Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

Securing the Supply Chain - Protecting the Lowest Common

advertisement 
Securing the Supply Chain - Protecting the
Lowest Common Denominator
Commercial in Confidence
1
The supply chain – Confidentiality, Integrity and Availability?

The supply chain integrates supply and demand management within and across organisations
• Sourcing and procurement
• Conversion
• Logistics management
• Coordination and collaboration with channel partners
– suppliers, intermediaries, third-party service providers, and customers..


Supply Chain Management is an integrating function with primary responsibility for:
–
Linking major business functions and business processes within and across companies into a cohesive and highperforming business model
–
Driving coordination of processes and activities with and across marketing, sales, product design, finance and
information technology.
Security
–
Emerging Global and Local regulations.
• UK: MOD-led CSMM and compliance to standards across the entire supply chain
• United States: Importer Security Filing and additional provisions of the Certified Cargo Screening
Program

Corporate Responsibility
Commercial in Confidence
–
2013 Savar building collapse with more than 1,100 victims
2
A view from the UK

The nature of cyber threat means the supply chain is [also] liable to attack and its vulnerability
being, potentially, a ‘weak link’ access to MoD systems. Risk mitigation actions might include
sharing threat intelligence, providing ‘best practice’ guidance and improving identity and access
management. Government policy is to encourage the use of SMEs in the defence supply chain.
These companies may require additional support to accelerate their cyber-security maturity.
http://www.publications.parliament.uk/pa/cm201012/cmselect/cmdfence/writev/1881/1881.pdf
Commercial in Confidence
3
Cyber Attacks and the Supply Chain

Cyber attacks and technology failures are posing new and growing dangers to business supply
chains worldwide, according to a new report by a global risk assessment and reinsurance firm,
Marsh.
http://www.usanfranonline.com/online-education-information/

Supply Management reports The Business Continuity Institute's 2012 report, Supply Chain
Resilience, backs up Marsh's statement - with more than half of the companies that took part in
the report (52 per cent) saying that they had been affected by the threat of cyber attack.
http://www.bvdinfo.com/industrynews/procurement-and-risk-management/cyber-attacks-could-threaten-business-supply-chains/801646102

According to de Crespigny, 40 percent of the data-security breaches experienced by
organizations arise from attacks on their suppliers. Criminals are increasingly realizing that “this is
a channel they can attack.”
http://www.supplychainbrain.com/content/blogs/think-tank/blog/article/why-cybersecurity-is-a-supply-chain-problem/
The RSA takedown is probably the most public example of this, where the commonly held belief
is that RSA were merely a security supplier to more interesting (defence industry) targets.
http://www.publications.parliament.uk/pa/cm201012/cmselect/cmdfence/writev/1881/1881.pdf
And……. “ I do not hold ‘secrets’ so why should I spend money for protection I do not need”
Commercial in Confidence
4
Cyber Threat – Some ‘Truisms’

A dangerous world of complexity and evolving cyber threat

The short term trends in cyber threat require solutions to meet:
–
Further nation state cyber revelations – new nation states gear up
–
Professionalisation of a cyber attack industry – accessible and pervasive
–
Increased attacks against the supply chain – points of weakest resistance
–
Deployment of ‘adaptive security architectures’ – the need to monitor
–
Cyber crime becomes mobile-enabled – increasing application level attacks
Each of these drive a need for a better solution to meet those changing needs for us to securely share
information – whoever we are
* https://www.baesystemsdetica.com/news/bae-systems-detica-releases-top-5-predictions-for-cyber-security-threats-in/
Commercial in Confidence
5
A MOD-UK Industry perspective
Voice
mail
eMail
Messaging
Fax
Voice
IM
Person to
Person
Conversation
Web
Conferenci
ng
Multimodal
Video
Web
Secure
Information
File Transfer
Reliable Data
Stream
Application
Messaging
Application
to
Application
Remote Procedure
Call
Sharing
Task &
Workflow
Mgt.
Terminal
Microsoft
Windows
Application
Access
Person to
Application
Group
Coordination
Calendar &
Scheduling
Application Portal
Document
Sharing
Discussion
Forum
Document
Repository
Collaborative
Authoring (Wiki)
Commercial in Confidence
6
The nature of the challenge to the A&D community……


The absolute need to help organisations control the movement of high value data assets
between networks based upon:
–
Classification of the data - ‘National’, Export Control, IPR
–
The clearance of those sending and receiving
–
The content of the data
–
The regulations governing the movement of that data
The business drivers behind secure supply chain enablement:
–
Meet the Cyber Security requirements for reducing the risk associated with Advanced Persistent Threats
(APT)
–
Reduce the operational risk of data loss with exchanging sensitive information
–
Enhance security levels to meet operational and regulatory requirements
–
Cut operational and infrastructure costs
–
Increase the operational benefit of sharing data without being a barrier
Commercial in Confidence
7
What are not now Adequate Defences?

The appliance that protects all – they are not strong enough

Defences that only sit at the network level – the attacks are increasing at the application level

An enterprise security suite – one size does not fit all where data has higher value

Security products that do not defend themselves – that is where I would target my attack

Solutions difficult to integrate – they need to support the current business processes

Those that limit interoperability - the opportunity to stove-pipe systems is still with us!
………………… and the one absolute certainty!
Commercial in Confidence
8
When to do something different
COTS Network Products:

Firewalls

IDS / IPS

Routers

Malware appliances

NAC

Endpoint security
Security Position
• Business Drivers:
• Higher assurance information protection
• Demanding accreditation
• Breach avoidance not mitigation
• Safety regulation
• Collaboration efficiency in sharing data
• Characteristics:
Risk
Threshold
No Assurance
Low Assurance
• Strong boundary protection
• Defined sender/recipient relationships
• Self defending platforms
• Integrated management
• Deep content inspection and verification
High Assurance
Commercial in Confidence
9
TSCP – the basis for taking the ‘right’ approach



SEv1 gives us secure email –
–
The right trust model – PKI based certification
–
The right protection – encryption
–
The right level of integrity – digital signatures
SEv2 gives us additional layers of trusted assurance –
–
The right data – labeling
–
The right release – inspection of encrypted content
ILH gives is the right approach to valuing the data
–
National protective markings
–
Export control release
–
Protection of Intellectual Property
Focussed on the community that fronts up to APT-attack where the prizes are the richest
Commercial in Confidence
10
UKCeB SEEOTI Environment
Commercial in Confidence
11
A solution bringing commoditised service offerings to A&D
Commercial in Confidence
12
UKCeB CWE Project Environment
Commercial in Confidence
13
The UKCeB combined CWE and SEEOTI approach
Commercial in Confidence
14
The Value


TSCP-based solutions help organisations control the movement of high value supply chain data
assets between networks based upon:
–
Classification of the data
–
The Clearance of those sending and receiving
–
The content of the data
–
The regulations governing the movement of that data
Assured security platform that delivers security to control information flows:
–
Implementation architecture supporting accreditation
–
Policy based control and management
–
Clearance and classification verification
–
PKI enabled Certificate verification
–
Content verification
–
Delivery and notification control
–
Audit, account and alerting to support security operations (SyOps)
Commercial in Confidence
15
Key Defence Contacts in Deep-Secure
Robin King
Colin Nash
CEO
Business Development Manager
Telephone: +44 (0)1684 21 7061
Telephone: +44 (0) 1684 217062
Email: robin.king@deep-secure.com
Email: colin.nash@deep-secure.com
Deep-Secure Limited
1 Nimrod House, Sandy’s Road
Malvern, Worcestershire, WR14 1JJ
+44 (0)1684 217070
www.deep-secure.com
Deep-Secure is a Member of:
Commercial in Confidence
16
Related documents
apdf nov 4 - 0910 sakada
apdf nov 4 - 0910 sakada
Jorge Valenzuela
Jorge Valenzuela
Day 4 Index - 507 Access 13, 15, 40, 56, 71, 76
Day 4 Index - 507 Access 13, 15, 40, 56, 71, 76
solving national security challenges with information technology by
solving national security challenges with information technology by
Need for New Approaches to Security PowerPoint
Need for New Approaches to Security PowerPoint
Internet SafetyK5
Internet SafetyK5
Cyber-Security Awareness PowerPoint
Cyber-Security Awareness PowerPoint
“Current Cyber Security Landscape” Dr. Josh Pauli Presentation
“Current Cyber Security Landscape” Dr. Josh Pauli Presentation
Cyber Security
Cyber Security
00-InternetDangers
00-InternetDangers
“Response, Recovery and Reducing Our Vulnerability to Cyber Attacks: Lessons... and Implications for the Department of Homeland Security”
“Response, Recovery and Reducing Our Vulnerability to Cyber Attacks: Lessons... and Implications for the Department of Homeland Security”
A survey of Cyber Attack Detection Strategies
A survey of Cyber Attack Detection Strategies
Download
advertisement