1)Chapter 1 provided a high-level overview of the need for a national framework for protecting critical infrastructure. For some additional reading, take a look at the latest Presidential Order that relates to strengthening cybersecurity that relates to critical infrastructure:https://www.whitehouse.gov/presidential-actions/pr…After reading chapter 1 and looking at the link above, you’re ready to participate in the first discussion.Let’s look at a real-world scenario and how the Department of Homeland Security (DHS) plays into it. In the scenario, the United States will be hit by a large-scale, coordinated cyber attack organized by China. These attacks debilitate the functioning of government agencies, parts of the critical infrastructure, and commercial ventures. The IT infrastructure of several agencies are paralyzed, the electric grid in most of the country is shut down, telephone traffic is seriously limited and satellite communications are down (limiting the Department of Defense’s [DOD’s] ability to communicate with commands overseas). International commerce and financial institutions are also severely hit. Please explain how DHS should handle this situation.You must do the following:1) Create a new thread. As indicated above, please explain how DHS should handle the situation described in the preceding paragraph.2) Select AT LEAST 3 other students’ threads and post substantive comments on those threads. Your comments should extend the conversation started with the thread. ALL original posts and comments must be substantive. (I’m looking for about a paragraph – not just “I agree.”)
cyber_attacks_chapter01.pdf
Unformatted Attachment Preview
Cyber Attacks
Protecting National Infrastructure, 1st ed.
Chapter 1
Introduction
Copyright © 2012, Elsevier Inc.
All Rights Reserved
1
• National infrastructure
– Refers to the complex, underlying delivery and support
systems for all large-scale services considered absolutely
essential to a nation
Chapter 1 – Introduction
Introduction
• Conventional approach to cyber security not enough
• New approach needed
– Combining best elements of existing security techniques
with challenges that face complex, large-scale national
services
Copyright © 2012, Elsevier Inc.
All rights Reserved
2
Copyright © 2012, Elsevier Inc.
All rights Reserved
Chapter 1 – Introduction
Fig. 1.1 – National infrastructure
cyber and physical attacks
3
Copyright © 2012, Elsevier Inc.
All rights Reserved
Chapter 1 – Introduction
Fig. 1.2 – Differences between
small- and large-scale cyber security
4
• Three types of malicious adversaries
Chapter 1 – Introduction
National Cyber Threats,
Vulnerabilities, and Attacks
– External adversary
– Internal adversary
– Supplier adversary
Copyright © 2012, Elsevier Inc.
All rights Reserved
5
Copyright © 2012, Elsevier Inc.
All rights Reserved
Chapter 1 – Introduction
Fig. 1.3 – Adversaries and
exploitation points in national
infrastructure
6
• Three exploitation points
Chapter 1 – Introduction
National Cyber Threats,
Vulnerabilities, and Attacks
– Remote access
– System administration and normal usage
– Supply chain
Copyright © 2012, Elsevier Inc.
All rights Reserved
7
• Infrastructure threatened by most common security
concerns:
–
–
–
–
Chapter 1 – Introduction
National Cyber Threats,
Vulnerabilities, and Attacks
Confidentiality
Integrity
Availability
Theft
Copyright © 2012, Elsevier Inc.
All rights Reserved
8
• What is a botnet attack?
– The remote collection of compromised end-user machines
(usually broadband-connected PCs) is used to attack a
target.
– Sources of attack are scattered and difficult to identify
– Five entities that comprise botnet attack: botnet operator,
botnet controller, collection of bots, botnot software drop,
botnet target
Copyright © 2012, Elsevier Inc.
All rights Reserved
Chapter 1 – Introduction
Botnet Threat
9
• Five entities that comprise botnet attack:
–
–
–
–
–
Botnet operator
Botnet controller
Collection of bots
Botnot software drop
Botnet target
Chapter 1 – Introduction
Botnet Threat
• Distributed denial of service (DDOS) attack: bots
create “cyber traffic jam”
Copyright © 2012, Elsevier Inc.
All rights Reserved
10
Copyright © 2012, Elsevier Inc.
All rights Reserved
Chapter 1 – Introduction
Fig. 1.4 – Sample DDOS attack from a
botnet
11
• Ten basic design and operation principles:
–
–
–
–
–
Deception
Separation
Diversity
Commonality
Depth
–
–
–
–
–
Chapter 1 – Introduction
National Cyber Security
Methodology Components
Discretion
Collection
Correlation
Awareness
Response
Copyright © 2012, Elsevier Inc.
All rights Reserved
12
• Deliberately introducing misleading functionality or
misinformation for the purpose of tricking an
adversary
Chapter 1 – Introduction
Deception
– Computer scientists call this functionality a honey pot
• Deception enables forensic analysis of intruder
activity
• The acknowledged use of deception may be a
deterrent to intruders (every vulnerability may
actually be a trap)
Copyright © 2012, Elsevier Inc.
All rights Reserved
13
Copyright © 2012, Elsevier Inc.
All rights Reserved
Chapter 1 – Introduction
Fig. 1.5 – Components of an interface
with deception
14
• Separation involves enforced access policy
restrictions on users and resources in a computing
environment
Chapter 1 – Introduction
Separation
• Most companies use enterprise firewalls, which are
complemented by the following:
– Authentication and identity management
– Logical access controls
– LAN controls
– Firewalls
Copyright © 2012, Elsevier Inc.
All rights Reserved
15
Copyright © 2012, Elsevier Inc.
All rights Reserved
Chapter 1 – Introduction
Fig. 1.6 – Firewall enhancements for
national infrastructure
16
• Diversity is the principle of using technology and
systems that are intentionally different in substantive
ways.
• Diversity hard to implement
Chapter 1 – Introduction
Diversity
– A single software vendor tends to dominate the PC
operating system business landscape
– Diversity conflicts with organizational goals of simplifying
supplier and vendor relationships
Copyright © 2012, Elsevier Inc.
All rights Reserved
17
Copyright © 2012, Elsevier Inc.
All rights Reserved
Chapter 1 – Introduction
Fig. 1.7 – Introducing diversity to
national infrastructure
18
• Consistency involves uniform attention to security
best practices across national infrastructure
components
• Greatest challenge involves auditing
• A national standard is needed
Copyright © 2012, Elsevier Inc.
All rights Reserved
Chapter 1 – Introduction
Commonality
19
• Depth involves using multiple security layers to
protect national infrastructure assets
• Defense layers are maximized by using a combination
of functional and procedural controls
Copyright © 2012, Elsevier Inc.
All rights Reserved
Chapter 1 – Introduction
Depth
20
Copyright © 2012, Elsevier Inc.
All rights Reserved
Chapter 1 – Introduction
Fig. 1.8 – National infrastructure
security through defense in depth
21
• Discretion involves individuals and groups making
good decisions to obscure sensitive information
about national infrastructure
• This is not the same as “security through obscurity”
Copyright © 2012, Elsevier Inc.
All rights Reserved
Chapter 1 – Introduction
Discretion
22
• Collection involves automated gathering of systemrelated information about national infrastructure to
enable security analysis
• Data is processed by a security information
management system.
• Operational challenges
Chapter 1 – Introduction
Collection
– What type of information should be collected?
– How much information should be collected?
Copyright © 2012, Elsevier Inc.
All rights Reserved
23
Copyright © 2012, Elsevier Inc.
All rights Reserved
Chapter 1 – Introduction
Fig. 1.9 – Collecting national
infrastructure-related security
information
24
• Correlation involves a specific type of analysis that
can be performed on factors related to national
infrastructure protection
Chapter 1 – Introduction
Correlation
– This type of comparison-oriented analysis is indispensable
• Past initiatives included real-time correlation of data
at fusion center
– Difficult to implement
Copyright © 2012, Elsevier Inc.
All rights Reserved
25
Copyright © 2012, Elsevier Inc.
All rights Reserved
Chapter 1 – Introduction
Fig. 1.10 – National infrastructure highlevel correlation approach
26
• Awareness involves an organization understanding
the differences between observed and normal status
in national infrastructure
• Most agree on the need for awareness, but how can
awareness be achieved?
Copyright © 2012, Elsevier Inc.
All rights Reserved
Chapter 1 – Introduction
Awareness
27
Copyright © 2012, Elsevier Inc.
All rights Reserved
Chapter 1 – Introduction
Fig. 1.11 – Real-time situation
awareness process flow
28
• Response involves the assurance that processes are
in place to react to any security-related indicator
Chapter 1 – Introduction
Response
– Indicators should flow from the awareness layer
• Current practice in smaller corporate environments
of reducing “false positives” by waiting to confirm
disaster is not acceptable for national infrastructure
Copyright © 2012, Elsevier Inc.
All rights Reserved
29
Copyright © 2012, Elsevier Inc.
All rights Reserved
Chapter 1 – Introduction
Fig. 1.12 – National infrastructure
security response approach
30
•
•
•
•
Commissions and groups
Information sharing
International cooperation
Technical and operational costs
Copyright © 2012, Elsevier Inc.
All rights Reserved
Chapter 1 – Introduction
Implementing the Principles
Nationally
31
…
Purchase answer to see full
attachment
