CYBER THREAT TO THE UNITED STATES

Similar documents
Keynote: FBI Wednesday, February 4 noon 1:10 p.m.

The FBI Cyber Program. Bauer Advising Symposium //UNCLASSIFIED

Emerging SCADA and Security Solutions Presented by; Michael F. Graves, P.E. Chris Murphy, CISSP

SCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP

for Critical Infrastructure Protection Supervisory Control and Data Acquisition SCADA SECURITY ADVICE FOR CEOs

SCOPE. September 25, 2014, 0930 EDT

EEI Business Continuity. Threat Scenario Project (TSP) April 4, EEI Threat Scenario Project

INSPIRE: INcreasing Security and Protection through Infrastructure REsilience

Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks

Trends in Malware DRAFT OUTLINE. Wednesday, October 10, 12

Office of Emergency Communications (OEC) Mobile Applications for Public Safety (MAPS)

ENSURING SECURITY IN AND FACILITATING INTERNATIONAL TRADE. Measures toward enhancing maritime cybersecurity. Submitted by Canada SUMMARY

Process Control Systems in the Chemical Industry: Safety vs. Security

WHITE PAPER PROTECTING OUR CRITICAL UTILITIES WITH INTEGRATED CONTROL SYSTEMS PROTECTING OUR CRITICAL UTILITIES WITH INTEGRATED CONTROL SYSTEMS

Defense Security Service

GAO DEFENSE DEPARTMENT CYBER EFFORTS. DOD Faces Challenges In Its Cyber Activities. Report to Congressional Requesters

Energy Cybersecurity Regulatory Brief

Team Members: Jared Romano, Rachael Dinger, Chris Jones, Miles Kelly Supervising Professor: Dr. George Collins Industry Advisor: Dr.

Triangle InfoSeCon. Alternative Approaches for Secure Operations in Cyberspace

STATEMENT OF JOSEPH M. DEMAREST, JR. ASSISTANT DIRECTOR CYBER DIVISION FEDERAL BUREAU OF INVESTIGATION

NATIONAL CYBERSECURITY STRATEGIES: AUSTRALIA AND CANADA

Fundamentals of Information Systems Security Unit 1 Information Systems Security Fundamentals

TUSKEGEE CYBER SECURITY PATH FORWARD

What is Cyber Liability

Who s Doing the Hacking?

CYBERSPACE SECURITY CONTINUUM

Cybersecurity & International Relations. Assist. Prof. D. ARIKAN AÇAR, Ph.D. Department of International Relations, Yaşar University, Turkey.

Software & Supply Chain Assurance: Mitigating Risks Attributable to Exploitable ICT / Software Products and Processes

Cyber Threats in Physical Security Understanding and Mitigating the Risk

HACKING RELOADED. Hacken IS simple! Christian H. Gresser

Recommended Practice Case Study: Cross-Site Scripting. February 2007

STATEMENT OF MR. THOMAS ATKIN ACTING ASSISTANT SECRETARY OF DEFENSE FOR HOMELAND DEFENSE AND GLOBAL SECURITY OFFICE OF THE SECRETARY OF DEFENSE;

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility

I N T E L L I G E N C E A S S E S S M E N T

Safety and security are simply good business.

U.S. Cyber Security Readiness

EY Cyber Security Hacktics Center of Excellence

Integrating Electronic Security into the Control Systems Environment: differences IT vs. Control Systems. Enzo M. Tieghi

INDUSTRIAL CONTROL SYSTEMS CYBER SECURITY DEMONSTRATION

New York State Energy Planning Board. Cyber Security and the Energy Infrastructure

Of Citadels And Sentinels: State. Tim Legrand and Jeff Malone

Federal Bureau of Investigation

Getting real about cyber threats: where are you headed?

Promoting Network Security (A Service Provider Perspective)

Threat Intelligence UPDATE: Cymru EIS Report. cymru.com

Protecting Organizations from Cyber Attack

US-CERT Year in Review. United States Computer Emergency Readiness Team

Agenda. Introduction to SCADA. Importance of SCADA security. Recommended steps

GAO. INFORMATION SECURITY Cyber Threats and Vulnerabilities Place Federal Systems at Risk

Malicious Control System Cyber Security Attack Case Study Maroochy Water Services, Australia

Cyber Security & State Energy Assurance Plans

The SCADA Security Challenge: The Race Is On

The Senior Executive s Role in Cybersecurity. By: Andrew Serwin and Ron Plesco.

Codes of Connection for Devices Connected to Newcastle University ICT Network

CYBER SECURITY GUIDANCE

Cyber security the facts

67% 61% STATE OF CLOUD SECURITY BULLETIN. Information Security in the Energy Sector. Summer 2013 FROM APR SEP 2012

NSA/DHS Centers of Academic Excellence for Information Assurance/Cyber Defense

Advanced Persistent Threats

How Secure is Your SCADA System?

GAO CRITICAL INFRASTRUCTURE PROTECTION. Challenges and Efforts to Secure Control Systems. Report to Congressional Requesters

Pacific Islands Telecommunications Association

The Comprehensive National Cybersecurity Initiative

Homeland Open Security Technology HOST Program

US-CERT Overview & Cyber Threats

NEW ZEALAND S CYBER SECURITY STRATEGY

Cyber Security Initiatives and Issues

A 360 degree approach to security

WRITTEN TESTIMONY OF

Critical Infrastructure & Supervisory Control and Data Acquisition (SCADA) CYBER PROTECTION

AT A HEARING ENTITLED THREATS TO THE HOMELAND

Cyber Security 2014 SECURE BANKING SOLUTIONS, LLC

Oil and Gas Industry A Comprehensive Security Risk Management Approach.

Top Ten Cyber Threats

Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits)

Trends in Security Incidents and Hitachi s Activities

White Paper. April Security Considerations for Utilities Utilities Tap Into the Power of SecureWorks

Executive Overview...4. Importance to Citizens, Businesses and Government...5. Emergency Management and Preparedness...6

Current Threat to the U.S. from Cyber Espionage & Cyberterrorism

Privacy and Security in Healthcare

Internet Safety and Security: Strategies for Building an Internet Safety Wall

Best Practices in ICS Security for System Operators. A Wurldtech White Paper

NSA Surveillance, National Security and Privacy

TEXAS HOMELAND SECURITY STRATEGIC PLAN : PRIORITY ACTIONS

Advanced & Persistent Threat Analysis - I

OPC & Security Agenda

A New Layer of Security to Protect Critical Infrastructure from Advanced Cyber Attacks. Alex Leemon, Sr. Manager

As global mobile internet penetration increases the cybercrime and cyberterrorism vector is extended

SCADA Security: Challenges and Solutions

National Cybersecurity & Communications Integration Center (NCCIC)

Cybersecurity Global status update. Dr. Hamadoun I. Touré Secretary-General, ITU

Update On Smart Grid Cyber Security

Emerging risks for internet users

Oil & Gas Industry Towards Global Security. A Holistic Security Risk Management Approach.

Defensible Strategy To. Cyber Incident Response

Environmental Management Consolidated Business Center (EMCBC) Subject: Cyber Security Incident Response

Cyberterror. Cyberspace computer-mediated communication systems has become a battleground between states and terrorists, and among nation states.

Cyber Security for SCADA/ICS Networks

Computer Network Security for ASCs A Panel Discussion to Raise Awareness

Transcription:

CYBER THREAT TO THE UNITED STATES DHS Office of Intelligence and Analysis Domestic Threat Analysis Division (DTA) Homeland Infrastructure Threat and Risk Analysis Center (HITRAC)

Agenda DHS organization: Cyber Threat Branch Mission Role Responsibilities Requirements Focus areas The cyber threat environment Cyber threats to control systems 2

U.S. Intelligence Community 3

DHS I&A and the Private Sector Cyber DHS I&A will work to understand and to assist in the detection of and protection from adversary cyber threats to improve the integrity of the national information infrastructure. 4

Cyber Threat Branch Organization Team E-mail: cyber@hq.dhs.gov DHS Office of Intelligence and Analysis Domestic Threat Analysis Division Cyber Threat Branch George Bamford 202-447-3129 george.bamford@dhs.gov National Cybersecurity and Communications Integration Center Support Strategic Analysis Section Plans, Programs, and Mission Support Section The Cyber Threat Branch mission is to identify, monitor, and evaluate cyber and other threats to information technology and telecommunication assets and to provide federal civilian government elements, state, local, and tribal authorities, and homeland critical infrastructure/key resources owners and operators with timely, accurate, and actionable intelligence they can use to protect their assets. The Cyber Threat Branch also serves as the DHS enterprise designee to Intelligence Community efforts related to the cyber domain. 5

Cyber Threat Branch Responsibilities Execute the responsibilities created by the Homeland Security Act of 2002: Access, receive, and analyze law enforcement, intelligence, and other information from federal, state, and local agencies and private sector entities to: Identify and assess the nature and scope of terrorist threats Detect and identify threats to the United States Understand threats in light of actual and potential vulnerabilities Carry out comprehensive assessments to determine the risk posed by terrorist attacks Outreach plays a critical role in the mission The CTB provides threat briefings and teleconferences to: Sector Coordinating Councils Government Coordinating Councils Key industry associations State and local officials, including fusion centers The Cyber Threat Branch works closely with colleagues in the Critical Infrastructure Branch and HITRAC. 6

Cyber Threat Branch Requirements Three primary mission requirements as outlined by HSPD-7, the Homeland Security Act of 2002, the Comprehensive National Cybersecurity Initiative, the National Infrastructure Protection Plan, and the I&A Strategic Plan: Provide intelligence support for the DHS National Protection and Programs Directorate and the federal civilian domain. Provide intelligence analysis regarding cyber threats and threats to information technology and communication assets to homeland critical infrastructure/key resources owners and operators and federal, state, local, tribal, law enforcement, and private sector partners Serve as the DHS enterprise designee to Intelligence Community efforts related to the cyber domain: National Cyber Study Group National Intelligence Estimates Intelligence Community Assessments National Intelligence Priorities Framework 7

Cyber Threat Branch Focus Areas Adversarial capabilities Industrial control systems Telecommunications Critical infrastructure and key resources Information technology Interdependencies 8

Remote Cyber Threats: Three Levels Threat Level 1 Garden Variety Inexperienced Limited funding Opportunistic behavior Target known vulnerabilities Use viruses, worms, rudimentary trojans, bots Acting for thrills, bragging rights Easily detected Threat Level 2 Mercenary Higher-order skills Well-financed Targeted activity Target known vulnerabilities Use viruses, worms, trojans, bots as means to introduce more sophisticated tools Target and exploit valuable data Detectable, but hard to attribute Threat Level 3 Nation State Very sophisticated tradecraft Foreign intel agencies Very well financed Target technology as well as info Use wide range of tradecraft Establish covert presence on sensitive networks Difficult to detect Supply Interdiction/hardware implants 9

Adversarial Characterization We assess state and non-state threat actors have technical capabilities to target and disrupt elements of U.S. cyber infrastructure as well as collect intelligence Reporting indicates that violent Islamic extremist groups--al- Qa ida, Hamas, Hizballah--are acquiring better cyber skills Cyberspace is used for propaganda, recruitment, training, fundraising, communications, and target reconnaissance Highest levels of al-qa ida leadership are aware of the West s reliance on cyber capability and connectivity Physical attacks remain the preferred method of terrorist attack Criminal elements continue to show growing sophistication in technical capability and targeting Will offer illicit cyber capabilities and services to anyone willing to pay 10

The Cyber Threat Environment Malicious cyber activity routinely is directed at the U.S. Government, private sector, and academia Growing more sophisticated, targeted, and prevalent Nature and source of the threat is diverse Designed to Exploit data gathered from information systems or networks (computer network exploitation) Disrupt, deny, degrade, or destroy information resident in computers and computer networks or the computers and networks themselves (computer network attack) We have limited insight on intrusions into private sector networks, but are becoming more aware of U.S. information infrastructure vulnerabilities to cyber attacks Key factors: dynamic business environment, reliance on open systems and COTS, management/enterprise networks Internet connections 11

Commonality in Systems Worldwide, power, chemical, water systems, and manufacturing companies have similar control systems Six vendors of process management systems are used in over 75 percent of U.S. domestic systems* This commonality in systems suggests that an adversary would not require a great deal of time to develop tools for new attacks or possibly could move rapidly from target to target These same vendors also supply systems overseas, allowing potential adversaries insights into U.S. process control systems * Idaho National Engineering and Environmental Laboratory, Review of Supervisory Control and Data Acquisition (SCADA) Systems, January 2004. 12

Timeline of Worldwide SCADA Cyber Events Emergency system sabotaged by disgruntled employee Hackers seize control of EU gas pipelines Telecom frame relay service disruption Electric power server hijacked Nuclear plant safety control shut down by Slammer DDoS attacks on Israeli power grid Energy company hit by Slammer worm Malware infects HMI system Malware infects Australian SCADA system Hacker shuts down air and ground traffic comms at US airport ARP spoofing attacks shut down port signaling system Raw sewage dumped using hacked wireless connection Energy company attacked and compromised for 17 days Hackers disable PLC components at Venezuela port Extremist propaganda found with files containing logon info for SCADA systems 13

Cyber Threats Control Systems The Intelligence Community has information from multiple regions outside the U.S. of cyber intrusions into utilities, followed by extortion demands We suspect but cannot confirm that some of these attackers had the benefit of inside knowledge Separately, cyber attacks have been used to disrupt power equipment in several regions outside the U.S. In at least one case the disruption caused a power outage affecting multiple cities We do not know who executed these attacks or why, but all involved intrusions through the Internet The majority of control system networks are owned and operated by the private sector 14

The Evolving Control Systems Threat Embedded Computing Smart Grid Technology IP-based networks leave door open to cyber attacks Up to 17 million homes with smart meters installed in near term Wireless Technologies Global Positioning System (GPS) 1-Watt GPS Jammer If a system is connected to the Internet or operating on a wireless frequency, it can and will be exploited. 15

GPS Timing and Synchronization Uses Global fiber networks SDH, SONET Global wireless networks PCS, GSM, TDMA, CDMA Transportation and public safety National airspace system (VDL, NEXCOM, UAT) Land, rail, marine GPS features Low cost, high reliability and performance Big asset for synchronization of digital networks GPS (and Cesium, Loran-C) Stratum 1 16

Intelligence Cycle 17

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information