Fluent Essays

In todays world, both government and the private sector are struggling to provide a secure, efficient, timely, and separate means of delivering essential services internationally. As a result, these critical national infrastructure systems remain at risk from potential attacks via the Internet.It is the policy of the United States to prevent or minimize disruptions to the critical national information infrastructure in order to protect the public, the economy, government services, and the national security of the United States.The Federal Government is continually increasing capabilities to address cyber risk associated with critical networks and information systems.Please explain how you would reduce potential vulnerabilities, protect against intrusion attempts, and better anticipate future threats. cyber_attacks_protecting_national_infrastructure_student_edition_1st_edition_b007fqvg0u__1_.pdf Unformatted Attachment Preview Cyber Attacks Protecting National Infrastructure Student Edition Edward G. Amoroso 2 Acquiring Editor: Pam Chester Development Editor: David Bevans Project Manager: Paul Gottehrer Designer: Alisa Andreola Butterworth-Heinemann is an imprint of Elsevier 225 Wyman Street, Waltham, MA 02451, USA Copyright © 2013 Elsevier Inc. All rights reserved No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or any information storage and retrieval system, without permission in writing from the publisher. Details on how to seek permission, further information about the Publisher’s permissions policies and our arrangements with organizations such as the Copyright Clearance Center and the Copyright Licensing Agency, can be found at our website: www.elsevier.com/permissions. This book and the individual contributions contained in it are protected under copyright by the Publisher (other than as may be noted herein). Notices Knowledge and best practice in this field are constantly changing. As new research and experience broaden our understanding, changes in research methods or professional practices, may become necessary. Practitioners and researchers must always rely on their own experience and knowledge in evaluating and using any information or methods described herein. In using such information or methods they should be mindful of their own safety and the safety of others, including parties for whom they have a professional responsibility. To the fullest extent of the law, neither the Publisher nor the authors, contributors, or editors, assume any liability for any injury and/or damage to persons or property as a matter of products liability, negligence or otherwise, or from any use or operation of any methods, products, instructions, or ideas contained in the material herein. Library of Congress Cataloging-in-Publication Data Amoroso, Edward G. Cyber attacks : protecting national infrastructure / Edward Amoroso, John R. Vacca.–Student ed. p. cm. Summary: “Ten basic principles that will reduce the risk of cyber attack to national infrastructure in a substantive manner”– Provided by publisher. ISBN 978-0-12-391855-0 (hardback) 1. Cyberterrorism–United States–Prevention. 2. Computer networks–Security measures. 3. Cyberspace–Security measures. 4. Computer crimes–United States–Prevention. 5. National security–United States. I. Vacca, John R. II. Title. HV6773.2.A47 2012 363.325’90046780973–dc22 2012000035 British Library Cataloguing-in-Publication Data A catalogue record for this book is available from the British Library ISBN: 978-0-12-391855-0 Printed in the United States of America 12 13 14 15 16 10 9 8 7 6 5 4 3 2 1 3 For information on all BH publications visit our website at www.elsevierdirect.com/security 4 Preface Man did not enter into society to become worse than he was before, nor to have fewer rights than he had before, but to have those rights better secured. Thomas Paine in Common Sense Before you invest any of your time with this book, please take a moment and look over the following points. They outline my basic philosophy of national infrastructure security. I think that your reaction to these points will give you a pretty good idea of what your reaction will be to the book. 1. Citizens of free nations cannot hope to express or enjoy their freedoms if basic security protections are not provided. Security does not suppress freedom—it makes freedom possible. 2. In virtually every modern nation, computers and networks power critical infrastructure elements. As a result, cyber attackers can use computers and networks to damage or ruin the infrastructures that citizens rely on. 3. Security protections, such as those in security books, were designed for small-scale environments such as enterprise computing environments. These protections do not extrapolate to the protection of massively complex infrastructure. 4. Effective national cyber protections will be driven largely by cooperation and coordination between commercial, industrial, and government organizations. Thus, organizational management issues will be as important to national defense as technical issues. 5. Security is a process of risk reduction, not risk removal. Therefore, concrete steps can and should be taken to reduce, but not remove, the risk of cyber attack to national infrastructure. 6. The current risk of catastrophic cyber attack to national 5 infrastructure must be viewed as extremely high, by any realistic measure. Taking little or no action to reduce this risk would be a foolish national decision. The chapters of this book are organized around 10 basic principles that will reduce the risk of cyber attack to national infrastructure in a substantive manner. They are driven by experiences gained managing the security of one of the largest, most complex infrastructures in the world, by years of learning from various commercial and government organizations, and by years of interaction with students and academic researchers in the security field. They are also driven by personal experiences dealing with a wide range of successful and unsuccessful cyber attacks, including ones directed at infrastructure of considerable value. The implementation of the 10 principles in this book will require national resolve and changes to the way computing and networking elements are designed, built, and operated in the context of national infrastructure. My hope is that the suggestions offered in these pages will make this process easier. Student Edition To make it easier to teach these basic principles in the classroom, Cyber Attacks Student Edition adds new material developed by John R. Vacca, Editor-in-Chief of Computer and Information Security Handbook (Morgan Kaufmann Publishers) aimed specifically at enhancing the student experience, making it appropriate as a core textbook for instructors teaching courses in cyber security, information security, digital security, national security, intelligence studies, technology and infrastructure protection and similar courses. Cyber Attacks Student Edition features the addition of case studies to illustrate actual implementation scenarios discussed in the text. The Student Edition also adds a host of new pedagogical elements to enhance learning, including chapter outlines, chapter summaries, learning checklists, chapter-by-chapter study questions, and more. Instructor Support for Cyber Attacks Student Edition includes Test Bank, Lecture Slides, Lesson Plans, and Solutions Manual available online at http://textbooks.elsevier.com/web/Manuals.aspx?isbn=9780123918550. • Test Bank—Compose, customize, and deliver exams using an online assessment package in a free Windows-based authoring tool 6 that makes it easy to build tests using the unique multiple choice and true or false questions created for Cyber Attacks Student Edition. What’s more, this authoring tool allows you to export customized exams directly to Blackboard, WebCT, eCollege, Angel, and other leading systems. All test bank files are also conveniently offered in Word format. • PowerPoint Lecture Slides—Reinforce key topics with focused PowerPoints, which provide a perfect visual outline with which to augment your lecture. Each individual book chapter has its own dedicated slideshow. • Lesson Plans—Design your course around customized lesson plans. Each individual lesson plan acts as separate syllabi containing content synopses, key terms, content synopses, directions to supplementary websites, and more open-ended critical thinking questions designed to spur class discussion. These lesson plans also delineate and connect chapter-based learning objectives to specific teaching resources, making it easy to catalogue the resources at your disposal. 7 Acknowledgments The cyber security experts in the AT&T Chief Security Office, my colleagues across AT&T Labs and the AT&T Chief Technology Office, my colleagues across the entire AT&T business, and my graduate and undergraduate students in the Computer Science Department at the Stevens Institute of Technology have had a profound impact on my thinking and on the contents of this book. In addition, many prominent enterprise customers of AT&T with whom I’ve had the pleasure of serving, especially those in the United States Federal Government, have been great influencers in the preparation of this material. I’d also like to extend a great thanks to my wife Lee, daughter Stephanie (17), son Matthew (15), and daughter Alicia (9) for their collective patience with my busy schedule. 8 TABLE OF CONTENTS Title Copyright Preface Acknowledgments 1. Introduction National Cyber Threats, Vulnerabilities, and Attacks Botnet Threat National Cyber Security Methodology Components Deception Separation Diversity Consistency Depth Discretion Collection Correlation Awareness Response Implementing the Principles Nationally 9 Protecting the Critical National Infrastructure Against Cyber Attacks Summary Chapter Review Questions/Exercises 2. Deception Scanning Stage Deliberately Open Ports Discovery Stage Deceptive Documents Exploitation Stage Procurement Tricks Exposing Stage Interfaces Between Humans and Computers National Deception Program The Deception Planning Process Against Cyber Attacks Summary Chapter Review Questions/Exercises 3. Separation What Is Separation? Functional Separation National Infrastructure Firewalls DDOS Filtering 10 SCADA Separation Architecture Physical Separation Insider Separation Asset Separation Multilevel Security (MLS) Protecting the Critical National Infrastructure Through Use of Separation Summary Chapter Review Questions/Exercises 4. Diversity Diversity and Worm Propagation Desktop Computer System Diversity Diversity Paradox of Cloud Computing Network Technology Diversity Physical Diversity National Diversity Program Critical Infrastructure Resilience and Diversity Initiative Summary Chapter Review Questions/Exercises 5. Commonality Meaningful Best Practices for Infrastructure Protection Locally Relevant and Appropriate Security Policy 11 Culture of Security Protection Infrastructure Simplification Certification and Education Career Path and Reward Structure Responsible Past Security Practice National Commonality Program How Critical National Infrastructure Systems Demonstrate Commonality Summary Chapter Review Questions/Exercises 6. Depth Effectiveness of Depth Layered Authentication Layered E-Mail Virus and Spam Protection Layered Access Controls Layered Encryption Layered Intrusion Detection National Program of Depth Practical Ways for Achieving Information Assurance in Infrastructure Networked Environments Summary Chapter Review Questions/Exercises 12 7. Discretion Trusted Computing Base Security Through Obscurity Information Sharing Information Reconnaissance Obscurity Layers Organizational Compartments National Discretion Program Top-Down and Bottom-Up Sharing of Sensitive Information Summary Chapter Review Questions/Exercises 8. Collection Collecting Network Data Collecting System Data Security Information and Event Management Large-Scale Trending Tracking a Worm National Collection Program Data Collection Efforts: Systems and Assets Summary Chapter Review Questions/Exercises 9. Correlation 13 Conventional Security Correlation Methods Quality and Reliability Issues in Data Correlation Correlating Data to Detect a Worm Correlating Data to Detect a Botnet Large-Scale Correlation Process National Correlation Program Correlation Rules for Critical National Infrastructure Cyber Security Summary Chapter Review Questions/Exercises 10. Awareness Detecting Infrastructure Attacks Managing Vulnerability Information Cyber Security Intelligence Reports Risk Management Process Security Operations Centers National Awareness Program Connecting Current Cyber Security Operation Centers to Enhance Situational Awareness Summary Chapter Review Questions/Exercises 11. Response 14 Pre- Versus Post-Attack Response Indications and Warning Incident Response Teams Forensic Analysis Law Enforcement Issues Disaster Recovery National Response Program The Critical National Infrastructure Incident Response Framework Transitioning from NIPP Steady State to Incident Response Management Summary Chapter Review Questions/Exercises APPENDIX A. National Infrastructure Protection Criteria Deception Requirements Separation Requirements Commonality Requirements Diversity Requirements Depth Requirements Response Requirements Awareness Requirements Discretion Requirements Collection Requirements 15 Correlation Requirements APPENDIX B. Case Studies John R. Vacca Case Study 1: Cyber Storm Case Study 2: Cyber Attacks on Critical Infrastructures—A Risk to the Nation Case Study 3: Department of Homeland Security Battle Insider Threats and Maintain National Cyber Security Case Study 4: Cyber Security Development Life Cycle Case Study 5 REVIEW. Answers to Review Questions/Exercises, Hands-On Projects, Case Projects, and Optional Team Case Projects by Chapter Chapter 1: Introduction Chapter 2: Deception Chapter 3: Separation Chapter 4: Diversity Chapter 5: Commonality Chapter 6: Depth Chapter 7: Discretion Chapter 8: Collection Chapter 9: Correlation Chapter 10: Awareness 16 Chapter 11: Response Index 17 1 Introduction Chapter Outline National Cyber Threats, Vulnerabilities, and Attacks Botnet Threat National Cyber Security Methodology Components Deception Separation Diversity Consistency Depth Discretion Collection Correlation Awareness Response Implementing the Principles Nationally Protecting the Critical National Infrastructure Against Cyber Attacks Summary Chapter Review Questions/Exercises Somewhere in his writings—and I regret having forgotten where —John Von Neumann draws attention to what seemed to him a contrast. He remarked that for simple mechanisms it is often easier to describe how they work than what they do, while for more complicated mechanisms it was usually the other way round. Edsger W. Dijkstra1 National infrastructure refers to the complex, underlying delivery and support systems for all large-scale services considered absolutely essential to a nation. These services include emergency response, law enforcement 18 databases, supervisory control and data acquisition (SCADA) systems, power control networks, military support services, consumer entertainment systems, financial applications, and mobile telecommunications. Some national services are provided directly by government, but most are provided by commercial groups such as Internet service providers, airlines, and banks. In addition, certain services considered essential to one nation might include infrastructure support that is controlled by organizations from another nation. This global interdependency is consistent with the trends referred to collectively by Thomas Friedman as a “flat world.”2 National infrastructure, especially in the United States, has always been vulnerable to malicious physical attacks such as equipment tampering, cable cuts, facility bombing, and asset theft. The events of September 11, 2001, for example, are the most prominent and recent instance of a massive physical attack directed at national infrastructure. During the past couple of decades, however, vast portions of national infrastructure have become reliant on software, computers, and networks. This reliance typically includes remote access, often over the Internet, to the systems that control national services. Adversaries thus can initiate cyber attacks on infrastructure using worms, viruses, leaks, and the like. These attacks indirectly target national infrastructure through their associated automated controls systems (see Figure 1.1). Figure 1.1 National infrastructure cyber and physical attacks. A seemingly obvious approach to dealing with this national cyber threat would involve the use of well-known computer security techniques. After all, computer security has matured substantially in the past couple of decades, and considerable expertise now exists on how to protect software, computers, and networks. In such a national scheme, safeguards such as firewalls, intrusion detection systems, antivirus software, passwords, scanners, audit trails, and encryption would be directly embedded into 19 infrastructure, just as they are currently in small-scale environments. These national security systems would be connected to a centralized threat management system, and incident response would follow a familiar sort of enterprise process. Furthermore, to ensure security policy compliance, one would expect the usual programs of end-user awareness, security training, and third-party audit to be directed toward the people building and operating national infrastructure. Virtually every national infrastructure protection initiative proposed to date has followed this seemingly straightforward path.3 While well-known computer security techniques will certainly be useful for national infrastructure, most practical experience to date suggests that this conventional approach will not be sufficient. A primary reason is the size, scale, and scope inherent in complex national infrastructure. For example, where an enterprise might involve manageably sized assets, national infrastructure will require unusually powerful computing support with the ability to handle enormous volumes of data. Such volumes will easily exceed the storage and processing capacity of typical enterprise security tools such as a commercial threat management system. Unfortunately, this incompatibility conflicts with current initiatives in government and industry to reduce costs through the use of common commercial off-the-shelf products. National infrastructure databases far exceed the size of even the largest commercial databases. In addition, whereas enterprise systems can rely on manual intervention by a local expert during a security disaster, large-scale national infrastructure generally requires a carefully orchestrated response by teams of security experts using predetermined processes. These teams of experts will often work in different groups, organizations, or even countries. In the worst cases, they will cooperate only if forced by government, often sharing just the minimum amount of information to avoid legal consequences. An additional problem is that the complexity associated with national infrastructure leads to the bizarre situation where response teams often have partial or incorrect understanding about how the underlying systems work. For these reasons, seemingly convenient attempts to apply existing small-scale security processes to large-scale infrastructure attacks will ultimately fail (see Figure 1.2). 20 Figure 1.2 Differences between small- and large-scale cyber security. As a result, a brand-new type of national infrastructure protection methodology is required—one that combines the best elements of existing computer and network security techniques with the unique and difficult challenges associated with complex, large-scale national services. This book offers just such a protection methodology for national infrastructure. It is based on a quarter century of practical experience designing, building, and operating cyber security systems for government, commercial, and consumer infrastructure. It is represented as a series of protection principles that can be applied to new or existing systems. Because of the unique needs of national infrastructure, especially its massive size, scale, and scope, some aspects of the methodology will be unfamiliar to the computer security community. In fact, certain elements of the approach, such as our favorable view of “security through obscurity,” might appear in direct conflict with conventional views of how computers and networks should be protected. National Cyber Threats, Vulnerabili ... Purchase answer to see full attachment