Download A Space Mission Cybersecurity Study

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
Document related concepts

CanSat wikipedia , lookup

Transcript 
GSAW2015
A SPACE MISSION
CYBER-SECURITY
STUDY
CODE:
GMV-GSAW2015-PRE-001
DATE:
03/03/2015
VERSION: 1
GMV SOLUCIONES GLOBALES INTERNET S.A.U..
GMV-UNCLASSIFIED
The information contained within this document is considered as “GMV-Unclassified”. The receiver of this information is allowed to use and redistribute the
information, referring the source of the information; observing legal regulations in intellectual property, personal data protection and other legal requirements
when applicable.
© 2015 by GMV
Published by The Aerospace Corporation with permission.
CONTEXT
GMV SOLUCIONES GLOBALES INTERNET S.A.U..
GMV-UNCLASSIFIED
GMV-UNCLASSIFIED
The information contained within this document is considered as “GMV-Unclassified”. The receiver of this information is allowed to use and redistribute the
information, referring the source of the information; observing legal regulations in intellectual property, personal data protection and other legal requirements
when applicable.
TRENDS
Criticality of spacebased services
A SPACE MISSION CYBER-SECURITY STUDY
GMV-GSAW2015-PRE-001
03/03/2015, Version 1
Battlefield:
Cyber-space
Pg. 3
© GMV, 2015
GMV-UNCLASSIFIED
AND IN SPACE?
A SPACE MISSION CYBER-SECURITY STUDY
GMV-GSAW2015-PRE-001
03/03/2015, Version 1
Pg. 4
© GMV, 2015
GMV-UNCLASSIFIED
SUMMARISING II
BUT… IT ISN’T EASY AT ALL
A SPACE MISSION CYBER-SECURITY STUDY
GMV-GSAW2015-PRE-001
03/03/2015, Version 1

Several deeply specialised
fields converge

Very complex systems

Large infrastructures

Lots of actors

Dependencies,
interconnections,…
Pg. 5
© GMV, 2015
GMV-UNCLASSIFIED
PROPOSAL
GMV SOLUCIONES GLOBALES INTERNET S.A.U..
GMV-UNCLASSIFIED
GMV-UNCLASSIFIED
The information contained within this document is considered as “GMV-Unclassified”. The receiver of this information is allowed to use and redistribute the
information, referring the source of the information; observing legal regulations in intellectual property, personal data protection and other legal requirements
when applicable.
REQUIREMENTS
 SIMPLICITY
 FLEXIBILITY
& USABILITY: TOOL SUPPORT
AND ADAPTABILITY
 COMPLETE
 EASY
TO MAINTAIN AND EVOLVE
 INTERNAL
CROWDSOURCING
 HOMOGENIZE
 FULL
OWNERSHIP TO ESA
A SPACE MISSION CYBER-SECURITY STUDY
GMV-GSAW2015-PRE-001
03/03/2015, Version 1
Pg. 7
© GMV, 2015
GMV-UNCLASSIFIED
SOLUTION CONCEPTS
A PRIORI RISK ASSESSMENT &
TREATMENT RECOMMENDATIONS
 MODULARITY
CONCEPT:
– EXPLOIT COMMONALITIES
– ADAPT TO PARTICULARITIES
 FOR
DUMMIES
A SPACE MISSION CYBER-SECURITY STUDY
AND
GMV-GSAW2015-PRE-001
03/03/2015, Version 1
EXPERTS
Pg. 8
© GMV, 2015
GMV-UNCLASSIFIED
METHODOLOGY
GMV SOLUCIONES GLOBALES INTERNET S.A.U..
GMV-UNCLASSIFIED
GMV-UNCLASSIFIED
The information contained within this document is considered as “GMV-Unclassified”. The receiver of this information is allowed to use and redistribute the
information, referring the source of the information; observing legal regulations in intellectual property, personal data protection and other legal requirements
when applicable.
METHODOLOGY
 WE
WILL TAKE A RECOMMENDED SAFEGUARD AND
GO BACKWARDS
A SPACE MISSION CYBER-SECURITY STUDY
GMV-GSAW2015-PRE-001
03/03/2015, Version 1
Pg. 10
© GMV, 2015
GMV-UNCLASSIFIED
SAFEGUARD
“Event Logging” in phase E of a mission
 Can
be HIGH or BASIC
SAFEGUARD
MITIGATES
 Mitigates vulnerabilities:
– Directly: removing the vulnerability or the
possibility of exploiting it
– Indirectly: mitigating the consequences of the
vulnerability being exploited
 In this case:
– Untraceability of User Actions
 BUT…
it is not the only safeguard
required to mitigate the vulnerability…
A SPACE MISSION CYBER-SECURITY STUDY
GMV-GSAW2015-PRE-001
03/03/2015, Version 1
Pg. 11
© GMV, 2015
GMV-UNCLASSIFIED
n
n
VULNERABILITY
VULNERABILITY
 Is part of a risk (threat-vulnerability pair)
– It can be exploited by threats
 In our example one threat
– Unauthorized use of rights
SAFEGUARD
is:
VULNERABILITY
EXPLOITS
 Value based on
– Range
– Complexity
– Authentication
CVSS:
– Impact
GMV-GSAW2015-PRE-001
03/03/2015, Version 1
n
THREAT
and
A SPACE MISSION CYBER-SECURITY STUDY
n
Pg. 12
© GMV, 2015
GMV-UNCLASSIFIED
THREAT
 The
risk introduced by a threat is:
SAFEGUARD
– The Probability of the threat materializing,
per,
VULNERAB.
– The Impact that it would have if it
materializes
THREAT
A SPACE MISSION CYBER-SECURITY STUDY
GMV-GSAW2015-PRE-001
03/03/2015, Version 1
Pg. 13
© GMV, 2015
GMV-UNCLASSIFIED
IMPACT
PROBABILITY
HAS
THREAT - PROBABILITY
 The
probability of a threat materializing
depends on the attacker:
SAFEGUARD
VULNERAB.
– Means
MEANS
BASED
ON
A SPACE MISSION CYBER-SECURITY STUDY
GMV-GSAW2015-PRE-001
03/03/2015, Version 1
Pg. 14
© GMV, 2015
GMV-UNCLASSIFIED
IMPACT
OPPORTUNITY
– Opportunity
MOTIVATION
– Motivation
PROBABILITY
THREAT
THREAT – PROBABILITY - MEANS
 Linked
with the attacker skills and
resources
SAFEGUARD
VULNERAB.
A SPACE MISSION CYBER-SECURITY STUDY
GMV-GSAW2015-PRE-001
03/03/2015, Version 1
Pg. 15
© GMV, 2015
GMV-UNCLASSIFIED
IMPACT
OPPORTUNITY
MOTIVATION
MEANS
BASED
ON
PROBABILITY
THREAT
THREAT – PROBABILITY - MOTIVATION
 Linked
with the attacker interests and
the mission capacities
SAFEGUARD
VULNERAB.
A SPACE MISSION CYBER-SECURITY STUDY
GMV-GSAW2015-PRE-001
03/03/2015, Version 1
Pg. 16
© GMV, 2015
GMV-UNCLASSIFIED
IMPACT
OPPORTUNITY
MOTIVATION
For each mission type we have identified
groups of attackers, their motivations to
attack the mission and the means.
MEANS
BASED
ON
PROBABILITY
THREAT
THREAT – PROBABILITY - OPPORTUNITY
 Based
on the existence of
vulnerabilities which can be exploited
by the threat
SAFEGUARD
VULNERAB.
A SPACE MISSION CYBER-SECURITY STUDY
GMV-GSAW2015-PRE-001
03/03/2015, Version 1
Pg. 17
© GMV, 2015
GMV-UNCLASSIFIED
IMPACT
OPPORTUNITY
MOTIVATION
MEANS
BASED
ON
PROBABILITY
THREAT
– Takes the MAX of all exploitable opportunities
THREAT – IMPACT
 Combines:
The threat potential damage
VULNERAB.
with
–
The degradation allowed by the vulnerability
(TOTAL, PARTIAL, NONE)
A SPACE MISSION CYBER-SECURITY STUDY
GMV-GSAW2015-PRE-001
03/03/2015, Version 1
Pg. 18
© GMV, 2015
GMV-UNCLASSIFIED
VULN.
DEGRADATION
– Calculated based on impact table
BASED ON
THREAT
POTENTIAL
MEANS
– Considers the value of each security
dimension for the mission
IMPACT
PROB
damage:
MOTIVATION
 Potential
THREAT
OPPORTUNITY
–
SAFEGUARD
THREAT – IMPACT
A SPACE MISSION CYBER-SECURITY STUDY
GMV-GSAW2015-PRE-001
03/03/2015, Version 1
Pg. 19
© GMV, 2015
GMV-UNCLASSIFIED
RECAPITULATING
 Launcher missions:
– Potentially interesting for different attackers for several
reasons
– Some of them might be motivated and have the means
to, among many others, execute an “unauthorised use of
rights”
– This threat can exploit “untraceability of user actions”.
– This has a probability which is a combination of
Means/Motivation/Opportunity
– The Impact which depends on the potential damage and
the degradation allowed by the vulnerability for each
dimension.
– The Risk is Threat x Vulnerability
– To reduce that risk we can apply several safeguards
among which “Event Logging”
A SPACE MISSION CYBER-SECURITY STUDY
GMV-GSAW2015-PRE-001
03/03/2015, Version 1
Pg. 20
© GMV, 2015
GMV-UNCLASSIFIED
RESULTS
GMV SOLUCIONES GLOBALES INTERNET S.A.U..
GMV-UNCLASSIFIED
GMV-UNCLASSIFIED
The information contained within this document is considered as “GMV-Unclassified”. The receiver of this information is allowed to use and redistribute the
information, referring the source of the information; observing legal regulations in intellectual property, personal data protection and other legal requirements
when applicable.
VIDEO SUMMARY
STUDY ON THE CYBER-SECURITY RISKS OF
SPACE MISSIONS AND ASSOCIATED
MITIGATION MEASURES
GMV-CYBERRISKS-ORE-001
29/01/2015 Version 1
Pag. 22
© GMV, 2015
GMV-CONFIDENTIAL
Thank You
Ricardo Marín
Senior Security Consultant
Email: [email protected]
www.gmv.com
GMV SOLUCIONES GLOBALES INTERNET S.A.U..
GMV-UNCLASSIFIED
The information contained within this document is considered as “GMV-Unclassified”. The receiver of this information is allowed to use and redistribute the
information, referring the source of the information; observing legal regulations in intellectual property, personal data protection and other legal requirements
when applicable.
Related documents
Template for communication audit - Future Research Leaders Program
Template for communication audit - Future Research Leaders Program
A. Explain the nature of marketing plans. B. Explain the role
A. Explain the nature of marketing plans. B. Explain the role
Group Medical Visits
Group Medical Visits
A Global Disease Needs a Global Response
A Global Disease Needs a Global Response
A. Explain the nature of marketing plans. B. Explain the role of
A. Explain the nature of marketing plans. B. Explain the role of
Testimony - American Security Project
Testimony - American Security Project
Network Security Chapter 14
Network Security Chapter 14
Review Questions
Review Questions
LS 1A Presentation Slides
LS 1A Presentation Slides
Overview of Database Security
Overview of Database Security