Note: Minimum 300 words needed, please find the attached Book and Chapter 1 slide along with APA sample (how to quote) Discussion WK 1 Chapter 1 provided a high-level overview of the need for a nation

11 Copyright © 2012, Elsevier Inc. All Rights Reser ved Chapter 1 Introduction Cyber Attacks Protecting National Infrastructure, 1 st ed. 2 • National infrastructure – Refers to the complex, underlying delivery and support systems for all large -scale services considered absolutely essential to a nation • Conventional approach to cyber security not enough • New approach needed – Combining best elements of existing security techniques with challenges that face complex, large -scale national services Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 1 – Introduction Introduction 3 Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 1 – Introduction Fig. 1.1 – National infrastructure cyber and physical attacks 4 Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 1 – Introduction Fig. 1.2 – Differences between small - and large - scale cyber security 5 Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 1 – Introduction • Three types of malicious adversaries – External adversary – Internal adversary – Supplier adversary National Cyber Threats, Vulnerabilities, and Attacks 6 Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 1 – Introduction Fig. 1.3 – Adversaries and exploitation points in national infrastructure 7 Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 1 – Introduction • Three exploitation points – Remote access – System administration and normal usage – Supply chain National Cyber Threats, Vulnerabilities, and Attacks 8 Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 1 – Introduction • Infrastructure threatened by most common security concerns:

– Confidentiality – Integrity – Availability – Theft National Cyber Threats, Vulnerabilities, and Attacks 9 Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 1 – Introduction Botnet Threat • What is a botnet attack? – The remote collection of compromised end -user machines (usually broadband -connected PCs) is used to attack a target. – Sources of attack are scattered and difficult to identify – Five entities that comprise botnet attack: botnet operator, botnet controller, collection of bots, botnot software drop, botnet target 10 Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 1 – Introduction • Five entities that comprise botnet attack:

– Botnet operator – Botnet controller – Collection of bots – Botnot software drop – Botnet target • Distributed denial of service (DDOS) attack: bots create “cyber traffic jam” Botnet Threat 11 Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 1 – Introduction Fig. 1.4 – Sample DDOS attack from a botnet 12 National Cyber Security Methodology Components Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 1 – Introduction • Ten basic design and operation principles:

– Deception – Discretion – Separation – Collection – Diversity – Correlation – Commonality – Awareness – Depth – Response 13 • Deliberately introducing misleading functionality or misinformation for the purpose of tricking an adversary – Computer scientists call this functionality a honey pot • Deception enables forensic analysis of intruder activity • The acknowledged use of deception may be a deterrent to intruders (every vulnerability may actually be a trap) Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 1 – Introduction Deception 14 Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 1 – Introduction Fig. 1.5 – Components of an interface with deception 15 • Separation involves enforced access policy restrictions on users and resources in a computing environment • Most companies use enterprise firewalls, which are complemented by the following:

– Authentication and identity management – Logical access controls – LAN controls – Firewalls Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 1 – Introduction Separation 16 Fig. 1.6 – Firewall enhancements for national infrastructure Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 1 – Introduction 17 • Diversity is the principle of using technology and systems that are intentionally different in substantive ways. • Diversity hard to implement – A single software vendor tends to dominate the PC operating system business landscape – Diversity conflicts with organizational goals of simplifying supplier and vendor relationships Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 1 – Introduction Diversity 18 Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 1 – Introduction Fig. 1.7 – Introducing diversity to national infrastructure 19 • Consistency involves uniform attention to security best practices across national infrastructure components • Greatest challenge involves auditing • A national standard is needed Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 1 – Introduction Commonality 20 • Depth involves using multiple security layers to protect national infrastructure assets • Defense layers are maximized by using a combination of functional and procedural controls Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 1 – Introduction Depth 21 Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 1 – Introduction Fig. 1.8 – National infrastructure security through defense in depth 22 • Discretion involves individuals and groups making good decisions to obscure sensitive information about national infrastructure • This is not the same as “security through obscurity” Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 1 – Introduction Discretion 23 • Collection involves automated gathering of system - related information about national infrastructure to enable security analysis • Data is processed by a security information management system. • Operational challenges – What type of information should be collected? – How much information should be collected? Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 1 – Introduction Collection 24 Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 1 – Introduction Fig. 1.9 – Collecting national infrastructure - related security information 25 • Correlation involves a specific type of analysis that can be performed on factors related to national infrastructure protection – This type of comparison -oriented analysis is indispensable • Past initiatives included real -time correlation of data at fusion center – Difficult to implement Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 1 – Introduction Correlation 26 Fig. 1.10 – National infrastructure high - level correlation approach Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 1 – Introduction 27 • Awareness involves an organization understanding the differences between observed and normal status in national infrastructure • Most agree on the need for awareness, but how can awareness be achieved? Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 1 – Introduction Awareness 28 Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 1 – Introduction Fig. 1.11 – Real - time situation awareness process flow 29 • Response involves the assurance that processes are in place to react to any security -related indicator – Indicators should flow from the awareness layer • Current practice in smaller corporate environments of reducing “false positives” by waiting to confirm disaster is not acceptable for national infrastructure Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 1 – Introduction Response 30 Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 1 – Introduction Fig. 1.12 – National infrastructure security response approach 31 • Commissions and groups • Information sharing • International cooperation • Technical and operational costs Copyright © 2012, Elsevier Inc. All rights Reser ved Chapter 1 – Introduction Implementing the Principles Nationally