While this familiar methodology has served acceptably for many years, it is unfortunately not well suited to the needs of critical infrastructure protection. Firewalls often cannot be placed around assets, simply because no reasonable perimeter can be identified. Passwords are often ineffective in infrastructure settings where compromised insiders might be the primary risk. Log files are also ineffective because the staggering complexity associated with critical infrastructure generates so much information.As a result, I believe a new paradigm is necessary – one rooted in the practical day-to-day concerns of protecting massive infrastructure for essential national services.
To begin with, deception involves intentionally tricking adversaries using bogus traps.Since hiding critical assets behind a massive corporate perimeter no longer works, separation involves isolating the most critical assets in a protected enclave that is separated from less important resources.
Diversity ensures a mix of technologies, vendors and approaches, thereby reducing the likelihood of a cascading attack bringing down infrastructure.
Commonality involves assurance that the key standards are conformed to across infrastructure. By avoiding special configurations, an operator can more quickly locate unwanted changes.
One of the most well-known but poorly applied security principles, involves defense-in-depth. No critical asset should ever be protected by only one type of method.
The use of human discretion in maintaining secrecy around security operations is applied in government settings, but not so much in corporate environments.
Similar to log file capture, intelligent collection of the right type of data from infrastructure systems must be addressed.The ability to correlate disparate data into actionable intelligence requires human skills and automated tools; while response involves the creation of dependable processes based on real-time indicators of attack.
Finally, awareness involves real-time understanding and knowledge of all security-related information, as well as the status of all security systems in operation.
Application of these principles into the protection of national critical infrastructure is our best hope, in government and industry, at achieving the bold security vision outlined by the president.
From the top down
President Obama proclaimed December 2009 as Critical Infrastructure Protection Month to ensure the security of those systems considered essential to our country.
“Risks to critical infrastructure can result from a complex combination of threats and hazards, including terrorist attacks, accidents, and natural disasters,” read the proclamation.
More details forthcoming
Amoroso's new book, Protecting National Infrastructure from Cyber Attack, which greatly expands on the ideas presented here, is expected sometime in 2010.