0
Urgent Need for Improved         Critical Industrial Infrastructure Protection      By William J McBorrough, MSIA, CISSP, ...
Agenda Introduction What is the risk? What are the threats? What can government do? What can Industry do? Closing th...
Introduction Critical Industrial Infrastructure includes electricity   grids, nuclear power plants, coal power plants, wa...
What is the risk? According to Department of Homeland Security – “ Attacks  using components of the nation’s critical inf...
What are the threats? On June 1, New York Times reported cyber attack against  Iran’s Nantanz nuclear power plant, which ...
What are the threats? ……cont’d In May 2012, the Department of Homeland Security warned  of ongoing cyber attacks against ...
What are the threats? ……cont’d In October 2011, security researchers released a report  detailing discovery and analysis ...
What are the threats? ……cont’d In 2010, McAfee released a global “Critical Infrastructure   Protection” report stating “ ...
How can government help? Reasonable regulatory framework like the Security and  Regulatory Standards by National American...
What can industry do? Participate in public-private collaborative efforts and help   drive regulatory framework that actu...
Closing thoughts Successfully tackling the problem requires the public and  private sectors working together. Technologi...
Questions? Welcome to send follow up question to me at  wjm4@secureintervention.com Connect on LinkedIN at www.linkedin....
References http://www.nytimes.com/2012/06/01/world/middleeast/obam  a-ordered-wave-of-cyberattacks-against-iran.html1 ht...
Upcoming SlideShare
Loading in...5
×

Need for Improved Critical Industrial Infrastructure Protection

1,822

Published on

Presentation to National Coal Council on need for improved critical industrial infrastructure protection in energy sector.

Published in: Technology, News & Politics
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,822
On Slideshare
0
From Embeds
0
Number of Embeds
10
Actions
Shares
0
Downloads
9
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "Need for Improved Critical Industrial Infrastructure Protection"

  1. 1. Urgent Need for Improved Critical Industrial Infrastructure Protection By William J McBorrough, MSIA, CISSP, CISA, CRISC, CEH Principal, Secure Intervention
  2. 2. Agenda Introduction What is the risk? What are the threats? What can government do? What can Industry do? Closing thoughts Questions
  3. 3. Introduction Critical Industrial Infrastructure includes electricity grids, nuclear power plants, coal power plants, water and sewer facilities, etc 85% owned and operated by private, for-profit interests.
  4. 4. What is the risk? According to Department of Homeland Security – “ Attacks using components of the nation’s critical infrastructure could disrupt the functions of government and business and have devastating physical and psychological consequences.”
  5. 5. What are the threats? On June 1, New York Times reported cyber attack against Iran’s Nantanz nuclear power plant, which was first discovered in June 2010, was the work of US and Israel.1 ‘Stuxnet” was a computer worm that was hand carried into facility. It infected the control systems causing physical damage.
  6. 6. What are the threats? ……cont’d In May 2012, the Department of Homeland Security warned of ongoing cyber attacks against “gas pipeline sector”.2 Attacks began in December 2011 Attacks use sophisticated spear-phishing techniques
  7. 7. What are the threats? ……cont’d In October 2011, security researchers released a report detailing discovery and analysis of “Duqu”.3 Duqu bears similarities to Stuxnet, possibly by some responsible parties. Duqu is an espionage malware used to gather information useful in attacking industrial control systems.
  8. 8. What are the threats? ……cont’d In 2010, McAfee released a global “Critical Infrastructure Protection” report stating “ 80% of companies surveyed faced large-scale denial of service attacks, and 80% experience a network infiltration” .4
  9. 9. How can government help? Reasonable regulatory framework like the Security and Regulatory Standards by National American Electric Corporation (NERC) for bulk power industry Increased public-private collaborations through programs like FBI’s Infragard and National Infrastructure Protection Center Countries like China, Japan and Italy have already taken more aggressive stance including government regulations and audits
  10. 10. What can industry do? Participate in public-private collaborative efforts and help drive regulatory framework that actually makes sense. Implement internal policies and procedures to govern use of systems and networks Increase security controls in your networks and systems
  11. 11. Closing thoughts Successfully tackling the problem requires the public and private sectors working together. Technological advances like smart grids provide significant benefits, but also introduces huge security risks. More action is needed now to avoid the inevitable over- reaction that will undoubtedly follow the also evitable catastrophic attack against our critical infrastructure.
  12. 12. Questions? Welcome to send follow up question to me at wjm4@secureintervention.com Connect on LinkedIN at www.linkedin.com/in/mcborrough Follow me on Twitter @securnetworks
  13. 13. References http://www.nytimes.com/2012/06/01/world/middleeast/obam a-ordered-wave-of-cyberattacks-against-iran.html1 http://www.csmonitor.com/USA/2012/0505/Alert-Major- cyber-attack-aimed-at-natural-gas-pipeline-companies2 http://www.crysys.hu/publications/files/bencsathPBF11duqu. pdf3 http://www.mcafee.com/us/resources/reports/rp-critical- infrastructure-protection.pdf4
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×