abwicmo 130525203917-phpapp02
TRANSCRIPT
Protecting Infrastructure from Cyber AttacksDr. Maurice Dawson, Walden University /Alabama A&M UniversityDr. Jonathan Abramson, Colorado Technical UniversityDr. Marwan Omar, Colorado Technical University
Abstract• The Department of Homeland Security (DHS) has become more
concerned with cyber attacks on infrastructure such as supervisory control and data acquisition (SCADA) systems. An attack in Iran has proven that the landscape of cyber warfare is continually evolving. As the SCADA systems are the systems that autonomously monitor and adjust switching among other processes within critical infrastructures such as nuclear plants, and power grids DHS has become concerned about these systems as they are unmanned frequently and remotely accessed. A vulnerability such as remote access could allow anyone to take control of assets to critical infrastructure remotely. There has been increasing mandates, and directives to ensure any system deployed meets stringent requirements. As the Stuxnet worm has become a reality, future attacks could be malicious code directly targeting specific locations of critical infrastructure. This paper will address methods to protect infrastructure from cyber attacks using a hybrid of certification & accreditation (C&A) processes and information assurance (IA) controls.
Topics• Example Scripts
• 2012 FISMA Report
• Previous Research
• Vulnerabilities & Threats
• Example Physical Security Threat Scenario
• System C&A Processes
• Product C&A Processes
• Example Unclassified DIACAP Controls
• Virtualization as a Tool
Virus in Bash Script
#!/bin/bash
Echo “Yep We Finally Got You”
Rmdir *.bin ##removal of key directories to render system useless
Rm filename1 filename2 filename3 filename 4 ##removal of key files to render system useless
Note: file must be --7 (executable) and bypass sudo
Example Copy Script in Bash Script
#!/bin/bash
tar -cZf /var/my-backup.tgz /home/me/ ##key files can be copied anywhere
Note: file must be --7 (executable) and bypass sudo
2012 FISMA Report
Previous Research• DoD Cyber Technology
Policies to Secure Automated Information Systems– Certification & Accreditation
(C&A) evaluation processes
– Plan of action and milestones (PO&AM)
– DIACAP scorecard
– System identification plan (SIP)
– DIACAP implementation plan (DIP)
Vulnerabilities & Threats• Industrial processes include those of manufacturing,
production, power generation, fabrication, and refining, and may run in continuous, batch, repetitive, or discrete modes.
• Infrastructure processes may be public or private, and include water treatment and distribution, wastewater collection and treatment, oil and gas pipelines, electrical power transmission and distribution, wind farms, civil defense siren systems, and large communication systems.
• Facility processes occur both in public facilities and private ones, including buildings, airports, ships, and space stations. They monitor and control heating, ventilation, and air conditioning systems (HVAC), access, and energy consumption.
Vulnerabilities & Threats cont.• Remote access
– Root control of system
– Ability to map network(s)
– Ability to corrupt cloud infrastructure(s)
• Virus focused on specific hardware– Over clocking
– Redirect of network and data
• Covert channel analysis
• Lack of qualified personnel
• Insider threat
• Natural disasters
• Inconsistencies of applied processes
Example Physical Security Scenario
Decide targets
Perform research on target using Google maps,
social media, and etc.
Capture online maps for building
architecture
Render items with virtual
world(s), and graphics
application software(s)
Prepare mock up scenario(s)
Test run mock up scenario(s)Perform live run
Systems C&A Process - DIACAP
Product C&A Process – Common Criteria
Unclassified DIACAP Controls – MAC III Unclassified [Example]
Virtualization as a Tool
Supporting Tasks
• Test patches before full deployment
• See how OS or system reacts to virus
• Use as tool to deploy hardened VMs
Example Set Up
HARDWARE
OS PLATFORM
HYPERVISOR
WINDOWSRED HAT
LINUX
UBUNTU
LINUX