new directions in protecting key rail assets - arema.org · lmr systems to convey critical...

Copyright © 2003 Northrop Grumman Corporation 0

Northrop Grumman Office of Homeland Security

New Directions in Protecting Key Rail Assets

Raymond Heider September 22, 2004

Northrop Grumman Office of Homeland Security

New Directions in Protecting Key Rail Assets

Raymond HeiderRaymond Heider September 22, 2004September 22, 2004


Challenges of Securing Large Distributed InfrastructureLarge Distributed Infrastructures are Difficult to Secure

-- Open- Wide range of access controls/no access controls-- Fixed and mobile assets-- Populated by diverse groups of operators/customers/suppliers-- Dependent on numerous jurisdictions for response/protection-- Subject to wide range of compliance issues-- Have wide spectrum of diverse security technology/complex O&M-- Security is an overhead item-- Management span of control is a challenge-- Numerous vulnerabilities/failure points

…RAIL IS EVEN MORE SO……


Challenges of Securing Large Infrastructure (con’t)Additional Complications for Rail

An attractive, high impact Terrorist target, easily cased and accessed-- Not a “campus” environment-- Omnipresence of hazardous materials-- Omnipresence of unknown/untrusted people-- Dependent on the security of other infrastructure-- Located in other high impact terrorist target environments-- Located in isolated, unprotectable environments -- Large disincentive to slow throughput of services-- Safety and Security issues not always in sync-- SCADA Systems vulnerabilities-- Other…


The REALITYSECURITY cannot be assured without significant Business Disruption, but RISK can be managed.

ADVANCED technology is part of the answer.

But point-by-point technology inputs are Band-Aids

Technology INTEGRATION is key to the RISK Management SOLUTION

RISK = Threat + (Vulnerability-Countermeasures) X Impact

Threat is beyond control; ideally V and I can be lowered and C increasedTo reduce the value of R


The TECHNOLOGIESIntelligent Situational Awareness

Geospatial Information Systems (GIS)

Biometrically Enabled Access Controls

Network Access Authentication

Business, Dispatch, SCADA Network Surveillance

Interoperable, Secure, Broadband Wireless Communications

Portal and Mobile Explosive Detection

Toxic Chemical Sensors


Intelligent Situational Awareness - Attributes

Intelligent Video Surveillance (Indoor-Outdoor)-- Not subject to human error-- Behavior or rules based algorithm alerts -- Customized for any alert criteria-- Day/night & all weather capable (adjusts automatically)-- Triggers alert as desired-- Very low error rate-- Electronically tags and tracks objects/actors across multiple cameras

-- Maintain identity of things tracked that leave/ return or in blind spot

Should: Accommodate legacy equipmentLearn new objects/behaviors and identify if a security eventBe wirelessly integratable and scalable


Geographic Information Systems (GIS)Computing power and software to import, manage, analyze, render and display multiple geo-referenced data.

-- Provides situational awareness-- To manage fixed and mobile assets-- Ideally suited to large distributed infrastructures

Exploitation of geographic data to:-- Perform temporal and spatial analysis and correlation-- Identify relationships, patterns, trends-- Use visualization tools to query and interpret data

Well suited for management of large infrastructure security tasks-- Custom, on-screen alerts bases on attribute and/or location triggers-- Real time data from geo-referenced sensors-- Tracking of mobile security assets in response


Biometrically Enabled Access ControlsDifferent/better than traditional forms of identification/authentication such as Passwords and PINsPhysical Characteristics vs. Behavioral

-- Fingerprints-- Iris-- Retina-- Voice Print-- Facial Recognition-- Hand Geometry

Should be: Multimodal to add to assurance and reduce false lockoutsdue to common artifacts

Integrated w/ smart ID cards to eliminate theft problems


Network Access AuthenticationAuthentication, authorization and accounting (AAA) is a term describing a framework for intelligently controlling access to computer resources, policy compliance, usage audit, and billing.

-- Server-based processes-- Authentication dependent on valid user name and unique password-- Authorization follows to determine what commands a user can issue

User IDs and Passwords are only moderately effective vs. determined attack

-- Evolving security tools for strong authentication will be biometric-- Most promising are fingerprint, voice and iris recognition-- Real adoption will be in government; private sector adoption will

follow


Business, Dispatch, SCADA Network SurveillanceAll three networks are critical assets that if attacked could endanger:

-- Lives-- National Security-- The economy-- The environment

Protection requires knowledge of holes in proprietary software and penetration testing to verify correct configurations and patches for various:

-- Scenarios-Zero Knowledge - Partial Knowledge- Full Disclosure

-- Environments- Internet- Intranet- Extranet- Dial-up connections


Interoperable, Broadband Wireless CommunicationsEssential attributes should be:

-- Secure, high speed and Internet Protocol (IP) based-- Enabling convergence of data, voice and video onto one network-- Full interoperability across disparate/legacy communication systems

To serve numerous simultaneous applications:-- Enterprise secure network deployment in campus infrastructure-- Physical security to id threats and disseminate video surveillance

data across multiple organizations-- Law enforcement requirements for immediate, bandwidth intensive

information on the move via handheld or wearable devices-- First Responder requirements for communications among disparate

LMR systems to convey critical information and ensure collaboration


Portal and Mobile Explosive DetectionThe olfactory system of DOGS is the best explosives detector is useTechnical methods are primarily IMAGING and analysis of PHYSICALSTRUCTURE

-- X Ray can disclose shape, densities and presence of detonation systems

-- Advanced X-Ray diffraction and RF imaging can determine crystallographic properties and proton behaviors in lattices

-- Both use algorithms to compare density and other physical characteristics vs. databases of known explosivesMost recent test beds in real world environment rely on mass spectrometry of vapors and/or particles

-- Particle swipes-- Particle and Vapor Portal detectionGoal of any method is to detect explosives without increasing false alarm rates or slowing throughput


Toxic Chemical SensorsProvide the capability to detect and identify minute quantities of CBRNE materials

-- When deployed at key transportation hubs can help intercept-- At other infrastructure can detect suspect attack and assist in response

Trend has been towards miniaturization, especially after 9/11-- Involves simplification and some degradation in performance over bulky

complex instruments-- Both separations-based and direct reading sensors have been put in on-chip

formatsNetworked and optimized over large area can provide orthogonal confirmation, shorten response time, map of affected areas and aid consequence management

-- No universal sensor capability-- Multi sensor performance varies

Much investment being made for research at Nat’l Labs; strong niche private sector investment


jghjfgToxic Chemical Sensors: Mixed performance/tradeoffs

CANDIDATE SENSING TECHNOLOGIES

DESCRIPTOR GC-MS Ion Mobility Spectrometer Patch Test Fiberoptic Electrochemical Acoustic Wave Chemical Immunochemical Assays

Response time X X

Sensitivity + X X X +

Resolution X +

Range X

Linearity

Detection limit X X

Selectivity + + X X +/X

Accuracy + X X

Repeatability +

Constraints

Packaging X X + +

Isolation +

Economic

Acquisition X X

Development X X X

Lifecycle

Reliability

Lifetime X X X

Calibration X X X

Acquisition (data)

Implementation

Scale

Format + +

Key: X (potential) problem in meeting specification; + desirable attribute


ConclusionThere are increasingly wide ranges of good and improving advanced technologies available and evolving today to:

-- Lower Vulnerabilities-- Increase Countermeasures and, -- Lower Impact of attack

Their effectiveness is optimized through INTEGRATION into a system of systems, stressing:

-- Vendor neutrality in component selection-- Scalability to expanded demand and advancing technologies-- Adaptability of legacy equipment

RISK MANAGEMENT

new directions in protecting key rail assets - arema.org · lmr systems to convey critical...

Documents