Presentation is loading. Please wait.

Presentation is loading. Please wait.

Navy Information Assurance and Cyber Security

Similar presentations


Presentation on theme: "Navy Information Assurance and Cyber Security"— Presentation transcript:

1 Navy Information Assurance and Cyber Security
Program Executive Office Command, Control, Communications, Computers and Intelligence (PEO C4I) Navy Information Assurance and Cyber Security 15 September 2010 Kevin McNally Program Manager (PMW 130) (858) As Americans celebrated July 4th last year – enjoying BBQs and fireworks with family and friends to celebrate our nation’s independence – hackers launched a sophisticated and powerful Distributed Denial of Service (DDOS) attack against nearly a dozen government and commercial websites. This coordinated cyber attack against sites such as the White House, the Department of Homeland Security, the Statement Department, The Washington Post and the New York Stock Exchange took many of these sites down throughout the weekend… The aim of DDOS attacks is to bring down a computer network by using armadas of "zombie computers," arrayed in "botnets" to repeatedly contact target servers, overwhelming them with an incessant barrage of requests to connect. How many times have we heard about these types of occurrences? How many times have less dramatic (but potentially more damaging) attacks occurred against critical information systems that we don’t hear about?... Statement A: Approved for public release; distribution is unlimited (9 SEPTEMBER 2010)

2 Agenda Changes in our Community PEO C4I and PMW 130 Why Cyber Matters
The Threat The Acquisition Process Today Way Ahead for Cyber Acquisition Challenges IA Concerns on the Horizon Q&A This is what I will be covering today

3 The Drive to Information Dominance
The modern cyber battlefield is a global domain within the information environment. The same networking technologies that have provided transformational warfighting capabilities have also created a need to constantly modernize and upgrade our systems. Cyberspace is found at the intersection of traditional warfare and intelligence missions where the weakest link is a weakness shared by all. Paraphrased from the PEO C4I Executive Guidance for FY10 The Economist 3

4 Changes in our Community
“…we must embrace innovation, be willing to test and evaluate new concepts, and ultimately, resource and support game-changing technologies, processes, and information capabilities. Our goal: to achieve command and control overmatch against all adversaries. If we’re reaching for something less than that, we aren’t trying hard enough…” VADM Dorsett, DCNO (N2/N6) 4 4

5 PEO C4I Organizational Structure
ASN(RDA) Assistant Secretary of the Navy (Research, Development & Acquisition) CNO Chief of Naval Operations SPAWAR RADM P. Brady VICE DEPUTY PEO C4I RDML Jerry Burroughs CURRENT READINESS REPORTING Special Assistant for MDA – Andy Farrar Chief of Staff – CAPT Gary Galloway DPEO Acquisition Management – John Metzger DPEO Manpower & Budget – Susie Drew DPEO Strategic Mgmt & Process Improvement – Aaron Whitaker DPEO Platform Integration & Modernization – Vacant DPEO Technical Direction & Program Integration – Charlie Suggs SSC Atlantic APEO Contracts (2.0) – Trelli Davis APEO Logistics (4.0) - Sean Zion APEO Engineering (5.0) – Wendy Smidt APEO S&T (7.0) - John McDonnell PRINCIPAL DEPUTY INTELLIGENCE Mr. Terry Simpson PRINCIPAL MILITARY DEPUTY CAPT John Pope SSC Pacific SPAWAR Space Field Activity Battlespace Awareness & Information Operations PMW CAPT Bob Parker Mark Reinig Information Assurance and Cyber Security PMW Kevin McNally CAPT Don Harder Command and Control PMW 150 CAPT Steve McPhillips Jim Churchill Tactical Networks PMW 160 CAPT DJ LeGoff CDR William “Ben” McNeal Communications PMW 170 Vince Squitieri CAPT (Sel) Mark Glover NIDE NIDE NIDE NIDE NIDE International C4I Integration PMW Steve Bullard Joe Orechovesky Carrier and Air Integration PMW 750 Mark Evangelista (Acting) Cheryl Carlton (Acting) Ship Integration PMW 760 CAPT Ken Ritter Bill Farmer Submarine Integration PMW 770 CAPT Dean Richter Maria Cuin Shore and Expeditionary Integration PMW 790 Ruth Youngs Lew CDR Allan Walters Allen Armstrong NIPO NAE SWE USE NECE Updated 10 September 2010

6 *Includes: IAC – 3 IAM – 2 (1-DISA/1-PEO C4I)
About PEO C4I Workforce Civilian: 214 Military: 71 Programs - Total: 122 ACAT I: 8* ACAT II: 6 ACAT III & Below: 106 Rapid Deployment Capabilities (RDCs): 2 *Includes: IAC – IAM – 2 (1-DISA/1-PEO C4I) IC – 2 Pre-MAIS/MDAP – 1 Platforms Supported – FY10 Afloat: 228 Shore: 349 Expeditionary: 34 Navy C4I Key Facts More than 5,200 radios fielded More than 2,500 annual installations More than 700 applications supported Average/fielded bandwidth capability Carrier: 4 mbps - 24mbps Destroyer: 512 kbps - 8mbps Submarine: 128 kbps Average technology refresh 18 months Average time to market Initial fielding: 36 months Full Fielding: years Annual Installations: +35% over FY08 Afloat Platforms Supported: +33% over FY08 Average Carrier Bandwidth is a result of: 1) Determining number of carriers currently accessing MILSATCOM 2) Adding the bandwidth assigned each ship to come up with a total 3) Dividing 2 by 1 for an average MILSATCOM number 4) Determining number of carriers currently accessing Commercial SATCOM 5) Adding the bandwidth assigned each ship to come up with a total 6) Dividing 4 by 5 for an average Commercial SATCOM number 7) Add 3 and 5, divide by 2 for average bandwidth per carrier Average Destroyer Bandwidth: (MILSATCOM Only, DDG’s do not have Commercial SATCOM) FIELDED BANDWIDTH CAPABILITY: Carriers: Two MILSATCOM Channels capable of 8mbps each, One commercial SATCOM channel capable of 8mbps. Total: 24mbps DDG’s: One MILSATCOM channel capable of 8mbps ACAT I Categories IC = The Decision Authority is the Head of the DoD “Component” (SECNAV for Navy) or, if delegated, the Component Acquisition Executive (ASN RD&A). (NESP and NMT) IAC = MAIS (Major Automated Information Systems), The Decision Authority is the Head of the DoD “Component” (SECNAV for Navy) or, if delegated, the Component Acquisition Executive (ASN RD&A). (GCCS-M, NTCSS, DJC2) IAM = MAIS (Major Automated Information Systems), The Decision Authority is the Head of the DoD “Component” (ASD/NII/DoD CIO for Navy) or, if delegated, the Component Acquisition Executive.(PKI and DCGS-N) PRE-MAIS/MDAP = MAIS (Major Automated Information Systems), Major Defense Acquisition Program (weapons) (CANES) Platforms: Afloat is # of ships in the fleet that we’re installing aboard Shore is # of shore locations where we are executing installs (Per Leo M) Expeditionary is the # is composed of 30 NECCs and 4 MTOCs DJC2 (6) are all deployed. No new in FY10 # of installations is the number of installations planned for the execution year of 2010 updated 23 August 2010

7 PEO C4I PMW 130 PMW 130 Strategic Priorities Strategic Priorities
Information Assurance and Cyber Security PMW 130 Strategic Priorities Strategic Priorities PMW 130 Vision: Securing the Cyber Domain PMW 130 Mission: Provide capabilities to secure the cyber domain, assure end-to-end information and enable decision superiority GOALS Maintain a world-class Information Assurance workforce equipped to achieve acquisition excellence in a dynamic environment Minimize total ownership cost of a secure Cyber Domain Rapidly and proactively field innovative capabilities to stay ahead of the Cyber threat Achieve synergistic partnerships with requirements’ owners, resource sponsors and end-users COST SPEED WORKFORCE CUSTOMER

8 PMW 130 Information Assurance and Cyber Security
PROGRAM MANAGER Kevin McNally DEPUTY PM CAPT Donald Harder Acquisition Mgr Technical Dir. PEO DDAA Dir Ops BFM Lead APM-E APM-L Cyber Security Liaison APM-C BFM Support Install Resource Manager APM- S&T Crypto Voice Key Management Crypto & Crypto Products Crypto Data PKI Crypto Mod Ports & Protocols Network Security CND Afloat NMCI/NGEN IA DIACAP Integration CND Ashore Security Mgt Radiant Mercury Cm billet: YA-3 RM Billet: YA-2 Acq Mgr billet: YA-3 BFM Lead: YA-3 BFM Suppt: YA-2 IRM Billet: YA-2 Cyber Security Liaison (1610 Mil Billet) to be located in DC)- may be a 120 billet 8

9 PEO C4I PMW 130 Our Portfolio
OPNAVINST C, Navy IA Program: Navy IA Technical Lead; Systems Security Engineering; IA Requirements; IA Products IA Technical Support Computer Network Defense (CND) NAVCYBERFOR System Security Engineering FLTCYBERCOM Crypto Public Key Infrastructure CND Defense in Depth On-Line Services NETWARCOM OPNAVINST C, Navy IA Program: Serve As Technical Lead for Navy IA Provide Systems Security Engineering and Integration Support for All DON Information Systems with IA Requirements Budget for DON IA Programs Develop and Acquire Standard and Specified IA Products Support the Certification Authority for Navy GENSER Systems Used to be a lot easier based on physical controls and stovepiped systems with unique crypto. Now: everything is connected together and the weakest link is a threat to all Add time to kill chain cycles Acquisition Authority Role CFFC Technical Lead Role PEO-EIS Electronic Key Mgt System Radiant Mercury OPNAV IA Pubs Crypto Mod Program Office PEO-C4I Crypto Voice INFOSEC Helpdesk SYSCOMs 9

10 What Is Cyber? From the S.773 Bill, Cybersecurity Act of 2009:
Any process, program, or protocol relating to the use of the Internet or an intranet, automatic data processing or transmission, or telecommunication via the Internet or an intranet; and Any matter relating to, or involving the use of, computers or computer networks The internet is an essential part of almost everything we do today in professional or private life. And from a military standpoint, cyberspace represents a whole frontier of capabilities and vulnerabilities that we have to take into account in the way we do business today and into the future. We focus so much on traditional kinetic warfare and weapons systems, and we have to start thinking from a wider perspective in this cyber age… Our sailors, airmen, and soldiers of today are “cyber-natives”; they’ve grown up in the internet age and have amazing expectations and perspectives on how to do the business of warfighting in the cyber domain… "The office of the Chief of Naval Operations must be organized to achieve the integration and innovation necessary for warfighting dominance across the full spectrum of operations at sea, under sea, in the air, in the littorals, and in the cyberspace and information domains.“ -Adm. Gary Roughead, Chief of Naval Operations

11 Cyber security is vital to our warfighting capability
Why Cyber Matters? "If the nation went to war today in a cyber war, we would lose. - Admiral Mike McConnell (retired), 23 Feb 2010 1 trillion URLs (Uniform Resource Locator, like Greater than 210 billion s are sent every day Over 2 billion Google searches are conducted each day Over 1.7 billion Internet users DoD users make 1 billion+ Internet connections each day, passing 40TB of data Symantec: 458K new malware code signatures from APR-JUN 2010 Adversaries are continuously improving their cyber attack capabilities using many commonly available tools The internet is an essential part of almost everything we do today in professional or private life. And from a military standpoint, cyberspace represents a whole frontier of capabilities and vulnerabilities that we have to take into account in the way we do business today and into the future. We focus so much on traditional kinetic warfare and weapons systems, and we have to start thinking from a wider perspective in this cyber age… Our sailors, airmen, and soldiers of today are “cyber-natives”; they’ve grown up in the internet age and have amazing expectations and perspectives on how to do the business of warfighting in the cyber domain… Cyber security is vital to our warfighting capability

12 The Threat Anatomy of a Common Attack
Scan/map network Find vulnerabilities (often using automated tools) Establish foothold on computer Escalate privileges on the network Pwnd Put measures in place to hide tracks (erase logs, etc.) Expand on network (gather info, insert malware, zombies, use to spam, etc) Pwnd, from wikipedia: Pwn (below: Various pronunciations) is a leetspeak slang term derived from the verb own, as meaning to appropriate or to conquer to gain ownership. The term implies domination or humiliation of a rival, used primarily in the Internet-based video game culture to taunt an opponent who has just been soundly defeated (e.g., "You just got pwned!"). It was popular among Counter-Strike gamers before spreading through the more general Internet world.[6] The past tense and past participle, pwned, may also be spelled pwnd, pwn'd, pwn3d, pwnt, poned, pawned, or powned.[citation needed] In hacker jargon, pwn means to compromise or control, specifically another computer (server or PC), web site, gateway device, or application. It is synonymous with one of the definitions of hacking or cracking. The Pwnie Awards are awarded by a group of security researchers. Because pwn is primarily used in written form, it has no single generally accepted pronunciation: renditions include /ˈoʊn/, /ˈpoʊn/, /pəʔˈoʊn/, /ˈpɔːn/, /piːˈoʊn/. Originally, pwn and its variants were pronounced /ˈoʊn/) in the same way as the derived verb own; the tail of the p being "silent". A notable usage of this pronunciation can be seen in the Internet distributed series Pure Pwnage (pronounced "pure ownage",[9] /ˈpjʊər ˈoʊnɨdʒ/). Where speakers vocalize the p, pronunciations include pwen, "pwin", pawn, "pone", pun[10] and pwone.[11]

13 CONFICKER Example Speed of Adversary Weaponization
Spam “Scareware” CONFICKER.D 50K Domains + Improved HTTP Command & Control + Robust Peer-to-Peer Comms Kills Security Software Malware Analysis Countermeasures Sophistication CONFICKER.C Direct Update Feature CONFICKER.B + Password Cracking + USB Infection Vector + Primitive Peer-to-Peer Comms Anti-Virus Countermeasures Software Update Countermeasures Code Cryptography 5 versions in 5 months – each more capable So what does a cyber attack look like today? Cyber attacks come in various forms, originating from bored high school students to antagonistic third world countries. Often the first steps in responding to a cyber attack are to define signatures or behaviors to detect the use of a particular attack, identify the infected computers and attempt to attribute the threat. Signatures are developed based on the current knowledge of the malicious software or malware, and are constantly refined as more details become known. This slide shows how quickly a threat can evolve. A year and a half ago, the CONFICKER malware did not even exist—however, since it’s inception in Nov ’08 it has both become very sophisticated and very wide spread. CONFICKER has a global reach – current estimates range as high as 40M infections. We generally believe its somewhere in the neighborhood of 5M to 6M, but the number is extrapolated. CONFICKER is unique in that the actors behind the activity have been able to quickly implement new features to defeat the security industry’s best efforts against it. While we often see this type of “arms race” between the malware community and the anti-virus / computer security industry, it does not usually occur at this rate. CONFICKER has been able to analyze the security industry’s efforts, implement countermeasures against that solution, and re-deploy on a global scale. As the chart shows, there have been both minor and major updates – some small increments in sophistication and some leaps (5 iterations in ~6 months). Comment on comparison of these timelines to our budgeting and development cycles… Bottom Line: Our adversaries’ speed in “upgrading” and deploying their weapons so quickly puts a tremendous strain on defenders who are in a reactive mode. We must become more proactive to learn and defeat our adversaries plans and tools before they have a chance to use them. CONFICKER.A HTTP Command & Control No Software Armoring 21 Nov 08 30 Dec 08 20 Feb 09 6 Mar 09 7 Apr 09 Time We need to be agile and resilient

14 CONFICKER vs Acquisition Speed of Fielding
Dramatization: Each red dot is a possible variant Sophistication Initiation IOC FOC So what does a cyber attack look like today? Cyber attacks come in various forms, originating from bored high school students to antagonistic third world countries. Often the first steps in responding to a cyber attack are to define signatures or behaviors to detect the use of a particular attack, identify the infected computers and attempt to attribute the threat. Signatures are developed based on the current knowledge of the malicious software or malware, and are constantly refined as more details become known. This slide shows how quickly a threat can evolve. A year and a half ago, the CONFICKER malware did not even exist—however, since it’s inception in Nov ’08 it has both become very sophisticated and very wide spread. CONFICKER has a global reach – current estimates range as high as 40M infections. We generally believe its somewhere in the neighborhood of 5M to 6M, but the number is extrapolated. CONFICKER is unique in that the actors behind the activity have been able to quickly implement new features to defeat the security industry’s best efforts against it. While we often see this type of “arms race” between the malware community and the anti-virus / computer security industry, it does not usually occur at this rate. CONFICKER has been able to analyze the security industry’s efforts, implement countermeasures against that solution, and re-deploy on a global scale. As the chart shows, there have been both minor and major updates – some small increments in sophistication and some leaps (5 iterations in ~6 months). Comment on comparison of these timelines to our budgeting and development cycles… Bottom Line: Our adversaries’ speed in “upgrading” and deploying their weapons so quickly puts a tremendous strain on defenders who are in a reactive mode. We must become more proactive to learn and defeat our adversaries plans and tools before they have a chance to use them. Time Day One 1 year 2 years 3 years 4 years 5 years 6 years 7 years 8 years 30 variants could have been developed before IOC 80 variants could have been developed before FOC

15 How We Do Acquisition Today
Current DoD 5000 model built for acquisition for ships, aircraft and weapons systems Requirements and oversight based upon risk reduction This model does not work for IT or Cyber Defense COTS insertion model is low risk (cost-wise) IT lifecycle ~3 years, then EOL Cyber attack tools progress rapidly

16 DSB Task Force March 2009 Proposed Acquisition Model
Rapid COTS Insertion New capabilities fielded incrementally Prototyping and Experimentation

17 New Acquisition Approach
Advantages Keep pace with technology Get ahead of EOL challenge Rapid introduction of new commercial products and S&T Closer pace to changing cyber threat Challenges Requirements, Funding and POM Testing, Certification and Accreditation SHIPMAIN Challenges unique to the Afloat Environment Availability schedules Configuration Management/Change Control and Patching Millennial sailors Training Shipboard is NOT a test environment

18 Current Acquisition Status
Crypto Mod for the Navy, USMC, USCG, and MSC. Aging equipment Consolidate families of cryptographic devices Currently fielding CND Inc 1 HBSS, HIDS, NIDS, Firewalls, NIPS Navy CND Increment 2 builds and adds upon the Increment 1 capabilities Defense-in-Depth (DiD) Situational awareness Anomalies and attacks assessment CND command and control (C2) Expect Milestone C decision in FY11 CDS Navy continues to recognize the importance of RM's Cross Domain transfer capability in support of Navy, Joint, National and Coalition operations. Cryptographic equipment modernization for the Navy, USMC, USCG, and MSC. Much of our equipment is aging and we have certain mandates to modernize much of our portfolio to modern cryptographic systems. At the same time, we are seeking to consolidate on families of cryptographic devices in order to reduce the operating and maintenance costs for the Navy Key management systems: We provide secure key management systems for the Navy to be able to use those cryptographic devices and know that our data and communications are secure. PKI Afloat: CAC authentication and access to our afloat and OCONUS networks similar to what we have in NMCI. Computer Network Defense. This is probably our most rapidly changing area where we provide Navy Ships and tactical shore facilities with modern IDS and IPS capabilities in addition to configuration monitoring and various other security management capabilities like firewalls and virus scanners. CND is one of our key Programs of Record that we will use to regularly field network defense capabilities to the Fleet

19 IA Concerns on the Horizon
Cloud security Wireless/handheld devices Social networking Facebook, Twitter, LinkedIn, Foursquare Advanced spear phishing Targeted with some accurate information Web enabled applications/application security Cross-site scripting Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications that enables malicious attackers to inject client-side script into web pages viewed by other users. An exploited cross-site scripting vulnerability can be used by attackers to bypass access controls 80% of all security vulnerabilities documented by Symantec as of 2007. impact may range from a petty nuisance to a significant security risk Cross-site scripting holes are web application vulnerabilities that allow attackers to bypass client-side security mechanisms normally imposed on web content by modern browsers. an attacker can gain elevated access privileges to sensitive page content, session cookies, and a variety of other information maintained by the browser on behalf of the user. Code injection is the exploitation of a computer bug that is caused by processing invalid data. Code injection can be used by an attacker to introduce (or "inject") code into a computer program to change the course of execution. The results of a code injection attack can be disastrous. For instance, code injection is used by some computer worms to propagate. some researchers claiming that as many as 68% of websites are likely open to XSS attacks Foursquare is a location-based social networking website, software for mobile devices. Users "check-in" at venues using a mobile website, text messaging or a device-specific application. They are then awarded points and sometimes "badges." (from Wikipedia)

20 IA Concerns on the Horizon cont.
SOA Environment More IA Integration into Applications Identity Management Role Based Access Sensor management Correlating the data of multiple sensors Analyzing the data Move to a more proactive position

21 Cyber Defense and the Navy What Lies Ahead
Moving from reactive to predictive Speed of incident handling Cyber COP Identifying network anomalies Navigating the acquisition process Do we defend our networks as well as Microsoft, Google, or IBM? Let’s take a look at some of the operational warfighting challenges in the cyber domain a bit differently. Anyone who knows me well knows that I love to think in sports analogies… And if any of you come to my office or see me wearing orange on a Friday, you’ll know that I’m a proud member of the Clemson Tiger nation! So I’d like to draw some analogies on the parallels of cyber warfare and football to explain where the Navy needs to go… Despite their obvious differences, the two are quite similar in many ways. Both require offensive and defensive capabilities; and a solid gameplan is essential in order to win. First, the old adage “Defense wins championships” certainly applies. Our first priority is to have a solid and agile defense so that we can operate effectively and resiliently across the board. Second, In football, each play is a type of battle The offense and defense must have well-balanced playbooks, and they must scout their opponents’ plays and tendencies. The players must be well-trained and capable – they must know the playbook. And finally, successful football teams are adept at making gametime adjustments and adapting to shifts in their opponents tactics. Proactive and Predictive Cyber Defense

22 PMW 130 Government / Industry Exchange
An opportunity for industry to present products they feel may be of interest to PMW 130 Attendees include PMW 130 senior leadership, SPAWAR and PEO C4I invitees, and other PMW 130 personnel (Assistant Program Managers, engineers, etc.) Held once a month 50 minutes, including Q&A Please contact Carol Cooper at

23 Summary IA and Cyber are now getting serious attention
Threat cycle vs. acquisition cycle New IT acquisition model has promise Must overcome cultural challenges in requirements, acquisition, contracting, testing, C&A, and fielding Moving from reactive to proactive PEO C4I and PMW 130 welcome collaboration across government, commercial, academia and other stakeholders Cyber is a burgeoning domain. It includes Information Assurance, Network Operations, and Computer Network Operations. It is fast moving and it is ubiquitous. We have much to do… PEOC4I.NAVY.MIL

24 We get it. We also integrate it, install it and
support it. For today and tomorrow. This concludes my presentation Are there any questions?

25 PEO C4I Mission Provide integrated communication and information technology systems that enable Information Dominance and the command and control of maritime forces

26 Max Transfer (bits/sec)
Information Dominance Challenge Exponential Data Growth Outpaces Infrastructure 1018 1012 1024 1015 1021 Max of 50 Mbps per channel Future Sensor Z Theater Data Stream (2006): ~270 TB of NTM data / year Sensor Data Volume Current single mode fiber carries 960 Gpbs Future Sensor Y Future Sensor X Time to transfer one terabyte of data = 8,796,093,022,208 or 8.8E+12 bits Max Transfer (bits/sec) Seconds Minutes Hours Days 50 megabit bps WGS Channel 40,000,000 219,902 3,665 61 3 155 megabit bps service 62,000,000 141,872 2,365 39 2 10 gigabit bps service 4,000,000,000 2,199 37 1 Large Data JCTD 8,500,000,000 1,035 17 40 gigabit bps service 16,000,000,000 550 9 100 gigabit bps service 40,000,000,000 220 4 Capability Gap GLOBAL HAWK DATA PREDATOR UAV VIDEO FIRESCOUT VTUAV DATA UUVs GIG Data Capacity (Services, Transport & Storage) & Beyond 26


Download ppt "Navy Information Assurance and Cyber Security"

Similar presentations


Ads by Google