SECR 5140-FLCritical Infrastructure Protection

Dr. Barry S. HessSpring 2 Semester

Week 6: 22 April 2006

2

Class Website

Class Info http://home.covad.net/~bshess/

Contact info barry.hess@gmail.com 571.237.3418

3

Reminder

Papers are due in two weeks

I am available to review drafts

Presentations will be timed

4

Agenda

Quiz Discussion Guidance

Research Paper Presentation

Lecture Assignment for Week 7

Guidance

9

Three Questions

Would you want your employer to use your paper in your annual review?

Would you give the paper to a prospective employer?

Is your paper ready for publication?

10

Basic Guideline

Introduction Tell me what you are going to tell me

Body Tell me

Conclusion or Summary Tell me what you told me

11

Research Paper Requirements A 10-12 page (double-spaced)

typewritten paper by week 8 of class Must cite at least three relevant

sources Students’ papers will use style

guidance in A Manual for Writers of Term Papers, Theses and Dissertations, 6th edition, by Kate L. Turabian

12

Mechanics Grammar and spelling matter Use a 12 point standard font, e.g., Times,

Geneva, Bookman, Helvetica, etc. Double spaced text on 8 1/2" x 11" paper

with 1 inch margins, single sided Number pages consecutively Minimize number of figures, tables, and

illustrations Bibliography is not part of page count

13

Structure of Paper Brief presentation of your primary thesis

Three major sections of your investigation, and the solution / findings / recommendations that you will be making

Definition of key terms and concepts. Cite references. The research problem

In-depth look at research problem. This a synthesis and should be original work. If there are controversial elements, mention them briefly.

History of research on this topic Explain why your research is unique and needed. Give a brief history of ideas. Cite sources.

"Evidence" section Supporting statistics, examples, case studies, citations, supporting passages from key texts. Present

counter-arguments / opposing viewpoints. Cite carefully. Further case studies or examples (Minimum of three)

Support your thesis statement. Use citations and intersperse your thoughts & analysis throughout. Debate points / controversial aspects

Discuss issues and present new ways of looking at primary thesis. This is your original work. Begin to question underlying assumptions that may influence your investigation, and your conclusion,

approaches, solution. Summary that is more than a conclusion

Insights, recommendations, probable issues vis-a-vis the futureSource:

Susan Smith Nash, Ph.D.The University of OklahomaResearch Paper Roadmap http://www.beyondutopia.net/research/

14

Plagiarism Webster University Graduate School Policy

“Plagiarism—Using the works (i.e. words, images, other materials) of another person as one's own words without proper citation in any academic assignment. This includes submission (in whole or in part) of any work purchased or downloaded from a Web site or an Internet paper clearinghouse.”

If you knowingly use sources created by others, then it is incumbent upon you to give credit to those sources

This is not only fair but it is also moral, ethical, legal, and an academic requirement

Not giving credit is plagiarism, which basically means stealing information from someone else

If you get caught plagiarizing, you will fail the course

15

Sourcing Primary sources are original,

uninterpreted information Novels, speeches, eyewitness accounts,

interviews, letters, autobiographies, or the results of original research

State of the Union Address Secondary sources interpret, analyze or

summarize Writings about the primary sources, about an

author or about somebody's accomplishments Newspaper report on the State of the Union speech

16

Bibliography and Footnotes

List all your sources and be thorough Follow the proper citation style

Bibliography Sources are listed alphabetically, by author's last name Sources without authors are listed alphabetically by either the editor's last

name or by the complete title of the work First line of each bibliographical entry starts flush at the left hand margin Second and subsequent lines are indented five spaces Titles should be capitalized correctly in each entry All entries are single-spaced

Footnotes Turabian reference note format requires that the basic information about the

source in footnotes is at the bottom of each page, beneath the text Within the text, above the list of footnotes, the place where a reference is

introduced is shown by an Arabic numeral raised slightly above the line of text These reference numbers are placed just after the quoted or paraphrased

material, and they appear in numerical order throughout the text Footnotes for all of the references which appear in a page of text must be

placed at the bottom of the same page, divided from the text by an eight spaced line

17

Oral Presentation Requirements

Each student will deliver a 15-20 minute oral presentation of the research paper to the class during week 8

18

Hints for PowerPoint Plan for approximately 1 minute per slide Use a standard font, e.g., Arial, Tahoma,

Verdana, etc. Slides should supplement your presentation—

not to BE your presentation Slides should serve as an outline and provide

points of emphasis Use phrases not sentences Do not read your slides

Your graphics need to there for a reason Practice makes perfect Do not over use transitions

Lecture

20

Topics Statement by Daniel G. Wolf, Director of

Information Assurance, National Security Agency—“Cybersecurity Getting it Right”

Posse Comitatus “Extra Territoriality and International

Cyber Crime” by Kenneth Geers (Naval Criminal Investigative Service)

Homeland Security Presidential Directive (HSPD-7)

“Cybersecurity—Getting it Right”

Statement by Daniel G. WolfDirector of Information Assurance

National Security AgencyJuly 22, 2003

22

Introduction NSA does not have all of the answers Have had tremendous successes and a share of failures Have gained a deep understanding and respect for the

challenges the nation must overcome to begin to tame cyberspace

Concerned that some in government and industry want to keep NSA in a box labeled “for classified information only”

This erroneously suggests that NSA’s perspective is much too narrow due to our focus on the stringent requirements of national security systems

His experience shows that there is little difference between the cybersecurity that is required for a system processing top-secret military information and one that controls a segment of the nation’s critical infrastructure

23

Concepts Both classified and unclassified systems

require the element of assurance or trust Trust that the system was designed properly Trust that it was independently evaluated against a

prescribed set of explicit security standards Trust that it will maintain proper operation during its

lifetime, even in the face of malicious attacks and human error

Effective cybersecurity must be designed into information systems starting at the R & D phase

You cannot add trust to a system after it is fielded

24

Homeland Security Presents another reason to suggest that

cybersecurity requirements must converge Information management principle within the

national security community has always been the concept of need-to-know

Fundamental information principle for homeland security is need-to-share

The principle of need-to-share requires the development of technical solutions for secure interoperability that may be called on to tie top-secret intelligence systems to a local first responder system

25

Information Assurance Information Assurance is operational in nature and often time-

sensitive NSA’s work in IA provides a mix of security services that are

not operational or time-sensitive, e.g., Education and training Threat and vulnerability analysis Research and development Assessments and evaluations Tool development

In an environment of constant probes and attacks of networks, an increasingly important element of protection deals with operational responsiveness in terms of detecting and reacting to these time-sensitive events

This defensive operational capability is closely allied with and synergistic with traditional IA activities

DoD calls this Defensive Information Operations

26

Specific Issues Related to Cybersecurity R&D Technical approaches to optimize

cybersecurity Interoperable authentication system

Deployed widely throughout the federal, national security, first responder and critical infrastructure community, e.g., a PKI system with a smart card that contains your cyber credentials

Effective border protection Firewalls Virtual private networks “Guards” Cyber intrusion detection

27

Specific Issues Related to Cybersecurity R&D Areas of advanced technology should be

pursued to outpace attacks Cryptographic modernization

Over 1.3 million cryptographic devices in the U.S. inventory

Over 75% of these systems will be replaced during the next decade

Resilient systems Goal is to have systems that degrade gracefully instead

of causing a cascade of insecurity Coordination information during cyberattack

Enhance attack identification methods Detect suspicious or anomalous behavior to identify

insider attacks

28

Specific Issues Related to Cybersecurity R&D Advanced technology programs needing

higher priority & funding Enhance our ability to find and eliminate malicious

code in large software applications Little coordinated effort today to develop tools and

techniques to examine effectively and efficiently either source or executable software

Need a National Software Assurance Center Should have representatives from academia, industry,

federal government, national laboratories and the national security community

Trusted hardware platforms Must have trusted domestic sources for advanced

systems

29

Specific Issues Related to Cybersecurity R&D Role of technology transfer

National Information Assurance Partnership (NIAP) Collaboration between the National Institute of Standards and

Technology and the NSA Long-term goal of NIAP is to increase the level of trust

consumers have in their information systems and networks through the use of cost-effective security testing, evaluation, and assessment programs

Information Assurance Technical Framework Forum (IATFF) Created to foster dialog between U.S. government agencies,

industry, and academia seeking to provide their customers solutions for information assurance problems

Centers of Academic Excellence in Information Assurance Education Program

Goal is to reduce vulnerability in our National Information Infrastructure by promoting higher education in information assurance

Posse Comitatus Act

31

Posse Comitatus Act Posse Comitatus Act of 1878 (20 Stat.

152 [18 USC 1385]) “SEC. 15. From and after the passage of this

act it shall not be lawful to employ any part of the Army of the United States, as a posse comitatus, or otherwise, for the purpose of executing the laws, except in such cases and under such circumstances as such employment of said force may be expressly authorized by the Constitution or by act of Congress;…”

32

Post September 11th Perspective "Our way of life has forever

changed,'' wrote Sen. John Warner R-Va., in an October 2001 letter to Defense Secretary Donald Rumsfeld. "Should this law [Posse Comitatus Act] now be changed to enable our active-duty military to more fully join other domestic assets in this war against terrorism?''

33

History Posse Comitatus Act reflects a tension

between preserving the national defense, while keeping the military from becoming entangled in day to day law enforcement

Posse Comitatus means, “the Power of the County” Brings to mind colorful images of the old

west county sheriff

Source:“Posse Comitatus - Has the Posse outlived its purpose?”Craig T. Trebilcock (April 2000)

34

Why Did Congress Enact PCA? During reconstruction federal troops were used

extensively in the South for law enforcement Recognizing that long-term use of the Army to

enforce civilian laws posed a potential danger to the military’s subordination to civilian control Congress passed the Act

Posse Comitatus Act made it a crime for anyone to use the Army to enforce federal, state, or local civil laws

Source:“Posse Comitatus - Has the Posse outlived its purpose?”Craig T. Trebilcock (April 2000)

35

Is the Posse Comiatitus Eroding? The courts have consistently ruled that the Act does not

prohibit military involvement in civilian law enforcement activities, as long as that involvement is in a “passive” or support role

Recognizing that the military possesses unique equipment and training that may be valuable to civilian police departments, the courts have held that many types of logistical support may be provided, without violating the central tenet that the military may not actually enforce civilian laws

Using a test based upon whether the military’s involvement is “passive” or “active”, the courts have held that providing supplies, equipment, training, facilities, and certain types of intelligence do not violate the Posse Comitatus Act.

Military personnel may be involved in planning and supporting civilian law enforcement activities (an indirect or passive role), as long as they are not directly involved in the actual arrest or seizure of evidenceSource:

“Posse Comitatus - Has the Posse outlived its purpose?”Craig T. Trebilcock (April 2000)

36

How Does the Country Feel About PCA? The current swing of the pendulum reflects a nation that

is more than ready to embrace military involvement in homeland defense

Drug smuggling and illegal immigration were perceived by some as the national defense challenges

The increasing recognition that a suitcase of chemical or biological agent smuggled across our borders could result in a crippling loss of life, is leading to an acceptance of an increased role for the military in homeland defense

With its unique detection and response capabilities to chemical/ biological attacks, the military must be heavily involved in any effective counter-terrorism response plan

Source:“Posse Comitatus - Has the Posse outlived its purpose?”Craig T. Trebilcock (April 2000)

37

Implications There have been several statutory exceptions to the Posse

Comitatus Act in the past decade The general Constitutional authority of the President to preserve

order, there are few areas of domestic law enforcement activity where the military is precluded from participating in times of national emergency or disaster

Posse Comitatus Act still serves a valuable function in deterring a lower level commander or politician from engaging in unauthorized “police” activity using military forces

The Act today provides little hindrance to the National Command Authority in executing civilian laws in times of emergency through military personnel

Through proper, legal declarations of Presidential emergency authority and/or through the use of National Guard assets in state status, it is increasingly likely that the military will play a significant enforcement role in response to domestic terrorism and other disasters for the foreseeable future

Source:“Posse Comitatus - Has the Posse outlived its purpose?”Craig T. Trebilcock (April 2000)

38

Discussion

How does Posse Comitatus effect our ability to protect the critical infrastructure?

Extra Territoriality and International Cyber Crime

Kenneth GeersNaval Criminal Investigative

Service

40

Problems with Investigations Investigating international cyber crime poses many

problems to U.S. law enforcement One of the biggest challenges is the fact that a high degree

of anonymity is not difficult to achieve on the Internet In ideal world we would examine every Internet data

packet that crosses our borders, but when they arrive at well over a billion per second, that thought is quickly ruled out

When a real Internet crime has been discovered, and the log data exists to prove it (the combination of which is fairly rare), the tedious process of tracing the hack back to its point of origin begins

The obstacles for an international investigator begin to multiply quickly here. Cultural, linguistic, and political barriers can prove insurmountable

41

European Cybercrime Convention (ECC) Forty-one countries have signed the

treaty (including the United States and Russia) and nine have acceded to it through formal ratification

Goal is to harmonize cybercrime laws all over the world These run the gamut: fraud, child

pornography, data protection, and even cyber terrorism

The amount of damage done every year easily runs into the billions of dollars

42

Issues with ECC Many governments worry that this would

leave their citizens' personal information vulnerable to abuse by foreign governments, and that this abuse could occur with inadequate oversight

Privacy groups fear for their civil liberties as well

ISPs fear that unwieldy strictures and obligations will be placed upon them

43

Law Enforcement Issues ECC fails to authorize any type of

unauthorized cross-border digital searches or seizures, even in the case of hot pursuit

All cooperative scenarios foresee consultation with host-nation officials before any examination or seizure of computer data

This rule, while politically palatable, runs the risk of giving cyber criminals the valuable time they need to hide their point-of-origin

44

Example In 2000, the FBI was hot on the trail of Russian hackers

who had cracked various computer networks around the country, including banks and ISPs, in order to steal credit card numbers. The point-of-origin was determined to be Russia, but Russian assistance in the investigation was not forthcoming. Therefore, the FBI decided to act on its own. With a U.S. search warrant in hand, it tricked one of the Russian suspects into traveling to Seattle, where it used a keystroke logger to gain his username and password to a secret stash back in Russia.

The FBI then proceeded to log on and download highly incriminating evidence. The hacker gang was responsible for fraud on a massive scale, involving the theft and use of many thousands of American credit card numbers.

45

Discussion

What should have happened to the FBI agents?

46

Reality

The two FBI agents were given the Director's Award for Excellence, and the FBI publicly praised its field office's first successful "extra-territorial seizure"

Homeland Security Presidential Directive (HSPD-7)

Office of Homeland Security17 December 2003

48

Policy

(1) It is the policy of the United States to enhance the protection of our Nation's critical infrastructure and key resources against terrorist acts

49

Context 4) Critical infrastructure and key resources provide the essential

services that underpin American society. The Nation possesses numerous key resources, whose exploitation or destruction by terrorists could cause catastrophic health effects or mass casualties comparable to those from the use of a weapon of mass destruction, or could profoundly affect our national prestige and morale. In addition, there is critical infrastructure so vital that its incapacitation, exploitation, or destruction, through terrorist attack, could have a debilitating effect on security and economic well-being.

(5) While it is not possible to protect or eliminate the vulnerability of all critical infrastructure and key resources throughout the country, strategic improvements in security can make it more difficult for attacks to succeed and can lessen the impact of attacks that may occur. In addition to strategic security enhancements, tactical security improvements can be rapidly implemented to deter, mitigate, or neutralize potential attacks.

50

Purpose (7) Establishes a national policy for Federal

departments and agencies to identify and prioritize United States critical infrastructure and key resources and to protect them from terrorist attacks

(8) Federal departments and agencies will identify, prioritize, and coordinate the protection of critical infrastructure and key resources in order to prevent, deter, and mitigate the effects of deliberate efforts to destroy, incapacitate, or exploit them. Federal departments and agencies will work with State and local governments and the private sector to accomplish this objective

51

Roles and Responsibilities of the Secretary (12) In carrying out the functions assigned in the Homeland

Security Act of 2002, the Secretary shall be responsible for coordinating the overall national effort to enhance the protection of the critical infrastructure and key resources of the United States. The Secretary shall serve as the principal Federal official to lead, integrate, and coordinate implementation of efforts among Federal departments and agencies, State and local governments, and the private sector to protect critical infrastructure and key resources.

(13) Consistent with this directive, the Secretary will identify, prioritize, and coordinate the protection of critical infrastructure and key resources with an emphasis on critical infrastructure and key resources that could be exploited to cause catastrophic health effects or mass casualties comparable to those from the use of a weapon of mass destruction.

(14) The Secretary will establish uniform policies, approaches, guidelines, and methodologies for integrating Federal infrastructure protection and risk management activities within and across sectors along with metrics and criteria for related programs and activities

52

Cybersecurity (16) The Secretary will continue to maintain an organization to

serve as a focal point for the security of cyberspace. The organization will facilitate interactions and collaborations between and among Federal departments and agencies, State and local governments, the private sector, academia and international organizations. To the extent permitted by law, Federal departments and agencies with cyber expertise, including but not limited to the Departments of Justice, Commerce, the Treasury, Defense, Energy, and State, and the Central Intelligence Agency, will collaborate with and support the organization in accomplishing its mission. The organization's mission includes analysis, warning, information sharing, vulnerability reduction, mitigation, and aiding national recovery efforts for critical infrastructure information systems. The organization will support the Department of Justice and other law enforcement agencies in their continuing missions to investigate and prosecute threats to and attacks against cyberspace, to the extent permitted by law.

53

Discussion

Why was it necessary to promulgate HSPD-7?

Assignment for Week 7

55

Briefing Assignment

Prepare and present a five minute discussion on what your chosen aspect of the USA PATRIOT Act (http://www.epic.org/privacy/terrorism/hr3162.pdf) Cite sources

56

Topic Questions1. Sec. 201. Authority to intercept wire, oral, and electronic communications

relating to terrorism2. Sec. 202. Authority to intercept wire, oral, and electronic communications

relating to computer fraud and abuse offenses3. Sec. 203. Authority to share criminal investigative information4. Sec. 213. Authority for delaying notice of the execution of a warrant.5. Sec. 214. Pen register and trap and trace authority under FISA6. Sec. 215. Access to records and other items under the Foreign Intelligence

Surveillance Act7. Sec. 218. Foreign intelligence information8. Sec. 219. Single-jurisdiction search warrants for terrorism9. Sec. 220. Nationwide service of search warrants for electronic evidence10. Sec. 311. Special measures for jurisdictions, financial institutions, or

international transactions of primary money laundering concern11. Sec. 314. Cooperative efforts to deter money laundering.12. Sec. 316. Anti-terrorist forfeiture protection.13. Sec. 317. Long-arm jurisdiction over foreign money launderers.14. Sec. 318. Laundering money through a foreign bank.15. Sec. 504. Coordination with law enforcement.16. Sec. 802. Definition of domestic terrorism17. Sec. 805. Material support for terrorism18. Sec. 806. Assets of terrorist organizations

57

Additional Readings for Week 7 “Report From The Field: The USA PATRIOT Act

at Work” Department of Justice July 2004 http://www.lifeandliberty.gov/docs/071304_report_fro

m_the_field.pdf “The USA PATRIOT Act: What's So Patriotic

About Trampling on the Bill of Rights?” Nancy Chang Center for Constitutional Rights November 2001 http://www.ratical.org/ratville/CAH/USAPAanalyze.pdf

58

Reminder

Papers are due in two weeks

I am available to review drafts

Presentations will be timed