1 / 20

PMW 130 Overview for NDIA

PMW 130 Overview for NDIA. 11 May 2011 Kevin McNally Program Manager PMW 130 858-537-0682 Kevin.mcnally@navy.mil. Why Cyber Matters?. "If the nation went to war today in a cyber war, we would lose.” - Admiral Mike McConnell (retired), 23 Feb 2010.

allie
Download Presentation

PMW 130 Overview for NDIA

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. PMW 130 Overview for NDIA 11 May 2011 Kevin McNally Program Manager PMW 130 858-537-0682 Kevin.mcnally@navy.mil

  2. Why Cyber Matters? "If the nation went to war today in a cyber war, we would lose.” - Admiral Mike McConnell (retired), 23 Feb 2010 • Over 2.08 billion Internet users (420M in China) – UN International Telecommunication Union (ITU) • DOD makes 1 billion+ Internet connections daily, passing 40TBs of data –RADM Edward H. Deets, III • DOD Networks scanned and probed 6M times/day – USCYBERCOM • Several years ago, zero countries armed for cyber warfare, today 20+ countries – Dr. Eric Cole, McAfee • Stuxnet – Most advanced Cyber Weapon ever seen – CEO McAfee “The next battle is in the information domain, and the first shots have already been fired.”- Admiral Gary Roughead, CNO 2

  3. McAfee Threat Summary Adobe products still the top target New stats: • 20 Million new malware in 2010 • ~55,000 new malwares/day (new record) • Growth in sites hosting malware • Number of new mobile malware in 2010 increased by 46 percent over 2009 Malware growth since Jan 09 Source: McAfee Threats Report Q4 2010 3

  4. SymantecExpansion of Tool Kits 61% of threat activity on malicious websites is toolkit specific Source: Symantec Intelligence Quarterly (April-June 2010) 4 4

  5. ZeuS, aka ZbotAdaptable Trojan for sale • Cost on the black market • The Private Version is $3-4K • VNC private module is $10K • ZeuS author earned $15M in commissions from license rights • Infect PCs by simply visiting an infected Web site • Oct 2010, over 30 individuals were arrested for ZeuS-based attacks against U.S. and U.K. bank account holders • Dec 2010, spoof email from “White House” to UK Government • U.K. officials suggest the cyber attack originated from China TOOLKIT TO BUILD YOUR OWN TROJAN HORSE 77% of infected PCs have up-to-date anti-virus software 5

  6. Can you tell the difference?

  7. Amazing Coincidence?

  8. Is our supply chain safe? January 2008, a joint task force seized $78M of counterfeit Cisco networking hardwareSource: Defense Tech April 2009, Chinese spies may have put chips in U.S. planes Source: The Times of India May 2010, Counterfeit Cisco Network Gear Traced to China, Not Surprisingly Source: Security Magazine

  9. Conficker Spreading5 Versions in 5 Months Early Feb 2009 CONFICKER C 50K Domains Kills Security Software + Robust Peer-to-Peer Comms Malware Analysis Countermeasures + Improved HTTP Command & Control Mid Jan 2009 Conficker A and B explodes. Estimates range from 3-12 million machines infected Mid Feb 2009 CONFICKER B++ Direct Update Feature End Dec 2008: CONFICKER B Code Cryptography + Password Cracking + USB Infection Vector Anti-Virus Countermeasures + Primitive Peer-to-Peer Comms Software Update Countermeasures March 2009 IBM announces: Asia has 45% of infections; Europe 32%; South America 14%; North America 6% 20 Nov 2008: CONFICKER.A No Software Armoring HTTP Command & Control April 2009 CONFICKER E Spam “Scareware” 50,000 PCs a day are attacked

  10. Conficker(At the one year mark)

  11. What about specialized weapons and aircraft? French fighter planes grounded by computer virus - The Telegraph, 07 Feb 2009 French fighter planes were unable to take off after military computers were infected by a computer virus. Microsoft had warned that the "Conficker" virus, transmitted through Windows, was attacking computer systems in October last year

  12. Android Disasters • March 1, 2011: confirmed that 58 malicious apps were uploaded to Android Market • Rootkit granting hackers deep access • Google initiated “remote kill” to affected devices • Admits they can’t patch the hole causing the vulnerability • Symantec: Android app called “Steamy Windows” was modified to SMS premium rate numbers owned by Chinese hackers Source: http://techcrunch.com/2011/03/05/android-malware-rootkit-google-response/ http://www.computerworld.com/s/article/9211879/Infected_Android_app_runs_up_big_texting_bills 12

  13. SCADASupervisory Control And Data Acquisition • Shumukh Al-Islam Network call to Mujahadin Brigades to “strike the soft underbelly…” • “…strikes…simultaneous”; “…spread hysterical horror…” • Infrastructure processes include: • Water treatment & distribution • Wastewater collection & treatment • Oil & gas pipelines • Wind farms • Civil Defense siren systems • Large communication systems • Electrical power transmission & distribution OSC Web monitoring report found an article dated 18 December 2010 on Shumukh Al-Islam Network titled “Launch SCADA Missiles” urging an attack

  14. Social Networking Event Robin Sage • Purportedly Cyber Threat Analyst for the Naval Network Warfare Command • Impressive resume at 24, high-level security clearances • 10 years' experience in the cybersecurity field • Friends list included people working for the nation's most senior military officer, the chairman of the Joint Chiefs of Staff, NRO, a senior intelligence official in the U.S. Marine Corps, the chief of staff for a U.S. congressman, and several senior executives at defense contractors • Job offers from industry “One soldier uploaded a picture of himself taken on patrol in Afghanistan containing embedded data revealing his exact location” 14

  15. Information Assurance & Cyber Security (PMW 130) • Computer Network Defense (CND) – ACAT IVT • EKMS/KMI - Component of NSA – ACAT IAM • PKI - Component of DISA – ACAT IAM • Cryptography (modernization; legacy) • Navy, USMC, USCG, MSC • Radiant Mercury (RM) • Cross Domain Solution • Tactical Key Loader (TKL) • USMC and SPECOPS • Information Assurance (IA) Services PMW 130 collaborates with FLTCYBERCOM, 10th Fleet, NCF, NNWC, and NCDOC 15

  16. C4I Networks TodayDefense In Depth • Enterprise Management • Prometheus • Advanced Data Correlation • Governance • Situational Awareness: CND-COP • CND C2 • Coordinated Response Actions Enterprise View Navy Computer Network Defense Centers • WAN Defenses • Boundary Defense (firewalls) • Enclave Protection (IPS/IDS) • Data Correlation • Virus Protection Regional Views Network Operations Service Centers • LAN Defenses • Host Protection (HIDS, Firewall, anti-virus, baselining) • Vulnerability Scanning • Vulnerability Patch Remediation • Network Intrusion Detection Platform Views Mission Operations 16

  17. Navy Computer Network Defense High-Level Operational View 17

  18. Cyber Defense and the NavyWhat Lies Ahead • Identifying network anomalies & behaviors • Moving from reactive to predictive • Advanced Persistent Threat • Insider Threat/Data loss prevention • Advanced spear phishing • Web security, Social Networks • Web enabled application security • Correlation and Analysis of sensor data • Cloud Security • Wireless/handheld device security • Cyber Situation Awareness 18

  19. Future Collaboration • Collaboration is vital to our future • Welcome collaboration across government, commercial, academia and other stakeholders • PMW 130 Government/Industry Exchange • An opportunity for industry to present products they feel may be of interest to PMW 130 • Attendees include PMW 130 senior leadership, SPAWAR and PEO C4I invitees, and other PMW 130 personnel (Assistant Program Managers, engineers, etc.) • Held once a month • 50 minutes, including Q&A • Please contact Carol Cooper at Cooper_carolyn@bah.com

  20. We get IT. We also integrate it, install it and support it. For today and tomorrow. Visit us at www.peoc4i.navy.mil 20

More Related