170 likes | 493 Views
Between The Sword and Shield: The Role of the Network Operations & Security Center. John Osterholz Vice President Cyber Warfare and Cybersecurity BAE Systems Information Solutions. David Garfield Managing Director Electronics Systems Group Detica – A BAE Systems Company. and Sharing.
E N D
Between The Sword and Shield: The Role of the Network Operations & Security Center John Osterholz Vice PresidentCyber Warfare and CybersecurityBAE Systems Information Solutions David Garfield Managing DirectorElectronics Systems GroupDetica – A BAE Systems Company
and Sharing Dot com Dot gov Dot mil Dot edu Dot “pick your noun” Jeez, this is really getting complicated Data Privacy Social Media Entertainment Gaming Peer to Peer (P2P) DWDM technology Voice Over IP (VOIP)Anything Over IP (AOIP)Services Oriented Architecture (SOA)Personal Back Office Convergence Nation StatesOrganized CrimeTerroristsJust about anyone We Love a Hard Problem Cybersecurity … Cyber Defense … Critical Infrastructure
An Evolving Threat - Post Millennium “CEOs who think cybercrime is just the business of CIOs are like Enron’s shrugging off the companies books as something for the accounting department.” Net Present Impact in operational terms • In just six months in 2007: • Requirements for system “cleanings” increased 200 percent • Trojan malware downloads and drops increased 300 percent Characteristic of exploitive attacks since 2004 • “Over the past few years, the focus of endpoint exploitation has dramatically shifted from operating system to the Web browser and multimedia applications.”* * Ref: IBM Internet Security Systems X-Force 2008 Mid-Year Trend Statistics
“Daddy, something’s wrong with your Blackberry …” The Growing Role of the Insider Threat
Georgia I “I Will Make Georgia Howl” "In the very near future, many conflicts will not take place just on the open field of battle, but rather in spaces on the Internet, fought with the aid of information soldiers” “… it is useless for us to occupy it; but the utter destruction of its roads, houses, and people, will cripple their military resources..” Georgia IIThe Next Dimension GEN W.T. Sherman1864 “… Russian tanks rolled into the country's territory, in what experts said Wednesday was an ominous sign that cyber-attacks might foreshadow future armed conflicts.” Nikolai Kuryanovich, former member of the Russian Duma Moscow Times2008 Total Warfare Then and Now: The Lesson of Two Georgias
Application & Data IntensiveEnvironments Cognitive Heuristics –Time ConstrainedReasoning Limitations of a Communications and Network Technology Mindset Cybersecurity and Cyber Defense –Its no longer just about Comms and Networks
The US and UK Alignment is Significant and Growing The Strategy highlights the need for Government, business, international partners and the public to work together to meet our strategic objectives of reducing risk and exploiting opportunities …” “The Nation also needs a strategy for cybersecurity designed to shape the international environment and bring like-minded nations together …” U.S. Cyberspace Policy Review (2009) Cyber Security Strategy of the United Kingdom (2009) Successfully managing our information resources against Advanced and Persistent Threats will require an organizational integration of network and security disciplines
An Overarching Organizational Model • The business systems and processes for which cyber space is used • The ICT infrastructure • Dedicated threat detection together with associated responses • A strong coordination layer providing situational awareness as well as alignment with activities outside the cyber domain The Network Operations and Security Center (NOSC) represents a key operational instantiation of this model
Dynamic Situational Awareness Degraded Operations Cyber Defense Information Sharing NATO-ACT ID ’08 Brussels, Belgium Enter the Network Operations & Security Center(NOSC) LegacyCONOPS Network Operations Center Security Operations Center New CONOPS Network Operations and SecurityCenter
Key Functionality of the Leading Edge NOSC Moving from Cyber Forensics to Run Time Cyber Operations Data Data - - Knowledge Network Operations Management Visualization Leading Edge NOSC Focus All SourceInformation Intelligence Intelligence Analysis Analysis Reporting Reporting Visualization Visualization Critical CyberspaceDomains Fusion - - Cross Domain Cross Domain Digital Cyber Info Sharing Info Sharing • .mil • .gov • DIB partners • .nato.int • etc. Processing Collection Environment Environments • Dynamic Situational Awareness • Degraded Operations • Cyber Defense Information Sharing Advanced &Persistent Threats Test, Training & Exercise (TT&E) Test, Training & Exercise (TT&E)
Operate at Net Speed • Multiple Phenomenology • Analyst Agile • All Source Scope • Autonomic Assist • Forensic & Run Time • Cognitive Visualization 1 2 3 4 5 1 2 3 4 5 • Data to Knowledge • Inherently Cross-Domain • Federated Operational Trust • Cognitive Visualization • Course of Action Agile • Inherently Cross-Domain • Federated Operational Trust • Salient Environment • Flexible and Extensible • Embedded Capability High Level Cyber Architecture Implications of a NOSC
The New Frontier Mission Innovative applications of information technology capabilities, solutions and services needed to adapt, assure and sustain mission operations while under attack