protect your enterprise with secure and resilient information flow aviation week

HEADER / FOOTER INFORMATION (SUCH AS NORTHROP GRUMMAN PRIVATE / PROPRIETARY LEVEL I)

Protect Your Enterprise with Secure and Resilient

Information Flow

Aviation Week

Aerospace and Defense Cybersecurity Forum

31 March 2010

Robert F. Brammer, Ph.D.VP Advanced Technology and CTO

Northrop Grumman Information Systems


Key Points for This Presentation

• Enterprise information systems and services are increasing in size, distribution, functionality, and value– Includes both IT networks and infrastructure networks– Rapid develop of new architectures, standards, and products– Increasing business significance but also larger and more valuable targets

• Threats are increasing rapidly in sophistication, breadth, and speed– “The Advanced Persistent Threat” is a primary example

• Protection of the enterprise requires a multidimensional strategy – Northrop Grumman addresses challenges with significant investments– Layered architecture, facilities, advanced research, education and training,

professional activity leadership, …

• A strategy, operations and research plans, and significant investments are needed– Passwords and patching are not adequate– Cyber threats and defenses will be continually evolving– Long-term issue


THE GROWTH OF ENTERPRISE

INFORMATION SYSTEMS AND SERVICES


Global Information Transformation

• Nearly 2B Internet users globally – Internet World Stats

• US e-commerce grew 11% in 2009 to $155B, another 11% growth expected in 2010 – Forrester Research

• Americans consumed 3.6 zettabytes of information in 2008 -- UCSD


Global IP traffic will increase by a factor of three from 2010 to 2013, approaching 56 exabytes per month in 2013, compared to approximately 9 exabytes per month in 2008.

By 2013, annual global IP traffic will reach two-thirds of a zettabyte (673 exabytes).

By 2013, the various forms of video (TV, VoD, Internet Video, and P2P) will exceed 90 percent of global consumer traffic.

By 2013, global online video will be 60 percent of consumer Internet traffic (up from 35 percent in 2010). Mobile data traffic will roughly double each year from 2010 through 2013.

Cisco Network Traffic Forecasts

Cisco Visual Networking Index


New Information System Architectures

Green IT

Optical NetworksMobile Computing


Critical Infrastructure Enterprises

• Infrastructure networks interface directly to 3D world– Nodes – generators,

terminals, ports, storage, …– Links – pipelines,

transmission lines, tunnels, …– Traffic – objects, material, …

• Cyberspace networks are used for control and reporting

• Convergence of networks, technologies, and interfaces– Significant performance and

cost benefits– SmartGrid initiatives are a

significant example– Significant security

implications

TransportationChemical Production

Water TreatmentOil Refineries

Electric Power Generation and Grid Control


Network Convergence and Integration

• “Network Convergence” has multiple industry implications – Data, voice, video in a single

network– Cyber and infrastructure

networks in a single network– Protocols – moving to IP-based

protocols from local protocols – Network interfaces – connecting

sensors and control rooms to the Internet and to corporate WANs

– “An Internet of things”

• Network integration occurs in corporate and government reorganizations, M&A, …

• Many operational and security R&D issues arise from immature technology, processes, and management


THREATS TO THE ENTERPRISE

NORTHROP GRUMMAN PRIVATE / PROPRIETARY LEVEL I

“The national security of the United States, our economic prosperity, and the daily functioning of our government are dependent on a dynamic public and private information infrastructure, which includes telecommunications, computer networks and systems, and the information residing within. “

“This critical infrastructure is severely threatened.”

Dennis BlairUS Intelligence Community Annual

Threat AssessmentFebruary 2, 2010

Cybersecurity – “A Severe Threat”


US oil industry hit by cyberattacks: Was China involved?Christian Science Monitor January 25, 2010

“At least three US oil companies were the target of a series of previously undisclosed cyberattacks that may have originated in China and that experts say highlight a new level of sophistication in the growing global war of Internet espionage.”

“… the FBI alerted them that year and in early 2009. Federal officials told the companies proprietary information had been flowing out, including to computers overseas, …”

“The oil and gas industry breaches, were focused on one of the crown jewels of the industry: valuable “bid data” detailing the quantity, value, and location of oil discoveries worldwide,

Cyberespionage and the Theft of Intellectual Property

Broad New Hacking Attack Detected Global Offensive Snagged Corporate, Personal Data at nearly 2,500 CompaniesWall Street Journal February 18, 2010

“Hackers in Europe and China successfully broke into computers at nearly 2,500 companies and government agencies over the last 18 months in a coordinated global attack that exposed vast amounts of personal and corporate secrets to theft, …”

“Industry estimates of losses from intellectual property to data theft in 2008 range as high as $1 trillion.” Whitehouse Cyberspace Policy Review May 2009


The Growth of Internet Crime

“Of the top five categories of offenses reported to law enforcement during 2009, non-delivered merchandise and/or payment ranked 19.9%; identity theft, 14.1%; credit card fraud, 10.4%; auction fraud, 10.3%; and computer fraud (destruction/damage/vandalism of property), 7.9%.”


TransportationTransportationWaterWater

Electric PowerElectric Power Oil and Natural Gas

Oil and Natural Gas

CommunicationsCommunications

Government Government Banking and Finance

Banking and Finance

Emergency Response

Emergency Response

MilitaryMilitary

PeoplePeople

Coordinated Cyber and Physical Attacks

• Cyber pre-attack – Targeting, espionage, disinformation, …

• Real-time cyber attack – suppression of comms and response

• Cyber post-attack – target backup and recovery

Physical Attack

Coordinated Cyber Attacks

Before the Russian invasion into Georgia commenced, cyber attacks were already being launched against a large number of Georgian governmental websites, making it among the first cases in which an international political and military conflict was accompanied – or even preceded – by a coordinated cyber offensive.

Cooperative Cyber Defence Center Of ExcellenceTallinn, Estonia

November 2008


New Architectures Lead to New Security Questions and Challenges

• New architectures lead to many functionality, performance, and cost advantages

• Resulting security issues are far too often underestimated

Web 2.0 a Top Security Threat in 2010, Survey FindseWeek February 22, 2010

Internet security provider Webroot reports IT managers in small to midsize businesses believe malware spread through social networks, Web 2.0 applications and other Web-based vectors will pose the most serious risk to information security in 2010.

Twitter phishing hack hits BBC, PCC … and Guardian … and cabinet minister … and bankThe Guardian February 26, 2010

Thousands of Twitter users have seen their accounts hijacked after a viral phishing attack which sends out messages saying "this you??“

How to Plan for Smartphone Security in the EnterpriseeWeek 2009-07-13

One of the major challenges CIOs face is the deployment and security of smartphones in the enterprise.


Addressing the Threats

• Many plans by government and industry are creating rapid growth in cybersecurity markets

Power Up on Smart Grid Cyber SecurityWall Street Journal February 25, 2010

“The M&A world is on fire right now when it comes to cyber-security issues relating to utility infrastructure,”

Pike Research expects the global smart grid cyber security market to grow to $4.1 billion in 2013 at a compound annual growth rate of 35%.”

“That squares against Morgan Stanley estimates…”


NORTHROP GRUMMAN CYBERSECURITY

OPERATIONS


Northrop Grumman Cybersecurity Operations Center


Security Includes Identity Management Multi-Layer Security Architecture

Multi-Layered approach to security across our networks, systems, facilities, data, intellectual property, and other information assets

Policies, architecture, processes, technology Access and configuration management


Cybersecurity Awareness and Training

Regular company-wide communications are strategic


Northrop Grumman Cybersecurity Thought Leadership

• Example – Paper on APT defense

• Presented at the 13th Colloquium for Information Systems Security Education – University of Alaska, Fairbanks

Seattle, WA June 1 - 3, 2009

• This paper describes some relevant Northrop Grumman security processes– Communicate APT risks– To increase awareness of

situations that should alarm– To define the actions that

employees should take to minimize these risks


Northrop Grumman CybersecurityIndustry Leadership

• Defense Security Information Exchange (DSIE)

• National Security Information Exchange (NSIE)

• Alliance for Enterprise Security Risk Management

• US NATO delegate

• DoD – Defense Information Base (DIB)

• Internet Security Alliance (ISA) Board

• Customer Advisory Councils – Microsoft, Oracle, ISS (IBM), EMC

• US Computer Emergency Readiness Team (CERT) Portal Member

• Critical Warning Infrastructure Network (CWIN) member

• Smart Card Alliance

• Partnership for Critical Infrastructure Security

• Corporate Executive Board - Information Risk Executive Council (IREC)

• Research Board - Digital Security Board (DSB)

• TransGlobal Secure Collaboration (TSCP)/CertiPath

• FAA InfoSec Advisory Board

• Honeynet Project

• Forum of Incident Response and Security Teams (FIRST) – Chairing, Future of First Task Force

• Formal Agreements with Intel & Law Enforcement

• IT ISAC/NCC (Homeland Security)

• National Infrastructure Advisory Council (NIAC)

• National Security Telecommunications Advisory Council (NSTAC)

• Network Centric Operations Industry Consortium

Robert F. BrammerNorthrop Grumman


ADVANCED CYBERSECURITY

RESEARCH


Federal Cybersecurity Research

• Growing recognition that the US has underinvested in cybersecurity

• Requirements for cybersecurity research have been assessed many times by organizations like the National Academies, the National Science and Technology Council, the Federal Networking and Information Technology R&D Program, OSTP, DHS, and others

• The 2010 Federal budget for cybersecurity research is $372M (DARPA, DOD services, NSA, NIST, NSF) – NITRD Presentation (March 2010)


Northrop Joins With Academics For Cybersecurity Work

December 1, 2009• “Northrop Grumman Corp is joining with several U.S.

universities in a consortium to address near and long-term Internet security.”

• “…to find ways to secure computer hardware, software and systems that support information sharing around the globe.”

Northrop links to academics to boost cyber defense Dec 1 2009

WASHINGTON (Reuters) - Northrop Grumman Corp unveiled Tuesday an industry-academic research group to tackle growing cyber threats to U.S. computer networks and to networked infrastructure.

Northrop Grumman Cybersecurity Research Consortium


Superior Technology Assessment, Development & Transition, and Modeling & SimulationSuperior Technology Assessment, Development & Transition, and Modeling & Simulation

Labs for R&D in Cyber Assessment, Modeling, Simulation and Testing

Millersville, MDMillersville, MD

Range OperationsRange Operations

Rapid Rapid Development Development

VASCICVASCIC

Cyber Warfare Cyber Warfare Integration Network Integration Network (CWIN)(CWIN)


CONCLUDING REMARKS


Concluding Remarks

• Protecting the enterprise is an increasingly difficult challenge

– Many dimensions of enterprise growth– Dynamic threat environment– Protection requires multifaceted

approach

• Overall, cybersecurity problems will become worse before the status improves

• Near-term progress is certainly possible

– 90%+ of security problems arise from situations for which there are known solutions

– Need for improved implementations

• Cybersecurity is a long-term strategic issue for government and industry

– Patching poorly designed systems is clearly not working

– Solutions will require sustained and multidisciplinary R&D and broad implementation

Case Study: Bank Defeats Attempted Zeus Malware Raids of Business Accounts

Gartner March 24, 2010

22 Banking Breaches So Far in 2010Report: Hacking, Insider Theft Continue to be Top TrendsBankInfoSecurity March 23, 2010

There have been 173 reported data breaches so far in 2010, and 22 of these involve financial services companies.

protect your enterprise with secure and resilient information flow aviation week

Documents