Understanding Holistic Effects of Cyber Events on Critical Infrastructure

Transcription

1 Understanding Holistic Effects of Cyber Events on Critical Infrastructure Shane Cherry Infrastructure Analysis and Technology Development National and Homeland Security Directorate March 20, 2018 INL/CON

2 Information Technology vs. Operational Technology Information Technology: The study or use of systems (especially computers and telecommunications) for storing, retrieving, and sending information Oxford Dictionary Operational Technology: The hardware and software dedicated to detecting or causing changes in physical processes through direct monitoring and/or control of physical devices such as switches, pumps, valves, etc. such as those used in critical infrastructure systems. International Society of Automation

3 Increased IT-OT Connectivity Our national critical infrastructure consists of systems of geographically distributed assets, from regional and national networks to micro-scale controllers and sensors Increasingly, these assets, across all scales, are connected via IT and OT networks and thus potential cyber targets

4 Increased Focus on OT Related Cyber Activity

5 Increase in Cyber Events Related to Operational Technologies In Fiscal Year 2016, DHS ICS-CERT coordinated 305 unique vulnerabilities and responded to 290 incidents associated with industrial control systems ICS-CERT Year in Review, 2016 Large-scale cyberattack to electrical grid could lead to $243B - $1T loss to the U.S. economy Health and safety impacts would include increased rate of illness and death in impacted areas Impact to DoD (and DHS) missions would significantly impact the security of the United States Lloyd s and University of Cambridge Centre for Risk Studies; President s Council of Economic Advisors, February 2018

6 Elements of Cyber Physical Interactions

7 Interdependency Discovery Approach All-Hazards Analysis Framework (A-HA)

8 Interdependency Mapping

9 Developing Multi-Scale Facility Profiles Regional Scale Dependencies Process Scale Dependencies Control System Scale Dependencies Notional System

10 Modeling Functional Impacts

11 Holistic Cyber-Physical Analysis Process Reported OT Vulnerabilities or Threats Identify Standard OT Components Across Sectors Potentially Affected and Model Functional Impacts Link to Potential Facility Locations Model Potential Cascading Impacts Provide Actionable Information to Decision Makers and Stakeholders

12 Esri and INL: Partnering for Cyber Resilience

13

14 Application of GIS to Cybersecurity Brian Biesecker Technical Director, Intelligence Community Esri

15 Fundamental Problems that GIS can help you solve Identify mpacts to your mission, operations, business activities, critical systems, or critical infrastructure from a Cyber Attack, IT outage or impairment Prioritize the work of your IT Team or Cyber Security Team in the context of your most important missions, operations, business activities, critical systems, or critical infrastructure Provide shared situational awareness across your organization Refine your Cyber Forensics Analysis efforts

16 Cyberspace Re-Considered It s mappable Utility Network Social / Persona Layer Device Layer Logical Network Layer Physical Network Layer Geographic Layer Each device in cyberspace is owned by someone (no global commons ) Electro-mechanical devices exist in space-time and interact with physical events Geography is required to integrate and align cyberspace with other data

17 Cross Domain Consequence Analysis Electric IT / SCADA Control System Control System

18 Cross Domain Consequence Analysis Information Technology Industrial Control Systems Critical Infrastructure

19 The Cyber Supply Line A vector of devices and network paths Control System Data Flow LAN Bldg Net WAN Cyber Supply Line LAN Bldg Net Campus #1 Campus #2 Cyber Supply Line (CSL) is a consistent path through the infrastructure CSL focuses resources on only the devices that are critical Managing data flows is similar to traffic routing; an Esri core competency

20 Enhancing Cyber Common Operating Pictures Geography provides deeper understanding Cyber Comms COP Server w/geoevent Extension Intrusion Detection System IP-Geo Lookup Server Intrusion Data

21 Integrating to improve information sharing Share Situational Awareness Executives / Commanders Enterprise - focused Operations Process-focused IT Infrastructure Device-Focused Awareness Recovery Prevention Protection Response Cyber Security Event-focused

22 ArcGIS Integration with Cyber Security Tools Executive Dashboards - Status Reports, Trends, Brand Sentiment, Financials Cyber Tools & Data- IDS/IPS, HBSS, Virus Scanning, Patch Monitoring Desktop Web Device Ops Data - Mission Activity, Status Reports, Real-time monitoring Portal Ops Dashboard IT Tools & Databases - IT Inventory, Device Locations, Health and Status Monitoring HR Database - Personnel, Orgs, Locations, Travel Server Online Content and Services Facilities Data - CAD & GIS of Buildings and Campuses, Electric, Water, HVAC, Facilities Monitoring, Physical Security

23 Data Linkages Missions / Operations to Critical Systems / Infrastructure Critical Systems to Components Components to Their location Components to Their logical network connection Logical Network to Physical Network Logical / Physical Network to Network Devices Cyber Threats to Components IT Health and Status to Components Impacted Components to Impacted Mission

24 Cyber Summary

25