computer security and physical protection Mike StJohn-Green - - PowerPoint PPT Presentation

computer security and physical protection
SMART_READER_LITE
LIVE PREVIEW

computer security and physical protection Mike StJohn-Green - - PowerPoint PPT Presentation

Sep 20, 2023 233 likes •408 views

Differences between defence-in-depth for computer security and physical protection Mike StJohn-Green Independent consultant, UK Michael@stjohn-green.co.uk Medieval castle with its concentric walls Digital technology Also known as

slide-1
SLIDE 1

Differences between defence-in-depth for computer security and physical protection

Mike StJohn-Green Independent consultant, UK Michael@stjohn-green.co.uk

slide-2
SLIDE 2

Medieval castle with its concentric walls

slide-3
SLIDE 3

Digital technology Also known as Programmable Digital systems and Computer-based systems

Images: www. wallpapercave.com

slide-4
SLIDE 4

Images: www. Wallpapercave.com

Is the notional environment … that harnesses the power of networked digital technology

Cyberspace …

slide-5
SLIDE 5

https://giphy.com/gifs/super-mario-maker-W9xUtJVpgSyHu

  • 1. Lack of determinism,

instinct and intuition Differences between Cyberspace and physical space

slide-6
SLIDE 6

https://www.economist.com/blogs/economist-explains/2015/04/economist-explains-17

  • 1. Lack of determinism,

instinct and intuition Differences between Cyberspace and physical space

  • 2. Pace of change

Moore’s Law

100x increase in transistors every ten years

slide-7
SLIDE 7

https://www.nngroup.com/articles/law-of-bandwidth/

  • 1. Lack of determinism,

instinct and intuition Differences between Cyberspace and physical space

  • 2. Pace of change

Neilsen’s Law

50x increase every ten years in Internet connectivity

slide-8
SLIDE 8
  • 1. Lack of determinism,

instinct and intuition Differences between Cyberspace and physical space

  • 2. Pace of change

PLENTY OF SCOPE FOR FAULTS: SOFTWARE COMPLEXITY

Software size doubles every 4 years

  • 3. Unknown vulnerabilities

http://www.engineeringnewworld.com

slide-9
SLIDE 9
  • 1. Lack of determinism,

instinct and intuition Differences between Cyberspace and physical space

  • 2. High pace of change

ALL DIGITAL TECHNOLOGY IS PART OF THE GLOBAL INTERNET

  • 3. Unknown vulnerabilities

www.wallpapercave.com, Wikimedia.org – 68040 microprocessor

  • 4. Indistinct boundaries
slide-10
SLIDE 10
  • 1. Lack of determinism,

instinct and intuition Differences between Cyberspace and physical space

  • 2. High pace of change
  • 3. Unknown vulnerabilities

www.wallpapercave.com,

  • 4. Indistinct boundaries
  • 5. Unreliable detection

methods

European companies take an average of 469 days to discover attackers in their system. Global average is 146 days – based on analysis by Mandiant in 2016

THE EVIDENCE IS IN PLAIN VIEW:

The average dwell-time of attackers is 229 days – FireEye in 2014

slide-11
SLIDE 11
  • 1. Deterrence

Differences between PPS And computer security

  • 2. Detection

ATTRIBUTION IS VERY DIFFICULT

  • 3. Delay
  • 4. Response

WE HEARD – DECTECTION IS UNRELIABLE THEREFORE CANNOT RELY ON DELAY RESPONSE IS STILL VITALLY IMPORTANT; FALSE ALARMS MAY BE HIGHER PACE OF CHANGE MAKES THIS CHALLENGING; MUST DEAL WITH BLENDED ATTACKS

  • 5. Design Basis Threat
slide-12
SLIDE 12

Security Level 5 Security Level 4 Security Level 3 Security Level 2 Security Level 1

Zone SL2 Zone SL1 Zone SL2 Zone SL3 Zone SL4 Zone SL3 Zone SL4 Zone SL5 Zone SL5 SDA SL1 SDA SL1 SDA SL2 SDA SL2 SDA SL2 SDA SL2 SDA SL3 SDA SL3 SDA SL3 SDA SL3 SDA SL3

Digital Asset SL4 Digital Asset SL4 Digital Asset SL4 Digital Asset SL4 Digital Asset SL4 Digital Asset SL5 Digital Asset SL5 Digital Asset SL5 Digital Asset SL4

Zone SL3 Zone SL4

Digital Asset SL2

Networks not associated with the facility

Security measure

What does this mean for Defence-in-depth?

slide-13
SLIDE 13

Security Level 5 Security Level 4 Security Level 3 Security Level 2 Security Level 1

Zone SL2 Zone SL1 Zone SL2 Zone SL3 Zone SL4 Zone SL3 Zone SL4 Zone SL5 Zone SL5 SDA SL1 SDA SL1 SDA SL2 SDA SL2 SDA SL2 SDA SL2 SDA SL3 SDA SL3 SDA SL3 SDA SL3 SDA SL3

Digital Asset SL4 Digital Asset SL4 Digital Asset SL4 Digital Asset SL4 Digital Asset SL4 Digital Asset SL5 Digital Asset SL5 Digital Asset SL5 Digital Asset SL4

Zone SL3 Zone SL4

Digital Asset SL2

Networks not associated with the facility

Security measure

What does this mean for Defence-in-depth?

slide-14
SLIDE 14

Security Level 5 Security Level 4 Security Level 3 Security Level 2 Security Level 1

Zone SL2 Zone SL1 Zone SL2 Zone SL3 Zone SL4 Zone SL3 Zone SL4 Zone SL5 Zone SL5 SDA SL1 SDA SL1 SDA SL2 SDA SL2 SDA SL2 SDA SL2 SDA SL3 SDA SL3 SDA SL3 SDA SL3 SDA SL3

Digital Asset SL4 Digital Asset SL4 Digital Asset SL4 Digital Asset SL4 Digital Asset SL4 Digital Asset SL5 Digital Asset SL5 Digital Asset SL5 Digital Asset SL4

Zone SL3 Zone SL4

Digital Asset SL2

Networks not associated with the facility

Security measure

What does this mean for Defence-in-depth?

slide-15
SLIDE 15

Some conclusions

  • Digital technologies bring unparalleled benefits
  • Computer security defences are imperfect at best
  • Deterrence is difficult, delay is problematic to quantify
  • Defence-in-depth is important but different – diversity is significant
  • Resilience to cyber-attack may require changing the architecture
  • Cyber design basis threat is a difficult concept
  • Blended attack scenarios are vital, vital, vital!
  • This raises some difficult questions for organisations
slide-16
SLIDE 16

Differences between defence-in-depth for computer security and physical protection

Mike StJohn-Green Independent consultant, UK Michael@stjohn-green.co.uk