plenary presentation understanding holistic effects of cyber ......plenary presentation shane cherry...
TRANSCRIPT
Understanding Holistic Effects of Cyber
Events on Critical Infrastructure Shane Cherry, Manager, Infrastructure Analysis and Technology
Development, Idaho National Laboratory Homeland Security Division and
Brian Biesecker, Esri
Plenary Presentation
Shane CherryInfrastructure Analysis and Technology Development
Homeland Security Division
July 9, 2017
National Security and Public Safety SummitUnderstanding Holistic Effects of Cyber Events on Critical Infrastructure
INL/CON-17-42513
Information Technology vs. Operational Technology
• Information Technology: The study or use of systems (especially computers and telecommunications) for storing, retrieving, and sending information – Oxford Dictionary
• Operational Technology: The hardware and software dedicated to detecting or causing changes in physical processes through direct monitoring and/or control of physical devices such as switches, pumps, valves, etc. such as those used in critical infrastructure systems. –International Society of Automation
Enterprise Information Technology (IT)
Industrial Control System Operational Technology (OT)vs
Refresh cycle is 1.5 to 4 years Refresh cycle is 20 to 40 years
Installations are standards and technology based
Installations are custom
Systems are proactively managed Systems are passively managed
Attacks can be opportunistic and based on “low hanging fruit”
Attacks must be focused, multidisciplinary, and patient
The target is the information The target is the physical process
IT Systems Differ from Operational Technology Systems
Increased IT-OT Connectivity
• Our national critical infrastructure consists
of systems of geographically distributed
assets, from regional and national networks
to micro-scale controllers and sensors
• Increasingly, these assets, across all
scales, are connected via IT and OT
networks – and thus potential cyber targets
Elements of Cyber–Physical Interactions
Interdependency Discovery Approach
All-Hazards Analysis Framework (A-HA)
Developing Multi-Scale Facility ProfilesRegional Scale Dependencies
Process Scale DependenciesControl System Scale Dependencies – Notional System
Holistic Cyber-Physical Analysis Process• Reported OT Vulnerabilities
• Identify “Standard” OT Components Across Sectors Potentially Affected and Model Functional Impacts
• Link to Potential Facility Locations
• Model Potential Cascading Impacts
• Provide Actionable Information to Decision Makers and Stakeholders
Bringing the Science of Where to Cyber Resilience
Cyber: A Critical New Domain for GISBrian Biesecker
Technical Director, Intelligence Community
What are the Fundamental Problems that GIS can help you solve?
• What are the impacts to your mission, operations, business activities, or
critical systems from a Cyber Attack, IT outage or impairment?
• How do you prioritize the work of your IT Team or Cyber Security Team in
the context of your most important missions, operations, business activities
or critical systems?
• How do you provide shared situational awareness across your
organization?
Cyberspace Re-ConsideredIt’s Mappable
Social / Persona Layer
Device Layer
Logical Network Layer
Physical Network Layer
Geographic Layer
• Each device in cyberspace is owned by someone (no ‘global commons’)
• Electro-mechanical devices exist in space-time and interact with physical events
• Geography is required to integrate and align cyberspace with other data
ArcSchematic
Applies to many domains
Missions / Operations
Information Technology
Critical Systems
Critical Infrastructure
Solution StrategyIntegrating to improve awareness
Operations Process-focused
IT InfrastructureDevice-Focused
Protection
Recovery Prevention
Awareness
Response
Cyber SecurityEvent-focused
Executives / CommandersEnterprise - focused
ArcGIS Integration with Cyber Security Tools
Desktop Web Device
Server Online Content
and Services
Portal
Ops
Dashboard
HR Database -Personnel, Orgs,
Locations, Travel
Cyber Tools & Data-IDS/IPS, HBSS, Virus Scanning,
Patch Monitoring
IT Tools & Databases -IT Inventory, Device Locations,
Health and Status Monitoring
Facilities Data -CAD & GIS of
Buildings and Campuses,
Electric, Water, HVAC, Facilities
Monitoring, Physical Security
Ops Data -Mission Activity, Status Reports,
Real-time monitoring
Executive Dashboards -Status Reports, Trends,
Brand Sentiment, Financials
Additional Presentations
• Cyber-GIS: Using Geography to Focus Cyber Security on Mission Outcomes and Ensure Shared
Situational Awareness
• Tuesday, July 11, 3:30pm - 4:45pm
• SDCC - Esri Showcase: OPS Center
• Cyber-GIS: Using Geography to Focus Cyber Security on Mission Outcomes and Ensure Shared
Situational Awareness
• Wednesday, July 12, 3:30pm - 4:45pm
• SDCC - Esri Showcase: OPS Center
• Cyber: A Critical New Domain for GIS
• Thursday, July 13, 10:30am - 11:15am
• SDCC - Demo Theater 15 - Defense & Intel
Questions?