CRITICAL INFRASTRUCTURE2DR JOHN ROOKSBY

IN THIS LECTURE…

More on infrastructure

Control systems

• SCADA systems

Digital Infrastructure

• The internet as infrastructure

• Resilience of the internet

CONTROL SYSTEMS

IT is used for monitoring and controlling infrastructure in many industries

• Oil and Gas• Air Traffic Controls and Railways • Power Generation and Transmission• Water Management• Manufacturing• Production Plants

Infrastructure is inherently distributed, and therefore so are the systems that control and monitor it

TYPES OF CONTROL SYSTEM

Automated system/ Programmable Logic Controllers (PLCs)

• logic embedded into components

• Often a low level building block for larger systems

Supervisory Control and Data Acquisition (SCADA)

• Extend automated systems to allow remote monitoring and control

• Data flow to other systems often automated

• Typically used where components are not in one location

Distributed Control System (DCS)

• Similar to SCADA but monitoring and control embedded across the system, and so lacks the hierarchy of SCADA

CONTROL SYSTEMS

Manufacturing Execution Systems

• Extends SCADA with batch processes

Energy Management Systems

• A type of SCADA system used for electricity management and control

Building Control Systems

• Control the lighting, heating, energy usage, and security of a building

SCADA

SCADA is normally a software package designed to display information, log data and show alarms

• Programmable logic units control infrastructure components• Data acquisition by remote terminal units• Data sent to control centre• Control Centre monitors system, and issues commands

Hardly talked about until recently, now a major concern

• Reliability• Security

SCADA SECURITYSecurity issues are arising because of a changing context

No longer able to rely on security by obscurity

• Until recently, SCADA systems were mainly proprietary.

• Now progressively reliant on standard IT technologies (Microsoft Windows, TCP/IP, web browsers, wireless technologies, etc.)

No longer able to rely on security by isolation

• Until recently, SCADA systems were isolated networks. But now: • Direct connections to vendors for maintenance, stock ordering etc.• Connected to enterprise systems, which in turn are on the Internet.• Workers connecting their laptops to the internet.• Some SCADA systems connected directly to the internet.

SCADA SECURITYInfrastructure providers very good at physical security, but often have little appreciation of IT security

Standard security tools and techniques can be used, although there are some complexities

• For example, It may not be possible to install anti-virus protection on process control systems, owing to the lack of processor power on legacy systems, the age of operating systems or the lack of vendor certification.

• Security testing on process control systems must also be approached with extreme caution – security scanning can seriously affect the operation of many control devices.

• There are sometimes few opportunities to take the systems off-line for routine testing, patching and maintenance.

SCADA DEPENDABILITY

There is a great deal of concern about the dependability of SCADA systems

• Poorly designed or engineered systems may not be reliable

• Vulnerable to cyber-attack

SCADA systems will be key targets in any cyber attack

• STUXNET

Extreme concern (paranoia?) shown by UK and USA about hackers in Russia and China

MOVING ON…

DIGITAL INFRASTRUCTUREForms of digital infrastructure

• Public and Private Cable Networks

• Mobile networks

• Satellite and broadcast services

• Data Centres

• The Internet

• Clouds

Information technology has a complex status as infrastructure. It is more complex than most, if not all other forms of infrastructure.

• Hard – physical systems

• Soft – protocols, layers of abstraction, services, etc.

• Infrastructure as “a relation” (S.L. Star)

THE INTERNET AS INFRASTRUCTURE

The internet is a key infrastructure for modern society

• Certainly critical to the economy

• Other infrastructures coming to rely on it

The internet is often taken for granted. The common assumption is that the internet is dependable.

• The myth of the “bombproof” network

• The myth of the “free/open” system

INCIDENTS

It is straightforward to divert traffic away from its proper destination by announcing invalid routes.

• 2008, Pakistan advertises invalid routes for YouTube, bringing it down for a couple hours.

• 2010, China Telecom advertises a number of invalid routes, effectively hijacking 15% of Internet addresses for 18 minutes.

Exploitation of latent bugs in BGP (Border Gateway Protocol)

• August 2010, an experiment triggers a bug in some routers, causing their neighbours to terminate BGP sessions, and for many routes to be lost.

INCIDENTSVulnerability of cables

• Undersea cables near Alexandria in Egypt were cut in December 2008.

Dependence on electrical power.

• A large power outage in Brazil in November 2009 caused significant disruption, though it lasted only four and a half hours

The internet appears to have been resilient during major disasters

• 9/11 Terror Attacks

• Hurricane Katrina

• Tohoku Earthquake

But we don’t have good information about why and how.

ENISA STUDY

Inter‐X: Resilience of the Internet Interconnection Ecosystem

Chris HallRichard ClaytonRoss AndersonEvangelos Ouzouni

ENISA STUDY

Inter‐X: Resilience of the Internet Interconnection Ecosystem

Chris HallRichard ClaytonRoss AndersonEvangelos Ouzouni

“It does appear likely that the Internet could suffer systemic failure, leading perhaps to local failures and system‐wide

congestion”

THREATSFailure of the infrastructure on which the internet depends

• Power transmission system

• Human infrastructure needed to maintain it (for example if pandemic flu causes millions of people to stay at home out of fear of infection).

Cascading technical failures

• Perhaps during changeover from IPv4 to IPv6

• Common‐mode failures involving updates to popular makes of router (or PC) may also fall under this heading.

A coordinated attack

• A capable opponent disrupts the BGP fabric by broadcasting thousands of bogus routes, either via a large AS or from a large number of compromised routers.

THREATS

Market failure

• Internet Transit may not be a viable business.

Economic issues – “The tragedy of the commons”

• Increasing resilience benefits everyone, but requires coordinated action. E.g improving BGP is costly and must be done at an individual level.

Regulatory failure

• Misinformed/over regulation, and under regulation can lead to problems (related to above two issues)

CAN WE PROTECT AND ASSURE THE INTERNET?

The fist stage of protecting and assuring any critical infrastructure is to take stock of and understand its components.

• But this is very difficult in the case of the internet.

Each AS/ISP has an NOC (Network Operation Centre) but there is no NOC for the internet as a whole

• There is no map of physical connections – their location, capacity, etc.;

• There is no map of traffic and traffic volume

• there is no map of the interconnections between ASs

WHY THE LACK OF INFORMATION?• The complexity and scale of the Internet would make this an immense

task, and potentially very costly.

• An AS level topology is possible, but we would ideally have something at the router level.

• We would ideally also like to understand interdependencies with the power network.

• The internet is constantly growing in size and evolving (e.g. the rise of CDNs)

• The routing system is dynamic, so very difficult to model.

• Some of the information is sensitive

• Gathering this information could be a security risk• The information will have commercial sensitivity, for example

traffic levels.• There is a lack of good metrics available.

RECOMMENDATIONS

The report makes four recommendations

1. We need a better understanding of failure

• Incident Investigation

• An independent body should thoroughly investigate all major incidents and report publicly on the causes, effects and lessons to be learned. Incident correlation and analysis may lead to assessment and forecast models.

• Data Collection of Network Performance Measurements

• Consistent, long-term data collection

RECOMMENDATIONS

2. Further research into resilience

• Research into Resilience Metrics and Measurement Frameworks

• Development and Deployment of Secure Inter‐domain Routing

• Research into AS Incentives that Improve Resilience

RECOMMENDATIONS

3 . The promotion of good practice

• Promotion and Sharing of Good Practice on Internet Interconnections

• Independent Testing of Equipment and Protocols• Conduct Regular Cyber Exercises on the Interconnection

Infrastructure

RECOMMENDATIONS

4. That policy makers become more engages

• Plan for transit market failure• Debate traffic prioritisation• Work towards a reliance certification scheme

KEY POINTS

Infrastructure is often controlled and monitored by IT systems

• SCADA systems are the common type

• Government organisations such as the CPNI are concerned about the vulnerability of these systems to failures and attack

Digital technologies are becoming critical infrastructure in their own right

• The Internet is becoming increasingly critical.

• The resilience of the internet is not a given.