Triangle InfoSeCon. Alternative Approaches for Secure Operations in Cyberspace

Transcription

1 Triangle InfoSeCon Alternative Approaches for Secure Operations in Cyberspace Lt General Bob Elder, USAF (Retired) Research Professor, George Mason University Strategic Advisor, Georgia Tech Research Institute 16 October

2 Overview Alternative Cyber Ops Perspectives The Enterprise Networks Challenge Attacker vs. Operator-User Perspectives Defense and Assurance Alternatives DHS Cyber Ecosystem Concept Cyber Workforce Leadership Development 2

3 My Perspectives DoD: STRATCOM and Air Force Cyber & EW Ops GMU: Cyber Ops and Joint Command & Control Integrate Cyberspace into Joint Operations GTRI: Cyber Technology & Information Security Lab Leverage systems engineering and signals technology to provide resilient command and control solutions for operations in contested & congested environments Focus Areas: Threat intelligence and analysis, device and hardware assessment, critical data protection, data analytics, high performance computing 3

4 Cyber Functional Decomposition Network Ops Network Security (Communications) Data Collection Knowledge Creation (Info Management) Legacy Enhancement Global Business Ops Admin & Logistics Business Assurance (Operations) Actions in & through Cyberspace 4

5 DoD Cyber Ops Decomposed 5 Integrated Joint Operations Title 50 (Intel) Title 10/22/50 ( Special Cyber Ops) Title 10 Joint Ops (COCOMs) Net Ops Intelligence Collection Network Exploitation Offensive Cyber Ops Active Cyber Defense PSYOPS/MISO Deterrence & Influence Ops Integrated Cmd & Ctrl Collaborative Planning Force Enhancement Knowledge Management Assure Mission Capabilities Protect Information Defend Networks Protect Network Systems Operate Networks Establish Networks

6 Power of Cyberspace Political Military Social ATTRIBUTES Time & Distance Virtual Presence Info = Commodity Anonymity Alter Egos Smart Agents Economic Information Infrastructure 6

7 Challenge: Cultural (R)evolution Cyberspace offers many alternatives: Can we break the cultural barrier? Hierarchical Culture Cyber Culture Future Hierarchy Level ---- Power ---- Connections Hierarchy Level ---- Value Contribution 7

8 Enterprise Networks Challenge Influence Attack Electromagnetic Spectrum Attack Wireless Networks Influence Protection Social Networks Cyber Use Cyber Attack Logical Networks Effects of Attacks: Denial of Service Confidential Data Loss Data Manipulation System Integrity Loss 8 Electronics (& Infrastructure) Force Protection Physical Networks Physical Attack (includes Directed Energy) Law Enforcement

9 Global Information Grid and DOD Networks US Government Cyberspace State & Local Gov t Cyberspace Not All Cyberspace is Equal 9 Other US Cyberspace (includes DIB) & Associated Cyber Infrastructure Cyberspace Typology Private/Open Commercial Regulated Commercial Government (.gov) Military (Admin) Military (Ops) Economic Security Public Safety WMD/E Defense/I&W

10 Attacker Focus Attacker vs. Operator-User Views ATTACKS TARGETS EFFECTS Insider Attacks; Social engineering Data and policy Corruption Code Manipulation Malware Worms, viruses Flooding Backdoor Implants Physical Destruction Intelligence & Attack Response 10 Source: 2008 AFSAB Study Network Security Human Organization Mission Layer App/Session Layer OS/Network Layer HW/Systems Layer Devices & Linkages Proactive Defense Disinformation Confusion C2 Disruption Alter Behaviors Inaccuracies Induced Failures Denial of Service Data Exfiltration Malfunctions Performance loss Lost Comms Info Transaction Controls Mission Assurance Operator Focus

11 Attacker Focus Network Security Alternatives ATTACKS TARGETS EFFECTS Insider Attacks; Social engineering Data and policy Corruption Code Manipulation Malware Worms, viruses Flooding Backdoor Implants Physical Destruction Intelligence & Attack Response 11 Source: 2008 AFSAB Study Network Security VM Sandboxes, User behavior Disinformation Human Organization monitoring Confusion Mission Layer C2 Disruption Transaction Controls Alter Behaviors App/Session Layer HW/Systems Layer Devices & Linkages Proactive Defense Inaccuracies Induced Failures Denial of Service Data Exfiltration Registry & O/S Monitoring OS/Network O/S Behavior Layer Monitoring, Clutter Filters, White-listing Malfunctions Performance loss Lost Comms System Redundancy & Diversity Resilient system architectures Info Transaction Controls Mission Assurance Operator Focus

12 Attacker Focus Proactive Defense Alternatives ATTACKS TARGETS EFFECTS Insider Attacks; Social engineering 2-person Controls Data and policy Corruption Code Manipulation Malware O/S Obfuscation Worms, viruses Flooding Backdoor Implants Hardware shifting Physical Destruction Intelligence & Attack Response 12 Process rotation Session Controls Device diversity Source: 2008 AFSAB Study Network Security Human Organization Mission Layer App/Session Layer OS/Network Layer HW/Systems Layer Devices & Linkages Proactive Defense Disinformation Confusion C2 Disruption Alter Behaviors Inaccuracies Induced Failures Denial of Service Data Exfiltration Malfunctions Performance loss Lost Comms Info Transaction Controls Mission Assurance Operator Focus

13 Attacker Focus Mission Assurance Alternatives ATTACKS TARGETS EFFECTS Insider Attacks; Social engineering Data and policy Corruption Code Manipulation Malware Worms, viruses Flooding Backdoor Implants Physical Destruction Intelligence & Attack Response 13 Source: 2008 AFSAB Study Network Security Redundant Sources Human Organization Lost Comm processes Mission Layer Redundant Apps App/Session Layer Switch filters PCAP Filters OS/Network Layer Compare HW/Systems systems Layer Comm Devices redundancy & Linkages Proactive Defense Disinformation Confusion C2 Disruption Alter Behaviors Inaccuracies Induced Failures Denial of Service Data Exfiltration Malfunctions Performance loss Lost Comms Mission Assurance Operator Focus

14 Cyber Ecosystem (DHS) Static Defense Prevent Moving Target Risk-based Data Mgmt Built-in Security Trusted Spaces Automated Courses Of Action Recover Automated Information Sharing Detect Monitor Behaviors 14 Automated Defensive Actions Respond Dynamic Defense

15 Cyber Ecosystem Workshop Key Observations Difficult to envision implications of protect failure Expect cyberspace to be degraded: Design basic processes to be effective with minimum bandwidth Balance network maintenance with survivability and recovery requirements (diversity and redundancy) Implementing rules to reduce noise on the network will make detection processes much more effective Resiliency approach: Integrate across networks user, information/logical, physical, and infrastructure Need to insert human decision-making the machine loop to provide human control at machine speeds Useful to have an approach to balance resource allocations across protect, detect, respond, recover 15

16 Operational Technology Lessons Baseline configuration and monitor for changes Install perimeter firewalls Protect against viruses and malware Employ both blacklists and whitelists Monitor control system networks for intrusions Use role-based access control; authenticate often Encrypt communications; maintain trust spaces Monitor servers (system logs, embedded agents) Monitor workstations (logs, embedded agents) Audit system logs; look for abnormal behaviors Conduct independent penetration testing 16

17 Key Defend/Assure Actors Users/Operators Processes Accountability Threat Analysts Intentions Resiliency Network Specialists Behaviors Controls & Audits Hardware Controls System Developers Eliminate Vulnerabilities Software Assurance Software Developers 17

18 Cyber Leader Development Understand Cyberspace Strategic Leader Exploit Cyberspace Understand the Business Operational Leader Supervise and integrate technical skills with mission (Mission Assurance) Technical Leader Areas such as Cyber Security, Info Assurance, Software Assurance, Network Mgmt, Communications, Knowledge Mgmt, Visualization 18

19 Conclusion Information security has advanced significantly, but evolving cyberspace challenges require new approaches Cyber Security more effective when cyber professionals act as security facilitators Multi-dimensional protection requires development of new tools and techniques Must develop cyber leaders to make most effective use of the cyber workforce 19

20 Contact Information Lt General (Ret) Robert Elder, D.Engr Strategic Advisor, GTRI Charles Steve Reeder Senior Research Scientist