17 October 2017 Presented by RDML Ron Fritzemeier Chief Engineer Space and Naval Warfare Systems Command SPAWAR The overall classification of this brief is UNCLASSIFIEDFOUO Presented to ID: 776391
Download Presentation The PPT/PDF document " Navy Cybersecurity Engineering" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Navy Cybersecurity Engineering17 October 2017
Presented by:
RDML Ron FritzemeierChief EngineerSpace and Naval Warfare Systems Command (SPAWAR)
The overall classification of this brief is: UNCLASSIFIED//FOUO
Presented to:DAU West Acquisition Training Day
DISTRIBUTION C: Distribution authorized to the U.S. Government agencies and their contractors (Administrative or Operational Use). 18 Aug 2016. Other request for this document shall be referred to COMSPAWAR or SPAWAR 5.0.
Slide2Assistant Secretary of the Navy, Research, Development and Acquisition
Chief of Naval Operations
Fleet Readiness Directorate
CAPT
Ed Anderson
Rob Wolborsky, ED
Echelon III Activities
SPAWAR
Systems Center
Pacific
CAPT
Mel Yokoyama,
CO
Bill Bonwit,
ED
SPAWAR Space Field
ActivityCAPT Eric Hendrickson, CO
PEO Space SystemsRDML Carl Chebi
PEO EISRuth Youngs LewCAPT Don Harder, DPEO
PEO C4IRDML Carl ChebiJohn Pope, ED
5.0
Chief Engineer
RDML
Ron Fritzemeier
Mike Spencer, DCHENG
6.0
Program Management
Craig Madsen
1.0ComptrollerSteve Dunn
2.0ContractsNancy Gunderson
4.0Logistics & Fleet SupportWilliam Luebke
3.0Office of CounselAmy Weisman
8.0Corporate OperationsKimberly Kesler
7.0Science & TechnologyStephen Russell
SPAWAR COMMANDER
RADM C. D. Becker
Executive
DirectorPat Sullivan
SPAWAR Systems Center AtlanticCAPT Scott Heller, COChris Miller, ED
SPAWAR Washington Operations Thresa Lang
SPAWAR Organization
Slide3SPAWAR: The Navy’s Information Warfare (IW) Systems Command (SYSCOM)
As the Navy’s Information Warfare Systems Command,
SPAWAR
develops advanced
communications and information warfare
capabilities
Majority of systems developed at SPAWAR are software
intensive
systems
Slide4Overview
Navy is using a holistic systems engineering process to enhance cybersecurity readinessRMF is a part of that holistic processUsing Navy’s technical authority constructCross-Navy SYSCOM team effort to define Navy’s implementation of security controlsMaximize operational effectivenessMinimize Total Ownership CostUltimately about minimizing risk to successfully complete missionArticulate residual risk in fielded systems to support operations planning and development of TTPs to mitigate those risks
RMF is being integrated into Navy’s holistic Systems Engineering process
Slide5Cyber Resilience to Address Continuously Evolving Cyber Threats
The Cyber Threat
Increases in volume and sophistication at the speed of technologyContinuously EvolvesWill always remain a challenge, but…
Designing for Cyber Resiliency
Move to a defendable architecture by executing IT/IA TAB guidanceImplement the Defense-in-Depth Functional Implementation Architecture (DFIA)Implement the IA TA (Cybersecurity) Standards
That doesn’t mean we don’t know what to do
Slide6Anatomy of a Cyber Attack
Exploit / Exfiltration / Attack to Achieve Objective
Objective / Resources
Data Gathering / Target Identification
Identify Vulnerabilities / Scanning / Enumeration
Gain Access / Create Foothold
Multiple Footholds /Paths / Backdoors
Gain Escalated Privileges / Root Access
Obfuscate Presence
4
3
2
1
6
5
7
8
Discover
Penetrate
Probe
Escalate
Persist
Execute
Expand
Motive
Protect
Detect
Respond
Identify
Recover
Slide7Challenges to Improving Navy Cybersecurity
Today’s Navy Cyber Environment
Today’s Navy Infrastructure is Flat, Riddled with Seams and Flaws
The Collective Result of Individual Decisions
Infrastructure
:Too muchToo variedToo oldSoftware & Applications:Too manyToo varied to maintain it all
Infrastructure
:
Rapid hardware refresh as a requirementDecouple Hardware from Software & ApplicationsSoftware & Applications:Quality AssuranceConfiguration Management
Holistic Enterprise Approach to Drive Interoperability & Cybersecurity
UNCLAS//FOUO
UNCLAS//FOUO
UNCLAS//FOUO
Slide8Holistic Implementation Strategy
Designing for Cyber
Cyber Requirements
:
Higher level DoD guidance
National Institute of Standards & Technology (NIST)
Information Technology (IT) / Information Assurance (IA) Technical Authority Board (TAB)provides guidance tailored for Navy-specific implementation
Navy Cybersecurity Architecturewith Afloat, Ashore and Aviation instantiations
Cyber Specifications and Standardsguide POR/Project efforts toward common implementation of Security Controls
NAVY
PoRs/Projects
Slide9Requirements Flow
* Flowchart is representative of the DFIA vision to satisfy the required Cybersecurity controls
Requirements References
:DoDI 8500.01: CybersecurityDoDI 8510.01: Risk Management Framework for DoD ITCNSSI 1253: Committee on National Security Systems (CNSSI) 1253, “Security Categorization & Control Selection for National Security Systems”NIST SP 800-53: National Institute of Standards & Technology (NIST) Special Publication (SP) 800-53, “Security & Privacy Controls for Federal Information Systems & Organizations”NIST SP 800-82: National Institute of Standards & Technology (NIST) Special Publication (SP) 800-53, “Guide to Industrial Control Systems Security”DFIA: Defense-in-Depth Functional Implementation ArchitectureHLP: Host Level ProtectionISCM: Information Systems Continuous Monitoring
DoDI 8510.01
CNSSI 1253
NIST SP 800-53
NIST SP 800-82
(Applicable to NCS)
DoDI 8500.01
DFIA
Individual System Cybersecurity Requirements
(e.g. HLP, ISCM, Cyber SA, etc
.)
(e.g. HLP, ISCM, Cyber SA, etc
.)
Standards
(e.g. HLP, ISCM, Cyber SA, etc
.)
Applicable Guidance
TAB
Products
Slide10Providing Technical Leadership to Guide the Navy’s Enterprise Approach to Cyber
SPAWAR chairs the Information
Technology (IT) / Information Assurance (IA) Technical Authority Board (TAB)Cross-Navy governance board for reviewing, adjudicating & endorsing IT & IA TA products for use throughout the Naval EnterpriseThe authority, responsibility, and accountability to establish, monitor and approve technical standards, tools, and processes in conformance with DoD and DON policy, requirements, architectures, and standards
STAKEHOLDERS
PRINCIPAL MEMBERS
NAVSEA
NAVAIR
NAVFAC
NAVSUPMARCORDASN RDT&E
SPAWAR(TAB CHAIR)
PEOs / PMsNAVSEA 08HQMC C4DDCIO (MC)FCC / C10F
OPNAV N2N6DON CIODASN C4I / IO & Space
Driving Cybersecurity Consistently Across the Navy Enterprise
WORKING GROUPS
Information Assurance WG
Information Technology WG
Implementation WG
Cyber Risk to Mission WG
Slide11DFIA Standard Overview
Off Platform Communications
Platform Boundary
Enclave Boundary
Enclave
Enclave
Same security domain
Continuous security perimeter
Manages connections (communication) between enclaves on the same platform
Manages connections (communication) that goes off the platform (e.g., connects to the WAN)
Provides Quality of Service and Data in Transit Encryption
DFIA:
Defense-in-Depth Functional Implementation Architecture
Slide12Standards Mapped to the Architecture
*DFIA: Defense-in-Depth Functional Implementation Architecture
Slide13IA Standards Aligned to NIST FrameworkDesigned to Disrupt Cyber Kill Chain
NIST Framework
Anatomy of a Cyber Attack
Security & Resiliency
Slide14Risk Management Framework
Process Overview
ACAS, VRAM, etc.
Cybersecurity Engineering
Step 2
SELECTSecurity Controls
Step 1
CATEGORIZESystem
Step 6
MONITORSecurity Controls
Categorize the system in accordance with the CNSSI 1253
Initiate the Security PlanRegister system with DoD Component Cybersecurity ProgramAssign qualified personnel to RMF roles
Common Control Identification
Select security controls Develop system-level continuous monitoring strategyReview and approve Security Plan and continuous monitoring strategyApply overlays and tailor
Determine impact of changes to the system and environment
Assess selected controls annually Conduct needed remediationUpdate Security Plan, SAR, and POA&M Report security status to AOAO reviews reported status Implement system decommissioning strategy
Risk Management Framework Intended to Provide Greater Insight into Cyber RiskNot DIACAP by Another Name!
Authorizing Official (AO) / Functional Security Controls Assessor (SCA)
ProgramImplementation
Step 3
IMPLEMENTSecurity Controls
Step 4
ASSESSSecurity Controls
Step 5
AUTHORIZESystem
Prepare the POA&M
Submit Security Authorization Package (Security Plan, SAR, and POA&M) to AOAO conducts final risk determinationAO makes authorization decisions
Implement control solutions consistent with DoD Component Cybersecurity architectures
Document security control implementation in Security Plan
Develop and approve Security Assessment Plan
Assess security controls SCA prepares Security Assessment Report (SAR)Conduct initial remediation actions
RMF
Slide15Navy Approach to Cyber Engineering
Top-Down Engineering Approach
Determine Controls Using Top-down Engineering ApproachMaximizes RMF using a holistic SoS approachSYSCOM Engineering will assist systems with Steps 1 and 2 of RMFCategorization, Control SelectionAlignment with CYBERSAFEImproved Inheritance Efficiency across programsMinimize Rework
Leverage SYSCOM Engineering to Assist Programs with Cyber Requirements and RMF Transition
Desired end state is to monitor systems on a continuous basis
(RMF Step 6)
Slide16CYBERSAFE Grades & Controls
Only CYBERSAFE Grade A and B Systems Require CYBERSAFE Security Controls
Applicable Security Controls
Grade A
RMF + B + A
Grade B
RMF + B
Grade C
RMF
CYBERSAFE Grade C
No additional CYBERSAFE controls. Identifies RMF baseline set of controls from NIST 800-53 applicable to all DoD IT, weapons systems, and controls systems
CYBERSAFE Grade A
Applies
Grade B Controls and up to an additional 75 Enhanced Assurance Controls
CYBERSAFE Grade B
Applies up to
48 Assurance Controls
(equivalent to high baseline for C/I/A) and 31 Enhanced Assurance Controls
CYBERSAFE Grade A and B systems are CYBERSAFE Critical Items
CYBERSAFE Grade C systems are
not
CYBERSAFE Critical items
Slide17Systems EngineeringIntegrated with RMF and CYBERSAFE
Driving to a Single Integrated Synchronized Process with Multiple Authorities
Slide18Leadership Commitment to Improving Cyber Resilience
A Key Consideration in All Navy Acquisition Activities
Quarterly progress measurement and reporting reviews via the Cybersecurity EXCOM (VCNO and ASN RDA)
Cybersecurity Compliance of Information Assurance Technical Authority Standards
Clear direction from Navy Leadership
“We must implement these standards with a sense of urgency throughout the enterprise to counter the rapidly proliferating adversary cyber threats.”
Elevated priority of cybersecurity requirements → “a high priority when competed against other program requirements”“…where there are significant technical and financial obstacles from incorporating cybersecurity that impact the implementation of other valid mission capabilities, identify and execute feasible trade-offs within cost, schedule and performance to ensure the implementation of cybersecurity.”
Signed 8 Nov 2016VCNOASN RDA
Slide19Addressing VCNO/ASN RDA Direction
Cybersecurity Compliance of Information Assurance Technical Authority Standards
Signed 8 Nov 2016
VCNO
ASN RDA
SPAWAR’s approach for addressing Navy direction is DFIANT
SPAWAR is using DFIANT to
Align technical artifacts to drive design with POR schedulesC4I DFIANT (Tactical Afloat) → CANES OB2Shore Enterprise DFIANT → NGEN-RSupport the development of CONOPs and TTPs
Slide20IA TA Cybersecurity StandardsProvide High-Level Cybersecurity Requirements for Acquisition
Standards Lend Consistency to Cyber Acquisition Approach & Support Transition to RMF
COMSPAWAR
(RADM Dave Lewis):“Our intent in publishing these standards is for them to be included in design requirements, development and production contracts, or any other technical or engineering artifacts that touch on or influence cybersecurity designs for our various computer-based systems”
Working across SYSCOMs to ensure consistency of technical guidance and implementation
Coordinating with PEOs to provide the requirements for the PORs/Projects
Slide21Foundational Cybersecurity Artifacts RoadmapCompletion Status
Revisions
to Previously Completed Foundational Standards
Required to Address Control Correlation Identifier (CCI) Mapping
Slide22Certification Building BlocksCyber Risk to Mission (CRTM)
End-to-End Cyber Certification approach that provides operational commanders with a bounded statement of cyber risk (CAPS/LIMS)
Slide23Summary
The Cyber Threat
Increases in volume and sophistication at the speed of technology
Continuously EvolvesWill always remain a challenge, but…
Designing for Cyber Resiliency
Move to a defendable architecture by executing IT/IA TAB guidanceImplement the Defense-in-Depth Functional Implementation Architecture (DFIA)Implement the IA TA (Cybersecurity) Standards
Implementation
of IA TA architectures, specifications and standards
narrows the cyber threat to more sophisticated adversaries
Slide24Slide25Cybersecurity Standard:
Host Level Protection
A “host” is defined by CNSSI 4009 as “any hardware device that has the capability of permitting access to a network via a user interface, specialized software, network address, protocol stack, or any other means.”
Logically Layered Set of Requirements
Off-Platform Communications
Platform Boundary
Enclave Boundary
Enclave
Enclave
Host Level Protection establishes the capabilities necessary to defend against threats on client-facing systems in order to maintain a secure configuration
Requirements this Standard addresses:
Host Intrusion Detection/Prevention
Host-Based Firewall
Software Control
Host Level Configuration
Host Malicious Code ProtectionDevice Management
Tailored protective measures for Navy Information Systems and Navy Control Systems (NCS). Example– Host Level Protection Standard:Requirement (IATAHLP-001.7): Hosts shall detect, log, and report unauthorized data entering and exiting the host via all external interfaces (e.g., serial, USB, and network).Compensating Measures: In the event a host is unable to detect unauthorized data entering and exiting the host via all external interfaces, the system employs an intrusion detection mechanism external to the host.
UNCLASSIFIED//FOUO
UNCLASSIFIED//FOUO
Slide26Cybersecurity Standard:
Boundary Protection
Boundary protections are applied to interfaces between enclaves and systems to prevent and detect malicious and other unauthorized communicationsRequirements this Standard addresses: Denial of Service (DoS) ProtectionMalicious Code ProtectionCommunications-Traffic ManagementAccess-Control and ManagementSystem MonitoringSystem Component IsolationFailure ControlCryptographic ProtectionInformation Flow
Logically Layered Set of Requirements
Off-Platform Communications
Platform Boundary
Enclave Boundary
Enclave
Enclave
This Standard is complimentary to the Network Firewall, Network Intrusion Detection System (IDS) and Intrusion Prevention Systems (IPS), Information Sharing – Cross-Domain Solution (CDS), and Remote Access Security Standards that satisfy Cybersecurity protections identified under DFIA.
UNCLASSIFIED//FOUO
UNCLASSIFIED//FOUO
Slide27IT/IA TAB Way ForwardMoving to Implementation and Compliance
System of Systems Engineering to Address Cyber End-to-EndMoving Beyond Cyber Requirements
Information Assurance WG
Requirements
NIST & DoD cybersecurity requirements tailored for standardized, Navy-specific implementation of security controls
Implementation WG
Implementation
Operationally effective & cost efficient implementations of the standards
Cyber Risk to Mission WG
Validation
Provide operational commanders with an articulation of cyber risk to mission
Information Technology WG
Requirements
Navy-specific
implementation
of IT solutions
Slide28Established
an integrated assessment process for RMF & CYBERSAFE transition Addresses RMF Steps 1 & 2 and CYBERSAFE Phases 1 & 2Ensures a consistent approach to cybersecurity engineeringEstablishes a system’s full set of cybersecurity requirementsSPAWAR selected its Phase I systems to assess by identifying:Critical Inheritance Providers – CANES, NMCI, IA/CND, NEDCsWarfighting Enablers – GCCS-M, GPNTS, ADNSHigh-Visibility Systems – N-ERP, AWS, NTCSSCYBERSAFE Assessment statusCompleted Phase I systems Assessed an additional 86 systems beyond Phase I for a total of 142 SPAWAR systems
56
Completed
Scheduled
Remaining
0
7
*
Top 66 Progress
*7 systems will decommission prior to RMF transition
Performed at Least 1 Assessment with all PEO C4I System-Owning PMWs
RMF & CYBERSAFE Assessments
Slide29IA TA Standards Integrate the RMF and the Systems Engineering Processes
Slide30IA Standards to NIST security controls matrixCNSSI 1253 BaselinesCYBERSAFE Controls
IA Standards Mapped to NIST 800-53
Slide31Accounting for Control Systems ChallengesCybersecurity Standards – Compensating Measures
StandardIntentRequirement ExampleCompensating Measure ExampleHost Level ProtectionEstablishes the capabilities necessary to defend against threats on client-facing systems in order to maintain a secure configurationRequirement (IATAHLP-001.7): Hosts shall detect, log, and report unauthorized data entering and exiting the host via all external interfaces (e.g., serial, USB, and network).In the event a host is unable to detect unauthorized data entering and exiting the host via all external interfaces, the system employs an intrusion detection mechanism external to the host.Requirement (IATAHLP-002.1): Hosts shall prevent unauthorized additions, removals, and modifications to the entire underlying file system and critical files and directories.In the event a host is unable to prevent unauthorized additions, removals, and modifications to the entire underlying file system and critical files and directories, it implements non-software-enforced write-protection mechanisms (e.g., hardware/firmware).Boundary ProtectionDefines the requirements and activities necessary for standardized implementation and configuration of boundary protection as part of the Defense-in-Depth Implementation Architecture (DFIA)Denial of Service Requirement (IATABP-003.2): Boundary protection capabilities shall restrict internal users from launching DoS attacks against other systems (i.e., connecting to and transmitting unauthorized communications on the transport medium [e.g., network, wireless spectrum]). Protections against the ability to launch DoS attacks may be implemented on specific systems or included in boundary protection capabilities. Malicious Code Protection Requirement (IATABP-005): Malicious code protection mechanisms shall be implemented and centrally managed. If centralized management capabilities are unavailable, increased auditing procedures may be utilized.
UNCLASSIFIED//FOUO
UNCLASSIFIED//FOUO
Slide32CYBERSAFE Roadmap
Complete cross-SYSCOM CYBERSAFE Mission Thread exercise (Trident Warrior 18) to demonstrate CYBERSAFE operational value
Complete CYBERSAFE Grade determination and security control selection for high priority systems
Determine and formalize CYBERSAFE operational requirements in parallel with Enclave and Platform determinations
Complete CYBERSAFE Grade determination and control selection for all Navy systems. Focus on implementing CYBERSAFE controls.
Certify Enclaves, Platforms, and Missions. Perform continuous monitoring. Provide feedback into future architecture planning.
Certify CYBERSAFE systems and perform continuous monitoring. Provide CYBERSAFE requirements feedback into acquisition.
System Assurance
Mission Assurance
6 Months
1 Year
3 Years
Focused on providing maximum assurance of CYBERSAFE systems and components across the life of the system
Focused on providing maximum assurance of system-of-systems operations in support of warfighting missions
System Assurance and Mission Assurance Efforts Must Happen in Parallel
Slide33C4I DFIA Network Transformation (DFIANT) WG
Implementing DFIA and the IA TA Standards
Scope
Surface Afloat, Ashore (NCTS/NCTAMS and Fleet NOCs), Airborne and Sub-Surface Afloat
Objective
Determine a SPAWAR network redesign to ensure Cyber resiliency and to support the enclave/boundary control point architecture outlined in the DFIA Standard
Context
VCNO and ASN RDA Executive Committee (EXCOM)
Slide34C4I Functional DomainEnclaves at OB2 / SW X
UNCLASSIFIEDWAN ManagementLAN ManagementCritical Network ServicesCritical Multi-MissionSituational AwarenessEmbarkableEnd User DevicesMobile DevicesNon-Critical Multi-MissionExperimentationMWRNGO
SECRETWAN ManagementLAN ManagementCritical Network ServicesCritical Multi-MissionSituational AwarenessMETOC Multi-MissionAir Warfare MissionMine Warfare MissionStrike MissionEmbarkableEnd User DevicesMobile DevicesNon-Critical Multi-MissionExperimentation
SECRELWAN ManagementLAN ManagementCritical Network ServicesCritical Multi-MissionEnd User DevicesExperimentation
TS/SCIWAN ManagementLAN ManagementCritical Network ServicesCritical Multi-MissionSituational AwarenessEnd User DevicesNon-Critical Multi-MissionExperimentation
Bolded enclaves require physical separation for highest resiliencyNon-bolded enclaves will have logical separation / software defined firewalls for increased agility
Production Enclaves
Production Enclaves
Prod Enclaves
Production Enclaves
Some enclave consolidation done to keep SECREL lean and agile.
Slide35C4I Enclave Boundary
Platform Boundary
C4I Enclaves
Management Enclave
Defensive Cyber Operations Enclave
C4I DFIANT Target Architecture Logical ViewFunction Mapping
Boundary Protection
FW/IPS
Boundary Protection
Boundary Protection
vFW
1
vFW
2
vFW
3
vFW 4
…
vFW N
Production Firewalls and IPS (Virtualized)
Enclave 1
Enclave 2
Enclave 3
Enclave 4
…
EnclaveN
Production Enclaves Boundary Protection
Management FW & IPS
Boundary Protection
MWR Enclave
MWR FW & IPS
Boundary Protection
NGO Enclave
NGO FW & IPS
Boundary Protection
Off-Platform Communications
Combat
Enclave
Aviation
Enclave
Navigation
Enclave
H&ME
Enclave
Remote Access
Cross-Domain Services
Forensic Analysis
Cyber SA
∂
∂
∂
∂
CANES Protected Infrastructure
Provides ACLs to limit traffic and thwart
DoS
Limits connections going on/off platform.
Protects traffic between Platform/Enclave Boundaries.
1
2
3
Forwards traffic between various Boundaries.
4
Stores network data and provides analytics.
Provides awareness of IP traffic going on/off platform and within enclaves.
Provides remote access to services within enclaves.
Provides ACLs to prevent traffic from circumventing boundary.
Limits connections going between enclaves.
9
10
11
5
6
Provides data guard between classification levels.
8
Protects traffic between Platform/Enclave Boundaries.
7
Slide36Technical Authority to Support a Disciplined Systems Engineering Approach
“Technical Authority is the authority, responsibility, and accountability to establish, monitor, and approve technical standards, tools, and processes in conformance with applicable DoD and DON policy, requirements, architectures and standards” SECNAVINST 5400.15CInherently governmental function assigned to the Naval SYSCOM CommandersExecuted by all Navy SYSCOMs
TA independently advises
Programmatic
Authority on:
Technically acceptable
options
Comprehensive assessments of the technical
risks prior to technical events
Implementation of technical specifications, standards, architectures, and processes
Authoritative and unbiased in providing an appropriate understanding of technical risk
SPAWAR
exercises TA through warranted
individuals
Slide37Enterprise Architecture
Defense-in-Depth Functional Implementation Architecture (DFIA) Network Transformation (DFIANT)
Thin Line Architecture
Model Based Systems Engineering
AGB Target Architecture Efforts
Enterprise Architecture is about mission capability, not system capability
Mission capability requirements apply to system of systems, not single systems
Document-based design and assessment of complex systems of systems is not efficient or effective → Model Based Systems Engineering can be