Post on 15-Jan-2016
description
SECR 5140-FLCritical Infrastructure Protection
Dr. Barry S. HessSpring 2 Semester
Week 6: 22 April 2006
2
Class Website
Class Info http://home.covad.net/~bshess/
Contact info barry.hess@gmail.com 571.237.3418
3
Reminder
Papers are due in two weeks
I am available to review drafts
Presentations will be timed
4
Agenda
Quiz Discussion Guidance
Research Paper Presentation
Lecture Assignment for Week 7
Guidance
9
Three Questions
Would you want your employer to use your paper in your annual review?
Would you give the paper to a prospective employer?
Is your paper ready for publication?
10
Basic Guideline
Introduction Tell me what you are going to tell me
Body Tell me
Conclusion or Summary Tell me what you told me
11
Research Paper Requirements A 10-12 page (double-spaced)
typewritten paper by week 8 of class Must cite at least three relevant
sources Students’ papers will use style
guidance in A Manual for Writers of Term Papers, Theses and Dissertations, 6th edition, by Kate L. Turabian
12
Mechanics Grammar and spelling matter Use a 12 point standard font, e.g., Times,
Geneva, Bookman, Helvetica, etc. Double spaced text on 8 1/2" x 11" paper
with 1 inch margins, single sided Number pages consecutively Minimize number of figures, tables, and
illustrations Bibliography is not part of page count
13
Structure of Paper Brief presentation of your primary thesis
Three major sections of your investigation, and the solution / findings / recommendations that you will be making
Definition of key terms and concepts. Cite references. The research problem
In-depth look at research problem. This a synthesis and should be original work. If there are controversial elements, mention them briefly.
History of research on this topic Explain why your research is unique and needed. Give a brief history of ideas. Cite sources.
"Evidence" section Supporting statistics, examples, case studies, citations, supporting passages from key texts. Present
counter-arguments / opposing viewpoints. Cite carefully. Further case studies or examples (Minimum of three)
Support your thesis statement. Use citations and intersperse your thoughts & analysis throughout. Debate points / controversial aspects
Discuss issues and present new ways of looking at primary thesis. This is your original work. Begin to question underlying assumptions that may influence your investigation, and your conclusion,
approaches, solution. Summary that is more than a conclusion
Insights, recommendations, probable issues vis-a-vis the futureSource:
Susan Smith Nash, Ph.D.The University of OklahomaResearch Paper Roadmap http://www.beyondutopia.net/research/
14
Plagiarism Webster University Graduate School Policy
“Plagiarism—Using the works (i.e. words, images, other materials) of another person as one's own words without proper citation in any academic assignment. This includes submission (in whole or in part) of any work purchased or downloaded from a Web site or an Internet paper clearinghouse.”
If you knowingly use sources created by others, then it is incumbent upon you to give credit to those sources
This is not only fair but it is also moral, ethical, legal, and an academic requirement
Not giving credit is plagiarism, which basically means stealing information from someone else
If you get caught plagiarizing, you will fail the course
15
Sourcing Primary sources are original,
uninterpreted information Novels, speeches, eyewitness accounts,
interviews, letters, autobiographies, or the results of original research
State of the Union Address Secondary sources interpret, analyze or
summarize Writings about the primary sources, about an
author or about somebody's accomplishments Newspaper report on the State of the Union speech
16
Bibliography and Footnotes
List all your sources and be thorough Follow the proper citation style
Bibliography Sources are listed alphabetically, by author's last name Sources without authors are listed alphabetically by either the editor's last
name or by the complete title of the work First line of each bibliographical entry starts flush at the left hand margin Second and subsequent lines are indented five spaces Titles should be capitalized correctly in each entry All entries are single-spaced
Footnotes Turabian reference note format requires that the basic information about the
source in footnotes is at the bottom of each page, beneath the text Within the text, above the list of footnotes, the place where a reference is
introduced is shown by an Arabic numeral raised slightly above the line of text These reference numbers are placed just after the quoted or paraphrased
material, and they appear in numerical order throughout the text Footnotes for all of the references which appear in a page of text must be
placed at the bottom of the same page, divided from the text by an eight spaced line
17
Oral Presentation Requirements
Each student will deliver a 15-20 minute oral presentation of the research paper to the class during week 8
18
Hints for PowerPoint Plan for approximately 1 minute per slide Use a standard font, e.g., Arial, Tahoma,
Verdana, etc. Slides should supplement your presentation—
not to BE your presentation Slides should serve as an outline and provide
points of emphasis Use phrases not sentences Do not read your slides
Your graphics need to there for a reason Practice makes perfect Do not over use transitions
Lecture
20
Topics Statement by Daniel G. Wolf, Director of
Information Assurance, National Security Agency—“Cybersecurity Getting it Right”
Posse Comitatus “Extra Territoriality and International
Cyber Crime” by Kenneth Geers (Naval Criminal Investigative Service)
Homeland Security Presidential Directive (HSPD-7)
“Cybersecurity—Getting it Right”
Statement by Daniel G. WolfDirector of Information Assurance
National Security AgencyJuly 22, 2003
22
Introduction NSA does not have all of the answers Have had tremendous successes and a share of failures Have gained a deep understanding and respect for the
challenges the nation must overcome to begin to tame cyberspace
Concerned that some in government and industry want to keep NSA in a box labeled “for classified information only”
This erroneously suggests that NSA’s perspective is much too narrow due to our focus on the stringent requirements of national security systems
His experience shows that there is little difference between the cybersecurity that is required for a system processing top-secret military information and one that controls a segment of the nation’s critical infrastructure
23
Concepts Both classified and unclassified systems
require the element of assurance or trust Trust that the system was designed properly Trust that it was independently evaluated against a
prescribed set of explicit security standards Trust that it will maintain proper operation during its
lifetime, even in the face of malicious attacks and human error
Effective cybersecurity must be designed into information systems starting at the R & D phase
You cannot add trust to a system after it is fielded
24
Homeland Security Presents another reason to suggest that
cybersecurity requirements must converge Information management principle within the
national security community has always been the concept of need-to-know
Fundamental information principle for homeland security is need-to-share
The principle of need-to-share requires the development of technical solutions for secure interoperability that may be called on to tie top-secret intelligence systems to a local first responder system
25
Information Assurance Information Assurance is operational in nature and often time-
sensitive NSA’s work in IA provides a mix of security services that are
not operational or time-sensitive, e.g., Education and training Threat and vulnerability analysis Research and development Assessments and evaluations Tool development
In an environment of constant probes and attacks of networks, an increasingly important element of protection deals with operational responsiveness in terms of detecting and reacting to these time-sensitive events
This defensive operational capability is closely allied with and synergistic with traditional IA activities
DoD calls this Defensive Information Operations
26
Specific Issues Related to Cybersecurity R&D Technical approaches to optimize
cybersecurity Interoperable authentication system
Deployed widely throughout the federal, national security, first responder and critical infrastructure community, e.g., a PKI system with a smart card that contains your cyber credentials
Effective border protection Firewalls Virtual private networks “Guards” Cyber intrusion detection
27
Specific Issues Related to Cybersecurity R&D Areas of advanced technology should be
pursued to outpace attacks Cryptographic modernization
Over 1.3 million cryptographic devices in the U.S. inventory
Over 75% of these systems will be replaced during the next decade
Resilient systems Goal is to have systems that degrade gracefully instead
of causing a cascade of insecurity Coordination information during cyberattack
Enhance attack identification methods Detect suspicious or anomalous behavior to identify
insider attacks
28
Specific Issues Related to Cybersecurity R&D Advanced technology programs needing
higher priority & funding Enhance our ability to find and eliminate malicious
code in large software applications Little coordinated effort today to develop tools and
techniques to examine effectively and efficiently either source or executable software
Need a National Software Assurance Center Should have representatives from academia, industry,
federal government, national laboratories and the national security community
Trusted hardware platforms Must have trusted domestic sources for advanced
systems
29
Specific Issues Related to Cybersecurity R&D Role of technology transfer
National Information Assurance Partnership (NIAP) Collaboration between the National Institute of Standards and
Technology and the NSA Long-term goal of NIAP is to increase the level of trust
consumers have in their information systems and networks through the use of cost-effective security testing, evaluation, and assessment programs
Information Assurance Technical Framework Forum (IATFF) Created to foster dialog between U.S. government agencies,
industry, and academia seeking to provide their customers solutions for information assurance problems
Centers of Academic Excellence in Information Assurance Education Program
Goal is to reduce vulnerability in our National Information Infrastructure by promoting higher education in information assurance
Posse Comitatus Act
31
Posse Comitatus Act Posse Comitatus Act of 1878 (20 Stat.
152 [18 USC 1385]) “SEC. 15. From and after the passage of this
act it shall not be lawful to employ any part of the Army of the United States, as a posse comitatus, or otherwise, for the purpose of executing the laws, except in such cases and under such circumstances as such employment of said force may be expressly authorized by the Constitution or by act of Congress;…”
32
Post September 11th Perspective "Our way of life has forever
changed,'' wrote Sen. John Warner R-Va., in an October 2001 letter to Defense Secretary Donald Rumsfeld. "Should this law [Posse Comitatus Act] now be changed to enable our active-duty military to more fully join other domestic assets in this war against terrorism?''
33
History Posse Comitatus Act reflects a tension
between preserving the national defense, while keeping the military from becoming entangled in day to day law enforcement
Posse Comitatus means, “the Power of the County” Brings to mind colorful images of the old
west county sheriff
Source:“Posse Comitatus - Has the Posse outlived its purpose?”Craig T. Trebilcock (April 2000)
34
Why Did Congress Enact PCA? During reconstruction federal troops were used
extensively in the South for law enforcement Recognizing that long-term use of the Army to
enforce civilian laws posed a potential danger to the military’s subordination to civilian control Congress passed the Act
Posse Comitatus Act made it a crime for anyone to use the Army to enforce federal, state, or local civil laws
Source:“Posse Comitatus - Has the Posse outlived its purpose?”Craig T. Trebilcock (April 2000)
35
Is the Posse Comiatitus Eroding? The courts have consistently ruled that the Act does not
prohibit military involvement in civilian law enforcement activities, as long as that involvement is in a “passive” or support role
Recognizing that the military possesses unique equipment and training that may be valuable to civilian police departments, the courts have held that many types of logistical support may be provided, without violating the central tenet that the military may not actually enforce civilian laws
Using a test based upon whether the military’s involvement is “passive” or “active”, the courts have held that providing supplies, equipment, training, facilities, and certain types of intelligence do not violate the Posse Comitatus Act.
Military personnel may be involved in planning and supporting civilian law enforcement activities (an indirect or passive role), as long as they are not directly involved in the actual arrest or seizure of evidenceSource:
“Posse Comitatus - Has the Posse outlived its purpose?”Craig T. Trebilcock (April 2000)
36
How Does the Country Feel About PCA? The current swing of the pendulum reflects a nation that
is more than ready to embrace military involvement in homeland defense
Drug smuggling and illegal immigration were perceived by some as the national defense challenges
The increasing recognition that a suitcase of chemical or biological agent smuggled across our borders could result in a crippling loss of life, is leading to an acceptance of an increased role for the military in homeland defense
With its unique detection and response capabilities to chemical/ biological attacks, the military must be heavily involved in any effective counter-terrorism response plan
Source:“Posse Comitatus - Has the Posse outlived its purpose?”Craig T. Trebilcock (April 2000)
37
Implications There have been several statutory exceptions to the Posse
Comitatus Act in the past decade The general Constitutional authority of the President to preserve
order, there are few areas of domestic law enforcement activity where the military is precluded from participating in times of national emergency or disaster
Posse Comitatus Act still serves a valuable function in deterring a lower level commander or politician from engaging in unauthorized “police” activity using military forces
The Act today provides little hindrance to the National Command Authority in executing civilian laws in times of emergency through military personnel
Through proper, legal declarations of Presidential emergency authority and/or through the use of National Guard assets in state status, it is increasingly likely that the military will play a significant enforcement role in response to domestic terrorism and other disasters for the foreseeable future
Source:“Posse Comitatus - Has the Posse outlived its purpose?”Craig T. Trebilcock (April 2000)
38
Discussion
How does Posse Comitatus effect our ability to protect the critical infrastructure?
Extra Territoriality and International Cyber Crime
Kenneth GeersNaval Criminal Investigative
Service
40
Problems with Investigations Investigating international cyber crime poses many
problems to U.S. law enforcement One of the biggest challenges is the fact that a high degree
of anonymity is not difficult to achieve on the Internet In ideal world we would examine every Internet data
packet that crosses our borders, but when they arrive at well over a billion per second, that thought is quickly ruled out
When a real Internet crime has been discovered, and the log data exists to prove it (the combination of which is fairly rare), the tedious process of tracing the hack back to its point of origin begins
The obstacles for an international investigator begin to multiply quickly here. Cultural, linguistic, and political barriers can prove insurmountable
41
European Cybercrime Convention (ECC) Forty-one countries have signed the
treaty (including the United States and Russia) and nine have acceded to it through formal ratification
Goal is to harmonize cybercrime laws all over the world These run the gamut: fraud, child
pornography, data protection, and even cyber terrorism
The amount of damage done every year easily runs into the billions of dollars
42
Issues with ECC Many governments worry that this would
leave their citizens' personal information vulnerable to abuse by foreign governments, and that this abuse could occur with inadequate oversight
Privacy groups fear for their civil liberties as well
ISPs fear that unwieldy strictures and obligations will be placed upon them
43
Law Enforcement Issues ECC fails to authorize any type of
unauthorized cross-border digital searches or seizures, even in the case of hot pursuit
All cooperative scenarios foresee consultation with host-nation officials before any examination or seizure of computer data
This rule, while politically palatable, runs the risk of giving cyber criminals the valuable time they need to hide their point-of-origin
44
Example In 2000, the FBI was hot on the trail of Russian hackers
who had cracked various computer networks around the country, including banks and ISPs, in order to steal credit card numbers. The point-of-origin was determined to be Russia, but Russian assistance in the investigation was not forthcoming. Therefore, the FBI decided to act on its own. With a U.S. search warrant in hand, it tricked one of the Russian suspects into traveling to Seattle, where it used a keystroke logger to gain his username and password to a secret stash back in Russia.
The FBI then proceeded to log on and download highly incriminating evidence. The hacker gang was responsible for fraud on a massive scale, involving the theft and use of many thousands of American credit card numbers.
45
Discussion
What should have happened to the FBI agents?
46
Reality
The two FBI agents were given the Director's Award for Excellence, and the FBI publicly praised its field office's first successful "extra-territorial seizure"
Homeland Security Presidential Directive (HSPD-7)
Office of Homeland Security17 December 2003
48
Policy
(1) It is the policy of the United States to enhance the protection of our Nation's critical infrastructure and key resources against terrorist acts
49
Context 4) Critical infrastructure and key resources provide the essential
services that underpin American society. The Nation possesses numerous key resources, whose exploitation or destruction by terrorists could cause catastrophic health effects or mass casualties comparable to those from the use of a weapon of mass destruction, or could profoundly affect our national prestige and morale. In addition, there is critical infrastructure so vital that its incapacitation, exploitation, or destruction, through terrorist attack, could have a debilitating effect on security and economic well-being.
(5) While it is not possible to protect or eliminate the vulnerability of all critical infrastructure and key resources throughout the country, strategic improvements in security can make it more difficult for attacks to succeed and can lessen the impact of attacks that may occur. In addition to strategic security enhancements, tactical security improvements can be rapidly implemented to deter, mitigate, or neutralize potential attacks.
50
Purpose (7) Establishes a national policy for Federal
departments and agencies to identify and prioritize United States critical infrastructure and key resources and to protect them from terrorist attacks
(8) Federal departments and agencies will identify, prioritize, and coordinate the protection of critical infrastructure and key resources in order to prevent, deter, and mitigate the effects of deliberate efforts to destroy, incapacitate, or exploit them. Federal departments and agencies will work with State and local governments and the private sector to accomplish this objective
51
Roles and Responsibilities of the Secretary (12) In carrying out the functions assigned in the Homeland
Security Act of 2002, the Secretary shall be responsible for coordinating the overall national effort to enhance the protection of the critical infrastructure and key resources of the United States. The Secretary shall serve as the principal Federal official to lead, integrate, and coordinate implementation of efforts among Federal departments and agencies, State and local governments, and the private sector to protect critical infrastructure and key resources.
(13) Consistent with this directive, the Secretary will identify, prioritize, and coordinate the protection of critical infrastructure and key resources with an emphasis on critical infrastructure and key resources that could be exploited to cause catastrophic health effects or mass casualties comparable to those from the use of a weapon of mass destruction.
(14) The Secretary will establish uniform policies, approaches, guidelines, and methodologies for integrating Federal infrastructure protection and risk management activities within and across sectors along with metrics and criteria for related programs and activities
52
Cybersecurity (16) The Secretary will continue to maintain an organization to
serve as a focal point for the security of cyberspace. The organization will facilitate interactions and collaborations between and among Federal departments and agencies, State and local governments, the private sector, academia and international organizations. To the extent permitted by law, Federal departments and agencies with cyber expertise, including but not limited to the Departments of Justice, Commerce, the Treasury, Defense, Energy, and State, and the Central Intelligence Agency, will collaborate with and support the organization in accomplishing its mission. The organization's mission includes analysis, warning, information sharing, vulnerability reduction, mitigation, and aiding national recovery efforts for critical infrastructure information systems. The organization will support the Department of Justice and other law enforcement agencies in their continuing missions to investigate and prosecute threats to and attacks against cyberspace, to the extent permitted by law.
53
Discussion
Why was it necessary to promulgate HSPD-7?
Assignment for Week 7
55
Briefing Assignment
Prepare and present a five minute discussion on what your chosen aspect of the USA PATRIOT Act (http://www.epic.org/privacy/terrorism/hr3162.pdf) Cite sources
56
Topic Questions1. Sec. 201. Authority to intercept wire, oral, and electronic communications
relating to terrorism2. Sec. 202. Authority to intercept wire, oral, and electronic communications
relating to computer fraud and abuse offenses3. Sec. 203. Authority to share criminal investigative information4. Sec. 213. Authority for delaying notice of the execution of a warrant.5. Sec. 214. Pen register and trap and trace authority under FISA6. Sec. 215. Access to records and other items under the Foreign Intelligence
Surveillance Act7. Sec. 218. Foreign intelligence information8. Sec. 219. Single-jurisdiction search warrants for terrorism9. Sec. 220. Nationwide service of search warrants for electronic evidence10. Sec. 311. Special measures for jurisdictions, financial institutions, or
international transactions of primary money laundering concern11. Sec. 314. Cooperative efforts to deter money laundering.12. Sec. 316. Anti-terrorist forfeiture protection.13. Sec. 317. Long-arm jurisdiction over foreign money launderers.14. Sec. 318. Laundering money through a foreign bank.15. Sec. 504. Coordination with law enforcement.16. Sec. 802. Definition of domestic terrorism17. Sec. 805. Material support for terrorism18. Sec. 806. Assets of terrorist organizations
57
Additional Readings for Week 7 “Report From The Field: The USA PATRIOT Act
at Work” Department of Justice July 2004 http://www.lifeandliberty.gov/docs/071304_report_fro
m_the_field.pdf “The USA PATRIOT Act: What's So Patriotic
About Trampling on the Bill of Rights?” Nancy Chang Center for Constitutional Rights November 2001 http://www.ratical.org/ratville/CAH/USAPAanalyze.pdf
58
Reminder
Papers are due in two weeks
I am available to review drafts
Presentations will be timed