Critical Infrastructure Analysis and Protection - A Case for Secure Information Exchange Dennis Denham Ssempereza - CISA, CISM, CRISC August 16, 2016
About me! Involved in Risk Management and Security Implementation Consultancy Security Strategist - Cipher Solutions Cipher Solutions
Topic of Discussion Critical National Infrastructure and Key Resource Analysis and Protection Supervisory Control and Data Acquistion(SCADA) Secure Information Exchange National Response Framework
Digital Trends Society is increasingly dependent on digital systems that are highly complex and often based on trust Gigabit connectivity will offer new possibilities for everyone including criminals. Impact: Increased exposure to attacks and disruption to critical business systems. This has proven to be an unreliable method of operating systems that are integral to the global economy.
Acronyms CNI: Critical National Infrastructure KR: Key Resources NISF: National Information Security Framework
Protected Systems
CNI in Uganda Telecommunications Energy o oil and gas, electric power Environment o water, air, waste Banking and Finance Transportation o roads, dams, airports, railway lines, shipping, postal Healthcare and public health Emergency Services Continuity of Government o Immigrations, customs, law enforcement, justice Agriculture and food
KEY RESOURCES Publicly or privately controlled resources Essential to minimal operation of the economy and the government
CNI Protection The NISF provides a strategic context for CNI protection / resilience Dynamic threat environment o Natural Disasters o Terrorists o Accidents o Cyber Attacks A complex problem, requiring a national plan and organizing framework o Multi sector environment, all different, ranging from asset-focused to systems and networks o 80% privately owned 20% in State owned
Aspects of CNI Protection Assessment Preparedness Prevention Response Recovery Detection Communication o Coordination of outages
M O T I V A T I O N Rapidly Evolving Threat Landscape National Security, Economic Espionage Notoriety, Activism, Defamation Monetary Gain Nation-state actors Stuxnet, Titan Rain, Estonia Hacktivists Islamic Ghosts Team, Anonymous Organized crime Zeus, Ransom ware Nuisance, Curiosity Insiders, Spammers, Script-kiddies Nigerian 419 Scams S O P H I S T I C A T I O N
Other Incidents UKRAINE, 2015 Phishing email containing a malwarerigged attachment. Word Documents and Excel spreadsheets-dropped BlackEnergy3 malware 700.000 people without electricity for several hours The Northeast (U.S.) blackout : 11 deaths and an estimated $6 billion in economic damages, having disrupted power over a wide area for at least two days Back Home : Banks and other financial institutions have been victims of cyber attacks and in the process losing millions of shillings.
SCADA SYSTEM SCADA main feature of most Critical infrastructures Relies on a variety of sensors strategically placed along the network(sensors may sense pressure, temperature, flow rates, and voltages. ) RTU are field elements of the SCADA The state of all RTUs is stored in the database and viewed through an OCC operator user interface typically computer monitors, big-screen displays, and switches and dials mounted on a wall.
TYPICAL SCADA SYSTEM
Where is the Weakness? Skills and Competence Gap Lack of awareness of cyber-threats and Threat Intelligence Absence of a meaningful public-private sector cyber security partnership Inadequate Incident Management Capabilities Legal Measures.
Secure Information Sharing As a minimum requirement from NISF, organizations must: Identify and record risks involving external parties; Create information exchange policies and procedures; Use formal exchange agreements such as codes of connection and memoranda of understanding; Assess compliance of exchange partners at least annually or when required; and, Disconnect/end sharing with non-compliant entities.
Theat Information Exchange Sharing situational awareness information Inter Government information exchange Making information open to the public and receiving data from the public CNI providers sharing key management data from the process control systems
Sharing is Caring!! EWI Information Sharing Community portal formed - US ICS CERT Initiative DHS - Cyber Information Sharing and Collaboration Program (CISCP) (FBI) - Infraguard
Sharing is Caring!! NITA CERT formed 2014 - Key cybersecurity hub UCC CERT formed 2013 - Communication Sector based Police Cybercrime Unit - formed 2015 - Set up to prevent and investigate IT crime conducted online
Way Foward Strengthened cyber security and more knowledge Uganda as a strong International Partner Strong investigation and high level of information Robust infrastructure in the energy and telecommunications sectors