software, security, and resiliency spin london · 11/17/2011 · 9 software, security, and...
TRANSCRIPT
© 2011 Carnegie Mellon University
Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 Jay Douglass November 17, 2011
Software, Security, and Resiliency
SPIN London
2
Software, Security, and Resiliency
Jay Douglass, November 17, 2011
© 20111Carnegie Mellon University
Overview
Complexity, Software and Process
Security and risk
Resiliency and continuity
The Smart Grid
Summary
3
Software, Security, and Resiliency
Jay Douglass, November 17, 2011
© 20111Carnegie Mellon University
Software and Complexity
4
Software, Security, and Resiliency
Jay Douglass, November 17, 2011
© 20111Carnegie Mellon University
Complex Systems
What I’m going to talk about today:
• How complex systems are woven tightly into our everyday lives
• How failing to understand them, their risks, and their management challenges poses a 21st-century hazard
5
Software, Security, and Resiliency
Jay Douglass, November 17, 2011
© 20111Carnegie Mellon University
The Rise of Complexity
• Scale
• Interconnectedness
• Autonomy
• Time criticality
• Security
• Safety
• Regulation
6
Software, Security, and Resiliency
Jay Douglass, November 17, 2011
© 20111Carnegie Mellon University
An Interconnected Society
The Internet, 1969
The Internet, Today
7
Software, Security, and Resiliency
Jay Douglass, November 17, 2011
© 20111Carnegie Mellon University
Autonomous Systems
8
Software, Security, and Resiliency
Jay Douglass, November 17, 2011
© 20111Carnegie Mellon University
Human System Interaction
9
Software, Security, and Resiliency
Jay Douglass, November 17, 2011
© 20111Carnegie Mellon University
Complex Systems at the SEI
The SEI is at the nexus of systems and complexity:
• We study them side-by-side
• For 25 years, we’ve been helping engineers design and manage software systems
• It’s our job to “ring the bell” on the importance of managing complexity
We also appreciate risk and the importance of managing it
• Continuous risk management
• Mosaic suite of risk management tools
• Multi-view models
• Mission Success in Complex Environments
10
Software, Security, and Resiliency
Jay Douglass, November 17, 2011
© 20111Carnegie Mellon University
Software is Everywhere
11
Software, Security, and Resiliency
Jay Douglass, November 17, 2011
© 20111Carnegie Mellon University
Software is Important
Manufacturing Finance
Space Engineering
12
Software, Security, and Resiliency
Jay Douglass, November 17, 2011
© 20111Carnegie Mellon University
Software is Increasingly Complex
13
Software, Security, and Resiliency
Jay Douglass, November 17, 2011
© 20111Carnegie Mellon University
Software Connects Us
14
Software, Security, and Resiliency
Jay Douglass, November 17, 2011
© 20111Carnegie Mellon University
Software is Becoming More Personal
15
Software, Security, and Resiliency
Jay Douglass, November 17, 2011
© 20111Carnegie Mellon University
How to Handle Complexity
Models
Process
Architecture
Risk assessment
Resiliency
Evolution
People
16
Software, Security, and Resiliency
Jay Douglass, November 17, 2011
© 20111Carnegie Mellon University
Security and Risk
17
Software, Security, and Resiliency
Jay Douglass, November 17, 2011
© 20111Carnegie Mellon University
Poor Coding = Vulnerabilities (1)
Reacting to vulnerabilities in
existing systems is not working
18
Software, Security, and Resiliency
Jay Douglass, November 17, 2011
© 20111Carnegie Mellon University
Vulnerabilities (2)
19
Software, Security, and Resiliency
Jay Douglass, November 17, 2011
© 20111Carnegie Mellon University
Secure Coding Roadmap
20
Software, Security, and Resiliency
Jay Douglass, November 17, 2011
© 20111Carnegie Mellon University
CERT Secure Coding Standards
Establish coding guidelines for commonly used programming languages that can be used to improve the security of software systems under development
Based on documented standard language versions as defined by official or de facto standards organizations
Secure coding standards are completed or under development for:
• C programming language
• C++ programming language
• Java Platform
21
Software, Security, and Resiliency
Jay Douglass, November 17, 2011
© 20111Carnegie Mellon University
Quality attributes include
• performance
• availability
• interoperability
• modifiability
• evolvability
• usability
• security
• etc.
•Address security in a particular application
•Are often ignored in the requirements elicitation process
•Incur high costs when incorporated later
•Must be addressed early -SQUARE.
Security as a Quality Attribute
22
Software, Security, and Resiliency
Jay Douglass, November 17, 2011
© 20111Carnegie Mellon University
Insider Threat Issues (1)
Who is a “malicious insider?”
A current or former employee, contractor, or other business partner who
• has or had authorized access to an organization’s network, system or data and
• intentionally exceeded or misused that access in a manner that
• negatively affected the confidentiality, integrity, or availability of the organization’s information or information systems.
23
Software, Security, and Resiliency
Jay Douglass, November 17, 2011
© 20111Carnegie Mellon University
What are the threats?
• Insider IT sabotage
• Insider theft of intellectual property (IP)
• Insider fraud
Insider Threat Issues (2)
24
Software, Security, and Resiliency
Jay Douglass, November 17, 2011
© 20111Carnegie Mellon University
CERT’s Insider Threat Center Objective
25
Software, Security, and Resiliency
Jay Douglass, November 17, 2011
© 20111Carnegie Mellon University
Malware: Big and Getting Bigger
Malware ( some facts and figures)
• Software that runs without user’s consent/ knowledge, typically to conduct illicit and criminal activities.
• Malware includes viruses, Trojan horses, rootkits, backdoors, spyware, and adware.
• Malware can steal identities, take control of computers, send spam; also, harvest information, steal credentials
Recent Pandalabs Analysis of Malware, Viruses in Circulation
26
Software, Security, and Resiliency
Jay Douglass, November 17, 2011
© 20111Carnegie Mellon University
Cyber Crime
Some criminals are being caught:
2007
• Max Butler, 35, of San Francisco (AKA Max Vision, AKA Iceman) was indicted by a federal grand jury in Pittsburgh on three counts of wire fraud and two counts of transferring stolen identify information. www.theregister.co.uk
2008
• The 27-count indictment … charges Maksym Yastremskiy of Kharkov, Ukraine, and Aleksandr Suvorov from Estonia with conspiracy to commit wire fraud, wire fraud, aggravated identity theft, and conspiracy to commit computer fraud …. Authorities say the alleged hackers obtained more than 52 million customer credit card numbers. www.newsfeedresearcher.com
2009
• Albert Gonzalez, 28, and the two still-unnamed Russian citizens are charged with running an international scheme to steal more than 130 million credit and debit card numbers …. www.newsfeedresearcher.com
27
Software, Security, and Resiliency
Jay Douglass, November 17, 2011
© 20111Carnegie Mellon University
Resiliency and Continuity
28
Software, Security, and Resiliency
Jay Douglass, November 17, 2011
© 20111Carnegie Mellon University
Key Principles of Resiliency (1)
Resilience is the ability to provide and maintain an acceptable level of service in the face of faults and challenges to normal operation.
• security “built in”
• failure scenarios understood, planned for
• redundancy is provided for in key areas
• capability remains available under adverse conditions
At SEI, both organizational and software:
• Resilience Maturity Model (RMM)
• Security Quality Requirements Engineering (SQUARE)
• Current blog series topic (http://blog.sei.cmu.edu/)
resilience
29
Software, Security, and Resiliency
Jay Douglass, November 17, 2011
© 20111Carnegie Mellon University
Organizationally:
• develop deploy institutionalize
• tools techniques methods and training
… that advance organizational capabilities for
governing and managing operational resiliency
and risk for critical assets (such as information
and infrastructure) and services
Key Principles of Resiliency (2)
30
Software, Security, and Resiliency
Jay Douglass, November 17, 2011
© 20111Carnegie Mellon University
Continuity
A key aim of resiliency (and managing operational risk)
Business Functions:
• Developing and executing continuity plans, recovery plans, and restoration plans
IT Function:
• Developing, implementing, and managing processes to deliver IT services and manage IT infrastructures
31
Software, Security, and Resiliency
Jay Douglass, November 17, 2011
© 20111Carnegie Mellon University
Resiliency Maturity Model (1)
What is CERT-RMM?
CERT-RMM is a maturity model for managing and improving operational resilience.
• Guides implementation and management of operational resilience activities
• Converges key operational risk management activities: security, business continuity/disaster recovery, and IT operations
• Defines maturity through capability levels (like CMMI)
• Improves confidence in how an organization responds in times of operational stress
32
Software, Security, and Resiliency
Jay Douglass, November 17, 2011
© 20111Carnegie Mellon University
Resiliency Maturity Model (2)
Imperatives for Building CERT-RMM
Increasingly complex operational environments where traditional approaches are failing
• Siloed nature of operational risk activities; a lack of convergence
• Lack of common language or taxonomy
• Overreliance on technical approaches
• Lack of means to measure managerial competency
• Inability to confidently predict outcomes, behaviors, and performance under times of stress
33
Software, Security, and Resiliency
Jay Douglass, November 17, 2011
© 20111Carnegie Mellon University
Resiliency Maturity Model (3)
26 Process Areas in 4 Categories
34
Software, Security, and Resiliency
Jay Douglass, November 17, 2011
© 20111Carnegie Mellon University
A major power grid transformation is underway
How can utilities
• Develop effective roadmaps?
• Track progress?
• Understand their posture in comparison to peers?
The Smart Grid Maturity Model was developed by utilities to address these concerns
34
35
Software, Security, and Resiliency
Jay Douglass, November 17, 2011
© 20111Carnegie Mellon University
The Smart Grid Maturity Model is
35
A management tool
that provides a
common language and framework
for defining key elements of
smart grid transformation
and helping utilities develop a
programmatic approach
and track their progress
36
Software, Security, and Resiliency
Jay Douglass, November 17, 2011
© 20111Carnegie Mellon University
SEI’s Role as Steward of the SGMM
Provide governance working with multiple stakeholders
Enable widespread availability, adoption, and use of the model for the benefit of the community
Evolve the model based on stakeholder needs, market developments, user feedback, and interactions with domain experts
Develop transition mechanisms—education, training, awareness, research collaboration— to support the model
Grow the SGMM community of users worldwide
36
37
Software, Security, and Resiliency
Jay Douglass, November 17, 2011
© 20111Carnegie Mellon University
5
4
3
2
1
0
SGMM at a glance
SMR Strategy,
Management, &
Regulatory
OS Organization &
Structure
GO Grid Operations
WAM Work & Asset
Management
TECH Technology
CUST Customer
VCI Value Chain
Integration
SE Societal &
Environmental
8 Domains: Logical groupings of smart grid related characteristics
6 Maturity Levels: Defined sets of characteristics and outcomes
175 Characteristics: Features you would expect to see at each stage of the smart grid journey
37
38
Software, Security, and Resiliency
Jay Douglass, November 17, 2011
© 20111Carnegie Mellon University
Smart Grid Maturity Model – levels
PIONEERING
OPTIMIZING
INTEGRATING
ENABLING
INITIATING
DEFAULT
Breaking new ground; industry-leading innovation
Optimizing smart grid to benefit entire organization; may
reach beyond organization; increased automation
Investing based on clear strategy, implementing first
projects to enable smart grid (may be compartmentalized)
Taking the first steps, exploring options, conducting
experiments, developing smart grid vision
Default level (status quo)
Integrating smart grid deployments across the
organization, realizing measurably improved performance
38
39
Software, Security, and Resiliency
Jay Douglass, November 17, 2011
© 20111Carnegie Mellon University
Smart Grid Maturity Model – domains
Strategy, Mgmt & Regulatory
SM
R
Vision, planning, governance,
stakeholder collaboration
Organization and Structure
OS
Culture, structure, training,
communications, knowledge mgmt
Grid Operations
GO
Reliability, efficiency, security,
safety, observability, control
Work & Asset Management
WA
M
Asset monitoring, tracking &
maintenance, mobile workforce
Technology
TE
CH
IT architecture, standards,
infrastructure, integration, tools
Customer
CU
ST
Pricing, customer participation &
experience, advanced services
Value Chain Integration
VC
I Demand & supply management,
leveraging market opportunities
Societal & Environmental
SE
Responsibility, sustainability,
critical infrastructure, efficiency
39
40
Software, Security, and Resiliency
Jay Douglass, November 17, 2011
© 20111Carnegie Mellon University
Model Fully described in the Model
Definition document
Compass
Survey
Questionnaire-based assessment
yields maturity ratings and
comparisons
Navigation
Process
Expert-led workshops to complete
Compass and use results to
develop consensus aspirations
Training Overview Seminar and
SGMM Navigator Course
Partner
Program
License organizations and certify
individuals to deliver Navigation
process
V 1.2 Product Suite
40
41
Software, Security, and Resiliency
Jay Douglass, November 17, 2011
© 20111Carnegie Mellon University
Summary
Complexity increasing
Software at the heart of systems
Several ways to handle complexity
Security, resiliency increasingly critical
42
Software, Security, and Resiliency
Jay Douglass, November 17, 2011
© 20111Carnegie Mellon University
Contact Information Slide Format
Jay Douglass
SEI Europe
Telephone: +1 412-268-6834
Email: [email protected]
U.S. Mail
Software Engineering Institute
Customer Relations
4500 Fifth Avenue
Pittsburgh, PA 15213-2612
USA
Web
www.sei.cmu.edu
www.sei.cmu.edu/contact.cfm
Customer Relations
Email: [email protected]
Telephone: +1 412-268-5800
SEI Phone: +1 412-268-5800
SEI Fax: +1 412-268-6257
43
Software, Security, and Resiliency
Jay Douglass, November 17, 2011
© 20111Carnegie Mellon University
NO WARRANTY
THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN “AS-IS" BASIS. CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT.
Use of any trademarks in this presentation is not intended in any way to infringe on the rights of the trademark holder.
This Presentation may be reproduced in its entirety, without modification, and freely distributed in written or electronic form without requesting formal permission. Permission is required for any other use. Requests for permission should be directed to the Software Engineering Institute at [email protected].
This work was created in the performance of Federal Government Contract Number FA8721-05-C-0003 with Carnegie Mellon University for the operation of the Software Engineering Institute, a federally funded research and development center. The Government of the United States has a royalty-free government-purpose license to use, duplicate, or disclose the work, in whole or in part and in any manner, and to have or permit others to do so, for government purposes pursuant to the copyright license under the clause at 252.227-7013.