Threats, Threat Agents, and Vulnerabilities COMM037 Computer - - PowerPoint PPT Presentation

threats threat agents and vulnerabilities
SMART_READER_LITE
LIVE PREVIEW

Threats, Threat Agents, and Vulnerabilities COMM037 Computer - - PowerPoint PPT Presentation

Feb 26, 2024 463 likes •1.57k views

Threats, Threat Agents, and Vulnerabilities COMM037 Computer Security Dr Hans Georg Schaathun University of Surrey Autumn 2010 Week 5 Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 Week 5 1 / 46

slide-1
SLIDE 1

Threats, Threat Agents, and Vulnerabilities

COMM037 Computer Security Dr Hans Georg Schaathun

University of Surrey

Autumn 2010 – Week 5

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 1 / 46

slide-2
SLIDE 2

Session objectives

Recognise the differences between common threat sources Be able to account for a wide range of threats in a risk analysis Raggad, Chapter 3 ISO 27005:2008

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 2 / 46

slide-3
SLIDE 3

Threat Identification

Outline

1

Threat Identification Threat Classification Threat Paths Approach

2

Threat Sources

3

Vulnerability Identification

4

Closure

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 3 / 46

slide-4
SLIDE 4

Threat Identification Threat Classification

Outline

1

Threat Identification Threat Classification Threat Paths Approach

2

Threat Sources

3

Vulnerability Identification

4

Closure

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 4 / 46

slide-5
SLIDE 5

Threat Identification Threat Classification

Threat Identification

ISO 27005:2008

Input Information on threats from incident reviews, asset

  • wners, users, etc.

Output A list of threats with identification of type and source. Action Identify threats and their sources.

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 5 / 46

slide-6
SLIDE 6

Threat Identification Threat Classification

Information on threats

Threat description Threat Source Threat Type Effect of Threat to Asset (consequential threats) Impact and Consequences

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 6 / 46

slide-7
SLIDE 7

Threat Identification Threat Classification

Classes of Threats

Threats Natural Manmade Accidental Human Error Software Fault Hardware Fault Intentional Outsider Insider

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 7 / 46

slide-8
SLIDE 8

Threat Identification Threat Paths

Outline

1

Threat Identification Threat Classification Threat Paths Approach

2

Threat Sources

3

Vulnerability Identification

4

Closure

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 8 / 46

slide-9
SLIDE 9

Threat Identification Threat Paths

Threat Paths

Example of Consquential Threats

Root Threat Thunderstorm Secondary Threat Fire Third-Order Threat Power outage Fourth-Order Threat Web server failure At what stage of the path do you put your controls?

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 9 / 46

slide-10
SLIDE 10

Threat Identification Threat Paths

Threat Paths

Example of Consquential Threats

Root Threat Thunderstorm Secondary Threat Fire Third-Order Threat Power outage Fourth-Order Threat Web server failure At what stage of the path do you put your controls?

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 9 / 46

slide-11
SLIDE 11

Threat Identification Threat Paths

Threat Paths

Example of Consquential Threats

Root Threat Thunderstorm Secondary Threat Fire Third-Order Threat Power outage Fourth-Order Threat Web server failure At what stage of the path do you put your controls?

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 9 / 46

slide-12
SLIDE 12

Threat Identification Threat Paths

Threat Paths

Example of Consquential Threats

Root Threat Thunderstorm Secondary Threat Fire Third-Order Threat Power outage Fourth-Order Threat Web server failure At what stage of the path do you put your controls?

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 9 / 46

slide-13
SLIDE 13

Threat Identification Threat Paths

Threat Paths

Example of Consquential Threats

Root Threat Thunderstorm Secondary Threat Fire Third-Order Threat Power outage Fourth-Order Threat Web server failure At what stage of the path do you put your controls?

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 9 / 46

slide-14
SLIDE 14

Threat Identification Threat Paths

Responsive Controls

Thunderstorm lightning diverter Fire fire alarm, fire hoses, fire extinguishers Power outage UPS Web server failure off-site backup server, 24/7 maintenance crew

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 10 / 46

slide-15
SLIDE 15

Threat Identification Threat Paths

Preventive Controls

Prevent web server failure Understanding of cause is essential Controlling the cause threat

prevents the higher-order threat

Either UPS (responsive) or upgraded power supply (preventive)

controling the power outage threat will prevent web server failure (some of the time)

Understanding threat paths is useful when planning preventive controls.

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 11 / 46

slide-16
SLIDE 16

Threat Identification Threat Paths

Preventive Controls

Prevent web server failure Understanding of cause is essential Controlling the cause threat

prevents the higher-order threat

Either UPS (responsive) or upgraded power supply (preventive)

controling the power outage threat will prevent web server failure (some of the time)

Understanding threat paths is useful when planning preventive controls.

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 11 / 46

slide-17
SLIDE 17

Threat Identification Threat Paths

Preventive Controls

Prevent web server failure Understanding of cause is essential Controlling the cause threat

prevents the higher-order threat

Either UPS (responsive) or upgraded power supply (preventive)

controling the power outage threat will prevent web server failure (some of the time)

Understanding threat paths is useful when planning preventive controls.

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 11 / 46

slide-18
SLIDE 18

Threat Identification Threat Paths

Preventive Controls

Prevent web server failure Understanding of cause is essential Controlling the cause threat

prevents the higher-order threat

Either UPS (responsive) or upgraded power supply (preventive)

controling the power outage threat will prevent web server failure (some of the time)

Understanding threat paths is useful when planning preventive controls.

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 11 / 46

slide-19
SLIDE 19

Threat Identification Threat Paths

Preventive Controls

Prevent web server failure Understanding of cause is essential Controlling the cause threat

prevents the higher-order threat

Either UPS (responsive) or upgraded power supply (preventive)

controling the power outage threat will prevent web server failure (some of the time)

Understanding threat paths is useful when planning preventive controls.

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 11 / 46

slide-20
SLIDE 20

Threat Identification Threat Paths

Threat Paths and Impacts

Examples

Port Scanning Attacks (root threat)

fascilitates break-in attacks (secondary threat)

Credit Card Numbers compromised (confidentiality) root threat

fascilitates Impersonation Attacks (Integrity) secondary threat

Virus (Integrity) root threat

fascilitiates other attacks (any type) secondary threat

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 12 / 46

slide-21
SLIDE 21

Threat Identification Threat Paths

Threat Paths and Impacts

Examples

Port Scanning Attacks (root threat)

fascilitates break-in attacks (secondary threat)

Credit Card Numbers compromised (confidentiality) root threat

fascilitates Impersonation Attacks (Integrity) secondary threat

Virus (Integrity) root threat

fascilitiates other attacks (any type) secondary threat

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 12 / 46

slide-22
SLIDE 22

Threat Identification Threat Paths

Threat Paths and Impacts

Examples

Port Scanning Attacks (root threat)

fascilitates break-in attacks (secondary threat)

Credit Card Numbers compromised (confidentiality) root threat

fascilitates Impersonation Attacks (Integrity) secondary threat

Virus (Integrity) root threat

fascilitiates other attacks (any type) secondary threat

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 12 / 46

slide-23
SLIDE 23

Threat Identification Approach

Outline

1

Threat Identification Threat Classification Threat Paths Approach

2

Threat Sources

3

Vulnerability Identification

4

Closure

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 13 / 46

slide-24
SLIDE 24

Threat Identification Approach

Brain Storm from all Directions

Use different approaches and thought processes to cover as many threats as possible. Who are your enemies?

what do they want to do? what can they do? (penetration testing)

What has happened in the past?

to yourself to others

What is your great fears?

how could it come about?

What could happen?

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 14 / 46

slide-25
SLIDE 25

Threat Identification Approach

Brain Storm from all Directions

Use different approaches and thought processes to cover as many threats as possible. Who are your enemies?

what do they want to do? what can they do? (penetration testing)

What has happened in the past?

to yourself to others

What is your great fears?

how could it come about?

What could happen?

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 14 / 46

slide-26
SLIDE 26

Threat Identification Approach

Brain Storm from all Directions

Use different approaches and thought processes to cover as many threats as possible. Who are your enemies?

what do they want to do? what can they do? (penetration testing)

What has happened in the past?

to yourself to others

What is your great fears?

how could it come about?

What could happen?

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 14 / 46

slide-27
SLIDE 27

Threat Identification Approach

Brain Storm from all Directions

Use different approaches and thought processes to cover as many threats as possible. Who are your enemies?

what do they want to do? what can they do? (penetration testing)

What has happened in the past?

to yourself to others

What is your great fears?

how could it come about?

What could happen?

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 14 / 46

slide-28
SLIDE 28

Threat Identification Approach

Brain Storm from all Directions

Use different approaches and thought processes to cover as many threats as possible. Who are your enemies?

what do they want to do? what can they do? (penetration testing)

What has happened in the past?

to yourself to others

What is your great fears?

how could it come about?

What could happen?

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 14 / 46

slide-29
SLIDE 29

Threat Identification Approach

Brain Storm from all Directions

Use different approaches and thought processes to cover as many threats as possible. Who are your enemies?

what do they want to do? what can they do? (penetration testing)

What has happened in the past?

to yourself to others

What is your great fears?

how could it come about?

What could happen?

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 14 / 46

slide-30
SLIDE 30

Threat Identification Approach

Qualitative and Quantitative Approaches

Quantitiative approaches (e.g. FAIR)

measure and quantify issues prioritise mathematically

Detail required to measure Qualititative approaches (e.g. ISO 27005)

identify all problems no accurate assessment of severity

If you start the quantitative approaches to early

many threats will slip through

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 15 / 46

slide-31
SLIDE 31

Threat Identification Approach

Qualitative and Quantitative Approaches

Quantitiative approaches (e.g. FAIR)

measure and quantify issues prioritise mathematically

Detail required to measure Qualititative approaches (e.g. ISO 27005)

identify all problems no accurate assessment of severity

If you start the quantitative approaches to early

many threats will slip through

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 15 / 46

slide-32
SLIDE 32

Threat Identification Approach

Qualitative and Quantitative Approaches

Quantitiative approaches (e.g. FAIR)

measure and quantify issues prioritise mathematically

Detail required to measure Qualititative approaches (e.g. ISO 27005)

identify all problems no accurate assessment of severity

If you start the quantitative approaches to early

many threats will slip through

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 15 / 46

slide-33
SLIDE 33

Threat Identification Approach

Qualitative and Quantitative Approaches

Quantitiative approaches (e.g. FAIR)

measure and quantify issues prioritise mathematically

Detail required to measure Qualititative approaches (e.g. ISO 27005)

identify all problems no accurate assessment of severity

If you start the quantitative approaches to early

many threats will slip through

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 15 / 46

slide-34
SLIDE 34

Threat Sources

Outline

1

Threat Identification

2

Threat Sources WikiLeaks from Afghanistan The Stuxnet Worm The Seven Cybercriminal Families

3

Vulnerability Identification

4

Closure

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 16 / 46

slide-35
SLIDE 35

Threat Sources

What is a threat source?

Recap

Threat source or threat agent An entity with an intention and capability to cause impact

Sentient adversaries — potential attackers Honest users — making mistakes Nature and random events

There is a reason behind incidents

Enemies with an objective of their own Nature and its random events

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 17 / 46

slide-36
SLIDE 36

Threat Sources

Why do we identify threat sources?

Why do we need to identify the threat sources? When is the threat realised?

how often

Understand the nature of the threat

resourceful attackers or amateurs?

How will a preliminary attack be exploited?

blackmail? slander? further attacks?

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 18 / 46

slide-37
SLIDE 37

Threat Sources

Why do we identify threat sources?

Why do we need to identify the threat sources? When is the threat realised?

how often

Understand the nature of the threat

resourceful attackers or amateurs?

How will a preliminary attack be exploited?

blackmail? slander? further attacks?

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 18 / 46

slide-38
SLIDE 38

Threat Sources

Why do we identify threat sources?

Why do we need to identify the threat sources? When is the threat realised?

how often

Understand the nature of the threat

resourceful attackers or amateurs?

How will a preliminary attack be exploited?

blackmail? slander? further attacks?

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 18 / 46

slide-39
SLIDE 39

Threat Sources

Why do we identify threat sources?

Why do we need to identify the threat sources? When is the threat realised?

how often

Understand the nature of the threat

resourceful attackers or amateurs?

How will a preliminary attack be exploited?

blackmail? slander? further attacks?

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 18 / 46

slide-40
SLIDE 40

Threat Sources WikiLeaks from Afghanistan

Outline

1

Threat Identification

2

Threat Sources WikiLeaks from Afghanistan The Stuxnet Worm The Seven Cybercriminal Families

3

Vulnerability Identification

4

Closure

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 19 / 46

slide-41
SLIDE 41

Threat Sources WikiLeaks from Afghanistan

WikiLeaks

http://www.wikileaks.org/ 77 000 military, classified documents on the war in Afghanistan

late July 2010 lifted from the US military

leaks from Iraq October 2010

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 20 / 46

slide-42
SLIDE 42

Threat Sources WikiLeaks from Afghanistan

Assets

Confidential information

former informants

potential targets of retribution

future operations

allowing counter-operations

previous operations

leading to impact on goodwill and reputation

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 21 / 46

slide-43
SLIDE 43

Threat Sources WikiLeaks from Afghanistan

Assets

Confidential information

former informants

potential targets of retribution

future operations

allowing counter-operations

previous operations

leading to impact on goodwill and reputation

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 21 / 46

slide-44
SLIDE 44

Threat Sources WikiLeaks from Afghanistan

Assets

Confidential information

former informants

potential targets of retribution

future operations

allowing counter-operations

previous operations

leading to impact on goodwill and reputation

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 21 / 46

slide-45
SLIDE 45

Threat Sources WikiLeaks from Afghanistan

Assets

Confidential information

former informants

potential targets of retribution

future operations

allowing counter-operations

previous operations

leading to impact on goodwill and reputation

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 21 / 46

slide-46
SLIDE 46

Threat Sources WikiLeaks from Afghanistan

Assets

Confidential information

former informants

potential targets of retribution

future operations

allowing counter-operations

previous operations

leading to impact on goodwill and reputation

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 21 / 46

slide-47
SLIDE 47

Threat Sources WikiLeaks from Afghanistan

Assets

Confidential information

former informants

potential targets of retribution

future operations

allowing counter-operations

previous operations

leading to impact on goodwill and reputation

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 21 / 46

slide-48
SLIDE 48

Threat Sources WikiLeaks from Afghanistan

Assets

Confidential information

former informants

potential targets of retribution

future operations

allowing counter-operations

previous operations

leading to impact on goodwill and reputation

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 21 / 46

slide-49
SLIDE 49

Threat Sources WikiLeaks from Afghanistan

Assets

Confidential information

former informants

potential targets of retribution

future operations

allowing counter-operations

previous operations

leading to impact on goodwill and reputation

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 21 / 46

slide-50
SLIDE 50

Threat Sources WikiLeaks from Afghanistan

Relevant Threat Sources

Taliban and other insurgent organisation

military use of the information

Freedom of Information Movements

champions of the public right to information

Anti-War Movements

aiming to swing the public opinion about the war

Other military and political enemies of the state

damage the state’s military capability

Who is the actual threat source?

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 22 / 46

slide-51
SLIDE 51

Threat Sources WikiLeaks from Afghanistan

Relevant Threat Sources

Taliban and other insurgent organisation

military use of the information

Freedom of Information Movements

champions of the public right to information

Anti-War Movements

aiming to swing the public opinion about the war

Other military and political enemies of the state

damage the state’s military capability

Who is the actual threat source?

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 22 / 46

slide-52
SLIDE 52

Threat Sources WikiLeaks from Afghanistan

Relevant Threat Sources

Taliban and other insurgent organisation

military use of the information

Freedom of Information Movements

champions of the public right to information

Anti-War Movements

aiming to swing the public opinion about the war

Other military and political enemies of the state

damage the state’s military capability

Who is the actual threat source?

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 22 / 46

slide-53
SLIDE 53

Threat Sources WikiLeaks from Afghanistan

Relevant Threat Sources

Taliban and other insurgent organisation

military use of the information

Freedom of Information Movements

champions of the public right to information

Anti-War Movements

aiming to swing the public opinion about the war

Other military and political enemies of the state

damage the state’s military capability

Who is the actual threat source?

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 22 / 46

slide-54
SLIDE 54

Threat Sources WikiLeaks from Afghanistan

Relevant Threat Sources

Taliban and other insurgent organisation

military use of the information

Freedom of Information Movements

champions of the public right to information

Anti-War Movements

aiming to swing the public opinion about the war

Other military and political enemies of the state

damage the state’s military capability

Who is the actual threat source?

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 22 / 46

slide-55
SLIDE 55

Threat Sources WikiLeaks from Afghanistan

Relevant Threat Sources

Taliban and other insurgent organisation

military use of the information

Freedom of Information Movements

champions of the public right to information

Anti-War Movements

aiming to swing the public opinion about the war

Other military and political enemies of the state

damage the state’s military capability

Who is the actual threat source?

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 22 / 46

slide-56
SLIDE 56

Threat Sources WikiLeaks from Afghanistan

Relevant Threat Sources

Taliban and other insurgent organisation

military use of the information

Freedom of Information Movements

champions of the public right to information

Anti-War Movements

aiming to swing the public opinion about the war

Other military and political enemies of the state

damage the state’s military capability

Who is the actual threat source?

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 22 / 46

slide-57
SLIDE 57

Threat Sources WikiLeaks from Afghanistan

Relevant Threat Sources

Taliban and other insurgent organisation

military use of the information

Freedom of Information Movements

champions of the public right to information

Anti-War Movements

aiming to swing the public opinion about the war

Other military and political enemies of the state

damage the state’s military capability

Who is the actual threat source?

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 22 / 46

slide-58
SLIDE 58

Threat Sources WikiLeaks from Afghanistan

Relevant Threat Sources

Taliban and other insurgent organisation

military use of the information

Freedom of Information Movements

champions of the public right to information

Anti-War Movements

aiming to swing the public opinion about the war

Other military and political enemies of the state

damage the state’s military capability

Who is the actual threat source?

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 22 / 46

slide-59
SLIDE 59

Threat Sources WikiLeaks from Afghanistan

Relevant Threat Sources

Taliban and other insurgent organisation

military use of the information

Freedom of Information Movements

champions of the public right to information

Anti-War Movements

aiming to swing the public opinion about the war

Other military and political enemies of the state

damage the state’s military capability

Who is the actual threat source?

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 22 / 46

slide-60
SLIDE 60

Threat Sources WikiLeaks from Afghanistan

Relevant Threat Sources

Taliban and other insurgent organisation

military use of the information

Freedom of Information Movements

champions of the public right to information

Anti-War Movements

aiming to swing the public opinion about the war

Other military and political enemies of the state

damage the state’s military capability

Who is the actual threat source?

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 22 / 46

slide-61
SLIDE 61

Threat Sources WikiLeaks from Afghanistan

Vulnerabilities

Staff with an agenda Extensive records in compact format

walk out with an encyclopedia on a keyring

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 23 / 46

slide-62
SLIDE 62

Threat Sources WikiLeaks from Afghanistan

Vulnerabilities

Staff with an agenda Extensive records in compact format

walk out with an encyclopedia on a keyring

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 23 / 46

slide-63
SLIDE 63

Threat Sources WikiLeaks from Afghanistan

Vulnerabilities

Staff with an agenda Extensive records in compact format

walk out with an encyclopedia on a keyring

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 23 / 46

slide-64
SLIDE 64

Threat Sources The Stuxnet Worm

Outline

1

Threat Identification

2

Threat Sources WikiLeaks from Afghanistan The Stuxnet Worm The Seven Cybercriminal Families

3

Vulnerability Identification

4

Closure

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 24 / 46

slide-65
SLIDE 65

Threat Sources The Stuxnet Worm

The Stuxnet Worm

Targets industrial control systems

specific types of computers from Siemens

Malware, able to override the controls

Chemical plants Power plants Power grids

Exploits four previously unknown vulnerabilities

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 25 / 46

slide-66
SLIDE 66

Threat Sources The Stuxnet Worm

What is a worm?

Malware — Malicious Software Standalone programs

do not modify other programs (as viruses do)

Usually spreads over the network

network congestion is a common impact

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 26 / 46

slide-67
SLIDE 67

Threat Sources The Stuxnet Worm

The attack on Iran

60% of infections in Iran The Nuclear Plant in Bushehr

compromised Iran will not reveal the extent of damage seems to have delayed the opening of the plant

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 27 / 46

slide-68
SLIDE 68

Threat Sources The Stuxnet Worm

Who is the attack source?

This would require a lot of resources on the level of a nation state. Gadi Evron, Israeli cybersecurity strategist The known enemies — preventing nuclear development

USA and Israel

China — as a testrun of new cyberwarfare technology Are there private organisations with the capability? We do not know what the source is

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 28 / 46

slide-69
SLIDE 69

Threat Sources The Stuxnet Worm

Who is the attack source?

This would require a lot of resources on the level of a nation state. Gadi Evron, Israeli cybersecurity strategist The known enemies — preventing nuclear development

USA and Israel

China — as a testrun of new cyberwarfare technology Are there private organisations with the capability? We do not know what the source is

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 28 / 46

slide-70
SLIDE 70

Threat Sources The Stuxnet Worm

Who is the attack source?

This would require a lot of resources on the level of a nation state. Gadi Evron, Israeli cybersecurity strategist The known enemies — preventing nuclear development

USA and Israel

China — as a testrun of new cyberwarfare technology Are there private organisations with the capability? We do not know what the source is

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 28 / 46

slide-71
SLIDE 71

Threat Sources The Stuxnet Worm

Who is the attack source?

This would require a lot of resources on the level of a nation state. Gadi Evron, Israeli cybersecurity strategist The known enemies — preventing nuclear development

USA and Israel

China — as a testrun of new cyberwarfare technology Are there private organisations with the capability? We do not know what the source is

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 28 / 46

slide-72
SLIDE 72

Threat Sources The Stuxnet Worm

Who is the attack source?

This would require a lot of resources on the level of a nation state. Gadi Evron, Israeli cybersecurity strategist The known enemies — preventing nuclear development

USA and Israel

China — as a testrun of new cyberwarfare technology Are there private organisations with the capability? We do not know what the source is

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 28 / 46

slide-73
SLIDE 73

Threat Sources The Seven Cybercriminal Families

Outline

1

Threat Identification

2

Threat Sources WikiLeaks from Afghanistan The Stuxnet Worm The Seven Cybercriminal Families

3

Vulnerability Identification

4

Closure

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 29 / 46

slide-74
SLIDE 74

Threat Sources The Seven Cybercriminal Families

A viewpoint from Law Enforcement

  • Dr. David Benichou at WIFS’09 in London

French juge investigatoire Special advisor to the Minstry of Justice PhD in Computer Sciences

Model based on field experience

more than 1000 cases Qualitative rather than quantitative

Real-life, rather than academic view

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 30 / 46

slide-75
SLIDE 75

Threat Sources The Seven Cybercriminal Families

The seven families of cybercrime

Seven classes of threat sources (graphics c David Bénichou)

Empirical distribution of attack profiles

50 100 kiddies hackers avengers LP cyberterro bandits spies population dangerousness Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 31 / 46

slide-76
SLIDE 76

Threat Sources The Seven Cybercriminal Families

The seven families of cybercrime

Adolescent amateurs

script kiddies hackers

Amateurs with a goal

avengers legal persons

Resourceful professionals

Organised crime Terrorists Spies

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 32 / 46

slide-77
SLIDE 77

Threat Sources The Seven Cybercriminal Families

The big majority

Script Kiddies Clueless amateurs Use scripts created by others Trying hacks for fun No understanding of the techniques used Hackers Technically adept Obscure motivations

challenge, learning, experience

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 33 / 46

slide-78
SLIDE 78

Threat Sources The Seven Cybercriminal Families

Masked Avengers

Grown up individuals

with a score to settle

Obvious motivation

relatively easy to unmask

e.g. a disgruntled employee with a desire to punish the company e.g. Mr/Mrs average dragging an ex-lover down in the mud

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 34 / 46

slide-79
SLIDE 79

Threat Sources The Seven Cybercriminal Families

Masked Avengers

Grown up individuals

with a score to settle

Obvious motivation

relatively easy to unmask

e.g. a disgruntled employee with a desire to punish the company e.g. Mr/Mrs average dragging an ex-lover down in the mud

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 34 / 46

slide-80
SLIDE 80

Threat Sources The Seven Cybercriminal Families

Masked Avengers

Grown up individuals

with a score to settle

Obvious motivation

relatively easy to unmask

e.g. a disgruntled employee with a desire to punish the company e.g. Mr/Mrs average dragging an ex-lover down in the mud

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 34 / 46

slide-81
SLIDE 81

Threat Sources The Seven Cybercriminal Families

Masked Avengers

Grown up individuals

with a score to settle

Obvious motivation

relatively easy to unmask

e.g. a disgruntled employee with a desire to punish the company e.g. Mr/Mrs average dragging an ex-lover down in the mud

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 34 / 46

slide-82
SLIDE 82

Threat Sources The Seven Cybercriminal Families

Masked Avengers

Grown up individuals

with a score to settle

Obvious motivation

relatively easy to unmask

e.g. a disgruntled employee with a desire to punish the company e.g. Mr/Mrs average dragging an ex-lover down in the mud

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 34 / 46

slide-83
SLIDE 83

Threat Sources The Seven Cybercriminal Families

Masked Avengers

Grown up individuals

with a score to settle

Obvious motivation

relatively easy to unmask

e.g. a disgruntled employee with a desire to punish the company e.g. Mr/Mrs average dragging an ex-lover down in the mud

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 34 / 46

slide-84
SLIDE 84

Threat Sources The Seven Cybercriminal Families

Legal Persons

Financial motives

unfair competition trade secrets

Highly skilled Easy to identify — the motive is a give-away

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 35 / 46

slide-85
SLIDE 85

Threat Sources The Seven Cybercriminal Families

The big and resourceful

Spies, organised crime, and terrorists

Different motivations

political (spies) financial (organised crime) ideological (terrorists)

All are resourceful, with solid backing

few have resources on this scale the resources make serious impact possible

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 36 / 46

slide-86
SLIDE 86

Threat Sources The Seven Cybercriminal Families

The rare and serious agents

Terrorists Spies Organised Crime Backed with considerable resources

money, manpower, information, backup

Different objectives

Ideology — Terrorists Politics — Spies Money — Organised Crime

Similar dedication

professionalism and clear objectives

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 37 / 46

slide-87
SLIDE 87

Threat Sources The Seven Cybercriminal Families

The rare and serious agents

Terrorists Spies Organised Crime Backed with considerable resources

money, manpower, information, backup

Different objectives

Ideology — Terrorists Politics — Spies Money — Organised Crime

Similar dedication

professionalism and clear objectives

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 37 / 46

slide-88
SLIDE 88

Threat Sources The Seven Cybercriminal Families

The rare and serious agents

Terrorists Spies Organised Crime Backed with considerable resources

money, manpower, information, backup

Different objectives

Ideology — Terrorists Politics — Spies Money — Organised Crime

Similar dedication

professionalism and clear objectives

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 37 / 46

slide-89
SLIDE 89

Threat Sources The Seven Cybercriminal Families

The rare and serious agents

Terrorists Spies Organised Crime Backed with considerable resources

money, manpower, information, backup

Different objectives

Ideology — Terrorists Politics — Spies Money — Organised Crime

Similar dedication

professionalism and clear objectives

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 37 / 46

slide-90
SLIDE 90

Threat Sources The Seven Cybercriminal Families

The rare and serious agents

Terrorists Spies Organised Crime Backed with considerable resources

money, manpower, information, backup

Different objectives

Ideology — Terrorists Politics — Spies Money — Organised Crime

Similar dedication

professionalism and clear objectives

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 37 / 46

slide-91
SLIDE 91

Threat Sources The Seven Cybercriminal Families

The rare and serious agents

Terrorists Spies Organised Crime Backed with considerable resources

money, manpower, information, backup

Different objectives

Ideology — Terrorists Politics — Spies Money — Organised Crime

Similar dedication

professionalism and clear objectives

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 37 / 46

slide-92
SLIDE 92

Threat Sources The Seven Cybercriminal Families

The rare and serious agents

Terrorists Spies Organised Crime Backed with considerable resources

money, manpower, information, backup

Different objectives

Ideology — Terrorists Politics — Spies Money — Organised Crime

Similar dedication

professionalism and clear objectives

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 37 / 46

slide-93
SLIDE 93

Threat Sources The Seven Cybercriminal Families

The rare and serious agents

Terrorists Spies Organised Crime Backed with considerable resources

money, manpower, information, backup

Different objectives

Ideology — Terrorists Politics — Spies Money — Organised Crime

Similar dedication

professionalism and clear objectives

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 37 / 46

slide-94
SLIDE 94

Threat Sources The Seven Cybercriminal Families

Risk Analysis

How does each family affect your risk analysis? Script Kiddies Hackers Avengers Legal Persons Terrorists Spies Organised Crime

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 38 / 46

slide-95
SLIDE 95

Vulnerability Identification

Outline

1

Threat Identification

2

Threat Sources

3

Vulnerability Identification

4

Closure

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 39 / 46

slide-96
SLIDE 96

Vulnerability Identification

Vulnerability Identification

ISO 27005:2008

Input lists of known threats assets existing controls Output a list of vulnerabilities in relation to assets, threats, and controls a list of vulnerabilities not related to any identified threat Action Identify vulnerabilities that could be exploited by the threats

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 40 / 46

slide-97
SLIDE 97

Vulnerability Identification

Areas of vulnerabilities

ISO 27005:2008

Organisation Processes and procedures Management routines Personnel Physical environment Information system configuration Hardware, software or communications equipment Dependence on external parties

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 41 / 46

slide-98
SLIDE 98

Vulnerability Identification

Vulnerabilities and Known Threats

For each threat identified Which assets are under threat? What vulnerabilities can it exploit

How?

What could be the attack What controls do we have? Resort the list, listing each vulnerability with all its associated threats

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 42 / 46

slide-99
SLIDE 99

Vulnerability Identification

Vulnerabilities and Known Threats

For each threat identified Which assets are under threat? What vulnerabilities can it exploit

How?

What could be the attack What controls do we have? Resort the list, listing each vulnerability with all its associated threats

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 42 / 46

slide-100
SLIDE 100

Vulnerability Identification

Vulnerabilities and Known Threats

For each threat identified Which assets are under threat? What vulnerabilities can it exploit

How?

What could be the attack What controls do we have? Resort the list, listing each vulnerability with all its associated threats

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 42 / 46

slide-101
SLIDE 101

Vulnerability Identification

Vulnerabilities and Known Threats

For each threat identified Which assets are under threat? What vulnerabilities can it exploit

How?

What could be the attack What controls do we have? Resort the list, listing each vulnerability with all its associated threats

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 42 / 46

slide-102
SLIDE 102

Vulnerability Identification

Vulnerabilities and Known Threats

For each threat identified Which assets are under threat? What vulnerabilities can it exploit

How?

What could be the attack What controls do we have? Resort the list, listing each vulnerability with all its associated threats

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 42 / 46

slide-103
SLIDE 103

Vulnerability Identification

Vulnerabilities and Known Threats

For each threat identified Which assets are under threat? What vulnerabilities can it exploit

How?

What could be the attack What controls do we have? Resort the list, listing each vulnerability with all its associated threats

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 42 / 46

slide-104
SLIDE 104

Vulnerability Identification

Vulnerabilities without Threat

Is there a problem? No risk – at the moment Threat is needed to exploit it Yet, should be recognised and monitored

it may change over time we may have forgotten a threat

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 43 / 46

slide-105
SLIDE 105

Vulnerability Identification

Vulnerabilities without Threat

Is there a problem? No risk – at the moment Threat is needed to exploit it Yet, should be recognised and monitored

it may change over time we may have forgotten a threat

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 43 / 46

slide-106
SLIDE 106

Closure

Outline

1

Threat Identification

2

Threat Sources

3

Vulnerability Identification

4

Closure

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 44 / 46

slide-107
SLIDE 107

Closure

Exercise 5

Review NIST SP800-53 http://csrc.nist.gov/publications/nistpubs/ 800-53-Rev2/sp800-53-rev2-final.pdf Prepare a list, with short explanations, of the main types of controls. Additionally (not to be handed in)

1

Be ready to discuss the different types of information security controls in class.

2

read the following week’s exercise “Protecting the Forest”

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 45 / 46

slide-108
SLIDE 108

Closure

Summary

Effective risk analysis requires structured review of

threats vulnerabilities

For threats we need to understand

source cause effect

No immediate risk from

threats without vulnerabilites vulnerabilities without threat

ISO 27005 provides the framework

Dr Hans Georg Schaathun Threats, Threat Agents, and Vulnerabilities Autumn 2010 – Week 5 46 / 46