northrop grumman corporation
play

Northrop Grumman Corporation Operating Safely in a Cyber Dense - PowerPoint PPT Presentation

Apr 29, 2023 •357 likes •496 views

Northrop Grumman Corporation Operating Safely in a Cyber Dense Environment the Good, the Bad, and the Ugly. World Air Traffic Management Congress March 2016 Dr. Dennis McCallam, DIA. Northrop Grumman Fellow Who we are Leading global

  1. Northrop Grumman Corporation Operating Safely in a Cyber Dense Environment – the Good, the Bad, and the Ugly. World Air Traffic Management Congress March 2016 Dr. Dennis McCallam, DIA. Northrop Grumman Fellow

  2. Who we are • Leading global security company • $24 billion sales in 2014 • $38.2 billion total backlog • Leading capabilities in: – Unmanned Systems – Cyber – C4ISR – Logistics Focus on Performance 2 Approved For Public Release # 16-0385; Unlimited Distribution

  3. Agenda • Lets put a context on the cyber threat from a capability standpoint • The cyber environment out there….ugly • Understanding that our environment has both enterprise and platform information systems • Some thoughts on security engineering and resilience • Some ways ahead (and some good news) Approved For Public Release # 16-0385; Unlimited Distribution

  4. Looking at the Threat Landscape - Capabilities 1 Use existing malicious code and known exploits The Known - Develop tools to use known exploits against publically 2 Known known vulnerabilities Develop and use unknown malicious code against known 3 The vulnerabilities Known- Unknown Criminal or state actors who discover new vulnerabilities 4 and develop exploits against known vulnerabilities State actors who create vulnerabilities and impact products The 5 in the supply chain to enable exploitation of networks and systems of interest Unknown - Unknown States with the ability to successfully execute full spectrum 6 cyber operations * Defense Science Board Task Force Report: Resilient Military Systems and the Advanced Cyber Threat January 2013 4 Approved For Public Release # 16-0385; Unlimited Distribution

  5. So….How vulnerable are things • Some factual attacks or alerts – Computer researcher hacked into aircraft control system (masquerading as a passenger): May 2015 • Contention between safety and security – Johnson, C. (2016). Why We Cannot (Yet) Ensure the Cyber-Security of Safety- Critical Systems. – Need to address the difference between platform (sensor, etc) systems and enterprise systems • Some urban legend attacks – Was it a virus or a bad maintenance computer? 5 Approved For Public Release # 16-0385; Unlimited Distribution

  6. Cyber resilience impacts a lot of things Enterprise IT System of Systems Platform IT The traditional IP based IT Combination of platform and The IT residing within and on infrastructure: HW/SW and all enterprise IT systems (their platforms that it touches sensors and components) that make up the mission KEY CHARACTERISTICS KEY CHARACTERISTICS KEY CHARACTERISTICS • More homogenous and known • Hybrid – multiple interfaces • Some non-Internet operating • Infrastructure dependent across enterprise and systems, protocols and transport • Designed to manage large platform • Proprietary components volumes of critical data • Huge attack surface • Some legacy systems, • Events are played out in • Risk of “Pearl Harbor” if pre-“cyber era” massive scale in public “jump the gap” events • Solutions must be safety-centric • Vast array of COTS cyber tools of varying effectiveness Not everything is the same. 6 Derived from DoDD 8500.1, Paragraph E2.1.16.4 Approved For Public Release # 16-0385; Unlimited Distribution

  7. Security Engineering: Simplified • Continuously improve your C4ISR architecture with security in mind – Think: “Secure by Design” • The Internet of Things (and a lesson for us) 192.168.0.63 …and I just hacked a bank. Where Should We Protect From? 7 Approved For Public Release # 16-0385; Unlimited Distribution

  8. Cyber Threats…Are They Really Everywhere? Performance Data Recorder Supply Chain Bluetooth/4G/OnStar Keyless Entry Remote Start Security Engineering and Vulnerability Analysis Enable Successful Cyber Design and Test 8 Approved For Public Release # 16-0385; Unlimited Distribution

  9. The Resilience Lifecycle Start Secure. Stay Secure. Return Secure. ™ TRUSTED BASELINE RESILIENT OPERATIONS SECURE RE-BASELINING Operations & Support Upgrade & Modernize Design, Acquire, Build & Field • Detect/prevent loss of sensitive information • Maintain supply chain • Avoid supply chain intrusion integrity • Operate through attacks • Continually assess security • Preserve software integrity posture • Respond to attacks across the board, not just on IP-based connections • Prevent malware injection • Detect & reject built-in malware and undocumented features • Detect RF links & code insertion • Prevent security mitigation bypass • Design holistically • Prevent mission critical function alteration • Detect non-intentional S/W • Follow software assurance • Monitor for mission load compromise modifications processes • Review & protect diagnostic • Ensure software provenance equipment injection points • Detect & reject counterfeit parts Attack Vectors Resilience Approaches • Ensure software/data • Prevent contract process flaws Data integrity Start Secure Code • Secure related environments Infrastructure Communications Stay Secure People Return Secure Mission Assurance 9 Approved For Public Release # 16-0385; Unlimited Distribution

  10. Some good news • The enterprise IT side is well understood – Build on the shoulders of giants • The safety and operational demands on ATC Platform IT is a GREAT start towards cyber protection – Code evaluations – Secure CM and patch control • We can and should get into two rhythms – Start secure, Stay secure, Seturn secure™ to help with the development and architecture of the next generation systems – Secure it, Optimize it, Evolve it ™ to make sure we always know where we are and know where we are going • Secure the design data of your system – it is critical 10 Approved For Public Release # 16-0385; Unlimited Distribution

  11. Final thoughts - maintain your vision with education • The development of processes around E System Security Engineering is a natural extension of the formal Systems Engineering 20 1 100 process • Engineering a solid system to protect the D U 20 integrity of the supply chain is necessary 50 2 • Educate application developers about risks to 20 C A T E 3 20 the supply chain and what to watch for Information Supply Chain Security Security Standards Policy and Regulations Systems and Vendors 11 Approved For Public Release # 16-0385; Unlimited Distribution

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Northrop Grumman Today April 2016 Gloria Pualani Corporate Director, GSDP/Government Relations

Northrop Grumman Today April 2016 Gloria Pualani Corporate Director, GSDP/Government Relations

Northrop Grumman Today April 2016 Gloria Pualani Corporate Director, GSDP/Government Relations Northrop Grumman Today Leading global security company $23.5 billion sales in 2015 $35.9 billion total backlog (as of Dec. 31, 2015)

302 views • 11 slides
Fault-tolerant Quantum Computing Bryan Eastin Northrop Grumman Corporation Aurora, CO December

Fault-tolerant Quantum Computing Bryan Eastin Northrop Grumman Corporation Aurora, CO December

Fault-tolerant Quantum Computing Bryan Eastin Northrop Grumman Corporation Aurora, CO December 2014 Bryan Eastin Fault-tolerant Quantum Computing What do we mean by quantum computer ? Quantum computer properties (in theory) General purpose -

860 views • 55 slides
Northrop Grumman Cybersecurity Research Consortium (NGCRC) Intelligent Autonomous Systems based

Northrop Grumman Cybersecurity Research Consortium (NGCRC) Intelligent Autonomous Systems based

Northrop Grumman Cybersecurity Research Consortium (NGCRC) Intelligent Autonomous Systems based on Data Analytics and Machine Learning 19 April 2018 Bharat Bhargava Purdue University Technical Champions : Jason Kobes, Jeffrey Ciocco, Will

932 views • 71 slides
Business Value and Customer Benefits Derived from High Maturity Alan Pflugrad Northrop Grumman

Business Value and Customer Benefits Derived from High Maturity Alan Pflugrad Northrop Grumman

CMMI sm Technology Conference and User Group November 2002 Business Value and Customer Benefits Derived from High Maturity Alan Pflugrad Northrop Grumman Information Technology Defense Enterprise Solutions (DES) Chair, DES Engineering Process

565 views • 17 slides
Maybe There is a Better Way Sandy Burney & Shawn Larson Northrop Grumman Aerospace Systems

Maybe There is a Better Way Sandy Burney & Shawn Larson Northrop Grumman Aerospace Systems

The Peculiar World of Sole Source Contracting; Maybe There is a Better Way Sandy Burney & Shawn Larson Northrop Grumman Aerospace Systems What should you expect for the next 45 minutes? Peculiarities of sole source estimating

207 views • 19 slides
State of US Aerospace the Industry and Northrop Grumman Heritage August 16, 2019 Approved for

State of US Aerospace the Industry and Northrop Grumman Heritage August 16, 2019 Approved for

The Aerospace & Defense Forum Los Angeles Chapter August 16, 2019 State of US Aerospace the Industry and Northrop Grumman Heritage August 16, 2019 Approved for Limited Public Distribution # 18-1289 1 Presentation The State of

449 views • 11 slides
Matthew Hause UPDM Co-Chair UPDM Group Adaptive Mitre Artisan Software Northrop Grumman ASMG

Matthew Hause UPDM Co-Chair UPDM Group Adaptive Mitre Artisan Software Northrop Grumman ASMG

UPDM Unifie d Pr ofile for DoDAF / MODAF Matthew Hause UPDM Co-Chair UPDM Group Adaptive Mitre Artisan Software Northrop Grumman ASMG L3 Comms BAE Systems MOD DoD NoMagic DND Raytheon embeddedPlus Rolls Royce Generic Sparx

574 views • 29 slides
Shipping Hazardous Materials Who? Me? Overview of transportation of samples and small

Shipping Hazardous Materials Who? Me? Overview of transportation of samples and small

Shipping Hazardous Materials Who? Me? Overview of transportation of samples and small quantities of hazardous materials by highway and air John Fowlkes, CHMM Principal Environmental Engineer Northrop Grumman Corporation Hazardous

610 views • 35 slides
"Right-sized Architecture: Integrity for Emerging Designs" Presented by: Ken Kubo

"Right-sized Architecture: Integrity for Emerging Designs" Presented by: Ken Kubo

AW7 Concurrent Session 11/7/2012 2:15 PM "Right-sized Architecture: Integrity for Emerging Designs" Presented by: Ken Kubo Northrop Grumman Corporation Brought to you by: 340 Corporate Way, Suite 300, Orange Park, FL 32073 888 268

563 views • 23 slides
Introduction to OSGi University of Colorado, Boulder CSCI 5828 Foundations of Software

Introduction to OSGi University of Colorado, Boulder CSCI 5828 Foundations of Software

Introduction to OSGi University of Colorado, Boulder CSCI 5828 Foundations of Software Engineering Spring 2012 Professor Kenneth Anderson Presentation by: Brendan Greene Software Developer Northrop Grumman Corporation Introduction to

651 views • 30 slides
Presentation 3 Keven Benavente Rayne Dobson Savannah Hillebrand David McNealy Sami Scarcello

Presentation 3 Keven Benavente Rayne Dobson Savannah Hillebrand David McNealy Sami Scarcello

Presentation 3 Keven Benavente Rayne Dobson Savannah Hillebrand David McNealy Sami Scarcello Tyler Schafer [1] Review: Scope and Objectives Northrop Grumman Corporation (NGC) Requested team design of functional handling arm Able

169 views • 15 slides
Preliminary Presentation Keven Benevante Rayne Dobson Savannah Hillebrand David McNealy Sami

Preliminary Presentation Keven Benevante Rayne Dobson Savannah Hillebrand David McNealy Sami

Preliminary Presentation Keven Benevante Rayne Dobson Savannah Hillebrand David McNealy Sami Scarcello Tyler Schafer [1] Scope and Objectives Northrop Grumman Corporation (NGC) Requested team design of functional handling arm

444 views • 21 slides
November 11, 2003 R. Lai, M. Siddiqui, B. Pitman, M. Nishimoto, K. Johnson, S. Din, O. Fordham,

November 11, 2003 R. Lai, M. Siddiqui, B. Pitman, M. Nishimoto, K. Johnson, S. Din, O. Fordham,

Highly Linear and Compact MMW Phased Array Transmitters November 11, 2003 R. Lai, M. Siddiqui, B. Pitman, M. Nishimoto, K. Johnson, S. Din, O. Fordham, G. Schreyer, R. Grundbacher, L. Callejo and D. Streit, Northrop Grumman Space Technology,

315 views • 13 slides
A Practical Example of the Integration of Simulations, Battle Command, and Modern Technology

A Practical Example of the Integration of Simulations, Battle Command, and Modern Technology

A Practical Example of the Integration of Simulations, Battle Command, and Modern Technology International European Multi Conference And Simulation Interoperability Workshop 2009 Dr. J. Mark Pullen Lori Topor C4I Center Northrop Grumman IT

468 views • 29 slides
SENSOR PLACEMENT OPTIMIZATION Science and Technology for Chem-Bio Information Systems 25-28

SENSOR PLACEMENT OPTIMIZATION Science and Technology for Chem-Bio Information Systems 25-28

SENSOR PLACEMENT OPTIMIZATION Science and Technology for Chem-Bio Information Systems 25-28 October 2005 Keith Gardner Northrop Grumman IT Problem of Interest Multiple Biological detectors to be placed around and within a fixed facility

196 views • 16 slides
Illusionist: Transforming Lightweight Cores into Aggressive Cores on Demand Amin Ansari 1 ,

Illusionist: Transforming Lightweight Cores into Aggressive Cores on Demand Amin Ansari 1 ,

Illusionist: Transforming Lightweight Cores into Aggressive Cores on Demand Amin Ansari 1 , Shuguang Feng 2 , Shantanu Gupta 3 , Josep Torrellas 1 , and Scott Mahlke 4 1 University of Illinois, Urbana-Champaign 2 Northrop Grumman Corp. 3 Intel

349 views • 23 slides
Enterprise Mobility: Getting Ready for 2015 Meeting Objectives: Meeting Agenda: Mobility demands

Enterprise Mobility: Getting Ready for 2015 Meeting Objectives: Meeting Agenda: Mobility demands

Enterprise Mobility: Getting Ready for 2015 Meeting Objectives: Meeting Agenda: Mobility demands & challenges will keep Introduction increasing in 2015. Hence we are focusing this session on: Mobility Trends - Updating

548 views • 25 slides
RESOURCES WITH PRE - KNOWN INFORMATION Students : Avi Shahimov, Ariel Slonim , Nave Ariel ,

RESOURCES WITH PRE - KNOWN INFORMATION Students : Avi Shahimov, Ariel Slonim , Nave Ariel ,

D YNAMICALLY REALLOCATING RESOURCES WITH PRE - KNOWN INFORMATION Students : Avi Shahimov, Ariel Slonim , Nave Ariel , Yuri Gabaev , Yuval Kovler, Dima Kupershmidt Mentor: Segev Cohen. Supervisor: Eli Itin Hanoch Sapoznikov Month Year

263 views • 11 slides
A Multipurpose Delegation Proxy rely on HTTP as communication protocol e.g. online stores

A Multipurpose Delegation Proxy rely on HTTP as communication protocol e.g. online stores

Motivation Most client-server applications on the Internet A Multipurpose Delegation Proxy rely on HTTP as communication protocol e.g. online stores / banking for WWW Credentials web-based e-mail virtual market places,

69 views • 5 slides
Introduction to Java Java Language Language Introduction to

Introduction to Java Java Language Language Introduction to

Introduction to Java Java Language Language Introduction to plw@ku.ac.th

686 views • 40 slides
Digit Digital al Se Security y Training Topics Covered Week 5 Week 1 Social Media

Digit Digital al Se Security y Training Topics Covered Week 5 Week 1 Social Media

Be Best Practices A digital training brought to you by RSAT Security in partnership with Supreme Technologies Group. Digit Digital al Se Security y Training Topics Covered Week 5 Week 1 Social Media Introduction to Information Security

506 views • 24 slides
Impeding Automated Malware Analysis with Environment-sensitive Malware Chengyu Song , Paul Royal

Impeding Automated Malware Analysis with Environment-sensitive Malware Chengyu Song , Paul Royal

Impeding Automated Malware Analysis with Environment-sensitive Malware Chengyu Song , Paul Royal and Wenke Lee College of Computing Georgia Institute of Technology Agenda l Background l Defeating Automated Malware Analysis Host

1.28k views • 28 slides
Project Plan Predictive Engine for Long Term Malware Detonation The Capstone Experience Team

Project Plan Predictive Engine for Long Term Malware Detonation The Capstone Experience Team

Project Plan Predictive Engine for Long Term Malware Detonation The Capstone Experience Team Proofpoint Izzy Dove Samuel Gendelman Alexander Kendall Joshua Wilson Geoffrey Witherington-Perkins Department of Computer Science and Engineering

391 views • 12 slides
Cyber Security in Marine Nuclear Transport Systems Contents: 1. What are we protecting? 2.

Cyber Security in Marine Nuclear Transport Systems Contents: 1. What are we protecting? 2.

Cyber Security in Marine Nuclear Transport Systems Contents: 1. What are we protecting? 2. Why do we need Cyber Security? 3. How do they do it? 4. Cyber incidents and threats why it should be important to you 5. The dangers of

450 views • 18 slides

More recommend