CYBER DOMAIN Situational Awareness

Download Report

Transcript CYBER DOMAIN Situational Awareness

CYBER DOMAIN Situational Awareness

AFCEA, San Antonio, TX 7 June 2011

Robert J. Carey

DEPUTY ASSISTANT SECRETARY OF DEFENSE (Information Management, Integration, and Technology) & DoD DEPUTY CHIEF INFORMATION OFFICER (703) 614-7323 [email protected]

Areas for Today’s Discussion

DoD Cyber Landscape/Situation

DoD Cyber Strategy

DoD CIO – CYBERCOM Relationship

Cyber Intelligence

Challenge of Situational Awareness

Initiatives

The Way Ahead

2

DoD Network Landscape

IT Systems

~10,000 Operational systems (20% mission critical)

>772 Data Centers

~67,000Servers

~7+ million computers and IT devices

~15,000 networks

Thousands of email servers, firewalls, proxy servers, etc.

Total IT Budget

>$ 38 Billion in FY12

o

>$16 Billion in IT Infrastructure

o

>$2 Billion for Cyber Security Defense Industrial Base

• •

36 DIB partners 2650 Cleared Def Contractors

Thousands of business partners DoD IT User Base

1.4 million active duty

750,000 civilian personnel

1.1 million National Guard and Reserve

5.5+ million family members and military retirees

• • •

146 + countries 6,000 + locations 600,000 + buildings and structures Problem

• Decentralized planning, standards, and operations over the years • Rapidly evolving technology

Has Resulted In

• Increased Cyber vulnerabilities • Impediments to joint operations • Large cumulative costs • Inability to fully capitalize on information technology 3

Our Challenge

The warfighter expects/needs access to information – from any device, anywhere, anytime

4

Situation

• • • • •

Our vast current attack surface cannot be defended well Absolute reliance upon networks to accomplish our National Security mission Our Networks are complex and expensive to defend and maintain USG and Industry largely in the same situation Defense Cyber Crime Center (DC3) and the DIB are our intelligence information sharing platforms via DIBnet

Partnership with Intelligence Community essential

Need Greater Connectivity, Agility, And Flexibility

5

DoD’s Cyber Strategy 5 Pillars

• Cyberspace as a domain • New defense operating concepts • Extending cyber defenses • International partners • Technology and innovation

Get In Front of the Threat

6

DoD CIO – USCYBERCOM Relationship

DoD CIO Establishes policies, processes, and standards for ensuring information delivery and authorized access.

USCYBERCOM Operates and defends DoD’s elements of cyberspace to leverage emerging technologies and to counter evolving threats.

PoliciesProcessesStandards

DoD CIO USCYBERCOM

Operational RequirementsEmerging ThreatsEffectiveness Measures

Operational Orders

DISA

DoD Components 7

Cyber Intelligence

Collection & Analysis of Data from All Sources

• • Understanding of Internet, Networks and Integration Indications and Warnings • Existing Situational Awareness Tools • • Develop new tools Internet ‘Data-Mining ’

Synthesis & Analysis of Data

• Integrate Information into ‘Actionable Decisions’ • Common Operating Picture a must

Framework for I&W and SA Sharing

• Across DOD, USG, Defense Industrial Base (DIB) a model • Mechanism for Management & De-confliction • While protecting sensitive information

USG DoD DIB

8

Cyber Intelligence

• Definitional Attributes: – Timely network activity information • Proactively managed to allow operational commanders maneuver space – Trusted network activity information • Combination of all source and organic sensor information – Actionable • Enables risk based decisions and actions – Defensive and Offensive 9

DoD IT Strategy and Roadmap Goals

Secretary of Defense Efficiencies Key Benefits

• Unity of effort • Do more with less • Reduce acquisition, procurement and sustainment cost • Improve IT cost awareness • Eliminate redundant effort and cost

Are our IT systems working for us?

Effectiveness

Improve mission effectiveness and combat power throughout the Department

Cyber Security

Improve the security of DoD networks and information from all threats

Efficiency

Reduce duplication in the DoD IT Infrastructure, and deliver significant efficiencies across the Department

Key Benefits

• Unity of command • Consistent and improved user experience • Rapidly deliver new business and mission capabilities • Increase interoperability with in -place systems • Global access to needed information • Improve availability and reliability

Are we using our resources efficiently?

Key Benefits

• Unify command and control of critical networks • Detect and eliminate malicious activity • Validate access to information based on enterprise identity and user attributes

Are our IT systems secure?

Enterprise Approach Is Critical DoD IT infrastructure optimization goals

are directly tied to a CIO’s “Three Core Questions”

10

IT Infrastructure Consolidation Initial Actions

1. Data Center consolidation 2. Network Standardization / Optimization 3. Enterprise Identity Management – secure authentication to network and data – drive anonymity from networks 4. Enterprise Email – Single global directory service (Single DoD “Phone Book”) 5. Enterprise Hardware/Software Contracts & Procurement Leverage Department’s buying power

Reduce footprint, simplify architecture, increase our ability to defend

11

Network Optimization

12

Enterprise-Wide CND Initiatives

• • • • • • • • •

Implementing a broad set of initiatives for Computer Network Defense: Trust based Certification and Accrediation Situational Awareness Capabilities Host-Based Security System (HBSS) Defense Industrial Base (DIB) Support Supply Chain Risk Management (SCRM) strategy Insider Threat Mitigation

Continuous Monitoring

Secure Configuration Management • • •

Demilitarized Zones (DMZ)

Web Content Filtering E-Mail Security Gateway DNS Hardening

Network Scanners

Partnering in key areas with the IC, Combatant Commands, Services, DoD Agencies and Industry

13

Challenge of ‘Situational Awareness’

Information necessary for a Cyberspace Common Operational Picture (COP) supporting Situational Awareness (SA) and enabling C2 decision making comes from disparate Indications & Warnings (I&W) sources

Diverse set of capabilities making interoperability a challenge

Legacy point-to-point interfaces inhibiting information sharing

Synthesis of “Internet ” feeds (Data Mining) is essential to feed a COP and understand the environment

Need validated requirements for a customizable unified community resource for detection, analysis, or presentation

Need a cohesive ‘Data Strategy’ linked to net as part of network optimization

Must Overcome Obstacles to Information Access & Sharing

14

Situational Awareness Initiatives

Seeking to leverage technologies to create a net centric architecture which easily allows current and future, unintended, data sources to be combined and utilized for SA:

Continuous Monitoring (CM)

Secure Configuration Management (SCM)

Host Based Security System (HBSS)

Identity Management – PKI enablement

Situational Awareness - Global NetOps Information Sharing Environment (GNISE)

Internet Data Mining – In combination with CM

Allow for more balanced Risk Management

15

Developing Situational Awareness Capabilities

Strategic Mission Needs Tactical Operational Civilian Communities IC Coalition Shared SA Info Sharing DIB CS/IA Data User Interface DIBNet DC3 Data Sources Other Data Sources Integration Enterprise 2.0 for NetOps SA Information Portal Reports Dashboards Data Streams Data Visualization Service Mashup Data Analytics / Service Gadgets NetOps SA Data Enterprise Services (Auth, Messaging, Cross Domain) Web Services NetOps Apps Custom Data Sources SIM GNA, GEM, GCM, CIP Data Sources CDC DISA NetOps Data User Interface Integration CND UDOP cd JIMS Data Mining Transition JCD Web Services Custom Data Sources JCD Data

16

The Way Ahead

• • • • •

Pursue our goal of affording secure access to information for the warfighter from any device Our strategy is to consolidate and standardize elements of the networks to more effectively defend them and confront threats with agile information sharing Our focus is to embed the policies, procedures, oversight, and culture that enable information sharing into the Defense community and its mission partner Continue to leverage extensive and unprecedented capabilities afforded by the Information Age Continue to partner with industry to deliver National Security in Cyberspace

We are creating an information advantage.

17

How Can You Help?

• Ask hard questions • Leverage your best and brightest • Innovate • Help us find lasting solutions that scale • Be part of our success

Partnership

18

Agile and secure information capabilities to enhance combat power and decision making.

Robert J. Carey

DEPUTY ASSISTANT SECRETARY OF DEFENSE (Information Management, Integration, and Technology) & DOD DEPUTY CHIEF INFORMATION OFFICER (703) 614-7323 [email protected]

19

Back Up Slides

Back Up

20

Defense Industrial Base Network (DIBNet)

A classified and unclassified collaboration and information sharing capability for DoD and Defense Industrial Base (DIB) partner use.

To protect sensitive DoD data residing in Defense contractor facilities.

To develop and deploy a secure infrastructure for DoD to exchange threat products and to collaborate with DIB partners in a timely fashion in defense of their network assets.

DIB CS/IA Data User Interface DIBNet DC3 Data Sources Other Data Sources DoD

DoD CIO runs the DIB Cyber Security/IA Program.

Defense Cyber Crime Center (DC3) provides the threat products and incident analysis capability.

2650 Cleared Defense Contractor companies are the targeted users of DIBNet capabilities.

21

Continuous Monitoring (CM)

Continuous monitoring is maintaining ongoing awareness to support organizational risk decisions.

CM unifies existing disparate capabilities of operational management and control to build out a robust and integrated solution for decision processes.

22

Host Based Security System (HBSS)

23

Secure Configuration Management (SCM)

Optimization Automation

SCM is the integration and optimization of enterprise IA applications, Services, Policy, and standards in to a multi-tiered architecture

SCM automates risk management processes that are manual today Innovation

SCM supports the delivery of Continuous Monitoring and Advanced Threat Analysis and Risk Scoring

Configuring assets securely in the first place Maintaining secure configuration Providing continuous situational awareness to the right people 24

Identity Management

• •

Goal: All applications and systems use a single trusted database of all DoD employees Approach:

Utilize the DMDC and Database

– –

PKI authentication Develop policies and processes

– –

Cyber security credentialing Enterprise Email

25

DoD CIO Approach

Customer Focus -

“The warfighter expects access…”

Centralized Guidance -

Responsible for “standardization”

Collaboration Emphasis - Partnerships and stakeholdersConsolidated Effort - Enterprise solutionsCapability Investment - The right talent and expertise 26

Purpose (TEMP Slide)

While USCYBERCOM must be focused on the now/near-term and strategic , DoD CIO must work to ensure that optimal policies, guidance and oversight is in place to design, acquire and operate Networks that map themselves, continuously sense and report all normal and abnormal activity levels, and provide a global Common Operational Picture of key data sets that can truly provide current Situational Awareness and Indications and Warning of future threat vectors.

Focus Questions:

What enterprise wide initiatives are you working to provide real-time and near term insights into threats to the DOD Cyber Domain?

In what key areas are you partnering with USCYBERCOM to ensure that unclassified Cyber Intelligence is collected, analyzed and appropriately disseminated across DOD and the DIB?

How does DOD CIO define Cyber Intelligence?

27

OSD/CIO Mission

Bring the power of information to the achievement of mission success in all operations of the Department; war fighting, business, and intelligence.

 Lead the Department in achieving a persistent and dominant information advantage for ourselves and our mission partners.

 Lead the Department in changing those policies, processes, and culture necessary to provide the speed, accuracy, and agility to ensure mission success in a rapidly changing and uncertain world.

 Ensure a robust and secure information environment.

 Provide modern command and control capabilities through persistent collaboration at all levels and among all mission partners.

 Acquire new information capabilities rapidly (9-12 months) and at low cost by delivering them as enterprise services.

28

CIO Major Areas of Activity

Policy Development

success. – The establishment of the direction and expectations to ensure a Defense Information Enterprise capable of accessing information, sharing it, and collaborate to achieve mission •

Program Oversight

– The leadership and expertise that provides the recommendations for effective IT investment, avoid duplicative efforts, prevent capability gaps, and ensure the tenants of net centricity are adhered to. •

Acquisition Support

capabilities. – The guidance and oversight needed to ensure IT programs adhere to acquisition directives, meet information sharing expectations, and quickly progress to fielded 29

Refashioned DoD CIO

Customer Focus

– “The warfighter expects access…” •

Centralized Guidance

– CIO responsible for “standardization” (policy, architecture, standards, governance) •

Collaboration Emphasis

Industry, Academia) – Renewed emphasis on partnerships and stakeholders (MILDEPS, DISA, USCC, AT&L, DCMO, USD(P), •

Enterprise Effort

– Enterprise approaches; improved security •

Competence Priority

– Get the right talent; leverage DISA technical expertise 30

Enterprise Wide Initiatives

Enterprise Services – Secure access to the data

Data Strategy – Tag and share the data

Information Transport – Securely move the data

Information Assurance – Keep it dependable

Net Ops – See and manage the networks & data

Partnering in key areas with Combatant Commands, Services, DoD Agencies and the commercial sector

31

Link to Mission

Success is dependent upon our ability to connect people with information anytime, anywhere

The DoD CIO is responsible for ensuring the delivery of critical enabling capabilities that:

Allow information to be accessed and shared

Ensure partners can collaborate

Support decision makers at all levels to make better decisions faster and to take action sooner

Information must be given the same priority and protection as any mission critical system or platform.

32