Discuss what type(s) of new countermeasures you believe should have been implemented to prevent the cyber attack described above from occurring.
This defense in depth discussion scenario is an intentional cybersecurity attack in Moline, IL on the water utility’s SCADA system. It occurs during the fall after a very dry summer. The water utility’s Information Technology (IT) person did not receive an expected pay raise and decides to reprogram the SCADA system to shut off the high-lift pumps. The operator’s familiarity with the SCADA system allows him to reprogram the alarms that typically notify operators of a high-lift pump failure. In addition, he prevents access to the SCADA system by others. A wildfire breaks out on the outskirts of the city. After reading about the principal of Depth in Chapter 6, consider possible countermeasures to such an attack.
Then, you must do the following:
Discuss what type(s) of new countermeasures you believe should have been implemented to prevent the cyber attack described above from occurring. Be specific in recommending countermeasures for this scenario.
Try to provide an example or two when you reference a source in a paper.
1
Copyright © 2012, Elsevier Inc.
All Rights Reserved
Chapter 6
Depth
Cyber Attacks Protecting National Infrastructure, 1st ed.
2
• Any layer of defense can fail at any time, thus the introduction of defense in depth
• A series of protective elements is placed between an asset and the adversary
• The intent is to enforce policy across all access points
Copyright © 2012, Elsevier Inc.
All rights Reserved
C h a p te
r 6 –
D e p th
Introduction
3
Fig. 6.1 – General defense in depth schema
Copyright © 2012, Elsevier Inc.
All rights Reserved
C h a p te
r 6 –
D e p th
4
• Quantifying the effectiveness of a layered defense is often difficult
• Effectiveness is best determined by educated guesses
• The following are relevant for estimating effectiveness – Practical experience
– Engineering analysis
– Use-case studies
– Testing and simulation
Copyright © 2012, Elsevier Inc.
All rights Reserved
C h a p te
r 6 –
D e p th
Effectiveness of Depth
5
Copyright © 2012, Elsevier Inc.
All rights Reserved
C h a p te
r 6 –
D e p th
Fig. 6.2 – Moderately effective single layer of protection
6
• When a layer fails, we can conclude it was either flawed or unsuited to the target environment
• No layer is 100% effective—the goal of making layers “highly” effective is more realistic
Copyright © 2012, Elsevier Inc.
All rights Reserved
C h a p te
r 6 –
D e p th
Effectiveness of Depth
7
Copyright © 2012, Elsevier Inc.
All rights Reserved
C h a p te
r 6 –
D e p th
Fig. 6.3 – Highly effective single layer of protection
8
Copyright © 2012, Elsevier Inc.
All rights Reserved
C h a p te
r 6 –
D e p th
Fig. 6.4 – Multiple moderately effective layers of protection
9
• A national authentication system for every citizen would remove the need for multiple passwords, passphrases, tokens, certificates, and biometrics that weaken security
• Single sign-on (SSO) would accomplish this authentication simplification objective
• However, SSO access needs to be part of a multilayered defense
Copyright © 2012, Elsevier Inc.
All rights Reserved
C h a p te
r 6 –
D e p th
Layered Authentication
10
Copyright © 2012, Elsevier Inc.
All rights Reserved
C h a p te
r 6 –
D e p th
Fig. 6.5 – Schema showing two layers of end-user authentication
11
Copyright © 2012, Elsevier Inc.
All rights Reserved
C h a p te
r 6 –
D e p th
Fig. 6.6 – Authentication options including direct mobile access
12
Layered E-Mail Virus and Spam Protection
• Commercial environments are turning to virtual, in- the-cloud solutions to filter e-mail viruses and spam
• To that security layer is added filtering software on individual computers
• Antivirus software helpful, but useless against certain attacks (like botnet)
Copyright © 2012, Elsevier Inc.
All rights Reserved
C h a p te
r 6 –
D e p th
13
Copyright © 2012, Elsevier Inc.
All rights Reserved
C h a p te
r 6 –
D e p th
Fig. 6.7 – Typical architecture with layered e-mail filtering
14
• Layering access controls increases security
• Add to this the limiting of physical access to assets
• For national infrastructure, assets should be covered by as many layers possible – Network-based firewalls
– Internal firewalls
– Physical security
Copyright © 2012, Elsevier Inc.
All rights Reserved
C h a p te
r 6 –
D e p th
Layered Access Controls
15
Fig. 6.8 – Three layers of protection using firewall and access controls
Copyright © 2012, Elsevier Inc.
All rights Reserved
C h a p te
r 6 –
D e p th
16
• Five encryption methods for national infrastructure protection – Mobile device storage
– Network transmission
– Secure commerce
– Application strengthening
– Server and mainframe data storage
Copyright © 2012, Elsevier Inc.
All rights Reserved
C h a p te
r 6 –
D e p th
Layered Encryption
17
Copyright © 2012, Elsevier Inc.
All rights Reserved
C h a p te
r 6 –
D e p th
Fig. 6.9 – Multple layers of encryption
18
• The promise of layered intrusion detection has not been fully realized, though it is useful
• The inclusion of intrusion response makes the layered approach more complex
• There are three opportunities for different intrusion detection systems to provide layered protection – In-band detection
– Out-of-band correlation
– Signature sharing
Copyright © 2012, Elsevier Inc.
All rights Reserved
C h a p te
r 6 –
D e p th
Layered Intrusion Detection
19
Copyright © 2012, Elsevier Inc.
All rights Reserved
C h a p te
r 6 –
D e p th
Fig. 6.10 – Sharing intrusion detection information between systems
20
• Developing a multilayered defense for national infrastructure would require a careful architectural analysis of all assets and protection systems – Identifying assets
– Subjective estimations
– Obtaining proprietary information
– Identifying all possible access paths
Copyright © 2012, Elsevier Inc.
All rights Reserved
C h a p te
r 6 –
D e p th
National Program of Depth