ww
w.in
l.g
ov
Critical Infrastructure Protection (CIP)
Presentation at EU sf ―Raising Public Awareness about the Information Society‖
Tallinn, Estonia
14 March 2012
Dr. K. P. AnanthPhone: (208) 757-0590
Email: [email protected]
INL/CON-12-24985
2
Outline
Background on Idaho National Laboratory
What constitutes Critical Infrastructure in the U.S. and why protect it?
Risks and Threats: Cyber threats to Electric Grid, Control Systems and Wireless Communications
Some current approaches for protecting Critical Infrastructures
Proposed Senate Cybersecurity Act of 2012
How can INL and Estonia collaborate?
3
Idaho National Laboratory — Today the Site Supports Three Focused National Missions
Naval Reactors Facility
1400 Employees 1200 EmployeesBusiness Volume $365M
600 EmployeesBusiness Volume $124M
4200 EmployeesBusiness Volume $1B
Idaho National Laboratory — The National Nuclear Laboratory with synergistic capabilities in National & Homeland Security
MISSIONS
• Nuclear Energy
• National & Homeland Security
• Energy & Environment
EMPLOYERS
• 890 square miles, ~4800 ft elevation
• 111 miles of electrical transmission and distribution lines, with isolatable grid
• 6 cellular towers (Wireless Comms –3 fixed, 3 mobile)
• 579 buildings
• Abundant water
• 177 miles of paved roads
• 14 miles of railroad lines
SITE
*
4
Research - Development - Demonstration – Deployment (RDDD)
At INL, We have a history supporting National Missions
• National Reactor Testing Station 1949, INEL 1974, INEEL 1994, INL 2005
• Fuel cycle development and demonstration – reprocessing
• Specific Manufacturing Capability (SMC)
• Design construction testing and operation of 52 unique nuclear reactors, incl. Navy’s Nautilus Submarine Prototype (S1W) Reactor
• Testing Naval Large Caliber Guns
5
Today’s RDDD Programs are of National Importance
Supervisory Control and Data Acquisition (SCADA) Work
Grid Reliability and Security
Cyber Security
Wireless Communications
Nuclear Nonproliferation
Nuclear Counterproliferation
Armor, Explosive Blast Protection
A leader in critical infrastructure protection and homeland security
National & Homeland Security
Energy & Environment
Battery Technology
Bio-fuels and Synfuels
Hybrid Energy Systems
Non-traditional Hydrocarbon use
A leader in developing energy solutions to Idaho and the Region
Nuclear Energy
Advanced Fuel Cycle R&D
Next Generation Nuclear Plant (NGNP)
ATR National Scientific User Facility
Space Nuclear
U.S. National Nuclear Energy Laboratory and an International leader
Homeland Security Presidential Directive (HSPD-7) identifies 18 Critical Infrastructures and Key Resources (CIKR)
• Agriculture and Food
• Banking & Finance
• Chemical
• Commercial Facilities
• Critical Manufacturing
• Dams
• Defense Industrial Base
• Emergency Services
• Energy (production, refining, storage,
distribution of oil/gas/electric power
except nuclear)
6
Manmade or Natural Disasters to any of CIKR would adversely impact the national economy, national security,
public safety and health consequences for its citizens. Furthermore, cascading impacts would affect other
sectors in the country, worsening the situation; and taken to the next level, it could cascade to other nations.
As an example, the Chemical Sector in the U.S. accounts for about $700B in revenue and 800,000 employment,
and Public Health/Health Care accounts for $2 Trillion in revenue and 17M employment . This is
industry-specific without accounting for cascading impacts to other sectors and potentially other Nations.
The 9/11 terrorist incident in the U.S. stands as an example of the adverse impacts in Transportation
and its cascading impacts to other sectors of the economy and other nations as well.
• Government Facilities
• Information Technology
• National Monuments
• Nuclear Reactors
• Postal & Shipping
• Public Health
• Telecommunications
• Transportation
• Water (Drinking Water, Wastewater
systems
7
INL’s three critical enabling technology platforms cut through all 18 Infrastructure Sectors
Electricity
Computers/Wireless Comms
Control Systems
Threats can range from Economic Cyber Espionage to Data/Credit Card theft, stealing funds from Automated Teller
Machines, and Modern Warfare with Cyber attacks --- caused by individuals, terrorists, Nation states.
Markets and Operations
Generation
Transmission Distribution Customer Use
Today’s Electric Grid: One-way flow of electricity
2-way flow of electricity and information
Electric Grid Protection
―Smart Grid‖ = Electric Grid + Intelligence
• Integrates Renewables (e.g., wind, solar)
• Better Demand Supply Management
• Reduce Peaking
• Two-Way flow of Power & Information
• Automated Management, Operation, Control
8Figures courtesy of EPRI
Threats to the Electric Grid
• Legacy SCADA system vulnerabilities
• Integration of new IT and networking technologies add security challenges
• Limited cyber security controls currently in place
– Specified for bulk power distribution and metering
• Deliberate attacks (disgruntled employees, industrial espionage, unfriendly states, terrorists, and EMP)
• Inadvertent threats (equipment failures, user errors)
• Natural phenomena (disasters, solar activity)
9
Vulnerabilities might allow an attacker to penetrate a network, gain access to control software,
or alter load conditions to destabilize the grid in unpredictable ways
Electric Grid R&D Test & Evaluation at INL
INL Power Infrastructure:
• 62 Mile dual fed, 138kV
Transmission loop
• 7 Substations
• 3 Commercial feeds
• Ability to isolate portions of grid
for specialized testing
• Real-time grid monitoring and
control through centralized
SCADA operations center
• Power Simulation using Real
Time Digital Simulator (RTDS)
• Protection & Restoration
Staff with both R&D and
Utility Sector Experience
10
11
We operate DOE/OE’s National Supervisory Control & Data Acquisition (SCADA) Test Bed for the Energy Sector
Capabilities:• Conduct Assessments at INL and Asset
Owner Sites
• Research and Development
• Training and outreach
• Subject matter experts
12
We support Control System Challenges in Critical Infrastructures through DHS ICS-CERT Program, a National Program
Industrial Control Systems Cyber Emergency Response Team
• Provides situational awareness in the form of actionable information
• Conducts vulnerability and malware analysis
• Responds to and analyzes control systems related incidents
• Partners with federal, international and private sector to secure control systems
13
Outreach to Industry/Federal Entities Through Training is a Significant Element of the DHS, DOE Programs
• Share vulnerability and mitigation information with industry and government
• Conduct Red Team/Blue Team advanced training sessions
• Permanent Training Facility in Idaho Falls
– Classroom supports up to 42 students at a time
– Segregated areas for Red Team/
Blue Team
– Integrated substation with chemical plant
– Trained over 4,000 incl. asset owners, vendors, and Feds since 2007
14
With increased interest in Broadband applications, several new challenges have emerged. NTIA and FCC have jurisdiction over the Spectrum.
Wireless Communication: Global Advances Create Security-related Challenges & INL is Focused on Addressing Them• Major Trends:
– Ubiquitous, global broadband communications
– Wireless centric access and vanishing wireline
– Proliferation of Wireless Devices– IP protocol centric communications– Open Access environment
• Limitations in Spectrum– Little available spectrum in the U.S.– Spectrum usage 17%
INL’s Communications Range has unique attributes well suited to address current/ emerging National challenges (Security and Public Safety)
Isolated Location and Spectrum Management
• NTIA approved wireless experimental station, with local
spectrum management
• Low RF Noise background
• No Military Bases/ International Airports nearby
Full Scale Communications Networks
• GSM & UMTS Cellular + CDMA networks
• WiMAX, Mobile & Fixed networks
• WiFi / VoIP network isolated from the Internet
• State-of-the-art Network Operations Center (NOC)
Industry and Scientific Expertise
• Cellular, UHF, HF
• Power Grid, Cyber security, Control Systems
• In-house design, Operations, Maintenance, Engineering
• Cellular Design, Software and Hardware development
15
With Industry and DOD-experienced staff, INL supports critical national missions.
Some Current Approaches to CIP
16
• Protection of Proprietary
information
• Privacy rights of
individuals
• Sharing of information
while protecting it from
―bad actors‖
• Insider Threats
Workforce Development
‒ Training / Outreach (Basic Training, Intermediate, Advanced
(Red Team/Blue Team)
‒ Cyber Security evaluation tools (CSET) & Curriculum
Development)
‒ On site assessments (evaluate network and cyber
protection / practices; in depth assessment when
penetrated, INL Malware Analysis)
Knowledge Management
‒ Passing on Threat Bulletins
‒ Help Center
Standards Development
‒ Industry Association
‒ NIST
‒ Vendor Groups
‒ Federal Agencies
Partnership Between Industry & Government(There is an Industry-Specific representative for each of the 18 Sectors.)
Some Current Approaches to CIP
17
Intra Industry
• Protection of Proprietary
information
• Privacy rights
• Sharing of information
while protecting it from
―bad actors‖
• Insider Threats
‒ Industry Association (Cyber Security Concerns/Trends,
Benchmarking, Best Practices)
‒ Company-to-Company (By mutual agreement)
‒ Industry Sector Representative to Government (Describe
Challenges / Assistance Needed)
• Vendor (Qualifications/Selection/Procurement)
• Threat Information
• Assistance, as needed
• Continuing dialogue for situational awareness
Transnational
• Cyber Security Conferences /
Meetings
• Technical Collaborations / Staff
Exchanges
• Benchmarking
• Information Sharing
The Proposed Cybersecurity Act of 2012To ensure the federal government and the private sector take the necessary steps to secure our nation, the
Cybersecurity Act of 2012 would do the following:
• Determine the Greatest Cyber Vulnerabilities. Secretary of Homeland Security, Private sector and Intelligence Community conduct
risk assessments to determine sectors subject to greatest and most immediate cyber risks.
• Protect Our Most Critical Infrastructure. Authorize Secretary of Homeland Security, with the private sector, to determine
cybersecurity performance requirements based upon the risk assessments. The bill would cover most critical systems/assets in a given sector,
only if they are not already secured.
• Protect and Promote Innovation. Owners of “covered critical infrastructure” would have flexibility to meet the cybersecurity
performance requirements. The bill would prohibit government from regulating design or development of information technology products.
• Improve Information Sharing While Protecting Privacy and Civil Liberties. Provide a responsible framework for sharing of
cyber threat information between federal government and private sector, and within the private sector, while ensuring appropriate measures
and oversight to protect privacy, preserve civil liberties.
• Improve the Security of the Federal Government’s Networks. Amend the Federal Information Security Management Act
(FISMA) to develop a comprehensive acquisition risk management strategy. Move from culture of compliance to culture of security by giving
Department of Homeland Security (DHS) authority to streamline reporting requirements/reduce paperwork through monitoring and risk
assessment. Emphasize “red team” exercises and operational testing so federal agencies are aware of their networks’ vulnerabilities. Direct
OMB to develop security requirements and best practices for federal IT contracts and ensure agencies make informed decisions when
purchasing IT products/services.
• Clarify the Roles of Federal Agencies. Clarify and improve federal efforts to address cyber threats. Strengthen critical partnership
between the Department of Defense and the DHS. Consolidate cyber offices at DHS to unified National Center for Cybersecurity and
Communications for protecting the networks of federal civilian agencies and critical infrastructure without duplication.
• Strengthen the Cybersecurity Workforce. Reform how Cybersecurity personnel are recruited, hired, and trained so federal
government has necessary talent to lead and manage the protection of its own networks.
• Coordinate Cybersecurity Research and Development. Provide for a coordinated cybersecurity R&D program to advance
development of new technologies to secure our nation from ever‐evolving cyber threats. 18
The Cybersecurity Act of 2012
19
INL – Estonia Collaboration
Next Steps?
20
Recommended
