fou för cybersäkerhet i mobila nät -...
TRANSCRIPT
FoU för cybersäkerhet i mobila nät
2016
Per M. Gustavsson, PhD Senior Advisor Cyber Security
Några attackvektorer • Intercept and modify deliveries of network infrastructure equipment
• Lack of security measures
• Collaboration vs Common understanding of security levels
• Misconfigured or outdated security measures
• Social Engineering & Manipulation
• APT – Advanced Persistent Threats
• Precision Targeted Malware (eg: Stuxnet, Duqu, Flame)
• Denial of Service (DoS)
• Delivery Time of messages
• Data Correctness / Degradation (over time)
• Seizure / Capture of buffer unit
Functions of Command and Control
• Gathering information on own forces, the enemy, the weather and the terrain • Finding means to store, retrieve, filter, classify, distribute and display the
information • Assessing the situation • Laying down objectives and working out alternative means for attaining them • Deciding what to do • Planning • Writing orders and transmitting them as well as verifying their arrival and proper
understanding by the recipients • Monitoring the execution by means of feedback, at which the process repeats
itself
Van Creveld (1985)
Physical Domain
Information Domain
Cognitive Domain
See first, more
Sense making Understand
Faster and Better
Execution Act Decisively
Planning Decide
Faster and Better
Knowledge Superiority
Decision Superiority
Information Superiority
Effects Superiority
Network Enabled
Capability
Network Enabled Capabilities (After Ruud van Dam 2004, Alberts & Hayes)
* Partial System Listing
SKL
ASIP SINCGARS
CSS VSAT
TACSAT
AN/PRC-150C
EPLRS
Smart-T
JNN
GBS
Command Post
DCGS-A
Warlock
DTSS
TAIS
IMETS
DTSS
ACT-E
MCS
BCS3
ADAM Cell
IDM-T
ISYSCON v4
DCGS-L
GCCS-A
Enablers
BCCS
117G
BFT/ FBCB2
AFATDS
SIPR, NIPR VOIP
CPOF
A2C2S
Generators
Displays, Shelters & ECUs
MC OTM
The C2 Challenge
Often no usable products exist Producers of the technology shake out or fail
success stories and scores of failures
how the technology can benefit the enterprise start to crystallize 2nd-3rd generation
Mainstream adoption starts to take off
IoT Autonomus Vehicles
Smart Robots
Cloud
Quantum
Big Data Kritisk Infrastruktur
Integritet
© 2014 Gartner
2014
EMERGING TECHNOLGY TRENDS
Big Data
Volume • TP,PB, EB, ZB • Records • Transactions • Files
Velocity • Batch • Sparse • Interval • Near Real-Time • Real-Time
Variety • Structured • Unstructered • Semi-Structured • Multi-Structured
21
Expectations Visibility
2011
2012
2013
2014 Internet of Things
Often no usable products exist Producers of the technology shake out or fail
success stories and scores of failures
how the technology can benefit the enterprise start to crystallize 2nd-3rd generation
Mainstream adoption starts to take off
After Gartner 2008-2014
Gadgets används på andra sätt än vad de byggdes för utmaningar för säkerhet
RTO-MP-MSG-076 #14 2010-09-17 Per M. Gustavsson
MULTILEVEL SECURITY – EN VÅT FILT
DatamanagerDatamanager
Connectivity DriverSSL
Connectivity DriverRTPS
IP IPSec
Network Network
InformationExchange
ObjectModel
InformationZone 1ObjectModel
T(x)
T(x)
Datamanager
Connectivity DriverSSL
IPSec
Network
InformationExchange
ObjectModel
Datamanager
Connectivity DriverRTPS
IP
Network
InformationZone 2ObjectModel
T(x)
T(x)
Zone 1 Zone 2
Sieves and Filters (Data Diode) allows and prohibits information to leave and enter
An Information Exchange Object Model Only contains information that are to be exchanged.
Expectations Visibility
Quantum Computers
2014
2013
2012 2011
Often no usable products exist Producers of the technology shake out or fail
how the technology can benefit the enterprise start to crystallize 2nd-3rd generation
Mainstream adoption starts to take off
After Gartner 2008-2014
© 2005 Roy Kasltschmidt
QUANTUM and Cyber Security
Quant computers calculate faster Quant Crypto provide better key distribution
D Wave Systems Inv
QUANTUM and Cyber Security
Vadim Makarov
RSA
PGP ECC
Quant computers calculate faster Quant Crypto provide better key distribution
AUTONOMOUS SYSTEMS
COM ADS-B Video Radar
IR
GPS
IMU
Magnetometer
Pilot system
Guidance
Navigation Control
Communication Control System: Bryta sig in i kommunikationsprotokoll och därefter nå access Application Logic: EW
Application Logic Felaktig data – Manipulering av sensorer, system status data, navigations data, C2
Control Systems Förhindra CPU/HW att fungera som tänkt – Buffer overflow, system resets, malicious code, HW förändringar
Mission plan
Hardware attack –Access to physical system Communication Attack – via communication or support systems Sensor Spoofing – False data
Campos Basin Scenario - ADS-B The scenario is the Air
Traffic Control operations in the Campos Basin.
The Campos Basin is a petroleum rich area located in the Rio de Janeiro state, and is responsible for 80% of Brazil's petroleum production (1 million 265 thousand barrels).
Oil development operations include heavy helicopter traffic between the continent and oceanic fields during daytime, with an average of 50 minutes per flight.
Legend
Airfield
Oil Field
WHAT ARE THE ASSETS
Business Layer Revenue - OIL Organization/Management Awareness, Planning, Execution Supply Chain of • Strategic Guidance • Concept Development • Plan Development • Plan Assessment • Orders ---------------- Technology Application layer Information layer Mission Assurance Layer Networking Layer Telecommunications Layer Sensors, Actuators & Data Layer
Campos Basin Scenario
The main airport in the Region (Macaé) has a Radar Station that supports the Air Traffic Service (ATS) within the Terminal Control Area (45 NM radius from the airport based at 9500 feet).
Most oil platforms are located more than 60 Nautical Miles from Macaé and the helicopter flights are carried out at low altitude.
Therefore, the ATS provided on most of the oceanic area is based on non-radar procedures, which significantly reduces the efficiency of air operations.
Link16 från Google search Marketing info (Northrup Grumman):
Paper from Australian Government, Department of Defence;
"Extending the Wireshark Network Protocol Analyser to Decode Link 16 Tactical Data Link Messages"
http://dspace.dsto.defence.gov.au/dspace/handle/dsto/10478
U.S. military tactical data links vulnerable to electromagnetic warfare threat, according to Committee report
“The committee believes that future conflicts against threats with anti-access/area-denial capabilities could see significant threats to U.S. airborne and ground tactical data links. However, the committee is concerned that many such data links are not currently designed or funded to operate against a robust electromagnetic warfare threat. …"
http://groundreport.com/u-s-military-tactical-data-links-vulnerable-to-electromagnetic-warfare-threat-according-to-committee-report/
"… It should be noted that China has developed, as early as 2007 what is called a virtual road map for attacking tactical data link communications:
They have carefully consulted dozens of corporate web sites and military tactical data link operator guides, as well as North Atlantic Treaty Organization (NATO) and U.S. military tactical and technical manuals, to produce a virtual guidebook for electronic warfare and jamming to disrupt critical U.S. cooperative target engagement and command, control, communications, computers, and intelligence, surveillance and reconnaissance (C4ISR) data links: Tactical Data Links in Information Warfare"
Air Hopper (78MHz) Tx:DisplayCable Rx:FM Reciever 7m 104-480 bit
Ultrasonic ( ) Tx:Speaker Rx:Microphone 20m 20 Savat (80kHz) Tx:Cpu/Memory Rx:Dedicated 1 N/A BitWhisoer TX:CPU/GPU Rx:HeatSensor 0,5 8bit/h GSMem
Government resolution on tax breaks for employment in Cyberspark
Ben-Gurion University
High Tech Park (ATP)
IDF Technology
Campus
CERT-IL
Cyber Security Research Center
MASAD With the MoD’s DDR&D
$10 million (2013-2014)
The Cyber Security Industry in Israel
KIDMA With the MoE’s OCS
$25 million (2013-2014)
Government resolution on
tax breaks in the Cyberspark
Designated vehicles on top of general investments: 300 companies (about 100 are new)
20 MNCs with related R&D activity
Annual exports of $3 billion
Nearly $200 million raised in 2014
~5% of the global market and
~10% of VC deals
Cybersäkerhet några tips
Security topic Minimum "Recommended"
Technical Infrastructure Standards & Procedures Hardening & Audits
Supplier Management Procurement Procedures Technical Lot audits
Configuration Management Standards & Procedures Configuration audits
Security Awareness Security trainings Continuous HR checks
Network Control Network Monitoring Network Traffic Analysis
WiFi Control Network Monitoring WiFi Scanning/Sniffing
Common Security Levels Common Understanding Defined Standard
Standards and Controls
The only security tech worth anything is the one that gets used
The solution must be easy to use; for the users for the administrators for the developers For the integrators
SECURITY IS DIFFICULT