Cyber Security e infrastrutture critiche
Attivitā reattive e proattive per infrastrutture critiche
Giuseppe Santucci - La Sapienza - Universitā di Roma
Sommario
(PDF in lingua inglese)
Standards for Cyber Security
Basic activities
Common questions
Common issues
Claims
Standards for Cyber Security
- Common Criteria
- Framework (NIST & Nazionale) per la Cyber Security e la Data Protection
- Italian CIS National Cybersecurity Framework
- EU Cybersecurity Act
-- Security assessment
-- Security by design
-- Best practices
Pragmatically
Unless you are starting from scratch, you are dealing with an existing infrastructure, based on a network of IT devices
And you are dealing with Cybersecurity issues
- Environmental risks
- Ethics
- Data privacy
- Business continuity
Basic activities
One needed step is to take a picture of your data
- Network
- Business
- Relationships among business activities and devices
- Weakness
The focus of this talk is on weakness
Why weakness ?
- To date, hundreds of thousands known and cataloged cyber vulnerabilities exist
- Documented in the American NVD (National Vulnerability Database) CVE (Common Vulnerabilities and Exposures)
- Together with a severity score (CVSS) ranging between 0 and 10 (plus several subscores)
- Known by both defenders and attackers
A very simple idea (neglecting the details)
It is very likely that attackers will use your weaknesses !
It is a good idea analyze them and prepare some countermeasures to:
- Reduce the weaknesses
- Be ready to defend yourselves
Very complex in real cases
- A network of computers is affected by hundreds/thousands of vulnerabilities
- And attacks are typically composed by a sequence of steps
- Multistep attack
- Common Criteria
- Framework (NIST & Nazionale) per la Cyber Security e la Data Protection
- Italian CIS National Cybersecurity Framework
- EU Cybersecurity Act
-- Security assessment
-- Security by design
-- Best practices
Pragmatically
Unless you are starting from scratch, you are dealing with an existing infrastructure, based on a network of IT devices
And you are dealing with Cybersecurity issues
- Environmental risks
- Ethics
- Data privacy
- Business continuity
Basic activities
One needed step is to take a picture of your data
- Network
- Business
- Relationships among business activities and devices
- Weakness
The focus of this talk is on weakness
Why weakness ?
- To date, hundreds of thousands known and cataloged cyber vulnerabilities exist
- Documented in the American NVD (National Vulnerability Database) CVE (Common Vulnerabilities and Exposures)
- Together with a severity score (CVSS) ranging between 0 and 10 (plus several subscores)
- Known by both defenders and attackers
A very simple idea (neglecting the details)
It is very likely that attackers will use your weaknesses !
It is a good idea analyze them and prepare some countermeasures to:
- Reduce the weaknesses
- Be ready to defend yourselves
Very complex in real cases
- A network of computers is affected by hundreds/thousands of vulnerabilities
- And attacks are typically composed by a sequence of steps
- Multistep attack
Video
Leggi tutto
Fonte: mcT Cyber Security novembre 2022 Industrial Cyber security e 4.0: dalla convergenza OT / IT alle soluzioni per le infrastrutture critiche
Mercati: Sicurezza industriale
Parole chiave: Cyber security, OT Operational technology
- Matteo Marconi