building global expertise for national level cyber defensecybersecurity awareness campaign roadshow...
TRANSCRIPT
Co-confidential
Building Global Expertise for National Level Cyber Defense 28th November 2018
Mr. Goh Eng Choon
Deputy President, Cybersecurity Systems Group EVP / General Manager ST Engineering Electronics, Info-Security
Chairman, Cybersecurity Chapter
Sharing of A Cyber Security Story
Co-confidential 3 |
Source: http://theindependent.sg/spilt-milk-and-singhealth-data-breach/ https://graphics.straitstimes.com/STI/STIMEDIA/Interactives/2018/07/sg-cyber-breach/index.html
Co-confidential 4 |
Source: http://theindependent.sg/spilt-milk-and-singhealth-data-breach/ https://graphics.straitstimes.com/STI/STIMEDIA/Interactives/2018/07/sg-cyber-breach/index.html
Co-confidential 5 |
Source: http://theindependent.sg/spilt-milk-and-singhealth-data-breach/ https://graphics.straitstimes.com/STI/STIMEDIA/Interactives/2018/07/sg-cyber-breach/index.html
Senior Manager reluctant to report attack
Healthcare is the new “favorite” target!
Security Team do not get proper access to appropriate level managers
Improve Awarenes of front-end users like doctors, nurses, pharmacist and administrators
Improve Cyber-Physical System to function like tripwires with surveillance cameras and access control
Lack of Centralised C2 Platform led to Disorganised and Missing Information
Server exploited by hackers had not received security software updates for more than a year.
Improve sharing of information between government and industry players to work together as a collective system
Co-confidential 6 |
Source: http://theindependent.sg/spilt-milk-and-singhealth-data-breach/ https://graphics.straitstimes.com/STI/STIMEDIA/Interactives/2018/07/sg-cyber-breach/index.html
EMR Systems All Suffer From Common Issues
• Large attack surface with 60,000 endpoints, 6,000 servers and 3TB of Internet Traffic passing through its networks daily.
• Passwords shared or exposed.
• Open workstations.
• Ease of access versus security controls. 3:1 ratios of non-staff vs staff.
• Transactional programs with limited security features.
Co-confidential 7 |
Cybersecurity Journey So Near & Yet So Far
Singapore Experience
2005
1st Infocomm Security
Masterplan
2008
2nd Infocomm Security Masterplan
(CII)
2009
Singapore Infocomm Technology Security
Authority
2013
National Cyber Security Masterplan
& National Cybersecurity
R&D Programme
2014
National Cyber Security Centre
2015
Cybercrime Command
2016
National Cybercrime Action Plan
Source: https://www.csa.gov.sg/~/media/csa/documents/publications/singaporecybersecuritystrategy.pdf
Cyber Security Agency of Singapore
Co-confidential 8 |
Source: https://www.csa.gov.sg/~/media/csa/documents/publications/singaporecybersecuritystrategy.pdf
National Strategy
Co-confidential 9 |
“Cybersecurity is a team effort, everyone has a part to play, and everyone has to play their part. The Government will take the lead to spearhead initiatives to enhance Singapore’s cybersecurity stance, and we will need everyone’s cooperation to reap long term benefits for the cyber ecosystem. We aim to build a Smart Nation – one that will be enabled by trustworthy infrastructure and technology”
Dr Yaacob Ibrahim Member of Parliament of Singapore
Former Minister-in-charge of Cybersecurity, Singapore (1 November 2015 – 30 April 2018) Source:
https://www.csa.gov.sg/~/media/csa/documents/publications/singaporecybersecuritystrategy.pdf
Co-confidential 10 |
Source: https://www.csa.gov.sg/~/media/csa/documents/publications/singaporecyberlandscape2017.pdf?
*CMCA: offences under the Computer Misuse and Cybersecurity Act
Co-confidential 11 |
Source: https://www.csa.gov.sg/~/media/csa/documents/publications/singaporecyberlandscape2017.pdf?
2017: 23,420 2016: 2,512
phishing URLs with a Singapore-linked detected
932% *CMCA: offences under the Computer Misuse and Cybersecurity Act
Co-confidential 12 |
Source: https://www.csa.gov.sg/~/media/csa/documents/publications/singaporecybersecuritystrategy.pdf
Combat cybercrime through the National Cybercrime Action Plan
• Educate and empower the public
• Enhance the Government’s capacity and capability
• Strengthen legislation and the criminal justice framework
• Step up partnerships and international engagement
Enhance Standing as a trusted hub
• Build a trusted data ecosystem
Promote collective responsibility for cybersecurity
Co-confidential 13 |
Source: https://www.csa.gov.sg/~/media/csa/documents/publications/singaporecyberlandscape2017.pdf?
The inaugural National
Cybersecurity
Awareness Campaign
roadshow in February
2017 attracted close to
16,000 visitors from all
walks of life
Bringing the message to a younger audience through a series of Cyber Safety activity books aimed at primary school students
Co-confidential 14 |
Another Choice for Your Kid from (ISC)2
Source: https://safeandsecureonline.org/children/
Co-confidential 15 |
Source: https://www.csa.gov.sg/~/media/csa/documents/publications/singaporecyberlandscape2017.pdf?
Providing cybersecurity news and advisories, such as free tool kit, to businesses and individuals via the GoSafeOnline website and other social media platforms
Co-confidential 16 |
Source: https://www.csa.gov.sg/~/media/csa/documents/publications/singaporecybersecuritystrategy.pdf
Set up the protection of essential services • Critical Information Infrastructure (CII) Protection Programme • Security by Design
Enhance the capability to respond decisively to cyber threats
• National cyber situational awareness
Strengthen the cybersecurity governance and legislative framework
• New Cybersecurity Act
Make government systems more secure • 8 percent of the total Government ICT expenditure to
cybersecurity
CII Operators Cybersecurity Community
Government
Co-confidential 17 |
Recent Notable Attacks in Industrial Control System (ICS)
Triton • Latest attack framework - Built to interact with Triconex Safety
Instrumented System (SIS) controllers • Attacked industrial hardware in the Middle East • Well-resourced state-sponsored actor
• Ransomware targeted Kiev metro, Odessa airport and Interfax • Linked to Russia
• Ransomware affected more than 230,000 computers in 150 countries with UK NHS, European telecoms companies and Germany state railways hardest hit
• Linked to North Korea
WannaCry
NotPetya
• “Ransomware” primarily targeted organisations in Ukraine
• Spread across the world – Shut down largest terminal in Port of Los Angeles
Dec 2017
Oct 2017
May 2017
Jun 2017
Cost: US$250M - $300M
Co-confidential 18 |
Cyber Attack on Ukrainian Grid
• Dec 23, 2015: Three regional Ukrainian Electricity distribution companies – Kyivoblenergo, Prykarpattyaoblenergo and Cherivtsioblenergo – suffered power outages due to a cyber attack.
• At the same time, the attackers overwhelmed utility call centers with automated telephone calls, impacting the utilities ability to receive outage reports from customers and frustrating the response effort.
• Impact:
• 30 substations were switched off
• 230,000 people without electricity for 1 to 6 hours
• Utilities relied on manual efforts to restore electricity
Co-confidential 19 |
ICS-Specific Vulnerabilities Disclosed
Co-confidential 20 |
IT/OT Cybersecurity Environment
Page 20 Confidentiality Integrity Availability Availability Integrity Confidentiality
Information Technology (IT) Operations Technology (OT)
• IT is Dynamic
• Data is key
• Confidentiality is #1
• Security Patches frequent
• OT is Deterministic
• Process is key
• Availability is #1
• Security Patches infrequent
Co-confidential 21 |
User HMI SCADA Server
PLC / RTU Sensors / Actuators
Legacy Devices and Protocols, with
almost no security.
Cyber Attacks
The CIA AAA SAM pyramids
Confidentiality Integrity
Availability
“Systems must work as designed
when called upon in times of
crisis. The availability of these
systems must never be
questioned”
IT
IoT/OT
Safety
Maintainability
Authentication, Authorisation, Auditing
Domains
expertise
Deep
engineering
mindset
System
assurance
Detect Respond
Protect
Domains expertise – there must be
domain expertise to advise the relationship of
components, describe the contextual information
and correlation of data/records/documents.
System Assurance – system assurance
methodology must be adopted to conduct failure
analysis to identify variable component failures,
single-point-of-failure and environmental variable
changes.
Deep engineering mindset – Enterprise
IT compliance framework will not work in IoT/OT
environment; no longer are simple matrix or
compliance checklist will suffix. Contextual
enhancement will be needed to convert data to
information (knowledge to wisdom). Profiling of
components behaviour will be required.
CIA – “Industrial IT” - AIC
11/16
National SOC Architecture
People, Process & Procedure (PPP)
Security
Advanced Data Analytics System
Cyber Situational Awareness & Incident Management System
Technologies
Storage
Early Detection System
Internal Security
Governance
Government Transport Energy Water Health
care
Info Comm Media
Banking &
Finance
Cyber Threat Intel
(Land, Maritime & Aviation)
Co-confidential 24 |
Source: https://www.csa.gov.sg/~/media/csa/documents/publications/singaporecybersecuritystrategy.pdf
Government
Industry Partners
Professional Associations
Institutes of Higher Learning
Research Institutes Cybersecurity
Ecosystem
• Strategy & policy • Regulation and standard
• Value creation • Job opportunity and
career
• R&D • Innovation
• Deep expertise • 3rd Party Certification
• Skill development • Education
Co-confidential 25 |
Source: https://www.csa.gov.sg/~/media/csa/documents/publications/singaporecybersecuritystrategy.pdf
Establish a professional workforce • Clearer career pathways
• Internationally recognised certifications
• Strong communities of practice
• Up-skilling and re-skilling opportunities
Extend cybersecurity advantage through strong local companies
Attracting and anchoring companies
Nurturing start-ups
Grow local champions
Develop market opportunities
Innovate to accelerate the industry’s growth National Cybersecurity R&D Programme
R&D collaboration between the Government, academia and industry
Co-confidential 26 |
• Lack of cyber security talent pool in everywhere
• Hard to find cyber security professional with operational skills
• Training courses in the current market are mainly theoretical based training
Challenge in hiring Cyber
Security Professionals
Hardening of Systems’ Security
Security Testing & Diagnosis
Threat Intelligence
Security Detection
& Monitoring
Incident Response &
Recovery
Attack Attribution &
Forensics
1 2 3 4 5 6
Co-confidential 27 |
Cyber Security Associates & Technologists (CSAT) Project
A joint initiative by the Cyber Security Agency of Singapore and the Infocomm Media Development Authority to grow the cyber security talent pool
Aims to
train and improve the skills of fresh information and communications technology (ICT) talent and mid-career professionals
Curriculum
provides a comprehensive range of operational-centric cybersecurity practical trainings designed to bridge the operational skills gap faced by the industry
Co-confidential 28 |
Security Operation Centre (SOC) & Operations
Deep Engineering Expertise to Design, Build, Operate &
Maintain SOC
Track Records : 2011 MHA Cybersecurity Centre
2012 ST Engineering Security Operations Centre
2013 National Cybersecurity Centre
2014 Government Security Solutions
2016 Smart City Central Security Infrastructure
2017 Enhancement of cybersecurity monitoring system
2017 Government Central Infrastructure Service
2018 Singapore Power SOC
2018 LTA Log management and cybersecurity analytics solution
2018 Maritime Port Cybersecurity Operations Centre
Track records in National, Sectorial and Enterprises SOC
Co-confidential 29 |
Overarching Training Methodology Knowledge application through scenario based learning
4
AFTER ACTION REVIEW
SCENARIO
3 HANDS ON
2 THEORY
1 POSTURE
IMPROVEMENT Transfer of theory based
knowledge
SCENARIO EXERCISE
Build cognitive and analytical skills
SUMMATIVE EVALUATION
Internalize sharing and learning experience
FAMILIARIZATION
Acquaint with security tools
Build Posture Improve Maturity
Cybersecurity Training & Cyber-Range
Exercise
Co-Confidential Co-Confidential
ST Electronics Page 30
1st in the World to
incorporate Cyber-Range
into (ISC)2 SSCP Training
Trained over 2000
personnel over 150
organisations
Conducted Cyber Range Exercise for
Army, SCDF, GovTech, MAS &
OCBC
OCBC (World’s 3rd
Strongest Bank 2016)
Singapore Civil
Defence Force
Cybersecurity Training & Cyber-Range Exercises
MOU ST Engg and Army For Cyber Def Trg
Co-confidential 31 |
• Trained more than 100 CSAT Participants
• Both Fresh Graduates and Mid-Career Conversion
• Alvin Koh, at 56 converted to be a Cyber Security Professional in Vulnerability Assessment and Penetration Tester
CSAT, an Ideal platform that self-sustain in the cybersecurity ecosystem as it benefits both the trainees and organisations
Cyber Security Associates & Technologists (CSAT) Project
Co-confidential 32 |
Source: https://www.csa.gov.sg/~/media/csa/documents/publications/singaporecybersecuritystrategy.pdf
Establish a professional workforce • Clearer career pathways
• Internationally recognised certifications
• Strong communities of practice
• Up-skilling and re-skilling opportunities
Extend cybersecurity advantage through strong local companies
• Attracting and anchoring companies
• Nurturing start-ups
• Grow local champions
• Develop market opportunities
Innovate to accelerate the industry’s growth National Cybersecurity R&D Programme
R&D collaboration between the Government, academia and industry
Co-confidential 33 |
Source: https://www.stengg.com/en/innosparks/#/ https://ice71.sg/mapping-singapores-cybersecurity-startup-community/
Incubation Environment for the Future
Co-confidential 34 |
Source: https://www.csa.gov.sg/~/media/csa/documents/publications/singaporecybersecuritystrategy.pdf
Establish a professional workforce • Clearer career pathways
• Internationally recognised certifications
• Strong communities of practice
• Up-skilling and re-skilling opportunities
Extend cybersecurity advantage through strong local companies
• Attracting and anchoring companies
• Nurturing start-ups
• Grow local champions
• Develop market opportunities
Innovate to accelerate the industry’s growth • National Cybersecurity R&D Programme
• R&D collaboration between the Government, academia and industry
Co-confidential 35 |
National Cybersecurity R&D Programme (NCR)
• Launched in 2013, the NCR was supported at $130 million over five years.
• The funding supports research efforts into both technological and human-science aspects of cybersecurity
• In 2016, an additional $60 million was allocated to extend the support until 2020
Source: https://www.nrf.gov.sg/programmes/national-cybersecurity-r-d-programme
National Satellites of Excellence (SOE)
aim to develop and consolidate local cybersecurity research strengths in domains that are of national interest • Trustworthy Software
Systems • Mobile Systems Security &
Cloud Security
National Cybersecurity R&D Laboratory
aims to provide users with a wide range of ready-to-use tools for cybersecurity testing in repeatable and predictable experimentation environments
launched in 2016 to promote research, commercialisation and training in cybersecurity.
Co-confidential 36 |
Collaboration with Research Institute and Institutes of Higher Learning
Collaboration with
Cyber Security Is Not Local Play But Is Global Play.
BG(Ret) David Koh Chief Executive Cyber Security Agency and
Chief Defence Cyber Security Organisation, Ministry of Defence
Co-confidential 38 |
Source: https://www.csa.gov.sg/~/media/csa/documents/publications/singaporecybersecuritystrategy.pdf
Forge international and ASEAN cooperation to counter cyber threats and cybercrime
Champion international and ASEAN cyber capacity building initiatives
Facilitate exchanges on cyber norms and legislation
Co-confidential 39 |
Source: https://therojakplace.com/2017/09/2nd-asean-ministerial-conference-on-cybersecurity/ https://www.csa.gov.sg/~/media/csa/documents/publications/singaporecyberlandscape2017.pdf?
Singapore International Cyber Week (SICW) • Annual Event • Brings together international and regional cyber leaders to forge partnerships and
engage in critical dialogue on cybersecurity.
ASEAN Cyber Capacity Programme (ACCP) • Launched in April 2017, funding of SGD10 million, to be utilised over five years • Aims to seek to build technical, policy, and strategy-building capacities within
ASEAN Member States • More than 120 ASEAN cybersecurity officials and incident responders have been
trained
HIGHLIGHT
Co-confidential 40 |
Regional in Cooperation
Global in Perspective
Finally It Depend On You!
CONCLUSION
Thank You
Co-confidential