Presentation is loading. Please wait.

Presentation is loading. Please wait.

13 Nov 2007 National & Homeland Security Critical Infrastructure Protection/Resilience National Association of Regulatory Utility Commissioners Annual.

Published byMargery Walton Modified over 8 years ago

Similar presentations

Presentation on theme: "13 Nov 2007 National & Homeland Security Critical Infrastructure Protection/Resilience National Association of Regulatory Utility Commissioners Annual."— Presentation transcript:

1 13 Nov 2007 National & Homeland Security Critical Infrastructure Protection/Resilience National Association of Regulatory Utility Commissioners Annual Meeting Critical Infrastructure Protection & Resilience Rita Wells

2 INL Critical Infrastructure Protection Test Beds Power Grid Test Bed Physical Security Test Bed Training and Exercises Wireless Test Bed Protecting the Nation’s Infrastructure Contraband Test Bed SCADA Test Bed UAV Test Bed 2 Cyber Test Bed

3 Multi-laboratory-INL involved with NSTB since FY04 Vision Work with industry to make control system security an integral part of business operations NSTB Products Assessment reports to vendors or asset owners Outreach and Training – 1,600 trained NERC Certified Courses Input into DHS NCSD CSSP products Update status on Roadmap to Secure Control Systems in the Energy Sector Sanitized assessment results National SCADA Test Bed – Office of Electricity Delivery and Energy Reliability (DOE-OE) www.inl.gov/scada

4 Control System Security Program Department of Homeland Security Cyber Security & Telecommunications National Cyber Security Division Reduce Cyber Risk to Critical Infrastructure Control Systems Goal Key Objectives Situational Awareness Risk Reduction Products Government Industry Academia Outreach and Awareness Technology Assessments Scenario Development Vulnerability and Threat International Incident Analysis and Response Provide Guidance Develop Partnerships Prepare and Respond Established June 04 www.us-cert.gov/control_systems/

5 Example of Control System Functions CONTROL DATA  Control valve actuator  System outputs  Manual / automatic  Data fed to control algorithms  Performance monitoring  Digital and analog Many of the processes controlled by computerized control systems have advanced to the point that they can no longer be operated without the control system.

6 Differences: IT Security vs. Control System Security TOPICINFORMATION TECHNOLOGY CONTROL SYSTEMS Anti-virus/Mobile CodeCommon/widely usedUncommon/impossible to deploy Support Technology Lifetime3-5 yearsUp to 20 years OutsourcingCommon/widely usedBecoming more common Application of PatchesRegular/scheduledSlow (vendor specific) Change ManagementRegular/scheduledRare Time Critical ContentGenerally delays acceptedCritical due to safety AvailabilityGenerally delays accepted24 x 7 x 365 x forever Security AwarenessGood in both private and public sector Poor except for physical Security Testing/AuditScheduled and mandatedOccasional testing for outages Physical SecuritySecureRemote and unmanned © 2002 PA Knowledge Limited

7 Threat is ever changing Vulnerabilities are known Consequences are being analyzed Interdependencies/Interconnections are the risk multiplier The Risk Equation Threat Consequence Vulnerability Threat: Any person, circumstance or event with the potential to cause loss or damage - includes motivation, actor, intent and capabilities Vulnerability: Any weakness that can be exploited by an adversary or through accident. Ease of exploit, exposure, impact, deployment Consequence: The amount of loss or damage that can be expected from a successful attack. Cost of consequence minus the ability to defend

8 Threat: Capabilities Presented at Blackhat USA 2005 by the Shmoo Group Toorcon 2005 RootWars Presented at ToorCon 2005 by the Mark Grimes

9 1. Clear Text Communications 10. Web Services 6. Coding Practices 2. Network Addressing 3. Account Management 4. Authentication 8. Unused Services 7. Perimeter Protection 5. System Integration 9. Unpatched Components Vulnerabilities: Known www.inl.gov/scada

10 Consequences Davis-Besse Nuclear Power Australian Sewage Release Worcester Airport Farewell Dossier Duping the Soviets https://www.cia.gov/csi/studies/96unclass/farewell.htm The Farewell Dossier Gus W. Weiss During the Cold War, and especially in the 1970s, Soviet intelligence carried out a substantial and successful clandestine effort to obtain technical and scientific knowledge from the West. This effort was suspected by a few US Government officials but not documented until 1981, when French intelligence obtained the services of Col. Vladimir I. Vetrov, "Farewell," who photographed and supplied 4,000 KGB documents on the program. In the summer of 1981, President Mitterrand told President Reagan of the source, and, when the material was supplied, it led to a potent counterintelligence response by CIA and the NATO intelligence services. President Nixon and Secretary of State Kissinger conceived of détente as the search for ways of easing chronic strains in US-Soviet relations. They sought to engage the USSR in arrangements

11 Managing Risk: Security is a Never Ending Process

12 The INL... Home of Science and Engineering Rita Wells (208) 526-3179 Rita.Wells@inl.gov

Download ppt "13 Nov 2007 National & Homeland Security Critical Infrastructure Protection/Resilience National Association of Regulatory Utility Commissioners Annual."

Similar presentations

Museum Presentation Intermuseum Conservation Association.

Museum Presentation Intermuseum Conservation Association.
Department of Homeland Security Site Assistance Visit (SAV)

Department of Homeland Security Site Assistance Visit (SAV)
NERC CIPC March 16, 2006 Roadmap to Secure Control Systems in the Energy Sector U.S. Department of Energy Office of Electricity Delivery and Energy Reliability.

NERC CIPC March 16, 2006 Roadmap to Secure Control Systems in the Energy Sector U.S. Department of Energy Office of Electricity Delivery and Energy Reliability.
Copyright © 2014 American Water Works Association Water Sector Approach to Process Control System Security.

Copyright © 2014 American Water Works Association Water Sector Approach to Process Control System Security.
Facilitating a Dialog between the NSDI and Utility Companies J. Peter Gomez Manager, Information Requirements, Xcel Energy.

Facilitating a Dialog between the NSDI and Utility Companies J. Peter Gomez Manager, Information Requirements, Xcel Energy.
© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
Cyber and Maritime Infrastructure

Cyber and Maritime Infrastructure
National Infrastructure Protection Plan

National Infrastructure Protection Plan
Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 © 2002 Carnegie.

Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA © 2002 Carnegie.
Cyber Security R&D Challenges: A Homeland Security Perspective Simon Szykman, Ph.D. Director, Cyber Security R&D 202-254-5802.

Cyber Security R&D Challenges: A Homeland Security Perspective Simon Szykman, Ph.D. Director, Cyber Security R&D
DHS, National Cyber Security Division Overview

DHS, National Cyber Security Division Overview
National Protection and Programs Directorate Department of Homeland Security The Office of Infrastructure Protection Cybersecurity Brief [Date of presentation]

National Protection and Programs Directorate Department of Homeland Security The Office of Infrastructure Protection Cybersecurity Brief [Date of presentation]
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
PPA 573 – Emergency Management and Homeland Security Lecture 9b - Department of Homeland Security Strategic Plan.

PPA 573 – Emergency Management and Homeland Security Lecture 9b - Department of Homeland Security Strategic Plan.
Asia Pacific Economic Cooperation Transportation Working Group ITS Experts Group Chicago, Illinois September 2002 Walter Kulyk, P.E. Director, Office of.

Asia Pacific Economic Cooperation Transportation Working Group ITS Experts Group Chicago, Illinois September 2002 Walter Kulyk, P.E. Director, Office of.
K E M A, I N C. Current Status of Cyber Security Issues 2004 Keynote Address Joe Weiss January 20, 2004.

K E M A, I N C. Current Status of Cyber Security Issues 2004 Keynote Address Joe Weiss January 20, 2004.
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.

Resiliency Rules: 7 Steps for Critical Infrastructure Protection.
Www.safezonesystems.com SafeZone® patent pending 1 Detect. Inform. Prevent. NERC Physical Security Standards and Guidelines SafeZone® Detect. Inform. Prevent.

SafeZone® patent pending 1 Detect. Inform. Prevent. NERC Physical Security Standards and Guidelines SafeZone® Detect. Inform. Prevent.
K E M A, I N C. NERC Cyber Security Standards and August 14 th Blackout Implications OSI PI User Group April 20, 2004 Joe Weiss

K E M A, I N C. NERC Cyber Security Standards and August 14 th Blackout Implications OSI PI User Group April 20, 2004 Joe Weiss
Part of a Broader Strategy

Part of a Broader Strategy

Similar presentations

Ads by Google