Room for Improvement

By Chris Preimesberger  |  Posted 2006-09-03 Print this article Print

As a DHS-designated Critical Infrastructure Facility, the aqueduct is provided with up-to-the-minute threat information and security enhancements "that won't be visible to the casual observer," the spokesperson said.

Sandia found many areas for improvement in these and about 30 other Red Team engagements of critical infrastructure. Many of them can be found in a paper that Sandia delivered at multiple security conferences and is available on the IORTA Web site titled "Common Vulnerabilities in Critical Infrastructure Control Systems."

"From the RAM-W reports, [the EPA was] able to come up with a set of Red Team research-based recommendations for those water districts, so they could know how and where to invest their money in security tools and policies," Skroch said.

Another ongoing project involves the detection of explosives, weapons or other military contraband being shipped into the country through U.S. ports.

"Security technologies are often brittle to threats," Skroch said. "Those developing security solutions usually forget that their technology or solution will itself become a target. For instance, when you put a lock on a door, a criminal may give up, attack the lock or find ways to go around the lock.

Click here to read about how Sandia keeps an eye out for cyber-terror.

"Locksmiths know there are ways to pick a lock. It seems that many security vendors forget that their systems may be attacked once placed in the field."

Sandia also is contributing to systems that detect localized biological and chemical attacks in military and civilian event settings.

These projects utilize Red Teams to understand what types of threats must be detected and also to ensure that each chemical or biological system is hardened against possible attacks that might stop it from working.

Skroch would not elaborate on what the Red Teams are doing on these projects but said they are working on both the IT and the physical natures of the problems.

Red Teams' Toolbox

IORTA utilizes both hardware and software tools in its efforts. "Some tools are used for analysis, others for planning attacks, while other tools are used to reach out and touch our target," Skroch said.

"Our teams preference for tool environments are Linux-based operating systems for a number of reasons. However, we regularly use Windows platforms as needed," he said.

"In one approach, we regularly operate with open-source tools available on the Internet. There are a lot of great tools there and the communities that surround each are doing great things.

"We are very careful to not apply these tools to operational or sensitive networks, because there could be additional features in some of the tools. We will rewrite functionality of certain tools from scratch in-house to apply to such networks."

Skroch said the Red Teams also develop their own tools and scripts as needed on the fly.

"Red Teams portray a dynamic threat-it's no surprise we encounter unanticipated security barriers or situations," Skroch said.

"So, when we're in the field attacking a system, we have to develop our own scripts, hardware or social engineering attacks to penetrate information systems." Whether the Red Teams and their tools are successful remains to be seen. Ultimately, it's unknown how a cyber-attack would unfold.

Gregory Rattray, faculty member of the U.S. Air Force Academy, wrote on the academy's Web site that cyber-terrorism is likely to become a "more significant national security concern."

And although terrorists face multiple hurdles in launching a digital attack, "U.S. efforts to mitigate cyber-terrorism will have to advance incrementally."

In other words, the Sandia Red Teams have their work cut out for them.

For reader reaction to this article, click here.

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.

Chris Preimesberger Chris Preimesberger was named Editor-in-Chief of Features & Analysis at eWEEK in November 2011. Previously he served eWEEK as Senior Writer, covering a range of IT sectors that include data center systems, cloud computing, storage, virtualization, green IT, e-discovery and IT governance. His blog, Storage Station, is considered a go-to information source. Chris won a national Folio Award for magazine writing in November 2011 for a cover story on and CEO-founder Marc Benioff, and he has served as a judge for the SIIA Codie Awards since 2005. In previous IT journalism, Chris was a founding editor of both IT Manager's Journal and and was managing editor of Software Development magazine. His diverse resume also includes: sportswriter for the Los Angeles Daily News, covering NCAA and NBA basketball, television critic for the Palo Alto Times Tribune, and Sports Information Director at Stanford University. He has served as a correspondent for The Associated Press, covering Stanford and NCAA tournament basketball, since 1983. He has covered a number of major events, including the 1984 Democratic National Convention, a Presidential press conference at the White House in 1993, the Emmy Awards (three times), two Rose Bowls, the Fiesta Bowl, several NCAA men's and women's basketball tournaments, a Formula One Grand Prix auto race, a heavyweight boxing championship bout (Ali vs. Spinks, 1978), and the 1985 Super Bowl. A 1975 graduate of Pepperdine University in Malibu, Calif., Chris has won more than a dozen regional and national awards for his work. He and his wife, Rebecca, have four children and reside in Redwood City, Calif.Follow on Twitter: editingwhiz

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel