The document discusses critical infrastructure and control systems. It focuses on SCADA systems which are commonly used to monitor and control infrastructure. The document outlines concerns about the security and dependability of SCADA systems as they increasingly rely on standard IT technologies. It then discusses the internet as digital infrastructure and notes concerns about the resilience of the internet, citing studies that found the internet could experience failures without proper protections and understanding of its components. The document recommends better understanding failures, further resilience research, promoting good practices, and greater policymaker engagement.

1. CRITICAL
INFRASTRUCTURE
2
DR JOHN ROOKSBY

2. IN THIS LECTURE…
More on infrastructure
Control systems
• SCADA systems
Digital Infrastructure
• The internet as infrastructure
• Resilience of the internet

3. CONTROL SYSTEMS
IT is used for monitoring and controlling infrastructure in many
industries
• Oil and Gas
• Air Traffic Controls and Railways
• Power Generation and Transmission
• Water Management
• Manufacturing
• Production Plants
Infrastructure is inherently distributed, and therefore so are the
systems that control and monitor it

4. TYPES OF CONTROL SYSTEM
Automated system/ Programmable Logic Controllers (PLCs)
• logic embedded into components
• Often a low level building block for larger systems
Supervisory Control and Data Acquisition (SCADA)
• Extend automated systems to allow remote monitoring and
control
• Data flow to other systems often automated
• Typically used where components are not in one location
Distributed Control System (DCS)
• Similar to SCADA but monitoring and control embedded across
the system, and so lacks the hierarchy of SCADA

5. CONTROL SYSTEMS
Manufacturing Execution Systems
• Extends SCADA with batch processes
Energy Management Systems
• A type of SCADA system used for electricity management and
control
Building Control Systems
• Control the lighting, heating, energy usage, and security of a
building

6. SCADA
SCADA is normally a software package designed to display
information, log data and show alarms
• Programmable logic units control infrastructure components
• Data acquisition by remote terminal units
• Data sent to control centre
• Control Centre monitors system, and issues commands
Hardly talked about until recently, now a major concern
• Reliability
• Security

7. SCADA SECURITY
Security issues are arising because of a changing context
No longer able to rely on security by obscurity
• Until recently, SCADA systems were mainly proprietary.
• Now progressively reliant on standard IT technologies
(Microsoft Windows, TCP/IP, web browsers, wireless
technologies, etc.)
No longer able to rely on security by isolation
• Until recently, SCADA systems were isolated networks. But
now:
• Direct connections to vendors for maintenance, stock ordering
etc.
• Connected to enterprise systems, which in turn are on the
Internet.
• Workers connecting their laptops to the internet.
• Some SCADA systems connected directly to the internet.

8. SCADA SECURITY
Infrastructure providers very good at physical security, but often have
little appreciation of IT security
Standard security tools and techniques can be used, although there
are some complexities
• For example, It may not be possible to install anti-virus protection
on process control systems, owing to the lack of processor
power on legacy systems, the age of operating systems or the
lack of vendor certification.
• Security testing on process control systems must also be
approached with extreme caution – security scanning can
seriously affect the operation of many control devices.
• There are sometimes few opportunities to take the systems off-
line for routine testing, patching and maintenance.

9. SCADA DEPENDABILITY
There is a great deal of concern about the dependability of
SCADA systems
• Poorly designed or engineered systems may not be reliable
• Vulnerable to cyber-attack
SCADA systems will be key targets in any cyber attack
• STUXNET
Extreme concern (paranoia?) shown by UK and USA about
hackers in Russia and China

10. MOVING ON…

11. DIGITAL INFRASTRUCTURE
Forms of digital infrastructure
• Public and Private Cable Networks
• Mobile networks
• Satellite and broadcast services
• Data Centres
• The Internet
• Clouds
Information technology has a complex status as infrastructure. It is
more complex than most, if not all other forms of infrastructure.
• Hard – physical systems
• Soft – protocols, layers of abstraction, services, etc.
• Infrastructure as “a relation” (S.L. Star)

12. THE INTERNET AS
INFRASTRUCTURE
The internet is a key infrastructure for modern society
• Certainly critical to the economy
• Other infrastructures coming to rely on it
The internet is often taken for granted. The common assumption
is that the internet is dependable.
• The myth of the “bombproof” network
• The myth of the “free/open” system

13. INCIDENTS
It is straightforward to divert traffic away from its proper
destination by announcing invalid routes.
• 2008, Pakistan advertises invalid routes for YouTube, bringing
it down for a couple hours.
• 2010, China Telecom advertises a number of invalid routes,
effectively hijacking 15% of Internet addresses for 18 minutes.
Exploitation of latent bugs in BGP (Border Gateway Protocol)
• August 2010, an experiment triggers a bug in some routers,
causing their neighbours to terminate BGP sessions, and for
many routes to be lost.

14. INCIDENTS
Vulnerability of cables
• Undersea cables near Alexandria in Egypt were cut in December
2008.
Dependence on electrical power.
• A large power outage in Brazil in November 2009 caused
significant disruption, though it lasted only four and a half hours
The internet appears to have been resilient during major disasters
• 9/11 Terror Attacks
• Hurricane Katrina
• Tohoku Earthquake
But we don’t have good information about why and how.

15. ENISA STUDY
Inter‐X: Resilience of the Internet
Interconnection Ecosystem
Chris Hall
Richard Clayton
Ross Anderson
Evangelos Ouzouni

16. ENISA STUDY
Inter‐X: Resilience of the Internet
Interconnection Ecosystem
Chris Hall
Richard Clayton
Ross Anderson
Evangelos Ouzouni
“It does appear likely that the Internet could suffer systemic
failure, leading perhaps to local failures and system‐wide
congestion”

17. THREATS
Failure of the infrastructure on which the internet depends
• Power transmission system
• Human infrastructure needed to maintain it (for example if
pandemic flu causes millions of people to stay at home out of fear
of infection).
Cascading technical failures
• Perhaps during changeover from IPv4 to IPv6
• Common‐mode failures involving updates to popular makes of
router (or PC) may also fall under this heading.
A coordinated attack
• A capable opponent disrupts the BGP fabric by broadcasting
thousands of bogus routes, either via a large AS or from a large
number of compromised routers.

18. THREATS
Market failure
• Internet Transit may not be a viable business.
Economic issues – “The tragedy of the commons”
• Increasing resilience benefits everyone, but requires
coordinated action. E.g improving BGP is costly and must be
done at an individual level.
Regulatory failure
• Misinformed/over regulation, and under regulation can lead to
problems (related to above two issues)

19. CAN WE PROTECT AND ASSURE
THE INTERNET?
The fist stage of protecting and assuring any critical infrastructure
is to take stock of and understand its components.
• But this is very difficult in the case of the internet.
Each AS/ISP has an NOC (Network Operation Centre) but there is
no NOC for the internet as a whole
• There is no map of physical connections – their
location, capacity, etc.;
• There is no map of traffic and traffic volume
• there is no map of the interconnections between ASs

20. WHY THE LACK OF
INFORMATION?
• The complexity and scale of the Internet would make this an
immense task, and potentially very costly.
• An AS level topology is possible, but we would ideally have
something at the router level.
• We would ideally also like to understand interdependencies
with the power network.
• The internet is constantly growing in size and evolving (e.g. the
rise of CDNs)
• The routing system is dynamic, so very difficult to model.
• Some of the information is sensitive
• Gathering this information could be a security risk
• The information will have commercial sensitivity, for example
traffic levels.
• There is a lack of good metrics available.

21. RECOMMENDATIONS
The report makes four recommendations
1. We need a better understanding of failure
• Incident Investigation
• An independent body should thoroughly investigate all
major incidents and report publicly on the causes, effects
and lessons to be learned. Incident correlation and
analysis may lead to assessment and forecast models.
• Data Collection of Network Performance Measurements
• Consistent, long-term data collection

22. RECOMMENDATIONS
2. Further research into resilience
• Research into Resilience Metrics and Measurement
Frameworks
• Development and Deployment of Secure Inter‐domain
Routing
• Research into AS Incentives that Improve Resilience

23. RECOMMENDATIONS
3 . The promotion of good practice
• Promotion and Sharing of Good Practice on Internet
Interconnections
• Independent Testing of Equipment and Protocols
• Conduct Regular Cyber Exercises on the Interconnection
Infrastructure

24. RECOMMENDATIONS
4. That policy makers become more engages
• Plan for transit market failure
• Debate traffic prioritisation
• Work towards a reliance certification scheme

25. KEY POINTS
Infrastructure is often controlled and monitored by IT systems
• SCADA systems are the common type
• Government organisations such as the CPNI are concerned
about the vulnerability of these systems to failures and attack
Digital technologies are becoming critical infrastructure in their
own right
• The Internet is becoming increasingly critical.
• The resilience of the internet is not a given.