Uh-oh, it looks like your Internet Explorer is out of date.

For a better shopping experience, please upgrade now.

Cyber Attacks: Protecting National Infrastructure

Cyber Attacks: Protecting National Infrastructure

by Edward Amoroso

See All Formats & Editions

Cyber Attacks takes the national debate on protecting critical infrastructure in an entirely new and fruitful direction. It initiates an intelligent national (and international) dialogue amongst the general technical community around proper methods for reducing national risk. This includes controversial themes such as the deliberate use of deception to trap


Cyber Attacks takes the national debate on protecting critical infrastructure in an entirely new and fruitful direction. It initiates an intelligent national (and international) dialogue amongst the general technical community around proper methods for reducing national risk. This includes controversial themes such as the deliberate use of deception to trap intruders. It also serves as an attractive framework for a new national strategy for cyber security, something that several Presidential administrations have failed in attempting to create. In addition, nations other than the US might choose to adopt the framework as well.

This book covers cyber security policy development for massively complex infrastructure using ten principles derived from experiences in U.S. Federal Government settings and a range of global commercial environments. It provides a unique and provocative philosophy of cyber security that directly contradicts conventional wisdom about info sec for small or enterprise-level systems. It illustrates the use of practical, trial-and-error findings derived from 25 years of hands-on experience protecting critical infrastructure on a daily basis at AT&T. Each principle is presented as a separate security strategy, along with pages of compelling examples that demonstrate use of the principle.

Cyber Attacks will be of interest to security professionals tasked with protection of critical infrastructure and with cyber security; CSOs and other top managers; government and military security specialists and policymakers; security managers; and students in cybersecurity and international security programs.

* Covers cyber security policy development for massively complex infrastructure using ten principles derived from experiences in U.S. Federal Government settings and a range of global commercial environments. * Provides a unique and provocative philosophy of cyber security that directly contradicts conventional wisdom about info sec for small or enterprise-level systems. * Illustrates the use of practical, trial-and-error findings derived from 25 years of hands-on experience protecting critical infrastructure on a daily basis at AT&T.

Editorial Reviews

From the Publisher
"Amoroso’s advice takes the art out of the debate onwhether security is art or science. He brings a high level goal oriented approach to practical situations in order for the ‘right’ security decisions to appear obvious to the reader. However, no book is a single solution, and this one is no exception. Some readers may be disappointed not to find comprehensive references for further reading. It is apparent that the book surveys a great deal of literature, but there is no bibliography. Readers may also be disappointed that there is no step-by-step guaranteed path to cyber security solutions. The book provides no procedures or checklists. Nevertheless, those who allow Amoroso to influence their view of the security problem at the level he chooses to present it should more easily be able to recognize cyber security solutions."—Computers and Security

"Ed Amoroso has again given the policy community a thoughtful roadmap. Cyberthreats are becoming more sophisticated, but thankfully Ed is well abreast of the problem and leading with solutions."—John Hamre, Deputy Secretary of Defense (1997–2000), president and CEO of the Center for Strategic and Informational Studies, Washington, DC

"Dr. Amoroso's fifth book Cyber Attacks: Protecting National Infrastructure outlines the challenges of protecting our nation's infrastructure from cyber attack using security techniques established to protect much smaller and less complex environments. He proposes a brand new type of national infrastructure protection methodology and outlines astrategy presented as a series of ten basic design and operations principles ranging from deception to response. The bulk of the text covers each of these principles in technical detail. While several of these principles would bedaunting to implement and practice they provide the first clear and concise framework for discussion of this critical challenge. This text is thought-provoking and should be a ‘must read’ for anyone concerned with cybersecurity in the private or government sector."—Clayton W. Naeve, Ph.D., Senior Vice President and Chief Information Officer, Endowed Chair in Bioinformatics, St. Jude Children's Research Hospital, Memphis, TN

"Dr. Ed Amoroso reveals in plain English the threats and weaknesses of our critical infrastructure balanced against practices that reduce the exposures. This is an excellent guide to the understanding of the cyber-scape that the security professional navigates. The book takes complex concepts of security and simplifies it into coherent and simple to understand concepts."—Arnold Felberbaum, Chief IT Security & Compliance Officer, Reed Elsevier

"The national infrastructure, which is now vital to communication, commerce and entertainment in everyday life, is highly vulnerable to malicious attacks and terrorist threats. Today, it is possible for botnets to penetrate millions of computers around the world in few minutes, and to attack the valuable national infrastructure. "As the New York Times reported, the growing number of threats by botnets suggests that this cyber security issue has become a serious problem, and we are losing the war against these attacks. "While computer security technologies will be useful for network systems, the reality tells us that this conventional approach is not effective enough for the complex, large-scale national infrastructure. "Not only does the author provide comprehensive methodologies based on 25 years of experience in cyber security at AT&T, but he also suggests ‘security through obscurity,’ which attempts to use secrecy to provide security." –Byeong Gi Lee, President, IEEE Communications Society, and Commissioner of the Korea Communications Commission (KCC)

"Amoroso has laid the much needed foundation for a solid Critical Infrastructure plan. Security professionals now have the basis to apply his ideas to solve an incredibly complex problem. "—Howard Israel, Corporate Security Officer, Fidessa Corporation

"Cyber Attacks: Protecting National Infrastructure is a captivating journey through cyber security policy development for complex infrastructures by one of today’s foremost experts on large-scale network security. It is a must read technological roadmap for anyone interested in what we must do to strengthen our national network security systems."—Ken Xie, CEO, Fortinet, Inc.

"Some of his ideas are controversial and bound to incite debates about privacy and practice. For instance in his book, Cyber Attacks: Protecting National Infrastructure," Amoroso suggests using large-scale and coordinated collection of network-traffic data as well as security information from end-user desktops to pinpoint botnet-compromised computers, identify suspicious anomalies and trace attack paths."—Network World Magazine

"In his new book Cyber Attacks: Protecting National Infrastructure, Amoroso takes a hard look at common information security practices that have failed to protect individuals, organizations, and ultimately US critical infrastructure. Amoroso offers a new way of looking at information security and some "common sense" strategies to thwart cyberattackers, who are becoming more sophisticated, organized, and advanced."—Infosecurity Magazine (an Elsevier publication)

"Amoroso offers a technical, architectural, and management solution to the problem of protecting national infrastructure. This includes practical and empirically-based guidance for security engineers, network operators, software designers, technology managers, application developers, and even those who simply use computing technology ikn their work or home. Each principle is presented as a separate security strategy, along with pages of compelling examples that demonstrate use of the principle. A specific set of criteria requirements allows any organization, such as a government agency, to integrate the principles into their local environment…. The book takes the national debate on protecting critical infrastructure in an entirely new and fruitful direction."—The Journal of Law Enforcement, Spring 2011

"What sets this effort apart is that it offers a comprehensive list of local enterprise-level suggestion and remedies as well as a plan that is scalable to protect national level infrastructure. What's more, the material is well-written and concisely presented. The author sets out his plan in sufficient detail but without miring the reader in technical details…I highly recommend this book for all intermediate-level and above security practitioners in IT and non-IT positions."—Security Management Magazine, September 2011, p. 168

Product Details

Elsevier Science
Publication date:
Sold by:
Barnes & Noble
File size:
4 MB

Related Subjects

Read an Excerpt

Cyber Attacks

Protecting National Infrastructure
By Edward G. Amoroso


Copyright © 2011 Elsevier Inc.
All right reserved.

ISBN: 978-0-12-384918-2

Chapter One


Somewhere in his writings—and I regret having forgotten where—John Von Neumann draws attention to what seemed to him a contrast. He remarked that for simple mechanisms it is often easier to describe how they work than what they do, while for more complicated mechanisms it was usually the other way round. Edsger W. Dijkstra

National infrastructure refers to the complex, underlying delivery and support systems for all large-scale services considered absolutely essential to a nation. These services include emergency response, law enforcement databases, supervisory control and data acquisition (SCADA) systems, power control networks, military support services, consumer entertainment systems, financial applications, and mobile telecommunications. Some national services are provided directly by government, but most are provided by commercial groups such as Internet service providers, airlines, and banks. In addition, certain services considered essential to one nation might include infrastructure support that is controlled by organizations from another nation. This global interdependency is consistent with the trends referred to collectively by Thomas Friedman as a "flat world."

National infrastructure, especially in the United States, has always been vulnerable to malicious physical attacks such as equipment tampering, cable cuts, facility bombing, and asset theft. The events of September 11, 2001, for example, are the most prominent and recent instance of a massive physical attack directed at national infrastructure. During the past couple of decades, however, vast portions of national infrastructure have become reliant on software, computers, and networks. This reliance typically includes remote access, often over the Internet, to the systems that control national services. Adversaries thus can initiate cyber attacks on infrastructure using worms, viruses, leaks, and the like. These attacks indirectly target national infrastructure through their associated automated controls systems (see Figure 1.1).

A seemingly obvious approach to dealing with this national cyber threat would involve the use of well-known computer security techniques. After all, computer security has matured substantially in the past couple of decades, and considerable expertise now exists on how to protect software, computers, and networks. In such a national scheme, safeguards such as firewalls, intrusion detection systems, antivirus software, passwords, scanners, audit trails, and encryption would be directly embedded into infrastructure, just as they are currently in small-scale environments. These national security systems would be connected to a centralized threat management system, and incident response would follow a familiar sort of enterprise process. Furthermore, to ensure security policy compliance, one would expect the usual programs of end-user awareness, security training, and third-party audit to be directed toward the people building and operating national infrastructure. Virtually every national infrastructure protection initiative proposed to date has followed this seemingly straightforward path.

While well-known computer security techniques will certainly be useful for national infrastructure, most practical experience to date suggests that this conventional approach will not be sufficient. A primary reason is the size, scale, and scope inherent in complex national infrastructure. For example, where an enterprise might involve manageably sized assets, national infrastructure will require unusually powerful computing support with the ability to handle enormous volumes of data. Such volumes will easily exceed the storage and processing capacity of typical enterprise security tools such as a commercial threat management system. Unfortunately, this incompatibility conflicts with current initiatives in government and industry to reduce costs through the use of common commercial off-the-shelf products.

In addition, whereas enterprise systems can rely on manual intervention by a local expert during a security disaster, large-scale national infrastructure generally requires a carefully orchestrated response by teams of security experts using predetermined processes. These teams of experts will often work in different groups, organizations, or even countries. In the worst cases, they will cooperate only if forced by government, often sharing just the minimum amount of information to avoid legal consequences. An additional problem is that the complexity associated with national infrastructure leads to the bizarre situation where response teams often have partial or incorrect understanding about how the underlying systems work. For these reasons, seemingly convenient attempts to apply existing small-scale security processes to large-scale infrastructure attacks will ultimately fail (see Figure 1.2).

As a result, a brand-new type of national infrastructure protection methodology is required—one that combines the best elements of existing computer and network security techniques with the unique and difficult challenges associated with complex, large-scale national services. This book offers just such a protection methodology for national infrastructure. It is based on a quarter century of practical experience designing, building, and operating cyber security systems for government, commercial, and consumer infrastructure. It is represented as a series of protection principles that can be applied to new or existing systems. Because of the unique needs of national infrastructure, especially its massive size, scale, and scope, some aspects of the methodology will be unfamiliar to the computer security community. In fact, certain elements of the approach, such as our favorable view of "security through obscurity," might appear in direct conflict with conventional views of how computers and networks should be protected.

National Cyber Threats, Vulnerabilities, and Attacks

Conventional computer security is based on the oft-repeated taxonomy of security threats which includes confidentiality, integrity, availability, and theft. In the broadest sense, all four diverse threat types will have applicability in national infrastructure. For example, protections are required equally to deal with sensitive information leaks (confidentiality), worms affecting the operation of some critical application (integrity), botnets knocking out an important system (availability), or citizens having their identities compromised (theft). Certainly, the availability threat to national services must be viewed as particularly important, given the nature of the threat and its relation to national assets. One should thus expect particular attention to availability threats to national infrastructure. Nevertheless, it makes sense to acknowledge that all four types of security threats in the conventional taxonomy of computer security must be addressed in any national infrastructure protection methodology.

Vulnerabilities are more difficult to associate with any taxonomy. Obviously, national infrastructure must address well-known problems such as improperly configured equipment, poorly designed local area networks, unpatched system software, exploitable bugs in application code, and locally disgruntled employees. The problem is that the most fundamental vulnerability in national infrastructure involves the staggering complexity inherent in the underlying systems. This complexity is so pervasive that many times security incidents uncover aspects of computing functionality that were previously unknown to anyone, including sometimes the system designers. Furthermore, in certain cases, the optimal security solution involves simplifying and cleaning up poorly conceived infrastructure. This is bad news, because most large organizations are inept at simplifying much of anything.

The best one can do for a comprehensive view of the vulnerabilities associated with national infrastructure is to address their relative exploitation points. This can be done with an abstract national infrastructure cyber security model that includes three types of malicious adversaries: external adversary (hackers on the Internet), internal adversary (trusted insiders), and supplier adversary (vendors and partners). Using this model, three exploitation points emerge for national infrastructure: remote access (Internet and telework), system administration and normal usage (management and use of software, computers, and networks), and supply chain (procurement and outsourcing) (see Figure 1.3).

These three exploitation points and three types of adversaries can be associated with a variety of possible motivations for initiating either a full or test attack on national infrastructure.

Each of the three exploitation points might be utilized in a cyber attack on national infrastructure. For example, a supplier might use a poorly designed supply chain to insert Trojan horse code into a software component that controls some national asset, or a hacker on the Internet might take advantage of some unprotected Internet access point to break into a vulnerable service. Similarly, an insider might use trusted access for either system administration or normal system usage to create an attack. The potential also exists for an external adversary to gain valuable insider access through patient, measured means, such as gaining employment in an infrastructure-supporting organization and then becoming trusted through a long process of work performance. In each case, the possibility exists that a limited type of engagement might be performed as part of a planned test or exercise. This seems especially likely if the attack is country or terrorist sponsored, because it is consistent with past practice.

At each exploitation point, the vulnerability being used might be a well-known problem previously reported in an authoritative public advisory, or it could be a proprietary issue kept hidden by a local organization. It is entirely appropriate for a recognized authority to make a detailed public vulnerability advisory if the benefits of notifying the good guys outweigh the risks of alerting the bad guys. This cost–benefit result usually occurs when many organizations can directly benefit from the information and can thus take immediate action. When the reported vulnerability is unique and isolated, however, then reporting the details might be irresponsible, especially if the notification process does not enable a more timely fix. This is a key issue, because many government authorities continue to consider new rules for mandatory reporting. If the information being demanded is not properly protected, then the reporting process might result in more harm than good.

Botnet Threat

Perhaps the most insidious type of attack that exists today is the botnet. In short, a botnet involves remote control of a collection of compromised end-user machines, usually broadband-connected PCs. The controlled end-user machines, which are referred to as bots, are programmed to attack some target that is designated by the botnet controller. The attack is tough to stop because end-user machines are typically administered in an ineffective manner. Furthermore, once the attack begins, it occurs from sources potentially scattered across geographic, political, and service provider boundaries. Perhaps worse, bots are programmed to take commands from multiple controller systems, so any attempts to destroy a given controller result in the bots simply homing to another one.


Excerpted from Cyber Attacks by Edward G. Amoroso Copyright © 2011 by Elsevier Inc.. Excerpted by permission of Butterworth-Heinemann. All rights reserved. No part of this excerpt may be reproduced or reprinted without permission in writing from the publisher.
Excerpts are provided by Dial-A-Book Inc. solely for the personal use of visitors to this web site.

Meet the Author

Edward Amoroso is currently Senior Vice President and Chief Security Officer of AT&T, where he has worked in cyber security for the past twenty-five years. He has also held the adjunct professor position in the computer science department at the Stevens Institute of Technology for the past twenty years. Edward has written four previous books on computer security, and his writings and commentary have appeared in major national newspapers, television shows, and books. He holds a BS degree in physics from Dickinson College, and the MS/PhD degrees in computer science from Stevens Institute of Technology. He is also a graduate of the Columbia Business School.

Customer Reviews

Average Review:

Post to your social network


Most Helpful Customer Reviews

See all customer reviews