protect your enterprise with secure and resilient information flow aviation week
DESCRIPTION
Protect Your Enterprise with Secure and Resilient Information Flow Aviation Week Aerospace and Defense Cybersecurity Forum 31 March 2010. Robert F. Brammer, Ph.D . VP Advanced Technology and CTO Northrop Grumman Information Systems. Key Points for This Presentation. - PowerPoint PPT PresentationTRANSCRIPT
HEADER / FOOTER INFORMATION (SUCH AS NORTHROP GRUMMAN PRIVATE / PROPRIETARY LEVEL I)
Protect Your Enterprise with Secure and Resilient
Information Flow
Aviation Week
Aerospace and Defense Cybersecurity Forum
31 March 2010
Robert F. Brammer, Ph.D.VP Advanced Technology and CTO
Northrop Grumman Information Systems
HEADER / FOOTER INFORMATION (SUCH AS NORTHROP GRUMMAN PRIVATE / PROPRIETARY LEVEL I)
Key Points for This Presentation
• Enterprise information systems and services are increasing in size, distribution, functionality, and value– Includes both IT networks and infrastructure networks– Rapid develop of new architectures, standards, and products– Increasing business significance but also larger and more valuable targets
• Threats are increasing rapidly in sophistication, breadth, and speed– “The Advanced Persistent Threat” is a primary example
• Protection of the enterprise requires a multidimensional strategy – Northrop Grumman addresses challenges with significant investments– Layered architecture, facilities, advanced research, education and training,
professional activity leadership, …
• A strategy, operations and research plans, and significant investments are needed– Passwords and patching are not adequate– Cyber threats and defenses will be continually evolving– Long-term issue
HEADER / FOOTER INFORMATION (SUCH AS NORTHROP GRUMMAN PRIVATE / PROPRIETARY LEVEL I)
THE GROWTH OF ENTERPRISE
INFORMATION SYSTEMS AND SERVICES
HEADER / FOOTER INFORMATION (SUCH AS NORTHROP GRUMMAN PRIVATE / PROPRIETARY LEVEL I)
Global Information Transformation
• Nearly 2B Internet users globally – Internet World Stats
• US e-commerce grew 11% in 2009 to $155B, another 11% growth expected in 2010 – Forrester Research
• Americans consumed 3.6 zettabytes of information in 2008 -- UCSD
HEADER / FOOTER INFORMATION (SUCH AS NORTHROP GRUMMAN PRIVATE / PROPRIETARY LEVEL I)
Global IP traffic will increase by a factor of three from 2010 to 2013, approaching 56 exabytes per month in 2013, compared to approximately 9 exabytes per month in 2008.
By 2013, annual global IP traffic will reach two-thirds of a zettabyte (673 exabytes).
By 2013, the various forms of video (TV, VoD, Internet Video, and P2P) will exceed 90 percent of global consumer traffic.
By 2013, global online video will be 60 percent of consumer Internet traffic (up from 35 percent in 2010). Mobile data traffic will roughly double each year from 2010 through 2013.
Cisco Network Traffic Forecasts
Cisco Visual Networking Index
HEADER / FOOTER INFORMATION (SUCH AS NORTHROP GRUMMAN PRIVATE / PROPRIETARY LEVEL I)
New Information System Architectures
Green IT
Optical NetworksMobile Computing
HEADER / FOOTER INFORMATION (SUCH AS NORTHROP GRUMMAN PRIVATE / PROPRIETARY LEVEL I)
Critical Infrastructure Enterprises
• Infrastructure networks interface directly to 3D world– Nodes – generators,
terminals, ports, storage, …– Links – pipelines,
transmission lines, tunnels, …– Traffic – objects, material, …
• Cyberspace networks are used for control and reporting
• Convergence of networks, technologies, and interfaces– Significant performance and
cost benefits– SmartGrid initiatives are a
significant example– Significant security
implications
TransportationChemical Production
Water TreatmentOil Refineries
Electric Power Generation and Grid Control
HEADER / FOOTER INFORMATION (SUCH AS NORTHROP GRUMMAN PRIVATE / PROPRIETARY LEVEL I)
Network Convergence and Integration
• “Network Convergence” has multiple industry implications – Data, voice, video in a single
network– Cyber and infrastructure
networks in a single network– Protocols – moving to IP-based
protocols from local protocols – Network interfaces – connecting
sensors and control rooms to the Internet and to corporate WANs
– “An Internet of things”
• Network integration occurs in corporate and government reorganizations, M&A, …
• Many operational and security R&D issues arise from immature technology, processes, and management
HEADER / FOOTER INFORMATION (SUCH AS NORTHROP GRUMMAN PRIVATE / PROPRIETARY LEVEL I)
THREATS TO THE ENTERPRISE
NORTHROP GRUMMAN PRIVATE / PROPRIETARY LEVEL I
“The national security of the United States, our economic prosperity, and the daily functioning of our government are dependent on a dynamic public and private information infrastructure, which includes telecommunications, computer networks and systems, and the information residing within. “
“This critical infrastructure is severely threatened.”
Dennis BlairUS Intelligence Community Annual
Threat AssessmentFebruary 2, 2010
Cybersecurity – “A Severe Threat”
NORTHROP GRUMMAN PRIVATE / PROPRIETARY LEVEL I
US oil industry hit by cyberattacks: Was China involved?Christian Science Monitor January 25, 2010
“At least three US oil companies were the target of a series of previously undisclosed cyberattacks that may have originated in China and that experts say highlight a new level of sophistication in the growing global war of Internet espionage.”
“… the FBI alerted them that year and in early 2009. Federal officials told the companies proprietary information had been flowing out, including to computers overseas, …”
“The oil and gas industry breaches, were focused on one of the crown jewels of the industry: valuable “bid data” detailing the quantity, value, and location of oil discoveries worldwide,
Cyberespionage and the Theft of Intellectual Property
Broad New Hacking Attack Detected Global Offensive Snagged Corporate, Personal Data at nearly 2,500 CompaniesWall Street Journal February 18, 2010
“Hackers in Europe and China successfully broke into computers at nearly 2,500 companies and government agencies over the last 18 months in a coordinated global attack that exposed vast amounts of personal and corporate secrets to theft, …”
“Industry estimates of losses from intellectual property to data theft in 2008 range as high as $1 trillion.” Whitehouse Cyberspace Policy Review May 2009
HEADER / FOOTER INFORMATION (SUCH AS NORTHROP GRUMMAN PRIVATE / PROPRIETARY LEVEL I)
The Growth of Internet Crime
“Of the top five categories of offenses reported to law enforcement during 2009, non-delivered merchandise and/or payment ranked 19.9%; identity theft, 14.1%; credit card fraud, 10.4%; auction fraud, 10.3%; and computer fraud (destruction/damage/vandalism of property), 7.9%.”
HEADER / FOOTER INFORMATION (SUCH AS NORTHROP GRUMMAN PRIVATE / PROPRIETARY LEVEL I)
TransportationTransportationWaterWater
Electric PowerElectric Power Oil and Natural Gas
Oil and Natural Gas
CommunicationsCommunications
Government Government Banking and Finance
Banking and Finance
Emergency Response
Emergency Response
MilitaryMilitary
PeoplePeople
Coordinated Cyber and Physical Attacks
• Cyber pre-attack – Targeting, espionage, disinformation, …
• Real-time cyber attack – suppression of comms and response
• Cyber post-attack – target backup and recovery
Physical Attack
Coordinated Cyber Attacks
Before the Russian invasion into Georgia commenced, cyber attacks were already being launched against a large number of Georgian governmental websites, making it among the first cases in which an international political and military conflict was accompanied – or even preceded – by a coordinated cyber offensive.
Cooperative Cyber Defence Center Of ExcellenceTallinn, Estonia
November 2008
HEADER / FOOTER INFORMATION (SUCH AS NORTHROP GRUMMAN PRIVATE / PROPRIETARY LEVEL I)
New Architectures Lead to New Security Questions and Challenges
• New architectures lead to many functionality, performance, and cost advantages
• Resulting security issues are far too often underestimated
Web 2.0 a Top Security Threat in 2010, Survey FindseWeek February 22, 2010
Internet security provider Webroot reports IT managers in small to midsize businesses believe malware spread through social networks, Web 2.0 applications and other Web-based vectors will pose the most serious risk to information security in 2010.
Twitter phishing hack hits BBC, PCC … and Guardian … and cabinet minister … and bankThe Guardian February 26, 2010
Thousands of Twitter users have seen their accounts hijacked after a viral phishing attack which sends out messages saying "this you??“
How to Plan for Smartphone Security in the EnterpriseeWeek 2009-07-13
One of the major challenges CIOs face is the deployment and security of smartphones in the enterprise.
NORTHROP GRUMMAN PRIVATE / PROPRIETARY LEVEL I
Addressing the Threats
• Many plans by government and industry are creating rapid growth in cybersecurity markets
Power Up on Smart Grid Cyber SecurityWall Street Journal February 25, 2010
“The M&A world is on fire right now when it comes to cyber-security issues relating to utility infrastructure,”
Pike Research expects the global smart grid cyber security market to grow to $4.1 billion in 2013 at a compound annual growth rate of 35%.”
“That squares against Morgan Stanley estimates…”
HEADER / FOOTER INFORMATION (SUCH AS NORTHROP GRUMMAN PRIVATE / PROPRIETARY LEVEL I)
NORTHROP GRUMMAN CYBERSECURITY
OPERATIONS
NORTHROP GRUMMAN PRIVATE / PROPRIETARY LEVEL I
Northrop Grumman Cybersecurity Operations Center
NORTHROP GRUMMAN PRIVATE / PROPRIETARY LEVEL I
Security Includes Identity Management Multi-Layer Security Architecture
Multi-Layered approach to security across our networks, systems, facilities, data, intellectual property, and other information assets
Policies, architecture, processes, technology Access and configuration management
NORTHROP GRUMMAN PRIVATE / PROPRIETARY LEVEL I
Cybersecurity Awareness and Training
Regular company-wide communications are strategic
NORTHROP GRUMMAN PRIVATE / PROPRIETARY LEVEL I
Northrop Grumman Cybersecurity Thought Leadership
• Example – Paper on APT defense
• Presented at the 13th Colloquium for Information Systems Security Education – University of Alaska, Fairbanks
Seattle, WA June 1 - 3, 2009
• This paper describes some relevant Northrop Grumman security processes– Communicate APT risks– To increase awareness of
situations that should alarm– To define the actions that
employees should take to minimize these risks
NORTHROP GRUMMAN PRIVATE / PROPRIETARY LEVEL I
Northrop Grumman CybersecurityIndustry Leadership
• Defense Security Information Exchange (DSIE)
• National Security Information Exchange (NSIE)
• Alliance for Enterprise Security Risk Management
• US NATO delegate
• DoD – Defense Information Base (DIB)
• Internet Security Alliance (ISA) Board
• Customer Advisory Councils – Microsoft, Oracle, ISS (IBM), EMC
• US Computer Emergency Readiness Team (CERT) Portal Member
• Critical Warning Infrastructure Network (CWIN) member
• Smart Card Alliance
• Partnership for Critical Infrastructure Security
• Corporate Executive Board - Information Risk Executive Council (IREC)
• Research Board - Digital Security Board (DSB)
• TransGlobal Secure Collaboration (TSCP)/CertiPath
• FAA InfoSec Advisory Board
• Honeynet Project
• Forum of Incident Response and Security Teams (FIRST) – Chairing, Future of First Task Force
• Formal Agreements with Intel & Law Enforcement
• IT ISAC/NCC (Homeland Security)
• National Infrastructure Advisory Council (NIAC)
• National Security Telecommunications Advisory Council (NSTAC)
• Network Centric Operations Industry Consortium
Robert F. BrammerNorthrop Grumman
NORTHROP GRUMMAN PRIVATE / PROPRIETARY LEVEL I
ADVANCED CYBERSECURITY
RESEARCH
NORTHROP GRUMMAN PRIVATE / PROPRIETARY LEVEL I
Federal Cybersecurity Research
• Growing recognition that the US has underinvested in cybersecurity
• Requirements for cybersecurity research have been assessed many times by organizations like the National Academies, the National Science and Technology Council, the Federal Networking and Information Technology R&D Program, OSTP, DHS, and others
• The 2010 Federal budget for cybersecurity research is $372M (DARPA, DOD services, NSA, NIST, NSF) – NITRD Presentation (March 2010)
NORTHROP GRUMMAN PRIVATE / PROPRIETARY LEVEL I
Northrop Joins With Academics For Cybersecurity Work
December 1, 2009• “Northrop Grumman Corp is joining with several U.S.
universities in a consortium to address near and long-term Internet security.”
• “…to find ways to secure computer hardware, software and systems that support information sharing around the globe.”
Northrop links to academics to boost cyber defense Dec 1 2009
WASHINGTON (Reuters) - Northrop Grumman Corp unveiled Tuesday an industry-academic research group to tackle growing cyber threats to U.S. computer networks and to networked infrastructure.
Northrop Grumman Cybersecurity Research Consortium
NORTHROP GRUMMAN PRIVATE / PROPRIETARY LEVEL I
Superior Technology Assessment, Development & Transition, and Modeling & SimulationSuperior Technology Assessment, Development & Transition, and Modeling & Simulation
Labs for R&D in Cyber Assessment, Modeling, Simulation and Testing
Millersville, MDMillersville, MD
Range OperationsRange Operations
Rapid Rapid Development Development
VASCICVASCIC
Cyber Warfare Cyber Warfare Integration Network Integration Network (CWIN)(CWIN)
NORTHROP GRUMMAN PRIVATE / PROPRIETARY LEVEL I
CONCLUDING REMARKS
NORTHROP GRUMMAN PRIVATE / PROPRIETARY LEVEL I
Concluding Remarks
• Protecting the enterprise is an increasingly difficult challenge
– Many dimensions of enterprise growth– Dynamic threat environment– Protection requires multifaceted
approach
• Overall, cybersecurity problems will become worse before the status improves
• Near-term progress is certainly possible
– 90%+ of security problems arise from situations for which there are known solutions
– Need for improved implementations
• Cybersecurity is a long-term strategic issue for government and industry
– Patching poorly designed systems is clearly not working
– Solutions will require sustained and multidisciplinary R&D and broad implementation
Case Study: Bank Defeats Attempted Zeus Malware Raids of Business Accounts
Gartner March 24, 2010
22 Banking Breaches So Far in 2010Report: Hacking, Insider Theft Continue to be Top TrendsBankInfoSecurity March 23, 2010
There have been 173 reported data breaches so far in 2010, and 22 of these involve financial services companies.