The Cyber Supply Line: A Geospatial Approach to Cybersecurity

Similar documents
The Geospatial Approach to Cybersecurity: An Executive Overview. An Esri White Paper January 2014

The Geospatial Approach to Cybersecurity: Implementing a Platform to Secure Cyber Infrastructure and Operations. An Esri White Paper June 2015

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.

ArcGIS and Enterprise Security

A MULTIFACETED CYBERSECURITY APPROACH TO SAFEGUARD YOUR OPERATIONS

Into the cybersecurity breach

NSA/DHS Centers of Academic Excellence for Information Assurance/Cyber Defense

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

Applying machine learning techniques to achieve resilient, accurate, high-speed malware detection

The President issued an Executive Order Improving Critical Infrastructure Cybersecurity, on February 2013.

Anatomy of a Breach: A case study in how to protect your organization. Presented By Greg Sparrow

Bridging the gap between COTS tool alerting and raw data analysis

Network & Information Security Policy

Assessing Internet Resilience at a Key Node. Michael Thompson Cyber Security Analyst Argonne National Laboratory thompsonm@anl.gov

Seven Strategies to Defend ICSs

Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense

Enterprise Cybersecurity: Building an Effective Defense

Advanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA

SECURE POWER SYSTEMS PROFESSIONALS (SPSP) PROJECT PHASE 3, FINAL REPORT: RECRUITING, SELECTING, AND DEVELOPING SECURE POWER SYSTEMS PROFESSIONALS

Advanced Threats: The New World Order

Cloud Resilient Architecture (CRA) -Design and Analysis. Hamid Alipour Salim Hariri Youssif-Al-Nashif

Metrics Suite for Enterprise-Level Attack Graph Analysis

Security Camp Conference Fine Art of Balancing Security & Privacy

Effective Threat Management. Building a complete lifecycle to manage enterprise threats.

Cisco Cyber Threat Defense - Visibility and Network Prevention

Enterprise Organizations Need Contextual- security Analytics Date: October 2014 Author: Jon Oltsik, Senior Principal Analyst

Overcoming Five Critical Cybersecurity Gaps

State Agency Cyber Security Survey v October State Agency Cybersecurity Survey v 3.4

Cybersecurity and internal audit. August 15, 2014

Cybersecurity. Are you prepared?

NIST CYBERSECURITY FRAMEWORK COMPLIANCE WITH OBSERVEIT

OCIE CYBERSECURITY INITIATIVE

Critical Security Controls

Defending Against Data Beaches: Internal Controls for Cybersecurity

Threat Intelligence. Benefits for the enterprise

2015 CEO & Board University Cybersecurity on the Rise. Matthew J. Putvinski, CPA, CISA, CISSP

Advancing Cyber Security Using System Dynamics Simulation Modeling for System Resilience, Patching, and Software Development

Intrusion Tolerance to Mitigate Attacks that Persist

How To Audit The Mint'S Information Technology

Cybersecurity for the C-Level

Attachment A. Identification of Risks/Cybersecurity Governance

NIST Cybersecurity Framework Sean Sweeney, Information Security Officer 5/20/2015

ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES

REGULATIONS FOR THE SECURITY OF INTERNET BANKING

WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales

By: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015

IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE

CHAPTER 3 : INCIDENT RESPONSE FIVE KEY RECOMMENDATIONS GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC

DoD Strategy for Defending Networks, Systems, and Data

ETHICAL HACKING APPLICATIO WIRELESS110 00NETWORK APPLICATION MOBILE MOBILE0001

Security in Space: Intelsat Information Assurance

Building Security In:

September 20, 2013 Senior IT Examiner Gene Lilienthal

Patching & Malicious Software Prevention CIP-007 R3 & R4

Improving Cyber Security Risk Management through Collaboration

Risk Analytics for Cyber Security

Reducing the Security Threat Window

(S2.3) Security Spotlight: How cyber criminals can steal millions in seconds and how to fight back. Johannesburg

SAP Cybersecurity Solution Brief. Objectives Solution Benefits Quick Facts

Written Testimony. Dr. Andy Ozment. Assistant Secretary for Cybersecurity and Communications. U.S. Department of Homeland Security.

Everything You Wanted to Know about DISA STIGs but were Afraid to Ask

DHS, National Cyber Security Division Overview

7 Homeland. ty Grant Program HOMELAND SECURITY GRANT PROGRAM. Fiscal Year 2008

Wasting Money on the Tools? Automating the Most Critical Security Controls. Mason Brown Director, The SANS Institute

Using LYNXeon with NetFlow to Complete Your Cyber Security Picture

CORE Security and the Payment Card Industry Data Security Standard (PCI DSS)

Cybersecurity..Is your PE Firm Ready? October 30, 2014

Cybersecurity: What CFO s Need to Know

NYS LOCAL GOVERNMENT VULNERABILITY SCANNING PROJECT September 22, 2011

FedVTE Training Catalog SPRING advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov

Click to edit Master title style

DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER

Building Blocks of a Cyber Resilience Program. Monika Josi monika.josi@safis.ch

The NIST Cybersecurity Framework (CSF) Unlocking CSF - An Educational Session

Cybersecurity Governance Update on New FFIEC Requirements

EEI Business Continuity. Threat Scenario Project (TSP) April 4, EEI Threat Scenario Project

How To Protect Water Utilities From Cyber Attack

Supplemental Tool: Executing A Critical Infrastructure Risk Management Approach

Healthcare and IT Working Together KY HFMA Spring Institute

Increase insight. Reduce risk. Feel confident.

Cybersecurity The role of Internal Audit

SCOPE. September 25, 2014, 0930 EDT

NASCIO 2015 State IT Recognition Awards

Securing Modern Substations With an Open Standard Network Security Solution. Kevin Leech Schweitzer Engineering Laboratories, Inc.

Eliminating Cybersecurity Blind Spots

Office of Emergency Communications (OEC) Mobile Applications for Public Safety (MAPS)

A Practical Approach to Threat Modeling

idata Improving Defences Against Targeted Attack

Vulnerability Management Isn t Simple (or, How to Make Your VM Program Great)

SITUATIONAL AWARENESS MITIGATE CYBERTHREATS

defense through discovery

CORE INSIGHT ENTERPRISE: CSO USE CASES FOR ENTERPRISE SECURITY TESTING AND MEASUREMENT

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management

The Future Is SECURITY THAT MAKES A DIFFERENCE. Overview of the 20 Critical Controls. Dr. Eric Cole

Cisco Advanced Services for Network Security

GUIDE TO IMPROVING INFORMATION SECURITY IDENTIFYING WEAKNESSES & STRENGTHENING SECURITY

How To Secure Cloud Computing

Hope for the best, prepare for the worst:

Things To Do After You ve Been Hacked

Working with the FBI

Transcription:

Federal GIS Conference February 9 10, 2015 Washington, DC The Cyber Supply Line: A Geospatial Approach to Cybersecurity

The Cyber Supply Line An Introductory Briefing and Demonstration Ken Stoni and Scott Cecilio, Esri Defense Sales

The Problem Detection is Difficult, Cyber isn t enough Breach Timeline http://www.verizonenterprise.com/dbir/2013/ Our Goals: Compromise: Exfiltration: Discovery: Containment: 97% <= days 72% <= days 66% >= MONTHS 63% <= days 1) Detect early 2) Detect internally 3) Respond appropriately (maintenance vs security) **70% of breaches were discovered by external parties

Cyberspace Re-Considered It s Mappable Social / Persona Layer Device Layer Logical Network Layer Physical Network Layer Geographic Layer Each device in cyberspace is owned by someone (no global commons ) Electro-mechanical devices exist in space-time and interact with physical events Geography is required to integrate and align cyberspace with other data

Cybersecurity A common sequence of questions How should we respond? Intervention Hardening Remediation Mission Impact? Source WAN Destination Technical Impact? IDS IPS IT Inventory Compromise Detection attempted? Compromise Successful?

Four Design Patterns Signature Detection Data External Cyber Environment Internal Cyber Environment Anomaly Detection Mission Assurance / Penetration Testing Mission Assurance (Cyber Supply Line) WAN

Mission Impact The Cyber Supply Line Mission Data Flow LAN Bldg Net DISA WAN Mission Data Flow AT&T LAN Campus #1 Campus #2 Verizon WAN Cyber Supply Line Bldg Net 1. Cyber Supply Line (CSL) is a consistent path through the infrastructure 2. CSL focuses resources on only the devices that are critical 3. Managing data flows is similar to traffic routing; an Esri core competency

Effect Propagation Multi-level Model of Data Flow Cyber Supply Line Maintain Data Flow Mission Assurance

Demonstration Rio 2016 Olympic Games Ken Stoni & Scott Cecilio

The Cyber Supply Line Application to the Cyber/Physical Nexus Joe Adduci, Argonne National Labs

Risk R A = f(v, T) R = Risk, A = Asset, V = Vulnerability, T = Threat Asset = Data, Device, Sub-Net, Mission Cyber Supply Line Mitigation prioritized Likelihood & Consequence (of failure)

Cyber Physical Network Risk from Cyber Supply Lines RISK: The potential for an unwanted outcome resulting from an incident, event, or occurrence, as determined by its likelihood and the associated consequences. Cyber Supply Lines define the consequences to the system missions A A A A A Threat A A A RISK Vulnerability Consequence R A = f(t, V, C) R = Risk A = Asset that is Data, Device, Sub-Net, Mission T = Threat V = Vulnerability C = Consequence

Consequences of Cyber Dependency Functional Capability, % 100% Cyber attack initiated Functional loss begins Functional loss ends Remediation starts Area represents the aggregate functional loss Steady state restored Time Functional capability loss can be either in cyber or physical function Dependent cyber infrastructure often has it own set of physically dependent infrastructure

Responding to Cyber Dependency Intervention upon detection may prevent or minimize functional loss Functional Capability, % 100% Cyber attack initiated Functional loss begins Functional loss ends Hardened system response Remediation starts Steady state restored Hardening can limit the extent of functional loss or shorten the period to starting remediation Time Attack vector specific responses can accelerate remediation The overall impact of improved detection, intervention, hardening, and improved response options is a more resilient cyber or physical system.

Tools for Assessing Dependencies

Cyber Network Dependencies Each node in the network can have a unique dependency relationship to the connected nodes Understanding these dependencies can guide intervention and response at the network level Node level detection can support network level intervention and response Physical geography of the system and dependent systems can support informed intervention and response

Network Physical Consequences from Cyber Dependencies Each node in the network can have a dependency relationships to the connected physical systems Understanding these consequences of these cyber dependencies can guide intervention and response The aggregate physical consequences of specific cyber responses can support decisions The geography of the physical systems can have their own set of cascading human and economic impacts

CYBER INTERDEPENDENCIES ARE ANALOGOUS TO PHYSICAL CONNECTIONS AND CONSEQUENCES

The Cyber Supply Line A Chief Information Security Officer s Perspective Gaye Stevens, Esri Chief Security Officer

Ken Stoni Office: 703-506-9515 x8115 Mobile: 571-318-1324 kstoni@esri.com

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information