Computer Network Defense Maintaining an Efficient and Secure

Enterprise in a Connected World

Chet RatcliffeExecutive Vice President / Chief Technology OfficerEADS North America Defense Security & Systems Solutions Inc.chet.ratcliffe@eads3.com

The Threat• Computer networks face a constantly evolving

menace from cyber attacks, viruses, unauthorized probes, scans and intrusions

• Foreign Governments, Terrorists, Criminals, and Network Hackers are more determined than ever to steal information, cause disruption and destroy networks

• Non-optimized and non-standard processes and policy complicate response tactics and increase response times to attack

• Inconsistent or no training of system operators in identifying and mitigating Cyber Attacks currently poses one of the biggest threats to critical computer networks.

Mitigate through Education/Training + Processes/Policy + Technology

The Human Condition• Technology is no match for human error ~Torley

• The factory of the future will have only two employees, a man and a dog.  The man will be there to feed the dog.  The dog will be there to keep the man from touching the equipment.  ~ Warren G. Bennis

• I am sorry to say that there is too much point to the wisecrack that life is extinct on other planets because their scientists were more advanced than ours.  ~John F. Kennedy

• The real problem is not whether machines think but whether men do.  ~B.F. Skinner

• Bottom Line - The human brain is prone to data corruption and misinterpretation (memory pointer failure, non-sequential inconsistent access to memory stores and/or actual rewriting/resorting of data)

Crippled or Exploited Networks• Loss of data and comm• Loss of critical infrastructures• Loss of customer confidence• Loss of revenue

Total economic meltdown

Global ConsiderationsWhy is it a big deal?

• Cultural and social differences• Technology• Economy and accessibility• Language• Trust• Laws (national vs. international)

• Who controls the Internet?• Who polices the Internet?• Who makes the laws?• Who presides over legal challenges?

Global ConsiderationsItaly

Sales & Marketing

Web Services

Help Desk Support

Product Ordering China

Financial transactions

UK

www.italianshoes.com

Global ConsiderationsWhat is Needed?• A Global Protocol providing

• National Strategies• Legal Frameworks• Public-private sector initiatives• International law enforcement cooperation• Standardized security framework of policy,

processes, architecture, persistent training and exercise

• Enterprise security programs

• ITU – International Telecommunication Union • UN agency regulating information and communication technology

issues- global focal point for governments and the private sector in developing networks and services

• World Summit on the Information Society (WSIS) • United Nations-sponsored conferences about information,

communication and, in broad terms, the information society – 2003 in Geneva and in 2005 in Tunis. chief aim - bridge the so-called global digital divide separating rich countries from poor countries by spreading access to the Internet in the developing world. ITU asked to take the lead in coordinating international efforts in the field of cybersecurity, for action Line C5, “Building confidence and security in the use of ICTs (Information and Communication Technologies)”

• ITU positioning itself for a greater role in cybersecurity

Global Considerations

Global ConsiderationsGlobal Cybersecurity Agenda (GCA) • Provide a framework within which an

international response to the growing challenges to cybersecurity can be coordinated and addressed.

• GCA based on international cooperation and strives to engage all relevant stakeholders in a concerted effort to build confidence and security in the information society.

• Built upon five strategic pillars• Legal Measures• Technical and Procedural Measures• Organizational Structures• Capacity Building• International Cooperation http://www.itu.int/osg/csd/cybersecurity/gca/

Conficker→10 million PCs, $10 Billion

- Stefan Savage, professor at UCSD and lead researcher on a recent spam study

“One in 10 people clicking through to receive the malware is a pretty sobering number“

FSLJDSLFFSFU.17.23.server29.akamae.com

Internet

Local Area Network

Access Control Point

Perimeter Defense

IDS

Firewall

Access Control

Pack ets

HTT P

Sm

a ll Pac

kets

HTT

P

Larg

e

How much damage can be done with a keystroke?

Perceived Industry and Govt Issues• Lack of good security policy• Lack of good management oversight• Lack of well defined security and network management

processes• Lack of standardized and/or integrated tools• Lack of configuration management and version control• Lack of optimization on networks (usually ties back to

configuration management and good network practices)• Little understanding of mitigation and reporting

procedures in the event of a compromise• No good common operational picture• No metrics related to network status or historical data on

same• No persistent training and exercise regimen for

operators on a network

How do we ensure success

• Technology alone will not fix the problem

• A balanced system is required which includes:

– Engaged leadership

– Standardized processes

– Well defined security policy

– Educated personnel

– Persistent training and exercise capability

– A secure architecture

– Easily accessible information conduit/portal

Adult Learning

Adult Learning

BooksCertifications

Simulators

Medical Simulatorsused to certify medicalprofessionals

Aircraft Simulatorsused to certify pilots

“One way of looking at this might be that for 42 years, I've been making small, regular deposits in this bank of experience: education and training. And on January 15 the balance was sufficient so that I could make a very large withdrawal."

- Chesley Sullenberger

Detected

Recognised

Responded

Why are we so willing to trust these people?

Page 22

• Developed by EADS NA Defense Security & Systems Solutions (DS3) for the US Department of Defense

• Provides a family of Cyber Defence Simulators to train network administrators and operators how to:• Detect• Recognise• Research• Mitigate• Report

attacks and anomalies in a network safe environment.

CENTS™ Capability

• Simulates Network Operations and Security structure

• Separated from operational network• Allows real world Cyber Operations “risky”

activity• NO OPERATIONAL IMPACT

• Standard platform• Train: Net-D & system triage• Certify operators to agreed Standards and

regular Evaluations & Checks • Drills: SOP / Checklists• Exercise: Defend against cyber attack• Evaluate: Tactics, Techniques, Procedures

(TTP), & Processes• Assess: Future Capabilities

• Automated Attack Events with Re-roll• Rapid automated reconstitution capability“Proving Ground” for net-

centric operations