CNIC Information System with Pakdata Cf In Pakistan
Cyber Security and the National Central Banks
1. Cyber Security and the National
Central Banks
CPEXPO Community Protection
Genova, October 30th 2013
Servizio Innovazione e sviluppo informatico
Divisione Architettura, infrastrutture e sicurezza
1
2. AGENDA
1. Introduction
2. The Cyber Threat from a National Central Bank
Perspective
3. The Cyber Crime Economy
4. Trend prediction
5. The Central Bank Response
6. Conclusion
Servizio Innovazione e sviluppo informatico
Divisione Architettura, infrastrutture e sicurezza
2
3. 1. INTRODUCTION
Changes in IT 1/2
• “Anytime, anywhere, any platform” access to systems
• Open source platforms adopted in order to improve
access to “best of breed” technology
• “Time-to-market”: pressure for new systems/applications
• Knowledge workers, big data e business intelligence
• Social media
Servizio Innovazione e sviluppo informatico
Divisione Architettura, infrastrutture e sicurezza
3
4. 1. INTRODUCTION
Challenges for central banks
• Increasing complexity in IT systems larger
attack surface
• IT systems integrating different business lines
interdependences increase
• External counterparties and service providers
involved in business processes appropriate trust
model
Servizio Innovazione e sviluppo informatico
Divisione Architettura, infrastrutture e sicurezza
4
5. 1. INTRODUCTION
Issues to be tackled by security experts 1/2
• Can the IT continue to meet the needs of the business
while maintaining an appropriate security level?
– Not only preventive countermeasures: reactive controls
• Are IT services and infrastructure protected from Cyber
Threat?
– The new threats must be assessed against Confidentiality,
Integrity and Availability criteria having in mind the
countermeasures in place
• Are the business line aware of the new Cyber Threat
risks?
– Mitigation of perceived risks only
Servizio Innovazione e sviluppo informatico
Divisione Architettura, infrastrutture e sicurezza
5
6. 1. INTRODUCTION
Issues to be tackled by security experts 2/2
• Is the trust model still valid?
– “Security control“ of counterparties and information services
• Are all information flows under control?
– “Control” of the unstructured flow (e.g. Social Media)
• Do we spend too much or too little for the security of the
information?
– Return on Security Investment (e.g. ROSI approach)
• What are the information I “do not know”?
– We must be aware that countering Cyber Crime requires effort
in gathering relevant information
Servizio Innovazione e sviluppo informatico
Divisione Architettura, infrastrutture e sicurezza
6
7. 2. THE CYBER THREAT FROM A NATIONAL CENTRAL
BANK PERSPECTIVE
The attackers
•
•
•
•
Who are the attackers?
What are their motivations?
What are their goals?
What methods do they use?
Servizio Innovazione e sviluppo informatico
Divisione Architettura, infrastrutture e sicurezza
7
8. 2. THE CYBER THREAT FROM A NATIONAL CENTRAL
BANK PERSPECTIVE
The motivations
Attackers
Motivations
1.
Hactivists
Anti-globalization, anti-capitalism
2.
Terrorists
Ideology, political change, power, money
3.
Politically motivated
Geo-political reasons, financial benefits
4.
Criminal
organizations
Money, retaliation
5.
Employees
Retaliation, personal gain, coercion
6.
Occasional Hackers
Reputation, curiosity
Servizio Innovazione e sviluppo informatico
Divisione Architettura, infrastrutture e sicurezza
8
9. 2. THE CYBER THREAT FROM A NATIONAL CENTRAL
BANK PERSPECTIVE
The goals and methods
Goal of the Cyber Attack Method of the Cyber Attack
1.
Web site defacement
Web applications attacks
2.
DoS / DDoS
Botnets
3.
Information theft
Advanced Persistent threats (APT), Malware, Hacking,
Social Engineering
4.
Information leakage
WikiLeaks, Social Media, Forum, Web Sites
5.
Sabotage
Disabling / Bypassing security systems
6.
Intrusion
Social Engineering, Malware, APT
7.
Fraud
Social Engineering, Hacking, Malware
8.
Corruption
Unreliable internal employees
9.
Other illegal activities
Abuse of resources
Servizio Innovazione e sviluppo informatico
Divisione Architettura, infrastrutture e sicurezza
9
10. 3. THE CYBER CRIME ECONOMY
• Cyber Crime: hidden economy in good health and little affected by
increased sensitivity to security:
– $ 114 billion direct costs (Symantec, 2011)
– $ 110 billion direct costs (Symantec, 2012)
• Human Resources (hackers for hire)
• Crime-as-a-service
– "eBay”-style procurement of Cyber Attack services (viruses, k-loggers, etc.)
– Electronic payments on the "BitCoin” model
– On-demand Cyber Attacks
• Goods
Ware
Malware (source code)
« Exploit pack » (es. ZEUS)
Malware installation
Zero day exploit
Servizio Innovazione e sviluppo informatico
Divisione Architettura, infrastrutture e sicurezza
price (USD)
$100 – $100,000
$150 – $2,200
$6 – $150 (1,000 installations)
$100,000 – $5,000,000
10
11. 4. TREND PREDICTION
• More data leakages
• More politically motivated operations
• More professional malware (also on mobile devices)
• More tailor-made exploit code and attacks
• Less time for all of us to react
Servizio Innovazione e sviluppo informatico
Divisione Architettura, infrastrutture e sicurezza
11
12. 5. THE CENTRAL BANK RESPONSE – 1/3
• Cyber Risk Governance
– The management of Cyber Risk has been included in the
operational risk management framework (ORM)
– Cyber Risks have been often included in the corporate risk
management framework (ERM)
– The governance of Cyber Risk has been changing in order to
speed up the processes of decision making and incident
management
• Risk Management
– A gap analysis is in progress regarding the systems potentially
vulnerable to an attack and the existing controls at business and IT
level
– The current trust model toward external counterparties is under
assessment
– Personnel involved in critical operations or dealing with sensitive
information is subject to specific screening
Servizio Innovazione e sviluppo informatico
Divisione Architettura, infrastrutture e sicurezza
12
13. 5. THE CENTRAL BANK RESPONSE – 2/3
• Business Continuity
– The procedures to assess the extent of damage caused by an
attack are speeded
– The opportunity is considered to carry on business operations even
with IT systems under attack
– Communication processes are defined to re-establish an
appropriate level of trust internally and with external counterparties
• Awareness
– Increase of Information Security training programs
– The Central Bank senior management and the risk Committees are
regularly informed about the risk situation
– Increase of testing in Cyber Attack response plans
Servizio Innovazione e sviluppo informatico
Divisione Architettura, infrastrutture e sicurezza
13
14. 5. THE CENTRAL BANK RESPONSE – 3/3
• Strengthening of security measures for critical
applications and systems
– Connections to un-trusted networks are limited
– Privileged access to applications, data, operations is
minimized
• Reference to best practices issued by international
organizations in the industry and / or government
– Adoption of Cyber Resilience models issued by WEF, ISF,
OECD is under evaluation
Servizio Innovazione e sviluppo informatico
Divisione Architettura, infrastrutture e sicurezza
14
15. 6. CONCLUSION
• The risk associated with Cyber Threat is not just an IT problem
responses should be coordinated with the other security teams
(physical security, business continuity)
• The attacks complexity increases detection is increasingly linked
to the recognition of abnormal behaviour
• Cyber Attacks will tend to target the weakest link in the chain (e.g.
social engineering)
• The identity management and authentication functions must be
strengthened
• Information sharing and collaboration of like-minded institutions are
becoming increasingly important
Servizio Innovazione e sviluppo informatico
Divisione Architettura, infrastrutture e sicurezza
15
16. Servizio Innovazione e sviluppo informatico
Divisione Architettura, infrastrutture e sicurezza
16