Title: Securing Cyberspace
1(No Transcript)
2Securing Cyberspace
- Engage and empower Americans to secure the
portions of cyberspace that they own, operate,
control, or with which they interact.
3Threat Spectrum
4T H E N AT I O N A L S T R AT E G Y T O S
E C U R E C Y B E R S PACE
Priority I National Cyberspace Security
Response System Priority II National
Cyberspace Security Threat and Vulnerability
Reduction Program Priority III
National Cyberspace Security Awareness and
Training Program Priority IV
Securing Governments Cyberspace Priority V
National Security and International Cyberspace
Security Cooperation
5Building Cyber Security Operations
- National Cyber Security Division (2003) provides
the federal government with a centralized cyber
security coordination and preparedness function - Computer Emergency Readiness Team, a 24x7
operation that analyzes and disseminates threat
information
6National Cyber Security Response
- Established 24x7 Cyber Security Readiness and
Response System responsible for tracking incident
and trend data, ranking associated severity,
generating real-time alerts - Established the National Cyber Response
Coordination Group (NCRCG), a forum of 13
principal agencies that coordinate
intra-governmental and public/private
preparedness operations - Co-sponsored Blue Cascades II and Purple Crescent
II, two regional tabletop cyber exercises in
Seattle, WA and New Orleans
7Cyber Security Education and Training
- Joined with the National Security Agency to
co-sponsor the Centers of Academic Excellence in
Information Assurance Education (CAEIAE) - Co-sponsor of the National Science Foundation
Scholarship for Service Program, known as Cyber
Corps
8Federal Governments Cyber Security Preparedness
- Created the Government Forum of Incident Response
and Security Teams (GFIRST), a community made up
of 40 government response teams - Launched the Einstein pilot program for cyber
situational awareness to better monitor network
security activity and increase global situational
awareness at the Federal level - Played major role in Livewire in October 2003,
the first-ever national-level cyber exercise to
baseline governments capabilities for responding
to national cyber attack
9Need for Sharing Informationand National
Analytic Capability
- we need analytic tools to examine information
about intrusions, crime, and vulnerabilities and
determine what is actually going on in the
nations infrastructures.
10Information Sharing and Analytic Capability
11Sharing Information with Private Sector, State
and Local Partners
- Launched a national cyber security awareness
effort in partnership with the Multi-State
Information Sharing and Analysis Center, an
information sharing organization among
representatives of state and local governments - Established the National Cyber Alert System to
deliver targeted, timely, and actionable
information to businesses and private citizens
alike to better secure their computer systems. - Facilitated and supported the Cybercop Portal, a
group of more than 5,000 law enforcement members
involved in electronic crimes investigations.
12Standardizing Cyber Systems
- Implemented a process to maintain and support a
Common Vulnerability Exposure, Common Malware
Enumerator, and Open Vulnerability Assessment
Language to make security products more
interoperable - Established, the Control Systems Security and
Test Center (CSSTC) with Idaho National
Environmental and Engineering Laboratory, for
cyber vulnerability enumeration and reduction
activities for control systems
13Science and Technology Research Collaboration
- Science and Technology (ST) Directorate has
initiated an Internet Infrastructure Security
Program engaged in research and development
activities - Science and Technology Cyber Security Testbed
Program has established two multi-university
testbed projects, with co-funding from the NSF - Science and Technology supported joint study by
the US Secret Service and CMUs Software Eng.
Institute analyzing insider threats and insider
activities
14Protecting The Nations Critical Infrastructure
- Strategic Objectives
- - Prevent cyber attacks against Americas
critical infrastructures - - Reduce national vulnerability to cyber
attacks - - Minimize damage and recovery time from cyber
attacks that do occur
15Protecting The Nations Critical Infrastructure
- Threat and Vulnerability
- - Our economy and national security are fully
dependent on information technology and
infrastructure - - Computer networks also control physical
objects such as electrical transformers,
trains, pipeline pumps, chemical vats, radars,
and stock markets, all of which exist beyond
cyberspace.
16The Nations Infrastructure
- The Nations Infrastructure is a network of
independent, mostly privately-owned, systems and
processes that function collaboratively and
synergistically to produce and distribute a
continuous flow of essential goods and services.
17Reliable and Secure Infrastructures(foundation
for creating nations wealth and quality of life)
- The transportation infrastructure moves goods and
people within and beyond our borders - The oil and gas production and storage
infrastructure fuels transportation services,
manufacturing operations, and home utilities. - The water supply infrastructure assures a steady
flow of water for agriculture, industry
(including various manufacturing processes, power
generation, and cooling), business, firefighting,
and our homes. - The emergency services infrastructure in
communities across the country responds to our
urgent police, fire, and medical needs, saving
lives and preserving property.
18Infrastructure
- The government services infrastructure consists
of federal, state, and local agencies that
provide essential services to the public,
promoting the general welfare. - The banking and finance infrastructure manages
trillions of dollars, from deposit of our
individual paychecks to the transfer of huge
amounts in support of major global enterprises. - The electrical power infrastructure consists of
generation, transmission, and distribution
systems that are essential to all other
infrastructures and every aspect of our economy. - The information and communications
infrastructure, consists of the Public
Telecommunications Network (PTN), the Internet,
and the many millions of computers in home,
commercial, academic, and government use.
19The Protection Challenge
20(No Transcript)
21(No Transcript)
22Vulnerabilities
- Information and Communications
- vulnerability for this sector is the
increasing interdependency of the PTN and the
Internet. - depends on electrical power, telephone lines and
fiber optic cables - PTN is increasingly software driven, and remotely
managed and maintained through computer networks.
23Vulnerabilities
- Energy
- Prolonged disruption in the flow of energy
- Widespread use of Supervisory Control and Data
Acquisition (SCADA) systems for control of energy
systems provides increasing ability to cause
serious damage and disruption by cyber means. - The exponential growth of information system
networks that interconnect the business,
administrative, and operational systems
contributes to system vulnerability.
24(No Transcript)
25Some Contributing Factors to Increased Threats to
the Power Grid
- The shift from proprietary mainframe-based
computer control systems to distributed systems
using open protocols and standards, and the
expanded use of public protocols to interconnect
previously isolated networks, i.e., PCs and UNIX
machines running TCP/IP. - Pressures within the industry to downsize,
streamline, automate, and cut costs to maintain
profit margins. - FERC (Federal Energy Regulatory Committee)
filings 888 and 889, which require that utilities
provide open access to transmission system
information. Much of this information is
available for anyone to view via the Internet. - Increased access and interconnectivity to remote
sites through the use of dial-in modems and the
Internet. - Increase in connectivity between utility
administration networks and power-grid control
networks. - Movement towards standardization of software,
such as Microsoft and Sun operating systems and
application software.
26Specific Areas of Vulnerability to Electric
Utilities and Power Grid
- 1. Control Center - monitors generating plants,
transmission and sub-transmission systems,
distribution systems, and customer loads - links to Corporate MIS systems, to other
utilities or power pools, and to supporting
vendors - remote maintenance and administration ports,
which may enable workers to dial-in to
troubleshoot problems, do other administrative
tasks, or even operate EMS applications
27Specific Areas of Vulnerability to Electric
Utilities and Power Grid
- 2. Substation - serves as a clearinghouse for
power as it is stepped down from the high
voltages used to transmit the power across the
service area and then directed to distribution
systems. - operations are being automated with remote
terminal units (RTUs), and a variety of
intelligent electronic devices. - RTUs collect data for the Control Center and
operate as a clearinghouse for control signals to
transmission and distribution equipment. - Some of these RTUs have maintenance ports that
can be accessed even without required dial-back
connectivity. Hacker access to an RTU could
result in commands given to substation equipment
or reports of spurious data to the Control
Center.
28Specific Areas of Vulnerability to Electric
Utilities and Power Grid
- 3. Communications infrastructure - composed of
private microwave radio and private fiber
networks, and public networks for communication
between control system elements. - Because of vulnerabilities associated with public
network, utilities in general take greater
risk-mitigation measures here, including
requiring diverse routing in their leased-line
contracts, providing for redundant transmission
media, etc.
29Potential Attack Scenarios
- Using insider information, a disgruntled employee
or ex-employee, with a grudge against a
generation facility, accesses protective
equipment (either physically or electronically)
and changes settings. - Using a war-dialer (a program to control a modem
for automated attacks), a disgruntled customer
scans hundreds of phone numbers above and below
the utilitys publicly available phone numbers,
looking for answering modems. Once a login dialog
is acquired, the intruder launches a
dictionary-based or brute-force password attack. - A disgruntled customer, ex-employee, foreign
agent, or terrorist uses a port scan or
ping-sweep program to identify active system
ports and/or network IP addresses belonging to a
public utility. - 4. An employee with access to computer
information services is duped into installing or
running a seemingly innocuous application by a
friend, ex-employee, supervisor, vendor, or
virtually anyone with legitimate connections to
the employees company. The installed computer
application contains a Trojan horse program that
opens a backdoor into the computer network.
30(No Transcript)
31(No Transcript)
32Vulnerabilities
- Banking and Finance
- The principal vulnerabilities of the banking and
finance sector are physical in nature. - Backup facilities, greatly reduce the overall
vulnerabilities of this sector, but there remains
risk from any event that disrupts
telecommunications service and electric power
33Vulnerabilities
- Physical Distribution (Transportation)
- Vulnerabilities of the information and
communications infrastructure - The most significant projected vulnerabilities
are those associated with the plan to adopt the
Global Positioning System (GPS) as the sole basis
for radionavigation in the US by 2010.
34Attacks Per Company by Industry(January 1, 2002
- June 30, 2002)
35Incidence of Severe Attacks by Industry(January
1, 2002 - June 30, 2002)
36Responsibility of Private Sector
- Provide and manage facilities delivering services
to customers efficiently and effectively. - 2) Meet customer expectations for quality and
reliability of service. - 3) Maintain an effective risk management
process adequate to - identify vulnerabilities and potential
threats that might affect continuity of service - prevent and mitigate as many credible
threats as economically feasible and - maintain emergency response capability to
quickly restore service and eventually
reconstitute the infrastructure in the event of
service interruptions. - 4) Give special consideration to the
vulnerabilities currently in many information
systems. - 5) Cooperate within their industry to identify
best practices for improving service reliability
and security - 6) Report possible criminal activities to law
enforcement agencies and cooperate with
investigations. - 7) Establish a relationship with intelligence
and law enforcement to assure that information
about warnings and threats is communicated in a
timely way and that the industry experience with
incidents is available as an input to threat
analysis.
37(No Transcript)