Loading presentation...

Present Remotely

Send the link below via email or IM

Copy

Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.

DeleteCancel

The Impact of Cyber-Security on Critical Infrastructure Prot

No description
by

Tatiana Daza

on 19 November 2014

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of The Impact of Cyber-Security on Critical Infrastructure Prot

Background
A major mission of the homeland security is protecting critical infrastructures and key assets. Critical infrastructures are the assets, systems, and networks; whether physical or virtual, so vital to the U.S. that there breakdown or destruction would have draining effect on the U.S. nation. These networks and systems provide an essential flow of products and services to ensure the functioning of the government and society as a whole.

Bringing Down the Internet
-It is not the main goal of cyber-attacks due to the fact they could no longer use that source to infiltrate targets.
Internet outage?
- Temporarily disrupting the internet or causing an outage could very likely benefit groups or nation states at the expense of others due to the fact that the attackers have the advantage over knowing when the attack will occur, thus leaving the victim unprepared and their communications, supply chains, and information gathering capabilities disrupted.

- 1988 worm caused the Internet to crash within hours

- Was done by someone just to prove a point about security vulnerabilities in the communications protocols of the Internet.
Attacks on Stuxnet & Flame defined as APT
-advanced persistent threats
-Stuxnet found in june 2010
-actually targeted Siemens supervisory control and data acquisition systems
-flame found may 2012, began august 2010
- written by israel, spread by local networks or usb devices after being a regular windows update
Homeland Security vs. National Security
Homeland security is generally for preparing and protecting the nation against terrorism and other hazards.
National security deals with foreign affairs and defense.
In regards to cyber security, national security would deal with cyber threats coming off US land and homeland security would focus on threats coming from inside US soil.
However, it is important for both to work together on coming up with strategies on how to further protect our infrastructure and keep our information and data out of reach.
Anonymous
Distributed group of hackers
No clear leader or organizers
Around for over 10 years
Referred to as an Internet Meme: is an activity, concept, catchphrase or piece of media which spreads, often as mimicry, from person to person via the Internet.
The Impact of Cyber-Security on Critical Infrastructure Protection
Case: 5.2
-They want find out connections between people, send fake messages and find important secured information.
-They use things such as port scanning, social engineering, phishing, spear phishing, vishing, smishing and vulnerable exploitation​
-Difficult the internet is distributed and has no single point of failure.
-Attackers will then have to find another venue to access and attack
Security
The mission of homeland
The importance of critical infrastructure protection (CIP)
National Infrastructure Protection Plan (NIPP) states: Protecting of the critical infrastructure and key resources of the U.S. is essential to the nations security, public health and safety, economic energy, and way of life. Attacks on critical infrastructure and key resources significantly disrupt the functioning of government and business alike and produce cascading effects far beyond the targeted sector and physical location of the incident.

Homeland Security has identified seventeen critical infrastructure
Sectors
Agriculture and food
energy
banking and finance
water
chemical
commercial facilities
critical manufacturing
emergency services
nuclear reactors
government facilities, transportation systems, communications, information technology, and healthcare and public health and more
INTRO: Advanced persistent Threat (APT)
In this case the advance persistent threat will highlight how important the cyber-infrastructure is to critical infrastructure protection across all sectors.

What are APT’s
(APT’s) are a new type of cyber threat, it is a sustained attack on a specific target that employs many types of tools from the hackers tool kit and adapts to the defenses put up to it. APT’s require organization and funding, patience, and a goal. They appear to be sponsored by nation states. APT’s are about gathering info and/or control of the targets servers for the optimal benefit of the attacker. Attackers no longer break in and immediately wreak havoc because they need to prove that they exploited vulnerability. APT attackers gain entry and wait until the moment is right for them to attack and get what they need.

What are APT’s Cont’d
APT’s represent the next escalation in cyber-warfare and present a clear threat to the two most important types of U.S. infrastructures. The 1st on being physical infrastructure that provides power, water, and food. The 2nd being our system infrastructure that supports health care, manufacturing, and banking. APT’s are also changing the ways defenders look at their computers, networks, and data.

WHO THEY TARGET!
APT’s are only targeted at a particular victim. It adapts to its defenses instead of retreating from them so it makes it hard to get rid of if not caught early. Because of the interconnected nature of the cyber infrastructures, these attacks can spread quickly and have major effects that will be highlighted in this case. Defenders can deflect the attacks for a while however the attacker doesn’t go away.

How APT’s Attack
APT’s us a variety of attack tools and methodologies such as
port scanning
social engineering
phishing
spear phishing
other resources in a hackers tool kit
WHO IS USING THESE ATTACKS
APT’s are currently being carried out by groups in one of the three main categories
cyber-criminals motivated by financial gain
nation-states motivated by political, economic, military, or other strategic advantage gain through intelligence gathering
hacktivists/terrorists motivated by politics or belief
Defending oneself against a disorganized group
understand what makes it an attractive target
identify its potential adversaries
gain insight into the adversary’s motivation, intent, available resources, and the lengths to which it might go to launch an attack
QUESTIONS?
Full transcript