Critical Infrastructure Protection: A 21 st Century Challenge Professor Madjid Merabti PROTECT: Research Centre for Critical Infrastructure Computer Technology and Protection School of Computing and Mathematical Sciences Liverpool John Moores University, Byrom Street, Liverpool L3 3AF, UK Web:

Critical Infrastructures We Live in a High Connected World Power grid Financial system Air traffic control network Water supply system Oil infrastructure Telecommunications infrastructure Transport system

A Typical Critical Infrastructure Power Grid and its Components

Critical Infrastructures Features

Complexity

A Computer Control System The SCADA system

–In 1990 the AT&T PSTN network suffered a fault due to human error causing nationwide problems Interdependency

Interdependency –Siberian Pipeline Explosion (1982):Trojan inserted into SCADA software that caused explosion –Roosevelt Dam (1994): Hacker breaks into floodgate SCADA systems –GAZPROM (2000):Hackers gain control of Russian natural gas pipeline –August 2003: CSX Train Signaling System and the Sobig Virus –June 2009 : insider/employee attack on US hospital SCADA systems.

C RITICAL I NFRASTRUCTURE P ROTECTION C HALLENGES

A Real Threat –The Stuxnet a Cyber Attack

Increasing Cyber Attacks/Threats We must learn to defend, delay, attack and manoeuvre in cyberspace, just as we might on the land, sea or air and all together at the same time. Future war will always include a cyber dimension and it could become the dominant form. At the moment we don't have a cyber command and I'm very keen we have one”. He added: Whether we like it or not, cyber is going to be part of future warfare, just as tanks and aircraft are today. It's a cultural change. In the future I don't think state- to-state warfare will start in the way it did even 10 years ago. It will be cyber or banking attacks - that's how I'd conduct a war if I was running a belligerent state or a rebel movement. It's semi-anonymous, cheap and doesn't risk people [dailymail.co.uk] General Sir David Richards Head of UK arm forces

Attack on a Power Grid Attack on a Power Grid

Other Issues –Cascading vulnerability problem –The blackouts of North America happened due to a cascade of failures. It affected the power generation system, water supply, transportation, communication system, and industry –The convergence of control networks with public and critical networks potentially exposes the control systems to additional security vulnerabilities –Use of wireless technology in critical systems expose vulnerable to attacks

Other Issues –Developing new virtual environments where the characteristics of critical infrastructures and their complexity could be mapped and visualized.

A System of Systems Problem

Crisis Management –Any crisis (natural or human made) impose high damage risk to Critical Infrastructure –Japan tsunami 2011

C RITICAL I NFRASTRUCTURE P ROTECTION S OLUTIONS

System Modelling

Systems-of-Systems Design Models systems interactions Check properties –Of individual devices –Of topological structure –Test against security patterns Highlight potential security vulnerabilities

Security Research in critical infrastructures should cover all the security aspects e.g. –Intrusion detection –Vulnerability analysis –Data protection solutions ANIKETOS project –Comprised of 17 partners from across the EU –A €13.9 million project

Crisis Management Solution

R ESEARCH C ENTRE FOR C RITICAL I NFRASTRUCTURE C OMPUTER T ECHNOLOGY AND P ROTECTION (PROTECT)

PROTECT Vision Networked Appliances Laboratory (NAL) –Home networking and entertainment systems –Ubiquitous computing and biofeedback processing –Sensor networking and environmental monitoring Network and Information Security Technology Laboratory (NISTL) –Identity management and system-of-systems security –Trust management and system monitoring –Security interfaces and reputation schemes –Computer forensics and digital rights management

PROTECT Vision Computer Games Research Laboratory (CGRL) –Game and middleware engine development –Online game development and deployment –Peer-to-peer technologies and applied artificial intelligence –Interaction techniques between real and virtual environments –Serious games technologies applied to education and training, and digital interactive storytelling

3D Modelling

System of System Security

Conclusion Critical Infrastructure Challenges –Critical infrastructures strongly rely on systems and networks built over computing technologies and information systems. –These systems need to be protected and redesigned to cope against serious incidents and attacks. –Complexity and Interdependency between systems exist at every level. –Joint efforts of researchers from different disciplines is the way forward Our vision –New modelling, design, and protection approaches –Regroup many research disciplines such as: distributed systems, digital communication, gaming technology data and system modelling