Tag Archive for Office of Cyber and Infrastructure Analysis

DHS Infrastructure Security Note: Unmanned Aircraft Systems Cybersecurity Risks

The Department of Homeland Security (DHS)/National Protection and Programs Directorate (NPPD)/Office of Cyber and Infrastructure Analysis (OCIA) assesses that unmanned aircraft systems (UASs) provide malicious actors an additional method of gaining undetected proximity to networks and equipment within critical infrastructure sectors. Malicious actors could use this increased proximity to exploit unsecured wireless systems and exfiltrate information. Malicious actors could also exploit vulnerabilities within UASs and UAS supply chains to compromise UASs belonging to critical infrastructure operators and disrupt or interfere with legitimate UAS operations.

(U//FOUO) DHS Assessment: Foreign Terrorist Organization-Inspired Vehicle-Ramming Attacks

assesses the increase in the number of vehicle-ramming attacks since January 2016 indicates Foreign Terrorist Organization (FTO) messaging efforts are probably resonating with violent extremists and will most likely continue in the near term. FTO-inspired violent extremists will probably continue to plan and engage in vehicle-ramming attacks against Western-based mass gathering and public venues since this tactic often requires minimal training, expertise, and preoperational planning. Since January 2016, eight FTO-inspired vehicle-ramming attacks have occurred in Western countries. OCIA identified three common characteristics among these attacks: targeting of public venues or mass gatherings; use of secondary weapons; and lack of observable indicators immediately before the attack.

DHS Infrastructure Assessment: Electric Vehicle Charging Stations

Electric vehicle (EV) usage continues to increase in the United States, along with its supporting infrastructure. As EVs increase in market share, issues like charging speed and battery capacity will drive future development of EV charging technology. As EV demand increases, manufacturers will continue to develop, build, and deploy additional Internet-connected charging stations and new connected technologies to satisfy demand.

DHS Report: Artificial Intelligence Risk to Critical Infrastructure

Artificial Intelligence (AI) is an emerging risk that will affect critical infrastructure (CI) as it becomes common throughout the United States. The purpose of this research paper is to analyze the narratives about AI to understand the prominence of perceived key benefits and threats from AI adoption and the resulting implications for infrastructure security and resilience. Narratives are strongly held beliefs, and understanding them will help decision makers mitigate potential consequences before they become significant problems.

(U//FOUO) DHS Report: Ransomware Goals of Malicious Actors and Current System Vulnerabilities

OCIA assesses that if specific industrial control systems (ICS) were successfully infected with ransomware, it could affect the ability of certain sectors to provide real-time management and control of large networks of geographically scattered equipment. Although security researchers have demonstrated the possibility of ransomware targeting control systems, OCIA assesses that such an attack is highly unlikely given the higher success rate against consumer and business systems, the likelihood that business and process control networks are segmented, and the ability for operators to take a control system out of service and employ manual overrides.

(U//FOUO) DHS Report: Potential Impacts of WannaCry Ransomware on Critical Infrastructure

On May 12, 2017, organizations across the world reported ransomware infections impacting their computer systems. The infections, caused by a ransomware strain referred to as WannaCry, restricts users’ access to a computer and demands a ransom to unlock it. The U.S. Department of Justice defines ransomware as, a type of malicious software cyber actors use to deny access to systems or data until the ransom is paid. After the initial infection, ransomware attempts to spread through systems and networks.

DHS Guide: Risks to Critical Infrastructure Using Cloud Services

Cloud services offer a number of benefits such as scalability, high availability, and decreased ownership cost. As a result, owners and operators in several critical infrastructure sectors such as Communications, Energy, Financial Services, Information Technology, and Transportation Services have migrated in-house computing resources to cloud infrastructures. However, cloud service environments still possess many of the same potential vulnerabilities associated with internally hosted environments, as well as additional exploits to virtual systems or networks. Owners and operators of critical infrastructure need to fully understand the risk environment as they address current cloud services and consider additional migration.

(U//FOUO) DHS Critical Infrastructure Note: Healthcare and Public Health Sector Cyberdependencies

The Department of Homeland Security (DHS) assesses that given the high value of patient information and proprietary data on the black market, the Healthcare and Public Health Sector will continue to be one of the primary targets for malicious cyber actors. Stolen health data sells on the black market for more than 10 to 20 times the price of stolen credit card data. DHS assesses that growth in the medical device market over the next 4 years will result in more devices connected to the Internet, and an increase in the number of cyber-related incidents that target those devices. This is partly because manufacturers do not place enough emphasis on the security of medical devices.

DHS San Francisco Earthquake Study Hayward Fault Magnitude 7.0 Scenario

The results of this analysis show a strong earthquake will likely cause significant damage to critical infrastructure in the area affecting 547 dams or water control structures, render approximately 300 roadway segments unusable, and cause damage to 172 water and wastewater treatment systems. The scenario earthquake will likely cause damage to 154 dams in the area. Seven of the dams will likely experience Extensive or Complete damage. The Ward Creek Dam, which is used for flood control, is likely to incur Complete damage. Extensive damage to the James H. Turner Dam poses the greatest risk to downstream population. The earthquake will cause damages to many road segments, bridges, and tunnels in the area. As a result, travel times on these roadways and others will increase significantly. Multiple areas on freeways such as I–680, I–880, and I–580 will have the highest above normal traffic volumes. Several bridges on these freeways will also likely incur Extensive damage. Tunnels in the area will likely have less damage with bores in the Caldecott Tunnel on State Route 24 experiencing only Moderate damage.

DHS Report Finds “Immeasurable Vulnerabilities and Attack Vectors” Against U.S. Critical Infrastructure

A Department of Homeland Security assessment released in April states that critical infrastructure throughout the U.S. faces “immeasurable vulnerabilities and attack vectors” due to the increasingly prominent role of information and communication technology (ICT) in critical infrastructure sectors. The strategic risk assessment, authored by the Office of Cyber and Infrastructure Analysis within DHS, was obtained by Public Intelligence and describes the “convergence of cyber and physical domains” as a strategic threat to the nation’s infrastructure.

DHS Infrastructure Report: Nuclear Reactors, Materials, and Waste Sector Cyberdependencies

The Department of Homeland Security Office of Cyber and Infrastructure Analysis (DHS OCIA) produces cyberdependency papers to address emerging risks to critical infrastructure and provide increased awareness of the threats, vulnerabilities, and consequences of those risks to the Homeland. This note informs infrastructure and cybersecurity analysts about the potential consequences of cyber-related incidents in the Nuclear Reactors, Materials, and Waste Sector and its resilience to such incidents. This note also clarifies how computer systems support infrastructure operations, how cybersecurity incidents compromise these operations, and the likely functional outcome of a compromise.

DHS Infrastructure Report: Consequences of Malicious Cyber Activity Against Seaports

Unless cyber vulnerabilities are addressed, they will pose a significant risk to port facilities and aboard vessels within the Maritime Subsector. These potential vulnerabilities include limited cybersecurity training and preparedness, errors in software, inadequately protected commercial off-the-shelf technologies and legacy systems, network connectivity and interdependencies, software similarities, foreign dependencies, global positioning system jamming-spoofing, and insider threats.

DHS Aging and Failing Infrastructure Report: Dams

Dam safety incidents can occur at any point during a dam’s lifetime, but the most common period of dam failure is the first 5 years of operation. The United States Society of Dams conducted a study in 2009 of 1,158 national and international dam failures and safety incidents and found that 31 percent of safety incidents occur during construction or within the first 5 years of operation. The most common causes of failure are overtopping, piping, and foundation defects. Overtopping caused by flooding and high-water events accounts for 34 percent of dam failures in the United States. Erosion caused by overtopping can compromise embankments and lead to failure. The risk of overtopping increases if the spillway design is inadequate, debris causes spillway blockage, or the dam crest settles.

DHS Aging and Failing Infrastructure Report: Navigation Locks

Most locks are designed to last for 50 years, but 54 percent of IMTS locks are more than 50 years old, and 36 percent are more than 70 years old. Many of these locks are in need of repair and replacement, and some lack basic maintenance. Concrete is crumbling at some locks, and some have not been painted in 25–30 years, increasing the risk of corrosion. Locks lacking maintenance or in need of repair and replacement are more likely to have unscheduled closures. Unscheduled closures are more costly than scheduled closures, because vessel operators and companies are unable to plan to offset the delays from these incidents. The annual number of unscheduled lock closures has steadily increased since 1992. Fewer than 7,000 unscheduled closures occurred every year before 2000, and more than 7,000 occurred every year after 2000, peaking in 2008 with 13,250.

DHS Aging and Failing Infrastructure Report: Highway Bridges

The Department of Homeland Security Office of Cyber and Infrastructure Analysis (DHS/OCIA) produces Critical Infrastructure Security and Resilience Notes in response to changes in the infrastructure community’s risk environment from terrorist activities, natural hazards, and other events. This product summarizes the findings related to highway bridges that were identified in the National Risk Estimate on Aging and Failing Critical Infrastructure Systems released by DHS/OCIA in December 2014.

DHS Report on Cyber-Physical Infrastructure Risks to Smart Cities

As technology pervades into our everyday lives, once simple devices have become smarter and more interconnected to the world around us. This technology is transforming our cities into what are now referred to as “Smart-Cities”. Smart Cities have been defined as urban centers that integrate cyber-physical technologies and infrastructure to create environmental and economic efficiency while improving the overall quality of life. The goal of these new cities is to create a higher quality of life, a more mobile life and an overall increased efficient use of available resources. Some examples of Smart-City technologies are interconnected power grids reducing power waste, smarter transportation resulting in increased traffic management, and smarter infrastructures that reduce hazards and increase efficiency.