& protecting the UK s Critical National Infrastructure (CNI)

Transcription

1 New Threats: Cyber-terrorism Crown Copyright & protecting the UK s Critical National Infrastructure (CNI) 2nd ARF Seminar on Cyber Terrorism, Cebu City, Philippines 3 October, 2005 John Crow Head e-investigations e & Threat Assessment

2 Overview: 1 Sep 2005 MI5 chief reveals terror threat Al Qaida represents the first truly global terrorist threat: Sophisticated, geographically widespread, covert & particularly resilient Little prospect of significant reduction in the Islamist terrorist threat to the UK over next 5 years Current phase characterised by indiscriminate attacks inflicting mass civilian casualties Range of attacks from CBR to violent incidents From: Info on current threats at Crown Copyright Director-General Dame Eliza Manningham-Buller Defeating the threat will be a long haul; root causes fed by complex series of intractable issues Radical ideology appeals to broad coalition of Islamist groups Members blend into society by living normal, routine lives until called upon for specific tasks

3 Electronic attack (ea) : What is it? Our current definition The use of computers to gain unauthorised access to the data or control software of computer-based systems in order to acquire or corrupt data or disrupt the functioning of systems. January Crown Copyright

4 Electronic attack (ea) : What is it? There are two types Untargeted attacks: Indiscriminate attacks affecting availability & many targets Examples: Worms, viruses Profile: High Impact: Short term high Targeted attacks: These focus on a particular target address Examples: Hacking attacks, Trojan attacks Profile: Generally low Impact: Can be high & long term Crown Copyright

5 Outlook 2010: ea Crown Copyright capabilities of terrorists 2005 Greater awareness of use of IT & Net Some IT literate individuals; increased general e-skills Physical attack favoured option; no certainty when or if ea may become weapon Targeting of CNI for possible attacks Some individuals with possible exploitable access 2010 Increased use of IT & Net for comms, propaganda Greater general e-skills Battle-hardened fighters post Iraq now in own countries? Networks still active in EU; UK remains prime target? Targeting of CNI ongoing? Physical attacks still favoured & telegenic option to cause fear & destruction? ea option remains could be deployed opportunistically or against difficult targets?

6 So what can we do to protect the UK s Critical National Infrastructures (CNI)? Crown Copyright

7 UK Critical Infrastructures CNI: Those parts of the UK s Infrastructure for which continuity is so important to national life that loss, significant interruption, or degradation of service would have life-threatening, serious economic or other grave social consequences for the community, or any substantial portion of the community, or would otherwise be of immediate concern to the Government Crown Copyright

8 UK Critical Infrastructures Ten CNI sectors 1. Communications 2. Emergency Services CNI: Those parts of the UK s 3. Energy Infrastructure for which continuity is so important to national life that 4. Finance loss, significant interruption, or 5. Food degradation of service would have life-threatening, serious economic 6. Government or other grave social consequences for the community, or any 7. Hazards substantial & portion Public of the Safety community, or would otherwise be 8. Health of immediate concern to the 9. Transport 10. Water Government Crown Copyright

9 What is NISCC? NISCC s aim is to minimise the risk to the Critical National Infrastructure (CNI) from electronic attack (ea). NISCC is an inter-departmental centre which co-ordinates activity on support of this aim across a range of organisations. Each of these contributes resources and expertise to NISCC s programme of work according to its own remit, its own priorities, in relation to the challenge in hand, and depending on what value it can add Crown Copyright

10 National Infrastructure Security Co-ordination ordination Centre (NISCC) In order to take this forward, I have established an inter-departmental centre, the National Infrastructure Security Coordination Centre, to act as a point of contact for those involved in this work in both government and the private sector. The Home Secretary, 20 December, Crown Copyright

11 National Infrastructure Security Co-ordination ordination Centre (NISCC) NISCC OUTREACH & ASSURANCE CNI Assurance Programme Information Sharing Initiatives Communication & Conferences INVESTIGATIONS ea Threat Assessment ea Investigations RESPONSE Incident Alerts & Briefings ea Response Group UNIRAS (gov/cni) CERT R&D Protocol vulnerabilities research Home Office, Security Service, CESG, Cabinet Office/CCS, DTI, MoD, CSIA, DSTL, NHTCU, NHTCUS Crown Copyright

12 Information Sharing Bodies CERTs (a.k.a. CSIRTs) Computer Emergency Response Teams ISACs Information Sharing & Analysis Centres IEs Information Exchanges Now 8 trusted groups in CNI sectors WARPs Warning, Advice & Reporting Points Crown Copyright

13 Response: UNIRAS ea incident reporting CERT dialogue Alerts, Briefings Technical Notes Vulnerability Notices Crown Copyright UNIRAS HMG s CERT Advice Helpdesk (020) uniras@niscc.gov.uk Response

14 Information Sharing: Internationally Started as G8 directory Getting bigger extended to many other countries Further scope for other countries Some countries here are represented Crown Copyright

15 ITsafe: : Reaching the wider CNI Crown Copyright ITsafe (ITsecurity awareness for everyone) launched 23 Feb 2005 Customers are public & micro-businesses to help them improve IT security Provides plain English advice on how to protect computers, mobile phones etc against malicious attack All ITsafe services are available through the ITsafe website Users can also sign up for ITsafe publications, either via or SMS messaging Publications include: Alerts, Bulletins, ITsafe News

16 UK e-legislatione Computer Misuse Act 1990 Makes unauthorized access or modification of a computer an offence RIP Act 2000 regulates investigatory powers: 1. Interception of Communications 2. Intrusive Investigative Techniques 3. Access to Encrypted Data Terrorism Act 2000 Makes seriously to interfere with or seriously to disrupt an electronic system a terrorism offence Crown Copyright

17 17 October 2003 Teenager cleared of hacking Aaron Caffrey, 19, has been cleared by a jury of trying to crash IT systems at the port of Houston in Texas in September 2001 He had faced one charge under the UK s Computer Misuse Act He insisted he was a victim of a criminal act rather than a criminal himself He claimed an unidentified third party had planted the instructions for the attack script on his website without his knowledge The attack froze the port's web service, which contained vital data for shipping, mooring companies and support firms responsible for helping ships navigate in and out of the harbour Crown Copyright The Trojan Defence!

18 Information sources NISCC Monthly Bulletin of significant e-attacks NISCC Quarterly Review has broader articles on CIP issues NISCC Briefings address topics of current concern NISCC Technical Notes & NISCC Vulnerability Advisory Notices provide detailed advice UNIRAS Alerts highlight vulnerabilities to be fixed now! UNIRAS Briefings inform on emerging technical issues Details at or or Crown Copyright

19 That s all Any questions Crown Copyright John Crow Head e-investigations e & Threat Assessment +44 (870) johnc@niscc.gov.uk