Transcript Cyber Security for Major Events

Cyber Security for Major Events
Lynne Genik, MSc
Operational Research Scientist, DRDC Centre for Security Science
Luc Beaudoin, P.Eng, MSc, MBA
Chief of Cyber Operations, Canadian Cyber Incident Response Centre
Presentation for PST 2010 Innovation Day August 17, 2010
Defence Research and
Development Canada
Recherche et développement
pour la défense Canada
Canada
Overview
Lynne
• Major Events
• Why is Cyber Security Important?
• Vancouver 2010 Cyber Security Preparations
• V2010 MECSS Cyber Security Project
• Observations/Lessons Learned
Luc
• Operational Implementation
• Vancouver 2010 Games
• G8 G20 Summits
• Lessons Learned
• Conclusion
Defence R&D Canada – CSS • R & D pour la défense Canada – CSS
Defence R&D Canada
•
•
•
•
Weapons Effects
•
Vehicles
Autonomous Systems
Military Engineering
Chem & Bio Defence
Radar, EW
Space Systems
Information Operations
Communications
Synthetic Environment
Centre for Security
Science
Centre for Operations
Research and Analysis
Human Factors
Decision Support
Command Effectiveness
Operational Medicine
Simulation & Modelling
3
Electro-optics
Combat Systems
Command & Control
Information Management
Systems Environment
Underwater Sensing
Materials
Air Vehicles
Marine Vehicles
Signature Mgt.
Defence R&D Canada – CSS • R & D pour la défense Canada – CSS
DRDC Major Events Coordinated Security
Solutions (MECSS) Model
“Operationalizing S&T Investment”
Security Partners
RCMP
Integrated
Security Unit
Major Events
Public Safety
SA
Canada
SA
SA
British Columbia
Public Safety
SA
Joint Task
Force(G)
SA
Privy Council
Office
MECSS
Exercises/CI/CBRNE
G8/G20 ISU
SA
National Science and Technology Community
S&T
Clusters
Federal Labs
Centres of
International Industry
Academia
Excellence
Defence R&D Canada – CSS S&T
• R & D pour la défense Canada – CSS
S&T Source
Major Events
• Focus the world spotlight on host country
– V2010: 10,000 accredited, 4000 unaccredited
media
• Collaboration and cooperation of many organizations
– All levels of government and private sector
– V2010 Exercise Gold: 140 agencies, 45
coordination centres, 2000 participants
• Budgets in the billions
– Security: V2010 $1B, G8/G20 $1B
– Broadcasting rights: NBC US$2.2B for 2010/2012
Olympics
– Infrastructure costs: V2010 Canada Line $2B, Seato-Sky Highway expansion $1B
Defence R&D Canada – CSS • R & D pour la défense Canada – CSS
Vancouver 2010 – Some numbers
Olympics
Paralympics
Athletes and officials
6500
1350
Registered athletes
2632
506
82
42
1.6M
250k
Participating countries
Tickets available
• 25,000 volunteers
• 6000 law enforcement, 5000 Canadian Forces, 4800 private
security officers
• 119 agencies contributing police/peace officer from across
Canada
• 43 days of aircraft patrol
• 205,000 accreditations (Olympic family, security workforce,
VANOC, volunteers, etc.)
Defence R&D Canada – CSS • R & D pour la défense Canada – CSS
Why is Cyber Security Important?
• Relied on by all sectors for operations
– Safety
– Security
– Event broadcasting
– Key messages/event results
– Etc.
• Significant cyber security incident would reflect badly
on Canada
Defence R&D Canada – CSS • R & D pour la défense Canada – CSS
V2010 – Cyber Security Preparations
•
V2010 Cyber Security Working Group
•
V2010 Integrated Exercises Series
•
Integrated Threat Assessment Centre (ITAC)
•
Joint Intelligence Group
•
ISU Critical Infrastructure Unit (physical security)
•
Individual organizations
Defence R&D Canada – CSS • R & D pour la défense Canada – CSS
V2010 - Cyber Issues
•
Gaps in cyber threat situational awareness
–
Interdependencies
•
Silos
•
Response
Defence R&D Canada – CSS • R & D pour la défense Canada – CSS
V2010 – MECSS Cyber Security
Project
•
•
Getting started
–
Generally, those familiar with cyber operations
saw value
–
Resistance from some key offices/people
–
Several key influential people were critical
Not a lot of time….
Defence R&D Canada – CSS • R & D pour la défense Canada – CSS
MECSS Cyber Security Project
Goals:
•
Identify/close gaps
•
Establish cyber response capability across key
stakeholders
Approach:
•
Small team of experts from different departments
•
Identified key cyber stakeholders
Defence R&D Canada – CSS • R & D pour la défense Canada – CSS
Vancouver 2010 Integrated Connectivity Schematic
GOC (Ottawa)
NOC
(RCMP)
CEO
MDEC
PA
RCMP Pacific Region
Dep. Commissioner
JIG
GJOC
CCG
2010
2010
Federal
Provincial
Games
Games
Secretariat Secretariat
PECC
PREOC
·
·
·
·
·
·
·
·
·
PEP/IPS/
TEAMS
OFC
BCAS
BCCS
BCSS
Health
Authorities
MoH
MoT
PAB
·
·
·
·
·
·
·
·
·
·
DOC’s
CMT
MOC
(VANOC)
IMT
Crisis
Cell
Air (ACC)
Land (LCC)
Marine (MCC)
COO
ASOCC
OMOC
PS Presence
Metro
Vancouver RD
Translink
BC Hydro
Terasen Gas
RCMP
CF Liaison
INAC
PS Liaison
Other
TCC
(ISU)
Liaisons for CF, EMBC, PS
VACC
West Vancouver
Vancouver
Richmond
GPPAG
ICP- Urban Domain
& Live Sites
E-Comm or
Dispatch Centers
GOLD
CMDR
WACC
ICC
Support
I
C
C
SILVER
CMDR
Function Command
Centre(s)
EOC’s
Local Authorities
Health
BCAS
Utilities
Transportation
Agencies
Others
·
·
·
·
·
Deputy CEO
Public Safety
Security
Venue
·
·
·
·
·
Venue
Games
VGM
VFM
BCAS
Fire
Others As Required
BRONZE
CMDR
Other
Information
Sharing Link
Decision Authority
Link
OCC
Defence R&D Canada – CSS • R & D pour la défense Canada – CSS
Final January 20, 2010
Developed by:
MECSS Cyber Security Project
Approach (continued):
•
Performed cyber security review
–
Short list of questions
–
Face-to-face meetings
Outputs:
•
Summary and recommendations provided to:
–
Integrated Security Unit
– Canadian Cyber Incident Response Centre
•
Chart of key cyber stakeholders
Defence R&D Canada – CSS • R & D pour la défense Canada – CSS
V2010 Planning Observations
•
Organisations’ priorities varied by mandate and
structure
•
Lack of actionable cyber intelligence information
•
No one organisation aware of all IT assets
•
Density of assets very high
•
Shared critical assets, sometimes without awareness
•
Some assets holistically critical
•
No system, authority, or forum for de-conflicting
potential issues
Defence R&D Canada – CSS • R & D pour la défense Canada – CSS
Lessons Learned during V2010 Review
•
Establishing trust and credibility critical
•
Access to right subject matter experts (SMEs) key
•
Not all levels of government have computer
emergency response team capability
•
Stakeholder buy-in varied
•
Value of cyber information sharing not recognized
from onset
•
Threat and risk assessments not formally completed
by many key organisations
•
Cyber security knowledge in tacit form with SMEs
•
Audit checklist too formal and overwhelming
Defence R&D Canada – CSS • R & D pour la défense Canada – CSS
Operational Implementation
• About the Canadian Cyber Incident Response
Centre (CCIRC)
• Vancouver 2010 Games
• G8 G20 Summits
• Lessons learned
• Conclusion
Defence R&D Canada – CSS • R & D pour la défense Canada – CSS
CCIRC’s Mandate
“…coordinating the national response…”
Defence R&D Canada – CSS • R & D pour la défense Canada – CSS
CCIRC’s Mandate…
• Coordination point for Government of Canada (GC) cyber
response;
• Receive significant incidents reports from federal
departments (GC IT Incident Management Plan);
• Engage Cyber Triage Unit;
• Provide cyber inputs into the Government Operations
Centre (GOC) for situational awareness and risk
assessment.
• International point of contact for Canada for cyber
security events (shared with CanCERT, RECOL, and
Anti-Fraud Centre);
• Assist government departments, critical infrastructure
owners and international partners with cyber security
issues.
Defence R&D Canada – CSS • R & D pour la défense Canada – CSS
Major Events Information Space
Cyber Security
Schedule of
Events
Results
+
Key Messages
Media
broadcasting
Defence R&D Canada – CSS • R & D pour la défense Canada – CSS
Major Events Cyber Threats
1. Direct and indirect (ex: power outages) denial of
service on critical IT services;
2. Hacktivism (criminal, copyright infringement,
intellectual property, brand, etc);
3. Malware distribution scheme leveraging the
event:
– Phishing organizers and participants;
– Broad distribution (ex: social media, video,
search engine optimization (SEO) poisoning,
etc.)
4. Cyber incident affecting a guest/diplomat/VIP
involving Canadian IT assets.
Defence R&D Canada – CSS • R & D pour la défense Canada – CSS
Operational Challenges
• Distributed Ownership
– No clear national owner of the cyber security
puzzle: everyone has a piece;
• Liability
– Damages can be embarrassing and affect others
(data exfiltration, infrastructure leveraged for
sending spam and attacks, web defacement, etc.)
• Expertise
– Terminology and complexity requires direct
interactions between cyber professionals for
accurate diagnostic of incident root cause and
mitigation strategy.
Defence R&D Canada – CSS • R & D pour la défense Canada – CSS
Key Cyber Stakeholders
• Event Office of Prime Interest
– Main web portal
– Shared services (schedule, media, connectivity, etc.)
• Support Organisations
–
–
–
–
Weather systems;
Air traffic systems and other transport services;
Hotel/venue data services;
Cellular and fibre service providers;
• First Responders
– VHF/UHF radios
– Dispatch system
– Emergency phone (911)
• Physical Security
– Area monitoring (camera network)
– Access control systems
– Police and military information networks;
Defence R&D Canada – CSS • R & D pour la défense Canada – CSS
– Satellite, unmanned aerial vehicles
Defence R&D Canada – CSS • R & D pour la défense Canada – CSS
Games Cyber Events
• Vaucouver2010.com
– Hosted in Ukraine
– Copy of Vancouver2010.com;
– Video codec;
“Olympic hats and mittens”
“2014 Winter Olympics”
“David Atkins artist”
“Luge Accident video Olympics”
“Apollo Ono Speed Skater”
“Opening Ceremony Olympics 2010”
“Opening Ceremony Olympics Tickets”
“Olympian Tweeting”
“Nodar Kumaritashvili Death”
“US short track speed skating”
“K.D. Lang Olympics”
of Nations”
Defence R&D Canada – “Olympic
CSS • R &Parade
D pour la défense
Canada – CSS
• Search engine optimization
(SEO) poisoning of Google
index
G8/G20 Key Cyber Stakeholders
FIN
Federal
DND
CFNOC
Provincial
CCIRC
Ontario IPC
DFAIT
SMO
OPP
ISU
RCMP
IC
Toronto
Municipal
Telcos
Defence R&D Canada – CSS • R & D pour la défense Canada – CSS
G8/G20 Cyber Events
• Phishing
– Financial sector
– Federal departments
http://apelbaum.files.wordpress.com/2010/02/phish1.jpg
Defence R&D Canada – CSS • R & D pour la défense Canada – CSS
Lessons Learned
• Build trust
– Face-to-face
– Dedicated support staff
• Enable Reporting
– Regular teleconferences
– Simple incident exchange mechanism
• Incident report template
• Provide secure communication channels
– PGP;
– PKI;
Defence R&D Canada – CSS • R & D pour la défense Canada – CSS
Conclusion
• Cyber security does not fit well in existing emergency
management frameworks:
– Distributed ownership;
– No geographical boundaries;
– Time scale;
• Defence R&D Canada was the right group to perform this work:
– Expertise;
– Trust (security clearances!)
– Impartial;
• There will always be cyber risks but identifying key
stakeholders, building trust amongst them, and providing an
information sharing forum has shown to be an efficient and
effective way to mitigate risks.
Defence R&D Canada – CSS • R & D pour la défense Canada – CSS