Realizing intrinsically cyber secure large systems Outline Introduction The problem context The solution Development process Users processes and procedures Cyber Command amp Control Conclusions ID: 710319
Download Presentation The PPT/PDF document "Massimo Scipioni TRUST Autumn Conference..." is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Massimo ScipioniTRUST Autumn Conference 2011
Realizing intrinsically cyber secure large systemsSlide2
Outline
Introduction
The problem context
The solution
Development process
Users’ processes and procedures
Cyber Command & Control
ConclusionsSlide3
IntroductionSlide4
Introduction (1/2)
“State of the Art” seamless Offer, ranging from Products to Integrated
Systems and Solutions
.
HOMELAND PROTECTION
DEFENCE SYSTEMS
BORDER & TERRITORY PROTECTION
CRITICAL INFRASTRUCTURES PROTECTION
CRISIS MANAGEMENT
MAJOR EVENTS
C4ISTAR SYSTEMS
NCW INFRASTRUCTURES
AIR DEFENCE SYSTEMS
BATTLESPACE C4ISTAR SYSTEMS
AIRBORNE, SURVEILLANCE & SECURITY SYSTEMS
AIRBORNE
MISSION SYSTEMS
ATC/ATM & AIRPORT SYSTEMS
VTMS &
MARITIME AWARENESS
ADVANCED IT FOR SECURITY,
LOGISTICS, AUTOMATION
AVIONICS (EW, RADAR, EO)
NAVAL RADARS & FIRE CONTROL SYSTEMS
GROUND RADARS
NAVAL COMBAT SYSTEMS INTEGRATION
GROUND COMMAND & CONTROL SYSTEMS
NAVAL & GROUND
AVIONIC CNI
PROFESSIONAL TETRA - WiMAX
SENSOR
INTEGRATED SYSTEMS
COMMAND & CONTROL
COMMUNICATIONSSlide5
Introduction (2/2)
A large system is a system of systems, namely a network of interconnected systems that cooperate to perform common functions, more and more in terms of network enabled capability.
FINMECCANICA assigned to SELEX
Sistemi
Integrati
the prime contractor and architect mission role for large systems development.
Playing this role the Company is responsible for defining large systems requirements, both functional and non-functional.
Security is a crucial non-functional requirements family when developing large systems. Cyber security is the flow down of general security measures to protect against and react to cyber attacks.
The Company is therefore approaching the problem to realize large systems intrinsically cyber secure.Slide6
The problem contextSlide7
A definition
Cyber security is the collection of tools, policies, security concepts, security safeguards, guidelines, risk management approaches, actions, training,
bestpractices
, assurance and technologies that can be used to
protect the cyber environment, organization and users’ assets.
General security objectives:
availability
;integrity (which may include authenticity and non-repudiation);
confidentiality.Slide8
Objectives and threats
Availability
The capability of the system to protect data and processes from the denial of service to the authorized users.
Main threat
:
Distributed Denial of Service.
Integrity
The capability of the system to protect data and processes from unauthorized changes.
Main threats:
Exploit,
Rootkit
.
Confidentiality
The capability of the system to protect data and processes from unauthorized access.
Main threats
: Eavesdropping, Keylogging, Data Exfiltration.
8Slide9
The problem (1/3)
Cyber attacks cover a wide range of actions: attacks can affect data, processes and programs, as well as the network environment.
Such attacks might involve intrusions into networks for the purpose of compromising data, degrading communications, interrupting commerce, or impairing critical infrastructures (such as transportation or medical and emergency services).
Stuxnet
taught us a lesson!Slide10
The
problem
(2/3)
Besides
,
the
whole is more vulnerable than the composing parts.
Integrating diverse and heterogeneous systems a degradation of the derived large system in the cyber security domain emerges.
This means that a large system may be affected by vulnerabilities due to its intrinsic complexity. Such vulnerabilities may even not affect the composing systems.
How do we fill this gap?
Realizing intrinsically cyber secure large systems.Slide11
The
problem
(3/3)
How do we develop intrinsically cyber secure large systems?
Not just providing large systems with firewalls, IDSs, etc., in other words not just surrounding the system with a
Maginot line
but
Adopting a cyber security oriented system design and development process.
Defining operating processes and procedures to guide system users, at any level, to work in respect of cyber security requirements.
Providing large systems with a cyber command & control that analyses, protects and contrasts cyber intrusions.Slide12
The development processSlide13
Cyber security
oriented
life
cycle
Requirements definition
Security requirements
Abuse cases
Architectural
design
Threat modeling
Risk
a
nalisys
Implementation
Testing
Deployment
Secure coding
Secure testing
Penetration testing
Secure code review
Vulnerability management
Secure deployment
Operational enabling
Security Testing
Attack Patterns – Security PatternsSlide14
Design and development of artefacts (1/2)
Hardware architecture and network topology
are designed to be highly resilient and such that cyber security related non functional requirements are fully satisfied.
Software architecture
mapping onto the hardware architecture is optimized
wrt
the cyber security requirements. Functional and non-functional requirements allocation components is cyber security driven.Slide15
Design and development of artefacts (2/2)
Software code artefacts
at
any architectural
level
are not affected by defects originating vulnerabilities
.
Software testing artefacts
stress the system to simulate the possible kinds of attack foreseen for the system under test, performing penetration testing, security testing, etc.
A cyber secure operating system
is the basement upon which build secure applications.
Common core
Application
CustomizationSlide16
The users’ processes and proceduresSlide17
Users’ processes and procedures
Users’ and operators’ behaviour is crucial to the cyber security.
A set of cyber security oriented processes and procedures to guide users is produced as part of the large system development.
This will largely reduce the occurrences of the so called insider threats, namely attacks both volunteer and non-volunteer due to system users and operators. Internal attacks are definitely more dangerous than the external ones.
Very often cyber attacks causing significant damages are originated from incautious actions (e.g. infected USB keys).
Training programs will be put in place to build the necessary awareness in the personnel who will be using the system.
Need to know
and
responsibility to share
policies will be set forth and adopted by the users’ community.
Following this approach, the cyber security related human factors become an integrated part of the large system design and development.Slide18
The Cyber Command & ControlSlide19
Cyber Command & Control (1/4)
A cyber command & control is provided as part of the large system.
Such cyber command & control application is the large system cyber security supervisor and embraces the whole large system.
It integrates the lower level cyber security applications, embedded in the composing systems, and provides additional functions in order to build an overall protection and to guarantee an improved cyber security capability to the whole large system.Slide20
Cyber Command & Control (2/4)
Systems
Cyber Command & Control
Malicious activities detection
Post attacks restoring support
Attacks prevention and defence
Intelligence and Decision Support
Consolidated information
Assurance picture management
Cyber Command & Control Data Base
Non open sources (e.g. ISP)
Open
s
ources (e.g. web)
Risks and threats dynamic
assessment
Risk analysis
Vulnerability assessment
Platform application information
Log
Network monitoring
Cyber events
Risk
management
Patch management
CER
T
interoperability
Anomaly
management
Incident
management
Counter
measures
Open
info
Non open
infoSlide21
Cyber Command & Control (3/4)
Consolidated information assurance picture management
Provide operators with a real time human computer interface to interact with the Cyber Command & Control:
Visualize all the node of networks in the domain under control,
Visualize the geo-reference of systems, networks, nodes and incidents,
Visualize the risk status of all the assets in the domain.
Malicious activity detection
Collect and correlate information coming from:
Network monitoring,
Application status monitoring,
Access control,
in order to detect malicious activity.
Attacks prevention and defense
Stop or mitigate any detected attack and implement preventive measures to avoid attacks.Slide22
Cyber Command & Control (4/4)
Risks and threats dynamic assessment
Project the current situation into the future,
Assess the damage incurred from an attack,
Improve the understanding of threats by assessing on-going attacks.
Post attacks restoration support
Support the composing systems in restoring after
an attack has been stopped and the damage has been assessed:
Replace compromised systems and information,
Take actions with respect to compromised confidentiality of information.
Intelligence and decision support
Support operations by accessing and exploiting any kind of open and non-open sources relevant to the cyber defence and security situation,
Correlate and fuse heterogeneous data coming from diverse sources to support the intelligence processing,
Support operators in taking decision as to the best way to manage situations, providing alternative scenarios.Slide23
ConclusionsSlide24
Conclusions
The development of cyber secure large systems is based on three main pillars:
A design, development, integration and deployment process oriented to cyber defence and security;
Users’ and operators’ processes and procedures oriented to cyber security;
A cyber command and control embedded in the large system.
From the architectural perspective, the whole stack, from the hardware platforms up to the application software, are rigorously cyber secure.
All the concepts discussed is applied to both the newly developed large systems and the legacy ones.
This way a holistic approach is applied to the realization of cyber secure large systems.Slide25
Thank you for your attentionSlide26
Via
Tiburtina
, Km 12.400
00131 - Roma, Italia
T. +39 06 41501
SELEX Sistemi Integrati