Term
| What is critical infrastructure |
|
Definition
| Assets / Resources critical to the continued stability of ac ountry |
|
|
Term
| The European union deals with CI through which org |
|
Definition
| EPCIP - European Critical infrastructure protection |
|
|
Term
| The EPCIP proposed a list of what? |
|
Definition
| European critical infrastructures (ECI) |
|
|
Term
| What was each ECI designed to have? |
|
Definition
| An OSP - Operation security plan |
|
|
Term
| In the USA what protect CI |
|
Definition
| Critical infrastructure protection program |
|
|
Term
| In the UK who handles CI? |
|
Definition
| The centre for protection of national infrastructure |
|
|
Term
| Which department handles the comms? |
|
Definition
| Dept for business, innovation and skills |
|
|
Term
| Which dept controls the ambulance service? |
|
Definition
|
|
Term
| Which dept controls the fire dept? |
|
Definition
| Department for communities and local govt |
|
|
Term
| Which dept handles the maritime and coastguard agency |
|
Definition
|
|
Term
| Which dept handles the police |
|
Definition
|
|
Term
| Which dept handles energy |
|
Definition
| Dept for energy and climate change |
|
|
Term
| Which dept handles finance |
|
Definition
|
|
Term
|
Definition
| Department for environment, food and rural affairs and food standards agency |
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
| Department for environment, Food & Rural Affairs |
|
|
Term
| What are the 6 criteria for protection measures set out by the EPCIP |
|
Definition
| Affordable, Sustainable, Reliable, Proportionate, Interoperable and Take into account privacy concerns |
|
|
Term
| What are the three major threat sources? |
|
Definition
|
|
Term
| Give the 4 layers of Stuxnet attack |
|
Definition
Initially via removable media
Moves internlly via private network devices
Infects SCADA project files
Infect PLC Hardware |
|
|
Term
|
Definition
|
|
Term
| What does stuxnet target? |
|
Definition
| SCADA management software |
|
|
Term
| Stuxnet uses digitally signed what? |
|
Definition
| drivers for rootkit drivers |
|
|
Term
| What are the UKs listed CNI areas? (9) |
|
Definition
Communications
Emergency services
Energy
Finance
Food
Government
Health
Transport
Water |
|
|
Term
| List the three threats to CI as defined in the UK |
|
Definition
|
|
Term
| What are the requirements for EPCIP protection measures (6) |
|
Definition
Affordable;
Sustainable;
Reliable;
Proportionate;
interoperable;
Privacy concerns |
|
|
Term
| How does the “Stuxnet” worm operate? |
|
Definition
Initially via removable media
Moves internally via private network devices
Infects SCADA project files
Infect PLC hardware |
|
|
Term
| List 3 key features of Stuxnet |
|
Definition
Used 4 zero-day attacks against Windows
Digitally signed drivers (stolen) for rootkit drivers
Targeted specific SCADA management software |
|
|
Term
| How does the Code Red worm function? |
|
Definition
Uses buffer overflow on IIS
DOS on whitehouse
if current date is between 1st and 19th – generate IPS
if date = 20-28th, DOS whitehouse |
|
|
Term
| How did code red eventually fail? |
|
Definition
|
|
Term
| How did the NIMDA worm propagate? |
|
Definition
Directory traversal & code red backdoors
Email
Installed extra backdoors |
|
|
