northrop grumman corporation - worldatmcongress.org · looking at the threat landscape ... •...

Northrop Grumman Corporation

World Air Traffic Management Congress

March 2016

Dr. Dennis McCallam, DIA.

Northrop Grumman Fellow

Operating Safely in a Cyber Dense Environment – the Good, the Bad, and the Ugly.

Approved For Public Release #16-0385; Unlimited Distribution

Who we are

• Leading global security company

• $24 billion sales in 2014

• $38.2 billion total backlog

• Leading capabilities in: – Unmanned Systems – Cyber – C4ISR – Logistics

Focus on Performance 2


Agenda

• Lets put a context on the cyber threat from a capability standpoint

• The cyber environment out there….ugly

• Understanding that our environment has both enterprise and platform information systems

• Some thoughts on security engineering and resilience

• Some ways ahead (and some good news)


Looking at the Threat Landscape - Capabilities

4

* Defense Science Board Task Force Report: Resilient Military Systems and the Advanced Cyber Threat January 2013

1 Use existing malicious code and known exploits

2 Develop tools to use known exploits against publically known vulnerabilities

3 Develop and use unknown malicious code against known vulnerabilities

4 Criminal or state actors who discover new vulnerabilities and develop exploits against known vulnerabilities

5 State actors who create vulnerabilities and impact products in the supply chain to enable exploitation of networks and systems of interest

6 States with the ability to successfully execute full spectrum cyber operations

The Known - Known

The Known-

Unknown

The Unknown - Unknown


So….How vulnerable are things

• Some factual attacks or alerts – Computer researcher hacked into aircraft control system (masquerading as a

passenger): May 2015

• Contention between safety and security – Johnson, C. (2016). Why We Cannot (Yet) Ensure the Cyber-Security of Safety-

Critical Systems. – Need to address the difference between platform (sensor, etc) systems and

enterprise systems

• Some urban legend attacks – Was it a virus or a bad maintenance computer?

5


Cyber resilience impacts a lot of things

6 Derived from DoDD 8500.1, Paragraph E2.1.16.4

Not everything is the same.

Combination of platform and enterprise IT systems (their sensors and components) that make up the mission

KEY CHARACTERISTICS • Hybrid – multiple interfaces

across enterprise and platform

• Huge attack surface • Risk of “Pearl Harbor” if

“jump the gap” events

System of Systems The traditional IP based IT infrastructure: HW/SW and all that it touches

KEY CHARACTERISTICS • More homogenous and known • Infrastructure dependent • Designed to manage large

volumes of critical data • Events are played out in

massive scale in public • Vast array of COTS cyber tools

of varying effectiveness

Enterprise IT The IT residing within and on platforms

Platform IT

KEY CHARACTERISTICS • Some non-Internet operating

systems, protocols and transport • Proprietary components • Some legacy systems,

pre-“cyber era” • Solutions must be safety-centric


Security Engineering: Simplified

• Continuously improve your C4ISR architecture with security in mind – Think: “Secure by Design”

• The Internet of Things (and a lesson for us)

7

…and I just hacked a bank.

192.168.0.63

Where Should We Protect From?


Cyber Threats…Are They Really Everywhere?

8

Keyless Entry

Remote Start

Performance Data Recorder

Bluetooth/4G/OnStar Supply Chain

Security Engineering and Vulnerability Analysis Enable Successful Cyber Design and Test


The Resilience Lifecycle Start Secure. Stay Secure. Return Secure.™

9

Operations & Support • Detect/prevent loss of sensitive information • Operate through attacks • Respond to attacks across the board, not

just on IP-based connections • Detect RF links & code insertion • Prevent mission critical function alteration • Monitor for mission load compromise

Design, Acquire, Build & Field • Avoid supply chain intrusion • Continually assess security

posture • Detect & reject built-in malware

and undocumented features • Design holistically • Follow software assurance

processes • Ensure software provenance • Detect & reject counterfeit parts • Prevent contract process flaws • Secure related environments

Upgrade & Modernize • Maintain supply chain

integrity • Preserve software integrity • Prevent malware injection • Prevent security mitigation

bypass • Detect non-intentional S/W

modifications • Review & protect diagnostic

equipment injection points • Ensure software/data

integrity

Resilience Approaches

Mission Assurance

Attack Vectors Data

Code Infrastructure

Communications People

TRUSTED BASELINE SECURE RE-BASELINING RESILIENT OPERATIONS

Start Secure

Stay Secure

Return Secure


Some good news

• The enterprise IT side is well understood – Build on the shoulders of giants

• The safety and operational demands on ATC Platform IT is a GREAT start towards cyber protection

– Code evaluations – Secure CM and patch control

• We can and should get into two rhythms – Start secure, Stay secure, Seturn secure™ to help with the

development and architecture of the next generation systems – Secure it, Optimize it, Evolve it ™ to make sure we always

know where we are and know where we are going

• Secure the design data of your system – it is critical

10


• The development of processes around System Security Engineering is a natural extension of the formal Systems Engineering process

• Engineering a solid system to protect the integrity of the supply chain is necessary

• Educate application developers about risks to the supply chain and what to watch for

11

Final thoughts - maintain your vision with education

E D U C A T E

20 100

20 50

20 20

1

2

3

Standards

Policy and Regulations

Systems and Vendors

Information Security

Supply Chain Security

northrop grumman corporation - worldatmcongress.org · looking at the threat landscape ... •...

Documents