiene practices.
![Page 34: Cybersecurity in Government - workspace.unpan.orgworkspace.unpan.org/sites/Internet/Documents/UNPAN98139.pdf · Agenda. Cyber Threats & ... Email & Intranet Internet Surfing Other](https://reader031.fdocuments.us/reader031/viewer/2022021907/5bc6200f09d3f22f508bee20/html5/thumbnails/34.jpg)
Conclusion
![Page 35: Cybersecurity in Government - workspace.unpan.orgworkspace.unpan.org/sites/Internet/Documents/UNPAN98139.pdf · Agenda. Cyber Threats & ... Email & Intranet Internet Surfing Other](https://reader031.fdocuments.us/reader031/viewer/2022021907/5bc6200f09d3f22f508bee20/html5/thumbnails/35.jpg)
Holistic Security
Prepare
Prevent
DetectRespond
Learn
Technology
1. Today’s threats are growing in scale and sophistication.
2. We need to think about security holistically. e.g. across 5 phases.
3. This includes the cooperation of IT Professionals, Security Specialists and End Users to address them.
35
![Page 36: Cybersecurity in Government - workspace.unpan.orgworkspace.unpan.org/sites/Internet/Documents/UNPAN98139.pdf · Agenda. Cyber Threats & ... Email & Intranet Internet Surfing Other](https://reader031.fdocuments.us/reader031/viewer/2022021907/5bc6200f09d3f22f508bee20/html5/thumbnails/36.jpg)
Copyright of GovTech © Not to be reproduced unless with explicit consent by GovTech.
Cybersecurity
is an
Enabler
Copyright of GovTech © Not to be reproduced unless with explicit consent by GovTech.36
![Page 37: Cybersecurity in Government - workspace.unpan.orgworkspace.unpan.org/sites/Internet/Documents/UNPAN98139.pdf · Agenda. Cyber Threats & ... Email & Intranet Internet Surfing Other](https://reader031.fdocuments.us/reader031/viewer/2022021907/5bc6200f09d3f22f508bee20/html5/thumbnails/37.jpg)
Thank you