Understanding Holistic Effects of Cyber Events on Critical Infrastructure

Similar documents
Application of GIS to Cybersecurity. Brian Biesecker Ken Mitchell

GIS Applications to Cyber Security and Critical Infrastructure Protection

DHS Cybersecurity: Services for State and Local Officials. February 2017

Cybersecurity Overview

Critical Infrastructure Sectors and DHS ICS CERT Overview

Statement for the Record

Securing Industrial Control Systems

Cyber Security & Homeland Security:

Chapter 18 SaskPower Managing the Risk of Cyber Incidents 1.0 MAIN POINTS

NATIONAL DEFENSE INDUSTRIAL ASSOCIATION Homeland Security Symposium

Cyber Resilience. Think18. Felicity March IBM Corporation

Cybersecurity is a Journey and Not a Destination: Developing a risk management culture in your business. Thursday, May 21, 2015

DHS Cybersecurity. Election Infrastructure as Critical Infrastructure. June 2017

American Association of Port Authorities Port Security Seminar & Expo Cyber Security Preparedness and Resiliency in the Marine Environment

Welcome to the Second Annual Intelligence & National Security Forum

Bradford J. Willke. 19 September 2007

An Operational Cyber Security Perspective on Emerging Challenges. Michael Misumi CIO Johns Hopkins University Applied Physics Lab (JHU/APL)

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

Implementing the Administration's Critical Infrastructure and Cybersecurity Policy

Integrating Distributed Resources into Distribution Planning and Operations R&D Priorities

Critical Infrastructure Protection (CIP) as example of a multi-stakeholder approach.

Panelists. Moderator: Dr. John H. Saunders, MITRE Corporation

EPRO. Electric Infrastructure Protection Initiative EPRO BLACK SKY SYSTEMS ENGINEERING PROCESS

June 5, 2018 Independence, Ohio

Don t Fail to Prepare for Failure Key Issues in Energy Assurance and Cybersecurity and Related NGA Center Activities

Enhancing the cyber security &

Welcome to the CyberSecure My Business Webinar Series We will begin promptly at 2pm EDT All speakers will be muted until that time

Critical Infrastructure Analysis and Protection - A Case for Secure Information Exchange. August 16, 2016

Toward All-Hazards Security and Resilience for the Power Grid

Evaluating and Improving Cybersecurity Capabilities of the Electricity Critical Infrastructure

THE WHITE HOUSE. Office of the Press Secretary. EMBARGOED UNTIL DELIVERY OF THE PRESIDENT'S February 12, 2013 STATE OF THE UNION ADDRESS

2016 Nationwide Cyber Security Review: Summary Report. Nationwide Cyber Security Review: Summary Report

BUSINESS CONTINUITY MANAGEMENT PROGRAM OVERVIEW

Cybersecurity for Health Care Providers

Cyber Security For Utilities Risks, Trends & Standards. IEEE Toronto March 22, Doug Westlund Senior VP, AESI Inc.

The Office of Infrastructure Protection

NGA Governor s Energy Advisors Energy Policy Institute Resiliency Panel

Long-Term Power Outage Response and Recovery Tabletop Exercise

Cybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com

Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure

The NIST Cybersecurity Framework

Critical Infrastructure Partnership

CYBER SECURITY FOR WATER AND WASTEWATER UTILITIES PRESENTED BY: DAVID A. CHANDA, PE

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

Grid Modernization Challenges for the Integrated Grid

Critical Infrastructure Resilience

Emergency Support Function #2 Communications Annex INTRODUCTION. Purpose. Scope. ESF Coordinator: Support Agencies: Primary Agencies:

NERCPI Regional Cyber Disruption Planning.

American Association of Port Authorities. Navigating the Cyber Domain. Homeland Security UNCLASSIFIED

NATIONAL CAPITAL REGION HOMELAND SECURITY STRATEGIC PLAN SEPTEMBER 2010 WASHINGTON, DC

CYBERBIT P r o t e c t i n g a n e w D i m e n s i o n

Power Grid Resilience, Reliability and Security Research at Idaho National Laboratory

The Office of Infrastructure Protection

PROTECTING NATIONAL CRITICAL INFRASTRUCTURE AGAINST CYBER ATTACKS BEST PRACTICES RELATED TO TECHNOLOGY AND STANDARDS FROM EUROPE BANGKOK

Critical Infrastructure Protection (CIP)

Federal Civilian Executive branch State, Local, Tribal, Territorial government (SLTT) Private Sector (PS) Unclassified / Business Networks

ArcGIS Solutions for Community Resilience. Matthew S Deal

Industrial Cyber Security. ICS SHIELD Top-down security for multi-vendor OT assets

Implementing Executive Order and Presidential Policy Directive 21

Energy Assurance State Examples and Regional Markets Jeffrey R. Pillon, Director of Energy Assurance National Association of State Energy Officials

Professional in Critical Infrastructure Protection

Greg Garcia President, Garcia Cyber Partners Former Assistant Secretary for Cyber Security and Communications, U.S. Department of Homeland Security

Think Oslo 2018 Where Technology Meets Humanity. Oslo. Felicity March Cyber Resilience - Europe

CYBERSECURITY. Protecting Against the Financial, Regulatory and Reputational Impacts of Cyber Attack

BUILD AND MAINTAIN SAFE COMMUNITIES WITH ARCGIS ONE PLATFORM, MANY MISSIONS

National Policy and Guiding Principles

Cyber Security of Industrial Control Systems (ICSs)

Business continuity management and cyber resiliency

Quadrennial Homeland Security Review (QHSR) Ensuring Resilience to Disasters

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

National Cyber Incident Response - Architectural Concepts

Industry role moving forward

Updates to the NIST Cybersecurity Framework

Bonnie A. Goins Adjunct Industry Professor Illinois Institute of Technology

California Cybersecurity Integration Center (Cal-CSIC)

Business Continuity Planning

About Issues in Building the National Strategy for Cybersecurity in Vietnam

Cisco Open Platform for Safety and Security

Cybersecurity Protecting your crown jewels

MULTI-YEAR TRAINING AND EXERCISE PLAN. Boone County Office of Emergency Management

Briefing to National Association of Regulatory Utility Commissioners

Boston Chapter AGA 2018 Regional Professional Development Conference Cyber Security MAY 2018

Disaster Recovery and Business Continuity Planning (Mile2)

Energy Assurance Plans

Election Infrastructure Security: The How and Why of It

Business Context: Key for Successful Risk Management

Real-time Cyber Situational Awareness for Satellite Ground Networks. March 2015 Presenter: Ted Vera

The Office of Infrastructure Protection

Department of Homeland Security Science and Technology Directorate

Dr. Emadeldin Helmy Cyber Risk & Resilience Bus. Continuity Exec. Director, NTRA. The African Internet Governance Forum - AfIGF Dec 2017, Egypt

Summary of Cyber Security Issues in the Electric Power Sector

Office of Infrastructure Protection Overview

South East Region THIRA

Enhancing infrastructure cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Unauthorized Access

LESSONS LEARNED IN SMART GRID CYBER SECURITY

Directive on security of network and information systems (NIS): State of Play

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Elevation of Privilege

Homeland Security Perspectives: Oregon Fire District Directors Association October 25, 2018

Transcription:

Understanding Holistic Effects of Cyber Events on Critical Infrastructure Shane Cherry Infrastructure Analysis and Technology Development National and Homeland Security Directorate March 20, 2018 INL/CON-17-42513

Information Technology vs. Operational Technology Information Technology: The study or use of systems (especially computers and telecommunications) for storing, retrieving, and sending information Oxford Dictionary Operational Technology: The hardware and software dedicated to detecting or causing changes in physical processes through direct monitoring and/or control of physical devices such as switches, pumps, valves, etc. such as those used in critical infrastructure systems. International Society of Automation

Increased IT-OT Connectivity Our national critical infrastructure consists of systems of geographically distributed assets, from regional and national networks to micro-scale controllers and sensors Increasingly, these assets, across all scales, are connected via IT and OT networks and thus potential cyber targets

Increased Focus on OT Related Cyber Activity

Increase in Cyber Events Related to Operational Technologies In Fiscal Year 2016, DHS ICS-CERT coordinated 305 unique vulnerabilities and responded to 290 incidents associated with industrial control systems ICS-CERT Year in Review, 2016 Large-scale cyberattack to electrical grid could lead to $243B - $1T loss to the U.S. economy Health and safety impacts would include increased rate of illness and death in impacted areas Impact to DoD (and DHS) missions would significantly impact the security of the United States Lloyd s and University of Cambridge Centre for Risk Studies; President s Council of Economic Advisors, February 2018

Elements of Cyber Physical Interactions

Interdependency Discovery Approach All-Hazards Analysis Framework (A-HA)

Interdependency Mapping

Developing Multi-Scale Facility Profiles Regional Scale Dependencies Process Scale Dependencies Control System Scale Dependencies Notional System

Modeling Functional Impacts

Holistic Cyber-Physical Analysis Process Reported OT Vulnerabilities or Threats Identify Standard OT Components Across Sectors Potentially Affected and Model Functional Impacts Link to Potential Facility Locations Model Potential Cascading Impacts Provide Actionable Information to Decision Makers and Stakeholders

Esri and INL: Partnering for Cyber Resilience

Application of GIS to Cybersecurity Brian Biesecker Technical Director, Intelligence Community Esri

Fundamental Problems that GIS can help you solve Identify mpacts to your mission, operations, business activities, critical systems, or critical infrastructure from a Cyber Attack, IT outage or impairment Prioritize the work of your IT Team or Cyber Security Team in the context of your most important missions, operations, business activities, critical systems, or critical infrastructure Provide shared situational awareness across your organization Refine your Cyber Forensics Analysis efforts

Cyberspace Re-Considered It s mappable Utility Network Social / Persona Layer Device Layer Logical Network Layer Physical Network Layer Geographic Layer Each device in cyberspace is owned by someone (no global commons ) Electro-mechanical devices exist in space-time and interact with physical events Geography is required to integrate and align cyberspace with other data

Cross Domain Consequence Analysis Electric IT / SCADA Control System Control System

Cross Domain Consequence Analysis Information Technology Industrial Control Systems Critical Infrastructure

The Cyber Supply Line A vector of devices and network paths Control System Data Flow LAN Bldg Net WAN Cyber Supply Line LAN Bldg Net Campus #1 Campus #2 Cyber Supply Line (CSL) is a consistent path through the infrastructure CSL focuses resources on only the devices that are critical Managing data flows is similar to traffic routing; an Esri core competency

Enhancing Cyber Common Operating Pictures Geography provides deeper understanding Cyber Comms COP Server w/geoevent Extension Intrusion Detection System IP-Geo Lookup Server Intrusion Data

Integrating to improve information sharing Share Situational Awareness Executives / Commanders Enterprise - focused Operations Process-focused IT Infrastructure Device-Focused Awareness Recovery Prevention Protection Response Cyber Security Event-focused

ArcGIS Integration with Cyber Security Tools Executive Dashboards - Status Reports, Trends, Brand Sentiment, Financials Cyber Tools & Data- IDS/IPS, HBSS, Virus Scanning, Patch Monitoring Desktop Web Device Ops Data - Mission Activity, Status Reports, Real-time monitoring Portal Ops Dashboard IT Tools & Databases - IT Inventory, Device Locations, Health and Status Monitoring HR Database - Personnel, Orgs, Locations, Travel Server Online Content and Services Facilities Data - CAD & GIS of Buildings and Campuses, Electric, Water, HVAC, Facilities Monitoring, Physical Security

Data Linkages Missions / Operations to Critical Systems / Infrastructure Critical Systems to Components Components to Their location Components to Their logical network connection Logical Network to Physical Network Logical / Physical Network to Network Devices Cyber Threats to Components IT Health and Status to Components Impacted Components to Impacted Mission

Cyber Summary

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback