Embed Size (px)
DESCRIPTION
.
Citation preview
Cri$cal Infrastructure Security: The Emerging Smart Grid
Cyber Security Lecture 1:
Introduc$on Carl Hauser & Adam Hahn
Administra$ve
• Textbook (available online) – Ross Anderson. “Security Engineering” 2nd Ed. Wiley.
– hLp://www.cl.cam.ac.uk/~rja14/book.html
– Read Chapter 1
Outline
• Smart Grid Overview • Security Intro and Terminology
– Threat Events & Sources – Vulnerabili$es – Privacy – Security Proper$es – Security Engineering
• Future Class Topics
Outline
• Smart Grid Overview • Security Intro and Terminology
– Threat Events & Sources – Vulnerabili$es – Privacy – Security Proper$es – Security Engineering
• Future Class Topics
Complexity
“Complexity is the enemy of security” –Daniel Geer
Source: Dan Geer. “Complexity is the enemy ” IEEE Security & Privacy. Nov/Dec 2008
Threats in the Smart Grid
Outline
• Smart Grid Overview • Security Intro and Terminology
– Threat Events & Sources – Vulnerabili$es – Privacy – Security Proper$es – Security Engineering
• Future Class Topics
Terminology • Threat – circumstance or event with the poten$al to adversely impact
organiza$onal opera$ons – Threat Events – event or situa$on that has the poten$al for causing
undesirable consequences – Threat Source (agent) – intent and method targeted at the inten$onal
exploita$on of a vulnerability or a situa$on and method that may accidentally trigger a vulnerability
• Vulnerability & Predisposing Condi$ons – Vulnerability – a weakness in an informa$on system, system security
procedures, internal controls, or an implementa$on that could be exploited by a threat source
– Predisposing Condi$on – condi$on with contributes to the likelihood of a threat event
• Risk – a measure of the extent to which an en$ty is threatened by a poten$al circumstance or event – Func$on of (1) adverse impact of aLack and (2) likelihood of occurrence
Source: NIST SP 800-‐30, rev1. hLp://csrc.nist.gov/publica$ons/nistpubs/800-‐30-‐rev1/sp800_30_r1.pdf
Security Mindset • “Good engineering involves thinking about how things can be made to work; the security mindset involves thinking about how things can be made to fail. It involves thinking like an aLacker, an adversary or a criminal.” – “Security professionals …
• can't walk into a store without no$cing how they might shoplif.
• can't use a computer without wondering about the security vulnerabili$es.
• can't vote without trying to figure out how to vote twice.” -‐Bruce Schneier
Source: hLps://www.schneier.com/blog/archives/2008/03/the_security_mi_1.html
Why Computer Security is Hard?
Financial investment in people and technology
Usability
Psychology
Technical
Cultural
Challenges
Threats
Privacy
Economic
Asymmetric, well funded adversaries vs rate-‐based u$li$es
Less trus$ng environments require more configura$on
Performance
System vulnerabili$es ofen difficult to discover
Boundless data collec$on and analysis
Threats are invisible, intangible
Security technologies ofen consume computa$on resources
Technology evolves faster than human behaviors
Key Security Principles
• Kerckhoff’s (!= Kirchoff’s) Principle – No “security by obscurity” – Assume aLacker knows how security system works
• For$fica$on Principle – Defender must defend en$re system – ALacker will target lowest point
ALack Lifecycle
Source: NERC, DOE. High-‐Frequency Low Impact Event Risk to the North American Bulk Power Systems. 2009
Outline
• Smart Grid Overview • Security Intro and Terminology
– Threat Events & Sources – Vulnerabili$es – Privacy – Security Proper$es – Security Engineering
• Future Class Topics
Cybercrime
Source: New York Magazine, hLp://nymag.com/daily/intelligencer/2013/04/ap-‐twiLer-‐hack-‐sends-‐stock-‐market-‐spinning.html
Source: CNN Money, hLp://nymag.com/daily/intelligencer/2013/04/ap-‐twiLer-‐hack-‐sends-‐stock-‐market-‐spinning.html
Hac$vism
Source: Mother Jones, hLp://www.motherjones.com/poli$cs/2014/07/anonymous-‐cyberaLack-‐israel-‐gaza
Source: Forbes, hLp://www.forbes.com/sites/quora/2014/07/24/how-‐wsjs-‐facebook-‐page-‐got-‐hacked-‐and-‐what-‐others-‐should-‐do-‐to-‐prevent-‐this/
Na$on-‐State Threats
Source: The Washington Post, hLp://www.washingtonpost.com/world/na$onal-‐security/spyware-‐tools-‐allow-‐buyers-‐to-‐slip-‐malicious-‐code-‐into-‐youtube-‐videos-‐microsof-‐pages/2014/08/15/31c5696c-‐249c-‐11e4-‐8593-‐da634b334390_story.html Source: CNET, hLp://www.cnet.com/news/saudi-‐oil-‐firm-‐says-‐30000-‐computers-‐hit-‐by-‐virus/ Source: The New York Times, hLp://www.ny$mes.com/2013/05/20/world/asia/chinese-‐hackers-‐resume-‐aLacks-‐on-‐us-‐targets.html?pagewanted=all&_r=0
Advanced Persistent Threats (APT) • What is an APT
– Advanced • Well funded, professionals • Will u$lize zero-‐day vulnerabili$es
– Vulnerabili$es discovered by an aLack, but unknown to defender • Will have sophis$cated rootkits to hide aLacks • Will u$lize covert methods to aLack and exfiltrate data • Will perform heavy reconnaissance of organiza$on (both technical and personal)
– Persistent • Will con$nually aLack un$l successful • Understand “Law of large numbers”
Source: NERC Cyber ALack Task Force. Draf Report. 2012.
Threats to the Grid
Coordinated Cyber ALack
Source: NERC Cyber ALack Task Force. Draf Report. 2012.
• Electric power grid should be reliable to any single physical fault (NERC n-‐1) • Impacwul aLack will likely required mul$ple coordinated ac$ons
Outline
• Smart Grid Overview • Security Intro and Terminology
– Threat Events & Sources – Vulnerabili$es – Privacy – Security Proper$es – Security Engineering
• Future Class Topics
Vulnerability Sta$s$cs
Source: hLps://web.nvd.nist.gov/view/vuln/sta$s$cs-‐results?adv_search=true&cves=on
Vulnerability Lifecycle
Source: European Union Agency for Network and Informa$on Security (ENISA). “Window of exposure... a real problem for SCADA systems?” Dec. 2013.
Source: hLp://www.forbes.com/sites/andygreenberg/2012/03/23/shopping-‐for-‐zero-‐days-‐an-‐price-‐list-‐for-‐hackers-‐secret-‐sofware-‐exploits/
Market for Vulnerabili$es • Vulnerabili$es tradi$onally publicly disclosed when found
– Vendors would then provide patches • Now, vulnerabili$es being sold to highest bidder
– Vendor, public remain unaware of them
Pervasive Vulnerability
• Modern systems have pervasive vulnerability – From a security perspec$ve, they are purchased in a “broken” state
– Only get worse as $me progresses
Outline
• Smart Grid Overview • Security Intro and Terminology
– Threat Events & Sources – Vulnerabili$es – Privacy – Security Proper$es – Security Engineering
• Future Class Topics
Privacy
• Defini$on: “the quality or state of being apart from company or observa$on”
• "Informa$on privacy" refers to the user's ability to control when, how, and to what extent informa$on about themselves will be collected, used, and shared with others.
Source: hLp://www.merriam-‐webster.com/dic$onary/privacy Source: hLps://msdn.microsof.com/en-‐us/library/ms976532.aspx
Source: E. L. Quinn, “Privacy and the New Energy Infrastructure,” Social Science Research Network (SSRN), Feb. 2009
Outline
• Smart Grid Overview • Security Intro and Terminology
– Threat Events & Sources – Vulnerabili$es – Privacy – Security Proper$es – Security Engineering
• Future Class Topics
Cyber Security Proper$es Key Principles: CIA Triad [NIST FIPS-‐199] ● Confiden'ality -‐ Preserving authorized restric$ons on informa$on
access and disclosure, including means for protec$ng personal privacy and proprietary informa$on
● Integrity -‐ Guarding against improper informa$on modifica$on or destruc$on, and includes ensuring informa$on non-‐repudia$on and authen<city
● Availability -‐ Ensuring $mely and reliable access to and use of informa$on.
• CIA acronym, but also tradi$onally the priority of the proper$es – In control systems we usually care more about AIC (or IAC)
Cyber Security Proper$es • Accountability
– Ac$ons of an en$ty can be uniquely traced back to that en$ty – Nonrepudia$on – en$ty can’t deny responsibility for an ac$on
• Authen$city – verifica$on of the validity/source of a message or transmission – Authen$ca$on – process of verifying authen$city
• Trust – Even if you know to whom you’re talking can you count on them to behave as expected?
Outline
• Smart Grid Overview • Security Intro and Terminology
– Threat Events & Sources – Vulnerabili$es – Privacy – Security Proper$es – Security Engineering
• Future Class Topics
Security Engineering Framework
Source: Security Engineering. Ross Anderson. 2nd ed. Wiley
Security Engineering Framework
Source: Security Engineering. Ross Anderson. 2nd ed. Wiley
The amount of reliance you the mechanism to enforce the policy
Incen$ves for: -‐defenders to implement
policy, mechanisms -‐aLackers to bypass policy,
mechanisms
What we try to achieve: -‐who has access -‐what can they do
How we enforce policy: -‐Prevent (firewall, crypto)
-‐Detect (IDS, AV) -‐Respond (reconfigure)
-‐Recover (disaster recovery)
Secure Development Lifecycle • Security is a process, not just a technology or features
• Secure development lifecycle – Similar to systems or sofware engineering lifecycles – Ensure security decisions considered throughout system’s lifespan
Source: Microsof. Simplified Implementa$on of the Microsof SDL. 2010. hLp://www.microsof.com/sdl
Outline
• Smart Grid Overview • Security Intro and Terminology
– Threat Events & Sources – Vulnerabili$es – Privacy – Security Proper$es – Security Engineering
• Future Class Topics
Topics • Lecture #2
– Cryptography and authen$ca$on • Lecture #3
– Sofware vulnerabili$es and aLacks • Lecture #4
– Network vulnerabili$es and aLacks • Lecture #5
– Assurance, Evalua$on, and Compliance • Lecture #6
– Case study: Stuxnet
End
