Chicago, IL. United States of America
December 31, 2009
Cassandra Security has released part two in a series of white papers dedicated to critical infrastructure and key resources. This paper addresses historic threats and exploitation, challenges in securing and maintaining security of these environments, economic and political impact associated with a lack of potable water and much more. We hope you find this paper as enlightening and thought provoking as found the topic while researching and analyzing this aspect of CI. Look for part III in the series soon!
Seeing Tomorrow Today,
Cassandra Security
Critical Infrastructure Part II Drinking Water and Waste Management Treatment Systems 123109 – Final
Critical Infrastructure Part I Trains and Transit Systems Revised Edition 120509 ready for download!!!
Critical Infrastructure Part I Trains and Transit Systems Revised Edition 120509
We at Cassandra Security are pleased to release a new, and revised version of the first installment of a seventeen part series of papers dedicated to critical infrastructure and key resources. Look for Critical Infrastructure Part II: Drinking Water and Water Treatment to be released in the very near future in addition to other publications from Cassandra Security.
Seeing Tomorrow Today,
Cassandra Security
Today’s blog entry was inspired by something my friend and colleague, John Pirc shared with me over the weekend. It was interesting from both a timing and content perspective as we had (the previous Friday – November 21, 2009), released the first of a series of seventeen white-papers focusing on the seventeen domains identified as being “critical” to the United States by the FBI, DHS and Intelligence communities. That first paper titled Critical Infrastructure Part 1: Trains and Transit Systems is both germane to this blog entry and to our collective concern with respect to critical infrastructure – regardless of where it might be, the world over. The white paper dealt with the potential hazards facing Trains and Transit systems – physical and logical, because of attack or tampering. For those of you who downloaded and read it, you know that we discussed in detail several examples and scenarios (some fictitious others all too factual), carefully articulating the means by which these aspects of critical infrastructure can and are being exploited in addition to how to defend them. Our mission and reasoning for writing them is and remains simple and pure: educate those who would otherwise remain blind, lost, uninformed or misled while providing salient detail with respects to the potential for and realities associated with exploitation of these environments, and how to best prevent them. Ultimately, our desire in doing is to prevent – via education and awareness tragedies if possible. Sadly, this is not always possible however, it is a part of the mission; the goal we have set for ourselves. Much of our writing – individual or collective, deals with malicious code and content, threat vectors, reverse engineering, advanced persistent threats amongst other things however an equally vast amount deals with those third parties driven by agenda to either profit from that which we study in labs or in the sale and execution of these tools to achieve an end. These third parties may include traditional criminal entities and organizations, cyber-criminal entities and organizations, state sponsored cyber-warfare initiatives, and sub-nationally sponsored cyber-warfare initiatives (aka cyber-terrorism).
Terrorism can be defined as the systematic use of terror to achieve a goal. As there is no universally accepted definition for terrorism, I will use this as a base from which to build and expand; as I believe that, most conventional approaches eventually unite. Often these systematic approaches involve coercion in addition to violence, psychological impact (which can both manifest and affect the targets differently even when the victims share the same root experience for terror) and fear, politicism, the deliberate targeting of non-combatants, and unlawfulness. I realize that is a rather generic definition however if you would like more information I suggest looking here, here or here at Dr. Dorothy Dennings collective works.
Terrorism is a major concern the world over and Russia is not unique in this case. Since 1991 and the collapse of the Soviet Union, Russia has incurred terrorist activity as it clashed with Chechen rebels in two wars. As a result, Islamist separatists continue to target non-combatants in order to push forward their agenda. On Friday November 28, 2009, an act of terror took place within Russia’s borders. 249 miles Northwest of Moscow, in an area noted for its beauty and remoteness, a high explosive device derailed a high-speed train (favored by Russian executives and government officials) traveling between Moscow and St.Petersburg. The attack left 26 dead with another 100 injured. The explosion derailed the last three cars of the 14-car high-speed train that carried 652 passengers and approximately 30 crewmembers according Russian authorities. Russian authorities have concluded that this was a terrorist act similar to those carried out on the same line in 2007.
In 2007, the Nevsky Express was derailed causing no deaths. The derailment was attributed to two men with ties to Chechen terrorist organizations. Reports are surging throughout Russia claiming that the party responsible for the attack on the 27th is the same who is responsible for an almost identical attack on the same track, which took place in 2007 injuring dozens as the train passed over the explosive device. Though two suspects were detained a third suspect, Pavel Kosolapov, a former military officer believed to have links to Chechen separatists, remains a fugitive. Russian officials released a composite sketch on Monday November 30, 2009 of a man thought to have been involved in the bombing. Russian railroad officials have suggested that this attack had all the hallmarks of attacks used by insurgents from the volatile North Caucasus. The explosive device in question was comprised of approximately 15 points of TNT (Trinitrotoluene). The blast left a five-foot (1.5 meter) crater near the Nevsky Express train No.166. Rescue crews worked throughout the night in order to move victims from the debris. A second, smaller blast came Saturday afternoon from a second a-bomb that authorities believe malfunctioned. No one was injured in the second blast however it delayed rescue and repair work for several hours. When quoted with respect to this event, Russian President Dmitry Medvedev stated that the effect of the event had every at their wits end or as he put “”Everyone’s nerves are at the limit,”. It is not hard to understand why he, law enforcement and the people of Russia feel that way. According to Russian sources, this was the worst attack that they suffered since 2005.
What struck me about this event was the timeliness in proximity to the paper we released but also the fact that it affected the same train line within a two-year period. This last fact troubled me greatly in that though no one was killed or injured in the 2007 attack, the line was clearly considered unworthy of additional monitoring; perhaps even deemed an unlikely target for re-attack by Russian intelligence and law enforcement. This same type of thinking was applied in 1993 after the initial bombings of the World Trade Center in New York City. The buildings were not considered a likely target of attack again, at least via the same means. Terrorists rely on the unconventional becoming the conventional; it aids them in their ability to maintain surprise accomplish their mission of using fear and terror to reap either a physical or psychological reward. Therefore, what can we learn from this recent tragedy in Russia? What can we do to avoid the similar threats here in the United States and around the world with respect to trains and transit systems? We discussed mechanisms for mitigating the risks associated with these critical infrastructure assets in our paper releases on November 21. However, my challenge to you (and to myself), in the wake of this tragedy is that we ask ourselves what we can do to ensure events such as this are not ignored? We need to ensure that they are brought to the attention of policy and legislation makers, defused before the they occur via collaboration with local, state and federal law enforcement or that the opportunities for exploitation leading to such an attack lessened greatly by virtue of great vigilance.
