Upload
informa-australia
View
155
Download
0
Tags:
Embed Size (px)
Citation preview
CLASSIFICATION
Research and Development Directions for Cyber Resilience
ADM Cyber Security Summit 16-17 June 2015
Dr Mike Davies
Research Leader, Cyber Assurance and Operations
Introduction
Definition of Resilience Ability to recover from some shock, disturbance or failure? More so: “the ability… to provide and maintain an acceptable level of
service [capability/functionality] in the face of various faults and challengesto normal operation”
Drawn from http://simple.wikipedia.org/wiki/Resilience
Mission assurance / business continuity…
economic prosperity…
societal wellbeing…
Untrustworthy ICT from supply chain insecurity
Sophisticated attackers
Hostile operating environments
‘Insider’ shortcomings…
Goal: Mitigate the threat and reduce risks to a tolerable level
3
So how are we going so far?Defenders are losing (or at best playing catch-up), attackers are winning (or at least calling the shots)*
… presenting strategic concerns…
Increasing national dependence on ICT: cyber-physical systems pervade
Lag in cyber security, increasing the vulnerability of government, industry and society
Australia’s National Security strategy of 2013 highlights “sophisticated capabilities to maximise Australia’s strategic capacity and reach in cyberspace…” as a matter of national security
The 2013 Defence White Paper highlights the critical dependency that modern military capabilities have on information systems
PM&C 2015 Cyber Security Review
…
Goal: Mitigate the threat and reduce risks to a tolerable level
*Eg M-Trends 2015: A View from the Front Lines; Mandiant 2015 and Telstra Cyber Security Report 2014
Science and Technology
It is of strategic importance that:– Research and development is undertaken into advanced approaches to
cyber security spanning the full system life cycle (design, build, operate…)
– R&D is aligned with current and projected operational challenges
– In-government R&D is strongly differentiated from that of academia and industry and maximises its in-government position
5
DSTO’s Cyber Science and Technology Strategy
Cyber 2020 Vision: DSTO Cyber Science and Technology Plan; 2014
The role of DSTO CAO cyber security R&D
EXISTING COUNTERMEASURES
Mainstream Threats
Advanced
Threats
Have impact…R&D
EXISTING COUNTERMEASURES
Mainstream Threats
Advanced
Threats
NEW COUNTERMEASURES
R&D
BEFORE this!!
R&D
Sit above mainstream…
Raise the bar…
Mainstream Threats
Advanced
Threats
NEW COUNTERMEASURES
EXISTING COUNTERMEASURES
Modus Operandi in DSTO CAO Cyber Security S&T
We develop techniques to discover and counter their presence
We develop tools and techniques to discover vulnerabilities and fix predispositions
We pursue autonomous cyber security solutions
and repeat BEFORE this!!
We demonstrate robust risk-based pervasive securitypolicy and architectures
We develop and use advanced cryptologic techniques
We develop solutions for resilient and trustworthy ICT
We forecast and prototype advanced forms of adversarial software and hardware.
We demonstrate their likely appearance and effect
We focus above mainstream
We have impact and raise the bar…
Gain tactical to strategic resilience through achieving and sustaining this state
Goal: Mitigate the threat and reduce risks to a tolerable level
Definition of Resilience Ability to recover from some shock, disturbance or failure? More so: “the ability… to provide and maintain an acceptable level of service
[capability/functionality] in the face of various faults and challenges to normal operation”
Drawn from http://simple.wikipedia.org/wiki/Resilience
– Resilient cyber systems Where ‘normal operation’ means operating in the presence of
untrustworthy information and communications technology (ICT)
– Resilient military missions Where maintaining ‘an acceptable level of’ mission assurance
requires systemic cyber protection strategies and actions
DSTO R&D and Cyber Resilience: 2 examples
Threat: Hardware Trojans
Intentional modification of COTS electronic circuitry
– Penetration into our networks
– Undetectable by current methods
– Triggered at will by adversary
– Compromise operation and security of infected electronics systems
– Scale effects, e.g., broad spectrum network degradation across all government networks
– Can also re-enable already protected software threats
Threat illustrations
State-sponsored (US Embassy Moscow, 1976 –1984)
– Implant characterised data and transmitted to a local listening post
– Undetected for 8 years; many man weeks and thousands of X-Rays to find, despite tip-off
Organised crime (UK 2008)
– ATM machines opened, tampered with and perfectly resealed
– Electronics operated as normal, but also remotely captured and forwarded credit card details
– Only fortuitously discovered. America's counterintelligence chief said: "Previously only a nation state's intelligence service would have been capable of pulling off this type of operation. It's scary”.
DSTO S&T Approach
Challenge 3 assumptions concerning ICT supply chain security
– Only state-sponsored actors would have the capability
– Trojans are “always on”
– Trojans are physically detectable
Develop deep understanding of issues
– Prototype future threats and demonstrate concepts
Develop complementary countermeasures
Case Study:Network Buffer Chip
Scenario: A Nation-State with large marketpenetration modifies Ethernetnetwork cards at manufacture.
Trigger: Trojan activated by network packet activity.
Effect: Variable degradation of network performance.
Case Study:Network Buffer Chip – Prototype Exemplar
Target: Gigabit Ethernet PCI-Express network card.
Simple 8-bit MCU Hardware Trojan emulation.
Trigger attached to network activity LED:
Network Activity
Rx/Tx LED Light
Trojan Trigger Packets
6 7 8Trigger Sequence
Countermeasures
Approach
Operate safely in the presence of unknown Hardware Trojans
Combine COTS with a small amount of trustworthy hardware and logic (a trustworthy computing base (TCB))
Tradeoff between performance, size, complexity and security
Combine with smarter architectural choices
Countermeasures: the Digital Video Guard
Internet
Winner of South Australian
ICT Innovation Award 2014
DVG-enabled tablet
ENCLAVE COMPUTERS
TRUSTWORTHY COMPUTING
BASE
MLS Word support
100s of millions loc
MLS Application
Trusted OS
ComplexityTrust
Requirement
~50 thousand loc
~7 thousand loc
10 thousand loc
Medium Complexity
Circuit
Components with
billions of transistors
Untrusted
Untrusted
Trusted & Trustworthy
Trusted & Trustworthy
Trusted & Trustworthy
Trusted but Not
Trustworthy!
TCB Circuit
TCB Components - Chips
Subject of DSTO/NICTA collaboration
Countermeasures: Architectural Approach
Countermeasures: Trusted logicFragmented and Replicated Computation with Trusted Verification
Fragment processes and data
Assign to multiple homogenous or heterogeneous untrustworthy processors
No one processor has full ‘visibility’ of any process
Trusted voting function tailored to threats to Integrity, Availability and/or Confidentiality
SAFER PATH
23
• Cyberspace is emerging as an operational environment in its own right - ubiquitous and critical
• Existing operational concepts and doctrine are enduringly valid at a fundamental level
• Challenges face the realisation of certain technological capabilities, and analytical and decision making tradecraft
• Decision makers must determine the best course of action which achieves mission continuity in an information dense, highly dynamic and evolving environment. – Applying the appropriate context is key
– Automated analytical and decision support is critical
Military Missions within/through Cyberspace
http://www.federaltimes.co
m/article/20140922/CYBER
/309220008/IT-security-
shifts-from-prevention-
resiliency
System
Mission
Networks
Pictures
Equipment
People
Mission Assurance ‘Fight Through’
Mission D5 Effects
DevicesPictures
SystemicProtection
Systemic Effects
Computer Network Operations,Electronic Warfare
CND, EP IPSec, Encryption
Firewall, IDS, Anti-Virus
SOPS, Training, User Education, OPSEC
Malware, Trojan, Worm, Jamming.
Social Engineering, HUMINT, User Error
C2; workflow; business processes; logistics…
26
• Focuses on key concepts in context:
• Conducting R&D in concepts, tools and techniques for automated:
– Cyber domain and mission modelling/mapping
– Process Discovery: Business processes, SOPS, C2, social processes
– Behavior Patterns: MO, usage, frequency, duration, attribution
– Critical Dependencies: People, information, technologies, processes
– Vulnerability discovery: red-teaming
– Cyber analytics and decision support
System
InformationTechnologies
Processes People
Capability
MissionDSTO S&T Approach
Conclusion
Lack of cyber resilience has tactical through to strategic consequences
R&D of the science and technology needed is a strategic issue
DSTO is maximising its in-government position aided by partnerships with academia and industry
Resilient cyber systems will be those that can operate in the presence of untrustworthy ICT
Resilient military missions will be those that employ systemic cyber protection strategies and actions