Critical Infrastructure Protection _CIP_

Document Sample
Critical Infrastructure Protection _CIP_ Powered By Docstoc
					Critical Infrastructure Protection (CIP)

By Doron Bergerbest-Eilon,
President and CEO, ASERO

During the mid-1990s, consistent with increasing
threats of international terrorism, the issue of infra-
structure protection emerged as a growing concern
within the global community. After 9/11 and the
subsequent anthrax scare in the United States, it be-
came clear that protection policies had to be restruc-
tured. The status of infrastructure protection had to
be redefined in terms of homeland security in order
to meet the increasing threat of terrorism.
   It should be noted that the September 11th at-
tacks, the most horrific terror attacks to take place
on U.S. soil, targeted critical infrastructures. The
attacks paralyzed not only the transportation sec-
tor, as airports were shut down and all flights can-
celled throughout the country, but also the finan-
cial sector, as downtown New York City represents
the nation’s financial hub. In addition, the attack
on the Pentagon and the failed attack on either the
White House or the U.S. Capitol were aimed at
paralyzing the entire system of government in the
United States.
   The attacks highlighted the need to address the
growing threat facing critical infrastructures. Critical   acterize modern infrastructure. For example, if an at-
infrastructure sites make attractive targets for ter-      tacker were to blow up a major dam, the consequenc-
rorist groups as the overall effects of successful at-     es would extend well beyond the damage to the dam
tacks extend far beyond the site directly attacked.        itself. Flooding would devastate huge areas around
   What made 9/11 so dangerous, and what contin-           the dam site, causing environmental damage and re-
ues to pose a huge threat to critical infrastructures,     sulting in mass casualties. In addition, side effects of
is that the terrorists were able to use the infrastruc-    flooding, such as irreversible structural damage and
ture itself as the weapon with which they carried          extensive electrical disruption caused by power failure
out their attack. The 9/11 attackers did not bring         (to name only a few), would have significant effects
a bomb onto an airplane; instead, they turned the          on the entire critical infrastructure. The city of New
airplane into a powerful guided missile.                   Orleans is still recovering from the effects of massive
   The actual attack serves only as the triggering mech-   flooding caused by Hurricane Katrina in 2005.
anism for a string of potentially disastrous conse-           This kind of attack is a very plausible threat. A com-
quences. The domino effect of an attack on the criti-      puter seized from an al-Qaeda stronghold was found
cal infrastructure is intended to have greater impact      to have contained models of dams as well as simula-
due to the considerable interdependencies that char-       tors demonstrating the effects of a potential attack.

 (877) 219-2519—                                                                          Inside Homeland Security®, Fall 2009   11
   As our infrastructures become more depen-         detected al-Qaeda probing multiple SCADA            cal proximity. A cluster of multiple critical
dent on internet technology to operate effec-        (Supervisory Control and Data Acquisition)          infrastructures or first order assets within a
tively, they are growing increasingly vulnerable     systems, which are used to maintain the power       relatively small proximity of each other could
to threats from within the cyber domain. In          grids, water networks, chemical plants, nucle-      pose a significantly larger threat than any one
reference to the example above, advancements         ar reactors, dams, etc. throughout the coun-        infrastructure or asset on its own.
in cyber capabilities have actually made it pos-     try. Because of the interdependencies of these
sible to breach a dam from cyber space and           major systems, an attack against one SCADA          Case Study: The 2003 North
override its operating systems. Carrying out         system could collapse the entire regional in-       America Power Outage
malicious acts via the internet is an attractive     frastructure in which that system operates.         On Thursday, August 14, 2003, at approxi-
alternative because it eliminates the on-site risk      It is important to note that the risk of cyber   mately 16:15, a massive power outage oc-
of having to physically seize control over or        attacks does not come from terrorists alone.        curred, affecting areas throughout Ontario,
explode the dam. The need for effective cyber        For example, a disgruntled former Hunter            Canada, and the Eastern United States.
security to protect critical infrastructure from     Watertech worker in Australia was jailed for           The power outage caused 60 serious fires,
potentially devastating cyber attacks has be-        2 years after hacking into the city’s computer      800 elevator rescues, 3,000 calls to the fire
come a major international concern.                  controlled (SCADA) sewage system, releas-           department, and over 80,000 calls to 911 in
   It is commonly accepted that al-Qaeda             ing raw sewage into the streets and causing         New York City alone. Traffic was backed up
has been closely monitoring the U.S. criti-          extensive environmental damage.                     throughout affected cities and their surround-
cal infrastructure system from outside of the           Within the last year alone, Russia is pre-       ings. Approximately 400 flights into and out
United States. These units are found to have         sumed to have been involved in cyber warfare        of North America were cancelled over a 2-day
origins in the Middle East and South Asia.           against both Estonia and Georgia, causing           period. Eight fatalities were reported in the
It has become possible to target an attack site      disruption to government and financial infra-       United States and Canada. The economic cost
using only digital reconnaissance. For any           structures. The Russian invasion of Georgia         of the blackout was estimated to be around
adversary, including terrorist groups, anar-         serves as evidence in support of studies indi-      $6 billion.
chists, political opposition groups, or individ-     cating that future conventional wars will be           Although the blackout was caused by a
uals, this represents an opportunity to inflict      preempted by a cyber attack. We should as-          combination of human error, neglect, and
the greatest possible damage with the least          sume that the use of cyber attacks will also        system malfunction, it is important to note
amount of investment or risk involved.               be utilized to preempt future conventional          that this event could have been intentionally
   In addition to possible physical attack sites     terror attacks and acts of warfare.                 caused by a malicious act. The power outage
such as railroad or bridge crossings and natu-          Another key component when assessing the         clearly indicated that there were significant
ral gas depositories, the United States has also     threat to critical infrastructures is geographi-    vulnerabilities within the energy sector as

12 Inside Homeland Security®, Fall 2009                                                            —(877) 219-2519
well as highlighted existing interdependencies        Establish Priorities
between the energy sector and other critical          Priorities should be established based on the
infrastructures.                                      results of an aggregated TVR assessment,
   This high-profile event and its consequenc-        which will develop a comprehensive national
es are well known to potential adversaries.           picture. Priority should be given to the most
                                                      immediate and significant risks.
How Can We Protect the Critical
Infrastructure?                                       Issue Directives
Critical infrastructure protection involving          It is in this critical stage that safeguarding
complex interdependencies is particularly com-        programs are implemented in each sector,
plicated and therefore requires a step-by-step        both within the physical and cyber domains,
approach that consists of several elements.           designed to reduce or mitigate the risks of an
                                                      identified threat as well as secure the necessary
Define Critical Infrastructure                        resources for ensuring their ability to func-
Assets of the First Order                             tion efficiently.
Critical infrastructures are defined by the              Concentration is placed on the implemen-
“Patriot Act” as those “systems and assets,           tation of three primary objectives determined
whether physical or virtual, so vital that the        to be the most important: namely, to deter
incapacity or destruction of such systems and         threats, mitigate vulnerabilities, and minimize
assets would have a debilitating impact on se-        consequences. Focusing on these objectives
curity, national economic security, national          ensures the effective protection of the critical
public health or safety, or any combination           infrastructure and first order assets.
of those matters.”
   Critical infrastructure includes the assets,       Measure Effectiveness
systems, and networks within both the physi-          By utilizing quality assurance tools includ-
cal and virtual (cyber) domains. However, the         ing red teaming, simulations, and threat ori-
assets, systems, and functions that comprise          ented audits, we are able to measure progress
infrastructure are not all equally critical. It is    quantitatively and assess the effectiveness of
important to establish a systematic hierarchy         the protection program.
by which to prioritize which among those as-             The surest way of deterring terrorist threats
sets, systems, and functions are the most criti-      to critical infrastructure is through a security
cal and to catalog them accordingly based on          plan incorporating all aspects of the security
tangible, quantitative criteria.                      apparatus. By incorporating protective mea-
   When dealing with interdependencies,               sures, and continuing training and evaluation
analysis should be limited to first order de-         of security personnel, agencies and companies
pendencies that, if attacked or disrupted,            can help mitigate threats posed to critical in-
would paralyze critical assets.                       frastructure at home and abroad.

Define the Threat Criteria
What are assets protected against? Defining
threat criteria effectively allows us to focus ef-
                                                       About the Author
forts on protecting against the specific threats
that should be considered to be the most rel-          Doron Bergerbest-Eilon is President and
evant. In doing so, we are also able to deter-         CEO of ASERO Worldwide and is the
mine which measures will need to be utilized           former head of the protection and se-
(who, what, when, where, and how) in order             curity division and the most senior rank-
to protect against or mitigate those threats.          ing security official of the Israeli Security
                                                       Agency (ISA). ASERO provides strategic
Assess National and Sector                             counsel to governments and businesses
Threat, Vulnerability and Risk                         on how to mitigate their security risks in
(TVR)                                                  the wake of increased terrorist activi-
                                                       ties at home and around the world. Mr.
It is necessary to examine the current state of
                                                       Bergerbest-Eilon may be contacted via
the critical assets to identify where they are vul-
                                                       e-mail at
nerable in order to appropriately assess risk.

(877) 219-2519—                                                                           Inside Homeland Security®, Fall 2009   13