Understanding Holistic Effects of Cyber

Events on Critical Infrastructure Shane Cherry, Manager, Infrastructure Analysis and Technology

Development, Idaho National Laboratory Homeland Security Division and

Brian Biesecker, Esri

Plenary Presentation

Shane CherryInfrastructure Analysis and Technology Development

Homeland Security Division

July 9, 2017

National Security and Public Safety SummitUnderstanding Holistic Effects of Cyber Events on Critical Infrastructure

INL/CON-17-42513

Information Technology vs. Operational Technology

• Information Technology: The study or use of systems (especially computers and telecommunications) for storing, retrieving, and sending information – Oxford Dictionary

• Operational Technology: The hardware and software dedicated to detecting or causing changes in physical processes through direct monitoring and/or control of physical devices such as switches, pumps, valves, etc. such as those used in critical infrastructure systems. –International Society of Automation

Enterprise Information Technology (IT)

Industrial Control System Operational Technology (OT)vs

Refresh cycle is 1.5 to 4 years Refresh cycle is 20 to 40 years

Installations are standards and technology based

Installations are custom

Systems are proactively managed Systems are passively managed

Attacks can be opportunistic and based on “low hanging fruit”

Attacks must be focused, multidisciplinary, and patient

The target is the information The target is the physical process

IT Systems Differ from Operational Technology Systems

Increased IT-OT Connectivity

• Our national critical infrastructure consists

of systems of geographically distributed

assets, from regional and national networks

to micro-scale controllers and sensors

• Increasingly, these assets, across all

scales, are connected via IT and OT

networks – and thus potential cyber targets

Elements of Cyber–Physical Interactions

Interdependency Discovery Approach

All-Hazards Analysis Framework (A-HA)

Developing Multi-Scale Facility ProfilesRegional Scale Dependencies

Process Scale DependenciesControl System Scale Dependencies – Notional System

Holistic Cyber-Physical Analysis Process• Reported OT Vulnerabilities

• Identify “Standard” OT Components Across Sectors Potentially Affected and Model Functional Impacts

• Link to Potential Facility Locations

• Model Potential Cascading Impacts

• Provide Actionable Information to Decision Makers and Stakeholders

Bringing the Science of Where to Cyber Resilience

Cyber: A Critical New Domain for GISBrian Biesecker

Technical Director, Intelligence Community

BBiesecker@esri.com

What are the Fundamental Problems that GIS can help you solve?

• What are the impacts to your mission, operations, business activities, or

critical systems from a Cyber Attack, IT outage or impairment?

• How do you prioritize the work of your IT Team or Cyber Security Team in

the context of your most important missions, operations, business activities

or critical systems?

• How do you provide shared situational awareness across your

organization?

Cyberspace Re-ConsideredIt’s Mappable

Social / Persona Layer

Device Layer

Logical Network Layer

Physical Network Layer

Geographic Layer

• Each device in cyberspace is owned by someone (no ‘global commons’)

• Electro-mechanical devices exist in space-time and interact with physical events

• Geography is required to integrate and align cyberspace with other data

ArcSchematic

Applies to many domains

Missions / Operations

Information Technology

Critical Systems

Critical Infrastructure

Solution StrategyIntegrating to improve awareness

Operations Process-focused

IT InfrastructureDevice-Focused

Protection

Recovery Prevention

Awareness

Response

Cyber SecurityEvent-focused

Executives / CommandersEnterprise - focused

ArcGIS Integration with Cyber Security Tools

Desktop Web Device

Server Online Content

and Services

Portal

Ops

Dashboard

HR Database -Personnel, Orgs,

Locations, Travel

Cyber Tools & Data-IDS/IPS, HBSS, Virus Scanning,

Patch Monitoring

IT Tools & Databases -IT Inventory, Device Locations,

Health and Status Monitoring

Facilities Data -CAD & GIS of

Buildings and Campuses,

Electric, Water, HVAC, Facilities

Monitoring, Physical Security

Ops Data -Mission Activity, Status Reports,

Real-time monitoring

Executive Dashboards -Status Reports, Trends,

Brand Sentiment, Financials

Additional Presentations

• Cyber-GIS: Using Geography to Focus Cyber Security on Mission Outcomes and Ensure Shared

Situational Awareness

• Tuesday, July 11, 3:30pm - 4:45pm

• SDCC - Esri Showcase: OPS Center

• Cyber-GIS: Using Geography to Focus Cyber Security on Mission Outcomes and Ensure Shared

Situational Awareness

• Wednesday, July 12, 3:30pm - 4:45pm

• SDCC - Esri Showcase: OPS Center

• Cyber: A Critical New Domain for GIS

• Thursday, July 13, 10:30am - 11:15am

• SDCC - Demo Theater 15 - Defense & Intel

Questions?