computer security and physical protection
play

computer security and physical protection Mike StJohn-Green - PowerPoint PPT Presentation

Sep 20, 2023 •233 likes •407 views

Differences between defence-in-depth for computer security and physical protection Mike StJohn-Green Independent consultant, UK Michael@stjohn-green.co.uk Medieval castle with its concentric walls Digital technology Also known as

  1. Differences between defence-in-depth for computer security and physical protection Mike StJohn-Green Independent consultant, UK Michael@stjohn-green.co.uk

  2. Medieval castle with its concentric walls

  3. Digital technology Also known as Programmable Digital systems and Computer-based systems Images: www. wallpapercave.com

  4. Cyberspace … Is the notional environment … that harnesses the power of networked digital technology Images: www. Wallpapercave.com

  5. Differences between Cyberspace and physical space 1. Lack of determinism, instinct and intuition https://giphy.com/gifs/super-mario-maker-W9xUtJVpgSyHu

  6. Differences between Cyberspace and physical space Moore’s Law 100x increase in transistors every ten years 1. Lack of determinism, instinct and intuition 2. Pace of change https://www.economist.com/blogs/economist-explains/2015/04/economist-explains-17

  7. Differences between Cyberspace and physical space Neilsen’s Law 50x increase every ten years in Internet connectivity 1. Lack of determinism, instinct and intuition 2. Pace of change https://www.nngroup.com/articles/law-of-bandwidth/

  8. Differences between PLENTY OF SCOPE FOR FAULTS: Cyberspace and physical space SOFTWARE COMPLEXITY Software size doubles every 4 years 1. Lack of determinism, instinct and intuition 2. Pace of change 3. Unknown vulnerabilities http://www.engineeringnewworld.com

  9. Differences between ALL DIGITAL TECHNOLOGY IS PART Cyberspace and physical space OF THE GLOBAL INTERNET 1. Lack of determinism, instinct and intuition 2. High pace of change 3. Unknown vulnerabilities 4. Indistinct boundaries www.wallpapercave.com, Wikimedia.org – 68040 microprocessor

  10. Differences between THE EVIDENCE IS IN PLAIN VIEW: Cyberspace and physical space 1. Lack of determinism, instinct and intuition European companies take an average of 469 days to discover attackers in their 2. High pace of change system. 3. Unknown vulnerabilities Global average is 146 days – based on analysis by Mandiant in 2016 4. Indistinct boundaries The average dwell-time of attackers is 229 days – FireEye in 2014 5. Unreliable detection methods www.wallpapercave.com,

  11. Differences between PPS And computer security 1. Deterrence ATTRIBUTION IS VERY DIFFICULT 2. Detection WE HEARD – DECTECTION IS UNRELIABLE 3. Delay THEREFORE CANNOT RELY ON DELAY 4. Response RESPONSE IS STILL VITALLY IMPORTANT; FALSE ALARMS MAY BE HIGHER PACE OF CHANGE MAKES THIS CHALLENGING; 5. Design Basis Threat MUST DEAL WITH BLENDED ATTACKS

  12. Networks not What does this mean for associated with the Defence-in-depth? facility Digital Asset SL5 Digital Asset SL5 Zone SL5 Digital Asset SL5 Zone SL5 Digital Asset SL4 Security Digital Asset SL4 Zone SL4 Level 5 Digital Asset SL4 Digital Asset SL4 Digital Asset SL4 Digital Asset SL4 SDA SL3 Zone SL4 Zone SL4 Zone SL3 SDA SL3 SDA SL3 SDA SL3 SDA SL3 Security SDA SL2 Zone SL3 Digital Asset SL2 Zone SL3 Level 4 Security measure SDA SL2 SDA SL2 SDA SL2 Zone SL2 Zone SL2 Security SDA SL1 SDA SL1 Level 3 Security Zone SL1 Level 2 Security Level 1

  13. Networks not What does this mean for associated with the Defence-in-depth? facility Digital Asset SL5 Digital Asset SL5 Zone SL5 Digital Asset SL5 Zone SL5 Digital Asset SL4 Security Digital Asset SL4 Zone SL4 Level 5 Digital Asset SL4 Digital Asset SL4 Digital Asset SL4 Digital Asset SL4 SDA SL3 Zone SL4 Zone SL4 Zone SL3 SDA SL3 SDA SL3 SDA SL3 SDA SL3 Security SDA SL2 Zone SL3 Digital Asset SL2 Zone SL3 Level 4 Security measure SDA SL2 SDA SL2 SDA SL2 Zone SL2 Zone SL2 Security SDA SL1 SDA SL1 Level 3 Security Zone SL1 Level 2 Security Level 1

  14. Networks not What does this mean for associated with the Defence-in-depth? facility Digital Asset SL5 Digital Asset SL5 Zone SL5 Digital Asset SL5 Zone SL5 Digital Asset SL4 Security Digital Asset SL4 Zone SL4 Level 5 Digital Asset SL4 Digital Asset SL4 Digital Asset SL4 Digital Asset SL4 SDA SL3 Zone SL4 Zone SL4 Zone SL3 SDA SL3 SDA SL3 SDA SL3 SDA SL3 Security SDA SL2 Zone SL3 Digital Asset SL2 Zone SL3 Level 4 Security measure SDA SL2 SDA SL2 SDA SL2 Zone SL2 Zone SL2 Security SDA SL1 SDA SL1 Level 3 Security Zone SL1 Level 2 Security Level 1

  15. Some conclusions • Digital technologies bring unparalleled benefits • Computer security defences are imperfect at best • Deterrence is difficult, delay is problematic to quantify • Defence-in-depth is important but different – diversity is significant • Resilience to cyber-attack may require changing the architecture • Cyber design basis threat is a difficult concept • Blended attack scenarios are vital, vital, vital! • This raises some difficult questions for organisations

  16. Differences between defence-in-depth for computer security and physical protection Mike StJohn-Green Independent consultant, UK Michael@stjohn-green.co.uk

Recommend

METHODOLOGY FOR NUCLEAR FACILITY & PHYSICAL PROTECTION SYSTEMS Nelson K. Agbemava ICT and

METHODOLOGY FOR NUCLEAR FACILITY & PHYSICAL PROTECTION SYSTEMS Nelson K. Agbemava ICT and

NUCLEAR REGULATORY AUTHORITY, GHANA COMPUTER SECURITY DESIGN METHODOLOGY FOR NUCLEAR FACILITY & PHYSICAL PROTECTION SYSTEMS Nelson K. Agbemava ICT and Computer Security Section Head Instrumentation & ICT Department Radiological &

180 views • 14 slides
Complementarity between Nuclear Security and Physical Protection System Pr, ABDELOUAHED CHETAINE

Complementarity between Nuclear Security and Physical Protection System Pr, ABDELOUAHED CHETAINE

International Conference on Physical Protection of Nuclear Material and Nuclear Facilities IAEA Headquarters, Vienna, Austria 13 17 November 2017 Complementarity between Nuclear Security and Physical Protection System Pr, ABDELOUAHED

506 views • 31 slides
Benchmarking Security Standards and Knowledge Innovations of Physical Protection of Nuclear

Benchmarking Security Standards and Knowledge Innovations of Physical Protection of Nuclear

International Conference on Physical Protection of Nuclear Material and Nuclear Facilities, IAEA Headquarters Vienna, Austria, 13 17 November, 2017 Benchmarking Security Standards and Knowledge Innovations of Physical Protection of

420 views • 21 slides
ORC Chapter 420-3-26-.15 and 10 CFR Part 37 Changes to Physical Security Protection Requirements

ORC Chapter 420-3-26-.15 and 10 CFR Part 37 Changes to Physical Security Protection Requirements

ORC Chapter 420-3-26-.15 and 10 CFR Part 37 Changes to Physical Security Protection Requirements A Brief History of Security Measures - 11/14/05 - EA-05-090: NRC Order Imposing Increased Controls (IC). In Alabama the Orders were implemented by

498 views • 27 slides
Chapter 20 Silberschatz and Galvin Security Protection and Security Protection is a strictly

Chapter 20 Silberschatz and Galvin Security Protection and Security Protection is a strictly

Chapter 20 Silberschatz and Galvin Security Protection and Security Protection is a strictly internal problem Protection: mechanism for controlling the access of programs, processes, or users to the resources defined by a computer

499 views • 16 slides
CS 480/ 557 Computer Security I ntroduction to I nf ormation 1. Physical Security 2.Human

CS 480/ 557 Computer Security I ntroduction to I nf ormation 1. Physical Security 2.Human

Overview CS 480/ 557 Computer Security I ntroduction to I nf ormation 1. Physical Security 2.Human Security 3.Program Security Security Computer security threats Unintentional: - Coding faults - Operational faults -

238 views • 8 slides
Introduction to Computer Security Rev. Sept 2015 What is Computer Security? 2 Computer

Introduction to Computer Security Rev. Sept 2015 What is Computer Security? 2 Computer

Introduction to Computer Security Rev. Sept 2015 What is Computer Security? 2 Computer Security is the protection of computing systems and the data that they store or access 3 Why is Computer Security Important? Computer Security allows

690 views • 19 slides
A Brief Intro to Security December 5th, 2013 What is Computer Security? The protection

A Brief Intro to Security December 5th, 2013 What is Computer Security? The protection

A Brief Intro to Security December 5th, 2013 What is Computer Security? The protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability, and

296 views • 14 slides
Tools for Security Physical security Access control Encryption Authentication

Tools for Security Physical security Access control Encryption Authentication

Tools for Security Physical security Access control Encryption Authentication Encapsulation Intrusion detection Common sense Lecture 2 Page 1 CS 236 Online Physical Security Lock up your computer Actually,

465 views • 35 slides
{Summary} Structure, Staffing the Physical and Security of the Protection of the Proposed

{Summary} Structure, Staffing the Physical and Security of the Protection of the Proposed

CONSIDERATIONS FOR THE DESIGN AND IMPLEMENTATION OF PHYSICAL PROTECTION FOR A PROPOSED MULTI-PURPOSE RESEARCH REACTOR COMPLEX (MPRRC) The Need for the Introduction Proposed MPRRC Ofodile O.N. and Agedah E.C. Nigeria Atomic Energy Commission,

506 views • 24 slides
CS 598 - Computer Security in the Physical World: Project Submission #1 & Pacemakers and

CS 598 - Computer Security in the Physical World: Project Submission #1 & Pacemakers and

CS 598 - Computer Security in the Physical World: Project Submission #1 & Pacemakers and Implantable Cardiac Defibrillators Professor Adam Bates Fall 2016 Security & Privacy Research at Illinois (SPRAI) Oct 4th Deliverable

792 views • 20 slides
Introduction Attacks Security Goals Fall 2010 CS 334 Computer Security 1 What is Computer

Introduction Attacks Security Goals Fall 2010 CS 334 Computer Security 1 What is Computer

Introduction Attacks Security Goals Fall 2010 CS 334 Computer Security 1 What is Computer Security? Generally concerned with protection of computer related assets Risk analysis and management! Manage could mean prevention of

537 views • 26 slides
OS Security Thierry Sans Security is a wide topic CSCD27 Computer and Network Security covers

OS Security Thierry Sans Security is a wide topic CSCD27 Computer and Network Security covers

OS Security Thierry Sans Security is a wide topic CSCD27 Computer and Network Security covers Cryptography Network security System security Web security (recap) Protection File systems implement a protection system Who

800 views • 30 slides
Physical Information Security Fall 2010 CS461/ECE422 Computer Security I Reading Material

Physical Information Security Fall 2010 CS461/ECE422 Computer Security I Reading Material

Physical Information Security Fall 2010 CS461/ECE422 Computer Security I Reading Material Secrets of Computer Espionage Chapter 5 Soft TEMPEST paper http://www.cl.cam.ac.uk/~mgk25/ih98-tempest.pdf Outline Forensics/Spying

595 views • 46 slides
Physical Information Security Fall 2009 CS461/ECE422 Computer Security I Reading Material

Physical Information Security Fall 2009 CS461/ECE422 Computer Security I Reading Material

Physical Information Security Fall 2009 CS461/ECE422 Computer Security I Reading Material Secrets of Computer Espionage Chapter 5 Soft TEMPEST paper http://www.cl.cam.ac.uk/~mgk25/ih98-tempest.pdf Outline Forensics/Spying

771 views • 47 slides
Potential Weaknesses in the Cyber Systems of High-Security Physical Protection Systems John F.

Potential Weaknesses in the Cyber Systems of High-Security Physical Protection Systems John F.

Photos placed in horizontal position with even amount of white space between photos and header Potential Weaknesses in the Cyber Systems of High-Security Physical Protection Systems John F. Clem IAEA-CN-254-298 Sandia National Laboratories is

503 views • 17 slides
Physical Protection Measures for NM and NF Hosik YOO Korea Institute of Nuclear

Physical Protection Measures for NM and NF Hosik YOO Korea Institute of Nuclear

ROKs Efforts to Strengthen Physical Protection Measures for NM and NF Hosik YOO Korea Institute of Nuclear non-proliferation and Control Legal Framework APPRE (Act on Physical Protection & Radiological Emergency) Act for physical

684 views • 13 slides
Computer Security Foundations What is Security? Attacker Assets Threat Counter- measure

Computer Security Foundations What is Security? Attacker Assets Threat Counter- measure

IN3210 Network Security Computer Security Foundations What is Security? Attacker Assets Threat Counter- measure Computer Security Security of computers and networks Protection of digital assets Axioms of Computer Security:

240 views • 23 slides
Verifying Operational Effectiveness For Physical www.sandia.gov Protection Systems Charlie

Verifying Operational Effectiveness For Physical www.sandia.gov Protection Systems Charlie

Verifying Operational Effectiveness For Physical www.sandia.gov Protection Systems Charlie Nickerson Nuclear Cyber Programs Idaho National Laboratory Janice Leach Physical Security Analysis Sandia National Laboratories November 2017

300 views • 10 slides
Outline OS security: protection and isolation CSci 5271 OS security: authentication

Outline OS security: protection and isolation CSci 5271 OS security: authentication

Outline OS security: protection and isolation CSci 5271 OS security: authentication Introduction to Computer Security Announcements intermission Day 9: OS security basics Stephen McCamant Basics of access control University of Minnesota,

269 views • 8 slides
Legislative and Regulatory Framework for the Physical Protection of Nuclear Material and Nuclear

Legislative and Regulatory Framework for the Physical Protection of Nuclear Material and Nuclear

Legislative and Regulatory Framework for the Physical Protection of Nuclear Material and Nuclear Facilities in Nigeria By Dr. Nasiru-Deen A. Bello Director - Nuclear Safety, Physical Security & Safeguards Nigerian Nuclear Regulatory

207 views • 19 slides
Sanctions as a Legal Deterrence Mean in the National Physical Protection Regime (CN-254-76)

Sanctions as a Legal Deterrence Mean in the National Physical Protection Regime (CN-254-76)

International Conference on Physical Protection of Nuclear Material and Nuclear Facilities 13 17 November 2017 Sanctions as a Legal Deterrence Mean in the National Physical Protection Regime (CN-254-76) Session: Physical Protection Regime

321 views • 17 slides
The physical protection of nuclear materials and ionizing radiation sources in Chad.

The physical protection of nuclear materials and ionizing radiation sources in Chad.

- The physical protection of nuclear materials and ionizing radiation sources in Chad. Prsentation faite par Mbodou Djirab Alifei 1 Directeur Gnral de l ATRSN - The Chadian Agency of Radiation Protection and Nuclear Security (ATRSN)

150 views • 12 slides
IAEA Physical Protection Conference VIC, Vienna December 13 th - 17 th , 2017 COMPARING THE

IAEA Physical Protection Conference VIC, Vienna December 13 th - 17 th , 2017 COMPARING THE

IAEA Physical Protection Conference VIC, Vienna December 13 th - 17 th , 2017 COMPARING THE STRUCTURE OF CONCEPTS IN SAFETY AND SECURITY (view from a reactor regulator) Nstor Masriera President of the Board, ARN, Argentina Content

454 views • 18 slides

More recommend