northrop grumman corporation - worldatmcongress.org · looking at the threat landscape ... •...
TRANSCRIPT
Northrop Grumman Corporation
World Air Traffic Management Congress
March 2016
Dr. Dennis McCallam, DIA.
Northrop Grumman Fellow
Operating Safely in a Cyber Dense Environment – the Good, the Bad, and the Ugly.
Approved For Public Release #16-0385; Unlimited Distribution
Who we are
• Leading global security company
• $24 billion sales in 2014
• $38.2 billion total backlog
• Leading capabilities in: – Unmanned Systems – Cyber – C4ISR – Logistics
Focus on Performance 2
Approved For Public Release #16-0385; Unlimited Distribution
Agenda
• Lets put a context on the cyber threat from a capability standpoint
• The cyber environment out there….ugly
• Understanding that our environment has both enterprise and platform information systems
• Some thoughts on security engineering and resilience
• Some ways ahead (and some good news)
Approved For Public Release #16-0385; Unlimited Distribution
Looking at the Threat Landscape - Capabilities
4
* Defense Science Board Task Force Report: Resilient Military Systems and the Advanced Cyber Threat January 2013
1 Use existing malicious code and known exploits
2 Develop tools to use known exploits against publically known vulnerabilities
3 Develop and use unknown malicious code against known vulnerabilities
4 Criminal or state actors who discover new vulnerabilities and develop exploits against known vulnerabilities
5 State actors who create vulnerabilities and impact products in the supply chain to enable exploitation of networks and systems of interest
6 States with the ability to successfully execute full spectrum cyber operations
The Known - Known
The Known-
Unknown
The Unknown - Unknown
Approved For Public Release #16-0385; Unlimited Distribution
So….How vulnerable are things
• Some factual attacks or alerts – Computer researcher hacked into aircraft control system (masquerading as a
passenger): May 2015
• Contention between safety and security – Johnson, C. (2016). Why We Cannot (Yet) Ensure the Cyber-Security of Safety-
Critical Systems. – Need to address the difference between platform (sensor, etc) systems and
enterprise systems
• Some urban legend attacks – Was it a virus or a bad maintenance computer?
5
Approved For Public Release #16-0385; Unlimited Distribution
Cyber resilience impacts a lot of things
6 Derived from DoDD 8500.1, Paragraph E2.1.16.4
Not everything is the same.
Combination of platform and enterprise IT systems (their sensors and components) that make up the mission
KEY CHARACTERISTICS • Hybrid – multiple interfaces
across enterprise and platform
• Huge attack surface • Risk of “Pearl Harbor” if
“jump the gap” events
System of Systems The traditional IP based IT infrastructure: HW/SW and all that it touches
KEY CHARACTERISTICS • More homogenous and known • Infrastructure dependent • Designed to manage large
volumes of critical data • Events are played out in
massive scale in public • Vast array of COTS cyber tools
of varying effectiveness
Enterprise IT The IT residing within and on platforms
Platform IT
KEY CHARACTERISTICS • Some non-Internet operating
systems, protocols and transport • Proprietary components • Some legacy systems,
pre-“cyber era” • Solutions must be safety-centric
Approved For Public Release #16-0385; Unlimited Distribution
Security Engineering: Simplified
• Continuously improve your C4ISR architecture with security in mind – Think: “Secure by Design”
• The Internet of Things (and a lesson for us)
7
…and I just hacked a bank.
192.168.0.63
Where Should We Protect From?
Approved For Public Release #16-0385; Unlimited Distribution
Cyber Threats…Are They Really Everywhere?
8
Keyless Entry
Remote Start
Performance Data Recorder
Bluetooth/4G/OnStar Supply Chain
Security Engineering and Vulnerability Analysis Enable Successful Cyber Design and Test
Approved For Public Release #16-0385; Unlimited Distribution
The Resilience Lifecycle Start Secure. Stay Secure. Return Secure.™
9
Operations & Support • Detect/prevent loss of sensitive information • Operate through attacks • Respond to attacks across the board, not
just on IP-based connections • Detect RF links & code insertion • Prevent mission critical function alteration • Monitor for mission load compromise
Design, Acquire, Build & Field • Avoid supply chain intrusion • Continually assess security
posture • Detect & reject built-in malware
and undocumented features • Design holistically • Follow software assurance
processes • Ensure software provenance • Detect & reject counterfeit parts • Prevent contract process flaws • Secure related environments
Upgrade & Modernize • Maintain supply chain
integrity • Preserve software integrity • Prevent malware injection • Prevent security mitigation
bypass • Detect non-intentional S/W
modifications • Review & protect diagnostic
equipment injection points • Ensure software/data
integrity
Resilience Approaches
Mission Assurance
Attack Vectors Data
Code Infrastructure
Communications People
TRUSTED BASELINE SECURE RE-BASELINING RESILIENT OPERATIONS
Start Secure
Stay Secure
Return Secure
Approved For Public Release #16-0385; Unlimited Distribution
Some good news
• The enterprise IT side is well understood – Build on the shoulders of giants
• The safety and operational demands on ATC Platform IT is a GREAT start towards cyber protection
– Code evaluations – Secure CM and patch control
• We can and should get into two rhythms – Start secure, Stay secure, Seturn secure™ to help with the
development and architecture of the next generation systems – Secure it, Optimize it, Evolve it ™ to make sure we always
know where we are and know where we are going
• Secure the design data of your system – it is critical
10
Approved For Public Release #16-0385; Unlimited Distribution
• The development of processes around System Security Engineering is a natural extension of the formal Systems Engineering process
• Engineering a solid system to protect the integrity of the supply chain is necessary
• Educate application developers about risks to the supply chain and what to watch for
11
Final thoughts - maintain your vision with education
E D U C A T E
20 100
20 50
20 20
1
2
3
Standards
Policy and Regulations
Systems and Vendors
Information Security
Supply Chain Security