Page 1

ISSN 2055-6950 (Print) ISSN 2055-6969 (Online)

Cyber Security Review Summer 2016

SECURITY, SOVEREIGNTY AND THE INTERNET: WHAT TO DO AS THE INTERNET WEAKENS STATES EVERYWHERE NATO’s POLICY ON CYBER DEFENCE –TODAY AND TOMORROW DEVELOPMENT OF CYBER THREATS AGAINST FINANCIAL INSTITUTIONS CYBER THREATS TO NUCLEAR POWER PLANTS IN THE SECOND NUCLEAR AGE CYBER SECURITY: THE NEW BUSINESS PRIORITY FACING EXECUTIVES INTERNATIONAL COLLABORATION

JAPAN AND ISRAEL’s CYBER COOPERATION FOR THE 2020 OLYMPIC GAMES

SMART CITIES: THE IMPLICATIONS FOR THE PRIVATE SECTOR


w w w.c ybersecurityci.com

AUGUST 21-23, 2016 SAN DIEGO, CALIFORNIA

The Rise of Critical Infrastructure Attacks:

Evolving the Organization to Respond and Prepare for Cyber Security Threats

JOEL AUSTIN

MIKE HARRIS

CIO Oncor Electric Delivery

GEORGE KHALIL

DIRK MAHLING

PAUL REYES

CRO SEI Investments

BRANNDON KELLEY

ISO City of Riverside

SVP Technology Alliant Energy

SUSAN RAMONAT

CIO Clark Public Utilities

ERFAN IBRAHIM,

CIO American Municipal Power

GLENN STEIGER

CEO Alameda Municipal Power

VP of IT Infrastructure & Security Services Energy Future Holdings

PhD Center Director, Cyber-Physical Systems Security & Resilience R&D National Renewable Energy Lab

ERNEST WOHNIG

Senior Global Cyber Security Advisor (Deputy CISO) AES

JIM JONES

CIO Great River Energy

Why Should you Attend? Attendance is exclusive - Participation is strictly limited to senior executives from leading corporations to facilitate true peer-level networking for our delegation and speakers. Strategic conference sessions - The intellectual content of the conference agenda is specifically designed for the seniority and maturity of the participants and has been developed following 9 months of in-depth research. Maximize your time out of office by customizing your own itinerary - Select the conference sessions, BrainWeave® discussions, and business meetings that match your initiatives and current business needs ensuring you have full control of your time at the Exchange. Unsurpassed formal and informal networking opportunities - to share and exchange ideas and concepts. One-on-one business meetings – The business meetings provide an exceptional opportunity for event participants to assess the solutions and services that are available to help them achieve their business objectives.

A few sessions we’re really excited about! Streamlining Incident Response and Risk Mitigation to Strengthen IT/OT Awareness and Communications with the Board SCOTT KING Director - Information Security Sempra Energy Utilities

Insider Threats: Securing the Human Link JEANA PIERALDE Information Security & Compliance Manager California Water Service Company

REQUEST YOUR INVITATION TODAY! Mention code: 26639.001_CSR www.cybersecurityci.com I 813-658-2539 I inexchange@iqpc.com


EDITORIAL CONTRIBUTORS

Cyber Security Review

MEDIA PARTNERS

The opinions and views expressed in the editorial content in this

Published by Delta Business Media Limited 3rd floor, 207 Regent Street London W1B 3HH United Kingdom

publication are those of the authors alone and do not necessarily

Tel: +44 (0) 20 7193 2303 Fax: +44 (0) 20 3014 7659 info@deltabusinessmedia.com www.deltabusinessmedia.com www.cybersecurity-review.com

The views and opinions expressed in this publication do not necessarily

represent the views of any organisation with which they may be associated. Material in advertisements and promotional features may be considered to represent the views of the advertisers and promoters. express the views of the publisher. While every care has been taken in the preparation of this edition, the publisher is not responsible for such opinions and views or for any inaccuracies in the articles. Š 2016. The entire contents of this publication are protected by copyright. Full details are available from the publisher. All rights reserved. No part of this publication may be reproduced, stored in a

ISSN 2055-6950 (Print) ISSN 2055-6969 (Online)

retrieval system or transmitted in any form or by any means, electronic, mechanical photocopying, recording or otherwise, without the prior permission of the copyright owner. cybersecurity-review.com

3


CONTENTS

CONTENTS IFC CYBER SECURITY FOR CRITICAL INFRASTRUCTURE EXCHANGE 2016 5

CRANFIELD UNIVERSITY – MSc IN CYBER-SECURE MANUFACTURING

5

ISDEF 2017 – THE 8th INTERNATIONAL DEFENSE & HLS EXPO

7

ECCWS – 15th EUROPEAN CONFERENCE ON CYBER WARFARE AND SECURITY

8

CYBER INTELLIGENCE EUROPE 2016

9

SECURITY, SOVEREIGNTY AND THE INTERNET: WHAT TO DO AS THE INTERNET WEAKENS STATES EVERYWHERE

14

FUTURE OF CYBER CONFERENCE 2016

By Ian Fletcher, partner of cyber and physical security consultancy InPhySec, former Director of the GCSB

15 NATO’s POLICY ON CYBER DEFENCE – TODAY AND TOMORROW

By Dr. Jamie Shea, Deputy Assistant Secretary General, Emerging Security Challenges, NATO

21 DEVELOPMENT OF CYBER THREATS AGAINST FINANCIAL INSTITUTIONS

By Troels Oerting, Group Chief Information Security Officer and Elena Kvochko, Head of Global Information Security Strategy and Implementation, Barclays

27

CYBER THREATS TO NUCLEAR POWER PLANTS IN THE SECOND NUCLEAR AGE

33

11th ANNUAL HOMELAND SECURITY WEEK 2016

34

THE INSIDER SECURITY THREAT HOW SHAREPOINT AND OFFICE 365 MEASURE UP

4

By Jack Caravelli, visiting professor at the UK Defence Academy, previously member of senior staff at the National Security Council (NSC), White House

By Peter Bradley, CEO of Torsion Information Security

CYBER SECURITY REVIEW, Summer 2016


NEW COURSE

MSc in Cyber-Secure Manufacturing Available full-time/part-time Cranfield Manufacturing launch a new course for 2016/17 in Cyber-Secure Manufacturing, in response to the growing threats posed to Industry 4.0 and the development of Smart Factories. Developed for manufacturing engineers/managers to help protect manufacturing systems and machines against cyber threats.

In partnership with:

To find out more visit www.cranfield.ac.uk/CSM



THE RIGHT place THE RIGHT time THE RIGHT people JUNE 6-8

2017 TEL- AVIV

THE 8TH INTERNATIONAL DEFENCE & HLS EXPO

VISIT OUR WEBSITE

WWW.ISDEFEXPO.COM

Contact us now for more details Exhibition & Sponsorship Opportunities: Sales@isdefexpo.com General Information: expoaffairs@isdefexpo.com Tel. +972 3 691 4564 | Fax. +972 3 691 4567

cybersecurity-review.com

5


CONTENTS

40

IT-SA BRASIL 2016 – THE IT SECURITY CONFERENCE AND CORPORATE NETWORKING EVENT

41 CYBER SECURITY: THE NEW BUSINESS PRIORITY FACING EXECUTIVES

By Dr Arthur M. Langer, Columbia University

47 INTERNATIONAL COLLABORATION JAPAN AND ISRAEL’s CYBER COOPERATION FOR THE 2020 OLYMPIC GAMES

By Ori Bar-Chaim, Director General at Regional Branch of Custodio Pte. Ltd - a subsidiary of Israel Aerospace Industries (IAI) and Camila Edry, Department Manager of Cyber Centers at Cyber Directorate - Elta, IAI

51

MILIPOL QATAR 2016

52

SMART CITIES: THE IMPLICATIONS FOR THE PRIVATE SECTOR

By Nicolas Reys, Consultant, Control Risks Cyber Security Services

57 ASSURING THE SUPPLY CHAIN – HOW TEAM DEFENCE WORKED TOGETHER TO ADDRESS CHALLENGES

By Daniel Selman, Cyber Industry Deputy Head, MOD UK

61 THE CZECH REPUBLIC’s NATIONAL CYBER SECURITY EDUCATION CONCEPTS

By Katerina Habova, Cyber Security Education specialist at the National Security Authority/ National Cyber Security Centre

67 CRASH COURSE FOR IT NEWBIES: SOME HAVE AUTOMATED INFORMATION SYSTEMS THRUST UPON THEM

By Oliver Easterday, deputy branch chief of the Sustainment Branch at the Air Operations Center, U.S. Air Force C2 Requirements Division, Headquarters Air Combat Command, in Hampton, Virginia

71 CYBERSECURITY - THE ROAD AHEAD FOR DEFENSE ACQUISITION

By Steve Mills and Steve Monks, Defense Acquisition University

75

ISDEF 2017 – THE 8th INTERNATIONAL DEFENSE & HLS EXPO

OBC ISRAEL AEROSPACE INDUSTRIES - IAI 6

CYBER SECURITY REVIEW, Summer 2016


ECCWS

15th European Conference on

Cyber Warfare and Security 7-8th July 2016 Munich, Germany

It is 15 years since the European Conference on Cyber Warfare and Security (ECCWS) was established. It has been held in cities around Europe and attracts a truly international audience of academic scholars, military personnel and practitioners. ECCWS 2016 is being hosted by the Bundeswehr University, Munich, Germany where the Conference Chair is Prof. Dr. Gabi Dreo Rodosek. ECCWS oers a unique opportunity for sharing ideas and learning from others.

For more information: http://www.academic-conferences.org/conferences/eccws/ Or email: info@academic-conferences.org


Taking cyber solutions to the next level

IAI’s Cyber Defense, Intelligence and Early Warning Solutions • Cyber and off-the-air Accessibility solutions • Training, Testing, Simulation & Forensics • Cyber Analytics- Identity Resolution, Geo Location, Anomaly Detection • Modular Cyber Centers: Cyber Security Operation Centers (CSOC), Intelligence Centers and Early Warning Centers

www.iai.co.il corpmkg@iai.co.il


To receive a full version of the Cyber Security Review, please complete the Request Form Here. Please provide a valid corporate, government or academic email address. We reserve the right to refuse to accept any application at our discretion. If you have any queries please email to: editorial@deltabusinessmedia.com

REQUEST YOUR COPY OF THE CYBER SECURITY REVIEW

www.cybersecurity-review.com

Published by Delta Business Media 3rd floor, 207 Regent Street, London, W1B 3HH, United Kingdom Tel: +44 (0) 20 7193 2303 Fax: +44 (0) 20 3014 7659 info@deltabusinessmedia.com www.deltabusinessmedia.com


Millions discover their favorite reads on issuu every month.

Give your content the digital home it deserves. Get it to any device in seconds.