This document discusses cybersecurity threats facing critical US infrastructure sectors. It outlines several major threat actors including hackers, insider threats, hacktivists, foreign and state-sponsored espionage, and terrorists. It then examines specific cyber threats like Trojans, viruses, worms, DDoS attacks, and zero-day vulnerabilities. The document outlines critical infrastructure sectors including government, military, energy, transportation, finance, healthcare, and identifies recent cyber incidents targeting these sectors. It emphasizes the importance of securing critical infrastructure and outlines the roles of government agencies like DHS and initiatives like the CIS critical security controls in improving cybersecurity.
Critical Infrastructure Sectors as Targets and Recent Cybersecurity Examples
1. Chuck Brooks
Vice President
Sutherland Government Solutions
Wed, October 12, 2016
Terrorism and non-state actors
The US Critical Infrastructure
Sectors as Targets and Recent
Examples
2. • “A few lines of code can wreak more havoc than a bomb.”
Hon. Tom Ridge (Former) Secretary of the U.S. Department of
Homeland Security
• “The Internet was not built for security, yet we have made it the
backbone of virtually all private-sector and government
operations, as well as communications. Pervasive connectivity
has brought dramatic gains in productivity and pleasure but has
created equally dramatic vulnerabilities. Huge heists of personal
information are common, and cybertheft of intellectual property
and infrastructure penetrations continue at a frightening pace.”
Joel Brenner, the former counsel to the National Security Agency
The Cyber Threat
6. Cyber-Threats
• Trojan. A Trojan is one of the most complicated threats among all. Most of the
popular banking threats come from the Trojan family such as Zeus and SpyEye.
• Virus. A Virus is a malicious program where it replicates itself and aim to only
destroy a computer. The ultimate goal of a virus is to ensure that the victim’s
computer will never be able to operate properly or even at all.
• Worms; They can spread from one computer to another computer within a
network or even the internet. The computer security risk here is, it will use up
your computer hard disk space due to the replication and took up most of your
bandwidth due to the spread.
• DDoS (Distributed Denial of Service) sends millions of traffic to a single server to
cause the system to down with certain security feature disable so that they can
do their data stealing.
• A Zero-day Vulnerability refers to a hole in software that is unknown to the
vendor, which can be exploited by hackers before the vendor becomes aware and
hurries to patch it up. They are becoming an increasingly powerful weapon of
cyber espionage as countries become more connected to the internet
7. Cyber-Threats
• Spyware Is a Malware which is designed to spy on the victim’s computer
• Botnet. Botnet is something which is installed by a BotMaster to take
control of all the computer bots via the Botnet infection
• Phishing. A fake website which is designed to look almost like the actual
website is a form of phishing attack. The idea of this attack is to trick the
user into entering their username and password into the fake login form
which serves the purpose of stealing the identity of the victim
• Ransomware: in which hackers hold computers and even entire networks
hostage for electronic cash payments. Ransomware has been around for
more than a decade, but attacks have exploded in the past couple of years
Researchers have seen a 3,500% increase in the criminal use of ransomware
.
9. Securing Critical Infrastructure
• Government
• Military: Secrets, tactics, location of forces, tampering
• Power Grid: Generator controls, power distribution controls
• Telecommunications: Phone, internet connectivity
• Transportation: Air traffic control, railway, bridge and highway, radar
• Energy/Fuel Supply: Locations of pipelines, types of fuel and amounts
• Banking and Finance: Asset protection, stock market
• Emergency Services: 911 system, disaster response, first
responder coordination, deployment and locations
• Food and Water Infrastructure: Food and water distribution, process
10. Securing Critical Infrastructure
• The number of cyber incidents reported by federal agencies jumped
more than 1,300 percent, from 5,503 to 77,183, over the 10 years
through fiscal 2015
• Ransomware attacks on government agencies around the world have
tripled in the past year
• About 4 percent of government agencies had been exposed to
Nymaim, and 3 percent to Locky, both ransomware strains
• OPM Breach - heist of data on 22 million current and former federal
employees
• Elections: In Illinois and Kansas registration databases were
suspected of being hacked. Illinois hackers managed to download
personal data on up to 200,000 state voters
• There is only one way to protect the voting system from a nation-
state-funded cyberattack," "Use paper."
11. • Cybersecurity, information assurance, and resilience has become one
of the largest areas of government spending at all agencies and is
consistently ranked the top priority among government and industry
CIOs in surveys
• In the U.S., most -approximately 85 per cent of the cybersecurity
critical infrastructure is owned by the private sector and regulated by
the public sector
• In 2013, President Obama issued Executive Order 13636 (“Improving
Critical Infrastructure Cyber-security”) called for the establishment of a
voluntary risk-based cyber-security framework between the private and
public sectors
• Incident response to Industrial Control Systems -Supervisory Control
and Data Acquisition (SCADA)
• The leader civilian agency in the government for public/private
cooperation in cybersecurity is the Department of Homeland Security
(DHS).
Cybersecurity -- Role of Government
12. Critical Security Controls
The CIS Critical Security Controls are a recommended set of actions for cyber defense
that provide specific and actionable ways to stop today's most pervasive and dangerous
attacks (APTs – Advanced Persistent Threats)
1: Inventory of Authorized and Unauthorized Devices
2: Inventory of Authorized and Unauthorized Software
3: Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and
Servers
4: Continuous Vulnerability Assessment and Remediation
5: Malware Defenses
6: Application Software Security
7: Wireless Access Control
8: Data Recovery Capability
9: Security Skills Assessment and Appropriate Training to Fill Gaps
10: Secure Configurations for Network Devices such as Firewalls, Routers, and Switches
11: Limitation and Control of Network Ports, Protocols, and Services
12: Controlled Use of Administrative Privileges
13: Boundary Defense
14: Maintenance, Monitoring, and Analysis of Audit Logs
15: Controlled Access Based on the Need to Know
16: Account Monitoring and Control
17: Data Protection
18: Incident Response and Management
19: Secure Network Engineering
20: Penetration Tests and Red Team Exercises
13. Cybersecurity -DHS
• DHS is responsible for overseeing the protection of the.gov domain
and for providing assistance and expertise to private sector owners
and operators. The agency’s work benefits the information
technology community and the public at-large.
• DHS plays a key role in securing the federal government's civilian
cyber networks and helping to secure the broader cyber ecosystem
• US-CERT is responsible for analyzing and reducing cyber threats,
vulnerabilities, disseminating cyber threat warning information,
and coordinating incident response activities. The division brings
advanced network and digital media analysis expertise to bear on
malicious activity targeting the networks within the United States
and abroad
14. Energy
• Protecting The Grid
• Utilities and Power Plants
• Solar Energy
• Data Centers
• Water Systems
• Oil, Gas & Coal (Logistics)
15. • “China and one or two other countries have the ability to launch a cyber
attack that could shut down the entire U.S. power grid and other critical
infrastructure” Admiral Mike Rodgers, head of the National Security
Agency (NSA) and U.S. Cyber Command
• US Department of Homeland Security’s Cybersecurity Emergency
Response Team responded to 295 cyber incidents in the energy sector in
2015
• The frequency, sophistication and costs of data breaches are increasing,
says the World Energy Council, and the world’s first publicly-
acknowledged power outage caused by hackers has taken place in
Ukraine
• In South Korea last year hackers targeted Korea Hydro and Nuclear Power
Company, trying to cause nuclear reactors to malfunction
• An attack on a nuclear plant could lead to a core meltdown and dispersal
of radioactivity, says the report, while attacks on other critical energy
infrastructure could threaten a country’s economy, public safety and
national defense
Energy
16. • Mobile payments/transactions
• Mobile banking
• ATMS
• Identity Theft:
• Identity management Biometric Security: access control
facial recognition, voice recognition, iris and retina
scanners, fingerprint sensors on tablets and smartphones –
pass keys
• Retail Commerce
• Stock Markets
Finance/Commerce
17. • A sophisticated hacking scheme targeted the Bangladesh central bank
($81M stolen) in March 2016
• In March 2016, the U.S. Justice Department indicted seven hackers tied to
the Iranian regime These hackers staged a coordinated cyber attack that
targeted 46 major financial institutions and a dam outside of New York City
• According to Websense Security Labs, the average number of attacks
against financial services institutions is four times higher than that of
companies in other industries
• The Federal Bureau of Investigation estimated that more than 500 million
financial records were hacked in 2013
• According to the Ponemon Institute, over 43% of companies had breaches
last year (including mega companies such as Home Depot, JPMorgan, and
Target
• According to the Center For Strategic and International Studies (CSIS),
cyber related crime now costs the global economy about $445 billion every
year
Finance/Commerce
18. • The cybersecurity healthcare landscape has many facets. These
include the information security networks of medical facilities and
hospitals, medical equipment and devices, and protection of the
sensitive data and privacy of patients
• Interconnected Hospital networks with multiple devices
• Health- Implantable devices; (bionic eyes, limbs)
• Remote sensing tech (Wearables)
• Telemedicine
• Real-time biomarker tracking and monitoring
• Refrigeration and storage
Health & Medicine
19. • Last year, a series of hospitals fell victim to ransomware attacks;
one, the Hollywood Presbyterian Medical Center, paid the $17,000
ransom to unlock critical medical information
• Another US hospital, Boston Children’s Hospital was the target of
a series of breaches including distributed denial of service
attacks. Medical institutions in Europe and Canada have also been
subjected to intrusions.
• Healthcare data is highly valuable to hackers because they can
sell it for a high price on the black market
• In 2015 36% of breaches included medical records
Health & Medicine
20. • A “connected transportation system,” and more specifically
“connected cars” allow for safer and more efficient urban
mobility. Connected car technology is evolving rapidly and is
now being tested
• A group of Virginia-based researchers funded by the Defense
Department found that it is relatively easy to remotely hack into a
driverless car’s control system
Aviation:
• LOT Polish Airlines had its flight operations system hacked,
resulting in disruption or cancellation of 22 flights
• American security researcher Chris Roberts claims to have
accessed flight-critical controls through the in-flight
entertainment system
Transportation
22. • Cisco predicts that 50 billion devices (including our smartphones,
appliances, and office equipment) will be wirelessly connected via a
network of sensors to the internet by 2020
• How do we protect cascading interconnectivity?
IoT Verticals:
• Smart Cities
• Facilities & infrastructure management
• Industrial applications
• Energy (smart grid)
• Medical & healthcare
• Transportation
• Building/construction (smart buildings)
• Environment (waste management)
• Water resources
• Retail and supply chain,
• Communications
• Education (learning analytics)
The Digital age and “The Internet of Things”
25. • Defining and monitoring the threat landscape
• Risk Management (identifying, assessing and responding to
threats- i.e. NIST Framework: Identify, Protect, Detect, Respond,
Recover)
• Protecting critical infrastructure through rapid proto-typing of
technologies and Public/Private cooperation
• Modernizing security Architectures
• Better encryption and biometrics (quantum encryption, keyless
authentication)
• Automated network-security correcting systems (self-encrypting
drives)
Cybersecurity Priorities
26. • Technologies for continuous “real time” horizon scanning and
monitoring of networks
• Access Management and Control
• Endpoint protection
• Diagnostics, data analytics, and forensics (network traffic
analysis, payload analysis, and endpoint behavior analysis)
• Advanced defense for framework layers (network, payload,
endpoint, firewalls, and anti-virus)
• Enterprise and client Network isolation to protect against
malware, botnets, insider threats
• Forensics
Cybersecurity Priorities
27. Sutherland Government Solutions, Inc. (SGSI) mission is to ensure government can
meet its vision of fully responding to citizen mandates. As a trusted partner, we
enable government to succeed by providing smart, affordable and highly
responsive customer care processes and solutions.
Our Industry experience instills confidence in constituent oriented government
operations. SGSI’s capabilities include rapidly deploying major contact centers,
integrating citizen-centric IT services, and processing health and insurance benefit
claims. SGSI’s technology-enabled services are performance force multipliers for
government, especially in times of budget constraint.
Sutherland's Services for Government Include:
• Multi-Channel Constituent Relations
• Veterans Choice: Customer Care
• Healthcare & Insurance Claims Processing
• Revenue Cycle Management
• Analytics
• IT Service Desks & Contact Centers
• System Integration
28. Charles (Chuck) Brooks serves as the Vice President for Government Relations & Marketing for
Sutherland Global Services. Chuck leads Federal and State & Local Government relations
activities. He is also responsible for the Marketing portfolio (Media, PR, Digital Outreach, Thought
Leadership, Strategic Partnering, Branding) for the Federal and State & Local markets. Chuck is
Chairman of the CompTIA Emerging Technologies Committee also serves on Boards to several
prominent public and private companies and organizations. Chuck has extensive service in Senior
Executive Management, Marketing, Government Relations, and Business Development and worked
in those capacities for three large public corporations. In government, he served at the Department
of Homeland Security as the first Director of Legislative Affairs for the Science & Technology
Directorate. He also spent six years on Capitol Hill as a Senior Advisor to the late Senator Arlen
Specter where he covered foreign affairs, business, and technology issues. In academia, Chuck
was an Adjunct Faculty Member at Johns Hopkins University where he taught graduate level
students about homeland security and Congress. He has an MA in International relations from the
University of Chicago, and a BA in Political Science from DePauw University, and a Certificate in
International Law from The Hague. He is widely published on topics o fhomeland security,
cybersecurity, and emerging technologies.
Twitter: @ChuckDBrooks
Linked in Profile: http://www.linkedin.com/in/chuckbrooks
Email: Charles.Brooks@sutherlandglobal.com
Chuck Brooks Bio:
29. The problems that
exist in the world
today cannot be
solved by the level of
thinking that created
them.