370 likes | 838 Views
Public Safety and Security. CS 401/601 Computer Network Systems Mehmet Gunes. Public Safety. Public safety refers to the welfare and protection of the general public Public safety organizations include law enforcement, public health, and emergency management services
E N D
Public Safety and Security CS 401/601 Computer Network Systems Mehmet Gunes
Public Safety • Public safety refers to the welfare and protection of the general public • Public safety organizations • include law enforcement, public health, and emergency management services • at national, regional, or local levels
Public Safety • Public safety and security can be improved by • traffic and surveillance cameras, gunshot detection sensors, and • other real time security sensors that provide information on what is happening and where • Public health can be assured with sensors that continuously feed smart city systems • monitor weather, pollution, seismic activities, water levels, etc.
Critical Infrastructure Sectors Commercial Facilities Chemical Communications Critical Manufacturing Information Technology Emergency Services Dams Defense Industrial Base Energy Water and Wastewater Financial Services Food and Agriculture Government Facilities Healthcare and Public Health Transportation Systems
Smart City • Smart city solutions integrate • ubiquitous sensing components • heterogeneous network infrastructure • powerful computing systems • Smart city applications include • intelligent transportation • smart utilities • intelligent healthcare • smart facilities
Cybersecurity Issues • Digital transformation of smart city introduces new challenges for public safety and security • While public safety and security has focused on local adversaries, smart systems introduce remote adversaries • Larger attack surface with unknown adversaries • Connected systems amplify attacker capabilities • Interdependent systems could trigger chain reactions • Centralized data repositories introduce privacy challenges
Cybersecurity Effects • Deceive: Cause a person to believe what is not true • Degrade: Temporary reduction in effectiveness • Delay: Slow the time of arrival of forces or capabilities • Deny: Withhold information about capabilities • Destroy: Capability cannot be restored • Disrupt: Interrupt or impede capabilities or systems • Divert: Change course or direction • Exploit: Gain access to systems to collect or plant info • Suppress: Temporarily degrade services
Digital Integration • Smart cities have pervasive applications and sensors that encompass individuals • individuals are not aware of the data collected about them • opting out of the smart city is infeasible
Sensor Data • Attackers may generate false data to manipulate sensing results such that services, decisions, and control in a smart city are impaired or even catastrophic • could compromise sensors and send fake data to affect city operations, raising alarms, and causing public panic • fake an earthquake, flood, and tunnel or bridge collapse • tamper with elevators, railway or traffic signals
Infrastructure • Critical infrastructures such as power plants have become a major target • remote adversaries have been looking for vulnerabilities to exploit • infrastructures are interdependent
Cascading Failures • Cascading failures caused by system malfunctions, natural disasters, or industrial accidents could result in large disruptions • infiltrate city operations to crumble the infrastructure • derailment of a commuter train led to water main break, a localized flooding, power failure, and eventually fiber optic damage affecting considerable area
Public System • Attackers can disable public systems to disrupt operations • hackers encrypted rail system computer systems, preventing rail operations • Denial-of-service attacks could disrupt the sensing, communication, and control of public systems
Medical Data • Medical data of individuals could be misused • tempered to affect integrity and reliability of the data • sensitive user information can be leaked to third parties
Information flow • Communication of operation centers could be disrupted to prevent information flow • first responders -> emergency services • law enforcement -> public safety
Public Communication • Inaccurate announcements could disrupt public • an email summoning 1200 people for jury duty caused traffic stall as would be jurors caused a traffic jam
Work orders • Manipulate work orders to send workers to dig a hole over gas or water pipes to cause havoc • An error has led to natural gas pipeline explosion that killed a worker
based on DHS Cybersecurity Strategy Cybersecurity Strategies
Cybersecurity Strategies • Strive to better understand cybersecurity risk posture, and engage with key partners to collectively address cyber vulnerabilities, threats, and consequences • Manage vulnerabilities of networks and critical infrastructure to harden them against attackers • prioritize law enforcement intervention • mitigate the consequences from cybersecurity incidents that do occur • engage with the cybersecurity community to strengthen the security and resiliency of the systems
Cybersecurity Strategies • Risk Identification • Vulnerability Reduction • Threat Reduction • Consequence Mitigation • Enable Cybersecurity Outcomes
Risk Identification • Assess Evolving Cybersecurity Risks • Understand trends in threats, vulnerabilities, interdependencies, and potential consequences • to prioritize protective, investigative, and response activities, and • to plan and budget appropriately • Identify evolving cybersecurity risks that affect public safety security • Develop plans to address gaps in analytic capabilities and risk management efforts
Vulnerability Reduction • Protect Information Systems • Ensure that every agency maintains an adequate level of cybersecurity • Support agency efforts to reduce their vulnerabilities by providing tailored capabilities, tools, and services • Address the greatest risks first and focus on the highest impact systems, assets, and capabilities • Ensure maximum return for investment
Vulnerability Reduction • Increase cybersecurity through improved governance, information security policies, and oversight • Implement a governance model for cybersecurity • including defining roles and responsibilities for legacy and cloud or shared services • Issue new or revised policies and recommendations as required • Measure and track agency adoption of information security policies, practices, and required controls • Increase agency accountability and compliance with information security policies, practices, and required controls • Assess enterprise and individual agency risk posture • through strategic analyses, available threat reporting, and other means • to inform cybersecurity and investment priorities • Provide agencies with integrated and operationally relevant information to understand and manage their cyber risk
Vulnerability Reduction • Provide protective capabilities, tools, and services • Identify elements of the public enterprises that should be centralized to cost-effectively address key cybersecurity risks • Deploy centralized protective capabilities to address enterprise-wide cybersecurity risk • Provide cybersecurity tools and services in response to emerging or identified threats • Measure the effectiveness of new and existing cybersecurity capabilities, tools, and services
Vulnerability Reduction • Deploy innovative cybersecurity capabilities and practices • Conduct comprehensive risk and gap assessments across information systems • Deploy appropriate best-in-class technologies and practices to secure legacy systems and cloud or shared services • Pursue innovative and agile approaches to acquisition and technology procurement • Pilot innovative capabilities, tools, and other new technologies or practices
Vulnerability Reduction • Mature cybersecurity offerings and engagements to address significant risks to critical infrastructure • Understand the interdependencies across critical infrastructure and systemic risks that affect public safety and security • Evaluate the efficacy, quality, and usage of cybersecurity risk management offerings provided to various critical infrastructure and other key stakeholders • Assess impact of engagement by personnel on progress toward adoption of best practices • Prioritize gaps in current cybersecurity risk management efforts • Address identified gaps through tools, services, and other offerings • provided to critical infrastructures and other key entities • Establish mechanisms to mitigate persistent cybersecurity risks with a potential significant impact on public safety and security
Vulnerability Reduction • Expand and improve sharing of cyber threat indicators, defensive measures, and other cybersecurity information • Increase the cybersecurity information sharing • Support engagement with information sharing and analysis centers/organizations • Increase the ability to analyze, correlate, and enrich data received and shared with all partners • Improve technical platforms and mechanisms to share cybersecurity information and collaborate with stakeholders, including in highly automated ways
Vulnerability Reduction • Improve cybersecurity capabilities and resources available to sector-specific agencies, regulators, and policymakers • Enhance sector-specific cyber expertise to understand the potential impact of cyber incidents and facilitate risk management efforts • Assess and update policies and regulations to address cybersecurity risk to covered entities • Support critical infrastructures by developing and employing appropriate cybersecurity approaches and technical support mechanisms • Provide technical and other support to regulatory and policy efforts that affect management of cybersecurity risk
Threat Reduction • Prevent and Disrupt Criminal Use of Cyberspace • Law enforcement performs a critical role in cybersecurity risk management by • focusing on the threat, and • preventing the use of cyberspace for illicit purposes • Improved criminal intelligence is a key component of cyber investigations and combatting criminal organizations • Prevent, disrupt, and counter cybersecurity threats to protected persons, special security events, and critical infrastructure • Develop relationships and build law enforcement capacity to counter illicit uses of cyberspace • Develop capabilities and resources to enhance investigative efforts and address evolving law enforcement challenges
Consequence Mitigation • Respond Effectively to Cyber Incidents • Minimize consequences from potentially significant cyber incidents through coordinated community-wide response efforts • Increase voluntary incident reporting and victim notification to facilitate the provision of response assistance • Expand asset response capabilities to mitigate and manage cyber incidents • Increase cooperation between incident responders to ensure complementary threat response and asset response efforts
Enable Cybersecurity Outcomes • Strengthen the Security and Reliability of the Cyber Ecosystem • Foster improved cybersecurity in software, hardware, services, and technologies, and the building of more resilient networks • Prioritize cybersecurity development and implementation activities to support public safety and security • Expand collaboration to advance public safety and security • Improve recruitment, education, training, and retention to develop a world-class cyber workforce • Integrate agency-wide cybersecurity policy development, strategy, and planning activities
Privacy Framework • Privacy concerns can be classified regarding the kind of data and the purpose of data • Personal data used for service purposes • data to strengthen management and planning, enhance services and support citizens • Personal data used for surveillance purposes • data collected for law enforcement • Impersonal data used for surveillance purposes • while the data collection is not linked to an individual, it could be analyzed and enhanced to identify individuals • Impersonal data collected for service purposes • increasingly detailed profiling methods may enable the re-identification of individuals from aggregate and anonymized data
Addressing Privacy • Identify which privacy concerns may be at stake with specific technologies and data practices • Identify if and how these are subject to the data protection regulations • Develop a specific policy that accommodate the concerns of citizens
Privacy Enhancing Technologies • Data Minimization • Data Anonymization • Differential Privacy • Encryption • Homomorphic Encryption • Zero-Knowledge Proofs • Secret Sharing • Anonymous/Pseudonymous Credentials • Secure Multi-Party Computation • Private Information Retrieval
Building Cybersecurity Awareness • Cybersecurity policymaking is challenging • Intangible nature • Socio-technical dependence • Ambiguous impact • Contested nature of cybersecurity • Framing strategies • Do not exacerbate cybersecurity • Clarify the villains • Spotlight the heroes • Connect cybersecurity to values • Personalize for recognition
Acknowledgement This material is based upon work supported by the National Science Foundation under Grant No. 1723814