Security Directions and Trends - SNIAvulnerable and interdependent with other critical...
Transcript of Security Directions and Trends - SNIAvulnerable and interdependent with other critical...
![Page 1: Security Directions and Trends - SNIAvulnerable and interdependent with other critical infrastructures . ” ... security and national defense strategy Know what information and infrastructure](https://reader031.fdocuments.us/reader031/viewer/2022011822/5ec78baf004f0f36b66d37fc/html5/thumbnails/1.jpg)
2015 SNIA Data Storage Security Summit. © Hitachi. All Rights Reserved.
Security Directions and Trends
Eric Hibbard, CISSP, CISA CTO Security & Privacy Hitachi Data Systems
![Page 2: Security Directions and Trends - SNIAvulnerable and interdependent with other critical infrastructures . ” ... security and national defense strategy Know what information and infrastructure](https://reader031.fdocuments.us/reader031/viewer/2022011822/5ec78baf004f0f36b66d37fc/html5/thumbnails/2.jpg)
2015 SNIA Data Storage Security Summit. © Hitachi. All Rights Reserved.
Securing the Critical Infrastructure and Social Infrastructure of Tomorrow
2
![Page 3: Security Directions and Trends - SNIAvulnerable and interdependent with other critical infrastructures . ” ... security and national defense strategy Know what information and infrastructure](https://reader031.fdocuments.us/reader031/viewer/2022011822/5ec78baf004f0f36b66d37fc/html5/thumbnails/3.jpg)
2015 SNIA Data Storage Security Summit. © Hitachi. All Rights Reserved.
Center for European Policy Studies
CEPS Task Force Report, Protecting Critical Infrastructure in the EU "…several governments around the world have concluded that
infrastructures that are considered to be ‘critical’ are increasingly vulnerable and interdependent with other critical infrastructures.”
“…the continuity of government, for business operations and for the supply of basic services to citizens has become so high that a disruption of any of these fundamental assets can cause considerable damage.”
3
![Page 4: Security Directions and Trends - SNIAvulnerable and interdependent with other critical infrastructures . ” ... security and national defense strategy Know what information and infrastructure](https://reader031.fdocuments.us/reader031/viewer/2022011822/5ec78baf004f0f36b66d37fc/html5/thumbnails/4.jpg)
2015 SNIA Data Storage Security Summit. © Hitachi. All Rights Reserved.
Critical Infrastructure Sectors
Identifying the elements of critical infrastructure is fraught with difficulties; globally inconsistent
Differ from country to country, but generally include: transportation systems (air, rail, road, sea); energy production and shipping; government facilities and services, including, in particular,
defense, law enforcement and emergency services ; information and communication technology; food and water; public health and health care; financial institutions.
US=16 sectors; CA=10 sectors; EU=12 sectors; UK=9 sectors; JP=10 sectors.
4
![Page 5: Security Directions and Trends - SNIAvulnerable and interdependent with other critical infrastructures . ” ... security and national defense strategy Know what information and infrastructure](https://reader031.fdocuments.us/reader031/viewer/2022011822/5ec78baf004f0f36b66d37fc/html5/thumbnails/5.jpg)
2015 SNIA Data Storage Security Summit. © Hitachi. All Rights Reserved.
U.S. Critical Infrastructure
Less than 20% controlled by government Significant vulnerabilities exist Cybersecurity a major focus Interdependencies can result in cascading failures
5
![Page 6: Security Directions and Trends - SNIAvulnerable and interdependent with other critical infrastructures . ” ... security and national defense strategy Know what information and infrastructure](https://reader031.fdocuments.us/reader031/viewer/2022011822/5ec78baf004f0f36b66d37fc/html5/thumbnails/6.jpg)
2015 SNIA Data Storage Security Summit. © Hitachi. All Rights Reserved.
Threat Landscape for Critical Infrastructure (CI)
U.S. Department of Homeland Security, Strategic National Risk Assessment, December 2011, http://www.dhs.gov/xlibrary/assets/rma-strategic-national-risk-assessment-ppd8.pdf. The full results of the SNRA are classified.
6
![Page 7: Security Directions and Trends - SNIAvulnerable and interdependent with other critical infrastructures . ” ... security and national defense strategy Know what information and infrastructure](https://reader031.fdocuments.us/reader031/viewer/2022011822/5ec78baf004f0f36b66d37fc/html5/thumbnails/7.jpg)
2015 SNIA Data Storage Security Summit. © Hitachi. All Rights Reserved.
CI Protection Catapulted to the forefront
Several incidents of various nature Widespread concern Edge of cyber-warfare, state-sponsored actions
2010 Stuxnet
2011 Duqu 2012
Gauss 2012 Flame 2014
Dragonfly 2014 Regin
7
![Page 8: Security Directions and Trends - SNIAvulnerable and interdependent with other critical infrastructures . ” ... security and national defense strategy Know what information and infrastructure](https://reader031.fdocuments.us/reader031/viewer/2022011822/5ec78baf004f0f36b66d37fc/html5/thumbnails/8.jpg)
2015 SNIA Data Storage Security Summit. © Hitachi. All Rights Reserved.
“National Emergency”
President Obama declared on April 1, 2015 that the rising number of cyberattacks against the United States is a national emergency and issued an executive order that would sanction those behind the attacks.
8
![Page 9: Security Directions and Trends - SNIAvulnerable and interdependent with other critical infrastructures . ” ... security and national defense strategy Know what information and infrastructure](https://reader031.fdocuments.us/reader031/viewer/2022011822/5ec78baf004f0f36b66d37fc/html5/thumbnails/9.jpg)
2015 SNIA Data Storage Security Summit. © Hitachi. All Rights Reserved.
CI Protection Initiatives
http://www.lanl.gov/programs/nisac/cipdss.shtml
9
![Page 10: Security Directions and Trends - SNIAvulnerable and interdependent with other critical infrastructures . ” ... security and national defense strategy Know what information and infrastructure](https://reader031.fdocuments.us/reader031/viewer/2022011822/5ec78baf004f0f36b66d37fc/html5/thumbnails/10.jpg)
2015 SNIA Data Storage Security Summit. © Hitachi. All Rights Reserved.
Where is the U.S. public sector going?
• Direct impact on the lives of citizens
• Direct impact on the operations of government
• Accidental loss and Open Source Intelligence
• Resilience and continuity of operations
• Educate the users
• Intelligence driven • Dynamic and
mobile • Process and
people driven
• Info-sharing • Threat
mitigation • Incident
response
Rethink national security and national
defense strategy
Know what information and
infrastructure assets to be protected
Understand the value of information
Cybersecurity is no longer just about
firewalls, VPNs and Antivirus
Cooperation structures between government & CI owners/operators
10
![Page 11: Security Directions and Trends - SNIAvulnerable and interdependent with other critical infrastructures . ” ... security and national defense strategy Know what information and infrastructure](https://reader031.fdocuments.us/reader031/viewer/2022011822/5ec78baf004f0f36b66d37fc/html5/thumbnails/11.jpg)
2015 SNIA Data Storage Security Summit. © Hitachi. All Rights Reserved.
Changing ICT Landscape
11
![Page 12: Security Directions and Trends - SNIAvulnerable and interdependent with other critical infrastructures . ” ... security and national defense strategy Know what information and infrastructure](https://reader031.fdocuments.us/reader031/viewer/2022011822/5ec78baf004f0f36b66d37fc/html5/thumbnails/12.jpg)
2015 SNIA Data Storage Security Summit. © Hitachi. All Rights Reserved.
Disruptive Technologies
Mobile computing Cloud computing Machine-to-machine (M2M) Big Data & Analytics Industrial Internet Internet of Things (IoT) Industry 4.0 Software Defined “Anything”
There are security & privacy issues for each
Complexity is compounded when they are used together
12
![Page 13: Security Directions and Trends - SNIAvulnerable and interdependent with other critical infrastructures . ” ... security and national defense strategy Know what information and infrastructure](https://reader031.fdocuments.us/reader031/viewer/2022011822/5ec78baf004f0f36b66d37fc/html5/thumbnails/13.jpg)
2015 SNIA Data Storage Security Summit. © Hitachi. All Rights Reserved.
M2M Maturity
13
![Page 14: Security Directions and Trends - SNIAvulnerable and interdependent with other critical infrastructures . ” ... security and national defense strategy Know what information and infrastructure](https://reader031.fdocuments.us/reader031/viewer/2022011822/5ec78baf004f0f36b66d37fc/html5/thumbnails/14.jpg)
2015 SNIA Data Storage Security Summit. © Hitachi. All Rights Reserved.
M2M analytics building blocks
14
![Page 15: Security Directions and Trends - SNIAvulnerable and interdependent with other critical infrastructures . ” ... security and national defense strategy Know what information and infrastructure](https://reader031.fdocuments.us/reader031/viewer/2022011822/5ec78baf004f0f36b66d37fc/html5/thumbnails/15.jpg)
2015 SNIA Data Storage Security Summit. © Hitachi. All Rights Reserved.
How many IoT things?
NOTE: EMC and IDC are somewhat more conservative, putting the 2020 IoT population at 32 billion, while Gartner comes in with 26 billion.
15
![Page 16: Security Directions and Trends - SNIAvulnerable and interdependent with other critical infrastructures . ” ... security and national defense strategy Know what information and infrastructure](https://reader031.fdocuments.us/reader031/viewer/2022011822/5ec78baf004f0f36b66d37fc/html5/thumbnails/16.jpg)
2015 SNIA Data Storage Security Summit. © Hitachi. All Rights Reserved.
IoT Will Drive Big Data Adoption
IoT technologies will allow for real-time and accurate data sensing and transmission of that data to Internet-based systems (Web, cloud, etc.)
IoT will lead to an exponential increase in the data that an enterprise is required to manage from appliances, from machinery, from train tracks,
from shipping containers, from power stations Without the proper data-gathering in place (big data and
analytics), it will be impossible for businesses to sort through all the information flowing in from IoT systems without big data, the Internet of Things can offer an
enterprise little more than noise 16
![Page 17: Security Directions and Trends - SNIAvulnerable and interdependent with other critical infrastructures . ” ... security and national defense strategy Know what information and infrastructure](https://reader031.fdocuments.us/reader031/viewer/2022011822/5ec78baf004f0f36b66d37fc/html5/thumbnails/17.jpg)
2015 SNIA Data Storage Security Summit. © Hitachi. All Rights Reserved.
CI and Emerging Technology
Emerging technology has the potential of improving critical infrastructure Reducing costs Improving reliability and resiliency Expanding capabilities
Systems/IoT, need to be standardised, interoperable and open
The risks have to be understood and mitigated Security and safety must be embedded from inception Assume failures and employ fail-safe or fail-secure
solutions
17
![Page 18: Security Directions and Trends - SNIAvulnerable and interdependent with other critical infrastructures . ” ... security and national defense strategy Know what information and infrastructure](https://reader031.fdocuments.us/reader031/viewer/2022011822/5ec78baf004f0f36b66d37fc/html5/thumbnails/18.jpg)
2015 SNIA Data Storage Security Summit. © Hitachi. All Rights Reserved.
Looking to the Future
18
![Page 19: Security Directions and Trends - SNIAvulnerable and interdependent with other critical infrastructures . ” ... security and national defense strategy Know what information and infrastructure](https://reader031.fdocuments.us/reader031/viewer/2022011822/5ec78baf004f0f36b66d37fc/html5/thumbnails/19.jpg)
2015 SNIA Data Storage Security Summit. © Hitachi. All Rights Reserved.
Social Infrastructure (Hitachi View)
19
![Page 20: Security Directions and Trends - SNIAvulnerable and interdependent with other critical infrastructures . ” ... security and national defense strategy Know what information and infrastructure](https://reader031.fdocuments.us/reader031/viewer/2022011822/5ec78baf004f0f36b66d37fc/html5/thumbnails/20.jpg)
2015 SNIA Data Storage Security Summit. © Hitachi. All Rights Reserved.
Social Infrastructure Requires Collaborative Systems
20
![Page 21: Security Directions and Trends - SNIAvulnerable and interdependent with other critical infrastructures . ” ... security and national defense strategy Know what information and infrastructure](https://reader031.fdocuments.us/reader031/viewer/2022011822/5ec78baf004f0f36b66d37fc/html5/thumbnails/21.jpg)
2015 SNIA Data Storage Security Summit. © Hitachi. All Rights Reserved.
Securing smart sustainable city systems
Highly complex ICT systems Highly interconnected components (IoT) High volume of data
21
![Page 22: Security Directions and Trends - SNIAvulnerable and interdependent with other critical infrastructures . ” ... security and national defense strategy Know what information and infrastructure](https://reader031.fdocuments.us/reader031/viewer/2022011822/5ec78baf004f0f36b66d37fc/html5/thumbnails/22.jpg)
2015 SNIA Data Storage Security Summit. © Hitachi. All Rights Reserved.
Securing the Smart Sustainable City
Cyber-security
Privacy
Data integrity
Compliance
Resilience
Smart grids
Connected healthcare
Public safety & security
Intelligent transportation
Wireless & hotspots
22
![Page 23: Security Directions and Trends - SNIAvulnerable and interdependent with other critical infrastructures . ” ... security and national defense strategy Know what information and infrastructure](https://reader031.fdocuments.us/reader031/viewer/2022011822/5ec78baf004f0f36b66d37fc/html5/thumbnails/23.jpg)
2015 SNIA Data Storage Security Summit. © Hitachi. All Rights Reserved.
Conclusions
Smart city deployments imply vulnerability Complex, heterogeneous ICT implementations Diverse stakeholders Hyper-connectivity, IoT, Big Data, Cloud Computing Data is the digital currency - Data governance is the new focus Intelligence + Processes + People + Tools
Cyber-attacks and data breaches are dangerous and costly Human lives - Data - Financial - Reputation - Credibility
Cyber-threats are here to stay Smart city must be conceived with Cybersecurity and Resilience in mind
23
![Page 24: Security Directions and Trends - SNIAvulnerable and interdependent with other critical infrastructures . ” ... security and national defense strategy Know what information and infrastructure](https://reader031.fdocuments.us/reader031/viewer/2022011822/5ec78baf004f0f36b66d37fc/html5/thumbnails/24.jpg)
2015 SNIA Data Storage Security Summit. © Hitachi. All Rights Reserved.
Thank You
24