cptb beta specification sheet - acquired data...
TRANSCRIPT
CPTBBetaSpecification Sheet
OverviewThreatSurfaceSolutionsGroup(TSSG)isapartnershipofpremiercybersecuritycompanies
whoseprincipalshavedirectlyencounteredcyberadversaries,dissectedtheirmotivations,and
thwartedtheirattemptstobreachcriticalinfrastructureandnationalsecurityassets.Ourfocus
ontestandmeasurement(T&M),testandevaluation(T&E),cybersecurity,softwareand
hardwareplatforms,andriskmitigation,allowsustooffercomprehensivesolutionstoprotect
connecteddevicessuchasInternet-of-things(IOT)products,andIndustrialIoT(IIOT)systems
frompenetration;mitigatingtheliabilityofmanufacturers,andprotectingtheconsumerfrom
possiblecatastrophicloss.OurfocusisonSmartDevices,SmartHouseholdAppliances,Power
Grids,MedicalDevices,Transportation,andHVACsystemsincriticalITInfrastructuresuchas
Federal,State&LocalDataCenters
Wecombinefunctionalandcybersecuritytestingintoaplatformthatwearecallinga
CybersecurityPhysicalTestBench(CPTB).Webelievesupportingbothfunctionalandcyber
testinginallphasesoftheproduct/systemlifecycleisbecomingincreasinglymoreimportant.
TheevidenceforthisisshownbythedemonstrationsofIoTdevicesbeingabletocausepeople
physicalharm,andIoTdevicesincreasinglybeingusedinournation’scriticalinfrastructure.
Weareusingourteam’sexperienceconductingT&MandT&EfortheNationalInstituteand
StandardsandTechnology(NIST),andworkingwiththeNISTCyberSecurityFramework(CSF)to
haveaclear,structuredapproachforcommunicatingourtoolstestresults.Thisapproachallows
ustomapresultsintoindustryspecificstandardstoshowcompliancewhereappropriate.With
thismethodology,wecanprovidecyber&functionalevidenceofcompliance,andaquantitative
metric.
ShortfunctionaldescriptionCPTB:
CPTBisasoftware/hardwareplatformdesignedtotestconnecteddevicessuchasIOTdevices
forsafetyandfunctionagainstcybersecuritythreats.TheCPTBconsistsofasoftwaresuite
designedtofacilitatelarge-scaleTCP/IPnetworkcommunicationstesting,aswellasdata
acquisitionhardwaretomonitorandcontrolphysicalparametersfromtheDeviceUnderTest
(DUT).ThegoaloftheCPTBistoensurethesafetyandfunctionoftheDUTasitoperatesunder
normalconditionsduringcybervulnerabilityandpenetrationtesting.TheCPTBusestheCSFto
communicatesecuritycategoriesthatarebeingtested.TheCSFcanhelptoidentifyDUTbest
practices.WhilethisfunctionisoutsidethescopeoftheCPTB,theDUTbestpracticescanbe
addedtotheCPTBreports.Ourplatformtakesmaximumadvantageofavirtualizedoperating
systemarchitecturesforeaseoftestingcomplexnetworkflowanddataacquisitionscenarios.
Networkparameterssuchasroutehops,delay,jitter,MTU,andlatencycharacteristics,aswellas
physicalparameterssuchasdataacquisitionratesandtolerancesareconsideredtobevariable
testconditionstoprovidearbitrarycomplexity.Thetestresultsreflect:existenceoffirewall
connectivity,end-to-endthroughput,bandwidthandjittercharacteristics,andrealapplication
layerproxyfirewallfunctionality.CPTBoperateswitheitherin-bandorout-of-bandstateful
signalingoverTCPbasedSQLport3306tobeinitiatedfromeachEndpointtotheMasterConsole
server.Inaddition,CPTBwillhaveStatisticalProcessControlandTestDataManagementfor
analysissuchasFirst(1st)PassYieldandProcessCapability(Cp,Cpk).
Figure1indicatesthehigh-leveloverviewofsysteminputsandoutputs(IO)fortheCPTB
softwaresuite.Thesoftwareoperationalstatesarebrokenintothreemainfunctions:Endpoint
Mode,MasterConsoleMode,andfinallyReportingMode.TheGraphicalUserInterface(GUI)is
thepreferredmethodofallnon-Endpointoperations.
TheCPTBcanbetailoredtoalargenumberofconnecteddevices.Itsmultifunctiondata
acquisitionhardwarecanmonitorsignalssuchRadioFrequency(RF),Acoustic/Vibration,and
CPTB Test Data Flow
Figure#3
Protocolsthatwillbedelivered:a. TCP/IP,UDPb. NATc. SQL,DNS,sshV2,ftppassivemode,http,httpsd. AnyEnterpriseProtocolsRecordede. MODBUSf. CANBUSg. Profibush. CustomBusesandProtocols
InputDataSetsthatwillbedelivered:
a. XML
b. FlatFile
c. CSV
CyberandPhysicalProtocols UnifiedInterface
ProtocolCoverage
Reportformatsthatwillbedelivered:a. HighlevelmeasurementscommunicatedwiththeNISTCyberSecurity
Framework,basedonlowerleveldetailedmeasurements.b. GUITables(Lowerleveldetailedmeasurements.)c. FlatFile(Lowerleveldetailedmeasurements.)d. CSV(Lowerleveldetailedmeasurements.)e. 1stPassYieldf. ProcessCapabilities
Softwarethatwillbedelivered:a. CPTB1.0BetaInstallerb. CPTBBetaMonitorandControlSoftware
RecommendedTypesofDevicesUnderTest(DUT):a. VirtualMachinesb. WindowsandLinuxOSbasedDevicesc. IoTDevicesd. ConnectedDevices(WearedefiningtheseasIoTdeviceswithinbigger
systems.(Ex.SmartHomesandAutomotiveVehicles)
TypesofSimulated/Emulateddevices:a. VirtualMachinesb. WindowsandLinuxOSbasedDevicesc. IoTDevicesd. ConnectedDevices
ScaleofDUT:
a. 400,000flowsperrun,onaWindows2003(orlater)serverw/4GHZprocessor
b. 1DUTc. AnalogI/O
d. DigitalI/Oe. Relays
ScaleofSimulated/Emulateddevices:a. 400,000flowsperrun,onaWindows2003(orlater)serverw/4GHZ
processorb. AnalogI/O(Simulated/Emulateddevicesrequiredareusecase
dependent).OurBetadeliverywillhavethecapacityfor32AnalogInputchannels(Voltage+-10V),16AnalogInputchannels(Voltage+-10V),and16AnalogOutputchannels(Current+-21.5mA).Themixofchannelswillbeagreeduponbeforedelivery.)
c. DigitalI/O(Simulated/Emulateddevicesrequiredareusecasedependent.OurBetadeliverywillhavethecapacityforatleast32DigitalInput/outputchannels.)
d. Relays
Hardwarethatwillbedelivered,seediagramandtablebelow:a. Packagingb. Interfacesc. Power
HardwareSpecifications
CPU:IntelAtomE3825NumberofCores:2CPUFrequency:1.33GHzOn-dieL2cache:1MB(shared)FPGAType:XilinxKintex-77K70TInputVoltageV1:9Vto30VInputVoltageV2:9Vto30VMaximumpowerconsumption:40WTypicalbatterylife:10YearsNumberofReconfigurableI/OSlots:4
OperatingSystem
SupportedOperatingSystem:NILinuxReal-Time(64-bit)SupportedApplicationSoftware:LabVIEWReal-time2014orlaterDriverDependency:NI-RIODeviceDriversAugust2014orlater
FrontI/O
Network/EthernetPort:2NetworkInterfacePortsUSB,AConnector:2StandardportsUSB,BConnector:1StandardPortMiniDisplayPort:1Port,2506x1600resolution@60HzSerialPorts:RS-232,RS-485/422SDCartSlotSupport:SDandSDHCstandardsReconfigurableI/O
AnalogInputModules(Current/Voltage)AnalogOutputModules(Current/Voltage)DigitalI/OModulesMODBUSInterfaceModulesCANInterfaceModulesTemperatureInputModulesMotorDriveInterfaceModulesLocalInterconnectNetwork(LIN)InterfaceModulesSerialCommunicationInterfaceModules