Anda di halaman 1dari 22

COMESAMEETING/2

ND
ICTSUMMUTONCYBERSECURITY
25
TH
28
TH
NOV2013
SAFARIPARKHOTEL,NAIROBI,KENYA
STUDY:PKIforCIIP
COMESAMemberstatesPreparedness
ASSESSMENT&FINDINGS
MOTSIMABUSIN
PROBLEM,CONSTRAINTS&OBSTACLES
Awareness islargelymissingwithregardsto:
Risk amountandeminencearoundmember
statescriticalinfrastructure.Minimumtono
security on critical infrastructures.
Opportunity behindimplementingPKIasa
solutiontomanagerisks(Transfer/Mitigate).
Strategies or policies addressing the security
issues are not in the scope for most critical
projects.
PROBLEM
CONSTRAINTS&OBSTACLES
AWARENESS
SENSEOFURGENCY
EXPERTISE
FORMULATINGABUSINESSCASEFORITSECURITY
COMPLEXITYOFSECURITYISSUES.
HIGHTECHNOLOGY/AVAILABLITYSYSTEMS
DEPLOYMENTSWITHOUTPROPPERSECURITY
CHALLENGES
IMPLEMENTATION
BUDGET&BUDGETING
VISUALIZINGTHESITUATION
CRITICALINFRASTRUCTURESNETWORK
(Terminals,devices,Serversandmanagementconsoles)
EXAMPLES:
POWERGRIDS/PLANTS
WATERSUPPLYSYSTEMS
AIRTRAFFICCONTROLS
REFINERIES
NEUCLEARPLANTS
TRANSPORTATIONSYSTEMS(TRAINS,METROS,..ETC)
ETC
ENGINEERIN
G
PCs/laptops
OTHER
EMPLOYEES
PCS/laptops
TESTING
Guest
WIFI
WEBAND
MAIL
SERVERS
Authentication
Database
AIRGAP(FIREWALL)
U
s
e

o
f

U
S
B

t
o

(
m
o
v
e

f
i
l
e
s
,

c
o
p
y

d
a
t
a
,

l
o
a
d

n
e
w

s
o
f
t
w
a
r
e

e
t
c
.
,
TheSCADA,PLC,oranycontrolsystem
VALVE
S
FANS
RADIATION
SENSORS
TEMPRATU
RE
READINGS
WATE
R
LEVEL
ENGINEERIN
G
PCs/laptops
OTHER
EMPLOYEES
PCS/laptops
TESTING
Guest
WIFI
WEBAND
MAIL
SERVERS
Authentication
Serversand
managemen
tPCS
Database
AIRGAP(FIREWALL)
U
S
I
N
G

U
S
B
SourceFortinet.com
SCADA,PLC,..etc.,in
industrialenvironment
THEFINDINGS
LackofAwareness[Triggers:incident,
regulation,customerdemand]
Lackoflaws,policies,&lawenforcement
capabilities.
Lackofstandards&technologies.
Scarcityinresourcesandweaknessesin
capacitybuilding.
RECOMMENDATIONS
Boostawarenessandcapacity
buildingonCIIPandPKI.
Consultants,Implementation
partner,andtechnologyselection
iscrucial
Recommendations:
DESIGNREALITYGAPmustalways
beperformedwithsuchlargescale
projects.
UNCITRAL,IETF,FIPS,ITU,and
otherinternationalPKIstandards.
Recommendations:
SAMPLESTRATEGYOFCIIP
USAFederalAviationAdministration(FAA)
hasdevelopedseveralstrategyguidelinesto
helpstrengthencyberdefense;itincludes:
Systemandnetworkshardening.
Segmentationandisolationof
systemsandnetworks.
Establishredundancyandbackupto
avoidservicedisruption
e.g., Approach to Protecting the U.S. Air Traffic Control System Against Cyber
Terrorism.
Reference:http://www.incose.org
FederalAviationAdministrationsmodelinprotectingairtrafficcontrolsystems.
Source:http://www.incose.org
FAAS APPROACHTOACHIEVETHE
STRATEGY.
Establishstrategy,policy,andguidance
Systematicallyandcontinuallyexamine
threatsandvulnerabilities
Createaninformationsystemssecurity
architecturethatrespondstothosethreats
andvulnerabilities
Implementinformationsystemsand
networksconsistentwiththearchitecture
CONT.FAAS APPROACHTO
ACHIEVETHESTRATEGY.
Establish,institutionalize,and
continuouslyimproveprocesses
Deploysecuritymeasuresincrementally
Monitorcomplianceandmeasure
progress
Managerisksproactivelyateachmajor
decisionpoint