Reading the ENISA Threat Landscape report for Internet Infrastructure

ENISA published a study on the on the threat landscape and provides a list of good practices that aim at securing an Internet infrastructure assets.

ENISA has published the annual analysis on the threat landscape, the document titled Threat Landscape and Good Practice Guide for Internet Infrastructure  analyzes in details the current cyber threats and provide useful information on their trends.

The study is part of the ENISA Threat Landscape 2014, an activity conducted by the Agency to improve threat analysis and the evaluation of emerging trends in cyber security in compliance with Cyber Security Strategy for the EU.

Sharing information on cyber threats among the IT community is essential to improve the security posture of individuals and organization by adopting the necessary countermeasures.

The report is primarily targeted at Internet infrastructure owners, Internet organizations, security experts, developers of security guides, and policy makers, but I strongly recommend the reading to everyone due to data it includes.

” this study details the assets of Internet infrastructure (structured into eight types: hardware, software, information, human resources, protocols, services, interconnections, and infrastructure) and list the threats applicable to these Internet infrastructure assets. These results are structured into mind maps. The study then classifies Important Specific Threats of the Internet infrastructure – namely Routing threats, DNS threats, Denial of Service, and Generic threats – and links each threat with a list of assets exposed” states the executive summary of the study.

The study provides all the information that allows asset owners to evaluate the surface of exposure of their infrastructure and related risks, the report also includes the analysis of the current trends for main threats and list of good practices to improve the security of architecture exposed on the Internet.

The asset types specifically addressed in the report are hardware, software, information, and human resources, meanwhile the threats have been regrouped in the following categories depending on their source.

• Physical attacks.
• Disasters, including natural disasters and environmental disasters directly caused by human.
• Failure or malfunction.
• Outages.
• Unintentional damage.
• Damage.
• Nefarious activities and abuse.
• Eavesdropping/Interception/Hijacking.
• Legal.

 

The authors of the study analysed data published by principal security institutions in order to identify the most important specific threats.

The experts elaborate a final listing by clustering the above threats in groups according to the exposed assets. Each threat group regroups the threats menacing a particular technical domain and/or technology, with no discrimination in regard with their threat type.

“The main threat groups are routing threats, DNS threats, DDoS threats, and generic threats which are not specific to the Internet infrastructure as denoted above.”

Analyzing the summary trends for threat type for each threat group it is possible to note that all the trends are increasing except the DNS threats, this means that experts observed a greater number of attacks this year compared to the previous year.

“DNS Threat is decreasing. Yet, the number of cyber attacks targeting DNS remains important in relation to the total number of attacks. This decreasing trend shall only denote a diminution of DNS as an attack vector by threat agents.”

The Threat Landscape and Good Practice Guide for Internet Infrastructure report provides Five technical recommendations and four organisational recommendations as reported below

Technical recommendations

• Recommendation 1: For Internet Infrastructure owners and electronic communications network regulatory agencies, evaluate your current level of security by understanding the
  assets covered (and not covered) by existing security measures.
  Recommendation 2: For Internet infrastructure owners, evaluate the application of adapted good practices in a focused manner.Recommendation 3: For Internet infrastructure owners, cooperate with the community to
• Recommendation 3: For Internet infrastructure owners, cooperate with the community to
• exchange on threats and promote the application of good practices as mitigation measures.
  Recommendation 4: For users deploying good practices guides, report on their implementations, assets covered and gaps found.
• Recommendation 5: Words matter: Ensure the right use of terms and definitions.

Organisational recommendations:

• Recommendation 6: For Internet infrastructure owners, use proper risk assessment methods to understand vulnerable assets in your Internet infrastructure and prioritise your protection actions.
• Recommendation 7: Build an information and communication technology security awareness and training program.
• Recommendation 8: Internet infrastructure owners shall commit third-party vendors to apply security measures.
• Recommendation 9: Internet infrastructure owners should stay current on any updates.

“ Threats analysed in the current study indicate they are globally on the rise. It is important to apply good practices and promote the exchange of information, in order to mitigate threats and secure Internet infrastructure. ENISA’s Guide gives an up to date overview of emerging threats and lays the foundations for the community towards a more secure Internet infrastructure through proper risk assessment, training and evaluation”. said Udo Helmbrecht , ENISA’s Executive Director, explaining the importance of the project: 

The Threat Landscape and Good Practice Guide for Internet Infrastructure published  by the ENISA also includes a gap analysis that highlights existing shortcomings of current good practices.

“From the analysis, the gaps are linked to the application of skill sets in all important specific threats analysed, as well as to system configuration and essential addressing protocols for (Distributed) Denial of Service.”

Enjoy The Reading …

Pierluigi Paganini

(Security Affairs –  ENISA, Threat Landscape)