1 / 24

Computer Network Defense Maintaining an Efficient and Secure Enterprise in a Connected World

Computer Network Defense Maintaining an Efficient and Secure Enterprise in a Connected World. Chet Ratcliffe Executive Vice President / Chief Technology Officer EADS North America Defense Security & Systems Solutions Inc. chet.ratcliffe@eads3.com. The Threat.

efuru
Download Presentation

Computer Network Defense Maintaining an Efficient and Secure Enterprise in a Connected World

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Computer Network Defense Maintaining an Efficient and Secure Enterprise in a Connected World Chet Ratcliffe Executive Vice President / Chief Technology Officer EADS North America Defense Security & Systems Solutions Inc. chet.ratcliffe@eads3.com

  2. The Threat • Computer networks face a constantly evolving menace from cyber attacks, viruses, unauthorized probes, scans and intrusions • Foreign Governments, Terrorists, Criminals, and Network Hackers are more determined than ever to steal information, cause disruption and destroy networks • Non-optimized and non-standard processes and policy complicate response tactics and increase response times to attack • Inconsistent or no training of system operators in identifying and mitigating Cyber Attacks currently poses one of the biggest threats to critical computer networks. Mitigate through Education/Training + Processes/Policy + Technology

  3. The Human Condition • Technology is no match for human error ~Torley • The factory of the future will have only two employees, a man and a dog.  The man will be there to feed the dog.  The dog will be there to keep the man from touching the equipment.  ~ Warren G. Bennis • I am sorry to say that there is too much point to the wisecrack that life is extinct on other planets because their scientists were more advanced than ours.  ~John F. Kennedy • The real problem is not whether machines think but whether men do.  ~B.F. Skinner • Bottom Line - The human brain is prone to data corruption and misinterpretation (memory pointer failure, non-sequential inconsistent access to memory stores and/or actual rewriting/resorting of data)

  4. Crippled or Exploited Networks • Loss of data and comm • Loss of critical infrastructures • Loss of customer confidence • Loss of revenue Total economic meltdown

  5. Global Considerations • Why is it a big deal? • Cultural and social differences • Technology • Economy and accessibility • Language • Trust • Laws (national vs. international) • Who controls the Internet? • Who polices the Internet? • Who makes the laws? • Who presides over legal challenges?

  6. Global Considerations UK Italy Sales & Marketing Financial transactions China Product Ordering www.italianshoes.com Help Desk Support Web Services

  7. Global Considerations What is Needed? • A Global Protocol providing • National Strategies • Legal Frameworks • Public-private sector initiatives • International law enforcement cooperation • Standardized security framework of policy, processes, architecture, persistent training and exercise • Enterprise security programs

  8. Global Considerations • ITU – International Telecommunication Union • UN agency regulating information and communication technology issues- global focal point for governments and the private sector in developing networks and services • World Summit on the Information Society (WSIS) • United Nations-sponsored conferences about information, communication and, in broad terms, the information society – 2003 in Geneva and in 2005 in Tunis. chief aim - bridge the so-called global digital divide separating rich countries from poor countries by spreading access to the Internet in the developing world. ITU asked to take the lead in coordinating international efforts in the field of cybersecurity, for action Line C5, “Building confidence and security in the use of ICTs (Information and Communication Technologies)” • ITU positioning itself for a greater role in cybersecurity

  9. Global Considerations • Global Cybersecurity Agenda (GCA) • Provide a framework within which an international response to the growing challenges to cybersecurity can be coordinated and addressed. • GCA based on international cooperation and strives to engage all relevant stakeholders in a concerted effort to build confidence and security in the information society. • Built upon five strategic pillars • Legal Measures • Technical and Procedural Measures • Organizational Structures • Capacity Building • International Cooperation http://www.itu.int/osg/csd/cybersecurity/gca/

  10. Conficker→10 million PCs, $10 Billion

  11. - Stefan Savage, professor at UCSD and lead researcher on a recent spam study “One in 10 people clicking through to receive the malware is a pretty sobering number“

  12. FSLJDSLFFSFU.17.23.server29.akamae.com

  13. Internet Access Control Point Local Area Network

  14. How much damage can be done with a keystroke?

  15. Perceived Industry and Govt Issues • Lack of good security policy • Lack of good management oversight • Lack of well defined security and network management processes • Lack of standardized and/or integrated tools • Lack of configuration management and version control • Lack of optimization on networks (usually ties back to configuration management and good network practices) • Little understanding of mitigation and reporting procedures in the event of a compromise • No good common operational picture • No metrics related to network status or historical data on same • No persistent training and exercise regimen for operators on a network

  16. How do we ensure success • Technology alone will not fix the problem • A balanced system is required which includes: • Engaged leadership • Standardized processes • Well defined security policy • Educated personnel • Persistent training and exercise capability • A secure architecture • Easily accessible information conduit/portal

  17. Adult Learning

  18. Adult Learning Simulators Certifications Books

  19. Medical Simulators used to certify medical professionals Aircraft Simulators used to certify pilots

  20. “One way of looking at this might be that for 42 years, I've been making small, regular deposits in this bank of experience: education and training. And on January 15 the balance was sufficient so that I could make a very large withdrawal." • Chesley Sullenberger Detected Recognised Responded

  21. Why are we so willing to trust these people?

  22. Developed by EADS NA Defense Security & Systems Solutions (DS3) for the US Department of Defense • Provides a family of Cyber Defence Simulators to train network administrators and operators how to: • Detect • Recognise • Research • Mitigate • Report • attacks and anomalies in a network safe environment.

  23. CENTS™ Capability • Simulates Network Operations and Security structure • Separated from operational network • Allows real world Cyber Operations “risky” activity • NO OPERATIONAL IMPACT • Standard platform • Train: Net-D & system triage • Certify operators to agreed Standards and regular Evaluations & Checks • Drills: SOP / Checklists • Exercise: Defend against cyber attack • Evaluate: Tactics, Techniques, Procedures (TTP), & Processes • Assess: Future Capabilities • Automated Attack Events with Re-roll • Rapid automated reconstitution capability “Proving Ground” for net-centric operations

More Related