Posts Tagged ‘Cyber Security’

DHS Cyber Security Resources Catalog

June 13, 2010 Leave a comment

Copied from

The Department of Homeland Security (DHS) has released a “Private Sector Resources Catalog” collecting training, publications, guidance, alerts, newsletters, programs, and services available to the private sector. This is the first such effort to encompass all of DHS and represents a commitment to facilitate public access and increase transparency. The publication recognizes the diversity of the private sector and includes resources for academia, nonprofits, NGOs, and businesses large and small. DHS has repeatedly stated the important role played by these actors in our nation’s homeland security and has worked to strengthen partnerships and increase engagement at the local, state, and federal levels. Earlier this year, DHS released the Quadrennial Homeland Security Review report to Congress outlining an enterprise approach to homeland security in which multiple partners including the private sector share roles and responsibilities in upholding the public safety and well-being of the United States.

Link to the DHS CyberSecurity Catalog

High Impact, Low Frequency Risks to the NA Power Grid

June 9, 2010 Leave a comment

NERC issued a report that speaks about the challenges posed by ‘High Impact, Low Frequency Risks’ on the Power Grid.

Although the report is not exclusive to cyber attacks, I will try and highlight the areas of interest to people like me, cyber security fanatics.

Attack Window

Attack Window

Snippet from page 10/11

The risk of a coordinated cyber, physical, or blended attack against the North American bulk power system has become more acute over the past 15 years as digital communicating equipment has introduced cyber vulnerability to the system, and resource optimization trends have allowed some inherent physical redundancy within the system to be reduced. The specific concern with respect to these threats is the targeting of multiple key nodes on the system that, if damaged, destroyed, or interrupted in a coordinated fashion, could bring the system outside the protection provided by traditional planning and operating criteria. Such an attack would behave very differently than traditional risks to the system in that an intelligent attacker could mount an adaptive attack that would manipulate assets and potentially provide misleading information to system operators attempting to address the issue.

it also adds:

While no such attack has occurred on the bulk power system to date, the electric sector has taken important steps toward mitigating these issues with the development of NERC’s Critical Infrastructure Protection standards5, the standing
Critical Infrastructure Protection Committee6, and a myriad of other efforts. More comprehensive work is needed, however, to realize the vision of a secure grid. Better technology solutions for the cyber portion of the threat should be developed, with specific focus on forensic tools and network architectures to support graceful system degradation that would allow operators to “fly with fewer controls.” Component and system design criteria should also be reevaluated with respect to these threats and an eye toward designing for survivability. Prioritization of key assets for protection will be a critical component of a successful mitigation approach.

The report reflects a significant shift in industry specific standards by referencing active security monitoring, security intelligence and specially designed forensics tools.

You can download a copy of the (120 pages) report here



National Traffic Engineering

June 29, 2009 Leave a comment

I was going through some nice reports from (Arbor Networks) and some regional ISPs showing how Iranian internet traffic was manipulated and controlled before/during and after the elections ( also applicable for any scenario in which a government is trying to be in foul control ).

The reports show that the government controlled telecom provider -Data communication Company of Iran- (or DCI) couldn’t block the internet in general because that would be impossible without impacting business ( emails …etc ) and perhaps causing further social unrest.

So (DCI) choose a more balanced approach that utilizes application firewalls to selectively rate-limit selected Internet applications (either by payload inspection or ports) , mainly trying to limit video streaming and file sharing.

As you can see from this graph (Source Arbor Network report ) showing how the video traffic was high in demand right after the elections ” due to global interest” then traffic was suddenly blocked due to (DCI’s) application filtering policies

Video streaming in Iran

Apparently the new policy was to block (SSH , Streaming Video and File sharing ) all with a blocking rate of +80% , and rate-limit (Mail, HTTP and FTP ) all around 50% block rate. (See Blow)

Block Rates

Block Rates

You can see how the internet traffic in general was suffering exactly 1 day after the elections ( Graph below )

Iranian Internet Traffic

The Full reports can be found under :

Iranian Traffic Engineering
A Deeper Look at The Iranian Firewall

My Comments: State owned and controlled communication infrastructures and national internet gateways is the common setup in many countries so a similar scenario is always a valid threat, but I think that as more businesses and more economies come to rely on the internet its unlikely that we will see that happening again. or at least it will be a much tougher and costly decision exponentially with time.

Social Media and Cyber Security

June 18, 2009 1 comment

I was reading a friend’s blog on how twitter decided to reschedule its maintenance downtime to accommodate the iranian elections !! As per twitter status blog, “A critical network upgrade must be performed to ensure continued operation of Twitter. In coordination with Twitter, our network host had planned this upgrade for tonight. However, our network partners at NTT America recognize the role Twitter is currently playing as an important communication tool in Iran. Tonight’s planned maintenance has been rescheduled to tomorrow between 2-3p PST (1:30a in Iran).” (official twitter blog post HERE )It is interesting that twitter decided to be offline during US peak hours, for the availability in Iran.

according to a ZDNET blog Apparently twitter was successfully used to coordinate a DDoS attack on several key pro-Ahmadinejad Iranian web sites, including the President’s homepage which continues returning a “The maximum number of user reached, Server is too busy, please try again later…” message.

Also, Back in April 2008 a group of Egyptian youth used Facebook to create a group (+70,000 members) to organize and coordinate a nationwide strike that quickly became a regional media hype (The Group’s page ).

under the basic terms of service it clearly says that:

“You may not use the service for any illegal or unauthorized purpose. International users agree to comply with all local laws regarding online conduct and acceptable content.” yet they agree to reschedule the maintenance schedule to accommodate the “freedom fighters” !

Its clear that web 2.0 is here to change the game, the problem is that its a game with no rules…yet.

He who can harness the power of hundreds of millions of “mostly teenage” users and direct them in any way imaginable will be the ultimate Bot master.



Is the Cyber Threat To National Security Overblown?

June 7, 2009 Leave a comment

A recent article in with the title (Is the Hacking Threat To National Security Overblown?) argued if the governments are overblowing the issue only to get bigger budgets, more reach and power and control or its actually a real national threat.

The experts view was that its a real threat that can be justified but the actual threat levels are over-estimated.

I tend to have a different view..I believe that since its a threat that can have a direct/indirect impact on the daily life of humans then everyone (citizens and governments) should take note and act responsibly.

from the graph below (From a study by INL) you can see that our networked – IT Dependent society will certainly suffer from a domino effect if the Energy sector/suppliers suffer a service disruption.


I really don’t care if this disruption is caused by a storm or a DDOS. people who say that the threat levels of CIP IT-related risks are over-rated I can only say that the truth is that our knowledge of today’s Critical infrastructures information security is just like our knowledge of PC security ten years ago.

exactly 10-12 years ago we had pretty much the same debates about legislations, privacy issues,should the vendors be held accountable for vulnerable softwares, standards like BS7799…etc

another dimension of the problem is that most of the critical infrastructures “world wide” are reluctant to share lessons learned or incidents…due to corporate image fears and the competitive nature of the industries. So no one should claim to have the complete image, even within his own country. so let aside scenario’s like the world-wide impact of a cyber attack on Saudi’s Aramco for instance. (think of it as a cyber attack on NYS if you are using stocks for heating)

We are much more informed about every other type of national threat there is ( Natural disasters included ). yet we are much less informed about national level cyber risks/threats. probably because this is the newest of all threats.

so till we get our act together in terms of technology , legislations, standards and inter-connection impact and international cooperation I believe its only safer to treat cyber threats as the most critical till proven otherwise.

Results of the 60-Day Cyber Security Review in the US

June 1, 2009 Leave a comment

I am attaching the Cyber Security report that the US administration requested to highlight the current state and challenges facing the US in CyberSpace.

The report can be downloaded from (HERE)