BACKGROUND:
Transitioning from cybersecurity to physical security, this module examines how our nation’s critical infrastructure is affected by the vulnerable cyber technology that controls its daily functions.
In his 2012 Defcon 20 cybersecurity conference presentation, Dan Tentler, founder of the San Diego-based information security consulting firm AtenLabs, shared screenshots of dozens of connected devices he could find on the Internet using a laptop and browser. He was able to access several critical infrastructure systems, showing that they were vulnerable to cyber-attack. His presentation vividly demonstrated that the Internet was not designed with security in mind.
Network-ready industrial control systems that monitor and control the physical processes of machines have become the instruments that contribute to a threat we call physical security. The machines we rely on to supply energy, drinking water, and safe food are at risk. The potential security weakness of SCADA systems was exposed by a cyber-attack against the Natanz Iran uranium enrichment facility. A computer worm, called Stuxnet, caused the facility’s control systems to make the centrifuges spin out of control. Stuxnet, a cyber-weapon that changed modern warfare, does not discriminate between nations; it simply attacks and destroys computer-managed machines.
Tentler, D. (2012) “Defcon 20 – Dan Tentler – Drinking from the Caffeine Firehose We Know as Shodan.” YouTube. Retrieved from: https://www.youtube.com/watch?v=5cWck_xcH64
1)Using three different industries, provide three examples of physical security dangers faced by SCADA (supervisory control and data acquisition) network systems.
2)After reviewing Presidential Policy Directive 21 (PPD-21), discuss a national policy to strengthen and maintain secure, functioning, and resilient critical infrastructure. What is resilient infrastructure? Provide two examples of how this concept protects people and property.