DIE SICHERHEIT UNSERER DIGITALEN INFRASTRUKTUREN BRAUCHT NEUE FORMEN DER INTERKATION UND KOOPERATION Helmut Leopold Head of Center for Digital Safety & Security AIT Austrian Institute of Technology Graz am 27. Februar 2018 (v1.0) 53. Digitaldialog “Cyber Security & unbekannte Bedrohungen”
28
Embed
DIE SICHERHEIT UNSERER DIGITALEN … · successful one has been revealed.” ... Source: N. Malisevic, Microsoft, Vienna Cyber Security Week 2018, ... (SOCs) - int. Konkurrenz ...
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
DIE SICHERHEIT UNSERER DIGITALEN INFRASTRUKTUREN BRAUCHT NEUE FORMEN DER INTERKATION UND KOOPERATION
Helmut Leopold Head of Center for Digital Safety & Security AIT Austrian Institute of Technology Graz am 27. Februar 2018 (v1.0)
technology IoT IT & OT Industry 4.0 Automated driving AI Blockchain Smart grid Smart city
digitalisation, global networking in
nova
tion
technologie´s vulnerability
CaaS Crime as a Service
com
plex
ity
System of Systems CPS Cyber Physical Systems Safety & Security Mono cultures New payment methods (Bitcoins)
Cyber crime Cyber espionage Cyber terrorism Cyber sabotage Cyber war
international dimension
Laws, conventions, cooperations
dipl
omac
y
IT dev., operation, & users
security experts
skills
Status of Cyber Security - Basic
11 27.02.2018
Dragoni, N., Giaretta, A., & Mazzara, M. (2017). The Internet of Hackable Things. ArXiv, 2017, [1707.08380], University Denmark Uni Cambridge http://androidvulnerabilities.org/press/2015-10-18 Presentation, Nimbusec, IDC conference, Vienna, September 201, www.zone-H.org
80% Passwörter sind zu einfach (default, “1234”) 70% Identifizierung von Benutzer Accounts durch ausprobieren 70% nicht verschlüsselte Netzdienste 60% User interfaces (Web-Applikationen) haben eingebaute
Schwachstellen (vulnerabilities wie XSS)
IoT devices vulnerabilities
„10k in 2k“ „The Internet of Hackable Things“ (N. Dragoni et al, TU Denmark)
5-15% aller Web- Seiten sind mit Malware infiziert
87% of all Android Phones operate with SW with known vulnerabilities – due to missing patch management
• Smart encryption (IoT, Cloud) - new privacy – user control of data
• Post-quantum encryption
IoT
Cyber Security Resilienz
International führend Virtual currencies
Forensic
Run-time- verification analog/digital CPS
AIT´S LEADING EDGE SOLUTION PORTFOLIO
21 27.02.2018
Blockchain Digital Insight platform @ AIT
““…virtual currencies such as Bitcoin establish themselves as single common currency for cybercriminals”
“Bitcoin is […] accounting for over 40% of all identified criminal-to-criminal payments.”
(Source: Europol 2015 Internet Organized Crime Threat Assessment Report
)
BLOCKCHAIN FORENSIC – INT. LEADING TECHNOLOGY FROM AUSTRIA @ AIT
VirtCrime BitCrime
SYSTEM PROTECTION BY EXERCISE & TRAINING – CYBER RANGE @ AIT
22
Enterprise ICT Environments
Simulation specific systems
Physical environment
Connected Cars
Industry 4.0
Smart grid eHealth Smart
City Digital
Transport Social media
Virtual and Simulated Physical
Cyber Security R&D
Security Technology Validation
Training Ethical Hacking
Modelling & Simulation
Test Data Generation
Architecture Scenario Planning
Threat Emulation
Cyber Exercises
Cyber Training
Connected Cars
Industry 4.0 Energy
Smart City
Digital Transport
• 200 Teilnehmer • 10 Teams a 6-8 Personen, 24
Kriti. Infr. Unternehmen • Regierungsstellen -
Österreichischen Strategie für Cyber Sicherheit (ÖSCS)
• Spielleitung
• 120 virtuelle Maschinen + ICS • 17 Terminals
NATIONALES CYBER PLANSPIEL KRITISCHE INFRASTRUKTUR, 6-7. NOVEMBER 2017 AM AIT
Nationales Cyber Sicherheitsgesetz 2018
IT Operation, Sicherheits-prozesse der Unternehmen
Sicherheits-prozesse der öffentl. Stellen
Austria als Zentrum der Cyber Security Welt Vienna Cyber Security Week 2018 Multi stake-holder conference, training & exhibition
24
Cyber crime Cyber espionage Cyber terrorism Cyber sabotage Cyber war
diplomacy technoloy
training conference exhibition
41 Länder
25 27.02.2018
CYBER SECURITY CLUSTER AUSTRIA VIENNA CYBER SECURITY WEEK, FEBRUARY 2018
Cyber Security – lack of Skills & Workforce
27 27.02.2018
2017 (ISC2) Global Information Security Workforce Study Benchmarking Workforce Capacity and Response to Cyber Risk Frost & Sullivan, Booz Allen Hamilton https://iamcybersafe.org/wp-content/uploads/2017/06/Europe-GISWS-Report.pdf
Markttreiber: • Digitalisierung in allen Segmenten • OT meets IT • Umsetzung der NIS Richtlinie • Neue Security Lösungen • lokale Serviceanbieter müssen Security Services anbieten
um eine lokale Wertschöpfung sicher zu stellen (SOCs) - int. Konkurrenz bietet „fully managed security services“ an.
WIR MÜSSEN UNSERE ARBEITSWEISE FÜR EINE SICHERE DIGITALE
ZUKUNFT ÜBERDENKEN UND IN EINEM GLOBALEN KONTEXT
KOOPERIEREN
DI Helmut Leopold, PhD Head of Center for Digital Safety & Security AIT Austrian Institute of Technology GmbH Giefinggasse, 1220 Wien, Austria [email protected] | www.ait.ac.at