170 likes | 185 Views
Focus Group 1B Cybersecurity Dr. Bill Hancock, CISSP, CISM Cable & Wireless FG1B Chair bill.hancock@cw.com 972-740-7347. Purpose of Today’s Brief. Brief discussion of work completed for NRIC by FG1B Brief discussion on blended attacks
E N D
Focus Group 1B Cybersecurity Dr. Bill Hancock, CISSP, CISM Cable & Wireless FG1B Chair bill.hancock@cw.com 972-740-7347
Purpose of Today’s Brief • Brief discussion of work completed for NRIC by FG1B • Brief discussion on blended attacks • Request for approval of seven additional BPs since March, 2003 • Preparation for survey in 2004 • Recommendations for NRIC VII
Charter of FG1B • Generate Best Practices for cybersecurity • Telecommunications sector • Internet services • Propose New Actions (if needed) • Deliverables • December 2002 – prevention (105 BPs) • March 2003 – recovery (48 BPs) • December 2003 blended atack (7 BPs) • Have made all deliverables, complete and on-time
FG1B Outreach • Extensive outreach in the last 12 months • Most major telecommunications events • Standards organizations • Industry groups • Congressional testimony • Webinars • Industry trade publications • Writing (books, papers) • Email and phone support to implementers
Security Technologies risk assessment forensics privacy smart cards intrusion detection e-Business access controls digital signatures Application and Commerce Security Fraud & Risk Management spam applets Policy, Audit and Security Management PKI worms Audit Avoidance Reliance Identification Compliance Assurance Pattern matching Network Security Authentication Suppliers Content filtering Employees Privacy Authorization Partners Information flow Internet services viruses Customers Applications Data tokens VPNs biometrics firewalls e-Mail RAS web servers e-directories AberdeenGroup monitoring and reporting cryptography
BPs and Implementation Guidance + 1300 pages 160 BPs
Blended Attack BPs • Working with FG1A • Base definition: physical attack combined with a cyber attack to disable infrastructure in a meaningful and intense manner • Highly complex • Many potential combinations • Range from simple-to-do attacks to sophisticated variants
Type ASpecific Targeting Against a Technology Type • Definition: A coordinated attack against the physical and cyber attributes of a specific product or technology type • Examples: • Physical attack against an HVAC control system monitoring facility with a cyber attack against SNMP-managed HVAC entities at specific locations • Certificate authority server farm physical locations are attacked to access consoles and then used to “poison” root keys via cyber attack to disable all PKI and crypto-sharing entities
Type BSpecific Blended Attack Against Single Infrastructure Entity • Definition: Blended attack against a specific infrastructure entity by attacking the physical management control locations and simultaneously attacking management or control “plane” cyber entities • Examples: • Power grid – grid management locations are physically disabled with munitions and grid management network disabled via cyberattack (router table attack, autonomous malicious logic, etc.) • Telco NOC – NOC primary and backups attacked by physical attack and NOC management network and entities attacked by cyber attack • Airport – multi-spectrum wireless jamming of emergency voice/data wireless communications while physically attacking airport communications blockhouse facilities or fiber junctions • Manufacturing or process facility – main SCADA control facilities physically attacked and SCADA networks and interconnects suffer cyberattack to disable process control facilities throughout the network
Type CMulti-phased Sequenced Blended Attack Against Multiple Infrastructures • Definition: A coordinated physical and cyber attack against two or more different infrastructure constructs causing dependency outages/disruption that are difficult to manage or recover, causing grievous harm and economic disruption on a wide scale • Example: • Power and Telco: physical attacks (phase 1) to cut 345KVA power lines coordinated with a cyber attack (phase 2) ASN.1 vulnerability “worm” attack against Telco voice infrastructure • Telco voice and Internet: physical attacks against main NOC and hosting locations combined with ASN.1or similar cyberattacks against routers, switches and other interconnects to disrupt/disable separate voice and data networks simultaneously
Today’s Request: 7 New BPs • Mostly geared towards attack situations • Four for prevention • 6-6-8107 Pre-establish working relationships between cyber and physical security teams. • 6-6-8108 Authentication System Failure • 6-6-8109 Automated patching systems may be unauthenticated • 6-6-8110 News Disinformation • Three for recovery • 6-6-8564 Authentication System Failure • 6-6-8565 Automated patching systems may be unauthenticated • 6-6-8566 News Disinformation
2004 Survey Preparation • Fg1B or its equivalent NRIC VII will need to work extensively with the survey creation team • Do not expect quick adoption of some cybersecurity BPs due to complexity and technology issues • Security is a process with many solutions along the path…
FG1B Recommendations for NRIC VII • Most of these were provided in our March 2003 documentation • Work for NRIC VII will need to include these items, some of which are long-term issues • Establish a working relationship with DHS cybersecurity teams due to long-term “heavy lift” of some popular and extensively used technologies that require a lot of R&D and engineering work over the next few years • New recommendations: • “Clean and scrub” of all BPs from NRIC I-VII to consolidate BPs and repair conflicts • Identify specific action plans for “heavy lift” efforts • Work on evangelism of use of FG1B BPs throughout all areas of US Government and all network environments (many apply to any organization which uses network technologies) • Accelerate efforts on blended attack BPs
Focus Group 1B Cybersecurity Dr. Bill Hancock, CISSP, CISM Cable & Wireless FG1B Chair bill.hancock@cw.com 972-740-7347