UNIT IV: ENVIRONMENTAL LEGISLATION AND GUJARAT’S INITIATIVES FOR ENVIRONMENTAL PROTECTION:
National Infrastructure Protection Center PARTNERSHIP FOR PROTECTION STATUS and INITIATIVES.
-
Upload
aleesha-glenn -
Category
Documents
-
view
218 -
download
0
Transcript of National Infrastructure Protection Center PARTNERSHIP FOR PROTECTION STATUS and INITIATIVES.
National Infrastructure National Infrastructure Protection CenterProtection Center
National Infrastructure National Infrastructure Protection CenterProtection Center
PARTNERSHIP FOR PROTECTION
STATUS and INITIATIVES
National Infrastructure Protection National Infrastructure Protection CenterCenter
National Infrastructure Protection National Infrastructure Protection CenterCenter
“An adversary wishing to destroy the United States only has to mess up the computer systems of its banks by hi-tech means. This would disrupt and destroy the US economy.” February, 1996
“An adversary wishing to destroy the United States only has to mess up the computer systems of its banks by hi-tech means. This would disrupt and destroy the US economy.” February, 1996
People’s Liberation DailyPeople’s Liberation Daily
Critical InfrastructureCritical Infrastructure
““Services so vital that Services so vital that their incapacity or their incapacity or destruction would have a destruction would have a debilitating impact on the debilitating impact on the defense or economic defense or economic security of the United security of the United States”States”
CRITICAL INFRASTRUCTURESCRITICAL INFRASTRUCTURES
Telecommunications / Computer SystemsTelecommunications / Computer SystemsElectrical PowerElectrical PowerOil & GasOil & GasTransportationTransportationBanking & FinanceBanking & FinanceWater Water Emergency ServicesEmergency ServicesGovernment OperationsGovernment Operations
Why were we concerned about the Y2K Why were we concerned about the Y2K rollover ?rollover ?
Why were we concerned about the Y2K Why were we concerned about the Y2K rollover ?rollover ?
Uncertainty as to the stability of Uncertainty as to the stability of infrastructures which are dependent upon infrastructures which are dependent upon computerscomputers
The threat of malicious attacks upon The threat of malicious attacks upon systems that control our nation’s systems that control our nation’s economy and securityeconomy and security
The possibility that computer systems The possibility that computer systems might not recognize the date changemight not recognize the date change
There were no significant There were no significant Infrastructure attacksInfrastructure attacks
Industry reported Industry reported several anomalies: several anomalies:
Brief delay in some British Brief delay in some British credit card transactions.credit card transactions.
Numerous retail receipts read Numerous retail receipts read “1900”.“1900”.
Occasional loss of 911 Occasional loss of 911 systemssystems
““The wonderful thing about the The wonderful thing about the Internet is that you’re connected to Internet is that you’re connected to everyone else. The terrible thing everyone else. The terrible thing about the Internet is that you’re about the Internet is that you’re connected to everyone else.” connected to everyone else.”
““Freedom Isn’t Free…”Freedom Isn’t Free…”““Freedom Isn’t Free…”Freedom Isn’t Free…”
Historical BackgroundHistorical BackgroundHistorical BackgroundHistorical Background
End of the Cold WarEnd of the Cold WarChanging Expectations of WarfareChanging Expectations of WarfareHomeland Defense a New Worry Homeland Defense a New Worry Vulnerabilities & InterdependenciesVulnerabilities & InterdependenciesEver-growing role of E-commerceEver-growing role of E-commerceLoyalties are ChangingLoyalties are ChangingSOLAR SUNRISE SOLAR SUNRISE New Terrorism Possibilities & ActorsNew Terrorism Possibilities & Actors
MUST REDEFINE SECURITYMUST REDEFINE SECURITY
OLD DEFINITIONS DON’T WORKOLD DEFINITIONS DON’T WORK
Foreign vs. DomesticForeign vs. Domestic
Intelligence vs. Law EnforcementIntelligence vs. Law Enforcement
Military vs. Law EnforcementMilitary vs. Law Enforcement
““TRADITIONAL” ADVERSARIES TRADITIONAL” ADVERSARIES NO LONGER FIT THE MOLD NO LONGER FIT THE MOLD
Unstructured Threats Insiders Hackers / Virus Propagators
Unstructured Threats Insiders Hackers / Virus Propagators
Structured Threats Hacktivists Economic Espionage Organized Crime
Structured Threats Hacktivists Economic Espionage Organized Crime
National Security Threats Terrorists Intelligence Agencies Information Warriors
National Security Threats Terrorists Intelligence Agencies Information Warriors
THREATS - HARD TO DEFINETHREATS - HARD TO DEFINE
CAPABILITY + INTENT x VULNERABILITY = CAPABILITY + INTENT x VULNERABILITY = THREATTHREAT
Traditional AdversariesTraditional Adversaries Economic AdversariesEconomic Adversaries Political AdversariesPolitical Adversaries Others / Potential Others / Potential
Terrorists / Organized Crime / Non-State / OpportunistsTerrorists / Organized Crime / Non-State / Opportunists
RANGE OF CAPABILITY - - BUT RANGE OF CAPABILITY - - BUT
SIGNIFICANT CAPABILITY IS EASY TO GETSIGNIFICANT CAPABILITY IS EASY TO GET
Unique Challenges FacingUnique Challenges FacingLaw EnforcementLaw Enforcement
Unique Challenges FacingUnique Challenges FacingLaw EnforcementLaw Enforcement
Intelligence (statistics)Intelligence (statistics)Identifying perpetratorsIdentifying perpetratorsLocating victimsLocating victimsDetermining venueDetermining venueTechnical trainingTechnical trainingDeveloping partnershipsDeveloping partnerships
with private sectorwith private sector
Intelligence (statistics)Intelligence (statistics)Identifying perpetratorsIdentifying perpetratorsLocating victimsLocating victimsDetermining venueDetermining venueTechnical trainingTechnical trainingDeveloping partnershipsDeveloping partnerships
with private sectorwith private sector
WHOSE PROBLEM IS IT ?WHOSE PROBLEM IS IT ?WHOSE PROBLEM IS IT ?WHOSE PROBLEM IS IT ?
NOT JUST A FEDERAL GOVERNMENT NOT JUST A FEDERAL GOVERNMENT ISSUEISSUE
AND NOT JUST A GOVERNMENT ISSUEAND NOT JUST A GOVERNMENT ISSUE
ANYONE - AT ANY LEVEL - CAN BE AANYONE - AT ANY LEVEL - CAN BE A
TARGET OR A VICTIM OF TERRORISM TARGET OR A VICTIM OF TERRORISM
Why Should Government and Why Should Government and Industry be Concerned?Industry be Concerned?
Why Should Government and Why Should Government and Industry be Concerned?Industry be Concerned?
Exponential increase in number and severity of Exponential increase in number and severity of domestic Cyber incidentsdomestic Cyber incidents Increase in 2 years, from 3700 to 22,000 incidents Increase in 2 years, from 3700 to 22,000 incidents
reported to CERT/CC ®reported to CERT/CC ® Increasing FBI caseloadIncreasing FBI caseload
““Solar Sunrise” (FEB 1998) - DOD “wake-up call”Solar Sunrise” (FEB 1998) - DOD “wake-up call” Recent “Leaves” & “Code Red” Worm eventsRecent “Leaves” & “Code Red” Worm events Enterprise security practices continue to lag product Enterprise security practices continue to lag product
innovationsinnovations
NATIONAL INFRASTRUCTURE NATIONAL INFRASTRUCTURE PROTECTION CENTERPROTECTION CENTER
Composition - Interagency, multi-levelComposition - Interagency, multi-level Multiple government agenciesMultiple government agencies Federal, state, and local law enforcementFederal, state, and local law enforcement Private sector representativesPrivate sector representatives
ManningManning FBI - 75 of 93 on boardFBI - 75 of 93 on board Other government agencies - 22 of 40 on boardOther government agencies - 22 of 40 on board
DoD, DCIS, NSA, Services, GSA, DoE,DoD, DCIS, NSA, Services, GSA, DoE,CIA, USPS, FAACIA, USPS, FAA
Inbound includes FDIC, State, othersInbound includes FDIC, State, others
NIPC Director
Deputy Director
Computer Investigations andOperations Section (CIOS)
Analysis and Warning Section (AWS)
Computer Investigations Unit
Special Technologies Applications Unit
Cyber Emergency Support Team
Analysis and Information Sharing Unit
Watch and Warning Unit
Training, Outreach and Strategy Section (TOSS)
Training and Continuing Education Unit
Strategic Planning Unit
Outreach and Field Support Unit
NIPC OrganizationNIPC Organization
NIPC INITIATIVESNIPC INITIATIVESINFRAGARD
Government - private sector alliance. Representatives Government - private sector alliance. Representatives from industry, government, academia, law enforcementfrom industry, government, academia, law enforcement
Mechanism for systems owners and operators to Mechanism for systems owners and operators to communicate with colleaguescommunicate with colleagues
Improves dissemination of security informationImproves dissemination of security information Intrusion alert network & Secure web siteIntrusion alert network & Secure web site Chapter committees dedicated to concerns of membershipChapter committees dedicated to concerns of membership Seminars and training & Meetings with colleaguesSeminars and training & Meetings with colleagues
Membership requirementsMembership requirements Membership agreementMembership agreement Confidentiality pledgeConfidentiality pledge Commitment to actively participateCommitment to actively participate
InfraGard ServicesInfraGard ServicesInfraGard ServicesInfraGard Services
• Secure Web SiteSecure Web Site• Secure Web SiteSecure Web Site
• Alert NetworkAlert Network• Alert NetworkAlert Network
• Chapter ActivitiesChapter Activities• Chapter ActivitiesChapter Activities
• Help DeskHelp Desk• Help DeskHelp Desk
Why InfraGard?Why InfraGard?Why InfraGard?Why InfraGard?
• Presidential Decision Directive 63Presidential Decision Directive 63
• Vulnerability information not always Vulnerability information not always being shared by owners and operatorsbeing shared by owners and operators
• Computer expertise is identified and Computer expertise is identified and enhanced enhanced
• Relationships are established between Relationships are established between private industry and government agenciesprivate industry and government agencies
• Presidential Decision Directive 63Presidential Decision Directive 63
• Vulnerability information not always Vulnerability information not always being shared by owners and operatorsbeing shared by owners and operators
• Computer expertise is identified and Computer expertise is identified and enhanced enhanced
• Relationships are established between Relationships are established between private industry and government agenciesprivate industry and government agencies
NIPC INITIATIVESNIPC INITIATIVES
KEY ASSET INITIATIVE
FBI PROGRAM REVITALIZEDFBI PROGRAM REVITALIZED
KEY ASSETS NEED TO BE REDEFINEDKEY ASSETS NEED TO BE REDEFINED
DATA BASE MAINTAINED AT NIPCDATA BASE MAINTAINED AT NIPC
FIELD OFFICES GATHERING INFOFIELD OFFICES GATHERING INFO
MUST BE COMPATIBLE WITH DOD PROGRAMMUST BE COMPATIBLE WITH DOD PROGRAM
What is a Key Asset?What is a Key Asset? An organization, group of organizations, An organization, group of organizations,
system, or group of systems is considered system, or group of systems is considered to be a critical or “ key” asset if it is to be a critical or “ key” asset if it is determined that the loss of its associated determined that the loss of its associated goods, services or information would goods, services or information would have widespread and dire economic or have widespread and dire economic or social impact.social impact.
Tier1 = national impactTier1 = national impact Tier 2 = regional impactTier 2 = regional impact Tier 3 = local impactTier 3 = local impact
The Role of the Key Asset Coordinator The Role of the Key Asset Coordinator in the field:in the field:
Conduct a thorough search Conduct a thorough search for key assets in your for key assets in your divisiondivision
Examine one infrastructure Examine one infrastructure at a time until you have at a time until you have completed all eightcompleted all eight
Once identified, categorize Once identified, categorize assets by tierassets by tier
Once list is complete, Once list is complete, contact owners/operatorscontact owners/operators
Maintain contact with assetsMaintain contact with assets
Critical Networks/SystemsCritical Networks/Systems
ThreatsThreats VulnerabilitiesVulnerabilities
RiskRisk
Credit Card TheftCredit Card TheftCredit Card TheftCredit Card Theft
Organized Crime Groups
U.S. Companies
intrusion
data
Hacker ProfileHacker Profile
Predominantly teenage malesPredominantly teenage malesPoor interpersonal skillsPoor interpersonal skillsFocused on technologyFocused on technologySubstitutes the computer for interpersonal Substitutes the computer for interpersonal
relationshipsrelationshipsInsatiable curiosityInsatiable curiosityAnti-establishment (nerd with an attitude)Anti-establishment (nerd with an attitude)Desire to possess “forbidden knowledge”Desire to possess “forbidden knowledge”
Typical Network AttackTypical Network AttackTypical Network AttackTypical Network Attack
Locate system
to attack
Gain useraccess
Covertracks
Installbackdoors
Attackother hosts
Take or alter
information
Engage inother un-
authorizedactivity
Gainprivileged
access
What We Can Do for YouWhat We Can Do for YouWhat We Can Do for YouWhat We Can Do for You
Combine technical skills and investigative experienceCombine technical skills and investigative experience National and global coverageNational and global coverage Apply more traditional investigative techniquesApply more traditional investigative techniques Long-term commitment of resourcesLong-term commitment of resources Integration of law enforcement and national security Integration of law enforcement and national security
concernsconcerns Pattern analysisPattern analysis Can provide deterrent effect . . . even if hacker not Can provide deterrent effect . . . even if hacker not
prosecutedprosecuted
What We Cannot DoWhat We Cannot DoWhat We Cannot DoWhat We Cannot Do Take over your systemTake over your system Provide information beyond your need to knowProvide information beyond your need to know Share proprietary information with competitorsShare proprietary information with competitors Become involved in civil actionBecome involved in civil action May not keep you advised of status of investigationMay not keep you advised of status of investigation Provide investigation-related information to the Provide investigation-related information to the
mediamedia Provide access to national security Provide access to national security
information/intelligence gathering techniquesinformation/intelligence gathering techniques May not react with the speed you want or expect May not react with the speed you want or expect
INVESTIGATIVE PROCESSINVESTIGATIVE PROCESSINVESTIGATIVE PROCESSINVESTIGATIVE PROCESS
Victim ComplaintVictim ComplaintCollection of EvidenceCollection of EvidenceIdentify Subject / LocationIdentify Subject / LocationSearch WarrantSearch WarrantAnalysis of Evidence SeizedAnalysis of Evidence SeizedArrest / Formal ChargingArrest / Formal ChargingTrial / Plea AgreementTrial / Plea AgreementSentencingSentencing
Bottom Line . . . . . .Bottom Line . . . . . .Bottom Line . . . . . .Bottom Line . . . . . .
The Hacker has access The Hacker has access and wants to and wants to keepkeep it it!!
Response ChecklistResponse ChecklistResponse ChecklistResponse Checklist
Respond quickly and without failRespond quickly and without fail Check date and time stamps of log filesCheck date and time stamps of log files Designate one employee to secure evidenceDesignate one employee to secure evidence
Physically secure & copy to CD, Initial and date it!Physically secure & copy to CD, Initial and date it! Retain Evidence for Law EnforcementRetain Evidence for Law Enforcement
Request trap and trace with upstream providerRequest trap and trace with upstream provider Make backups of damaged/altered filesMake backups of damaged/altered files Secure old backups to show original status of systemSecure old backups to show original status of system Trace through System Administrator ContactsTrace through System Administrator Contacts
SysAdmin - Extension of FBI ?SysAdmin - Extension of FBI ?SysAdmin - Extension of FBI ?SysAdmin - Extension of FBI ?
Once Government is involved:Once Government is involved: FBI cannot direct Victim - FBI cannot direct Victim -
Privacy Violation Privacy ViolationVictim can make inquiries prior to Victim can make inquiries prior to
reporting to FBIreporting to FBI Permits Evidence to be retainedPermits Evidence to be retained Can advise FBI at initial interview of all of Can advise FBI at initial interview of all of
the connections through other sitesthe connections through other sites
Success is spelled L.O.G.S.Success is spelled L.O.G.S.Success is spelled L.O.G.S.Success is spelled L.O.G.S.
System Logs (lastlog and history files)System Logs (lastlog and history files)Dial-in and Network AuthenticationDial-in and Network AuthenticationIntercepted TrafficIntercepted TrafficE-mailE-mail
Logfile collectionLogfile collection Keep all logs, no matter how trivial seemingKeep all logs, no matter how trivial seeming
may be important for trend analysismay be important for trend analysis cross-event correlation may enable reconstruction cross-event correlation may enable reconstruction
of missing/deleted eventof missing/deleted event
Tracing the ConnectionsTracing the Connections
Signs of an Inexperienced HackerSigns of an Inexperienced HackerSigns of an Inexperienced HackerSigns of an Inexperienced Hacker
Deletes or corrupts dataDeletes or corrupts dataShuts down the machineShuts down the machineGives out the compromised passwordsGives out the compromised passwordsCan be identified with scriptingCan be identified with scriptingShares account with othersShares account with others
AN INTERNATIONAL PROBLEMAN INTERNATIONAL PROBLEM
INFRASTRUCTURES ARE INFRASTRUCTURES ARE INTERNATIONAL INTERNATIONAL
ATTACKS KNOW NO BORDERSATTACKS KNOW NO BORDERS
SECURITY AND RESPONSE REQUIRE SECURITY AND RESPONSE REQUIRE NATIONWIDE AND INTERNATIONAL NATIONWIDE AND INTERNATIONAL COOPERATION COOPERATION
Signs of an Experienced HackerSigns of an Experienced HackerSigns of an Experienced HackerSigns of an Experienced Hacker Alters logs rather than deletes themAlters logs rather than deletes them Alters ALL relevant logsAlters ALL relevant logs Victim cannot easily determine how the Victim cannot easily determine how the
original access was attainedoriginal access was attained New techniques were usedNew techniques were used Hacker installed trojanized code to avoid Hacker installed trojanized code to avoid
detection (who, netstat, ps)detection (who, netstat, ps) On and Off the system quicklyOn and Off the system quickly No bragging or sharing of accountNo bragging or sharing of account
Challenges for Law EnforcementChallenges for Law EnforcementChallenges for Law EnforcementChallenges for Law EnforcementTraceabilityTraceability
Through numerous Internet SitesThrough numerous Internet Sites Identification of Subject and other VictimsIdentification of Subject and other Victims
International ElementsInternational Elements Sovereignty Sovereignty
Inconsistent LawsInconsistent Laws Legality of Obtaining EvidenceLegality of Obtaining Evidence
Preservation and Evidence CollectionPreservation and Evidence Collection Chain of Custody of EvidenceChain of Custody of Evidence Overseas Witnesses at TrialOverseas Witnesses at Trial
Investigative TechniquesInvestigative TechniquesInvestigative TechniquesInvestigative Techniques Internet is only a portion of the case.Internet is only a portion of the case. Traditional Law Enforcement Traditional Law Enforcement
Physical SurveillancePhysical Surveillance Consensual MonitoringConsensual Monitoring Electronic SurveillanceElectronic Surveillance Search WarrantsSearch Warrants InterviewsInterviews Evidence Collection and AnalysisEvidence Collection and Analysis Informants and Cooperating WitnessesInformants and Cooperating Witnesses
Investigating the CrimeInvestigating the Crime
(Victim Site)(Victim Site)
(Looping Sites(Looping Sites.edu, .com, .gov).edu, .com, .gov)
(Source ISP:(Source ISP:Keep Safe!)Keep Safe!)
Logs
Trap/Trace
Monitoring
Subpoena
Search Warrant
Another Country’s Solution…Another Country’s Solution…
THE CHALLENGETHE CHALLENGETHE CHALLENGETHE CHALLENGE
The ChallengeThe Challenge
The SolutionThe Solution
The Private Sector ContributionThe Private Sector Contribution
The Government ContributionThe Government Contribution
WILL IT WORK ?WILL IT WORK ?WILL IT WORK ?WILL IT WORK ?
New Information Sharing New Information Sharing
Paradigm Paradigm
Foundation of Trust Foundation of Trust
No One Has All the AnswersNo One Has All the AnswersNo One Has All the AnswersNo One Has All the Answers
But all can contribute to the answersBut all can contribute to the answers
Intelligence, Law Enforcement, Intelligence, Law Enforcement, CERTs, Systems Administrators, CERTs, Systems Administrators, Infrastructure Owners and OperatorsInfrastructure Owners and Operators
When you think of law enforcement, don’t focus on When you think of law enforcement, don’t focus on arrests. Instead focus on their authorities to get arrests. Instead focus on their authorities to get answers to the critical questions.answers to the critical questions.
Questions?
Walter L. Wright
Supervisory Special Agent
Walter L. Wright
Supervisory Special Agent
[email protected]@fbi.gov(202) 324-0361(202) 324-0361
[email protected]@fbi.gov(202) 324-0361(202) 324-0361
National Infrastructure Protection CenterNational Infrastructure Protection CenterFederal Bureau of InvestigationFederal Bureau of Investigation
Room 11719Room 11719935 Pennsylvania Avenue, NW935 Pennsylvania Avenue, NW
Washington, DC 20535Washington, DC 20535
National Infrastructure Protection CenterNational Infrastructure Protection CenterFederal Bureau of InvestigationFederal Bureau of Investigation
Room 11719Room 11719935 Pennsylvania Avenue, NW935 Pennsylvania Avenue, NW
Washington, DC 20535Washington, DC 20535