Research paper – APA format

Description


Choose the Research topic from the attachments.




For this Assignment, you will prepare a Research Paper (4-5 pages not including the title or reference pages) of your choosing related to a topics that has been covered during the Lessons 1 – 4. The paper will be:


clear

: it provides enough specifics that one’s audience can easily understand its purpose without needing additional explanation.


focused

: it is narrow enough that it can be answered thoroughly in the space the writing task allows.


concise

: it is expressed in the fewest possible words.


Complex

: it is not answerable with a simple “yes” or “no,” but rather requires synthesis and analysis of ideas and sources prior to composition of an answer.


arguable

: its potential answers are open to debate rather than accepted facts.

Cyber Attacks
Protecting National Infrastructure, 1st ed.
Chapter 1
Introduction
Copyright © 2012, Elsevier Inc.
All Rights Reserved
1
• National infrastructure
– Refers to the complex, underlying delivery and support
systems for all large-scale services considered absolutely
essential to a nation
Chapter 1 – Introduction
Introduction
• Conventional approach to cyber security not enough
• New approach needed
– Combining best elements of existing security techniques
with challenges that face complex, large-scale national
services
Copyright © 2012, Elsevier Inc.
All rights Reserved
2
Copyright © 2012, Elsevier Inc.
All rights Reserved
Chapter 1 – Introduction
Fig. 1.1 – National infrastructure
cyber and physical attacks
3
Copyright © 2012, Elsevier Inc.
All rights Reserved
Chapter 1 – Introduction
Fig. 1.2 – Differences between
small- and large-scale cyber security
4
• Three types of malicious adversaries
Chapter 1 – Introduction
National Cyber Threats,
Vulnerabilities, and Attacks
– External adversary
– Internal adversary
– Supplier adversary
Copyright © 2012, Elsevier Inc.
All rights Reserved
5
Copyright © 2012, Elsevier Inc.
All rights Reserved
Chapter 1 – Introduction
Fig. 1.3 – Adversaries and
exploitation points in national
infrastructure
6
• Three exploitation points
Chapter 1 – Introduction
National Cyber Threats,
Vulnerabilities, and Attacks
– Remote access
– System administration and normal usage
– Supply chain
Copyright © 2012, Elsevier Inc.
All rights Reserved
7
• Infrastructure threatened by most common security
concerns:




Chapter 1 – Introduction
National Cyber Threats,
Vulnerabilities, and Attacks
Confidentiality
Integrity
Availability
Theft
Copyright © 2012, Elsevier Inc.
All rights Reserved
8
• What is a botnet attack?
– The remote collection of compromised end-user machines
(usually broadband-connected PCs) is used to attack a
target.
– Sources of attack are scattered and difficult to identify
– Five entities that comprise botnet attack: botnet operator,
botnet controller, collection of bots, botnot software drop,
botnet target
Copyright © 2012, Elsevier Inc.
All rights Reserved
Chapter 1 – Introduction
Botnet Threat
9
• Five entities that comprise botnet attack:





Botnet operator
Botnet controller
Collection of bots
Botnot software drop
Botnet target
Chapter 1 – Introduction
Botnet Threat
• Distributed denial of service (DDOS) attack: bots
create “cyber traffic jam”
Copyright © 2012, Elsevier Inc.
All rights Reserved
10
Copyright © 2012, Elsevier Inc.
All rights Reserved
Chapter 1 – Introduction
Fig. 1.4 – Sample DDOS attack from a
botnet
11
• Ten basic design and operation principles:





Deception
Separation
Diversity
Commonality
Depth





Chapter 1 – Introduction
National Cyber Security
Methodology Components
Discretion
Collection
Correlation
Awareness
Response
Copyright © 2012, Elsevier Inc.
All rights Reserved
12
• Deliberately introducing misleading functionality or
misinformation for the purpose of tricking an
adversary
Chapter 1 – Introduction
Deception
– Computer scientists call this functionality a honey pot
• Deception enables forensic analysis of intruder
activity
• The acknowledged use of deception may be a
deterrent to intruders (every vulnerability may
actually be a trap)
Copyright © 2012, Elsevier Inc.
All rights Reserved
13
Copyright © 2012, Elsevier Inc.
All rights Reserved
Chapter 1 – Introduction
Fig. 1.5 – Components of an interface
with deception
14
• Separation involves enforced access policy
restrictions on users and resources in a computing
environment
Chapter 1 – Introduction
Separation
• Most companies use enterprise firewalls, which are
complemented by the following:
– Authentication and identity management
– Logical access controls
– LAN controls
– Firewalls
Copyright © 2012, Elsevier Inc.
All rights Reserved
15
Copyright © 2012, Elsevier Inc.
All rights Reserved
Chapter 1 – Introduction
Fig. 1.6 – Firewall enhancements for
national infrastructure
16
• Diversity is the principle of using technology and
systems that are intentionally different in substantive
ways.
• Diversity hard to implement
Chapter 1 – Introduction
Diversity
– A single software vendor tends to dominate the PC
operating system business landscape
– Diversity conflicts with organizational goals of simplifying
supplier and vendor relationships
Copyright © 2012, Elsevier Inc.
All rights Reserved
17
Copyright © 2012, Elsevier Inc.
All rights Reserved
Chapter 1 – Introduction
Fig. 1.7 – Introducing diversity to
national infrastructure
18
• Consistency involves uniform attention to security
best practices across national infrastructure
components
• Greatest challenge involves auditing
• A national standard is needed
Copyright © 2012, Elsevier Inc.
All rights Reserved
Chapter 1 – Introduction
Commonality
19
• Depth involves using multiple security layers to
protect national infrastructure assets
• Defense layers are maximized by using a combination
of functional and procedural controls
Copyright © 2012, Elsevier Inc.
All rights Reserved
Chapter 1 – Introduction
Depth
20
Copyright © 2012, Elsevier Inc.
All rights Reserved
Chapter 1 – Introduction
Fig. 1.8 – National infrastructure
security through defense in depth
21
• Discretion involves individuals and groups making
good decisions to obscure sensitive information
about national infrastructure
• This is not the same as “security through obscurity”
Copyright © 2012, Elsevier Inc.
All rights Reserved
Chapter 1 – Introduction
Discretion
22
• Collection involves automated gathering of systemrelated information about national infrastructure to
enable security analysis
• Data is processed by a security information
management system.
• Operational challenges
Chapter 1 – Introduction
Collection
– What type of information should be collected?
– How much information should be collected?
Copyright © 2012, Elsevier Inc.
All rights Reserved
23
Copyright © 2012, Elsevier Inc.
All rights Reserved
Chapter 1 – Introduction
Fig. 1.9 – Collecting national
infrastructure-related security
information
24
• Correlation involves a specific type of analysis that
can be performed on factors related to national
infrastructure protection
Chapter 1 – Introduction
Correlation
– This type of comparison-oriented analysis is indispensable
• Past initiatives included real-time correlation of data
at fusion center
– Difficult to implement
Copyright © 2012, Elsevier Inc.
All rights Reserved
25
Copyright © 2012, Elsevier Inc.
All rights Reserved
Chapter 1 – Introduction
Fig. 1.10 – National infrastructure highlevel correlation approach
26
• Awareness involves an organization understanding
the differences between observed and normal status
in national infrastructure
• Most agree on the need for awareness, but how can
awareness be achieved?
Copyright © 2012, Elsevier Inc.
All rights Reserved
Chapter 1 – Introduction
Awareness
27
Copyright © 2012, Elsevier Inc.
All rights Reserved
Chapter 1 – Introduction
Fig. 1.11 – Real-time situation
awareness process flow
28
• Response involves the assurance that processes are
in place to react to any security-related indicator
Chapter 1 – Introduction
Response
– Indicators should flow from the awareness layer
• Current practice in smaller corporate environments
of reducing “false positives” by waiting to confirm
disaster is not acceptable for national infrastructure
Copyright © 2012, Elsevier Inc.
All rights Reserved
29
Copyright © 2012, Elsevier Inc.
All rights Reserved
Chapter 1 – Introduction
Fig. 1.12 – National infrastructure
security response approach
30




Commissions and groups
Information sharing
International cooperation
Technical and operational costs
Copyright © 2012, Elsevier Inc.
All rights Reserved
Chapter 1 – Introduction
Implementing the Principles
Nationally
31
Cyber Attacks
Protecting National Infrastructure, 1st ed.
Chapter 2
Deception
Copyright © 2012, Elsevier Inc.
All Rights Reserved
1
• Deception is deliberately misleading an adversary by
creating a system component that looks real but is in
reality a trap
Chapter 2 – Deception
Introduction
– Sometimes called a honey pot
• Deception helps accomplish the following security
objectives




Attention
Energy
Uncertainty
Analysis
Copyright © 2012, Elsevier Inc.
All rights Reserved
2
• If adversaries are aware that perceived vulnerabilities
may, in fact, be a trap, deception may defuse actual
vulnerabilities that security mangers know nothing
about.
Copyright © 2012, Elsevier Inc.
All rights Reserved
Chapter 2 – Deception
Introduction
3
Copyright © 2012, Elsevier Inc.
All rights Reserved
Chapter 2 – Deception
Fig. 2.1 – Use of deception in
computing
4
• Four distinct attack stages:




Scanning
Discovery
Exploitation
Exposing
Copyright © 2012, Elsevier Inc.
All rights Reserved
Chapter 2 – Deception
Introduction
5
Copyright © 2012, Elsevier Inc.
All rights Reserved
Chapter 2 – Deception
Fig. 2.2 – Stages of deception for
national infrastructure protection
6
• Adversary is scanning for exploitation points
– May include both online and offline scanning
Chapter 2 – Deception
Scanning Stage
• Deceptive design goal: Design an interface with the
following components
– Authorized services
– Real vulnerabilities
– Bogus vulnerabilities
• Data can be collected in real-time when adversary
attacks honey pot
Copyright © 2012, Elsevier Inc.
All rights Reserved
7
Copyright © 2012, Elsevier Inc.
All rights Reserved
Chapter 2 – Deception
Fig. 2.3 – National asset service
interface with deception
8
• Deliberately inserting an open service port on an
Internet-facing server is the most straightforward
deceptive computing practice
• Adversaries face three views
– Valid open ports
– Inadvertently open ports
– Deliberately open ports connected to honey pots
• Must take care the real assets aren’t put at risk by
bogus ports
Copyright © 2012, Elsevier Inc.
All rights Reserved
Chapter 2 – Deception
Deliberately Open Ports
9
Copyright © 2012, Elsevier Inc.
All rights Reserved
Chapter 2 – Deception
Fig. 2.4 – Use of deceptive bogus
ports to bogus assets
10
Copyright © 2012, Elsevier Inc.
All rights Reserved
Chapter 2 – Deception
Fig. 2.5 – Embedding a honey pot
server into a normal server complex
11
• The discovery stage is when an adversary finds and
accepts security bait embedded in the trap
• Make adversary believe real assets are bogus
Chapter 2 – Deception
Discovery Stage
– Sponsored research
– Published case studies
– Open solicitations
• Make adversary believe bogus assets are real
– Technique of duplication is often used for honey pot
design
Copyright © 2012, Elsevier Inc.
All rights Reserved
12
Copyright © 2012, Elsevier Inc.
All rights Reserved
Chapter 2 – Deception
Fig. 2.6 – Duplication in honey pot
design
13
• Creation and special placement of deceptive
documents can be used to trick an adversary
(Especially useful for detecting a malicious insider)
Chapter 2 – Deception
Deceptive Documents
– Only works when content is convincing and
– Protections appear real
Copyright © 2012, Elsevier Inc.
All rights Reserved
14
Copyright © 2012, Elsevier Inc.
All rights Reserved
Chapter 2 – Deception
Fig. 2.7 – Planting a bogus document
in protected enclaves
15
• This stage is when an adversary exploits a discovered
vulnerability
Chapter 2 – Deception
Exploitation Stage
– Early activity called low radar actions
– When detected called indications and warnings
• Key requirement: Any exploitation of a bogus asset
must not cause disclosure, integrity, theft, or
availability problems with any real asset
Copyright © 2012, Elsevier Inc.
All rights Reserved
16
Copyright © 2012, Elsevier Inc.
All rights Reserved
Chapter 2 – Deception
Fig. 2.8 – Pre- and post-attack stages
at the exploitation stage
17
• Related issue: Intrusion detection and incident
response teams might be fooled into believing trap
functionality is real. False alarms can be avoided by




Chapter 2 – Deception
Exploitation Stage
Process coordination
Trap isolation
Back-end insiders
Process allowance
Copyright © 2012, Elsevier Inc.
All rights Reserved
18
• Understand adversary behavior by comparing it in
different environments.
• The procurement lifecycle is one of the most
underestimated components in national
infrastructure protection (from an attack
perspective)
Copyright © 2012, Elsevier Inc.
All rights Reserved
Chapter 2 – Deception
Procurement Tricks
19
Copyright © 2012, Elsevier Inc.
All rights Reserved
Chapter 2 – Deception
Fig. 2.9 – Using deception against
malicious suppliers
20
• The deception lifecycle ends with the adversary
exposing behavior to the deception operator
• Therefore, deception must allow a window for
observing that behavior
Chapter 2 – Deception
Exposing Stage
– Sufficient detail
– Hidden probes
– Real-time observation
Copyright © 2012, Elsevier Inc.
All rights Reserved
21
Copyright © 2012, Elsevier Inc.
All rights Reserved
Chapter 2 – Deception
Fig. 2.10 – Adversary exposing stage
during deception
22
• Gathering of forensic evidence relies on
understanding how systems, protocols, and services
interact




Chapter 2 – Deception
Interfaces Between
Humans and Computers
Human-to-human
Human-to-computer
Computer-to-human
Computer-to-computer
• Real-time forensic analysis not possible for every
scenario
Copyright © 2012, Elsevier Inc.
All rights Reserved
23
Copyright © 2012, Elsevier Inc.
All rights Reserved
Chapter 2 – Deception
Fig. 2.11 – Deceptively exploiting the
human-to-human interface
24
• Programs for national deception would be better
designed based on the following assumptions:
Chapter 2 – Deception
National Deception Program
– Selective infrastructure use
– Sharing of results and insights
– Reuse of tools and methods
• An objection to deception that remains is that it is
not effective against botnet attacks
– Though a tarpit might degrade the effectiveness of a
botnet
Copyright © 2012, Elsevier Inc.
All rights Reserved
25
Cyber Attacks
Protecting National Infrastructure, 1st ed.
Chapter 3
Separation
Copyright © 2012, Elsevier Inc.
All Rights Reserved
1
• Using a firewall to separate network assets from
intruders is the most familiar approach in cyber
security
• Networks and systems associated with national
infrastructure assets tend to be too complex for
firewalls to be effective
Copyright © 2012, Elsevier Inc.
All rights Reserved
Chapter 3 – Separation
Introduction
2
• Three new approaches to the use of firewalls are
necessary to achieve optimal separation
Chapter 3 – Separation
Introduction
– Network-based separation
– Internal separation
– Tailored separation
Copyright © 2012, Elsevier Inc.
All rights Reserved
3
Copyright © 2012, Elsevier Inc.
All rights Reserved
Chapter 3 – Separation
Fig. 3.1 – Firewalls in simple and
complex networks
4
• Separation is a technique that accomplishes one of
the following
Chapter 3 – Separation
What Is Separation?
– Adversary separation
– Component distribution
Copyright © 2012, Elsevier Inc.
All rights Reserved
5
• A working taxonomy of separation techniques: Three
primary factors involved in the use of separation
Chapter 3 – Separation
What Is Separation?
– The source of the threat
– The target of the security control
– The approach used in the security control
(See figure 3.2)
Copyright © 2012, Elsevier Inc.
All rights Reserved
6
Copyright © 2012, Elsevier Inc.
All rights Reserved
Chapter 3 – Separation
Fig. 3.2 – Taxonomy of separation
techniques
7
• Separation is commonly achieved using an access
control mechanism with requisite authentication and
identity management
• An access policy identifies desired allowances for
users requesting to perform actions on system
entities
• Two approaches
Chapter 3 – Separation
Functional Separation?
– Distributed responsibility
– Centralized control
– (Both will be required)
Copyright © 2012, Elsevier Inc.
All rights Reserved
8
Copyright © 2012, Elsevier Inc.
All rights Reserved
Chapter 3 – Separation
Fig. 3.3 – Distributed versus centralized
mediation
9
• Firewalls are placed between a system or enterprise
and an un-trusted network (say, the Internet)
• Two possibilities arise
Chapter 3 – Separation
National Infrastructure Firewalls
– Coverage: The firewall might not cover all paths
– Accuracy: The firewall may be forced to allow access that
inadvertently opens access to other protected assets
Copyright © 2012, Elsevier Inc.
All rights Reserved
10
Copyright © 2012, Elsevier Inc.
All rights Reserved
Chapter 3 – Separation
Fig. 3.4 – Wide area firewall
aggregation and local area firewall
segregation
11
• Increased wireless connectivity is a major challenge
to national infrastructure security
• Network service providers offer advantages to
centralized security
Chapter 3 – Separation
National Infrastructure Firewalls
– Vantage point: Network service providers can see a lot
– Operations: Network providers have operational capacity
to keep security software current
– Investment: Network service providers have the financial
wherewithal and motivation to invest in security
Copyright © 2012, Elsevier Inc.
All rights Reserved
12
Copyright © 2012, Elsevier Inc.
All rights Reserved
Chapter 3 – Separation
Fig. 3.5 – Carrier-centric network-based
firewall
13
• Network-based firewall concept includes device for
throttling distributed denial of service (DDOS) attacks
• Called a DDOS filter
• Modern DDOS attacks take into account a more
advanced filtering system
Copyright © 2012, Elsevier Inc.
All rights Reserved
Chapter 3 – Separation
DDOS Filtering
14
Copyright © 2012, Elsevier Inc.
All rights Reserved
Chapter 3 – Separation
Fig. 3.6 – DDOS filtering of inbound
attacks on target assets
15
• SCADA – Supervisory control and data acquisition
• SCADA systems – A set of software, computer, and
networks that provide remote coordination of
control system for tangible infrastructures
• Structure includes the following




Chapter 3 – Separation
SCADA Separation Architecture
Human-machine interface (HMI)
Master terminal unit (MTU)
Remote terminal unit (RTU)
Field control systems
Copyright © 2012, Elsevier Inc.
All rights Reserved
16
Copyright © 2012, Elsevier Inc.
All rights Reserved
Chapter 3 – Separation
Fig. 3.7 – Recommended SCADA system
firewall architecture
17
• Why not simply unplug a system’s external
connections? (Called air gapping)
• As systems and networks grow more complex, it
becomes more likely that unknown or unauthorized
external connections will arise
• Basic principles for truly air-gapped networks:




Chapter 3 – Separation
Physical Separation
Clear policy
Boundary scanning
Violation consequences
Reasonable alternatives
Copyright © 2012, Elsevier Inc.
All rights Reserved
18
Copyright © 2012, Elsevier Inc.
All rights Reserved
Chapter 3 – Separation
Fig. 3.8 – Bridging an isolated network
via a dual-homing user
19




Hard to defend against a determined insider
Threats may also come from trusted partners
Background checks are a start
Techniques for countering insider attack




Chapter 3 – Separation
Insider Separation
Internal firewalls
Deceptive honey pots
Enforcement of data markings
Data leakage protection (DLP) systems
• Segregation of duties offers another layer of
protection
Copyright © 2012, Elsevier Inc.
All rights Reserved
20
Copyright © 2012, Elsevier Inc.
All rights Reserved
Chapter 3 – Separation
Fig. 3.9 – Decomposing work functions
for segregation of duty
21
• Involves the distribution, replication, decomposition,
or segregation of national assets
Chapter 3 – Separation
Asset Separation
– Distribution: creating functionality using multiple
cooperating components that work together as distributed
system
– Replication: copying assets across components so if one
asset is broken, the copy will be available
– Decomposition: breaking complex assets into individual
components so an isolated compromise won’t bring down
asset
– Segregation: separation of assets through special access
controls, data markings, and policy enforcement
Copyright © 2012, Elsevier Inc.
All rights Reserved
22
Copyright © 2012, Elsevier Inc.
All rights Reserved
Chapter 3 – Separation
Fig. 3.10 – Reducing DDOS risk through
CDN-hosted content
23
• Typically, mandatory access controls and audit trail
hooks were embedded into the underlying operating
system kernel
• Popular in the 1980s and 1990s
Copyright © 2012, Elsevier Inc.
All rights Reserved
Chapter 3 – Separation
Multilevel Security (MLS)
24
Copyright © 2012, Elsevier Inc.
All rights Reserved
Chapter 3 – Separation
Fig. 3.11 – Using MLS logical separation
to protect assets
25
• Internet separation: Certain assets simply shouldn’t
be accessible from the Internet
• Network-based firewalls: These should be managed
by a centralized group
• DDOS protection: All assets should have protection in
place before an attack
• Internal separation: Critical national infrastructure
settings need an incentive to implement internal
separation policy
• Tailoring requirements: Vendors should be
incentivized to build tailored systems such as firewalls
for special SCADA environments
Copyright © 2012, Elsevier Inc.
All rights Reserved
Chapter 3 – Separation
National Separation Program
26
Cyber Attacks
Protecting National Infrastructure, 1st ed.
Chapter 4
Diversity
Copyright © 2012, Elsevier Inc.
All Rights Reserved
1
• The securing any set of national assets should
include a diversity strategy
• The deliberate introduction of diversity into national
infrastructure to increase security has not been well
explored
• Two system are considered diverse if their key
attributes differ
• Diversity bucks the trend to standardize assets for
efficiency’s sake
Copyright © 2012, Elsevier Inc.
All rights Reserved
Chapter 4 – Diversity
Introduction
2
Copyright © 2012, Elsevier Inc.
All rights Reserved
Chapter 4 – Diversity
Fig. 4.1 – Diverse and nondiverse
components through attribute
differences
3
• Worm propagation is an example of an attack that
relies on a nondiverse target environment
• Worm functionality in three steps:
Chapter 4 – Diversity
Diversity and Worm Propagation
– Step #1: Find a target system on the network for
propagation of worm program
– Step #2: Copy program to that system
– Step #3: Remotely execute program
– Repeat
• Diversity may be expensive to introduce, but saves
money on response costs in the long run
Copyright © 2012, Elsevier Inc.
All rights Reserved
4
Copyright © 2012, Elsevier Inc.
All rights Reserved
Chapter 4 – Diversity
Fig. 4.2 – Mitigating worm activity
through diversity
5
• Most individual computers run the same operating
system software on a standard processor platform
and browse the Internet through one or two popular
search engines with the one of only a couple
browsers
• The typical configuration is a PC running Windows on
an Intel platform, browsing the Internet with Internet
Explorer, searching with Google
• This makes the average home PC user a highly
predictable target
Copyright © 2012, Elsevier Inc.
All rights Reserved
Chapter 4 – Diversity
Desktop Computer System Diversity
6
Copyright © 2012, Elsevier Inc.
All rights Reserved
Chapter 4 – Diversity
Fig. 4.3 – Typical PC configuration
showing diversity
7
• Three Considerations
– Platform costs
– Application interoperability
– Support and training
Copyright © 2012, Elsevier Inc.
All rights Reserved
Chapter 4 – Diversity
Desktop Computer System Diversity
8
• Ultimate solution for making desktops more secure
involves their removal
Chapter 4 – Diversity
Diversity Paradox of Cloud
Computing
– Not a practical solution
• Cloud computing may offer home PC users a diverse,
protected environment
Copyright © 2012, Elsevier Inc.
All rights Reserved
9
Copyright © 2012, Elsevier Inc.
All rights Reserved
Chapter 4 – Diversity
Fig. 4.4 – Spectrum of desktop diversity
options
10
Copyright © 2012, Elsevier Inc.
All rights Reserved
Chapter 4 – Diversity
Fig. 4.5 – Diversity and attack difficulty
with option of removal
11
• Modern telecommunications consist of the following
two types of technologies
Chapter 4 – Diversity
Network Technology Diversity
– Circuit-switched
– Packet-switched
• When compared to one another, these two
technologies automatically provide diversity
• Diversity may not always be a feasible goal
– Maximizing diversity may defend against large-scale
attacks, but one must also look closely at the entire
architecture
Copyright © 2012, Elsevier Inc.
All rights Reserved
12
Copyright © 2012, Elsevier Inc.
All rights Reserved
Chapter 4 – Diversity
Fig. 4.6 – Worm nonpropagation benefit
from diverse telecommunications
13
Copyright © 2012, Elsevier Inc.
All rights Reserved
Chapter 4 – Diversity
Fig. 4.7 – Potential for impact
propagation over shared fiber
14
• Any essential computing or networking asset that
serves a critical function must include physical
distribution to increase survivability
• Physical diversity has been part of the national asset
system for years
Chapter 4 – Diversity
Physical Diversity
– Backup center diversity
– Supplier/vendor diversity
– Network route diversity
Copyright © 2012, Elsevier Inc.
All rights Reserved
15
Copyright © 2012, Elsevier Inc.
All rights Reserved
Chapter 4 – Diversity
Fig. 4.8 – Diverse hubs in satellite
SCADA configurations
16
• A national diversity program would coordinate
between companies and government agencies
Chapter 4 – Diversity
National Diversity Program
– Critical path analysis
– Cascade modeling
– Procurement discipline
Copyright © 2012, Elsevier Inc.
All rights Reserved
17
Cyber Attacks
Protecting National Infrastructure, 1st ed.
Chapter 5
Commonality
Copyright © 2012, Elsevier Inc.
All Rights Reserved
1
• Certain security attributes must be present in all
aspects and areas of national infrastructure to
ensure maximum resilience against attack
• Best practices, standards, and audits establish a lowwater mark for all relevant organizations
• Audits must be both meaningful and measurable
Chapter 5 – Commonality
Introduction
– Often the most measurable things aren’t all that
meaningful
Copyright © 2012, Elsevier Inc.
All rights Reserved
2
• Common security-related best practices/standards





Federal Information Security Management Act (FISMA)
Health Insurance Portability and Accountability Act (HIPAA)
Payment Card Industry Data Security Standard (PCI DSS)
ETSI Cyber Security Technical Committee (TC-CYBER)
ISO/IEC 27000 Standard family (ISO27K)
Chapter 5 – Commonality
Introduction
• ISO 27001 – Security management systems
• ISO 27002 – Code of practice for InfoSec controls
– COBIT – Control Objectives for Information and related Technology
– NIST Cybersecurity Framework
Copyright © 2012, Elsevier Inc.
All rights Reserved
3
Copyright © 2012, Elsevier Inc.
All rights Reserved
Chapter 5 – Commonality
Fig. 5.1 – Illustrative security audits for two
organizations
4
Copyright © 2012, Elsevier Inc.
All rights Reserved
Chapter 5 – Commonality
Fig. 5.2 – Relationship between
meaningful and measurable
requirements
5
• The primary motivation for proper infrastructure
protection should be success based and economic
Chapter 5 – Commonality
Meaningful Best Practices for
Infrastructure Protection
– Not the audit score
• Security of critical components relies on
– Step #1: Standard audit
– Step #2: World-class focus
• Sometimes security audit standards and best
practices proven through experience are in conflict
Copyright © 2012, Elsevier Inc.
All rights Reserved
6
Copyright © 2012, Elsevier Inc.
All rights Reserved
Chapter 5 – Commonality
Fig. 5.3 – Methodology to achieve
world-class infrastructure
protection practices
7
• Four basic security policy considerations are
recommended
– Enforceable: Policies without enforcement are not
valuable
– Small: Keep it simple and current
– Online: Policy info needs to be online and searchable
– Inclusive: Good policy requires analysis in order to include
computing and networking elements in the local nat’l
infrastructure environment
Copyright © 2012, Elsevier Inc.
All rights Reserved
Chapter 5 – Commonality
Locally Relevant and
Appropriate Security Policy
8
Copyright © 2012, Elsevier Inc.
All rights Reserved
Chapter 5 – Commonality
Fig. 5.4 – Decision process for security
policy analysis
9
• Create an organizational culture of security
protection
• Culture of security is one where standard operating
procedures provide a secure environment
• Ideal environment marries creativity and interest in
new technologies with caution and a healthy
aversion to risk
Copyright © 2012, Elsevier Inc.
All rights Reserved
Chapter 5 – Commonality
Culture of Security Protection
10
Copyright © 2012, Elsevier Inc.
All rights Reserved
Chapter 5 – Commonality
Fig. 5.5 – Spectrum of organizational
culture of security options
11
• Organizations should be explicitly committed to
infrastructure simplification
• Common problems found in design and operation of
national infrastructure




Chapter 5 – Commonality
Infrastructure Simplification
Lack of generalization
Clouding the obvious
Stream-of-consciousness design
Nonuniformity
Copyright © 2012, Elsevier Inc.
All rights Reserved
12
Copyright © 2012, Elsevier Inc.
All rights Reserved
Chapter 5 – Commonality
Fig. 5.6 – Sample cluttered engineering
chart
13
Copyright © 2012, Elsevier Inc.
All rights Reserved
Chapter 5 – Commonality
Fig. 5.7 – Simplified engineering chart
14
• How to simplify a national infrastructure
environment





Reduce its size
Generalize concepts
Clean interfaces
Highlight patterns
Reduce clutter
Copyright © 2012, Elsevier Inc.
All rights Reserved
Chapter 5 – Commonality
Infrastructure Simplification
15
• Key decision-makers need certification and education
programs
• Hundred percent end-user awareness is impractical;
instead focus on improving security competence of
decision-makers




Chapter 5 – Commonality
Certification and Education
Senior Managers
Designers and developers
Administrators
Security team members
• Create low-cost, high-return activities to certify and
educate end users
Copyright © 2012, Elsevier Inc.
All rights Reserved
16
Copyright © 2012, Elsevier Inc.
All rights Reserved
Chapter 5 – Commonality
Fig. 5.8 – Return on investment (ROI)
trends for security education
17
• Create and establish career paths and reward
structures for security professionals
• These elements should be present in national
infrastructure environments
Chapter 5 – Commonality
Career Path and Reward Structure
– Attractive salaries
– Career paths
– Senior managers
Copyright © 2012, Elsevier Inc.
All rights Reserved
18
• Companies and agencies being considered for
national infrastructure work should be required to
demonstrate past practice in live security incidents
• Companies and agencies must do a better job of
managing their inventory of live incidents
Copyright © 2012, Elsevier Inc.
All rights Reserved
Chapter 5 – Commonality
Responsible Past Security Practice
19
• Companies and agencies being considered for
national infrastructure work should provide evidence
of the following past practices
Chapter 5 – Commonality
Responsible Past Security Practice
– Past damage
– Past prevention
– Past response
Copyright © 2012, Elsevier Inc.
All rights Reserved
20
• A national commonality plan involves balancing the
following concerns
– Plethora of existing standards
– Low-water mark versus world class
– Existing commissions and boards
Copyright © 2012, Elsevier Inc.
All rights Reserved
Chapter 5 – Commonality
National Commonality Program
21

Purchase answer to see full
attachment

We offer the bestcustom writing paper services. We have done this question before, we can also do it for you.

Why Choose Us

  • 100% non-plagiarized Papers
  • 24/7 /365 Service Available
  • Affordable Prices
  • Any Paper, Urgency, and Subject
  • Will complete your papers in 6 hours
  • On-time Delivery
  • Money-back and Privacy guarantees
  • Unlimited Amendments upon request
  • Satisfaction guarantee

How it Works

  • Click on the “Place Order” tab at the top menu or “Order Now” icon at the bottom and a new page will appear with an order form to be filled.
  • Fill in your paper’s requirements in the "PAPER DETAILS" section.
  • Fill in your paper’s academic level, deadline, and the required number of pages from the drop-down menus.
  • Click “CREATE ACCOUNT & SIGN IN” to enter your registration details and get an account with us for record-keeping and then, click on “PROCEED TO CHECKOUT” at the bottom of the page.
  • From there, the payment sections will show, follow the guided payment process and your order will be available for our writing team to work on it.