Emergency Response and Preparedness Strategies for Critical Infrastructure Protection
Explore key roles and responsibilities in emergency response, from cabinet members to industry representatives. Discover the functions of ISACs, analysis centers, ISPs, and press in managing critical situations. Dive into research on characterizing critical infrastructure systems for future readiness and incident prediction.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.
E N D
Presentation Transcript
The Response Begins A Call to Action Day 0 0 Hour
Who is in charge? Key cabinet members DNI DoD DOE DHS DOJ State Dept National Security Advisor ISAC representatives Special industry reps Tactical situation needing high level attention
ISACs IT, Finance, Energy Information, status, actions Formed to interact with industry in Critical Infrastructures Have emergency plans to protect CIP/KR Objective: Implement solutions Throttle traffic, deploy solution, provide status, predict future
Analysis Centers IC analysis Public (NGO) Analysis Centers Anti-virus vendors US-CERT Commercial experts (vulnerabilities/digital forensics) Objective: Provide understanding of threat Develop solutions for deployment
ISPs Status of network loads Throttle back on traffic flow Turn off data services (stop IP traffic) Source of info on impact to service termination Hospitals, emergency services, other? What is liability of service termination? Academics Independent research Connections exist via government contracts Emergency task force Tap into technical experts for immediate support
Press Inform the public of situation Calm the public Alleviate panic Turn off phones that not needed Warn about entering personal info What are the cell phone artifacts of the problem? What are the signs of infection Put out instructions for patch Emphasize: Do it now!
Research Develop a program to characterize Critical Infrastructure (CI/KR) system description data Critical components Network topology Prepare for future events know the systems Develop models for the CI/KR that characterize normal operations Enable detections of impending incidents Make sure respective critical actions do not undercut each other what are interdependencies? Determine the key, leading indicators that predict an incident
Build a model of internal normal behavior Basis is actual system metrics Maintain with dynamic monitoring of real world Slow down critical behavior/throttle back to allow time for analysis and response Give the practitioner time to understand Predefine with ISAC s droppable data streams Identify critical choke points and single points of failure ahead of time
ISACs share more information to wider audience Info shared within the ISAC but not external Banks warn each other ISP communicate in their community Develop a dependency model of the CI/KR Need system to share information leading to attribution Mask details of classified or LE sources Include adversary model information Practitioners need situation awareness from sensors, so they are able to predict what might happen next
Research Model of the world on a dashboard for practitioner Status in real-time Allow for what if scenarios on decisions Access impact of data services shut-down Develop a private-public federated information stream on security level/status/incidents All users across the US see sensor information Eliminate surprises across CI/KR
Develop a Dynamic Data Driven Simulation (DDDS) of the Critical Infrastructure Model of CI/KR Constantly changes, so update constantly Dynamically correct errors/changes Enable detection of abnormal or unusual behavior Allows examination of cross-dependences in CI/KR Allows for prediction of future state Allow decision-maker to try an action What is the predicted impact on the system? What if: Turn off data services on mobile phones? What if: Power companies ignore load sharing trades?
Need to understand complex systems for C3E How achieve confidence? Fundamental C3E properties Prevention Containment Recovery Potential research project
Cyberspace is a complex system Includes technology & human players Challenge to obtain confidence Build Confidence source by source Must build trust in the knowledge system Factually correct routinely Track record of success Timely/accurate information Good sources Good integrity Constantly improves Test the system Insert data into system which is known to validate output
Research Develop automated systems that ingests sensors information and produces proposed solutions for human review Test new rules/policies As confidence builds let the system take over Reduce the burden of routine decisions from human Allow human to focus on hard problems Allows increase in computation support along with building confidence in system by the practitioner
Develop an automated system that adapts to human work load When human becomes overwhelmed, throttle back on the information provided Adaptive cache enables catch-up Develop ways to present information to humans in the way that humans process information Cyber is complex How do humans comprehend what is happening? Adapt human interface displays from other disciplines
Explore relationships that a human needs to view to understand and control a network How to present only the pertinent information Visualization problem Data management hierarchy How to display details without loosing broader context Allow top level view with drill down Identify Top 10 list of current human machine interfaces shortfalls to improve interaction Minor changes to tools result in significant improvement
We dont need hackers to break the systems because they re falling apart by themselves, Peter G. Neumann, SRI International Most of the problems we have day to day have nothing to do with malice. Things break. Complex systems break in complex ways. Steven M. Bellovin, Columbia University From Who Needs Hackers? By John Schwartz, New York Times, September 12, 2007
Email Fundamental C3E properties Prevention Containment Recovery Infrastructure Mobile Telephony Wireline Telephony Compute these for constituent infrastructures IP Compute these for their composition Network Electrical Grid How? From their descriptions (models) Good model = Component configurations = Infrastructure DNA Need new class of algorithms
Telcordias ConfigAssure project (2007-2012) Application domain DISA s Multi National Information Sharing Networks Multiple virtual networks (COIs) over SIPRNET Application domain NSA s High Assurance Platform Multiple virtual machines with different security levels on same physical machine C3E properties are computed from system configuration Exploit power of modern SAT-based constraint solvers Collaboration with MIT, Princeton and Penn State New project on moving-target defense starting up Contact: Dr. Sanjai Narain, narain@research.telcordia.com
