360 likes | 654 Views
Information Warfare in the Trenches : Teaching Cadets the Basics of Information Assurance. Information Assurance Education OR Training: Blurring the Boundaries Aaron J. Ferguson, Ph.D., CISSP National Security Agency Visiting Professor United States Military Academy
E N D
Information Warfare in the Trenches: Teaching Cadets the Basics of Information Assurance Information Assurance Education OR Training: Blurring the Boundaries Aaron J. Ferguson, Ph.D., CISSP National Security Agency Visiting Professor United States Military Academy Department of Electrical Engineering & Computer Science aaron.ferguson@usma.edu
Definitions • Education – the act or process of bringing an understanding to an individual. • Training – the process or routine of making proficient with specialized instruction and practice.
Goal • Using Bloom’s Taxonomy as a model, provide strategies for using the training standards to build a curriculum that educates—allows the student to take Information Security Professional and Designated Approval Authority knowledge and demonstrate conceptual understanding in multiple contexts.
Attributes of Information Assurance Education • Context Sensitive • Dynamic • Multidisciplinary • Application-Oriented
Center of Academic Excellence in Information Assurance Education • Provides an excellent Roadmap for Information Assurance Course and Curriculum Development • NSTISSI 4011 – Training of INFOSEC Professionals • NSTISSI 4012 – Designated Approval Authority • Strategies • USMA Courses • USMACOM Case Study
NSTISSI 4011 – Training of INFOSEC Professionals • The NSTISSI 4011 establishes the minimum training standard for the training of information systems security professionals in the disciplines of telecommunications and automated information systems security.
What are the INFOSEC Professional “Big Ideas?” • Awareness • Sensitivity to the threats and vulnerabilities of national security information systems, and a recognition of the need to protect data, information, and the means of processing them and builds a working knowledge of INFOSEC principles and practices • Performance • The skill and/or ability to design, execute, or evaluate agency INFOSEC security procedures and practices. • Courses • CS482 – Information Assurance • Cyber Defense Exercise • IT460 – Cyber Warfare • NSA Coder’s Cup
NSTISSI 4012 – Designated Approving Authority • The NSTISSI 4012 establishes the minimum course content or standard for the development and implementation of training for Designated Approving Authorities in the disciplines of telecommunications security and information systems (IS) security.
What are the DAA “Big Ideas?” • INFOSEC Functions • Legal Liability Issues • Policy • Threats and Incidents • Access • Administration • COMSEC
What is a Controlled Interface Device (aka Security Guard)? Guard SecurityDomain“A” SecurityDomain“B” • Guard: A device or collection of devices that mediate controlled transfers of information across security boundaries (e.g., between Security Domain “A” and Security Domain “B”). • It is “trusted” to allow sharing of data across boundaries (possibly including controlled “read up” and/or “write down”) • Part of the “high side” security architecture • Enforces a defined security policy • Other characteristics: type of data being passed, direction of data flow; human or fully automated review; number of connections; connection protocol (serial; Ethernet)
Guards Versus Firewalls • Guards • Generally implemented on trusted platform (often B1 or higher) • Connects domains at different levels • Opens doors that are normally closed • Prevents data leakage • Filters data at application level • Few services allowed through (e.g., E-mail, messages, file transfer) • Often no IP forwarding • Performs downgrading • Firewalls • Not generally implemented on trusted platform • Connects domains at same level • Closes doors that are normally open • Controls network services • Filters packets at protocol level; may proxy packets at application level • More services allowed through (e.g., file transfer, E-mail, TELNET, HTTP) • Some types offer IP forwarding • No downgrading required
USMACOM Case Study • Establish secure network communications with coalition partners to provide an immediate Coalition Task Force (CTF) capability. • CTF membership is based on trust level—level of trust between the US and country seeking membership in the CTF. • The ultimate goal is to protect the SIPRNET, as it is a SECRET-High US only network with connectivity to the National Information Infrastructure. However, information on the SIPRNET must be securely shared with members of the CTF. • A Foreign Disclosure Officer on the SIPRNET decides what information gets shared with the CTF. • The CTF is classified CTF-SECRET, and the Nation LAN is assumed to be UNCLASSIFIED.
USMACOM Learning Objectives • Demonstrate an understanding of the INFOSEC functions of a DAA. • Discuss threats and vulnerabilities. • Perform a risk assessment. • Explain the DAA’s role in information warfare through the use of Information Security tactics, techniques, and procedures.
USMACOM Learning Objectives • Describe ways in which connecting to the National Information Infrastructure can create risks to your systems. • Discuss the importance of training to the separation of duties required of the DAA. • Explain DAA responsibility for preventing unauthorized disclosure of information. • Extrapolate risk management concepts to multiple scenarios. • Make decisions based on reasoned judgment.
High-Level Requirement US-SECRET CTF-SECRET UNCLASSIFIED TIER 1 TIER 2
Low-Level Requirements • Must develop a one-time accreditable security architecture that uses high-assurance guarding technology to facilitate information exchange across security domains. • USMACOM must be able to add a new member (now and in the future) to any tier without going through the accreditation process for each nation. • For each CTF user, she has a colleague back in her home country’s Nation LAN that she must communicate with. • There should be at least one system administrator per security domain and this person is responsible for performing all security-related administration of the security domain LAN, e.g., patch management, CERT notification, anti-virus maintenance, and training.
Case Study Assumptions • The CTF resides in US spaces and is US-owned and administered. The composition of coalition partners will be dynamic throughout operations and all data is releasable to all individuals who have authorized access to the CTF LAN. • The CTF LAN will be a high attribution/high consequence network--must use a multi-tiered architecture with each tier having different domain names for email purposes. • Clients in non-US-controlled spaces will not be allowed to access CTF LAN resources directly.
Case Study Assumptions • Connectivity will be severely restricted—by data attachment type (“dot-pdf”, “dot-rtf”, “dot-txt”, HTML, and “dot-gif”) and data flow direction. • Unauthorized access to SIPRNET resources or data must be the result of intentional malicious action by an authorized CTF user located in controlled US spaces or by a malicious user in one of the Nation-LANs. • An in-country user should not be able to spoof a CTF user’s email address.
What are “DAA” Big Ideas? • Accreditation and the role of the DAA • Tier membership/trust level • Attachment Types • Threats and Vulnerabilities • Risk Assessment
Accreditation and the Role of the DAA • The Designated Approval Authority (DAA) is the person that assumes all risk for operating a system in a specified configuration in a specified location for a specified period of time. • System architecture, system security measures, system operations policy, system security management plan, and provisions for system operator and end user training. • The student should play the role of the DAA and establish guidelines for the security posture of any system and/or architecture that she is required to approve.
Tier membership/Trust level • Trust level and Tier membership have attribution implications. • The student should be able to explain attribution and how it manifests itself in multiple contexts, since attribution and Trust level/Tier membership are tightly coupled. • Student will also have to decide what file types are going to be exchanged between the CTF-LAN and the SIPRNET and in what direction.
Guard Guard Type/Services Direction? Attachments GT1 GT2 ● ● Attachment Type
Risk Assessment • As a culminating exercise the instructor should have one set of students act as the DAA and another set act as Risk Analysts (RA) making their accreditation case to the DAA. • The RAs should be able to either make a compelling case for the DAA to accredit or make a compelling case for not accrediting—all based on risk evidence. • This risk evidence should be built around trust level, level of attribution, consequence, data flow, and data type.
Scaffolding Questions • Is there still high attribution if a Tier 0 user sends malicious email to the SIPRNET with a malicious code attachment? Why? • How could a Tier 2 user compromise Tier 1? • Why is the Tier 1 LAN a lower risk than the Tier 2 environment? • Can a user in Tier 2 spoof an email address?
Scaffolding Questions (cont’d) • What are some of the system administration challenges associated with the design? • How do you set up a CERT function in a coalition environment? Who enforces it? • Suppose USMACOM levied a new requirement: move all Tier 1 users down to Tier 2 to facilitate collaboration (e.g., chat, VoIP). Currently there are no Guarding Technologies that allow secure chat or secure VoIP. • Specifically, user A1 cannot chat with user A2 even though they are from the same nation. What would you do and why?
How do we Blur the Boundaries with IA Training Standards? As information security becomes increasingly important, it can no longer be left to the realm of training. • Standards need to be “de-govied”—less government-focused and include academic and industry foci. • The standards need to focus more on Information Assurance than INFOSEC as the former defines thinking and behavior and the latter just behavior. • The standards should be incorporate more layer 2 (comprehension), 4 (analysis), 5 (synthesis), and 6 (evaluation), because without these critical layers, the case for academic excellence in Information Assurance is tenuous at best!
Changes Coming Down the Road • More Information Assurance focused vice INFOSEC • More User-Friendly • More input from Academia and Private Industry • Contract to upgrade 4011 to be let in May/June • 4012 fully coordinated with CNSS community and in for DIRNSA signature. • DISA to create 4012 CBT. • 4012 renamed Senior Systems Manager • Focused on advances in technology
Aaron J. Ferguson, Ph.D., CISSP National Security Agency Visiting Professor Dept. of Electrical Engineering & Computer Science United States Military Academy 845.938.7674 Aaron.Ferguson@usma.edu GO ARMY! Feedback If you like this briefing, please send an email to: I_loved_aarons_briefing@usma.edu If you did not like this briefing, please send an email to: I_really_loved_aarons_briefing@usma.edu