Annotated Bibliography

*

Copyright © 2012, Elsevier Inc. All Rights Reserved

Chapter 4

Diversity

Cyber Attacks

Protecting National Infrastructure, 1st ed.

The University of Adelaide, School of Computer Science

Chapter 2 — Instructions: Language of the Computer

*

Copyright © 2012, Elsevier Inc. All rights Reserved

Chapter 4 – Diversity

Introduction

• The securing any set of national assets should include a diversity strategy
• The deliberate introduction of diversity into national infrastructure to increase security has not been well explored
• Two system are considered diverse if their key attributes differ
• Diversity bucks the trend to standardize assets for efficiency's sake

The University of Adelaide, School of Computer Science

Chapter 2 — Instructions: Language of the Computer

*

Fig. 4.1 – Diverse and nondiverse components through attribute differences

Copyright © 2012, Elsevier Inc. All rights Reserved

Chapter 4 – Diversity

*

Copyright © 2012, Elsevier Inc. All rights Reserved

Chapter 4 – Diversity

Diversity and Worm Propagation

• Worm propagation is an example of an attack that relies on a nondiverse target environment
• Worm functionality in three steps:
• Step #1: Find a target system on the network for propagation of worm program
• Step #2: Copy program to that system
• Step #3: Remotely execute program
• Repeat
• Diversity may be expensive to introduce, but saves money on response costs in the long run

The University of Adelaide, School of Computer Science

Chapter 2 — Instructions: Language of the Computer

*

Copyright © 2012, Elsevier Inc. All rights Reserved

Chapter 4 – Diversity

Fig. 4.2 – Mitigating worm activity through diversity

*

Copyright © 2012, Elsevier Inc. All rights Reserved

Chapter 4 – Diversity

Desktop Computer System Diversity

• Most individual computers run the same operating system software on a standard processor platform and browse the Internet through one or two popular search engines with the one of only a couple browsers
• The typical configuration is a PC running Windows on an Intel platform, browsing the Internet with Internet Explorer, searching with Google
• This makes the average home PC user a highly predictable target

The University of Adelaide, School of Computer Science

Chapter 2 — Instructions: Language of the Computer

*

Copyright © 2012, Elsevier Inc. All rights Reserved

Chapter 4 – Diversity

Fig. 4.3 – Typical PC configuration showing diversity

*

Copyright © 2012, Elsevier Inc. All rights Reserved

Chapter 4 – Diversity

Desktop Computer System Diversity

• Three Considerations
• Platform costs
• Application interoperability
• Support and training

The University of Adelaide, School of Computer Science

Chapter 2 — Instructions: Language of the Computer

*

• Ultimate solution for making desktops more secure involves their removal
• Not a practical solution
• Cloud computing may offer home PC users a diverse, protected environment

Copyright © 2012, Elsevier Inc. All rights Reserved

Chapter 4 – Diversity

Diversity Paradox of Cloud Computing

The University of Adelaide, School of Computer Science

Chapter 2 — Instructions: Language of the Computer

*

Copyright © 2012, Elsevier Inc. All rights Reserved

Chapter 4 – Diversity

Fig. 4.4 – Spectrum of desktop diversity options

*

Copyright © 2012, Elsevier Inc. All rights Reserved

Chapter 4 – Diversity

Fig. 4.5 – Diversity and attack difficulty with option of removal

*

• Modern telecommunications consist of the following two types of technologies
• Circuit-switched
• Packet-switched
• When compared to one another, these two technologies automatically provide diversity
• Diversity may not always be a feasible goal
• Maximizing diversity may defend against large-scale attacks, but one must also look closely at the entire architecture

Copyright © 2012, Elsevier Inc. All rights Reserved

Chapter 4 – Diversity

Network Technology Diversity

The University of Adelaide, School of Computer Science

Chapter 2 — Instructions: Language of the Computer

*

Copyright © 2012, Elsevier Inc. All rights Reserved

Chapter 4 – Diversity

Fig. 4.6 – Worm nonpropagation benefit from diverse telecommunications

*

Copyright © 2012, Elsevier Inc. All rights Reserved

Chapter 4 – Diversity

Fig. 4.7 – Potential for impact propagation over shared fiber

*

• Any essential computing or networking asset that serves a critical function must include physical distribution to increase survivability
• Physical diversity has been part of the national asset system for years
• Backup center diversity
• Supplier/vendor diversity
• Network route diversity

Copyright © 2012, Elsevier Inc. All rights Reserved

Chapter 4 – Diversity

Physical Diversity

The University of Adelaide, School of Computer Science

Chapter 2 — Instructions: Language of the Computer

*

Copyright © 2012, Elsevier Inc. All rights Reserved

Chapter 4 – Diversity

Fig. 4.8 – Diverse hubs in satellite SCADA configurations

*

• A national diversity program would coordinate between companies and government agencies
• Critical path analysis
• Cascade modeling
• Procurement discipline

Copyright © 2012, Elsevier Inc. All rights Reserved

Chapter 4 – Diversity

National Diversity Program

The University of Adelaide, School of Computer Science

Chapter 2 — Instructions: Language of the Computer