230 likes | 996 Views
PMW 130 Overview for NDIA. 11 May 2011 Kevin McNally Program Manager PMW 130 858-537-0682 Kevin.mcnally@navy.mil. Why Cyber Matters?. "If the nation went to war today in a cyber war, we would lose.” - Admiral Mike McConnell (retired), 23 Feb 2010.
E N D
PMW 130 Overview for NDIA 11 May 2011 Kevin McNally Program Manager PMW 130 858-537-0682 Kevin.mcnally@navy.mil
Why Cyber Matters? "If the nation went to war today in a cyber war, we would lose.” - Admiral Mike McConnell (retired), 23 Feb 2010 • Over 2.08 billion Internet users (420M in China) – UN International Telecommunication Union (ITU) • DOD makes 1 billion+ Internet connections daily, passing 40TBs of data –RADM Edward H. Deets, III • DOD Networks scanned and probed 6M times/day – USCYBERCOM • Several years ago, zero countries armed for cyber warfare, today 20+ countries – Dr. Eric Cole, McAfee • Stuxnet – Most advanced Cyber Weapon ever seen – CEO McAfee “The next battle is in the information domain, and the first shots have already been fired.”- Admiral Gary Roughead, CNO 2
McAfee Threat Summary Adobe products still the top target New stats: • 20 Million new malware in 2010 • ~55,000 new malwares/day (new record) • Growth in sites hosting malware • Number of new mobile malware in 2010 increased by 46 percent over 2009 Malware growth since Jan 09 Source: McAfee Threats Report Q4 2010 3
SymantecExpansion of Tool Kits 61% of threat activity on malicious websites is toolkit specific Source: Symantec Intelligence Quarterly (April-June 2010) 4 4
ZeuS, aka ZbotAdaptable Trojan for sale • Cost on the black market • The Private Version is $3-4K • VNC private module is $10K • ZeuS author earned $15M in commissions from license rights • Infect PCs by simply visiting an infected Web site • Oct 2010, over 30 individuals were arrested for ZeuS-based attacks against U.S. and U.K. bank account holders • Dec 2010, spoof email from “White House” to UK Government • U.K. officials suggest the cyber attack originated from China TOOLKIT TO BUILD YOUR OWN TROJAN HORSE 77% of infected PCs have up-to-date anti-virus software 5
Is our supply chain safe? January 2008, a joint task force seized $78M of counterfeit Cisco networking hardwareSource: Defense Tech April 2009, Chinese spies may have put chips in U.S. planes Source: The Times of India May 2010, Counterfeit Cisco Network Gear Traced to China, Not Surprisingly Source: Security Magazine
Conficker Spreading5 Versions in 5 Months Early Feb 2009 CONFICKER C 50K Domains Kills Security Software + Robust Peer-to-Peer Comms Malware Analysis Countermeasures + Improved HTTP Command & Control Mid Jan 2009 Conficker A and B explodes. Estimates range from 3-12 million machines infected Mid Feb 2009 CONFICKER B++ Direct Update Feature End Dec 2008: CONFICKER B Code Cryptography + Password Cracking + USB Infection Vector Anti-Virus Countermeasures + Primitive Peer-to-Peer Comms Software Update Countermeasures March 2009 IBM announces: Asia has 45% of infections; Europe 32%; South America 14%; North America 6% 20 Nov 2008: CONFICKER.A No Software Armoring HTTP Command & Control April 2009 CONFICKER E Spam “Scareware” 50,000 PCs a day are attacked
What about specialized weapons and aircraft? French fighter planes grounded by computer virus - The Telegraph, 07 Feb 2009 French fighter planes were unable to take off after military computers were infected by a computer virus. Microsoft had warned that the "Conficker" virus, transmitted through Windows, was attacking computer systems in October last year
Android Disasters • March 1, 2011: confirmed that 58 malicious apps were uploaded to Android Market • Rootkit granting hackers deep access • Google initiated “remote kill” to affected devices • Admits they can’t patch the hole causing the vulnerability • Symantec: Android app called “Steamy Windows” was modified to SMS premium rate numbers owned by Chinese hackers Source: http://techcrunch.com/2011/03/05/android-malware-rootkit-google-response/ http://www.computerworld.com/s/article/9211879/Infected_Android_app_runs_up_big_texting_bills 12
SCADASupervisory Control And Data Acquisition • Shumukh Al-Islam Network call to Mujahadin Brigades to “strike the soft underbelly…” • “…strikes…simultaneous”; “…spread hysterical horror…” • Infrastructure processes include: • Water treatment & distribution • Wastewater collection & treatment • Oil & gas pipelines • Wind farms • Civil Defense siren systems • Large communication systems • Electrical power transmission & distribution OSC Web monitoring report found an article dated 18 December 2010 on Shumukh Al-Islam Network titled “Launch SCADA Missiles” urging an attack
Social Networking Event Robin Sage • Purportedly Cyber Threat Analyst for the Naval Network Warfare Command • Impressive resume at 24, high-level security clearances • 10 years' experience in the cybersecurity field • Friends list included people working for the nation's most senior military officer, the chairman of the Joint Chiefs of Staff, NRO, a senior intelligence official in the U.S. Marine Corps, the chief of staff for a U.S. congressman, and several senior executives at defense contractors • Job offers from industry “One soldier uploaded a picture of himself taken on patrol in Afghanistan containing embedded data revealing his exact location” 14
Information Assurance & Cyber Security (PMW 130) • Computer Network Defense (CND) – ACAT IVT • EKMS/KMI - Component of NSA – ACAT IAM • PKI - Component of DISA – ACAT IAM • Cryptography (modernization; legacy) • Navy, USMC, USCG, MSC • Radiant Mercury (RM) • Cross Domain Solution • Tactical Key Loader (TKL) • USMC and SPECOPS • Information Assurance (IA) Services PMW 130 collaborates with FLTCYBERCOM, 10th Fleet, NCF, NNWC, and NCDOC 15
C4I Networks TodayDefense In Depth • Enterprise Management • Prometheus • Advanced Data Correlation • Governance • Situational Awareness: CND-COP • CND C2 • Coordinated Response Actions Enterprise View Navy Computer Network Defense Centers • WAN Defenses • Boundary Defense (firewalls) • Enclave Protection (IPS/IDS) • Data Correlation • Virus Protection Regional Views Network Operations Service Centers • LAN Defenses • Host Protection (HIDS, Firewall, anti-virus, baselining) • Vulnerability Scanning • Vulnerability Patch Remediation • Network Intrusion Detection Platform Views Mission Operations 16
Navy Computer Network Defense High-Level Operational View 17
Cyber Defense and the NavyWhat Lies Ahead • Identifying network anomalies & behaviors • Moving from reactive to predictive • Advanced Persistent Threat • Insider Threat/Data loss prevention • Advanced spear phishing • Web security, Social Networks • Web enabled application security • Correlation and Analysis of sensor data • Cloud Security • Wireless/handheld device security • Cyber Situation Awareness 18
Future Collaboration • Collaboration is vital to our future • Welcome collaboration across government, commercial, academia and other stakeholders • PMW 130 Government/Industry Exchange • An opportunity for industry to present products they feel may be of interest to PMW 130 • Attendees include PMW 130 senior leadership, SPAWAR and PEO C4I invitees, and other PMW 130 personnel (Assistant Program Managers, engineers, etc.) • Held once a month • 50 minutes, including Q&A • Please contact Carol Cooper at Cooper_carolyn@bah.com
We get IT. We also integrate it, install it and support it. For today and tomorrow. Visit us at www.peoc4i.navy.mil 20