docLa Governance della Sicurezza delle Informazioni in
download 
Report Transcription
La Governance della Sicurezza delle Informazioni in
La Governance della Sicurezza delle Informazioni in Italia: stato dell’arte e nuove prospettive Genova 18 Febbraio 2011 Rev. 0_18 Posizionamento strategico dell’ offerta Selex SI Offerta allo Stato dell’Arte: dai singoli Prodotti ai Sistemi Integrati SISTEMI INTEGRATI © 2011 SELEX Sistemi Integrati - commercial in confidence PROTEZIONE DEL TERRITORIO SISTEMI DI DIFESA PROTEZIONE DEL TERRITORIO E DEI CONFINI, PROTEZIONE DELLE INFRASTRUTTURE CRITICHE, GESTIONE DELLE CRISI E GRANDI EVENTI SISTEMI C4ISTAR, INFRASTRUTTURE NCW, SISTEMI DI DIFESA AEREA, SISTEMI C4ISTAR PER IL CAMPO DI BATTAGLIA SISTEMI DI BORDO, DI SORVEGLIANZA E SICUREZZA SISTEMI DI MISSIONE AEREA SISTEMI ATC/ATM E AEROPORTI SENSORI AVIONICA (EW, RADAR, EO), RADAR NAVALI E SISTEMI DI DIREZIONE DI TIRO, RADAR TERRESTRI SELEX SISTEMI © 2011 SELEX Sistemi Integrati. All rights reserved FINMECCANICA VTMS & CONTROLLO MARITTIMO IT AVANZATA PER LA SICUREZZA, LOGISTICA, AUTOMAZIONE COMANDO E CONTROLLO COMUNICAZIONI INTEGRAZIONE SISTEMI DI COMBATTIMENTO NAVALE, SISTEMI COMANDO E CONTROLLO TERRESTRI NAVALI E TERRESTRI, AVIONICA CNI, PROFESSIONAL TETRA, WiMAX ATC & ATP TERRA NAVALE C4I SICUREZZA LOGISTICA MAPPA 2 © 2011 SELEX Sistemi Integrati - commercial in confidence L’offerta dei Sistemi di Sicurezza SISTEMI DI CONTROLLO DEL TERRITORIO SISTEMI DI CONTROLLO DEI CONFINI MARITTIMI E DEL TRAFFICO NAVALE SISTEMI PER LA GESTIONE DELLE CRISI E LA PROTEZIONE CIVILE SISTEMI DI PROTEZIONE DEI CONFINI TERRESTRI SISTEMI DI PROTEZIONE PORTUALE SISTEMI DI CONTROLLO DELLE INFRASTRUTTURE CRITICHE SELEX SISTEMI © 2011 SELEX Sistemi Integrati. All rights reserved FINMECCANICA ATC & ATP TERRA NAVALE C4I SICUREZZA LOGISTICA MAPPA 3 Cyber: Threats Propaganda Web Vandalism Robbery of digital identity Critical Infrastructure attacks Equipment Distruction Robbery of sensible and reserved files Examples: Spoofing; Trojan; Virus; DoS (Denial of Service); DDoS (Distributed Denial of Service); Buffer overflow; Shellcode; Cracking; Backdoor; Port scanning; Sniffing; Keylogging; Spyware © 2011 SELEX Sistemi Integrati. All rights reserved 4 Cyber: Vulnerabilities Eavesdropping The act of secretly listening to the private conversation of others without their consent Bad Social engineering Malicious individuals have regularly penetrated well-designed, secure computer systems by taking advantage of the carelessness of trusted individuals, or by deliberately deceiving them. Exploit Backdoor Method of bypassing normal authentication, securing remote access to a computer, obtaining access to plaintext, and so on, while attempting to remain undetected. Rootkit A rootkit is software that enables continued privileged access to a computer, while actively hiding its presence from administrators by subverting standard operating system functionality or other applications. © 2011 SELEX Sistemi Integrati. All rights reserved Piece of software, a chunk of data, or sequence of commands that take advantage of a bug, glitch or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software and hardware. Keylogging The action of tracking/logging the keys struck on a keyboard, typically in a covert manner so that the person using the keyboard is unaware that their actions are being monitored 5 CyberDefence: Architectural Context • • • • • • • • • Symmetric and A-Symmentric Threats Active, Passive, Conventional and non – Conventional Defence High level complexity in Organizational Structure Evolution in Employment Concept Expeditionary Missions and in nations and out of the area Interoperability Requirements Multi level Security Needs Multinational and multiforces missions (combined, joint) with different lead (NATO, EU, Nations, ONU) CIMIC Integration : Civil and Military Infrastructure Protection • NCW, NCO, NEC Trasformation • Open Source and open standards adoption • Speed change in technology evolution © 2011 SELEX Sistemi Integrati. All rights reserved 6 Cyber Industrial Enablers Organization • Establish Governance for Cyber Defence Issues • Share and Synchronize Culture • Develop and Synchronize a different Business Models Methodology • Strengthen Life Cycle Management & Develop a Collaborative Working Environment • Manage and Synchronize Frameworks • Re-use of existing Cyber efforts and investments • Program Management & Risk/ Cost Control/Reduction • Methodologies of Continuous Training forCyber Technical © 2011 SELEX Sistemi Integrati. All rights reserved • Develop a Cyber Assessment Environment • Develop Interoperability Framework • Setup a Federated and Secured Communications Infrastructure through specific SO and HW • Setup an Information & Core Services Infrastructure • Setup an Information Assurance (IA) Infrastructure and Security Services • Anticipate Man-in-the-Loop and Improve Human Factors • Setup a System Management 7 System of System Engineering Approach: From AF to SysML SYSTEM OF SYSTEM DOMAIN System Requirement Specification Specialised Studies Traceability Functional Analysis & Design SYSTEM DOMAIN Requirement Analysis Battelab Interface Requirement Specification ISFM HMI Functional Analysis & Design ISFM Performance Analysis HMI Requirement Specification SW Requir Specification Integration & Test Activity SW Code Implemention SW Unit Test SW Integration ISFM © 2011 SELEX Sistemi Integrati. All rights reserved Int. Lab Field Int. HMI Interface Requirement Specification SW/HW Test Validation SOFTWARE DOMAIN 8 Network Operation Center (IT+UK) © 2011 SELEX Sistemi Integrati. All rights reserved 9 Italian+UK Security Operation Centre Security Audit Intrusion detection The appliance implements Vulnerability Assessment functions aimed to control the presence of vulnerabilities in the different OS versions and configurations, and network system applications. operates Security Alerts, generates events and forwards them to the main collector . Bandwith management Manage the network bandwidth partitioning according to different criteria Traffic Monitoring Has the aim to analyse both network traffic (up to application level) and Netflow information Log Server Has the aim to gather and store SNMPTrap and syslog messages from different host and applications, and to extract and visualise them according to different criteria. © 2011 SELEX Sistemi Integrati. All rights reserved 10 The Finmeccanica Business Model • FNM provided a contribution to COPASIR Report ( Italian Government Report) • Internal Organization – IPT : FNM Cyber team lead by Selex SI (Selex Sistemi Integrati, Selex Communications, Elsag Datamat, Digint, Vega, Selex Sistem Integration) • Strategic issue: – SELEX Sistemi Integrati has been engaged by FNM corporate to partecipate to Cyber Defence Exercise (Cyber Shot 2010) © 2011 SELEX Sistemi Integrati. All rights reserved 11 CyberShield Solution (1/2) SELEX Sistemi Integrati has developed a prototype project on a security architecture that has been integrated into a product CyberShield_SoS, which offers an advanced modular and flexible solution to the market, based on the following building blocks Cyber Sensors Cyber C4 Every Sensor usable to detect the threats The infrastructure is needed to manage the 5° dimension (Cyber Sfera) Cyber Effectors Every single resource is needed to react to the threat © 2011 SELEX Sistemi Integrati. All rights reserved 12 CyberShield Solution (2/2) Cyber C4 Cyber Sensors “Learn” information Overlook the fifth dimension •Threats analysis and identification and prevention of threat and sources •Discovery of intrusion and network traffic flow analysis •Cyber intelligence on open sources •Monitoring upon event and network activities •Supervision of the correlation analysis of the information domains •Generation and Evalutation of the operative pictures (CYOP, Cyber Operational Picture) •Implementation of operative Pictures and Geografical network Maps •Advanced Management of information in the classified domains. Cyber Effectors To stop, to ban, to recover •Select and activate countermeasure •To Ban neutralize the threats •Verify effects of the response •Recover to normal activities © 2011 SELEX Sistemi Integrati. All rights reserved 13 CyberShield : Architecture and Domains Protect CYBER GOVERNANCE & RULES OF ENGAGEMENT CYBER SENSORS AND EFFECTORS Deter Recover Detect Respond CYBER C4 : CYOP © 2011 SELEX Sistemi Integrati. All rights reserved 14 Programmi di rilievo per la Cyber Defence • OSN – Osservatorio Sicurezza Nazionale (Selex SI/Finmeccanica – CASD) © 2011 SELEX Sistemi Integrati. All rights reserved 15
