Securing Cyberspace - PowerPoint PPT Presentation

1 / 37
About This Presentation
Title:

Securing Cyberspace

Description:

... ever national-level cyber exercise to baseline government's capabilities for ... the many millions of computers in home, commercial, academic, and government use. ... – PowerPoint PPT presentation

Number of Views:193
Avg rating:3.0/5.0
Slides: 38
Provided by: edwa74
Category:

less

Transcript and Presenter's Notes

Title: Securing Cyberspace


1
(No Transcript)
2
Securing Cyberspace
  • Engage and empower Americans to secure the
    portions of cyberspace that they own, operate,
    control, or with which they interact.

3
Threat Spectrum
4
T H E N AT I O N A L S T R AT E G Y T O S
E C U R E C Y B E R S PACE
Priority I National Cyberspace Security
Response System Priority II National
Cyberspace Security Threat and Vulnerability
Reduction Program Priority III
National Cyberspace Security Awareness and
Training Program Priority IV
Securing Governments Cyberspace Priority V
National Security and International Cyberspace
Security Cooperation
5
Building Cyber Security Operations
  • National Cyber Security Division (2003) provides
    the federal government with a centralized cyber
    security coordination and preparedness function
  • Computer Emergency Readiness Team, a 24x7
    operation that analyzes and disseminates threat
    information

6
National Cyber Security Response
  • Established 24x7 Cyber Security Readiness and
    Response System responsible for tracking incident
    and trend data, ranking associated severity,
    generating real-time alerts
  • Established the National Cyber Response
    Coordination Group (NCRCG), a forum of 13
    principal agencies that coordinate
    intra-governmental and public/private
    preparedness operations
  • Co-sponsored Blue Cascades II and Purple Crescent
    II, two regional tabletop cyber exercises in
    Seattle, WA and New Orleans

7
Cyber Security Education and Training
  • Joined with the National Security Agency to
    co-sponsor the Centers of Academic Excellence in
    Information Assurance Education (CAEIAE)  
  • Co-sponsor of the National Science Foundation
    Scholarship for Service Program, known as Cyber
    Corps

8
Federal Governments Cyber Security Preparedness
  • Created the Government Forum of Incident Response
    and Security Teams (GFIRST), a community made up
    of 40 government response teams
  • Launched the Einstein pilot program for cyber
    situational awareness to better monitor network
    security activity and increase global situational
    awareness at the Federal level  
  • Played major role in Livewire in October 2003,
    the first-ever national-level cyber exercise to
    baseline governments capabilities for responding
    to national cyber attack  

9
Need for Sharing Informationand National
Analytic Capability
  • we need analytic tools to examine information
    about intrusions, crime, and vulnerabilities and
    determine what is actually going on in the
    nations infrastructures.

10
Information Sharing and Analytic Capability
11
Sharing Information with Private Sector, State
and Local Partners
  • Launched a national cyber security awareness
    effort in partnership with the Multi-State
    Information Sharing and Analysis Center, an
    information sharing organization among
    representatives of state and local governments
  • Established the National Cyber Alert System to
    deliver targeted, timely, and actionable
    information to businesses and private citizens
    alike to better secure their computer systems.  
  • Facilitated and supported the Cybercop Portal, a
    group of more than 5,000 law enforcement members
    involved in electronic crimes investigations.  

12
Standardizing Cyber Systems
  • Implemented a process to maintain and support a
    Common Vulnerability Exposure, Common Malware
    Enumerator, and Open Vulnerability Assessment
    Language to make security products more
    interoperable
  • Established, the Control Systems Security and
    Test Center (CSSTC) with Idaho National
    Environmental and Engineering Laboratory, for
    cyber vulnerability enumeration and reduction
    activities for control systems

13
Science and Technology Research Collaboration
  • Science and Technology (ST) Directorate has
    initiated an Internet Infrastructure Security
    Program engaged in research and development
    activities
  • Science and Technology Cyber Security Testbed
    Program has established two multi-university
    testbed projects, with co-funding from the NSF  
  • Science and Technology supported joint study by
    the US Secret Service and CMUs Software Eng.
    Institute analyzing insider threats and insider
    activities

14
Protecting The Nations Critical Infrastructure
  • Strategic Objectives
  • - Prevent cyber attacks against Americas
    critical infrastructures
  • - Reduce national vulnerability to cyber
    attacks
  • - Minimize damage and recovery time from cyber
    attacks that do occur

15
Protecting The Nations Critical Infrastructure
  • Threat and Vulnerability
  • - Our economy and national security are fully
    dependent on information technology and
    infrastructure
  • - Computer networks also control physical
    objects such as electrical transformers,
    trains, pipeline pumps, chemical vats, radars,
    and stock markets, all of which exist beyond
    cyberspace.

16
The Nations Infrastructure
  • The Nations Infrastructure is a network of
    independent, mostly privately-owned, systems and
    processes that function collaboratively and
    synergistically to produce and distribute a
    continuous flow of essential goods and services.

17
Reliable and Secure Infrastructures(foundation
for creating nations wealth and quality of life)
  • The transportation infrastructure moves goods and
    people within and beyond our borders
  • The oil and gas production and storage
    infrastructure fuels transportation services,
    manufacturing operations, and home utilities.
  • The water supply infrastructure assures a steady
    flow of water for agriculture, industry
    (including various manufacturing processes, power
    generation, and cooling), business, firefighting,
    and our homes.
  • The emergency services infrastructure in
    communities across the country responds to our
    urgent police, fire, and medical needs, saving
    lives and preserving property.

18
Infrastructure
  • The government services infrastructure consists
    of federal, state, and local agencies that
    provide essential services to the public,
    promoting the general welfare.
  • The banking and finance infrastructure manages
    trillions of dollars, from deposit of our
    individual paychecks to the transfer of huge
    amounts in support of major global enterprises.
  • The electrical power infrastructure consists of
    generation, transmission, and distribution
    systems that are essential to all other
    infrastructures and every aspect of our economy.
  • The information and communications
    infrastructure, consists of the Public
    Telecommunications Network (PTN), the Internet,
    and the many millions of computers in home,
    commercial, academic, and government use.

19
The Protection Challenge
20
(No Transcript)
21
(No Transcript)
22
Vulnerabilities
  • Information and Communications
  • vulnerability for this sector is the
    increasing interdependency of the PTN and the
    Internet.
  • depends on electrical power, telephone lines and
    fiber optic cables
  • PTN is increasingly software driven, and remotely
    managed and maintained through computer networks.

23
Vulnerabilities
  • Energy
  • Prolonged disruption in the flow of energy
  • Widespread use of Supervisory Control and Data
    Acquisition (SCADA) systems for control of energy
    systems provides increasing ability to cause
    serious damage and disruption by cyber means.
  • The exponential growth of information system
    networks that interconnect the business,
    administrative, and operational systems
    contributes to system vulnerability.

24
(No Transcript)
25
Some Contributing Factors to Increased Threats to
the Power Grid
  • The shift from proprietary mainframe-based
    computer control systems to distributed systems
    using open protocols and standards, and the
    expanded use of public protocols to interconnect
    previously isolated networks, i.e., PCs and UNIX
    machines running TCP/IP.
  • Pressures within the industry to downsize,
    streamline, automate, and cut costs to maintain
    profit margins.
  • FERC (Federal Energy Regulatory Committee)
    filings 888 and 889, which require that utilities
    provide open access to transmission system
    information. Much of this information is
    available for anyone to view via the Internet.
  • Increased access and interconnectivity to remote
    sites through the use of dial-in modems and the
    Internet.
  • Increase in connectivity between utility
    administration networks and power-grid control
    networks.
  • Movement towards standardization of software,
    such as Microsoft and Sun operating systems and
    application software.

26
Specific Areas of Vulnerability to Electric
Utilities and Power Grid
  • 1. Control Center - monitors generating plants,
    transmission and sub-transmission systems,
    distribution systems, and customer loads
  • links to Corporate MIS systems, to other
    utilities or power pools, and to supporting
    vendors
  • remote maintenance and administration ports,
    which may enable workers to dial-in to
    troubleshoot problems, do other administrative
    tasks, or even operate EMS applications

27
Specific Areas of Vulnerability to Electric
Utilities and Power Grid
  • 2. Substation - serves as a clearinghouse for
    power as it is stepped down from the high
    voltages used to transmit the power across the
    service area and then directed to distribution
    systems.
  • operations are being automated with remote
    terminal units (RTUs), and a variety of
    intelligent electronic devices.
  • RTUs collect data for the Control Center and
    operate as a clearinghouse for control signals to
    transmission and distribution equipment.
  • Some of these RTUs have maintenance ports that
    can be accessed even without required dial-back
    connectivity. Hacker access to an RTU could
    result in commands given to substation equipment
    or reports of spurious data to the Control
    Center.

28
Specific Areas of Vulnerability to Electric
Utilities and Power Grid
  • 3. Communications infrastructure - composed of
    private microwave radio and private fiber
    networks, and public networks for communication
    between control system elements.
  • Because of vulnerabilities associated with public
    network, utilities in general take greater
    risk-mitigation measures here, including
    requiring diverse routing in their leased-line
    contracts, providing for redundant transmission
    media, etc.

29
Potential Attack Scenarios
  • Using insider information, a disgruntled employee
    or ex-employee, with a grudge against a
    generation facility, accesses protective
    equipment (either physically or electronically)
    and changes settings.
  • Using a war-dialer (a program to control a modem
    for automated attacks), a disgruntled customer
    scans hundreds of phone numbers above and below
    the utilitys publicly available phone numbers,
    looking for answering modems. Once a login dialog
    is acquired, the intruder launches a
    dictionary-based or brute-force password attack.
  • A disgruntled customer, ex-employee, foreign
    agent, or terrorist uses a port scan or
    ping-sweep program to identify active system
    ports and/or network IP addresses belonging to a
    public utility.
  • 4. An employee with access to computer
    information services is duped into installing or
    running a seemingly innocuous application by a
    friend, ex-employee, supervisor, vendor, or
    virtually anyone with legitimate connections to
    the employees company. The installed computer
    application contains a Trojan horse program that
    opens a backdoor into the computer network.

30
(No Transcript)
31
(No Transcript)
32
Vulnerabilities
  • Banking and Finance
  • The principal vulnerabilities of the banking and
    finance sector are physical in nature.
  • Backup facilities, greatly reduce the overall
    vulnerabilities of this sector, but there remains
    risk from any event that disrupts
    telecommunications service and electric power

33
Vulnerabilities
  • Physical Distribution (Transportation)
  • Vulnerabilities of the information and
    communications infrastructure
  • The most significant projected vulnerabilities
    are those associated with the plan to adopt the
    Global Positioning System (GPS) as the sole basis
    for radionavigation in the US by 2010.

34
Attacks Per Company by Industry(January 1, 2002
- June 30, 2002)
35
Incidence of Severe Attacks by Industry(January
1, 2002 - June 30, 2002)
36
Responsibility of Private Sector
  • Provide and manage facilities delivering services
    to customers efficiently and effectively.
  • 2) Meet customer expectations for quality and
    reliability of service.
  • 3) Maintain an effective risk management
    process adequate to
  • identify vulnerabilities and potential
    threats that might affect continuity of service
  • prevent and mitigate as many credible
    threats as economically feasible and
  • maintain emergency response capability to
    quickly restore service and eventually
    reconstitute the infrastructure in the event of
    service interruptions.
  • 4) Give special consideration to the
    vulnerabilities currently in many information
    systems.
  • 5) Cooperate within their industry to identify
    best practices for improving service reliability
    and security
  • 6) Report possible criminal activities to law
    enforcement agencies and cooperate with
    investigations.
  • 7) Establish a relationship with intelligence
    and law enforcement to assure that information
    about warnings and threats is communicated in a
    timely way and that the industry experience with
    incidents is available as an input to threat
    analysis.

37
(No Transcript)
Write a Comment
User Comments (0)
About PowerShow.com