JO-Oxford_Preso - International Cyber Center
Download
Report
Transcript JO-Oxford_Preso - International Cyber Center
Between The Sword and Shield:
The Role of the
Network Operations & Security Center
David Garfield Managing Director
Electronics Systems Group
Detica – A BAE Systems Company
John Osterholz Vice President
Cyber Warfare and Cybersecurity
BAE Systems Information Solutions
Export Approval Number: IS-ES-072109-175
Cybersecurity … Cyber Defense … Critical Infrastructure
Data Privacy
and Sharing
Dot com Dot gov
Dot mil Dot edu
Dot “pick your noun”
DWDM technology
Voice Over IP (VOIP)
Anything Over IP (AOIP)
Services Oriented Architecture (SOA)
Personal Back Office Convergence
Social Media
Entertainment
Gaming
Peer to Peer (P2P)
Jeez, this is
really getting
complicated
Nation States
Organized Crime
Terrorists
Just about anyone
We Love a Hard Problem
Export Approval Number: IS-ES-072109-175
BAE SYSTEMS EI&S Operating Group
April 2009
An Evolving Threat - Post Millennium
“CEOs who think cybercrime is
just the business of CIOs are like
Enron’s shrugging off the
companies books as something
for the accounting department.”
Net Present Impact in operational terms
• In just six months in 2007:
• Requirements for system “cleanings” increased 200 percent
• Trojan malware downloads and drops increased 300 percent
Characteristic of exploitive attacks since 2004
• “Over the past few years, the focus of endpoint exploitation has
dramatically shifted from operating system to the Web browser
* Ref: IBM Internet Security
and multimedia applications.”*
Systems X-Force 2008 MidYear Trend Statistics
Export Approval Number: IS-ES-072109-175
BAE SYSTEMS EI&S Operating Group
April 2009
The Growing Role of the Insider Threat
“Daddy, something’s wrong with your Blackberry …”
Export Approval Number: IS-ES-072109-175
BAE SYSTEMS EI&S Operating Group
April 2009
Total Warfare Then and Now:
The Lesson of Two Georgias
Georgia I
“I Will Make Georgia Howl”
“… it is useless for us to
occupy it; but the utter
destruction of its roads,
houses, and people, will
cripple their military
Georgia II
resources..”
The Next Dimension
GEN W.T. Sherman
1864
“… Russian tanks rolled
into the country's territory,
in what experts said
Wednesday was an
ominous sign that cyberattacks might foreshadow
future armed conflicts.”
Moscow Times
2008
Export Approval Number: IS-ES-072109-175
"In the very near
future, many
conflicts will not
take place just on
the open field of
battle, but rather in
spaces on the
Internet, fought with
the aid of
information
soldiers”
Nikolai Kuryanovich, former
member of the Russian Duma
BAE SYSTEMS EI&S Operating Group
April 2009
Cybersecurity and Cyber Defense –
Its no longer just about Comms and Networks
Application & Data Intensive
Environments
Cognitive Heuristics –
Time Constrained
Reasoning
Limitations of a Communications and Network Technology Mindset
Export Approval Number: IS-ES-072109-175
BAE SYSTEMS EI&S Operating Group
April 2009
The US and UK Alignment is Significant and Growing
NATO UNCLASSIFIED
Cyber Defence Efforts
in NATO – What’
What’s Next
• New Strategic Concept: Delineate cyber
defence roles of NATO and Nations
• Expand NATO’s cyber defence capability
• Implement cyber events into military
exercises
• Coordinate & implement national best
practices through the cyber defence
Centre of excellence
• Field a Command & Control reference
capability – Stress / attack the NATO
reference system for vulnerabilities
NATO UNCLASSIFIED
The Strategy highlights the need for
Government, business, international
partners and the public to work
together to meet our strategic
objectives of reducing
risk and exploiting opportunities …”
Cyber Security Strategy of the United Kingdom (2009)
5
“The Nation also needs a
strategy for cybersecurity
designed to shape the
international environment and
bring like-minded nations
together …”
U.S. Cyberspace Policy Review (2009)
Successfully managing our information resources against
Advanced and Persistent Threats will require an
organizational integration of network and security disciplines
Export Approval Number: IS-ES-072109-175
BAE SYSTEMS EI&S Operating Group
April 2009
An Overarching Organizational Model
Cyber
technical
research
Threat coordination
Threat monitoring
and analysis
• The ICT infrastructure
Threat response
ICT infrastructure
Business systems and processes
Information Risk Management and
Information Assurance Policies
The Internet
Data collection
• The business systems
and processes for which
cyber space is used
Behaviour, responsibility and training
• Dedicated threat
detection together with
associated responses
• A strong coordination layer
providing situational
awareness as well as
alignment with activities
outside the cyber domain
The Network Operations and Security Center (NOSC) represents
a key operational instantiation of this model
Export Approval Number: IS-ES-072109-175
BAE SYSTEMS EI&S Operating Group
April 2009
Enter the Network Operations & Security Center
(NOSC)
Network Operations
Center
Legacy
CONOPS
Security Operations
Center
New CONOPS
Network Operations
and Security
Center
Dynamic Situational Awareness
Degraded Operations
Cyber Defense Information Sharing
NATO-ACT ID ’08 Brussels, Belgium
Export Approval Number: IS-ES-072109-175
BAE SYSTEMS EI&S Operating Group
April 2009
Key Functionality of the Leading Edge NOSC
Moving from Cyber Forensics to Run Time Cyber Operations
All Source
Information
Critical
Cyberspace
Domains
• .mil
• .gov
• DIB partners
• .nato.int
• etc.
Advanced &
Persistent Threats
Intelligence
Analysis
Reporting
Visualization
Digital
Cyber
Processing
Collection
Environment
Environments
Data - Knowledge
Fusion
OP
- Intel
Collaboration
Network
Operations
Management
Visualization
Cross Domain
Info Sharing
• Dynamic Situational Awareness
• Degraded Operations
• Cyber Defense Information Sharing
Mission
User
Users
Leading Edge
NOSC
Focus
Test, Training & Exercise (TT&E)
Export Approval Number: IS-ES-072109-175
BAE SYSTEMS EI&S Operating Group
April 2009
High Level Cyber Architecture Implications of a NOSC
1
All Source
Information
Critical
Cyberspace
Domains
• .mil
• .gov
• DIB partners
• .nato.int
• etc.
Advanced &
Persistent Threats
5
Intelligence
Analysis
Reporting
Visualization
Digital
Cyber
Processing
Collection
Environment
Environments
1
2
• All Source Scope
• Autonomic Assist
• Forensic & Run Time
• Cognitive Visualization
3
• Data to Knowledge
• Inherently Cross-Domain
• Federated Operational Trust
4
• Cognitive Visualization
• Course of Action Agile
• Inherently Cross-Domain
• Federated Operational Trust
5
• Salient Environment
• Flexible and Extensible
• Embedded Capability
2
3
Data - Knowledge
Fusion
OP
- Intel
Collaboration
Network
Operations
Management
Visualization
Cross Domain
Info Sharing
4
Mission
User
Users
• Operate at Net Speed
• Multiple Phenomenology
• Analyst Agile
Test, Training & Exercise (TT&E)
Export Approval Number: IS-ES-072109-175
BAE SYSTEMS EI&S Operating Group
April 2009
The New Frontier Mission
Innovative applications of
information
technology capabilities, solutions and
services needed to adapt, assure and
sustain mission operations while under
attack
Export Approval Number: IS-ES-072109-175
BAE SYSTEMS EI&S Operating Group
April 2009