Cyber Impact Assessment for Space Mission Assurance

Size: px

Start display at page:

Download "Cyber Impact Assessment for Space Mission Assurance"

Cori Briggs
8 years ago
Views:

Cyber Impact Assessment for Space Mission Assurance Presented by: Douglas Wiemer d.

1 Cyber Impact Assessment for Space Mission Assurance Presented by: Douglas Wiemer Mission and system taxonomy contribution: Cédric Seynat 18 June

2 Topics Cyber domain as a Global Commons Interdependency of domains Threat, vulnerability and risk distinctions Cyber threats to space missions Cyber vulnerabilities of space missions Challenges of mission impact assessment Mission impact assessment research Mission impact assessment automation 2 2

vulnerabilities of space missions Challenges of mission impact assessment

3 Cyber as a Global Commons Global Commons Global community resource Policy and legal challenges confront national and organizational boundaries Recognized need to ensure the safety, security, access and longevity of use Traditionally oceans, air and space Cyber space domain Fraught with technological, policy and legal challenges that defy national and organizational boundaries or borders 3 3

access and longevity of use Traditionally oceans, air and space Cyber space domain Fraught with

4 Interdependency of domains Space and cyber domains are strongly interdependent Space is critical for Cyber domain global telecom connectivity Cyber domain is critical for Space systems development Space mission operation Space mission information collection, processing, and dissemination 4 4

connectivity Cyber domain is critical for Space systems development

5 Threat, Vulnerability and Risk Threat: A potential violation of security. Threat source: The intent and method targeted at the intentional exploitation of a vulnerability or a situation and method that may accidentally trigger a vulnerability. Intent = motivation, Method = capability Vulnerability: Weakness in an information system, cryptographic system, or components that could be exploited to violate system security policy and result in a security breach. Source: CCSDS G-1, Information Security Glossary of Terms, Green Book, November Copyright 2013, ADGA-RHEA Group of Companies, All rights reserved Copyright 2013, ADGA RHEA Group of Companies, All rights reserved 25

Intent = motivation, Method = capability Vulnerability: Weakness in an information system, cryptographic system, or components that could be exploited to violate system

6 Threat, Vulnerability and Risk Risk: Possibility that a particular threat will adversely impact an information system by exploiting a particular vulnerability. Source: CCSDS G-1, Information Security Glossary of Terms, Green Book, November Generally, risk is due to the presence of both a threat source and a vulnerability. Without one or the other, there is no risk. Cyber risk assessment Assessment of likelihood and impact of confidentiality, integrity, availability and accountability compromise. 6 6

8-G-1, Information Security Glossary of Terms, Green Book, November 2012.

7 Cyber threats to space missions Shift in threat motivation (intent) Socio-political, ideological, financial Shift in threat target Intellectual property, proprietary information Technological and scientific capabilities Disruption of operations Supply chain compromise All have potential applicability to space missions Shift in threat capability (methods) Sophistication is rapidly increasing (e.g., Stuxnet) Advanced persistent threats are real and pervasive Specific intent to remain undetected for long periods of time 7 7

compromise All have potential applicability to space missions Shift in threat capability (methods) Sophistication is rapidly

8 Cyber vulnerabilities of space missions Potential areas of critical vulnerability command and control systems Loss of contact or control Interception, hijacking or jamming of downlinks Data compromise or denial of service Information storage and dissemination systems Data compromise or corruption Denial of service 8 8

Interception, hijacking or jamming of downlinks Data compromise or denial of

9 Importance of secure coding Software Assurance: Level of confidence that software is free from intentional or accidental vulnerabilities and that the software functions in the intended manner Tightly coupled to Software Quality Assurance Involves software development processes E.g., requirements definition, software design, coding, source code control, code reviews, etc. Involves advanced software testing and tools E.g., Static and dynamic code analysis, negative function testing, etc. Focus is specific to security vulnerabilities E.g., issues that may directly affect security functions or lead to security vulnerabilities 9 9

Involves advanced software testing and tools E.g., Static and dynamic code analysis, negative function testing, etc.

10 Importance of VA and PenTesting Used to determine presence of vulnerabilities Vulnerability Assessment: Process that identifies, quantizes, and prioritizes the vulnerabilities associated with a system Supported by automated tools Can only test for known vulnerabilities Penetration Testing: Testing a system s vulnerabilities by having a simulated attacker attempt to compromise the system Attackers are free to try to break into the system Advanced methods may attempt to find unknown vulnerabilities 10 10

for known vulnerabilities Penetration Testing: Testing a system s vulnerabilities by having a simulated attacker attempt to

Importance of Continuous Monitoring Periodic re-testing in conjunction with automated test tools VA and PenTesting provides a snapshot in time result New vulnerabilities are continually

11 Importance of Continuous Monitoring Periodic re-testing in conjunction with automated test tools VA and PenTesting provides a snapshot in time result New vulnerabilities are continually arising New software packages / patches to old software can (re)introduce vulnerabilities New devices can add new targets to an environment Continuous Monitoring is essential to ongoing security 11 11

New software packages / patches to old software can (re)introduce vulnerabilities New devices

12 Challenge of mission impact assessment Prioritization of cyber response is critical Not enough resources to do everything Based on potential impact of compromise Tied to system criticality Challenges Operational estimate of system criticality Differentiation of system criticality Characterization of dependency trees Mission mission; mission system; system system Lack of automation tools 12 12

Challenges Operational estimate of system criticality Differentiation of system criticality

13 Mission impact assessment concepts Depends on Asset models Impact models Asset models require Mission and system taxonomy Tasks, processes, objectives, services, systems Dependency tree Impact models require Use cases generalized and specific Operator feedback on impact values Understand evolving nature of impact assessment Tradeoff performance vs. execution Tradeoff complexity vs. abstraction 13 13

models require Use cases generalized and specific Operator feedback on impact values Understand

14 Mission impact assessment concepts Space Mission Taxonomy Multi-level categorization schema Mission types and phases Missions (e.g., earth observation, positioning and navigation, etc.) Service Categories (e.g., applications, sensors, etc.) Services (e.g., land monitoring, marine monitoring, emergency management, etc.) Space System Taxonomy elaborated according to CCSDS M-1 Reference Architecture for space data systems Leverage the enterprise, connectivity, functional, information and communications Views 14 14

) Space System Taxonomy elaborated according to CCSDS 311.

Mission impact assessment concepts Sample from mission taxonomy Ref Level 1 Level 2 Level 3 Level 4 Definition / comment MIS.1 Mission Type MIS.1.1 Earth Observation MIS.1.1.1 Application type MIS.1.1.1.1 Land monitoring Example: crop monitoring, urban mapping MIS.

15 Mission impact assessment concepts Sample from mission taxonomy Ref Level 1 Level 2 Level 3 Level 4 Definition / comment MIS.1 Mission Type MIS.1.1 Earth Observation MIS Application type MIS Land monitoring Example: crop monitoring, urban mapping MIS Marine monitoring Example: ocean bathymetry MIS Atmosphere Example: Earth weather MIS MIS Initial categorization 7 mission types, 4 phases Each mission type has unique service categories and services Significant optimization through overlaps monitoring Emergency management Surveillance monitoring and forecasting Example: crisis response support Example: maritime traffic monitoring 15 15

1.1.1.5 Initial categorization 7 mission types, 4 phases Each mission type has unique service categories and services Significant optimization through overlaps monitoring

16 Mission impact assessment concepts Sample from system taxonomy SYS.FUN.1 Ref. Level 1 Level 2 Level 3 Level 4 Definition / comment SYS.FUN.1.1 SYS.FUN SYS.FUN SYS.FUN Mission monitoring and control Monitoring Spacecraft platform monitoring Initial categorization of views Subsystems monitoring Orbit determination This heading contains the functions required to monitor and control the adequate execution of the space mission, independently from the utilisation that is made of the outcome of the space mission Monitoring of the subsystems listed under SYS.CON Function that determines the orbit of space assets. 26 Enterprise entries, 92 connectivity, 28 functional, 18 information, 21 communications 16 16

17 Mission impact assessment concepts Sample from mission system dependency tree EO - SAR mission PNT - GNSS mission Launchers Human space flight Telecommunications Space exploration Enterprise View SYS.ENT.1 SYS.ENT.1.1 X X X X X X SYS.ENT.1.2 SYS.ENT X X X X X X SYS.ENT X X X X X X SYS.ENT.1.3 X X SYS.ENT.1.4 X SYS.ENT.1.5 SYS.ENT X X X X X SYS.ENT X X X X X SYS.ENT X X X X X X SYS.ENT X X X X X X SYS.ENT X X X X X X SYS.ENT.1.6 X X X SYS.ENT.1.7 X X X X X X SYS.ENT.1.8 X X X X X X SYS.ENT.1.9 X X X X X X 17 17

ENT.1.3 X X SYS.ENT.1.4 X SYS.ENT.1.5 SYS.ENT.1.5.1 X X X X X SYS.ENT.1.5.2 X X X X X SYS.ENT.1.5.3 X X X X X X SYS.ENT.1.5.4 X X X X X X SYS.

18 Mission impact assessment automation Use of dependency graphs Mathematical models of dependency trees Example Sawilla, Ou AssetRank, DRDC Adaptation of Google PageRank Applied to attack dependency graphs Can be generalized to any dependency graph Use of mission thread modelling Mission metrics supported by resource model and value model Example Musman, Temin - Cyber Mission Impact Assessment and Response, Mitre Corporation

pdf Adaptation of Google PageRank Applied to attack dependency graphs Can be generalized to any dependency graph Use of mission thread modelling

19 Mission impact assessment automation Use of ontology based data collection Graph based description of relationships/dependencies Examples Tadda Mission impact/threat assessment for the cyber domain, AFRL Tadda.pdf Situation awareness model of Perception, Comprehension, Projection Goodall, et al. CAMUS: Automatically mapping cyber assets to missions and users Ontology-based semantic approach to data integration and fusion Inference engines used to fill in missing data 19 19

pdf Situation awareness model of Perception, Comprehension, Projection Goodall, et al.

20 RHEA Technical Centre of Excellence Official press release June 19, Paris Air Show To be established in Diegem, Belgium August 2013 Strategic collaboration with the Belgian Federal Science Policy Office Centralise expertise in related fields (Security and crisis management, System of systems design, Advanced processing of large data sets, etc.) Develop innovative solutions (Semantic web, Big data analytics, Digital/data curation, Temporal data management, etc.) Initial projects: Mission assurance concepts and automation Automated cyber defence and cyber response decision support Concurrent design and system of systems development 20 20

of large data sets, etc.) Develop innovative solutions (Semantic web, Big data analytics, Digital/data curation, Temporal data management, etc.

21 Questions? 21 21

Risk Management Guide for Information Technology Systems. NIST SP800-30 Overview

Risk Management Guide for Information Technology Systems NIST SP800-30 Overview 1 Risk Management Process that allows IT managers to balance operational and economic costs of protective measures and achieve