Title: Cybersecurity
1Cybersecurity Critical InfrastructureA View
from the Port of Seattle
- Ernie Hayden CISSP CEH
- Chief Information Security Officer
- Port of Seattle
2AGENDA
- Overview of the Port of Seattle
- Brief History of Cyber Exercises in the U.S.
Pacific Northwest - Opinions on the Cyberterrorist Threat
3Obligatory Disclaimer
- The views and opinions that I express here today
are my own and may not be, in whole or in part,
those of my employer, the Port of Seattle.
4(No Transcript)
5Infrastructure Interdependencies
- Utilities
- Power Seattle City Light and Puget Sound Energy
- Steam Heat Seattle Steam (Pier 66)
- Gas Puget Sound Energy
- Telephone/Internet Qwest, ATT (Cell), NexTel
(Cell), Verizon (Cell) - Water Seattle Public Utilities Local Water
Districts - Airport Fuel Transport Olympic Pipeline
- Information Systems (servers, networks, 2000
desktops) - Major Fibre and Network Structure
- Railroads (BNSF, Union Pacific)
- Highways (I-5, I-90)
- Viaduct
- Banking / Finance
6TABLETOP EXERCISES UNDERSCORE CRITICALITY OF
CYBER-ISSUES
- Vulnerability Exercise
- City of Seattles ALKI
- International Exercises US / Canada
- TopOff2
- Livewire
- BlueCascades II
-
T2CyberEx
BCII
7"ALKI" Exercise
CYBER-TERRORISM?
8- 4 TEAMS
- Long Dwell
- Short Dwell
- Trust Team
- Kill Team
9TopOff2 CyberEx
May 6-7, 2003 Washington State Emergency
Operations Center Camp Murray, Washington
Designed and Controlled by Institute for
Security Technology Studies (ISTS), Dartmouth
College
10- Designed to Test
- Incident Response Capabilities to a
- Series of Force-Multiplier Cyber-Attacks
- Included 3 scenarios or vignettes
-
- normal day at the office
- an escalating series of events - computer and
network problems which might be preliminary
symptoms of a directed cyber-attack and - a major cyber-attack on participants computer
networks, coupled with a weapons of mass destruct
(WMD) attack a radioactive detonation device
(RDD) terrorist bomb exploding in Seattle.
11Blue Cascades II
12Blue Cascades II
- Focus on a CyberTerrorism Event followed by a
Physical Event - Blue Cascades II was Follow-onto Blue Cascades I
held in 2002 - Dan Vertons Book Black Icecovers much of Blue
Cascades Iresults - Blue Cascades I Centered on PhysicalAttacks
Disruptions - Infrastructure Interdependencies Tabletop
Exercise
13General Exercise Conclusions
- Scenarios Demonstrated
- Cyber attacks Can be Initiated by a Determined
Enemy - Cyber attacks Can / May Seriously Impact
Some/Many Infrastructures - But
- Cyber attacks May Not Be As Consequential as
Explosions, Death and Destruction - Cyber attacks Can Be Defended Against with
Layered Cyber Defenses, Trusted Networks, etc.
14Current Analysis Opinions
- The Terrorists Need the Internet and Cyberspace
- Command and Control
- Coordination and Communications
- Recruiting
- Training
- Fundraising via Cybercrime, ID Theft, and Even
Legitimate Donations - Evangelizing
- Conclude No Advantage to Strategically
Impacting Cyberspace but Maybe
Tactical/Localized Focus Benefit
15Example www(.)arabteam2000-forum(.) com
- Technical Mujahid, A Training Manual for Jihadis
- Steganography Hiding Secrets Inside Images
- Designing Jihadi Websites from A-Z
- Secrets of Mujahideen First Islamic Encryption
Software - Video Technology
- Next Issue
- Jihadi Forums and Secure Surfing on the Internet
- How to Bug Cellular Phones
Ref Terrorism Monitor, Jamestown Foundation 29
Mar 2007
16Opinions on Terrorists and Cyber
- Cyberterrorism Has Appeal
- Anonymous
- Global Target
- Psychological Impact
- Media Appeal
- Cyberterrorism Has Drawbacks
- Defenses by Infrastructure Owners and Managers
- May Not Result in Optimal Psychological Effect
- Anonymity Can Be Troublesome
- The Internet and Cyber are Key Tools for the
Terrorists
17What Do We Do?
- Plan for Cyberterrorism Maintain Your Defenses
- Plan for Violent Terrorism with Cyber Softening
Attacks - Study the Enemy Learn Their Tactics for
Physical and Cyber Attack Vectors - Think Outside the Box -- How Can a Terrorist Take
Advantage of My Network and the Internet?
18Thank You! Merci!
Ernie Hayden CISSP CEH CISO Port of
Seattle Hayden.e_at_portseattle.org 206-728-3460
19References
- Terrorism Monitor, The Jamestown Foundation,
March 29, 2007 - Cyberterrorism, Gabriel Weimann, United States
Institute of Peace, December 2004 - Examining the Cyber Capabilities of Islamic
Terrorist Groups, Institute for Security
Technology Studies, Dartmouth University,
November 2003 - Wikipedia Becomes Intelligence Tool and Target
for Jihadists, Thomas Claburn, Information Week,
March 22, 2007 - Mr. Kirk Bailey, CISO University of Washington
and Past CISO for the City of Seattle (Brainchild
of Alki Exercise)