Navy Information Dominance Industry Day

Similar documents
How SPAWAR s Information Technology & Information Assurance Technical Authority Support Navy Cybersecurity Objectives

Software Sustainment Issues and Challenges

Defending Against Data Beaches: Internal Controls for Cybersecurity

Encl: (1) Surface Warfare Tactical Requirement Group Membership

DoD Strategy for Defending Networks, Systems, and Data

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Enterprise Security Tactical Plan

Consolidated Afloat Networks and Enterprise Services (CANES)

Cybersecurity and internal audit. August 15, 2014

Process Solutions. Staying Ahead of Today s Cyber Threats. White Paper

Triangle InfoSeCon. Alternative Approaches for Secure Operations in Cyberspace

HOUSE ARMED SERVICES COMMITTEE SUBCOMMITTEE ON EMERGING THREATS AND CAPABILITIES STATEMENT

Navy Information Dominance Industry Day

STATEMENT BY DAVID DEVRIES PRINCIPAL DEPUTY DEPARTMENT OF DEFENSE CHIEF INFORMATION OFFICER BEFORE THE

Introduction. Jason Lawrence, MSISA, CISSP, CISA Manager, EY Advanced Security Center Atlanta, Georgia

Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

Looking at the SANS 20 Critical Security Controls

DEFENSE INFORMATION SYSTEMS AGENCY STRATEGIC PLAN UNITED IN SERVICE TO OUR NATION

Compliance. Review. Our Compliance Review is based on an in-depth analysis and evaluation of your organization's:

OFFICE OF THE SECRETARY OF DEFENSE 1700 DEFENSE PENTAGON WASHINGTON, DC

NAVAL SEA SYSTEMS COMMAND STRATEGIC BUSINESS PLAN

Security Architecture: From Start to Sustainment. Tim Owen, Chief Engineer SMS DGI Cyber Security Conference June 2013

The Comprehensive National Cybersecurity Initiative

How To Improve The Defense Communications System

Appendix. Key Areas of Concern. i. Inadequate coverage of cybersecurity risk assessment exercises

Cybersecurity Enhancement Account. FY 2017 President s Budget

U.S. Office of Personnel Management. Actions to Strengthen Cybersecurity and Protect Critical IT Systems

SANS Top 20 Critical Controls for Effective Cyber Defense

Operationally Focused CYBER Training Framework

Cisco Security Optimization Service

Critical Controls for Cyber Security.

Cybersecurity: Mission integration to protect your assets

ETHICAL HACKING APPLICATIO WIRELESS110 00NETWORK APPLICATION MOBILE MOBILE0001

NAVFAC EXWC Platform Information Technology (PIT) Cyber Security Initiatives

U.S. Department of Energy Office of Inspector General Office of Audits & Inspections. Evaluation Report

North Dakota 2013 IT Security Audit Vulnerability Assessment & Penetration Test Project Briefing

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.

Cloud Computing Technologies Achieving Greater Trustworthiness and Resilience

Joint Information Environment Single Security Architecture (JIE SSA)

Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness

Application White Listing and Privilege Management: Picking Up Where Antivirus Leaves Off

The Cyber OODA Loop: How Your Attacker Should Help You Design Your Defense. Tony Sager The Center for Internet Security

NICE and Framework Overview

State of Minnesota. Enterprise Security Strategic Plan. Fiscal Years

Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015

FREQUENTLY ASKED QUESTIONS

2015 Michigan NASCIO Award Nomination. Cyber Security Initiatives: Michigan Cyber Disruption Response Strategy

Obtaining Enterprise Cybersituational

High Level Cyber Security Assessment 2/1/2012. Assessor: J. Doe

ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES

Targeted Intrusion Remediation: Lessons From The Front Lines. Jim Aldridge

Industrial Security for Process Automation

Audit Report. Management of Naval Reactors' Cyber Security Program

Executive Overview...4. Importance to Citizens, Businesses and Government...5. Emergency Management and Preparedness...6

C ETS C/ETS: CYBER INTELLIGENCE + ENTERPRISE SOLUTIONS CSCSS / ENTERPRISE TECHNOLOGY + SECURITY

Cyber Security Metrics Dashboards & Analytics

STATEMENT OF MR. THOMAS ATKIN ACTING ASSISTANT SECRETARY OF DEFENSE FOR HOMELAND DEFENSE AND GLOBAL SECURITY OFFICE OF THE SECRETARY OF DEFENSE;

Advanced Systems & Development

Deputy Chief Financial Officer Peggy Sherry. And. Chief Information Security Officer Robert West. U.S. Department of Homeland Security.

The Protection Mission a constant endeavor

NSA/DHS Centers of Academic Excellence for Information Assurance/Cyber Defense

Attachment A. Identification of Risks/Cybersecurity Governance

White Paper: Leveraging Web Intelligence to Enhance Cyber Security

Security in Space: Intelsat Information Assurance

Cyber Risk Mitigation via Security Monitoring. Enhanced by Managed Services

Cyber Side-Effects: How Secure is the Personal Information Entered into the Flawed Healthcare.gov? Statement for the Record

How To Manage Security On A Networked Computer System

IBM Security Strategy

How To Improve Federal Network Security

Cyber Watch. Written by Peter Buxbaum

Intrusion Detection and Threat Vectors Michael Arent EDS-Global Information Security

Internal audit of cybersecurity. Presentation to the Atlanta IIA Chapter January 2015

IT AUDIT WHO WE ARE. Current Trends and Top Risks of /9/2015. Eric Vyverberg. Randy Armknecht. David Kupinski

Secure Content Automation Protocol (SCAP): How it is increasingly used to automate enterprise security management activities

Reliable, Repeatable, Measurable, Affordable

Independent Security Operations Oversight and Assessment. Captain Timothy Holland PM NGEN

Enterprise Computing Solutions

Total Ownership Cost (TOC) and Cost as an Independent Variable (CAIV)

State of Oregon. State of Oregon 1

CHAPTER 3 : INCIDENT RESPONSE THREAT INTELLIGENCE GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC

RSA Security Analytics

NERC CIP VERSION 5 COMPLIANCE

Systems Engineering and Integration Efforts. 11 Dec 2013

Defense-in-Depth Strategies for Secure, Open Remote Access to Control System Networks

DIVISION OF INFORMATION SECURITY (DIS) Information Security Policy Threat and Vulnerability Management V1.0 April 21, 2014

EVALUATION REPORT. The Department of Energy's Unclassified Cybersecurity Program 2014

State of South Carolina Policy Guidance and Training

Cybersecurity: An Innovative Approach to Advanced Persistent Threats

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

Post-Access Cyber Defense

SECURITY CONTROLS AND RISK MANAGEMENT FRAMEWORK

Forecast to Industry 2015

Statement of Gil Vega. Associate Chief Information Officer for Cybersecurity and Chief Information Security Officer. U.S. Department of Energy

OCIE CYBERSECURITY INITIATIVE

Information Assurance Manual

Seven Strategies to Defend ICSs

Protecting Your Organisation from Targeted Cyber Intrusion

COUNTERINTELLIGENCE. Protecting Key Assets: A Corporate Counterintelligence Guide

Opening Up a Second Front for Cyber Security and Risk Management

Transcription:

Navy Information Dominance Industry Day June 11, 2015

1996 Joint Chiefs of Staffs released Joint Vision 2010 (Net Centric Warfare) 2006 Operation CYBER CONDITION ZEBRA: Perimeter security for legacy Navy Networks 2008 Russia conducts cyber attacks against Georgia 2008 Operation BUCKSHOT YANKEE: USB Intrusion on DoD Computers (Host Based) 2009 Establishment of OPNAV N2/N6 (IDC) 2010 Cyber War published 2010 Establishment of USCYBERCOM and FCC/C10F 2010 Establishment of NCF 2013 Mandiant releases espionage report alleging PLA ex-filtrating U.S. proprietary data 2013 Operation ROLLING TIDE: Adversary Intrusion on Navy Networks 2014 Blackbeard project demonstration 2014 Establishment of NAVIDFOR 2014 Establishment of Task Force Cyber Awakening (TFCA) 2015 Establishment of Enduring Cyber Security Organization, including CYBERSAFE Navy Task Organizes to Meet Challenge 2

Disconnected Response through stove-piped assessments & initiatives across the enterprise: Operation ROLLING TIDE N81 Cyber Defense Studies Cyber Platform Risk Assessment Unsupported Systems Eradication Unified Response through Task Force Cyber Awakening: NOT N2/N6-centric. The cyber platform spans the entire Navy Use existing mechanisms where possible, but rigor will prevail Cyber security must be a resourcing and organizing principle Accountability and rigor are key Cyber Resiliency Plan & POM-17 Cyber Resiliency BAM inclusive of full DOTMLPF Cyber is as important as the next missile or platform It s now COMMANDER S BUSINESS 3

TRANSPORT COMMERCIAL INTERNET DISN SCI Coalition Networks ADNS TELEPORT NMCI & ONE-NET JRSS MOC GNOC NCDOC USMC ISNS / CANES / SUBLAN / TSCE TACTICAL SWITCH (TSw) A P P L I C A T I O N S Installations Air Combat HM&E Navigation C O N T R O L S Y S T E M S C 4 I S Y S T E M S DISN Core INTERNET ADNS NCTAMS/NOC DISN CORE NCDOC MOC Public Works Physical Security PSNET Public Safety Air Ops Port Ops C O N T R O L S Y S T E M S Other Connections (Commercial, Coalition, RF) Cyber remediation efforts need to extend across the Enterprise 4

Navy Cyber Defense Operations Command (NCDOC) 2014 Annual Incident / Event Summary Report Defense in Depth strategies, Information Assurance awareness, signature refinement, and the placement and/or re-alignment of both IDS and IPS sensor locations have afforded the Navy the capability to promptly avert and/or mitigate incidents-events and malware infections directed against its networks this reporting period. * Confirmed Incidents-Events Incident Category Description FY11 FY12 FY13 FY14 FY14 CAT 1 Root Level Intrusion Cat 2 User level Intrusion Cat 4 Denial of Service CAT 5 Non-Compliance Activity CAT 6 Scan / Probe CAT 7 Malicious Logic Unauthorized Root/Admin level access to DoD system Consequence - ability to launch wide scale attacks Example - bring down complete systems/networks/ships Unauthorized User level access to DoD system Consequence - limited ability to launch attacks Example - unauthorized data exfiltration Activity that impairs, impedes, or halts normal functionality Consequence - limits availability of a system and or service Example - block access to a Web site or complete network Activity that discovers non-compliant DoD systems Consequence - ability to exploit vulnerabilities Example - web exploits (SQL injections, X site scripting) Probes to identify systems or open services for later exploits Consequence - adversary maps out network Example - port and protocol scanning Installation of Malicious software Consequence - loss of integrity of data/system/network Example - Trojans, backdoor, virus, or worms 9 1 33 1 9 9 10 1 1 3 3 0 432 447 729 680 30 34 51 24 1,029 1,051 1,094 1,435 Trend Investments and actions to date are improving our Enterprise Cyber Resiliency * IDS: Intrusion Detection System; IPS: Intrusion Prevention System 5

Source: http://www.ascelade.com/quotes/photo/insanity-thing-expecting-different-results//

Organization TFCA MISSION Deliver fundamental change to Navy s organization, resourcing, acquisition, and readiness Align and strengthen authority, accountability, and rigor in Navy Cyber Security Chief of Staff OPNAV N2N6F1 CAPT David Serber DCNO OPNAV N2N6 VADM Branch Task Force Lead Mr. Matt Swartz (SES) Deputies Mr. Claude Barron (SES), NAVSEA Mr. Stu Young (SES), NAVAIR Mr. Brian Marsh (SES), SPAWAR Col David McMorries, USMC Technical Director Mr. Bob Stephenson (SES), CPF/SPAWAR EXCOM (Co-Chair) VCNO & ASN RDA Secretary: Dr. John Zangardi, DASN C4I FCC Commander OPNAV N-Codes USMC C4/CIO ASN (RDA) PMD / DASNs SYSCOM CDRs / NR DCOM USFF / PACFLT DCOMs & TYCOMs Advisory Board Trusted Advisors of EXCOM E N T E R P R I S E S T A K E H O L D E R S TG 1 Capabilities RADM Herman Shelanski November 2014 Delivered Cyber Resiliency Plan to inform FY15, POM-16 TG 2 CYBERSAFE CAPT Mark Elliott, USN March 2015 Establish CYBERSAFE Program w/limited AOR CYBERSAFE Office IOC 21 Apr 15 TG 3 Navy Cyber Security Mr. Troy Johnson (DISL) August 2015 Define and Develop implementation of an updated approach for overall Navy Cyber Security Task Group Technical Mr. Greg Shaffer (SES) (IT/IA TAB) August 2015: Establish Technical Authority development group TFCA well represented from across the Navy Enterprise 7

Device Integrity Damage Containment Defense of Accounts Secure & Available Transport NSA s Top 10 IA Mitigation Strategies Industry Recommendations (Controls against Cyber Espionage) Cyber Resiliency Approach Mitigation Strategies Application Whitelisting Control Administrative Privileges Limit Workstation-to- Workstation Communication Use Anti-Virus File Reputation Services Enable Anti-Exploitation Features Implement Host Intrusion Prevention System (HIPS) rules Set a Secure Baseline Configuration Use Web Domain Name System (DNS) Reputation Take Advantage of Software Improvements Segregate Networks and Functions Mitigation Goal Areas Patch ALL THE THINGS! Use and update antivirus (AV) Train users Segment your network Keep good logs Break the deliveryexploitationinstallation chain Spot C2 and data exfiltration Stop lateral movement inside the network Control Points: Control Points will allow us to effectively isolate portions of our networks and prevent adversaries who gain a foothold from moving laterally. Also improve boundary defenses for individual portions of the network and serve as insertion points in the network for emerging technology solutions. Cyber Situational Awareness (SA): Allow us to visualize the activity in the cyber-field, promote timely assessment of normal vs. abnormal activity, and mitigate possible threats. Cyber SA provides us with the tools to detect and respond to higher level threat actors. Designing (vice retroactively Patching-in) Resiliency within Systems & Networks: Generating common sets of standards and protocols to improve our cyber posture by driving down variance, and also designing-in resiliency in future system designs. Cyber Hygiene: Use of focused Tactics, Techniques & Procedures (TTPs) and workforce training Cyber Ready Workforce: Improving manning levels, personnel training and Fleet readiness via readiness reviews, Fleet cyber security efforts, Cybersecurity Workforce continuing education, unit patch/scan compliance and adherence to computer tasking orders (CTO). Leveraged Stakeholder, Community and Industry recommendations to develop Enterprise Approach 8

Maturity Low High UNCLASSIFIED Task Group Capabilities Issue Prioritization Metrics = Guiding Principles 1. Protect the Tactical Platforms 2. Address full spectrum of DOTMLPF 3. Improve Defensive Cyber Posture & Maturity Level of Response Near Term Focus Future Investments Prepare Protect Detect React/Restore Defensive Cyber Operations Bins Cyber Resiliency Strategy Recommendation to Resource Sponsors = Investment Strategy 1. Stay on course set during POM-16 Maintain momentum on initiatives underway (ORT, Control Point Solutions, Etc.) & implement solutions designed using R&D investments made 2. Focus on compartmentalization System by system approach is unaffordable and inflexible Prioritize reduction of consequence versus locking all vulnerabilities 3. Balance approach between maintenance vs. modernization Accelerating POR / System modernization timeline is unaffordable Invest in short term ( stop-gap ) solutions pre-modernization 4. New vs. Existing Funding Invest new money in new capabilities such as Enterprise-wide Cyber Situational Awareness Re-prioritize existing POR / System funding to mitigate for POR / System related cyber security enhancements 5. Develop and sustain a Cyber Ready Workforce Deliver a realistic and executable requirement to the Resource Sponsors that improves our Enterprise wide Cyber Resiliency both effectively and efficiently 9

Defense in Depth Protection Levels Control Points Critical Functions Enclave Boundary Protection Incident Isolation Recovery Operations Agile Technology Insertion Potential to leverage common engineering across multiple ship classes CG DDG LCS Amphibs SSDS DDG 1000 Control Points will allow us to effectively segment portions of our shipboard network, add greater ability to maneuver through intrusions, and ensure mission assurance 10

CYBERSAFE Definition Delivering Mission Assurance CYBERSAFE Office IOC 21 Apr 15 Specific set of requirements for design, procurement, material controls, maintenance and ops procedures, along with the change in organizational culture and crew proficiency required to institute these requirements, applied to a selected subset of platform system elements or components for which a failure caused by a cyber attack would result in loss of critical mission capability, mission critical equipment, and/or personal injury. - Approved at Dec 2014 TFCA EXCOM Modeled After SUBSAFE Tenets Independent Technical Authority sets common standards Program Managers ensure acquisition aligns with standards Independent Security Authority assesses against standards CYBERSAFE Certification Authority makes final decisions & assumes risk and accountability for platform Mission Assurance CYBERSAFE CYBERSAFE is focused on Mission Assurance of critical warfighting capabilities 11

CYBERSAFE Approach CYBERSAFE Instruction Establishes policy and assigns responsibilities for the management and implementation of Navy Cybersecurity Safety (CYBERSAFE) Program requirements Assigns responsibility for management and implementation of CYBERSAFE Program Describes 3 Facets of CYBERSAFE Cyber System Levels Design CYBERSAFE Grades Procure & Build Cyber Conditions of Readiness Operate Identifies management controls for CYBERSAFE items Describes CYBERSAFE Technical, Certification, and Threat/Risk Assessment Authorities Depicts Defense-in-Depth architecture as defined by DFIA * DFIA details control point strategy, but will also define DiD Implementation Standards across cyber environment DFIA Reference Architecture * DFIA: Defense-in-Depth Functional Implementation Architecture 12

Mission Assurance Target CONCEPTS Requirements Steering Committee CAPABILITY CAPABILITY GAPS REQ VALIDATION IA Tech Authority IT / IA TAB ARCHITECTURE PERSONNEL EQUIPMENT SUPPLIES TYCOM(s) TRAINING INDUSTRY FACILITIES RESOURCE/POLICY OPNAV Resource Sponsors ASSESS/PROCURE PRE-INTRO MAINTENANCE System Commands BASIC INTEGRATED EMPLOY / DEPLOY Fleet(s) SUSTAIN Mission Execution STUDIES IG/INSURV THREAT ASSESS POST DEPLOY FISMA COMPLIANCE Mission Assurance Assessment 13 UNCLASSIFIED Existing Organizations Recently Formed To-Be Organizations Navy Cyber Security Organization (including CYBERSAFE) Oversight: Navy Cyber Security Council (VCNO & ASN RDA co-chaired) Deliver Mission Assurance & Assess the Navy s Cyber Resiliency Posture Synchronization on All Aspects of the Cyber Readiness Kill Chain Advisor to the Risk Management Framework Implementation REQUIREMENTS MEANS WAYS ENDS ASSESS Baseline Assessment Memo (BAM) Specs & Standards Man, Train & Equip Readiness Certification Validate & Resource Requirements Design, Develop, & Maintain Platform Certification Operational Certification Operations External Assessment Fleet(s)

Leveraging Cross-SYSCOM IT / IA Technical Authority Board (TAB) to: Issue common and rigorous technical standards Design methodology and framework for both areas within which acquisition and operational elements must work when developing and sustaining technical standards Include evaluation of current technical authority approach for Navy Cybersecurity and determine necessary modifications to account for both Navy Networks & Tactical Control Systems 27 Jan 15 TAB approved standards for: Defense-in-Depth Functional Implementation (DFIA) Afloat Network Firewall Intrusion Detection & Prevention 12 May 15 TAB approved standards for: Host Level Protection Continuous Monitoring IT / IA TAB will determine method for leveraging Facets and Platform Architecture to consistently identify CYBERSAFE critical items 14

1. Optimizing Investments How do you prioritize requirements in this environment? What metrics & measures do we use? Are we looking at the right things? How did you measure cyber security risk and establish a threshold of acceptance vs. mitigation? Have you invested in and used defensive cyber maneuvers (e.g. randomization) to frustrate would-be attackers? 2. Delivering Mission Assurance How did you decide what data or systems to protect first and what were you willing to spend? Did you work to minimize your threat surface or focus on protecting what you currently have? IA Standards Roadmap 3. Developing Resilient Architectures and Standards Does this threat require a holistic architectural response? (Sum of the parts greater than the whole?) What are the differences between securing Industrial Control Systems vs. IT Systems? Where does this put us on the innovation curve? 4. Improving Culture, Accountability, and Oversight How do you design & execute organizational & cultural change? What is the most effective way to improve leadership and user compliance & behavior? How do you approach the development and retention of a Cyber Smart workforce? (other than compensation) To what extent have employee privacy concerns impeded your efforts? Achieving Cyber Resiliency requires a balance between Government & Industry 15

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information