LCID Cyber Panel
Industry Perspective on DoD/AF Cyber Security Topics
For AFCLMC LCID Sep 2017
The Panel Format
Panel Overview: A diverse panel that can offer general insight and insightful perspective on Cyber Security, especially relevant to mission systems in the Air force.
• Panel Time: 14 Sep 2017 at 1245
• Event Website: http://www.wpafb.af.mil/lcid/
Key panel points:
• It’s common to separate business systems from mission systems when discussing Cyber Security.
• AFLCMC purchases and maintains all the aircraft, missiles and other relevant mission systems for the Air force.
• Many of the AF business systems also fall under this command and within the BES PEO.
• With regards to mission systems, there will always be challenges to deny hacking into classified and critical mission systems.
• This is a diverse industry panel presenting to both industry and government. None of the information presented is classified or confidential.
• Each panelist presents for 8-10 minutes and then open it up for dialogue after all panelist.
The Cyber Panel
• Panel Moderator: Mr. David Hart, Segue Technologies, Dayton Wright AFCEA, Fast Rope
• Panelist: Dr. Rob Wiltbank, CEO, Galois
• Panelist: Dr. Ken Holladay, SWRI
• Panelist: Dr. Josephine Micallef, Vencore Labs
• Panelist: Mr. Kevin Rigney, Gartner
• Panelist: Mr. Samuel Wanderi, Menya LTD
Slides and Questions
1) www.FastRope.org
2) Forums
3) Industry to Industry Forum
4) Topics
5) LCID Slides & Questions
Moderator: David Hart, Sr. Dr. BD. Segue Technologies
• Segue’s Senior Director of Business Development. He is an expert in team building, collecting market intelligence,identifying pursuits, managing opportunity pipelines, and fostering strong partner relationships. He workscollaboratively across Segue’s business leadership and verticals to identify strong opportunities and align withvalue-added partners to create strong information sustainment support solutions for our Federal customers.
• Currently on the Dayton-Wright Armed Forces Communication and Electronics Association (AFCEA) Board ofDirectors and previously served as Chapter President (2010, 2015, 2016), Vice President of Networking (2009),Director of Awards (2008), and Associate Director of the AFCEA International Board of Directors (2011). Inaddition to his service, David has received both the AFCEA International Meritorious Service Medal (2016) andAFCEA International Small Business Person of the Year (2017). He has served as Vice President of Dayton Defense,organizing two IT Dialogues with Industry Leaders. David also founded the Miami Valley Presidents Round Table,and Fast Rope with nearly 300 members in Dayton, Washington DC, Tampa, St. Louis, and San Antonio, TX.
• Co-Founder of the Blue Skies For Good Guys and Gals Warrior Foundation 501c3, which annually hosts over 50Combat Injured/Purple Heart Warriors and Fallen Hero/Gold Star Families for over four days of bonding, healingand life-enriching activities during Warrior Weekend to Remember.
• A former US Army Ranger, Master Parachutist, and Pathfinder. He graduated from the University of Cincinnati. Hehas been instrumental in launching several start-ups, serving one as CEO, leveraging his extensive sales andmarketing experience. David is an accomplished skydiver with over six thousand of jumps and uses this experienceas a keynote speaker on teamwork and leadership. He is the author of “Jump! Leaps in OrganizationalPerformance and Teamwork. David believes that people accomplish great things when they collaborate as a team,working towards a shared vision with common goals. His number one team is his wife Lori and three young boys,Peter, Jake and Ben; who reside with him in Mason, Ohio
• Website
US Department of Defense Cyber StrategyNEWS…DoD Initiates Process to Elevate U.S. Cyber Command to Unified Combatant Command
DoD's Three Primary Cyber Missions:• Defend DoD networks, systems, and information• Defend the U.S. homeland and U.S. national interests against cyberattacks of significant
consequence• Provide cyber support to military operational and contingency plans
Cyber Mission Force: 133 teams by 2018
DoD must develop its cyber forces and strengthen its cyber defense and cyber deterrence posture.
• National Mission Teams 13 teams - Defend the United States and its interests against cyberattacks of significant consequence.
• Cyber Protection Teams 68 teams - Defend priority DoD networks and systems against priority threats.
• Combat Mission Teams 27 teams - Provide support to Combatant Commands by generating integrated cyberspace effects in support of operational plans and contingency operations.
• Support Teams 25 teams - Provide analytic and planning support to the National Mission and Combat Mission teams.
DoD Cyber Website
24th Air Force
Commanders Strategic Vision• “The World’s Preeminent Cyber Force…Powered by Airmen, Fueled
by Innovation.”
Strategic Priorities• Employ Multi-Domain and Integrated Cyberspace Capabilities in
support of Combatant and Air Force Component Commanders
• Develop and Empower Our Airmen and Take Care of Their Families
• Lead Through Teamwork and Partnerships
• Inculcate a Strong Warfighting Culture into Cyberspace Operations
• Equip the Force through Rapid, Innovative Fielding of Cyber Capabilities
24th AF Website
2017 AFCEA Alamo ACE ConferenceDates:
• November 13-16, 2017
Location:• La Cantera Resort, 16641 La Cantera Parkway, San Antonio, TX
78256
Overview:• The 2017 Alamo ACE will take place November 13-16, 2017 at La
Cantera Resort, and will bring together over 1,600 military and industry leaders in the cyber, ISR, medical IT and education/training career fields for three days of keynote presentations, panel discussions and ethical information-sharing, a trade show/exhibit hall, free and discounted IT training for military personnel, and fundraising activities benefiting wounded warriors.
Event Website
Panelist: Dr. Rob Wiltbank, CEO, Galois
• Rob is CEO at Galois, a computer science R&D company focused on buildinghigh assurance computing systems. In 4 years of leading Galois, the companyhas tripled while spinning out 4 companies focused on the application of thetechnologies invented in Galois’ R&D efforts.
• Prior to Galois, Rob was a professor at Willamette University, where he ran theWillamette Angel Fund and entrepreneurship courses, ranked by Inc. Magazineas a “top 10” in entrepreneurship education.
• Rob was a partner with Montlake Capital, a growth equity fund, and a Co-Founder of Revenue Capital Management, an innovative revenue capital fund.
• His research focuses on strategy-making under uncertainty and entrepreneurialexpertise, particularly as it relates to growing new organizations.
• Rob is co-author of the 2009 book The Catalyst: How You Can Become anExtraordinary Growth Leader selected by Business Week as one of the bestbooks on innovation and design in 2009. He is also co-author of EffectualEntrepreneurship, a textbook used in 170 universities world wide.
• Education: Ph.D. in Strategy from the University of Washington, and a degree inFinance and Accounting from Oregon State University.
• Website
High Assurance Systems Engineering
Creating trustworthiness in critical systems
Leaders in high assurance research and development
Galois [gal-wah]
Named after French mathematician Évariste Galois
© 2017 Galois, Inc. Proprietary Information11
Software Engineering Path
Requirements
Design
Product
Development
Unit Test
System Test
Operational TestCustomer
Cyber
Vulnerability
Testing
Security related challenges:
System complexity is increasing, challenging design capabilities.
State space is nearly inconceivable; “test coverage” is misleading.
Implementing designs with exactness is permanently difficult.
© 2017 Galois, Inc. Proprietary Information12
High assurance software development and use
1. Formally verified designs
2. Formally verified components
3. Testing / Symbolic execution
4. Sign components in Dev
5. Sign components & DATA in use1
2
3
4 5
Requirements
Design
Product
Development
Unit Test
System Test
Operational TestCustomer
3
© 2017 Galois, Inc. Proprietary Information13
• As part of DARPA’s High Assurance Cyber Military Systems (HACMS) program, Galois created correct-by-construction tools that were used to build and demonstrate a cyber secure quadcopter.
• The tools were subsequently deployed on Boeing’s autonomous H-6U Little Bird to gain the same security and safety guarantees.
• An expert penetration team was given all the software all attacks failed, and they stated
“We can’t imagine any attack vectors that would work against this approach.”
“This is the most secure UAV in the world.”
More information: Using Formal Methods to Enable More Secure Vehicles http://wp.doc.ic.ac.uk/riapav/wp-content/uploads/sites/28/2014/05/HACMS-Fisher.pdf
HACMS and Boeing’s Little Bird
© 2017 Galois, Inc. Proprietary Information14
HACMS Components
1. Formally verified Parser/Encoder/FW strictly control communications
2. Secure OS, preferably formally verified strictly separate applications
3. Formally verified serializer strictly control applications
4. Monitoring of existing applications actively monitor apps in run time
5. Formally generated critical applications make critical apps formally correct
1
23
4 5
© 2017 Galois, Inc. Proprietary Information15
Relevant Formal Method Techniques
• Formal specification defines requirements unambiguously.
• “A precise, testable description of a system becomes a “what if …” tool for designs, analogous to how spreadsheets are a “what if …” tool for financial models.”¹
• Correct-by-construction tools generate software from formal specification. This reduces implementation bugs and rules out classes of security vulnerabilities
• “Buffer overflows” and other code flaws that cause take-over vulnerabilities are often a result of human mistakes. Generating the code instead of handwriting it guarantees their absence.
• Formal verification provides mathematical proof of correctness and security.
• A mechanical test between the code and the specification guarantees that the generated or written code does exactly what the requirements specified.
• ¹ Use of Formal Methods at Amazon http://glat.info/pdf/formal-methods-amazon-2014-11.pdf
© 2017 Galois, Inc. Proprietary Information16
FormallyVerifiedParser
• A classic network firewall, restricting the flow of IP-based messages.
• A notional firewall protecting a device on a CAN or other bus network.
• AND both semantic and syntactic guards.
Ensure that the incoming data comes from a reasonable source, is correctly formatted, and that the packet’s content is reasonable given the current state of the system.
1
© 2017 Galois, Inc. Proprietary Information17
High assurance software development and use
1. Formally verified designs
2. Formally verified components
3. Testing / Symbolic execution
4. Sign components in Dev
5. Sign components & DATA in use3
Requirements
Design
Product
Development
Unit Test
System Test
Operational TestCustomer
3
© 2017 Galois, Inc. Proprietary Information18
Testing
Technique Human Involvement Attributes
Fuzz Testing • Set up test harness • Generates random inputs• Can discover “shallow” flaws that result in crashes
Property-based Testing • Set up test harness• Write properties that
are expected to hold
• Generates random inputs• Builds confidence that the properties hold (correlated with
correctness)
Concolic Testing • Set up test harness• Add assertions
• Forces the program toward assertions• Can verify that deep properties always hold• Produces test cases that trigger failing assertions
© 2017 Galois, Inc. Proprietary Information19
Concolic Testing
• Assertions can be added and checked anywhere in a program (compare to properties, which hold only on outputs)
• Can check deep properties (unlike fuzz testing, which can rarely get beyond parsing phases of programs)
• Generates test cases that trigger bad behavior to aid debugging
• Unlike static analysis, never reports false positives (but does not scale as well as static analysis without help)
• Many of the assertions driving concolic testing can be repurposed for formal verification
© 2017 Galois, Inc. Proprietary Information20
High assurance software development and use
1. Formally verified designs
2. Formally verified components
3. Testing / Symbolic execution
4. Sign components in Dev
5. Sign components & DATA in use
4 5
Requirements
Design
Product
Development
Unit Test
System Test
Operational TestCustomer
Contractor In-house SW Dev Process DoD Platform Integration Process
Vulnerabledeliverychannel
Who added this feature?
Supplychainthreats
Insiderthreats
Who approved this integration?
What code is in this release package?
How do we know our version is the genuine / right one?
?
Signing Software and Data
© 2017 Galois, Inc. Proprietary Information21
+2+1
Contractor In-house SW Dev Process
Branch ID ContentProgrammer Validation Results CommitEnvironment
….
….
….
n
Digitally signed commit record
SignatureReceipt
Permissioned blockchain
Software DeliveryThrough Normal Process
Signing Software and Data
© 2017 Galois, Inc. Proprietary Information22
Contractor In-house SW Dev Process DoD Platform Integration Process
Vulnerabledeliverychannel
Supplychainthreats
Insiderthreats
?
+2+1….
n Permissioned blockchain
Signing Software and Data
© 2017 Galois, Inc. Proprietary Information23
© 2017 Galois, Inc. Proprietary Information24
High assurance software development and use
1. Formally verified designs
2. Formally verified components
3. Testing / Symbolic execution
4. Sign components in Dev
5. Sign components & DATA in use1
2
3
4 5
Requirements
Design
Product
Development
Unit Test
System Test
Operational TestCustomer
3
© 2017 Galois, Inc. Proprietary Information25
Amazon s2n Encryption Library
• Amazon Web Services is working with Galois to verify s2n, cryptographic software that protects commercial and government servers.
• The work so far has:• Guaranteed that there are no security vulnerabilities in critical components of the crypto
libraries• Comprehensively verified all possible combinations of events that may lead to flaws within
those components
• To test the same cases and events would have required ~1.7x10308 tests and more time than the age of the known universe.
More information: Verifying s2n HMAC with SAW https://galois.com/blog/2016/09/verifying-s2n-hmac-with-saw/
© 2017 Galois, Inc. Proprietary Information26
Software Health Management for Avionics at NASA
• Pitot tube subsystems have been implicated in numerous commercial aircraft incidents and accidents, including the 2009 Air France crash of an A330
• To detect pitot tubes sensor failures before they become catastrophic, NASA and Galois worked to develop tools for synthesized distributed software monitors based on correct-by-construction formal methods techniques.
• Flight tests successfully detected failures in time. The tools are deployed at NASA.
More information: Copilot: Monitoring Embedded Systems https://ntrs.nasa.gov/archive/nasa/casi.ntrs.nasa.gov/20120001989.pdf
© 2017 Galois, Inc. Proprietary Information27
Cryptol: The Language of Cryptography
• Cryptol is a custom language created by Galois for the NSA's Trusted Systems Research Group. It was designed from the ground up to make it easy for designers to design and analyze cryptographic algorithms.
• Once algorithms are complete, Galois provides tools to leverage the results in three ways, as shown below.
Formally VerifyImplementations
Synthesize Software Implementations
Generate Custom Hardware
Cryptol
© 2017 Galois, Inc. Proprietary Information28
Galois HA Technologies
• Software Analysis Workbench (SAW)
• Symbolic analysis for Java, C, C++…
• Open-source: http://saw.galois.com/
• In use by government, Amazon, others
• High-Assurance ASN.1 Workbench (HAAW)
• ASN.1 compiler, interpreter, automated test coverage
• Funded by U.S. Government for security-critical applications
https://aws.amazon.com/blogs/security/automated-reasoning-and-amazon-s2n/
Advanced Computer Science R&D
Creating trustworthiness in critical systems
Leaders in high assurance research and development
Galois [gal-wah]
Named after French mathematician Évariste Galois
Panelist: Dr. Kenneth HolladaySouthwest Research Institute
• Dr. Kenneth Holladay is an Institute Analyst in the Defense and IntelligenceSolutions Division of Southwest Research Institute (SwRI) in San Antonio, Texas.His B.S. is in Chemical Engineering from the University of Florida, with M.S. andPh.D. degrees in Computer Science from the University of Texas at San Antonio.
• SwRI is one of the oldest and largest independent, nonprofit, applied researchand development organizations in the United States. Founded in 1947, SwRIprovides contract research and development services to industrial andgovernment clients in domains ranging from deep sea to deep space.
• Dr. Holladay’s research interests center around the application of machinelearning, in particular evolutionary computing techniques, to solving real-worldproblems associated with sensors, signal processing, and communicationnetworks. He is a member of the SwRI Advisory Committee for Research, whichhelps direct research efforts at SwRI.
• When he is not glued to his computer, he enjoys traveling, hiking, and studyingOld Testament history and archaeology.
• Website
14 Sept. 2017 Defense and Intelligence Solutions, a Division of Southwest Research Institute 31
Dr. Kenneth Holladay
Institute Analyst
Defense and Intelligence Solutions Division
Southwest Research Institute
Cyber Security for
Legacy Systems
14 Sept. 2017 Defense and Intelligence Solutions, a Division of Southwest Research Institute 32
0
10
20
30
40
50
60
70
80
90
1007
/10
/20
12
1/2
6/2
01
3
8/1
4/2
01
3
3/2
/20
14
9/1
8/2
01
4
4/6
/20
15
10
/23
/20
15
5/1
0/2
01
6
11
/26/
20
16
6/1
4/2
01
7
cyber movie
Relative search popularity of the terms “Cyber” and “Movie” for the past 5 years.
Christmas Season
Cyber Monday
The search term “Cyber Security”
is a faint line near 0
Source: trends.google.com/trends/
The World Slumbers in Blissful Ignorance
14 Sept. 2017 Defense and Intelligence Solutions, a Division of Southwest Research Institute 33
Source: identity theft resource center
14 Sept. 2017 Defense and Intelligence Solutions, a Division of Southwest Research Institute 34
14 Sept. 2017 Defense and Intelligence Solutions, a Division of Southwest Research Institute 35
Source: xkcd.com
36
Compromised Avionics Architecture
MBC CADC FDR
Flight Data
Loader
EGIFlight &
Fire Control
HUD
BC RT RT/BM
RT
RT/BBCRT
1553 Bus
Ground Support
Equipment
Digital Stores
Computer
Fill
PortCompromised OFP
OFP OFP OFPOFP
OFP
OFP
OFPOFPInsider Threat
OFPOFP
Compromised GSE
OFP
Compromised LRU
OFP
14 Sept. 2017 Defense and Intelligence Solutions, a Division of Southwest Research Institute
14 Sept. 2017 Defense and Intelligence Solutions, a Division of Southwest Research Institute 37
Actions On Objectives
Command & Control
Installation
Exploitation
Delivery
Weaponization
Reconnaissance
Prevention products disrupt the chain here. Antivirus/Antimalware Firewalls Access Controls Verified Code
Difficult to disrupt these stages
Critical Research Needed:Identifying the exploitable vulnerabilities of legacy military systems
The Adversary is In!
Critical Research Needed:Reliably & cost effectively detecting in real-time that an intrusion has occurred
Incre
asing C
ost o
f Mitigatio
n
Ref: Lockheed Martin, “Gaining the Advantage”, 2011
• Examples Studied:◦ Denial of Service
◦ Spoofed BC-RT Message
◦ Spoofed RT-RT Message
◦ Spoofed RT-BC Message
38
Malicious
Duplicate BC
Malicious
Duplicate RT
Malicious
Data
SwRI Research Goal: Automated vulnerability assessment of legacy systems
14 Sept. 2017 Defense and Intelligence Solutions, a Division of Southwest Research Institute
Msg. Metadata Description
TxAddr Transmit Address
TxSubAddr Transmit SubAddress
RxAddr Receive Address
RxSubAddr Receive SubAddress
wc1B Word count of the previous msg
wc1A Word count of the next msg
imtg1B_us Inter-message time gap before msg
imtg1A_us Inter-message time gap after msg
… …
mjrFGT_us Gap time between major frames
14 Sept. 2017 Defense and Intelligence Solutions, a Division of Southwest Research Institute 39
SwRI Research Goal: Machine learning algorithms that automatically characterize the bus traffic and detect anomalous behavior.
Defense and IntelligenceSolutions Division,
Southwest Research Institute• Airborne
• Fixed Land Based
• Ground Mobile
• Shipboard
• Submarine
• Spectrum Monitoring
• Signal Analysis
• Geolocation
• Network & Communication
• Data Fusion & Analytics
14 Sept. 2017 Defense and Intelligence Solutions, a Division of Southwest Research Institute 41
Private, not-for-profit
Over 2,700 employees
Over 1,200 acres
2.2 million ft2 of lab & office space
Panelist: Dr. Josephine Micallef, Vencore Labs• Senior Research Director of the Systems and Cyber Security Research group at Vencore Labs,
responsible for research initiatives on computing and networking platforms, technology,methodologies, and tools to support the construction and validation of large, complex, software-intensive distributed systems to ensure highly dependable operation even under cyber-attack.
• Current research projects include computer network defense against zero-day attacks, distributeddenial of service attacks, and attacks on our critical infrastructure; cyber deception and moving-target defense techniques to thwart and deceive the adversary; malicious code detection usingprogram analysis techniques; application of theorem proving methods to automate networkconfiguration to help eliminate mis-configuration errors in cyber infrastructure that cause 50%-80%of downtime and vulnerabilities; securing the Internet of Things; and secure and privateinformation exchanges for cloud-based services.
• Previously, as a research manager at Telcordia Applied Research, Dr. Micallef worked closely withTelcordia business units to incorporate software research innovations into Telcordia products andservices. Examples include developing a model-driven approach for rapid introduction andmanagement of new communications services; tools and methodology for automating thegeneration of service-oriented interfaces; and creating workflow technology for automatingcommunications service provisioning. She was elected a Telcordia Fellow in 2007 for her manycontributions to the success of the company.
• Dr. Micallef received her PhD in Computer Science from Columbia University, where she wasselected for graduate fellowships from IBM and the American Association of University Women(AAUW). She received the YWCA’s Tribute to Women and Industry (TWIN) Award in 2000.
Comprehensive Security for Mission Systems
Josephine Micallef, PhDSenior Research DirectorSystems and Cyber Security Research
Slide 44 © 2017 Vencore Labs, Inc. All rights reserved.
Vencore Labs Rich Heritage
Leading provider of transformative, generation-after-next
applied research
Premier cyber, data analytics, cloud, quantum, mobility and advanced
networking capabilities
ORIGINALLY PART OFAT&T BELL LABS
SPUN OFF AS ACS WHENERICSSON PURCHASED
TELCORDIA IN 2012
BECAME BELLCORE/TELCORDIA
DURING 1984 BELL SYSTEM DIVESTITURE TO PROVIDE R&D
FOR THE “BABY BELLS”
A leading provider of mission-critical solutions in the federal sector
Slide 45 © 2017 Vencore Labs, Inc. All rights reserved.
Technical Capabilities Summary
Systems & Cyber Security
Data Analytics Broadband Networking
Infor Assurance & Security
Wireless Networks & Systems
Information & Computer Sciences Research Network Systems Research
Cyber Defenses & Cloud Security
Cyber Warfare
Configuration Compliance
Learning Techniques
Telematics/Automotive
Scalable Mathematical
Techniques
Big Data Analytics
Data Security & Privacy
Optics
Quantum Comms & Computing
Network Control &
Management
Next Generation Communication
Technology
Network Architecture& Protocols
Design
High Performance RF
Comms
Signal Processing Applications
Modeling & Simulation
Supply Chain Integrity
Vulnerability & Risk Assessment
Smart Grid and Industrial
Automation
Network & Operations
Standards
Network / Service
Management
Comms Systems Design
Operations Process
Engineering
Software Defined
NetworksData Quality
RF Spectrum Analysis & Tools
Mobility and Network Security
Network Virtualization
Slide 46 © 2017 Vencore Labs, Inc. All rights reserved.
DADC: Distributed and Assured Dynamic Configuration
Securing Cyber Infrastructure by Design
Slide 47 © 2017 Vencore Labs, Inc. All rights reserved.
DADC: Distributed and Assured Dynamic Configuration
Challenges
DADC Benefits
• Configuration errors cause 50%-80% of network vulnerabilities and downtime
• Complexity & interdependency make changing the network risky
– Especially under critical mission constraints
• Static, rigid networks lack resiliency and agility
• Gap between conceptualization (33 “boxes”)
– … and implementation (1154 constraints on 704 variables)
• Reduces vulnerabilities and manpower
• Proactively & reactively shifts network posture (INFOCON)
• Increases warfighter agility, flexibility and cyber resiliency
• Reduces attack surface and network down time, limits attack vector
• Undermines adversary attack planning and execution
– Moving-target defense and cyber resiliency
Slide 48 © 2017 Vencore Labs, Inc. All rights reserved.
DADC Capabilities for Planning Agile Networks
Engines:• Configuration synthesis• Diagnosis• Minimum-cost repair• Path planning• Moving-target defense• Verification• Visualization• Emulation• Distributed configuration• In-band configuration• Vendor-specific adapters
Technologies used: • SMT solvers that solve 106
constraints in 106 variables in seconds
• Group communication protocols
Why are these Engines Hard to Build?
• Need to satisfy dependencies between variables searching through extremely large spaces
• Tension between security and functionality
• Diagnosis: Components work in isolation but not together
• Repair: Removing one error can cause another
• Hard to formalize configuration language grammar documented in 100s of English pages
Current configuration
and state
DADCController
Security and functionality
requirements inintuitive, visual,
language
100% accurate configurations(computed in minutes, not
months)
Network Components
Including SDN
Slide 49 © 2017 Vencore Labs, Inc. All rights reserved.
CINDAM: Customized Information Networks for Deception and Attack Mitigation
Proactive Cyber Defense
Slide 50 © 2017 Vencore Labs, Inc. All rights reserved.
CINDAM: Customized Information Networks for Deception and Attack Mitigation
Challenges
CINDAM Approach – Leverages Software-Defined Networking (SDN)
• Today most network elements – addressing, topology, basic configuration – are static and fixed
• Adversaries therefore have long planning cycles to …
– Gather data, correlate information to identify honeypots and IDS’s to avoid, plan attack, create custom malware/exploits, wargame, revise, execute attack
• … which greatly increases their likelihood of success
• Create temporary individualized deceptive environment
– Total view from host is synthetic: IPs, networks, addresses, routers, switches
• Fake and deceptive resources move, appear, and disappear
• Real resources move, appear, and disappear
– Each host has a different view from each other, but can still communicate
– View may mutate from time to time: individualized time and frequency
– Detected attackers can be dynamically redirected to honeypots
• Requires no client or server modifications
• Users are generally unaware of customized and changing views
Server 1 View
Client 1 View @ t1
Client 1 View @ t2
Slide 51 © 2017 Vencore Labs, Inc. All rights reserved.
• Attackers cannot trust or use gathered information
– Every host has different information
– Information is invalidated upon network reconfiguration
• Attackers must re-gather the same information over and over
• Cannot correlate network information to identify fake resources
• Cannot establish stealthy comms inside the enclave
• Attack plans are forced to be specific to one host at one time
• Many attacks impossible in CINDAM environment (Man-on-the-Side, Man-in-the-Middle)
CINDAM Disrupts Cyber Kill Chain
Attacker forced to be noisy and hasty• Increases
detectability• Decreases likelihood
of success
Slide 52 © 2017 Vencore Labs, Inc. All rights reserved.
ZDay: Defense Against Novel Cyber Attacks
Real-time Active Cyber Defense
Slide 53 © 2017 Vencore Labs, Inc. All rights reserved.
ZDay: Dramatically Limit the Impact of Cyber-AttacksChallenge
• Zero-day cyber attacks (by definition) cannot be prevented
• So, is it possible to (a) dramatically limit the impact of these unpreventable attacks, (b) identify and recover compromised systems rapidly, and (c) thwart continued use of such attacks?
ZDay Approach
• Novel in situ monitoring of the behavior, resource usage, and communications of applications and their hosts
• Distributed real-time automated detection and response:
– Collect relevant data
– Detect malicious activity
– Correlate results and make decisions
– Take actions to stop and mitigate
• Employs multi-source, context-aware and risk-sensitive inference of suspicious behaviors
• Capable of suggesting (and taking) targeted reactions to curb attack yet maintain enterprise and mission operation
Without ZDay With ZDay
Benefits and Value
• Forces the attacker to operate at human decision speeds, not machine speed
• Limits attack impact to <1% of computing systems
• Operates continuously, reacts in real-time, and recovers infected systems to pre-infection condition in minutes
• Self-inoculation feature to improve future performance
• For both enterprise and tactical environments
• Supports disconnected and hierarchical operations
• Performs in a best-effort manner whenever operating in degraded and/or otherwise compromised environments
Slide 54 © 2017 Vencore Labs, Inc. All rights reserved.
1553 Bus Defender
Increasing Assurance of Fielded Systems
Slide 55 © 2017 Vencore Labs, Inc. All rights reserved.
• Lack of security on MIL-STD-1553 based systems– Systems are demonstrably vulnerable today
• Adding security to LRUs is difficult and expensive– Lack of computing resources, lack of source code, unmotivated vendors,
lack of security solutions for old, diverse, computing platforms
• Inline network-based security is promising, but…– Conventional inline network security systems — e.g., firewalls, ACLs, NIPS
— won’t work
– Even if they were somehow adapted to handle 1553 messages, the delay they introduce could cause protocol timeouts
Problem
Slide 56 © 2017 Vencore Labs, Inc. All rights reserved.
1553 Bus Defender device performs real-time, low-delay,network security filtering
• Device is inserted inline in 1553 bus to ‘lock down communications’
• Sophisticated security processing prevents a compromised LRU from successfully performing malicious activities via the bus, including, e.g.:– Attacks against other LRUs
– Malicious activities that leverage other LRUs
Solution
Stops zero-day attacks and can protect known vulnerabilities
R E S P E C T
A C C O U N TA B I L I T Y
D E D I C AT I O N
I M P R O V E M E N T
I N T E G R I T Y
Slide 57 | 9/13/2017
Panelist: Mr. Kevin Rigney, Gartner Leadership Partner Enterprise IT Leaders: Security & Risk Management
• Kevin Rigney joined Gartner with over 20 years of experience in information security and 23 years of experience with the United States Navy. With a diverse background in both technology and cross-functional leadership, he has covered a large range of security, risk, and compliance engagements for both commercial and government institutions. As CISO of one of the world’s largest pet product retailers, he was responsible for safeguarding the corporate network, millions of customer records and other sensitive corporate data while satisfying stringent FTC, PCI and Sarbanes-Oxley compliance requirements.
• Mr. Rigney’s experience includes multiple consulting/auditing roles for two public accounting firms spanning many industries, a CISO role at a $4.5 billion dollar retailer and as a Naval Officer managing cybersecurity divisions for the United States Navy. He holds a bachelors degree in Mechanical Engineering from the University of Notre Dame and is a Certified Information Systems Security Professional (CISSP), a Certified Information Security Auditor (CISA) and a Certified Information Security Manager (CISM).
• Website
CONFIDENTIAL AND PROPRIETARY
This presentation, including any supporting materials, is owned by Gartner, Inc. and/or its affiliates and is for the sole use of the intended Gartner audience or other intended recipients. This presentation may contain
information that is confidential, proprietary or otherwise legally protected, and it may not be further copied, distributed or publicly displayed without the express written permission of Gartner, Inc. or its affiliates.
© 2016 Gartner, Inc. and/or its affiliates. All rights reserved.
Leadership Vision for 2018: Security and Risk Leaders
60 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved.
Implementing Digital Platforms – A Team EffortCIO
Business
Program and Portfolio Management
Sourcing and Vendor Management
Applications
Enterprise Architecture and
Technology InnovationData and Analytics
Security
and Risk
Infrastructure andOperations
61 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved.
And a team effort is needed to address the
New Dark Side
More Complexity
Loss of Control
Different Risks
62 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved.
Key Issues
1. What is leadership in the digital age for a security and risk leader?
2. What are the major trends and challenges affecting the security and
risk leader?
3. How do leading organizations deliver the highest value using security
and risk management?
4. What actions and next practices should a security and risk
management leader and team implement?
63 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved.
Key Issues
1. What is leadership in the digital age for a security and risk leader?
2. What are the major trends and challenges affecting the security and
risk leader?
3. How do leading organizations deliver the highest value using security
and risk management?
4. What actions and best practices should a security and risk
management leader and team implement?
64 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved.
Dealing With Change and Complexity
Roles
SRM
Technology Convergence
BusinessContinuity
RiskMgmt.
Audit
PrivacySecurity
Emerging Role:
Digital RiskOfficer
65 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved.
Having a Clear Vision for Digital Security and Risk Management
Effective GovernanceAccountability
Risk Management
Organization
People
Adaptive ArchitecturePredict
Prevent
Detect
Respond
Context
Program
Intelligence
Principles
P
I
A R
S
C
Trust and Resilience
C — ConfidentialityI — Integrity A — Availability P — Privacy S — Safety R — Reliability
66 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved.
Ensuring Business Involvement in Security and Risk Governance
Base: Risk and security management. Have an information security governance body, n = 293.
IT Managers44%
Information Security Staff43%
Line-of-Business Managers
13%
Percentage of Respondents
Question: Which of the following groups represents the largest segment of members in this
information security governance body?
67 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved.
Ensuring Business Unit Involvement in Setting Information Security Policies
Base: Risk and security management, n = 297.
31%
23%
20%
14%
12%
They have involvement in developing thosepolicies that will affect their business
They always get the opportunity to reviewsecurity policies
They have involvement in approving securitypolicies
Occasional opportunity to review security policies
Business units have no involvement in settinginformation security policies
Percentage of Respondents
Question: Which of the following most closely describes the level of business units' involvement in
setting information security policies?
68 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved.
Identifying Critical New Skill Sets for Cybersecurity
Traditional Security Practices Are Shifting to:
Contextual Security Monitoring and Response
Ubiquitous Identity and Access Management
Data Classes,Data Governance
Security Awareness, Privacy and Behavior
01011
Embedded SecurityProgramming
AdvancedNetworkEngineering
PhysicalSecurityAutomation
ArtificialSecurityIntelligence
Cloud and Service CenterExpertise
69 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved.
Accelerating Generation and Convergence of Skills
What You Can Do:
▪ Focus on business outcomes, be a facilitator
▪ Automate and/or outsource security operations
What You Can Stop Doing:
▪ Believing security is a part-time job and only for your
security people
▪ Treating security as an IT-only problem
▪ Requiring on-site security staff for all security needs
✓
70 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved.
Key Issues
1. What is leadership in the digital age for a security and risk leader?
2. What are the major trends and challenges affecting the security and
risk leader?
3. How do leading organizations deliver the highest value using security
and risk management?
4. What actions and best practices should a security and risk
management leader and team implement?
71 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved.
▪ By 2020, at least one major
safety incident will be caused by
an IT security failure, leading to
significant injury.
Digital Attacks With Physical Impacts Are No Longera Novelty
Physical Impact
▪ 2007 – Stuxnet Launched Against
Nuclear Control Systems
▪ 2008 – Oil Pipeline in Turkey
Explodes
▪ 2011 – Hacking Medical Devices for
Fun and Insulin
▪ 2014 – Blast Furnace in German
Steelworks Attacked
▪ 2016 – Blackouts in Ukraine. Mining
and Rail Also Targeted
72 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved.
Digital Ecosystem Participation Is Growing
Q.Do you think your business/government or public entity participates in a digital ecosystem?
Percentage of Respondents Whose Organizations Participate in a Digital Ecosystem
73 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved.
Your Digital Ecosystem Is Growing QuicklyQ.How many important digital partners did your company/business unit/government or public entity have two years ago?
Have today? Will have two years from now?
78 CAGR 35%
38 CAGR 43%
19 CAGR 81%
2016 2018
CAGR in Average (Mean) Number of Important Digital Partners
Top Performers (n = 105) Trailing Performers (n = 24)Typical Performers (n = 712)
143
78
62
74 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved.
CIOs Know That Digital Security Is Important to Success in the Digital Ecosystem
4%
6%
6%
10%
11%
15%
19%
23%
37%
36%
2%
1%
2%
3%
4%
3%
9%
10%
17%
28%
Autonomous vehicles
Blockchain
Smart robots
Virtual customer assistants
Augmented reality
Machine learning
Business algorithms
Internet of Things (IoT)
Advanced analytics
Digital security
Overall Respondents (n = 2,362)
In short-term planning/actively experimenting Have already invested and deployed
Percentage of Respondents
30%
37%
28%
53%
27%
15%
Topperformers(n = 166)
Typicalperformers(n = 2,032)
Trailingperformers(n = 164)
Digital Security
What are your company/business unit/government or public entity's plans in terms of the following digital technologies and trends?
© 2017 Gartner, Inc.
Digital Security: Current cybersecurity and risk practices combined with digital business practices to protect all digitalized assets of an organization, whether at the core of the enterprise or at its edge.
75 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved.
Safety, Reliability and Privacy Become Cybersecurity Imperatives
The New Model for Cybersecurity
Integrity
Data
People
Environments
Confidentiality
Availability
Safety
Privacy
Reliability
Resilience
Trust
76 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved.
Key Issues
1. What is leadership in the digital age for a security and risk leader?
2. What are the major trends and challenges affecting the security and
risk leader?
3. How do leading organizations deliver the highest value using security
and risk management?
4. What actions and best practices should a security and risk
management leader and team implement?
77 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved.
Executing Against the Vision
Effective GovernanceAccountability
Risk Management
Organization
People
Adaptive ArchitecturePredict
Prevent
Detect
Respond
Context
Program
Intelligence
Principles
P
I
A R
S
C
Trust and Resilience
C — ConfidentialityI — Integrity A — Availability P — Privacy S — Safety R — Reliability
78 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved.
Formalizing a Digital Security Program
Enterprise Security Charter: Executive Mandate
Terms of Reference: Reference Model
Governance Structures: Accountability
Annual Strategy Plan: Roadmap
Security Processes: Execution
GA
CXT
PGM
INT
PRNT&R
79 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved.
Instituting a Security and Risk Governance Process
Decide Acceptable
Risk
Enable Risk Control
Assure Control
Effectiveness
GA
CXT
PGM
INT
PRNT&R
Set and Manage Accountability and Decision Rights
80 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved.
Using Principles to Guide the Program
Risk-Based
Data Flow
Facilitator
Detect and Respond
Business Outcomes
Owner Accountability
People-Centric
GA
CXT
PGM
INT
PRNT&R
81 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved.
Implementing an Adaptive Security Architecture GA
CXT
PGM
INT
PRNT&R
82 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved.
Key Issues
1. What is leadership in the digital age for a security and risk leader?
2. What are the major trends and challenges affecting the security and
risk leader?
3. How do leading organizations deliver the highest value using security
and risk management?
4. What actions and best practices should a security and risk
management leader and team implement?
83 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved.
Tying It All Together: The Strategy Plan
The Sentiment — Cognition Model
2025 Security Scenario
Strategy Planning Process
84 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved.
Manage Technology Hype
Sample Above Generated Using Gartner's "Toolkit: My Hype Cycle, 2016"
Create Your Own
Hype Cycle
85 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved.
Prepare to Participate in Digital Trust Ecosystems
Digital Business Digital Business Held Togetherby Digital Trust
86 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved.
Plan for Continuous Adaptive Risk and Trust Assessment (CARTA)
© 2017 Gartner, Inc.
Continuousvisibility and assessment
Policy
Attack Protection
Adjustposture
Monitor posture
Adjustposture
Implementposture
Access Protection
"Keep Bad Stuff Out" Defense Posture
"Let Good Stuff In" Access Posture
Continuously Monitor; Assess
Risk and Trust
Enable Adaptive Responses
87 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved.
✓ Develop a compelling vision for risk and security management by building resilient
processes and infrastructure and establishing effective governance. Adapt the
strategic objectives of our risk and security program to include the crucial aspects
of privacy, recovery and safety. (See "CISOs Need to Understand the
Components of Their Information Security Programs.")
✓ Embrace the principles of trust and resilience by enshrining them in our security
strategy. Implement an annual strategy planning project, and review it quarterly for
relevance. Use scenario planning to test our hypotheses. (See "Security
Management Strategy Planning Best Practices.")
✓ Develop and evolve an adaptive, context-aware security architecture by ensuring
appropriate investment. Aim for continuous adaptive risk and trust assessment
capabilities. (See "Designing an Adaptive Security Architecture for Protection
From Advanced Attacks" and "Use a CARTA Strategic Approach to Embrace
Digital Business Opportunities in an Era of Advanced Threats.")
Our Next Action Steps
88 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved.
Recommended Gartner Research(to assist you in delivering this presentation)
"Managing Risk and Security at the Speed of Digital Business"
Tom Scholtz
"Digital Trust — Redefining Trust for the Digital Era: A Gartner Trend Insight
Report"
Felix Gaehtgens and Ant Allan
"Use a CARTA Strategic Approach to Embrace Digital Business
Opportunities in an Era of Advanced Threats"
Neil MacDonald and Felix Gaehtgens
"Cybersecurity Scenario 2025: Outrageous Intelligence"
Jeffrey Wheatman
For more information, stop by Gartner Research Zone.
Panelist: Mr. Samuel Wanderi, Owner, MenyaCommunications Ltd
• Mr. Samuel Wanderi has over 17 years of cyber security experience working oncomplex high visibility systems. He is a retired field grade Army Signal Officerand Managing Partner of Menya Communications LTD. A cyber security firmproviding professional services nationwide in both the public and private sectorfor over a decade.
• He holds the highest industry professional certifications in every category ofDOD 8570 including the CISSP – ISC² (Certified Information Systems SecurityProfessional), GSLC - GIAC (Security Leader Certification), COR – Government(Contracting Officer Representative), CCNA - Cisco (Certified NetworkAssociate), and CEH – EC-Council (Certified Ethical Hacker).
• During his time in the service, Mr. Wanderi sent up and secured complexnetworks in combats zones during OIF and OEF deployments. He earned afunctional area designation of 53A as a Cyber Security Professional from theArmy Cyber Center of Excellence in FT Gordon, GA, and a Masters of Science inCyber Security from Syracuse University. Mr. Wanderi is an active member ofISC2, Security MBA, Technology First, AFSEA, and Dayton Defense Association.
• Website
enyaCommunications Ltd.
Samuel Wanderi MSIM CAIS CISSP CCNA GSLC CEH COR
Agile vs. Cyber
Agenda
• Overview of Industry Direction
• AGILE in DoD
• Cyber in DoD
• People Solutions
• Process Solutions
• Technology Solutions
DOD Direction
• Providing the Warfighter’s Edge (Lt Gen JT Thompson AFLCMC)
• Aircraft Structural Integrity Program (ASIP)• Teaming/Relying on each other• Cyber resiliency of weapon systems
• Keeps me up at night (B Gen Anthony Genatempo F22)
Competition: Sukhoi PAK FA T-50; Chengdu J-20
Who can deliver faster - AGILE (MOD development)
• Stay ahead of Adversary• Increase Resiliency • Increase Adaptability• Increase Security or Reduce Risk
Cyber Security Direction
AGILE Manifesto Direction
Pro
• Individuals and interactions
• Working software
• Customer collaboration
• Responding to change
Con
• Processes and tools• comprehensive
documentation• contract negotiation• following a plan
That is, while there is value in the items on the right, we value the items on the left more.”
AGILE & Cyber Challenges
• The pressure of short iteration (Bartsch, 2011) (Securosis, 2013).
• Lack of information security knowledge (Securosis, 2013)
• Lack of security awareness (Bartsch, 2011)
• In-compatibility of security activities and agile methodologies (Keramati & Mirian-
Hosseinabadi, 2008)
Secure AGILE Processes
• Scrum• The Security Sprint Approach
• Every-Sprint approach
• S-Scrum “Spikes”
• Secure Scrum
• Extreme Programming• SQUARE (Security Quality Requirements Engineering)
• Dynamic Systems Development Method• Role-based Extreme Programming (XP) for Secure Software Development
Cyber (REAL World)
• Standards:• ETSI Cyber Security Technical Committee (TC CYBER)• ISO 27001 and 27002• Standard of Good Practice• NERC• NIST - National Institute of Standards and Technology• ISO 15408
• Not Enough Professionals to go around
• Cyber Professionals also have Strengths and Weaknesses
• Continuous Testing & Training for everyone
• Cyber Hygiene - everyone has to be involved
AGILE Cyber Technology
GSA has been working with the Office of American Innovation (OAI) and American Technology Council to improve the process to achieve an Authority to Operate (ATO) alone the following dimensions:
• Reducing toil that inhibits our ability to scale improvements
• Decreasing errors from manual activities
• Increasing speed to process (approvals and identification of issues)
• Increasing value-add of machine-readable data for improving risk management
One key component of this effort is identifying ways to incorporate automation into the ATO process. To assist agencies and industry collectively, GSA would like to have a better understanding of the existing commercially available products, and practices, that the government could use to automate any portion of the ATO process
Solutions
• Must Face Reality (Myth Busting)• Fight the Fight not the Plan
• Cyber is Crime (No Quick Fixes)
• Current Cyber Process is Linear not AGILE
• Cyber is bigger than IT & Engineering
• Systemic Changes is Needed• People
• Process
• Technology
LCID Cyber PanelQuestion & Answer