1. Raytheon Information Security Presentation to TAMU
April 16, 2009
Kent Stout
Shelli Richard

2. Agenda Welcome and Introductions Information Security Overview
Current Threat Vectors
The IA/IO Landscape
Question and Answer

3. Driving Goal of Security Engineering
Create the best architecture that:
Meets functional requirements within cost and schedule constraints
Provides sufficient security control to mitigate risks to an acceptable level for accreditation
This is a never-ending balancing act!

4. Information Security as a Discipline
Network Security
System Administration
Operating Systems
Process
Installation & Configuration
Integration and Test
Operations &
Maintenance
Requirements
Analysis
Design
Development
Implementation
Full Life-Cycle Coverage Certified Information Security Engineers
Subject Matter Experts Certification and Accreditation Expertise
Continuous Learning and Development
Information
Security Engineering
Systems
Engineering
Network/System
Administration
Software
Requirements
Process
Policy
Analysis
Architecture
Integration and Test
Training
Operations & Maintenance
C&A
Requirements
Process
Policy
Analysis
Architecture
Integration and Test
Training
Operations & Maintenance
C&A
Information Security Engineering combines key engineering disciplines to span the information security spectrum.

5. Raytheon InfoSec Competencies
Systems Engineering
Enterprise Architecture Engineering
Security Systems Engineering
Network Systems Engineering
Secure Component Engineering
Continuity of Operations Engineering
Systems Integration / COTS Integration
DCID-6/3 Certification & Accreditation
DIACAP, NISCAP, FISMA, DODIIS, NIST, 8500.xx
Risk Management / Assessment
LAN/WAN/Internet Secure Information Sharing
Identity and Digital Rights Management
Public Key Infrastructure (PKI), Virtual Private Networks (VPN’s), Encryption
Secure Voice & Conferencing (VoIP)
Database/Data Warehouse Security
Anti-Tamper TEMPEST & HEMP Engineering
Integrated Red/Black Networking
Vulnerability Assessment/Penetration Testing
Data Forensics, Data Integrity
Operations, Sustainment, Training & Maintenance (NOC, SOC, CIRT)
Raytheon Strives to Provide Robust Solutions to the Evolving Information Assurance Challenges

6. Cyber Threats are on the Rise
Inspectors Disclose Security Breach
at Nuclear Lab
Pentagon hacked
Critical infrastructure central to cyber threat
MI5 sends letter to British companies warning systems
are under attack
Data Breach Reports Up 69 Percent in 2008

7. Threat Vectors for Critical Infrastructure
THREATS
individuals criminal syndicates national organizations
Scammers
Criminals
Cyber Terrorists
Criminal Enterprises
Nation States
Phishing
Spam
Identity Theft
Ransomware
Keyloggers
Money Mules
Credit Card Number Theft
Software and Video Pirates
Web Blackmail
e.g., Tomasz Grygoruk
Intellectual Property
Jihadists
Al-Qaeda
Nationalists
Arab Electronic Jihad Team
Lashkar-e-Taiba
Hate Groups
Supply Chain Exploitation
Vendor spyware
Trade Secret Mining
Illegitimate Front Companies
China - PLA “Net Force”
Russia
France
Israel
Ukraine
India / Pakistan
Targets are both Federal and Commercial
In 2004 revenues produced through cybercrime surpassed those produced through drug trafficking at $105 Billion/year
Between 2003 and 2007 the estimated average commercial cost related to a data breach went from $10 K to $386 K
Between 2003 and 2007 the 100 largest US utilities saw an increase of 95% in penetration attempts
Between 2002 and 2007 military installations went from an estimated 23,000 penetration attempts per year to more than 100,000 attempts per second
Attack sophistication, rewards, and motivations are all expanding
TARGETS
$105B
Cybercrime Surpasses Drug Trafficking Revenue
2001
2007
2005
2003
5% SPAM
95% SPAM
FaceBook
Individuals
Google Users
McCain & Lieberman Websites
MySpace
Car Navigation Systems
Businesses
Cost per data breach
Cisco
NASDAQ
$10K
$386K
TJ Maxx
Shell Oil
Univ. of Pennsylvania
Vodaphone Cellular
Organizations
Davis-Besse Nuclear Plant
Rolls Royce
OSINT DATA – SHOW RAPID INCR IN SIZE, SCOPE, AND DANGER OF CYBER OPS
SEE EVOLUTION - INDIVIDUAL SCAMMERS PERFORMING INCONVENIENT ACTS (PART OF THE COST OF DOING BUSINESS) => TO TERRORIST GROUPS, ORGANIZED CRIMINAL ORGS AND NATION STATES USING CYBER-OPS AS AN EFFECTIVE AND COSTLY MECHANISM TO ROB BILLIONS FORM INDUSTRY, AND THREATEN NATION STATES AND CRITICAL INFRASTRUCTURE.
NOTE - IN 2004, REVENUES FOR CYBER CRIME EXCEEDED DRUG TRAFFICKING.
ANOTHER INDICATOR - USE OF BOTNETS (NETWORKS OF PIRATED COMPUTERS FOR SCAMMING, TERRORISM OR ATTACK. [I.E. ESTONIA]). GROWN TO MILLIONS OF COMPUTERS UNKNOWINGLY USED. ONE OF THE MOST INFAMOUS OF THESE IS THE STORM BOTNET. LEASES OUT ITS CAPABILITIES, AND THEY NOW HAVE A COMPETITOR
DHS REPORTS THAT THERE WERE 37,258 ATTACKS ON GOVERNMENT AND PRIVATE NETWORKS LAST YEAR, COMPARED WITH 4,095 IN 2005.
THE ‘COOL HACKS’ OF 2007 INCLUDED THE FACE BOOK AND MY SPACE ACCOUNTS OF PRESIDENTIAL CANDIDATES, CAR NAV SYS (LOCATE & UNLOCK), & TRUCK FREIGHT TRACKING SYS (TRACK/STEAL CARGO).
CURRENTLY, > 120 COUNTRIES ARE ESTABLISHING AN IO ATTACK CAPABILITY
OSINT & HAVE CLASSIFIED KNOWLEDGE OF MORE
PROBLEM - REQUIRES TECHNOLOGY, DEEP KNOWLEDGE OF THE THREAT, & TRADE CRAFT.
NEED TO UNDERSTAND WHERE THIS THREAT IS EVOLVING SO WE ARE PREPARED FOR THE WORLD FIVE YEARS FROM NOW. [LATER CHARTS]
US Electric Grid
TSA
Univ. of Mich.
Infrastructure
100 Largest US Utilities
London Stock Exch.
Truck Freight Tracking
95% increase penetration attempts
Oak Ridge
Labs
Pentagon NIPRNet
DOJ
Geeks.com
Military
NATO
23,000 / year
penetration attempts
100,000/sec
US Marines
101st Airborne
4th Infantry
Government
DHS
Germany
Voting
Machines

8. Yesterday’s Attackers
Critical Need
Yesterday’s Attackers
Today’s Terrorists
Weapons of the Future?
More devices, more connectivity and more software
Software is becoming more complex
This complexity provides a wealth of IO-related opportunities
Strategic and tactical advantage go to those who can understand then control the execution of software and software systems
Providing IO capability to the US Government is a high growth niche
In lock step with the growth in information technology
Raytheon is positioned at the tip of the spear

9. What is a Security Engineer?
The perfect security engineer is part
Network Engineer
Routers, Switches, Firewalls, Intrusion Detection Systems
Operating Systems guru
Linux, Unix, Trusted OSes, Windows
Systems Engineer
Architecture, Requirements, Documentation
Software developer
Protocol expert
HTTP, SSL, SSH, FTP, SMTP, SNMP, NTP, LDAP
Applications guru
Web, LDAP, Database, Custom Apps, XML
Integration and Test Engineer
Integrate custom and COTS products
Good team builders with excellent written and verbal communication skills
Is that too much to ask for?

10. Post-Graduate Security Education
3-5 years
0-2 years
6-9 years
10+ years
SANS Security Essentials (Technical)
Vendor Bootcamps, Technical Training
CISSP Certification
ISSEP Certification
SANS Level 2 Specialization Track(s)
Security Conference Attendance
Security Conference (Speaker)
Additional Certifications (Customer-driven)
Internal Corporate Certifications
Experience
Continued Education is Vital

11. Information Operations / Information Assurance (IO/IA) Defined
Computer
Network
Operations
Non-Kinetic
(DEW)
Kinetic
Psyops
Offense (IO)
Defense (IA)
Access
Attack
Defend
Exploit
Passive
Active
Deny
Decept
Destroy
Deter
Detract
Analysis
Triggering
KM/KD
Information Operations (IO) encompasses all communications from sensors to networks to effectors - which include kinetic, non-kinetic and psyops along with Computer Network Operations, the focus of this discussion
CNO includes offensive and defense elements, IO and IA. IO includes network or device access, attack, or exploitation for intelligence and operational purposes. IA assures that our own systems are not subject to access, corruption for forced network shut down.
Examples of this would encompass both the protection and exploitation of flaws and malicious in-plants in software systems; flaws [or ‘malicious’ in-plants in microelectronics]; as well as spoofed biometrics; forged credentials, etc.
What we are not including includes items in the grey boxes…Emissions from electronic systems; directed energy attacks on electronic systems; Kinetic attacks on information systems;
We are also not including pure tangential services, such as physical security of facilities; personnel security of IT facilities; theft of computer storage; or Psyops [i.e. a disinformation campaigns].
Grow Raytheon into the most critical emerging defense market
Integrate cyber capability into all Raytheon products and services (offensive and defensive)
Brand Raytheon synonymous with information security; critical to sustained mission assurance
Our Strategic Objectives in regards to the IO IA business are:
Grow Raytheon into a critical emerging defense market - Build a world-class end to end IO/IA capability via Raytheon Information Security Solutions (ISS) [~$0.5B sales within 5 years w/ 33% CAGR]
Establish IA as a discriminator/component in all RTN solutions - Develop and implement a “best in class” proactive solution that provides unimpeded and secure enterprise services.
Better protect and secure Raytheon’s systems and information – deploying this capability for our own internal systems.
Current Suppliers & Customers
Suppliers
Small niche providers (none with turn-key solutions)
Customers
DoD
Intelligence Community
DARPA
DHS

12. Assessment Methodology
Information Gathering
Interview System Owners
Determine high value targets
Study and Identify Gaps in Policies/Procedures
Conduct Network Mapping Scans
Create Network Layout Diagram
Vulnerability Analysis (VA)
Conduct VA Scans
Analyze Patch Management Effectiveness
Define Secondary Targets
Determine risk posed
Penetration Attack (if requested by customer)
Results Analysis
Analyze all data gathered
Final Analysis Documentation
Document findings, recommendations

13. Assessment Methodology (Cont.)
Risk Recommendations
Accept Risk, Transfer or Remediate
Remediate the Risk (Prioritized)
Could generate new requirements to correct
findings
Starts the development cycle
Remediation approaches
System Mechanisms
Security COTS Products
Custom Software Development
IDS/IPS
Enterprise Security Monitoring
Cross-Domain Solutions
Non-traditional approaches
Software Vulnerability Analysis
Reverse Engineering
Risk Mitigated According to Plan
Risk Reduction Effectively Realized

14. Remediation via System Mechanisms
Commercial Hardware
Network equipment – Cisco, Summit, Juniper, Allied Telesyn
Operating Systems – Linux, UNIX, Windows, Trusted OSes
SAN switches, Console Servers, etc.
Hardening default installation
Disabling unused services or features, Ingress/Egress Filtering, Logon Banner, etc.
Formal guidance (e.g., DISA, NSA, CERT, SANS, CIS, NIST)
Required capabilities defined by
Mission purpose - Development, Production, Testing, Failover Spare
Enterprise Infrastructure – Time synchronization (i.e. NTP), centralized logging/monitoring (i.e. Syslog, SNMP), remote maintenance (i.e. SSH), centralized authentication (i.e. TACACS+)
Type of equipment - Controlled Interfaces, Core Servers, End User workstations
Automated tools – repeatable results
Custom scripts
Solaris Security Toolkit, DISA SRR/Gold, Titan, Bastille, YASSP
Remediation begins at the Equipment level.

15. COTS Products often offer cost-effective solutions
Remediation via COTS Product Integration
Trusted
Guard
Vulnerability
Testing
Trusted OS
Firewalls/
ACLs
Cisco
Routers
LDAP
Servers
Secure
Shell
(SSH)
DNS
Install &
Hardening
PKI
Certificate
Authority
Oracle Db
Load
Balancers
Web
Servers
COTS Products often offer cost-effective solutions

16. Remediation via COTS Product Integration
Cisco Routers and Switches
Load Balancers
F5 Big IP
Web Servers
Netscape
Apache
Directory (LDAP) Servers
PKI Certificate Authority
Intrusion Detection Systems (IDS)
Network IDS – SourceFire, SNORT, ISS RealSecure, NFR
Host IDS – ISS RealSecure, custom log alerts
Decoy systems – Symantec ManTrap
File Integrity – Tripwire
Firewalls
Gauntlet
CyberGuard
Cisco PIX
Oracle Databases
Including Oracle Label Security (OLS)
Cross Domain firewall
Secure Shell (SSH) for administration and system control scripts
Washington University FTP
DNS installation and hardening
CORBA
Orbix
The Raytheon Garland security team has hands-on experience with this list of products. While some of these products are core security products, our experience also extends to creating secure installation of non-security products.

17. Remediation via Developed Software
Frequently, customer requirements for security exceed commercial product capabilities
Information Security often requires developing custom software solutions securely
Software Development enables bridging the gaps in integrating COTS applications based on customers’ needs.

18. Remediation via Intrusion Detection/Prevention Systems
Initial design and deployment decisions
Bandwidth – segregate network, multiple sensors
Encrypted traffic – limited visibility, decrypt prior to sensor
Outside perimeter – Noise, Shows growing threats
Inside perimeter – Focuses on compromises
Mechanism
Mirroring on switches – Cheaper, possible load failures
Taps – More expensive, configuration more difficult and involved
Customize to context of environment (i.e. tuning)
Minimizes false positives
Configure appropriate notifications and/or response
Detect violations of policy
Devise scheme to efficiently update signatures
Monitoring and investigation into alerts
Escalation Procedures / Remediation Actions
IDS/IPS solutions offer significant contributions to overall situational awarenes but can be very complex in nature and customization.

19. Remediation via Enterprise Security Monitoring
Overarching security monitoring layer
Consolidates information from variety of security equipment
Integrate existing sensors
Syslog
Log files
SNMP Traps
Smart agents
Normalize information gathered
Filter noise
Aggregate/correlate events/threats/alerts
Policy violations
Heuristic Analysis
Reports/visualization
COTS packages
CA eTrust, ArcSight, e-Security, Symantec, Intellitactics, netForensics, etc.
GOTS
Audit Log Evaluation and Reduction Tool (ALERT), custom scripts, etc
Enterprise Security Monitoring combines the technical solutions for risk mitigation and risk management.

20. Cross-domain solutions are as unique as our customer set.
Remediation via Cross Domain Solutions
High Assurance Guard functionality that can validate data at entry/exit points in the system
Raytheon High-Speed Guard
Lockheed Martin Radiant Mercury
Northrop Grumman Information Support Server Environment (ISSE)
Oracle Label Security (OLS) for row level database control
Oracle Data Vault cross domain product is built upon OLS
Cross-domain solutions are as unique as our customer set.

21. Cross-Domain Sharing Approaches
Architectures Currently In Vogue
Multiple Single-Level (MSL)
Multi-Level Security (MLS)
Multiple Independent Levels of Security (MILS)
Multiple Single-Level
Systems confined to multiple single-level domains
Systems remain relatively ‘dumb’ about security levels
Security controls enforced at the boundaries by Controlled Interfaces, a type of Cross Domain Solution (CDS)
Multi-Level Security
The entire system inherently understands and enforces security requirements
Typically requires Trusted Operating Systems
i.e., SELinux, Solaris 10 Trusted Extensions, HP NetTop, etc
Very complicated, extremely limited vendor support
Multiple Independent Levels of Security
Layered Architecture (Separation Kernel, middleware, applications)
Implements an Information Flow/Data Isolation Security Policy
MSL is still only practical solution for most applications

22. Non-Traditional Approach
Offensive
Non-Traditional Approach
Technology
Services and Support
ACTIVE I/O
Persistent Agents
Social Network Analysis
Infrastructure Indep. Comms
CYBER CI
Agent Networks (BOTS)
Implants
Reverse Engineering
COLLECT & EXPLOIT
Non-traditional Devices
Network Access/Redirect
Covert Delivery & Agents
POLICY & ARCH
H/W Validation
F/W Validation
S/W Validation
Defensive
ACTIVE ASSURANCE
Active Protection
Role-Based Access Control
Predictive Active Assurance
INFORMATION SECURITY
Device Protection
Biometrics
Forensics
POLICY & ARCH
Role Based Access
Vulnerability Analysis
Identity Management
COLLECT & EXPLOIT
Virtual Networks
FUNDAMENTAL ELT OF STRATEGY – BUILD CAPABILITIES RELEVANT IN FUTURE – KEEP AHEAD OF ADVERSARIES & COMPETITORS – OUT OF COMMODITY SECURITY PROD BUS.
PROJECTED THREAT – EVOLVES TO HIGHLY COORDINATED NETS OPERATED BY NATION STATES, TERRORIST ORGS, ORG CRIME, INDUSTRIAL ESPIONAGE & HACKERS
TARGET DEVICES CHANGE – LARGE ORGS TO TARGETED INDIVIDUALS & SPECIFIC DEVICES/APPS (E.G. LAPTOPS, CELL, VOIP, ETC) – APPLY TO BOTH OFFENSIVE TARGETING & IA SIDE
IN BOTTOM WE SEE THE MARKET FOCUS AND THE ENVIRONMENT PRIORITIES OF CORP/GOV’T INFOSEC GROUP.
BOTTOM RIGHT - SOLUTION PROVIDERS & INTERNAL IS GROUPS NEED TO FOCUS
ACTIVE IO – PERSISTENT AGENTS, AGENT NETWORKS AND BOTS, ANONYMIZATION, DEVICE ACCESS, REVERSE ENGINEERING AND SOCIAL NETWORK ANALYSIS.
IO COLLECTION AND EXPLOITATION – ‘NON TRADITIONAL’ DEVICES [I.E. A NEW SONY PLAY STATION], NETWORK ACCESS/COLLECTION/REDIRECTION, COVERT DELIVERY OR EXFIL.
CYBER COUNTER INTEL – IMPLANTS AND REVERSE ENGINEERING
ACTIVE ASSURANCE – INSIDER THREAT, BIOMETRIC VALIDATION, REAL TIME ID OF POLICY VIOLATIONS, SIT AWARENESS OF ATTACK OR PENETRATION
POLICY AND ARCHITECTURE – ROLE-BASED ACCESS, HW AND FW VALIDATION, VULNERABILITY ANALYSIS.
ADV INFO SEC CAPABILITIES - DEVICE PROTECTION, FORENSICS, OR CONTENT FILTERING. [DEVICE ACCESS& PROTECTION PARTICULARLY FOR PERSONAL, FINANCIAL AND MEDICAL INFO]

23. The Problem with Software
Intended Behavior
Actual Behavior
Intended functionality
Unintended
functionality
(Bugs?)
Missing functionality (Bugs)
The unintentional functionality in information systems can be leveraged in unique ways to provide creative, bold and aggressive advantage

24. Vulnerability Research
Discovering and exploiting flaws in software is the key to success in information operations
Open source development has dramatically increased accessibility and collaboration
A zero-day vulnerability is one that:
Vendor has no knowledge so no patch exists
Target has no knowledge so he can’t protect himself
Others in the community have no knowledge so lifespan is prolonged
Active Vulnerability Research is key to discovery prior to adversary exploitation

25. Reverse Engineering
The DoD is aggressively pursuing the development of software protection and anti-tamper technologies
The government requires assessment of these emergent technologies
Requires an ability to reverse engineer heavily armored software
Forensic reverse engineering analysis of malicious code on a Quick Reaction Capability (QRC) turnaround is often desirable
Analysis to determine what the code has potentially compromised
Analysis to determine what the code is capable of doing
Determine attribution
Reverse engineering analysis is required as the first step in any binary modification exercise
The government often requires covert functionality to be implemented in commercially available devices

26. Questions and Answers What questions can we answer for you?
What have we forgotten to cover?

27. Backup

28. Full Life Cycle Coverage
Lead system architecture definition
Conduct trade studies
Develop SOW/SOR for security requirements and implications
Specify network security architecture
Determine appropriate security certification methods and processes
Periodic vulnerability analysis of security architecture
Install/config/support of security products
Continual research of emerging security threats and deterrents
Maintenance and obsolescence management of core security products
Concept Definition
Development
Integration
Operations
Define certifiable security architecture
Perform trade studies on security products
Evaluate interactions of security products with other system components
Develop custom tools where industry products are not available or do not meet requirements
Prepare security certification plans
Raytheon Garland has executed security engineering tasks in all phases of a system. From the proposal effort through the operations and maintenance, our security engineering staff has the experience and skills to navigate through all security requirements for the life of the program.
Install/configure/support security products
Evaluate security architecture
Implement security controls
Development of operational procedures
Lead Certification and Accreditation
Our Information Security credentials span the entire life cycle spectrum.

29. Companies, Online Businesses (Switches, Routers, Firewalls)
IO Threat Environment
HISTORICAL
CURRENT
PROJECTED
Nation States
Organized Crime
Industrial
Hackers
Hackers
Nation States
Focused Nation States
Hackers
Industrial Espionage
Funded Terrorists
Coordinated
Networks
ACTOR
Individuals, User Devices, Mobile & Wireless Applications (Laptops, Cell, VOIP, PDAs)
Companies, Online Businesses (Switches, Routers, Firewalls)
TARGET
Networks
Physical Access Controls
Forced Password Changes
Firewalls, Encryption
Virus Scanners
Wired Communications
Identity Management
Single Sign-On
DCID 6/3 Compliance
Active Content Filtering
Session Encryption
Wired/Wireless Communications
ACTIVE I/O
Persistent Agents
Social Network Analysis
Infrastructure Indep. Comms
CYBER CI
Agent Networks (BOTS)
Implants
Reverse Engineering
COLLECT & EXPLOIT
Non-traditional Devices
Network Access/Redirect
Covert Delivery & Agents
POLICY & ARCH
H/W Validation
F/W Validation
S/W Validation
MARKET
FUNDAMENTAL ELT OF STRATEGY – BUILD CAPABILITIES RELEVANT IN FUTURE – KEEP AHEAD OF ADVERSARIES & COMPETITORS – OUT OF COMMODITY SECURITY PROD BUS.
PROJECTED THREAT – EVOLVES TO HIGHLY COORDINATED NETS OPERATED BY NATION STATES, TERRORIST ORGS, ORG CRIME, INDUSTRIAL ESPIONAGE & HACKERS
TARGET DEVICES CHANGE – LARGE ORGS TO TARGETED INDIVIDUALS & SPECIFIC DEVICES/APPS (E.G. LAPTOPS, CELL, VOIP, ETC) – APPLY TO BOTH OFFENSIVE TARGETING & IA SIDE
IN BOTTOM WE SEE THE MARKET FOCUS AND THE ENVIRONMENT PRIORITIES OF CORP/GOV’T INFOSEC GROUP.
BOTTOM RIGHT – WHERE (PROVIDERS & INTERNAL IS GROUPS) NEED TO FOCUS
ACTIVE IO – PERSISTENT AGENTS, AGENT NETWORKS AND BOTS, ANONYMIZATION, DEVICE ACCESS, REVERSE ENGINEERING AND SOCIAL NETWORK ANALYSIS.
IO COLLECTION AND EXPLOITATION – ‘NON TRADITIONAL’ DEVICES [I.E. A NEW SONY PLAY STATION], NETWORK ACCESS/COLLECTION/REDIRECTION, COVERT DELIVERY OR EXFIL.
CYBER COUNTER INTEL – IMPLANTS AND REVERSE ENGINEERING
ACTIVE ASSURANCE – INSIDER THREAT, BIOMETRIC VALIDATION, REAL TIME ID OF POLICY VIOLATIONS, SIT AWARENESS OF ATTACK OR PENETRATION
POLICY AND ARCHITECTURE – ROLE-BASED ACCESS, HW AND FW VALIDATION, VULNERABILITY ANALYSIS.
ADV INFO SEC CAPABILITIES - DEVICE PROTECTION, FORENSICS, OR CONTENT FILTERING. [DEVICE ACCESS& PROTECTION PARTICULARLY FOR PERSONAL, FINANCIAL AND MEDICAL INFO]
Account Management
Pushed Updates
Remote Administration
SPAM Filtering
Open Website Access
Policy Adherence
Data at Rest Encryption
Remote Access Solutions
Situational Awareness / Monitoring Access Points
ITAR Compliance / Architecture
ACTIVE ASSURANCE
Active Protection
Role-Based Access Control
Predictive Active Assurance
INFORMATION SECURITY
Device Protection
Biometrics
Forensics
POLICY & ARCH
Role Based Access
Vulnerability Analysis
Identity Management
COLLECT & EXPLOIT
Virtual Networks
INFOSEC

30. DARPA contract (CHAIN deployment)
$14 million DARPA base year contract
4 option years
Build the DARPA Secure Enterprise Network (DSEN)
Migrate legacy networks and data to the DSEN
Manage legacy assets prior to DSEN transition
Provide technology refresh and upgrades
Support business re-engineering for DSEN migration
Address the “DARPA HARD” paradigm
Provide a low risk solution using an advanced technology approach
Integrate proven innovative solutions using “defense-in-depth” with COTS components
Proprietary Programs:
Now let me talk to you about three (3) markets we see for CHAIN
First, for DOD, government agencies like DARPA.
We recently won a $14 million contract from DARPA. This contract calls for us install a new “enterprise” network, which will replace a number of disparate DARPA networks. DARAP envisions a single, integrated network support the PM’s and their programs.
This single Network will dramatically change the business practices at DARPA as well as the way that DARPA personnel communicate with one another.
Today, they have to rely on sneaker net, manually pulling out their hard drives and sharing information. Our solution, automates that and allows sharing of information based on security clearances so that they have access to only the information they should access.
Advanced DoD Technology – Protecting Critical Research

31. CHAIN PL3+ Network Capabilities
Key Features
PKI authentication
File sharing
Video transmission
Voice conferencing
White Boarding
Chat (instant messaging)
Provides secure knowledge management at all stages:
Creation, processing, storage, retrieval, and transmission
COTS operating system, COTS hardware
Opportunity to highlight specific CHAIN capabilities in response to what the customer said during the previous slide.
Fully Integrated, Compartmentalized, Collaborative System

32. Raytheon High-Speed Guard
Guards are key components in securing Cross Domain solutions necessary for data sharing between security level
Key Features
High data rates eliminate bottlenecks
900Mb/sec on 1Gbit network
DCID 6/3 Accreditation
140+ instances
NGA, Proprietary
Flexible Data Validation Rules – allows O&M admins to maintain system
Supports file or message transfers
Supports socket or file-based transfers
Selectable Features include -
Digital Signature Validation
Virus scanning
Reliable Human Review Manager

33. Multiple Security Levels (MSL) Example
MSL – Multiple Security Levels
Fully segregated classification levels with specific interconnection points
Trusted “Controlled Interface” device at interconnection points
Implicit enforcement of Mandatory Access Control (MAC) policy
MLS DB
Secret
Data
“Unclass”
TS Enclave
Secret Enclave
Unclass Enclave
“Other” TS
Trusted Guard
Trusted
Bi-directional
Guard
MLS DB Trusted
Server
In an MSL Architecture the systems are operating at a single classification level and the users are cleared for their specific level. This MSL architecture has as Top Secret, Secret , and Unclassified enclaves sharing data via controlled interfaces (I.e., trusted guards). For some users their maximum clearance is Secret and others their maximum clearance is Top Secret. A trusted bi-directional guard is used to release information classified as Secret from the TS network to a network consisting of only Secret users and systems. Low-to-High (one way guards) are used to pass information from the Unclassified network to both the Secret and TS networks. The single level systems must implement mechanisms to provide assurance that the system's security policy is strictly enforced.

34. Multiple Level Security (MLS) Example
MLS – Multi-Level Security
Requires certified trusted computing base to enforce security policy and properly label all subjects and objects
Simultaneously permits controlled limited access by users with different security clearances and needs to know
Explicit enforcement of Mandatory Access Control (MAC) policy over all resources
MLS Enclave
MLS DB Trusted
Server
MLS DB
TS/SCI
Data
Secret
“Other”
MLS Servers
MLS Enclave
TS Enclave
S Enclave
Other Enclave
Here an MLS Architecture which is composed of four interconnected enclaves. The MLS Enclave which is enforcing MAC policy and explicitly labeling all data objects. Users on the MLS enclave workstations are cleared to the highest level of data classification and can open multiple “labeled” windows to access and manipulate data at the various data classification levels. Users in the TS, Secret, or Other enclaves are cleared to only those data classification levels respectively. Based on the domain security policy these users could open “labeled” windows of data elements that their access authorization dominates. Multilevel Web and mail services are made available via MLS servers.
To amplify the definition, an MLS system might process both Secret and Top Secret collateral data and have some users whose maximum clearance is Secret and others whose maximum clearance is Top Secret. Another MLS system might have all its users cleared at the Top Secret level, but have the ability to release information classified as Secret to a network consisting of only Secret users and systems. Still another system might process both Secret and Unclassified information and have some users with no clearance. In each of these instances, the system must implement mechanisms to provide assurance that the system's security policy is strictly enforced. In these examples, the policy allows access to the data by only those users who are appropriately cleared and authorized (e.g., having formal access approval) and who have an official need to know for the data.

35. Multiple Independent Levels of Security (MILS)
MILS is about:
High Assurance (Evaluatable Systems Design)
Safety (It does what it is supposed to do)
Security (It does nothing else)
Real Time (It meets its deadlines)
Embedded (F/A-22, JTRS, I/O Chips…)
Standards-based (Highly Independent)
COTS (Multiple Vendors)
MILS Architecture
Layered architecture (separation kernel, middleware, applications)
Implements an Information Flow/Data Isolation Security Policy
Leverages off COTS vendor DO-178B RTOS and middleware products
MILS Program
Raytheon participates in the development of MILS through AFRL/IF sponsored SIRES and HAMES CRAD programs and participation in The Open Group Real-time Embedded Systems forum.
MILS GOAL: To create a COTS and standards-based infrastructure
to enable end-to-end, secure data fusion on the GIG

36. Our training curriculum is world-class.
3-5 years
0-2 years
6-9 years
10+ years
SANS Security Essentials (Technical)
Vendor Bootcamps, Technical Training
CISSP Certification
ISSEP Certification
SANS Level 2 Specialization Track(s)
Security Conference Attendance
Security Conference (Speaker)
Additional Certifications (Customer-driven)
Principles of Systems Engineering
Experience
Our training curriculum is world-class.

37. Raytheon’s Information Systems Security Engineering Process
Raytheon ISSE Process supplements internal development processes and defines how Information Security Engineering achieves successful Certification and Accreditation.

38. Raytheon IA Reference Architecture Approach
Raytheon Enterprise Architecture Process (REAP)
DODAF 6-step Process
Leverage existing work from NCOW-RM and GIG IA working group

39. Government Certification Experience
Experienced with DCID 6/3, DITSCAP/DIACAP, and NIST C&A methodologies
Team includes highly-trained specialists in DCID 6/3 concepts and requirements, including Appendix E
Support for DITSCAP/DIACAP and NIST increasing
Information Security “baked-in” from the beginning
Security architecture design
MLS architecture experience on multiple programs
High performance, cross-security level communication components
Multi-level and cross-level security experience on multiple programs
Implementation
Product configuration, installation, tuning, analysis, training
Vulnerability assessment
Custom software development
Security documentation development
System Security Plan / System Security Accreditation Agreement
Security CONOPS
Certification and Accreditation Test Plans and Procedures
Security Administration Procedures and Configuration Management
Raytheon Garland’s security engineering team is comprised mostly of engineering brought on to work security engineering for the MIND program with started in May of The MIND program was one of the first large programs to enter into development under DCID 6/3. The MIND was also one of the first large program to work architectural issues with the DICAST. Our experience in working with the DICAST has been gained over the last 2.5 years. This experience is invaluable in helping other programs navigate getting their architectures approved by the DICAST.
Our track record for successfully certifying systems is 100%

40. Raytheon ISSE Past Performance
Freedom - Proprietary
Within the last 24 months, 22 Certification packages received Full Authorization to Operate
DCID 6/3 PL2, PL3 and PL4 systems
Mission Integration and Development
Integration of legacy infrastructure at different security levels into new architecture
DCID 6/3 PL 3 - Multi compartment SCI system
Information Assurance Services (IAS)-NGA
Provide overarching Information Assurance Services for all National Geospatial Intelligence Agency operational sites
Global Broadcast System (GBS)
DIACAP certification of entire system
US Patent Trade Office
NIST certification of Raytheon components
MIND
Integration of legacy infrastructure, at different security levels, into new architecture
Multi-level security management (Radiant Mercury)
Security Engineering led Certification & Accreditation (C&A) compliance with DCID 6/3 PL4 (working w/NRO accreditors and DICAST mission partner).
Developed Audit Log Evaluation and Reduction Tool (ALERT) to provide DCID 6/3 compliant audit reports
Raytheon Information Security delivers solutions for a variety of customers with success

41. Network Security Infrastructure
A Successful IT Security infrastructure
Is championed by management
Is user friendly, cost effective, dependable, manageable, and flexible
Involves collaboration with various Lines of Business, organizations, partners, vendors, customers, and users
Leverages and integrates best of breed commercial products

42. Network Security Landscape
Environment
IT systems are targeted by competitors, adversaries, crackers, and criminals, both externally and internally
We protect valuable assets (money and National Security Information)
Highly Government regulated
(GLB Act, Sarbanes-Oxley Act, Computer Security Act, Computer Fraud and Abuse Act, Federal Acquisition Regulations, Electronic Communications Privacy Act, DoD regulations, Executive Orders, etc.)
We implement compliant security solutions (ie. DCID 6/3, DITSCAP)
Heterogeneous interconnected system with various security levels
We implement global, WAN, LAN security solutions for diverse customers (national and foreign)

43. Network Security Landscape
Environment (continued)
Technically complex (switches, routers, firewalls, VPNs, Anti Virus, mainframe, midrange, client-server, widely distributed networks, etc. )
Must integrate both legacy systems and new technologies
Subject to Public and Government accountability and scrutiny
Risk Management is a primary business function
Reputation is paramount
Secure massive amounts of data (images, documents, transactions, logs and reports)
7 x 24 x 365 Operations
We implement redundant and high availability network devices, firewalls, and security applications to protect our assets.
We support foreign and domestic global, national, and regional operations centers

44. Network Security Landscape
Implement secure Methodologies, concepts, principles
Least Privilege
Defense in Depth
DMZs and Security Zones
Layered Security
Compartmentalization
Separation
Default Deny
Use the same or similar “Best Practices”, standards, professional organizations
FIPS, NIST, GASSP, Common Criteria, BS/ISO 17799, SAS 70, COBIT
SEI, ISO, IETF, IEEE, NIST, ISC2, NIAP, SANS Institute, TruSecure, ISACA