1 / 14

Opening Moves Workshop Summary @ NPS

Opening Moves Workshop Summary @ NPS. O. Sami Saydjari, CDA ssaydjari@CyberDefenseAgency.com National Cyber Defense Initiative. Motivation. Strategic Threat is Real and Growing Critical infrastructures vulnerable to cyber attacks by determined adversaries

ranee
Download Presentation

Opening Moves Workshop Summary @ NPS

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Opening Moves Workshop Summary @ NPS O. Sami Saydjari, CDA ssaydjari@CyberDefenseAgency.com National Cyber Defense Initiative

  2. Motivation • Strategic Threat is Real and Growing • Critical infrastructures vulnerable to cyber attacks by determined adversaries • Myriad vulnerabilities: software, hardware, configuration, policies and procedures • Current Research is Important but Insufficient for serious adversary • Considerable research has led to technology that addresses current threats • Industry technology provides strong base for a successful research initiative • Much of previous govt-funded research has led largely to “point solutions” • Current research agenda won’t provide technology for Nation’s critical resources • Important Characteristics of a major research initiative • Large effort, driven by security needs of today’s & tomorrow’scritical applications • Along with security, privacy concerns have to be respected • Research initiative must consider economic, legal, usability, workforce (dev & op) • Partner research communities with industries that will develop and use technology • Considerable Government leadership needed (think post-Sputnik)

  3. Vignettes End-States Moves Approach End State: How things behave differently to decision-maker (What) Moves: Strategic action to mitigate a strategic threat (How)

  4. Desired End States I • Continuity of Critical Info Infrastructure Operations • Technology basis for resilient US cyber infrastructure that would sustain critical functions in face of attack • Well-Defended Critical Assets • Make it economically prohibitive for adversary to cause strategic damage to US critical infrastructure. • Currently, adversaries can attack critical systems without requiring substantial resources. • Local/Global Cyber Situation Awareness • Know who and what’s on critical system platforms, network, and the threats to them. • Cyber early warning systems while maintaining privacy • Today’s IDSs can see simple previously-seen attacks locally, • Seek one that can see highly-sophisticated, novel, covert strategic attacks

  5. Desired End States II • Data-Tight Systems. • Prevent unauthorized leaks or exfiltration of critical information • Ensure accountability for information flows within systems--share info only with those intended to have it. • Losing Valuable data, protected by perimeter devices such as firewalls. • New mechanisms and architectures are needed. • Extensible systems that safely embrace new technology. • New functions can be confidently added without compromising existing function or assurance. • Advance Cyber defense technology and secure systems engineering • So is a highly-usable enabler for rapid pace of new functionality, such as Net-Centric warfare, instead of impediment. • Metrics-based Quantifiable security and dependability: • ability to determine extent to which critical systems can withstand attacks • Without such metrics, it is hard to judge progress and assess effectiveness of proposed solutions. • Metrics are fundamental

  6. Promising Moves I • Enable creation & operation of secure systems by architectural principals • Organize systems sofall-back operations and rapid recovery and repair from attacks, even of an unanticipated nature, are possible. • As a policy, favor stratified/partitioned designs for critical security components. • Re-organize networks that have moved away from these concepts. • Separate critical data and functions of control plane from operational plane. • Design systems to satisfy critical mission requirements. • Value and prioritize critical cyber infrastructure functions. • As functions are automated and integrated, require cost of operating without the function be calculated as a means of assessing its mission-criticality. • Quantify recovery and rollback. • Create & combine Metrics-Driven security analysis, simulations, & testing. • Develop adequate test and analysis environments to vet theories of defense, cyber offense, new mechanisms, and operators using best cyber strategy and tactics. • Need different test environments (some domain-specific), with a range of scales • Test-beds underway need improvement to be more usable to support experiments

  7. Promising Moves II • Authentication & attestationmechanisms to establish trust • Authentication of individuals to each other, to machines, • and of machines to individuals and to other machines • Trustworthy identity + privacy-protecting mechanisms is a prerequisite for security policy enforcement and for mechanisms such as network admission control. • Develop human capital • Inaugurate national competitions in secure system engineering to attract new talent and integrate academic, industry, and government efforts. • Create unclassified national security research institutes with academic, private, govt • Revamp research funding processes to encourage long-term, focused engagement in crucial areas. • Increase funding to create a cyber workforce of researchers, system developers, and system administrators for commercial and Government-critical systems. • Initiate research in key technology areas. A few candidate areas include: • practical techniques and tools for the secure composition of large-scale architectures, to support safe system design, extension and evaluation, • transparent security mechanisms, to enable rather than interfere with work, • active automated forensics, to identify attackers and account for their actions, • self-healing and dynamic security, to raise the bar for attackers, • system security benchmarking and assessment to develop quantifiable metrics

  8. Testbed Diversity Theory (calculus of priorities) Exercises Develop Human Capital Redundancy in Logical And Physical Infrastructure Cyber Counter- Intelligence Stratify Early Warning Valuation Reconstitution Establish Priorities Oppose Lifecycle Attacks “Not Remote” Administration End State CONTINUITY: The US critical infrastructure shall be able to sustain operations in the face of both static and adaptive attacks Fail Soft Restore & Recover Rebuild

  9. Natl Keying Infrastructure Honeypots Control/Detect Adversary CNA Dynamic Security Network Admiss. Control Diversity Redundancy App Specific Test Platforms Detection Lifecycle Special Purpose Devices Biometrics High Assurance Development Early Warning Stratify Protected Admin Identity Management Appropriate Authentication Attestation Traceback Human Capital Investment End State PROTECT: Ensure that an adversary cannot economically achieve confidence in his ability to cause strategic damage to the US critical infrastructure Deception Maneuver Hiding Redundancy Deterrence Isolation Hardening

  10. Conclusions I • Focus on protectingcritical info. infra. from strategic damage is essential. • Connecting bottom-up “moves” approach with top-down “end-state” approach broadened thinking, • yet quickly brought focus on key strategic moves and will produce new technology that meets the needs of critical applications. • Developing and sustaining human capital is essential to all in both the near- and long-term.

  11. Conclusions II • Strategy for understanding and influencing commercial markets is a prerequisite of any move. • Industry should be actively engaged in developing this strategy. • Pragmatic solutions and incentives are needed. • Some of the key vendors are fully engaged in the NCDI community, but more have to be involved and soon. • We should be careful not to undervalue ideas and concepts as “old” because they have been previously identified and discussed. • Many never actually tried in earnest and translation of these notions to the current context will be required. • Based on advances in underlying hardware and software technology the workshop participants believe that many of the key ideas are ready to be incorporated into design and evaluation methodologies. • Ambitious goals require concerted community effort • where researchers, academics, internet service providers, business leaders, government leaders, industry technical leaders all work in close partnership.

  12. Recommendations for Next Steps I • Fund continuation of analysis process started in WS • handful of very experienced people with security engineering, research, and operational backgrounds. • Identify most critical moves and lay out actions over near, medium and long term for those moves. • Do Closure Analysis • moves for which there were no corresponding end-states to determine their importance and determine if any key goal states missing. • moves identified by prior studies in the same way with respect to missing moves and end-states. • For example, usability of security plays a key role, yet is not yet well-mapped into the workshop results.

  13. Recommendations for Next Steps II • Explore end-state quantification • so that investment can be prioritized • Engineer Market Change • Engage industry’s top key technical leaders to determine ways to affect change consistent with the mechanisms and behavior of commercial markets. • Extend Plan with Focused Workshops • Hold follow-on workshops over the next 12 months with domain experts (e.g. power, banking, and telecommunications), technology experts, and industry experts to extend the plan. • Involve Government agencies responsible for security R&D and for these sectors

  14. Workshop Organization • The National Cyber Defense Initiative “Opening Moves” Workshop was held from 3-7 December 2007 at the Naval Postgraduate School in Monterey, California. Its purpose was to help develop a framework and plan for the protection of the essential fabric of our national cyber infrastructure from strategic damage. • The NCDI is a grassroots activity started in late November 2006 to address the need for a large-scale effort to improve the cyber security of our nation. Thirty-four invited specialists and a small number of reviewers attended. The former were at the workshop for the entire week, whereas the latter attended only the last day. All participants were cyber security experts. Their backgrounds included: industry, government, academe, and consulting. The principle organizers of the workshop were Cynthia Irvine (Naval Postgraduate School) and Sami Saydjari (Cyber Defense Agency, LLC). Three pre-chosen facilitators lead breakout groups: Terry Benzel (USC/ISI), Deborah Cooper (private consultant), and Bridget Rodgers (Sandia). Sponsorship for travel costs and facilities came from NPS, IARPA, NSF, and ONR. • The workshop organized the participants into three breakout groups each of which focused on a set of high-level objectives. Plenary sessions were limited to talks that highlighted the critical nature of the cyber security problem, the challenge cyber security poses in the context of existing infrastructure and practice, and for inter-group synchronization. The approach was both bottom-up regarding strategic actions (called moves) that can and should be taken to make a significant reduction in risk, and top-down in terms of end-state operational capabilities needed to achieve information dominance.

More Related