cyber security awareness for smallsat ground networks
TRANSCRIPT
Colorado Springs, CO (719) 598-2801 Denver, CO (303) 703-3834 Chantilly, VA (703) 488-2500 http://www.rtlogic.com
Cyber Security Awareness for
SmallSat Ground Networks SSC16-IX-02 SmallSat 2016
Ted Vera
8/9/2016 2
Threat Overview
• Verizon’s 2016 Data Breach Investigations Report
– Summarizes 64,199 cyber security incidents, 2260 with confirmed data
loss that occurred in 2015
• Intel Security / McAfee estimates annual cost to global economy from
cybercrime is >$375B
• Attacks targeted all types of public & private organizations
SmallSat Tip: The threat is real, care should be taken when designing SmallSat ground networks
8/9/2016 3
Threat Overview
• RF Based Threats
– SmallSat ground networks must also consider RF based threats
– Amateurs, enthusiasts and potential adversaries are always “listening”
– Findings are documented on enthusiast websites such as
SatBeams.com, FeedHunter.com, FastSatFinder.com
– Hacker conferences such as DEFCON
SmallSat Tip: When possible encrypt all RF links, even unencrypted meta-data can be a potential vulnerability.
• Mission unique equipment
– RF processing (ie: radios, modems, up/down converters, recorders,
multiplexers, telemetry front-end processors, etc)
– Test equipment (ie: spectrum analyzers, o-scopes, channel simulators)
• Specialized protocols
• Specialized applications
– Software defined radio
– C2 software
• IOActive
– A Wake-up Call for SATCOM
Security Technical Whitepaper
Mission-Unique Attack Surface
8/9/2016 4
SmallSat Tip: SmallSat ground networks may contain vulnerabilities not found in most traditional IT networks
IOActive: Summary Table Excerpt
Publication Title
NIST SP 800-37 Rev. 1 Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach
NIST SP 800-34 Rev. 1 Contingency Planning Guide for Federal Information Systems
NIST SP 800-115 Technical Guide to Information Security Testing and Assessment
NIST SP 800-100 Information Security Handbook: A Guide for Managers
NIST SP 800-94 Guide to Intrusion Detection and Prevention Systems (IDPS)
NIST SP 800-92 Guide to Computer Security Log Management
NIST SP 800-64 Rev. 2 Security Considerations in the System Development Life Cycle
NIST SP 800-50 Building an Information Technology Security Awareness and Training Program
NIST Special Publications
8/9/2016 5
This table of NIST SP800 series publications is not comprehensive, but serves as a good list to get started with.
NIST publishes guides and frameworks that can be used to help establish policies & procedures to help manage the security needs of the ground network organization
• Step 1: Categorize
– the Information systems and the information they process, store and transmit, based on a risk/impact analysis
• Step 2: Select
– baseline security controls for the information system, and tailor as needed to meet the organization’s risk assessment
• Step 3: Implement
– selected security controls and document how they are employed within the information system and its operational environment
• Step 4: Assess
– the security controls to ensure they are implemented correctly
• Step 5: Authorize
– operation of the information system based on determination that residual risk is acceptable to the organization
• Step 6: Monitor
– information system security controls on an ongoing basis
Security Process: RMF NIST SP 800-37
8/9/2016 6
Step 1. Categorize
Step 2. Select
Step 3. Implement
Step 4. Assess
Step 5. Authorize
Step 6. Monitor
System Hardening
• General Approach
– Remove unnecessary applications / packages
– Install all operating system and application patches
– Disable unnecessary services
– Enforce strong passwords
– Limit root to console login
– Configure firewall
– …etc
• Specific Guidance and Tools
– Defense Information Systems Agency
• http://www.disa.mil
– Security Technical Implementation Guides (STIG)
– STIG Viewer
8/9/2016 7
SmallSat Tip: Be careful not to overlook specialized systems such as oscilloscopes, spectrum analyzers, and channel simulators. They might not be thought of as IT systems but often contain an operating system.
8/9/2016 8
DISA Operating System STIGs
8/9/2016 9
DISA Application STIGs
8/9/2016 10
DISA STIG Viewer
Security Information & Event Manager
• Security Information & Event Management (SIEM)
• Product-class which provides continuous monitoring
• Real-time event processing, alerting and reporting
• Market leaders of SIEM technologies include IBM, HP, Splunk, Intel,
and LogRythm
• Alienvault is responsible for the Open Source Security Information &
Event Manager (OSSIM)
8/9/2016 11
SmallSat Tip: Challenges associated with implementing a SIEM for a SmallSat ground network include: developing custom plug-ins for mission-unique equipment and monitoring specialized protocols.
8/9/2016 12
OSSIM
8/9/2016 13
SCAP Tools
• Security Content Automation Protocol
(SCAP)
– Perform authenticated configuration scanning
• NIST maintains a list of SCAP validated
products
– Commercial examples include: IBM Big Fix,
Rapid 7 Nexpose 6, Microsoft SCAP Extensions,
Tenable Security Center 5
• RedHat OpenSCAP project
– Open source suite of tools
– oscap command line tool helps automate
evaluating STIGs
– SCAP Workbench GUI
– Generates scan report containing results
– Windows version is in development
8/9/2016 14
Wrap-up
• SmallSat ground systems are attractive targets and vulnerable to
cyber threats
• Care should be taken when SmallSat ground networks are being
designed
– Security should be integrated into the design and implementation
• SmallSat operators can benefit from free resources & tools developed
and used by Government & Industry
– NIST Special Publications
– DISA STIGs & STIG Viewer
– OSSIM Security Information & Event Manager
– OpenScap Project
8/9/2016 15
Question For The Audience
Would you be interested in a free open-source Linux distro IA hardened to meet
DISA STIGs?
If so, please complete this form:
https://goo.gl/forms/fDYlHLroljMtMrMw2
Or send me your contact information and a brief description of your SmallSat project!
Ted Vera
8/9/2016 16
Questions & Contact Information
Questions?
Ted Vera
719-598-2801 ext 1221