secure your space: the internet of things

Copyright © 2015 Raytheon Company. All rights reserved. Customer Success Is Our Mission is a registered trademark of Raytheon Company.

Michael K. DalyChief Technology OfficerCybersecurity and Special Missions

Daly has more than 29 years in security and information systems, in both the federal government and private sector. As CTO of Raytheon’s CSM division, he provides cyber solutions to domestic and international government and commercial customers, delivers quick-reaction mission solutions, and provides support to high consequence special missions. He is a principle engineering fellow, and provides leadership in Raytheon's cyber technologies for our global customers. Additionally, Daly supports the National Security Telecommunications Advisory Committee to the President of the United States.

SECURE YOUR SPACE: THE INTERNET OF THINGS


People Connecting with People.


Machines, Machines and Sometimes People.


That’s a lot of stuff talking to other stuff.

In 2014 there were:


And there is so much more coming.

6.8B today 12.5B today


IoT has its roots in Net-Centric Warfare.


Sensors. Effectors. Data. Lots of Data.


… vulnerable to everything and everyone else.


Trusted, Innovative Solutions to Make the World a Safer Place


Understand the impacts of IoT devices before we implement.

Data proliferation impactWhat controls are in place to protect the data and the systems that transmit,

process and store the data (e.g., encryption, authentication, monitoring)?

Physical impact and harm introduced by effectors and actuators

What controls are in place to limit the physical impact in the event of a compromise?

Risk of diminished interoperability amongst government systems

What would happen to adjacent and reliant systems if this IoT set should fail to provide trustworthy information or to operate properly?

Opportunities for adversaries to implement new covert communications methods

What mechanisms do we have to identify and control unwanted communications?

Opportunities for an adversary to conduct large scale PsyOps, creating events or complicating emergency response

What measures can be implemented to identify and constrain unwanted social engineering?

Attack surface impactWhat controls are in place to limit the exposure of the attack surface

and to contain a threat in the event of a compromise?


Raytheon | Websense Addressing the Commercial Market

29MAY2015Raytheon announced the completion of a joint venture transaction with leading private equity firm, Vista Equity Partners, to create a first-of-its-kind commercial company specifically designed to meet the needs of the evolving cybersecurity environment. The joint venture combines Websense, a leading provider of Data Theft Prevention solutions, with Raytheon Cyber Products, the products-focused portion of Raytheon’s overall cyber business.


Maintaining Trust in Time & Space


Platform Hardening & Resilience

Electronic Armor and UAVsAt this year’s Association of the United States Army annual meeting and exposition in Washington, D.C., Raytheon’s cyber team demonstrated how an adversary could hack and crash a drone not protected by Raytheon’s Electronic Armor, and how a protected drone could persist through the commands.

“We’re trying to illustrate the destructive nature of what can happen in an operational environment,” said Brian Stites, portfolio manager for the Cyber and Special Missions. “We believe the next few decades will be dominated by advancements in cyber and hardware like drones and robotics.”

http://web.onertn.ray.com/news/2014/10/20141024_DQC8YQ46MG.html


Wearable Situational Awareness

WearablesRaytheon’s Distributed Common Ground System – Army Lite software integrated with its Wearable Situational Awareness capabilities (DCGS-A Lite) is an “all source” intelligence analysis software suite that provides the ability to discover and visualize enterprise data from the Department of Defense and Intelligence Community, and disseminate hostile force locations down to the network’s edge.

DCGS-A Lite addresses intelligence gaps with the ability to operate in connected, disconnected and limited bandwidth modes.

http://web.onertn.ray.com/news/2014/10/20141024_DQC8YQ46MG.html


Bringing Situational Awareness to the Battlefield


Rapid 3-D Prototyping and Manufacturing of Slow-Wave Structures for mmW and THz High-Power Electronic Devices

3-D Printing of Radomes 3-D Printed Radomes for UAV-Based Wideband Comms 3-D Printed Rocket Motor for Small Munitions

Advances in Additive Manufacturing


Self-Healing: Fully Automated Computer Security

“… a new generation of fully automated cyber defense systems … automated Cyber Reasoning Systems will compete against each other in real time.”


Quantum Computing

Quantum Information Research Company, Raytheon BBN, Honored for Sustained Innovation2FEB2013Raytheon BBN Technologies has been awarded the National Medal of Technology and Innovation for "sustained innovation through the engineering of first-of-a kind, practical systems in acoustics, signal processing, and information technology." President Barack Obama presented the medal in a White House ceremony Friday.“Superconducting artificial atoms offer fast and reliable processing, and light offers fast and reliable transmission over long distances. Combining light and superconducting artificial atoms offers the best of both and is a promising development for building a large-scale quantum computer.” –Will Kelly, Raytheon BBN, 2010http://arxiv.org/pdf/0912.3291v3.pdf


Questions?


Know Your Data.

With the large amount of data generated by the IoT, a key question is “How can I ensure the data used by this system remains reliable?” The answer can actually be found within existing government strategies for information assurance for FOUO and classified systems interoperability. Data can be encrypted with simple tools like S/MIME or more complex systems like Information Rights Management solutions. Data separation and risk containment can be provided through virtual machine technology, database containers, and cross-domain solutions brought over from the military domain. Systems must be hardened, not just patched; unnecessary services and applications must be removed and remaining software configured appropriately. (So many systems built for the IoT either on the device side or the cloud side are based on multi-purpose operating systems and are left with many features running that unnecessarily expose risk.) And, critically, the use of the data should be monitored with a privileged user monitoring and insider threat tool.


Know The Device.

General Keith Alexander, the National Security Agency’s director, said “The cyber domain is a dynamic domain that changes every time you power on a device.” With each new device that enters this domain, new vulnerabilities and threats are introduced. In military parlance, we say that we have an increased attack surface.

A good security organization must do solid research on new devices to understand what is embedded in the devices entering their business ecosystem: what data is generated and what

data is being transmitted; where does the device transmit

its data; what connections will it accept

from other devices in your environment;

does the device have on-board storage that an adversary could use to store software and data;

does the device try to do automatic updates; and most importantly,

if an adversary had access to the sensors and data generated by this device (including the personal devices your users are bringing into the building), what advantage would it give them?


Know The Insider.

The IoT brings its benefits through the analysis of changes, based on the collection of vast amounts of data that are often personal and sensitive. This information, particularly in the aggregate, is extremely valuable not only to the society but to our potential adversaries. Protecting sensitive data from external threats has been the focus of cybersecurity investments since the first computers were used. But that’s only half the story. It’s critical for companies to have insider-focused security and continuous monitoring that can detect anomalies, inappropriate privileged user activity, and determine when information has been accessed inappropriately. These strategies must include behavioral analytics, not just simple rules and policies. Episodes such as the Target, Wikileaks and the Snowden breaches have shown that the most significant risk of damage to customer trust and to our missions is posed by internal system access. This can come from the disgruntled employee, or the unaware supplier, or an advanced nation-state adversary using a sophisticated chain to operate from the inside.


Privacy

Decentralizing Privacy: Using Blockchain to Protect Personal Data (Enigma)Users can own and control their data without compromising security or limiting personalized services by combining a blockchain, re-purposed as an access-control moderator, with an off-blockchain storage solution. Users are not required to trust any third-party and are always aware of the data that is being collected about them and how it is used. Moreover, laws and regulations could be programmed into the blockchain itself, so that they are enforced automatically. In other situations, the ledger can act as legal evidence for accessing (or storing) data, since it is (computationally) tamper-proof.http://web.media.mit.edu/~guyzys/data/ZNP15.pdf

Not Raytheon, but interesting …


Intel and Micron have new class of non-volatile memory that is 1000 times faster and 10 times denser than NAND Flash memoryNext Big Future, 28JUL20153D XPoint™ technology is a non-volatile memory that has the potential to revolutionize any device, application or service that benefits from fast access to large sets of data. Now in production, 3D XPoint technology is a major breakthrough in memory process technology and the first new memory category since the introduction of NAND flash in 1989.

As the digital world quickly grows – from 4.4 zettabytes of digital data created in 2013 to an expected 44 zettabytes by 2020 – 3D XPoint technology can turn this immense amount of data into valuable information in nanoseconds. For example, retailers may use 3D XPoint technology to more quickly identify fraud detection patterns in financial transactions; healthcare researchers could process and analyze larger data sets in real time, accelerating complex tasks such as genetic analysis and disease tracking.

Cybersecurity of Big Data Requires Faster Storage

http://nextbigfuture.com/2015/07/intel-and-micron-have-new-class-of-non.html

Not Raytheon, but interesting …