This course introduces a series of advanced and current topics in cyber security, many of which are especially relevant in modern enterprise and infrastructure settings. The basics of enterprise compliance frameworks are provided with introduction to NIST and PCI. Hybrid cloud architectures are shown to provide an opportunity to fix many of the security weaknesses in modern perimeter local area networks. Emerging security issues in blockchain, blinding algorithms, Internet of Things (IoT), and critical infrastructure protection are also described for learners in the context of cyber risk. Mobile security and cloud security hyper-resilience approaches are also introduced. The course completes with some practical advice for learners on how to plan careers in cyber security.
Critical Infrastructure - Part 2 - Protection Methods
Loading...
来自 New York University Tandon School of Engineering 的课程
Enterprise and Infrastructure Security
145 个评分
New York University Tandon School of Engineering
145 个评分
课程 4(共 4 门,Specialization Introduction to Cyber Security)
从本节课中
Blockchain, Anonymity, and Critical Infrastructure Protection
This module introduces several advanced topics in cyber security ranging from blockchain usage, user anonymity, and critical infrastructure protection.
与讲师见面
Dr. Edward G. AmorosoResearch Professor, NYU and CEO, TAG Cyber LLC
Computer Science
Hi everyone, Ed Amoroso here.
And this is kind of part two of our discussion of critical infrastructure
in the context of cybersecurity.
Now, you'll recall, in our last video, we said that critical
infrastructure kind of corresponds to this property that, if removed,
it makes it impossible for a mission, the attendant mission, to be supported.
If that sector, component, transportation, water,
energy, defense, if those things are missing,
then it's hard for society to achieve its mission, fair enough?
So the question is, how do we stop these types of things from cyber attacks?
Now, for many years, the presumption was,
eh, critical infrastructure, your PC, what's the difference?
If I asked you, how do you protect your PC at home, you'd probably go,
well, passwords, some system administration.
I do some scanning,
I run a little firewall on it, a little encryption of some stuff, that's it.
Say firewalls, encryption, password, scanning.
And then I say hey, big critical infrastructure.
The transportation systems and control systems in your country,
how do you protect that?
Sadly, too often the answer is then you know, passwords, firewalls,
we scan it, do a little encryption, you do some system administration.
It's the same stuff [LAUGH] now look your PC compared to
a massive critical infrastructure component is
that is different as a tricycle and a big jumbo jet.
These are totally different.
These are fundamentally different components.
They're both means of transportation, they both have wheels, they both take
human beings from here to there, but that's kind of where the similarity ends.
And so it turns out that there's some techniques for protecting critical
infrastructure that transcend in a normal everyday cybersecurity.
I want to mention one example and then kind of dig in to a second.
So one example is called situational awareness.
And that's where you're hyper aware at all times of the threat level and
threat condition, and amount of potential vulnerabilities, exploitable holes and
other things that might exist in an infrastructure.
You're keeping track of that, situationally aware at all times.
Does that have any meaning on your PC?
Really not, like you don't have to be kind of a weird person to be
constantly hovering around your PC being situationally aware having it all wired,
the telemetry pouring out, you're constantly monitoring the safety and
security of your PC.
Very unlikely that you're going to do that on an individual basis.
But if you're dealing with the transportation sector, or
you're dealing with the military or power, then you are absolutely doing that.
And I think it's a good kind of first view of how different
protection methods might be for something small, something large.
Small things can be manual, large things can't be manual,
you have to have some way of scaling.
Small things can be in some sense, they don't have the need to scale.
You don't need to be able to measure how quickly something can be deployed when you
scan your PC at home.
If it takes an hour or two [NOISE] no problem.
You want to deal with scale when you've got thousands or tens of thousands or
even millions of components, suddenly scale matters.
Like if you want to run scans on all of these things and
they each take two hours you may have a problem, so
you have to attend to fundamentally different set of concerns.
So this idea of situational awareness is one that I think is pretty useful.
But a more interesting one frankly,
that illustrates the difference, is something known as diversity.
Now diversity means intentionally introducing difference in an ecosystem.
So for example, I'll give you a contrary example.
There's some companies,
like here in the US there's an airline called Southwest Airlines.
I can show you a picture here of all the airplanes lined up at an airport.
Southwest, in order to keep their costs low, in order to keep sort of the training
and the operations kind of uniform through the whole fleet,
they fly one kind of airplane, 737.
Good idea, these are all wonderful jets.
And it allows the training and the operation to be the same.
They're all the same.
They don't have ten different kinds of airplanes.
But suppose
the Aviation Administration of the United States decided to ground that jet.
Well, that would cause a big problem because they don't have great diversity.
Now again, this is not cyber issue,
I'm just trying to illustrate the strengths and weaknesses of diversity.
In contrast if you look at it sort of as a bio-diverse ecosystem in a beautiful
picture here of an ecosystem.
Where you've got lots of different foliage and plant life and animal life and
other types of things, bacteria, and soil and everything is different and
they all work together in a very symbiotic and diverse manner.
It be different to take something like this out with say one crop disease
by taking one segment of the very diverse population out, but
it wouldn't take everything out.
So the idea say for your PC to have diversity doesn't make sense,
because you're going to pick an operating system, you're going to pick applications,
you're going to just be what it is.
But in a large ecosystem around some critical infrastructure component,
you might decide specifically to introduce diversity into that populous.
Meaning lots of different operating systems, lots of different applications,
diverse network technologies, diverse geographic regions, and on and on and on.
The reason being, that if somebody attacks one component of that infrastructure
sector, it will not easily cascade across to other sectors.
This idea of cascading is a weakness in a non-diverse ecosystem.
When you have everything the same, a bazillion Windows computers
are vulnerable if they're all connected together.
If somebody's got a killer virus for Windows, it's going to cascade.
But if I introduced five other operating systems and sprinkle them around suddenly
my Windows virus that comes in will only cascade to other vulnerable systems.
When it hits a diverse interface,
hits something that's not willing to accept that virus, it stops.
You can see how that's a good way to stop cascading.
No meaning in the context of a small system.
Fundamental consideration in the context of critical infrastructure.
And the reason I think it's such an interesting one is that IT and
system managers generally hate it.
[LAUGH] And so the problem we have, in cybers is once in a while we hit on
something that cybersecurity experts want, but IT folks don't like too much.
And diversity is the poster child for that.
A contraexample would be virtualization, where data center managers and
CIOs and IT managers love virtualization.
It reduces, costs, improves flexibility and
security people should love it as well because it allows us to microsegment and
to shrink wrap perimeters without hardware and on and on and on.
So it's not always the case that we're at odds, but for critical infrastructure I
think you want to keep in mind that there's going to be a fundamentally
different set of protection measures that we use than for small.
And occasionally, we may find that they're somewhat at odds with our IT partners.
Now I got a little quiz here, and the answer's all of the above.
Those are all true statements with respect to critical infrastructure.
So I hope this has been a helpful introduction to something that I really do
think anyone who considers themself a cybersecurity expert
has to have some facility with.
And if you are a decision-maker, particularly in government, then I hope
this has helped clarify some aspects of cybersecurity in a larger context.
I'll see you in the next video.
