Documente Academic
Documente Profesional
Documente Cultură
com/me
Agenda
1 2 3 4 Cyber security global problem Cyber security attacks and threats in the utilities/energy sector The Saudi Aramco case Questions & Answers
March 2013 2
Cyber Attacks
X X X
Formation of organized cyber attacks and hacking groups (e.g. anonymous). Foreign governments heavily invested in malicious codes development.
Announcement of at least 45.7 million consumer credit and debit cards numbers stolen. Stuxnet malware, with the purpose of targeting Irans nuclear programme, is discovered.
The Code Red worms widespread infection caused billions of dollars in damage.
Warfare
Terrorism
Activism
93% 67%
in 2012.
54
80%
$9m - $21m
LSEC Confidential & Proprietary All Rights Reserved PwC 2013
In 2011, someone hacked into the Curran-Gardner Water District network in Illinois and manipulated the supervisory control and data acquisition (SCADA) network resulting in destroying one of the pumps.
Business Insider
In August 2012 the information technology systems of RasGas were seriously damaged by cyber attacks. The attacks damaged the website and communications networks; however, they failed to harm the organizations production systems and capabilities.
Reuters
Online attackers successfully penetrated the Department of Energy (DOE) network in the middle of January 2013 and obtained copies of personally identifiable information (PII) pertaining to several hundred of the agency's employees and contractors in preparation for further attacks.. U.S. officials said that Iranian hackers renewed a campaign of cyber attacks against U.S. banks, targeting Capital One Financial Corp. and BB&T Corp.
informationweek
The Arabic website of news network Al-Jazeera has been defaced, apparently by pro-Syrian hackers.
BBC News LSEC Confidential & Proprietary All Rights Reserved PwC 2013
Google became the target of a phishing campaign originating in Jinan, China, and aimed at gaining access to the accounts of senior officials in the U.S., Korea and other governments, as well as those of The Wall Street Journal Chinese activists A quarter of a million Twitter users have had their accounts hacked in the latest in a string of high-profile security breaches at internet firms.
The Guardian
Middle East
In January 2012 hackers from the Middle East began a cyber exchange that resulted in the release of personal data for tens of thousands of individuals and damage to the cyber infrastructures of several regional Reuters financial institutions.
March 2013 7
The energy sector was targeted by 41% of the cyber attacks against the ICS environment in 2012.
Common cyber security vulnerabilities in SCADA & industrial control systems in 2011
50%
42% 47%
40%
Improper input validation (e.g. SQL Injection, Cross Site Scripting) and credentials management are the key cyber security threats in the ICS environments in 2011.
Improper Input Validation
20% 18% 15% 15% 21%
30%
30%
20%
12%
11% 6% 5% 3%
10%
6%
0% ICS-CERT Published Vulnerabilities 2009-2010 CSSP ICS Product Assessments 2004-2008 CSSP ICS Source: Common Cybersecurity Vulnerabilities in Assessments Industrial control Systems, May 2011 US
Department of Homeland Security March 2013 9
Attackers use different entry points to attack utilities and energy companies
Preparing for the attacks may take months where hackers silently install Trojans and gain control over internal networks. Hackers use various entry points to gain control over internal networks and prepare for their attacks and data thefts. Wireless & Mobile Social Media Hackers Websites & eServices Trojans Vendors Disgruntled Employee Removable Media
Unauthorized access to internal network Personal information
External Vulnerabilities
Installed on internal computers Default configuration Facilitate access to intruders Installation of malicious code on the private network
Having gained access to internal systems, hackers can attack SCADA systems and damage power generation, transmission, and distribution systems leading to damage to engines, transmission systems and causing massive power outages.
LSEC Confidential & Proprietary All Rights Reserved PwC 2013 March 2013 10
March 2013 13
17th Aug
Saudi Aramco issued an statement on 26th August 2012, announcing that main internal network services had been re-established. 30.000 workstations had been affected. As a precaution, remote Internet access to online resources was restricted. The company issued a follow-up report on the 10th September 2012, announcing that its electronic network was functioning normally following a complete and thorough scanning.
LSEC Confidential & Proprietary All Rights Reserved PwC 2013 March 2013 14
Espionage 5
Warfare
Terrorism
Activism
March 2013 15
This situation lasted for the +10 days of complete isolation A selection of Electronic Patient Records (EPR) were recovered 2-3 weeks after the start of the incident
LSEC Confidential & Proprietary All Rights Reserved PwC 2013 March 2013 16
Thank you
We look forward to working with you
March 2013 17
This document contains information that is proprietary and confidential to PwC, As such, the addressee should not disclose this document or any attachments in whole or in part to any third party without the prior written consent of PwC. The addressee also acknowledges that information shared here within is the intellectual property of PwC and is subject to a non disclosure agreement as recognised by the copyright and intellectual property regulations. 2013 PricewaterhouseCoopers. All rights reserved. "PricewaterhouseCoopers" and PwC refer to the network of member firms of PricewaterhouseCoopers International Limited (PwCIL). Each member firm is a separate legal entity and does not act as agent of PwCIL or any other member firm. PwCIL does not provide any services to clients. PwCIL is not responsible or liable for the acts or omissions of any of its member firms nor can it control the exercise of their professional judgment or bind them in any way. No member firm is responsible or liable for the acts or omissions of any other member firm nor can it control the exercise of another member firms professional judgment or bind another member firm or PwCIL in any way.
Backup Slides
March 2013 19
1 2
Performed cyber security assessments and/or implementations at 78% of the Fortune 500. Provided cyber security services to regional government entities in the Middle East.
3 4
Perform over 100 cyber security assessment annually Received recognition by market influencers as a leader in Security solutions
PwC was one of the establisher of the ISF (International Security Forum) and is managing ISF on behalf of its members, we have a long tradition of contributing to and making use of the ISF material.
March 2013 20
1 2 3 4 5 6
Security Strategy
Security Governance & Control Threat & Vulnerability Management Architecture, Network Security & Identity Incident Response & Forensic Investigation Business Continuity Management
Fraud Physical Theft Social Engineering Brand Infringement Industrial Espionage Threats to People Data Loss
Strategic risk
Cyber Resilience: Brand & reputational resilience IP protection Intelligence based risk management Security as a competitive advantage Protecting information assets: Information Security Information Risk Management
Value
LSEC Confidential & Proprietary All Rights Reserved PwC 2013 March 2013 22
Adopting a more active stance towards attackers & pursuing them more actively through legal means.
March 2013 23
Threat Intelligence
Transform
Cyber Security Resilience Protect Identity and Enterprise Access Security Management Architecture and Governance Cyber Security Resilience Ddqdqdqd Manage
dqddqdq
3 Cyber Incident Response & Crisis Management 4 Security Culture and Behaviours 5 Threat Intelligence