Protecting Infrastructure from Cyber Attacks

1. Protecting Infrastructure from Cyber Attacks Dr. Maurice Dawson, Walden University /Alabama A&M UniversityDr. Jonathan Abramson, Colorado Technical UniversityDr. Marwan Omar, Colorado Technical University

2. Abstract The Department of Homeland Security (DHS) has become more concerned with cyber attacks on infrastructure such as supervisory control and data acquisition (SCADA) systems. An attack in Iran has proven that the landscape of cyber warfare is continually evolving. As the SCADA systems are the systems that autonomously monitor and adjust switching among other processes within critical infrastructures such as nuclear plants, and power grids DHS has become concerned about these systems as they are unmanned frequently and remotely accessed. A vulnerability such as remote access could allow anyone to take control of assets to critical infrastructure remotely. There has been increasing mandates, and directives to ensure any system deployed meets stringent requirements. As the Stuxnet worm has become a reality, future attacks could be malicious code directly targeting specific locations of critical infrastructure. This paper will address methods to protect infrastructure from cyber attacks using a hybrid of certification & accreditation (C&A) processes and information assurance (IA) controls.

3. Topics Example Scripts 2012 FISMA Report Previous Research Vulnerabilities & Threats Example Physical Security Threat Scenario System C&A Processes Product C&A Processes Example Unclassified DIACAP Controls Virtualization as a Tool

4. Virus in Bash Script Note: file must be --7 (executable) and bypass sudo #!/bin/bash Echo “Yep We Finally Got You” Rmdir *.bin ##removal of key directories to render system useless Rm filename1 filename2 filename3 filename 4 ##removal of key files to render system useless

5. Example Copy Script in Bash Script Note: file must be --7 (executable) and bypass sudo #!/bin/bash tar -cZf /var/my-backup.tgz /home/me/ ##key files can be copied anywhere

6. 2012 FISMA Report

7. Previous Research • DoDCyber Technology Policies to Secure Automated Information Systems • Certification & Accreditation (C&A) evaluation processes • Plan of action and milestones (PO&AM) • DIACAP scorecard • System identification plan (SIP) • DIACAP implementation plan (DIP)

8. Vulnerabilities & Threats Industrial processes include those of manufacturing, production, power generation, fabrication, and refining, and may run in continuous, batch, repetitive, or discrete modes. Infrastructure processes may be public or private, and include water treatment and distribution, wastewater collection and treatment, oil and gas pipelines, electrical power transmission and distribution, wind farms, civil defense siren systems, and large communication systems. Facility processes occur both in public facilities and private ones, including buildings, airports, ships, and space stations. They monitor and control heating, ventilation, and air conditioning systems (HVAC), access, and energy consumption.

9. Vulnerabilities & Threats cont. • Remote access • Root control of system • Ability to map network(s) • Ability to corrupt cloud infrastructure(s) • Virus focused on specific hardware • Over clocking • Redirect of network and data • Covert channel analysis • Lack of qualified personnel • Insider threat • Natural disasters • Inconsistencies of applied processes

10. Example Physical Security Scenario

11. Systems C&A Process - DIACAP

12. Product C&A Process – Common Criteria

13. Unclassified DIACAP Controls – MAC III Unclassified [Example]

14. Virtualization as a Tool Supporting Tasks Example Set Up • Test patches before full deployment • See how OS or system reacts to virus • Use as tool to deploy hardened VMs WINDOWS RED HAT LINUX UBUNTU LINUX HYPERVISOR OS PLATFORM HARDWARE

15. Any Questions Please feel free to contact me at maurice.dawson@aamu.edu Wk: 256-372-4801