Critical Infrastructure

1
Critical Infrastructure

• Homework Group 5

2
What is critical infrastructure?

• Systems and assets, whether physical or
  virtual, so vital to societies that the
  incapacity or destruction of such systems and
  assets would have a debilitation impact on
  security, national economic security, national
  public health or safety, or any combination of
  those matters.
• Provides essential goods and services the
  public need to survive

3
So what does that mean?

• Natural Resources oil, gas, coal, uranium, etc.
• Agriculture and Livestock
• Transportation Systems DOT, FAA
• Telecommunications Systems
• Financial Institutions
• Power Plants
• Water Management
• Public Institutions schools, prisons,
  government facilities
• Continuity of Government

4
History

• Critical Infrastructure systems were historically
  manually controlled and monitored
• 1960s SCADA became popular to remotely control
  and monitor these systems
• July 15, 1996 President Clinton signs EO 13010
  establishing Presidents Commission on Critical
  Infrastructure Protection (PCCIP), thus defining
  infrastructure
• 1998 Sandia initiates a program to address
  PDD-63 concerning the protection of US critical
  infrastructure

5
History

• 2001 EO 13228 establishes the Office of Homeland
  Security, which protects special events of
  national significance
• 2001 The National Institute of Standards and
  Technology (NIST) fostered the creation of the
  Process Control Security Requirements Forum. The
  group issued the first draft of its System
  Protection Profile for Industrial Control Systems
  (SPP ICS).

6
(No Transcript)
7
SCADA

• Supervisory Control and Data Acquisition
• A system that is placed on top of a real-time
  control system to control an external process
• Three components of a SCADA system
• Multiple Remote Terminal Units
• Master Station and HMI Computer(s).
• Communication infrastructure

8
(No Transcript)
9
SCADA Vulnerabilities

• The lack of concern about security and
  authentication in the design, deployment and
  operation
• The mistaken belief that SCADA systems have the
  benefit of security by obscurity through the use
  of specialized protocols and proprietary
  interfaces
• The mistaken belief that SCADA networks are
  secure because they are supposedly physically
  secured
• The mistaken belief that SCADA networks are
  secure because they are supposedly disconnected
  from the Internet
• Prevention measures

10
Incidents

• 1929 Black Tuesday, the NYSE crashes
• 1989 The Exxon Valdez oil spill is partially
  attributed to lack of effective vessel traffic
  system
• 2001 A disgruntled employee caused the release
  of untreated sewage into water in Maroochy Shire,
  Australia
• 2003 Ohio Davis-Besse Nuclear power plant safety
  monitoring system was offline for 5 hours due to
  Slammer Worm

11
Incidents

• 2001 Events of 9/11 loss of data, financial
  crisis, emergency support system for NYC, DOT
• 2003 The east coast of America experienced a
  blackout, while not the cause, many of the
  related systems were infected by the Blaster Worm
• 2004 Crackers in Romania illegally gained access
  to the computers controlling the life support
  systems at an Antarctic research station,
  endangering the 58 scientists involved

12
Summary

• Critical Infrastructure is vital to our quality
  of life and any damage to that infrastructure can
  be devastating
• Currently, our infrastructure has a number of
  obvious vulnerabilities which have been exploited
  in the past
• These vulnerabilities can easily be patched with
  a little work, such as closely following
  standards defined by the NIST