NCS KEMA MIT CIP Cyber Security

Public Channel / NCS POV

NERC CIP and Cyber Security Consortium work with MIT

Share on Social Networks

Share Link

Use permanent link to share in social media

Share with a friend

Please login to send this presentation by email!

Embed in your website

Select page to start with

Post comment with email address (confirmation of email is required in order to publish comment on website) or please login to post comment

7. © 2017 MIT, NKSoft & KEMA Consulting, Inc. All rights reserved. Initial Research Project Areas 1. Determining the Barriers to, and Incentives for, adoption of the Cybersecurity Framework. 2. Developing strategies to increase adoption by the C- Suite, in each Critical Infrastructure sector. 3. Models linking Cyber-Risk to: delivering goods and services, & financial & reputational costs. 4. Atomic Models & Network Architectures for interconnected Control Systems’ survivability, and Supply Chain resiliency. 5. Determining the Barriers to, and strategies for creating a Cybersecurity Culture. Page | 7

12. © 2017 MIT, NKSoft & KEMA Consulting, Inc. All rights reserved. Applying Past and On-going MIT Research to Improving Cybersecurity of Critical Infrastructure MIT and NKSoft Cyber Security Consortium Page | 12

23. © 2017 MIT, NKSoft & KEMA Consulting, Inc. All rights reserved. MIT and NKSoft Cyber Security Consortium Patrons, Partners, and Members Page | 23

2. © 2017 MIT, NKSoft & KEMA Consulting, Inc. All rights reserved. Roles of the Team Page | 2 Research Utility NERC CIP Expertise Set Attainable Research Goals Research & Develop Relevant Techniques Develop Compliance & Monitoring Tool MIT NCS KEMA NKSoft Consortium

6. © 2017 MIT, NKSoft & KEMA Consulting, Inc. All rights reserved. MIT and NKSoft Cyber Security Consortium – Mission  Research & Development of Strategies, Models, and Tools that will enable critical infrastructure organizations to more effectively address their Cybersecurity needs  by applying interdisciplinary approaches to common problems that affect all Critical Infrastructure Sectors, and  building on, and aligning for multi-nationals, existing government, and industry initiatives including: • White House / NIST “Framework for Improving Critical Infrastructure Cybersecurity” • ISA/IEC-62443, ISO 27001/2, NIST SP 800, and other guidelines/standards • NERC-CIP, HIPAA, Gramm-Leach-Bliley Act, Homeland Security Act and other government regulations • Cybersecurity Frameworks, Strategies, and regulations of other countries 6 Page | 5

8. © 2017 MIT, NKSoft & KEMA Consulting, Inc. All rights reserved. © 2017 MIT, NKSoft & KEMA Consulting, Inc. All rights reserved. Page | 8 MIT House of Security Technology Resources for Security Financial Resources for Security Business Strategy for Security Security Policy & Procedures Security Culture Accessibility Confidentiality Integrity A Fundamental Model for Measuring Cybersecurity Effectiveness  The House of Security has been shown to be able to provide measurements of perceptions, awareness, profile, tier, maturity, and gaps in Cybersecurity.  It will be further developed to provide economic measurements of cyber- risk and the value of Cybersecurity activities allowing a calculation of Cyber-ROI.

1. © 2017 MIT, NKSoft & KEMA Consulting, Inc. All rights reserved. 001110101011101000101001010101010101 01001001010101001010000010111011 0 01110101011101000001101010101110101 0101011110111100011011101001110 1 0 11010101111110000101011101001100110 1111100001101001110100100010111 0 0 01011101000011101101001010010101111 1000101010100101010010101010100 1 1 01010000111101010100001010101011111 0010010101010001100100010011101 1 0 01110101011101000101001010101010101 0100100101010100101000001011101 1 0 01110101011101000001101010101110101 0101011110111100011011101001110 1 0 11010101111110000101011101001100110 1111100001101001110100100010111 0 0 01011101000011101101001010010101111 1000101010100101010010101010100 1 1 01010000111101010100001010101011111 0010010101010001100100010011101 1 0 01110101011101000101001010101010101 0100100101010100101000001011101 1 0 01110101011101000001101010101110101 0101011110111100011011101001110 1 0 11010101111110000101011101001100110 1111100001101001110100100010111 0 0 01011101000011101101001010010101111 1000101010100101010010101010100 1 1 01010000111101010100001010101011111 0010010101010001100100010011101 1 0 01110101011101000101001010101010101 0100100101010100101000001011101 1 0 01110101011101000001101010101110101 0101011110111100011011101001110 1 0 11010101111110000101011101001100110 1111100001101001110100100010111 0 0 01011101000011101101001010010101111 1000101010100101010010101010100 1 1 01010000111101010100001010101011111 0010010101010001100100010011101 1 0 01110101011101000101001010101010101 0100100101010100101000001011101 1 0 01110101011101000001101010101110101 0101011110111100011011101001110 1 0 11010101111110000101011101001100110 1111100001101001110100100010111 0 0 01011101000011101101001010010101111 1000101010100101010010101010100 1 1 01010000111101010100001010101011111 0010010101010001100100010011101 1 0 01110101011101000101001010101010101 0100100101010100101000001011101 1 0 0111010101110 10000 011010101011101010101011110 111100011011101001110 1 0 11010101111 00 I See 01 0111010011001101111100001 101001110100100010111 0 0 0101110100 00101000010 010100101011111000101010 100101010010101010100 1 1 0101000011 0 Cube 000001 110101010111110010010101 010001100100010011101 1 0 0111010101 00100011010 010101010101010100100101 010100101000001011101 1 0 0111010101 10 MIT,KEMA and NKSoft Corporation Consortium 1 000110111010 0011 010101011101010101011110 1111000110111010011101 0 11010101111 100101101 0111010011001101111100001 101001110100100010111 0 00101110100001 11011 010010100101011111000101010 1001010100101010101001 I nterdisciplinary C onsortium for I mproving C ritical I nfrastructure C ybersecurity TM  DRAFT, Copyright MIT and N KSoft Corporation, 2014-2016 MIT and NKSoft Cyber Security Consortium DRAFT PROSPECTUS F or discussion purposes only TM TM

5. © 2017 MIT, NKSoft & KEMA Consulting, Inc. All rights reserved. Who is this important to? (Just about Everyone!)  White House Executive Order (2014 and again in 2017): “... cyber threat to critical infrastructure continues to grow and represents one of the most serious national security challenges we must confront ...”  SEC Commissioner Luis A. Aguilar ... warned that “boards that choose to ignore, or minimize the importance of cybersecurity oversight responsibility, do so at their own peril ...”  U.S. Secretary of Energy Ernest Moniz .. “ From producing wells to tank batteries to pipelines, computer networks are playing an increasingly important role in the operations of the nation's oil and gas industry ... cyber threats continue to increase in frequency and sophistication ...” 5 Page |

14. © 2017 MIT, NKSoft & KEMA Consulting, Inc. All rights reserved. Use Accident Research on Cyber Incidents  Apply “accident” and safety research to “cyber security” failures.  MIT has researched accidents and how to prevent them (including studying NASA problems) for many years.  We are now treating a cyber incident/event as a type of “accident” and using prior research to identify, understand, and mitigate possible “cyber-hazards.”  Examples, such as TJX and Stuxnet, have been analyzed. Page | 14

16. © 2017 MIT, NKSoft & KEMA Consulting, Inc. All rights reserved. Improving CERTs  Improve CERTs (Computer Emergency Response Teams).  MIT has talked with and studied the CERTs around the world — both national and regional CERTs and corporate CERTs. (CERTs are the FEMAs for computer catastrophes.)  The activities, business models, and data-sharing activities are diverse and of varying quality.  MIT and NKSoft Corporation can suggest ways to improve and better coordinate the CERTS and the clients they serve. Page | 16

17. © 2017 MIT, NKSoft & KEMA Consulting, Inc. All rights reserved. Vulnerability Detection  Improving Vulnerability Discovery and Detection:  MIT has studied crowd source methods of bug detection, such as “bug bounty” programs.  Using techniques such as System Dynamics modeling  MIT and NKSoft Corporation can determine which types of vulnerability discovery and detection techniques provide the results with the greatest value, including “bug bounty,” open source, and other approaches. Page | 17

18. © 2017 MIT, NKSoft & KEMA Consulting, Inc. All rights reserved. Cyber-Hardening & Patch Management  Patch distribution and management is complex in general and even more so for critical infrastructure situations  Computer components are embedded within machinery (which cannot be easily shut down) and involve multiple manufacturers  e.g., the equipment/system may be made by Siemens, but controlled by computers running Windows software.  MIT has developed models to explore differing strategies and incentive systems to make patch distribution and management more effective. Page | 18

19. © 2017 MIT, NKSoft & KEMA Consulting, Inc. All rights reserved. Tipping Point Analysis  MIT has used System Dynamics models and simulations to analyze the stability of countries by understanding the capacity of the system to withstand disruptions and the range of loads that could be applied to the system.  This can be applied to complex critical infrastructure cyber systems (eg: smart grid, refinery, emergency services, telecom, financial systems, etc.) to determine the “tipping points” that would render such a system unstable.  Monitoring and Alerts – measuring how close an organization, or interconnected organizations, is coming to a “tipping point.” Page | 19

21. © 2017 MIT, NKSoft & KEMA Consulting, Inc. All rights reserved. Metrics  Organizations today have no effective way of measuring the quality of their Cyber Security efforts.  The old adage “if you can’t measure it, you can’t manage it” applies to Cybersecurity.  MIT and NKSoft can develop metrics which organizations can use to Quantify and Qualify their Cyber Security capabilities, and the organizations ability to withstand cyber attacks and carry out its mission.  A measureable Cybersecurity Maturity Model for describing the Quality of the Cybersecurity at an organization and the ROI of the Cybersecurity. Page | 21

9. © 2017 MIT, NKSoft & KEMA Consulting, Inc. All rights reserved. Example Results from Prior Research – Proof of Concept  Using survey questions we assessed bot h perception of the current state of security in the organization and the desired state.  The delta is the measureable gap between desired and actual. Page | 9 0.000 0.400 0.800 1.200 1.600 Accessibility Vulnerability Confidentiality Financial Resources IT Resources Business Strategy Security Polic y Security Culture Company X Company W Company I Overall 0.000 0.400 0.800 1.200 1.600 Accessibility Vulnerability Confidentiality 0.000 0.400 0.800 1.200 1.600 Accessibility Vulnerability Confidentiality Financial Resources IT Resources Business Strategy Security Polic y Security Culture Company X Company W Company I Overall Gap Analysis Current State Assessments by Three Companies: Big Differences

15. © 2017 MIT, NKSoft & KEMA Consulting, Inc. All rights reserved. Control Points Analysis to Disrupt Cybercrime Ecosystem  Analyze complex cybercrime ecosystem .  We are taking a “control points” approach to determine the best “choke-point” to interrupt the overall cyber-criminal enterprise (somewhat like “follow the money.”)  Sometimes that choke point is the Internet service providers, sometimes it is the credit card companies, sometimes it is the banks.  We will also study markets for malware and ways to disrupt and discredit those markets Page | 15

20. © 2017 MIT, NKSoft & KEMA Consulting, Inc. All rights reserved. Multivariate Simulation  Simulation of system performance and resilience under different conditions .  We can model systems under various circumstances, such as when one or more subsystems have failed or are under attack.  We can assess how the system’s mission is affected by multiple simultaneous attacks.  Such simulations can be used to create strategies and plans to mitigate the effects. Page | 20

25. © 2017 MIT, NKSoft & KEMA Consulting, Inc. All rights reserved. Operation of MIT and NKSoft Consortium  The day-to-day operation of Consortium is managed by the Director of MIT and NKSoft Director.  The Consortium Advisory Board, in consultation with the Director of MIT and NKSoft, will determine the research focus areas for each year.  The MIT faculty working with full-time MIT research staff and graduate students, and NKSoft team often in cooperation with Sponsor organizations, will conduct the research.  MIT and NKSoft will organize and conduct two research topic- specific workshops each year.  MIT and NKSoft will organize and conduct its Annual Conference, covering the wide range of its research topics, each year. Page | 25

22. © 2017 MIT, NKSoft & KEMA Consulting, Inc. All rights reserved. Holistic Cyber-Risk Model  Holistic Risk Analysis Model is needed to address:  Multi-vendor environment  Multi-purpose use of equipment/systems  Multi-national & multi-cultural considerations  Cross-sector validity and usability  Multi-level system dependencies and vulnerabilities  People, process and accident/safety considerations  Allowing simulation, including all of the above factors, of taking different actions – to predict what the benefits and costs will be. Page | 22

24. © 2017 MIT, NKSoft & KEMA Consulting, Inc. All rights reserved. Why Join MIT and NKSoft Consortium?  Existing organizations are trying to address today’s threat and how to stop attacks in progress, but:  “The CSO/CISO is too busy bailing water to plug the holes in the boat”  MIT and NKSoft Corporation is focusing MIT’s uniquely qualified interdisciplinary researchers on the fundamental principles of cyber space, cyber crime, & cybersecurity applied to Critical Infrastructure:  “Enabling the CSO/CISO to plug the holes in the boat”  Giving CSO/CISOs tools to  Strategically develop measureable, cost effective, Cybersecurity strategies – getting ahead of the curve  Implement Cyber-safety awareness and culture change  A confidential academic forum in which to benefit from the experiences of CSO/CISOs from multiple sectors Page | 24

4. © 2017 MIT, NKSoft & KEMA Consulting, Inc. All rights reserved. Filling a Critical Need for Critical Infrastructure  Security of conventional information systems is recognized as important ...  But still not fully effective (e.g., Target, Heartbleed, etc.)  Security of our Cyber-Physical Infrastructure ...  E.g., computer controlled utilities, oil & gas sites, chemical, water, financial services, telecom, infrastructure, etc. ... is even more important, but much less research has been done.  Critical needs for Critical Infrastructure:  (1) Justify top management attention & adoption  (2) Define actions that can be effective & measured  (3) Define a culture of Cyber-Safety  (4) Create a forum for CSO/CISO’s to advance Cybersecurity Page | 4

13. © 2017 MIT, NKSoft & KEMA Consulting, Inc. All rights reserved. Applicable Past Research  MIT House of Security: MIT has developed techniques to measure perceptions of security in an organization  Accident and Safety research: MIT can extend its research on accident prevention to pr eventing cyber events.  Control Points: MIT has studied best “choke points” to interrupt a criminal enterprise.  Improving CERTs: MIT has studied and suggested ways to improve and better coordinate the CERTs.  Bug Bounty: MIT has studied crowd source methods of bug detection, such as “bug bounty” programs.  Tipping Point Analysis: MIT has used System Dynamics to understand what will make complex systems unstable.  Simulation of Systems: MIT has a rich history in simulation of complex systems under a wide variety of circumstances. Page | 13

10. © 2017 MIT, NKSoft & KEMA Consulting, Inc. All rights reserved. Example: Mapping the NIST Cybersecurity Framework to the MIT House of Security  The traditional Cyber security Triangle:  Confidentiality  Availability  Integrity  The Cybersecurity Framework Core:  Identify  Protect  Detect  Recover  Restore Page | 10 • The MIT House of Security mapping: – Confidentiality – Accessibility – Integrity – Technology Resources – Financial Resources – Business Strategy – Policy & Procedure – Security Culture

26. © 2017 MIT, NKSoft & KEMA Consulting, Inc. All rights reserved. Types of Sponsors and Benefits *  Patrons : $450,000 per year – commitment for 3 years (can be 1 year for first year) Includes all items below plus:  Ability to suggest research projec ts and refinements, be considered for inclusion  A dedicated faculty contact, with monthly consultations  One on-site faculty presentation to the organization’s governing board  Partners : $120,00 per year – commitment for 3 years (can be 1 year for first year) Includes all items below plus:  Ability to suggest research areas  Ability to re-distribute select res earch content to existing clients and customers 1 Ability to contact designated faculty via telephone  Members : $35,000 if three year commitment or $45,000 if one year commitment  Send 2 people to annual conferenc e and 2 workshops per year  Access to research in the MIT-MIT and NKSoft Corporation research database 1 * Details on additional benefits contained in the Sponsorship Agreement 1 Subject to 3 rd party rights and bearing appropriate legends Page | 26

11. © 2017 MIT, NKSoft & KEMA Consulting, Inc. All rights reserved. Interdisciplinary Approach  MIT and KEMA will apply expertise from multiple disciplines in its research on Cybersecurity issues of Critical Infrastructure.  Faculty from MIT Sloan School of Management, MIT School of Engineering, and MIT School of Humanities (Political Science)  MIT and NKSoft will address complex Cybersecurity issues using techniques such as:  Multi-dimensional data aggregation & quality  System Dynamics, Modeling and Simulation  Internet, Network, and Communication Architecture  Applying Accident and Safety Theory to Cybersecurity  Cross border and international policy & implications  Control point analysis  Risk analysis and liability modeling  People and process modeling:  Users and operators as well as Cyber criminals Page | 11

3. © 2017 MIT, NKSoft & KEMA Consulting, Inc. All rights reserved. Proposed Initial Interdisciplinary MIT and NKSoft (KEMA) Team  Stuart Madnick – Professor of Information Technologies, MIT Sloan School of Management & Professor of Engineering Systems, MIT School of Engineering  Nazli Choucri – Professor of Political Science, MI T School of Humanities and Social Sciences  John Chowdhury – Director of Cyber Security, KEMA and NKSoft  Austin Mlady – Cyber Security Expert, KEMA and NKSoft  David Clark – Senior Research Scientist in Comput er Science and Artificial Intelligence Laboratory (CSAIL)  Michael Coden – Research Affiliate (former member of White House cyber study)  Jerrold Grochow – Research Affiliate (former MIT CIO and member of MITei cyber study)  Nancy Leveson – Professor of Aeronautics and Engineering Systems, MIT School of Engineering  Andrew Lo – Professor of Financial Engineering, MIT Sloan School of Management  Allen Moulton – Research Scientist, MIT School of Engineering  Michael Siegel – Principal Research Scientist, MIT Sloan School of Management  Richard Wang – Principal Research Scientist, MIT School of Engineering  John Williams – Professor of Civil and Environment Engineering and Engineering Systems, MIT School of Engineering Page | 3

Views

  • 72 Total Views
  • 44 Website Views
  • 28 Embeded Views

Actions

  • 0 Social Shares
  • 0 Likes
  • 0 Dislikes
  • 0 Comments

Share count

  • 0 Facebook
  • 0 Twitter
  • 0 LinkedIn
  • 0 Google+

Embeds 1

  • 10 nksoft.com