Cyber Community Highlights

Size: px

Start display at page:

Download "Cyber Community Highlights"

Dennis Spencer
10 years ago
Views:

1 Cyber Community Highlights March 13, 2015 Presented by: Rob Goldsmith, AMRDEC Cyber Lead

2 Cyber Stakeholders S&T, RDT&E, Materiel Developers Academia (Local) Operational Units & Agencies (Sample) Federally Funded Research and Development Centers (FFRDCs) (e.g. Sandia Nat l Lab, Oak Ridge Nat l Lab, etc.) Defense Industrial Base 2

3 Operationalizing Cyber 3

4 What Is Key Terrain? BG Gouverneur Warren Discovered By Chance That Little Round Top Was Undefended Sent For Help From Any Available Units 4

5 What Is Key Terrain? Don t Give An Inch! Last Words Of COL Strong Vincent Union Leader Who Rushed Troops To Little Round Top Mortally Wounded Defending The Right Flank 5

6 What Is Key Terrain? Little Round Top (Left), Big Round Top (Right) COL Joshua Chamberlain Union Leader On The Left Flank Of Little Round Top Out Of Ammo, Unable To Withstand Another Assault, He Led His Men In A Bayonet Attack Holding The Line 6

7 What Is Key Terrain? COL Patrick Paddy O Rorke Union Leader Killed Leading The 140 th New York Charged Into Battle, Saved The Right Flank, Held Little Round Top Western Slope Of Little Round Top & Right Flank Of The Union Line 7

8 Conclusion To Protect Everything Is To Protect Nothing Focusing Resources Protecting Cyber Key Terrain Is Critical In Today s Environment Key Terrain Can Only Be Identified When There Is An Operational Context Risk To Missions Should Be Managed By Operational Leaders Operations Must Be Able To Understand Risk Introduced Through The Cyber Domain And Direct Actions Of Other Staff Elements 8

9 Cyber Key Terrain Top Level Mission Critical Mission Tasks/Sub Tasks Cyber Capabilities Critical Assets Mission Decomposition Mission to Assets Primary: Commander & G3/Ops Secondary: CIO/G6, Threat Intel/G2 Cyber Characterization Not All Cyber Capabilities Supporting The Critical Tasks Are Critical Identify Critical Capabilities = Cyber Key Terrain Primary: CIO/G6 Secondary: G3/Ops, Threat Intel/G2 Risk Analysis Apply Vulnerability, Threat, And Risk Assessment Against Each Cyber Asset Primary: CIO/G6, Threat Intel/G2 Secondary: G3/Ops 9

10 Materiel Developer SSE There Are Gaps In Current Security Requirements In Some Cases, Requirements Are Not Clear Or Even Defined Yet The Spectrum Of System Security Engineering Includes A Number Of Disparate Efforts AMRDEC Integrates These Activities For Materiel Developers 100% 95% 85% 80% 60% Activity Red Team BlueTeam HW/FW Testing Software Assurance Information Assurance Guidance DoDD O DoDI O CJCSI DoDI NDAA DoDI DISA STIG DoDI DoDD DoDI DoDI Army BBPs CJCSI Tools NMap, Nessus, MetaSploit, Burp Suite, Air Crack, Wireshark, etc. FIB, SEM, X-Ray, etc. AdaCore CodePeer, CheckMarx, Fortify, AppScan, Coverity, etc. CTRAD, FireEye, etc. Retina, SCAP Compliance Checker (XCCDF), STIG Viewer, SRRs 10

11 Blue Team vs. IA Support 95% 85% BlueTeam DoDD O DoDI O CJCSI NMap, Nessus, MetaSploit, Burp Suite, Air Crack, Wireshark, etc. How Is The BT Different From The Program IA Person? 1. Higher Skill Set. IA Person Can Identify Many Known Vulnerabilities. BT Personnel Can Exploit Those Vulnerabilities. They Can Find Vulnerabilities Not Identified Through Basic Compliance Checks. 2. Different Focus. IA Focuses On Compliance With IA Controls. BT Leverages Available Information, Including C&A Results, But Focuses On Testing And Exploiting. 3. Different Tools. IA Person Uses SCAP And Retina. BT Must Employ Non- Standard Tools Used By Adversaries To Exploit Systems. 4. Different Methods. IA Person Checks For Compliance Against Standards. BT Uses As Many Methods Available To Attackers As Possible, Including Social Engineering And Close Access. 5. Different Mission. IA Person s Goal Is Accreditation. BT Goal Is System Security. 11

12 Elements Of Cyber Testing Materiel Solution Cyber Testing Shift Left An Iterative Process Embedded With SEs 90% An Event Certified DT 5% Blue Team An Event Certified OT 5% Common Tools & TTPs Beyond DIACAP/RMF! 12

13 Cyber Integrator (CI) Cyber Integrator Pilot For ACAT 1D Program Senior Cyber SME Works For Chief Engineer Cyber Dashboard Communicates Cyber Risk DAU / AMRDEC Co-Authored Articles for AT&L Magazine Presented At Feb 2015 DAU Winter Panel Sep/Oct 2014 Mar/Apr

14 Team Redstone Cyber Senior Leaders Collaborating & Coordinating Cyber Activities And Funding AMRDEC SMDC PEO M&S PEO AVN AMCOM Others Synchronizing Cyber R&D Efforts Towards a Common Objective Developing Cyber Security R&D Road Maps (Reqs/Needs, Gaps, Plans) Determining Effective & Efficient Contract Strategies 14

15 Team Redstone Cyber Initiatives Kicked Off In 2014 Community Cyber Demonstration Tentatively Planned For 2017 Upcoming Team Redstone Engagements with Industry in FY15: Southeastern Cyber Security Summit, Huntsville, 3 4 Jun 2015 Team Redstone Cyber Industry Forum, TBD, Summer Apr Executive- Level Kick Off Meeting 21 May Action- Officer Briefings 27 Jan Meeting MSIC Brief OTA Brief 5 Mar APBI Briefing To Industry RSA Cyber Proof Of Concept Demonstration 1 Qtr 2 Qtr 3 Qtr 4 Qtr 1 Qtr 2 Qtr 3 Qtr 4 Qtr 1 Qtr 2 Qtr 3 Qtr 4 Qtr

Team Redstone Exhibition (TREx)

Team Redstone Exhibition (TREx) 08 June 2016 Dr. Ken LeSueur, Redstone Test Center Approved for public release (SMDC Public Release #6084-1) Distribution A Team Redstone Cyber Initiative Redstone Cyber