impacts of autonomous cyber defence - unsw canberra · 2016-05-26 · 12 1. the drivers for...
TRANSCRIPT
1
Impacts of Autonomous Cyber Defence
Michael Docking, DST Group
Redefining R&D Needs for Australian Cyber Security
UNSW ACCS at ADFA, November 16th 2015
UNCLASSIFIED
Approved for
Public Release
2
1. The drivers for Autonomous Cyber Defence
2. The disruptive impacts for Australia:
• Enterprise Security
• Military and Unmanned Systems
• Cyber Warfare
3. Overview of the HINDER project
UNCLASSIFIED
Broad research topics Partnerships & collaboration }
3
1. The drivers for Autonomous Cyber Defence
2. The disruptive impacts for Australia:
• Enterprise Security
• Military and Unmanned Systems
• Cyber Warfare
3. Overview of the HINDER project
UNCLASSIFIED
Broad research topics Partnerships & collaboration }
4
R&D plan developed in consultation with Defence, industry and academia.
Available at: www.dsto.defence.gov.au
UNCLASSIFIED
6
UNCLASSIFIED
Scale
Pace
Isolation
Key Autonomy Drivers
Gateway monitoring
Host-based monitoring
Remote control
Autonomous control
Passive
Centralised
Active
Distributed
Network Defence Dull, Dirty & Dangerous?
Au
tom
atio
n
7
Scale
Pace
Isolation
Gateway monitoring
Host-based monitoring
Remote control
Autonomous control
Passive
Centralised
Active
Distributed
Key Autonomy Drivers Network Defence Intrusion detection,
prevention & response
Timely
Run continually
Fault tolerant
Resist subversion
Minimal overhead
Configurable
Adaptable
Scalable
Graceful degradation
UNCLASSIFIED
Au
tom
atio
n
Dynamic reconfig.
8
Au
tom
atio
n
Scale
Pace
Isolation
Gateway monitoring
Host-based monitoring
Remote control
Autonomous control
Passive
Centralised
Active
Distributed
Key Autonomy Drivers Network Defence
Remote control
Autonomous control
Threat Actors
Defeat
Intrusion detection, prevention & response
Timely
Run continually
Fault tolerant
Resist subversion
Minimal overhead
Configurable
Adaptable
Scalable
Graceful degradation
UNCLASSIFIED
Dynamic reconfig.
9
1. The drivers for Autonomous Cyber Defence
2. The disruptive impacts for Australia:
• Enterprise Security
• Military and Unmanned Systems
• Cyber Warfare
3. Overview of the HINDER project
UNCLASSIFIED
Broad research topics Partnerships & collaboration }
10
1. The drivers for Autonomous Cyber Defence
2. The disruptive impacts for Australia:
• Enterprise Security
• Military and Unmanned Systems
• Cyber Warfare
3. Overview of the HINDER project
UNCLASSIFIED
Australia has a cyber defence that acts rapidly to minimise damage (fight through) - enabling networks to support operations whilst under sustained cyber attack.
Broad research topics Partnerships & collaboration }
11
1. The drivers for Autonomous Cyber Defence
2. The disruptive impacts for Australia:
• Enterprise Security
• Military and Unmanned Systems
• Cyber Warfare
3. Overview of the HINDER project
UNCLASSIFIED
Australia can reliably deploy military and unmanned systems into remote and hostile environments - equipped
with active defences to resist cyber threats.
Broad research topics Partnerships & collaboration }
12
1. The drivers for Autonomous Cyber Defence
2. The disruptive impacts for Australia:
• Enterprise Security
• Military and Unmanned Systems
• Cyber Warfare
3. Overview of the HINDER project
UNCLASSIFIED
Australia has a resilient cyber defence that significantly raises the bar - forcing adversaries to build and expose
increasingly sophisticated tools and limiting their impact.
Broad research topics Partnerships & collaboration }
13
UNCLASSIFIED
Wide Area Network
Operations Network
Intrusion Analyst
Client Network
Mobile Devices
Military Systems
Unmanned Vehicles
Protect & defend our networks
Sensing Data
Decisions
Monitor
Automation Human
Gateway monitoring
Host-based monitoring
Remote control
Autonomous control
14
UNCLASSIFIED
Wide Area Network
Operations Network
Intrusion Analyst
Client Network
Mobile Devices
Military Systems
Unmanned Vehicles
Poor observability
Isolation
Disruption
Protect & defend our networks
Sensing Data
Decisions
Monitor
Automation Human
Gateway monitoring
Host-based monitoring
Remote control
Autonomous control
Reaction time
Response…
Encryption, Covert
channels, Insiders,
Avoidance
15
UNCLASSIFIED
Wide Area Network
Operations Network
Intrusion Analyst
Client Network
Mobile Devices
Military Systems
Unmanned Vehicles
Host-based monitoring
Isolation
Disruption
Protect & defend our networks
Sensing Data
Decisions
Monitor Monitor
Monitor Monitor
Bottleneck, Latency x 2
Automation Human
Gateway monitoring
Host-based monitoring
Remote control
Autonomous control
Reaction time
Response…
16
UNCLASSIFIED
Wide Area Network
Operations Network
Intrusion Analyst
Client Network
Mobile Devices
Military Systems
Unmanned Vehicles
Security Command
Remote control
Isolation
Disruption
Protect & defend our networks
Policy Rules of
engagement
Sensing
Effects
Data
Decisions
Remotes Remotes
Remotes Remotes
Bottleneck, Latency x 2
Automation Human
Gateway monitoring
Host-based monitoring
Remote control
Autonomous control
Reaction time
17
UNCLASSIFIED
Wide Area Network
Operations Network
Intrusion Analyst
Client Network
Mobile Devices
Military Systems
Unmanned Vehicles
Security Command
Remote control
Isolation
Disruption
Protect & defend our networks
Policy Rules of
engagement
Sensing
Effects
Data
Decisions
Remotes Remotes
Remotes Remotes
Bottleneck, Latency x 2
Automation Human
Gateway monitoring
Host-based monitoring
Remote control
Autonomous control
18
UNCLASSIFIED
Wide Area Network
Operations Network
Intrusion Analyst
Client Network
Mobile Devices
Military Systems
Unmanned Vehicles
Security Command
Fusion and reasoning under uncertainty
Autonomic & distributed computing
Distributed control
Isolation
Disruption
Protect & defend our networks
Policy Rules of
engagement
Sensing
Effects
Data
Decisions
Agents Agents
Agents Agents
Bottleneck, Latency x 2
Automation Human
Gateway monitoring
Host-based monitoring
Remote control
Autonomous control
19
UNCLASSIFIED
Wide Area Network
Operations Network
Intrusion Analyst
Client Network
Mobile Devices
Military Systems
Unmanned Vehicles
Security Command
Fusion and reasoning under uncertainty
Autonomic & distributed computing
Distributed control
Isolation
Disruption
Protect & defend our networks
Policy Rules of
engagement
Sensing
Effects
Data
Decisions
Agents Agents
Agents Agents
Bottleneck, Latency x 2
Automation Human
Gateway monitoring
Host-based monitoring
Remote control
Autonomous control
Autonomous red teaming
Enabling lower-skill operators Force multiplier
Isolated networks, military & unmanned systems
Continuous fixing & hardening Dynamic networks
& policy
Rapid quarantine & recovery
Self-protection & healing
Significantly raise the bar for adversary
20
1. The drivers for Autonomous Cyber Defence
2. The disruptive impacts for Australia:
• Enterprise Security
• Military and Unmanned Systems
• Cyber Warfare
3. Overview of the HINDER project
UNCLASSIFIED
Broad research topics Partnerships & collaboration }
21
Demonstrate a feasible and effective new concept for cyber defence through researching and prototyping a
well-founded autonomous cyber security capability and demonstrating it within an operational environment.
UNCLASSIFIED
Research Themes
Reasoning & Fusion
Distributed Control
Autonomic Systems
Technologies
Influx
Reflex
Unison
Collaboration
TTCP
Academia TBD
Industry TBD
Impact
R&D
Policy
Capability
Demonstrator
HINDER Vision