Embed Size (px)
DESCRIPTION
Approach to Secure IP Platforms. Clarence Pape March 12, 2011. Challenge. Aircraft Platforms are incredibly complex Systems and networks degrade in quality and security over time Controlled point testing does not replicate real-world scenarios No room/budget for carrying emergency SMEs - PowerPoint PPT Presentation
Citation preview
Approach to Secure IP Platforms
Clarence PapeMarch 12, 2011
Challenge• Aircraft Platforms are incredibly complex• Systems and networks degrade in quality and security over time • Controlled point testing does not replicate real-world scenarios• No room/budget for carrying emergency SMEs• Shift in systems and networks to IP-based = changes in quality + security?
• Agile test system that is configurable to meet high demands• Modular software approach to reduce weight and increase capabilities• Leverage expert COTS tools with mission-focused workflows• Generate actionable data in real time• Collect detailed data for SME trend analysis
Solution
Stuxnet WormIranian Nuclear Attack
• Infected over 45,000 machines• Waited for the right conditions• Targeted highly specific electronically controlled
systems– IP Addresses in Iran– Presence of key technologies that indicate the system
is installed in a vulnerable power plant• Forces the industrial process to self-destruct
Overview of the Solution
• ID Optimize– Advanced Policy Engine– Leverages the power of COTS tools– Provides a customized interface that can be designed
to represent the exact data necessary– Detailed logs are created for analysis and policy
updates
The power of enterprise-class tools, without the cost of SMEs.
ID Optimize -> DISA Air Mobility Test Suite
• ID Optimize is a COTS tool developed by ID• DISA saw the potential
– Custom workflows based on agency and mission– Ability to be run by non-IT professionals– Ability to provide simple summaries for users and
after-action reports– Ability to return highly granular data for trend analysis
What is IDOptimizeA flexible development framework that combines multiple COTS products
for easy to use, integrated testing and reporting
•Flexible – Integrate with COTS, GOTS or custom built systems
•Modules designed for specific purposes = low training + high success rate
•Modules shared across different platforms•Automation • - Reduces human error • - Increases productivity• - Run more tests and test often• - Compare results with previous test runs and platform baselines quickly•Systematic testing leads to predictable and repeatable results
ANALOG MODULE
Communications Terminal with standard
handset cable
Handset/test switch
Laptop Running the DISA Air Mobility Test
Suite
USB connection
Handset jackConnects to
Communications Terminal
TestingHandset jack
Target Test Network connection via Analog or ISDN
Testing Push to Talk
Handset
Comm Testing• Comm Test Module• Collect subjective data and objective meta-data variables about tone quality and
encryption success for end to end network segment mapping• Systematically generate 3-10 tones at different human audible pitches• Record the generated tones 250KH• Provide actionable feedback
• Benefits• Focused on the end user quality• True end-to-end system quality test, "through the demark”• Track over 50 different variables for quality control as a workflow• Plug and play • After action reports• Centralized database with full 250kHz data capture• Logistical data integration
REPORTING MODULE
Reporting• All information can be uploaded to central Control
Centers and Reporting Engines instantly or in a batch process
• The IDOptimize Test Suite Reporting Engine can also be used for mash-ups and deep dive analysis
• Client-side mash-up technologies preserves user authentication through to primary databases
• Reports can include local information, as well as global information
Calls by GEP geo-coded and graphed by Altitude– success/failure
FOUO
Calls by GEP geo-coded and graphed by CCSD – success/failure
FOUO
Calls by GEP geo-coded and graphed by weather – success/failure
FOUO
SECURITY MODULE
Data Feeds
Policies
Summary Reports
Data Scanning
Network Status Indicator
Data Scanning
Data Feeds
Policies
Summary Reports
Network Status Indicator
IP Type Casting• Core Systems – Mission critical systems that are
permanently attached to the plane for years at a time. These controls should have very tight policies.
• Crew – Mission support systems that are carried on the plane for the mission. A wider variety of configurations may be acceptable here.
• Guest – These systems may be of widely varying levels of civilian, commercial, or military security and may be removed from the network in cases where they can not be remediated due to lack of control/timing constraints.
• Other – This is a general designation open to interpretation based on the requirements of particular work flows.
Proposed Scan Policies 4 Degrees of Control
IAVAViolations
Risk Level3-6
Risk Level0-3
Risk Level6-9
FDCCViolations
Cat IIICat II
Cat I
Summary• Avoid SME Costs (IP Security, Signals Analysts, etc)
• Security of IP Networks in disconnected/semi-connected state• Communication quality shift and drift over time
• Systematic approach to root cause analysis• Increase use of software and virtualization• Agile solutions approach is quickly extendable to meet
demands• Software Development• Acquisition
• Relevant data integration• Centralized data• Mash-ups maintain security
