Infected over 45,000 machines
Waited for the right conditions
Targeted highly specific electronically controlled systems
IP Addresses in Iran
Presence of key technologies that indicate the system is installed in a vulnerable power plant
Forces the industrial process to self-destruct ID: 760916
DownloadNote - The PPT/PDF document "SECURITY MODULE - Iranian Nuclear Attack" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Approach to Secure IP Platforms
Clarence Pape
March 12, 2011
Slide2Challenge
Aircraft Platforms are incredibly complex
Systems and networks degrade in quality and security over time
Controlled point testing does not replicate real-world scenariosNo room/budget for carrying emergency SMEsShift in systems and networks to IP-based = changes in quality + security?Agile test system that is configurable to meet high demandsModular software approach to reduce weight and increase capabilitiesLeverage expert COTS tools with mission-focused workflowsGenerate actionable data in real timeCollect detailed data for SME trend analysis
Solution
Slide3Stuxnet Worm
Iranian Nuclear Attack
Infected over 45,000 machines
Waited for the right conditionsTargeted highly specific electronically controlled systemsIP Addresses in IranPresence of key technologies that indicate the system is installed in a vulnerable power plantForces the industrial process to self-destruct
Slide4Overview of the Solution
ID Optimize
Advanced Policy Engine
Leverages the power of COTS toolsProvides a customized interface that can be designed to represent the exact data necessaryDetailed logs are created for analysis and policy updates
The power of enterprise-class tools, without the cost of SMEs.
Slide5ID Optimize -> DISA Air Mobility Test Suite
ID Optimize is a COTS tool developed by ID
DISA saw the potential
Custom workflows based on agency and missionAbility to be run by non-IT professionalsAbility to provide simple summaries for users and after-action reportsAbility to return highly granular data for trend analysis
Slide6What is IDOptimize
A flexible development framework that combines multiple COTS products for easy to use, integrated testing and reporting
Flexible – Integrate with COTS, GOTS or custom built systems
Modules designed for specific purposes = low training + high success rateModules shared across different platformsAutomation - Reduces human error - Increases productivity - Run more tests and test often - Compare results with previous test runs and platform baselines quicklySystematic testing leads to predictable and repeatable results
Slide7ANALOG MODULE
Slide8Slide9Slide10Slide11Slide12Slide13Comm Testing
Comm Test Module
Collect subjective
data and objective meta-data variables about tone quality and encryption success for end to end network segment mapping Systematically generate 3-10 tones at different human audible pitches Record the generated tones 250KH Provide actionable feedbackBenefits
Focused on the end user quality
True end-to-end system quality test, "through the demark”
Track over 50 different variables for quality control as a workflow
Plug and play
After action reports
Centralized database with full 250kHz data capture
Logistical data integration
Slide14REPORTING MODULE
Slide15Reporting
All information can be uploaded to central Control Centers and Reporting Engines instantly or in a batch process
The IDOptimize Test Suite Reporting Engine can also be used for mash-ups and deep dive analysis
Client-side mash-up technologies preserves user authentication through to primary databasesReports can include local information, as well as global information
Slide16Calls by GEP geo-coded and graphed by Altitude– success/failure
FOUO
Slide17Calls by GEP geo-coded and graphed by CCSD – success/failure
FOUO
Slide18Calls by GEP geo-coded and graphed by weather – success/failure
FOUO
Slide19SECURITY MODULE
Slide20Data Feeds
Policies
Summary Reports
Data Scanning
Network Status Indicator
Slide21Data Scanning
Slide22Data Feeds
Slide23Policies
Slide24Summary Reports
Slide25Network Status Indicator
Slide26IP Type Casting
Core Systems – Mission critical systems that are permanently attached to the plane for years at a time. These controls should have very tight policies.
Crew – Mission support systems that are carried on the plane for the mission. A wider variety of configurations may be acceptable here.
Guest – These systems may be of widely varying levels of civilian, commercial, or military security and may be removed from the network in cases where they can not be remediated due to lack of control/timing constraints.Other – This is a general designation open to interpretation based on the requirements of particular work flows.
Slide27Proposed Scan Policies 4 Degrees of Control
IAVA
Violations
Risk Level
3-6
Risk Level
0-3
Risk Level
6-9
FDCC
Violations
Cat III
Cat II
Cat
I
Slide28Summary
Avoid SME Costs (IP Security, Signals Analysts, etc)
Security of IP Networks in disconnected/semi-connected state
Communication quality shift and drift over timeSystematic approach to root cause analysisIncrease use of software and virtualizationAgile solutions approach is quickly extendable to meet demandsSoftware DevelopmentAcquisitionRelevant data integrationCentralized dataMash-ups maintain security
Next Slides
Nuclear security and
The green movement
The cold war era
Security in the internet of things (iot)
Timelines and nuclear deals with iran
Voice over ip (voip) security
Security evaluation of an
Automotive security security aspects on intelligent transpor