Critical Information Infrastructure Protection: Urgent vs. Important Miguel Correia 2012 Workshop on...
-
Upload
bonnie-lee -
Category
Documents
-
view
220 -
download
1
Transcript of Critical Information Infrastructure Protection: Urgent vs. Important Miguel Correia 2012 Workshop on...
![Page 1: Critical Information Infrastructure Protection: Urgent vs. Important Miguel Correia 2012 Workshop on Cyber Security and Global Affairs and Global Security.](https://reader035.fdocuments.net/reader035/viewer/2022081516/56649dc85503460f94abe29e/html5/thumbnails/1.jpg)
Critical Information Infrastructure Protection: Urgent vs. Important
Miguel Correia2012 Workshop on Cyber Security and Global Affairs
and Global Security ForumUPC – Barcelona – Jun. 2012
![Page 2: Critical Information Infrastructure Protection: Urgent vs. Important Miguel Correia 2012 Workshop on Cyber Security and Global Affairs and Global Security.](https://reader035.fdocuments.net/reader035/viewer/2022081516/56649dc85503460f94abe29e/html5/thumbnails/2.jpg)
2
Critical Information Infrastructure
• July 15th 96 American president signed Executive Order 13010 – introduced (or popularized?) the term critical infrastructures
• Identifies 8 classes of critical infrastructures:– telecommunications, electrical power systems, gas/oil storage and
transportation, banking/finance, transportation, water supply systems, emergency services, continuity of government
• Critical information infrastructures – the ICT partof these infrastructures
![Page 3: Critical Information Infrastructure Protection: Urgent vs. Important Miguel Correia 2012 Workshop on Cyber Security and Global Affairs and Global Security.](https://reader035.fdocuments.net/reader035/viewer/2022081516/56649dc85503460f94abe29e/html5/thumbnails/3.jpg)
3
Power grid
• Recent past:– Power grid undergone significant computerization and interconnection
– Improved operation, but became exposed to cyber-threats
• Present/future:– Smart grid: smart metering, distributed generation… - ICT is core
– More computerization and interconnection, higher exposure to cyber-threats
![Page 4: Critical Information Infrastructure Protection: Urgent vs. Important Miguel Correia 2012 Workshop on Cyber Security and Global Affairs and Global Security.](https://reader035.fdocuments.net/reader035/viewer/2022081516/56649dc85503460f94abe29e/html5/thumbnails/4.jpg)
4
Power grid is under siege
• 2003: Davis-Besse nuclear power plant’s control systems blocked by the Slammer/Sapphire worm
• 2007: experimental DHS-sponsored cyber-attack destructs a power generator
• 2009: US electrical grid allegedly penetrated by spies from China, Russia and others
• 2010: Stuxnet damages centrifuges in Iranian nuclear enrichment center
![Page 5: Critical Information Infrastructure Protection: Urgent vs. Important Miguel Correia 2012 Workshop on Cyber Security and Global Affairs and Global Security.](https://reader035.fdocuments.net/reader035/viewer/2022081516/56649dc85503460f94abe29e/html5/thumbnails/5.jpg)
5
URGENT: REDUCING RISK
![Page 6: Critical Information Infrastructure Protection: Urgent vs. Important Miguel Correia 2012 Workshop on Cyber Security and Global Affairs and Global Security.](https://reader035.fdocuments.net/reader035/viewer/2022081516/56649dc85503460f94abe29e/html5/thumbnails/6.jpg)
6
Risk is high
risk = level of threat X degree of vulnerability X impact
• Level of threat is high – nation states, random threats, extortion
• Degree of vulnerability is high – as shown by the previous cases
• Impact is high – think of a city without power for hours/weeks
likelihood of successful attack
It is urgent to reduce this riskBy reducing the degree of vulnerability
![Page 7: Critical Information Infrastructure Protection: Urgent vs. Important Miguel Correia 2012 Workshop on Cyber Security and Global Affairs and Global Security.](https://reader035.fdocuments.net/reader035/viewer/2022081516/56649dc85503460f94abe29e/html5/thumbnails/7.jpg)
7
NIST SP 800-82
• “Guide to Industrial Control Systems (ICS) Security”, Jun. 2011• Recommendations about
– Network architecture – firewall usage, network segregation,…– Management controls – planning, risk assessment,…– Operational controls – personnel security, contingency planning,
configuration management,…– Technical controls – authentication, access control, systems and
communication protection,…
• ICT security applied to CIIP
![Page 8: Critical Information Infrastructure Protection: Urgent vs. Important Miguel Correia 2012 Workshop on Cyber Security and Global Affairs and Global Security.](https://reader035.fdocuments.net/reader035/viewer/2022081516/56649dc85503460f94abe29e/html5/thumbnails/8.jpg)
8
IEC 62351
• “Power systems management and associated information exchange – Data and communications security”, May 2007
• Recommendations about the security of TC57 protocols– protection from eavesdropping, man-in-the-middle, spoofing, and
replay
• ICT security applied to CIIP
![Page 9: Critical Information Infrastructure Protection: Urgent vs. Important Miguel Correia 2012 Workshop on Cyber Security and Global Affairs and Global Security.](https://reader035.fdocuments.net/reader035/viewer/2022081516/56649dc85503460f94abe29e/html5/thumbnails/9.jpg)
9
Urgent to apply these standards
• In comparison with “normal” ICT systems…• before applying these standards:
risk = level of threat X degree of vulnerability X impact
much higher!
much higher!higher!higher!
![Page 10: Critical Information Infrastructure Protection: Urgent vs. Important Miguel Correia 2012 Workshop on Cyber Security and Global Affairs and Global Security.](https://reader035.fdocuments.net/reader035/viewer/2022081516/56649dc85503460f94abe29e/html5/thumbnails/10.jpg)
10
Urgent to apply these standards
• In comparison with “normal” ICT systems…• after applying these standards:
risk = level of threat X degree of vulnerability X impact
The risk must still be more reduced!The degree of vulnerability has to become much lower than in ICT systems
much higher!
much higher!samehigher!
![Page 11: Critical Information Infrastructure Protection: Urgent vs. Important Miguel Correia 2012 Workshop on Cyber Security and Global Affairs and Global Security.](https://reader035.fdocuments.net/reader035/viewer/2022081516/56649dc85503460f94abe29e/html5/thumbnails/11.jpg)
11
IMPORTANT: RESEARCH ABOUT REDUCING RISK MUCH MORE
![Page 12: Critical Information Infrastructure Protection: Urgent vs. Important Miguel Correia 2012 Workshop on Cyber Security and Global Affairs and Global Security.](https://reader035.fdocuments.net/reader035/viewer/2022081516/56649dc85503460f94abe29e/html5/thumbnails/12.jpg)
Substation ASubstation B
Substation C
Architecture – WAN-of-LANs
12
![Page 13: Critical Information Infrastructure Protection: Urgent vs. Important Miguel Correia 2012 Workshop on Cyber Security and Global Affairs and Global Security.](https://reader035.fdocuments.net/reader035/viewer/2022081516/56649dc85503460f94abe29e/html5/thumbnails/13.jpg)
Substation ASubstation B
Substation C
CIS - CRUTIAL Information Switch
13
![Page 14: Critical Information Infrastructure Protection: Urgent vs. Important Miguel Correia 2012 Workshop on Cyber Security and Global Affairs and Global Security.](https://reader035.fdocuments.net/reader035/viewer/2022081516/56649dc85503460f94abe29e/html5/thumbnails/14.jpg)
CIS Protection Service
• Objective: effectively block incoming attacks• CIS-PS works at application layer and is a distributed firewall• It is intrusion-tolerant thanks to replication and diversity• It is self-healing thanks to replica rejuvenation
• It cannot be attacked even if there are 0-day vulnerabilities
14
![Page 15: Critical Information Infrastructure Protection: Urgent vs. Important Miguel Correia 2012 Workshop on Cyber Security and Global Affairs and Global Security.](https://reader035.fdocuments.net/reader035/viewer/2022081516/56649dc85503460f94abe29e/html5/thumbnails/15.jpg)
CIS Communication Service
• Objective: circumvent faults and DDoS attacks in the WAN• CIS run JITER algorithm – timely-critical messages exploit:• Multihoming: CII facilities often connected to 2 ISPs• Overlay channels: messages sent indirectly through other CIS• Communication is timely/secure even under harsh fault/attack
scenarios
15
CIS A CIS B
CIS C
CIS D
Network fault, DDoS attack
![Page 16: Critical Information Infrastructure Protection: Urgent vs. Important Miguel Correia 2012 Workshop on Cyber Security and Global Affairs and Global Security.](https://reader035.fdocuments.net/reader035/viewer/2022081516/56649dc85503460f94abe29e/html5/thumbnails/16.jpg)
16
New directions beyond CRUTIAL
• Threats like Stuxnet might not be blocked by these mechanisms; some research directions:
• Replication/rejuvenation/diversity inside the LANs– For critical servers, e.g., SCADA servers– For control devices: Programmable Logic Controllers (PLC), Remote
Terminal Units (RTU)
• Continuous vulnerability assessment (instead of periodic scanning)
• Anomaly-based endpoint assessment
![Page 17: Critical Information Infrastructure Protection: Urgent vs. Important Miguel Correia 2012 Workshop on Cyber Security and Global Affairs and Global Security.](https://reader035.fdocuments.net/reader035/viewer/2022081516/56649dc85503460f94abe29e/html5/thumbnails/17.jpg)
Conclusions
• The power grid and other critical information infrastructures are vulnerable to cyber-attacks
• It is urgent to do the urgent: apply standards and recommendations
• But ICT-like security mechanisms are not enough: the threat level and impact of CII failure is high, so risk remains high
• So it is important to do what is important: to investigate novel protection mechanisms that greatly reduce the degree of vulnerability
17
![Page 18: Critical Information Infrastructure Protection: Urgent vs. Important Miguel Correia 2012 Workshop on Cyber Security and Global Affairs and Global Security.](https://reader035.fdocuments.net/reader035/viewer/2022081516/56649dc85503460f94abe29e/html5/thumbnails/18.jpg)
More info at my web page: google miguel correia inesc-id