Protecting our National Infrastructures

1
Protecting our National Infrastructures

• SEARCC Insecurity Seminar
• 27 November 2001

Jay Garden Manager, Centre for Critical
Infrastructure Protection Government
Communications Security Bureau
2
What is critical infrastructure?- Energy
production and distribution (hydro dams, gas
plants, high-tension lines, distribution
stations) - Telecommunications (Internet,
telephones, radio and TV) - Governance
(Government, Defence Force, Police, border
control) - The financial sector (Banks, Social
Welfare, Reserve Bank, EFT-POS) - Health and
emergency services (Hospitals, fire, ambulance
and rescue services, civil defence) - Transport
(road and rail systems, inter-island ferries,
airlines, navigation, air traffic control,
ports) - Regional utilities (waste management,
water supply)
3
Whats changed to need a CCIP?

• Increasing dependance on the Internet and other
  telecommunications systems
• e-commerce, e-billing, e-banking
• e-govt
• e-mail
• virtual teams, etc ,etc
• Just-in-time (no time) philosophy
• The battlefield is no longer in the battlefield
• Globalisation means we are a threat and a target

4
Why is the Internet Dangerous?

• Action at a distance
• Anonymity
• Lack of Accountability
• Multiple Jurisdictions
• Automation
• Password crackers
• Port scanners
• DDoS network generation
• Proliferation
• Attack tool or vulnerability tester?

5
What and who is a threat?

• Users and administrators
• Recreational hackers
• Thieves and extortionists
• Organised crime groups
• Competitors
• Issue groups
• Foreign governments
• Cyber-vandals - e.g virus writers

• Denial of service attacks
• Hacking / cracking
• Malware
• viruses
• worms
• trojan horses
• Malicious or inadvertent damage by users

6
The Threat is Real
For 3 ½ years, a shadowy group of computer
hackers has broken into hundreds of computer
networks and stolen thousands of top-secret files
on Pentagon war-planning systems and NASA
technical research. Dubbed the "Moonlight Maze"
group, the hackers continue to elude the FBI, the
CIA and the National Security Agency, despite the
biggest cyber probe ever. And while no one knows
what is being done with the classified
information, some fear the thefts may be the work
of terrorists or that the information could be
sold to terrorists. (USA Today Electronic News,
10 Oct 2001) Hackers calling themselves
revengetheplanet this week attacked 156 websites
hosted by Vietnams largest ISP and monopoly
gateway provider, Vietnam Data Communications
(VDC)... Many of the sites were down for as
long as 10 hours... (IDG, 23 Nov 01)
7
Code Red

• Computer Economics assesses
• Code Red
• 8 million web servers checked, cleaned and
  patched (US1.1 billion (US137 each))
• lost productivity (US1.5 billion)
• SirCam
• 2.3 million infections (US1 billion damage)

8
Hacker jailed for revenge sewage attacks By Tony
Smith Posted 31 Oct 2001 An Australian man
was today sent to prison for two years after he
was found guilty of hacking into the Maroochy
Shire, Queensland computerised waste management
system and caused millions of litres of raw
sewage to spill out into local parks, rivers and
even the grounds of a Hyatt Regency hotel.
"Marine life died, the creek water turned black
and the stench was unbearable for residents,"
said Janelle Bryant of the Australian
Environmental Protection Agency. The
Maroochydore District Court heard that
49-year-old Vitek Boden had conducted a series of
electronic attacks on the Maroochy Shire sewage
control system after a job application he had
made was rejected by the area's Council. At the
time he was employed by the company that had
installed the system. .
9
Over 10 000 new viruses discovered this year (to
Oct) - Sophos
1400 1200 1000 800 600 400 200 0
NEW VIRUSES DISCOVERED
JAN FEB MAR APR MAY JUN JUL
AUG SEP OCT
2001
10
(No Transcript)
11
US Honeynet Project
To quantify the threat from hacking by setting up
bait in the form of heavy monitored Internet sites

• Seven computers running default Linux
  installations were attacked and compromised
  within three days
• A default Win 98 system was compromised five
  times in four days
• One system was compromised 15 minutes after
  connection (default Redhat 6.2)

project.honeynet.org
12
Computer Emergency Response Team (CERT) Notices
www.cert.org
VULNERABILITIES
INCIDENTS
2001 (to Aug) 35,784 incidents, 1,820
vulnerabilities !
13
What is Government doing about it?
    Protecting New Zealands Infrastructure
From Cyber-Threats   8 December 2000    
www.gcsb.govt.nz/ccip/index.htm
14
Recommendations

• Harmonise legislation DDoS included in Crimes
  Act Amendment Bill No 6
• Police to investigate and prosecute Police
  working on Cybercrime issues
• Government to establish infrastructure
  cooperation programme little progress to date
• Transpower to lead power industry - under way
• Departments to use common IT security standards
  GCSB has lead
• Investigation of an infrastructure protection
  centre complete

15
Centre for Critical Infrastructure Protection
To improve the protection of Critical
Infrastructure and government departments against
information-borne threats.

• Focus on threats to and through the Internet
• Primary customers are infrastructure owners and
  critical service operators
• Located within GCSB IT Security Division
• Eight staff
• Wholly crown funded
• Operational by April 02

16
Overseas Partnerships
17
CCIP Functions

• Protect
• Assist expert and interest groups
• Facilitate IS protection training
• Detect
• 24/7 Watch and Warn alert gathering, filtering
  and distribution
• Feed from CERT and intelligence networks
• Map the critical services, components and
  dependencies
• React
• Analyse threats, investigate incidents
• Provide technical support
• Provide advice statistics

18
It is a paradox of our times, the very
technology that makes our economy so dynamic and
our military force dominating also makes us more
vulnerable Condolezza Rice, Apr 01
QUESTIONS?
Contact Details

• jay.garden_at_gcsb.govt.nz
• ccip_at_gcsb.govt.nz
• Ph 64 4 472-6881
• Fax 64 4 499-3701
• www.gcsb.govt.nz - CCIP Website coming soon