270 likes | 513 Views
Critical Infrastructure Protection: A 21 st Century Challenge. Professor Madjid Merabti. PROTECT: Research Centre for Critical Infrastructure Computer Technology and Protection
E N D
Critical Infrastructure Protection: A 21st Century Challenge Professor Madjid Merabti PROTECT: Research Centre for Critical Infrastructure Computer Technology and Protection School of Computing and Mathematical SciencesLiverpool John Moores University, Byrom Street, Liverpool L3 3AF, UKEmail: M.Merabti@ljmu.ac.uk Web: http://www.ljmu.ac.uk/cmp/
Critical InfrastructuresWe Live in a High Connected World Financial system Water supply system Power grid Oil infrastructure Telecommunications infrastructure Transport system Air traffic control network
A Typical Critical Infrastructure Power Grid and its Components
A Computer Control System • The SCADA system
Interdependency • In 1990 the AT&T PSTN network suffered a fault due to human error causing nationwide problems
Interdependency • Siberian Pipeline Explosion (1982):Trojan inserted into SCADA software that caused explosion • Roosevelt Dam (1994): Hacker breaks into floodgate SCADA systems • GAZPROM (2000):Hackers gain control of Russian natural gas pipeline • August 2003: CSX Train Signaling System and the Sobig Virus • June 2009 : insider/employee attack on US hospital SCADA systems.
A Real Threat • The Stuxnet a Cyber Attack
Increasing Cyber Attacks/Threats We must learn to defend, delay, attack and manoeuvre in cyberspace, just as we might on the land, sea or air and all together at the same time. Future war will always include a cyber dimension and it could become the dominant form. At the moment we don't have a cyber command and I'm very keen we have one”. He added: Whether we like it or not, cyber is going to be part of future warfare, just as tanks and aircraft are today. It's a cultural change. In the future I don't think state-to-state warfare will start in the way it did even 10 years ago. It will be cyber or banking attacks - that's how I'd conduct a war if I was running a belligerent state or a rebel movement. It's semi-anonymous, cheap and doesn't risk people [dailymail.co.uk] General Sir David Richards Head of UK arm forces
Other Issues • Cascading vulnerability problem • The blackouts of North America happened due to a cascade of failures. It affected the power generation system, water supply, transportation, communication system, and industry • The convergence of control networks with public and critical networks potentially exposes the control systems to additional security vulnerabilities • Use of wireless technology in critical systems expose vulnerable to attacks
Other Issues • Developing new virtual environments where the characteristics of critical infrastructures and their complexity could be mapped and visualized.
Crisis Management • Any crisis (natural or human made) impose high damage risk to Critical Infrastructure • Japan tsunami 2011
Systems-of-Systems Design Models systems interactions Check properties Of individual devices Of topological structure Test against security patterns Highlight potential security vulnerabilities
Security • Research in critical infrastructures should cover all the security aspects e.g. • Intrusion detection • Vulnerability analysis • Data protection solutions • ANIKETOS project • Comprised of 17 partners from across the EU • A €13.9 million project
Research Centre for Critical Infrastructure Computer Technology and Protection (PROTECT)
PROTECT Vision • Networked Appliances Laboratory (NAL) • Home networking and entertainment systems • Ubiquitous computing and biofeedback processing • Sensor networking and environmental monitoring • Network and Information Security Technology Laboratory (NISTL) • Identity management and system-of-systems security • Trust management and system monitoring • Security interfaces and reputation schemes • Computer forensics and digital rights management
PROTECT Vision • Computer Games Research Laboratory (CGRL) • Game and middleware engine development • Online game development and deployment • Peer-to-peer technologies and applied artificial intelligence • Interaction techniques between real and virtual environments • Serious games technologies applied to education and training, and digital interactive storytelling
Conclusion • Critical Infrastructure Challenges • Critical infrastructures strongly rely on systems and networks built over computing technologies and information systems. • These systems need to be protected and redesigned to cope against serious incidents and attacks. • Complexity and Interdependency between systems exist at every level. • Joint efforts of researchers from different disciplines is the way forward • Our vision • New modelling, design, and protection approaches • Regroup many research disciplines such as: distributed systems, digital communication, gaming technology data and system modelling