national framework for protecting critical infrastructure
1 1 Copyright © 2012, Elsevier Inc.
All Rights Reserved
Chapter 1
Introduction
Cyber Attacks Protecting National Infrastructure, 1st ed.
2
• Na#onal infrastructure – Refers to the complex, underlying delivery and support systems for all large-‐scale services considered absolutely essen#al to a na#on
• Conven#onal approach to cyber security not enough • New approach needed
– Combining best elements of exis#ng security techniques with challenges that face complex, large-‐scale na#onal services
Copyright © 2012, Elsevier Inc. All rights Reserved
C hapter 1 – Introduction
Introduc#on
3 Copyright © 2012, Elsevier Inc.
All rights Reserved
C hapter 1 – Introduction
Fig. 1.1 – Na#onal infrastructure cyber and physical aDacks
4 Copyright © 2012, Elsevier Inc.
All rights Reserved
C hapter 1 – Introduction
Fig. 1.2 – Differences between small-‐ and large-‐scale cyber security
5 Copyright © 2012, Elsevier Inc.
All rights Reserved
C hapter 1 – Introduction • Three types of malicious adversaries
– External adversary – Internal adversary – Supplier adversary
Na#onal Cyber Threats, Vulnerabili#es, and ADacks
6 Copyright © 2012, Elsevier Inc.
All rights Reserved
C hapter 1 – Introduction
Fig. 1.3 – Adversaries and exploita#on points in na#onal
infrastructure
7 Copyright © 2012, Elsevier Inc.
All rights Reserved
C hapter 1 – Introduction • Three exploita#on points
– Remote access – System administra#on and normal usage – Supply chain
Na#onal Cyber Threats, Vulnerabili#es, and ADacks
8 Copyright © 2012, Elsevier Inc.
All rights Reserved
C hapter 1 – Introduction • Infrastructure threatened by most common security
concerns: – Confiden#ality – Integrity – Availability – TheQ
Na#onal Cyber Threats, Vulnerabili#es, and ADacks
9 Copyright © 2012, Elsevier Inc.
All rights Reserved
C hapter 1 – Introduction
Botnet Threat
• What is a botnet a(ack? – The remote collec#on of compromised end-‐user machines (usually broadband-‐connected PCs) is used to aDack a target.
– Sources of aDack are scaDered and difficult to iden#fy – Five en##es that comprise botnet aDack: botnet operator, botnet controller, collec0on of bots, botnot so3ware drop, botnet target
10 Copyright © 2012, Elsevier Inc.
All rights Reserved
C hapter 1 – Introduction
• Five en##es that comprise botnet aDack: – Botnet operator – Botnet controller – Collec#on of bots – Botnot soQware drop – Botnet target
• Distributed denial of service (DDOS) aDack: bots create “cyber traffic jam”
Botnet Threat
11 Copyright © 2012, Elsevier Inc.
All rights Reserved
C hapter 1 – Introduction Fig. 1.4 – Sample DDOS aDack from a
botnet
12
Na#onal Cyber Security Methodology Components
Copyright © 2012, Elsevier Inc. All rights Reserved
C hapter 1 – Introduction • Ten basic design and opera#on principles:
– Decep#on – Discre#on – Separa#on – Collec#on – Diversity – Correla#on – Commonality – Awareness – Depth – Response
13
• Deliberately introducing misleading func#onality or misinforma#on for the purpose of tricking an adversary – Computer scien#sts call this func#onality a honey pot
• Decep#on enables forensic analysis of intruder ac#vity
• The acknowledged use of decep#on may be a deterrent to intruders (every vulnerability may actually be a trap)
Copyright © 2012, Elsevier Inc. All rights Reserved
C hapter 1 – Introduction
Decep#on
14 Copyright © 2012, Elsevier Inc.
All rights Reserved
C hapter 1 – Introduction Fig. 1.5 – Components of an interface
with decep#on
15
• Separa#on involves enforced access policy restric#ons on users and resources in a compu#ng environment
• Most companies use enterprise firewalls, which are complemented by the following: – Authen#ca#on and iden#ty management – Logical access controls – LAN controls – Firewalls
Copyright © 2012, Elsevier Inc. All rights Reserved
C hapter 1 – Introduction
Separa#on
16
Fig. 1.6 – Firewall enhancements for na#onal infrastructure
Copyright © 2012, Elsevier Inc. All rights Reserved
C hapter 1 – Introduction
17
• Diversity is the principle of using technology and systems that are inten#onally different in substan#ve ways.
• Diversity hard to implement – A single soQware vendor tends to dominate the PC opera#ng system business landscape
– Diversity conflicts with organiza#onal goals of simplifying supplier and vendor rela#onships
Copyright © 2012, Elsevier Inc. All rights Reserved
C hapter 1 – Introduction
Diversity
18 Copyright © 2012, Elsevier Inc.
All rights Reserved
C hapter 1 – Introduction
Fig. 1.7 – Introducing diversity to na#onal infrastructure
19
• Consistency involves uniform aDen#on to security best prac#ces across na#onal infrastructure components
• Greatest challenge involves audi#ng • A na#onal standard is needed
Copyright © 2012, Elsevier Inc. All rights Reserved
C hapter 1 – Introduction
Commonality
20
• Depth involves using mul#ple security layers to protect na#onal infrastructure assets
• Defense layers are maximized by using a combina#on of func#onal and procedural controls
Copyright © 2012, Elsevier Inc. All rights Reserved
C hapter 1 – Introduction
Depth
21 Copyright © 2012, Elsevier Inc.
All rights Reserved
C hapter 1 – Introduction
Fig. 1.8 – Na#onal infrastructure security through defense in depth
22
• Discre#on involves individuals and groups making good decisions to obscure sensi#ve informa#on about na#onal infrastructure
• This is not the same as “security through obscurity”
Copyright © 2012, Elsevier Inc. All rights Reserved
C hapter 1 – Introduction
Discre#on
23
• Collec#on involves automated gathering of system-‐ related informa#on about na#onal infrastructure to enable security analysis
• Data is processed by a security informa0on management system.
• Opera#onal challenges – What type of informa#on should be collected? – How much informa#on should be collected?
Copyright © 2012, Elsevier Inc. All rights Reserved
C hapter 1 – Introduction
Collec#on
24 Copyright © 2012, Elsevier Inc.
All rights Reserved
C hapter 1 – Introduction
Fig. 1.9 – Collec#ng na#onal infrastructure-‐related security
informa#on
25
• Correla#on involves a specific type of analysis that can be performed on factors related to na#onal infrastructure protec#on – This type of comparison-‐oriented analysis is indispensable
• Past ini#a#ves included real-‐#me correla#on of data at fusion center – Difficult to implement
Copyright © 2012, Elsevier Inc. All rights Reserved
C hapter 1 – Introduction
Correla#on
26
Fig. 1.10 – Na#onal infrastructure high-‐ level correla#on approach
Copyright © 2012, Elsevier Inc. All rights Reserved
C hapter 1 – Introduction
27
• Awareness involves an organiza#on understanding the differences between observed and normal status in na#onal infrastructure
• Most agree on the need for awareness, but how can awareness be achieved?
Copyright © 2012, Elsevier Inc. All rights Reserved
C hapter 1 – Introduction
Awareness
28 Copyright © 2012, Elsevier Inc.
All rights Reserved
C hapter 1 – Introduction
Fig. 1.11 – Real-‐#me situa#on awareness process flow
29
• Response involves the assurance that processes are in place to react to any security-‐related indicator – Indicators should flow from the awareness layer
• Current prac#ce in smaller corporate environments of reducing “false posi#ves” by wai#ng to confirm disaster is not acceptable for na#onal infrastructure
Copyright © 2012, Elsevier Inc. All rights Reserved
C hapter 1 – Introduction
Response
30 Copyright © 2012, Elsevier Inc.
All rights Reserved
C hapter 1 – Introduction
Fig. 1.12 – Na#onal infrastructure security response approach
31
• Commissions and groups • Informa#on sharing • Interna#onal coopera#on • Technical and opera#onal costs
Copyright © 2012, Elsevier Inc. All rights Reserved
C hapter 1 – Introduction
Implemen#ng the Principles Na#onally