Team Redstone Exhibition (TREx)

Similar documents
Cyber R &D Research Roundtable

Cyber Community Highlights

Post-Access Cyber Defense

ETHICAL HACKING APPLICATIO WIRELESS110 00NETWORK APPLICATION MOBILE MOBILE0001

Storage Cloud Infrastructures

The Advanced Attack Challenge. Creating a Government Private Threat Intelligence Cloud

Reducing Application Vulnerabilities by Security Engineering

Cybersecurity Framework. Executive Order Improving Critical Infrastructure Cybersecurity

Appendix. Key Areas of Concern. i. Inadequate coverage of cybersecurity risk assessment exercises

National Initiative for Cybersecurity Education

Homeland Security Perspectives: Cyber Security Partnerships and Measurement Activities

CYBERSECURITY CHALLENGES FOR DOD ACQUISITION PROGRAMS. Steve Mills Professor of Information Technology

A Systems Engineering Approach to Developing Cyber Security Professionals

Enterprise Apps: Bypassing the Gatekeeper

Information Technology Career Cluster Advanced Cybersecurity Course Number:

Software & Supply Chain Assurance: Mitigating Risks Attributable to Exploitable ICT / Software Products and Processes

Presentation to NDIA 16th Annual Systems Engineering Conference Hyatt Regency, Crystal City, VA October 2013

Ms. Sandy Veautour Chief Systems Engineer PSG

Looking at the SANS 20 Critical Security Controls

TechNet Land Forces South Small Business Opportunities. Carey Webster Director, Federal Information Solutions Deltek

Defense Security Service

Cybersecurity. Cybersecurity 331

Seven Strategies to Defend ICSs

Technical Testing. Network Testing DATA SHEET

Cyber Security Evaluation of the Wireless Communication for the Mobile Safeguard Systems in uclear Power Plants

PASTA Abstract. Process for Attack S imulation & Threat Assessment Abstract. VerSprite, LLC Copyright 2013

The Top Web Application Attacks: Are you vulnerable?

CYBERSECURITY CHALLENGES FOR DOD ACQUISITION PROGRAMS. Steve Mills DAU-South

Magento Security and Vulnerabilities. Roman Stepanov

Threat Modeling. Categorizing the nature and severity of system vulnerabilities. John B. Dickson, CISSP

Role and Skill Descriptions. For An ITIL Implementation Project

Cybersecurity Throughout DoD Acquisition

Systems Engineering and Integration Efforts. 11 Dec 2013

Technical Testing. Application, Network and Red Team Testing DATA SHEET. Test your security defenses. Expert Testing, Analysis and Assessments

Criteria for web application security check. Version

Penetration Testing. University of Sunderland CSEM02 Harry R Erwin, PhD

Industrial Control Systems Security Guide

Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits)

IoT & SCADA Cyber Security Services

Security Testing. Vulnerability Assessment vs Penetration Testing. Gabriel Mihai Tanase, Director KPMG Romania. 29 October 2014

Cyber Security Metrics Dashboards & Analytics

Information Technology Policy

UNCLASSIFIED. UNCLASSIFIED Office of Secretary Of Defense Page 1 of 8 R-1 Line #50

CYBER TRENDS & INDUSTRY PENETRATION TESTING. Technology Risk Supervision Division Monetary Authority of Singapore

Web Engineering Web Application Security Issues

Covert Operations: Kill Chain Actions using Security Analytics

Mobile Applications. Army s Direction and Our Challenges

Locked Shields Kaur Kasak 24 Sept 2013

NAVFAC EXWC Platform Information Technology (PIT) Cyber Security Initiatives

Emerging Network Security Threats and what they mean for internal auditors. December 11, 2013 John Gagne, CISSP, CISA

NSA/DHS Centers of Academic Excellence for Information Assurance/Cyber Defense

Where every interaction matters.

How to Build a Trusted Application. John Dickson, CISSP

Project Manager Integrated

North Dakota 2013 IT Security Audit Vulnerability Assessment & Penetration Test Project Briefing

Strategic Information Security. Attacking and Defending Web Services

Defense-in-Depth Strategies for Secure, Open Remote Access to Control System Networks

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

Advancing Cyber Security Using System Dynamics Simulation Modeling for System Resilience, Patching, and Software Development

OWASP Top Ten Tools and Tactics

Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks

Department of Homeland Security

PATRIOTWATCHTM PATRIOTSHIELDTM PATRIOTSWORDTM

A Comprehensive Cyber Compliance Model for Tactical Systems

Civil Aviation and CyberSecurity Dr. Daniel P. Johnson Honeywell Aerospace Advanced Technology

U.S. Department of Energy Office of Inspector General Office of Audits & Inspections. Evaluation Report

CYBERSPACE SECURITY CONTINUUM

Cybersecurity Awareness for Executives

Enterprise Cybersecurity: Building an Effective Defense

National Endowment for the Arts Evaluation Report. Table of Contents. Results of Evaluation Areas for Improvement Exit Conference...

Threat Modelling for Web Application Deployment. Ivan Ristic (Thinking Stone)

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES.

SIEM Implementation Approach Discussion. April 2012

AFCEA Aberdeen Luncheon. Army Common Operating Environment (COE) Update. March 11, 2015

Entire contents 2011 Praetorian. All rights reserved. Information Security Provider and Research Center

8/27/2015. Brad Schuette IT Manager City of Punta Gorda (941) Don t Wait Another Day

WHAT EVERY CEO, CIO AND CFO NEEDS TO KNOW ABOUT CYBER SECURITY.

ADAPTIVE AUTHENTICATION ADAPTER FOR JUNIPER SSL VPNS. Adaptive Authentication in Juniper SSL VPN Environments. Solution Brief

2015 Michigan NASCIO Award Nomination. Cyber Security Initiatives: Michigan Cyber Disruption Response Strategy

Malicious Network Traffic Analysis

NICE and Framework Overview

THREAT VISIBILITY & VULNERABILITY ASSESSMENT

Penetration Testing Services. Demonstrate Real-World Risk

N-Dimension Solutions Cyber Security for Utilities

UNCLASSIFIED. UNCLASSIFIED Office of Secretary Of Defense Page 1 of 9 R-1 Line #139

The NIST Cybersecurity Framework (CSF) Unlocking CSF - An Educational Session

Attack Vector Detail Report Atlassian

NIST Cybersecurity Framework Manufacturing Implementation

Cybersecurity in the Utilities Sector Best Practices and Implementation 2014 Canadian Utilities IT & Telecom Conference September 24, 2014

Protecting critical infrastructure from Cyber-attack

Transcription:

Team Redstone Exhibition (TREx) 08 June 2016 Dr. Ken LeSueur, Redstone Test Center Approved for public release (SMDC Public Release #6084-1) Distribution A

Team Redstone Cyber Initiative Redstone Cyber Senior Executive Steering Group (ESG) Space & Missile Defense Command Aviation & Missile Research Development & Engineering Center PEO Missiles & Space PEO Aviation Redstone Test Center Others Synchronizing Cyber R&D Efforts Towards a Common Objective Coordinating Cyber Security R&D Road Maps Determining Effective & Efficient Contract Strategies ESG Directed the Cyber Working Group to have an exhibition of progress made to date Team Redstone Exhibition 2 Qtr 3 Qtr FY17 The Redstone ESG Convenes Regularly With Clear Goals & Objectives Approved for public release (SMDC Public Release #6084-1) Distribution A 2

Definitions and Participating Organizations IMPACT Integrated Mission Performance And Cybersecurity Testbed - A Persistent Distributed Environment of Redstone Cyber Stakeholder Facilities TREx Team Redstone Exhibition 2 nd or 3 rd Qtr 2017 Approved for public release (SMDC Public Release #6084-1) Distribution A 3

Initial Team Redstone Cyber Exhibition Requirements Target Date: 2 nd or 3 rd 2017 Establish a Persistent Reconfigurable Distributed Environment Linking Redstone Cyber Stakeholder Facilities Execute a Structured Integration, Data Collection, and Analysis Process Design in Growth Path to Link Team Redstone to Other Army, Joint, and Coalition Cyber Events and Resources Approved for public release (SMDC Public Release #6084-1) Distribution A 4

Organizational Objectives Demonstrate distributed connectivity via the JMN across multiple RSA organizations and facilities Demonstrate capabilities of tactical systems and Cyber investments Provide Army PMs with a persistent capability to Assess technologies and procedures necessary to defeat cyber threats Support the Development, Test and Evaluation of capabilities to reduce Cyber related risks and defeat Cyber threats Approved for public release (SMDC Public Release #6084-1) Distribution A 5

Concept Development Workshop (CDW) 11 APR 2016 Objectives/Exit Criteria Sites/Labs on the network Identified and Locked Working Group members defined Working Group interdependencies understood Calendar of events defined Organizational Objectives understood Content for Outbrief to ESG Approved for public release (SMDC Public Release #6084-1) Distribution A 6

TREx Facility/Network Infrastructure Tactical/Cyber Test Channels AMRDEC USASMDC/ARSTRAT AMRDEC TSMO Data Repository VoIP Chat Email Wiki Collaboration Tools VoIP Chat Email Wiki Collaboration Tools VoIP Chat Email Wiki Collaboration Tools VoIP Chat Email Wiki Collaboration Tools AMRDEC AMRDEC RTC Data Collection NW Monitor Constructive Sims Visual Systems VoIP Chat Email Wiki Collaboration Tools VoIP Chat Email Wiki Collaboration Tools Sanitized Data Xfer Infrastructure Servers Event Control/White Cell Channel Sites to add to Network Existing Sites Approved for public release (SMDC Public Release #6084-1) Distribution A 8

Previous Decisions/Assumptions Environment/Network/Event supporting appropriate classification levels JMN is the network to conduct IMPACT/T-REx WSMR terrain will be used for the event NIE/AWA 16.1 Operational Scenario will be used as practical Will have 5 sub working groups and leads for each Will have a minimum of 3 integration spirals leading up to the event Approved for public release (SMDC Public Release #6084-1) Distribution A 8

Cyber Blue/Red - DAU Lead Network - RTC Lead Sub Working Groups Operational Scenario - USASMDC/ARSTRAT Lead Technical Simulation Architecture - RTC Lead Tactical Architecture - AMRDEC Security USASMDC/ARSTRAT Lead Approved for public release (SMDC Public Release #6084-1) Distribution A 9

Cyber Threat Definitions Matrix Threat Outsider Near-Sider Insider Novice DoS 802.11 Injection Zigbee/bluetooth Phishing Web Site Deface Cross Site Scripting Spoofing Media Drops (MitM) Physical Security Tools Intermediate Ransom Ware Supply Chain HW/SW Man-in-the-Middle (MitM) Attack 2 factor broken authentication Data Line Tap Privilage Escalation Advanced DoS AV Bypass Manipulate Air Picture Add/Mod/Del e.g. ADS-B (injection) Maint Port Injection Stolen Net-Enabled Mil Radio Industrial Cntl Sys (ICS) DoS Attacking Gaps Outside Intel Network Routing Exploit Approved for public release (SMDC Public Release #6084-1) Distribution A 11

TREx Network Infrastructure OSD funded Network Infrastructure TREx Network team working with Technical Working Group to establish logical range requirements Network approach allows expansion in security levels and connectivity to external organizations without major configuration changes Approved for public release (SMDC Public Release #6084-1) Distribution A 12

Security Sub Working Groups Expectations Security Identity Security Classification guides required from all PoRs in TREx Brief each WG on needs and limitations of event environment Work with Cyber WG to ensure no system vulnerability could be uncovered that would exceed the event security level Determine data/report dissemination process with stakeholder concurrence Support data classification downgrading as required EXIT CRITERIA List of program security POCs Approved for public release (SMDC Public Release #6084-1) Distribution A 12

CDW Objectives/Exit Criteria Results Sites/Labs on the network Identified and Locked Working Group members defined Working Group interdependencies understood Calendar of events defined Organizational Objectives understood Content for Outbrief to ESG Approved for public release (SMDC Public Release #6084-1) Distribution A 13

Integration Blocks for TREx Integration Spiral 4 Integration Spiral 3 Integration Spiral 2 Integration Spiral 1 Approved for public release (SMDC Public Release #6084-1) Distribution A 14

Key Dates & Decisions All Sites connected to the distributed network will be locked at close of the CDW All POTENTIAL Systems and Simulations identified by integration spiral 1 with the final subset locked at the Mid Planning Workshop All configurations, software, and hardware will be locked at the conclusion of Integration Spiral 4 activities Approved for public release (SMDC Public Release #6084-1) Distribution A 15

Questions Approved for public release (SMDC Public Release #6084-1) Distribution A 16