INFORMATION WARFARE CONFERENCE 2011 A CYBER Italian
Transcription
INFORMATION WARFARE CONFERENCE 2011 A CYBER Italian
INFORMATION WARFARE CONFERENCE 2011 A CYBER Italian Industrial Strategy SELEX SISTEMI INTEGRATI Rome OCT 27, 2011 Marco Donfrancesco COMPANY CONFIDENTIAL Cyber Defence (CD) Context • • • • • • • • Evolving Threats; from denial – disruption to possible destruction In depth Defence – as multilayered mix of physical, procedural and cognitive measures to be effective – based an all source early warning and analysis tools High level complexity needs integrated and centralized management structure Evolution in Conops needed to start major projects CD is a military effort but demand for Whole of Government (WoGA) CD in static and deployed operations Interoperability Requirements for Multinational and multiforces missions (combined, joint) with different lead (NATO, EU, Nations, ONU) CIMIC Integration : Civil and Military Infrastructure Protection © 2011 SELEX Sistemi Integrati. All rights reserved •NNEC as well as evolved infosharing mechanisms could highlight increased vulnerabilities •Map available technologies and national capabilities as best practices to reduce enterprise risk to shape field of interst and leverage technology push •Open Source and open standard adoption •Speed change in technology evolution •CD capabilities imply training , mentality , technology , trust, redundancy, dedicated strategies and revised governance 2 Domains • Cyber Defence Systems • Existing and new System Systems of Both Domains require a System Design Approach © 2011 SELEX Sistemi Integrati. All rights reserved 33 Cyber Defence: Architecture and Domains •CYBER GOVERNANCE •ORGANIZATION •RULES OF ENGAGEMENT •LEGAL IMPLICATIONS CYBER SENSORS AND EFFECTORS CYBER C4 : CYOP © 2011 SELEX Sistemi Integrati. All rights reserved 4 System Context End user System of Systems Architecture Cyber Command Advanced Cyber security functions NC SOC Classified SOC Basic Cyber security functions NC NOC © 2011 SELEX Sistemi Integrati. All rights reserved Classified NOC 55 Network Operation Center © 2011 SELEX Sistemi Integrati. All rights reserved 6 Security Operation Centre Security Audit Intrusion detection The appliance implements Vulnerability Assessment functions aimed to control the presence of vulnerabilities in the different OS versions and configurations, and network system applications. operates Security Alerts, generates events and forwards them to the main collector . Bandwith management Manage the network bandwidth partitioning according to different criteria Traffic Monitoring Has the aim to analyse both network traffic (up to application level) and Netflow information Log Server Has the aim to gather and store SNMPTrap and syslog messages from different host and applications, and to extract and visualise them according to different criteria. © 2011 SELEX Sistemi Integrati. All rights reserved 7 Data Capture and Reporting C&C Siaccon –Nato x Afghanistan NATO UNCLASSIFIED 9 Cyber Shot / Cyber Coalition 2010 © 2007 SELEX Sistemi Integrati. All rights reserved 10 Cyber Defence Functional Buidling Blocks(1/2) Cyber Sensors Cyber C4 Every Sensor usable to detect the threats The infrastructure is needed to manage the 5° dimension (Cyber Sfera) Cyber Effectors Every single resource is needed to react to the threat © 2011 SELEX Sistemi Integrati. All rights reserved 11 Cyber Defence Functional Buidling Blocks (2/2) Cyber C4 Cyber Sensors “Learn” information Overlook the fifth dimension •Threats analysis and identification and prevention of threat and sources •Discovery of intrusion and network traffic flow analysis •Cyber intelligence on open sources •Monitoring upon event and network activities •Supervision of the correlation analysis of the information domains •Generation and Evalutation of the operative pictures (CYOP, Cyber Operational Picture) •Implementation of operative Pictures and Geografical network Maps •Advanced Management of information in the classified domains. Cyber Effectors To stop, to ban, to recover •Select and activate countermeasure •To Ban neutralize the threats •Verify effects of the response •Recover to normal activities © 2011 SELEX Sistemi Integrati. All rights reserved 12 Software Architecture Building Blocks Strategic Network Console NCO World Tactical Network Console CYBERSHIELD: a C2 Vision of Cyber Defense Infrastructure Strategical Coordination Intelligence Audit Correlation: - Early Warning Security Bullettin Generation and Update PIC Network LINK Security Information Event Management Connettivity Management Anomaly Detection Log Server Intrusion Detection Using Traffic Monitoring Network Sensors User Awarness and Digital Forensic Attuators SOC © 2011 SELEX Sistemi Integrati. All rights reserved Tactical Situation Cyber Operative Picture (CYOP) Geographical View Internal Sensor Framework External Sensor Framework Network Event Database Host Situation Awareness Supervisor and ROE NOC WORLD 13 Cyber Governance Apical Cyber Management CERT © 2011 SELEX Sistemi Integrati. All rights reserved CERT 14 14 Conclusions and Recommendations • Finmeccanica/ Selex SI is a suitable partner – To support Cyber Defence operational analysis and requirement definitions – To pursue a comprehensive viable NATO cyber roadmap – To deploy effective and sustainable cyber defence solutions – To provide interoperability and integration among all NATO members ….encompassing an high degree of flexibility legacy integration solutions © 2011 SELEX Sistemi Integrati. All rights reserved 15