The 14th annual NCSAM is coming to a close, and we hope you’ll join in to promote a safer, more secure and more trusted Internet for these last few days of the month. The CSIAC and the National Cyber Security Alliance (NCSA) have made it easy to support NCSAM by providing materials for each week that anyone can share at home, at work and school and in the community.
The theme for Week 5 of NCSAM is Protecting Critical Infrastructure From Cyber Threats. The systems that support our daily lives are increasingly dependent on the Internet, and having a resilient critical infrastructure is essential to our national security. We’ll look at how cybersecurity relates to keeping our traffic lights, running water, phone lines and other critical infrastructure secure.
The advancement of electronics and, hence automation over the past several decades vastly increased the safety and efficiency of many types of industrial control systems (ICS) or cyber-physical system, from power production and distribution to manufacturing operations, through a control concept called Supervisory Control and Data Acquisition Systems (SCADA). This efficiency has been greatly aided by the addition of unprecedented open networking technology standards such as TCP/IP and rapidly increased communication bandwidth (e.g. heavy fiber optic investment) over the past two decades. This has allowed systems at lower echelons to be completely automated and forwarded to higher echelons for more efficient and centralized control. However, given that ICSs have taken advantage of the cyber domain to achieve these benefits they have become more susceptible to the threats and vulnerabilities of using this domain.
Three Main Concepts:
In the quest to understand the problem, below will briefly discuss three key concepts concerning critical infrastructure protection concerning the cyber domain:
1) Understanding Critical Infrastructure cyber-physical system definitions
In order to understand a problem, definitions related to the issue are often studied. In the case of cyber-physical systems security development stages, so are a lot of the definitions related to this effort. Below is a small, not all-inclusive list to demonstrate:
- Operational Technology (OT) – “Hardware and software that detects or causes a change through the direct monitoring and/or control of physical devices, processes and events in the enterprise” (Gartner, n.d.). Additionally, this is “often comprised of closed systems warranted by system vendors only as long as customers configure and deploy systems using their rigid specifications. By in large, these system vendors focus on system availability rather than security, to the detriment of good security best practices. Vendor support staff can view security controls as inhibitors to effective operations” (National Grid, n.d.).
Learn more by browsing CSIAC’s resources on Operational Technology (OT).
- Platform Information Technology (PIT) – “Refers to computer resources, both hardware and software, that are physically part of, dedicated to, or essential in real time to the mission performance of special-purpose systems. PIT does not include general purpose systems.” (DON, 2007)
Learn more by browsing CSIAC’s resources on Platform Information Technology (PIT).
- Internet-of-Things (IoT) – “The IoT allows objects to be sensed or controlled remotely across existing network infrastructure” (Harvard Business Review, 2014).
CSIAC has many resources on IoT, learn more.
- As you might have noticed these definitions seem very similar as they were often defined/developed separately and there currently has not been a commonly defined term for this technology. However, the term “Cyber-Physical” seems to be gaining acceptance for this purpose, but more work is left to comprise a more common lexicon.
Check out more CSIAC resources on Cyber-Physical systems.
2) Explore challenges unique to cyber-physical system of Critical Infrastructure
Cyber-physical systems are susceptible to many of the same problems as traditional business enterprise information technology (IT) with the below added issues:
- Systems are more directly related to affecting the physical environment (Power, safety controls, etc.).
- Cyber-physical systems often have components that are limited in processing and bandwidth and non-TCP/IP open formats which limits monitoring and updating against cyber threats.
- Cyber-physical systems often have much longer tech-refresh cycles as long as 15-20 years which limits technology upgrades engineering out vulnerabilities.
- Cyber-physical systems vary from the traditional priority of Confidentiality, Integrity and Availability to Availability, Integrity and Confidentiality.
3) Discuss emerging cyber-physical security concepts and solutions
Because of the unique, serial-based computation and communications of cyber-physical systems, new tools have been, and are being, developed in order to effectively monitor and defend these systems that are so important to the safety and security of critical infrastructure.
- Department of Defense ICS Defense Operational Approach – At the ICS operations level, The DoD published The Advanced Cyber Industrial Control System Tactics, Techniques, and procedures (ACI TTP) for the DoD Industrial Controls Systems to establish standard hygiene and troubleshooting procedures based on the three main tenets of “Detection, Mitigation, and Recovery,” in order to effectively secure critical infrastructure across all DoD facilities (DoD, 2017).
- CTAM Cyber Threat Database Resources and CyberStorm – In terms of efforts to develop defenses and tools for ICS, Imprimis and Root9b are under contract to develop a Cyber Threat Activity Matrix (CTAM) Cyber Threat Database Resources extension that will include the development of an advanced network-based intrusion detection system (IDS) designed to optimize ICS network defense. It employs Machine Learning (ML) with a focus on automated analysis, detection, and response to national-level threats. It is instantiated in an ICS/SCADA emulator managed at USAF CyberWorX, with USNORTHCOM funding (Imprimis, 2015).
Increased awareness, national policy prioritization, and some resulting funding have rapidly occurred and now Critical Infrastructure security results are demanded from the top down. Understanding the definitions, issues, and possible solutions is critical to defining the best approach forward to protect the nation against attacks of significant consequence.
Take a deeper look into Critical Infrastructure Protection with this video podcast:
- Department of Defense (2017). “Advanced Cyber Industrial Control System Tactics, Techniques, and Procedures (ACI TTP) for Department of Defense (DoD) Industrial Control Systems (ICS).” Retrieved 15 Sep 17 from https://www.wbdg.org/files/pdfs/aci_ttp_rev1_2017.pdf
- Department of the Navy (DON). “Platform IT Definitions for the Department of the Navy.” 27 Nov 2007. Retrieved 18 Sep 17 from http://www.doncio.navy.mil/uploads/Enclosure1_PlatformITDefinitionsforDON.pdf
- Gartner. Gartner IT Glossary (Operational Technology). Retrieved 18 Sep 17 from http://www.gartner.com/it-glossary/operational-technology-ot/
- Harvard Business Review. November 2014. “Internet of Things: Science Fiction of Business Fact?” Retrieved 18 Sep 17 from https://hbr.org/resources/pdfs/comm/verizon/18980_HBR_Verizon_IoT_Nov_14.pdf
- Imprimis, Inc. (2015). “Imprimis, Inc. and root9B Awarded a $1.7M NORTHCOM Industrial Control System Cybersecurity Contract.” Retrieved 18 Sep 17 from
- National Grid. (n.d.). “Digital Risk and Security. “Response to NIST: Developing a Framework to Improve Critical Infrastructure Security.” Retrieved 18 Sep 17 from http://csrc.nist.gov/cyberframework/rfi_comments/040813_national_grid.pdf