Presentation on theme: "Agenda Why do we need NEISS NEISS described Current status/activities"— Presentation transcript:
1 NAS Enterprise Information System Security (NEISS) Vic Patel, FAA ICAP, ACP WG-I May 28th – 30th
2 Agenda Why do we need NEISS NEISS described Current status/activities Future plans
3 IntroductionThe NAS Enterprise Information Systems Security (NEISS) ProgramSeeks to implement a NAS Security Architecture that is based on Enterprise or “Common” Controls rather than the current system-by-system controlsAll NAS and NextGen Programs interface to and use the Common Controls to gain the mitigation benefitsThe five Common Controls that comprise NEISS
4 Changing Environment Increases Cyber Security Risks to the NAS Today’s NASLimited inter-connectivityNextGenSignificant inter-connectivityPlanned NAS improvementsMoving to net-centric operationsMoving from custom to commercial softwareCyber threats on the increaseExternalNAS SensorsusersAviationPartnerNetworksIPSWIMServicesExternalusersIPCyber riskGreater use of Internet Protocol (IP) and greater connectivity within the NAS requires an effective Enterprise Information System Security Architecture
5 Potential Impacts to NAS Are Serious Major disruption of NAS services possibleMalware can enter the NAS accidentlyThe NAS can be targetedDisruption can cause substantial economic lossLoss of public confidence in the NASNAS disruption can interfere with logistical support of military missionsThe $76,000,000 includes only direct losses to the air carrier. For example, indirect costs to those who depend on the air carrier for shipping are not includedLogistical support provides personnel and materials to the war theater. Military and non-military carriers can provide logistical support. When traversing civil airspace, logistical transport must comply with the controlling civil air authority. As an example, both United and Delta airlines have classified processing facilities to provide pilots and aircraft to transport soldiers; as was done in Operation Iraqi Freedom. Under certain scenarios, a delay in logistical support may be the entire goal of a cyber attack. It has been conjectured that an invasion of Taiwan by the Chinese that would succeed, if an immediate and forceful response from the U.S were lacking. Such a response would require logistical support originating from FAA controlled airspace. In which case, a significant disruption of U.S. civil airspace may thwart the needed U.S. response.
6 The Threat Cyber exploitation activity has Grown more sophisticatedMore targetedAnd more seriousThe intelligence community has concluded that nation statesHave the technical capabilities toTarget and disrupt elements of the US information infrastructureCollect intelligence information for future use against the USStuxNet – Specifically targeted an Industrial Control System similar to NAS
7 The ChallengeIt’s hard to keep them out When they get in, it’s hard to find them When we find them, it’s hard to get them out
8 What Can We Do? Understand the threat Lay a solid foundation Be agile Characterize the NAS cyber threat environmentIdentify tools, techniques, and procedures used by adversariesLay a solid foundationDevelop core Enterprise Solutions that position the NAS to deal with an ever increasing problemBe agileDevelop techniques and approaches useful for defending and countering cyber attacksDeveloping and enforcing Enterprise Solutions that can quickly adapt to the changing threat environment and apply to all NAS systemsBe resilientAdopt approaches for continued operations during cyber attacks
9 The Plan: NAS Enterprise Information System Security NAS ISS architecture was developed to provide a foundational cyber infrastructure for NAS enterprise security beginning now and continuing through NextGenDoable in five yearsEnterprise-wide solutionsMinimal end-system changesExpand existing program solutions where applicableFlexible and Scalable - Security solutions can vary over time.NAS ISS architecture will allow:Improvements in security technologyNew security features
10 The NAS ISS Architecture Keep the bad stuff outKnow whom you’re talking toExternal Boundary ProtectionSecured NASIdentity & Key ManagementCrown Jewels01101Certified Software ManagementT&EInternal Policy EnforcementProtect the softwaresupply chainIncident Detection and ResponseMinimize damage anddon’t let it spreadIf they get in, find themand deal with it
11 NEISS Design Principles Minimize the damage oncein and don’t let it spread!Identity & Key ManagementInternal Policy EnforcementIncident Detection and ResponseCertified Software ManagementExternal Boundary ProtectionKnow who’s whoKeep the bad stuff outWhen they get in, find themand deal with the problemOnly approved softwareSecured NASCreate a Cyber Security InfrastructureEnterprise wideMonitor NAS data flowsApply cyber security controls to data flowsMajority of implementation involves infrastructure, rather than end-systemsModify enterprise controls, as new threats & controls warrant itOngoing R&D effortPresent controls represent 5 year timeline
13 Why a NAS Enterprise Information System Security (ISS) Architecture Is Needed (I) Growing and evolving cyber security threatsCyber terrorism, cyber crime, cyber vandalism, cyber espionage, cyber warEvolution to support and enable NextGenIncreased levels of network connectivity (from point-to-point to net-centricity)Newer technologies (satellite-based surveillance and navigation)Increased complexity from interoperability needs (legacy systems and NextGen implementation)Security is based around individual systemsNon-uniform security, the weakest link paradigm appliesCostly to implementIndividual system security never intended to mitigate the advanced threats
14 Why a NAS Enterprise Information System Security (ISS) Architecture Is Needed (II) Architecture ProvidesUniform and enterprise cyber security capabilitiesLayered cyber security capabilities (defense-in-depth)Robust, resilient, agile and scalable cyber security capabilitiesIncremental approach
15 Why a NAS Enterprise Information System Security (ISS) Architecture Is Needed (III) BenefitsProtect the NAS from malware and advance cyber threats Organized crime, terrorist organizations, foreign governmentsProvide better opportunities to leverage net-centric services for securityGreater network connectivity, newer technologies, greater complexityProvide uniform enterprise cyber security capabilitiesReduce complexity, weakest link paradigmReduce implementation costsOne enterprise implementation vs. each system’s implementationNEISS will be responsible for the implementation of the NAS EA ISS roadmap
16 External Boundary Protection (EBP) AddedApplicationGatewayEBP consolidates all NAS level security controls that are applied to data that transit the NAS security boundary
18 External Boundary Protection (EBP) Status Developing AMS artifacts supporting EBPWorking with SWIM and FTI to implement early capability centered around the NAS Enterprise Security Gateway (NESG)Conducting the Operational Safety AssessmentFuture Activities:Transition strategyGovernanceGuidanceFY13 Legacy NAS transition candidates
19 Identity and Key Management (IKM) The IKM capability allows users and machines to be identified and provides key services for authentication, confidentiality, integrity, and non-repudiation; wherever these functions are needed.
20 Identity and Key Management (IKM) - cont Status: Actively Developing RequirementsImplementer: SWIMAccomplishments:Defined IKM requirements in SWIM S2 FPR,OSA data collection complete,Leading implementation of IKM in SWIM Segment 1+Future Activities: Implement in test bed the four phase approach regarding integration with legacy systems.Issues:Need clarity on allocation of some IKM functions, including Security Token ServiceSelection of early adoptersPolicy/Standards needed
21 Internal Policy Enforcement (IPE) IPE mitigates the impact of security incidents within the NAS by dividing NAS systems and networks into enclaves and providing internal boundary protection (IBP) security mechanisms at the boundaries between enclaves.
22 Internal Policy Enforcement (IPE) - cont Status: Engineering new environmentImplementer: NEISSAccomplishments: Defined Enclave EnvironmentFuture Activities:Prototype IPE in test bed.Implement IPE in legacy environment utilizing a four step approach.Solicit support from different lines of business to test IPE design in and design secondary network for data transmission if enclave is compromised.Issues: Concern with cost for possible secondary form of data transmission.Steve Bradford likes the test bed approach
23 Certified Software Management (CSM) The Certified Software Management capability ensures that malware does not enter the NAS via the software supply chain. CSM authenticates the source of the software, controls it’s entry into the NAS, provides secure retrieval, transfer, and integrity guarantee utilizing the IKM capability.EBPProgress/FUSERepositoryOff-lineInternetAuthentication CheckHave vendor sign softwarePotential Reference Model Based on SWIM SOA Software Acquisition/VerificationDigitalSignature(IKM)VerificationReportTestRepositorySWIMWikiRelease & snapshotProject ObjectModelSWIMProductionRepositoryAvailable forDownloadScanBuildVerifyIntegrity scan(Veracode)per orderLocated inMaintenance EnclaveLocated in DMZ
24 Certified Software Management (CSM) Status Actively developing requirementsImplementer: SWIMAugments existing CM process.CSM will addAuthentication Check - Vendor will Digitally sign software to be downloaded.Integrity scan - Per order Software Assurance PolicyDigital Signature - Utilizing IKM to Digitally sign software approved for distribution.Accomplishments:Functional AnalysisUse casesStarted safety OSAFuture Activities:Determine process to authenticate with COTS SOA software provider
25 Incident Detection and Response (IDR) NAS cyber security incident reporting, communications, monitoring, and maintenance
26 Incident Detection and Response (IDR) Status: Policy DevelopmentUpdate of CONUSE and Functional Analysis DocumentsImplementer: NEISS IDRAccomplishments:CEMWG was established to formalize/combine process of handling NAS cyber eventsDrafted IDR Policy and SOPOSA draft complete
27 Incident Detection and Response (IDR) Future Activities:Completion of Policy and SOPContinuous update of the supporting documents as we evolveValidation of SOPsIssues:AMS process time – Training and resources neededTechnology – Tech changes and advancementsUse of automated tools for data and traffic flows to detect anomalies
28 Governance and PolicyEstablishing policy, procedures, roles and responsibilities for implementing the NAS Enterprise Information System Security (NEISS) ArchitectureSUBJ:National Airspace System (NAS) Enterprise Information System Security Architecture1. Purpose of This Notice. This notice establishes the requirements for use of FAA National Airspace System (NAS) Enterprise Information System Security Architecture for National Airspace System (NAS) systems, including NAS performance-based service contracts. It also establishes the requirements for use of NEISSA enterprise common controls that provide security services to multiple NAS systems.
29 Governance and Policy - cont Status: Actively Drafting PolicyExtending Notice JO to include enterprise ISS and current NIST guidanceWorking with FAA’s CIO Offices on incorporating ISS in AMS life cycleAccomplishments: Annotated outlineFuture Activities:First full draft expected early January 2011Identify and integrate Enterprise ISS in JRC checklistIssues: Balancing specificity and clarity against lengthSteve Bradford likes the test bed approach
30 NEISS Challenges Disposition of the NAS Enterprise ISS requirements Need a way to resolve and approve changes (particularly deletion) and implementation of NEISS requirementsConveying an understanding of the NEISSThreat/risk motivationUnderstanding capabilitiesPrograms need to be clear on when and how to adapt to NEISSSchedule, Funding, RequirementsISS architecture governanceWhat are the Rules (Policy)?Who are the Gatekeepers?Establishing NEISS priority and importanceUrgencyEarly fundingCoordinating across the many stakeholdersNearly everyone in the NAS/NextGen is a stakeholderAll need attention
33 NEISS Implementation Alternatives* Alt #1 - DistributedAlt #2 - CentralizedAlt #3 - HybridDescriptionISS capabilities assigned to selected existing NAS programsSingle entity to manage, implement and maintain enterprise cyber security controlsCentralized entity to manage, implement and maintain SOME of the enterprise cyber security controlsBenefitsTakes advantage of selected NAS program domain knowledge and experienceCould minimize impact on current organizational structureMay reduce time delay and new program start-up costs by using existing NAS programs infrastructure and organizationFocus on securing NAS, clear responsibility and accountabilityIncreased ability to define priorities, manage, and coordinate NEISS implementationSynergies with other enterprise programs (data center consolidation, enterprise services, etc)May reduce impact and resistance to organizational changesIncreased flexibility to take advantage of program domain knowledge (distributed) or focus on cyber security (centralized)Risk, Issues, ChallengesNEISS implementation will depend on selected NAS programsIncreased levels of management and coordination across programsPotential security accountability gapSelected NAS programs will need to acquire cyber security skillsRequires a significant organizational and cultural changeRequires additional infrastructure, environment, and funding stream for new program officeBlend of Risks, Issues, Challenges from Distributed and Centralized alternatives*Complete details provided in the NEISS Concept of Operations, v0.5