Cybersecurity - PowerPoint PPT Presentation

1 / 19
About This Presentation
Title:

Cybersecurity

Description:

Cybersecurity & Critical Infrastructure: A View from the Port of Seattle. Ernie Hayden CISSP CEH ... 'The views and opinions that I express here today are my own ... – PowerPoint PPT presentation

Number of Views:176
Avg rating:3.0/5.0
Slides: 20
Provided by: ern47
Category:

less

Transcript and Presenter's Notes

Title: Cybersecurity


1
Cybersecurity Critical InfrastructureA View
from the Port of Seattle
  • Ernie Hayden CISSP CEH
  • Chief Information Security Officer
  • Port of Seattle

2
AGENDA
  • Overview of the Port of Seattle
  • Brief History of Cyber Exercises in the U.S.
    Pacific Northwest
  • Opinions on the Cyberterrorist Threat

3
Obligatory Disclaimer
  • The views and opinions that I express here today
    are my own and may not be, in whole or in part,
    those of my employer, the Port of Seattle.

4
(No Transcript)
5
Infrastructure Interdependencies
  • Utilities
  • Power Seattle City Light and Puget Sound Energy
  • Steam Heat Seattle Steam (Pier 66)
  • Gas Puget Sound Energy
  • Telephone/Internet Qwest, ATT (Cell), NexTel
    (Cell), Verizon (Cell)
  • Water Seattle Public Utilities Local Water
    Districts
  • Airport Fuel Transport Olympic Pipeline
  • Information Systems (servers, networks, 2000
    desktops)
  • Major Fibre and Network Structure
  • Railroads (BNSF, Union Pacific)
  • Highways (I-5, I-90)
  • Viaduct
  • Banking / Finance

6
TABLETOP EXERCISES UNDERSCORE CRITICALITY OF
CYBER-ISSUES
  • Vulnerability Exercise
  • City of Seattles ALKI
  • International Exercises US / Canada
  • TopOff2
  • Livewire
  • BlueCascades II

T2CyberEx
BCII
7
"ALKI" Exercise
CYBER-TERRORISM?
8
  • 4 TEAMS
  • Long Dwell
  • Short Dwell
  • Trust Team
  • Kill Team

9
TopOff2 CyberEx
May 6-7, 2003 Washington State Emergency
Operations Center Camp Murray, Washington
Designed and Controlled by Institute for
Security Technology Studies (ISTS), Dartmouth
College
10
  • Designed to Test
  • Incident Response Capabilities to a
  • Series of Force-Multiplier Cyber-Attacks
  • Included 3 scenarios or vignettes
  • normal day at the office
  • an escalating series of events - computer and
    network problems which might be preliminary
    symptoms of a directed cyber-attack and
  • a major cyber-attack on participants computer
    networks, coupled with a weapons of mass destruct
    (WMD) attack a radioactive detonation device
    (RDD) terrorist bomb exploding in Seattle.

11
Blue Cascades II
12
Blue Cascades II
  • Focus on a CyberTerrorism Event followed by a
    Physical Event
  • Blue Cascades II was Follow-onto Blue Cascades I
    held in 2002
  • Dan Vertons Book Black Icecovers much of Blue
    Cascades Iresults
  • Blue Cascades I Centered on PhysicalAttacks
    Disruptions
  • Infrastructure Interdependencies Tabletop
    Exercise

13
General Exercise Conclusions
  • Scenarios Demonstrated
  • Cyber attacks Can be Initiated by a Determined
    Enemy
  • Cyber attacks Can / May Seriously Impact
    Some/Many Infrastructures
  • But
  • Cyber attacks May Not Be As Consequential as
    Explosions, Death and Destruction
  • Cyber attacks Can Be Defended Against with
    Layered Cyber Defenses, Trusted Networks, etc.

14
Current Analysis Opinions
  • The Terrorists Need the Internet and Cyberspace
  • Command and Control
  • Coordination and Communications
  • Recruiting
  • Training
  • Fundraising via Cybercrime, ID Theft, and Even
    Legitimate Donations
  • Evangelizing
  • Conclude No Advantage to Strategically
    Impacting Cyberspace but Maybe
    Tactical/Localized Focus Benefit

15
Example www(.)arabteam2000-forum(.) com
  • Technical Mujahid, A Training Manual for Jihadis
  • Steganography Hiding Secrets Inside Images
  • Designing Jihadi Websites from A-Z
  • Secrets of Mujahideen First Islamic Encryption
    Software
  • Video Technology
  • Next Issue
  • Jihadi Forums and Secure Surfing on the Internet
  • How to Bug Cellular Phones

Ref Terrorism Monitor, Jamestown Foundation 29
Mar 2007
16
Opinions on Terrorists and Cyber
  • Cyberterrorism Has Appeal
  • Anonymous
  • Global Target
  • Psychological Impact
  • Media Appeal
  • Cyberterrorism Has Drawbacks
  • Defenses by Infrastructure Owners and Managers
  • May Not Result in Optimal Psychological Effect
  • Anonymity Can Be Troublesome
  • The Internet and Cyber are Key Tools for the
    Terrorists

17
What Do We Do?
  • Plan for Cyberterrorism Maintain Your Defenses
  • Plan for Violent Terrorism with Cyber Softening
    Attacks
  • Study the Enemy Learn Their Tactics for
    Physical and Cyber Attack Vectors
  • Think Outside the Box -- How Can a Terrorist Take
    Advantage of My Network and the Internet?

18
Thank You! Merci!
Ernie Hayden CISSP CEH CISO Port of
Seattle Hayden.e_at_portseattle.org 206-728-3460
19
References
  • Terrorism Monitor, The Jamestown Foundation,
    March 29, 2007
  • Cyberterrorism, Gabriel Weimann, United States
    Institute of Peace, December 2004
  • Examining the Cyber Capabilities of Islamic
    Terrorist Groups, Institute for Security
    Technology Studies, Dartmouth University,
    November 2003
  • Wikipedia Becomes Intelligence Tool and Target
    for Jihadists, Thomas Claburn, Information Week,
    March 22, 2007
  • Mr. Kirk Bailey, CISO University of Washington
    and Past CISO for the City of Seattle (Brainchild
    of Alki Exercise)
Write a Comment
User Comments (0)
About PowerShow.com