lcid cyber panel - wild apricot

LCID Cyber Panel

Industry Perspective on DoD/AF Cyber Security Topics

For AFCLMC LCID Sep 2017

The Panel Format

Panel Overview: A diverse panel that can offer general insight and insightful perspective on Cyber Security, especially relevant to mission systems in the Air force.

• Panel Time: 14 Sep 2017 at 1245

• Event Website: http://www.wpafb.af.mil/lcid/

Key panel points:

• It’s common to separate business systems from mission systems when discussing Cyber Security.

• AFLCMC purchases and maintains all the aircraft, missiles and other relevant mission systems for the Air force.

• Many of the AF business systems also fall under this command and within the BES PEO.

• With regards to mission systems, there will always be challenges to deny hacking into classified and critical mission systems.

• This is a diverse industry panel presenting to both industry and government. None of the information presented is classified or confidential.

• Each panelist presents for 8-10 minutes and then open it up for dialogue after all panelist.

http://www.wpafb.af.mil/lcid/

The Cyber Panel

• Panel Moderator: Mr. David Hart, Segue Technologies, Dayton Wright AFCEA, Fast Rope

• Panelist: Dr. Rob Wiltbank, CEO, Galois

• Panelist: Dr. Ken Holladay, SWRI

• Panelist: Dr. Josephine Micallef, Vencore Labs

• Panelist: Mr. Kevin Rigney, Gartner

• Panelist: Mr. Samuel Wanderi, Menya LTD

Slides and Questions

1) www.FastRope.org

2) Forums

3) Industry to Industry Forum

4) Topics

5) LCID Slides & Questions

http://www.fastrope.org/

Moderator: David Hart, Sr. Dr. BD. Segue Technologies

• Segue’s Senior Director of Business Development. He is an expert in team building, collecting market intelligence,identifying pursuits, managing opportunity pipelines, and fostering strong partner relationships. He workscollaboratively across Segue’s business leadership and verticals to identify strong opportunities and align withvalue-added partners to create strong information sustainment support solutions for our Federal customers.

• Currently on the Dayton-Wright Armed Forces Communication and Electronics Association (AFCEA) Board ofDirectors and previously served as Chapter President (2010, 2015, 2016), Vice President of Networking (2009),Director of Awards (2008), and Associate Director of the AFCEA International Board of Directors (2011). Inaddition to his service, David has received both the AFCEA International Meritorious Service Medal (2016) andAFCEA International Small Business Person of the Year (2017). He has served as Vice President of Dayton Defense,organizing two IT Dialogues with Industry Leaders. David also founded the Miami Valley Presidents Round Table,and Fast Rope with nearly 300 members in Dayton, Washington DC, Tampa, St. Louis, and San Antonio, TX.

• Co-Founder of the Blue Skies For Good Guys and Gals Warrior Foundation 501c3, which annually hosts over 50Combat Injured/Purple Heart Warriors and Fallen Hero/Gold Star Families for over four days of bonding, healingand life-enriching activities during Warrior Weekend to Remember.

• A former US Army Ranger, Master Parachutist, and Pathfinder. He graduated from the University of Cincinnati. Hehas been instrumental in launching several start-ups, serving one as CEO, leveraging his extensive sales andmarketing experience. David is an accomplished skydiver with over six thousand of jumps and uses this experienceas a keynote speaker on teamwork and leadership. He is the author of “Jump! Leaps in OrganizationalPerformance and Teamwork. David believes that people accomplish great things when they collaborate as a team,working towards a shared vision with common goals. His number one team is his wife Lori and three young boys,Peter, Jake and Ben; who reside with him in Mason, Ohio

• Website

http://www.seguetech.com/team/david-l-hart/

US Department of Defense Cyber StrategyNEWS…DoD Initiates Process to Elevate U.S. Cyber Command to Unified Combatant Command

DoD's Three Primary Cyber Missions:• Defend DoD networks, systems, and information• Defend the U.S. homeland and U.S. national interests against cyberattacks of significant

consequence• Provide cyber support to military operational and contingency plans

Cyber Mission Force: 133 teams by 2018

DoD must develop its cyber forces and strengthen its cyber defense and cyber deterrence posture.

• National Mission Teams 13 teams - Defend the United States and its interests against cyberattacks of significant consequence.

• Cyber Protection Teams 68 teams - Defend priority DoD networks and systems against priority threats.

• Combat Mission Teams 27 teams - Provide support to Combatant Commands by generating integrated cyberspace effects in support of operational plans and contingency operations.

• Support Teams 25 teams - Provide analytic and planning support to the National Mission and Combat Mission teams.

DoD Cyber Website

https://www.defense.gov/News/Special-Reports/0415_Cyber-Strategy/

24th Air Force

Commanders Strategic Vision• “The World’s Preeminent Cyber Force…Powered by Airmen, Fueled

by Innovation.”

Strategic Priorities• Employ Multi-Domain and Integrated Cyberspace Capabilities in

support of Combatant and Air Force Component Commanders

• Develop and Empower Our Airmen and Take Care of Their Families

• Lead Through Teamwork and Partnerships

• Inculcate a Strong Warfighting Culture into Cyberspace Operations

• Equip the Force through Rapid, Innovative Fielding of Cyber Capabilities

24th AF Website

http://www.24af.af.mil/

2017 AFCEA Alamo ACE ConferenceDates:

• November 13-16, 2017

Location:• La Cantera Resort, 16641 La Cantera Parkway, San Antonio, TX

78256

Overview:• The 2017 Alamo ACE will take place November 13-16, 2017 at La

Cantera Resort, and will bring together over 1,600 military and industry leaders in the cyber, ISR, medical IT and education/training career fields for three days of keynote presentations, panel discussions and ethical information-sharing, a trade show/exhibit hall, free and discounted IT training for military personnel, and fundraising activities benefiting wounded warriors.

Event Website

http://www.alamoace.org/

Panelist: Dr. Rob Wiltbank, CEO, Galois

• Rob is CEO at Galois, a computer science R&D company focused on buildinghigh assurance computing systems. In 4 years of leading Galois, the companyhas tripled while spinning out 4 companies focused on the application of thetechnologies invented in Galois’ R&D efforts.

• Prior to Galois, Rob was a professor at Willamette University, where he ran theWillamette Angel Fund and entrepreneurship courses, ranked by Inc. Magazineas a “top 10” in entrepreneurship education.

• Rob was a partner with Montlake Capital, a growth equity fund, and a Co-Founder of Revenue Capital Management, an innovative revenue capital fund.

• His research focuses on strategy-making under uncertainty and entrepreneurialexpertise, particularly as it relates to growing new organizations.

• Rob is co-author of the 2009 book The Catalyst: How You Can Become anExtraordinary Growth Leader selected by Business Week as one of the bestbooks on innovation and design in 2009. He is also co-author of EffectualEntrepreneurship, a textbook used in 170 universities world wide.

• Education: Ph.D. in Strategy from the University of Washington, and a degree inFinance and Accounting from Oregon State University.

• Website

https://galois.com/team/rob-wiltbank/

High Assurance Systems Engineering

Creating trustworthiness in critical systems

Leaders in high assurance research and development

Galois [gal-wah]

Named after French mathematician Évariste Galois

© 2017 Galois, Inc. Proprietary Information11

Software Engineering Path

Requirements

Design

Product

Development

Unit Test

System Test

Operational TestCustomer

Cyber

Vulnerability

Testing

Security related challenges:

System complexity is increasing, challenging design capabilities.

State space is nearly inconceivable; “test coverage” is misleading.

Implementing designs with exactness is permanently difficult.


High assurance software development and use

1. Formally verified designs

2. Formally verified components

3. Testing / Symbolic execution

4. Sign components in Dev

5. Sign components & DATA in use1

2

3

4 5

Requirements

Design

Product

Development

Unit Test

System Test


3


• As part of DARPA’s High Assurance Cyber Military Systems (HACMS) program, Galois created correct-by-construction tools that were used to build and demonstrate a cyber secure quadcopter.

• The tools were subsequently deployed on Boeing’s autonomous H-6U Little Bird to gain the same security and safety guarantees.

• An expert penetration team was given all the software all attacks failed, and they stated

“We can’t imagine any attack vectors that would work against this approach.”

“This is the most secure UAV in the world.”

More information: Using Formal Methods to Enable More Secure Vehicles http://wp.doc.ic.ac.uk/riapav/wp-content/uploads/sites/28/2014/05/HACMS-Fisher.pdf

HACMS and Boeing’s Little Bird

http://wp.doc.ic.ac.uk/riapav/wp-content/uploads/sites/28/2014/05/HACMS-Fisher.pdf


HACMS Components

1. Formally verified Parser/Encoder/FW strictly control communications

2. Secure OS, preferably formally verified strictly separate applications

3. Formally verified serializer strictly control applications

4. Monitoring of existing applications actively monitor apps in run time

5. Formally generated critical applications make critical apps formally correct

1

23

4 5


Relevant Formal Method Techniques

• Formal specification defines requirements unambiguously.

• “A precise, testable description of a system becomes a “what if …” tool for designs, analogous to how spreadsheets are a “what if …” tool for financial models.”¹

• Correct-by-construction tools generate software from formal specification. This reduces implementation bugs and rules out classes of security vulnerabilities

• “Buffer overflows” and other code flaws that cause take-over vulnerabilities are often a result of human mistakes. Generating the code instead of handwriting it guarantees their absence.

• Formal verification provides mathematical proof of correctness and security.

• A mechanical test between the code and the specification guarantees that the generated or written code does exactly what the requirements specified.

• ¹ Use of Formal Methods at Amazon http://glat.info/pdf/formal-methods-amazon-2014-11.pdf

http://glat.info/pdf/formal-methods-amazon-2014-11.pdf


FormallyVerifiedParser

• A classic network firewall, restricting the flow of IP-based messages.

• A notional firewall protecting a device on a CAN or other bus network.

• AND both semantic and syntactic guards.

Ensure that the incoming data comes from a reasonable source, is correctly formatted, and that the packet’s content is reasonable given the current state of the system.

1








Requirements

Design

Product

Development

Unit Test

System Test


3


Testing

Technique Human Involvement Attributes

Fuzz Testing • Set up test harness • Generates random inputs• Can discover “shallow” flaws that result in crashes

Property-based Testing • Set up test harness• Write properties that

are expected to hold

• Generates random inputs• Builds confidence that the properties hold (correlated with

correctness)

Concolic Testing • Set up test harness• Add assertions

• Forces the program toward assertions• Can verify that deep properties always hold• Produces test cases that trigger failing assertions


Concolic Testing

• Assertions can be added and checked anywhere in a program (compare to properties, which hold only on outputs)

• Can check deep properties (unlike fuzz testing, which can rarely get beyond parsing phases of programs)

• Generates test cases that trigger bad behavior to aid debugging

• Unlike static analysis, never reports false positives (but does not scale as well as static analysis without help)

• Many of the assertions driving concolic testing can be repurposed for formal verification







5. Sign components & DATA in use

4 5

Requirements

Design

Product

Development

Unit Test

System Test


Contractor In-house SW Dev Process DoD Platform Integration Process

Vulnerabledeliverychannel

Who added this feature?

Supplychainthreats

Insiderthreats

Who approved this integration?

What code is in this release package?

How do we know our version is the genuine / right one?

?

Signing Software and Data


+2+1

Contractor In-house SW Dev Process

Branch ID ContentProgrammer Validation Results CommitEnvironment

….

….

….

n

Digitally signed commit record

SignatureReceipt

Permissioned blockchain

Software DeliveryThrough Normal Process



Contractor In-house SW Dev Process DoD Platform Integration Process

Vulnerabledeliverychannel

Supplychainthreats

Insiderthreats

?

+2+1….

n Permissioned blockchain










2

3

4 5

Requirements

Design

Product

Development

Unit Test

System Test


3


Amazon s2n Encryption Library

• Amazon Web Services is working with Galois to verify s2n, cryptographic software that protects commercial and government servers.

• The work so far has:• Guaranteed that there are no security vulnerabilities in critical components of the crypto

libraries• Comprehensively verified all possible combinations of events that may lead to flaws within

those components

• To test the same cases and events would have required ~1.7x10308 tests and more time than the age of the known universe.

More information: Verifying s2n HMAC with SAW https://galois.com/blog/2016/09/verifying-s2n-hmac-with-saw/

https://galois.com/blog/2016/09/verifying-s2n-hmac-with-saw/


Software Health Management for Avionics at NASA

• Pitot tube subsystems have been implicated in numerous commercial aircraft incidents and accidents, including the 2009 Air France crash of an A330

• To detect pitot tubes sensor failures before they become catastrophic, NASA and Galois worked to develop tools for synthesized distributed software monitors based on correct-by-construction formal methods techniques.

• Flight tests successfully detected failures in time. The tools are deployed at NASA.

More information: Copilot: Monitoring Embedded Systems https://ntrs.nasa.gov/archive/nasa/casi.ntrs.nasa.gov/20120001989.pdf

https://ntrs.nasa.gov/archive/nasa/casi.ntrs.nasa.gov/20120001989.pdf


Cryptol: The Language of Cryptography

• Cryptol is a custom language created by Galois for the NSA's Trusted Systems Research Group. It was designed from the ground up to make it easy for designers to design and analyze cryptographic algorithms.

• Once algorithms are complete, Galois provides tools to leverage the results in three ways, as shown below.

Formally VerifyImplementations

Synthesize Software Implementations

Generate Custom Hardware

Cryptol


Galois HA Technologies

• Software Analysis Workbench (SAW)

• Symbolic analysis for Java, C, C++…

• Open-source: http://saw.galois.com/

• In use by government, Amazon, others

• High-Assurance ASN.1 Workbench (HAAW)

• ASN.1 compiler, interpreter, automated test coverage

• Funded by U.S. Government for security-critical applications

https://aws.amazon.com/blogs/security/automated-reasoning-and-amazon-s2n/

http://saw.galois.com/

Advanced Computer Science R&D

Creating trustworthiness in critical systems

Leaders in high assurance research and development

Galois [gal-wah]

Named after French mathematician Évariste Galois

Panelist: Dr. Kenneth HolladaySouthwest Research Institute

• Dr. Kenneth Holladay is an Institute Analyst in the Defense and IntelligenceSolutions Division of Southwest Research Institute (SwRI) in San Antonio, Texas.His B.S. is in Chemical Engineering from the University of Florida, with M.S. andPh.D. degrees in Computer Science from the University of Texas at San Antonio.

• SwRI is one of the oldest and largest independent, nonprofit, applied researchand development organizations in the United States. Founded in 1947, SwRIprovides contract research and development services to industrial andgovernment clients in domains ranging from deep sea to deep space.

• Dr. Holladay’s research interests center around the application of machinelearning, in particular evolutionary computing techniques, to solving real-worldproblems associated with sensors, signal processing, and communicationnetworks. He is a member of the SwRI Advisory Committee for Research, whichhelps direct research efforts at SwRI.

• When he is not glued to his computer, he enjoys traveling, hiking, and studyingOld Testament history and archaeology.

• Website

http://www.swri.org/technical-divisions/defense-intelligence-solutions

14 Sept. 2017 Defense and Intelligence Solutions, a Division of Southwest Research Institute 31

Dr. Kenneth Holladay

Institute Analyst

Defense and Intelligence Solutions Division

Southwest Research Institute

Cyber Security for

Legacy Systems


0

10

20

30

40

50

60

70

80

90

1007

/10

/20

12

1/2

6/2

01

3

8/1

4/2

01

3

3/2

/20

14

9/1

8/2

01

4

4/6

/20

15

10

/23

/20

15

5/1

0/2

01

6

11

/26/

20

16

6/1

4/2

01

7

cyber movie

Relative search popularity of the terms “Cyber” and “Movie” for the past 5 years.

Christmas Season

Cyber Monday

The search term “Cyber Security”

is a faint line near 0

Source: trends.google.com/trends/

The World Slumbers in Blissful Ignorance


Source: identity theft resource center


Source: xkcd.com

36

Compromised Avionics Architecture

MBC CADC FDR

Flight Data

Loader

EGIFlight &

Fire Control

HUD

BC RT RT/BM

RT

RT/BBCRT

1553 Bus

Ground Support

Equipment

Digital Stores

Computer

Fill

PortCompromised OFP

OFP OFP OFPOFP

OFP

OFP

OFPOFPInsider Threat

OFPOFP

Compromised GSE

OFP

Compromised LRU

OFP

14 Sept. 2017 Defense and Intelligence Solutions, a Division of Southwest Research Institute


Actions On Objectives

Command & Control

Installation

Exploitation

Delivery

Weaponization

Reconnaissance

Prevention products disrupt the chain here. Antivirus/Antimalware Firewalls Access Controls Verified Code

Difficult to disrupt these stages

Critical Research Needed:Identifying the exploitable vulnerabilities of legacy military systems

The Adversary is In!

Critical Research Needed:Reliably & cost effectively detecting in real-time that an intrusion has occurred

Incre

asing C

ost o

f Mitigatio

n

Ref: Lockheed Martin, “Gaining the Advantage”, 2011

• Examples Studied:◦ Denial of Service

◦ Spoofed BC-RT Message

◦ Spoofed RT-RT Message

◦ Spoofed RT-BC Message

38

Malicious

Duplicate BC

Malicious

Duplicate RT

Malicious

Data

SwRI Research Goal: Automated vulnerability assessment of legacy systems

14 Sept. 2017 Defense and Intelligence Solutions, a Division of Southwest Research Institute

Msg. Metadata Description

TxAddr Transmit Address

TxSubAddr Transmit SubAddress

RxAddr Receive Address

RxSubAddr Receive SubAddress

wc1B Word count of the previous msg

wc1A Word count of the next msg

imtg1B_us Inter-message time gap before msg

imtg1A_us Inter-message time gap after msg

… …

mjrFGT_us Gap time between major frames


SwRI Research Goal: Machine learning algorithms that automatically characterize the bus traffic and detect anomalous behavior.

Defense and IntelligenceSolutions Division,

Southwest Research Institute• Airborne

• Fixed Land Based

• Ground Mobile

• Shipboard

• Submarine

• Spectrum Monitoring

• Signal Analysis

• Geolocation

• Network & Communication

• Data Fusion & Analytics


Private, not-for-profit

Over 2,700 employees

Over 1,200 acres

2.2 million ft2 of lab & office space

Panelist: Dr. Josephine Micallef, Vencore Labs• Senior Research Director of the Systems and Cyber Security Research group at Vencore Labs,

responsible for research initiatives on computing and networking platforms, technology,methodologies, and tools to support the construction and validation of large, complex, software-intensive distributed systems to ensure highly dependable operation even under cyber-attack.

• Current research projects include computer network defense against zero-day attacks, distributeddenial of service attacks, and attacks on our critical infrastructure; cyber deception and moving-target defense techniques to thwart and deceive the adversary; malicious code detection usingprogram analysis techniques; application of theorem proving methods to automate networkconfiguration to help eliminate mis-configuration errors in cyber infrastructure that cause 50%-80%of downtime and vulnerabilities; securing the Internet of Things; and secure and privateinformation exchanges for cloud-based services.

• Previously, as a research manager at Telcordia Applied Research, Dr. Micallef worked closely withTelcordia business units to incorporate software research innovations into Telcordia products andservices. Examples include developing a model-driven approach for rapid introduction andmanagement of new communications services; tools and methodology for automating thegeneration of service-oriented interfaces; and creating workflow technology for automatingcommunications service provisioning. She was elected a Telcordia Fellow in 2007 for her manycontributions to the success of the company.

• Dr. Micallef received her PhD in Computer Science from Columbia University, where she wasselected for graduate fellowships from IBM and the American Association of University Women(AAUW). She received the YWCA’s Tribute to Women and Industry (TWIN) Award in 2000.

Comprehensive Security for Mission Systems

Josephine Micallef, PhDSenior Research DirectorSystems and Cyber Security Research

© 2017 Vencore Labs, Inc. All rights reserved.

Vencore Labs Rich Heritage

Leading provider of transformative, generation-after-next

applied research

Premier cyber, data analytics, cloud, quantum, mobility and advanced

networking capabilities

ORIGINALLY PART OFAT&T BELL LABS

SPUN OFF AS ACS WHENERICSSON PURCHASED

TELCORDIA IN 2012

BECAME BELLCORE/TELCORDIA

DURING 1984 BELL SYSTEM DIVESTITURE TO PROVIDE R&D

FOR THE “BABY BELLS”

A leading provider of mission-critical solutions in the federal sector


Technical Capabilities Summary

Systems & Cyber Security

Data Analytics Broadband Networking

Infor Assurance & Security

Wireless Networks & Systems

Information & Computer Sciences Research Network Systems Research

Cyber Defenses & Cloud Security

Cyber Warfare

Configuration Compliance

Learning Techniques

Telematics/Automotive

Scalable Mathematical

Techniques

Big Data Analytics

Data Security & Privacy

Optics

Quantum Comms & Computing

Network Control &

Management

Next Generation Communication

Technology

Network Architecture& Protocols

Design

High Performance RF

Comms

Signal Processing Applications

Modeling & Simulation

Supply Chain Integrity

Vulnerability & Risk Assessment

Smart Grid and Industrial

Automation

Network & Operations

Standards

Network / Service

Management

Comms Systems Design

Operations Process

Engineering

Software Defined

NetworksData Quality

RF Spectrum Analysis & Tools

Mobility and Network Security

Network Virtualization


DADC: Distributed and Assured Dynamic Configuration

Securing Cyber Infrastructure by Design


DADC: Distributed and Assured Dynamic Configuration

Challenges

DADC Benefits

• Configuration errors cause 50%-80% of network vulnerabilities and downtime

• Complexity & interdependency make changing the network risky

– Especially under critical mission constraints

• Static, rigid networks lack resiliency and agility

• Gap between conceptualization (33 “boxes”)

– … and implementation (1154 constraints on 704 variables)

• Reduces vulnerabilities and manpower

• Proactively & reactively shifts network posture (INFOCON)

• Increases warfighter agility, flexibility and cyber resiliency

• Reduces attack surface and network down time, limits attack vector

• Undermines adversary attack planning and execution

– Moving-target defense and cyber resiliency


DADC Capabilities for Planning Agile Networks

Engines:• Configuration synthesis• Diagnosis• Minimum-cost repair• Path planning• Moving-target defense• Verification• Visualization• Emulation• Distributed configuration• In-band configuration• Vendor-specific adapters

Technologies used: • SMT solvers that solve 106

constraints in 106 variables in seconds

• Group communication protocols

Why are these Engines Hard to Build?

• Need to satisfy dependencies between variables searching through extremely large spaces

• Tension between security and functionality

• Diagnosis: Components work in isolation but not together

• Repair: Removing one error can cause another

• Hard to formalize configuration language grammar documented in 100s of English pages

Current configuration

and state

DADCController

Security and functionality

requirements inintuitive, visual,

language

100% accurate configurations(computed in minutes, not

months)

Network Components

Including SDN


CINDAM: Customized Information Networks for Deception and Attack Mitigation

Proactive Cyber Defense


CINDAM: Customized Information Networks for Deception and Attack Mitigation

Challenges

CINDAM Approach – Leverages Software-Defined Networking (SDN)

• Today most network elements – addressing, topology, basic configuration – are static and fixed

• Adversaries therefore have long planning cycles to …

– Gather data, correlate information to identify honeypots and IDS’s to avoid, plan attack, create custom malware/exploits, wargame, revise, execute attack

• … which greatly increases their likelihood of success

• Create temporary individualized deceptive environment

– Total view from host is synthetic: IPs, networks, addresses, routers, switches

• Fake and deceptive resources move, appear, and disappear

• Real resources move, appear, and disappear

– Each host has a different view from each other, but can still communicate

– View may mutate from time to time: individualized time and frequency

– Detected attackers can be dynamically redirected to honeypots

• Requires no client or server modifications

• Users are generally unaware of customized and changing views

Server 1 View

Client 1 View @ t1

Client 1 View @ t2


• Attackers cannot trust or use gathered information

– Every host has different information

– Information is invalidated upon network reconfiguration

• Attackers must re-gather the same information over and over

• Cannot correlate network information to identify fake resources

• Cannot establish stealthy comms inside the enclave

• Attack plans are forced to be specific to one host at one time

• Many attacks impossible in CINDAM environment (Man-on-the-Side, Man-in-the-Middle)

CINDAM Disrupts Cyber Kill Chain

Attacker forced to be noisy and hasty• Increases

detectability• Decreases likelihood

of success


ZDay: Defense Against Novel Cyber Attacks

Real-time Active Cyber Defense


ZDay: Dramatically Limit the Impact of Cyber-AttacksChallenge

• Zero-day cyber attacks (by definition) cannot be prevented

• So, is it possible to (a) dramatically limit the impact of these unpreventable attacks, (b) identify and recover compromised systems rapidly, and (c) thwart continued use of such attacks?

ZDay Approach

• Novel in situ monitoring of the behavior, resource usage, and communications of applications and their hosts

• Distributed real-time automated detection and response:

– Collect relevant data

– Detect malicious activity

– Correlate results and make decisions

– Take actions to stop and mitigate

• Employs multi-source, context-aware and risk-sensitive inference of suspicious behaviors

• Capable of suggesting (and taking) targeted reactions to curb attack yet maintain enterprise and mission operation

Without ZDay With ZDay

Benefits and Value

• Forces the attacker to operate at human decision speeds, not machine speed

• Limits attack impact to <1% of computing systems

• Operates continuously, reacts in real-time, and recovers infected systems to pre-infection condition in minutes

• Self-inoculation feature to improve future performance

• For both enterprise and tactical environments

• Supports disconnected and hierarchical operations

• Performs in a best-effort manner whenever operating in degraded and/or otherwise compromised environments


1553 Bus Defender

Increasing Assurance of Fielded Systems


• Lack of security on MIL-STD-1553 based systems– Systems are demonstrably vulnerable today

• Adding security to LRUs is difficult and expensive– Lack of computing resources, lack of source code, unmotivated vendors,

lack of security solutions for old, diverse, computing platforms

• Inline network-based security is promising, but…– Conventional inline network security systems — e.g., firewalls, ACLs, NIPS

— won’t work

– Even if they were somehow adapted to handle 1553 messages, the delay they introduce could cause protocol timeouts

Problem


1553 Bus Defender device performs real-time, low-delay,network security filtering

• Device is inserted inline in 1553 bus to ‘lock down communications’

• Sophisticated security processing prevents a compromised LRU from successfully performing malicious activities via the bus, including, e.g.:– Attacks against other LRUs

– Malicious activities that leverage other LRUs

Solution

Stops zero-day attacks and can protect known vulnerabilities

R E S P E C T

A C C O U N TA B I L I T Y

D E D I C AT I O N

I M P R O V E M E N T

I N T E G R I T Y

Slide 57 | 9/13/2017

Panelist: Mr. Kevin Rigney, Gartner Leadership Partner Enterprise IT Leaders: Security & Risk Management

• Kevin Rigney joined Gartner with over 20 years of experience in information security and 23 years of experience with the United States Navy. With a diverse background in both technology and cross-functional leadership, he has covered a large range of security, risk, and compliance engagements for both commercial and government institutions. As CISO of one of the world’s largest pet product retailers, he was responsible for safeguarding the corporate network, millions of customer records and other sensitive corporate data while satisfying stringent FTC, PCI and Sarbanes-Oxley compliance requirements.

• Mr. Rigney’s experience includes multiple consulting/auditing roles for two public accounting firms spanning many industries, a CISO role at a $4.5 billion dollar retailer and as a Naval Officer managing cybersecurity divisions for the United States Navy. He holds a bachelors degree in Mechanical Engineering from the University of Notre Dame and is a Certified Information Systems Security Professional (CISSP), a Certified Information Security Auditor (CISA) and a Certified Information Security Manager (CISM).

• Website

http://www.gartner.com/technology/home.jsp

CONFIDENTIAL AND PROPRIETARY

This presentation, including any supporting materials, is owned by Gartner, Inc. and/or its affiliates and is for the sole use of the intended Gartner audience or other intended recipients. This presentation may contain

information that is confidential, proprietary or otherwise legally protected, and it may not be further copied, distributed or publicly displayed without the express written permission of Gartner, Inc. or its affiliates.

© 2016 Gartner, Inc. and/or its affiliates. All rights reserved.

Leadership Vision for 2018: Security and Risk Leaders

60 © 2016 Gartner, Inc. and/or its affiliates. All rights reserved.

Implementing Digital Platforms – A Team EffortCIO

Business

Program and Portfolio Management

Sourcing and Vendor Management

Applications

Enterprise Architecture and

Technology InnovationData and Analytics

Security

and Risk

Infrastructure andOperations


And a team effort is needed to address the

New Dark Side

More Complexity

Loss of Control

Different Risks


Key Issues

1. What is leadership in the digital age for a security and risk leader?

2. What are the major trends and challenges affecting the security and

risk leader?

3. How do leading organizations deliver the highest value using security

and risk management?

4. What actions and next practices should a security and risk

management leader and team implement?


Key Issues



risk leader?



4. What actions and best practices should a security and risk



Dealing With Change and Complexity

Roles

SRM

Technology Convergence

BusinessContinuity

RiskMgmt.

Audit

PrivacySecurity

Emerging Role:

Digital RiskOfficer


Having a Clear Vision for Digital Security and Risk Management

Effective GovernanceAccountability

Risk Management

Organization

People

Adaptive ArchitecturePredict

Prevent

Detect

Respond

Context

Program

Intelligence

Principles

P

I

A R

S

C

Trust and Resilience

C — ConfidentialityI — Integrity A — Availability P — Privacy S — Safety R — Reliability


Ensuring Business Involvement in Security and Risk Governance

Base: Risk and security management. Have an information security governance body, n = 293.

IT Managers44%

Information Security Staff43%

Line-of-Business Managers

13%

Percentage of Respondents

Question: Which of the following groups represents the largest segment of members in this

information security governance body?


Ensuring Business Unit Involvement in Setting Information Security Policies

Base: Risk and security management, n = 297.

31%

23%

20%

14%

12%

They have involvement in developing thosepolicies that will affect their business

They always get the opportunity to reviewsecurity policies

They have involvement in approving securitypolicies

Occasional opportunity to review security policies

Business units have no involvement in settinginformation security policies


Question: Which of the following most closely describes the level of business units' involvement in

setting information security policies?


Identifying Critical New Skill Sets for Cybersecurity

Traditional Security Practices Are Shifting to:

Contextual Security Monitoring and Response

Ubiquitous Identity and Access Management

Data Classes,Data Governance

Security Awareness, Privacy and Behavior

01011

Embedded SecurityProgramming

AdvancedNetworkEngineering

PhysicalSecurityAutomation

ArtificialSecurityIntelligence

Cloud and Service CenterExpertise


Accelerating Generation and Convergence of Skills

What You Can Do:

▪ Focus on business outcomes, be a facilitator

▪ Automate and/or outsource security operations

What You Can Stop Doing:

▪ Believing security is a part-time job and only for your

security people

▪ Treating security as an IT-only problem

▪ Requiring on-site security staff for all security needs

✓


Key Issues



risk leader?






▪ By 2020, at least one major

safety incident will be caused by

an IT security failure, leading to

significant injury.

Digital Attacks With Physical Impacts Are No Longera Novelty

Physical Impact

▪ 2007 – Stuxnet Launched Against

Nuclear Control Systems

▪ 2008 – Oil Pipeline in Turkey

Explodes

▪ 2011 – Hacking Medical Devices for

Fun and Insulin

▪ 2014 – Blast Furnace in German

Steelworks Attacked

▪ 2016 – Blackouts in Ukraine. Mining

and Rail Also Targeted


Digital Ecosystem Participation Is Growing

Q.Do you think your business/government or public entity participates in a digital ecosystem?

Percentage of Respondents Whose Organizations Participate in a Digital Ecosystem


Your Digital Ecosystem Is Growing QuicklyQ.How many important digital partners did your company/business unit/government or public entity have two years ago?

Have today? Will have two years from now?

78 CAGR 35%

38 CAGR 43%

19 CAGR 81%

2016 2018

CAGR in Average (Mean) Number of Important Digital Partners

Top Performers (n = 105) Trailing Performers (n = 24)Typical Performers (n = 712)

143

78

62


CIOs Know That Digital Security Is Important to Success in the Digital Ecosystem

4%

6%

6%

10%

11%

15%

19%

23%

37%

36%

2%

1%

2%

3%

4%

3%

9%

10%

17%

28%

Autonomous vehicles

Blockchain

Smart robots

Virtual customer assistants

Augmented reality

Machine learning

Business algorithms

Internet of Things (IoT)

Advanced analytics

Digital security

Overall Respondents (n = 2,362)

In short-term planning/actively experimenting Have already invested and deployed


30%

37%

28%

53%

27%

15%

Topperformers(n = 166)

Typicalperformers(n = 2,032)

Trailingperformers(n = 164)

Digital Security

What are your company/business unit/government or public entity's plans in terms of the following digital technologies and trends?

© 2017 Gartner, Inc.

Digital Security: Current cybersecurity and risk practices combined with digital business practices to protect all digitalized assets of an organization, whether at the core of the enterprise or at its edge.


Safety, Reliability and Privacy Become Cybersecurity Imperatives

The New Model for Cybersecurity

Integrity

Data

People

Environments

Confidentiality

Availability

Safety

Privacy

Reliability

Resilience

Trust


Key Issues



risk leader?






Executing Against the Vision

Effective GovernanceAccountability

Risk Management

Organization

People

Adaptive ArchitecturePredict

Prevent

Detect

Respond

Context

Program

Intelligence

Principles

P

I

A R

S

C

Trust and Resilience

C — ConfidentialityI — Integrity A — Availability P — Privacy S — Safety R — Reliability


Formalizing a Digital Security Program

Enterprise Security Charter: Executive Mandate

Terms of Reference: Reference Model

Governance Structures: Accountability

Annual Strategy Plan: Roadmap

Security Processes: Execution

GA

CXT

PGM

INT

PRNT&R


Instituting a Security and Risk Governance Process

Decide Acceptable

Risk

Enable Risk Control

Assure Control

Effectiveness

GA

CXT

PGM

INT

PRNT&R

Set and Manage Accountability and Decision Rights


Using Principles to Guide the Program

Risk-Based

Data Flow

Facilitator

Detect and Respond

Business Outcomes

Owner Accountability

People-Centric

GA

CXT

PGM

INT

PRNT&R


Implementing an Adaptive Security Architecture GA

CXT

PGM

INT

PRNT&R


Key Issues



risk leader?






Tying It All Together: The Strategy Plan

The Sentiment — Cognition Model

2025 Security Scenario

Strategy Planning Process


Manage Technology Hype

Sample Above Generated Using Gartner's "Toolkit: My Hype Cycle, 2016"

Create Your Own

Hype Cycle

https://www.google.co.uk/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&uact=8&ved=0ahUKEwjPr9a0pa_NAhVYFMAKHaygCiIQFggcMAA&url=https://www.gartner.com/doc/3138519/toolkit-hype-cycle-&usg=AFQjCNFAqUw5qM7nJ5y43YzMYbAMPkNR6g


Prepare to Participate in Digital Trust Ecosystems

Digital Business Digital Business Held Togetherby Digital Trust


Plan for Continuous Adaptive Risk and Trust Assessment (CARTA)

© 2017 Gartner, Inc.

Continuousvisibility and assessment

Policy

Attack Protection

Adjustposture

Monitor posture

Adjustposture

Implementposture

Access Protection

"Keep Bad Stuff Out" Defense Posture

"Let Good Stuff In" Access Posture

Continuously Monitor; Assess

Risk and Trust

Enable Adaptive Responses


✓ Develop a compelling vision for risk and security management by building resilient

processes and infrastructure and establishing effective governance. Adapt the

strategic objectives of our risk and security program to include the crucial aspects

of privacy, recovery and safety. (See "CISOs Need to Understand the

Components of Their Information Security Programs.")

✓ Embrace the principles of trust and resilience by enshrining them in our security

strategy. Implement an annual strategy planning project, and review it quarterly for

relevance. Use scenario planning to test our hypotheses. (See "Security

Management Strategy Planning Best Practices.")

✓ Develop and evolve an adaptive, context-aware security architecture by ensuring

appropriate investment. Aim for continuous adaptive risk and trust assessment

capabilities. (See "Designing an Adaptive Security Architecture for Protection

From Advanced Attacks" and "Use a CARTA Strategic Approach to Embrace

Digital Business Opportunities in an Era of Advanced Threats.")

Our Next Action Steps


Recommended Gartner Research(to assist you in delivering this presentation)

"Managing Risk and Security at the Speed of Digital Business"

Tom Scholtz

"Digital Trust — Redefining Trust for the Digital Era: A Gartner Trend Insight

Report"

Felix Gaehtgens and Ant Allan

"Use a CARTA Strategic Approach to Embrace Digital Business

Opportunities in an Era of Advanced Threats"

Neil MacDonald and Felix Gaehtgens

"Cybersecurity Scenario 2025: Outrageous Intelligence"

Jeffrey Wheatman

For more information, stop by Gartner Research Zone.

http://www.gartner.com/document/3224717




Panelist: Mr. Samuel Wanderi, Owner, MenyaCommunications Ltd

• Mr. Samuel Wanderi has over 17 years of cyber security experience working oncomplex high visibility systems. He is a retired field grade Army Signal Officerand Managing Partner of Menya Communications LTD. A cyber security firmproviding professional services nationwide in both the public and private sectorfor over a decade.

• He holds the highest industry professional certifications in every category ofDOD 8570 including the CISSP – ISC² (Certified Information Systems SecurityProfessional), GSLC - GIAC (Security Leader Certification), COR – Government(Contracting Officer Representative), CCNA - Cisco (Certified NetworkAssociate), and CEH – EC-Council (Certified Ethical Hacker).

• During his time in the service, Mr. Wanderi sent up and secured complexnetworks in combats zones during OIF and OEF deployments. He earned afunctional area designation of 53A as a Cyber Security Professional from theArmy Cyber Center of Excellence in FT Gordon, GA, and a Masters of Science inCyber Security from Syracuse University. Mr. Wanderi is an active member ofISC2, Security MBA, Technology First, AFSEA, and Dayton Defense Association.

• Website

http://menyaltd.com/

enyaCommunications Ltd.

Samuel Wanderi MSIM CAIS CISSP CCNA GSLC CEH COR

Agile vs. Cyber

Agenda

• Overview of Industry Direction

• AGILE in DoD

• Cyber in DoD

• People Solutions

• Process Solutions

• Technology Solutions

DOD Direction

• Providing the Warfighter’s Edge (Lt Gen JT Thompson AFLCMC)

• Aircraft Structural Integrity Program (ASIP)• Teaming/Relying on each other• Cyber resiliency of weapon systems

• Keeps me up at night (B Gen Anthony Genatempo F22)

Competition: Sukhoi PAK FA T-50; Chengdu J-20

Who can deliver faster - AGILE (MOD development)

• Stay ahead of Adversary• Increase Resiliency • Increase Adaptability• Increase Security or Reduce Risk

Cyber Security Direction

AGILE Manifesto Direction

Pro

• Individuals and interactions

• Working software

• Customer collaboration

• Responding to change

Con

• Processes and tools• comprehensive

documentation• contract negotiation• following a plan

That is, while there is value in the items on the right, we value the items on the left more.”

AGILE & Cyber Challenges

• The pressure of short iteration (Bartsch, 2011) (Securosis, 2013).

• Lack of information security knowledge (Securosis, 2013)

• Lack of security awareness (Bartsch, 2011)

• In-compatibility of security activities and agile methodologies (Keramati & Mirian-

Hosseinabadi, 2008)

Secure AGILE Processes

• Scrum• The Security Sprint Approach

• Every-Sprint approach

• S-Scrum “Spikes”

• Secure Scrum

• Extreme Programming• SQUARE (Security Quality Requirements Engineering)

• Dynamic Systems Development Method• Role-based Extreme Programming (XP) for Secure Software Development

Cyber (REAL World)

• Standards:• ETSI Cyber Security Technical Committee (TC CYBER)• ISO 27001 and 27002• Standard of Good Practice• NERC• NIST - National Institute of Standards and Technology• ISO 15408

• Not Enough Professionals to go around

• Cyber Professionals also have Strengths and Weaknesses

• Continuous Testing & Training for everyone

• Cyber Hygiene - everyone has to be involved

AGILE Cyber Technology

GSA has been working with the Office of American Innovation (OAI) and American Technology Council to improve the process to achieve an Authority to Operate (ATO) alone the following dimensions:

• Reducing toil that inhibits our ability to scale improvements

• Decreasing errors from manual activities

• Increasing speed to process (approvals and identification of issues)

• Increasing value-add of machine-readable data for improving risk management

One key component of this effort is identifying ways to incorporate automation into the ATO process. To assist agencies and industry collectively, GSA would like to have a better understanding of the existing commercially available products, and practices, that the government could use to automate any portion of the ATO process

Solutions

• Must Face Reality (Myth Busting)• Fight the Fight not the Plan

• Cyber is Crime (No Quick Fixes)

• Current Cyber Process is Linear not AGILE

• Cyber is bigger than IT & Engineering

• Systemic Changes is Needed• People

• Process

• Technology

LCID Cyber PanelQuestion & Answer

lcid cyber panel - wild apricot

Documents