Anant Shivraj May 9 th 2011 Cyber Threat Evolution With a focus on SCADA attacks.

Anant Shivraj May 9 th 2011 Cyber Threat Evolution With a focus on SCADA attacks

Agenda Cyber Attacks Increasing sophistication of cyber attacks Private Sector as target of, and medium of attacks Vulnerability of the Oil & Gas Industry to Cyber Attacks Profile of risks faced by SCADA systems in Oil & Gas Risk Mitigation Strategies and Effectiveness Recommendations

Cyberspace is more than the Internet Data Infrastructure network System Communications network Data Cyberspace: The interdependent network of information technology infrastructures, and includes telecommunications networks, the Internet, computer systems, and embedded processors and controllers in critical industries. Source: National Security Presidential Directive 54, January 2008

Key takeaways from recent incidents Changing Ends To impact strategic capability and assets To impede business operations To target physical assets and mission critical information Increasingly Sophisticated Means Traversing multiple networks and infrastructures Precision targeting Multi-stage attacks to avoid attribution Cyber attacks have evolved from operational events to strategic events, with the aim to disrupt a targets freedom in the real world, not just on the Internet Cyber attacks are employing new techniques such as spear phishing, rootkit for specialist devices and networks, and multi- stage phased attacks to accomplish these aims

Stuxnet demonstrates a new level of cyber attack capability Stuxnet was a worm targeted at industrial control systems (ICS) discovered by July 2010. By then, it had infected upwards of 100K systems in Iran, Indonesia, India and other countries Widely believed to have been developed with state support and targeted at Irans Busheshr nuclear reactor Symantec W32 Stuxnet Dossier: Stuxnet is a threat that was primarily written to target an industrial control system or set of similar systems. Its final goal is to reprogram industrial control systems (ICS) by modifying code on programmable logic controllers (PLCs) to make them work in a manner the attacker intended. In order to achieve this goal the creators amassed a vast array of components to increase their chances of success. This includes zero-day exploits, a Windows rootkit, the first ever PLC rootkit, antivirus evasion techniques, complex process injection and hooking code, network infection routines, peer-to-peer updates, and a command and control interface Source: Symantec W32.Stuxnet Dossier, November 2010

Understanding the Stuxnet attack mechanism Industrial Control System environment (non-networked) Programmable Logic Controller (PLC) Field PG Attack Vector Target Map Step 0. Check for OS and anti-virus specifications of host. If met, introduce itself as digitally signed driver. Step 1. Connect to command server, propagate on corporate network and to removable drives. Jump to ICS environment through LAN/ thumb drives Step 2. Check if Siemens Step 7 is installed to manage PLC devices. Obtain root access and take control of Step 7 Step 3. Detect whether PLC uses the target communication protocol. If so, detect the manufacturer of frequency controller drives to determine type of attack. Step 4. Send malicious instructions to change the execution of various states, and to modify the instructions sent to frequency controllers to slow or speed them up. This will change the speed of the actual industrial devices.

Stuxnet demonstrates capability of cyber attacks to harm physical assets FeatureComments ImpactAbility to attack and impair physical infrastructure industrial data, industrial output, industrial operations in critical infrastructure Stuxnet managed to delay the startup of Bushehr Key LessonPersistent connection to grid / IP network not essential to be a cyber target Key InnovationsPrecise target selection and anti-virus evasion First PLC rootkit (allowing admin access to PLC functions) P2P self-update capabilities (sleeper Stuxnet worm can auto- update to suddenly attack a host at a later date) Professional, Coordinated Development * Projected six months development cycle, 5-10 developers, QA and management Theft of digital certificates, and the need to understand and construct a worm for Industrial Control Systems suggests involvement of multi-disciplinary team *Estimated by Symantec

Two key determinants of cyber attack pathways Mission Statement What the attacker wants to accomplish Depends on who the attacker is Cyber criminals looking for financial gains Non-state actors affiliated with a particular cause State actors trying to accomplish strategic goals Technical Capabilities What capabilities are available to the attacker Resources and budget Experience Again, can depend on who the attacker is Given that developing technical capabilities has become easier, mission statement is the primary determinant of the attack pathway

Mission statement key to which cyber attack pathway is used Gain Strategic Advantage Specific Asset Targeting Deny Operational Freedon Infrastructure and Network Targeting e.g. data theft operations: quick asset identification, infrastructure should not be disrupted during exfiltration process e.g. capacity degradation operations, disruption of communications Primary Target Secondary Target Mission Statement Target of cyber attack

Seven phases of a cyber attack 1.Planning 2.Payload Introduction 3. Command and Control 4.Footprint Expansion 5.Target identification 6.Attack Event 7.Retreat and Removal Starting from the earliest documented worm (Internet worm 1988), most cyber attacks have followed a subset of these seven steps Most of the above sequence followed by some of the most successful attacks SQL Slammer (January 2003), which slowed global Internet traffic dramatically Conficker (November 2008), which infected 15 million computers and continues to, in spite of industry efforts (and $250K reward from Microsoft)

Visualizing attack pathways 1.Planning 2.Payload Introduction 3. Command and Control 4.Footprint Expansion 5.Target identification 6.Attack Event 7.Retreat and Removal Strategic, focus on target Operational, focus on attack vector development Internet, Physical and External Internet malware Tight control, ability to operate APTs Fire and forget strategy Targeted expansion Opportunistic expansion Based on host functionality and value Based on existence of vulnerabilities Layered, custom built attack vector Standard IP- based attack vectors Self-upgrade and stealth presence Weak deletion methods

Visualizing recent cyber incidents on attack pathways 1.Planning 2.Payload Introduction 3. Command and Control 4.Footprint Expansion 5.Target identification 6.Attack Event 7.Retreat and Removal Strategic, focus on target Operational, focus on attack vector development Internet, Physical and External Internet malware Tight control, ability to operate APTs Fire and forget strategy Targeted expansion Opportunistic expansion Based on host functionality and value Based on existence of vulnerabilities Layered, custom built attack vector Standard IP- based attack vectors Self-upgrade and stealth presence Weak deletion methods Aurora Stuxnet GhostNet Conficker Indicates increasingly seen characteristics

Stuxnet used private sector capabilities and targets in its attack on state entity Targeted Exploited Evaded Siemens Step 7 software compromised via rootkit Specifications for frequency controllers from Vacon (Finland) and Fararo Paya (Iran) Digital certificates stolen from Realtek and Jmicron, which are located in close proximity to each other Microsoft Windows access gained via rootkit Two Internet Explorer zero day exploits Domain name servers in Malaysia and Denmark Detected and adapted to signature-based and behavorial detection capabilities of 11 anti-virus products including Symantec, McAfee and Trend Micro

Increasing use of a new capability spear phishing Use of highly contextual phishing properties, often sent by known acquaintances, and taking into account real world or online identities, to reduce detection rates TargetSent ToClaims to legitimacy Marathon Oil, ExxonMobil and ConocoPhillips C-level leadershipEmail subject: Re: Emergency Economic Stabilization Act (sent after plan had been announced) Booz AllenVP for International Military Assistance Prog. Email subject: India MCRA Request for Proposal (India had released RFP a week ago) Sender: from the office of the Air Force Secretary Increasing spear phishing implies that both signature-based and behavioral virus detection softwares are losing effectiveness, catching only 20% of malware Source: Business Week, Northrop Grumman, Information

Oil and gas sector officially identified as a critical infrastructure Critical infrastructure: systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitation impact on security, national economic security, national public health or safety, or any combination of those matters. 18 sectors identified as critical infrastructure by the Homeland Security Presidential Directive 7 Agriculture & Food Banking & Finance ChemicalDamsCommunicationsDefense Industrial Base EnergyGovernment Facilities Emergency Services Healthcare & Public Health Information Technology Nuclear Reactors Postal & Shipping TransportationWaterCommercial Facilities National Monuments Critical Manufacturing Electricity, Petroleum & Natural Gas Source: Critical Infrastructure Protection Act of 2001 (Section 106, Patriot Act)

Oil & gas cyber attacks already higher than in other critical infrastructures McAfee survey 71% companies report stealthy infiltration (e.g. APTs), as opposed to average of 54% for all critical infrastructure (CI) 1/3 rd companies report multiple infiltrations per month 2/3 rd companies report DDoS attacks (1/3 rd report multiple attacks per month), highest amongst all CI Highest web extortion victimization rate amongst all CIs E.g. Employee tampering with control system software at Pacific Energy Resources, September 2009 Unlike other CI, most attacks (56%) focused on control systems Highest self-estimated losses amongst all CI (from a 24-hr service outage), avg. $8.4M/day Minor IT, no Ops disruption Serious IT, some Ops disruption Effect on Ops Serious effect on Ops Critical breakdown Source: McAfee

SCADA operated systems in natural gas infrastructure compressors (I) A main component of gas transportation are the more than 1200 compressors installed along pipeline routes Compressors used to restore/maintain gas pressure and pump gas forward 24-hr/365-day unmanned systems monitored by SCADA Image copyright and courtesy of EIA/Southern Natural Gas Company, El Paso Corporation Source: EIA

SCADA operated systems in natural gas infrastructure compressors (II) Interstate pipeline compressor systems, 2006 Source: EIA

Control systems are a key infrastructure in oil & gas networks SCADA (Supervisory Control and Data Acquisition) systems are process control systems that enable monitoring and control of processes distributed amongst various remote sites. They are a form of Industrial Control Systems (ICS) MTU (Master Terminal Unit): monitoring/control of field devices RTU (RemoteTerminal Unit): Data acquisition from field devices, execution of MTU instructions, automatic process control if equipped with programmable logic controllers (PLCs) Field devices e.g. pumps and valves, alarms etc. HMI (Human machine Interface) equipped with SCADA software: interface for operator control and system management Communication Protocol: Modbus, TCP/IP. Can be sent over dedicated cable lines, wireless transmission (spread spectrum, microwave and VHF/UHF radio), DSL, satellite communications) Components of a SCADA system

Economic contribution of the natural gas distribution network Value as intermediate input to 418 industries = $54.6B (2002 dollars) Consumption as final good = $38.5B (2002 dollars) Total Direct Annual GDP contribution: $110.8B (2010 dollars) Total Indirect Annual GDP contribution: $229.7B Total Annual GDP contribution: $340B Source: Bureau of Economic Analysis, 2002 Benchmark input-output tables, Use of commodities by industries, purchaser prices. Figures adjusted for inflation Notes: Values calculated using commodity code 221200 (natural gas distribution). For indirect contribution, the value added from top 25 industries of use of natural gas distribution were considered. These industries represented 35% of total GDP contribution of natural gas distribution. See Appendix for details

Attack scenario: defining a mission Gain Strategic Advantage Specific Asset Targeting Deny Operational Freedom Infrastructure and Network Targeting Mission Statement Target of cyber attack Mission statement: Disrupt a continental US gas pipeline system Motive: Explore weaknesses, demonstration of power, political statement etc. Core assets such as business assets and IP are left alone Key infrastructure is the distribution network Compressor systems represent an attractive infrastructure target

Attack scenario: identifying cyber attack pathway 1.Planning 2.Payload Introduction 3. Command and Control 4.Footprint Expansion 5.Target identification 6.Attack Event 7.Retreat and Removal Internet, Physical and External Internet malware Tight control, ability to operate APTs Fire and forget strategy Targeted expansion Opportunistic expansion Based on host functionality and value Based on existence of vulnerabilities Layered, custom built attack vector Standard IP- based attack vectors Self-upgrade and stealth presence Weak deletion methods Need to attack non- IP network One-time attack RTUs and MTUs Attack Modbus protocol Strategic, focus on target Operational, focus on attack vector development

Economic impact of the attack scenario: a simple estimation Consider an attack on one of the top 10 pipeline systems (which together account for 62% of output and have 498 compressors between them) The Natural Gas PL Co. pipeline system represents the average characteristics of the top 10 systems Route: Begins Southwest, ends Midwest Has 50 compressor stations with an total throughput rating of 49,785 MMcf (spread over 10,000 miles of pipelines) Accounts for a daily GDP contribution of approx. $54.5M Note: Assumes that GDP contribution from natural gas distribution can be spread across compressors. True division should be across compressor+pipeline segments, but this is a reasonable assumptions, since every pipeline segment depends upon the starting compressor for flow. Note: NGPL is owned by Kinder Morgan

The economic impact of attack scenario can be huge Note: Assumes that GDP contribution from natural gas distribution can be spread across compressors. True division should be across compressor+pipeline segments, but this is a reasonable assumptions, since every pipeline segment depends upon the starting compressor for flow. A 100% capacity degradation for a day on the average large pipeline system can lead up to an estimated losses of about $54M Total cost will be worse: 1.Cost and time of replacing compromised SCADA network and bringing the infrastructure online 2. Price shocks in economy, higher insurance risk premiums in industry 3.Reputation damage, risk of losing bids, increased insurance 4.Some industries will be unable to product output altogether if gas supply is choked Immediate costs may be less: 1.Other pipeline systems may respond to shortages 2.Reserves can be used to meet immediate demand so impact may lead to reserve shortage rather than supply shock 3.Stations dont operate at full capacity rating in summer months ++ _ Compare this number to the industrys self estimates of losses of $8.4M/day. Total economic loss much higher than firm loss

Incidents show that disruptions to oil and gas infrastructure are very costly Three week disruption in gas supplies from Russia in 2009 cost Bulgaria cost 250M ($330M), or 1% of GDP Gas plant accident in Western Australia in 2008 cost the region $6.7B in total Terrorist strike on Mexico gas pipelines at Veracruz resulted in $90-200M in losses Shutdown of almost all of French oil refineries in pension strikes in October 2010 cost the French economy up to$500M per day Sources: Media reports - http://www.cges.co.uk/resources/articles/2009/08/06/rescuing-russia-europe-gas-relations, http://www.usatoday.com/news/world/2007-09-10-mexico-pipeline_N.htm, http://www.cbsnews.com/stories/2010/10/25/world/main6991577.shtmlhttp://www.cges.co.uk/resources/articles/2009/08/06/rescuing-russia-europe-gas-relations http://www.usatoday.com/news/world/2007-09-10-mexico-pipeline_N.htm http://www.cbsnews.com/stories/2010/10/25/world/main6991577.shtml Losses typically run in millions of dollars per day

Risk mitigation by SCADA owners largely based on IT tools Most common measures, yet often circumvented by using trusted connections Patching / updating of SCADA networks is much more rare Important measure, yet not often implemented Source: Critical Infrastructure in the Age of Cyber War, McAfee, 2010 Note: SCADA SCADA network IT IT network Just perimeter defense is not enough for SCADA networks, what is required is defense-in-depth (defenses embedded in the network)

Network and decision systems for SCADA security are being built LOGIIC (Linking Oil & Gas Industry to Improve Cyber Security) What: Main function is to perform facility level monitoring of SCADA/ICS networks and integrate threat reports to develop firm level situational awareness of SCADA/ICS security How: Adds process control intrusion detection and alarm capability from SCADA networks to standard network security By: Partnership involving government (DHS), oil & gas majors (Chevron, BP etc.), research labs, security vendors (3Com, Symantec etc.) and process control vendors (e.g. Honeywell) See Appendix for LOGIIC network design Consulting services and custom solutions Developed by security vendors (Cisco, Symantec, McAfee etc.) Developed by process control security firms (Wurldtech, Industrial Defender etc.) RiskMap Used to identify and map operational risks in oil & gas (including disruptions from cyber attacks) to business decision making

The energy sector has started to respond to the growing cyber threat Is leading to a number of industry initiatives such as the Roadmap to Secure Control Systems in the Energy Sector Initiative between oil & gas, electricity and telecom sector 10 year roadmap launched in 2006, and sponsored by DoE and DHS Vision: In 10 years, control systems for critical applications will be designed, installed, operated, and maintained to survive an intentional cyber assault with no loss of critical function. Participants: Commercial entities system integrators, component suppliers, technology developers, IT and telecom providers Industry organizations from the oil & gas and electricity sector Research institutes Government agencies Successes: More than 100 projects from 21 private and public sector entities under implementation or identified for implementation by 2009

Yet, there are number of challenges in meeting the energy roadmap Sustain security improvements Detect intrusion and implement response strategies Measure and assess security posture Develop and integrate proactive measures Goals:2015 Desired End State:Current Challenges Relate To: Ability of energy asset owners to understand process control security needs and use automated, real- time monitoring to determine where vulnerabilities exist B. Vulnerability disclosure: Standard assessment methods Communication and disclosure channels Regulatory and legal framework Protective measures to reduce system vulnerabilities and threats. Ability to deploy control systems with end-to-end security when changing from legacy system A. Measuring progress : Consensus on definition of key terms Comprehensiveness and reliability of measures Insufficient collaboration C. Innovative Partnerships: Business case for management engagement Training of SCADA personnel in security Time and resources to invest in partnership Energy asset owners to operate networks that automatically provide contingency and remedial actions in response to attempted intrusions Energy asset owners and operators to work collaboratively within the sector and with government on policy and implementation progress D. Technology Gaps and Advancement: System complexity and vulnerabilities Impact of newer and innovative attacks Ability to replace technology Source: Roadmap to Secure Control Systems in the Energy Sector, 2006. Roadmap Update Workshop Summaries, Jan 2011

Security vendors developing frameworks for risk management Define critical assets and identify risks Define an electronic security perimeter around process control Main SCADA network + SCADA administration network Manage SCADA assets from behind the perimeter SCADA Administration network should be separate from corporate network Consider the corporate network as untrusted Corporate network should be outside the perimeter Two-factor authentication for any systems outside the perimeter to gain access Will remove the risk of automated attacks, and leave a trail for attacks Develop a security policy for critical assets Create policies based on regulations and standards Assess compliance to policies Measure compliance and address deviations from policy Source: Gary Sevounts, Symantec Example of a SCADA risk management framework

Policies/standards at various levels play important role in risk mitigation Firm Industry Corporate Network SCADA Admin SCADA Control MTUHMI SCADA Field RTU Devices IT resources and infrastructureOperations resources and infrastructure Business Goals Economy SCADA security: AGA 12, API 1164 Cyber security: ISO/IEC 17799 IT governance & management: COBIT Compliance, Audit: Sarbanes-Oxley, others National policy guidance: HSPD-7, others Evolving industry standards from the Energy roadmap Notes: AGA 12 by the American Gas Association, and API 1164 by American Petroleum Institute

Recommendations for private sector Understand that cyber attack pathways can greatly differ, based on the mission of the cyber attackers (technology not a limiting factor for most attackers Identify which cyber attack pathway is most likely and most harmful for your organization to decide where to invest Develop information sharing and coordinated response mechanisms with private sector companies that may provide the attack medium

Be aware of the common footprints of asset attacks Strategic, resource intensive Internet, Physical and External Internet malware Tight control, ability to operate APTs Fire and forget strategy Targeted expansion Opportunistic expansion Based on host functionality and value Based on existence of vulnerabilities Layered, custom built attack vector Standard IP- based attack vectors Self-upgrade and stealth presence Weak deletion methods Aurora GhostNet 1.Planning 2.Payload Introduction 3. Command and Control 4.Footprint Expansion 5.Target identification 6.Attack Event 7.Retreat and Removal Monitor not just inbound but also outbound connections Deploy intrusion detection systems, engage security firms for threat updates Consider strong security for high value users and assets e.g. two- factor authentication

However, the footprint of infrastructure attacks may be very diverse 1.Planning 2.Payload Introduction 3. Command and Control 4.Footprint Expansion 5.Target identification 6.Attack Event 7.Retreat and Removal Strategic, resource intensive Operational, focused on attack vector rather than goals Internet, Physical and External Internet malware Tight control, ability to operate APTs Fire and forget strategy Targeted expansion Opportunistic expansion Based on host functionality and value Based on existence of vulnerabilities Layered, custom built attack vector Standard IP- based attack vectors Self-upgrade and stealth presence Weak deletion methods Stuxnet Conficker IP-based DDoS attacks can take a very different approach from process control network attacks Need to think differently about attacks on the SCADA network

Recommendations for the oil & gas industry All of the ones before, plus: Know that attacks on SCADA assets are already happening and can be expected to increase Attack on SCADA assets can create large magnitude of losses quickly (running into millions of dollars per day) Work with security vendors and process control security firms to deploy both perimeter and defense-in-depth solutions Share vulnerability information and collaborate in industry projects to monitor, detect and remedy cyber attacks Take advantage of policies and protocols to strengthen security and organizational policies (e.g. training of SCADA operators in security)

Recommendations for policy makers Help overcome challenges in implementing the energy roadmap Information sharing Innovative partnerships Regulatory environment Keep cyber security on private sectors priority list through education and standards development Help build a case for justifying investment in cyber security by critical infrastructure firms

Selected References / Readings Cyberspace Policy Review: Assuring a Trusted and Resilient Information and Communications Infrastructure, for the Executive Office of The President, 2009 The command structure of the Aurora Botnet, Damballa, 2010 Natural gas compressor stations on the interstate pipeline network: Developments since 1996, Energy Information Administration, Office of Oil and Gas, November 2007 A Comparison of oil and gas segment cyber security standards, Idaho National Engineering and Environment Laboratory, November 2004 DCS virus infection, investigation and response: A case study, ICSJWG Fall 2010 Conference Berk V., Cybenko G. and Gray R., Early Detection of Active Internet Worms, Massive Computing, 2005, Volume 5, Part III, 147-180 Roadmap to Secure Control Systems in the Energy Sector, Energetics Inc., January 2006 Roadmap Update Workshop Series, Energy Sector Control Systems Working Group, January 2011 Haimes Y. and Jiang P., Leontief-based Model of Risk in Complex Interconnected Infrastructure, Journal of Infrastructure Systems, Vol. 7, No. 1, March 2001, pp. 1-12 LOGIIC cyber security system, Sandia National Laboratories, September2006 Haimes Y., Santos J., Crowther K., Henry M., Lian C. and Yan Z., Risk Analysis in Interdependent Infrastructures, IFIP International Federation for Information Processing, 2007, Volume 253/2007, 297-310 Protecting Your Critical Assets: Lessons learnt from Operation Aurora, McAfee 2010 In the Crossfire: Cyber Infrastructure in the Age of Cyberwar, McAfee 2010 Capability of the Peoples Republic of China to Conduct Cyber Warfare and Computer Network Exploitation, for the US China Economic and Security Commission, Northrop Grumman Corporation Cyber Attacks against SCADA and Control Systems, Byres E. and Paller A., Sans Institute Webinar, 2006 W32.Stuxnet Dossier, Symantec, November 2010 State of Enterprise Security 2010, Symantec, 2010 David W. Crain, Stan Abraham, (2008), Using value-chain analysis to discover customers' strategic needs, Strategy & Leadership, Vol. 36 Iss: 4, pp.29 39 Tracking Ghostnet: Investigating a Cyber Espionage Network, Information Warfare Monitor, Canada, March 29, 2009

Selected Web References Attack on US oil industry: http://www.csmonitor.com/USA/2010/0125/US-oil-industry-hit-by-cyberattacks-Was-China- involved/(page)/2 Attacks on Dept. of Defense: http://www.businessweek.com/magazine/content/08_16/b4080032218430.htm SCADA basics: http://www.free-engineering.com/ar-scada.htm Impact of Russias oil disruption: http://www.cges.co.uk/resources/articles/2009/08/06/rescuing-russia-europe-gas-relations Impact on Mexicos pipeline incident: http://www.usatoday.com/news/world/2007-09-10-mexico-pipeline_N.htm Cost of French air strikes: http://www.cbsnews.com/stories/2010/10/25/world/main6991577.shtml All images used are the copyright of their respective owners

Resources and Support Interviews Laurie Burnham, I3P, Dartmouth College Davil Nicols, Information Trust Institute Nicola Secomandi, Carnegie Mellon Tepper School of Business

About the study Independent Study at Tuck School of Business Advisors: Professors Eric Johnson, Brian Tomlin Part of the Cyber Code of Conduct project, Fletcher School of Law & Diplomacy Principal Investigator: Professor William Martel

Appendix

Select glossary of terms not explained elsewhere IP: Internet Protocol Zero-day vulnerability: A vulnerability that is not closed/addressed by developers when a software is released Exfiltration: stealth removal of information from target network (in context of cyber attacks) DNS: Domain Name System servers, which translate machine names to IP addresses. DNS query refers to querying these servers for machine information. DNS poisoning refers to deliberately introducing translation data to DNS servers Active Directory: Windows directory that maintains user names and passwords for a corporate network Rootkit: A program that aims to gain root control (right to operate as administrator) without revealing itself SQL injection: Subverting/crashing a database-based website by using illegal database queries Vishing: Exploiting telephony networks to obtain user information, such as credit card numbers Botnets/Zombies: Computers which have been compromised by malware and are used by it to target other computers DoS: Denial of Service, refers to crashing a web server by bombarding it with web queries. When this is done by using multiple botnets, it is called distributed DoS (or DDoS) Logic bomb: Internet attacks that are set to happen at a particular date or time in the future, or if some condition is met Two factor authentication: The requirement of passing two tests before obtaining access. For instance, entering a password and then using a fingerprint before access is given VPN: Virtual Private Network P2P: Peer-to-peer communication protocol

Anant Shivraj May 9 th 2011 Cyber Threat Evolution With a focus on SCADA attacks.

Documents

Transcript of Anant Shivraj May 9 th 2011 Cyber Threat Evolution With a focus on SCADA attacks.