Seminário de Segurança em Informática - Apresentação Andrew Cushman

Securing Critical Infrastructures
Andrew Cushman
Sr. Director Security Strategy
Trustworthy Computing – Security
 Click to edit Master text styles
– Second level
 Third level
– Fourth level
 Fifth level

Trustworthy Infrastructure Programs and Policy

Intro – Who Am I ?
• Joined Microsoft in 1990
• Worked level MSMoney, IIS, and now Security
– Second
on
• Previously Patch Tuesday & BlueHat
 Third level
– Fourth level
• Now Focused level End to End Trust
 Fifth on

Trustworthy Computing -
Security Group

Security Security Critical Security
Security Software
Engineering Science & Infra- Research
Response Integrity
Policy Engineering structure Community
Trustworthy Infrastructure Programs & Policy

Agenda

• Click to edit Master text styles
Traditional Critical Infrastructure Protection Definition
– Second level
• The Evolvinglevel Landscape
 Third
Risk
• Microsoft’sFourth level
– Critical Infrastructure Protection Program
 Fifth
– Trustworthy Policy level
– Resilient Operations
– Investments in Innovation
• Government Engagement Programs and Resources


Global Critical Infrastructure

 Critical infrastructures are generally thought of as the key
Click to edit Master text styles
– Second level
systems, services, and functions whose disruption or
 Third level
destruction would have a debilitating impact on public
– safety, commerce, and/or national security.
health andFourth level
 Fifth
These include: level
– Communications
– Energy
– Banking
– Transportation
– Public health and safety
– Essential government services


Critical Infrastructure
Cyber
Reliance on IT Security

– Second level
 Third level
Key physical and cyber level
– Fourth systems,
services, and functions
 Fifth level

Critical Cyber Systems

Software, hardware, and services
functioning as intended


Users in the World Today

– Second level
 Third level
– Fourth level
 Fifth level

As of July 2008, 1,463,632,361 people worldwide use the Internet

Source: http://www.internetworldstats.com/stats.htm

Users are Changing
General Growth International Growth
More than 250 million active users More than 50 translations available on the site, with more
More than 120 million users log on to Facebook at than 40 in development
least once each day About 70% of Facebook users are outside the United States
More than two-thirds of Facebook users are outside Platform
–
of college Second level More than one million developers and entrepreneurs from
The fastest growing demographic is those 35 years more than 180 countries
old and older
 Third level Every month, more than 70% of Facebook users engage with
–
User Engagement Fourth level Platform applications
Average user has 120 friends on the site More than 350,000 active applications currently on
 Fifth level
More than 5 billion minutes are spent on Facebook Facebook Platform
each day (worldwide) More than 200 applications have more than one million
More than 30 million users update their statuses at monthly active users
least once each day
More than 8 million users become fans of Pages Mobile
each day There are more than 30 million active users currently
Applications accessing Facebook through their mobile devices.
More than 1 billion photos uploaded to the site People that use Facebook on their mobile devices are
each month almost 50% more active on Facebook than non-mobile
More than 10 million videos uploaded each month users.
More than 1 billion pieces of content (web links, There are more than 150 mobile operators in 50 countries
news stories, blog posts, notes, photos, etc.) shared working to deploy and promote Facebook mobile products
each week
More than 2.5 million events created each month
More than 45 million active user groups exist on the
site Trustworthy Infrastructure Programs & Policy

Threats Facing Global Operations
Exponential Growth of IDs Increasingly Sophisticated Malware
Identity and access management challenging Anti-malware alone is not sufficient

160,000
B2C 120,000
Number of variants from over
7,000 malware families (1H07)
B2E
– Second level
Number of Digital IDs

B2B 80,000
mobility
 Third level Internet 40,000

0
– Fourth level

client/server Fifth level
mainframe

Pre-1980s 1980s 1990s 2000s Source: Microsoft Security Intelligence Report (January – June 2007)

Crime On The Rise Attacks Getting More Sophisticated
Largest segment by Traditional defenses are inadequate
$ spent on defense

National Interest Largest area by Spy
$ lost User
Examples:
Fastest GUI • Spyware
Personal Gain Thief growing
Applications • Rootkits
segment
Drivers • Application attacks
Trespasser
Personal Fame • Phishing/Social
O/S
engineering
Largest area by Author Hardware
Vandal volume
Curiosity Physical

Script-Kiddy Amateur Expert Specialist Trustworthy Infrastructure Programs and Policy

Malware in the World Today

– Second level
 Third level
– Fourth level
 Fifth level

Source: Microsoft Security Intelligence Report v6

Malware Infection Rates – Brasil MSRT Data
• Brazil heat map index (CCM) is 23.9, up 81.8% from 2H07
– i.e. 24 systems infected for every 1,000 systems MSRT executed on
• World to edit Master text styles
Click wide average is 10.0 with 22.7% increase since 2H07
– Second level
Lowest Infection Rates Highest Infection Rates
 Third levelLocation 1H08 2H07 % Chg. Location 1H08 2H07 % Chg.
Japan 1.8 1.5 22.8 Afghanistan 76.4 58.8 29.9
– Fourth level
Rwanda 4.2 4.2 0.3 Bahrain 29.2 28.2 3.4
5.2 4.1 25.7 Morocco 27.8 31.3 -11.4
Austria
 Fifth level
Germany 5.3 4.4 19.7
Albania 25.4 30.7 -17.4
Finland 5.7 3.8 50.9 Mongolia 24.7 29.9 -17.6
New Zealand 6.0 3.8 58.4 Brazil 23.9 13.2 81.8
India 6.2 5.5 12.3 Iraq 23.6 23.8 -1.1
Malaysia 6.3 4.6 35.6 Dominican Republic 23.2 24.5 -5.2
Latvia 6.3 5.1 22.9 Egypt 22.5 24.3 -7.5
Indonesia 6.4 6.9 -7.0 Saudi Arabia 22.3 22.2 0.4
China 6.6 4.7 41.1 Tunisia 21.9 15.9 37.3
Uruguay 6.6 5.6 17.6 Turkey 21.9 25.9 -15.4
Denmark 6.8 4.9 38.7 Jordan 21.6 20.4 5.5
Australia 6.9 4.9 41.7 Former Yugoslav 21.1 16.3
Switzerland 6.9 5.5 26.4 Republic of Macedonia 29.8
Hong SAR 7.0 6.1 15.1 Lebanon 20.2 20.6 -1.8
Czech Republic 7.1 5 41.6 Yemen 20.1 17.7 13.7
Italy 7.1 5.3 34.5 Portugal 19.6 14.9 31.7
Ireland 7.3 5.3 36.4 Algeria 19.5 22.2 -12.2
Philippines 7.4 7.3 2.0 Libya 19.5 17.3 13.1
Belarus 7.6 7.1 7.0 Mexico 17.3 14.8 17.0
Singapore 7.6 5.0 52.2 United Arab Emirates 17.3 18.2 -4.8
Sweden 7.6 6.1 25.3 Monaco 17.0 13.7 23.7
Argentina 7.7 6.6 16.6 Serbia 16.6 11.8 41.4
Netherlands 7.8 5.9 32.3Trustworthy Infrastructure Programs and Policy
Bosnia and Herzegovina 16.3 12.8 27.5
Jamaica 16.3 15.0 8.9

Malware Trends Around the Globe
Misc
Misc. Trojans Trojans
Trojans 24.7% 28.5% 39.0%
Germany
– France
Second level
Misc. Potentially
Norway
 ThirdUnwanted SW
level
20.8% Trojan Trojan
Downloaders
– Fourth level Downloaders &
& Droppers
Droppers 24.4%
22.2%
 Fifth level
Misc Trojans Misc.
28.5% Potentially
Unwanted
SW
UK Hungary Italy 23.3%

Other Trojan Misc Trojans
Trojan
Trojans Downloaders & 23.0%
Downloaders &
19.6 % Droppers 25.9%
Droppers 23.6%

Worms Misc Trojans
32.2 % 29.4%

Russia China Trojans US
Trojan
17.9 %
Downloaders & Trojan Misc.
Droppers 14.3% Downloaders & Critical Infrastructure Protecti
Potentially
Droppers 24.4% Unwanted SW
32.5%

Top Threats in Brasil
Disinfected Threats by Category in 1H08
 Click to edit Master text1H08 Disinfection Machines in Brazil, by
styles category
Category – Second Infected computers
level PWS and Monitoring
Backdoor Spyware
Tools
Other Trojans  Third level
1,294,084
3.1%
1.7%
0.4%
Virus All Other
Worm – Fourth level Trojan Downloader
246,470
1.9% 0.8% Exploit
and Dropper 0.1%

Other PUS
 Fifth level
185,305
5.5%

Adware
Adware 181,405 8.2%
Trojan Downloader and
Dropper 122,010 Other PUS
8.4% Other Trojans
Backdoor 69,289 58.6%
Worm
Virus 43,079 11.2%

PWS and Monitoring Tools 37,775

Spyware 9,705

Exploit 2,381

All Other 17,853


Microsoft's Vision for Critical
Infrastructure Protection
– Second level
 Third level
– Fourth level
 Fifth level


Infrastructure Protection

– Second level
 Third level
– Fourth level
 Fifth level

National Strategies

Directives/Policies
Policy
Responses Emergency Response Plans


Complexity and Critical Infrastructures

– Second level
 Third level
– Fourth level
 Fifth level
Policy
Decision
Maker

Source: modified from Guarding Our Future Protecting Our Nation ’s Infrastructure Trustworthy Infrastructure Programs and Policy
Toffler Associates 2008

CIP Continuum

 Outlines edit Master text
 Click to three distinct styles
functions to create a critical
– Second level
infrastructure protection
capability level
 Third
– Fourth level
 Emphasizes the importance
of engaging with the private
Fifth level
sector to effectively plan,
manage, respond, and
protect

 Guides the development of
programs that can evolve in
a dynamic environment


Trustworthy Plans and Policies

Policy Elements Sample Statement
– Second level Critical information infrastructure (CII) provide the essential services that enable
Critical modern information societies and economies. Some CII support critical functions
 Third level and essential services so vital that the incapacitation, exploitation, or destruction,
Infrastructure
through natural disaster, technological failure, accidents or intentional attacks
–
Importance Fourth could have a debilitating effect on national security and economic well-being.
level
 Fifth level
Critical A combination of all-hazards threats (e.g., natural disaster, technological failure,
accidents or intentional attacks) and vulnerabilities, and the potential resulting
Infrastructure Risks debilitating effects on national security and economic well-being.

CIP Resiliency Prevent or minimize disruptions to critical information infrastructures, no matter
the source, and thereby help to protect the people, the economy, essential
Policy Goal/ human and government services, and national security. In the event disruptions
Statement do occur, they should be infrequent, of minimal duration, and manageable.

Public-Private Implementing the National CIIP framework includes government entities as well
as voluntary public-private partnerships involving corporate and
Partnerships nongovernmental organizations.


Trustworthy Plans and Policies –
International Telecommunications Union
 national approach toedit Masterraising awareness
A Click to cybersecurity includes text styles
about existing cyber risks, creating national structures to address
– Second level
cybersecurity, and establishing the necessary relationships that
Five Elements of a National Cyber
may be utilized to address events that occur. Assessing risk,
implementing Third level
mitigation measures, and managing Security Capability
consequences are also part of a national cybersecurity program.
–
Fourth level
A good national cybersecurity program will help protect a  Developing a National Strategy for
nation’s economy from disruption by contributing to continuity

Fifth level Cybersecurity
planning across sectors, protecting the information that is stored
in information systems, preserving public confidence,  Establishing National Government–
maintaining national security, and ensuring public health and Industry Collaboration
safety.
 Deterring Cybercrime
International Telecommunications Union  Creating National Incident
January 2008
Management Capabilities
 Promoting a National Culture of
Cybersecurity


European Union
 […]Click to edit Master text styles
ICT systems, services, networks and Challenge/
Action Plan
infrastructures […] form a vital part of European Pillar
– Second level
economy and society, either providing essential
goods and services or constituting the • Baseline of [CERT] capabilities and services for

Third level
underpinning platform of other critical pan-European cooperation
Preparedness
infrastructures. They are typically regarded as • European Public Private Partnership for
–
Fourth level
critical information infrastructures (CIIs) as their
and
Resilience (EP3R)
prevention
• European Forum for information sharing

Fifth level
disruption or destruction would have a serious
between Member States
impact on vital societal functions. Recent
examples include the large-scale cyber-attacks Detection • European Information Sharing and Alert
targeting Estonia in 2007 and the breaks of and response System (EISAS)
transcontinental cables in 2008.
• National contingency planning and exercises.
European Commission Communication on CIIP • Pan-European exercises on large-scale
Mitigation
Mar 2009 network security incidents
and recovery
• Reinforced cooperation between
National/Governmental CERTs
• Internet resilience and stability
International
• Global exercises on recovery and mitigation of
cooperation
large scale Internet incidents
Criteria for
• ICT sector specific criteria
the ICT sector


United States
The globally-interconnected digital information and
 Click to edit Master text styles Table 1: Near-Term Action Plan
communications infrastructure known as “cyberspace”
underpins almost every facet of modern society and provides
–Second level
critical support for the U.S. economy, civil infrastructure, public
1. Appoint a cybersecurity policy official responsible for
coordinating the Nation’s cybersecurity policies and
safety, and national security. This technology has transformed

Third level
the global economy and connected people in ways never
activities; establish a strong NSC directorate, under the
direction of the cybersecurity policy official dual-hatted to
–
Fourth level
imagined. Yet, cybersecurity risks pose some of the most serious
the NSC and the NEC, to coordinate interagency
economic and national security challenges of the 21st Century.
development of cybersecurity-related strategy and policy.

Fifth level
[...] It is the fundamental responsibility of our government to
address strategic vulnerabilities in cyberspace and ensure that 2. Prepare for the President’s approval an updated national
the United States and the world realize the full potential of the strategy to secure the information and communications
information technology revolution. infrastructure. This strategy should include continued
evaluation of CNCI activities and, where appropriate, build
White House Cyberspace Policy Review on its successes.
May 2009
3. Designate cybersecurity as one of the President’s key
management priorities and establish performance metrics.
4. Designate a privacy and civil liberties official to the NSC
cybersecurity directorate.
…..

10. Build a cybersecurity-based identity management vision
and strategy that addresses privacy and civil liberties
interests, leveraging privacy-enhancing technologies for the
Nation.

Resilient Operations

– Second level
 Third level
Respond and
– Fourth level Assess Risk
Effective Recover Proactive
 Fifth level
Operational and
Risk Strategic
Management Monitor and Risk
Manage Risk
Detect Management


Resilient Operations –
Strategic Risk Management
Microsoft CII Risk
 Optimizes edit Master text styles Management Methodology
Click to limited resources
to protect the most critical
– Second level
infrastructure level
 Third
Determine Risk Management
Scope
 Focuses on Fourth level
–
infrastructure
objects Identify Critical Information
– Assets  Fifth level
Infrastructure Functions
– Locations
Analyze Critical Function
– Systems
Value Chain and
– Functions Interdependencies
 Based on defined
methodology strategies Assess Critical Function Risk
– Bottom up
– Top-down Prioritize and Treat Critical
Function Risk


Operational Risk Management
– Second level
 Third level
– Fourth level
 Fifth level


Critical Infrastructure Exercises
 Value
 Click to Awareness
 Builds
edit Master text styles
– Second level
 Promotes Partnerships
 Third level
 Improves Information-Sharing
– Fourth level
 Identifies Preparedness Gaps
 Addresses  Fifth level Collaboration
Gaps through
 Microsoft's Critical Infrastructure Resiliency
Exercise Guide
 A detailed, step-by-step, “how-to” process to plan,
conduct, and learn from critical infrastructure
exercises.
 Suggestions for how to carry out each step in an
exercise,
 Background materials, references, templates, and
PowerPoint briefings related to each step of the
exercise process.


Investments in Innovation

–
Practices
Second level
Programs
• Security Development • Microsoft Active
 Third Lifecycle (SDL)
level Protection Program
• Risk Management
– Fourth level (MAPP)
Frameworks • Government Security
 Fifth level
• Exercise Guide Program
• SAFECode & ICASI

Research Education
• Botnet Mitigation • Security Intelligence
• Secure Internet Report
Protocols • Security Curriculum
• Community Guidance
Information
Management


Evolving Communications
Advance
MSRC Notification
Blog Microsoft
 Click to edit Master text styles Security
Security Response
– Second level
Alliance
Advisory level
 Third
– Fourth level CSO
 Fifth level Council
Microsoft
Security Bulletin MMPC
Blog
Webcast
SVRD
Blog
CSO Call Microsoft
Active
Protections
Program SDL Blog

Investments in Innovation –
Developing Secure Software
 Three publications
– Second level
 Software Assurance: An
 Third level Overview of Current Industry
 Dedicated to increasing trust in
– Fourth level Best Practices
information andFifth level
 communications  Fundamental Practices for Secure
Software Design
technology products and services and Development
through the advancement of proven  The Software Supply Chain
software assurance methods Integrity Framework: Defining
 Consists of six members (EMC, Risks and Responsibilities for
Securing Software in the Global
Juniper, Microsoft, Nokia, SAP, and Supply Chain
Symantec)  An International Advisory Board to
 Co-chaired by Microsoft and Nokia guide global efforts


Investments in Innovation –
Coordinating multi-vendor response
– Second level
Developing operational
 Third level coordination and thought
– Fourth level leadership products
 Enhances the global security landscape
 Fifth level
by driving excellence and innovation in  The Unified Security
security response practices; and by Incident Response Plan
enabling its members to proactively (USIRP)
collaborate to analyze, mitigate, and  A new paper on security
resolve multi-vendor, global security response planning with the
challenges working title of Certainties
for an Uncertain Future:
 Made up of five companies currently Building Tomorrow’s
(Cisco, IBM, Intel, Juniper, Microsoft) Security Response Today


Shaping innovative CIP approaches

– Second level
 Third level
– Fourth level
 Fifth level


– Second level
 Third level
– Fourth level
 Fifth level

© 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not

be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation.
MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

 Click to edit Master text styles IT Underground

– Second level DIMVA
T2 CCC

 Third level
What the hack

– Fourth level BlackHat Europe

 Fifth level
EUSec
Metricon
ShmooCon
HotSec POC
Ph Neutral
Usenix PacSec
HOPE DeepSec
CanSecWest BlackHat Japan
BlackHat DC Hackivity
Layer 1 RSA USA XCon VNSec
Hack .Lu
ToorCon SANS HITB

BlackHat USA BCS
PakCon
Security Opus Defcon G -Con Identity Summit
SC &I
Congreso De Seguridad
HITB
H 2H Conference
BlackHat Asia KiwiCon
YSTS
FIRST

SyScAn AusCERT
BA-Con
Bellua Asia RUXCON
ekoPartye


Seminário de Segurança em Informática - Apresentação Andrew Cushman

Recomendados

Recomendados

Mais conteúdo relacionado

Mais procurados

Mais procurados (11)

Semelhante a Seminário de Segurança em Informática - Apresentação Andrew Cushman

Semelhante a Seminário de Segurança em Informática - Apresentação Andrew Cushman (20)

Mais de Fiesp Federação das Indústrias do Estado de SP

Mais de Fiesp Federação das Indústrias do Estado de SP (20)

Último

Último (20)

Seminário de Segurança em Informática - Apresentação Andrew Cushman