Security of Critical Networked Infrastructures Marcelo Masera - PowerPoint PPT Presentation

Loading...

PPT – Security of Critical Networked Infrastructures Marcelo Masera PowerPoint presentation | free to view - id: 128594-MWZkY



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

Security of Critical Networked Infrastructures Marcelo Masera

Description:

Software Tool ready Dec 2006. InSAW. InSAW methodology. Profiling and Pre-Assessment ... Reference security-relevant architectures ... – PowerPoint PPT presentation

Number of Views:91
Avg rating:3.0/5.0
Slides: 25
Provided by: mase8
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Security of Critical Networked Infrastructures Marcelo Masera


1
Security of Critical Networked InfrastructuresM
arcelo Masera
  • March 2007

2
Policy context
  • European Programme for CIP (EPCIP) DG JLS
  • Green paper, November 2005
  • Policy package, December 2006
  • A strategy for a Secure Information Society
    DG INFSO
  • Communication, May 2006
  • European Critical Energy and Transport
    Infrastructures DG TREN
  • January 2007

3
Security Assessment Governance
Gather and share security data
Two main challenges security information
exchange and security assessment
4
Assessing and measuring security
System architecture
InSAW
Assets
Security Policy (ISO 17799)
Vulnerabilities
Threats
Data sources
Loss
Attacks
Security Failures
Security Objectives
Security Requirements
Protection Profile (ISO 15408)
System production and deployment
5
InSAW methodology
Profiling and Pre-Assessment
System
New data
Vulnerability Assessment
Risk Assessment
System security status
Threat Assessment
Attack Assessment
Decision making on countermeasures and other
risk management actions
6
InSAW data representations
  • Formal representation of Vulnerabilities,
    Threats, Attacks, dependencies, etc.
  • Updatable with new information

7
InSAW Attack process models
  • Identification phase
  • Qualification of target
  • E.g. Discovery of input points (e.g. IP
    addresses)
  • Detection of transactions accepted by the target
  • Exploration of possible transactions
  • E.g. Probing and detection of potential
    vulnerabilities
  • Determination of potential successful attacks
    patterns
  • Exploitation phase
  • Preparation of exploit
  • E.g. Assemblage of injection vector and payload
  • Running of the exploit
  • E.g. Injection of the exploit
  • If unsuccessful, try with different exploit

8
Attack trees
Example DoS attack against web server (fragment)
Top event Threat completes attack
Basic event Threat perform attack steps
9
Security data
  • Fundamental for carrying out security assessment
  • Issues
  • Scarce data due to technological innovation
  • Need to share and exchange
  • Sources
  • Real world experience
  • Simulation in labs (e.g. for single systems)
  • Gaming exercises (e.g. for infrastructures)

10
Security of Next Generation Networks
  • Initial activities
  • Related to ETSI TISPAN (Telecommunications and
    Internet converged Services and Protocols for
    Advanced Networking) work on Security
    requirements, architecture, Threat/risk analysis
    and countermeasures
  • Policy support
  • DG INFSOs Critical Information Infrastructure
    Protection
  • Criteria for European level issues
  • Laboratory
  • Demonstration of vulnerabilities/countermeasures
  • Reference security-relevant architectures
  • Link with ESTIs Protocol and Testing Competence
    Centre (PTCC) ?

11
SCADA Cybersecurity lab
  • Uses
  • Test of systems for the identification of
    vulnerabilities
  • Test of maintenance policies (e.g. patching)
  • Test of security policies (e.g. firewall rules)
  • Simulation of attacks and test of countermeasures
  • Comparison of different architectures with
    alternative technical components and assurance
    levels
  • Verification of standards (e.g. protocols)

12
Application Cybersecurity of Power station
13
Application Power station control system
14
Simulation of attacks
15
Attack paths simulated
Viral Infection
Distributed DoS
Intrusion
Web server DoS
16
Infrastructure modelling and simulation
  • Project VITA Vital Infrastructure Threats and
    Assurance
  • Objectives
  • demonstrate impacts of energy network disruption
    in a cross border scenario
  • evaluate secondary and cascading effects into
    dependent critical infrastructures (e.g.
    telecommunications, health system etc.)
  • Partners IABG, Qinetiq, TNO, FOI, REE, IBBE, PM,
    JRC
  • Threat taxonomy
  • Gaming exercise (May 2006)

17
VITA the gaming environment
Vignettes
Gaming environment
18
VITA exercise map
19
VITA exercise interactions
Maintenance Crews
Gas / Generation Units
Power System Model
Transport (Road)
Internal Telecomm
TSO Vitaland
TSO Ativia
Weather
Public Telecomm
Civil Protection Police
Crisis Management CPP Ativia
Media
Crisis Management Vitaland
International Co-Ordination
End Users Railway Health Service.....
Terrorist
Detailed Physical Model OTS
Physical interdependence modeled for VITA
purpose
Simplified Physical Models developed within VITA
Relationship between roles played by DEMOKRIT
Role Player Included in DEMOCRIT
Interface between physical model and DEMOKRIT
players
Event propagation
Global event trigger
20
SecNet-IE
  • A Platform for Information Exchange on the
    Security of Critical Networked Infrastructures
  • Dealing with sensitive information
  • Connecting private and public actors
  • Distributed network
  • Implementing the Traffic Light Protocol (TLP)

21
SecNet-IE communication
Security item
Label message
Send message
Contact Point Send
Contact Point Receive
Security Item identified
Message labelled red, amber, green, white
Message compiled for sending
Message ready for sending
Sending message
Receiving acknowledgement
  • The originator labels the message using TLP, to
    indicate what further dissemination, if any, can
    be undertaken by the recipient

22
SecNet-IE messages
  • Red
  • personal for named recipients
  • Ex threats, attacks, warnings
  • Amber
  • Limited distribution
  • Ex vulnerabilities, risk scenarios
  • Green
  • Community wide
  • Ex case studies, practices
  • White
  • Unlimited
  • Ex awareness raising

23
SecNet-IE tasks
  • Formalisation of TLP
  • Formalisation of the data/metadata models and
    processes
  • e.g. using ISO/IEC 11179, Metadata registries
  • Design of a tentative architecture
  • Development of a prototype
  • Collaboration with the European Working Group on
    SCADA and Control Systems Information Exchange
    (E-SCSIE)

24
Thanks
About PowerShow.com