posted October 4, 2019
The following is a transcript of Part 1 of Addressing Threats to U.S. Borders and Cybersecurity, a webinar hosted by Columbia Southern University on Thursday, May 16, 2019. Stay tuned to The Link in the coming weeks for Parts 2 and 3.
Dr. Misti Kill: Good afternoon, and thank you for joining us today for our webinar on Addressing Threats to U.S. Borders and Cybersecurity. Today, we’re going to discuss two major topics with regard to our nation's critical infrastructure, both cybersecurity and border patrol. My name is Dr. Misti Kill, and I am the dean and assistant provost for the College of Safety and Emergency Services at Colombia Southern University.
CSU strives to be a leader in the safety field. And as such, we have programs that span several key industries, including information technology and cybersecurity, homeland security and criminal justice, occupational safety and health and environmental management, fire and EMS administration, and emergency services management. Joining me on this webinar today are key industry experts within two of these fields, Dr. Tamara Mouras and Dr. Sancho Manzano.
Dr. Mouras obtained her Ph.D. in public service leadership with specialization in criminal justice. Before her academic journey, Dr. Mouras served in the U.S. Navy as an operations specialist and master at arms aboard the USS Nimitz. Dr. Manzano earned his doctorate degree in information technology, specializing in information security. Dr. Manzano has held several positions within the security fields, from Department of Army defense contractor to Department of Defense civilian. He retired from active duty from the U.S. Army in 1993 as a first sergeant from the Army Security Agency and Military Intelligence.
Today our panelists will each discuss three major issues facing their areas of expertise. Dr. Manzano will start us off with an examination of the impact of the cyberattack on our port entry equipment, as well as discuss the importance of scanning equipment and the protection of data information. Dr. Mouras will then analyze our border patrol and highlight border issues with drug and human smuggling, as well as terrorist travel across U.S. borders.
Let's get started with Dr. Manzano.
Cyber Triad Protection
Dr. Sancho Manzano: Thank you, Dr. Kill, for the great introduction. Welcome to the homeland security, border patrol, cybersecurity portion of this webinar. I will go over three main areas of cybersecurity that affect homeland security and border patrol. The first is port-of-entry, the second is the scanning equipment, and the third is the forensics data.
For port-of-entry screening equipment, scanning equipment and devices, and forensics data information, I like to refer them as the “cyber triad protection” that oversees the cybersecurity protection for the Border Patrol.
There are many different types of equipment used by the Border Patrol from handheld devices to aircraft. Therefore, I will not go over the different types of devices, but rather, they all have one thing in common, and that is software applications that are used by all devices. The cyber triad protection can easily be attacked if not properly protected by the following means: physical security, network monitoring, need-to-know access, software patches, controlling equipment assets and required regulations.
Port-of-Entry Screening Equipment
Let us now take a look at the port-of-entry screening equipment. There are approximately 328 ports of entry within the United States. Each consist of screening equipment to identify potential threats that could enter the country.
Since the terrorist attacks of September 11, 2001, the Border Patrol mission also includes the detection, deterrence and/or apprehension of terrorists and terrorist weapons. The port of entry screening equipment consists of those assets that deal with the initial screening of human-based and non-human-based entities. Such screening equipment at the port of entry consist of photography equipment, as well as initial demographic screening equipment.
Each of these equipment are driven by some sort of application that collects the data, such as pictures of potential suspects, and other data, such as license plate number and vehicle types that are scanned by the screening equipment. Port-of-entry screening is the first line of defense in identifying cyber threats.
A secondary port of entry is located a distance away from the initial port of entry, and it serves as an alternate detection site. The equipment used in taking photos and/or scans are connected to the information technology infrastructure, which consists of computers, servers, routers, printers and other data-processing equipment that collects data and information captured from the screening equipment.
Denial of Service Attacks
The information technology infrastructure is susceptible to many different cyber threats. There are well over 100,000 known computer viruses; however, the most prominent threat that is still used today with success is the denial of service attacks or DOS.
The first use of denial of service attack was in 1974 by a 13-year-old named David Dennis, and today, it is still in use. This type of attack uses either flood attacks, which overwhelm the network with large amounts of data that the server cannot handle, thereby shutting down the system, or crash attacks in which the cyber criminals send bugs that exploit the flaws of the systems, which, when found, crash the systems. There are other types of attacks, and they are too numerous to mention here.
The privilege escalation, in basic terms, is one type of tactic that hackers use to gain unauthorized access in the network. Once a hacker is able to hack normal user privileges, they seek to hack higher privileges to gain control of higher access within the system.
These privileges are the security features that are embedded in most software programs and operating systems. The basic protection of these programs is to deny access to everyone. With additional access or privileges given to a user, the user will be able to modify or interact with the system, and/or different applications, or even manipulate code at different levels of security.
Users should only be granted privileges that are needed to complete their task as part of their job. No one user should have all privileges within the IT infrastructure.
Scanning Equipment and Devices
Scanning equipment, such as X-ray types of devices, photographic, handheld devices and drones, are vulnerable to attack. All of the scanning equipment must use some sort of software application to collect the necessary data that it was designed for, and it makes them vulnerable to software attack or physical attack on the devices.
A vulnerability-scanning application must be used constantly to determine if the equipment has any weakness in the application, either from intentional or non-intentional threats that cause a vulnerability in the system. Vulnerabilities can also be caused by not updating the software application and/or equipment. In other words, aging equipment is very susceptible to cyber threats as legacy software applications are no longer supported. These systems are still used because of cost replacement. Sometimes security is an afterthought because of budget constraints of an organization.
When an application has been found to have a vulnerability, the application must be immediately patched or software upgraded to deter or eliminate the vulnerability. So what is patch management? Patch management is an approach in managing upgrades or patches for information technology software applications to fix or repair existing problems with that software after the initial release of a system and the continual update of the system. These patches’ or updates’ processes begin with acquiring, testing and installing code changes on software tools and existing applications, thereby eliminating threats from the vulnerabilities.
Within any organization, there must be a policy stating how often vulnerability scanning is done on equipment and devices, including patch management, when, how often, and workarounds if patches did not take directly.
As with privilege escalation, asset control is as important as who has access to the scanning equipment and/or devices. Is there a control log of who is authorized to use the equipment, documented information of when the equipment was checked out by whom, and how long was the device used? When was the device last scanned for vulnerabilities, and when was it patched? These are all vital questions that need to be passed when it comes to privilege escalation or asset control.
Forensics Data Information
Right-to-know accessibility is very tricky. That's a right to know, meaning everyone has a right to know because of the Freedom of Information Act.
However, the need-to-know strictly restricts what information and/or data users are required to access. The need-to-know is usually followed by access categories, classified as confidential, secret or top secret access. As mentioned in privilege escalation, users should only be given access based on the need-to-know, especially when dealing with forensic data of known or even unknown individuals that could cause harm to United States.
Human error in such cases can be intentional or unintentional when assessing critical forensics data. Therefore, strict auditing of who, what, where, when and how the data is accessed ensures the protection of the data.
Intrusion Protection and Detection Systems
Since the forensics data are captured in information technology systems, this data is vulnerable to attacks. This can be prevented by using intrusion protection and/or intrusion detection systems, known as IPS or IDS systems, which must be in place to monitor and alert the users of impending attacks or penetration of the networks in which data has been or will be compromised.
The National Institute of Standards and Technology, commonly known as NIST, provides regulatory measures to enhance security, as well as economic protection of critical information technology infrastructures. The United States Customs and Border Protection Cybersecurity Strategy documentation, Future Years Homeland Security Program Fiscal Years 2018-2022 Executive Summary, as well as the National Protection and Programs Directorate, must be followed to the letter for the protection of the Department of Homeland Security cybersecurity infrastructure.
This ends this section of cybersecurity for homeland border patrol protection. At this time I want to introduce Dr. Tamara Mouras, who will continue on with border patrol.
Dr. Tamara Mouras: Thank you, Dr. Sancho Manzano, for all the information pertaining to cyberattacks and protection of forensic data. That was certainly a wealth of knowledge for our listeners today.
Stay tuned to The Link in the coming weeks for Parts 2 and 3 of the transcript of Addressing Threats to U.S. Borders and Cybersecurity.
CSU offers a bachelor’s degree in information technology and cybersecurity, as well as a bachelor’s in homeland security. CSU also offers an associate, bachelor’s and master’s degree in criminal justice.