CET324 - Advanced Cybersecurity

Threats and Strategy

1
 Objectives
• Review the threat landscape
• To introduce the UK Cybersecurity strategy
• To discuss the government’s approach to
cybersecurity
• To consider the societal impact of
cybersecurity

2
 Introduction to Cyber Security Policies
and Procedures
• Principle of least privilege
1. Grant access only to those who need it
2. Grant as little access as possible
3. Grant it only for as long as needed

• Principle of separation of risk

1. Removal of important elements from close proximity – avoids
cascade
2. Separate application, host, network and business risk
3. Separate one application’s risk from another’s
4. Separate multiple systems risks

3
 Introduction to Cyber Security Policies
and Procedures

• Defence in Depth
1. Firewall, IDS, Access Control, File System

• Secrecy

• Kerckhoff’s principle
1. the security of a mechanism should not be
dependent on the secrecy of the mechanism

4
Agencies Involved in UK Cybersecurity

5
 Threat Landscape
What cyber threats can you identify?

Examples:
• Advanced persistent threats
• Cyber crime (dependent and enabled)
• Hactivism
• Insider threats
• Nuisance threats

6
 Advanced Persistent Threats
• Attack profile
– targeted, organised and funded attacks potentially
associated to Nation State sponsorship or other powerful
entities
• Primary Objectives
– typically medium to long term; exfiltration of intellectual
property for purposes of eliminating years of R&D,
competitive economic and/or nation state advantage
• Attack methods
– social engineering, spear phishing, drive-by download
attacks, espionage, focused perimeter breaches 7
 Cyber Crime
• Attack profile
– opportunistic, broad-based, often motivated by financial
gain
• Primary Objectives
– typically short term; identity theft, credit card fraud,
extortion, botnet creation & management
• Attack methods
– phishing attacks, hosting malware on legitimate websites,
SPAM related attacks, cyber extortion techniques

8
 Hactivism
• Attack profile
– organised attacks associated to group of individuals with
political, ethical, religious, or retaliatory motives
• Primary objectives
– typically short term; cause havoc & chaos, disrupt operations,
discredit and malign via disclosure of sensitive information
• Attack methods
– distributed denial of service attacks (DDOS), traditional
hacking techniques, spear phishing

9
 Insider Threats
• Attack profile
– legitimate internal user with hidden malicious intentions
• masqueraders (those who operate under the identity of another user)
• clandestine users (those who evade access controls and auditing)
• misfeasors (those who have legitimate authorisation but misuse their privileges)

• Primary objectives
– short to long term; compromise of sensitive information, destruction,
revenge, espionage, harassment
• Attack methods
– access via legitimate credentials and privileges, data exfiltration, physical
and logical sabotage, surveillance

10
 Nuisance Threats
• Attack profile
– unskilled attackers, scanners & crawlers, SPAM,
worms/viruses, basic malware
• Primary objectives
– often unknown or irrelevant; recognition& status,
reconnaissance, financial
• Attack methods
– automated scanners, public exploit kits, generic SPAM
email, propagating worms/viruses, adware, scareware

11
 Quick break

• Overview of threats: https://www.ncsc.gov.uk/threats

12
 National Concern and Steps
• National security threat
– A number of countries including the United States, Russia,
Japan, Kenya, European Union countries have declared the
issue of cyber security, and specifically cyber attacks against
their governments and citizens as a national security threat
• Outcome
– As a result they have developed national cybersecurity
strategies or initiatives
– Such cyber security initiatives and strategies normally outline
the country’s primary goals, concerns, set of principles or
norms, and actions to be taken related to cybersecurity
– In many of the national strategies there has been the creation
of new agencies to deal with cyber security domestically 13
 National Concern and Steps
• Other strategies have tried to embed cybersecurity into the role of
already existing agencies, such as law enforcement, military,
defense and foreign affairs ministries.

• Cyber security initiatives, such as the United States’ also support

the development of public-private partnerships (PPPs) between
government agencies and private sector companies
– E.g., Internet Service Providers (ISPs), critical infrastructure owners, and
technical companies around implementing cybersecurity measures across
sectors.
14
 UK Cyber Security Strategy 2016-2021
• Vision for 2021 is that “the UK is secure and resilient to cyber
threats, prosperous and confident in the digital world”.
• To realise this vision seek to achieve the following objectives:

Defend Deter

Develop

Source: https://www.gov.uk/government/publications/national-cyber-security-strategy-2016-to-2021

Highlights of cyberUK strategy 2017: https://www.ncsc.gov.uk/information/cyberuk-strategy-2017

Highlights from Annual review of 2018: https://www.ncsc.gov.uk/ 15
 South African Example
• Suggested in literature and reports that the majority of Africans have little
awareness and understanding of cybersecurity.
• In South Africa the South African government approved the National
Cybersecurity Policy Framework (NCPF) in 2012.
• The NCPF aims to create a secure and reliable cyber environment,
protecting IT/IS as well as raising public awareness of cybersecurity issues.
• However, cybercrime remains largely unregulated by government agencies
in South Africa despite the cybersecurity framework.
• In addition its is suggested that business needs to do much more tackle
cybercrime.  
• The establishment of structures to implement the NCPF is ongoing and will
require the cooperation of multiple stakeholders to succeed.
• There is debate as to whether enough urgency is being given to implement
the NCPF, and there is lack of political will to move forward
16
 Cybersecurity in Organisations
• Cybersecurity Responsibility in Organisations
– Who has responsibility for Cyber security in the
organisation? CISO, CIO, CEO, or another role ??

– Is there a Cybersecurity committee at Board level ?

– Is there a robust cybersecurity policy in the
organisation ?

17
 Cyber Security in Organisations
Cybersecurity Actions in Organisations
• Ensure that there are clear processes and procedure to:
– Define the cybersecurity environment, including risks,
threats and implications of breaches.
– Detect when a breach of cybersecurity has happened –
including ways of identifying issues with policy and
implementation of policy
– Defend against potential threats and attacks – considering
appropriate layers of security
– Deter potential attackers and misusers – both from outside
the organisation and inside.
18
 Cyber Security in Organisations
• Training and Awareness of Employees
– Ensuring that there is a robust cybersecurity policy
in the organisation
– Ensuring that all staff are trained (and aware) of
threats from cybersecurity
– Raising awareness of the threat from social
engineering

19
 Summary
• Organisations and individuals face many cyber
threats from many different directions
• Need to raise awareness of threats
• Strategic approach to addressing issues
• However ………..

20
 Lab session – Identification of Threats
• How can we prepare for threats / attacks / breaches?
• How do we know what to defend against?
• Task
– In groups put together a strategy for identifying current and
future threats.
– Consider action plan for addressing these threats.
– Consider a business model for providing a service which
offers warnings (include who to warn) about cyber threats.
– Produce an executive summary 200 word max!

21