|
Server : Apache/2.4.62 System : FreeBSD fbsdweb2.web.rcn.net 14.1-RELEASE FreeBSD 14.1-RELEASE releng/14.1-n267679-10e31f0946d8 GENERIC amd64 User : www ( 80) PHP Version : 8.3.8 Disable Function : NONE Directory : /domains/roger.dnai/2008book/ |
Upload File : |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html><!-- InstanceBegin template="/Templates/2008template.dwt" codeOutsideHTMLIsLocked="false" -->
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<!-- InstanceBeginEditable name="doctitle" -->
<title>CSDR 2008: Protecting Critical Infrastructures</title>
<!-- InstanceEndEditable -->
<link rel="stylesheet" href="/2002Book/emx_nav_right.css" type="text/css">
<link rel="stylesheet" href="/css/rome08.css" type="text/css" />
<style type="text/css">
<!--
.style5 {font-weight: bold;
color: #000000;
font-family: Arial, Helvetica, sans-serif;
font-size: large;
}
.style7 {font-size: 2px}
.style8 {font-family: Arial, Helvetica, sans-serif}
.style17 {
font-size: x-small;
font-weight: bold;
}
.style18 {font-size: x-small}
.style217 {font-family: Verdana, Arial, Helvetica, sans-serif}
.style219 {font-style: normal; font-weight: normal; font-family: Verdana, Arial, Helvetica, sans-serif; }
.style19 {font-size: 11px}
.style20 {
color: #006699;
font-size: large;
}
.style21 {font-size: small}
.style22 {font-family: Arial, Helvetica, sans-serif; font-size: small; }
-->
</style>
<style type="text/css">
<!--
.style23 {font-size: medium}
.style24 {font-size: large}
.style25 {
color: #006699;
font-weight: bold;
font-style: italic;
}
.style26 {
color: #006699;
font-size: medium;
font-weight: bold;
}
.style27 {
color: #006699;
font-size: medium;
}
.style293 {
font-size: large;
color: black;
}
-->
</style>
<!-- InstanceBeginEditable name="head" --><!-- InstanceEndEditable -->
</head>
<body>
<!-- Start of StatCounter Code -->
<script type="text/javascript">
var sc_project=3086157;
var sc_invisible=0;
var sc_partition=27;
var sc_security="33bf0688";
</script>
<script type="text/javascript" src="http://www.statcounter.com/counter/counter_xhtml.js"></script><noscript><div class="statcounter"><a class="statcounter" href="http://www.statcounter.com/"><img class="statcounter" src="http://c28.statcounter.com/3086157/0/33bf0688/0/" alt="free website hit counter" /></a></div></noscript>
<!-- End of StatCounter Code -->
<div class="skipLinks">skip to: <a href="#content">page content</a> | <a href="../book2007TEST/2002Book/pageNav">links on this page</a> | <a href="#globalNav">site navigation</a> | <a href="#siteInfo">footer (site information)</a> </div>
<div id="masthead">
<div id="globalNav" style="margin-top:15px;"> <div id="globalLink">
<a href="/index.html" id="gl1" class="glink"><span class="style18"><span class="style19">Home</span></span></a><a href="/index.html#about" class="glink"><span class="style18"><span class="style19">Contact Us</span></span></a><a href="/2008book/joulwan.html" id="gl2" class="glink"><span class="style18"><span class="style19">Rome '08</span></span></a><a href="/2007book/joulwan07" id="gl2" class="glink"><span class="style18"><span class="style19">Paris '07</span></span></a><a href="/2006book/jung.htm" id="gl2" class="glink"><span class="style18"><span class="style19">Berlin '06</span></span></a><a href="/2005book/alliotmarie.htm" id="gl2" class="glink"><span class="style18"><span class="style19">Paris '05</span></span></a><a href="/2004book/PeterStruckKeynote.htm" id="gl3" class="glink"><span class="style18"><span class="style19">Berlin '04</span></span></a><a href="/moscow03/weissingerbaylon.htm" id="gl4" class="glink"><span class="style18"><span class="style19">Moscow '03</span></span></a><a href="/berlin02/scharping.htm" id="gl5" class="glink"><span class="style18"><span class="style19">Berlin '02</span></span></a><a href="/2001Book/workshop2001.htm" id="gl6" class="glink"><span class="style18"><span class="style19">Helsinger '01</span></span></a><a href="/2000Book/workshop2000.htm" id="gl6" class="glink"><span class="style18"><span class="style19">Berlin '00</span></span></a><a href="/99Book/workshop1999.htm" id="gl6" class="glink"><span class="style18"><span class="style19">Budapest '99</span></span></a><a href="/98Book/workshop98.htm" id="gl6" class="glink"><span class="style18"><span class="style19">Vienna '98</span></span></a><a href="/97Book/workshop97.htm" id="gl6" class="glink"><span class="style18"><span class="style19">Prague '97</span></span></a><a href="/96Book/Workshop96.htm" id="gl7" class="glink"><span class="style18"><span class="style19">Warsaw '96</span></span></a>
<a href="/95Book/95Workshop.htm" id="gl8" class="glink"><span class="style18"><span class="style19">Dresden '95</span></span></a></div>
</div>
</div>
<div id="pagecell1" style="top:65px;">
<div id="breadCrumb" style="text-align:center;">
<img src="/images/header.gif" alt="Center for Strageic Decision Research: Celebrating over 25 years of international dialogue. International workshop on global security." width="618" height="99" style="padding:20px 10px;" />
</div>
<div id="pageNav">
<div id="sectionLinks">
<p align="center" class="style17">Table of Contents<br>
25th International Workshop - Rome '08</p>
<p align="center" class="style17">
<a href="/2008book/weissinger-preface.html">Preface- Dr. Roger<br>Weissinger-Baylon<br>Workshop Chairman<br></a>
<a href="/2008book/weissinger-overview.html">Workshop Chairman's Overview - Dr. Roger Weissinger-Baylon</a>
<a href="/2008book/joulwan.html">Opening Dinner Debate - <br>General George Joulwan<br>Former SACEUR</a>
<p>
<p align="center" class="style17">Part One<p>
<p align="center" class="style17">
<a href="/2008book/la-russa.html">Italian Defense Minister<br />
Ignazio La Russa
</a>
<a href="/2008book/browne.html">British Defense Minister<br />
The Rt Hon Des Browne
</a>
<a href="/2008book/gonul.html">Turkish Defense Minister<br />
Vecdi G�n�l
</a>
<a href="/2008book/di-paola.html">NATO Military Committee Chairman<br />
Admiral Giampaolo Di Paola
</a>
<a href="/2008book/zappata.html">Admiral Luciano Zappata<br />
Dep Supreme Allied
Commander Transformation
</a>
<a href="/2008book/camporini.html">Italian Chief of Defense<br />
General Vincenzo Camporini
</a>
<a href="/2008book/zappa.html">Alenia Aeronautica Chairman<br />
Dr. Giorgio Zappa
</a>
<br>Part Two<br>
<p align="center" class="style17">
<a href="/2008book/baramidze.html">Georgian Vice Prime Minister<br />
Giorgi Baramidze
</a>
<a href="/2008book/chizhov.html">Russian Amb to EU<br />
Vladimir Chizhov
</a>
<br>Part Three<br>
<p align="center" class="style17">
<a href="/2008book/eldon.html">British Amb to NATO<br />
Stewart Eldon
</a>
<a href="/2008book/akram.html">Pakistan's Amb to U.N.<br />
Munir Akram
</a>
<a href="/2008book/de-la-sabliere.html">French Amb to Italy<br />
Jean-Marc de la Sabli�re
</a>
<a href="/2008book/tkeshelashvili.html">Georgian Foreign Minister<br />
Eka Tkeshelashvili
</a>
<a href="/2008book/stefanini.html">Italian Amb to NATO<br />
Stefano Stefanini
</a>
<a href="/2008book/buzhinsky.html">Lt Gen Evgeniy Buzhinsky<br />
Russian Min of Defense
</a>
<a href="/2008book/winid.html">Polish Amb to NATO<br />
Boguslaw Winid
</a>
<br>Part Four<br>
<p align="center" class="style17">
<a href="/2008book/tegnelia.html">DTRA Director<br />
Dr. James Tegnelia
</a>
<a href="/2008book/rood.html">U.S. Under Sec of State<br />
John Rood
</a>
<a href="/2008book/joseph.html">Former Under Sec of State<br />
Amb Robert Joseph</a>
<a href="/2008book/berdennikov.html">Russian Amb-at-large<br />
Grigory V. Berdennikov
</a>
<a href="/2008book/benkert.html">U.S. Asst Sec of Defense<br />
Joseph Benkert
</a>
<a href="/2008book/flory.html">NATO Asst Sec Gen<br />
Peter Flory
</a>
<a href="/2008book/sedivy.html">NATO Asst Sec Gen<br />
Jiri Sedivy
</a>
<a href="/2008book/pfirter.html">OPCW Dir Gen<br />
Amb Rogelio Pfirter
</a>
<br>Part Five<br>
<p align="center" class="style17">
<a href="/2008book/lather.html">SHAPE Chief of Staff<br />
General Karl-Heinz Lather
</a>
<a href="/2008book/fitzgerald.html">Admiral Mark. P. Fitzgerald
<br />
Allied Joint Force Command Naples
</a>
<a href="/2008book/ildem.html">Turkish Amb to NATO<br />
Tacan Ildem
</a>
<a href="/2008book/schuwirth.html">Fmr SHAPE Chief of Staff<br />
General Rainer Schuwirth
</a>
<a href="/2008book/acosta.html">Global Impact CEO<br />
Ms. Renee Acosta
</a>
<a href="/2008book/soligan.html">Lt Gen James Soligan<br />
Allied Command-Transformation
</a>
<a href="/2008book/bagnall.html">Former UK Vice Chief of Defense Staff<br />
ACM Sir Anthony Bagnall
</a>
<br>Part Six
<p align="center" class="style17">
<a href="/2008book/volkman.html">U.S. Dir of Internat. Coop.<br />
Alfred Volkman
</a>
<a href="/2008book/tozzi.html">Major General Claudio Tozzi<br />
Italian Defense Ministry
</a>
<a href="/2008book/homberg.html">EADS Senior Vice Pres<br />
Thomas Homberg
</a>
<a href="/2008book/shephard.html">Northrop Grumman VP<br />
Mr. Timothy Shephard
</a>
<a href="/2008book/buckley.html">Thales Senior VP<br />
Dr. Edgar Buckley
</a>
<a href="/2008book/harris.html">Lockheed Martin Global Pres.<br />
Dr. Scott A. Harris
</a>
<a href="/2008book/schneider.html">AFCEA CEO<br />
Kent Schneider
</a>
<a href="/2008book/patterson.html">Mr. David Patterson<br />
Univ of Tennessee
</a>
<p align="center" class="style17">Part Seven
<p align="center" class="style17" style="margin-bottom: 0;">
<a href="/2008book/grimes.html">U.S. Asst Sec of Def<br />
Hon. John G. Grimes
</a>
<a href="/2008book/lentz.html">U.S. Dep Asst Sec of Def<br />
Robert Lentz
</a>
<a href="/2008book/aaviksoo.html">Estonian Defense Minister<br />
Jaak Aaviksoo
</a>
<a href="/2008book/bloechl.html">Microsoft, Managing Dir.<br />
Tim Bloechl
</a>
<a href="/2008book/wolf.html">Lt Gen Ulrich Wolf<br />
NATO CIS Service Agency Dir
</a>
<a href="/2008book/monteforte.html">Italian Milrep to NATO<br />
Vice Adm Ferdinando Sanfelice di Monteforte
</a>
<a href="/2008book/lintonen.html">Finnish Amb to UN<br />
Kirsti Lintonen
</a>
<a href="/2008book/silvestri.html">Dr. Stefano Silvestri<br />
Istituto Affari Internazionali
</a>
<a href="/2008book/yousfi.html">Algerian Amb to UN<br />
Youcef Yousfi
</a>
<a href="/2008book/karem.html">Egyptian Amb to EU<br />
Mahmoud Karem
</a>
<a href="/2008book/tarasyuk.html">Former Ukrainian Foreign Minister<br />
Borys Tarasyuk
</a>
</div>
</div>
<div id="content">
<div class="story">
<h2 class="workshop_year">Rome '08 Workshop</h2>
<!-- InstanceBeginEditable name="Main Content" -->
<h1>
Protecting Critical Infrastructures </h1>
<h2 style="margin-bottom: 0;">
Mr. Tim Bloechl</h2>
<h2 style="margin-top: 0; margin-bottom: 0;">Microsoft Managing Director </h2>
<h2 style="margin-top: 0;"><img src="images/bloechl.jpg" alt="Mr. Tim Bloechl" width="114" height="139"></h2>
<p style="margin-bottom: 0;"> </p>
<p style="margin-top: 0;">
Every time we get cash from an ATM, scan a bar code at the store, make
a phone call, file an insurance claim, or use a search engine on the Internet,
we are using part of the critical infrastructure. The critical infrastructure
supports us at work, at play, in business, and, of course, across almost
all aspects of military operations. </p>
<h2>DEFINING CRITICAL INFRASTRUCTURE </h2>
<p>
In general terms, we define critical infrastructure as the facilities,
services, and installations required by our societies to operate. It includes
transportation, water, power, food delivery, banking and finance, hospitals,
civil defense, police and fire support, telecommunications, and, of particular
importance to this audience, national security networks. Critical infrastructure
relating to information technology (IT) includes the global information
and telecommunications network comprised of such entities as the Internet,
satellite communications, television, telephones, and shared databases.
These IT elements permeate all other aspects of the critical infrastructure. </p>
<p>
When one considers just the networks we operate to control military operations—the
interrelationship of these networks with commercial infrastructure to transport
forces, logistics, and information—and the necessity to communicate across
coalitions or with NGOs or other non-military actors, it is self-evident
that military operational networks in peace and war are also a very important
part of this critical infrastructure. </p>
<h2>THE CURRENT AND FUTURE STATE OF
THE MILITARY INFRASTRUCTURE </h2>
<p>
We are certainly living through the evolution of the Information Age, and
I for one believe we are closer to the beginning of it than to the end.
The ability of military forces to see the battlefield with UAVs, satellites,
and other means of detection; the ability to maintain a common, digital
operating picture of friendly, threat, and other forces and actors based
on an ever-expanding base of information that we must turn into knowledge;
and the ability to move information and orders around the battlefield from
the strategic level to the tip of the spear, including live video teleconference
communications and soldier-level operating pictures and alerts—all of these
capabilities and others have a significant impact on the speed within which
decisions are made, targets are engaged, and maneuvers are executed. Also,
as others have mentioned, modern telecommunications in the hands of the
press and the general public have certainly had an impact on our operations
as well. </p>
<p>
Change will continue to be rapid as industry and military R&D efforts search
for even greater capabilities. Near-term technologies allow touch or voice
manipulation and searches of massive amounts of data and imagery on commercially
available and inexpensive horizontal and vertical displays. Pilots will
learn basic flying skills or plan and “fly through” flight missions using
computer-generated cockpits within virtual worlds displaying real terrain
and weather on laptops or desktop computers at minimal cost. This same
capability may soon be in the hands of platoon and squad leaders on the
ground, armed with the latest imagery from military and commercial sources
and augmented with 3D, 360-degree views of target areas and routes. Mission
planning, war gaming, and after-action reviews of mission execution captured
with computers simplifies our ability to evaluate the effectiveness of
courses of action and significantly decreases the time it takes to do so.
Additionally, as computer and Internet search capabilities continue to
improve, and data storage and bandwidth become less of an issue for supporting
military operations, planners, warfighters, and staffs will reap even greater
opportunities to improve mission execution. </p>
<p>
While information technology and its impact on military operations evolve,
some believe that if our networks and, to a greater extent, other segments
of our critical infrastructure are left unprotected, IT will become our
Achilles heel. As was mentioned by several of the speakers at this workshop,
the loss or degradation of such infrastructure would have a serious impact
on local, regional, or even global economies and societies, and certainly
huge implications for national security. </p>
<h2>WHY THE CRITICAL INFRASTRUCTURE IS VULNERABLE</h2>
<p>
The critical infrastructure has always been vulnerable to some extent.
Water supplies, transportation networks, and power plants have never been
completely free of the threat of a physical attack. Today, because of the
increasing ubiquity of IT and the global reach of the Internet, that vulnerability
has been extended. Now we must also guard against thieves, vandals, hackers,
terrorists, and, in cases involving military and intelligence operations,
computer network attack or computer network exploitation, in network-centric
warfare terms. Given the nature of incidents and manipulation against computers
today, it is very difficult to be certain of the source of these attacks
and infiltrations, because they appear to come from anywhere around the
globe; the identities of those involved are difficult, if not impossible,
to establish; and the full extent of damage may be hard to determine. </p>
<p>
Furthermore, and perhaps even more alarming, would be efforts to quietly
infiltrate infrastructure-related computer networks and, when the time
is right, to execute attacks to disrupt or render inoperative elements
of the infrastructure. This type of attack would certainly be a consideration
for military operations; it is the source of much discussion in terms of
the law of land warfare, doctrine, and war planning. If such attacks are
carried out by terrorist organizations that do not identify themselves
as the source of the attack and do not ascribe to the Geneva Convention
and other forms of international order, how would we respond? Would such
asymmetric attacks constitute a violation of national sovereignty? Would
the circumstances of the attack present a casus belli? And who would we
counterattack if it did? And what ROE would we employ as part of such operations? </p>
<p>
Protecting the IT critical infrastructure has been an evolving process.
Only a decade or so ago, applications, servers, and systems were not built
with security, interconnectivity, resilience from attack, and reliability
integral to their code. As the IT infrastructure matured, the need for
these considerations became more obvious. Provisions for those features
were “laid on top” of existing technology, sometimes with mixed results.
Today security, privacy, and reliability are not merely optional features
added to software—they must be engineered into these products. </p>
<h2>CHALLENGES OF PROTECTING THE CRITICAL INFRASTRUCTURE</h2>
<p>
The overriding purpose of protecting the critical infrastructure is to
assure the delivery of critical services to citizens and to allow government,
and indeed our military forces, to function and fulfill obligations to
the citizenry. However, some basic characteristics of our critical infrastructure
present a challenge: </p>
<UL>
<LI>
Society is more reliant on the critical infrastructure than ever before. </LI>
<LI>
The sectors that make up the critical infrastructure are increasingly interdependent.
In particular, all of them are increasingly dependent on IT. </LI>
<LI>
The sectors are increasingly connected to untrusted and unregulated environments
such as the Internet. </LI>
<LI>
Our ability to protect the critical infrastructure has not kept pace with
the pace at which new threats have arisen. </LI>
</UL>
<h2>A SHARED RESPONSIBILITY </h2>
<p>
Securing this critical infrastructure requires efforts on many fronts.
No single group has the scope in terms of mandate or composition to address
the entire problem, so partnership is a means, if not a necessity, to pool
the best resources for the benefit of all and to share the solutions. </p>
<p>
Even consumers, including most of us at this workshop, who have only their
personal computers to protect, share some responsibility for the critical
infrastructure. Not only do we have an interest in protecting the information
on our own computers, but we must also guard against our computers being
compromised and used to launch attacks on others. </p>
<p>
Let me now identify the general roles and shared responsibilities I think
we must observe: </p>
<p>
<B>Governments should: </B> </p>
<UL>
<LI>
Create an environment in which market-based incentives encourage the private
sector to create secure products and services. </LI>
<LI>
Help create guidance and best practices for government, the private sector,
and consumers. </LI>
<LI>
Be a role model by securing government systems and encouraging the procurement
of products engineered for trustworthiness.
</LI>
</UL>
<p>
<B>As part of government, military and national security organizations need
to:</B> </p>
<UL>
<LI>
Establish agile certification standards for software and other IT products
destined for sensitive networks. In this regard our view is that the Common
Criteria standard is in great need of revision, and we welcome the opportunity
to work with government to evolve this process. </LI>
<LI>
The military should also establish and publish software assessment or evaluation
procedures that lead to the adoption of the appropriate level of risk when
making IT decisions. This will ensure that our military forces enjoy the
best possible benefits from IT advances while protecting the networks these
forces depend on from attack and exploitation. </LI>
<LI>
Government also needs to help change current procurement procedures that
stand in the way of spiral development and the rapid insertion of new technologies.
I point out here that procurement bureaucracies are not a problem for some
of the most dangerous terrorist organizations we face today. </LI>
<LI>
I wonder what the role is for military and security services across other
government and commercial critical infrastructures should they, and not
the military networks, be attacked. This question could, by itself, be
the discussion point for another panel, perhaps next year. Indeed, when
one looks at the current state of these defenses, they are largely based
on individual networks and not a combination of the whole. I wonder if
we must move to the next step with defenses that are cross-functional,
cross-industry, and perhaps regional or international. Without such an
approach I worry that a local event against a particularly vulnerable node
of the critical infrastructure could quickly become a national or international
man-made disaster. </LI>
</UL>
<p>
<B>The private sector needs to:</B> </p>
<UL>
<LI>
Take seriously the responsibility to build secure products and services. </LI>
<LI>
Build trustworthy products and services as a means to a competitive advantage. </LI>
<LI>
Provide tools and guidance to help customers deploy and use their products.<B> </B></LI>
</UL>
<p>
I also think that all sides must focus on developing interoperable systems
that allow us to reduce stovepipes and reduce the complexity of these systems,
thereby leading to a higher probability that we will be able to defend
them successfully. </p>
<h2>CONCLUDING REMARKS </h2>
<p>
I believe that we have some tremendous IT capabilities at work on the battlefield,
within our logistics systems, and throughout the many other functional
processes that form the basis of our military critical infrastructure.
I am excited about the possibilities this and future technology advances
offer us. At the same time, security must be considered throughout the
development, testing, and deployment of these capabilities, so I would
like to reinforce the comments of my colleagues on the panel today—cyber
defense has become a critical warfighting mission. We must ensure the continuous
operation of our military networks through a concerted military, government,
and industry partnership and the development of resilient and agile defenses. </p>
<p>
*Source utilized: Jerry Cochran, Microsoft Senior Security Strategist </p>
<!-- InstanceEndEditable --></div>
</div>
<div class="style8" id="siteInfo"> <a href="#">Top of page </a> | <a href="../index.html">Home</a> | ©2009
Center for Strategic Decision Research</div>
</div>
<br>
</body>
<!-- InstanceEnd --></html>