Triangle InfoSeCon. Alternative Approaches for Secure Operations in Cyberspace

Similar documents
Capabilities for Cybersecurity Resilience

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

Post-Access Cyber Defense

The Protection Mission a constant endeavor

SANS Top 20 Critical Controls for Effective Cyber Defense

Critical Controls for Cyber Security.

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Evolution Of Cyber Threats & Defense Approaches

Defending Against Data Beaches: Internal Controls for Cybersecurity

Driving Success in 2013: Enabling a Smart Protection Strategy in the age of Consumerization, Cloud and new Cyber Threats. Eva Chen CEO and Co-Founder

Cybersecurity Health Check At A Glance

DoD Strategy for Defending Networks, Systems, and Data

BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports

Compliance. Review. Our Compliance Review is based on an in-depth analysis and evaluation of your organization's:

The FBI Cyber Program. Bauer Advising Symposium //UNCLASSIFIED

Appendix. Key Areas of Concern. i. Inadequate coverage of cybersecurity risk assessment exercises

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.

CYBER SECURITY INFORMATION SHARING & COLLABORATION

Principles of Information Assurance Syllabus

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

Protecting Organizations from Cyber Attack

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist,

Lifecycle Solutions & Services. Managed Industrial Cyber Security Services

5 Steps to Advanced Threat Protection

BlackRidge Technology Transport Access Control: Overview

Seven Things To Consider When Evaluating Privileged Account Security Solutions

Georgia Tech Cybersecurity Leadership Certificate Program July 25 29, 2016

Securing the Internet of Things OEM capabilities assure trust, integrity, accountability, and privacy.

Active Response: Automated Risk Reduction or Manual Action?

Security as Architecture A fine grained multi-tiered containment strategy

Cybersecurity and internal audit. August 15, 2014

University of Central Florida Class Specification Administrative and Professional. Information Security Officer

Security Solutions to Meet NERC-CIP Requirements. Kevin Staggs, Honeywell Process Solutions

Client Update NFA Adopts Interpretive Notice Regarding Information Systems Security Programs

BM482E Introduction to Computer Security

Cyber Risk Mitigation via Security Monitoring. Enhanced by Managed Services

TUSKEGEE CYBER SECURITY PATH FORWARD

Host Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1

i-pcgrid Workshop 2015 Cyber Security for Substation Automation The Jagged Line between Utility and Vendors

Security Coordination with IF-MAP

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management

Security Information & Event Management (SIEM)

Intro to NSX. Network Virtualization VMware Inc. All rights reserved.

Application White Listing and Privilege Management: Picking Up Where Antivirus Leaves Off

ADVANCED PERSISTENT THREATS & ZERO DAY ATTACKS

North Dakota 2013 IT Security Audit Vulnerability Assessment & Penetration Test Project Briefing

DESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

Trends in Malware DRAFT OUTLINE. Wednesday, October 10, 12

Office 365 Cloud App Security MARKO DJORDJEVIC CLOUD BUSINESS LEAD EE TREND MICRO EMEA LTD.

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

Bellevue University Cybersecurity Programs & Courses

McAfee Security Architectures for the Public Sector

Achieving Truly Secure Cloud Communications. How to navigate evolving security threats

Carbon Black and Palo Alto Networks

Security for. Industrial. Automation. Considering the PROFINET Security Guideline

Big Data Platform (BDP) and Cyber Situational Awareness Analytic Capabilities (CSAAC)

Industrial Security for Process Automation

Introduction. Jason Lawrence, MSISA, CISSP, CISA Manager, EY Advanced Security Center Atlanta, Georgia

Understanding Cyber Defense A Systems Architecture Approach

Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness

Analytic and Predictive Modeling of Cyber Threat Entities J. Wesley Regian, Ph.D.

Managing Information Resources and IT Security

Protecting Your Organisation from Targeted Cyber Intrusion

DeltaV System Cyber-Security

Cisco Security Optimization Service

TRANSATLANTIC CYBER SECURITY SUMMIT

External Supplier Control Requirements

Machine-to-Machine Exchange of Cyber Threat Information: a Key to Mature Cyber Defense

SECURITY PRACTICES FOR ADVANCED METERING INFRASTRUCTURE Elif Üstündağ Soykan, Seda Demirağ Ersöz , ICSG 2014

MASTER OF SCIENCE IN INFORMATION ASSURANCE PROGRAM DEPARTMENT OF COMPUTER SCIENCE HAMPTON UNIVERSITY

Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense

Enterprise Cybersecurity: Building an Effective Defense

Cyber Watch. Written by Peter Buxbaum

The Comprehensive National Cybersecurity Initiative

Recommended IP Telephony Architecture

CIP- 005 R2: Understanding the Security Requirements for Secure Remote Access to the Bulk Energy System

IT Security and OT Security. Understanding the Challenges

10 Potential Risk Facing Your IT Department: Multi-layered Security & Network Protection. September 2011

A Systems Engineering Approach to Developing Cyber Security Professionals

White Paper A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK. A balancing act

7 Homeland. ty Grant Program HOMELAND SECURITY GRANT PROGRAM. Fiscal Year 2008

A New Layer of Security to Protect Critical Infrastructure from Advanced Cyber Attacks. Alex Leemon, Sr. Manager

Payment Card Industry Data Security Standard

defending against advanced persistent threats: strategies for a new era of attacks agility made possible

Enterprise Security Governance. Robert Coles Chief Information Security Officer and Global Head of Digital Risk & Security

Enterprise Cybersecurity: Building an Effective Defense

Verve Security Center

An Overview of Information Security Frameworks. Presented to TIF September 25, 2013

Transcription:

Triangle InfoSeCon Alternative Approaches for Secure Operations in Cyberspace Lt General Bob Elder, USAF (Retired) Research Professor, George Mason University Strategic Advisor, Georgia Tech Research Institute 16 October 2014 1

Overview Alternative Cyber Ops Perspectives The Enterprise Networks Challenge Attacker vs. Operator-User Perspectives Defense and Assurance Alternatives DHS Cyber Ecosystem Concept Cyber Workforce Leadership Development 2

My Perspectives DoD: STRATCOM and Air Force Cyber & EW Ops GMU: Cyber Ops and Joint Command & Control Integrate Cyberspace into Joint Operations GTRI: Cyber Technology & Information Security Lab Leverage systems engineering and signals technology to provide resilient command and control solutions for operations in contested & congested environments Focus Areas: Threat intelligence and analysis, device and hardware assessment, critical data protection, data analytics, high performance computing 3

Cyber Functional Decomposition Network Ops Network Security (Communications) Data Collection Knowledge Creation (Info Management) Legacy Enhancement Global Business Ops Admin & Logistics Business Assurance (Operations) Actions in & through Cyberspace 4

DoD Cyber Ops Decomposed 5 Integrated Joint Operations Title 50 (Intel) Title 10/22/50 ( Special Cyber Ops) Title 10 Joint Ops (COCOMs) Net Ops Intelligence Collection Network Exploitation Offensive Cyber Ops Active Cyber Defense PSYOPS/MISO Deterrence & Influence Ops Integrated Cmd & Ctrl Collaborative Planning Force Enhancement Knowledge Management Assure Mission Capabilities Protect Information Defend Networks Protect Network Systems Operate Networks Establish Networks

Power of Cyberspace Political Military Social ATTRIBUTES Time & Distance Virtual Presence Info = Commodity Anonymity Alter Egos Smart Agents Economic Information Infrastructure 6

Challenge: Cultural (R)evolution Cyberspace offers many alternatives: Can we break the cultural barrier? Hierarchical Culture Cyber Culture Future Hierarchy Level ---- Power ---- Connections Hierarchy Level ---- Value ----- Contribution 7

Enterprise Networks Challenge Influence Attack Electromagnetic Spectrum Attack Wireless Networks Influence Protection Social Networks Cyber Use Cyber Attack Logical Networks Effects of Attacks: Denial of Service Confidential Data Loss Data Manipulation System Integrity Loss 8 Electronics (& Infrastructure) Force Protection Physical Networks Physical Attack (includes Directed Energy) Law Enforcement

Global Information Grid and DOD Networks US Government Cyberspace State & Local Gov t Cyberspace Not All Cyberspace is Equal 9 Other US Cyberspace (includes DIB) & Associated Cyber Infrastructure Cyberspace Typology Private/Open Commercial Regulated Commercial Government (.gov) Military (Admin) Military (Ops) Economic Security Public Safety WMD/E Defense/I&W

Attacker Focus Attacker vs. Operator-User Views ATTACKS TARGETS EFFECTS Insider Attacks; Social engineering Data and policy Corruption Code Manipulation Malware Worms, viruses Flooding Backdoor Implants Physical Destruction Intelligence & Attack Response 10 Source: 2008 AFSAB Study Network Security Human Organization Mission Layer App/Session Layer OS/Network Layer HW/Systems Layer Devices & Linkages Proactive Defense Disinformation Confusion C2 Disruption Alter Behaviors Inaccuracies Induced Failures Denial of Service Data Exfiltration Malfunctions Performance loss Lost Comms Info Transaction Controls Mission Assurance Operator Focus

Attacker Focus Network Security Alternatives ATTACKS TARGETS EFFECTS Insider Attacks; Social engineering Data and policy Corruption Code Manipulation Malware Worms, viruses Flooding Backdoor Implants Physical Destruction Intelligence & Attack Response 11 Source: 2008 AFSAB Study Network Security VM Sandboxes, User behavior Disinformation Human Organization monitoring Confusion Mission Layer C2 Disruption Transaction Controls Alter Behaviors App/Session Layer HW/Systems Layer Devices & Linkages Proactive Defense Inaccuracies Induced Failures Denial of Service Data Exfiltration Registry & O/S Monitoring OS/Network O/S Behavior Layer Monitoring, Clutter Filters, White-listing Malfunctions Performance loss Lost Comms System Redundancy & Diversity Resilient system architectures Info Transaction Controls Mission Assurance Operator Focus

Attacker Focus Proactive Defense Alternatives ATTACKS TARGETS EFFECTS Insider Attacks; Social engineering 2-person Controls Data and policy Corruption Code Manipulation Malware O/S Obfuscation Worms, viruses Flooding Backdoor Implants Hardware shifting Physical Destruction Intelligence & Attack Response 12 Process rotation Session Controls Device diversity Source: 2008 AFSAB Study Network Security Human Organization Mission Layer App/Session Layer OS/Network Layer HW/Systems Layer Devices & Linkages Proactive Defense Disinformation Confusion C2 Disruption Alter Behaviors Inaccuracies Induced Failures Denial of Service Data Exfiltration Malfunctions Performance loss Lost Comms Info Transaction Controls Mission Assurance Operator Focus

Attacker Focus Mission Assurance Alternatives ATTACKS TARGETS EFFECTS Insider Attacks; Social engineering Data and policy Corruption Code Manipulation Malware Worms, viruses Flooding Backdoor Implants Physical Destruction Intelligence & Attack Response 13 Source: 2008 AFSAB Study Network Security Redundant Sources Human Organization Lost Comm processes Mission Layer Redundant Apps App/Session Layer Switch filters PCAP Filters OS/Network Layer Compare HW/Systems systems Layer Comm Devices redundancy & Linkages Proactive Defense Disinformation Confusion C2 Disruption Alter Behaviors Inaccuracies Induced Failures Denial of Service Data Exfiltration Malfunctions Performance loss Lost Comms Mission Assurance Operator Focus

Cyber Ecosystem (DHS) Static Defense Prevent Moving Target Risk-based Data Mgmt Built-in Security Trusted Spaces Automated Courses Of Action Recover Automated Information Sharing Detect Monitor Behaviors 14 Automated Defensive Actions Respond Dynamic Defense

Cyber Ecosystem Workshop Key Observations Difficult to envision implications of protect failure Expect cyberspace to be degraded: Design basic processes to be effective with minimum bandwidth Balance network maintenance with survivability and recovery requirements (diversity and redundancy) Implementing rules to reduce noise on the network will make detection processes much more effective Resiliency approach: Integrate across networks user, information/logical, physical, and infrastructure Need to insert human decision-making the machine loop to provide human control at machine speeds Useful to have an approach to balance resource allocations across protect, detect, respond, recover 15

Operational Technology Lessons Baseline configuration and monitor for changes Install perimeter firewalls Protect against viruses and malware Employ both blacklists and whitelists Monitor control system networks for intrusions Use role-based access control; authenticate often Encrypt communications; maintain trust spaces Monitor servers (system logs, embedded agents) Monitor workstations (logs, embedded agents) Audit system logs; look for abnormal behaviors Conduct independent penetration testing 16

Key Defend/Assure Actors Users/Operators Processes Accountability Threat Analysts Intentions Resiliency Network Specialists Behaviors Controls & Audits Hardware Controls System Developers Eliminate Vulnerabilities Software Assurance Software Developers 17

Cyber Leader Development Understand Cyberspace Strategic Leader Exploit Cyberspace Understand the Business Operational Leader Supervise and integrate technical skills with mission (Mission Assurance) Technical Leader Areas such as Cyber Security, Info Assurance, Software Assurance, Network Mgmt, Communications, Knowledge Mgmt, Visualization 18

Conclusion Information security has advanced significantly, but evolving cyberspace challenges require new approaches Cyber Security more effective when cyber professionals act as security facilitators Multi-dimensional protection requires development of new tools and techniques Must develop cyber leaders to make most effective use of the cyber workforce 19

Contact Information Lt General (Ret) Robert Elder, D.Engr Strategic Advisor, GTRI relder@gmu.edu 703-873-7592 Charles Steve Reeder Senior Research Scientist Charles.Reeder@gtri.gatech.edu 757-647-4359 20

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information