1 / 27

Protect Your Enterprise with Secure and Resilient Information Flow Aviation Week

Protect Your Enterprise with Secure and Resilient Information Flow Aviation Week Aerospace and Defense Cybersecurity Forum 31 March 2010. Robert F. Brammer, Ph.D . VP Advanced Technology and CTO Northrop Grumman Information Systems. Key Points for This Presentation.

sasha
Download Presentation

Protect Your Enterprise with Secure and Resilient Information Flow Aviation Week

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Protect Your Enterprise with Secure and Resilient Information Flow Aviation Week Aerospace and Defense Cybersecurity Forum 31 March 2010 Robert F. Brammer, Ph.D.VP Advanced Technology and CTONorthrop Grumman Information Systems

  2. Key Points for This Presentation • Enterprise information systems and services are increasing in size, distribution, functionality, and value • Includes both IT networks and infrastructure networks • Rapid develop of new architectures, standards, and products • Increasing business significance but also larger and more valuable targets • Threats are increasing rapidly in sophistication, breadth, and speed • “The Advanced Persistent Threat” is a primary example • Protection of the enterprise requires a multidimensional strategy • Northrop Grumman addresses challenges with significant investments • Layered architecture, facilities, advanced research, education and training, professional activity leadership, … • A strategy, operations and research plans, and significant investments are needed • Passwords and patching are not adequate • Cyber threats and defenses will be continually evolving • Long-term issue

  3. The Growth of enterprise information systems and services

  4. Global Information Transformation • Nearly 2B Internet users globally – Internet World Stats • US e-commerce grew 11% in 2009 to $155B, another 11% growth expected in 2010 – Forrester Research • Americans consumed 3.6 zettabytes of information in 2008 -- UCSD

  5. Cisco Network Traffic Forecasts Global IP traffic will increase by a factor of three from 2010 to 2013, approaching 56 exabytes per month in 2013, compared to approximately 9 exabytes per month in 2008. By 2013, annual global IP traffic will reach two-thirds of a zettabyte (673 exabytes). By 2013, the various forms of video (TV, VoD, Internet Video, and P2P) will exceed 90 percent of global consumer traffic. By 2013, global online video will be 60 percent of consumer Internet traffic (up from 35 percent in 2010). Mobile data traffic will roughly double each year from 2010 through 2013. Cisco Visual Networking Index

  6. New Information System Architectures Green IT Optical Networks Mobile Computing

  7. Transportation Chemical Production Water Treatment Oil Refineries Electric Power Generation and Grid Control Critical Infrastructure Enterprises • Infrastructure networks interface directly to 3D world • Nodes – generators, terminals, ports, storage, … • Links – pipelines, transmission lines, tunnels, … • Traffic – objects, material, … • Cyberspace networks are used for control and reporting • Convergence of networks, technologies, and interfaces • Significant performance and cost benefits • SmartGrid initiatives are a significant example • Significant security implications

  8. Network Convergence and Integration • “Network Convergence” has multiple industry implications • Data, voice, video in a single network • Cyber and infrastructure networks in a single network • Protocols – moving to IP-based protocols from local protocols • Network interfaces – connecting sensors and control rooms to the Internet and to corporate WANs • “An Internet of things” • Network integration occurs in corporate and government reorganizations, M&A, … • Many operational and security R&D issues arise from immature technology, processes, and management

  9. Threats to the enterprise

  10. Cybersecurity – “A Severe Threat” “The national security of the United States, our economic prosperity, and the daily functioning of our government are dependent on a dynamic public and private information infrastructure, which includes telecommunications, computer networks and systems, and the information residing within. “ “This critical infrastructure is severely threatened.” Dennis Blair US Intelligence Community Annual Threat Assessment February 2, 2010

  11. Cyberespionage and the Theft of Intellectual Property Broad New Hacking Attack Detected Global Offensive Snagged Corporate, Personal Data at nearly 2,500 Companies Wall Street Journal February 18, 2010 “Hackers in Europe and China successfully broke into computers at nearly 2,500 companies and government agencies over the last 18 months in a coordinated global attack that exposed vast amounts of personal and corporate secrets to theft, …” US oil industry hit by cyberattacks: Was China involved? Christian Science Monitor January 25, 2010 “At least three US oil companies were the target of a series of previously undisclosed cyberattacks that may have originated in China and that experts say highlight a new level of sophistication in the growing global war of Internet espionage.” “… the FBI alerted them that year and in early 2009. Federal officials told the companies proprietary information had been flowing out, including to computers overseas, …” “The oil and gas industry breaches, were focused on one of the crown jewels of the industry: valuable “bid data” detailing the quantity, value, and location of oil discoveries worldwide, “Industry estimates of losses from intellectual property to data theft in 2008 range as high as $1 trillion.” Whitehouse Cyberspace Policy Review May 2009

  12. The Growth of Internet Crime “Of the top five categories of offenses reported to law enforcement during 2009, non-delivered merchandise and/or payment ranked 19.9%; identity theft, 14.1%; credit card fraud, 10.4%; auction fraud, 10.3%; and computer fraud (destruction/damage/vandalism of property), 7.9%.”

  13. Banking and Finance Water People Coordinated Cyber Attacks Communications Government Transportation Electric Power Emergency Response Oil and Natural Gas Military Coordinated Cyber and Physical Attacks • Cyber pre-attack – Targeting, espionage, disinformation, … • Real-time cyber attack – suppression of comms and response • Cyber post-attack – target backup and recovery Physical Attack Before the Russian invasion into Georgia commenced, cyber attacks were already being launched against a large number of Georgian governmental websites, making it among the first cases in which an international political and military conflict was accompanied – or even preceded – by a coordinated cyber offensive. Cooperative Cyber Defence Center Of Excellence Tallinn, Estonia November 2008

  14. New Architectures Lead to New Security Questions and Challenges Twitter phishing hack hits BBC, PCC … and Guardian … and cabinet minister … and bank The Guardian February 26, 2010 Thousands of Twitter users have seen their accounts hijacked after a viral phishing attack which sends out messages saying "this you??“ • New architectures lead to many functionality, performance, and cost advantages • Resulting security issues are far too often underestimated Web 2.0 a Top Security Threat in 2010, Survey Finds eWeek February 22, 2010 Internet security provider Webroot reports IT managers in small to midsize businesses believe malware spread through social networks, Web 2.0 applications and other Web-based vectors will pose the most serious risk to information security in 2010. How to Plan for Smartphone Security in the Enterprise eWeek 2009-07-13 One of the major challenges CIOs face is the deployment and security of smartphones in the enterprise.

  15. Addressing the Threats • Many plans by government and industry are creating rapid growth in cybersecurity markets Power Up on Smart Grid Cyber Security Wall Street Journal February 25, 2010 “The M&A world is on fire right now when it comes to cyber-security issues relating to utility infrastructure,” Pike Research expects the global smart grid cyber security market to grow to $4.1 billion in 2013 at a compound annual growth rate of 35%.” “That squares against Morgan Stanley estimates…”

  16. Northrop Grumman Cybersecurity operations

  17. Northrop Grumman Cybersecurity Operations Center

  18. Security Includes Identity Management Multi-Layer Security Architecture Multi-Layered approach to security across our networks, systems, facilities, data, intellectual property, and other information assets Policies, architecture, processes, technology Access and configuration management

  19. Cybersecurity Awareness and Training Regular company-wide communications are strategic

  20. Northrop Grumman Cybersecurity Thought Leadership • Example – Paper on APT defense • Presented at the 13th Colloquium for Information Systems Security Education • University of Alaska, Fairbanks Seattle, WA June 1 - 3, 2009 • This paper describes some relevant Northrop Grumman security processes • Communicate APT risks • To increase awareness of situations that should alarm • To define the actions that employees should take to minimize these risks

  21. Defense Security Information Exchange (DSIE) National Security Information Exchange (NSIE) Alliance for Enterprise Security Risk Management US NATO delegate DoD – Defense Information Base (DIB) Internet Security Alliance (ISA) Board Customer Advisory Councils – Microsoft, Oracle, ISS (IBM), EMC US Computer Emergency Readiness Team (CERT) Portal Member Critical Warning Infrastructure Network (CWIN) member Smart Card Alliance Partnership for Critical Infrastructure Security Corporate Executive Board - Information Risk Executive Council (IREC) Research Board - Digital Security Board (DSB) TransGlobal Secure Collaboration (TSCP)/CertiPath FAA InfoSec Advisory Board Honeynet Project Forum of Incident Response and Security Teams (FIRST) – Chairing, Future of First Task Force Formal Agreements with Intel & Law Enforcement IT ISAC/NCC (Homeland Security) National Infrastructure Advisory Council (NIAC) National Security Telecommunications Advisory Council (NSTAC) Network Centric Operations Industry Consortium Northrop Grumman CybersecurityIndustry Leadership Robert F. Brammer Northrop Grumman

  22. Advanced Cybersecurity research

  23. Federal Cybersecurity Research • Growing recognition that the US has underinvested in cybersecurity • Requirements for cybersecurity research have been assessed many times by organizations like the National Academies, the National Science and Technology Council, the Federal Networking and Information Technology R&D Program, OSTP, DHS, and others • The 2010 Federal budget for cybersecurity research is $372M (DARPA, DOD services, NSA, NIST, NSF) – NITRD Presentation (March 2010)

  24. Northrop Grumman Cybersecurity Research Consortium Northrop links to academics to boost cyber defense Dec 1 2009 WASHINGTON (Reuters) - Northrop Grumman Corp unveiled Tuesday an industry-academic research group to tackle growing cyber threats to U.S. computer networks and to networked infrastructure. Northrop Joins With Academics For Cybersecurity WorkDecember 1, 2009 • “Northrop Grumman Corp is joining with several U.S. universities in a consortium to address near and long-term Internet security.” • “…to find ways to secure computer hardware, software and systems that support information sharing around the globe.”

  25. Labs for R&D in Cyber Assessment, Modeling, Simulation and Testing VASCIC Millersville, MD Range Operations Rapid Development Cyber Warfare Integration Network (CWIN) Superior Technology Assessment, Development & Transition, and Modeling & Simulation

  26. Concluding remarks

  27. Concluding Remarks 22 Banking Breaches So Far in 2010 Report: Hacking, Insider Theft Continue to be Top Trends BankInfoSecurity March 23, 2010 There have been 173 reported data breaches so far in 2010, and 22 of these involve financial services companies. • Protecting the enterprise is an increasingly difficult challenge • Many dimensions of enterprise growth • Dynamic threat environment • Protection requires multifaceted approach • Overall, cybersecurity problems will become worse before the status improves • Near-term progress is certainly possible • 90%+ of security problems arise from situations for which there are known solutions • Need for improved implementations • Cybersecurity is a long-term strategic issue for government and industry • Patching poorly designed systems is clearly not working • Solutions will require sustained and multidisciplinary R&D and broad implementation Case Study: Bank Defeats Attempted Zeus Malware Raids of Business Accounts Gartner March 24, 2010

More Related