Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cyber Terrorism Shawn Carpenter Computer Security Analyst

Published bySharyl Lee Modified over 9 years ago

Similar presentations

Presentation on theme: "Cyber Terrorism Shawn Carpenter Computer Security Analyst"— Presentation transcript:

1 Cyber Terrorism Shawn Carpenter Computer Security Analyst
Sandia National Laboratories Supported by the International Borders and Maritime Security Program, Charles Massey, Manager

2 What is Cyber Terrorism?
Premeditated, politically motivated attack Targets information systems Results in violence against noncombatant targets or substantial economic harm

3 Is the Threat Real? Port of Houston – 2001
Queensland, Australia sewage treatment system – 2000 Arizona’s Roosevelt Dam – 1998

4 Computer Security Incidents
From (US CERT) Computer Emergency Response Team statistics

5 Anatomy of an Attack Vulnerabilities in software / unprotected network access points No vulnerability assessment Poor awareness of security issues Queensland, Australia case Unsecured wireless access points Accessed using ordinary Commercial Off The Shelf (COTS) software and hardware Poor access control and monitoring Result: Unauthorized control of wastewater/freshwater pumping stations Environmental and economic damage

6 Large Ports Are Attractive Targets
Potentially high economic impact Significant impact on ship/port/facility Possible world trade disruption Port of Houston impact High visibility Low cost Low risk Numerous attack options

7 Marine Industry Could this affect your organization?
Supervisory Control And Data Acquisition (SCADA) Port logistical software applications Internet / Communications Antivirus software (Trojans, viruses, worms) Ohio’s Davis-Besse Nuclear Power Plant – 2003 Wireless communications (war driving) Modems (war dialing) Insiders / disgruntled employees

8 Sampling of 120 Unprotected Wireless Access Points Discovered in a Ten Minute Taxi Ride

9 Consequences Electronic intelligence loss Loss of data integrity
Aid physical attacks Forge credentials Emergency response plans Loss of data integrity Change manifests Redirect shipments / ships Affect shipyard logistics Cause delays Impact inspections status

10 Port Cactus Scenario Target - Port Cactus, New Mexico Reconnaissance
research target – Internet probe network for vulnerabilities Deliver Trojan via Compromise other systems via trojaned system(s), stealthily install backdoors Capture logon credentials for port logistics application Change manifests, inspection records, etc. as necessary

11 The Reactionary Approach
Network compromise Network compromise Network compromise

12 The Proactive Approach
There is no silver bullet Constant vigilance – dedicated personnel Network Intrusion Detection Effective process to quickly patch vulnerabilities Configuration management / firewalls / antivirus Integrated cyber incident response Backup systems / data recovery – no single point of failure Regular cyber security policy audits Formal network vulnerability assessments and corrective actions – Red Teaming Robust cyber security program with high-level support Employee education / awareness

13 Questions? Shawn Carpenter Computer Security Analyst
Sandia National Laboratories Albuquerque, NM

Download ppt "Cyber Terrorism Shawn Carpenter Computer Security Analyst"

Similar presentations

ETHICAL HACKING A LICENCE TO HACK

ETHICAL HACKING A LICENCE TO HACK
© Ravi Sandhu www.list.gmu.edu Introduction to Information Security Ravi Sandhu.

© Ravi Sandhu Introduction to Information Security Ravi Sandhu.
The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.

The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,
Session 8: Modeling the Vulnerability of Targets to Threats of Terrorism 1 Session 8 Modeling the Vulnerability of Targets to Threats of Terrorism John.

Session 8: Modeling the Vulnerability of Targets to Threats of Terrorism 1 Session 8 Modeling the Vulnerability of Targets to Threats of Terrorism John.
DoD and Cyber-Terrorism Eric Fritch CPSC 620. What is cyber-terrorism? The premeditated, politically motivated attack against information, computer systems,

DoD and Cyber-Terrorism Eric Fritch CPSC 620. What is cyber-terrorism? "The premeditated, politically motivated attack against information, computer systems,
1 No Silver Bullet : Inherent Limitations of Computer Security Technologies Jeffrey W. Humphries Texas A&M University.

1 No Silver Bullet : Inherent Limitations of Computer Security Technologies Jeffrey W. Humphries Texas A&M University.
1 Telstra in Confidence Managing Security for our Mobile Technology.

1 Telstra in Confidence Managing Security for our Mobile Technology.
Security Controls – What Works

Security Controls – What Works
Software Security Threats Threats have been an issue since computers began to be used widely by the general public.

Software Security Threats Threats have been an issue since computers began to be used widely by the general public.
Guide to Network Defense and Countermeasures Second Edition Chapter 2 Security Policy Design: Risk Analysis.

Guide to Network Defense and Countermeasures Second Edition Chapter 2 Security Policy Design: Risk Analysis.
Lesson 14-Desktop Protection. Overview Protect against malicious code. Use the Internet. Protect against physical tampering.

Lesson 14-Desktop Protection. Overview Protect against malicious code. Use the Internet. Protect against physical tampering.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Controls for Information Security

Controls for Information Security
Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.

Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Physical and Cyber Attacks1. 2 Inspirational Quote Country in which there are precipitous cliffs with torrents running between, deep natural hollows,

Physical and Cyber Attacks1. 2 Inspirational Quote Country in which there are precipitous cliffs with torrents running between, deep natural hollows,
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
Comptroller of the Currency Administrator of National Banks E- Security Risk Mitigation: A Supervisor’s Perspective Global Dialogue World Bank Group September.

Comptroller of the Currency Administrator of National Banks E- Security Risk Mitigation: A Supervisor’s Perspective Global Dialogue World Bank Group September.

Similar presentations

Ads by Google