Loading in 2 Seconds...
Loading in 2 Seconds...
Protecting Critical Infrastructure from Cyber Attacks Presented by Mark Henderson, CISSP, GCIA. Department of Homeland Security National Cyber Security Division United States Computer Emergency Readiness Team. Agenda. Overview of Critical Infrastructure
Department of Homeland Security
National Cyber Security Division
United States Computer Emergency Readiness Team
“Critical infrastructure is a term used by governments to describe material assets that are essential for the functioning of a society and economy”
… but what is it?
Critical Infrastructure Protection (CIP)
“… continuous efforts to secure information systems for critical infrastructure, including emergency preparedness communications, and the physical assets that support such systems.”
CIP represents efforts to prevent, detect, and correct (recover) from CI attacks
Threat Any person, circumstance or event with the potential to cause loss or damage.
Vulnerability Any weakness that can be exploited by an adversary or through accident.
Consequence The amount of loss or damage that can be expected from a successful attack.
Risk = Threat x Vulnerability x Consequence
Chilean earthquake 
GAO Threat Table
… unless they have an IP address
… unless someone studies the SW/HW
… unless someone wants to gain access to another network through that system
… but leaves web and application servers vulnerable
… but opens systems to network-based attacks
… but opens internal network up to wireless attacks
… so systems go unpatched
… so hackers can use basic attacks
… so they are not designed to be secure
… so attacks cannot be detected easily, if at all
“…critical assets in sufficient proximity to each other that they are vulnerable to disruption by the same, or successive, regional events”
ISS conducted SCADA penetration tests on multiple sectors 
Denial of Service
Zone of Defense
Era of Legacy
Network Management Diagnostics
Distributed Attack Tools
Exploiting Known Vulnerabilities
1980 1985 1990 1995 2000 2005 2010
Lipson, H. F., Tracking and Tracing Cyber-Attacks: Technical Challenges and Global Policy Issues, Special Report CMS/SEI-2002-SR-009, November 2002, page 10.
Your system could be compromised/infected and later used in an attack against CI or …
…if you work for a CI sector you could
For industrial security incidents there is the Industrial Security Incident Database (ISID)
“…with sufficient resources, such as a foreign intelligence service or a well supported terrorist group, could conduct a structured attack on the electric power grid electronically, with a high degree of anonymity, and without having to set foot in the target nation”
Davis-Besse Nuclear Power Plant 
Attack on the root name servers 
Maroochy Shire Sewage Spill 
GAZPROM Incident 
Chevron Incident 
Worcester Botnet 
Worcester Air Traffic Communications 
CSX Train Signaling System 
Toronto Subway 
Russia Subway 
Nordea Heist 
Estonia DDoS attacks 
For more information about US-CERT please visit:
US-CERT Security Operations Center
For more information about CSSP please visit:
Control Systems Security Program