Cyber Security Experts Association of Nigeria (CSEAN) CYBER SECURE NIGERIA 2016 Conference

Transcription

1 Cyber Security Experts Association of Nigeria (CSEAN) CYBER SECURE NIGERIA 2016 Conference

2 Threat of Cyber- Terrorism to Critical Infrastructures Presented by Iyke Ezeugo Cyber-warfare Strategist

3 Definitions of key terms Cyber-Terrorism Cyber-Terrorism is a premeditated politically motivated use of computers and information technology to cause severe disruption to the people, or inflict widespread fear or violence against non-combatant targets by terrorists.

4 Definitions of key terms Critical infrastructures Critical infrastructures are those physical and cyberbased systems essential to the minimum operations of the economy and government of a nation; these include telecom services, energy supply, banking and financial institutions, transportation, water systems and emergency services, whether governmental and private.

5 Objectives of highlighting threats of cyberterrorism to critical infrastructures To effectively identify threats and rightly classify them. To stimulate concerted efforts in taking logical steps towards preventing attacks Have reliable quick recovery in the event of an attack.

6 Do we really have threats in Nigeria What kind of infrastructures do we consider national critical infrastructures in Nigeria Are they truly subject to cyber-terrorism threats and why? What impact does degradation of Boko-haram traditional operations have on cyber-terrorism?

7 Do we really have threats in Nigeria? Do we have genuine reasons to have concerns. Which infrastructure is most vulnerable and on which will a successful attack be most disastrous - telecom network, financial services, etc.

8 Important Facts The cyber-terrorism threat is real and we need to prepare for its prevention through a coordinated response. An impact on one organization affects others and the nation socioeconomic activates. We need to apply effective techniques to prevent attacks We need to devise reliable mechanisms to recover quickly in the event of an attack.

9 Important Facts Cont d Around September 2012 MTN and Airtel reported that their mobile phone masts are coming under attack from gunmen in northern Nigeria who may be trying to elude police trackers through their phones. In 2013, the Nigerian military, as part of its counterinsurgency operations against Boko Haram insurgents, shut down GSM mobile telephony in three northeast states Adamawa, Borno and Yobe.

10 Is there a way out? We can only prevent attacks on our critical infrastructures by: Proactively building an intelligence base, Critically analysing the gathered intelligence, Providing timely, actionable threat-related products to the nations public and private sector partners. Strategic improving information sharing is key. Our cybersecurity effort shouldn t just be a reactive endeavour

11 Why is this subject important This conference is meant to stimulate and strengthen our commitment to improving the security of our Nation's critical infrastructures. not a very strange experience to Nigerian - we have seen how a single attack can have immediate simultaneous impact on several interdependent socioeconomic systems We need a national focal point for gathering information on threats to the infrastructures To accomplish this mission, we need to build a strong coalition of trust amongst all government agencies, between the government and the private sector,

12 Our peculiar challenges in dealing with cyber-terrorism threats? Up-to-date formal security policies in place, and how are they implemented More creative thinking about information systems security, The most likely perpetrators of cyber-attacks on critical infrastructures are terrorists and criminal groups rather than nation-states. Our attitude in reporting detected computer security breaches

13 Our peculiar challenges in dealing with cyber-terrorism threats? Of what relevance is the reporting? Reasons why we don t often report The assumption that competitors would use the information against them. Lack of awareness of the need for reporting intrusions to law enforcement. Lack of identifiable channel of reporting and the information can be used for Avoiding negative publicity

14 Solutions - Best Practices One source of best practices for cybersecurity can be found at the Computer Emergency Response Team's (CERT) web site at CERT has very useful five areas of practices divided into: 1. Harden and secure your systems by establishing secure configurations 2. Prepare for intrusions by getting ready for detection and response 3. Detect intrusions quickly 4. Respond to intrusions to minimize damage 5. Improve your security to help protect against future attacks

15 Conclusion We have serious need for national cybersecurity threats Information Sharing and Analysis Centre one with a clear purpose of enhancing private sector cooperation and the mandate to strengthen two-way information sharing and increased security for the nation's critical infrastructures in the information age.