Masterclass: Security in data, cloud and blockchain Professor Trish - PowerPoint PPT Presentation

Masterclass: Security in data, cloud and blockchain Professor Trish Williams Cisco Chair and Professor of Digital Health Systems Co-Director of Flinders Digital Health Research Centre College of Science and Engineering Flinders University, South Australia Ivan Jasenovic Managing Director, Sicoor.com

HISA Cybersecurity Community of Practice . https://www.hisa.org.au/cybersecurity/ http://katyaburg.ru/sites/default/files/pictures/prikolnye_video/super-smeshnaya-podborka-video-pro-kotov-koty-otjigaut.jpg

Current security in e-Health

Continuum of Security https://securityledger.com/wp-content/uploads/2015/03/Fotolia_75085004_S.jpg

What to expect today? 1. Cybersecurity in healthcare – context 2. Basics test 3. Why do we need to start thinking differently? 4. What’s coming our way? 5. Blockchain in health

1. Cybersecurity in healthcare - context http://documents.trendmicro.com/images/TEx/articles/healthcare-breaches-timeline.jpg

Attack capability http://i1-news.softpedia-static.com/images/news2/dyn-ddos-attack-powered-mainly-by-mirai-botnet-509541-2.png

Mirai (IoT malware), botnets and DDOS attacks • Searches online for internet connected devices with default authentication • usernames and passwords • Build a botnet • harnessing the computation resources of equipment infected • Distributed denial of service • Design suggests it’s a platform • so many data requests the target is not just a ‘piece’ of attack flooded and can no longer respond or malware function) • Last attack was a test run https://4a7efb2d53317100f611-1d7064c4f7b6de25658a4199efb34975.ssl.cf1.rackcdn.com/dumped-source-code-hacks-iot-devices-to-build-ddos-army-showcase_image-5-p-2267.jpg

Ransomware https://digitalguardian.com/sites/default/files/26884181_m.jpg

Rarely one cause e.g. Impact on NHS of WannaCry

Why do we have this problem?

Australian healthcare = a complex system

Complex to defend… https://media.licdn.com/mpr/mpr/p/6/000/252/246/289588f.jpg

Data intensive https://www.blackpepper.co.uk/wp-content/uploads/2016/09/Big-data-blog-image.jpg

Critical Infrastructure http://www.nhisac.org/wp-content/uploads/CIKRCollage.jpg http://www.nhisac.org/wp-content/uploads/health1.jpg

Convergence and Integration • Immaturity and a lack distinction between health software and medical devices in the health mobile marketplace, presents a major challenge for the security discipline

Threat landscape • advanced I malware • Mirai • Ransomware • targeted Advanced Persistent attacks Threat • advanced persistent threats (APTs) https://s-media-cache-ak0.pinimg.com/originals/aa/5c/f1/aa5cf14cd468e04f46d7173ab76165a1.jpg

The hacking business • Healthcare is an attractive and valuable target for hackers • Ransom for $$$ • Denial of Service for malice/$$$ • Stealing confidential data • Compromising data • Identity theft • Compromising devices https://upload.wikimedia.org/wikipedia/en/0/07/H_Commerce_film_poster.jpg

New technology and new/old threats http://www.healthwareinternational.com/HP3Image/Content/internet-of-things.jpg https://img.wonderhowto.com/img/50/81/63545703386404/0/advice-from-real-hacker-protect-yourself-from-being-hacked.1280x600.jpg

https://blog.gemalto.com/wp-content/uploads/2016/09/2016-breaches-by-type-source.jpg

Unfortunately, the reality is that ….. “The healthcare sector is slow to update technology and as such is woefully unprepared for an oncoming onslaught of cyber attacks” SecurityBriefAu, March 02, 2016 Following the Mirai attack - “Hospitals survived not by design by by luck” Kevin Fu, Report to US Congress, https://securitybrief.com.au/media/cache/6a/f7/6af72e9f889fb0cc6f785790f208c1c9.jpg

But it’s not all doom and gloom….. https://i.pinimg.com/736x/34/1f/99/341f99bee46fd9f0d5da541d2c628486--cat-tunnel-train-tunnel.jpg

Continuum of Security Start Here https://securityledger.com/wp-content/uploads/2015/03/Fotolia_75085004_S.jpg

2. Basics test http://epicfails.net/wp-content/uploads/2011/04/camera_fail.jpg

Back to basics….. Passwords.... Weak or strong?  Password Rate the strength of the eight  rover passwords: – Rate 1 for the strongest  1qaz2wsx password  Fluffy19 – To 8 for the weakest password  Pa$$w0rd  :);):-:( ;):-  1qaz@WSX  21734260118924

Back to basics…..Passwords 8. rover 7. Password 6. 21734260118924 :);):-:(  ;):-  5. 4. Fluffy19 3. 1qaz2wsx 2. Pa$$w0rd 1. 1qaz@WSX

Continuum of Security Gradually moving to here https://securityledger.com/wp-content/uploads/2015/03/Fotolia_75085004_S.jpg

Lets test your knowledge…. • Does your organisation use email ? • Does your organisation send any patient related data via email? • Yes  • No – think again - https://stupidevilbastard.com/wp-content/uploads/2012/03/techsupportcat.jpg

How much do you know? Is email a secure form of communication? a) Yes b) No b) No – can be traced, intercepted, spoofed, read (unless encrypted)

What is phishing? a) Spoofed e-mails and fraudulent websites to fool recipients b) A type of computer virus c) An example of a strong password a) Spoofed e-mails and fraudulent websites to fool recipients

What do you do if you get spammed? a) Reboot with sysdoc.exe disabled b) Delete the email c) Wipe your monitor with soft cloth b) Delete the email

Phishing – real or not?

Real or not? 

What does this prove? Captcha: "Completely Automated Public Turing test to tell Computers and Humans Apart".

Continuum of Security Lets advance to here https://securityledger.com/wp-content/uploads/2015/03/Fotolia_75085004_S.jpg

3. Why do we need to start thinking differently? • Things are moving faster than we can imagine http://ichef.bbci.co.uk/wwfeatures/live/624_351/images/live/p0/0z/95/p00z9591.jpg

How do we usually approach cybersecurity? So much cybersecurity advice out there …

Layered Security https://businessinsightsdm.files.wordpress.com/2017/03/graphic-1.jpg?w=616 http://www.infoexchangeja.com/uploads/blog/Layered_Security_Diagram-01.png

Why change? Your challenges are: How do we keep up with attacks that are different, constant, and more and more sophisticated?

Continuum of Security Now to here https://securityledger.com/wp-content/uploads/2015/03/Fotolia_75085004_S.jpg

Acceptance of new ways of doing things http://slideplayer.com/10952745/39/images/6/The+Cloud+Continuum+Customer+Entry+into+Cloud+Security.jpg

4. What’s coming our way? (or is already here!) https://pbs.twimg.com/media/DHNY_r3XsAASKi5.jpg

https://media.licdn.com/mpr/mpr/AAEAAQAAAAAAAAt3AAAAJDM5NDBhN2JiLTQ2MDYtNGYxMi1hYTEwLWVmMWU2ZjhkYjQzZA.jpg

http://www.geekculture.com/joyoftech/joyimages/2340.png

Continuum of Security Ultimately to here https://securityledger.com/wp-content/uploads/2015/03/Fotolia_75085004_S.jpg

Blockchain • A blockchain is a type of distributed ledger, comprised of un-changable, digitally recorded data in packages called blocks . https://gallery.mailchimp.com/0c60818e26ecdbe423a10ad2f/images/5335b0a4-1b15-46e7-acf9-01f43ad813d7.jpg

Healthcare data security is like…

What we need to build is ……Resilience Resilience is the ability to “bounce back” from stressful or challenging experiences. It involves being able to adapt to changes and approach negative events, sources of stress and traumatic events as constructively as possible. Cyber resilience refers to an entity's ability to continuously deliver the intended outcome despite adverse cyber events http://www.motivationalmemo.com/wp-content/uploads/2012/07/resilience.jpg

Australia’s Cyber Resilience Taskforce https://www.pmc.gov.au/cyber-security/cyber-resilience-taskforce

Resilience philosophy http://4.bp.blogspot.com/-oGounP7z0S0/TiBdgq_X-TI/AAAAAAAAAfI/XjzKNvSHrqQ/s1600/1tiggerbounce.gif

Thank you Questions/Discussion