Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Information security wikipedia , lookup
Mobile security wikipedia , lookup
Computer and network surveillance wikipedia , lookup
Unix security wikipedia , lookup
Security-focused operating system wikipedia , lookup
Cybercrime countermeasures wikipedia , lookup
Cyberterrorism wikipedia , lookup
Cyber-security regulation wikipedia , lookup
Computer security wikipedia , lookup
Between The Sword and Shield: The Role of the Network Operations & Security Center David Garfield Managing Director Electronics Systems Group Detica – A BAE Systems Company John Osterholz Vice President Cyber Warfare and Cybersecurity BAE Systems Information Solutions Export Approval Number: IS-ES-072109-175 Cybersecurity … Cyber Defense … Critical Infrastructure Data Privacy and Sharing Dot com Dot gov Dot mil Dot edu Dot “pick your noun” DWDM technology Voice Over IP (VOIP) Anything Over IP (AOIP) Services Oriented Architecture (SOA) Personal Back Office Convergence Social Media Entertainment Gaming Peer to Peer (P2P) Jeez, this is really getting complicated Nation States Organized Crime Terrorists Just about anyone We Love a Hard Problem Export Approval Number: IS-ES-072109-175 BAE SYSTEMS EI&S Operating Group April 2009 An Evolving Threat - Post Millennium “CEOs who think cybercrime is just the business of CIOs are like Enron’s shrugging off the companies books as something for the accounting department.” Net Present Impact in operational terms • In just six months in 2007: • Requirements for system “cleanings” increased 200 percent • Trojan malware downloads and drops increased 300 percent Characteristic of exploitive attacks since 2004 • “Over the past few years, the focus of endpoint exploitation has dramatically shifted from operating system to the Web browser * Ref: IBM Internet Security and multimedia applications.”* Systems X-Force 2008 MidYear Trend Statistics Export Approval Number: IS-ES-072109-175 BAE SYSTEMS EI&S Operating Group April 2009 The Growing Role of the Insider Threat “Daddy, something’s wrong with your Blackberry …” Export Approval Number: IS-ES-072109-175 BAE SYSTEMS EI&S Operating Group April 2009 Total Warfare Then and Now: The Lesson of Two Georgias Georgia I “I Will Make Georgia Howl” “… it is useless for us to occupy it; but the utter destruction of its roads, houses, and people, will cripple their military Georgia II resources..” The Next Dimension GEN W.T. Sherman 1864 “… Russian tanks rolled into the country's territory, in what experts said Wednesday was an ominous sign that cyberattacks might foreshadow future armed conflicts.” Moscow Times 2008 Export Approval Number: IS-ES-072109-175 "In the very near future, many conflicts will not take place just on the open field of battle, but rather in spaces on the Internet, fought with the aid of information soldiers” Nikolai Kuryanovich, former member of the Russian Duma BAE SYSTEMS EI&S Operating Group April 2009 Cybersecurity and Cyber Defense – Its no longer just about Comms and Networks Application & Data Intensive Environments Cognitive Heuristics – Time Constrained Reasoning Limitations of a Communications and Network Technology Mindset Export Approval Number: IS-ES-072109-175 BAE SYSTEMS EI&S Operating Group April 2009 The US and UK Alignment is Significant and Growing NATO UNCLASSIFIED Cyber Defence Efforts in NATO – What’ What’s Next • New Strategic Concept: Delineate cyber defence roles of NATO and Nations • Expand NATO’s cyber defence capability • Implement cyber events into military exercises • Coordinate & implement national best practices through the cyber defence Centre of excellence • Field a Command & Control reference capability – Stress / attack the NATO reference system for vulnerabilities NATO UNCLASSIFIED The Strategy highlights the need for Government, business, international partners and the public to work together to meet our strategic objectives of reducing risk and exploiting opportunities …” Cyber Security Strategy of the United Kingdom (2009) 5 “The Nation also needs a strategy for cybersecurity designed to shape the international environment and bring like-minded nations together …” U.S. Cyberspace Policy Review (2009) Successfully managing our information resources against Advanced and Persistent Threats will require an organizational integration of network and security disciplines Export Approval Number: IS-ES-072109-175 BAE SYSTEMS EI&S Operating Group April 2009 An Overarching Organizational Model Cyber technical research Threat coordination Threat monitoring and analysis • The ICT infrastructure Threat response ICT infrastructure Business systems and processes Information Risk Management and Information Assurance Policies The Internet Data collection • The business systems and processes for which cyber space is used Behaviour, responsibility and training • Dedicated threat detection together with associated responses • A strong coordination layer providing situational awareness as well as alignment with activities outside the cyber domain The Network Operations and Security Center (NOSC) represents a key operational instantiation of this model Export Approval Number: IS-ES-072109-175 BAE SYSTEMS EI&S Operating Group April 2009 Enter the Network Operations & Security Center (NOSC) Network Operations Center Legacy CONOPS Security Operations Center New CONOPS Network Operations and Security Center Dynamic Situational Awareness Degraded Operations Cyber Defense Information Sharing NATO-ACT ID ’08 Brussels, Belgium Export Approval Number: IS-ES-072109-175 BAE SYSTEMS EI&S Operating Group April 2009 Key Functionality of the Leading Edge NOSC Moving from Cyber Forensics to Run Time Cyber Operations All Source Information Critical Cyberspace Domains • .mil • .gov • DIB partners • .nato.int • etc. Advanced & Persistent Threats Intelligence Analysis Reporting Visualization Digital Cyber Processing Collection Environment Environments Data - Knowledge Fusion OP - Intel Collaboration Network Operations Management Visualization Cross Domain Info Sharing • Dynamic Situational Awareness • Degraded Operations • Cyber Defense Information Sharing Mission User Users Leading Edge NOSC Focus Test, Training & Exercise (TT&E) Export Approval Number: IS-ES-072109-175 BAE SYSTEMS EI&S Operating Group April 2009 High Level Cyber Architecture Implications of a NOSC 1 All Source Information Critical Cyberspace Domains • .mil • .gov • DIB partners • .nato.int • etc. Advanced & Persistent Threats 5 Intelligence Analysis Reporting Visualization Digital Cyber Processing Collection Environment Environments 1 2 • All Source Scope • Autonomic Assist • Forensic & Run Time • Cognitive Visualization 3 • Data to Knowledge • Inherently Cross-Domain • Federated Operational Trust 4 • Cognitive Visualization • Course of Action Agile • Inherently Cross-Domain • Federated Operational Trust 5 • Salient Environment • Flexible and Extensible • Embedded Capability 2 3 Data - Knowledge Fusion OP - Intel Collaboration Network Operations Management Visualization Cross Domain Info Sharing 4 Mission User Users • Operate at Net Speed • Multiple Phenomenology • Analyst Agile Test, Training & Exercise (TT&E) Export Approval Number: IS-ES-072109-175 BAE SYSTEMS EI&S Operating Group April 2009 The New Frontier Mission Innovative applications of information technology capabilities, solutions and services needed to adapt, assure and sustain mission operations while under attack Export Approval Number: IS-ES-072109-175 BAE SYSTEMS EI&S Operating Group April 2009