Slide1 l.jpg
This presentation is the property of its rightful owner.
Sponsored Links
1 / 55

Security Measures IW-130 PowerPoint PPT Presentation


  • 213 Views
  • Uploaded on
  • Presentation posted in: General

College of Aerospace Doctrine, Research, and Education. Security Measures IW-130. AF Information Operations. INFORMATION SUPERIORITY. INFORMATION OPERATIONS. INFORMATION IN WARFARE. INFORMATION WARFARE. defend. attack. gain. exploit. COUNTERINFORMATION. OFFENSIVE COUNTERINFORMATION.

Download Presentation

Security Measures IW-130

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Slide1 l.jpg

College of Aerospace Doctrine, Research, and Education

Security Measures

IW-130


Af information operations l.jpg

AF Information Operations

INFORMATION SUPERIORITY

INFORMATION OPERATIONS

INFORMATION IN WARFARE

INFORMATION WARFARE

defend

attack

gain

exploit

COUNTERINFORMATION

OFFENSIVE

COUNTERINFORMATION

PRECISION

NAV

WEATHER

I S R

DEFENSIVE

COUNTERINFORMATION

PSYOP

Information

Assurance

Counter-

Intelligence

Electronic

Warfare

OTHER INFO COLLECTION/

DISSEMINATION ACTIVITIES

(Transmission, Storage,

Public Affairs)

PSYOP

Counter-

PSYOP

Physical

Attack

OPSEC

Deception

Electronic

Protection

Counter-

Deception

Information

Attack


Opsec l.jpg

OPSEC

“ … a process of identifying critical information and subsequently analyzing friendly actions attendant to military operations and other activities to:

  • Identify actions that can be observed systems

  • Determine indicators that could be interpreted or pieced together to derive critical information

  • Select and execute measures that eliminate or reduce to an acceptable level the vulnerabilities

    Joint Pub 3-54


Unique characteristic l.jpg

1

2

3

4

5

Unique Characteristic

OPSEC is a PROCESS

OPSEC is NOT

a set of Rules


Slide5 l.jpg

Most information is classified

Usually unclassified

Addresses the general threat

Addresses specific adversaries

Risk applies to all situations

Risk decisions are event specific

Directed by security regulations

Directed by operational CC

Countermeasures established

Countermeasures often unique

Concealment only

Eliminates, conceals,

disguises, or deceives

The Differences

Traditional Security

OPSEC


Five step opsec process l.jpg

1

2

3

4

5

Five Step OPSEC Process

Identify Critical Information

Determine Threat

Analyze Vulnerabilities

Assess Risk

Apply appropriate OPSEC Measures


Identify critical info l.jpg

Identify Critical Info

1

2

3

4

5

  • Identify the questions the adversary will ask

    • Where do I get the information?

    • Who has the information?

    • When do I need the information?

    • How do they transfer the information?

    • How is the information protected?

    • Is it worth the risk of getting caught?


Critical info examples l.jpg

Critical Info Examples

  • Impact of industrial base on military mission

  • Logistic capabilities and constraints

  • Alert posture

  • Staging locations

  • Limitations on equipment

  • Noncombatant Evacuation Operation Routes

  • Military support to Law Enforcement Agency


Determine threat l.jpg

Determine Threat

1

2

3

4

5

  • Who is the adversary?

  • What are the adversary’s goals?

  • What is the adversary’s opposition strategy?

  • What critical information is already known?

  • What are the adversary’s collection capabilities?


Analyze vulnerabilities l.jpg

Analyze Vulnerabilities

1

2

3

4

5

Indicators & Actions

Collection

Vulnerability

+

=


Indicators l.jpg

Indicators

Signature: Uncommon or unique features

Associations: Specific support equipment

Profiles: Unit missions (Homepage)

Contrasts: Not standard

Exposure: Observation Time


Indicators and actions l.jpg

Indicators and Actions

  • Pizza Delivery

  • DV Suites

  • Intramural Sports

  • E-Mail Reply / Router

  • Government Credit Card

  • STU-III Usage

  • Family Support Homepages


Collection overt and clandestine l.jpg

CollectionOvert and Clandestine

Open Source Intelligence (OSINT)

Human Intelligence (HUMINT)

Imagery Intelligence (IMINT)

Signals Intelligence (SIGINT)

Communications Intelligence

Electronics Intelligence

Foreign Instrumentation Signals (FISINT)

Technical Intelligence (TECHINT)


Slide14 l.jpg

Signature: Uncommon or unique features

Associations: Specific support equipment

Profiles: Unit missions

Contrasts: Not standard

Exposure: Observation Time

Indicators

& Actions

+ Collection

Open Source Intelligence (OSINT)

Human Intelligence (HUMINT)

Imagery Intelligence (IMINT)

Signals Intelligence (SIGINT)

Technical Intelligence (TECHINT)

VULNERABILITY


Assess risk l.jpg

Assess Risk

1

2

3

4

5

Cost

vs

Potential Harmful Effects


The cost can be high l.jpg

The Cost Can Be High


Apply opsec measures l.jpg

Psychological

Operations

Counter-

PSYOP

Military

Deception

Electronic

Warfare

Counter-

Intelligence

Counter

Deception

Information

Attack

Physical

Attack

Apply OPSEC Measures

1

2

3

4

5

  • Prevent the adversary from detecting an indicator

  • Provide an alternative analysis of an indicator

  • Attack or deny the adversary’s collection system

  • Use the other Pillars of IW


Slide18 l.jpg

“Full Victory - Nothing Else”

Gen. Dwight D. Eisenhower


Five step opsec process20 l.jpg

1

2

3

4

5

Five Step OPSEC Process

Identify Critical Information

Determine Threat

Analyze Vulnerabilities

Assess Risk

Apply appropriate OPSEC Measures


Information operations condition infocon l.jpg

Information Operations Condition (INFOCON)

… presents a structured, coordinated approach to defend against and react to adversarial attack on DoD computer and telecommunication networks and systems

… based on the status of information systems, military operations, and intelligence assessments of adversary capabilities and intent

… established by the Secretary of Defense; administered through the Commander JTF-CND


Slide22 l.jpg

CRITERIA

RECOMMENDED ACTIONS

INFOCON Level: NORMALNormal Activity

No significant activity.

- Ensure all mission critical info and info systems (including applications and databases) and their operational importance are identified.

- Ensure all points of access and their operational necessity are identified.

- On a continuing basis, conduct normal security practices.

For example:

-- Conduct education and training for

users, admin, & management

-- Ensure effective password mgmt

program is in place

-- Conduct periodic internal security

review and external vulnerability

assessments.

-- Conduct normal auditing, review, and

file back-up procedures.

-- Confirm the existence of newly

identified vulnerabilities and install

patches.


Slide23 l.jpg

CRITERIA

RECOMMENDED ACTIONS

INFOCON Level: ALPHAIncreased Risk of Attack

- Indications & Warning (I&W) indicate

general threat.

- Regional events occurring which affect US interests and involve potential adversaries with suspected or known CNA capability.

- Military ops, contingency, or exercise

planned or ongoing requiring increased

security of information systems.

- Information system probes, scans or

other activities detected.

- Accomplish all actions required at INFOCON NORMAL

- Execute appropriate security practices.

For example:

-- Increase level of auditing, review, and file

back-up procedures.

-- Conduct internal security review on

critical systems.

-- Heighten awareness of all info systems

users.

-- Execute appropriate defensive tactics.


Slide24 l.jpg

CRITERIA

RECOMMENDED ACTIONS

INFOCON Level: BRAVOSpecific Risk of Attack

- Indications & Warning (I&W) indicate

targeting of specific system, location,

unit, or operation.

- Major military ops, contingency, or exercise planned or ongoing requiring increased security of information systems.

- Significant level of network probes, scans

or other activities detected.

- Network penetration or denial of service

attempted with no impact to DoD operations.

- Accomplish all actions required at INFOCON ALPHA.

- Execute appropriate security practices.

For example:

-- Increase level of auditing, review, and file

back-up procedures.

-- Conduct immediate internal security

review on critical systems.

-- Heighten awareness of all info systems

users.

-- Execute appropriate defensive tactics.


Slide25 l.jpg

CRITERIA

RECOMMENDED ACTIONS

INFOCON Level: CHARLIELimited Attack(s)

- Intelligence attack assessment(s)

indicate a limited attack.

- Information system attack(s) detected

with limited impact to DoD operations:

-- Minimal success, successfully

counteracted.

-- Little or no data or systems

compromised.

-- Unit able to accomplish mission.

- Accomplish all actions required at INFOCON BRAVO.

- Execute appropriate response actions.

For example:

-- Maximum level of auditing, review, and file back-up procedures.

-- Limit traffic to mission essential communication only.

-- Reroute mission-critical communication through unaffected systems.

-- Disconnect non-mission-critical networks.

-- Execute appropriate defensive tactics.


Slide26 l.jpg

CRITERIA

RECOMMENDED ACTIONS

INFOCON Level: DELTAGeneral Attack(s)

- Intelligence attack assessment(s)

indicate a limited attack.

- Successful information system attack(s) detected which impact to DoD operations:

-- Widespread incidents that undermine

ability to function effectively.

-- Significant risk of mission failure.

- Accomplish all actions required at INFOCON CHARLIE.

- Execute appropriate response actions.

For example:

-- Designate alternate information systems

-- Implement procedures for conducting

operations in "stand-alone" mode or

manually.

-- Isolate compromised systems from rest

of network.

-- Execute appropriate defensive tactics.


Infocon impact l.jpg

INFOCON Impact

Gain

Loss

Full Connectivity

No bandwidth restrictions

Normal OPTEMPO

  • Normal defensive posture; no

    additional measures taken

Normal

  • 10% improved protection

  • Increased likelihood intruders

    will be defeated or caught

  • If sufficient, no need for higher

    INFOCON

0% reduction in OPTEMPO

0% reduced connectivity

Affected networks may be isolated

0% delay in information access

Alpha

  • 35% improved protection

  • Increased likelihood intruders

    will be defeated or caught

  • If sufficient, no need for higher

    INFOCON

25% reduction in OPTEMPO

20% reduction in connectivity

Affected networks may be isolated

20% delay in information access

Bravo

  • 75% improved protection

  • Increased likelihood intruders

    will be defeated or caught

  • If sufficient, no need for higher

    INFOCON

50% reduction in OPTEMPO

40% reduction in connectivity

Affected networks may be isolated

40% delay in information access

Charlie

  • 90% improved protection

  • Increased likelihood intruders

    will be defeated or caught

  • If sufficient, no need for higher

    INFOCON

70% reduction in OPTEMPO

60% reduction in connectivity

Affected networks may be isolated

60% delay in information access

Delta


Af information operations28 l.jpg

AF Information Operations

INFORMATION SUPERIORITY

INFORMATION OPERATIONS

INFORMATION IN WARFARE

INFORMATION WARFARE

defend

attack

gain

exploit

COUNTERINFORMATION

OFFENSIVE

COUNTERINFORMATION

PRECISION

NAV

WEATHER

I S R

DEFENSIVE

COUNTERINFORMATION

PSYOP

Information

Assurance

Counter-

Intelligence

Electronic

Warfare

OTHER INFO COLLECTION/

DISSEMINATION ACTIVITIES

(Transmission, Storage,

Public Affairs)

PSYOP

Counter-

PSYOP

Physical

Attack

OPSEC

Deception

Electronic

Protection

Counter-

Deception

Information

Attack


Slide29 l.jpg

COMSEC

COMPUSEC

EMSEC

SATE

Information Security

Information Protection

Information Assurance


Information assurance l.jpg

AFDD 2-5

Information Assurance

… those measures to protect and defend information and information systems by ensuring their availability, integrity, authenticity, confidentiality, and non-repudiation.

Availability - resources are available when needed

Integrity - resources operate correctly

Authenticity - ensures info is trustworthy (fact or actuality)

Confidentiality - only those with proper clearance and need-to-know have access to sensitive information

Non-repudiation - ability to confirm source of transmission and data


Communications security comsec l.jpg

AFDD 2-5

Communications Security (COMSEC)

… measures and controls taken to deny unauthorized persons information derived from telecommunications and to ensure the authenticity of such communications.


Comsec l.jpg

COMSEC

Physical Security of COMSEC

Crypto-Security

Transmission Security


Disa study l.jpg

DISA Study

?

95% of DoD communications is unprotected


Some comsec tools l.jpg

Some COMSEC Tools

  • KG-XX, Encryption Devices

  • Secure Telephone Unit, 3rd Generation (STU-3)

    • Electronic Key

      Management System (EKMS)


Future comsec tools l.jpg

Future COMSEC Tools

FORTEZZA Card

Secure Terminal Equipment (STE)

High Speed (128 Kbps) Secure Data

KY-68/STU-III Replacement

Advanced Crypto

Electronic Key Management System

Workstation


Emissions security emsec l.jpg

Emissions Security (EMSEC)

“Protection resulting from all measures taken to deny unauthorized persons information of value that might be derived from intercept and analysis of compromising emanations from crypto-equipment, information systems, and telecommunications systems.”


Compromising emissions l.jpg

COMPROMISING EMISSIONS

… are unintentional intelligence-bearing signals which, if intercepted and analyzed, disclose the information transmitted, received, handled, or otherwise processed by any information processing equipment


Emsec detection collection l.jpg

Warning!

What you see

here can be

seen elsewhere!

EMSEC Detection & Collection

Warning!

What you see

here can be

seen elsewhere!


Emsec prevention l.jpg

EMSEC Prevention

The Commission recommends that domestic TEMPEST countermeasures

not be employed except in response to specific threat data and then only

in cases authorized by the most senior department or agency head.


Computer security compusec l.jpg

AFDD 2-5

Computer Security (COMPUSEC)

… measures and controls that ensure the confidentiality, integrity, or availability of information processed and stored by a computer.


Why all the hype l.jpg

Why all the hype?

“DoD Escalates War Against Poor Computer Security.”

“Insiders account for more security compromises than hackers.”

“Weak passwords allow easy access for unauthorized personnel.”

“The disgruntled employee is our primary concern, not competition.”


Slide42 l.jpg

AFCERT

ASSIST

COMPUSEC Roles and Responsibilities

HQ AFCIC/SYNI

AFCA

AFIWC

AFMC

Acquisition

Security

MAJCOM IP Office

Wing IP Office

DAA

Base Organizations

Computer Systems Manager (CSM)

Computer System Security Officer (CSSO)

Users

Functional OPR


Ultimate responsibility l.jpg

Ultimate Responsibility

YOU


Compusec l.jpg

VULNERABILITES

THREATS

RISK

MANAGEMENT

RISKS

COUNTERMEASURES

COMPUSEC


Compusec45 l.jpg

THREATS

COMPUSEC

Natural

Environmental

Human


Natural threats l.jpg

Natural Threats

  • Earthquake

  • Flood

  • Hurricane

  • Snow/Ice

  • Tornado

  • Lightning

  • Severe Storm


Environmental threats l.jpg

Environmental Threats

  • Power Disruption

  • Utility Failure

  • Smoke

  • Water

  • Fire

  • Hardware Failure

  • Software Failure

  • Personnel Injury

  • Explosion


Environmental threats48 l.jpg

Environmental Threats

“Even a foolproof access control system is useless if a toilet overflows one floor above your equipment room.”

Information Security Magazine


Human threats intentional l.jpg

Human ThreatsIntentional

Bomb Threat

Compromise

Disclosure

Sabotage

Misuse

  • Theft

  • Fraud

  • Viruses

  • Alteration

  • Destruction

  • Unauthorized Access


Human threats unintentional l.jpg

Ug,

Fix machine!

Human ThreatsUnintentional

  • Deficiency in Policy or Procedure

  • General Errors

  • Data Loss

  • Hardware Failure

  • Software Failure

  • Comm Failure

  • Compromise

    • Disclosure


Compusec51 l.jpg

Physical

Environmental

Personnel

Hardware

VULNERABILITES

THREATS

COMPUSEC

  • Software

  • Media

  • Network

  • Procedural


Compusec52 l.jpg

VULNERABILITES

THREATS

RISKS

COMPUSEC

  • Destruction

  • Denial of Service

  • Modification

  • Disclosure

  • Fraud Waste &Abuse


Compusec53 l.jpg

VULNERABILITES

THREATS

RISKS

COUNTERMEASURES

COMPUSEC

Security Awareness,

Training and Education


Stay current l.jpg

Stay Current

Who is your CSSO?

AFCA: http://public.afca.scott.af.mil

AFCERT: http://afcert.kelly.af.mil

DOD-CERT: http://www.assist.mil

AF Publications on Communication & Information (33 Series): http://afpubs.hq.af.mil


Slide55 l.jpg

YOU

OPSEC

EMSEC

COMPUSEC

COMSEC

AFDD 2-5

“The top information warfare priority is to defend our own increasingly information intensive capabilities.”

Identify and eliminate your weak link!


  • Login