Italo Cocentino Diretor de Programas Estratégicos
Unisys Security Solutions
Maio-2015
© 2015 Unisys Corporation. All rights reserved. 2
UNISYS Enterprise Security
We assess, design, integrate and manage mission-critical solutions that secure people, assets, locations or systems and data for governments and businesses who have no room for error.
Cyber Security
• Stealth Solution Suite
• Security Advisory Services
• Cyber Security Operations Center Solution
• Identity and Access Management
• Single-Sign-On and Multi-Factor Authentication
• Managed Security Services
Location, Perimeter and Surveillance Security
• Security Advisory Services
• Intelligent Video Surveillance
• Command and Control
• Physical Access Control
• Border Security Solutions
• Supply Chain Security / In-Transit Visibility / RFID
Public Safety and Justice
• Integrated Justice and Interoperability
• Secure Image Management Solution (SIMS)
• Unisys Law Enforcement Application Framework (ULEAF)
• Integrated Courts Management
• Entity Analytics and Targeting Solutions
• Inmate Communications Services
Identity Solutions
• Identification and Credentialing
• Library of Electronic Identity Artifacts Framework (LEIDA)
• Border Crossing Solutions
• Biometric Authentication Solution
• Mobile Biometric Solutions
© 2015 Unisys Corporation. All rights reserved. 3
Atuação Mundial
ID Systems and Travel Docs • Mexican National ID
• Australia ePassports
• Malaysia MyKAD Smartcard
• Angola National ID card
• South Africa HANIS
• Canada CATSA Airport Worker
• US Port of Los Angeles TWIC
• New Zealand Supergold Card
• EU Schengen Visa consultancy
• US Registered Traveler
• Philippines NSO Births
• Qld Drivers License Facial Biometrics
& Case Management
• New Zealand Drivers License
• Morocco ID Programs
Border Control • Australian Immigration DIAC
• Canada CIC Visa Field Trials
• Chile Immigration
• US WHTI / LBI
• EC Border Security & LE
• Hungary, Lithuania Visa SIS II
Voter Registration • Dominican Republic
• Panama
• Brazil
Video Surveillance • SBInet
• Philadelphia
• Minneapolis Safe Zone
• London Ring of Steel
Transportation Security • Port of Halifax Access Control
• Beijing , Guangzhou, and Delhi
Airport Operations Management
Systems
• TSA Airport Access Control Pilot
Programs
• TSA Air Cargo Integrity Program
• Singapore Airport Infrastructure
• Port of LA Security Roadmap
• Mexico Seaports Security
• Colombia DIAN Ports Security
• BARA – Bureau of Airport
Representatives Australia
• AENA – Aeropuertos Españoles y
Navegación Aérea (43 airports)
• LAWA – Los Angeles World Airports
(3 airports)
Justice/Public Safety • Western Australia Courts
• Hong Kong Judiciary
• Dutch Prosecutors
• EU Criminal Records System
• Georgia Justice Network
• US Bureau of Prisons
• UK Metropolitan Police
• New York State Inmate Telephone
System
• DHS/TSA Law Enforcement
Message Systems
• Northern Territory Dept of Justice
• US CODIS DNA Indexing
Defense/Homeland Security • US-VISIT Air and Sea Exit
• UK Disaster Victim Identification
• US Defense Multimodal Biometrics R&D
• Canada Defense IS Architecture
• International Thermonuclear Experimental
Reactor (ITER) Security Services
• US CBP Automated Targeting System
• Federal Protective Service Radio Program
• Pakistan Counterterrorism (FIA, Karachi Airport)
© 2015 Unisys Corporation. All rights reserved. 4
LBI Framework (Land Border Integration)
• Proporcionar informação oportuna em tempo real
• Intercambio de informações basado em serviços de
mensagem.
• Capacidade de supervisionar as operações de forma
remota.
• O LBI facilita a implementação, operação e manutenção
por meio de monitoração e acesso remoto.
• Ofrece tecnología integrada, processos sob medida, e
um enfoque interoperável através de cada área de
missão crítica.
• Incorpora tecnologias e processos que abordam os
desafíos particulares dentro e fora das fronteiras dos
Estados Unidos.
• Extender e aumentar os investimentos existentes, como
soluções de leitura de placas de veículos (LPR)
• Habilita identificação por rádio frequência (RFID)
© 2015 Unisys Corporation. All rights reserved. 5
Ponto Tático Local – Pista: Análise móvel não intrusiva em 14 segundos
LPR dianteiro
• O veículo ingresa na pista, e o sistema se prepara para a transação.
Câmera do conductor Perfilador Câmera ambiental
• O veículo é detectado, câmera LPR dianteira, câmera ambiental, câmera do condutor e
perfilador capturam imagens.
• Se detecta veículo em posição para câmera traseira LPR e captura imagens.
• Resultados e imagens são transmitidos pela rede privada para o operador.
• Veículo chega ao semáforo fiscal , verifica sinalização, abre a cancela e avança.
LPR traseiro
1 2 3 4 5 6 7 8 9 10 11 12 13 14 Seg.
© 2015 Unisys Corporation. All rights reserved. 6
Departamento de Defesa dos EUA Maior rede RFID do mundo
Mais de 125.000 “pallets” de carga aérea e containeres marítimos monitorados em 25 países
Mais de 15.000 etiquetas RFID gravadas por semana
Acesso instantâneo a informações sobre equipamentos e sobre entrega
Integrado ao Google Earth
Cadeia de suprimentos transparente e responsiva
Classes de rastreamento: alimentos, medicamentos, materias de construção, suprimentos, veículos e equipamentos
Projeto, implementação e operação da maior cadeia de suprimentos baseada em tecnologia de rastreamento RFID
© 2015 Unisys Corporation. All rights reserved. 7
PASSIVO ATIVO + GPS PASSIVO
Habilita
Nó de Remessa
Habilita
Nó de Recebimento
TAV / ITV
Supply Chain - Transporte
Fabricante Distribuição Export Import Distribuição Entrega
Departamento de Defesa dos EUA Cadeia de Suprimentos RFID
© 2015 Unisys Corporation. All rights reserved. 8
Ramp
Interrogator
Truck Gate
Interrogator
Departamento de Defesa dos EUA Nós RFID Fixos / Permanentes
© 2015 Unisys Corporation. All rights reserved. 9
Departamento de Defesa dos EUA Nós RFID Temporários
© 2015 Unisys Corporation. All rights reserved. 10
DEFINIÇÃO: Soluções integradas (1) integrar sensores, (2) fundir os dados, (3) proporcionar um quadro operativo
comum, e (4) suporte analítico no backoffice, para a proteção de locais, pessoas, tecnología e ativos
.
Nosso enfoque Estratégico - Integração
© 2015 Unisys Corporation. All rights reserved. 11
Enrollment Transmission Processing Production Distribution Delivery Use
UNISYS LEIDA Open Framework Biometric Solution
Business Integration
Verify
Issue Credential
Manage Case
Examine
Identify
Quality Assure
Enroll Identity documents
Border security
Video surveillance
Access control
Law Enforcement
Defence
Intelligence
People Identity
LEIDA Library of
Electronic Identity
Artifacts
© 2015 Unisys Corporation. All rights reserved. 12
Unisys SOC: Segurança Integrada Missão Crítica com Abrangência Global
Blue Bell, PA Reston, VA
Sao Paulo, Brazil
Amsterdam, Netherlands
Bangalore, India
Shanghai, China
Hong Kong, China
Wellington, NZ
SLC, UT
MK, U.K.
• Proactive, 24x7 monitoring, management, configuration and response services
• ISO27001 certification SSAE16 Type 2
• ISO20000 certification
• ISO9001 certification
• 100+ SOC staff worldwide
• 8 SOCs
• Customer dedicated security consultants
Bogota, Colombia
13 © 2015 Unisys Corporation. All rights reserved. 13
2014 FIFA World Cup in Brazil
Estádio Nacional Mané Garrincha, photo by Kelly Sato (via AC Moraes) © 2014 https://creativecommons.org/licenses/by/2.0/deed.en
14 © 2015 Unisys Corporation. All rights reserved. 14
Secretaria Extraordinária de Segurança para Grandes Eventos
A SESGE desenhou um Sistema Integrado de Comando e Controle
(SICC) para a Segurança Pública, composto de 14 Centros
Integrados de Comando e Controle (CICC).
- 12 Centros Regionais, um em
cada cidade sede da Copa do
Mundo.
- 2 Centros Nacionais
implantados em DF e RJ em
modo de contigência.
15 © 2015 Unisys Corporation. All rights reserved. 15
Serviços de Missão Crítica: Planejar e Ativar 13 Datacenters em 5 Meses
• Desenho e planejamento da Infraestrura e processo de implementação
– Servidores x86 – 56 Rack/39 chassis/ 178 Blades
– 104 Desktops / 288 Blade PCs/ 720 Thin Clients
– 6 PB de Armazenamento e Backup
– Infraestrutura de SAN e Rede Ethernet
– Virtualização de SAN com vPlex
– Infraestutura de Virtualização de Servidores
– Desktop Virtuais de alto desempenho
– Impressora e Plotters
– Infraestrutura Microsoft (AD,Exchange, Office, etc)
– Desenvolvimento de Políticas e Procedimentos
16 © 2015 Unisys Corporation. All rights reserved. 16
Solução de Armazenamento de dados Proteção contra desastres... físicos ou lógicos
Storage 1 Storage 2
Nacional-DF
17 © 2015 Unisys Corporation. All rights reserved. 17
Unisys Smart Client
Integração VideoWall + VDI
Mobilidade
Integração VDI + Radio
Ambiente de Virtualização de Desktops (VDI) de alto desempenho para Vídeos e Gráficos
19 © 2015 Unisys Corporation. All rights reserved. 19
Ações de
resposta
adaptadas
Correlação &
Análise
Tempo Localização
Severidade Sensores
Centro de Controle
Partes
Interessadas
Remotos
Sistemas
Conhecimento
da Situação Gerenciamento
da Situação
Op 3 Op 2 Op 1 Op 3 Op 1 Op 2
Como
responder? O que está
acontecendo?
Onde está
acontecendo?
Video
Audio
Gerencia-
mento
TI
Fogo e Fumaça
Controle de Acesso
Centro Integrado de Comando e Controle
Drone Images
20 © 2015 Unisys Corporation. All rights reserved. 20
Identificação e Controle de Acesso
21 © 2015 Unisys Corporation. All rights reserved. 21
Video Surveillance e Biometrics
Leitura de Iris Segurança de Perímetros
Biometria 3D Track de Pessoas
Secure Image Management System (SIMS)
© 2014 Unisys Corporation. All rights reserved. 23
Gestão de Evidências Digitais
Integração do Reconhecimento Facial
Tatuagems
Integração com Taser-Cams Padronização, Proteção e geração de Metadados
© 2014 Unisys Corporation. All rights reserved. 25
Quantas câmeras seu Sistema Integrado possui? Crime Stoppers Website
© 2014 Unisys Corporation. All rights reserved. 26
Caso de Uso – Crime Stoppers
Electronic Warfare
Stealth for Defense LAAD 14-17 April 2015
You Can’t Hack What You Can’t See
© 2015 Unisys Corporation. All rights reserved. 28
You Can’t Hack What you can’t see
Uma inovação em Cybersecurity com nível de segurança militar (FIPS140-2 e
EAL4+), Implementado de forma incremental e sem disrupção de serviços,
que tornando computadores invisíveis, evitando exposição de
vulnerabilidades a ataques de hackers e vírus
Unisys Stealth Solution™ Suite “Não se pode Hackear o que não se vê”
NIAP Common Criteria
NIST National Institute of
Standard Technology
© 2015 Unisys Corporation. All rights reserved. 29
Crypto-Module
JFCOM JIL Testbed IO Range
DIACAP: DoD Information Assurance Certification and Accreditation Process
MAC: Mission Assurance Category (Level 1 is Highest)
DISA: Defence Systems Information Agency
EUCOM : European Command
SOCOM: Special Operations Command
JFCOM: JOINT Forces Command
JIL: Joint Intelligence Laboratory
CWID: Coalition Warrior Interoperability Demonstration
JUICE: Joint User Interoperability Communications Exercise
CECOM: Communications Electronics Command (US Army)
GTRI: Georgia Tech Research Institute
DJC2: Deployable Joint Command and Control
NIST: National Institute of Standards and Technology
NIAP: National Information Assurance Partnership
CWID 08 DISA
CWID 09
DISA
JUICE 09 CECOM
Combined
Endeavour EUCOM
CWID 05 USAF
CWID 10
SOCOM
GTRI DJC2 PMO
SPAWAR
Private Lab SSVT Validation:
Failed to compromise
“Large
Integrator” Tests and fails
to break Stealth
IV&V National Center for
Counter-terrorism and
Cybercrime SOCOM
Export License Dept of Commerce
FIPS 140-2
Certification NIST
NSA EAL4+
Certification NIAP
Stealth
DIACAP MAC-1
Certification CWID 10
Network Risk Assessment
CWID 05 AF Comm Agency
DIACAP MAC-1
Certification JFCOM
SOCOM R&D Prototype
Emerald
Warrior ‘12
SIPRNet
IATT
2005 2006 2007 2008 2009 2010 2011 2012 2013
Independent
Test: Agency -hired
3rd party: Failed to
compromise
2014
American Technology Award Winner Cyber & Software Security
Stealth: Inviolabilidade Comprovada por mais
de 9 Anos : FIPS 140-2, EAL 4+
© 2015 Unisys Corporation. All rights reserved. 30
Criptografia de backbones
Com Stealth
• Simplicity & Ease of change
• Consistent Technology
• “Military-grade” Security
© 2015 Unisys Corporation. All rights reserved. 31
Segregação Criptografica de Ambientes
© 2015 Unisys Corporation. All rights reserved. 32
Stealth para Infraestrutura de Missão Crítica
Internet
Application Server
ERP RTU
Corporate
Firewall
EPA Database Alarm Aggregation
Enterprise Network
Plant
Firewall
Historian CCTV
Server OPC
Server
Domain
Controller
HM
I HM
I
Control
Firewall
Terminal Bus
Control Bus
PLC PLC PLC PLC
Hardwired Instrumentation Field Bus to Instrumentation Hardwired Instrumentation
Plant Bus
EWS
• ICS – Industrial Control System
• SCADA – Supervisory Control and Data Acquisition
• PLC – Programmable Logic Controller
• HMI – Human-Machine Interface
• DLC – Discrete Logic Controller
• RTU – Remote Telemetry Unit
Controles Semafóricos
Energia
Gás
Aeroportos
Sistemas de Video Vigilância
© 2015 Unisys Corporation. All rights reserved. 33
Imagem de Video Drone na Nuvem
Cloud With MissionCaster,
all authenticated users,
regardless of location
have access to live
video through the cloud
Local Storage:
• SD Card
• AES 256 Encrypted
• Up to 512GB
MissionCaster:
• Battery powered
(20 hour battery)
• Local Wi-Fi Streaming
• 4G LTE Streaming
Mobile Users:
• Mobile users can
access the video
directly from the cloud
or from MissionCaster
Wi-Fi if close enough
• Users have access to
archive and live video
Remote Users:
• Remote users can access
the video and sensor data
directly from the cloud
Copyright - KSI Data Sciences, LLC 2015
All Rights Reserved
Equipment Cart:
• Deployed from truck
Contains Various
Hardware Components:
• ROV
• UAV
• Ground Robots
• Ground Station
• Network switch
• Wi-Fi access point
• HDTV
• Must be tethered to power
No Connectivity:
• There is no way
to get the video
out of the
ground station
UAS Ground Station:
• Many hundreds of feet from the cart,
and much farther from truck
• Even if you bring a video encoder,
there is no way to get power this far
out from the truck and the video has
no network to traverse
Imagens aéreas geradas por Drones
© 2015 Unisys Corporation. All rights reserved. 34
Gathering the data:
Flying a drone removes the human element from potentially hazardous
environments such as high power electrical lines - allowing inspection staff to
get detailed images in safety distance, and at a fraction of the cost compared to
helicopters or physical inspection.
Cameras have advanced to the point that high resolution video images can
captured from even moderately priced drones. However up to now those
images have been trapped at the drone’s ground station – locked into an SD
card or hard drive that needs to wait to be reviewed by an expert.
Assessing the data:
That has all changed with a new kind of video encoder – pioneered by KSI
Data Sciences their MissionCaster mobile encoder captures the video or other
sensor data (IR etc.) and associated data direct from the ground station and
broadcasts it securely over any available network to a remote expert or experts
anywhere in the world. By using the cloud (private or public) and capturing
telemetry from the drone the MissionCaster service allows remote analysis,
integration with mapping and analytics tools and opens up a new economic
model for remote inspection.
Infra-Red
Normal Video
Inspection can be divided
into two distinct operations:
MissionCaster
™ Mobile
Encoder
Remote Sensing