Presentation is loading. Please wait.

Presentation is loading. Please wait.

Critical Information Infrastructure Protection: Urgent vs. Important Miguel Correia 2012 Workshop on Cyber Security and Global Affairs and Global Security.

Published byBonnie Lee Modified over 8 years ago

Similar presentations

Presentation on theme: "Critical Information Infrastructure Protection: Urgent vs. Important Miguel Correia 2012 Workshop on Cyber Security and Global Affairs and Global Security."— Presentation transcript:

1 Critical Information Infrastructure Protection: Urgent vs. Important Miguel Correia 2012 Workshop on Cyber Security and Global Affairs and Global Security Forum UPC – Barcelona – Jun. 2012

2 Critical Information Infrastructure July 15 th 96 American president signed Executive Order 13010 – introduced (or popularized?) the term critical infrastructures Identifies 8 classes of critical infrastructures: – telecommunications, electrical power systems, gas/oil storage and transportation, banking/finance, transportation, water supply systems, emergency services, continuity of government Critical information infrastructures – the ICT part of these infrastructures 2

3 Power grid Recent past: – Power grid undergone significant computerization and interconnection – Improved operation, but became exposed to cyber-threats Present/future: – Smart grid: smart metering, distributed generation… - ICT is core – More computerization and interconnection, higher exposure to cyber- threats 3

4 Power grid is under siege 2003: Davis-Besse nuclear power plant’s control systems blocked by the Slammer/Sapphire worm 2007: experimental DHS-sponsored cyber-attack destructs a power generator 2009: US electrical grid allegedly penetrated by spies from China, Russia and others 2010: Stuxnet damages centrifuges in Iranian nuclear enrichment center 4

5 URGENT: REDUCING RISK 5

6 Risk is high risk = level of threat X degree of vulnerability X impact Level of threat is high – nation states, random threats, extortion Degree of vulnerability is high – as shown by the previous cases Impact is high – think of a city without power for hours/weeks 6 likelihood of successful attack It is urgent to reduce this risk By reducing the degree of vulnerability It is urgent to reduce this risk By reducing the degree of vulnerability

7 NIST SP 800-82 “Guide to Industrial Control Systems (ICS) Security”, Jun. 2011 Recommendations about – Network architecture – firewall usage, network segregation,… – Management controls – planning, risk assessment,… – Operational controls – personnel security, contingency planning, configuration management,… – Technical controls – authentication, access control, systems and communication protection,… ICT security applied to CIIP 7

8 IEC 62351 “Power systems management and associated information exchange – Data and communications security”, May 2007 Recommendations about the security of TC57 protocols – protection from eavesdropping, man-in-the-middle, spoofing, and replay ICT security applied to CIIP 8

9 Urgent to apply these standards In comparison with “normal” ICT systems… before applying these standards: risk = level of threat X degree of vulnerability X impact 9 much higher! much higher!

10 Urgent to apply these standards In comparison with “normal” ICT systems… after applying these standards: risk = level of threat X degree of vulnerability X impact 10 The risk must still be more reduced! The degree of vulnerability has to become much lower than in ICT systems The risk must still be more reduced! The degree of vulnerability has to become much lower than in ICT systems much higher! much higher! samehigher!

11 IMPORTANT: RESEARCH ABOUT REDUCING RISK MUCH MORE 11

12 Substation A Substation B Substation C Architecture – WAN-of-LANs 12

13 Substation A Substation B Substation C CIS - CRUTIAL Information Switch 13

14 CIS Protection Service Objective: effectively block incoming attacks CIS-PS works at application layer and is a distributed firewall It is intrusion-tolerant thanks to replication and diversity It is self-healing thanks to replica rejuvenation It cannot be attacked even if there are 0-day vulnerabilities 14

15 CIS Communication Service Objective: circumvent faults and DDoS attacks in the WAN CIS run JITER algorithm – timely-critical messages exploit: Multihoming: CII facilities often connected to 2 ISPs Overlay channels: messages sent indirectly through other CIS Communication is timely/secure even under harsh fault/attack scenarios 15 CIS ACIS B CIS C CIS D Network fault, DDoS attack

16 New directions beyond CRUTIAL Threats like Stuxnet might not be blocked by these mechanisms; some research directions: Replication/rejuvenation/diversity inside the LANs – For critical servers, e.g., SCADA servers – For control devices: Programmable Logic Controllers (PLC), Remote Terminal Units (RTU) Continuous vulnerability assessment (instead of periodic scanning) Anomaly-based endpoint assessment 16

17 Conclusions The power grid and other critical information infrastructures are vulnerable to cyber-attacks It is urgent to do the urgent: apply standards and recommendations But ICT-like security mechanisms are not enough: the threat level and impact of CII failure is high, so risk remains high So it is important to do what is important: to investigate novel protection mechanisms that greatly reduce the degree of vulnerability 17

18 More info at my web page: google miguel correia inesc-id

Download ppt "Critical Information Infrastructure Protection: Urgent vs. Important Miguel Correia 2012 Workshop on Cyber Security and Global Affairs and Global Security."

Similar presentations

Copyright © 2014 American Water Works Association Water Sector Approach to Process Control System Security.

Copyright © 2014 American Water Works Association Water Sector Approach to Process Control System Security.
Challenges in Protecting Critical National Infrastructure from Cyber Attacks Singapore University of Technology and Design Aditya P Mathur September 27,

Challenges in Protecting Critical National Infrastructure from Cyber Attacks Singapore University of Technology and Design Aditya P Mathur September 27,
Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.

Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.

1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
Cyber Security and the Smart Grid George W. Arnold, Eng.Sc.D. National Institute of Standards and Technology (NIST) U.S. Department of Commerce

Cyber Security and the Smart Grid George W. Arnold, Eng.Sc.D. National Institute of Standards and Technology (NIST) U.S. Department of Commerce
Team Dec13_11: Cole Hoven Jared Pixley Derek Reiser Rick Sutton Adviser/Client: Prof. Manimaran Govindarasu Graduate Assistant: Aditya Ashok PowerCyber.

Team Dec13_11: Cole Hoven Jared Pixley Derek Reiser Rick Sutton Adviser/Client: Prof. Manimaran Govindarasu Graduate Assistant: Aditya Ashok PowerCyber.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
1 Telstra in Confidence Managing Security for our Mobile Technology.

1 Telstra in Confidence Managing Security for our Mobile Technology.
IS Network and Telecommunications Risks

IS Network and Telecommunications Risks
Network Security of The United States of America By: Jeffery T. Pelletier.

Network Security of The United States of America By: Jeffery T. Pelletier.
Smart Grid Cyber Security Framework

Smart Grid Cyber Security Framework
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.
Toward Open Source Intrusion Tolerant SCADA Trevor Aron JR Charles Akshay Srivatsan Mentor: Marco Platania.

Toward Open Source Intrusion Tolerant SCADA Trevor Aron JR Charles Akshay Srivatsan Mentor: Marco Platania.
A Virtual Environment for Investigating Counter Measures for MITM Attacks on Home Area Networks Lionel Morgan 1, Sindhuri Juturu 2, Justin Talavera 3,

A Virtual Environment for Investigating Counter Measures for MITM Attacks on Home Area Networks Lionel Morgan 1, Sindhuri Juturu 2, Justin Talavera 3,
SCADA – Are we self- sufficient? Presented by Jack McIntyre 15/05/2015Jack McIntyre2.

SCADA – Are we self- sufficient? Presented by Jack McIntyre 15/05/2015Jack McIntyre2.
Secure Systems Research Group - FAU 1 SCADA Software Architecture Meha Garg Dept. of Computer Science and Engineering Florida Atlantic University Boca.

Secure Systems Research Group - FAU 1 SCADA Software Architecture Meha Garg Dept. of Computer Science and Engineering Florida Atlantic University Boca.
Chapter 3 Application Level Security in Wireless Network IWD2243 : Zuraidy Adnan : Sept 2012.

Chapter 3 Application Level Security in Wireless Network IWD2243 : Zuraidy Adnan : Sept 2012.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 1: Exploring the Network Introduction to Networks.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 1: Exploring the Network Introduction to Networks.
Greenbench: A Benchmark for Observing Power Grid Vulnerability Under Data-Centric Threats Mingkui Wei, Wenye Wang Department of Electrical and Computer.

Greenbench: A Benchmark for Observing Power Grid Vulnerability Under Data-Centric Threats Mingkui Wei, Wenye Wang Department of Electrical and Computer.
 Discovered in June/July 2010  Targeted Siemens software and equipment running Microsoft Windows  First malware for SCADA systems to spy and subvert.

 Discovered in June/July 2010  Targeted Siemens software and equipment running Microsoft Windows  First malware for SCADA systems to spy and subvert.

Similar presentations

Ads by Google