CSE4003Cyber securityDIGITAL ASSIGNMENT 1Winter Semester – 2017-18A1 + TA1 SLOTSubmitted by:Group 20Kanishak Kumawat – 16BCE2151Amatya – 16BCE2152Keerthan Satya Devineni – 16BCE2161SCOPEVIT UNIVERSITYVELLORE – 632 014 TAMIL NADUINDIAAbstractIn this assignment we will see the various protocols and ways, using which a developed country like USA has handled Protection of Critical Infrastructure from cyber threats and how a developing nation like India is quickly catching up with it’s relatively new protocols and policies.IntroductionIn the critical infrastructure sectors, just like any other sector, information is a crucial asset and is prone to cyber threats and attacks. The threats and type of attacks are all the same like any other sector including: Advanced Persistent Threats Phishing Trojans Botnets Ransomware Distributed Denial of Service (DDoS) Wiper Attacks Intellectual Property Theft And many more. Important Abbreviations: CII – Critical information infrastructure.
CI – Critical InfrastructureCIP – Critical Infrastructure ProtectionNCIIPC – National Critical Information Infrastructure Protection CentreWhat is CRITICAL INFRASTRUCTURE?A country’s Critical infrastructure supply the necessary services that aid our society and serve as the anchor of our nation’s economy, security, and health. It is the power we use in our homes, the water we drink, the transportation we move in, the stores we shop, and the communication systems using which we stay in touch with our relatives.Overall, there are 16 critical infrastructure sectors like energy (including the critical information infrastructure) that compose the assets, systems, and networks, whether physical or virtual, so essential to our nation and society that their incapacitation or termination would have a weakening effect on security, national economic security, national public health or safety, or any combination thereof.What are cyber threats?The Oxford dictionary defines cyber threats as: the possibility of a malicious attempt to damage or disrupt a computer network or system. This definition is incomplete however, in the cybersecurity community, the threat is more closely associated to the actor or adversary who wants to again access to a system with malicious intent. Or a threat might be characterized as the damage being done, Assets or data being stolen or the Tactics, Techniques and Procedures (TTP) being used in place.Most Common Sources of Cyber Threats Nation states or national governments Terrorists Industrial spies Organized crime groups Hacktivists and hackers Business competitors Disgruntled insidersCyber protection of Critical InfrastructureAs mentioned in the above sections, critical infrastructure are imperative for the proper functioning of society, hence it is important to not only protect them from regular threats but from Cyber threats as well.
Due to ever evolving technology, the way we store, manipulate and transfer information is constantly changing. In order to provide protection from cyber threats the security measures also need to change constantly. Security agencies make sure to stay updated and provide protection.There are multiple organisations, agencies and protocols around the globe in various countries to protect critical infrastructure from cyber threats like DDoS, wiper attacks etc.
When it comes to CIP – Critical Infrastructure Protection (In cyberspace), the focus is more on the existence of a policy that outlines awareness training that discusses cybersecurity practices. Such training could include physical security practices as well. However, what these programs actually consist of is left to the company/agency itself to determine.CIP from cyber threats (in USA)In USA DHS (Department of Homeland Security) is the leading Federal agency for protecting of critical infrastructure from cyber threats and it does this by employing a risk-informed, all-hazards approach to safeguarding critical infrastructure in cyberspace. This approach puts an emphasis on protection of privacy and civil liberties, transparent and accessible security processes, and domestic and international partnerships. DHS logoProtection of cyber infrastructure is done by coordinating with sector-specific agencies, other federal agencies, and private sector partners to share information on and analysis of threats in cyber space and vulnerabilities and to fully understand the interdependence of infrastructure systems worldwide. These private sector partners and sector specific agencies include some of the following: Communications Sector – Department of Homeland Security Critical Manufacturing Sector – Department of Homeland Security Defense Industrial Base Sector – Department of Defense Energy Sector – Department of Energy Financial Services Sector – Department of the Treasury Healthcare and Public Health Sector – Department of Health and Human Services Information Technology Sector – Department of Homeland Security Transportation Systems Sector – Department of Homeland Security and Department of Transportation Water and Wastewater Systems Sector – Environmental Protection Agency There are different levels to CIP, for different types of threats in cyberspace:CIP-004-6 (personnel and training)This section includes identity confirmation for personnel, a procedure for checking and evaluating criminal history, and personnel risk assessments.
There is a requisite for audit records addressing identity and access management (IAM) and electronic access.CIP-005-5 (electronic security perimeter)The electronic security perimeter (ESP) is the control systems, server room, telecom room and so on. The critical cyber-assets comes under this section of CIP. Mostly, the entities covered by CIP will spend a great deal of time and energy developing a hard exterior (the ESP), but assets contained within – the guts – are soft (i.e. Data or information)The ESP isn’t the hardest point in most cases.
physical access controls (PACs) are not covered under the ESP section. For example, video cameras are a weak point, as they’re not considered when it comes to the ESP. CIP-006-6 (physical security)This is where physical access to systems comes into play, and for the most part focuses on policies supporting a specific physical security plan. PAC systems are covered here, as well as human security, fences, seismic monitoring, video monitoring and locks.CIP from cyber threats (in India)The Information Technology Act, 2000 (India) defines Critical Information Infrastructure (CII) as: “those computer resource, the incapacitation or destruction of which, shall have debilitating impact on national security, economy, public health or safety” In India we have the National Critical Information Infrastructure Protection Centre (NCIIPC) which is designated as the National Nodal Agency in respect of Critical Information Infrastructure Protection.
There was a lack of agencies and protocols in India that existed in the USA. Hence, the NCIIPC was formed on 16th january 2014.NCIIPC logoNCIIPC has broadly identified the following as ‘Critical Sectors’:- Power & Energy Banking, Financial Services & Insurance Telecom Transport Government Strategic & Public EnterprisesFunctioning of NCIIPC to protect Critical Infrastructure: It is the National nodal agency for all measures to defend country’s critical information infrastructure. Protect and present advice that aims to cut down the vulnerabilities of critical information infrastructure, against cyber terrorism, cyber warfare and similar threats.
Identification of all critical information infrastructure elements for approval by the appropriate Government for notifying the same. Provide important leadership and cohesion across Government to react to cyber security threats against the identified critical information infrastructure. Coordinate, share, monitor, collect, analyse and forecast, national level threat to CII for policy guidance. Expertise sharing and situational awareness for early warning or alerts. The basic duty for protecting CII system shall lie with the agency running that CII. Assisting in the evolution of appropriate plans, adoption of standards, sharing of best practices and polishing of acquisition processes with respect to protection of Critical Information Infrastructure.
Evolving protection strategies, policies, vulnerability assessment and auditing methodologies and plans for their distribution and execution for protection of Critical Information Infrastructure.NCIIPC operations: NCIIPC keeps a 24×7 Help Desk to help reporting of incidents on Toll Free No. 1800-11-4430. Issues consulting or alerts and provide guidance and expertise-sharing in addressing the threats/vulnerabilities for protection of CII.
In the event of a likely/actual national-level threat, it plays a crucial role to coordinate the response of the various CII stake-holders in close cooperation with CERT-India.References: https://criterion-sys.com/protecting-critical-infrastructure-from-cyber-threats/ https://www.secureworks.com/blog/cyber-threat-basics https://www.energy.gov/sites/prod/files/oeprod/DocumentsandMedia/26-CIP_CyberAssessmentGuide.
pdf https://www.csoonline.com/article/3204531/security/critical-infrastructure-protection-cip-security-problems-exist-despite-compliance.html http://nciipc.gov.in/ https://www.
dhs.gov/topic/critical-infrastructure-security http://ieeexplore.ieee.org/abstract/document/969131/ Critical infrastructure protection by ANTHONY H. CORDESMAN http://heinonline.org/HOL/LandingPagehandle=hein.journals/hjlt20&div =18&id=&page= Critical Information Infrastructures Security by Erich Rome Robin Bloomfield