Cybersecurity

1
Cybersecurity Critical InfrastructureA View
from the Port of Seattle

• Ernie Hayden CISSP CEH
• Chief Information Security Officer
• Port of Seattle

2
AGENDA

• Overview of the Port of Seattle
• Brief History of Cyber Exercises in the U.S.
  Pacific Northwest
• Opinions on the Cyberterrorist Threat

3
Obligatory Disclaimer

• The views and opinions that I express here today
  are my own and may not be, in whole or in part,
  those of my employer, the Port of Seattle.

4
(No Transcript)
5
Infrastructure Interdependencies

• Utilities
• Power Seattle City Light and Puget Sound Energy
• Steam Heat Seattle Steam (Pier 66)
• Gas Puget Sound Energy
• Telephone/Internet Qwest, ATT (Cell), NexTel
  (Cell), Verizon (Cell)
• Water Seattle Public Utilities Local Water
  Districts
• Airport Fuel Transport Olympic Pipeline
• Information Systems (servers, networks, 2000
  desktops)
• Major Fibre and Network Structure
• Railroads (BNSF, Union Pacific)
• Highways (I-5, I-90)
• Viaduct
• Banking / Finance

6
TABLETOP EXERCISES UNDERSCORE CRITICALITY OF
CYBER-ISSUES

• Vulnerability Exercise
• City of Seattles ALKI
• International Exercises US / Canada
• TopOff2
• Livewire
• BlueCascades II

T2CyberEx
BCII
7
"ALKI" Exercise
CYBER-TERRORISM?
8

• 4 TEAMS
• Long Dwell
• Short Dwell
• Trust Team
• Kill Team

9
TopOff2 CyberEx
May 6-7, 2003 Washington State Emergency
Operations Center Camp Murray, Washington
Designed and Controlled by Institute for
Security Technology Studies (ISTS), Dartmouth
College
10

• Designed to Test
• Incident Response Capabilities to a
• Series of Force-Multiplier Cyber-Attacks
• Included 3 scenarios or vignettes
• normal day at the office
• an escalating series of events - computer and
  network problems which might be preliminary
  symptoms of a directed cyber-attack and
• a major cyber-attack on participants computer
  networks, coupled with a weapons of mass destruct
  (WMD) attack a radioactive detonation device
  (RDD) terrorist bomb exploding in Seattle.

11
Blue Cascades II
12
Blue Cascades II

• Focus on a CyberTerrorism Event followed by a
  Physical Event
• Blue Cascades II was Follow-onto Blue Cascades I
  held in 2002
• Dan Vertons Book Black Icecovers much of Blue
  Cascades Iresults
• Blue Cascades I Centered on PhysicalAttacks
  Disruptions
• Infrastructure Interdependencies Tabletop
  Exercise

13
General Exercise Conclusions

• Scenarios Demonstrated
• Cyber attacks Can be Initiated by a Determined
  Enemy
• Cyber attacks Can / May Seriously Impact
  Some/Many Infrastructures
• But
• Cyber attacks May Not Be As Consequential as
  Explosions, Death and Destruction
• Cyber attacks Can Be Defended Against with
  Layered Cyber Defenses, Trusted Networks, etc.

14
Current Analysis Opinions

• The Terrorists Need the Internet and Cyberspace
• Command and Control
• Coordination and Communications
• Recruiting
• Training
• Fundraising via Cybercrime, ID Theft, and Even
  Legitimate Donations
• Evangelizing
• Conclude No Advantage to Strategically
  Impacting Cyberspace but Maybe
  Tactical/Localized Focus Benefit

15
Example www(.)arabteam2000-forum(.) com

• Technical Mujahid, A Training Manual for Jihadis
• Steganography Hiding Secrets Inside Images
• Designing Jihadi Websites from A-Z
• Secrets of Mujahideen First Islamic Encryption
  Software
• Video Technology
• Next Issue
• Jihadi Forums and Secure Surfing on the Internet
• How to Bug Cellular Phones

Ref Terrorism Monitor, Jamestown Foundation 29
Mar 2007
16
Opinions on Terrorists and Cyber

• Cyberterrorism Has Appeal
• Anonymous
• Global Target
• Psychological Impact
• Media Appeal
• Cyberterrorism Has Drawbacks
• Defenses by Infrastructure Owners and Managers
• May Not Result in Optimal Psychological Effect
• Anonymity Can Be Troublesome
• The Internet and Cyber are Key Tools for the
  Terrorists

17
What Do We Do?

• Plan for Cyberterrorism Maintain Your Defenses
• Plan for Violent Terrorism with Cyber Softening
  Attacks
• Study the Enemy Learn Their Tactics for
  Physical and Cyber Attack Vectors
• Think Outside the Box -- How Can a Terrorist Take
  Advantage of My Network and the Internet?

18
Thank You! Merci!
Ernie Hayden CISSP CEH CISO Port of
Seattle Hayden.e_at_portseattle.org 206-728-3460
19
References

• Terrorism Monitor, The Jamestown Foundation,
  March 29, 2007
• Cyberterrorism, Gabriel Weimann, United States
  Institute of Peace, December 2004
• Examining the Cyber Capabilities of Islamic
  Terrorist Groups, Institute for Security
  Technology Studies, Dartmouth University,
  November 2003
• Wikipedia Becomes Intelligence Tool and Target
  for Jihadists, Thomas Claburn, Information Week,
  March 22, 2007
• Mr. Kirk Bailey, CISO University of Washington
  and Past CISO for the City of Seattle (Brainchild
  of Alki Exercise)