ART
EU regulation’s impact on cyber security
What is “state of the art”?
EU Directives & Regulations
EU recognizes the significance of Cyber Security Network Information Security Directive •
Put in place a minimum level of NIS in the Member States and thus increase the overall level of preparedness and response.
•
Improve cooperation on NIS at EU level with a view to counter cross border incidents and threats effectively. A secure information-sharing infrastructure will be put in place to allow for the exchange of sensitive and confidential information among the competent authorities.
•
Create a culture of risk management and improve the sharing of information between the private and public sectors.
General Data Protection Regulation •
Supersedes the Data Protection Directive (1995) to unify data protection within the European Union (EU) with a single law.
2 | © 2015, Palo Alto Networks. Confidential and Proprietary.
EU Directives & Regulations
Network Information Security Directive Requirements to be met by each member state
•
A national NIS strategy;
•
A NIS cooperation plan;
•
A NIS competent national authority
•
A Computer Emergency Response Team (CERT)
3 | © 2015, Palo Alto Networks. Confidential and Proprietary.
EU Directives & Regulations
Network Information Security Directive Article 14 - Security requirements and incident notification 1. Member States shall ensure that public administrations and market operators take appropriate technical and organizational measures to manage the risks posed to the security of the networks and information systems which they control and use in their operations. Having regard to the state of the art, these measures shall guarantee a level of security appropriate to the risk presented. In particular, measures shall be taken to prevent and minimize the impact of incidents affecting their network and information system on the core services they provide and thus ensure the continuity of the services underpinned by those networks and information systems. 2. Member States shall ensure that public administrations and market operators notify to the competent authority incidents having a significant impact on the security of the core services they provide.
4 | © 2015, Palo Alto Networks. Confidential and Proprietary.
EU Directives & Regulations
Network Information Security Directive General Remarks
•
Very specific on cooperation, coordination and response • •
•
Create framework and infrastructure that fosters cooperation and coordination within and between member states. Enforce incident notification and response.
Technologies & methods to implement protection measures are not described in detail. • •
Allows state-of-the-art innovative technologies to be implemented. Regular audits are mandatory.
5 | © 2015, Palo Alto Networks. Confidential and Proprietary.
NIS Coordination, Cooperation & Response
Coordination, Cooperation and Response
EU CERT
FR NIS CNA
F I N
6 | © 2015, Palo Alto Networks. Confidential and Proprietary.
BE NIS CNA
FR CERT
G O V
R E T
F I N
NL NIS CNA
BE CERT
G O V
R E T
F I N
NL CERT
G O V
R E T
STATE-OF-THE-ART
What does state-of-the-art mean today? 1. Innovation over evolution
2. Information sharing 3. Automation
7 | © 2015, Palo Alto Networks. Confidential and Proprietary.
STATE-OF-THE-ART
Innovation over evolution •
Choose platform solutions over point products
•
Obtain contextual awareness
Gather Intelligence
8 | © 2015, Palo Alto Networks. Confidential and Proprietary.
Leverage Exploit
Execute Malware
Control Channel
Steal Data
STATE-OF-THE-ART
Automation •
Automated malware analysis
•
Automated information sharing
•
Automated protection • • • • •
Timely Contextual Actionable Machine readable Low false positives
9 | © 2015, Palo Alto Networks. Confidential and Proprietary.
Net work
IR
Host
STATE-OF-THE-ART
Information sharing •
Public Private sector
•
Public/Private sector Security Industry
•
Security Industry Security Industry Cyber Threat Alliance - Cryptowall 3.0 collaborative research 4046 unique samples 49 campaign code identifiers 406,887 attempted infections seen 839 CnC servers (typically compromised Word press sites) Proxy to 2nd ary Servers (5 IPs in Russia under 1 ISP) $300 - $1500 bit coins Transactions hop up to 80 wallets $325mil+ held in master wallet www.cyberthreatalliance.org
10 | © 2015, Palo Alto Networks. Confidential and Proprietary.
STATE-OF-THE-ART
What does state-of-the-art mean today? 1. Innovation over evolution
2. Information sharing 3. Automation
11 | © 2015, Palo Alto Networks. Confidential and Proprietary.
Thank you
12 | © 2015, Palo Alto Networks. Confidential and Proprietary.
What is “state of the art”?
EU Directives & Regulations
EU recognizes the significance of Cyber Security Network Information Security Directive •
Put in place a minimum level of NIS in the Member States and thus increase the overall level of preparedness and response.
•
Improve cooperation on NIS at EU level with a view to counter cross border incidents and threats effectively. A secure information-sharing infrastructure will be put in place to allow for the exchange of sensitive and confidential information among the competent authorities.
•
Create a culture of risk management and improve the sharing of information between the private and public sectors.
General Data Protection Regulation •
Supersedes the Data Protection Directive (1995) to unify data protection within the European Union (EU) with a single law.
2 | © 2015, Palo Alto Networks. Confidential and Proprietary.
EU Directives & Regulations
Network Information Security Directive Requirements to be met by each member state
•
A national NIS strategy;
•
A NIS cooperation plan;
•
A NIS competent national authority
•
A Computer Emergency Response Team (CERT)
3 | © 2015, Palo Alto Networks. Confidential and Proprietary.
EU Directives & Regulations
Network Information Security Directive Article 14 - Security requirements and incident notification 1. Member States shall ensure that public administrations and market operators take appropriate technical and organizational measures to manage the risks posed to the security of the networks and information systems which they control and use in their operations. Having regard to the state of the art, these measures shall guarantee a level of security appropriate to the risk presented. In particular, measures shall be taken to prevent and minimize the impact of incidents affecting their network and information system on the core services they provide and thus ensure the continuity of the services underpinned by those networks and information systems. 2. Member States shall ensure that public administrations and market operators notify to the competent authority incidents having a significant impact on the security of the core services they provide.
4 | © 2015, Palo Alto Networks. Confidential and Proprietary.
EU Directives & Regulations
Network Information Security Directive General Remarks
•
Very specific on cooperation, coordination and response • •
•
Create framework and infrastructure that fosters cooperation and coordination within and between member states. Enforce incident notification and response.
Technologies & methods to implement protection measures are not described in detail. • •
Allows state-of-the-art innovative technologies to be implemented. Regular audits are mandatory.
5 | © 2015, Palo Alto Networks. Confidential and Proprietary.
NIS Coordination, Cooperation & Response
Coordination, Cooperation and Response
EU CERT
FR NIS CNA
F I N
6 | © 2015, Palo Alto Networks. Confidential and Proprietary.
BE NIS CNA
FR CERT
G O V
R E T
F I N
NL NIS CNA
BE CERT
G O V
R E T
F I N
NL CERT
G O V
R E T
STATE-OF-THE-ART
What does state-of-the-art mean today? 1. Innovation over evolution
2. Information sharing 3. Automation
7 | © 2015, Palo Alto Networks. Confidential and Proprietary.
STATE-OF-THE-ART
Innovation over evolution •
Choose platform solutions over point products
•
Obtain contextual awareness
Gather Intelligence
8 | © 2015, Palo Alto Networks. Confidential and Proprietary.
Leverage Exploit
Execute Malware
Control Channel
Steal Data
STATE-OF-THE-ART
Automation •
Automated malware analysis
•
Automated information sharing
•
Automated protection • • • • •
Timely Contextual Actionable Machine readable Low false positives
9 | © 2015, Palo Alto Networks. Confidential and Proprietary.
Net work
IR
Host
STATE-OF-THE-ART
Information sharing •
Public Private sector
•
Public/Private sector Security Industry
•
Security Industry Security Industry Cyber Threat Alliance - Cryptowall 3.0 collaborative research 4046 unique samples 49 campaign code identifiers 406,887 attempted infections seen 839 CnC servers (typically compromised Word press sites) Proxy to 2nd ary Servers (5 IPs in Russia under 1 ISP) $300 - $1500 bit coins Transactions hop up to 80 wallets $325mil+ held in master wallet www.cyberthreatalliance.org
10 | © 2015, Palo Alto Networks. Confidential and Proprietary.
STATE-OF-THE-ART
What does state-of-the-art mean today? 1. Innovation over evolution
2. Information sharing 3. Automation
11 | © 2015, Palo Alto Networks. Confidential and Proprietary.
Thank you
12 | © 2015, Palo Alto Networks. Confidential and Proprietary.
