Subs, Ships & Satellites - Day-Con XIII · 2018. 2. 13. · White Rose of Drachs, 2013 Access...

Subs, Ships & Satellites:The Internet of Invisible Things

Angus Blitter, Matthew Costa,

Gabe Weaver

Angus Blitter

Angus Blitter - Your host and resident media whore. Angus is the founder of Hack Sec Klahn, a like-minded group of technologists. Angus is also the creator of PacketWars™ (packetwars.com) the World's first Cyber Sport. Angus believes diversity is good for the species and hackers are a national resource. Old school, grey hat and previously plump, Angus still likes to eat, drink and hack.

Or

The Guy that used to say NO and now facilitates YES!

http://packetwars.com/

Matthew Costa

Matthew Costa is a senior undergrad at The University of Dayton. He is pursuing a bachelor's degree in Management Information Systems with a minor in Cyber Security Management. He aspires to someday work in the cyber security field.

Gabe Weaver

Gabriel Weaver is a Research Scientist at the Coordinated Science Laboratory at the University of Illinois at Urbana-Champaign. During his research career, Weaver has served at MIT's Lincoln Laboratory and as a non-residential fellow at Harvard where he designed an XML vocabulary to encode Ancient Greek Mathematical Diagrams. Currently, Weaver is PI on a project via the Critical Infrastructure Resilience Institute (CIRI) to look at the economic impacts of cascading disruptions to shipping port infrastructure. This project, in combination with his work as the Inaugural Dieckamp Postdoctoral Fellow at UIUC's Information Trust Institute, and in coordination with National Laboratories such as INL and PNNL, is being used to develop a Cyber-Physical Topology Language (CPTL) to encode and analyze interdependencies across critical infrastructure systems

5

What’s your Exposure Index? EI = Motivation * Capability * Vulnerability

Wicked Problems:

1. How to model, make sense of, and reason about increasingly interconnected systems?

• Need to understand interdependencies

• Provide views into these interdependencies and their effects by stakeholder

2. How do disruptions to these systems propagate? What are the indicators of propagations?

3. Can we incorporate additional domains, stakeholder perspectives and pivot points?

8

“What you can’t see can hurt you!”

The Internet of Invisible Things

9

10

SUBS

11

SHIPS

http://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&cad=rja&uact=8&ved=0ahUKEwjFncO4p7nWAhXLzlQKHaiYBa8QjRwIBw&url=http://www.businessinsider.com/people-afraid-zombie-ships-first-sign-of-global-economic-collapse-2016-1&psig=AFQjCNGoq8e-GERYvkuc8doJW06Z9Hy1yA&ust=1506187388276458

http://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&cad=rja&uact=8&ved=0ahUKEwjFncO4p7nWAhXLzlQKHaiYBa8QjRwIBw&url=http://www.businessinsider.com/people-afraid-zombie-ships-first-sign-of-global-economic-collapse-2016-1&psig=AFQjCNGoq8e-GERYvkuc8doJW06Z9Hy1yA&ust=1506187388276458

12

SATELLITES

Outline

• Establish that these are real-world problems

outside of the ivory tower with scenarios.

– Focus on shipping

– Demonstrate how capabilities we are developing could

be used to address such problems.

• Future Work

© 2016 CIRI / A Homeland Security Center of Excellence 13


Real-World Shipping Scenarios

https://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&cad=rja&uact=8&ved=0ahUKEwizoqKsg6bWAhVITSYKHZUpBIYQjRwIBw&url=https://giphy.com/gifs/season-20-the-simpsons-20x11-3orieXnl3Ai4w2j3yM&psig=AFQjCNGNm1pROY5RdusSu7Wt4jrHHQzSZg&ust=1505524799350697

https://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&cad=rja&uact=8&ved=0ahUKEwizoqKsg6bWAhVITSYKHZUpBIYQjRwIBw&url=https://giphy.com/gifs/season-20-the-simpsons-20x11-3orieXnl3Ai4w2j3yM&psig=AFQjCNGNm1pROY5RdusSu7Wt4jrHHQzSZg&ust=1505524799350697

15

The thread that binds…

• Stakeholders, Perspectives, Eco-Systems, Dependencies and Pivot Points

• Data Collection Points and Data Control Points

Shipping ports are critical to modern commerce

• More than 360 sea and river ports in the United States

• 95% of US Goods go through these ports

• Modern shipping ports are a nexus of critical infrastructure systems– Communications/IT Sectors

• Navigation (Automatic Identification System (AIS), GPS)

• Automation & Logistics (Terminal Operating Systems (TOS) )

• Physical Access Control (TWIC)

• Monitoring (Security Cameras, Customs and Border Patrol Systems)

– Transportation Sector• Intermodal (e.g. Road, Rail, Air, Ship)

• Just-in-time supply chain

– Energy Sector• Petroleum, Oil, and Natural Gas

• Electrical Power


We must understand these dependencies in order to

identify, evaluate, and mitigate risks to the MTS.

• Port stakeholders must understand the primary, secondary, and tertiary impacts of a disruption to a shipping port and its economic impacts.

• Must understand risk relative to interconnections with other critical infrastructures

– Communications/IT Sectors• GAO-14-459, USCG Cyber Strategy

– Transportation Sector• Symbiotic relationships between ports and

airports– Energy Sector

• Electrical power required to run petroleum pumps and gantry cranes

• Such analyses need to be conducted continually by individual ports for their specificand changing operational, technological, and threat environments.


We catalog cyber disruptions within the MTS. Description Fault Category Location Duration Exemplars

IT/Communications Sector

Navigational Data (AIS,

GPS)

Accidental, Intended (Nation State)

Harbormaster Tower,Quay

Hours Somali Pirates, 2014 White Rose of Drachs, 2013

Access Control Data (TWIC)

Accidental, Intended Port Security Gates/TerminalOperator Gates

Years Team Digi7al Hack, 2014

Operational Data (TOS)

Accidental, Intended (Ransomware/DataIntegrity/Malware)

Container Yard, TerminalOperator Gates

Days Port of Antwerp, 2013

Monitoring Data (Security Cameras)

Accidental (Storm Surge),

Intended (Hacking)

Harbormaster Tower, Security Operations Center, Security Cameras

Months Insecam.org, ShodanMirai (2016), Persirai (2017)

Social Engineering Intended (Insider Attack, Phishing)

Port or Terminal Operator

Hours Revenge sewage attacks (2001)


A Real (not Theoretical) Threat Catalog

• Ransomware

• Hacking Terminal Operations

• GPS Jamming/Spoofing

• Targeted Attack on SASTI or Mother

Nature/Wrath of God

19

A Real (not Theoretical) Threat Catalog

•Ransomware•Hacking Terminal Operations•GPS Jamming/Spoofing•Targeted Attack on SASTI or Mother Nature/Wrath of God

20

Scenario 1: Ransomware

21

Scenario 2: Hacking Terminal Operating System

22

Scenario 3: GPS Jamming/Spoofing

“Roll that bean footage”

23

Scenario 4: sub-aqueous subterranean infrastructure (SASTI)• “The potential disruptions we've heard about regarding SASTI include:

• -- "bad actors" physically destroying cables, pipelines, and their landings

• -- navy and coast guard "mitigating" suspicious objects by destroying them (typically an air cannon but could be incendiary) in place, damaging the infrastructure

• -- accidental collisions by vessels, including shipwrecks, debris (falling objects), and unauthorized anchorages that might catch on SASTI

• -- channel deepening operations by (e.g.) US Army Corps of Engineers, hitting an unknown SASTI asset

24


Deeper Dives and Demos

Deeper Dive with Scenario 5: Flooding


• LIDAR, env




DemosCyber Transportation

Power

Packetwars™ Battle Briefing 1: Reports of Physical Control Systems going offline


• Multiple reports of sensitive physical control systems going offline coming into OC.

• Suggests a failure targeting physical access control systems.

• TWIC• Gates

• Is it a systematic failure or targeted attack? (5 minutes)


Cyber

1) Import affected assets from data source.


Cyber

Transportation

2) Update state of transportation network.

IF gate.IP == OUT:

Gate.service_time *= 2;


Cyber

Transportation

3) Simulate operation of transportation network to see effects on traffic.

Discrete

Event

Simulation


Cyber

Transportation

4) Compute optimal gates to bring back/defend first and get this information back to IT.

Optimal

Network

Flow

Prioritized Recovery

-----------------------

0. Gate 1: IP

1. Gate 2: IP

2. …

Packetwars™ Battle Briefing 2: Traffic Signal


• Reports of a power outage has affected traffic signals in the port.

• The signals have battery backup but some are still failing

• What is the root cause of the outage?


Power

1) Import affected assets from data source.


Power

Transportation

2) Update state of transportation network.

IF signal.power == OUT:

signal.service_time *= 2;


3) Compute optimal signals to bring back first.

Power

Transportation

Optimal

Network

Flow


-----------------------

0. Signal 1: Region X

1. Signal 2: Region Y

2. …


4) Region X already has power. Something else is up with Signal 1!

Power

Transportation


-----------------------

0. Signal 1: Region X

1. Signal 2: Region Y

2. …


5) The power outage is a distraction (Red Herring). Turns out that the Smart Traffic Lights were being jammed.

Transportation

Cyber

Conclusions

• Ability to pivot, across multiple domains, absolutely necessary for protecting modern systems of systems and human beneficiaries.

• Shipping ports are a nexus of critical infrastructure, although invisible to most of us until after an event. Know your dependencies.

• Gamification and simulations can be a good way to train and assess Cyber-Physical System operation personal and visualize dependencies or potentially effected assets in an eco-system.


Future Work

• Satellites: Synthetic Networks – NASA JPL: Work on creating a catalog of networks for missions.

• Ships: Port Disruptions – Working toward a product w/ CIRI and RS21

– Left, center, and right of boom

– Working with USCG and others

– Historical (pre-electrification) study possible with USCGA and Mystic Seaport

• Packetwars as providing ‘the human factor’ inputs to a simulation of complex systems.– Co-simulation that includes games

• Other cool ideas to discuss offline


Speaker Dinner

6:30PM Cocktails and Apps

7:15PM Dinner

9:45PM-ish head back to the Marriott (room #542)

Packetwars Invitational

Tomorrow @ UD’s ArtStreet – venue opens at 10AM

The carnage begins at high noon - combatants should arrive at least a

half hour before game time

After Party starts at 8PM and goes to ??? @ Club Masque

Thanks…

And to

• You (delegates)

• Adam Limbert

• My crew (Chris, Bill and Jo)

Backup Slides



• SANE/AFIRM• Simulating Cyber Operations

• Scenario (Simulation) Definition Language

• Primitives• Cyber-Physical System Modeling

• Primitives• Danger Drivers• Confidence Characteristics• Danger Index

• CPTL


Exposure Index (EI)

• EI = Motivation * Capability * Vulnerability

how hard For a known How many they’ll try vuln, their vulns youif attempts likelihood of have, known #cost (say, success of of likelihoodP(detection)) one shot

(“killshot”)

F(N_shots) * P(kill|vuln) * P(vuln)

Date post:	02-Oct-2020
Category:	Documents
Upload:	others
View:	0 times
Download:	0 times

Subs, Ships & Satellites - Day-Con XIII · 2018. 2. 13. · White Rose of Drachs, 2013 Access...

Documents