Presentation on theme: "Countermeasures against Cyber-terrorist Attacks on Critical Infrastructure Thai delegation Presentation at 4 th ARF seminar on Cyber-terrorism Busan, Republic."— Presentation transcript:
Countermeasures against Cyber-terrorist Attacks on Critical Infrastructure Thai delegation Presentation at 4 th ARF seminar on Cyber-terrorism Busan, Republic of Korea October 2007
Introduction The information technology revolution has changed the way business is transacted, government operates, and national defense is conducted. Those functions now depend on an interdependent network of critical information infrastructures. Protection of these systems is essential to the telecommunications, energy, financial services, manufacturing, water, transportation, health care, and emergency services sectors.
How the world responses ? In recent years, large amount of information security incidents have caused a great lost to many countries, and the occurrence of such incidents is now on the rise, indicating that information system and network have become the major targets in future war and conflict. This stresses the need for cooperation between governments and the private sectors and international cooperation in identifying, preventing, and mitigating cyber-attacks and terrorist misuse of cyber space.
Super Powers The USA: Critical Infrastructure Protection Program The UK: Centre for the of National Infrastructure The ASEAN Region ARF: ASEAN Regional Forum (ARF) Statement on Cooperation in Fighting Cyber Attack and Terrorist Misuse of Cyber Space
Cyber-terrorists ? The confrontation of information has become an important strategy. Terrorist groups,with tactical and strategic support of enemy states, have indepth technological understanding of their targets, strong motives, and the capability to launch joint attack by using various tactics and technologies.
Critical infrastructures Critical infrastructures are those physical and cyber-based systems essential to the minimum operations of the economy and government. They include, but are not limited to, telecommunications, energy, banking and finance, transportation, water systems and emergency services, both governmental and private.
Many of the nation's critical infrastructures have historically been physically and logically separate systems that had little interdependence. As a result of advances in information technology and the necessity of improved efficiency, however, these infrastructures have become increasingly automated and interlinked. These same advances have created new vulnerabilities to equipment failure, human error, weather and other natural causes, and physical and cyber attacks.
Cyber confrontation system Cyber confrontation Cyber defense Cyber attack Computer viruses Viruses Trojan horse Trojan horse complex Network structure Operating system Application program Data Personnel Hiding Sniffing Password guessing Promote authority Attack system Network intrusion detection Network intrusion deception
Cyber-terrorist Attacks Main Types of Cyber Attacks 1 System destructive type: Destroy the opponents computer and network systems by means of sending computer viruses and logic bombs to paralyze the opponents national command and control system. 2 Information misleading type: Modify the functions of the opponents computer and network systems by means of sending false information to them to mislead the opponents flow of decision- making and command and control. 3 Comprehensive type: Make comprehensive use of system destruction and information misleading and combine them with other means of information warfare to multiply the destruction of the opponents command and control system.
How to counter ? Mainstream protection techniques Encryption Digital signature Access control: various levels on system & network Verification exchange: data source & id verification Loophole scanning and detection Intrusion detection, response and restore Anti-info leakage and electromagnetic solidification Security analysis and simulation Etc.
The lack of powerful general countermeasures means that attacks on computer systems and networks will continue to increase in the future. A shift in attackers from amateurs to professionals will continue as basic countermeasures become more effective at deterring amateurs. Among the countermeasures currently available, education, legal responses, backups, access controls, and honeypots will remain important in the future. But patches, encryption, intrusion detection, computer forensics, honeypots, simple active network defense, backtracing, and deception will increase in importance as technical details of their implementation are worked out. Despite their weaknesses, countermeasures do help protect systems since they have raised the necessary level of sophistication required by an attacker to succeed.
Suggested countermeasure Response: We shall develop a system for responding to a significant infrastructure attack while it is underway, with the goal of isolating and minimizing damage. Reconstitution: For varying levels of successful infrastructure attacks, we shall have a system to reconstitute minimum required capabilities rapidly. Education and Awareness: There shall be Vulnerability Awareness and Education Program within both the government and the private sector to sensitize people regarding the importance of security and to train them in security standards, particularly regarding cyber systems.
Research and Development: government-sponsored research and development in support of infrastructure protection shall be coordinated, take into account private sector research, and be adequately funded to minimize our vulnerabilities on a rapid but achievable timetable. Intelligence: The Intelligence Community shall develop and implement a plan for enhancing collection and analysis of the foreign threat to our national infrastructure, to include but not be limited to the foreign cyber/information warfare threat. International Cooperation: There shall be a plan to expand cooperation on critical infrastructure protection with like-minded and friendly nations, international organizations and multinational corporations.
Conclusion It has long been the policy to assure the continuity and viability of critical infrastructures. Nations will take all necessary measures to swiftly eliminate any significant vulnerability to both physical and cyber attacks on our critical infrastructures, including especially our cyber systems.
Since the targets of attacks on our critical infrastructure would likely include both facilities in the economy and those in the government, the elimination of our potential vulnerability requires a closely coordinated effort of both the government and the private sector. To succeed, this partnership must be genuine, mutual and cooperative.
While the world is being leaded into the Information Age, at the same time our nations have become uniquely dependent on information technology -- computers and the global network that connect them together. This dependency has become a clear and compelling threat to our economic well-being, our public safety, and our national security.
So,when we make the construction plan of the information system and network, we should give enough consideration to the security issues beforehand, rather than take damage control measures afterwards. And that an effective fight against cyber-attacks and terrorist misuse of cyber space requires increased, rapid and well-functioning regional and international cooperation.