• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Need for Improved Critical Industrial Infrastructure Protection
 

Need for Improved Critical Industrial Infrastructure Protection

on

  • 1,702 views

Presentation to National Coal Council on need for improved critical industrial infrastructure protection in energy sector.

Presentation to National Coal Council on need for improved critical industrial infrastructure protection in energy sector.

Statistics

Views

Total Views
1,702
Views on SlideShare
1,006
Embed Views
696

Actions

Likes
0
Downloads
5
Comments
0

17 Embeds 696

http://infosec3t.com 435
http://www.infosec3t.com 89
http://mcglobaltech.com 74
http://www.securitybloggersnetwork.com 23
http://abtasty.com 22
http://www.sys-con.com 15
http://securnetworks.tumblr.com 11
http://feeds.feedburner.com 9
http://www.linkedin.com 6
http://intranet.securemymind.com 3
http://feeds2.feedburner.com 2
https://www.linkedin.com 2
http://infosec3t.sys-con.com 1
http://webcache.googleusercontent.com 1
http://www.newsblur.com 1
http://74.6.116.71 1
http://www.mcglobaltech.com 1
More...

Accessibility

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Need for Improved Critical Industrial Infrastructure Protection Need for Improved Critical Industrial Infrastructure Protection Presentation Transcript

    • Urgent Need for Improved Critical Industrial Infrastructure Protection By William J McBorrough, MSIA, CISSP, CISA, CRISC, CEH Principal, Secure Intervention
    • Agenda Introduction What is the risk? What are the threats? What can government do? What can Industry do? Closing thoughts Questions
    • Introduction Critical Industrial Infrastructure includes electricity grids, nuclear power plants, coal power plants, water and sewer facilities, etc 85% owned and operated by private, for-profit interests.
    • What is the risk? According to Department of Homeland Security – “ Attacks using components of the nation’s critical infrastructure could disrupt the functions of government and business and have devastating physical and psychological consequences.”
    • What are the threats? On June 1, New York Times reported cyber attack against Iran’s Nantanz nuclear power plant, which was first discovered in June 2010, was the work of US and Israel.1 ‘Stuxnet” was a computer worm that was hand carried into facility. It infected the control systems causing physical damage.
    • What are the threats? ……cont’d In May 2012, the Department of Homeland Security warned of ongoing cyber attacks against “gas pipeline sector”.2 Attacks began in December 2011 Attacks use sophisticated spear-phishing techniques
    • What are the threats? ……cont’d In October 2011, security researchers released a report detailing discovery and analysis of “Duqu”.3 Duqu bears similarities to Stuxnet, possibly by some responsible parties. Duqu is an espionage malware used to gather information useful in attacking industrial control systems.
    • What are the threats? ……cont’d In 2010, McAfee released a global “Critical Infrastructure Protection” report stating “ 80% of companies surveyed faced large-scale denial of service attacks, and 80% experience a network infiltration” .4
    • How can government help? Reasonable regulatory framework like the Security and Regulatory Standards by National American Electric Corporation (NERC) for bulk power industry Increased public-private collaborations through programs like FBI’s Infragard and National Infrastructure Protection Center Countries like China, Japan and Italy have already taken more aggressive stance including government regulations and audits
    • What can industry do? Participate in public-private collaborative efforts and help drive regulatory framework that actually makes sense. Implement internal policies and procedures to govern use of systems and networks Increase security controls in your networks and systems
    • Closing thoughts Successfully tackling the problem requires the public and private sectors working together. Technological advances like smart grids provide significant benefits, but also introduces huge security risks. More action is needed now to avoid the inevitable over- reaction that will undoubtedly follow the also evitable catastrophic attack against our critical infrastructure.
    • Questions? Welcome to send follow up question to me at wjm4@secureintervention.com Connect on LinkedIN at www.linkedin.com/in/mcborrough Follow me on Twitter @securnetworks
    • References http://www.nytimes.com/2012/06/01/world/middleeast/obam a-ordered-wave-of-cyberattacks-against-iran.html1 http://www.csmonitor.com/USA/2012/0505/Alert-Major- cyber-attack-aimed-at-natural-gas-pipeline-companies2 http://www.crysys.hu/publications/files/bencsathPBF11duqu. pdf3 http://www.mcafee.com/us/resources/reports/rp-critical- infrastructure-protection.pdf4