Upload
griffin-wade
View
216
Download
0
Tags:
Embed Size (px)
Citation preview
Duty, Honor CountryDuty, Honor Country
Information Warfare in the TrenchesInformation Warfare in the Trenches: : Teaching Cadets the Basics Teaching Cadets the Basics of Information Assuranceof Information Assurance
[email protected]@usma.edu
Information Assurance Education OR Training: Blurring the BoundariesAaron J. Ferguson, Ph.D., CISSP
National Security Agency Visiting ProfessorUnited States Military Academy
Department of Electrical Engineering & Computer Science
Duty, Honor CountryDuty, Honor Country
Definitions
Education – the act or process of bringing an understanding to an individual.
Training – the process or routine of making proficient with specialized instruction and practice.
Duty, Honor CountryDuty, Honor Country
Goal
Using Bloom’s Taxonomy as a model, provide strategies for using the training standards to build a curriculum that educates—allows the student to take Information Security Professional and Designated Approval Authority knowledge and demonstrate conceptual understanding in multiple contexts.
Duty, Honor CountryDuty, Honor Country
Attributes of Information Assurance Education
1. Context Sensitive
2. Dynamic
3. Multidisciplinary
4. Application-Oriented
Duty, Honor CountryDuty, Honor Country
Center of Academic Excellence in Information Assurance Education
Provides an excellent Roadmap for Information Assurance Course and Curriculum Development NSTISSI 4011 – Training of INFOSEC Professionals NSTISSI 4012 – Designated Approval Authority
Strategies USMA Courses USMACOM Case Study
Duty, Honor CountryDuty, Honor Country
NSTISSI 4011 – Training of INFOSEC Professionals
The NSTISSI 4011 establishes the minimum training standard for the training of information systems security professionals in the disciplines of telecommunications and automated information systems security.
Duty, Honor CountryDuty, Honor Country
What are the INFOSEC Professional “Big Ideas?”
Awareness Sensitivity to the threats and vulnerabilities of national security
information systems, and a recognition of the need to protect data, information, and the means of processing them and builds a working knowledge of INFOSEC principles and practices
Performance The skill and/or ability to design, execute, or evaluate agency
INFOSEC security procedures and practices.
Courses CS482 – Information Assurance
Cyber Defense Exercise IT460 – Cyber Warfare NSA Coder’s Cup
Duty, Honor CountryDuty, Honor Country
NSTISSI 4012 – Designated Approving Authority
The NSTISSI 4012 establishes the minimum course content or standard for the development and implementation of training for Designated Approving Authorities in the disciplines of telecommunications security and information systems (IS) security.
Duty, Honor CountryDuty, Honor Country
What are the DAA “Big Ideas?”
INFOSEC Functions Legal Liability Issues Policy Threats and Incidents Access Administration COMSEC
Duty, Honor CountryDuty, Honor Country
Bloom’s Taxonomy (Bloom Hierarchy)
KNOWLEDGE
COMPREHENSION
APPLICATION
ANALYSIS
SYNTHESIS
EVALUATION
Duty, Honor CountryDuty, Honor Country
What is a Controlled Interface Device (aka Security Guard)?
Guard: A device or collection of devices that mediate controlled transfers of information across security boundaries (e.g., between Security Domain “A” and Security Domain “B”).
It is “trusted” to allow sharing of data across boundaries (possibly including controlled “read up” and/or “write down”)
Part of the “high side” security architecture Enforces a defined security policy
Other characteristics: type of data being passed, direction of data flow; human or fully automated review; number of connections; connection protocol (serial; Ethernet)
SecurityDomain
“A”
SecurityDomain
“B”
Guard
Duty, Honor CountryDuty, Honor Country
Guards Versus Firewalls
Guards Generally implemented on
trusted platform (often B1 or higher)
Connects domains at different levels
Opens doors that are normally closed
Prevents data leakage Filters data at application level
Few services allowed through (e.g., E-mail, messages, file transfer)
Often no IP forwarding Performs downgrading
Firewalls Not generally implemented on
trusted platform
Connects domains at same level
Closes doors that are normally open
Controls network services Filters packets at protocol level; may
proxy packets at application level More services allowed through (e.g.,
file transfer, E-mail, TELNET, HTTP) Some types offer IP forwarding No downgrading required
Duty, Honor CountryDuty, Honor Country
USMACOM Case Study
Establish secure network communications with coalition partners to provide an immediate Coalition Task Force (CTF) capability.
CTF membership is based on trust level—level of trust between the US and country seeking membership in the CTF.
The ultimate goal is to protect the SIPRNET, as it is a SECRET-High US only network with connectivity to the National Information Infrastructure. However, information on the SIPRNET must be securely shared with members of the CTF.
A Foreign Disclosure Officer on the SIPRNET decides what information gets shared with the CTF.
The CTF is classified CTF-SECRET, and the Nation LAN is assumed to be UNCLASSIFIED.
Duty, Honor CountryDuty, Honor Country
USMACOM Learning Objectives
1. Demonstrate an understanding of the INFOSEC functions of a DAA.
2. Discuss threats and vulnerabilities.
3. Perform a risk assessment.
4. Explain the DAA’s role in information warfare through the use of Information Security tactics, techniques, and procedures.
Duty, Honor CountryDuty, Honor Country
USMACOM Learning Objectives
5. Describe ways in which connecting to the National Information Infrastructure can create risks to your systems.
6. Discuss the importance of training to the separation of duties required of the DAA.
7. Explain DAA responsibility for preventing unauthorized disclosure of information.
8. Extrapolate risk management concepts to multiple scenarios.
9. Make decisions based on reasoned judgment.
Duty, Honor CountryDuty, Honor Country
High-Level Requirement
SIPRNET CTF LAN Nation LAN
US-SECRET CTF-SECRET UNCLASSIFIED
TIER 1 TIER 2
Duty, Honor CountryDuty, Honor Country
Low-Level Requirements
1. Must develop a one-time accreditable security architecture that uses high-assurance guarding technology to facilitate information exchange across security domains.
2. USMACOM must be able to add a new member (now and in the future) to any tier without going through the accreditation process for each nation.
3. For each CTF user, she has a colleague back in her home country’s Nation LAN that she must communicate with.
4. There should be at least one system administrator per security domain and this person is responsible for performing all security-related administration of the security domain LAN, e.g., patch management, CERT notification, anti-virus maintenance, and training.
Duty, Honor CountryDuty, Honor Country
Case Study Assumptions
1. The CTF resides in US spaces and is US-owned and administered. The composition of coalition partners will be dynamic throughout operations and all data is releasable to all individuals who have authorized access to the CTF LAN.
2. The CTF LAN will be a high attribution/high consequence network--must use a multi-tiered architecture with each tier having different domain names for email purposes.
3. Clients in non-US-controlled spaces will not be allowed to access CTF LAN resources directly.
Duty, Honor CountryDuty, Honor Country
Case Study Assumptions
1. Connectivity will be severely restricted—by data attachment type (“dot-pdf”, “dot-rtf”, “dot-txt”, HTML, and “dot-gif”) and data flow direction.
2. Unauthorized access to SIPRNET resources or data must be the result of intentional malicious action by an authorized CTF user located in controlled US spaces or by a malicious user in one of the Nation-LANs.
3. An in-country user should not be able to spoof a CTF user’s email address.
Duty, Honor CountryDuty, Honor Country
What are “DAA” Big Ideas?
1. Accreditation and the role of the DAA
2. Tier membership/trust level
3. Attachment Types Threats and Vulnerabilities
4. Risk Assessment
Duty, Honor CountryDuty, Honor Country
Accreditation and the Role of the DAA
The Designated Approval Authority (DAA) is the person that assumes all risk for operating a system in a specified configuration in a specified location for a specified period of time. System architecture, system security measures, system
operations policy, system security management plan, and provisions for system operator and end user training.
The student should play the role of the DAA and establish guidelines for the security posture of any system and/or architecture that she is required to approve.
Duty, Honor CountryDuty, Honor Country
Tier membership/Trust level
Trust level and Tier membership have attribution implications. The student should be able to explain attribution
and how it manifests itself in multiple contexts, since attribution and Trust level/Tier membership are tightly coupled.
Student will also have to decide what file types are going to be exchanged between the CTF-LAN and the SIPRNET and in what direction.
Duty, Honor CountryDuty, Honor Country
Tier 2 - What about reach-back capability?
GT4
GT5
Nation LAN(Tier 2)
WSC2
WSA2
WSB2
Duty, Honor CountryDuty, Honor Country
Attachment Type
Guard Guard Type/Services
Direction? Attachments
GT1
GT2
●
●
Duty, Honor CountryDuty, Honor Country
Putting it All Together
SIPRNET
GT1
GT2
GT3
CTF(Tier 1)
GT4
GT5
Nation LAN(Tier 2)
WSC2
WSA2
WSB2
WSC1
WSB1
WSA1
Duty, Honor CountryDuty, Honor Country
Risk Assessment
1. As a culminating exercise the instructor should have one set of students act as the DAA and another set act as Risk Analysts (RA) making their accreditation case to the DAA.
2. The RAs should be able to either make a compelling case for the DAA to accredit or make a compelling case for not accrediting—all based on risk evidence.
3. This risk evidence should be built around trust level, level of attribution, consequence, data flow, and data type.
Duty, Honor CountryDuty, Honor Country
Scaffolding Questions
1. Is there still high attribution if a Tier 0 user sends malicious email to the SIPRNET with a malicious code attachment? Why?
2. How could a Tier 2 user compromise Tier 1?
3. Why is the Tier 1 LAN a lower risk than the Tier 2 environment?
4. Can a user in Tier 2 spoof an email address?
Duty, Honor CountryDuty, Honor Country
Scaffolding Questions (cont’d)
5. What are some of the system administration challenges associated with the design?
6. How do you set up a CERT function in a coalition environment? Who enforces it?
7. Suppose USMACOM levied a new requirement: move all Tier 1 users down to Tier 2 to facilitate collaboration (e.g., chat, VoIP). Currently there are no Guarding Technologies that allow secure chat or secure VoIP. Specifically, user A1 cannot chat with user A2 even though
they are from the same nation. What would you do and why?
Duty, Honor CountryDuty, Honor Country
How do we Blur the Boundaries with IA Training Standards?
As information security becomes increasingly important, it can no longer be left to the realm of training.
1. Standards need to be “de-govied”—less government-focused and include academic and industry foci.
2. The standards need to focus more on Information Assurance than INFOSEC as the former defines thinking and behavior and the latter just behavior.
3. The standards should be incorporate more layer 2 (comprehension), 4 (analysis), 5 (synthesis), and 6 (evaluation), because without these critical layers, the case for academic excellence in Information Assurance is tenuous at best!
KNOWLEDGE
COMPREHENSION
APPLICATION
ANALYSIS
SYNTHESIS
EVALUATION
Duty, Honor CountryDuty, Honor Country
Changes Coming Down the Road
1. More Information Assurance focused vice INFOSEC
2. More User-Friendly
3. More input from Academia and Private Industry
4. Contract to upgrade 4011 to be let in May/June
5. 4012 fully coordinated with CNSS community and in for DIRNSA signature.
6. DISA to create 4012 CBT.
7. 4012 renamed Senior Systems Manager Focused on advances in technology
Duty, Honor CountryDuty, Honor Country
Feedback
If you like this briefing, please send an email to:
If you did not like this briefing, please send an email to:
Aaron J. Ferguson, Ph.D., CISSPNational Security Agency Visiting Professor
Dept. of Electrical Engineering & Computer ScienceUnited States Military Academy
[email protected] ARMY!