FRISC Working Group on Cyber Infrastructure Protection (CIWG)

Background

The national Cyber Infrastructure (more commonly also referred to as Critical Information Infrastructure or CII) can arguably be considered to be covering all sectors of the Critical National Infrastructure as information and communication technology is required for the effective and efficient operation of these [5]. Even sectors that may be considered to be only remotely affected such as the water and wastewater sector implicitly rely on sensor and actuator networks to ensure safe and reliable supply, and rely on policies and procedures that either explicitly or implicitly assume the availability of database and other information systems as well as communication networks.

These developments are long-standing, but become more significant as legacy systems, communication mechanisms, and fall-back procedures become obsolete or are no longer maintained. As in most industrialised nations, the CNI in Norway is owned and operated partly by the state and private sector, albeit with typically significant oversight, requiring close collaboration in shaping timely and effective legal and regulatory frameworks. Whilst the time-scales between such frame works and technical developments are necessarily different, one of the objectives of the working group is to act as an unbiased body for the identification and assessment of novel and changing risks and threats to the cyber infrastructure and ultimately the overall CNI. This can only be achieved by sharing insights and perspectives among infrastructure owners and operators on one hand and the research community on the other hand, whilst ensuring that no sensitive or commercially privileged information is released to unauthorised parties.

Large parts of the infrastructure, however, are not and cannot be sourced domestically, relying on supply chains from semiconductors via embedded systems to enterprise resource planning systems that are largely dominated by overseas entities. This poses a significant potential for threats and attack, which may stem from individuals, organised crime and terrorists, but increasingly also from state-sponsored entities. Whilst attacks on critical infrastructure as the alleged U.S. Olympic Games programme (Stuxnet,Flame,Gauss,DuQu) are often cited, intelligence collection and indus trial espionage are both threats in their own right and serve as preparatory stages for severe attacks.

This has been demonstrated amply by a breach at EMC (RSA Security) in March 2011 compromising the widely-used SecurID tokens [1] that were i.a. used to collect intelligence from U.S. defence contractors including Lockheed Martin, L-3 Communications, and Northrop Grumman [2, 3]. A recent breach at Adobe Systems in August 2013 resulting in loss of source code and customer account data has similarly been linked to potential efforts at discovering vunerabilities and enabling spear-phishing attacks common in targeted and persistent attacks [4].

Whilst the scope of the ICT sector in Norway is not in a position to develop wholly domestic systems, it plays a key role in providing assurance for critical components and in developing over all architectures involving wider supply chains. Developing a network of information security researchers and professionals with in-depth knowledge of the cyber and wider critical national infrastructure is key to this complex and fast-evolving area, as are joint efforts to advance the state of the art through research and development activities and interaction with regulatory, defence, and other government entities. The proposed working group seeks to offer a combination of both as outlined in the programme of work identified below.

Programme of Work

The programme of work is divided into two parts, with the establishment of the working group and a view to collect interested parties followed by activities that may involve either the entire group or sub-groups in targeted activities such as research proposals and collaborations. FRISC is asked to contribute with kr. 25 000 to the working group.

Working Group Meetings

The working group seeks to have 2–3 plenary meetings in 2014; where possible these are to be co-located to existing events such as NISK or a breakfast meeting to minimise efforts required. Participation in the working group will be open to FRISC members and interested parties from government and industry on a consensual basis. The discussions and deliberations of the working group are to be public initially, but with a well-established mechanism for ensuring confidentiality, non-attribution, and the protection of participants’ interests on an as-needed basis.

The working group may form sub-committees on specific sectors or problem areas that may meet at different times and frequencies, but which are to report on their activities to the overall working group at plenary meetings.

The main purpose of the plenary working group is to permit researchers and practictioners to discuss novel and anticipated problems in the cyber infrastructure security area and to identify the skills and capabilities of participants for exchange and possible collaborations on bilateral or group-based activities.

Research Collaborations

As an in-depth understanding of the cyber infrastructure and the associated risks and threats is likely to challenge individual research groups, one of the clear objectives of the working group is to serve as a nucleus for the formation of consortia for research proposals.

Particular attention will be paid in the initial effort of the working group to the EU Horizon 2020 programme, notably the “Challenge 7” work programme on secure societies, ensuring strong participation from Norwegian partners both from industry and academia.

At the national level, the working group is expected to liaise with the Norwegian Research Council and will investigate the formation particularly of collaborative consortia involving industry involved in the development, maintenance, and operation of the cyber infrastructure and CNI in BIA (Brukerstyrt Innovasjonsarena) and SFI (Sentre for Forskningsdrevet Innovasjon) programmes.

References

[1] C. Drew. Stolen Data is Tracked to Hacking at Lockheed. New York Times, June 3 2011.

[2] S. Gorman and S. Tibken. Security ’Tokens’ Take Hit. Wall Street Journal, June 7 2011.

[3] P. Kaminski. Resilient Military Systems and the Advanced Cyber Threat. Technical report, United States Department of Defense Defense Science Board, Washington D.C., USA, Jan. 2013. (Unclassified Summary).

[4] H. Kuchler. Hacking of Adobe source code raises fears of cyber attacks. Financial Times, October 6 2013.

[5] S. Ullring. Når Sikkerheten er Viktigst: Beskyttelse av landets kritiske infrastrukturer og kritiske sammfunnsfunksjoner. Norges Offentlige Utredninger NOU 2006:6, Apr. 2006. Justis- og Politidepartementet.

Contact Persons

Prof. Stephen Wolthusen
Gjøvik University College

Assoc. Prof. Nils K. Svendsen
Gjøvik University College