1Running head SHORTENED VERSION OF TITLE8SHORTENE.docx

1
Running head: SHORTENED VERSION OF TITLE
8
SHORTENED TITLE HERE IN ALL CAPS
Full Title of Your Paper Here
University of the Cumberlands, Williamsburg, KY
ITS832 – Information Systems in a Global Economy Section 56
Residency Weekend Research Paper
Your Full Title of Your Paper
Introduce your paper here briefly. Every paper needs a thesis
sentence. Make sure yours has one. You’ll describe your topic
in more detail below, so don’t put too much detail here. Your
thesis sentence should prepare the reader for what the paper will
say. Something like “This paper introduces the topic of
multinational software engineering project management
software, describes current trends in the industry, and identifies
future research opportunities recommended by recent authors”
is a good thesis sentence.Topic Description
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Proin
convallis, mi quis faucibus elementum, arcu augue dapibus arcu,
quis rhoncus nunc nisi pulvinar tellus. In bibendum pharetra
ligula, et blandit purus scelerisque at. Donec malesuada eros ut
lorem dignissim molestie. Cras metus lorem, vestibulum a
pharetra sit amet, consectetur sit amet nibh. Cras Recent
Research Projects

Maecenas id luctus ligula. Cras condimentum eleifend nibh sit
amet iaculis. Suspendisse placerat sollicitudin mi, vel ornare
augue hendrerit ac. Nulla sed suscipit sapien. Cras pellentesque
orci lectus, eu consequat enim.Discussion, Implications, and
Future Research
This is where you summarize the recommendations made by the
various authors writing in your problem area.Conclusion
Every paper should have a conclusion where you summarize
what you’ve said. This is where you can add a “so what”
statement that reinforces the paper’s bottom line.
References
Lastname, C. (2008). Title of the source without caps except
Proper Nouns or: First word after colon. The Journal or
Publication Italicized and Capped, Vol#(Issue#), Page numbers.
*
Copyright © 2012, Elsevier Inc. All Rights Reserved
Chapter 4
Diversity
Cyber Attacks
Protecting National Infrastructure, 1st ed.
Copyright © 2012, Elsevier Inc. All Rights Reserved
The University of Adelaide, School of Computer Science
*
Chapter 2 — Instructions: Language of the Computer
*

*
Copyright © 2012, Elsevier Inc. All rights Reserved
Chapter 4 – Diversity
IntroductionThe securing any set of national assets should
include a diversity strategyThe deliberate introduction of
diversity into national infrastructure to increase security has not
been well exploredTwo system are considered diverse if their
key attributes differDiversity bucks the trend to standardize
assets for efficiency's sake
*
*
*
Fig. 4.1 – Diverse and nondiverse components through attribute
differences
*

Diversity and Worm PropagationWorm propagation is an
example of an attack that relies on a nondiverse target
environmentWorm functionality in three steps:Step #1: Find a
target system on the network for propagation of worm
programStep #2: Copy program to that systemStep #3: Remotely
execute programRepeatDiversity may be expensive to introduce,
but saves money on response costs in the long run
*
*
*
Fig. 4.2 – Mitigating worm activity through diversity
*
Desktop Computer System DiversityMost individual computers
run the same operating system software on a standard processor
platform and browse the Internet through one or two popular
search engines with the one of only a couple browsersThe
typical configuration is a PC running Windows on an Intel
platform, browsing the Internet with Internet Explorer,

searching with GoogleThis makes the average home PC user a
highly predictable target
*
*
*
Fig. 4.3 – Typical PC configuration showing diversity
*
Desktop Computer System DiversityThree
ConsiderationsPlatform costsApplication
interoperabilitySupport and training
*
*

*
Ultimate solution for making desktops more secure involves
their removalNot a practical solutionCloud computing may offer
home PC users a diverse, protected environment
Diversity Paradox of Cloud Computing
*
*
*
Fig. 4.4 – Spectrum of desktop diversity options
*
Fig. 4.5 – Diversity and attack difficulty with option of removal
*

Modern telecommunications consist of the following two types
of technologiesCircuit-switchedPacket-switchedWhen compared
to one another, these two technologies automatically provide
diversityDiversity may not always be a feasible goalMaximizing
diversity may defend against large-scale attacks, but one must
also look closely at the entire architecture
Network Technology Diversity
*
*
*
Fig. 4.6 – Worm nonpropagation benefit from diverse
telecommunications
*
Fig. 4.7 – Potential for impact propagation over shared fiber
*

Any essential computing or networking asset that serves a
critical function must include physical distribution to increase
survivabilityPhysical diversity has been part of the national
asset system for yearsBackup center diversitySupplier/vendor
diversityNetwork route diversity
Physical Diversity
*
*
*
Fig. 4.8 – Diverse hubs in satellite SCADA configurations
*
A national diversity program would coordinate between
companies and government agenciesCritical path
analysisCascade modelingProcurement discipline
National Diversity Program

*
*
C y b e r A t t a c k s
“Dr. Amoroso’s fi fth book Cyber Attacks: Protecting National
Infrastructure outlines the chal-
lenges of protecting our nation’s infrastructure from cyber
attack using security techniques
established to protect much smaller and less complex
environments. He proposes a brand
new type of national infrastructure protection methodology and
outlines a strategy presented
as a series of ten basic design and operations principles ranging
from deception to response.
The bulk of the text covers each of these principles in technical
detail. While several of these
principles would be daunting to implement and practice they
provide the fi rst clear and con-
cise framework for discussion of this critical challenge. This
text is thought-provoking and
should be a ‘must read’ for anyone concerned with
cybersecurity in the private or government
sector.”
— Clayton W. Naeve, Ph.D. ,

Senior Vice President and Chief Information Offi cer,
Endowed Chair in Bioinformatics,
St. Jude Children’s Research Hospital,
Memphis, TN
“Dr. Ed Amoroso reveals in plain English the threats and
weaknesses of our critical infra-
structure balanced against practices that reduce the exposures.
This is an excellent guide
to the understanding of the cyber-scape that the security
professional navigates. The book
takes complex concepts of security and simplifi es it into
coherent and simple to understand
concepts.”
— Arnold Felberbaum ,
Chief IT Security & Compliance Offi cer,
Reed Elsevier
“The national infrastructure, which is now vital to
communication, commerce and entertain-
ment in everyday life, is highly vulnerable to malicious attacks
and terrorist threats. Today, it
is possible for botnets to penetrate millions of computers around
the world in few minutes,
and to attack the valuable national infrastructure.
“As the New York Times reported, the growing number of
threats by botnets suggests that
this cyber security issue has become a serious problem, and we
are losing the war against
these attacks.

“While computer security technologies will be useful for
network systems, the reality
tells us that this conventional approach is not effective enough
for the complex, large-scale
national infrastructure.
“Not only does the author provide comprehensive
methodologies based on 25 years of expe-
rience in cyber security at AT&T, but he also suggests ‘security
through obscurity,’ which
attempts to use secrecy to provide security.”
— Byeong Gi Lee ,
President, IEEE Communications Society, and
Commissioner of the Korea Communications Commission
(KCC)
C y b e r A t t a c k s
Protecting National
Infrastructure
Edward G. Amoroso
AMSTERDAM • BOSTON • HEIDELBERG • LONDON
NEW YORK • OXFORD • PARIS • SAN DIEGO
SAN FRANCISCO • SINGAPORE • SYDNEY • TOKYO
Butterworth-Heinemann is an imprint of Elsevier
Acquiring Editor: Pam Chester

Development Editor: Gregory Chalson
Project Manager: Paul Gottehrer
Designer: Alisa Andreola
Butterworth-Heinemann is an imprint of Elsevier
30 Corporate Drive, Suite 400, Burlington, MA 01803, USA
© 2011 Elsevier Inc. All rights reserved
No part of this publication may be reproduced or transmitted in
any form or by any means, electronic
or mechanical, including photocopying, recording, or any
information storage and retrieval system,
without permission in writing from the publisher. Details on
how to seek permission, further
information about the Publisher’s permissions policies and our
arrangements with organizations such
as the Copyright Clearance Center and the Copyright Licensing
Agency, can be found at our
website: www.elsevier.com/permissions .
This book and the individual contributions contained in it are
protected under copyright by the
Publisher (other than as may be noted herein).
Notices
Knowledge and best practice in this fi eld are constantly
changing. As new research and experience
broaden our understanding, changes in research methods or
professional practices, may become necessary.
Practitioners and researchers must always rely on their own
experience and knowledge in evaluating
and using any information or methods described herein. In using
such information or methods they should be
mindful of their own safety and the safety of others, including
parties for whom they have a professional

responsibility.
To the fullest extent of the law, neither the Publisher nor the
authors, contributors, or editors, assume
any liability for any injury and/or damage to persons or
property as a matter of products liability,
negligence or otherwise, or from any use or operation of any
methods, products, instructions, or
ideas contained in the material herein.
Library of Congress Cataloging-in-Publication Data
Amoroso, Edward G.
Cyber attacks : protecting national infrastructure / Edward
Amoroso.
p. cm.
Includes index.
ISBN 978-0-12-384917-5
1. Cyberterrorism—United States—Prevention. 2. Computer
security—United States. 3. National
security—United States. I. Title.
HV6773.2.A47 2011
363.325�90046780973—dc22 2010040626
British Library Cataloguing-in-Publication Data
A catalogue record for this book is available from the British
Library.
Printed in the United States of America
10 11 12 13 14 10 9 8 7 6 5 4 3 2 1
For information on all BH publications visit our website at
www.elsevierdirect.com/security

CONTENTS v
CONTENTS
Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . ix
Acknowledgment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . xi
Chapter 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . 1
National Cyber Threats, Vulnerabilities, and Attacks . . . . . . .
. . . . . . . . . 4
Botnet Threat . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . 6
National Cyber Security Methodology Components . . . . . . .
. . . . . . . . 9
Deception . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . 11
Separation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . 13
Diversity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . 16
Consistency . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . 17
Depth . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . 19
Discretion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . 20
Collection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . 21
Correlation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . 23
Awareness . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . 25
Response . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . 26

Implementing the Principles Nationally . . . . . . . . . . . . . . . .
. . . . . . . . 28
Chapter 2 Deception . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . 31
Scanning Stage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . 35
Deliberately Open Ports . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . 37
Discovery Stage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . 39
Deceptive Documents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . 41
Exploitation Stage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . 42
Procurement Tricks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . 45
Exposing Stage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . 46
Interfaces Between Humans and Computers . . . . . . . . . . . . .
. . . . . . . 47
National Deception Program . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . 49
vi CONTENTS
Chapter 3 Separation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . 51
What Is Separation? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . 53
Functional Separation . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . 55
National Infrastructure Firewalls . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . 57

DDOS Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . 60
SCADA Separation Architecture . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . 62
Physical Separation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . 63
Insider Separation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . 65
Asset Separation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . 68
Multilevel Security (MLS) . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . 70
Chapter 4 Diversity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . 73
Diversity and Worm Propagation . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . 75
Desktop Computer System Diversity . . . . . . . . . . . . . . . . . . .
. . . . . . . . 77
Diversity Paradox of Cloud Computing . . . . . . . . . . . . . . . . .
. . . . . . . . 80
Network Technology Diversity . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . 82
Physical Diversity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . 85
National Diversity Program . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . 87
Chapter 5 Commonality. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . 89
Meaningful Best Practices for Infrastructure Protection . . . . .
. . . . . . . 92
Locally Relevant and Appropriate Security Policy . . . . . . . .
. . . . . . . . 95
Culture of Security Protection . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . 97

Infrastructure Simplifi cation . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . 99
Certifi cation and Education . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . 102
Career Path and Reward Structure . . . . . . . . . . . . . . . . . . . . .
. . . . . . . 105
Responsible Past Security Practice . . . . . . . . . . . . . . . . . . .
. . . . . . . . 106
National Commonality Program . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . 107
Chapter 6 Depth . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . 109
Effectiveness of Depth . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . 111
Layered Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . 115
Layered E-Mail Virus and Spam Protection . . . . . . . . . . . . . .
. . . . . . . . 119
CONTENTS vii
Layered Access Controls . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . 120
Layered Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . 122
Layered Intrusion Detection . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . 124
National Program of Depth . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . 126
Chapter 7 Discretion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . 129
Trusted Computing Base . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . 130
Security Through Obscurity . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . 133
Information Sharing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . 135
Information Reconnaissance . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . 137
Obscurity Layers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . 139
Organizational Compartments . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . 141
National Discretion Program . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . 143
Chapter 8 Collection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . 145
Collecting Network Data . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . 148
Collecting System Data . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . 150
Security Information and Event Management . . . . . . . . . . . .
. . . . . . 154
Large-Scale Trending . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . 156
Tracking a Worm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . 159
National Collection Program . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . 161
Chapter 9 Correlation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . 163
Conventional Security Correlation Methods . . . . . . . . . . . . . .
. . . . . . 167
Quality and Reliability Issues in Data Correlation . . . . . . . . .
. . . . . . . 169
Correlating Data to Detect a Worm . . . . . . . . . . . . . . . . . . . .

. . . . . . . . 170
Correlating Data to Detect a Botnet . . . . . . . . . . . . . . . . . . .
. . . . . . . . 172
Large-Scale Correlation Process . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . 174
National Correlation Program . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . 176
Chapter 10 Awareness . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . 179
Detecting Infrastructure Attacks . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . 183
Managing Vulnerability Information . . . . . . . . . . . . . . . . . .
. . . . . . . . 184
viii CONTENTS
Cyber Security Intelligence Reports . . . . . . . . . . . . . . . . . . .
. . . . . . . . 186
Risk Management Process . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . 188
Security Operations Centers . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . 190
National Awareness Program . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . 192
Chapter 11 Response. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . 193
Pre- Versus Post-Attack Response . . . . . . . . . . . . . . . . . . .
. . . . . . . . . 195
Indications and Warning . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . 197
Incident Response Teams . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . 198

Forensic Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . 201
Law Enforcement Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . 203
Disaster Recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . 204
National Response Program . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . 206
Appendix Sample National Infrastructure Protection
Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . 207
Sample Deception Requirements (Chapter 2) . . . . . . . . . . . . .
. . . . . . 208
Sample Separation Requirements (Chapter 3) . . . . . . . . . . .
. . . . . . . 209
Sample Diversity Requirements (Chapter 4) . . . . . . . . . . . . .
. . . . . . . . 211
Sample Commonality Requirements (Chapter 5) . . . . . . . . . .
. . . . . . 212
Sample Depth Requirements (Chapter 6) . . . . . . . . . . . . . . .
. . . . . . . 213
Sample Discretion Requirements (Chapter 7) . . . . . . . . . . . . .
. . . . . . 214
Sample Collection Requirements (Chapter 8) . . . . . . . . . . . . .
. . . . . . 214
Sample Correlation Requirements (Chapter 9) . . . . . . . . . . . .
. . . . . . 215
Sample Awareness Requirements (Chapter 10) . . . . . . . . . .
. . . . . . . 216
Sample Response Requirements (Chapter 11) . . . . . . . . . . .
. . . . . . . 216
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . 219

PREFACE ix
PREFACE
Man did not enter into society to become worse than he was
before,
nor to have fewer rights than he had before, but to have those
rights better secured.
Thomas Paine in Common Sense
Before you invest any of your time with this book, please take
a
moment and look over the following points. They outline my
basic philosophy of national infrastructure security. I think that
your reaction to these points will give you a pretty good idea of
what your reaction will be to the book.
1. Citizens of free nations cannot hope to express or enjoy
their freedoms if basic security protections are not provided.
Security does not suppress freedom—it makes freedom
possible.
2. In virtually every modern nation, computers and
networks
power critical infrastructure elements. As a result, cyber
attackers can use computers and networks to damage or ruin
the infrastructures that citizens rely on.
3. Security protections, such as those in security books,
were

designed for small-scale environments such as enterprise
computing environments. These protections do not extrapo-
late to the protection of massively complex infrastructure.
4. Effective national cyber protections will be driven
largely by
cooperation and coordination between commercial, indus-
trial, and government organizations. Thus, organizational
management issues will be as important to national defense
as technical issues.
5. Security is a process of risk reduction, not risk removal.
Therefore, concrete steps can and should be taken to
reduce, but not remove, the risk of cyber attack to national
infrastructure.
6. The current risk of catastrophic cyber attack to national
infra-
structure must be viewed as extremely high, by any realistic
measure. Taking little or no action to reduce this risk would be
a foolish national decision.
The chapters of this book are organized around ten basic
principles that will reduce the risk of cyber attack to national
infrastructure in a substantive manner. They are driven by
x PREFACE
experiences gained managing the security of one of the largest,
most complex infrastructures in the world, by years of learning
from various commercial and government organizations, and by
years of interaction with students and academic researchers in
the security fi eld. They are also driven by personal experiences
dealing with a wide range of successful and unsuccessful cyber

attacks, including ones directed at infrastructure of considerable
value. The implementation of the ten principles in this book will
require national resolve and changes to the way computing and
networking elements are designed, built, and operated in the
context of national infrastructure. My hope is that the sugges-
tions offered in these pages will make this process easier.
ACKNOWLEDGMENT xi
ACKNOWLEDGMENT
The cyber security experts in the AT&T Chief Security Offi
ce, my
colleagues across AT&T Labs and the AT&T Chief Technology
Offi ce, my colleagues across the entire AT&T business, and my
graduate and undergraduate students in the Computer Science
Department at the Stevens Institute of Technology, have had
a profound impact on my thinking and on the contents of this
book. In addition, many prominent enterprise customers of
AT&T with whom I’ve had the pleasure of serving, especially
those in the United States Federal Government, have been great
infl uencers in the preparation of this material.
I’d also like to extend a great thanks to my wife Lee, daugh-
ter Stephanie (17), son Matthew (15), and daughter Alicia (9)
for
their collective patience with my busy schedule.
Edward G. Amoroso
Florham Park, NJ
September 2010

This page intentionally left blank
1
Cyber Attacks. DOI:
© Elsevier Inc. All rights reserved.
10.1016/B978-0-12-384917-5.00001-9
2011
INTRODUCTION
Somewhere in his writings—and I regret having forgotten
where—
John Von Neumann draws attention to what seemed to him a
contrast. He remarked that for simple mechanisms it is often
easier to describe how they work than what they do, while for
more
complicated mechanisms it was usually the other way round .
Edsger W. Dijkstra 1
National infrastructure refers to the complex,
underlying delivery
and support systems for all large-scale services considered
abso-
lutely essential to a nation. These services include emergency
response, law enforcement databases, supervisory control and
data acquisition (SCADA) systems, power control networks,
mili-
tary support services, consumer entertainment systems, fi
nancial
applications, and mobile telecommunications. Some national
services are provided directly by government, but most are pro-
vided by commercial groups such as Internet service provid-
ers, airlines, and banks. In addition, certain services considered

essential to one nation might include infrastructure support that
is controlled by organizations from another nation. This global
interdependency is consistent with the trends referred to collec-
tively by Thomas Friedman as a “fl at world.” 2
National infrastructure, especially in the United States, has
always been vulnerable to malicious physical attacks such as
equipment tampering, cable cuts, facility bombing, and asset
theft. The events of September 11, 2001, for example, are the
most prominent and recent instance of a massive physical attack
directed at national infrastructure. During the past couple of
decades, however, vast portions of national infrastructure have
become reliant on software, computers, and networks. This reli-
ance typically includes remote access, often over the Internet, to
1
1 E.W. Dijkstra, Selected Writings on Computing: A
Personal Perspective , Springer-Verlag,
New York, 1982, pp. 212–213.
2 T. Friedman, The World Is Flat: A Brief History of the
Twenty-First Century , Farrar,
Straus, and Giroux, New York, 2007. (Friedman provides a
useful economic backdrop to
the global aspect of the cyber attack trends suggested in this
chapter.)
2 Chapter 1 INTRODUCTION
the systems that control national services. Adversaries thus
can
initiate cyber attacks on infrastructure using worms, viruses,
leaks, and the like. These attacks indirectly target national
infra-

structure through their associated automated controls systems
(see Figure 1.1 ).
A seemingly obvious approach to dealing with this national
cyber threat would involve the use of well-known computer
security techniques. After all, computer security has matured
substantially in the past couple of decades, and considerable
expertise now exists on how to protect software, computers, and
networks. In such a national scheme, safeguards such as fi re-
walls, intrusion detection systems, antivirus software,
passwords,
scanners, audit trails, and encryption would be directly embed-
ded into infrastructure, just as they are currently in small-scale
environments. These national security systems would be con-
nected to a centralized threat management system, and inci-
dent response would follow a familiar sort of enterprise process.
Furthermore, to ensure security policy compliance, one would
expect the usual programs of end-user awareness, security train-
ing, and third-party audit to be directed toward the people
build-
ing and operating national infrastructure. Virtually every
national
infrastructure protection initiative proposed to date has
followed
this seemingly straightforward path. 3
While well-known computer security techniques will certainly
be useful for national infrastructure, most practical experience
to date suggests that this conventional approach will not be suf-
fi cient. A primary reason is the size, scale, and scope inherent
in
complex national infrastructure. For example, where an enter-
prise might involve manageably sized assets, national
infrastruc-
ture will require unusually powerful computing support with
the ability to handle enormous volumes of data. Such volumes

Indirect
Cyber
Attacks
Direct
Physical
Attacks
“Worms,
Viruses,
Leaks”
“Tampering,
Cuts,
Bombs”
National
Infrastructure
Automated Control
Software
Computers
Networks
Figure 1.1 National infrastructure cyber and physical
attacks.
3 Executive Offi ce of the President, Cyberspace Policy
Review: Assuring a Trusted
and Resilient Information and Communications Infrastructure ,

U.S. White House,
Washington, D.C., 2009 (
http://handle.dtic.mil/100.2/ADA501541 ).
Chapter 1 INTRODUCTION 3
will easily exceed the storage and processing capacity of
typical
enterprise security tools such as a commercial threat manage-
ment system. Unfortunately, this incompatibility confl icts with
current initiatives in government and industry to reduce costs
through the use of common commercial off-the-shelf products.
In addition, whereas enterprise systems can rely on manual
intervention by a local expert during a security disaster, large-
scale national infrastructure generally requires a carefully
orches-
trated response by teams of security experts using
predetermined
processes. These teams of experts will often work in different
groups, organizations, or even countries. In the worst cases,
they will cooperate only if forced by government, often sharing
just the minimum amount of information to avoid legal conse-
quences. An additional problem is that the complexity
associated
with national infrastructure leads to the bizarre situation where
response teams often have partial or incorrect understand-
ing about how the underlying systems work. For these reasons,
seemingly convenient attempts to apply existing small-scale
security processes to large-scale infrastructure attacks will ulti-
mately fail (see Figure 1.2 ).
As a result, a brand-new type of national infrastructure protec-
tion methodology is required—one that combines the best ele-

ments of existing computer and network security techniques
with
the unique and diffi cult challenges associated with complex,
large-
scale national services. This book offers just such a protection
methodology for national infrastructure. It is based on a quarter
century of practical experience designing, building, and
operating
Small-Scale
Small Volume
Possibly Manual
Local Expert
High
Focused
High Volume
Large-Scale
Process-Based
Distributed Expertise
Partial or Incorrect
Broad
Collection
Emergency

Expertise
Knowledge
Analysis
Large-Scale
Attributes
Complicate
Cyber Security
Figure 1.2 Differences between small- and large-scale cyber
security.
National infrastructure
databases far exceed the
size of even the largest
commercial databases.
4 Chapter 1 INTRODUCTION
cyber security systems for government, commercial, and con-
sumer infrastructure. It is represented as a series of protection
principles that can be applied to new or existing systems.
Because
of the unique needs of national infrastructure, especially its
mas-
sive size, scale, and scope, some aspects of the methodology
will
be unfamiliar to the computer security community. In fact,
certain
elements of the approach, such as our favorable view of
“security

through obscurity,” might appear in direct confl ict with
conven-
tional views of how computers and networks should be
protected.
National Cyber Threats, Vulnerabilities,
and Attacks
Conventional computer security is based on the oft-repeated
tax-
onomy of security threats which includes confi dentiality,
integrity,
availability, and theft. In the broadest sense, all four diverse
threat
types will have applicability in national infrastructure. For
example,
protections are required equally to deal with sensitive
information
leaks (confi dentiality ), worms affecting the operation of some
criti-
cal application (integrity), botnets knocking out an important
system
(availability), or citizens having their identities compromised
(theft).
Certainly, the availability threat to national services must be
viewed
as particularly important, given the nature of the threat and its
rela-
tion to national assets. One should thus expect …

1Running head SHORTENED VERSION OF TITLE8SHORTENE.docx

Recommended

Recommended

More Related Content

Similar to 1Running head SHORTENED VERSION OF TITLE8SHORTENE.docx

Similar to 1Running head SHORTENED VERSION OF TITLE8SHORTENE.docx (20)

More from jesusamckone

More from jesusamckone (20)

Recently uploaded

Recently uploaded (20)

1Running head SHORTENED VERSION OF TITLE8SHORTENE.docx