Protecting Infrastructure from Cyber Attacks

  • 287 views
Uploaded on

The Department of Homeland Security (DHS) has become more concerned with cyber attacks on infrastructure such as supervisory control and data acquisition (SCADA) systems. An attack in Iran has proven …

The Department of Homeland Security (DHS) has become more concerned with cyber attacks on infrastructure such as supervisory control and data acquisition (SCADA) systems. An attack in Iran has proven that the landscape of cyber warfare is continually evolving. As the SCADA systems are the systems that autonomously monitor and adjust switching among other processes within critical infrastructures such as nuclear plants, and power grids DHS has become concerned about these systems as they are unmanned frequently and remotely accessed. A vulnerability such as remote access could allow anyone to take control of assets to critical infrastructure remotely. There has been increasing mandates, and directives to ensure any system deployed meets stringent requirements. As the Stuxnet worm has become a reality, future attacks could be malicious code directly targeting specific locations of critical infrastructure. This paper will address methods to protect infrastructure from cyber attacks using a hybrid of certification & accreditation (C&A) processes and information assurance (IA) controls.

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
287
On Slideshare
0
From Embeds
0
Number of Embeds
1

Actions

Shares
Downloads
10
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Protecting Infrastructurefrom Cyber AttacksDr. Maurice Dawson, Walden University /Alabama A&M UniversityDr. Jonathan Abramson, Colorado Technical UniversityDr. Marwan Omar, Colorado Technical University
  • 2. Abstract• The Department of Homeland Security (DHS) has become moreconcerned with cyber attacks on infrastructure such as supervisorycontrol and data acquisition (SCADA) systems. An attack in Iran hasproven that the landscape of cyber warfare is continually evolving. Asthe SCADA systems are the systems that autonomously monitor and adjustswitching among other processes within critical infrastructures such asnuclear plants, and power grids DHS has become concerned about thesesystems as they are unmanned frequently and remotely accessed. Avulnerability such as remote access could allow anyone to take control ofassets to critical infrastructure remotely. There has been increasingmandates, and directives to ensure any system deployed meets stringentrequirements. As the Stuxnet worm has become a reality, future attackscould be malicious code directly targeting specific locations of criticalinfrastructure. This paper will address methods to protectinfrastructure from cyber attacks using a hybrid of certification &accreditation (C&A) processes and information assurance (IA)controls.
  • 3. Topics• Example Scripts• 2012 FISMA Report• Previous Research• Vulnerabilities & Threats• Example Physical Security Threat Scenario• System C&A Processes• Product C&A Processes• Example Unclassified DIACAP Controls• Virtualization as a Tool
  • 4. Virus in Bash Script#!/bin/bashEcho “Yep We Finally Got You”Rmdir *.bin ##removal of key directories to render systemuselessRm filename1 filename2 filename3 filename 4 ##removal ofkey files to render system uselessNote: file must be --7(executable) andbypass sudo
  • 5. Example Copy Script in Bash Script#!/bin/bashtar -cZf /var/my-backup.tgz /home/me/ ##key files can becopied anywhereNote: file must be --7(executable) andbypass sudo
  • 6. 2012 FISMA Report
  • 7. Previous Research• DoD Cyber TechnologyPolicies to SecureAutomated InformationSystems– Certification & Accreditation(C&A) evaluation processes– Plan of action and milestones(PO&AM)– DIACAP scorecard– System identification plan (SIP)– DIACAP implementation plan(DIP)
  • 8. Vulnerabilities & Threats• Industrial processes include those ofmanufacturing, production, power generation, fabrication, andrefining, and may run in continuous, batch, repetitive, ordiscrete modes.• Infrastructure processes may be public or private, and includewater treatment and distribution, wastewater collection andtreatment, oil and gas pipelines, electrical power transmissionand distribution, wind farms, civil defense siren systems, andlarge communication systems.• Facility processes occur both in public facilities and privateones, including buildings, airports, ships, and space stations.They monitor and control heating, ventilation, and airconditioning systems (HVAC), access, and energy consumption.
  • 9. Vulnerabilities & Threats cont.• Remote access– Root control of system– Ability to map network(s)– Ability to corrupt cloud infrastructure(s)• Virus focused on specific hardware– Over clocking– Redirect of network and data• Covert channel analysis• Lack of qualified personnel• Insider threat• Natural disasters• Inconsistencies of applied processes
  • 10. Example Physical Security ScenarioDecide targetsPerform research ontarget using Googlemaps, socialmedia, and etc.Capture onlinemaps for buildingarchitectureRender items withvirtual world(s), andgraphics applicationsoftware(s)Prepare mock upscenario(s)Test run mock upscenario(s)Perform live run
  • 11. Systems C&A Process - DIACAP
  • 12. Product C&A Process – Common Criteria
  • 13. Unclassified DIACAP Controls – MAC IIIUnclassified [Example]
  • 14. Virtualization as a ToolSupporting Tasks• Test patches before fulldeployment• See how OS or system reactsto virus• Use as tool to deployhardened VMsExample Set UpHARDWAREOS PLATFORMHYPERVISORWINDOWSRED HATLINUXUBUNTULINUX
  • 15. Any QuestionsPlease feel free tocontact me atmaurice.dawson@aamu.eduWk: 256-372-4801