Cyber Security for Command and Control Systems - SIGE

Transcrição

Cyber Security
for C2 Systems
SIGE XVII 30 September 2015
Per M. Gustavsson, PhD
Principal Research Scientist
[email protected]
© 2015 Per M. Gustavsson, SIGE XVII, Sao José dos Campos
2
DET SOCIALA KONTRAKTET
Members in a state give up
some of their rights for
protection.
From Wikipedia
C4I(SR) “Systems Include:
People
 Individuals
 Organizations
Process
 Standard Procedures
 Information Flows
 Decisions Rights
Infrastructure
 Communications gear
 Computers
 Sensors
Data
Good System Design must
have a balanced
consideration of all these
dimensions!
People
 Individuals
 Organizations
Process
Infrastructure
 Computers
 Sensors
Data
have a balanced
dimensions!
ART OF WAR
Know your self …
6
READINESS
DESIGN
ORGANISATION
INPUT
Education &
Training
Tasks
Systems
Equipment
Supplies
OUTPUT
Capability &
Readiness
COMMAND AND CONTROL
Versatile
Maturity
Complexity
After Nato Newtwork Enabled Capabilities, Hayes et.al Focus and Convergence (2008), Per Gustavsson 2010 (Cope with Change)
DECISION MAKING PROCESS
situation
object
sensing
WARNO
OPORD
Observation
COLLABORATIVE DECISION MAKING
situation
object
sensing
Initial
Intermediate order
Intermediate order
Completed order
Observation
Planning, C2 and Operational Maturity after
Alberts & Hayes (2007)
Operativt
COMMAND AND CONTROL
PAGE 12
CYBER
Purposeful:
Cyber Defence
Threats:
Cyber
War
Security
Strategic:
National, Organizational
Prescriptive
Resilience
Policies, Planning,
Education, Training
Terrorism
Information Assurance
Intelligence
Espionage
Information Security
Infrastructure
Crime
Telecommunications Systems
Operational:
Organizational
Predictive, Pro-Active
Respond, Mitigate , Recover
Planning, Course of Action
Analysis
Connected Computing Devices
Hacktivism
Stored information
Applications
Hackers&Crackers
Transmitted data
Services
Accidental:
Personnel
Natural Causes
Miss configurations
Tactical:
Individual, Organizational
Reactive, Pro-Active
Respond
Maneuvers, Actions,
Mission Rehearsal
Operativt
CYBER STRATEGY OPERATIONS
Absorb
 Invisible
Deny objectives
 Response
Deny objectives and Impose cost
 Low Visibility
 Proportional
Deny objective, Impose Cots and Deter further attacks
 Divert, Disrupt, Destroy
 High visibility
15
People
 Individuals
 Organizations
Process
Infrastructure
 Computers
 Sensors
Data
have a balanced
dimensions!
The C2 Challenge
GBS
BFT/
FBCB2
TAIS AFATDS
ISYSCON v4
SKL
Warlock
DCGS-A
DCGS-L
SIPR, NIPR VOIP
DTSS
BCS3
ADAM Cell
Command
Post
CPOF
EPLRS
TACSAT
AN/PRC-150C
MCS
IDM-T
Smart-T
117G
JNN
IMETS
GCCS-A
BCCS
DTSS
ACT-E
Enablers
Displays,
Shelters & ECUs
* Partial System
ASIP
SINCGARS
MC OTM
Generators
© 2015 Per M. Gustavsson,
SIGE XVII, Sao José dos Campos
Listing
A2C2S
CSS VSAT
18
System Architecture Final Demonstration
INFORMATION CENTRIC INTEGRATION
Transformation between two object
models is defined in an object model
transformation file.
T
T
T
T
Transformation
Transformation
Datamanager
Datamanager
Object
Model
1
Common
Object
Model
Connectivity Driver
<Protocol 1>
Memory
Datamanager
Object
Model
2
The structure of a database is
defined in an object model file.
The connectivity project file defines
the combination of drivers, object
models and object model
transformations.
Connectivity Driver
<Protocol 2>
Separate Application, Interface (Protocol) and
Information from each other
RTO-MP-MSG-076 #14 2010-09-17 Per M. Gustavsson
MULTILEVEL SECURITY – BY INFORMATION CENTRIC INTEGRATION
Zone 1
© 2015
Zone 2
T(x)
T(x)
T(x)
T(x)
Datamanager
Datamanager
Datamanager
Datamanager
Information
Zone 1
Object
Model
Information
Exchange
Object
Model
Information
Exchange
Object
Model
Information
Zone 2
Object
Model
Connectivity Driver
RTPS
Connectivity Driver
SSL
Connectivity Driver
SSL
Connectivity Driver
RTPS
IP
IPSec
IPSec
IP
Network
Network
Network
Network
An Information Exchange Object Model Only contains
information that are to be exchanged.
Sieves and Filters (Data Diode) allows and prohibits
information
to leave and enter
Per M. Gustavsson, SIGE XVII, Sao
José dos Campos
RTO-MP-MSG-076 #14 2010-09-17 Per M. Gustavsson
22
Central defence
Abandoend 1900
24
Meeting new
technology with old
methods, often give
old results
25
EMERGING TECHNOLGY TRENDS
2014
IoT
Autonomus Vehicles
Big Data
Kritisk Infrastruktur
Integritet
Smart Robots
Quantum
Cloud
Often no usable products exist
Producers of the technology
shake out or fail
success stories and scores of
failures
how the technology can benefit
the enterprise start to crystallize
2nd-3rd generation
Mainstream adoption starts to
take off
26
© 2014 Gartner
2009
Expectations
Visibility
2010
Cloud Computing
2011
2008
2012
2013
2014
Own
IaaS
PaaS
SaaS
Client
Client
Client
Client
Software
Software
Software
Software
Platform
Platform
Platform
Platform
Infrastructure
Infrastructure
Infrastructure
Infrastructure
You will not transfer
the responsability
shake out or fail
failures
2nd-3rd generation
take off
27
After Gartner 2008-2014
Expectations
Visibility
2014
Internet of Things
2013
2012
2011
Gadgets används på
andra sätt än vad de
byggdes för 
säkerhets
utmaningar
Mainstream
adoption
starts to
shake out or fail
failures
2nd-3rd generation
take off
28
Expectations
Visibility
Autonomous Vehicles
2014 AV
2013 MR
2013 AV
2012 AV
2014 SR
AV – Autonomous Vehicles
SR – Smart Robots
MR – Mobile Robots
shake out or fail
failures
2nd-3rd generation
take off
29
AUTONOMOUS SYSTEMS
and Cyber SecurityHET
COM
ADS-B
Mission plan
Video
Radar
IR
Control Systems
Förhindra CPU/HW att fungera som tänkt – Buffer
overflow, system resets, malicious code, HW
förändringar
GPS
IMU
Magnetometer
Application Logic
Felaktig data – Manipulering av sensorer, system
status data, navigations data, C2
Guidance
Navigation
Control
Communication
Control System: Bryta sig in i
kommunikationsprotokoll och därefter nå access
Application Logic: EW
Pitot system
Hardware attack –Access to
physical system
Communication Attack – via
communication or support
systems
Sensor Spoofing – False data
30
Expectations
Visibility
Quantum Computers
2014
2013
2012
© 2005 Roy Kasltschmidt
2011
shake out or fail
2nd-3rd generation
take off
QUANTUM and Cyber Security
Quant computers calculate faster
Quant Crypto provide better key distribution
D Wave Systems Inv
32
QUANTUM and Cyber Security
Quant computers calculate faster
Quant Crypto provide better key distribution
Vadim Makarov
Lars Lydersen
Eavesdropping Quantum Crypto key Distribution, 2010
33
cid:0C81BA14-3DA9-4238-BF5E-EC5B3406DE64
© 2015 Per M.
3 Gustavsson, SIGE XVII, Sao José dos Campos
35
People
 Individuals
 Organizations
Process
Infrastructure
 Computers
 Sensors
Data
have a balanced
dimensions!
Per M. Gustavsson, PhD, CIAO, CMSP
Principal Research Scientist @ Combitech (since 2013)
Cyber and Information Security Epert
Principal Research Scientist @ Swedish National Defence College
Command and Control Science – Focusing in the Effectiveness of using digital C2
systems (since 2013)
Principal Research Scientist @ George Mason University, VA
Center of Excelence in C4 (since 2007)
CO-Chair IEEE/SISO (2006-2014) - C2SIM interoperability
Coalition Battle management Language (C-BML) 2014
Military Scenario Definition language (MSDL) 2008
SAAB 2006-2013
Ericsson Microwave Systems 1998-2006
2nd Lieutenant Swedish Armed Forces 1986-1991
39
© 2015 Per M. Gustavsson, SIGE XVII, Sao Joséhttp://hackmageddon.com
dos Campos
40
© 2015 Per M. Gustavsson, SIGE XVII, Sao José dos Campos http://hackmageddon.com
41
http://hackmageddon.com/category/security/cyber-attacks-statistics/
JANUARY 2015
43
10 FEBRUARI – NEWSWEEK - TWITTER
44
14 FEBRUARI 2015 - Al Ittihad - UAE
45
23 FEBRUARI 2015 – MOD - CHILE
46
8-9 APRIL 2015 – TV5MONDE - FRANCE
APT28 Pawn Storm
Phising malware i
datorerna sedan
Januari
47
48
Europeiska Unionen
6000 km from
Brussels
EU Headline Goal
2003,2010
50
VÄRLDEN
51
The world is as it
used to be
But it looks
different
53
54
55
56
57
58
59
We re helpful
We are curious by nature
© 2015 Per M. Gustavsson, SIGE XVII, Sao
José dos Campos
© wikipedia
C4I(SR) Systems Include:
People
 Individuals
 Organizations
Process
Infrastructure
 Computers
 Sensors
Data
GOVERNANCE
Zachman Framework
(1980s)
C4ISR Architecture
Framework (1990s)
The Open Group
Architecture
Framework (TOGAF)
(mid-1990s)
DoD Architecture
Framework (DoD AF)
(2000s)
History of Architecture
Framework for
Information Systems
C4ISR Architecture Framework  DoD AF 1.0  DoD AF 2.0
Operational View
Systems View
Technical Standards View
Service View
Capability View
Zachman Architecture Framework
© 2015 Per M. Gustavsson, SIGE XVII, Sao José dos Campos Source: The Zachman Framework for Enterprise Architecture
- 63 -
Determining the Architecture Model
Contextual Security Architecture
Conceptual Security Architecture
Logical Security Architecture
Physical Security Architecture
Component Security Architecture
Operational Security Architecture
Architecture is a high-level description of
system.
 Intended use
 Scope
 Characteristics to be captured
 Organization of data for designing a
system
- 64 -
Reference: Enterprise Security Architecture – A Business-Driven
Information Security Requirements
Assurance Requirements
 Example:
 SC-3: Security Function Isolation.
Information Security Requirements
Functional
Requirements
For defining security
behavior of the IT
product or system.
The information system isolates
security functions from non-security
functions.
Functional Requirements
 Example:
Assurance
 VLAN technology shall be created to
Requirements
partition the network into multiple
For establishing
mission-specific security domains.
confidence that the
security function will  The integrity of the internetworking
perform as intended.
architecture shall be preserved by
the access control list (ACL).
- 65 -
Managed Secuirty Services
Core services MSS
Operations
Log management
Network security
Application security
(D)DoS-mitigation
Operations of security components
Monitoring
Intrusion
Compliance
Client specific rules
KPI
Analysis
Intelligence
Threat levels
Trends
Add on services
Pre studies and design
Requirements analysis
Architecture
Incident Response Team (IRT)
Log management
Continuity planning (BCM)
Reoccurring proactive actives
Practice and education
Vulnerability scans
System hardening
Response services
Crisis management
Management and support in incident
management
Technical analysis and forensics
Reference Monitor
A reference monitor is an
abstract machine that
mediates all accesses to
objects by subjects
Reference monitor is
performed by a reference
validation mechanism
where it is a system
composed of hardware, Subject
firmware, and software
Security Policy
Certification &
Enforcement Rules
Access Request
Reference
Access Permitted
Monitor Validation
Mechanism
Objects
Access Log
Log information
Reference: DoD 5200.28-STD, Trusted Computer System
Evaluation Criteria (TCSEC), December 26, 1985.
- 67 -
Team
Mail
SharePoin
t
Disk
File
Shredder
Sign
HIPS and
Firewall
Applicati
on
Control
Network
Access
Control
Cyber
Wireless
Security
Device
Control
Content
Encryptio
n
Antivirus
Antispyw
are
Tactical
Images from Combitech, Airbus, FOI, GMU, ITA, SAAB
APT - SA
A Cyber Security Situational Awareness Framework
to Track and Project Multistage Cyber Attacks
INTRODUCTION/BACKGROUND
Targeted attacks are formed around the activities of selection of targets and then launching attacks on such selected
aims. On a highly sponsored level, they take the shape of multi-year intrusion campaigns with well-resourced and managed
operations, such threat actors are known as Advanced Persistent Threats (APT). APTs usually perform multistage attacks
(Vries et al. 2012) in which at each stage, the attackers gain a certain level of privileges to start a new stage, they
proceed similarly to attain the final goal.
A Security Operations Center (SOC) has its outmost goal to timely detect, respond to, protect from, restore and
mitigate effects of Cyber-attacks in order to enable cyber defenders to react to events more efficiently, a SOC needs to
be able to project the opponent’s next moves and intentions. Thus, it requires large scale data collection and analysis
capability while obtaining Cyber Situational Awareness (CSA).
The approach described in this study combines the use of Attack Trees and Intrusion Kill Chain to model the behavior of
advanced multistage attacks against layered security architectures, while collecting and mining large amounts of event log
data using Apache Hadoop and its related projects.
FRAMEWORK
This research framework has the following components:
Layered Security architecture Model
The security architecture structures the system to be protected in a series of layers of privilege levels. The rationale is to
position the most valued assets inside internal layers of the architecture thus, to access those assets a multistage attack
(at least one stage to bypass each layer) should be expected from the intruder.
Privilege
Prevention Devices
Detection Devices
External
Assets
External Host Files, Management team
credentials
Firewall,External Host ACL
NIDS, HIDS at External Host
Internal Ring
Security Server Files, Firewall ACL,
Internal Host files, Admin credential
Firewall. Internal Host ACL
NIDS, HIDS at Internal Host
Level
Ring
Defenders must be confident that the attackers achieve their goals using a model with such phases
(Hutchins et al. 2011).
Intrusion Management System (IMS)
The IMS provides rapid processing of large amounts of log data (structured or unstructured logs in text
files) from different sources and collected during a big time frame (1-2 years or more). This system is
adopted from our previous research (Bhatt, Yano 2013) and helps in searching out malicious kill chain
patters in huge amounts of logs using Apache Hadoop and its related technologies for collecting,
management and storage of huge amounts of log data.
CONCLUSIONS
Layered Security Architecture
Multistage attack model
In our proposal, multistage attacks are modelled using attack trees. The final goal of an attack is a privilege level required
to access a desired asset
Security Files Server
Admin credential
Internal Host access
Firewall ACL
External ring host access
Management team credential
Attack Tree for Layered Architecture
For modelling stages of each intrusion we adopted the Intrusion Kill Chain Model. It consists of seven phases that an
attacker must follow to carry out intrusions.
The framework described in this research is based on Apache Hadoop and related technologies for processing huge
amounts of log data collected from multiple sources. It helps in obtaining CSA by digging out important insights about
malicious multistage attack patterns.
Experiments with this framework were performed to reconstruct kill chains for each compromised layer of security
architecture and their projection with attack trees, in order to understand the intent of the intruder and gain actionable
intelligence for defending against next possible targets of a multistage attack. Finally, the CSA capabilities put forward in
this study enhance a SOC to track and project multistage cyber-attacks
REFERENCES
Bhatt P., Yano E.T.(2013), “Analyzing Targeted Attacks using Hadoop applied
to Forensic Investigation” The Eight International Conference on Forensic Computer Science.
Bjarnolf P., Gustavsson P.M., Brax C., and Fredin M. (2008), Threat Analysis Using Goal-Oriented Action Planning. In Proceedings of the Fall
Simulation Interoperability Workshop
Factors: The Journal of the Human Factors and Ergonomics Society, vol. 37, pp. 32-64, 1995.
G. P. Tadda och J. S. Salerno, ”Overview of Cyber Situation Awareness,” in Cyber Situational Awareness, S. Jajodia, P. Liu, V. Swarup och C.
Wang, Red., Springer, 2010, pp. 15-25
Hutchins Eric M., Cloppert Michael J., Amin Rohan M,(2011) “Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary
Campaigns and Intrusion Kill Chains” ICIW2011
IMG-S Integrated Mission Group for Security (2012), “IMG-S Position paper for Horiztion 2020,” IMG-S, 2012.
Kowtha S., Nolan L. and Daley R.,(2012) ”Cyber security operations center characterization model and analysis,” i 2012 IEEE Conference on
Technologies for Homeland Security (HST)
Parth Bhatt, Dr. Edgar Toshiro Yano, Dr. Joni Amorim, Dr. PerInstituto
M.Tecnológico
Gustavsson
de Aeronáutica ,São José dos Campos, Brasil
1
3Combitech
2University of Skövde, Skövde, Sweden
Sweden / Swedish National Defence College / George Mason University, USA
Evaluation Criteria
Canadian
Criteria
(CTCPEC)
1993
Orange Book
(TCSEC) 1985
Federal
Criteria
Draft 1993
UK Confidence
Levels 1989
German
Criteria
ISO 15408-1999
Common Criteria
(CC)
V1.0 1996
V2.0 1998
V2.1 1999
ITSEC
1991
French
Criteria
Trusted Computer System
Evaluation Criteria (TCSEC)
 Evaluates Confidentiality
Information Technology Security
Evaluation Criteria (ITSEC)
 Evaluates Confidentiality,
Integrity and Availability
Common Criteria (CC)
 Provided a common structure
and language
 It’s an International standard
(ISO 15408)
- 70 -
71
BUT WHERE DO I START
LEADERSHIP NEED TO SUPPORT
GOVERNANCE
RISK MANAGMENT
COMPLIANCE
Require (when it make sens)
ISO 270001 Certifiction from your vendors
Common Criteria
72
DEVELOPER - read Viega and Mc Graw
Principle 1: Secure the weakest link
Principle 2: Practice defense in depth
Principle 3: Fail securely
Principle 4: Follow the principle of least privilege
Principle 5: Compartmentalize
Principle 6: Keep it simple
Principle 7: Promote privacy
Principle 8: Remember that hiding secrets is hard
Principle 9: Be reluctant to trust
Principle 10: Use your community resources.
USER – Whatch out !
Facebook?
74
Thank you for
your attention
?
77
78
79

Cyber Security for Command and Control Systems - SIGE

Transcrição

Documentos relacionados

EVALUATING BIOCHEMICAL INTERNET RESOURCES Lima, R.M.

GM Auto Trade Union committee ITUA/MPRA Brothers and sisters

Ground Transportation From S˜ao Paulo/Guarulhos to S˜ao José

here - Gecad

Implications of dos Santos` declared intention to resign

tx" ` id,.{fqE : 000003 .

Probabilistic Model for Recidivism in an Agricultural Penitentiary in

Title Calibration of correction factors for the daily lightning quantities

0154 - Tractebel Energia

artificial neural networks applied in quantitative chemical analysis