/
Massimo Scipioni TRUST Autumn Conference 2011 Massimo Scipioni TRUST Autumn Conference 2011

Massimo Scipioni TRUST Autumn Conference 2011 - PowerPoint Presentation

debby-jeon
debby-jeon . @debby-jeon
Follow
346 views
Uploaded On 2018-11-02

Massimo Scipioni TRUST Autumn Conference 2011 - PPT Presentation

Realizing intrinsically cyber secure large systems Outline Introduction The problem context The solution Development process Users processes and procedures Cyber Command amp Control Conclusions ID: 710319

systems cyber large security cyber systems security large system amp control command secure attacks development processes management support data

Share:

Link:

Embed:

Download Presentation from below link

Download Presentation The PPT/PDF document "Massimo Scipioni TRUST Autumn Conference..." is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.


Presentation Transcript

Slide1

Massimo ScipioniTRUST Autumn Conference 2011

Realizing intrinsically cyber secure large systemsSlide2

Outline

Introduction

The problem context

The solution

Development process

Users’ processes and procedures

Cyber Command & Control

ConclusionsSlide3

IntroductionSlide4

Introduction (1/2)

“State of the Art” seamless Offer, ranging from Products to Integrated

Systems and Solutions

.

HOMELAND PROTECTION

DEFENCE SYSTEMS

BORDER & TERRITORY PROTECTION

CRITICAL INFRASTRUCTURES PROTECTION

CRISIS MANAGEMENT

MAJOR EVENTS

C4ISTAR SYSTEMS

NCW INFRASTRUCTURES

AIR DEFENCE SYSTEMS

BATTLESPACE C4ISTAR SYSTEMS

AIRBORNE, SURVEILLANCE & SECURITY SYSTEMS

AIRBORNE

MISSION SYSTEMS

ATC/ATM & AIRPORT SYSTEMS

VTMS &

MARITIME AWARENESS

ADVANCED IT FOR SECURITY,

LOGISTICS, AUTOMATION

AVIONICS (EW, RADAR, EO)

NAVAL RADARS & FIRE CONTROL SYSTEMS

GROUND RADARS

NAVAL COMBAT SYSTEMS INTEGRATION

GROUND COMMAND & CONTROL SYSTEMS

NAVAL & GROUND

AVIONIC CNI

PROFESSIONAL TETRA - WiMAX

SENSOR

INTEGRATED SYSTEMS

COMMAND & CONTROL

COMMUNICATIONSSlide5

Introduction (2/2)

A large system is a system of systems, namely a network of interconnected systems that cooperate to perform common functions, more and more in terms of network enabled capability.

FINMECCANICA assigned to SELEX

Sistemi

Integrati

the prime contractor and architect mission role for large systems development.

Playing this role the Company is responsible for defining large systems requirements, both functional and non-functional.

Security is a crucial non-functional requirements family when developing large systems. Cyber security is the flow down of general security measures to protect against and react to cyber attacks.

The Company is therefore approaching the problem to realize large systems intrinsically cyber secure.Slide6

The problem contextSlide7

A definition

Cyber security is the collection of tools, policies, security concepts, security safeguards, guidelines, risk management approaches, actions, training,

bestpractices

, assurance and technologies that can be used to

protect the cyber environment, organization and users’ assets.

General security objectives:

availability

;integrity (which may include authenticity and non-repudiation);

confidentiality.Slide8

Objectives and threats

Availability

The capability of the system to protect data and processes from the denial of service to the authorized users.

Main threat

:

Distributed Denial of Service.

Integrity

The capability of the system to protect data and processes from unauthorized changes.

Main threats:

Exploit,

Rootkit

.

Confidentiality

The capability of the system to protect data and processes from unauthorized access.

Main threats

: Eavesdropping, Keylogging, Data Exfiltration.

8Slide9

The problem (1/3)

Cyber attacks cover a wide range of actions: attacks can affect data, processes and programs, as well as the network environment.

Such attacks might involve intrusions into networks for the purpose of compromising data, degrading communications, interrupting commerce, or impairing critical infrastructures (such as transportation or medical and emergency services).

Stuxnet

taught us a lesson!Slide10

The

problem

(2/3)

Besides

,

the

whole is more vulnerable than the composing parts.

Integrating diverse and heterogeneous systems a degradation of the derived large system in the cyber security domain emerges.

This means that a large system may be affected by vulnerabilities due to its intrinsic complexity. Such vulnerabilities may even not affect the composing systems.

How do we fill this gap?

Realizing intrinsically cyber secure large systems.Slide11

The

problem

(3/3)

How do we develop intrinsically cyber secure large systems?

Not just providing large systems with firewalls, IDSs, etc., in other words not just surrounding the system with a

Maginot line

but

Adopting a cyber security oriented system design and development process.

Defining operating processes and procedures to guide system users, at any level, to work in respect of cyber security requirements.

Providing large systems with a cyber command & control that analyses, protects and contrasts cyber intrusions.Slide12

The development processSlide13

Cyber security

oriented

life

cycle

Requirements definition

Security requirements

Abuse cases

Architectural

design

Threat modeling

Risk

a

nalisys

Implementation

Testing

Deployment

Secure coding

Secure testing

Penetration testing

Secure code review

Vulnerability management

Secure deployment

Operational enabling

Security Testing

Attack Patterns – Security PatternsSlide14

Design and development of artefacts (1/2)

Hardware architecture and network topology

are designed to be highly resilient and such that cyber security related non functional requirements are fully satisfied.

Software architecture

mapping onto the hardware architecture is optimized

wrt

the cyber security requirements. Functional and non-functional requirements allocation components is cyber security driven.Slide15

Design and development of artefacts (2/2)

Software code artefacts

at

any architectural

level

are not affected by defects originating vulnerabilities

.

Software testing artefacts

stress the system to simulate the possible kinds of attack foreseen for the system under test, performing penetration testing, security testing, etc.

A cyber secure operating system

is the basement upon which build secure applications.

Common core

Application

CustomizationSlide16

The users’ processes and proceduresSlide17

Users’ processes and procedures

Users’ and operators’ behaviour is crucial to the cyber security.

A set of cyber security oriented processes and procedures to guide users is produced as part of the large system development.

This will largely reduce the occurrences of the so called insider threats, namely attacks both volunteer and non-volunteer due to system users and operators. Internal attacks are definitely more dangerous than the external ones.

Very often cyber attacks causing significant damages are originated from incautious actions (e.g. infected USB keys).

Training programs will be put in place to build the necessary awareness in the personnel who will be using the system.

Need to know

and

responsibility to share

policies will be set forth and adopted by the users’ community.

Following this approach, the cyber security related human factors become an integrated part of the large system design and development.Slide18

The Cyber Command & ControlSlide19

Cyber Command & Control (1/4)

A cyber command & control is provided as part of the large system.

Such cyber command & control application is the large system cyber security supervisor and embraces the whole large system.

It integrates the lower level cyber security applications, embedded in the composing systems, and provides additional functions in order to build an overall protection and to guarantee an improved cyber security capability to the whole large system.Slide20

Cyber Command & Control (2/4)

Systems

Cyber Command & Control

Malicious activities detection

Post attacks restoring support

Attacks prevention and defence

Intelligence and Decision Support

Consolidated information

Assurance picture management

Cyber Command & Control Data Base

Non open sources (e.g. ISP)

Open

s

ources (e.g. web)

Risks and threats dynamic

assessment

Risk analysis

Vulnerability assessment

Platform application information

Log

Network monitoring

Cyber events

Risk

management

Patch management

CER

T

interoperability

Anomaly

management

Incident

management

Counter

measures

Open

info

Non open

infoSlide21

Cyber Command & Control (3/4)

Consolidated information assurance picture management

Provide operators with a real time human computer interface to interact with the Cyber Command & Control:

Visualize all the node of networks in the domain under control,

Visualize the geo-reference of systems, networks, nodes and incidents,

Visualize the risk status of all the assets in the domain.

Malicious activity detection

Collect and correlate information coming from:

Network monitoring,

Application status monitoring,

Access control,

in order to detect malicious activity.

Attacks prevention and defense

Stop or mitigate any detected attack and implement preventive measures to avoid attacks.Slide22

Cyber Command & Control (4/4)

Risks and threats dynamic assessment

Project the current situation into the future,

Assess the damage incurred from an attack,

Improve the understanding of threats by assessing on-going attacks.

Post attacks restoration support

Support the composing systems in restoring after

an attack has been stopped and the damage has been assessed:

Replace compromised systems and information,

Take actions with respect to compromised confidentiality of information.

Intelligence and decision support

Support operations by accessing and exploiting any kind of open and non-open sources relevant to the cyber defence and security situation,

Correlate and fuse heterogeneous data coming from diverse sources to support the intelligence processing,

Support operators in taking decision as to the best way to manage situations, providing alternative scenarios.Slide23

ConclusionsSlide24

Conclusions

The development of cyber secure large systems is based on three main pillars:

A design, development, integration and deployment process oriented to cyber defence and security;

Users’ and operators’ processes and procedures oriented to cyber security;

A cyber command and control embedded in the large system.

From the architectural perspective, the whole stack, from the hardware platforms up to the application software, are rigorously cyber secure.

All the concepts discussed is applied to both the newly developed large systems and the legacy ones.

This way a holistic approach is applied to the realization of cyber secure large systems.Slide25

Thank you for your attentionSlide26

Via

Tiburtina

, Km 12.400

00131 - Roma, Italia

T. +39 06 41501

SELEX Sistemi Integrati