Click to edit Master title style

Chris McIntoshCEO ViaSat UK

Critical Infrastructure Protection

Broadband Internet Service

Provider

Government and Enterprise

Mobile Services

Information Assurance and Cyber Security

Communications Technologies

Critical Infrastructure

Protection

ViaSat: Security and Communications

Founded in 1986$1.2bn+ Revenue 3,000+ Employees

» Intrusion Detection, Analysis and Recovery» Mobility – Assured Mobile Operations and Wireless Comms» Endpoint Client Security and Integrity» Continuous System Security Monitoring, Metrics and

Measurement of IA Posture» Virtualisation, Platform Integrity, and Trusted Platform» Usability – Transparent Security» Real-time Detection, Analysis, Defence, and Resilience» Establishing and Maintaining Assurance in Heterogeneous,

Mobile and Cloud Environments» Manage Storage and Track Access to Information

http://www.nsa.gov/ia/business_research/3

NSA: 2013 Top Technology Challenges

4

ADVANCEDPERSISTENTTHREAT

CONVENTIONALTHREAT

Agility / Speed of ActionAA BB C DD EE

Reactive & Manual Tools-Based Integrated Picture Dynamic Defense

People based followingdoctrine and doing theirbest to “put out fires”

Applying tools andtechnologies piecemealto assist people inreacting faster

Continuous monitoring controls, interoperabilityand standards baseddata exchange forIA situational awareness

Resilient Enterprise

APT response within theenterprise instantiatespolicy, illuminates eventsand helps the operatorsfind, fix, and target forresponse

Predictive & mission focused, isolates and contains damage, secure supply chains and protect key critical infrastructures to operate through cyber attack

Thre

at

EE

CC

DD

AA

Most Organizations

BB

Resilience

11

Cyber Security Maturity Model

5

ADVANCEDPERSISTENTTHREAT

CONVENTIONALTHREAT

Agility / Speed of ActionAA BB C DD EE

Reactive & Manual Tools-Based Integrated Picture Dynamic Defense

People based followingdoctrine and doing theirbest to “put out fires”

Applying tools andtechnologies piecemealto assist people inreacting faster

Continuous monitoring controls, interoperabilityand standards baseddata exchange forIA situational awareness

Resilient Enterprise

APT response within theenterprise instantiatespolicy, illuminates eventsand helps the operatorsfind, fix, and target forresponse

Predictive & mission focused, isolates and contains damage, secure supply chains and protect key critical infrastructures to operate through cyber attack

Thre

at

EE

CC

DD

AA

Most Organizations

BB

Resilience

11

Cyber Security Maturity Model

?? ???

??

Overview of LTE ArchitectureeNodeB

IntegratedSeGW

IntegratedSeGW

SeGW

x2

MME

SAE GW

OSS

Certificate Server(Identity Management)

Internet

HSS

OperatorServices

PCRF

ServicesEvolved Packet Core (EPC)Access/Transport

Control PlaneUser PlaneTSL/HTTPSIPSec

Overview of LTE Architecture

eNodeB

IntegratedSeGW

IntegratedSeGW

SeGW

x2

MME

SAE GW

OSS

Certificate Server(Identity Management)

Internet

HSS

OperatorServices

PCRF

ServicesEvolved Packet Core (EPC)Access/Transport

Control PlaneUser PlaneTSL/HTTPSIPSec

• IPSEC Sy not always installed• Comms beyond ENodeB unencrypted• Deploy now and think about sy later

syndrome• Speed of roll-out• Cost• Performance

• Increases attack vectors for hackers

Fault ØEquipment failure ØFalse readings

Individuals ØDisgruntled employeesØFinancial information accessØInternal or external

‘Hacktivist’ ØDisrupt service for political or social cause

Government ØHostile NationsØState Sponsored attacks

OrganisedCrime

ØTheftØExtortionØSelling IP to othersØState Ignored attacks

The Threat

Malicious ActivitySpoofing Man-In-The-Middle (MITM)

Denial of Service (DoS) Distributed Denial of Service (DDoS)

X XXX

IP address spoofing, Caller ID spoofing…

Eavesdropping, chosen-ciphertext attack, substitution attack, replay attack…

SYN flood, LAND attack, Smurf attack, Ping of Death, Teardrop attack…

Botnets/Dosnets, peer-to-peer attacks, Distributed Reflected DoS (DRDoS) attacks like ICMP echo request and DNS amplification attacks

Network Vulnerabilities

10

Security in Depth

11

» CCS is a real-time cyber-security monitoring, detection and response platform that provides complete network visualisation, decision support and automation.

By using sensors and traffic flow analysis it can identify and respond to suspicious and anomalous behaviour on operational control systems.

ViaSat Common Cyber Security

ViaSat Key Tenets

•All networks are ‘dirty’ to some extent•No such thing as an Air Gap•Risk owner must be part of the Cyber solution•Solution:People, Processes and Technology

Conceptual Operation

Bump-In-The-Wire

Bump-In-The-StackProxy –CCS-Enabled Gateway

Gateway

Multimedia Node

System Security

14

• Public Key Infrastructure (PKI), Identity Management• Trust Anchor Management (TAM), TAM Protocol (TAMP)Authentication

• Role Based Access Control (RBAC)• Group Domain of Interpretation (GDOI)Authorization

• Integrity Management Authority (IMA)• Trusted Boot, Trusted Network Connect (TNC)Integrity

• Secure data and control plane communication over IPsec and GDOI• Peer-to-peer control plane communication via Data Distribution

System (DDS)Confidentiality

• QoT Updates and Override• Peer-to-peer QoT Events• Session based Data Labeling : Trusted, Questionable, Untrusted

Quality-of-Trust

Ø I am who I say I am and I have not been tampered with

ØI am behaving as expected (based upon a defined list of characteristics)

ØWhat do the devices that I am physically and/or logically connected to think about by behaviour.

Quality of Trust

Identity

Status Bill of Health

QualityOf Trust

Ø A device has been authenticated and has joined the “fabric” of CCS enabled devices

Quality of Trust

Gateway

Multimedia Node

Summary

» Critical Infrastructures should be treated as such, and appropriately protected

» The threat environment is dynamic and fast moving» Often we do not know the form that an attack will take

(Behavioural anomaly detection is key)» Customised visual display of security posture aids operational

management» Integrated situational awareness of legacy and new equipment

is essential» Quarantine of compromised areas will reduce system

downtime» Mobile network growth and improvements in QoS should not

be at the expense of security» ViaSat are Government trusted security specialists

Questions?