Discretion
1 Copyright © 2012, Elsevier Inc.
All Rights Reserved
Chapter 7
Discretion
Cyber Attacks Protecting National Infrastructure, 1st ed.
2
• Proprietary information will be exposed if discovered by hackers
• National infrastructure protection initiatives most prevent leaks – Best approach: Avoid vulnerabilities in the first place – More practically: Include a customized program focused
mainly on the most critical information
Copyright © 2012, Elsevier Inc. All rights Reserved
C hapter 7 –
D iscretion
Introduction
3
• A trusted computing base (TCB) is the totality of hardware, software, processes, and individuals considered essential to system security
• A national infrastructure security protection program will include – Mandatory controls – Discretionary policy
• A smaller, less complext TCB is easier to protect
Copyright © 2012, Elsevier Inc. All rights Reserved
C hapter 7 –
D iscretion
Trusted Computing Base
4
Fig. 7.1 – Size comparison issues in a trusted computing base
Copyright © 2012, Elsevier Inc. All rights Reserved
C hapter 7 –
D iscretion
5
• Managing discretion is critical; questions about the following should be asked when information is being considered for disclosure – Assistance – Fixes – Limits – Legality – Damage – Need
Copyright © 2012, Elsevier Inc. All rights Reserved
C hapter 7 –
D iscretion
Trusted Computing Base
6
• Security through obscurity is often maligned and misunderstood by security experts – Long-term hiding of vulnerabilities – Long-term suppression of information
• Security through obscurity is not recommended for long-term protection, but it is an excellent complementary control – E.g., there’s no need to publish a system’s architecture – E.g., revealing a flaw before it’s fixed can lead to rushed
work and an unnecessary complication of the situation
Copyright © 2012, Elsevier Inc. All rights Reserved
C hapter 7 –
D iscretion
Security Through Obscurity
7 Copyright © 2012, Elsevier Inc.
All rights Reserved
C hapter 7 –
D iscretion
Fig. 7.2 – Knowledge lifecycle for security through obscurity
8 Copyright © 2012, Elsevier Inc.
All rights Reserved
C hapter 7 –
D iscretion
Fig. 7.3 – Vulnerability disclosure lifecycle
9
• Information sharing may be inadvertent, secretive, or willful
• Government most aggressive promoting information sharing
• Government requests information from industry for the following reasons – Government assistance to industry – Government situational awareness – Politics
• Government and industry have conflicting motivations
Copyright © 2012, Elsevier Inc. All rights Reserved
C hapter 7 –
D iscretion
Information Sharing
10 Copyright © 2012, Elsevier Inc.
All rights Reserved
C hapter 7 –
D iscretion
Fig. 7.4 – Inverse value of information sharing for government and industry
11
• Adversaries regularly scout ahead and plan before an attack
• Reconnaissance planning levels – Level #1: Broad, wide-reaching collection from a variety of
sources – Level #2: Targeted collection, often involving automation – Level #3: Directly accessing the target
Copyright © 2012, Elsevier Inc. All rights Reserved
C hapter 7 –
D iscretion
Information Reconnaissance
12 Copyright © 2012, Elsevier Inc.
All rights Reserved
C hapter 7 –
D iscretion
Fig. 7.5 – Three stages of reconnaissance for cyber security
13
• At each stage of reconnaissance, security engineers can introduce information obscurity
• The specific types of information that should be obscured are – Attributes – Protections – Vulnerabilities
Copyright © 2012, Elsevier Inc. All rights Reserved
C hapter 7 –
D iscretion
Information Reconnaissance
14
• Layering methods of obscurity and discretion adds depth to defensive security program
• Even with layered obscurity, asset information can find a way out – Public speaking – Approved external site – Search for leakage
Copyright © 2012, Elsevier Inc. All rights Reserved
C hapter 7 –
D iscretion
Obscurity Layers
15 Copyright © 2012, Elsevier Inc.
All rights Reserved
C hapter 7 –
D iscretion
Fig. 7.6 – Obscurity layers to protect asset information
16
• Governments have been successful at protecting information by compartmentalizing information and individuals – Information is classified – Groups of individuals are granted clearance
• Compartmentalization defines boundaries, which helps guides decisions
• Private companies can benefit from this model
Copyright © 2012, Elsevier Inc. All rights Reserved
C hapter 7 –
D iscretion
Organizational Compartments
17 Copyright © 2012, Elsevier Inc.
All rights Reserved
C hapter 7 –
D iscretion Fig. 7.7 – Using clearances and
classifications to control information disclosure
18 Copyright © 2012, Elsevier Inc.
All rights Reserved
C hapter 7 –
D iscretion
Fig. 7.8 – Example commercial mapping of clearances and classifications
19
• To implement a national discretion program will require – TCB definition – Reduced emphasis on information sharing – Coexistence with hacking community – Obscurity layered model – Commercial information protection models
Copyright © 2012, Elsevier Inc. All rights Reserved
C hapter 7 –
D iscretion
National Discretion Program