1 / 55

SECR 5140-FL Critical Infrastructure Protection

SECR 5140-FL Critical Infrastructure Protection. Dr. Barry S. Hess Spring 2 Semester Week 6: 22 April 2006. Class Website. Class Info http://home.covad.net/~bshess/ Contact info barry.hess@gmail.com 571.237.3418. Reminder. Papers are due in two weeks I am available to review drafts

tuwa
Download Presentation

SECR 5140-FL Critical Infrastructure Protection

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SECR 5140-FLCritical Infrastructure Protection Dr. Barry S. Hess Spring 2 Semester Week 6: 22 April 2006

  2. Class Website • Class Info • http://home.covad.net/~bshess/ • Contact info • barry.hess@gmail.com • 571.237.3418

  3. Reminder • Papers are due in two weeks • I am available to review drafts • Presentations will be timed

  4. Agenda • Quiz Discussion • Guidance • Research Paper • Presentation • Lecture • Assignment for Week 7

  5. Guidance

  6. Three Questions • Would you want your employer to use your paper in your annual review? • Would you give the paper to a prospective employer? • Is your paper ready for publication?

  7. Basic Guideline • Introduction • Tell me what you are going to tell me • Body • Tell me • Conclusion or Summary • Tell me what you told me

  8. Research Paper Requirements • A 10-12 page (double-spaced) typewritten paper by week 8 of class • Must cite at least three relevant sources • Students’ papers will use style guidance in A Manual for Writers of Term Papers, Theses and Dissertations, 6th edition, by Kate L. Turabian

  9. Mechanics • Grammar and spelling matter • Use a 12 point standard font, e.g., Times, Geneva, Bookman, Helvetica, etc. • Double spaced text on 8 1/2" x 11" paper with 1 inch margins, single sided • Number pages consecutively • Minimize number of figures, tables, and illustrations • Bibliography is not part of page count

  10. Structure of Paper • Brief presentation of your primary thesis • Three major sections of your investigation, and the solution / findings / recommendations that you will be making • Definition of key terms and concepts. Cite references. • The research problem • In-depth look at research problem. This a synthesis and should be original work. If there are controversial elements, mention them briefly. • History of research on this topic • Explain why your research is unique and needed. Give a brief history of ideas. Cite sources. • "Evidence" section • Supporting statistics, examples, case studies, citations, supporting passages from key texts. Present counter-arguments / opposing viewpoints. Cite carefully. • Further case studies or examples (Minimum of three) • Support your thesis statement. Use citations and intersperse your thoughts & analysis throughout. • Debate points / controversial aspects • Discuss issues and present new ways of looking at primary thesis. This is your original work. • Begin to question underlying assumptions that may influence your investigation, and your conclusion, approaches, solution. • Summary that is more than a conclusion • Insights, recommendations, probable issues vis-a-vis the future • Source: • Susan Smith Nash, Ph.D. • The University of Oklahoma • Research Paper Roadmap • http://www.beyondutopia.net/research/

  11. Plagiarism • Webster University Graduate School Policy • “Plagiarism—Using the works (i.e. words, images, other materials) of another person as one's own words without proper citation in any academic assignment. This includes submission (in whole or in part) of any work purchased or downloaded from a Web site or an Internet paper clearinghouse.” • If you knowingly use sources created by others, then it is incumbent upon you to give credit to those sources • This is not only fair but it is also moral, ethical, legal, and an academic requirement • Not giving credit is plagiarism, which basically means stealing information from someone else • If you get caught plagiarizing, you will fail the course

  12. Sourcing • Primary sources are original, uninterpreted information • Novels, speeches, eyewitness accounts, interviews, letters, autobiographies, or the results of original research • State of the Union Address • Secondary sources interpret, analyze or summarize • Writings about the primary sources, about an author or about somebody's accomplishments • Newspaper report on the State of the Union speech

  13. Bibliography and Footnotes • List all your sources and be thorough • Follow the proper citation style • Bibliography • Sources are listed alphabetically, by author's last name • Sources without authors are listed alphabetically by either the editor's last name or by the complete title of the work • First line of each bibliographical entry starts flush at the left hand margin • Second and subsequent lines are indented five spaces • Titles should be capitalized correctly in each entry • All entries are single-spaced • Footnotes • Turabian reference note format requires that the basic information about the source in footnotes is at the bottom of each page, beneath the text • Within the text, above the list of footnotes, the place where a reference is introduced is shown by an Arabic numeral raised slightly above the line of text • These reference numbers are placed just after the quoted or paraphrased material, and they appear in numerical order throughout the text • Footnotes for all of the references which appear in a page of text must be placed at the bottom of the same page, divided from the text by an eight spaced line

  14. Oral Presentation Requirements • Each student will deliver a 15-20 minute oral presentation of the research paper to the class during week 8

  15. Hints for PowerPoint • Plan for approximately 1 minute per slide • Use a standard font, e.g., Arial, Tahoma, Verdana, etc. • Slides should supplement your presentation—not to BE your presentation • Slides should serve as an outline and provide points of emphasis • Use phrases not sentences • Do not read your slides • Your graphics need to there for a reason • Practice makes perfect • Do not over use transitions

  16. Lecture

  17. Topics • Statement by Daniel G. Wolf, Director of Information Assurance, National Security Agency—“Cybersecurity Getting it Right” • Posse Comitatus • “Extra Territoriality and International Cyber Crime” by Kenneth Geers (Naval Criminal Investigative Service) • Homeland Security Presidential Directive (HSPD-7)

  18. “Cybersecurity—Getting it Right” Statement by Daniel G. Wolf Director of Information Assurance National Security Agency July 22, 2003

  19. Introduction • NSA does not have all of the answers • Have had tremendous successes and a share of failures • Have gained a deep understanding and respect for the challenges the nation must overcome to begin to tame cyberspace • Concerned that some in government and industry want to keep NSA in a box labeled “for classified information only” • This erroneously suggests that NSA’s perspective is much too narrow due to our focus on the stringent requirements of national security systems • His experience shows that there is little difference between the cybersecurity that is required for a system processing top-secret military information and one that controls a segment of the nation’s critical infrastructure

  20. Concepts • Both classified and unclassified systems require the element of assurance or trust • Trust that the system was designed properly • Trust that it was independently evaluated against a prescribed set of explicit security standards • Trust that it will maintain proper operation during its lifetime, even in the face of malicious attacks and human error • Effective cybersecurity must be designed into information systems starting at the R & D phase • You cannot add trust to a system after it is fielded

  21. Homeland Security • Presents another reason to suggest that cybersecurity requirements must converge • Information management principle within the national security community has always been the concept of need-to-know • Fundamental information principle for homeland security is need-to-share • The principle of need-to-share requires the development of technical solutions for secure interoperability that may be called on to tie top-secret intelligence systems to a local first responder system

  22. Information Assurance • Information Assurance is operational in nature and often time-sensitive • NSA’s work in IA provides a mix of security services that are not operational or time-sensitive, e.g., • Education and training • Threat and vulnerability analysis • Research and development • Assessments and evaluations • Tool development • In an environment of constant probes and attacks of networks, an increasingly important element of protection deals with operational responsiveness in terms of detecting and reacting to these time-sensitive events • This defensive operational capability is closely allied with and synergistic with traditional IA activities • DoD calls this Defensive Information Operations

  23. Specific Issues Related to Cybersecurity R&D • Technical approaches to optimize cybersecurity • Interoperable authentication system • Deployed widely throughout the federal, national security, first responder and critical infrastructure community, e.g., a PKI system with a smart card that contains your cyber credentials • Effective border protection • Firewalls • Virtual private networks • “Guards” • Cyber intrusion detection

  24. Specific Issues Related to Cybersecurity R&D • Areas of advanced technology should be pursued to outpace attacks • Cryptographic modernization • Over 1.3 million cryptographic devices in the U.S. inventory • Over 75% of these systems will be replaced during the next decade • Resilient systems • Goal is to have systems that degrade gracefully instead of causing a cascade of insecurity • Coordination information during cyberattack • Enhance attack identification methods • Detect suspicious or anomalous behavior to identify insider attacks

  25. Specific Issues Related to Cybersecurity R&D • Advanced technology programs needing higher priority & funding • Enhance our ability to find and eliminate malicious code in large software applications • Little coordinated effort today to develop tools and techniques to examine effectively and efficiently either source or executable software • Need a National Software Assurance Center • Should have representatives from academia, industry, federal government, national laboratories and the national security community • Trusted hardware platforms • Must have trusted domestic sources for advanced systems

  26. Specific Issues Related to Cybersecurity R&D • Role of technology transfer • National Information Assurance Partnership (NIAP) • Collaboration between the National Institute of Standards and Technology and the NSA • Long-term goal of NIAP is to increase the level of trust consumers have in their information systems and networks through the use of cost-effective security testing, evaluation, and assessment programs • Information Assurance Technical Framework Forum (IATFF) • Created to foster dialog between U.S. government agencies, industry, and academia seeking to provide their customers solutions for information assurance problems • Centers of Academic Excellence in Information Assurance Education Program • Goal is to reduce vulnerability in our National Information Infrastructure by promoting higher education in information assurance

  27. Posse Comitatus Act

  28. Posse Comitatus Act • Posse Comitatus Act of 1878 (20 Stat. 152 [18 USC 1385]) • “SEC. 15. From and after the passage of this act it shall not be lawful to employ any part of the Army of the United States, as a posse comitatus, or otherwise, for the purpose of executing the laws, except in such cases and under such circumstances as such employment of said force may be expressly authorized by the Constitution or by act of Congress;…”

  29. Post September 11th Perspective • "Our way of life has forever changed,'' wrote Sen. John Warner R-Va., in an October 2001 letter to Defense Secretary Donald Rumsfeld. "Should this law [Posse Comitatus Act] now be changed to enable our active-duty military to more fully join other domestic assets in this war against terrorism?''

  30. History • Posse Comitatus Act reflects a tension between preserving the national defense, while keeping the military from becoming entangled in day to day law enforcement • Posse Comitatus means, “the Power of the County” • Brings to mind colorful images of the old west county sheriff Source: “Posse Comitatus - Has the Posse outlived its purpose?” Craig T. Trebilcock (April 2000)

  31. Why Did Congress Enact PCA? • During reconstruction federal troops were used extensively in the South for law enforcement • Recognizing that long-term use of the Army to enforce civilian laws posed a potential danger to the military’s subordination to civilian control Congress passed the Act • Posse Comitatus Act made it a crime for anyone to use the Army to enforce federal, state, or local civil laws Source: “Posse Comitatus - Has the Posse outlived its purpose?” Craig T. Trebilcock (April 2000)

  32. Is the Posse Comiatitus Eroding? • The courts have consistently ruled that the Act does not prohibit military involvement in civilian law enforcement activities, as long as that involvement is in a “passive” or support role • Recognizing that the military possesses unique equipment and training that may be valuable to civilian police departments, the courts have held that many types of logistical support may be provided, without violating the central tenet that the military may not actually enforce civilian laws • Using a test based upon whether the military’s involvement is “passive” or “active”, the courts have held that providing supplies, equipment, training, facilities, and certain types of intelligence do not violate the Posse Comitatus Act. • Military personnel may be involved in planning and supporting civilian law enforcement activities (an indirect or passive role), as long as they are not directly involved in the actual arrest or seizure of evidence Source: “Posse Comitatus - Has the Posse outlived its purpose?” Craig T. Trebilcock (April 2000)

  33. How Does the Country Feel About PCA? • The current swing of the pendulum reflects a nation that is more than ready to embrace military involvement in homeland defense • Drug smuggling and illegal immigration were perceived by some as the national defense challenges • The increasing recognition that a suitcase of chemical or biological agent smuggled across our borders could result in a crippling loss of life, is leading to an acceptance of an increased role for the military in homeland defense • With its unique detection and response capabilities to chemical/ biological attacks, the military must be heavily involved in any effective counter-terrorism response plan Source: “Posse Comitatus - Has the Posse outlived its purpose?” Craig T. Trebilcock (April 2000)

  34. Implications • There have been several statutory exceptions to the Posse Comitatus Act in the past decade • The general Constitutional authority of the President to preserve order, there are few areas of domestic law enforcement activity where the military is precluded from participating in times of national emergency or disaster • Posse Comitatus Act still serves a valuable function in deterring a lower level commander or politician from engaging in unauthorized “police” activity using military forces • The Act today provides little hindrance to the National Command Authority in executing civilian laws in times of emergency through military personnel • Through proper, legal declarations of Presidential emergency authority and/or through the use of National Guard assets in state status, it is increasingly likely that the military will play a significant enforcement role in response to domestic terrorism and other disasters for the foreseeable future Source: “Posse Comitatus - Has the Posse outlived its purpose?” Craig T. Trebilcock (April 2000)

  35. Discussion • How does Posse Comitatus effect our ability to protect the critical infrastructure?

  36. Extra Territoriality and International Cyber Crime Kenneth GeersNaval Criminal Investigative Service

  37. Problems with Investigations • Investigating international cyber crime poses many problems to U.S. law enforcement • One of the biggest challenges is the fact that a high degree of anonymity is not difficult to achieve on the Internet • In ideal world we would examine every Internet data packet that crosses our borders, but when they arrive at well over a billion per second, that thought is quickly ruled out • When a real Internet crime has been discovered, and the log data exists to prove it (the combination of which is fairly rare), the tedious process of tracing the hack back to its point of origin begins • The obstacles for an international investigator begin to multiply quickly here. Cultural, linguistic, and political barriers can prove insurmountable

  38. European Cybercrime Convention (ECC) • Forty-one countries have signed the treaty (including the United States and Russia) and nine have acceded to it through formal ratification • Goal is to harmonize cybercrime laws all over the world • These run the gamut: fraud, child pornography, data protection, and even cyber terrorism • The amount of damage done every year easily runs into the billions of dollars

  39. Issues with ECC • Many governments worry that this would leave their citizens' personal information vulnerable to abuse by foreign governments, and that this abuse could occur with inadequate oversight • Privacy groups fear for their civil liberties as well • ISPs fear that unwieldy strictures and obligations will be placed upon them

  40. Law Enforcement Issues • ECC fails to authorize any type of unauthorized cross-border digital searches or seizures, even in the case of hot pursuit • All cooperative scenarios foresee consultation with host-nation officials before any examination or seizure of computer data • This rule, while politically palatable, runs the risk of giving cyber criminals the valuable time they need to hide their point-of-origin

  41. Example • In 2000, the FBI was hot on the trail of Russian hackers who had cracked various computer networks around the country, including banks and ISPs, in order to steal credit card numbers. The point-of-origin was determined to be Russia, but Russian assistance in the investigation was not forthcoming. Therefore, the FBI decided to act on its own. With a U.S. search warrant in hand, it tricked one of the Russian suspects into traveling to Seattle, where it used a keystroke logger to gain his username and password to a secret stash back in Russia. • The FBI then proceeded to log on and download highly incriminating evidence. The hacker gang was responsible for fraud on a massive scale, involving the theft and use of many thousands of American credit card numbers.

  42. Discussion • What should have happened to the FBI agents?

  43. Reality • The two FBI agents were given the Director's Award for Excellence, and the FBI publicly praised its field office's first successful "extra-territorial seizure"

  44. Homeland Security Presidential Directive (HSPD-7) Office of Homeland Security 17 December 2003

  45. Policy • (1) It is the policy of the United States to enhance the protection of our Nation's critical infrastructure and key resources against terrorist acts

  46. Context • 4) Critical infrastructure and key resources provide the essential services that underpin American society. The Nation possesses numerous key resources, whose exploitation or destruction by terrorists could cause catastrophic health effects or mass casualties comparable to those from the use of a weapon of mass destruction, or could profoundly affect our national prestige and morale. In addition, there is critical infrastructure so vital that its incapacitation, exploitation, or destruction, through terrorist attack, could have a debilitating effect on security and economic well-being. • (5) While it is not possible to protect or eliminate the vulnerability of all critical infrastructure and key resources throughout the country, strategic improvements in security can make it more difficult for attacks to succeed and can lessen the impact of attacks that may occur. In addition to strategic security enhancements, tactical security improvements can be rapidly implemented to deter, mitigate, or neutralize potential attacks.

  47. Purpose • (7) Establishes a national policy for Federal departments and agencies to identify and prioritize United States critical infrastructure and key resources and to protect them from terrorist attacks • (8) Federal departments and agencies will identify, prioritize, and coordinate the protection of critical infrastructure and key resources in order to prevent, deter, and mitigate the effects of deliberate efforts to destroy, incapacitate, or exploit them. Federal departments and agencies will work with State and local governments and the private sector to accomplish this objective

  48. Roles and Responsibilities of the Secretary • (12) In carrying out the functions assigned in the Homeland Security Act of 2002, the Secretary shall be responsible for coordinating the overall national effort to enhance the protection of the critical infrastructure and key resources of the United States. The Secretary shall serve as the principal Federal official to lead, integrate, and coordinate implementation of efforts among Federal departments and agencies, State and local governments, and the private sector to protect critical infrastructure and key resources. • (13) Consistent with this directive, the Secretary will identify, prioritize, and coordinate the protection of critical infrastructure and key resources with an emphasis on critical infrastructure and key resources that could be exploited to cause catastrophic health effects or mass casualties comparable to those from the use of a weapon of mass destruction. • (14) The Secretary will establish uniform policies, approaches, guidelines, and methodologies for integrating Federal infrastructure protection and risk management activities within and across sectors along with metrics and criteria for related programs and activities

  49. Cybersecurity • (16) The Secretary will continue to maintain an organization to serve as a focal point for the security of cyberspace. The organization will facilitate interactions and collaborations between and among Federal departments and agencies, State and local governments, the private sector, academia and international organizations. To the extent permitted by law, Federal departments and agencies with cyber expertise, including but not limited to the Departments of Justice, Commerce, the Treasury, Defense, Energy, and State, and the Central Intelligence Agency, will collaborate with and support the organization in accomplishing its mission. The organization's mission includes analysis, warning, information sharing, vulnerability reduction, mitigation, and aiding national recovery efforts for critical infrastructure information systems. The organization will support the Department of Justice and other law enforcement agencies in their continuing missions to investigate and prosecute threats to and attacks against cyberspace, to the extent permitted by law.

  50. Discussion • Why was it necessary to promulgate HSPD-7?

More Related