Northrop Grumman Corporation Operating Safely in a Cyber Dense - - PowerPoint PPT Presentation

northrop grumman corporation
SMART_READER_LITE
LIVE PREVIEW

Northrop Grumman Corporation Operating Safely in a Cyber Dense - - PowerPoint PPT Presentation

Apr 29, 2023 357 likes •500 views

Northrop Grumman Corporation Operating Safely in a Cyber Dense Environment the Good, the Bad, and the Ugly. World Air Traffic Management Congress March 2016 Dr. Dennis McCallam, DIA. Northrop Grumman Fellow Who we are Leading global

slide-1
SLIDE 1

Northrop Grumman Corporation

World Air Traffic Management Congress March 2016

  • Dr. Dennis McCallam, DIA.

Northrop Grumman Fellow

Operating Safely in a Cyber Dense Environment – the Good, the Bad, and the Ugly.

slide-2
SLIDE 2

Approved For Public Release # 16-0385; Unlimited Distribution

Who we are

  • Leading global security

company

  • $24 billion sales in 2014
  • $38.2 billion total backlog
  • Leading capabilities in:

– Unmanned Systems – Cyber – C4ISR – Logistics

Focus on Performance

2

slide-3
SLIDE 3

Approved For Public Release # 16-0385; Unlimited Distribution

Agenda

  • Lets put a context on the cyber threat from a

capability standpoint

  • The cyber environment out there….ugly
  • Understanding that our environment has both

enterprise and platform information systems

  • Some thoughts on security engineering and

resilience

  • Some ways ahead (and some good news)
slide-4
SLIDE 4

Approved For Public Release # 16-0385; Unlimited Distribution

Looking at the Threat Landscape - Capabilities

4

* Defense Science Board Task Force Report: Resilient Military Systems and the Advanced Cyber Threat January 2013

1

Use existing malicious code and known exploits

2

Develop tools to use known exploits against publically known vulnerabilities

3

Develop and use unknown malicious code against known vulnerabilities

4

Criminal or state actors who discover new vulnerabilities and develop exploits against known vulnerabilities

5

State actors who create vulnerabilities and impact products in the supply chain to enable exploitation of networks and systems of interest

6

States with the ability to successfully execute full spectrum cyber operations

The Known - Known The Known- Unknown The Unknown - Unknown

slide-5
SLIDE 5

Approved For Public Release # 16-0385; Unlimited Distribution

So….How vulnerable are things

  • Some factual attacks or alerts

– Computer researcher hacked into aircraft control system (masquerading as a passenger): May 2015

  • Contention between safety and security

– Johnson, C. (2016). Why We Cannot (Yet) Ensure the Cyber-Security of Safety- Critical Systems. – Need to address the difference between platform (sensor, etc) systems and enterprise systems

  • Some urban legend attacks

– Was it a virus or a bad maintenance computer?

5

slide-6
SLIDE 6

Approved For Public Release # 16-0385; Unlimited Distribution

Cyber resilience impacts a lot of things

6

Derived from DoDD 8500.1, Paragraph E2.1.16.4

Not everything is the same.

Combination of platform and enterprise IT systems (their sensors and components) that make up the mission

KEY CHARACTERISTICS

  • Hybrid – multiple interfaces

across enterprise and platform

  • Huge attack surface
  • Risk of “Pearl Harbor” if

“jump the gap” events

System of Systems

The traditional IP based IT infrastructure: HW/SW and all that it touches

KEY CHARACTERISTICS

  • More homogenous and known
  • Infrastructure dependent
  • Designed to manage large

volumes of critical data

  • Events are played out in

massive scale in public

  • Vast array of COTS cyber tools
  • f varying effectiveness

Enterprise IT

The IT residing within and on platforms

Platform IT

KEY CHARACTERISTICS

  • Some non-Internet operating

systems, protocols and transport

  • Proprietary components
  • Some legacy systems,

pre-“cyber era”

  • Solutions must be safety-centric
slide-7
SLIDE 7

Approved For Public Release # 16-0385; Unlimited Distribution

Security Engineering: Simplified

  • Continuously improve your C4ISR architecture with security in mind

– Think: “Secure by Design”

  • The Internet of Things (and a lesson for us)

7

…and I just hacked a bank.

192.168.0.63

Where Should We Protect From?

slide-8
SLIDE 8

Approved For Public Release # 16-0385; Unlimited Distribution

Cyber Threats…Are They Really Everywhere?

8

Keyless Entry Remote Start Performance Data Recorder Bluetooth/4G/OnStar Supply Chain

Security Engineering and Vulnerability Analysis Enable Successful Cyber Design and Test

slide-9
SLIDE 9

Approved For Public Release # 16-0385; Unlimited Distribution

The Resilience Lifecycle

Start Secure. Stay Secure. Return Secure.™

9

Operations & Support

  • Detect/prevent loss of sensitive information
  • Operate through attacks
  • Respond to attacks across the board, not

just on IP-based connections

  • Detect RF links & code insertion
  • Prevent mission critical function alteration
  • Monitor for mission load compromise

Design, Acquire, Build & Field

  • Avoid supply chain intrusion
  • Continually assess security

posture

  • Detect & reject built-in malware

and undocumented features

  • Design holistically
  • Follow software assurance

processes

  • Ensure software provenance
  • Detect & reject counterfeit parts
  • Prevent contract process flaws
  • Secure related environments

Upgrade & Modernize

  • Maintain supply chain

integrity

  • Preserve software integrity
  • Prevent malware injection
  • Prevent security mitigation

bypass

  • Detect non-intentional S/W

modifications

  • Review & protect diagnostic

equipment injection points

  • Ensure software/data

integrity

Resilience Approaches

Mission Assurance

Attack Vectors

Data Code Infrastructure Communications People

TRUSTED BASELINE SECURE RE-BASELINING RESILIENT OPERATIONS

Start Secure Stay Secure Return Secure

slide-10
SLIDE 10

Approved For Public Release # 16-0385; Unlimited Distribution

Some good news

  • The enterprise IT side is well understood

– Build on the shoulders of giants

  • The safety and operational demands on ATC

Platform IT is a GREAT start towards cyber protection

– Code evaluations – Secure CM and patch control

  • We can and should get into two rhythms

– Start secure, Stay secure, Seturn secure™ to help with the development and architecture of the next generation systems – Secure it, Optimize it, Evolve it ™ to make sure we always know where we are and know where we are going

  • Secure the design data of your system – it is critical

10

slide-11
SLIDE 11

Approved For Public Release # 16-0385; Unlimited Distribution

  • The development of processes around

System Security Engineering is a natural extension of the formal Systems Engineering process

  • Engineering a solid system to protect the

integrity of the supply chain is necessary

  • Educate application developers about risks to

the supply chain and what to watch for

11

Final thoughts - maintain your vision with education

E

D U

C A T E

20 100 20 50 20 20 1 2 3

Standards Policy and Regulations Systems and Vendors

Information Security Supply Chain Security

slide-12
SLIDE 12