Defending critical infrastructure

931
-1

Published on

Cisco sponsored 'Cyber Security India', India's Only Dedicated Military Cyber Security Conference held on 1-2nd November, 2011 at IHC, New Delhi. The event witnessed an overwhelming support and delegates from organisations including the MoD, NSC, DIA, CERT-In, DRDO, C-DAC, CENJOWS, and cyber officials from across the Indian Armed Forces. Cisco expert Arif Shouqi spoke on “Securing Operational Networks" to a packed hall.

Published in: Technology, Education
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
931
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
43
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Defending critical infrastructure

  1. 1. Defending CriticalInfrastructureSqn Ldr Shouqi (Retd)Chief Defence Architect , APAC© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 1
  2. 2. • Define the threat• Define the Actors• The Supply Chain problem• SCADA attacks© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 2
  3. 3. Source: Uppsala Conflict Data Programme / International Peace Research Institute, Oslo© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
  4. 4. © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
  5. 5. • UK online economy was worth 100 Billion Pounds in 2010 • That is larger than the construction, transport and the Gas+Electricity+Water industry • 99% of all transactions were on plastic or online. • For every 1 Pounds‟ worth imported online, the UK exports 2.80 Pounds worth online • offline economy exports 90p for every £1 imported “Just as in the 19th century we had to secure the seas for our national safety and prosperity, and in the 20th century we had to secure the air, in the 21st century we also have to secure our advantage in cyber space”© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
  6. 6. Number of hostile players increasing •Cyber Criminals •Corporate conflict/rivalry •Nation states •Terrorists© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
  7. 7. © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
  8. 8. © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
  9. 9. © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
  10. 10. • The website has been hacked by a Chinese cybercriminal gang using a vulnerability called SQL injection• When we click on featured properties, it goes to tejary.net in China, which serves you a backdoor Trojan• Your laptop now is a part of a large botnet (40,000 strong) run by tejary.net, and it is not fully under your control• So why would anyone need a botnet? How does it help tejary.net?© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
  11. 11. © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
  12. 12. • Bakasoftware creates “scareware” and licenses it to affiliates.• Affiliates either own botnets or rent them• Affiliate load scareware on to botnets• Affiliate pays a commission to Bakasoftware for every purchase made© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
  13. 13. © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
  14. 14. ZeuS© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
  15. 15. • Objective: Start a credential theft business. • Seed Money: $2500 • Business Plan: Infect victims with info-stealing malware. Mine the stolen data for account credentials. Sell the credentials in the criminal marketplace. • Startup Requirements: Infrastructure. Info stealing malware. Victims.© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
  16. 16. • Infrastructure. Cloud-based server: $300 for 3 months Linux-Apache-MySQL-PHP: Free • Info stealing malware. ZeuS: $700 • Web exploit management system. Fragus exploit toolkit: $800 • Capital to establish trust with partners: $700 • Total: $2500© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
  17. 17. © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
  18. 18. First Stage Second Stage Writers Abusers Middle Men Abusers End Value Tool and Toolkit Hacker/Direct Fame Writers Attack Compromised Host and Theft Application Malware Writers Espionage Extortionist/ (Corporate/ Machine DDoS-for-Hire Government) Bot-Net Creation Worms Harvesting Extorted Pay-Offs Spammer Viruses Bot-Net Management: For Rent, for Lease, for Commercial Sales Trojans Sale Phisher Fraudulent Sales Information Personal Spyware Harvesting Information Pharmer/DNS Poisoning Click-Through Revenue Information Brokerage Internal Theft: Identity Theft Financial Fraud Abuse of Privilege Electronic IP Leakage $$$ Flow of Money $$$© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
  19. 19. Supervisory Control And Data Acquisition systems© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
  20. 20. © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
  21. 21. • In January 2000, a contractor company installs a sewage control system• A few days later, system misbehaves mysteriously• A total 240 tons of raw sewage was spilt onto a hotel, as school, and a park• Investigation revealed an ex-employee had sabotaged the control system• He mounted a total of 46 attacks before being caughtThis is a classic case of an insider SCADA attack. In the most famous SCADA attack, Iran’s nuclear programme was set back by 2 to 5 years by the Stuxnet virus © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
  22. 22. • June 1999 : 237,000 gallons of gasoline leaked from pipeline in Bellingham, Washington.• Gas caught fire, killing 3 and injuring 8, and causing $45 M of damage.• The SCADA server also had a database application running on it• The database hogged so much resources that SCADA did not react in time to the leak, causing the tragedyThis is not an attack, but an illustration that SCADA malfunctions can kill © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
  23. 23. • According to a MacAfee survey, 80 percent of executives surveyed in Mexico reported Cyber extortion using SCADA attacks• The same survey reported that 60 percent of Indian companies reported cyber extortion attempts“Hundreds of millions of dollars have been extorted [from various companies], and maybe more […] This [cyber ] kind of extortion is the biggest untold story of the cybercrime industry.” - Allan Paller, Director of the SANS Institute © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
  24. 24. © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
  25. 25. © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
  26. 26. • July 2009 13,073 fake Processors supplied to the US navy• brand names of Intel, AMD, Fujistsu, Amtel, Altera and NCC, all reputed brands• They were procured for unknown sources in China• Some were „black topped‟ and re-branded as Military Grade, sold for much higher sums• FBI arrested three members of a family.Arab telecom provider Etisalat pushed to BlackBerry users what it said was a software update for improving performance. In fact, it was spyware capable of providing access to information on the devices.© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
  27. 27. • BAE wanted some chips made by Philips Semiconductor for a modern weapon systems for the US military• Port Electronic, supplied these chips, which were fakes.• Philips had stopped manufacturing them in 1997.BAE wanted to use these old chips to avoid a redesign that would cost millions….© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 27
  28. 28. • Port Electronics had sourced them from Aapex International.• Aapex international had purchased them from HKF International in Shenzhen, China• The source remains unknown to this day.When asked if She knew they were fake, the GM of HK Fair International said “we are traders…we buy chips from one hand and sell them from the other”© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 28
  29. 29. “If the supply chain can be conceived as an orchestra, then imagine 104 musicians; with no conductor; very little sheet music; and music not shared among musicians. Under such conditions, how can you play a symphony?” Only 4 firms, Dell, Wal-Mart , Cisco and HP are approaching stage 4 supply chain maturity, but that is far below the critical mass needed for orchestrating and synchronizing a global outsourced supply chain…. http://www.saic.com/news/resources/Cyber_Supply_Chain.pdf© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
  30. 30. • Product comes from an untrusted country• Product comes from an untrusted company• Product itself is distrusted• Supply chains are obscure , integrity of supply chain cannot be verified© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
  31. 31. • United StatesSection 806 of the National Defense Authorization Act 2011 authorizes the Defence Secretary and the Secretaries of the Army, Navy and Air Force to exclude vendors or their products if they pose an unacceptable supply chain risk• IndiaInstead of focusing on the exclusion of vendors and products that pose unacceptable risks, the Indian government attempts to reduce that risk by relying upon policies promoting indigenous innovation.Source : Microsoft white paper© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
  32. 32. China• The entity that researches, develops and manufactures the product must be invested or controlled by Chinese citizens, legal persons or the state, and have independent legal representation in China;RussiaCreate a “National Software Platform” to help reduce dependence on foreign productsSource : Microsoft white paper© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
  33. 33. © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 33
  34. 34. Security needs to move at the speed of crime© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 34
  35. 35. Thank you.
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×