A Network of Networks

| 2008 10 29 |

A Network of Networks

| 2008 10 29 |

Connections

• Making connections

• Body of knowledge

• Network to Protect a Network

| 2008 10 29 |

Learning objectives

• Principle CI sectors in Canada

• Strategic approach

| 2008 10 29 |

The main question

As a nation what do we need to do to prevent attacks on our CI?

| 2008 10 29 |

The main challenge

“What’s Best?”

| 2008 10 29 |

Strategy

• Vital CI Protection

• National Security/Public Safety

• Federal/municipal

| 2008 10 29 |

Strategic principles

1. Network vs. network

2. Hubs not spokes

3. 80% on 20% spending

4. Dual purpose

5. Asymmetric

| 2008 10 29 |

Current trends in Risk Assessment

• Rising level

• Efficiency and simplicity

• Effectiveness

• Preparedness

| 2008 10 29 |

Sectors & responsible Federal Department

Energy and utilities Natural Resources Canada

Communications & IT Industry Canada

Finance Finance Canada

Health care Public Health Agency of Canada

Food Agriculture and Agri-Food Canada

Water Environment Canada

Transportation Transport Canada

Safety Public Safety Canada

Government Public Safety Canada

Manufacturing Industry Canada, Department of National Defence

| 2008 10 29 |

Actor Roles Responsibilities

Federal Lead national • Advance collective national approach to protecting activities CI• Collaborate with national associations• Collaborate with CI owners and operators within

federal mandate in consultation with provinces

and territories

Provincial/Territorial Lead provincial • Collaborate with FTP activities to achieve the objectives of the National Strategy• Coordinate activities with other levels of

government, including local governments,

associations and CI owners and operators

Critical Infrastructure Owner/Operator

Collaboratively manage risks related to their

critical infrastructure

• Responsible for risk management• Participate in CI identification, assessment,

prevention/mitigation, preparedness, response

and recovery activities

Action plan

Page 11 | 2008 09 09 |

Reality

Page 12 | 2008 09 09 |

Critical Infrastructure (CI) “Club”

• Interdependence

• Mutual interests

• National Emergency Strategy

• 90% of events local

• “Family” response

Page 13 | 2008 09 09 |

Linkages in CI sectors

Communications & IT

HealthcareFood Manufacturing

Water

Government

Level 1

Level 2

Level 3

Transportation SafetyFinance

EnergyUtilities

Page 14 | 2008 09 09 |

Communications & IT

Safety

Healthcare

Finance

Level 1

Level 2

Level 3

Example: Interdependencies on 911

Transportation

EnergyUtilities

Page 15 | 2008 09 09 |

Why is telecommunications a CI?

What was the first critical infrastructure to be recognized as such by the Federal Government?

1. Cuban Missile crisis

2. Kennedy - Khrushchev

3. Hotline link

4. NCS (National Communications System)

Page 16 | 2008 09 09 |

Challenges in CI assurance

• Vastness

• Command

• Information sharing

• Knowledge

• Interdependencies

• Inadequate tools

• Asymmetric conflict

Page 17 | 2008 09 09 |

Critical Infrastructure #11: the Internet

• Beyond control

• Largest business

• No CEO, governance, oversight

• Potential for abuse

• Cyber war

Page 18 | 2008 09 09 |

Internet epidemics

• Social network

• Cascade model

• “Susceptible, infected, susceptible” cycles

Page 19 | 2008 09 09 |

Cyber crime: Numbers speak volumes

• #1 crime in North America

• 70% of victims do not report

• Only 245 cyber crime police

• 18M Canadians - $50B of commerce

Page 20 | 2008 09 09 |

SCADA - Critical Infrastructure #12

• Power generation• Power distribution• Automatic metering

• Gas production• Gas distribution• Gas supply management

• Telecommunications• Oil refinery control

• Oil pipeline management

Page 21 | 2008 09 09 |

Telecommunications sector vulnerabilities

• Clustered Critical nodes

• telecom hotels• IEC POPS and gateways• land earth stations (LES) that link communication satellites to

terrestrial communication

• Gateway connections

• Cyber attacks, and HPM attacks

Page 22 | 2008 09 09 |

Hardening the Internet

• 13 root servers

• 13 gTLD servers

• 26 NAPs

• 50+ top e-commerce sites

Page 23 | 2008 09 09 |

Unified Communications

• Video & other sensor data collection & analysis

• Event monitoring

• Situational management

• First responder alerting

• Field based identity verification

Page 24 | 2008 09 09 |

• Redundancy

• Layering

• Geographical separation

• Growth/enhancement

• Situational awareness

Control Centre security principals

Page 25 | 2008 09 09 |

Olympic winter games

Page 26 | 2008 09 09 |

Para-Olympic Winter Games

Page 27 | 2008 09 09 |

VANOC IOC / IPC

InternationalSport Federations

Accredited Media

National Committees

Broadcasters

Sponsors

User Groups From Around The World

Page 28 | 2008 09 09 |

Vancouver 2010• Connectivity

• Voice, Internet, Data

• Cable TV

• Broadcast

• PCS Wireless

• Private Radio

• Wireless Networking

• Business Office

• Portal

• Staffing

• 2010 Innovation Centre

Page 29 | 2008 09 09 |

Bell’s role

Page 30 | 2008 09 09 |

34,000

8

2

130

19

The games in numbers

Page 31 | 2008 09 09 |

What’s at play?

• H.323, XML, SOAP, T1, DS3, VoIP, SONET, EvDO,

• 802.11g, 802.1q, E10, E100, PSTN, PTT, SDI, HD,

• ISDN, SS7, HTML, SSL, BGP, OC3, OC12

Page 32 | 2008 09 09 |

Coverage

Page 33 | 2008 09 09 |

Conclusions

• Core based Security

• Public/Private partnership

• Security Culture

• Technology as tool

• External audit

| 2008 10 29 |

Brian [email protected]

403 831-2434

Thank you