Applying System Thinking Concepts in Cyber Security Architectural Design of Enterprise Network Systems

MIT SDM Systems Thinking Webinar Series Applying System Thinking Concepts in Cyber Security Architectural Design of Enterprise Network Systems By Charles Iheagwara, Ph.D, SDM 10

Outline The traditional enterprise network system Extension of the traditional enterprise network system Cloud network extension Wireless network extension Security Implications/Challenges of the New Enterprise Network and Perimeter Current Cyber security practice A new System Thinking approach Summary

The Traditional Enterprise Network System and Perimeter

Perimeter Connections Overview Business Partner Main Office LAN LAN Internet Traditional Network perimeters include connections to: Branch Office The Internet Branch offices Business partners Remote users Wireless networks Internet applications Remote User LAN

Complex Heterogeneous Infrastructures The traditional network system is complex enough for the Cyber Security Architect Dozens of systems and applications Directory and Security Services Existing Applications and Data Business Data DNS Server Web Server Data Web Server Application Server Thousands of tuning parameters Data Hundreds of components BPs and External Services Storage Area Network Source: Sridhar Lyer, Indian Institute of Technology, Bombay

Extension of the Traditional Network System and Perimeter: the wireless network

Perimeter Connections with Wireless Wireless Network Business Partner Wireless Network Main Office Wireless Network LAN LAN New Network perimeters include connections to: The Internet Branch offices Business partners Remote users Wireless networks Internet applications Wireless Internet Wireless Network Remote User Branch Office Wireless Network LAN

Key Trends: mobile is big opportunity 1 91% 5 Trends with significant implications for the enterprise Mobile is primary of mobile users keep their device within arm s reach 100% of the time Source: China Mobile 50k survey ; Morgan Stanley Research; 2011 2 3 Insights from mobile data provide new opportunities 75% of mobile shoppers take action after receiving a location based messages Source: JiWire Mobile Audience Insights Report Q42011 Mobile is about transacting 96% year to year increase in mobile cyber Monday sales between 2012 and 2011 Source: IBM Coremetrics Retail Data as published in 11/24/12 IBM Press Release 4 5 Mobile must create a continuous brand experience 90% of users use multiple screens as channels come together to create integrated experiences Mobile enables the Internet of Things Source: Time, Inc. 2012 Global Machine-to-machine connections will increase from 2 billion in 2011 to 18 billion at the end of 2022 Source: GSMA, Machina Research

A Diverse Mobile World Mobile devices are shared more often Mobile devices have multiple personas Mobile devices are diverse. Mobile devices are used in more locations Mobile devices prioritize the user Personal phones and tablets shared with family Enterprise tablet shared with coworkers Social norms of mobile apps vs. file systems Work tool Entertainment device Personal organization Security profile per persona? OS immaturity for enterprise mgmt BYOD dictates multiple OSs Vendor / carrier control dictates multiple OS versions A single location could offer public, private, and cell connections Anywhere, anytime Increasing reliance on enterprise WiFi Conflicts with user experience not tolerated OS architecture puts the user in control Difficult to enforce policy, app lists

Barriers: security is the leading barrier to mobile adoption in the enterprise Drivers for Adopting Mobile Barriers to Adopting Mobile Base: Those who deployed/piloted/plan to adopt mobile, excluding don t know (n=1117) Base: Those who deployed/piloted/plan to adopt mobile, excluding don t know (n=1115) 10 Source: 2012 Tech Trends Report (Weighted by GMV IBM Proprietary) IBM Market Insights

Extension of the Traditional Network System and Perimeter : the cloud network

Perimeter Connections with Wireless and Cloud Cloud Network Wireless Network Business Partner Wireless Network Main Office Wireless Network LAN LAN New Network perimeters include connections to: The Internet Branch offices Business partners Remote users Wireless networks Internet applications Wireless Cloud Internet Wireless Network Remote User Branch Office Wireless Network LAN

The NIST Cloud Definition Framework Hybrid Clouds Deployment Models Private Cloud Community Cloud Public Cloud Service Models Software as a Service (SaaS) Platform as a Service (PaaS) Infrastructure as a Service (IaaS) Essential Characteristics On Demand Self-Service Broad Network Access Rapid Elasticity Resource Pooling Measured Service Common Characteristics Massive Scale Resilient Computing Homogeneity Geographic Distribution Virtualization Service Orientation Low Cost Software Advanced Security Based upon original chart created by Alex Dowbor - http://ornot.wordpress.com 13

Security Implications/Challenges of the New Enterprise Network and Perimeter

Mobile Presents Management and Security Challenges 1 in 20 Mobile devices stolen in 2010 155% by which mobile malware increased 2011 70% of Mobile device spam is fraudulent financial services 77% growth in Google Android malware from Jun 2010 to Jan 2011 350% by which WiFi hotspots are set to increase by 2015, providing more opportunities for man-in-the middle attacks 10 Billion Android app downloads reached by the end of 2011 over 90% of the top 100 have been hacked Source: Evans Data Mobile Developer Survey Mobile Development Report 2012 Volume Source: Business Insider (September 2012)

Mobile Security Challenges Faced By Enterprises Achieving Data Separation & Providing Data Protection Personal vs corporate Data leakage into and out of the enterprise Partial wipe vs. device wipe vs legally defensible wipe Data policies Adapting to the Bring Your Own Device (BYOD)/Consumerizationof IT Trend Providing secure access to enterprise applications & data Developing Secure Applications Multiple device platforms and variants Multiple providers Managed devices (B2E) Unmanaged devices (B2B,B2E, B2C) Endpoint policies Threat protection Identity of user and devices Authentication, Authorization and Federation User policies Secure Connectivity Application life-cycle Static & Dynamic analysis Call and data flow analysis Application policies I n t e r r e l a t e d Designing & Instituting an Adaptive Security Posture Policy Management: Location, Geo, Roles, Response, Time policies Security Intelligence Reporting

Threats: Vectors and Agents Have Multiplied New Threat Vectors and Agents have emerged from both the wireless and cloud domains adding complexity to security architecture Studies provide a glimpse of where these threats and attacks are mostly prevalent

Mapping of Cyber Attacks to Their Sources of Origin on the Internet Layered Architecture Mapping of Cyber Attacks to Their Sources of Origin on the Internet Layered Architecture from Source: Iheagwara, C. 2010, Cyber Attacks Internet Architecture Mapping, S.M. Thesis, MIT, 2010.

Security: Threat Evolution Global Impact Scope of Damage Regional Networks Multiple Networks Individual Networks Individual Computer 1 st Gen Boot Viruses 2nd Gen Macro Viruses, Trojans, Email, Single Server DoS, Limited Targeted Hacking 3rd Gen Multi-Server DoS, DDoS, Blended Threat (Worm+ Virus+ Trojan), Turbo Worms, Widespread System Hacking 4th Gen Botnets Phishing Spam Infrastructure Hacking, Flash Threats, Massive Worm Driven DDoS, Negative payload Viruses, Worms and Trojans Next Gen + ++ +++ Botnets Phishing Spam Infrastructure Hacking, Flash Threats, Massive Worm Driven DDoS, Negative payload Viruses, Worms and Trojans 1980 s 1990 s Today Future Sophistication of Threats 19

The Expanding Cyber Threat Agents Threat Agents Well-known in the last twenty years Recent additions Bot-network operators Criminal groups Foreign intelligence services Hackers Insiders Phishers Spammers Malware authors Terrorists x x x x x x x x x

The Extended Perimeter Implies that the Meaning of Network Defense has Changed 1st Generation (Prevent Intrusions) 80s Intrusions will Occur 2nd Generation (Detect Intrusions, Limit Damage) 90s Some Attacks will Succeed 3rd Generation (Operate Through Attacks) 00s 4 th th Generation in 10s (E.g.,prediction of vulnerabilities, cross-enterprise negotiation before attacks, real-time reverse engineering of attacks and malware, planning methods to deal with expected attacks, automatic patch synthesis and distribution) Intel Will Direct Defenses

The New (Extended) Enterprise Network: the big picture A well demarcated enterprise network security border (perimeter) is not fixed This requires adopting a different approach in Cyber security design Applications and their clusters characterize the new architecture of wireless and cloud extensions How cloud services are provided are confused with where they are provided Many contend that cloud computing implies loss of control How do we trust our data transmission to the cloud and it s storage?

Current Cyber Security Architecture Framework Falls Short... The current design is playing catch-up new products are reactive to known threats, hot fixes characterize vulnerability management, scan work is based on known attack signatures, there is a gap between preventive technology and good matching products e.g. anomaly IPS/IDS Current security designs still follow the old Resist Approach ways Resist approach is not effective Not amenable to COTS & legacy systems Does not work for insider threat and Life Cycle Attacks Systems thinking is not evident A systems think- a holistic - approach that encapsulates new realities is the way to go

Imposition of New Requirements With the specifications of wireless and cloud networking comes new set of security requirements Example: 1. Air-centric requirements (wireless intrusion prevention, wireless scans as always part of the vulnerability management) 2. Back bone centric requirements 3. Privacy and control requirements

Some Security Principles and Models Out there

The Current Practice is Centered Around: Defense in Depth Principle Using a layered approach: Increases an attacker s risk of detection Reduces an attacker s chance of success While still relevant current practices falls short of realities in today s scheme of events Data Application Host Internal Network Perimeter Physical Security Policies, Procedures, & Awareness ACL, encryption Application hardening, antivirus OS hardening, update management, authentication, HIDS Network segments, IPSec, NIDS Firewalls, VPN quarantine Guards, locks, tracking devices User education

27

A Holistic System Thinking Approach to Cyber Security Architecture:

System Thinking Concepts Imply: Secure systems cannot be composed from insecure components Secure systems to be composed from secure components Metrics: Systems should be ordered with respect to their security or privacy Formal verification of entire systems (hosts, networks) and their defenses with respect to realistic security objectives and threats

Systems Thinking Holistic Security Approach Sound design principles: Modularization of Cyber security design Visualization Phishing-resistant architecture Distributed and decentralized access control Anti- Worm propagation and mitigation architecture Re-engineered Trusted Computing (Reputation systems) Improved network infrastructure protocols Selective traceability and privacy

Systems Thinking Holistic Security Approach Cont. Sound design principles: Botnet and overlay network security and detectability Anonymity in routing and applications Identification of attacks amenable to different computing and network environments In-built tolerance mechanisms to stay ahead of attackers Functionality, performance and security must be traded off in real time Attack Identification architecture Tolerance mechanisms to stay ahead of attackers Security should cannot be compromised as a result of trade-offs in functionality and performance in real-time

Example: IBM Visualizing Mobile Security WiFi Internet Mobile apps Web sites Develop, test and deliver safe applications Secure endpoint device and data Telecom Provider Achieve Visibility and Enable Adaptive Security Posture Security Gateway Corporate Intranet & Systems Secure access to enterprise applications and data

Example: IBM Modularization Device Management and Security How do I handle BYOD and ensure compliance for new devices? Multiple device platforms and variants Managed devices (B2E) Data separation and protection Threat protection Network and Data Management and Security How do I protect the corporation from data leakage and intrusions? Identity management and mobile entitlements Policy management and enforcement Secure connectivity Security intelligence and reporting Application Management and Security How do I secure, control and service applications? Application lifecycle and performance Vulnerability and penetration testing Policy management: location, geo, roles, response, time policies Source: GSMA, Machina Research

Summary The traditional enterprise network system and perimeter has been subsumed into a new enterprise network system and perimeter that extends networking to wireless and cloud domains with very distinct requirements for Cyber security architecture The extension of this new network system and perimeter presents new Threat Vectors and Agents that will not be contained, eliminated or prevented by the current Cyber security practice The current practice relies on a catch-up and defensive approach design mentality which is inherently inadequate A a holistic System Thinking approach to stay ahead of the threat vectors and agents in the still evolving new enterprise network systems is the way to go.

Contact Information For more information on this presentation, please contact me by: Writing to: Charles Iheagwara, PhD Director of Cyber Security Practice Unatek, Inc. 10411 Motor City Drive, Suite 750 Bethesda, MD 20817 Emailing: charlesi@alum.mit.edu