IV Journal

CYB 4303, Critical Infrastructure Protection in Cybersecurity 1

Course Learning Outcomes for Unit IV Upon completion of this unit, students should be able to:

1. Evaluate the various sectors of critical infrastructure protection (CIP) in the United States. 1.2 Identify vulnerabilities in critical infrastructures.

2. Evaluate organization infrastructures for vulnerabilities.

2.1 Describe different types of risks affecting Critical Information and Key Resources (CIKR) systems.

4. Examine cybersecurity challenges within critical infrastructure protection (CIP) in the United States.

4.2 Outline cybersecurity measures in critical infrastructure.

Required Unit Resources Chapter 5: Communications Chapter 6: Internet

Unit Lesson

Introduction Communications is a critical part of the nation’s economy. As outlined in previous lessons, the U.S. Department of Homeland Security (DHS) published the National Infrastructure Protection Plan (NIPP) in 2006 as a comprehensive framework to address threats and vulnerabilities in the different critical sectors (Department of Homeland Security, 2015). The communications sector council, along with DHS, designed the Communications Sector-Specific Plan, or CSSP, to provide guidelines in an effort to improve security and resilience to the communications sector’s critical infrastructure (Department of Homeland Security, 2015).

The Communications Sector The communications sector is a critical component of any nation’s economy. This sector is integral to the operations of businesses and governmental entities. Over the last five to six decades, the communications sector has evolved from predominantly providing voice services into a diverse and interconnected sector involving satellite, wireless, and terrestrial systems. The vast majority of these systems are privately owned; thus the DHS must work closely with the private sector to identify vulnerabilities in the infrastructure and assess, prioritize, and mitigate risks. The information traveling through each one of these subsystems depends on the ability of each of these systems to work, communicate, and, at times, share physical facilities with each other. As an example, cellular wireless carriers depend on wireline carriers to bridge or terminate their traffic to end users. The communications sector also plays a critical role in other Critical Infrastructure Key Resources (CIKR) sectors such as the information technology, emergency services, energy, and financial sectors. Presidential Policy Directive 21 (PPD-21) recognizes the communication sector as important to enable the proper functions across all CIKRs. DHS is the designated agency for this sector. The specifics of the communications sector plan can be found in the Communications Sector-Specific Plan published in 2015. In order to reduce risks, the communications sector council and DHS identified the following priorities.

UNIT IV STUDY GUIDE

Communications Sector

CYB 4303, Critical Infrastructure Protection in Cybersecurity 2

UNIT x STUDY GUIDE

Title

• Cyber and physical security: Coordination must be present between the private and public sectors to enhance physical security, identify trends, and formulate strategies and best practices for the sector.

• Resilience: Coordination and promotion of efforts must exist to advance communication resilience by all public and private agencies.

• Dependencies and interdependencies: Identification of interdependencies between the public and private sectors aims to improve relations and ensure the sector’s resilience to both natural and man- made threats.

• Partnership and engagement: Enhancement of public and private sectors relationships coordinates the sector’s security and resilience (DHS, 2015).

Wireline Networks

Wireline or wired networks are still critical for the delivery of information across the nation. Wireline networks are crucial to meet the need of high-speed, low-latency, high-capacity communication needs. Today, the vast majority of organizations and households increasingly rely on bandwidth-intensive applications for communication, data transfers, and entertainment. Rather than just using voice networks, consumers are now using services such as video streaming, video conferencing, and multimedia applications requiring high- speed networks. High-speed and scalable networks are critical to a nation’s economy. These networks still require physical infrastructures and lines of communication from central hubs and distribution centers to organizations and end users alike. Thus, the protection of this key resource infrastructure revolves around physical security and users training to minimize vulnerabilities to the physical network. Wireline networks also include the traditional public switched telephone network (PSTN). In fact, the first major network was the PSTN, which is still considered a critical asset for communications. The PSTN architecture’s vulnerabilities include damage to physical structures (local and regional switching offices) and congestion conditions experienced due to emergencies or major disasters. DHS has implemented different initiatives for emergency response communications such as the Government Emergency Telecommunications Service (GETS) program (see Figure 1).

Wireless Networks Wireless networks also play a significant role in the nation’s CIKRs. Wireless technologies are not limited to just Wi-Fi networks, but encompass wireless personal area networks (WPAN), wireless metropolitan area

About GETS

During major emergencies, voice networks may experience congestion because of increased call volume, obstructing the ability for emergency responders to communicate. The Government Emergency Telecommunications Service (GETS) provides emergency personnel with the ability to prioritize their calls.

Figure 1. Sample GETS calling card (Department of Homeland Security, 2017)

CYB 4303, Critical Infrastructure Protection in Cybersecurity 3

UNIT x STUDY GUIDE

Title

networks (WMAN), and wireless wide area networks (WWAN). The former uses radio communication while the latter two use cellular and terrestrial microwave links between structures or sites. Wireless networks have many advantages including flexibility, easier installation, and scalability; however, these advantages also open wireless networks to more vulnerabilities than wireline networks. The U.S. Government Accountability Office (GAO) found that most organizations and governmental agencies do not fully adhere to the leading wireless recommended security practices, suggesting that many wireless networks are vulnerable to potential security bridges (GAO, 2010).

Cellular Networks As cellular devices have become more pervasive, the cellular network has become a critical component of the telecommunication system in many nations. Cellular networks are radio frequency-based networks distributed over large metropolitan and geographical areas. Cellular networks use cell towers or base stations providing radio frequency coverage over specific designated areas. The base stations rely on wireline fiber optics networks to identify, process, and relay calls from end user to end user. Due to the convergence of voice and data (voice over IP), cellular networks suffer from the same vulnerabilities that data networks have (i.e., denial of services [DoS] attacks). Other vulnerabilities include radio frequency jamming and physical threats to base stations. The National Coordinating Center for Communications (NCC) is tasked with monitoring cellular networks to identify potential threats (NCC, n.d.). The NCC keeps a close eye on major metropolitan cellular infrastructure assets. As an example, the NCC helped reestablish cellular communications following the Sept. 11, 2001 attacks.

Satellite Networks Satellite networks and communications (SATCOM) play a vital role in the overall global communication system. Terrestrial communication systems including cellular networks are subject to physical limitations such as distance and obstructions. SATCOM networks fill the gap to maintain communications around the world. These networks allow people in remote locations to communicate and access information, help vessels and aircrafts operate safely and efficiently, and support the military branches in maintaining critical communications during conflicts and natural disasters. According to Santamarta (2014), types of SATCOM networks include:

• Inmarsat-C to provide ship-to-shore, shore-to-ship, and ship-to-ship communications;

• VSAT systems to relay transponder signals and transmit data, video, and voice;

• Broadband Global Area Network (BGAN) as a global Internet and voice service network;

• BGAN Machine to Machine (M2M) as a two-way machine-to-machine communication;

• FleetBroadband (FB) network as a data and voice maritime satellite system; and

• SwiftBroadband as an aeronautical satellite system for data and voice. SATCOM systems have vulnerabilities including interception, blocking, or manipulations of communications and, in some cases, taking control of physical devices or terminals. Santamarta (2014) suggests that owners of SATCOM systems take action to mitigate vulnerabilities by evaluating the exposure of the devices in use, following secured policies, and segmenting and restricting traffic flow through the communication links.

The Internet In about 40 years, the Internet has evolved from an early academic research project connecting a few sites to a global communication network extending to most countries around the world. The number of users (computer devices) has grown at an exponential rate. Figure 2 depicts a graph illustrating the growth from 1995 to 2017. According to Comer (2015), by 1998, the average rate of new devices joining the Internet was one per second; by 2007, that number doubled to two per second. As the Internet grew, many elements around the Internet also experienced an increase; specifically, speeds increased significantly, and new applications emerged to cater to all sectors of society.

CYB 4303, Critical Infrastructure Protection in Cybersecurity 4

UNIT x STUDY GUIDE

Title

The continuous growth of the Internet along with technological advances including faster speeds and new applications introduces new levels of vulnerabilities. Lewis (2020) noted that the Internet “supports human networks consisting of both terrorists and pen pals” (p. 143). As the Internet continues to evolve, it will bring opportunities and challenges in the configuration, management, and monitoring of CIKRs. The Internet not only provides human-to-human communication but also is a conduit for machine-to-machine (M2M) communication; researchers referred to this new trend as the Internet of Things (IoT; Department of Homeland Security, 2016). As an example, M2M communication is used in traffic light patterns. When there is unusual traffic at an intersection from one direction, the traffic light will change the delays of red to green patterns to allow for a smoother traffic flow. The challenge with IoT and M2M communication is that it is based solely on computer algorithms and not human intervention. This new concept presents opportunities for many critical sectors as the IoT is facilitating the convergence of communications. Thus, the Internet is quickly becoming a fundamental critical infrastructure. As Lewis (2020) stated, “Whether the infrastructure sector is water, power, energy, emergency services, public health, agriculture, defense industrial base, critical manufacturing, or key resources such as nuclear power plants and government buildings, the Internet has emerged as the most vital component” (p. 143).

Summary As the Internet continues to evolve, so will the opportunities and challenges in keeping critical infrastructures protected. The IoT has introduced autonomous systems that use M2M communication including home automation, smart grids, security, and surveillance systems. As the nation’s private and public sectors become increasingly dependent on the Internet for communications, the information technology sector will be central to the nation’s security.

References Comer, D. E. (2015). Computer networks and internets (6th ed.). Pearson. Department of Homeland Security. (n.d.) About GETS. https://www.dhs.gov/about-gets Department of Homeland Security. (2015). Communications sector-specific plan: An annex to the NIPP 2013.

https://www.dhs.gov/sites/default/files/publications/nipp-ssp-communications-2015-508.pdf

0

500

1000

1500

2000

2500

3000

3500

4000

4500

1 9 9

5

1 9 9

6

1 9 9

7

1 9 9

8

1 9 9

9

2 0 0

0

2 0 0

1

2 0 0

2

2 0 0

3

2 0 0

4

2 0 0

5

2 0 0

6

2 0 0

7

2 0 0

8

2 0 0

9

2 0 1

0

2 0 1

1

2 0 1

2

2 0 1

3

2 0 1

4

2 0 1

5

2 0 1

6

2 0 1

7

Number of Users in Millions

Figure 2: Internet growth 1995-2017 plot showing the number of users on the Internet (Internet World Stats, 2018)

CYB 4303, Critical Infrastructure Protection in Cybersecurity 5

UNIT x STUDY GUIDE

Title

Department of Homeland Security. (2016). Securing the Internet of things. https://www.dhs.gov/securingtheIoT

Department of Homeland Security. (2017). GETS Card Image. https://www.dhs.gov/photo/gets-card-image Government Accountability Office. (2010). Federal agencies have taken steps to secure wireless networks,

but further actions can mitigate risk. https://www.gao.gov/new.items/d1143.pdf Internet World Stats. (n.d.) Internet growth statistics. https://www.internetworldstats.com/emarketing.htm Lewis, T. G. (2020). Critical infrastructure protection in homeland security: Defending a networked nation (3rd

ed.). Wiley. Santamarta, R. (2014). SATCOM terminals: Hacking by air, sea, and land. https://www.blackhat.com/docs/us-

14/materials/us-14-Santamarta-SATCOM-Terminals-Hacking-By-Air-Sea-And-Land-WP.pdf U.S.-Computer Emergency Readiness Team [US-CERT]. (n.d.). The National Coordinating Center for

Communications (NCC). https://www.us-cert.gov/nccic/ncc-watch

Suggested Unit Resources In order to access the following resources, click the links below. Additional information relevant to the unit’s objectives can be found in the following links. There are more details provided in these links as it relates to the policies and presidential directives regarding communications at the White House website and at the Government Accountability Office’s (GAO) site. The White House, Office of the Press Secretary. (2013, Feb 12). Presidential policy directive – critical

infrastructure security and resilience [Press Release]. https://obamawhitehouse.archives.gov/the- press-office/2013/02/12/presidential-policy-directive-critical-infrastructure-security-and-resil

U.S. Government Accountability Office. (2010). Information security: Federal agencies have taken steps to

secure wireless networks, but further actions can mitigate risks [Report to Congressional Committees: GAO-11-43]. https://www.gao.gov/assets/320/312745.pdf

CYB 4303, Critical Infrastructure Protection in Cybersecurity 1

Course Learning Outcomes for Unit IV Upon completion of this unit, students should be able to:

1. Evaluate the various sectors of critical infrastructure protection (CIP) in the United States. 1.2 Identify vulnerabilities in critical infrastructures.

2. Evaluate organization infrastructures for vulnerabilities.

2.1 Describe different types of risks affecting Critical Information and Key Resources (CIKR) systems.

4. Examine cybersecurity challenges within critical infrastructure protection (CIP) in the United States.

4.2 Outline cybersecurity measures in critical infrastructure.

Required Unit Resources Chapter 5: Communications Chapter 6: Internet

Unit Lesson

Introduction Communications is a critical part of the nation’s economy. As outlined in previous lessons, the U.S. Department of Homeland Security (DHS) published the National Infrastructure Protection Plan (NIPP) in 2006 as a comprehensive framework to address threats and vulnerabilities in the different critical sectors (Department of Homeland Security, 2015). The communications sector council, along with DHS, designed the Communications Sector-Specific Plan, or CSSP, to provide guidelines in an effort to improve security and resilience to the communications sector’s critical infrastructure (Department of Homeland Security, 2015).

The Communications Sector The communications sector is a critical component of any nation’s economy. This sector is integral to the operations of businesses and governmental entities. Over the last five to six decades, the communications sector has evolved from predominantly providing voice services into a diverse and interconnected sector involving satellite, wireless, and terrestrial systems. The vast majority of these systems are privately owned; thus the DHS must work closely with the private sector to identify vulnerabilities in the infrastructure and assess, prioritize, and mitigate risks. The information traveling through each one of these subsystems depends on the ability of each of these systems to work, communicate, and, at times, share physical facilities with each other. As an example, cellular wireless carriers depend on wireline carriers to bridge or terminate their traffic to end users. The communications sector also plays a critical role in other Critical Infrastructure Key Resources (CIKR) sectors such as the information technology, emergency services, energy, and financial sectors. Presidential Policy Directive 21 (PPD-21) recognizes the communication sector as important to enable the proper functions across all CIKRs. DHS is the designated agency for this sector. The specifics of the communications sector plan can be found in the Communications Sector-Specific Plan published in 2015. In order to reduce risks, the communications sector council and DHS identified the following priorities.

UNIT IV STUDY GUIDE

Communications Sector

CYB 4303, Critical Infrastructure Protection in Cybersecurity 2

UNIT x STUDY GUIDE

Title

• Cyber and physical security: Coordination must be present between the private and public sectors to enhance physical security, identify trends, and formulate strategies and best practices for the sector.

• Resilience: Coordination and promotion of efforts must exist to advance communication resilience by all public and private agencies.

• Dependencies and interdependencies: Identification of interdependencies between the public and private sectors aims to improve relations and ensure the sector’s resilience to both natural and man- made threats.

• Partnership and engagement: Enhancement of public and private sectors relationships coordinates the sector’s security and resilience (DHS, 2015).

Wireline Networks

Wireline or wired networks are still critical for the delivery of information across the nation. Wireline networks are crucial to meet the need of high-speed, low-latency, high-capacity communication needs. Today, the vast majority of organizations and households increasingly rely on bandwidth-intensive applications for communication, data transfers, and entertainment. Rather than just using voice networks, consumers are now using services such as video streaming, video conferencing, and multimedia applications requiring high- speed networks. High-speed and scalable networks are critical to a nation’s economy. These networks still require physical infrastructures and lines of communication from central hubs and distribution centers to organizations and end users alike. Thus, the protection of this key resource infrastructure revolves around physical security and users training to minimize vulnerabilities to the physical network. Wireline networks also include the traditional public switched telephone network (PSTN). In fact, the first major network was the PSTN, which is still considered a critical asset for communications. The PSTN architecture’s vulnerabilities include damage to physical structures (local and regional switching offices) and congestion conditions experienced due to emergencies or major disasters. DHS has implemented different initiatives for emergency response communications such as the Government Emergency Telecommunications Service (GETS) program (see Figure 1).

Wireless Networks Wireless networks also play a significant role in the nation’s CIKRs. Wireless technologies are not limited to just Wi-Fi networks, but encompass wireless personal area networks (WPAN), wireless metropolitan area

About GETS

During major emergencies, voice networks may experience congestion because of increased call volume, obstructing the ability for emergency responders to communicate. The Government Emergency Telecommunications Service (GETS) provides emergency personnel with the ability to prioritize their calls.

Figure 1. Sample GETS calling card (Department of Homeland Security, 2017)

CYB 4303, Critical Infrastructure Protection in Cybersecurity 3

UNIT x STUDY GUIDE

Title

networks (WMAN), and wireless wide area networks (WWAN). The former uses radio communication while the latter two use cellular and terrestrial microwave links between structures or sites. Wireless networks have many advantages including flexibility, easier installation, and scalability; however, these advantages also open wireless networks to more vulnerabilities than wireline networks. The U.S. Government Accountability Office (GAO) found that most organizations and governmental agencies do not fully adhere to the leading wireless recommended security practices, suggesting that many wireless networks are vulnerable to potential security bridges (GAO, 2010).

Cellular Networks As cellular devices have become more pervasive, the cellular network has become a critical component of the telecommunication system in many nations. Cellular networks are radio frequency-based networks distributed over large metropolitan and geographical areas. Cellular networks use cell towers or base stations providing radio frequency coverage over specific designated areas. The base stations rely on wireline fiber optics networks to identify, process, and relay calls from end user to end user. Due to the convergence of voice and data (voice over IP), cellular networks suffer from the same vulnerabilities that data networks have (i.e., denial of services [DoS] attacks). Other vulnerabilities include radio frequency jamming and physical threats to base stations. The National Coordinating Center for Communications (NCC) is tasked with monitoring cellular networks to identify potential threats (NCC, n.d.). The NCC keeps a close eye on major metropolitan cellular infrastructure assets. As an example, the NCC helped reestablish cellular communications following the Sept. 11, 2001 attacks.

Satellite Networks Satellite networks and communications (SATCOM) play a vital role in the overall global communication system. Terrestrial communication systems including cellular networks are subject to physical limitations such as distance and obstructions. SATCOM networks fill the gap to maintain communications around the world. These networks allow people in remote locations to communicate and access information, help vessels and aircrafts operate safely and efficiently, and support the military branches in maintaining critical communications during conflicts and natural disasters. According to Santamarta (2014), types of SATCOM networks include:

• Inmarsat-C to provide ship-to-shore, shore-to-ship, and ship-to-ship communications;

• VSAT systems to relay transponder signals and transmit data, video, and voice;

• Broadband Global Area Network (BGAN) as a global Internet and voice service network;

• BGAN Machine to Machine (M2M) as a two-way machine-to-machine communication;

• FleetBroadband (FB) network as a data and voice maritime satellite system; and

• SwiftBroadband as an aeronautical satellite system for data and voice. SATCOM systems have vulnerabilities including interception, blocking, or manipulations of communications and, in some cases, taking control of physical devices or terminals. Santamarta (2014) suggests that owners of SATCOM systems take action to mitigate vulnerabilities by evaluating the exposure of the devices in use, following secured policies, and segmenting and restricting traffic flow through the communication links.

The Internet In about 40 years, the Internet has evolved from an early academic research project connecting a few sites to a global communication network extending to most countries around the world. The number of users (computer devices) has grown at an exponential rate. Figure 2 depicts a graph illustrating the growth from 1995 to 2017. According to Comer (2015), by 1998, the average rate of new devices joining the Internet was one per second; by 2007, that number doubled to two per second. As the Internet grew, many elements around the Internet also experienced an increase; specifically, speeds increased significantly, and new applications emerged to cater to all sectors of society.

CYB 4303, Critical Infrastructure Protection in Cybersecurity 4

UNIT x STUDY GUIDE

Title

The continuous growth of the Internet along with technological advances including faster speeds and new applications introduces new levels of vulnerabilities. Lewis (2020) noted that the Internet “supports human networks consisting of both terrorists and pen pals” (p. 143). As the Internet continues to evolve, it will bring opportunities and challenges in the configuration, management, and monitoring of CIKRs. The Internet not only provides human-to-human communication but also is a conduit for machine-to-machine (M2M) communication; researchers referred to this new trend as the Internet of Things (IoT; Department of Homeland Security, 2016). As an example, M2M communication is used in traffic light patterns. When there is unusual traffic at an intersection from one direction, the traffic light will change the delays of red to green patterns to allow for a smoother traffic flow. The challenge with IoT and M2M communication is that it is based solely on computer algorithms and not human intervention. This new concept presents opportunities for many critical sectors as the IoT is facilitating the convergence of communications. Thus, the Internet is quickly becoming a fundamental critical infrastructure. As Lewis (2020) stated, “Whether the infrastructure sector is water, power, energy, emergency services, public health, agriculture, defense industrial base, critical manufacturing, or key resources such as nuclear power plants and government buildings, the Internet has emerged as the most vital component” (p. 143).

Summary As the Internet continues to evolve, so will the opportunities and challenges in keeping critical infrastructures protected. The IoT has introduced autonomous systems that use M2M communication including home automation, smart grids, security, and surveillance systems. As the nation’s private and public sectors become increasingly dependent on the Internet for communications, the information technology sector will be central to the nation’s security.

References Comer, D. E. (2015). Computer networks and internets (6th ed.). Pearson. Department of Homeland Security. (n.d.) About GETS. https://www.dhs.gov/about-gets Department of Homeland Security. (2015). Communications sector-specific plan: An annex to the NIPP 2013.

https://www.dhs.gov/sites/default/files/publications/nipp-ssp-communications-2015-508.pdf

0

500

1000

1500

2000

2500

3000

3500

4000

4500

1 9 9

5

1 9 9

6

1 9 9

7

1 9 9

8

1 9 9

9

2 0 0

0

2 0 0

1

2 0 0

2

2 0 0

3

2 0 0

4

2 0 0

5

2 0 0

6

2 0 0

7

2 0 0

8

2 0 0

9

2 0 1

0

2 0 1

1

2 0 1

2

2 0 1

3

2 0 1

4

2 0 1

5

2 0 1

6

2 0 1

7

Number of Users in Millions

Figure 2: Internet growth 1995-2017 plot showing the number of users on the Internet (Internet World Stats, 2018)

CYB 4303, Critical Infrastructure Protection in Cybersecurity 5

UNIT x STUDY GUIDE

Title

Department of Homeland Security. (2016). Securing the Internet of things. https://www.dhs.gov/securingtheIoT

Department of Homeland Security. (2017). GETS Card Image. https://www.dhs.gov/photo/gets-card-image Government Accountability Office. (2010). Federal agencies have taken steps to secure wireless networks,

but further actions can mitigate risk. https://www.gao.gov/new.items/d1143.pdf Internet World Stats. (n.d.) Internet growth statistics. https://www.internetworldstats.com/emarketing.htm Lewis, T. G. (2020). Critical infrastructure protection in homeland security: Defending a networked nation (3rd

ed.). Wiley. Santamarta, R. (2014). SATCOM terminals: Hacking by air, sea, and land. https://www.blackhat.com/docs/us-

14/materials/us-14-Santamarta-SATCOM-Terminals-Hacking-By-Air-Sea-And-Land-WP.pdf U.S.-Computer Emergency Readiness Team [US-CERT]. (n.d.). The National Coordinating Center for

Communications (NCC). https://www.us-cert.gov/nccic/ncc-watch

Suggested Unit Resources In order to access the following resources, click the links below. Additional information relevant to the unit’s objectives can be found in the following links. There are more details provided in these links as it relates to the policies and presidential directives regarding communications at the White House website and at the Government Accountability Office’s (GAO) site. The White House, Office of the Press Secretary. (2013, Feb 12). Presidential policy directive – critical

infrastructure security and resilience [Press Release]. https://obamawhitehouse.archives.gov/the- press-office/2013/02/12/presidential-policy-directive-critical-infrastructure-security-and-resil

U.S. Government Accountability Office. (2010). Information security: Federal agencies have taken steps to

secure wireless networks, but further actions can mitigate risks [Report to Congressional Committees: GAO-11-43]. https://www.gao.gov/assets/320/312745.pdf