Persistence, Ambiance, and New Maps
Brian Lopez, Lawrence Livermore Laboratories
(Led security for Utah winter Olympics)
- 1200 comp sci folks @ LLL
- LLL has world’s largest laser & world’s fastest supercomputer
- Vulnerability and Risk Assessment Program founder
- field assessment
- threat
- vulnerability
- consequences
- actionable findings
- 1996 Presidents Commission on Critical Infrastructure Protection (PCCIP)
- 1998 Presidential Decision Directive 63: Policy on Critical Infrastructure Protection (CIP)
- Moved to DHS in 2003
- DHS seeme to be “perpetually reorganized” (audience snickers)
- Energy infrastructures
- electric power
- oil
- natural gass
- Most owned by private corporations
- Assessment activities completed in 30 states
- Look for isomorphisms
- Red Hat, Black Ice exercises
- US Computer Emergency Readiness Team
- training annalists on protocols & systems
- Classified work
- Intel, VAs/Red Teaming, SNM,DBT
- Methodology Development
- Emerging vulnerabliities
- 802.11i & Zigbee
- Smart border initiative
- attacks in canada & mexico can affect CI here in the US
- “Critical Infrastructure is the one place where the computers touch the physical world”
- Terrorist simulations folks use OpenSource tools
- dumpster diving too
- Philosophy
- combine strong security and domain expertise
- field experience and capabiities
- multi-diciplnaty teams
- work at three levels
- strategic
- tatical
- technical
- approach – listen, learn, teach, collaborate
- actionable findings
- customers make all decisions
- continuous support
- Broke into state power grid in 20 minutes. Board’s response was “great, who do we fire”
- “Information” warfare, not computer science warfare
- Three themes
- Ambiance – what’s ambient that we can leverage
- New Maps – seeing though new lenses
- Persistence – tools to make those maps
- Beware of photocopiers, especially those with network connections and hard drives
- Has the mic on the videoconferencing system on even when they’re not using the room for a video conference?
- “OpenSource reconnaissance” / Social Engineering
- “How to initiate a fire drill other than the obvious starting a fire?” (laughs) “Hey, the terrorists aren’t beyond starting fires.”
- “The electric power grid runs on water.” so blow up the water main two blocks away from. (Second order effect)
- The Problem with Persistence
- photo of a theatre
- single exposure of a whole film
- Too much information creates no information
- “The sum of everything is nothing”
- “Honey Nets”
- Replicate a system to attract the bad guys
- “instrument the heck out of it” / “instrumented to beat the band”
- learn from what they try to do to it
- Now they’re building the map for you
- Research ideas for the attendees
- Ambiance
- expand field of vision of the target
- expand the avenues of attack
- cascading failure – infrastructure interdependence
- cascading support – leverage the dark fiber when other standard connections fail
- auto-characterizing environments tools
- ex-filtration
- what can you inject to induce signatures?
- New Maps
- “Good maps help win the war”
- map of the air – value cocaine from measuring the air
- maps of sound – IEDs & “what the locals know” – when the marketplace goes more quiet than normal
- biometrics – gait analysis, veins in the face, “we need BIG biometrics map”
- “maps used to represent the data, everything you know. now a map is a viewpoint, not everythng you know”
- establish new baselines & establish tools to organize that data
- mapping the physical to the cyber – where are the people in the virtual world located in the real world?
- Persistence
- More complex sensors
- More signal sensors
- We need tools to peer into all that data & pull out actionable items
- bioengineer plants to react to certain elements
- All this is dual-use i.e. commercial and governmental
- CS graduates are down 50%
- this is a crisis for the country
- There are tons of CS jobs available right now
- encourage Americans to go into science, esp CS