Your SlideShare is downloading. ×
Need for Improved Critical Industrial Infrastructure Protection
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.

Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Need for Improved Critical Industrial Infrastructure Protection


Published on

Presentation to National Coal Council on need for improved critical industrial infrastructure protection in energy sector.

Presentation to National Coal Council on need for improved critical industrial infrastructure protection in energy sector.

Published in: Technology, News & Politics
  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide


  • 1. Urgent Need for Improved Critical Industrial Infrastructure Protection By William J McBorrough, MSIA, CISSP, CISA, CRISC, CEH Principal, Secure Intervention
  • 2. Agenda Introduction What is the risk? What are the threats? What can government do? What can Industry do? Closing thoughts Questions
  • 3. Introduction Critical Industrial Infrastructure includes electricity grids, nuclear power plants, coal power plants, water and sewer facilities, etc 85% owned and operated by private, for-profit interests.
  • 4. What is the risk? According to Department of Homeland Security – “ Attacks using components of the nation’s critical infrastructure could disrupt the functions of government and business and have devastating physical and psychological consequences.”
  • 5. What are the threats? On June 1, New York Times reported cyber attack against Iran’s Nantanz nuclear power plant, which was first discovered in June 2010, was the work of US and Israel.1 ‘Stuxnet” was a computer worm that was hand carried into facility. It infected the control systems causing physical damage.
  • 6. What are the threats? ……cont’d In May 2012, the Department of Homeland Security warned of ongoing cyber attacks against “gas pipeline sector”.2 Attacks began in December 2011 Attacks use sophisticated spear-phishing techniques
  • 7. What are the threats? ……cont’d In October 2011, security researchers released a report detailing discovery and analysis of “Duqu”.3 Duqu bears similarities to Stuxnet, possibly by some responsible parties. Duqu is an espionage malware used to gather information useful in attacking industrial control systems.
  • 8. What are the threats? ……cont’d In 2010, McAfee released a global “Critical Infrastructure Protection” report stating “ 80% of companies surveyed faced large-scale denial of service attacks, and 80% experience a network infiltration” .4
  • 9. How can government help? Reasonable regulatory framework like the Security and Regulatory Standards by National American Electric Corporation (NERC) for bulk power industry Increased public-private collaborations through programs like FBI’s Infragard and National Infrastructure Protection Center Countries like China, Japan and Italy have already taken more aggressive stance including government regulations and audits
  • 10. What can industry do? Participate in public-private collaborative efforts and help drive regulatory framework that actually makes sense. Implement internal policies and procedures to govern use of systems and networks Increase security controls in your networks and systems
  • 11. Closing thoughts Successfully tackling the problem requires the public and private sectors working together. Technological advances like smart grids provide significant benefits, but also introduces huge security risks. More action is needed now to avoid the inevitable over- reaction that will undoubtedly follow the also evitable catastrophic attack against our critical infrastructure.
  • 12. Questions? Welcome to send follow up question to me at Connect on LinkedIN at Follow me on Twitter @securnetworks
  • 13. References a-ordered-wave-of-cyberattacks-against-iran.html1 cyber-attack-aimed-at-natural-gas-pipeline-companies2 pdf3 infrastructure-protection.pdf4