1 / 14

Cyber Crime Evolving Risks for Supply Chain Data Security

Cyber Crime Evolving Risks for Supply Chain Data Security. Iain McNab Supply Chain Symposium July 28, Shangri La Hotel. Agenda. Information Systems Security Cyber crime and its categories Exploring supply chain vulnerabilities Actors in the supply chain Day in the life dataflow

jess
Download Presentation

Cyber Crime Evolving Risks for Supply Chain Data Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cyber CrimeEvolving Risks for Supply Chain Data Security Iain McNab Supply Chain Symposium July 28, Shangri La Hotel

  2. Agenda • Information Systems Security • Cyber crime and its categories • Exploring supply chain vulnerabilities • Actors in the supply chain • Day in the life dataflow • Warnings and vulnerabilities • Common prevention practices

  3. Information Systems Security • Market demand and supply • Sheridan, FAST and ISS • Programs • ISS • Capstone • Applied Research • Co-op

  4. Market Demand and Supply • The explosion of Internet traffic has created enormous demand for information systems security professionals • Sheridan Bachelor of Applied Information Sciences (BAISc) program is a one-of-a-kind Information Systems Security degree program with a stellar reputation among employers: • It has very restricted enrollment • We have 100% placement rate, • Grads have offers usually 12-18 months before they graduate • The have, by far, the highest starting salary range of any program in the school BACHELOR OF APPLIED INFORMATION SCIENCES (INFORMATION SYSTEMS SECURITY)

  5. Applied Research at Sheridan As innovation becomes an increasingly important driver of our economy, the Office of Undergraduate Research at Sheridan is focused on creating unique opportunities for our students to work directly with our partners to address real-world challenges that strengthen our society and develop the leaders of tomorrow.Our mission: to help grow fruitful, mutually rewarding connections between our students, faculty, and industry/community partners by providing experiential learning opportunities through solutions-based research projects.As we transition to a distinct undergraduate teaching university, research will play an increasingly important role for our professors, administrators, and students.  Our vision: Sheridan’s undergraduate research and creative activities will be fully integrated within curriculum, strengthening the undergraduate professional education our students receive

  6. Cyber Crime and its Categories • Cyber Terrorism • Simple-unstructured, advanced-structured, complex- coordinated • Particularly worried about “electronic jihad” targeting SCADA, (Supervisory Control and Data Acquisition) industrial control systems such as power grid, water treatment, oil refinery, electrical power transmission, dam, gas pipelines etc. • Advanced Persistent Threat • Closely resembles espionage and goal is to steal IP • State funded actors: Russia, China, Israel, Iran, India etc • Actors are successful in harvesting enormous amounts of critical information inducing proprietary data, source code, negotiation tactics, strategic and operational plans • USA now loses $400B of IP annually – labelled greatest transfer of wealth in history by FBI • Organized Cyber Crime • Cybercriminals operating on this form are providing increasingly professional services and are monetizing stolen data and access to compromised networks • Locate business partners and plan criminal conspiracies • including theft, drug and human trafficking, extortions etc. • Hacktivism : unauthorized access to computer system to gain political & social goals • Advance a political purpose e.g. WikiLeaks • Bypass censorship, Geo-bombing,Anonymous blogging

  7. Is only retail vulnerable? • The headlines are shifting: • From: Retail-specific hacking • To: General Cyber Security awareness • Quote from Wal Mart Exec at recent retail conference: ”Our SKU level data is extremely valuable. We would never want to share this with anyone”

  8. Our position • The supply chain is vulnerable to Cyber Crime • Supply chain and logistics involve a broad range of diverse actors who are geographically dispersed and are entrusted with handling of large volumes of sensitive client data • Heightened awareness and sensible precautions are in order

  9. Communication methods in SCM • AS2 • AS2 (Applicability Statement 2) is a specification about how to transport data securely and reliably over the Internet. Security is achieved by using digital certificates and encryption. • FTP • The File Transfer Protocol (FTP) is a standard network protocol used to transfer computer files from one host to another host over a TCP-based network, such as the Internet. It is UNENCRYTED. SFTP is used for secure transmission • Web • HTTP The Hypertext Transfer Protocol (HTTP) is an application protocol for distributed, collaborative, hypermedia information systems. It is UNENCRYTED. HTTPS is used for encrypted web • Email • Email is unsecured. After 180 days in the U.S., email messages stored on a server lose their status as a protected communication under the Electronic Communications Privacy Act, and become just another database record. After this time has passed, a government agency needs only a subpoena—instead of a warrant—in order to access email from a provider.[1] Other countries may even lack this basic protection, and Google's databases are distributed all over the world.[3]

  10. Typical Canadian Supply Chain actors and Data DATA • Purchase Order • BOM • Insurance • ASN • Export Declaration • RNS release notification • CFS • Booking • Steamship • Rail • Container • Dispatch • Status reports • Commercial Documentation • Goods receipt ACTORS • Agent • Vendor • Buyer • Customs Official • Exporter • Bank • Forwarder • Customs Broker • Government Agencies • Rail • Port Authority • Trucker • Warehouse • Consular Services

  11. Insert K+N Data flow in SC • Need this in source form and need to narrate and animate it

  12. Considerations • Long term Storage of data? • Back -up and recovery processes? • Paper copies? • Online brokering?

  13. Prevention • Predict (proactive exposure analysis, predict attacks, baseline system) • Prevent (harden + isolate system, divert attackers, prevent incidents) • Detect Incidents (confirm, prioritize, contain) • Respond • Authenticate users • Encrypt data is use or transit • Tokenize data at rest

  14. Now to our panel…

More Related