Cyber Terrorism Shawn Carpenter Computer Security Analyst

Slides:



Advertisements
Similar presentations
ETHICAL HACKING A LICENCE TO HACK
Advertisements

© Ravi Sandhu Introduction to Information Security Ravi Sandhu.
The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,
Session 8: Modeling the Vulnerability of Targets to Threats of Terrorism 1 Session 8 Modeling the Vulnerability of Targets to Threats of Terrorism John.
DoD and Cyber-Terrorism Eric Fritch CPSC 620. What is cyber-terrorism? "The premeditated, politically motivated attack against information, computer systems,
1 No Silver Bullet : Inherent Limitations of Computer Security Technologies Jeffrey W. Humphries Texas A&M University.
1 Telstra in Confidence Managing Security for our Mobile Technology.
Security Controls – What Works
Software Security Threats Threats have been an issue since computers began to be used widely by the general public.
Guide to Network Defense and Countermeasures Second Edition Chapter 2 Security Policy Design: Risk Analysis.
Lesson 14-Desktop Protection. Overview Protect against malicious code. Use the Internet. Protect against physical tampering.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
Computer Security: Principles and Practice
Controls for Information Security
Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Physical and Cyber Attacks1. 2 Inspirational Quote Country in which there are precipitous cliffs with torrents running between, deep natural hollows,
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
Comptroller of the Currency Administrator of National Banks E- Security Risk Mitigation: A Supervisor’s Perspective Global Dialogue World Bank Group September.
The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions Steve Katz, CISSP Security.
A project under the 7th Framework Programme CPS Workshop Stockholm 12/04/2010 Gunnar Björkman Project Coordinator A Security Project for the Protection.
Author: Andy Reedftp://topsurf.co.uk/reed FdSc IT/Computer Networking & IT(e-commerce) Communications Network Management An Introduction to Security.
Self-Assessment » Find a Consultant » Links & Resources » News & Headlines » Educational & Training Resources » Steve Peters, President Community Information.
Securing Information Systems
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
K E M A, I N C. NERC Cyber Security Standards and August 14 th Blackout Implications OSI PI User Group April 20, 2004 Joe Weiss
Did You Hear That Alarm? The impacts of hitting the information security snooze button.
By: Sharad Sharma, Somya Verma, and Taranjit Pabla.
Information Systems Security Computer System Life Cycle Security.
Lecture 10 Intrusion Detection modified from slides of Lawrie Brown.
Prepared by: Dinesh Bajracharya Nepal Security and Control.
CERN’s Computer Security Challenge
WHAT IS VIRUS? NAE GRAND CHALLENGE SECURE CYBERSPACE.
PATCH MANAGEMENT: Issues and Practical Solutions Presented by: ISSA Vancouver Chapter March 4, 2004.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 1 – Overview.
Computer Security: Principles and Practice
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Chapter 8 Technology and Auditing Systems: Hardware and Software Defenses.
Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.
K E M A, I N C. Ten Steps To Secure Control Systems APPA 2005 Conference Session: Securing SCADA Networks from Cyber Attacks Memphis, TN April 18, 2005.
Unit 6b System Security Procedures and Standards Component 8 Installation and Maintenance of Health IT Systems This material was developed by Duke University,
Information Systems Security Operations Security Domain #9.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Basic Security Networking for Home and Small Businesses – Chapter 8.
Lesson 7-Managing Risk. Overview Defining risk. Identifying the risk to an organization. Measuring risk.
IS Network and Telecommunications Risks Chapter Six.
Project co-funded by the European Commission within the 7th Framework Program (Grant Agreement No ) Business Convergence WS#2 Smart Grid Technologies.
Note1 (Admi1) Overview of administering security.
Module 11: Designing Security for Network Perimeters.
A Global Approach to Protecting the Global Critical Infrastructure Dr. Stephen D. Bryen.
Computer Security Status Update FOCUS Meeting, 28 March 2002 Denise Heagerty, CERN Computer Security Officer.
Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.
Computer Security Status C5 Meeting, 2 Nov 2001 Denise Heagerty, CERN Computer Security Officer.
“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.
BTEC NAT Unit 15 - Organisational Systems Security ORGANISATIONAL SYSTEMS SECURITY Unit 15 Lecture 3 OTHER DAMAGING THREATS.
MIS323 – Business Telecommunications Chapter 10 Security.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Information Security tools for records managers Frank Rankin.
PCs ENVIRONMENT and PERIPHERALS Lecture 10. Computer Threats: - Computer threats: - It means anything that has the potential to cause serious harm to.
BY: AUSTIN NEIGH. WHAT IS CYBER WARFARE? Hacking that is politically motivated to conduct sabotage or espionage Form of information warfare Typically.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.
Disaster and Emergency Management
Security Standard: “reasonable security”
Advanced Services Cyber Security 101 © ABB February, | Slide 1.
Networking for Home and Small Businesses – Chapter 8
Cybersecurity Threat Assessment
Networking for Home and Small Businesses – Chapter 8
Networking for Home and Small Businesses – Chapter 8
Presentation transcript:

Cyber Terrorism Shawn Carpenter Computer Security Analyst Sandia National Laboratories Supported by the International Borders and Maritime Security Program, Charles Massey, Manager cdmasse@sandia.gov

What is Cyber Terrorism? Premeditated, politically motivated attack Targets information systems Results in violence against noncombatant targets or substantial economic harm

Is the Threat Real? Port of Houston – 2001 Queensland, Australia sewage treatment system – 2000 Arizona’s Roosevelt Dam – 1998

Computer Security Incidents From (US CERT) Computer Emergency Response Team statistics

Anatomy of an Attack Vulnerabilities in software / unprotected network access points No vulnerability assessment Poor awareness of security issues Queensland, Australia case Unsecured wireless access points Accessed using ordinary Commercial Off The Shelf (COTS) software and hardware Poor access control and monitoring Result: Unauthorized control of wastewater/freshwater pumping stations Environmental and economic damage

Large Ports Are Attractive Targets Potentially high economic impact Significant impact on ship/port/facility Possible world trade disruption Port of Houston impact High visibility Low cost Low risk Numerous attack options

Marine Industry Could this affect your organization? Supervisory Control And Data Acquisition (SCADA) Port logistical software applications Internet / Communications Email Antivirus software (Trojans, viruses, worms) Ohio’s Davis-Besse Nuclear Power Plant – 2003 Wireless communications (war driving) Modems (war dialing) Insiders / disgruntled employees

Sampling of 120 Unprotected Wireless Access Points Discovered in a Ten Minute Taxi Ride

Consequences Electronic intelligence loss Loss of data integrity Aid physical attacks Forge credentials Emergency response plans Loss of data integrity Change manifests Redirect shipments / ships Affect shipyard logistics Cause delays Impact inspections status

Port Cactus Scenario Target - Port Cactus, New Mexico Reconnaissance research target – Internet probe network for vulnerabilities Deliver Trojan via email Compromise other systems via trojaned system(s), stealthily install backdoors Capture logon credentials for port logistics application Change manifests, inspection records, etc. as necessary

The Reactionary Approach Network compromise Network compromise Network compromise

The Proactive Approach There is no silver bullet Constant vigilance – dedicated personnel Network Intrusion Detection Effective process to quickly patch vulnerabilities Configuration management / firewalls / antivirus Integrated cyber incident response Backup systems / data recovery – no single point of failure Regular cyber security policy audits Formal network vulnerability assessments and corrective actions – Red Teaming Robust cyber security program with high-level support Employee education / awareness

Questions? Shawn Carpenter Computer Security Analyst Sandia National Laboratories Albuquerque, NM 1-505-228-3762 1-505-845-7413 scarpe@sandia.gov

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.