Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Measures IW-130 College of Aerospace Doctrine, Research, and Education.

Similar presentations


Presentation on theme: "Security Measures IW-130 College of Aerospace Doctrine, Research, and Education."— Presentation transcript:

1 Security Measures IW-130 College of Aerospace Doctrine, Research, and Education

2 AF Information Operations defendattack exploitgain INFORMATION SUPERIORITY I S R INFORMATION OPERATIONS INFORMATION WARFARE INFORMATION IN WARFARE COUNTERINFORMATION WEATHER PRECISIONNAV OTHER INFO COLLECTION/ DISSEMINATION ACTIVITIES (Transmission, Storage, Public Affairs) DEFENSIVE COUNTERINFORMATION Information Assurance OPSEC Counter- Intelligence Counter- PSYOP Electronic Protection Counter- Deception Electronic Warfare PSYOP Deception Information Attack PSYOP Physical Attack OFFENSIVE COUNTERINFORMATION

3 OPSEC “ … a process of identifying critical information and subsequently analyzing friendly actions attendant to military operations and other activities to: –Identify actions that can be observed systems –Determine indicators that could be interpreted or pieced together to derive critical information –Select and execute measures that eliminate or reduce to an acceptable level the vulnerabilities Joint Pub 3-54

4 Unique Characteristic OPSEC is NOT a set of Rules OPSEC is a PROCESS 12345

5 The Differences Most information is classified Countermeasures established Concealment only Risk applies to all situations Addresses the general threat Directed by security regulations Usually unclassified Addresses specific adversaries Risk decisions are event specific Countermeasures often unique Eliminates, conceals, disguises, or deceives Directed by operational CC Traditional Security OPSEC

6 Five Step OPSEC Process Identify Critical Information Determine Threat Analyze Vulnerabilities Assess Risk Apply appropriate OPSEC Measures

7 Identify Critical Info Identify the questions the adversary will ask –Where do I get the information? –Who has the information? –When do I need the information? –How do they transfer the information? –How is the information protected? –Is it worth the risk of getting caught? 12345

8 Critical Info Examples Impact of industrial base on military mission Logistic capabilities and constraints Alert posture Staging locations Limitations on equipment Noncombatant Evacuation Operation Routes Military support to Law Enforcement Agency

9 Determine Threat Who is the adversary? What are the adversary’s goals? What is the adversary’s opposition strategy? What critical information is already known? What are the adversary’s collection capabilities? 12345

10 Analyze Vulnerabilities Indicators & Actions Collection Vulnerability =+=

11 Indicators Signature: Uncommon or unique features Associations: Specific support equipment Profiles: Unit missions (Homepage) Contrasts: Not standard Exposure: Observation Time

12 Indicators and Actions –Pizza Delivery –DV Suites –Intramural Sports – Reply / Router –Government Credit Card –STU-III Usage –Family Support Homepages

13 Collection Overt and Clandestine Open Source Intelligence (OSINT) Human Intelligence (HUMINT) Imagery Intelligence (IMINT) Signals Intelligence (SIGINT) Communications Intelligence Electronics Intelligence Foreign Instrumentation Signals (FISINT) Technical Intelligence (TECHINT)

14 Open Source Intelligence (OSINT) Human Intelligence (HUMINT) Imagery Intelligence (IMINT) Signals Intelligence (SIGINT) Technical Intelligence (TECHINT) Indicators & Actions Signature: Uncommon or unique features Associations: Specific support equipment Profiles: Unit missions Contrasts: Not standard Exposure: Observation Time + Collection

15 Assess Risk Cost vs Potential Harmful Effects 12345

16 The Cost Can Be High

17 Apply OPSEC Measures Prevent the adversary from detecting an indicator Provide an alternative analysis of an indicator Attack or deny the adversary’s collection system Use the other Pillars of IW CounterDeception PhysicalAttack InformationAttack PsychologicalOperations ElectronicWarfare Counter-PSYOP Counter-IntelligenceMilitaryDeception

18 Gen. Dwight D. Eisenhower “Full Victory - Nothing Else”

19

20 Five Step OPSEC Process Identify Critical Information Determine Threat Analyze Vulnerabilities Assess Risk Apply appropriate OPSEC Measures

21 Information Operations Condition (INFOCON) … presents a structured, coordinated approach to defend against and react to adversarial attack on DoD computer and telecommunication networks and systems … based on the status of information systems, military operations, and intelligence assessments of adversary capabilities and intent … established by the Secretary of Defense; administered through the Commander JTF-CND

22 - Ensure all mission critical info and info systems (including applications and databases) and their operational importance are identified. - Ensure all points of access and their operational necessity are identified. - On a continuing basis, conduct normal security practices. For example: -- Conduct education and training for users, admin, & management -- Ensure effective password mgmt program is in place -- Conduct periodic internal security review and external vulnerability assessments. -- Conduct normal auditing, review, and file back-up procedures. -- Confirm the existence of newly identified vulnerabilities and install patches. No significant activity. RECOMMENDED ACTIONSCRITERIA INFOCON Level: NORMAL Normal Activity

23 - Indications & Warning (I&W) indicate general threat. - Regional events occurring which affect US interests and involve potential adversaries with suspected or known CNA capability. - Military ops, contingency, or exercise planned or ongoing requiring increased security of information systems. - Information system probes, scans or other activities detected. - Accomplish all actions required at INFOCON NORMAL - Execute appropriate security practices. For example: -- Increase level of auditing, review, and file back-up procedures. -- Conduct internal security review on critical systems. -- Heighten awareness of all info systems users. -- Execute appropriate defensive tactics. RECOMMENDED ACTIONSCRITERIA INFOCON Level: ALPHA Increased Risk of Attack

24 RECOMMENDED ACTIONSCRITERIA - Indications & Warning (I&W) indicate targeting of specific system, location, unit, or operation. - Major military ops, contingency, or exercise planned or ongoing requiring increased security of information systems. - Significant level of network probes, scans or other activities detected. - Network penetration or denial of service attempted with no impact to DoD operations. - Accomplish all actions required at INFOCON ALPHA. - Execute appropriate security practices. For example: -- Increase level of auditing, review, and file back-up procedures. -- Conduct immediate internal security review on critical systems. -- Heighten awareness of all info systems users. -- Execute appropriate defensive tactics. INFOCON Level: BRAVO Specific Risk of Attack

25 RECOMMENDED ACTIONSCRITERIA INFOCON Level: CHARLIE Limited Attack(s) - Intelligence attack assessment(s) indicate a limited attack. - Information system attack(s) detected with limited impact to DoD operations: -- Minimal success, successfully counteracted. -- Little or no data or systems compromised. -- Unit able to accomplish mission. - Accomplish all actions required at INFOCON BRAVO. - Execute appropriate response actions. For example: -- Maximum level of auditing, review, and file back-up procedures. -- Limit traffic to mission essential communication only. -- Reroute mission-critical communication through unaffected systems. -- Disconnect non-mission-critical networks. -- Execute appropriate defensive tactics.

26 RECOMMENDED ACTIONSCRITERIA - Intelligence attack assessment(s) indicate a limited attack. - Successful information system attack(s) detected which impact to DoD operations: -- Widespread incidents that undermine ability to function effectively. -- Significant risk of mission failure. - Accomplish all actions required at INFOCON CHARLIE. - Execute appropriate response actions. For example: -- Designate alternate information systems -- Implement procedures for conducting operations in "stand-alone" mode or manually. -- Isolate compromised systems from rest of network. -- Execute appropriate defensive tactics. INFOCON Level: DELTA General Attack(s)

27 INFOCON Impact Gain Normal Alpha Bravo Charlie Delta Full Connectivity No bandwidth restrictions Normal OPTEMPO 10% improved protection Increased likelihood intruders will be defeated or caught If sufficient, no need for higher INFOCON Normal defensive posture; no additional measures taken 0% reduction in OPTEMPO 0% reduced connectivity Affected networks may be isolated 0% delay in information access 25% reduction in OPTEMPO 20% reduction in connectivity Affected networks may be isolated 20% delay in information access 50% reduction in OPTEMPO 40% reduction in connectivity Affected networks may be isolated 40% delay in information access 70% reduction in OPTEMPO 60% reduction in connectivity Affected networks may be isolated 60% delay in information access Loss 35% improved protection Increased likelihood intruders will be defeated or caught If sufficient, no need for higher INFOCON 75% improved protection Increased likelihood intruders will be defeated or caught If sufficient, no need for higher INFOCON 90% improved protection Increased likelihood intruders will be defeated or caught If sufficient, no need for higher INFOCON

28 AF Information Operations defendattack exploitgain INFORMATION SUPERIORITY I S R INFORMATION OPERATIONS INFORMATION WARFARE INFORMATION IN WARFARE COUNTERINFORMATION WEATHER PRECISIONNAV OTHER INFO COLLECTION/ DISSEMINATION ACTIVITIES (Transmission, Storage, Public Affairs) DEFENSIVE COUNTERINFORMATION Information Assurance OPSEC Counter- Intelligence Counter- PSYOP Electronic Protection Counter- Deception Electronic Warfare PSYOP Deception Information Attack PSYOP Physical Attack OFFENSIVE COUNTERINFORMATION

29

30 Information Assurance … those measures to protect and defend information and information systems by ensuring their availability, integrity, authenticity, confidentiality, and non-repudiation. AFDD 2-5 Availability - resources are available when needed Integrity - resources operate correctly Authenticity - ensures info is trustworthy (fact or actuality) Confidentiality - only those with proper clearance and need-to- know have access to sensitive information Non-repudiation - ability to confirm source of transmission and data

31 Communications Security (COMSEC) … measures and controls taken to deny unauthorized persons information derived from telecommunications and to ensure the authenticity of such communications. AFDD 2-5

32 COMSEC Physical Security of COMSEC Transmission Security Crypto-Security

33 DISA Study 95% of DoD communications is unprotected ?

34 Some COMSEC Tools KG-XX, Encryption Devices Secure Telephone Unit, 3rd Generation (STU-3) Electronic Key Management System (EKMS)

35 Future COMSEC Tools FORTEZZA Card Secure Terminal Equipment (STE) High Speed (128 Kbps) Secure Data KY-68/STU-III Replacement Advanced Crypto Electronic Key Management System Workstation

36 “Protection resulting from all measures taken to deny unauthorized persons information of value that might be derived from intercept and analysis of compromising emanations from crypto-equipment, information systems, and telecommunications systems.” Emissions Security (EMSEC)

37 COMPROMISING EMISSIONS … are unintentional intelligence-bearing signals which, if intercepted and analyzed, disclose the information transmitted, received, handled, or otherwise processed by any information processing equipment

38 EMSEC Detection & Collection Warning! What you see here can be seen elsewhere! Warning! What you see here can be seen elsewhere!

39 The Commission recommends that domestic TEMPEST countermeasures not be employed except in response to specific threat data and then only in cases authorized by the most senior department or agency head. EMSEC Prevention

40 Computer Security (COMPUSEC) … measures and controls that ensure the confidentiality, integrity, or availability of information processed and stored by a computer. AFDD 2-5

41 “DoD Escalates War Against Poor Computer Security.” “Insiders account for more security compromises than hackers.” “Weak passwords allow easy access for unauthorized personnel.” “The disgruntled employee is our primary concern, not competition.” Why all the hype?

42 AFCA MAJCOM IP Office Base Organizations Computer Systems Manager (CSM) Computer System Security Officer (CSSO) DAA AFCERT ASSIST AcquisitionSecurity Users Functional OPR AFIWC AFMC HQ AFCIC/SYNI Wing IP Office COMPUSEC Roles and Responsibilities

43 Ultimate Responsibility

44 RISKMANAGEMENT THREATS VULNERABILITES RISKS COUNTERMEASURES COMPUSEC

45 THREATS Natural Environmental Human COMPUSEC

46 EarthquakeEarthquake FloodFlood HurricaneHurricane Snow/IceSnow/Ice TornadoTornado LightningLightning Severe StormSevere Storm Natural Threats

47 Power Disruption Utility Failure Smoke Water Fire  Hardware Failure  Software Failure  Personnel Injury  Explosion Environmental Threats

48 “Even a foolproof access control system is useless if a toilet overflows one floor above your equipment room.” Information Security Magazine

49 Bomb ThreatBomb Threat CompromiseCompromise DisclosureDisclosure SabotageSabotage MisuseMisuse  Theft  Fraud  Viruses  Alteration  Destruction  Unauthorized Access Human Threats Intentional

50 Ug, Fix machine!  Hardware Failure  Software Failure  Comm Failure  Compromise  Disclosure Deficiency in Policy or Procedure General Errors Data Loss Human Threats Unintentional

51 THREATS VULNERABILITES Software Media Network Procedural Physical Environmental Personnel Hardware COMPUSEC

52 THREATS VULNERABILITES RISKS COMPUSEC DestructionDestruction Denial of ServiceDenial of Service ModificationModification DisclosureDisclosure Fraud Waste &AbuseFraud Waste &Abuse

53 THREATS VULNERABILITES RISKS COUNTERMEASURES COMPUSEC

54 Stay Current Who is your CSSO? AFCA: AFCERT: DOD-CERT: AF Publications on Communication & Information (33 Series): AF Publications on Communication & Information (33 Series):

55 “The top information warfare priority is to defend our own increasingly information intensive capabilities.” AFDD 2-5


Download ppt "Security Measures IW-130 College of Aerospace Doctrine, Research, and Education."

Similar presentations


Ads by Google