290 likes | 510 Views
Resilience & Cyber Security in the Built Environment. Hugh Boyes CEng FIET CISSP Principal Fellow, WMG. 29 th April 2014. Contents. What are Resilience & Cyber Security? Managing the threats Case Studies Improving our defences. What is Resilience?. Resilience
E N D
Resilience & Cyber Securityin the Built Environment Hugh Boyes CEng FIET CISSP Principal Fellow, WMG 29th April 2014
Contents What are Resilience & Cyber Security? Managing the threats Case Studies Improving our defences
What is Resilience? Resilience Maintaining continuity of operations through an ability to adapt & respond rapidly to disruptions
What is Cyber Security? People, Process, Technology
Buncefield Oil Storage Depot knowledge & A lack of • skills Buncefield - severe local property damage and traffic disruption. £9.5m - fines & costs £750m civil damages
Protecting your business The Built Environment
Building Systems Intelligent = Complexity + Integration + Automation
Operational Control Centres Networks Communications Building systems
Demonstrations – physical v online Hactivism Online & electronic protest from the safety of your home or campus!
BIM Pilot Project HMYOI Cookham Wood
What can go wrong? Case Studies
The human factor Deliberate v Accidental Naïve v Malicious Careless v distracted Following procedure v Short cuts
Vulnerable CCTV Systems Malware discovered Scanning TCP/IP port 5000 on HikvisionDVRs Installs Bitcoin mining software Source: SANS Technology Institute
High profile/prestigious building Google’s hi-tech offices in Sydney
A vulnerable control system 17/04/13 - Sydney Building system hacked
Loss of power – loss of IT systems “We'd been waiting for three hours in the queue. There was no information and we couldn't find anyone to explain what we should be doing.” – Gatwick passenger, 2013
Maximum Security Wing 13/08/13 - Prison computer ‘glitch’ blamed for opening cells doors Miami TGK Jail Miami-Dade County Jails
The cyber-physical challenge Sports venue with 100,000 spectators Risks: Public safety/security Statutory (DPA) Financial (PCI DSS) Reputation
Initiatives to support you Research Institute for Trustworthy Industrial Control Systems
Any questions? Hugh Boyes CEng FIET CISSP Principal Fellow, Cyber Security Centre, WMG, University of Warwick haboyes@theiet.org