![Page 1: Cyber Terrorism Shawn Carpenter Computer Security Analyst Sandia National Laboratories Supported by the International Borders and Maritime Security Program,](https://reader035.vdocuments.us/reader035/viewer/2022072016/56649ef15503460f94c01cab/html5/thumbnails/1.jpg)
Cyber Terrorism
Shawn CarpenterComputer Security Analyst
Sandia National Laboratories
Supported by the International Borders and Maritime Security Program, Charles Massey, Manager [email protected]
![Page 2: Cyber Terrorism Shawn Carpenter Computer Security Analyst Sandia National Laboratories Supported by the International Borders and Maritime Security Program,](https://reader035.vdocuments.us/reader035/viewer/2022072016/56649ef15503460f94c01cab/html5/thumbnails/2.jpg)
What is Cyber Terrorism?
• Premeditated, politically motivated attack
• Targets information systems
• Results in violence against noncombatant targets or substantial economic harm
![Page 3: Cyber Terrorism Shawn Carpenter Computer Security Analyst Sandia National Laboratories Supported by the International Borders and Maritime Security Program,](https://reader035.vdocuments.us/reader035/viewer/2022072016/56649ef15503460f94c01cab/html5/thumbnails/3.jpg)
Is the Threat Real?
• Port of Houston – 2001
• Queensland, Australia sewage treatment system – 2000
• Arizona’s Roosevelt Dam – 1998
![Page 4: Cyber Terrorism Shawn Carpenter Computer Security Analyst Sandia National Laboratories Supported by the International Borders and Maritime Security Program,](https://reader035.vdocuments.us/reader035/viewer/2022072016/56649ef15503460f94c01cab/html5/thumbnails/4.jpg)
Computer Security IncidentsFrom (US CERT) Computer Emergency Response Team statistics
0
20000
40000
60000
80000
100000
120000
140000
1998 1999 2000 2001 2002 2003
![Page 5: Cyber Terrorism Shawn Carpenter Computer Security Analyst Sandia National Laboratories Supported by the International Borders and Maritime Security Program,](https://reader035.vdocuments.us/reader035/viewer/2022072016/56649ef15503460f94c01cab/html5/thumbnails/5.jpg)
Anatomy of an Attack• Vulnerabilities in software / unprotected network
access points • No vulnerability assessment• Poor awareness of security issues
Queensland, Australia case• Unsecured wireless access points• Accessed using ordinary Commercial Off The Shelf
(COTS) software and hardware
• Poor access control and monitoring
• Result: • Unauthorized control of wastewater/freshwater
pumping stations • Environmental and economic damage
![Page 6: Cyber Terrorism Shawn Carpenter Computer Security Analyst Sandia National Laboratories Supported by the International Borders and Maritime Security Program,](https://reader035.vdocuments.us/reader035/viewer/2022072016/56649ef15503460f94c01cab/html5/thumbnails/6.jpg)
Large Ports Are Attractive Targets
• Potentially high economic impact
Significant impact on ship/port/facility
Possible world trade disruption
Port of Houston impact• High visibility• Low cost• Low risk• Numerous attack options
![Page 7: Cyber Terrorism Shawn Carpenter Computer Security Analyst Sandia National Laboratories Supported by the International Borders and Maritime Security Program,](https://reader035.vdocuments.us/reader035/viewer/2022072016/56649ef15503460f94c01cab/html5/thumbnails/7.jpg)
Marine Industry
Could this affect your organization?
• Supervisory Control And Data Acquisition (SCADA)• Port logistical software applications• Internet / Communications
Antivirus software (Trojans, viruses, worms)
Ohio’s Davis-Besse Nuclear Power Plant – 2003
• Wireless communications (war driving)• Modems (war dialing)• Insiders / disgruntled employees
![Page 8: Cyber Terrorism Shawn Carpenter Computer Security Analyst Sandia National Laboratories Supported by the International Borders and Maritime Security Program,](https://reader035.vdocuments.us/reader035/viewer/2022072016/56649ef15503460f94c01cab/html5/thumbnails/8.jpg)
Sampling of 120 Unprotected Wireless Access PointsDiscovered in a Ten Minute Taxi Ride
![Page 9: Cyber Terrorism Shawn Carpenter Computer Security Analyst Sandia National Laboratories Supported by the International Borders and Maritime Security Program,](https://reader035.vdocuments.us/reader035/viewer/2022072016/56649ef15503460f94c01cab/html5/thumbnails/9.jpg)
Consequences
• Electronic intelligence lossAid physical attacksForge credentialsEmergency response plans
• Loss of data integrityChange manifestsRedirect shipments / shipsAffect shipyard logisticsCause delaysImpact inspections status
![Page 10: Cyber Terrorism Shawn Carpenter Computer Security Analyst Sandia National Laboratories Supported by the International Borders and Maritime Security Program,](https://reader035.vdocuments.us/reader035/viewer/2022072016/56649ef15503460f94c01cab/html5/thumbnails/10.jpg)
Port Cactus Scenario• Target - Port Cactus, New Mexico• Reconnaissance
research target – Internetprobe network for vulnerabilities
• Deliver Trojan via email• Compromise other systems via trojaned
system(s), stealthily install backdoors• Capture logon credentials for port logistics
application• Change manifests, inspection records, etc.
as necessary
![Page 11: Cyber Terrorism Shawn Carpenter Computer Security Analyst Sandia National Laboratories Supported by the International Borders and Maritime Security Program,](https://reader035.vdocuments.us/reader035/viewer/2022072016/56649ef15503460f94c01cab/html5/thumbnails/11.jpg)
1
2
3
4
5
6
1998 1999 2000 2001 2002 2003 2004
% o
f B
ud
ge
t
Cyber Security Spending
The Reactionary Approach
Network
compromiseNetwork
compromise
Network
compromise
![Page 12: Cyber Terrorism Shawn Carpenter Computer Security Analyst Sandia National Laboratories Supported by the International Borders and Maritime Security Program,](https://reader035.vdocuments.us/reader035/viewer/2022072016/56649ef15503460f94c01cab/html5/thumbnails/12.jpg)
The Proactive Approach• There is no silver bullet
Constant vigilance – dedicated personnelNetwork Intrusion DetectionEffective process to quickly patch vulnerabilities Configuration management / firewalls / antivirusIntegrated cyber incident response
• Backup systems / data recovery – no single point of failure
• Regular cyber security policy audits• Formal network vulnerability assessments and
corrective actions – Red Teaming • Robust cyber security program with high-level
support • Employee education / awareness
![Page 13: Cyber Terrorism Shawn Carpenter Computer Security Analyst Sandia National Laboratories Supported by the International Borders and Maritime Security Program,](https://reader035.vdocuments.us/reader035/viewer/2022072016/56649ef15503460f94c01cab/html5/thumbnails/13.jpg)
Questions?
Shawn Carpenter
Computer Security Analyst
Sandia National Laboratories
Albuquerque, NM
1-505-228-3762
1-505-845-7413