Federal GIS Conference February 9 10, 2015 Washington, DC The Cyber Supply Line: A Geospatial Approach to Cybersecurity
The Cyber Supply Line An Introductory Briefing and Demonstration Ken Stoni and Scott Cecilio, Esri Defense Sales
The Problem Detection is Difficult, Cyber isn t enough Breach Timeline http://www.verizonenterprise.com/dbir/2013/ Our Goals: Compromise: Exfiltration: Discovery: Containment: 97% <= days 72% <= days 66% >= MONTHS 63% <= days 1) Detect early 2) Detect internally 3) Respond appropriately (maintenance vs security) **70% of breaches were discovered by external parties
Cyberspace Re-Considered It s Mappable Social / Persona Layer Device Layer Logical Network Layer Physical Network Layer Geographic Layer Each device in cyberspace is owned by someone (no global commons ) Electro-mechanical devices exist in space-time and interact with physical events Geography is required to integrate and align cyberspace with other data
Cybersecurity A common sequence of questions How should we respond? Intervention Hardening Remediation Mission Impact? Source WAN Destination Technical Impact? IDS IPS IT Inventory Compromise Detection attempted? Compromise Successful?
Four Design Patterns Signature Detection Data External Cyber Environment Internal Cyber Environment Anomaly Detection Mission Assurance / Penetration Testing Mission Assurance (Cyber Supply Line) WAN
Mission Impact The Cyber Supply Line Mission Data Flow LAN Bldg Net DISA WAN Mission Data Flow AT&T LAN Campus #1 Campus #2 Verizon WAN Cyber Supply Line Bldg Net 1. Cyber Supply Line (CSL) is a consistent path through the infrastructure 2. CSL focuses resources on only the devices that are critical 3. Managing data flows is similar to traffic routing; an Esri core competency
Effect Propagation Multi-level Model of Data Flow Cyber Supply Line Maintain Data Flow Mission Assurance
Demonstration Rio 2016 Olympic Games Ken Stoni & Scott Cecilio
The Cyber Supply Line Application to the Cyber/Physical Nexus Joe Adduci, Argonne National Labs
Risk R A = f(v, T) R = Risk, A = Asset, V = Vulnerability, T = Threat Asset = Data, Device, Sub-Net, Mission Cyber Supply Line Mitigation prioritized Likelihood & Consequence (of failure)
Cyber Physical Network Risk from Cyber Supply Lines RISK: The potential for an unwanted outcome resulting from an incident, event, or occurrence, as determined by its likelihood and the associated consequences. Cyber Supply Lines define the consequences to the system missions A A A A A Threat A A A RISK Vulnerability Consequence R A = f(t, V, C) R = Risk A = Asset that is Data, Device, Sub-Net, Mission T = Threat V = Vulnerability C = Consequence
Consequences of Cyber Dependency Functional Capability, % 100% Cyber attack initiated Functional loss begins Functional loss ends Remediation starts Area represents the aggregate functional loss Steady state restored Time Functional capability loss can be either in cyber or physical function Dependent cyber infrastructure often has it own set of physically dependent infrastructure
Responding to Cyber Dependency Intervention upon detection may prevent or minimize functional loss Functional Capability, % 100% Cyber attack initiated Functional loss begins Functional loss ends Hardened system response Remediation starts Steady state restored Hardening can limit the extent of functional loss or shorten the period to starting remediation Time Attack vector specific responses can accelerate remediation The overall impact of improved detection, intervention, hardening, and improved response options is a more resilient cyber or physical system.
Tools for Assessing Dependencies
Cyber Network Dependencies Each node in the network can have a unique dependency relationship to the connected nodes Understanding these dependencies can guide intervention and response at the network level Node level detection can support network level intervention and response Physical geography of the system and dependent systems can support informed intervention and response
Network Physical Consequences from Cyber Dependencies Each node in the network can have a dependency relationships to the connected physical systems Understanding these consequences of these cyber dependencies can guide intervention and response The aggregate physical consequences of specific cyber responses can support decisions The geography of the physical systems can have their own set of cascading human and economic impacts
CYBER INTERDEPENDENCIES ARE ANALOGOUS TO PHYSICAL CONNECTIONS AND CONSEQUENCES
The Cyber Supply Line A Chief Information Security Officer s Perspective Gaye Stevens, Esri Chief Security Officer
Ken Stoni Office: 703-506-9515 x8115 Mobile: 571-318-1324 kstoni@esri.com