Cyber Attacks Protecting National Infrastructure

• Any layer of defense can fail at any time, thus the introduction of defense in depth

• A series of protective elements is placed between an asset and the adversary

• The intent is to enforce policy across all access points

Copyright © 2012, Elsevier Inc.

All rights Reserved

C h a p te

r 6 –

D e p th

Introduction

3

Fig. 6.1 – General defense in depth schema

Copyright © 2012, Elsevier Inc.

All rights Reserved

C h a p te

r 6 –

D e p th

4

• Quantifying the effectiveness of a layered defense is often difficult

• Effectiveness is best determined by educated guesses

• The following are relevant for estimating effectiveness – Practical experience

– Engineering analysis

– Use-case studies

– Testing and simulation

Copyright © 2012, Elsevier Inc.

All rights Reserved

C h a p te

r 6 –

D e p th

Effectiveness of Depth

5

Copyright © 2012, Elsevier Inc.

All rights Reserved

C h a p te

r 6 –

D e p th

Fig. 6.2 – Moderately effective single layer of protection

6

• When a layer fails, we can conclude it was either flawed or unsuited to the target environment

• No layer is 100% effective—the goal of making layers “highly” effective is more realistic

Copyright © 2012, Elsevier Inc.

All rights Reserved

C h a p te

r 6 –

D e p th

Effectiveness of Depth

7

Copyright © 2012, Elsevier Inc.

All rights Reserved

C h a p te

r 6 –

D e p th

Fig. 6.3 – Highly effective single layer of protection

8

Copyright © 2012, Elsevier Inc.

All rights Reserved

C h a p te

r 6 –

D e p th

Fig. 6.4 – Multiple moderately effective layers of protection

9

• A national authentication system for every citizen would remove the need for multiple passwords, passphrases, tokens, certificates, and biometrics that weaken security

• Single sign-on (SSO) would accomplish this authentication simplification objective

• However, SSO access needs to be part of a multilayered defense

Copyright © 2012, Elsevier Inc.

All rights Reserved

C h a p te

r 6 –

D e p th

Layered Authentication

10

Copyright © 2012, Elsevier Inc.

All rights Reserved

C h a p te

r 6 –

D e p th

Fig. 6.5 – Schema showing two layers of end-user authentication

11

Copyright © 2012, Elsevier Inc.

All rights Reserved

C h a p te

r 6 –

D e p th

Fig. 6.6 – Authentication options including direct mobile access

12

Layered E-Mail Virus and Spam Protection

• Commercial environments are turning to virtual, in- the-cloud solutions to filter e-mail viruses and spam

• To that security layer is added filtering software on individual computers

• Antivirus software helpful, but useless against certain attacks (like botnet)

Copyright © 2012, Elsevier Inc.

All rights Reserved

C h a p te

r 6 –

D e p th

13

Copyright © 2012, Elsevier Inc.

All rights Reserved

C h a p te

r 6 –

D e p th

Fig. 6.7 – Typical architecture with layered e-mail filtering

14

• Layering access controls increases security

• Add to this the limiting of physical access to assets

• For national infrastructure, assets should be covered by as many layers possible – Network-based firewalls

– Internal firewalls

– Physical security

Copyright © 2012, Elsevier Inc.

All rights Reserved

C h a p te

r 6 –

D e p th

Layered Access Controls

15

Fig. 6.8 – Three layers of protection using firewall and access controls

Copyright © 2012, Elsevier Inc.

All rights Reserved

C h a p te

r 6 –

D e p th

16

• Five encryption methods for national infrastructure protection – Mobile device storage

– Network transmission

– Secure commerce

– Application strengthening

– Server and mainframe data storage

Copyright © 2012, Elsevier Inc.

All rights Reserved

C h a p te

r 6 –

D e p th

Layered Encryption

17

Copyright © 2012, Elsevier Inc.

All rights Reserved

C h a p te

r 6 –

D e p th

Fig. 6.9 – Multple layers of encryption

18

• The promise of layered intrusion detection has not been fully realized, though it is useful

• The inclusion of intrusion response makes the layered approach more complex

• There are three opportunities for different intrusion detection systems to provide layered protection – In-band detection

– Out-of-band correlation

– Signature sharing

Copyright © 2012, Elsevier Inc.

All rights Reserved

C h a p te

r 6 –

D e p th

Layered Intrusion Detection

19

Copyright © 2012, Elsevier Inc.

All rights Reserved

C h a p te

r 6 –

D e p th

Fig. 6.10 – Sharing intrusion detection information between systems

20

• Developing a multilayered defense for national infrastructure would require a careful architectural analysis of all assets and protection systems – Identifying assets

– Subjective estimations

– Obtaining proprietary information

– Identifying all possible access paths

Copyright © 2012, Elsevier Inc.

All rights Reserved

C h a p te

r 6 –

D e p th

National Program of Depth