third Cyber Security Assessment Netherlands - NCSC

More documents

Recommendations

Info

9.6 The resilience of ICS Security of ICS has not had the same attention in recent years as security in standard IT and is therefore still in its infancy. The ICS world has its own culture with an often conservative technical set up, where attention on security is not self-evident. [227] This also includes human and organisational factors such as insufficient awareness, the lack of ownership and insufficient direction in terms of security requirements being given to parties that may be brought in. However the problem of resilience does not just concern existing systems. Security risks as an integrated element of lifecycle management also need to be considered when developing new ICSs. When designing, implementing and managing ICSs, no direct account is taken of security risks because there is a lack of security by design. For example, the user’s identity (authentication) and what this user has access to (authorisation) are not always checked, because these are not standard functions in ICSs. It is therefore easy to manipulate controls. Because ICSs have a long lifecycle (approximately 10-30 years), legacy system components and operating systems are often still in use. The problem with this is that at a certain point support from the manufacturer will be withdrawn. While specific ICS elements have long-term support, this is often not the case for generic IT tools. Take for example Windows XP, which is still often used in ICSs. On 8 April 2014, Microsoft will end support for this operating system, which means new security leaks will no longer be plugged. Not always harmful Cyber incidents can happen at various places in ICSs. This also influences the type and scope of the impact. Manipulating one element will have consequences beyond manipulating the various functions of a system. In addition, ‘supporting measures’ are often put in place to discover manipulation (at an early stage) and limit its effects. If only the control of a machine is manipulated, this will not necessarily result in harm. If the alert function works properly, the operator will be informed in good time and can intervene. However in addition to the control, the alarm and visualisation functions may be tampered with. Imagine a chemical factory where tanks with a capacity of 100 litres are filled with chemical substances. Filling normally stops when they are three quarters full. The system is now manipulated in such a way that filling does not stop, no alarm is triggered and neither can this be seen on the visualisation screen. Filling of the tank continues but on the monitor in the control room there is nothing wrong. The tank overflows and the room becomes filled with chemical vapours. If unsuspecting personnel now enter the room, there could be serious consequences for their health. ICS providers sometimes give no guarantee that the system will work correctly following migration to a new operating system, asset owners are reticent to roll our patches under the motto ‘if it ain’t broke don’t fix it’. In addition, it is not always possible and/or is very costly to halt processes to patch the control computers. Finally, providers do not always see the need to bring out patches for older components which means vulnerabilities are not resolved. 9.7 In conclusion CSAN-2 has established that the threats for ICSs have become more real compared with the period before then. Although no high-profile incidents came to light during the current reporting period, we cannot claim that the security status of ICSs has improved. Although there are certainly some organisations and providers that are heading in the right direction, the overall picture remains gloomy, particularly among the end-users and providers of smaller applications. The situation has remained the same or even worsened, this is just not immediately apparent. Vulnerabilities continue to increase, actors are becoming more interested but awareness appears not to growing in line with this. Measures need to be taken because digital incidents in vital sectors can have a major impact. « 227 The NCSC has published the factsheet ‘Check list security of ICS/SCADA systems’ with 15 points for securing ICSs and preventing incidents: https://www.ncsc.nl/dienstverlening/ expertise-advies/kennisdeling/factsheets/checklist-beveiliging-van-ics-scada-systemen.html 98
Appendix » 1 References [1: Blue Coat 2013] Blue Coat: 2013 Mobile Malware Report [2: CBP 2013] CBP: The CBP in 2012 (Dutch), http://www.cbpweb.nl/pages/jv_2012.aspx [3: CBS 2012] CBS: IT, knowledge and economy (Dutch) [4: CERT-AU 2012] CERT Australia: Cyber Crime & Security Survey Report 2012 [5: Cisco 2013] Cisco: 2013 Annual Security Report [6: Cisco 2011] Cisco Internet Business Solutions Group: The Internet of Things http://share.cisco.com/internet-of-things.html [7: CS 2013] comScore: 2013 Europe Digital Future in Focus http://www.marketingfacts.nl/images/uploads/2013_europe_digital_future_in_focus.pdf [8: Tokmetzis 2012] Dimitri Tokmetzis: The digital shadow (Dutch) http://www.unieboekspectrum.nl/boek/9789000306350/De-digitale-schaduw/ [9: Enisa 2012] Enisa: Smart Grid Security [10: E&Y 2012] Ernst & Young: Progressive technology: pitfall or goldmine? (Dutch) http://www.ey.com/Publication/vwLUAssets/Voortschrijdende_techniek_-_Valkuil_of_goudmijn/$FILE/ Voortschrijdende%20techniek%20-%20Valkuil%20of%20goudmijn.pdf [11: EC 2013-1] European Commission: Cyber security Strategy of the European Union: An Open, Safe and Secure Cyberspace [12: : EC 2013-1] European Commission: SPECIAL EUROBAROMETER 390 [13: FS 2013] F-Secure: Threat Report 2012 H2 http://www.f-secure.com/static/doc/labs_global/Research/Threat_Report_H2_2012.pdf [14: Google 2012] Google: Transparency Report, http://www.google.com/transparencyreport/ [15: IBM 2012] IBM: X-Force 2012 Mid-year Trend and Risk Report [16: IDC 2013] IDC: IDC Predictions 2013: Big Data Battle for Dominance in the Intelligent Economy http://event.lvl3.on24.com/event/54/34/13/rt/1/documents/slidepdf/wc20130108.pdf [17: IDC 2012] IDC: The Digital Universe in 2020: Big Data, Bigger Digital Shadows, and Biggest Growth in the Far East http://www.emc.com/collateral/analyst-reports/idc-the-digital-universe-in-2020.pdf [18: IGZ 2011] Healthcare Inspection: status of healthcare (Dutch) [19: IMGFK 2012] IntoMart GFK: Trends in the media (Dutch) http://www.intomartgfk.nl/imperia/md/content/intomart/12-12-13_pb_trends_in_de_media_v2.pdf [20: Koscher 2010] Karl Koscher et al: Experimental Security Analysis of a Modern Automobile [21: McAfee 2013-1] McAfee: Threats Report Q4 2012 http://www.mcafee.com/uk/resources/reports/rp-quarterly-threat-q4-2012.pdf 99
Page 1:
Cyber Security Assessment Netherlan
Page 4 and 5:
National Cyber Security Centre The
Page 7:
Contents Foreword 3 Summary 7 Intro
Page 10 and 11:
on governmental organisations and b
Page 12 and 13:
However, it is assumed that they ar
Page 15 and 16:
Introduction Information Technology
Page 17:
Core assessment 1 Interests 17 2 Th
Page 20 and 21:
1.2 Dependency IT dependency contin
Page 22 and 23:
Increased IT dependency in electric
Page 24 and 25:
on the internet such as an electric
Page 26 and 27:
approached or incited by states for
Page 28 and 29:
Actor Intentions Skills Targets Sta
Page 30 and 31:
get the script kiddies started. One
Page 32 and 33:
location’, there is no one single
Page 34 and 35:
Furthermore, business information c
Page 36 and 37:
environments often arise from the i
Page 38 and 39:
not only smart phones, tablets or c
Page 40 and 41:
5.3 Technology Norms, guidelines an
Page 42 and 43:
ACM seeks active collaboration with
Page 45 and 46:
Core assessment » 6 Manifestations
Page 47 and 48:
Core assessment » 6 Manifestations
Page 49 and 50: Core assessment » 6 Manifestations
Page 51 and 52: Core assessment » 6 Manifestations
Page 53: Core assessment » 6 Manifestations
Page 57 and 58: Detailed section » 1 Cyber crime
Page 59: Detailed section » 1 Cyber crime
Page 62 and 63: magnitude of digital espionage inci
Page 65 and 66: Detailed section » 3 Botnets 3 Bot
Page 67 and 68: Detailed section » 3 Botnets » Do
Page 69 and 70: Detailed section » 4 DDoS 4 DDoS
Page 71: Detailed section » 4 DDoS 4.3 Resi
Page 74 and 75: An attacker can abuse devices linke
Page 77 and 78: Detailed section » 6 Grip on infor
Page 79 and 80: Detailed section » 6 Grip on infor
Page 81 and 82: Detailed section » 7 Vulnerability
Page 91: Detailed section » 7 Vulnerability
Page 94 and 95: Leak in the Humannet website belong
Page 96 and 97: In 2012, ACM received a total of 14
Page 98 and 99: car park will not open. It is annoy
Page 102 and 103: 100 [22: McAfee 2013-2] McAfee: Thr
Page 104 and 105: 102
Page 106 and 107: Incidents Types of government incid
Page 108 and 109: Classification Classified data Clou
Page 110 and 111: Information Information security In
Page 112 and 113: Spoofing/IP spoofing SQL injection
Page 114: 112
show all

third Cyber Security Assessment Netherlands - NCSC

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?