Presentation is loading. Please wait.

Presentation is loading. Please wait.

Research Advancements Towards Protecting Critical Assets Dr. Richard “Rick” Raines Cyber Portfolio Manager Oak Ridge National Laboratory 15 July 2013.

Similar presentations


Presentation on theme: "Research Advancements Towards Protecting Critical Assets Dr. Richard “Rick” Raines Cyber Portfolio Manager Oak Ridge National Laboratory 15 July 2013."— Presentation transcript:

1

2 Research Advancements Towards Protecting Critical Assets Dr. Richard “Rick” Raines Cyber Portfolio Manager Oak Ridge National Laboratory 15 July 2013

3 The Cyber Defense? The Economist May 9, 2009

4 The Threat Landscape National intellectual property is being stolen at alarming rates National assets are vulnerable to attack and exploitation Personal Identifiable Information at risk Competing and difficult national priorities for resources The Landscape is continually changing Transportation Water Electric Power Oil & Gas Communications Financial Emergency

5 Understanding the Challenges Dynamic environment with a constant churn – A domain of operations—”within” and “through” – Anytime, anywhere access to data and information – Policy and Statutory lanes emerging Agile adversaries – Cyber and Cyber Physical – Overt and covert attacks/exploits Data continues to grow – Sensor feeds yield terabytes of raw data – Analyst burdens continue to grow We Continue to Play Catch Up

6 Who Are the Threat Actors ? Unintended threat actors -- Can be just about anyone?? – Target rich environment—people, processes, machines Personal gain threat actors -- individual and organized crime – Insiders? Ideological threat actors – Hacktivists, extremists and terrorists Nation-state threat actors – Intelligence gathering, military actions The Sophistication of the Actors Continue to Increase #OpUSA (7 May 13) #OpNorthKorea (25 Jun 13)

7 Who “Really” Are the Threat Actors? Over 90% of threat actors are external to an organization 55% of the actors associated with organized crime – Predominantly in U.S. and Eastern Europe ~20% of actors associated with nation-state operations – Over 90% attributable to China Internal actors: large percentage of events tied to unintentional misconfigurations But, sophistication not always needed…. Source:

8 The Targets 37% of incidents affected financial organizations – Organized crime—virtual and physical methods – Since 9/2012, 46 U.S. institutions in over 200 separate intrusions (FBI) 24% targeted individuals in retail environments – 40% of data thefts attributed to employees in the direct payment chain Waiters, cashiers, bank tellers—”skimmers” and like-devices Organizations will always be targets for who they are and what they do Actors will continue to look for the “low hanging fruit” Source:

9 Understanding Your Mission What does cyber Situational Awareness really mean? – User-defined – Real-time awareness of mission health – Highly relevant information to the decision-maker What are the “crown jewels” in your mission space? – The critical components that you can’t operate without – Understanding the interdependencies What are the capabilities needed for success? – Revolutionary advances rather than evolutionary progress – The right talent and enough to ensure success – Partnerships are critical Mission Assurance = Operational Success

10 Long Term Grand Challenges

11 System of systems approach to ensure continuity of operations (COOP) Identify mission- critical capabilities Assess complex attack planning problem Design defense in depth Detect/ block attacks Discover/ mitigate attacks Enable graceful degradation of resilient (self-healing) systems Operate Through An Outage/Attack Cyber R&D Challenges

12 Mission-critical systems available and functional to operate through Near-real-time situational awareness of the battlespace Automated/ user-defined view Network mapping Predictive/ self-healing systems Anticipate failure or attack and react automatically Predictive Awareness Cyber R&D Challenges

13 Visibility of data and computations without access to specific problem Approach: Wholly owned/ cloud service/ public internet Complex attack planning problem Variety of security structures Masking deception Continuous maneuver Graceful degradation of resilient (self-healing) systems Security in the Cloud

14 High user confidence in data and software Resilient data (at rest and in motion) Protocols: Secure, resilient, active Trustworthy computing High-user- confidence check sum Hardware- backed trust Graceful degradation of mission- critical data to “last known good” Self-Protective Data/Software Cyber R&D Challenges

15 Bring your own device (disaster?) Biometric security features Biometric security features Classified/ UNCLAS encryption Classified/ UNCLAS encryption Power and performance issues addressed Power and performance issues addressed Hardware root of trust Hardware root of trust Self healing Self healing Data Validated Leakage/ Transfer contained Data Validated Leakage/ Transfer contained Security of Mobile Devices Cyber R&D Challenges

16 Evidence- based action Computational cyber security Science- based security Protection and control Nonclassical light sources Quantum simulation Application- oriented research Analytics Information visualization Data management Observation-based generative models Control of false positives/negatives Modeling of adversaries Mathematical rigor Computationally intensive methods At scale, near real time Statistics vs metrics Repeatability and reproducibility Trend observation and identification Photon pair and continuous variable entanglement Comprehensive source design and simulation High-performance computing resources Putting quantum and computing together From first principles to real solutions Quantum for computing, communication, sensing, and security Probabilistic modeling Social network analysis Relational learning Heterogeneous data analysis Geospatial and temporal display methods Multiple, coordinated visualizations User-centered design and user testing Online, near-real-time methods Graph modeling/retrieval Distributed storage and analysis methods ORNL Cyber Research Strengths

17 Evidence- based action Computational cyber security Real-time Monitoring Detection, control and wide-area visualization Standards development Resilient control systems Advanced components Analytics Information visualization Data management Observation-based generative models Control of false positives/negatives Modeling of adversaries Vulnerability assessments Mathematical rigor Computationally intensive methods At scale, near real time Time synchronized data Fault disturbances recorders, PMUs Voltage, frequency, phase 3, current Industry guidelines Interoperability Physics based protection schemes Cyber physical interface Fault current limiters Saturable reactors Power electronics Probabilistic modeling Social network analysis Relational learning Heterogeneous data analysis Geospatial and temporal display methods Multiple, coordinated visualizations User-centered design and user testing Online, near-real-time methods Graph modeling/retrieval Distributed storage and analysis methods ORNL Control Systems Security Research Strengths

18 Wide-Area Power Grid Situational Awareness Impact Models and Data Analysis Distribution Outages Analysis Monitoring Capability –Situational awareness of subset of transmission lines (above 65 KV) –Situational awareness of distribution outages (status of approximately 100 Million power customers) –Social-media feeds ingest –Real-time weather overlays Modeling and Analysis –Predictive and post-event impact modeling and contingency simulation –Automatic forecasts of power recovery –Energy interdependency modeling –Mobile application –Cyber dependency VERDE: Visualizing Energy Resources Dynamically on Earth

19 Validation. Software can be analyzed for intended functionality. Readiness. Software can be analyzed for malicious content. Instruction semantics can be mathematically combined to compute the functional effect of programs. Function and security analysis of compiled binaries through behavior computation HOW IT WORKS: Hyperion Protocol technology computes the behavior of compiled binaries. Structure theorem shows how to transform code into standard control structures with no arbitrary branching. Correctness theorem shows how to express behavior of control structures as non- procedural specifications. Computed behavior can be compared to semantic signatures of vulnerabilities and malicious operations. Current technology provides no practical means to validate the full behavior of software. Software may contain unknown vulnerabilities and sleeper code that compromise operations. Program instructions implement functional semantics that can be precisely defined. Determination of vulnerabilities and malicious content can be carried out at machine speeds. System for computing behavior of binaries to identify vulnerabilities sleeper codes and malware. QUANTITATIVE IMPACT GOAL STATUS QUO NEW INSIGHTS Mathematical Foundations developed at IBM SEI/CMU developed Function Extraction (FX) ORNL developing 2 nd Gen FX on HPC Hyperion Protocol

20 Oak Ridge Cyber Analytics: Detecting Zero Day Attacks Approach: Generalize computer communication behaviors using machine learning models. Classify incoming network data in real-time. Complement signature-based sensor arrays to focus on attack variants. Advantages: No signatures – trains on examples of attacks Detects attacks missed by the most advanced OTS intrusion detectors. Detect zero day attacks that are variants of existing attack vectors. DoD Warfighter Challenge evaluation of ORNL’s ORCA: Supervised Learner (Tweaked AdaBoost): Detected 94% of attacks using machine learning methods False positive rate is only 1.8% Semi-supervised Learner (Linear Laplacian RLS): Detected 60% of attacks using machine learning methods No false positives Detecting both previously seen and never before seen attacks.

21 Moving Ahead Increased national focus on cyber security Cyber law enforcement capabilities growing – “who” Digital forensics are improving -- “how” Information Sharing and Analysis Centers (ISACs) – “what” Maturing education and training for the professionals Better education for “the masses” Rapidly evolving R&D breakthroughs The Human is still the weakest element in the cyber domain

22 Questions?


Download ppt "Research Advancements Towards Protecting Critical Assets Dr. Richard “Rick” Raines Cyber Portfolio Manager Oak Ridge National Laboratory 15 July 2013."

Similar presentations


Ads by Google