The Trend Toward Convergence of Physical and Logical (Cyber) Security

Similar documents
1. Fault Attacks for Virtual Machines in Embedded Platforms. Supervisor: Dr Konstantinos Markantonakis,

Secure software updates for ITS communications devices

Cyber-physical Systems

SEMANTIC SECURITY ANALYSIS OF SCADA NETWORKS TO DETECT MALICIOUS CONTROL COMMANDS IN POWER GRID

The Internet of Things Risks and Challenges

Security Issues with Integrated Smart Buildings

The relevance of cyber-security to functional safety of connected and automated vehicles

THE FUTURE OF SMART CITIES: CYBER-PHYSICAL INFRASTRUCTURE RISK

Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks

The Value of Automated Penetration Testing White Paper

EEI Business Continuity. Threat Scenario Project (TSP) April 4, EEI Threat Scenario Project

William Hery Research Professor, Computer Science and Engineering NYU-Poly

Bridging the gap between COTS tool alerting and raw data analysis

Communication and Embedded Systems: Towards a Smart Grid. Radu Stoleru, Alex Sprintson, Narasimha Reddy, and P. R. Kumar

OEMC Four Core Missions

Developing software for Autonomous Vehicle Applications; a Look Into the Software Development Process

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.

Exploiting controls systems demonstration using Shodan, DB Exploit, Google Hacking, Diggity, Kali Linux

Security Threats on National Defense ICT based on IoT

Cyber Security through Education & Awareness. KSU Police Converged Security: A holistic approach to cyber safety and security. Community Policing

Advanced Metering Infrastructure Security

Cyber Threats in Physical Security Understanding and Mitigating the Risk

Data Security Concerns for the Electric Grid

future data and infrastructure

Update On Smart Grid Cyber Security

Technical Testing. Application, Network and Red Team Testing DATA SHEET. Test your security defenses. Expert Testing, Analysis and Assessments

Thatcham Research The Insurers Automotive Research Centre

Dr. Emmanuel Hooper, PhD, PhD, PhD Presentation title SUB TITLE HERE National Broadband Plan Public Safety and Homeland Security Workshop

Curriculum Vitae EXPERIENCE WORK HISTORY

How To Protect Your Network From Attack

The University of Alabama Cyber Research Initiatives. Cyber Forensics Research Cyber Security Research

Seven Strategies to Defend ICSs

A Systems of Systems. The Internet of Things. perspective on. Johan Lukkien. Eindhoven University

Hong Kong Information Security Outlook 2015 香 港 資 訊 保 安 展 望

InfoSec Academy Pen Testing & Hacking Track

TESTIMONY OF DANIEL DUFF VICE PRESIDENT - GOVERNMENT AFFAIRS AMERICAN PUBLIC TRANSPORTATION ASSOCIATION BEFORE THE

NYS LOCAL GOVERNMENT VULNERABILITY SCANNING PROJECT September 22, 2011

CYBERSECURITY BEST PRACTICES FOR SMALL AND MEDIUM PENNSYLVANIA UTILITIES

Vehicular Cloud. Fan Zhang

How To Understand The Power Of The Internet Of Things

Rethinking Cyber Security for Industrial Control Systems (ICS)

Industrial Internet of Things - Transformation of Products to Services and new Business Models. Frank Schinzel Managing Director Accenture Digital

New York State Energy Planning Board. Cyber Security and the Energy Infrastructure

Reducing Application Vulnerabilities by Security Engineering

IT Infrastructure Services. White Paper. Cyber Risk Mitigation for Smart Cities

Impact of Cybersecurity Innovations in Key Sectors (Technical Insights)

Reducing Cyber Risk in Your Organization

Airports and their SCADA Systems. Dr Leigh Armistead, CISSP. Peregrine Technical Solutions

N-Dimension Solutions Cyber Security for Utilities

Advanced Testing Methods for Automotive Software

Automotive Ethernet Security Testing. Alon Regev and Abhijit Lahiri

I. TODAY S UTILITY INFRASTRUCTURE vs. FUTURE USE CASES...1 II. MARKET & PLATFORM REQUIREMENTS...2

Vulnerabilities in SCADA and Critical Infrastructure Systems

AURORA Vulnerability Background

Aguantebocawertyuiopasdfghvdslpmj klzxcvbquieromuchoanachaguilleanic oyafernmqwertyuiopasdfghjklzxcvbn mqwertyuiopasdfghjklzxcvbnmqwerty

AUTHORED BY: George W. Gray CTO, VP Software & Information Systems Ivenix, Inc. ADDRESSING CYBERSECURITY IN INFUSION DEVICES

THE TOP 4 CONTROLS.

How Much Cyber Security is Enough?

Participants: Introduction:

IOActive Security Advisory

Crucial Role of ICT for the Reinvention of the Car

Critical Security Controls

Testing the Internet of Things

PCI Security Scan Procedures. Version 1.0 December 2004

POLICIES TO MITIGATE CYBER RISK

INTEGRATING SUBSTATION IT AND OT DEVICE ACCESS AND MANAGEMENT

This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit.

SCADA Security: Challenges and Solutions

Tutorial: Big Data Algorithms and Applications Under Hadoop KUNPENG ZHANG SIDDHARTHA BHATTACHARYYA

The Importance of Information Technology (IT) for Transportation Security

Smart Grid Security: A Look to the Future

Cyber Adversary Characterization. Know thy enemy!

Connected and Automated Vehicles and the Cybersecurity Threat

NEW JERSEY STATE POLICE EXAMPLES OF CRIMINAL INTENT

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES.

Broadcasting your attack: Security testing DAB radio in cars

Including Threat Actor Capability and Motivation in Risk Assessment for Smart Grids

Network/Cyber Security

Promoting Network Security (A Service Provider Perspective)

Robert Malmgren. Smart Grid. Security Challenges - Legacy and Infrastructure Burdens

Transcription:

The Trend Toward Convergence of Physical and Logical (Cyber) Security Fred S. Roberts Director Command, Control, and Interoperability Center for Advanced Data Analysis (CCICADA)* Rutgers University *A Department of Homeland Security University Center of Excellence 1

Super Bowl 47, New Orleans Was it terrorism? Was it cyber-terrorism? (Luckily just a relay device failing at Entergy New Orleans) Credit: businessinsider.com 2

Super Bowl 48, New Jersey Credit: new.mta.info NJ State Police Regional Operations Intelligence Center assessment: Cyber attacks by "ideologically motivated and malicious" hackers, exploiting wireless systems, on stadium infrastructure or Super Bowl websites, is a serious possibility. 3

CCICADA Project: Best Practices for Stadium Security & Analyses of Security Processes Supported by DHS Office of SAFETY Act Implementation Lambeau Field Mike Roemer/AP

It s not Just Sports Stadiums It s any places where large crowds gather Airports Train stations, bus terminals Concert halls Amusement parks Political conventions Port Authority Bus Terminal, NYC Credit: nj1015.com 5

Cyber-physical Systems in Stadiums Access control systems For patrons For employees HVAC Communication systems Electronic message boards Public address systems Security cameras Elevators, escalators Lighting systems Power systems Traffic control in the parking lots 6

Cyber-physical Systems in Stadiums Recent report by CNBC (Nov. 2013) names five large sports stadiums running a particular industrial control system software with known vulnerabilities. Include Bryant-Denny Stadium (University of Alabama) and Marlins Park (home of the Miami Marlins baseball team) Vulnerabilities supposedly addressed. Bryant-Denny Stadium Credit: wikipedia.org 7

Cyber-physical Systems in Stadiums DHS has an Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) Works directly with software manufacturers and potentially affected facilities Develops and implement mitigation strategies as necessary 8

So Why So Many Vulnerabilities? Building management systems have many parties involved Selling Implementing Maintaining Need systems for large, complex facilities CPS are of great complexity and are often engineered for environments not engineered from scratch (as in the power grid) Cyber security neglected Management doesn t want to pay for cyber security (security in general) Public/private communication needs improvement 9

Another Scenario: Car Hacking in the Stadium Parking Lot Car hacking: criminals remotely take control of your car Imagine the damage a hacker could do in a stadium parking lot. Credit: ctvnews.ca 10

Another Scenario: Car Hacking in the Stadium Parking Lot Car hacking: criminals remotely take control of your car A serious challenge as in-car technology becomes more sophisticated Already thousands of semi-autonomous cars In-car computer systems Electronic control units Coming: fully autonomous cars Self-driving cars Credit: wikipedia.org 11

Another Scenario: Car Hacking in 2013: Miller (Twitter) and Valasek (IOActive) demonstrated take control of Toyota Prius and Ford Escape from a laptop. They were able to remotely control: Smart steering Braking Displays Acceleration Engines Horns Lights the Stadium Parking Lot 12 Credit: npr.org

Why Vulnerabilities in Cars? Baheti and Gill (2011): Vehicle control system depends on system components manufactured by different vendors Each vendor uses their own software and hardware Manufacturers like to develop components that will work for different kinds of vehicles (cheaper) spreading the vulnerabilities Increasing complexity of components like sensors, actuators, wireless communication, multicore processors 13

Why Vulnerabilities in Cars? Baheti and Gill (2011): Development of control system may be independent of system implementation Challenge of integrating various subsystems while keeping them functional Research missing on understanding interactions between vehicle control systems and other subsystems: Engine, transmission, steering, wheel, brake, suspension 14

Important Issues in Security of Cyber-physical Systems NSF CPS solicitation 2013: Develop the fundamental science needed to engineer systems of the complexity of cyberphysical systems that you can have high confidence in. Find ways to conceptualize and design for the deep interdependencies among engineered systems and the natural world 15

Important Issues in Security of Cyber-physical Systems Need methods of verification and validation How can you certify performance of such highly complex systems? Right now, overdesign may be only route to system certification Credit: collegepals.org 16

Important Issues in Security of Cyber-physical Systems: Data Huge amounts of data available to describe CPS Challenge: Find ways to utilize data to enhance safety and security of CPS Data about state of the system can come to us so fast humans can t process it. Need tools for rapid system understanding. Need tools for rapid anomaly detection. 17

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information