Embed Size (px)
Citation preview
Operational Military Perspective in Cyber Security
IEEE Technology Summit13 May 2008
M. Paul ZavidniakTechnical Fellow, Technical Director
Network Communications DivisionAirborne & Maritime Systems
2
UNCLASSIFIED
UNCLASSIFIED
Discussion Points
• Warfighting in the Network Centric Era
• Military Operating Environment
• Cyber Space in the Military Environment
• SWOT Analysis (Strengths, Weaknesses, Opportunities & Threats)
• Addressing the Challenges
• Addressing the Threats
• Designing for the Future
• Questions
3
UNCLASSIFIED
UNCLASSIFIED
• Tactical Data Networks• Disparate by Nature• Distributed throughout the
Spectrum• Internet is not Pervasive
CyberS
pace
CyberS
pace
Today’s Battlefield
SpaceDomainSpace
Domain
• Space: Transformational Communications
AirborneDomainAirborneDomain
• Airborne: Airborne Networking
TerrestrialDomain
TerrestrialDomain
• Terrestrial: GIG / Enterprise Services
MaritimeDomain
MaritimeDomain
• Maritime: ForceNet/Network Centric Warfare
4
UNCLASSIFIED
UNCLASSIFIED
Today’s Battlefield (Capability Perspective)
• Group Services by Type (or mission)
• Surveillance• Communications• Tactical
• In operations of any nature its essential to ascertain impact of cyber attack by capability
• What have I lost?
SpaceDomainSpace
Domain
AirborneDomainAirborneDomain
TerrestrialDomain
TerrestrialDomain
MaritimeDomain
MaritimeDomain
CyberS
pace
CyberS
pace
5
UNCLASSIFIED
UNCLASSIFIED
• Information Assurance: Information operations that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and nonrepudiation
Warfare in the Net-Centric Era
SpaceDomainSpace
Domain
AirborneDomainAirborneDomain
TerrestrialDomain
TerrestrialDomain
MaritimeDomain
MaritimeDomain
CyberS
pace
CyberS
paceWin the BattleWin the Battle Control the Battle Control the Battle
Control the BattleControl the Battle Communications / Information Communications / Information
Communications/InfoCommunications/Info Knowledge & Situation Awareness Knowledge & Situation Awareness
Disrupt CommunicationsDisrupt Communications Lose Control Lose Control
• Information Warfare: the use of information or information technology during a time of crisis or conflict to achieve or promote specific objectives over a specific adversary or adversaries
Lose the Battle Lose the Battle
6
UNCLASSIFIED
UNCLASSIFIED
Equipment Operating Environment
WB-57 (2005-current)WB-57 (2005-current) Global Express (2007-current)Global Express (2007-current)
60,000+ Ceiling, 2,500 nm Range 51,000 ceiling, 5,600 nm Range
g ForceRequirements
Upward 3.0gForward 9.0gSideward 4.0gDownward 6.0gRearward 1.5g
7
UNCLASSIFIED
UNCLASSIFIED
Battlefield Airborne Communications Node
BACN Spiral 1 (2005-current), NASA WB-57 AircraftBACN Spiral 1 (2005-current), NASA WB-57 Aircraft
8
UNCLASSIFIED
UNCLASSIFIED
Battlefield Airborne Communications Node
BACN Spiral 2 (2007-current), Bombardier Global ExpressBACN Spiral 2 (2007-current), Bombardier Global Express
9
UNCLASSIFIED
UNCLASSIFIED
Equipment Placement in Tactical Aircraft
10
UNCLASSIFIED
UNCLASSIFIED
Enhancing Warfighter Capabilities
• Penetrate anti-access environments
• Increase persistence of surveillance & reconnaissance
• Destroy fleeting or emergent targets
• Shorten TST timelines (F2T2EA)
• Improve Combat ID
• Improve SA & C2
Warfighting Capabilities
• Multiple waveform linking
• Message translation
• Voice bridging
• Composite tactical picture
• High capacity backbone
• Network Mgt
• Net-Centric Gateway Apps
• Information Assurance
CapabilitiesEnablers
• LOS range extension
• Translation/ Correlation/ Forwarding between dissimilar TDNs
• Connecting battlespace nodes to GIG
• Bridging/Switching dissimilar voice systems
• New C4ISR Sys to Evolve / Field incrementally (AESA radar, F-22A)
Supports Close Air Support, Time Sensitive Targeting, Global Strike, Homeland Defense, Coalition
11
UNCLASSIFIED
UNCLASSIFIED
Cultural issues associated with confirming ‘real’ vulnerabilities• No funding for ‘known’ but undocumented requirements
Cyber Space in the Military Environment
Electromagnetic Spectrum
Space Air Surface Sub
Information Targets
X-B
and
S -
Ban
d
Ku
-B
and
C -
Ban
d
GP
S -
Ban
dU
ltra
vio
let
Infr
ared
E/O
L-B
and
I-B
an
d
UL
F,
VL
F,
LF
HF
, V
HF
, U
HF
Ult
ravi
ole
tIn
frar
edE
/OL
-Ban
dI-
Ba
nd
UL
F,
VL
F,
LF
HF
, V
HF
, U
HF
So
na
r
Wir
elin
esW
irel
ines
UL
F,
VL
F,
LF
Satellite Radar Radar
Physical Targets
WirelinesFiber CopperOC48OC12OC3
T-45
T-3 PO
TS
B-I
SD
NF
T-1
T-1
Frm
Rly
SO
NE
TA
TM
T-1
FT
-1
B-I
SD
N
PRI-ISDN, X.25, TelnetInternet TCP/IP, etc.
Dig
ital
Carrier ProtocolsMedia
Access MethodsUser Protocols
Services
Present focus of USPresent focus of USDoD Defensive IWDoD Defensive IW
activitiesactivities
Lack of emphasis on non-IP technologies• DoD and Government unique requirements unaddressed
12
UNCLASSIFIED
UNCLASSIFIED
Strengths and Weaknesses
• Diversity– Radio Frequency (divergent frequency
allocations)– Carriers (divergent data links)– Protocols (divergent protocols)– Encryption (divergent encryption protocols)– Security (multiple levels of security)
• Radio ‘operators’ hold clearances– Limited exposure to insider threats
• Interoperability– Diversity impacts interoperability
• Information/Knowledge Propagation– Propagation of knowledge is artificially limited
• Information Timeliness– Constrained propagation yields ‘stale’ data
Strengths
Weaknesses
13
UNCLASSIFIED
UNCLASSIFIED
Opportunities Sought
• Enhance Interoperability & Information Sharing
• Accelerate the Flow of Information to the Consumer
• Exploit the benefits of shared knowledge and technical abilities to increase mission effectiveness and efficiency
Goals for the Net Centric Services Strategy– Provide Services
• Make information and functional capabilities available as services on the network
– Use Services• Use existing services to satisfy mission needs before creating duplicative
capabilities
– Govern the Enterprise• Establish the policies and processes for services in the enterprise SOA to ensure
execution is aligned with interoperability and information sharing objectives
14
UNCLASSIFIED
UNCLASSIFIED
OSD Policy IPv6
• June 9, 2003
• This memorandum provides DoD policy for Enterprise-wide deployment of IPv6. Currently, Internet Protocol version 4 (IPv4) represents the mandated internetworking protocol for the DoD. The achievement of net-centric operations and warfare, envisioned as the Global Information Grid (GIG) of inter-networked sensors, platforms and other Information Technology/National Security System (IT/NSS) capabilities, depends on effective implementation of IPv6 in concert with other aspects of the GIG Architecture. IPv6 is important to IA due to the enhanced IA capabilities it provides.
• The DoD goal is to complete the transition to IPv6 for all inter and intra networking across the DoD by FY2008
• All GIG assets being developed, procured or acquired shall be IPv6 capable
https://acc.dau.mil/CommunityBrowser.aspx?id=31652
15
UNCLASSIFIED
UNCLASSIFIED
Net-Centric Way Forward
• When they need it
• In a form they can understand and act on in confidence, and
• Protects information from those who should not have it
• When they need it
• In a form they can understand and act on in confidence, and
• Protects information from those who should not have it
Source: NCE JFC version 1, dated 7 April 2005
“if the Joint Force fully exploits shared knowledge and technical connectivity, then the resulting capabilities will dramatically increase mission effectiveness and efficiency”
“if the Joint Force fully exploits shared knowledge and technical connectivity, then the resulting capabilities will dramatically increase mission effectiveness and efficiency”
Increasing scope of integration, efficiency,
and effectiveness
A framework for full human and technical connectivity and interoperability that allows all DOD users and mission partners to share information they need
Connecting People with InformationDoD Net-Centric Services Strategy, Frank Petroski, October 31, 2006
16
UNCLASSIFIED
UNCLASSIFIED
The Enterprise SOA
Enterprise Information Environment Mission Area
Communications Services
DataDataDataData DataDataDataData
NationalIntelligence
MissionArea
NationalIntelligence
MissionArea
Business Mission
Area
Apps AppsAppsAppsApps Apps Apps
Information Assurance
Computing Infrastructure
Core Enterprise Services
National Intelligence Enterprise
InfrastructureMission Area
Services
Co
ntr
oll
ed
In
fo E
xc
han
ge (
CIE
)
Users
Specialized Mission AreaInformation and Services
ServicesServices
Services
DataDataDataData
WarfightingMission
Area
WarfightingMission
Area
Services
BusinessMission
Area
BusinessMission
Area
ServicesServices
Services
ServicesServices
Services
ServicesNe
tO
ps
17
UNCLASSIFIED
UNCLASSIFIED
• Computer virus will be introduced via radio channels and laser comm links
• One requirement of winning is … monitoring
CyberSpace Military Threats
“Russian Views on Electronic and Information Warfare,” Mary Fitzgerald, The Hudson Group
“Chinese Views on Future War”,Michael Pillsbury, National Defense University
Russian Perspective Chinese PerspectiveThreat
• Accomplishing Electronic Warfare by jamming enemy communications
• There are many ways to destroy information systems … jamming an enemy’s communicationsJam
• Directed beam electromagnetic pulse will become a new means of warfare against C4I and intelligence systems by 2005-2010
• In future wars, key information (and systems) will become “combat priorities”, the key targets
• Destroy an enemies electronic systems with EMPTarget,Destroy
• Introduce computer viruses by agents, over communications channels, or other means
• Saturate enemy information networks with false commands and reports, misleading him and corrupting his C2 system
• Deception by imitating the operation of enemy comm and by changing radio traffic volumes
• Penetrating classified and unclassified info networks and channels to transmit false info
• Secret falsification can be used to plant false intelligence and false targets in the place of true intelligence
• Resist viruses to protect the normal operations of information processing in systems
• Destroy computer software with a computer virus
• Disrupt the enemy’s information flow
• In future wars, operations against military computers will be key …. Including computer virus warfare
Spoof
Deceive
Corrupt
Monitor
18
UNCLASSIFIED
UNCLASSIFIED
Russia’s Resurgent Military
MOSCOW - As a newly self-confident, oil-rich Russia teams up with China in joint military exercises Friday, it is moving to reclaim the former Soviet Union's status as a global military power.
A seven-year, $200-billion rearmament plan signed by President Vladimir Putin earlier this year will purchase new generations of missiles, planes, and perhaps aircraft carriers to rebuild Russia's arsenal. Already, the new military posture is on display: This summer, Russian bombers have extended their patrol ranges far into the Atlantic and Pacific oceans, forcing US and NATO interceptors to scramble for the first time since the cold war's end.
By Fred Weir | Correspondent of The Christian Science Monitor from the August 17, 2007 edition
MOSCOW — Russian bombers have flown to the island of Guam — home to a major American military base — for the first time since the Cold War in an exercise intended to show the Kremlin's resurgent military power, an air force general said yesterday.
Two Tu–95 bombers reached Guam, an American territory, this week, and their crews smiled at the pilots of the American fighter jets that scrambled to intercept them, Major General Pavel Androsov said.
By MIKE ECKEL, Associated Press, August 10, 2007
19
UNCLASSIFIED
UNCLASSIFIED
Estonia hit by ‘Cyber War’
Estonia says the country's websites have been under heavy attack for the past three weeks, blaming Russia for playing a part in the cyber warfare. Many of the attacks have come from Russia and are being hosted by Russian state computer servers, Tallinn says. Moscow denies any involvement.
Estonia says the attacks began after it moved a Soviet war memorial in Tallinn. The move was condemned by the Kremlin. "In the 21st century it's not just about tanks and artillery," Nato spokesman James Appathurai told BBC News. The . . . attacks had affected a range of government websites, including those of the parliament and governmental institutions. "Estonia depends largely on the internet. We have e-government, government is so-called paperless... all the bank services are on the internet. We even elect our parliament via the internet," Mr Tammet said.
The Estonian government says its state and commercial websites - including a number of banks - are being bombarded by mass requests for information - overwhelming their computer servers. Targets of the so-called denial-of-service attacks have also included the Estonian foreign and defence ministries and leading newspapers and banks.
Estonia's foreign minister says Russia's response to the row over a Soviet war memorial is an "attack" on the whole European Union
http://news.bbc.co.uk/go/pr/fr/-/2/hi/europe/6614273.stm Published: 2007/05/02 07:46:06 GMThttp://news.bbc.co.uk/go/pr/fr/-/2/hi/europe/6665145.stm
20
UNCLASSIFIED
UNCLASSIFIED
China Fielding Cyber Attack Units
China is stepping up its information warfare and computer network attack capabilities, according to a Defense Department report released this week. The Chinese People’s Liberation Army (PLA) is developing information warfare reserve and militia units and has begun incorporating them into broader exercises and training.
The Chinese approach centers on using civilian computer expertise and equipment to enhance PLA operations, the DOD report states. “During a military contingency, information warfare units could support active PLA forces by conducting ‘hacker attacks’ and network intrusions, or other forms of ‘cyber’ warfare, on an adversary’s military and commercial computer systems, while helping to defend Chinese networks,” according to the report.
“The PLA considers active offense to be the most important requirement for information warfare to destroy or disrupt an adversary’s capability to receive and process data,” the report states. Computer Network Operations is an important part of the Chinese strategy to achieve electromagnetic dominance in any conflict, and as a force multiplier, according to the report. The PLA seeks to combine CNO with electronic warfare, kinetic strikes against C4 nodes, and virus attacks on enemy systems, to form what PLA theorists call “Integrated Network Electronic Warfare,” it noted.
By Josh Rogin - Published on May 25, 2006
http://www.fcw.com/online/news/94650-1.html
21
UNCLASSIFIED
UNCLASSIFIED
China’s Cyber Warriors
Many cyber security experts in the United States and Taiwan worried when Microsoft provided the Chinese government with access to the source code of its Windows operating system in 2003. Their fear was that access to the code would make it easier for China’s People’s Liberation Army (PLA) to develop and carry out new information-warfare techniques.
A recent series of cyber attacks directed against targets in Taiwan and the United States may confirm that “those fears now appear justified,” says a Taiwanese intelligence officer. Taiwan and China regularly engage in low-level information-warfare attacks. But the past few months have seen a noticeable spike in activity. “‘Blitz’ is an accurate description” of the recent attacks, says the Taiwanese security source. “It’s almost like . . . a major cyberwar exercise.”
By Bishop, in Foreign Policy, Sep/Oct 2006
http://www.foreignpolicy.com/story/cms.php?story_id=3553
22
UNCLASSIFIED
UNCLASSIFIED
China Honing Cyber-Attack Skills
BEIJING -- -- The recent allegations that China has been hacking into sensitive government computer systems in the United States and Europe follow years of heavy investment by the People's Liberation Army in cyber-attack capabilities, U.S. defense officials and Asian security analysts said.
Although much of China's spending on information warfare remains secret, the Chinese military and its propaganda organs have regularly expressed their desire to develop computer warfare expertise and have boasted of their growing sophistication in the field, these experts said. "There are intensive discussions in China about developing and perfecting their information warfare abilities," said Andrew Yang, a China military expert at the Taiwan-based Chinese Council of Advanced Policy Studies. "They have improved their tactics and approaches. "The U.S. military has alleged for nearly a year that China has launched cyber attacks on Pentagon networks.
The issue returned to the spotlight this week after allegations, first reported by the Financial Times, that the PLA in June broke into an unclassified computer system used by the office of Defense Secretary Robert M. Gates. The breach forced the Pentagon to disable the computer system for several days.
. . . The Chinese government has vehemently denied the allegations
By Peter Spiegel, Los Angeles Times Staff Writer FROM LOS ANGELES TIMES Sept 7, 2007
23
UNCLASSIFIED
UNCLASSIFIED
http://www.intentblog.com/archives/2007/05/cyber_warfare_b.html
China’s 5th Dimension Cyber Army
A US military report into the future of geo-political relations with China has claimed that the Chinese government is developing a cyber (5th Dimension) warfare division for use in possible future conflicts.
"The Military Power of the People's Republic of China 2007" report suggests that, in addition to the Red Army's army, navy, air force and rocket arms, the Chinese government is putting together a team to deal with "electronic and online arenas." According to the report, "People's Liberation Army authors often cite the need in modern warfare to control information, sometimes termed an 'information blockade'... China is pursuing this ability by improving information and operational security, developing electronic warfare and information warfare capabilities, denial-of-service and deception... China's concept of an 'information blockade' likely extends beyond the strictly military realm to include other elements of state power."
24
UNCLASSIFIED
UNCLASSIFIED
Unrestricted Warfare
• “Unrestricted Warfare”– Qiao Liang & Wang Xiangsui (Sr. Colonels in PLA)– Published in February of 1999– Translated by the Foreign Broadcast Information Service (FBIS)
• Relates 8 Essential Principles of “Beyond Limits” Warfare– Omni directionality: 360 degree observation and design– Synchrony: Conducting actions in different spaces within the same time
period– Limited Objectives: Actions within an acceptable range for the measures– Unlimited Measures: Unrestricted employment of measures– Asymmetry: Action in the opposite direction from the balance of symmetry– Minimal Consumption: Least amount of resources to achieve the objective – Multidimensional Coordination: Coordination & allocation of all forces in all
military and non-military spheres– Adjustment & Control of the Entire Process: Continually acquire information,
adjust action and control the situation
http://www.terrorism.com/documents/TRC-Analysis/unrestricted.pdf - Unrestricted Warfare
25
UNCLASSIFIED
UNCLASSIFIED
Reflections on Unrestricted Warfare
By Robert Bryce April 7, 2006
It’s been seven years since two Chinese soldiers, Qiao Liang and Wang Xiangsui, released their treatise, Unrestricted Warfare. But their 228-page book should be read again by policymakers and warfighters because their points are directly relevant to the dangers facing the U.S. and its gargantuan military-industrial-Congressional complex.
Three recent events underscore the need to look at America’s predicament through the eyes of the Chinese.
– The March 16 vote by the Senate to raise the federal debt limit to $9 trillion
– The recent crash of yet another V-22 Osprey, a crash that illustrates the waste, fraud and abuse within the Pentagon as it pursues a weapon that is too expensive and too complicated
– The ongoing scourge of roadside bombshttp://www.d-n-i.net/fcs/bryce_unrestricted.htm
26
UNCLASSIFIED
UNCLASSIFIED
US Perspectives on Cyber Security Threats
• A botnet denial-of-service attach shut down the Estonian government last year for about two weeks. ‘It went beyond simple mischief, and represented an actual threat to government to govern its country.’
• ‘A single individual, a small group of people, or a nation-state can exact the kind of damage or disruption that in years past only came when you dropped bombs or set off explosives’
• ‘Risks from cyberattacks are increasing and the consequences are so great that the country needs a ‘Manhattan Project’ for network security’
• ‘We need a gamechanger for how we deal with attack’s
Homeland Security Secretary, Michael Chertoff
http://www.news.com/8301-10784_3-9914391-7.html?tag=blogFeed [April 8, 2008]
27
UNCLASSIFIED
UNCLASSIFIED
Challenges
• Interoperability addresses Cyber Security requirements but creates ‘exposure’ issues
• *SOA architectures have acknowledged barriers to adoption– Lack of governance (48%)– Unresolved security issues (40%)– Performance/reliability issues (39%)– Incomplete/immature standards (38%)
*Migration of Legacy Components to SOA Environments, Carnegie Mellon University, Software Engineering Institute
28
UNCLASSIFIED
UNCLASSIFIED
Addressing the Challenges
• Know (characterize) your environment
• Always employ encryption (COMSEC and TRANSEC) and the appropriate IA policies (DITSCAP/DIACAP/ATO/IATO/IATT)
• Harden operating systems and applications– Without placing encumbrances on the operator
• Segregate security by level (MILS)
• Minimize intersections of security levels
• Consider writing ‘up’ versus ‘down’
• Separate the ‘control plane’ from the ‘user plane’
• Employ asymmetric communications strategies– Minimize exposure to Cyber threats by minimizing exposure to non-secure
(to the platform) uplinks– Address requirements for information dissemination by the broadcast
transmission (downlink) of non-secure data where appropriate
• Innovatively employ special techniques
29
UNCLASSIFIED
UNCLASSIFIED
Paul’s Cyber Space Iceberg Theorem
The scope of the risks that the commercial
market addresses
The scope of the threat is publicly acknowledged
The actualdepth of
the cyberspace
problem
30
UNCLASSIFIED
UNCLASSIFIED
Addressing the Threats
InternalInternal– (Embraces Battlefield (Embraces Battlefield
Overrun Scenarios)Overrun Scenarios)– Denial Of ServiceDenial Of Service– Deception and False Deception and False
ReportingReporting– C2/SA Data ExposureC2/SA Data Exposure
ExternalExternal– MonitoringMonitoring– Direction FindingDirection Finding– Jamming (EW)Jamming (EW)– Induced Tactical Induced Tactical
DeceptionDeception
ThreatThreat
MitigatorMitigator
Countered By:Countered By:– LPI/LPD technologiesLPI/LPD technologies– EncryptionEncryption– MonitoringMonitoring– Specialized TechniquesSpecialized Techniques
• Burst TransmissionsBurst Transmissions• AgileAgile
Countered By:Countered By:– MonitoringMonitoring– Access Control and IA Access Control and IA
PracticesPractices– Specialized TechniquesSpecialized Techniques
• Data EncryptionData Encryption• Anti-TamperAnti-Tamper
31
UNCLASSIFIED
UNCLASSIFIED
Threat and Gap Analysis
MitigatorToday’s
COTs Solution
Encrypt
Encrypt
Policy /Authenticate
Anti-Virus S/W
WirelessDevice
TransmissionMedia
Consequenceof Event
Impact onOperations
DirectionFind (DF)
-Geolocation
Deny (noise jam) Denial of Service(DoS)
Information Superiority
CompromisedDeny (traffic jam)
Monitor Espionage Knowledge &Capability
CompromisedAlter by Spoof Data Integrity
Deny (traffic jam) Deny (traffic jam) DoS Superiority Lost
Monitor Monitor Espionage Knowledge &Capability
CompromisedAlter Alter Data Integrity
Destroy Virus Data Lost Knowledge Lost
No
rmal
Op
sD
evic
e L
ost
Kosovo KLA Incidents
What Happens This Direction? Insider Threat Detection (e.g. Hannsen)?
FBI Hanssen Incident
Adversary Focus Result
LPI/LPD/Spread Spectrum
32
UNCLASSIFIED
UNCLASSIFIED
Neutralizing Cyber Attacks
• Characterize your network behavior (build a baseline model) and recognize anomalies
• Look for and recognize early indicators
• Track indicators against model
• Label suspicious radios terminals
• Reallocate network resources
• Network management / network awareness is the key to disarming the attack
33
UNCLASSIFIED
UNCLASSIFIED
Designing for the Future
• The U.S. DoD requires knowledge of adversary jamming, monitoring and intrusion events– Presently we have limited tools and resources– Many times knowledge is gained after-the-fact (through defectors
or counter espionage activities)
• Countermeasures are needed in order to either: (a) stop the attack; or (b) implement countermeasures– Warfighter Information Network – Tactical (WIN-T) Operational
Requirements Document (ORD)• Survivability of critical information from source to destination
depends on eliminating single points of failure and efficient use of total network bandwidth
34
UNCLASSIFIED
UNCLASSIFIED
Cyber Security Hot Points
• Warfighter connectivity comes with superlative gains and unprecedented risks in battle C2 and SA
• Warfighter connectivity has been targeted for penetrating attack in future conflicts
• Tactical wireless networks are difficult to assail from points outside the targeted network
• Captured node compromise by overrun force is most viable entry method into targeted networks
• Central monitoring and control is essential for detecting captured nodes, and critical for proactive counteraction.
35
UNCLASSIFIED
UNCLASSIFIED
Considerations for the Future
AttackAttackMountedMounted
SystemSystemIntrusionIntrusion
Attacker Attacker ReconnaissanceReconnaissance
DamageDamageInflictedInflicted
Access Access ProbeProbe
Cover-UpCover-Up
TargetTarget AnalysisAnalysis
= Attacker events
= Defender events
Attack Attack ForecastForecast
Physical Physical SecuritySecurity
Intrusion Intrusion DetectionDetection
System System ReactionReaction
Damage Damage AssessmentAssessment
RecoveryRecovery
Defender Defender ReconnaissanceReconnaissance
Entry Entry ControlControl
Impact Impact AnalysisAnalysis
ResponseResponse
Threat Threat AnalysisAnalysis
COTS Solution
Defense GAP
Legend
Time
Education / Awareness / R&D / Testing / Development / DeploymentEducation / Awareness / R&D / Testing / Development / Deployment
FortificationFortification
ScanScanScanScan
JamJamJamJamOrientateOrientateOr MapOr Map
OrientateOrientateOr MapOr Map
TrafficTrafficJamJam
TrafficTrafficJamJam
MonitorMonitorMonitorMonitor
SpoofSpoofSpoofSpoof
DamageDamageInflictedInflictedDamageDamageInflictedInflictedDirectionDirection
FindFindDirectionDirection
FindFind
CaptureCaptureCaptureCapture
36
UNCLASSIFIED
UNCLASSIFIED
What’s Old is New Again
At RSA, what's old is new again
Posted by Jon Oltsik,senior analyst at the Enterprise Strategy Group.
It's a little slow at this year's RSA Conference, but there is still plentyof hoopla to go around. It's a retro RSA in that this year's hot topics are all oldies but goodies. The list includes:
Compliance. Everyone is resurrecting their focus on regulations such as the Payment Card Industry Data Security Standard (PCI DSS) and a host of others.
Identity. Think of this as the personalization of IT. Chief information officers want to know who is on the network and what they are doing. Armed with this knowledge, they can block bad behavior and accelerate productive business activities.
Data security. Large organizations are desperately trying to get their arms around their data by answering questions like: Where is my confidential data? Who is accessing it? What the heck are they doing with it?
Yup, what's old is new again all around this security nexus. It would be easy to say that the marketing folks are either tired or lazy, but I see a completely different meaning here. We are still struggling with basic security problems, after all these years, and the industry is thus going "back to the drawing board," if you will.
Let's just hope we get it right this time around, or we all may be in deep trouble.
http://www.news.com/8301-10784_3-9916003-7.html?tag=blogFeed [April 10, 2008]
37
UNCLASSIFIED
UNCLASSIFIED
Questions?
38
UNCLASSIFIED
UNCLASSIFIED
Reflections on Unrestricted Warfare
– The March 16 vote by the Senate to raise the federal debt limit to $9 trillion
• The greatest threat to our future is our fiscal irresponsibility
• The Chinese see bankers as warfighters. And that fact should worry every American.
– The recent crash of yet another V-22 Osprey, a crash that illustrates the waste, fraud and abuse within the Pentagon as it pursues a weapon that is too expensive and too complicated
• Although Liang and Xiangsui don’t mention the V-22, it’s a classic example of what they call the “high-tech weapons trap where the cost stakes continue to be raised.” Breaking out of that trap, they say requires “lucid and incisive thinking. However, this is not a strong point of the Americans who are slaves to technology in their thinking.”
– The ongoing scourge of roadside bombs
• The IEDs are allowing the insurgents to camp out inside America’s OODA loop. They have disrupted the military’s game plan and are forcing the U.S. into a reactive posture that is incredibly expensive and cumbersome. It’s also largely ineffective.
Continued
39
UNCLASSIFIED
UNCLASSIFIED
Color Palette
40
UNCLASSIFIED
UNCLASSIFIED
![Technical debt in cyber ark [agile practitioners-2015]](https://img.pdfslide.us/doc/110x75/55a89f211a28abe7588b456b/technical-debt-in-cyber-ark-agile-practitioners-2015.jpg)
