1st IRRIIS Workshop, April 26th, 2006 Key challenges for Critical Information Infrastructure Protection 1st IRRIIS Workshop Sankt Augustin April 26th,

Slides:



Advertisements
Similar presentations
Network Systems Sales LLC
Advertisements

1 © 2005 Cisco Systems, Inc. All rights reserved. CONFIDENTIAL AND PROPRIETARY INFORMATION Cisco Wireless Strategy Extending and Securing the Network Bill.
Cyber Security and the Smart Grid George W. Arnold, Eng.Sc.D. National Institute of Standards and Technology (NIST) U.S. Department of Commerce
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Vulnerability of Complex System Lokaltermin des ETH-Präsidenten Mittwoch, 1. Juli 2009 Laboratory for Safety Analysis.
IRRIIS – Integrated Risk Reduction of Information-based Infrastructure Systems Workshop - Middleware Improved Technology for Interdependent Critical Infrastructures.
1 Federal Communications Commission Public Safety and Homeland Security Bureau NARUC Summer Committee Meetings Dallas, Texas July 13, 2014 Clete D. Johnson.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Chapter 12 Strategies for Managing the Technology Infrastructure.
Critical Infrastructure Protection (and Policy) H. Scott Matthews March 25, 2004.
Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.
Software Engineering for Safety : A Roadmap Presentation by: Manu D Vij CS 599 Software Engineering for Embedded Systems.
Lecture 11 Reliability and Security in IT infrastructure.
Critical Infrastructure Interdependencies H. Scott Matthews March 30, 2004.
Security Management IACT 418/918 Autumn 2005 Gene Awyzio SITACS University of Wollongong.
Managing Information Systems Information Systems Security and Control Part 2 Dr. Stephania Loizidou Himona ACSC 345.
Computer Security: Principles and Practice
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.
Physical and Cyber Attacks1. 2 Inspirational Quote Country in which there are precipitous cliffs with torrents running between, deep natural hollows,
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.
Comptroller of the Currency Administrator of National Banks E- Security Risk Mitigation: A Supervisor’s Perspective Global Dialogue World Bank Group September.
A project under the 7th Framework Programme CPS Workshop Stockholm 12/04/2010 Gunnar Björkman Project Coordinator A Security Project for the Protection.
Telenet for Business Mobile & Security? Brice Mees Security Services Operations Manager.
Teaching Security via Problem- based Learning Scenarios Chris Beaumont Senior Lecturer Learning Technology Research Group Liverpool Hope University College.
Securing Information Systems
Whitacre College of Engineering Panel Interdisciplinary Cybersecurity Education Texas Tech University NSF-SFS Workshop on Educational Initiatives in Cybersecurity.
CHAPTER 4 Information Security. CHAPTER OUTLINE 4.1 Introduction to Information Security 4.2 Unintentional Threats to Information Security 4.3 Deliberate.
K E M A, I N C. NERC Cyber Security Standards and August 14 th Blackout Implications OSI PI User Group April 20, 2004 Joe Weiss
Lessons Learned in Smart Grid Cyber Security
BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.
Shane Cherry Midge Simpson Critical Infrastructure Protection / Resilience Simulator May 29, 2009 Stuart Walsh:
CSIAC is a DoD Information Analysis Center (IAC) sponsored by the Defense Technical Information Center (DTIC) Presentation to: Insider Threat SOAR Workshop.
Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.
Security Architecture
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Security Patterns in Wireless Sensor Networks By Y. Serge Joseph October 8 th, 2009 Part I.
K E M A, I N C. Ten Steps To Secure Control Systems APPA 2005 Conference Session: Securing SCADA Networks from Cyber Attacks Memphis, TN April 18, 2005.
Matt Bancroft Tutis Industrial Monday, 19 October 2015 © Tutis Fructis Ltd 2012.
IRRIIS-FP6-2005–IST-4 IRRIIS Project Overview 3rd Public IRRIIS Workshop September 6, 2007, Bonn, Hotel Königshof Erich Rome, FhG-IAIS.
Appendix C: Designing an Operations Framework to Manage Security.
Project co-funded by the European Commission within the 7th Framework Program (Grant Agreement No ) Business Convergence WS#2 Smart Grid Technologies.
Geneva, Switzerland, September 2014 Considerations for implementing secure enterprise mobility Eileen Bridges Aetna GIS Director.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Frankfurt (Germany), 6-9 June 2011 Iiro Rinta-Jouppi – Sweden – RT 3c – Paper 0210 COMMUNICATION & DATA SECURITY.
Security Administration. Links to Text Chapter 8 Parts of Chapter 5 Parts of Chapter 1.
Software Development Risk Assessment for Clouds National Technical University of Ukraine “Kiev Polytechnic Institute” Heat and energy design faculty Department.
Security fundamentals Topic 2 Establishing and maintaining baseline security.
November 2015 Common weaknesses in local authorities judged inadequate under the single inspection framework – a summary.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.
Risk Management for Small & Medium Sized Enterprises
Describe the potential of IT to improve internal and external communications By Jim Green.
Information Security Measures Confidentiality IntegrityAccessibility Information cannot be available or disclosed to unauthorized persons, entities or.
© Plan Plan’s Security Framework – A Refresher. © Plan Understanding Ourselves Values - Child Rights, Impartial, Neutral, Sensitive Mandate - Child Centred,
DeSIRE Workshop, Pisa, 25-26/11/2002 1/7 A Case Study in Air Traffic Control Alberto Pasquini Deep Blue Srl.
Information Security tools for records managers Frank Rankin.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.
Surveillance and Security Systems Cyber Security Integration.
Security and resilience for Smart Hospitals Key findings
Cyber Security Enterprise Risk Management: Key to an Organization’s Resilience Richard A. Spires CEO, Learning Tree International Former CIO, IRS and.
Information Technology Sector
Intelligent Buildings and Cybersecurity
ISO New England System R&D Needs
Cloud Testing Shilpi Chugh.
Cybersecurity Special Public Meeting/Commission Workshop for Natural Gas Utilities September 27, 2018.
PLANNING A SECURE BASELINE INSTALLATION
Luca Simoncini PDCC, Pisa and University of Pisa, Pisa, Italy
Presentation transcript:

1st IRRIIS Workshop, April 26th, 2006 Key challenges for Critical Information Infrastructure Protection 1st IRRIIS Workshop Sankt Augustin April 26th, 2006 Tatiana Roubinchtein, Mechthild Stöwer Main Problem areas and (inter)dependencies between Critical Infrastructures

Archivierungsangaben 1st IRRIIS Workshop, April 26th, 2006Slide 2 Vulnerability of Critical Infrastructures Blackout America North East, August 2003 Blackout Italy, September 2003 Crashing of French GSM network, November 2004

Archivierungsangaben 1st IRRIIS Workshop, April 26th, 2006Slide 3 Multiple Events – similar patterns Multiple interacting contingencies Low probability event sequence - very difficult to predict Failures of monitoring, control and protection equipment causes cascading events

Archivierungsangaben 1st IRRIIS Workshop, April 26th, 2006Slide 4 Specific causes Italian blackout: cross border problem US blackout: inadequate setting of backup line protection equipment French GSM Network crash: failed software update

Archivierungsangaben 1st IRRIIS Workshop, April 26th, 2006Slide 5 Economical/political problems High degree of business interdependencies Market restructuring – liberalisation, privatisation, increase of competition conflicting stakeholder’s interests (e.g. private companies, public interests) Cost-pressure Offshore reliance Increasing demand/network loads Insufficient political awareness regarding vulnerabilities of CI Lack of public research

Archivierungsangaben 1st IRRIIS Workshop, April 26th, 2006Slide 6 Organisational problems Missing appropriate business models Lack of appropriate risk assessment models Lack of appropriate security policies including different (inter)dependend CIs Insufficient information sharing Insufficient skills of personnel

Archivierungsangaben 1st IRRIIS Workshop, April 26th, 2006Slide 7 Technological problems induced by market forces Heterogeneous hardware infrastructure  Out-dated legacy system  Insuffucient hardware performance Transfer of monitoring/control information via public networks Usage of open, public available network protocols and standards Increasing use of Commercial-off-the-Shelf (COTS) solutions (Poorly designed) Connections between control systems and enterprise networks

Archivierungsangaben 1st IRRIIS Workshop, April 26th, 2006Slide 8 Technological problems induced by technological evolution Complexity of the new technologies requires appropriate management procedures  Intransparent network systems  Heterogeneous hardware infrastructure  Mix of software solutions Complexity of the new technologies causes new vulnerabilities  Upgrades hard to retrofit to legacy systems  Quality of COTS often insufficient

Archivierungsangaben 1st IRRIIS Workshop, April 26th, 2006Slide 9 Technological problems induced by new risk factors Transfer of monitoring/control information via public networks No use of appropriate encryption systems for information transfer and storage Usage of proprietary network protocols and standards Insecure wireless LANs in use Missing appropriate authentication procedures Missing appropriate software certification SCADA and DCS security tools often have “back-door” system access and other known vulnerabilities Unpatched components on the PC/SCADA networks

Archivierungsangaben 1st IRRIIS Workshop, April 26th, 2006Slide 10 Deficits within appropriate standard frameworks Missing appropriate network models reflecting interdependencies within a CI and other CIs No consistent cyber security standards Hard to specify and evaluate threats Lack of unified mathematical framework with robust tools for modelling, simulation, control and optimisation of time-critical operations

Archivierungsangaben 1st IRRIIS Workshop, April 26th, 2006Slide 11 Points to be discussed List of technology problems comprehensive? (missing issues?) Prioritisation of problem areas Approaches of technology providers and operators to solve the problems? Significant gaps? Approaches to solve modelling issues Evaluation of standardisation activities

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.