INFORMATION WARFARE CONFERENCE 2011 A CYBER Italian

INFORMATION WARFARE CONFERENCE
2011
A CYBER Italian Industrial Strategy
SELEX SISTEMI INTEGRATI
Rome
OCT 27, 2011
Marco Donfrancesco
COMPANY CONFIDENTIAL
Cyber Defence (CD) Context
•
•
•
•
•
•
•
•
Evolving Threats; from denial –
disruption to possible destruction
In depth Defence – as multilayered mix
of physical, procedural and cognitive
measures to be effective – based an all
source early warning and analysis tools
High level complexity needs integrated
and centralized management structure
Evolution in Conops needed to start
major projects
CD is a military effort but demand for
Whole of Government (WoGA)
CD in static and deployed operations
Interoperability Requirements for
Multinational and multiforces missions
(combined, joint) with different lead
(NATO, EU, Nations, ONU)
CIMIC Integration : Civil and Military
Infrastructure Protection
© 2011 SELEX Sistemi Integrati. All rights reserved
•NNEC as well as evolved infosharing
mechanisms could highlight increased
vulnerabilities
•Map available technologies and national
capabilities as best practices to reduce
enterprise risk to shape field of interst and
leverage technology push
•Open Source and open standard adoption
•Speed change in technology evolution
•CD capabilities imply training , mentality ,
technology , trust, redundancy, dedicated
strategies and revised governance
2
Domains
• Cyber Defence Systems
• Existing and new System
Systems
of
Both Domains require a System
Design Approach
© 2011 SELEX Sistemi Integrati. All rights reserved
33
Cyber Defence: Architecture and Domains
•CYBER
GOVERNANCE
•ORGANIZATION
•RULES OF
ENGAGEMENT
•LEGAL
IMPLICATIONS
CYBER
SENSORS AND
EFFECTORS
CYBER C4 : CYOP
© 2011 SELEX Sistemi Integrati. All rights reserved
4
System Context
End user
System of Systems
Architecture
Cyber Command
Advanced Cyber security functions
NC SOC
Classified SOC
Basic Cyber security functions
NC NOC
© 2011 SELEX Sistemi Integrati. All rights reserved
Classified NOC
55
Network Operation Center
© 2011 SELEX Sistemi Integrati. All rights reserved
6
Security Operation Centre
Security Audit
Intrusion detection
The appliance implements
Vulnerability Assessment
functions aimed to control the
presence of vulnerabilities in the
different OS versions and
configurations, and network
system applications.
operates Security Alerts,
generates events and forwards
them to the main collector .
Bandwith management
Manage the network bandwidth
partitioning according to
different criteria
Traffic Monitoring
Has the aim to analyse both
network traffic (up to application
level) and Netflow information
Log Server
Has the aim to gather and store
SNMPTrap and syslog messages from
different host and applications, and to
extract and visualise them according to
different criteria.
© 2011 SELEX Sistemi Integrati. All rights reserved
7
Data Capture and Reporting
C&C Siaccon –Nato x Afghanistan
NATO UNCLASSIFIED
9
Cyber Shot / Cyber Coalition 2010
© 2007 SELEX Sistemi Integrati. All rights reserved
10
Cyber Defence Functional Buidling Blocks(1/2)
Cyber Sensors
Cyber C4
Every Sensor usable to
detect the threats
The infrastructure is needed to
manage the 5° dimension (Cyber
Sfera)
Cyber Effectors
Every single resource is needed
to react to the threat
© 2011 SELEX Sistemi Integrati. All rights reserved
11
Cyber Defence Functional Buidling Blocks (2/2)
Cyber C4
Cyber Sensors
“Learn” information
Overlook the fifth dimension
•Threats analysis and identification and
prevention of threat and sources
•Discovery of intrusion and network
traffic flow analysis
•Cyber intelligence on open sources
•Monitoring upon event and network
activities
•Supervision of the correlation analysis of the
information domains
•Generation and Evalutation of the operative pictures
(CYOP, Cyber Operational Picture)
•Implementation of operative Pictures and Geografical
network Maps
•Advanced Management of information in the classified
domains.
Cyber Effectors
To stop, to ban, to recover
•Select and activate countermeasure
•To Ban neutralize the threats
•Verify effects of the response
•Recover to normal activities
© 2011 SELEX Sistemi Integrati. All rights reserved
12
Software Architecture Building Blocks
Strategic
Network
Console
NCO
World
Tactical
Network
Console
CYBERSHIELD: a C2 Vision of Cyber Defense Infrastructure
Strategical
Coordination
Intelligence
Audit Correlation:
- Early Warning
Security Bullettin
Generation and
Update
PIC Network
LINK
Security Information
Event Management
Connettivity
Management
Anomaly Detection
Log Server
Intrusion Detection
Using
Traffic Monitoring
Network Sensors
User Awarness
and
Digital Forensic
Attuators
SOC
© 2011 SELEX Sistemi Integrati. All rights reserved
Tactical Situation
Cyber Operative Picture
(CYOP)
Geographical View
Internal
Sensor
Framework
External
Sensor
Framework
Network
Event
Database
Host Situation Awareness
Supervisor and ROE
NOC
WORLD
13
Cyber Governance
Apical Cyber
Management
CERT
© 2011 SELEX Sistemi Integrati. All rights reserved
CERT
14
14
Conclusions and Recommendations
• Finmeccanica/ Selex SI is a suitable
partner
– To support Cyber Defence operational
analysis and requirement definitions
– To pursue a comprehensive viable NATO
cyber roadmap
– To deploy effective and sustainable cyber
defence solutions
– To provide interoperability and integration
among all NATO members
….encompassing
 an high degree of flexibility
 legacy integration solutions
© 2011 SELEX Sistemi Integrati. All rights reserved
15