Transcript Presentation Title

Protect Your Enterprise
with Secure and Resilient
Information Flow
Aviation Week
Aerospace and Defense Cybersecurity Forum
31 March 2010
Robert F. Brammer, Ph.D.
VP Advanced Technology and CTO
Northrop Grumman Information Systems
HEADER / FOOTER INFORMATION (SUCH AS NORTHROP GRUMMAN PRIVATE / PROPRIETARY LEVEL I)
Key Points for This Presentation
• Enterprise information systems and services are increasing in size,
distribution, functionality, and value
– Includes both IT networks and infrastructure networks
– Rapid develop of new architectures, standards, and products
– Increasing business significance but also larger and more valuable targets
• Threats are increasing rapidly in sophistication, breadth, and speed
– “The Advanced Persistent Threat” is a primary example
• Protection of the enterprise requires a multidimensional strategy
– Northrop Grumman addresses challenges with significant investments
– Layered architecture, facilities, advanced research, education and training,
professional activity leadership, …
• A strategy, operations and research plans, and significant
investments are needed
– Passwords and patching are not adequate
– Cyber threats and defenses will be continually evolving
– Long-term issue HEADER / FOOTER INFORMATION (SUCH AS NORTHROP GRUMMAN PRIVATE / PROPRIETARY LEVEL I)
THE GROWTH OF
ENTERPRISE INFORMATION
SYSTEMS AND SERVICES
HEADER / FOOTER INFORMATION (SUCH AS NORTHROP GRUMMAN PRIVATE / PROPRIETARY LEVEL I)
Global Information Transformation
•
Nearly 2B Internet users globally – Internet World Stats
•
US e-commerce grew 11% in 2009 to $155B, another 11% growth
expected in 2010 – Forrester Research
•
Americans consumed 3.6 zettabytes of information in 2008 -- UCSD
HEADER / FOOTER INFORMATION (SUCH AS NORTHROP GRUMMAN PRIVATE / PROPRIETARY LEVEL I)
Cisco Network Traffic Forecasts
Global IP traffic will increase by a factor
of three from 2010 to 2013, approaching
56 exabytes per month in 2013, compared
to approximately 9 exabytes per month in
2008.
By 2013, annual global IP traffic will reach
two-thirds of a zettabyte (673 exabytes).
By 2013, the various forms of video (TV,
VoD, Internet Video, and P2P) will exceed
90 percent of global consumer traffic.
By 2013, global online video will be 60
percent of consumer Internet traffic (up
from 35 percent in 2010).
Mobile data traffic will roughly double
each year from 2010 through 2013.
Cisco Visual Networking Index
HEADER / FOOTER INFORMATION (SUCH AS NORTHROP GRUMMAN PRIVATE / PROPRIETARY LEVEL I)
New Information System Architectures
Green IT
Optical Networks
HEADER / FOOTER INFORMATION (SUCH AS NORTHROP GRUMMAN PRIVATE / PROPRIETARY LEVEL I)
Mobile Computing
Critical Infrastructure Enterprises
•
Infrastructure networks
interface directly to 3D world
– Nodes – generators, terminals,
ports, storage, …
– Links – pipelines, transmission
lines, tunnels, …
– Traffic – objects, material, …
•
Cyberspace networks are used for
control and reporting
•
Convergence of networks,
technologies, and interfaces
– Significant performance and
cost benefits
– SmartGrid initiatives are a
significant example
– Significant security
implications
Transportation
Water Treatment
Chemical Production
Oil Refineries
Electric Power Generation and Grid Control
HEADER / FOOTER INFORMATION (SUCH AS NORTHROP GRUMMAN PRIVATE / PROPRIETARY LEVEL I)
Network Convergence and Integration
•
“Network Convergence” has
multiple industry implications
– Data, voice, video in a single
network
– Cyber and infrastructure networks
in a single network
– Protocols – moving to IP-based
protocols from local protocols
– Network interfaces – connecting
sensors and control rooms to the
Internet and to corporate WANs
– “An Internet of things”
•
Network integration occurs in
corporate and government
reorganizations, M&A, …
•
Many operational and security
R&D issues arise from immature
technology, processes, and
management
HEADER / FOOTER INFORMATION (SUCH AS NORTHROP GRUMMAN PRIVATE / PROPRIETARY LEVEL I)
THREATS TO THE ENTERPRISE
HEADER / FOOTER INFORMATION (SUCH AS NORTHROP GRUMMAN PRIVATE / PROPRIETARY LEVEL I)
Cybersecurity – “A Severe Threat”
“The national security of the United
States, our economic prosperity, and the
daily functioning of our government are
dependent on a dynamic public and
private information infrastructure,
which includes telecommunications,
computer networks and systems, and
the information residing within. “
“This critical infrastructure is
severely threatened.”
Dennis Blair
US Intelligence Community Annual
Threat Assessment
February 2, 2010
NORTHROP GRUMMAN PRIVATE / PROPRIETARY LEVEL I
Cyberespionage and the Theft of
Intellectual Property
Broad New Hacking Attack Detected
Global Offensive Snagged Corporate, Personal Data
at nearly 2,500 Companies
Wall Street Journal
February 18, 2010
“Hackers in Europe and China successfully broke into
computers at nearly 2,500 companies and government
agencies over the last 18 months in a coordinated global
attack that exposed vast amounts of personal and corporate
secrets to theft, …”
US oil industry hit by cyberattacks: Was China involved?
Christian Science Monitor January 25, 2010
“At least three US oil companies were the target of a series of previously undisclosed cyberattacks that may
have originated in China and that experts say highlight a new level of sophistication in the growing global war
of Internet espionage.”
“… the FBI alerted them that year and in early 2009. Federal officials told the companies proprietary
information had been flowing out, including to computers overseas, …”
“The oil and gas industry breaches, were focused on one of the crown jewels of the industry: valuable “bid
data” detailing the quantity, value, and location of oil discoveries worldwide,
“Industry estimates of losses from intellectual property to data theft in 2008
range as high as $1 trillion.”
Whitehouse Cyberspace Policy Review May 2009
NORTHROP GRUMMAN PRIVATE / PROPRIETARY LEVEL I
The Growth of Internet Crime
“Of the top five categories of offenses reported to law enforcement during 2009,
non-delivered merchandise and/or payment ranked 19.9%; identity theft, 14.1%;
credit card fraud, 10.4%; auction fraud, 10.3%; and computer fraud
(destruction/damage/vandalism
of property), 7.9%.”
HEADER / FOOTER INFORMATION (SUCH AS NORTHROP GRUMMAN PRIVATE / PROPRIETARY LEVEL I)
Coordinated Cyber and Physical Attacks
Coordinated
Cyber Attacks
•
Cyber pre-attack – Targeting, espionage, disinformation, …
•
Real-time cyber attack – suppression of comms and response
•
Cyber post-attack – target backup and recovery
Banking and
Finance
Government
People
Water
Physical Attack
Transportation
Electric Power
Communications
Oil and
Natural Gas
Emergency
Response
Military
Before the Russian invasion into Georgia commenced, cyber attacks were already being launched
against a large number of Georgian governmental websites, making it among the first cases in which
an international political and military conflict was accompanied – or even preceded – by a
coordinated cyber offensive.
Cooperative Cyber Defence Center Of Excellence
Tallinn, Estonia
November 2008
HEADER / FOOTER INFORMATION (SUCH AS NORTHROP GRUMMAN PRIVATE / PROPRIETARY LEVEL I)
New Architectures Lead to New
Security Questions and Challenges
• New architectures lead
to many functionality,
performance, and cost
advantages
• Resulting security
issues are far too often
underestimated
Twitter phishing hack hits BBC,
PCC … and Guardian … and
cabinet minister … and bank
The Guardian
Thousands of Twitter users have
seen their accounts hijacked after a
viral phishing attack which sends
out messages saying "this you??“
How to Plan for Smartphone Security
in the Enterprise
eWeek 2009-07-13
One of the major challenges CIOs
face is the deployment and security
of smartphones in the enterprise.
February 26, 2010
Web 2.0 a Top Security Threat in 2010, Survey Finds
eWeek
February 22, 2010
Internet security provider Webroot reports IT managers in
small to midsize businesses believe malware spread
through social networks, Web 2.0 applications and other
Web-based vectors will pose the most serious risk to
information security in 2010.
HEADER / FOOTER INFORMATION (SUCH AS NORTHROP GRUMMAN PRIVATE / PROPRIETARY LEVEL I)
Addressing the Threats
• Many plans by
government and industry
are creating rapid
growth in cybersecurity
markets
Power Up on Smart Grid Cyber Security
Wall Street Journal
February 25, 2010
“The M&A world is on fire right now when it comes to cyber-security issues
relating to utility infrastructure,”
Pike Research expects the global smart grid cyber security market to grow to $4.1
billion in 2013 at a compound annual growth rate of 35%.”
“That squares against Morgan Stanley estimates…”
NORTHROP GRUMMAN PRIVATE / PROPRIETARY LEVEL I
NORTHROP GRUMMAN
CYBERSECURITY OPERATIONS
HEADER / FOOTER INFORMATION (SUCH AS NORTHROP GRUMMAN PRIVATE / PROPRIETARY LEVEL I)
Northrop Grumman Cybersecurity
Operations Center
Computer
Network Defense
Monitoring
• Monitors the NGGN and
related devices for signs of
malicious activity
Vulnerability Mgmt
• Security risks and ensuring
appropriate remediation
Patch Management
• Rapid deployment of vendor
provided fixes to identified
vulnerabilities
Forensics
• Information security postincident analysis
Incident Response
• Rapid response to malicious
activity on the NGGN and
related environments
Cyber Threat
• Analysis of emerging
threats to the NGGN and
related environments
Sector
• Sector-specific computer
network defense
requirements
NORTHROP GRUMMAN PRIVATE / PROPRIETARY LEVEL I
Security Includes Identity Management
Multi-Layer Security Architecture
Multi-Layered approach to security across our networks, systems, facilities, data,
intellectual property, and other information assets
Policies, architecture, processes, technology
Access and configuration management
NORTHROP GRUMMAN PRIVATE / PROPRIETARY LEVEL I
Cybersecurity Awareness and
Training
Regular company-wide communications are strategic
NORTHROP GRUMMAN PRIVATE / PROPRIETARY LEVEL I
Northrop Grumman Cybersecurity
Thought Leadership
• Example – Paper on APT defense
• Presented at the 13th
Colloquium for Information
Systems Security Education
– University of Alaska, Fairbanks
Seattle, WA June 1 - 3, 2009
• This paper describes some
relevant Northrop Grumman
security processes
– Communicate APT risks
– To increase awareness of
situations that should alarm
– To define the actions that
employees should take to
minimize these risks
NORTHROP GRUMMAN PRIVATE / PROPRIETARY LEVEL I
Northrop Grumman Cybersecurity
Industry Leadership
•
Defense Security Information Exchange (DSIE)
•
National Security Information Exchange (NSIE)
•
•
Corporate Executive Board - Information Risk
Executive Council (IREC)
Alliance for Enterprise Security Risk Management
•
Research Board - Digital Security Board (DSB)
•
US NATO delegate
•
TransGlobal Secure Collaboration (TSCP)/CertiPath
•
DoD – Defense Information Base (DIB)
•
FAA InfoSec Advisory Board
•
Internet Security Alliance (ISA) Board
•
Honeynet Project
•
Customer Advisory Councils – Microsoft, Oracle, ISS
(IBM), EMC
•
Forum of Incident Response and Security Teams
(FIRST) – Chairing, Future of First Task Force
•
US Computer Emergency Readiness Team (CERT)
Portal Member
•
Formal Agreements with Intel & Law Enforcement
•
IT ISAC/NCC (Homeland Security)
•
Critical Warning Infrastructure Network (CWIN)
member
•
National Infrastructure Advisory Council (NIAC)
•
Smart Card Alliance
•
National Security Telecommunications Advisory
Council (NSTAC)
•
Partnership for Critical Infrastructure Security
•
Network Centric Operations Industry Consortium
Robert F. Brammer
Northrop Grumman
NORTHROP GRUMMAN PRIVATE / PROPRIETARY LEVEL I
ADVANCED CYBERSECURITY
RESEARCH
NORTHROP GRUMMAN PRIVATE / PROPRIETARY LEVEL I
Federal Cybersecurity Research
•
Growing recognition that the US has underinvested in cybersecurity
•
Requirements for cybersecurity research have been assessed many times by
organizations like the National Academies, the National Science and
Technology Council, the Federal Networking and Information Technology R&D
Program, OSTP, DHS, and others
•
The 2010 Federal budget for cybersecurity research is $372M (DARPA, DOD
services, NSA, NIST, NSF) – NITRD Presentation (March 2010)
NORTHROP GRUMMAN PRIVATE / PROPRIETARY LEVEL I
Northrop Grumman Cybersecurity
Research Consortium
Northrop links to
academics to boost
cyber defense
Dec 1 2009
Northrop Joins With Academics For Cybersecurity Work
December 1, 2009
•
“Northrop Grumman Corp is joining with several U.S.
universities in a consortium to address near and long-term
Internet security.”
•
“…to find ways to secure computer hardware, software and
systems that support information
sharing around the globe.”
NORTHROP GRUMMAN PRIVATE / PROPRIETARY LEVEL I
WASHINGTON (Reuters)
- Northrop Grumman
Corp unveiled Tuesday
an industry-academic
research group to tackle
growing cyber threats to
U.S. computer networks
and to networked
infrastructure.
Labs for R&D in Cyber Assessment,
Modeling, Simulation and Testing
VASCIC
Millersville, MD
Range Operations
Rapid Development
Cyber Warfare Integration
Network (CWIN)
Superior Technology Assessment, Development & Transition, and Modeling & Simulation
NORTHROP GRUMMAN PRIVATE / PROPRIETARY LEVEL I
CONCLUDING REMARKS
NORTHROP GRUMMAN PRIVATE / PROPRIETARY LEVEL I
Concluding Remarks
•
Protecting the enterprise is an
increasingly difficult challenge
–
–
–
Many dimensions of enterprise growth
Dynamic threat environment
Protection requires multifaceted approach
•
Overall, cybersecurity problems
will become worse before the
status improves
•
Near-term progress is certainly possible
–
–
•
90%+ of security problems arise
from situations for which there are known
solutions
Need for improved implementations
Cybersecurity is a long-term strategic
issue for government and industry
–
–
22 Banking Breaches So Far in 2010
Report: Hacking, Insider Theft
Continue to be Top Trends
BankInfoSecurity
March 23, 2010
There have been 173 reported data
breaches so far in 2010, and 22 of these
involve financial services companies.
Case Study: Bank Defeats
Attempted Zeus Malware Raids of
Business Accounts
Gartner
Patching poorly designed systems is
clearly not working
Solutions will require sustained and
multidisciplinary R&D and broad
implementation
NORTHROP GRUMMAN PRIVATE / PROPRIETARY LEVEL I
March 24, 2010