Infrastructure web: Distributed monitoring and managing critical infrastructures Guofei Jiang, George Cybenko And Dennis McGrath * Institute for Security Technology Studies Thayer School of Engineering, Dartmouth College Hanover, NH 03755, USA ABSTRACT National-scale critical infrastructure protection depends on many processes: intelligence gathering, analysis, interdiction, detection, response and recovery, to name a few. These processes are typically carried out by different individuals, agencies and industry sectors. Many new threats to national infrastructure are arising from the complex couplings that exist between advanced information technologies (telecommunications and internet), physical components (utilities), human services (health, law enforcement, emergency management) and commerce (financial services, logistics). Those threats arise and evolve at a rate governed by human intelligence and innovation, on “internet time” so to speak. The processes for infrastructure protection must operate on the same time scale to be effective. To achieve this, a new approach to integrating, coordinating and managing infrastructure protection must be deployed. To this end, we have designed an underlying web-like architecture that will serve as a platform for the decentralized monitoring and management of national critical infrastructures. Keywords: Infrastructure protection, cyber security, architecture, monitoring and management, distributed system 1. INTRODUCTION Modern threats to critical national infrastructure are evolving at the same rate as the technology on which that infrastructure is based. This is a key axiom of the work described in this paper. To illustrate the point, consider the following chronology of events related to the recent Distributed Denial of Service (DDOS) 1. attacks launched against major e-commerce companies. Early summer of 1999 DDOS capabilities are demonstrated at a European “hacker festival.” Late summer of 1999 First DDOS attacks at the University of Minnesota are detected and documented. November 1999 A workshop on DDOS attacks and defense mechanisms is hosted by the Computer Emergency Response Team (CERT) 2. , Carnegie Mellon University. December 1999 Programs for detecting DDOS “zombies” are distributed. February 2000 DDOS attacks are launched against major internet sites. March 2000 The possibility of a DDOS-type attacks against the 911 system is identified. April 2000 DDOS-type attacks against the 911 system are suspected in Texas. * Authors’ email addresses: Jiang: gfj@dartmouth.edu ; Cybenko: gvc@dartmouth.edu ; McGrath: dennis.mcgrath@dartmouth.edu