1 / 24

Cybersecurity for Engineers

Raymond Shanahan raymond.shanahan@dau.mil. Day of Cyber June, 26, 2019. Cybersecurity for Engineers. Agenda. Engineer’s Role in the National Defense Strategy (NDS) Systems and Systems Engineering (SE) are Changing Cybersecurity Requirement/Responsibility Cybersecurity Principles

estradadavid
Télécharger la présentation

Cybersecurity for Engineers

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Raymond Shanahan raymond.shanahan@dau.mil Day of Cyber June, 26, 2019 Cybersecurity for Engineers

  2. Agenda • Engineer’s Role in the National Defense Strategy (NDS) • Systems and Systems Engineering (SE) are Changing • Cybersecurity Requirement/Responsibility • Cybersecurity Principles • Cybersecurity Risks/Issues • Cyber Threat Protection Measures • Systems Security Engineering (SSE) Process Overview • Key Cybersecurity/Program Protection/SSE Activities • Where to Start with Key Cybersecurity/Program Protection/SSE? • Cybersecurity/Program Protection/SSE Across the Lifecycle • Takeaways

  3. Engineer’s Role in the NDS “To keep pace with our times, the department will transition to a culture of performance and affordability that operates at the speed of relevance.  Success does not go to the country that develops a new technology first, but rather, to the one that better integrates it and more swiftly adapts its way of fighting. Our current bureaucratic processes are insufficiently responsive to the department's needs for new equipment. We will prioritize speed of delivery, continuous adaptation and frequent modular upgrades.” Remarks by Secretary James Mattis on the NDS, January 19, 2018

  4. Systems and SE are Changing • Systems hardware-based; built to last; automated; standalone • Heuristic-based decisions • Deeply integrated architectures • Hierarchical organizations • Satisfying requirements • Static certification • Warfighting and IT systems defending against kinetic and computer network threats, respectively • Systems software-based; built to evolve; learning; highly networked; composable sets of mission-focused systems • Data-driven decisions • Layered, modular architectures • Ecosystems of partners; agile teams of teams • Constant experimentation and innovation • Dynamic, continuous certification • Defenses required against constantly emerging threats and attack surfaces - Derived from David Long, Former INCOSE President

  5. Cybersecurity Requirement/Responsibility • A requirement for all DoD programs • Must be fully considered and implemented in all aspects of acquisition programs across the life cycle • Acquisition activities include system concept trades, design, development, test and evaluation, production, fielding, sustainment, and disposal • Responsibility extends … to every member of the acquisition workforce • Starts from the earliest exploratory phases of a program • Program managers, assisted by supporting organizations to the acquisition community, are responsible for the cybersecurity of their programs, systems, and information • Program managers will pay particular attention to … areas where a cybersecurity breach or failure would jeopardize military technological advantage or functionality - DoDI5000.02, Enclosure 14

  6. Money Hacks and Protection Measures • Rapid advance of image acquisition, processing, and printing technologies presents an ever advancing counterfeiting threat to U.S. currency as well as other products • For example, Artificial Intelligence is already enabling “deepfake” images/video • Deterrent measures for currency can include printed, modified substrate, composite, or electronic features providing digital encryption and chemical, thermal, optical, tactile, engineered materials, shape/elasticity, and other sensors • U.S. Treasury: 1) assesses the cost-effectiveness of potential deterrent features and prioritizes them for use and 2) considers program execution risks/issues, feature-delivery phasing, and field testing requirements - Adapted from “A Path to the Next Generation of U.S. Banknotes: Keeping Them Real (2007)” System security must balance the consequence of a successful exploit against the cost-effectiveness of the planned protections

  7. Cybersecurity Principles • Manage access to and use of the system and its resources • Structure the system to protect and preserve its functions and resources, e.g., through segmentation, separation, isolation, or partitioning • Configure the system to minimize exposure to vulnerabilities that impact the system and mission throughout the lifecycle, to include disposal • Techniques include design choice, component choice, security technical implementation guides, and patch management • Implement, verify, and validate risk-based system and component protection measures • Anticipate, detect, and respond to security anomalies to maintain priority system functions under adverse conditions • Secure the system’s internal and external interfaces Implementation must be aligned within the SE process to achieve the required cost, schedule, performance, and security of the system

  8. Cybersecurity Risks/Issues • Subvertionor compromise of DoD networks, systems, support infrastructure, and employees through malicious actions • Exfiltration of operational and classified data to compromise or disrupt critical DoD missions • Exfiltration of intellectual property, designs, or technical documentation to weaken DoD technological and military advantage • Insertion of compromised hardware, firmware, or software to disrupt or degrade system performance • Reverse engineering of warfighting capabilities that have been lost, stolen, or transferred in an unauthorized manner - DoDI5000.02, Enclosure 14 In addition, there are other risks/issues, such as counterfeit/cloned products, reliability, design, or other risks/issues, that originate from an economic or other root cause, that can have an adverse security impact

  9. A Car Hack Think like a hacker Controller Area Network (CAN) ~ 1553 Databus Is there remote access to your system?

  10. Cyber Threat Protection Measures • Information safeguarding • Network protection • Designed-in system protections • Supply Chain Risk Management (SCRM)/component provenance/tracking • Software Assurance (SwA) • Hardware Assurance (HwA) • Anti-counterfeit practices • Anti-Tamper (AT) • Defense Exportability Features (DEF) • Counter-Intelligence (CI) • Other program security-related activities, e.g., information security, operations security (OPSEC), personnel security, physical security, and industrial security SSE needed to integrate these risk-based protection measures - DoDI5000.02, Enclosure 14

  11. Potential Protection Measures Against the Car Hack What are the most cost-effective protection measures for your system?

  12. Where to Start with Cybersecurity/Program Protection/SSE? • Policies • DoDI 5000.02, Operation of the Defense Acquisition System • DoDI5000.02, ENCL 14, Cybersecurity in the Defense Acquisition System • DoDI 5200.01, DoD Information Security Program and Protection of Sensitive Compartmented Information (SCI) and associated manuals (DoDM 5200.01 Vol 1-4) • DoDI 5200.39, Critical Program Information (CPI) Identification and Protection Within Research, Development, Test, and Evaluation (RDT&E) • DoDI 5200.44, Protection of Mission Critical Functions to Achieve Trusted Systems and Networks (TSN) • DoDM 5200.45, Instructions for Developing Security Classification Guides 1. Start with DoDI5000.02, Enclosure 14 andDAG Chapter 9 to quickly familiarize yourself with key best practices! • DoDI5230.24, Distribution Statements on Technical Documents DoDD5200.47E, Anti-Tamper (AT) • DoDI 8500.01, Cybersecurity • DoDI 8510.01, Risk Management Framework (RMF) for DoD Information Technology (IT) • Guidance • Defense Acquisition Guidebook (DAG), Chapter 9, Program Protection • DoD, Assurance of Department of Defense (DoD) Systems Security Classification Guide (SCG) (In formal coordination), October 30, 2018 • https://jfac.navy.mil/JFAC/resources/documents

  13. Where to Start with Cybersecurity/Program Protection/SSE? • Training • DAU ACQ 160, Program Protection Planning Awareness • DAU ENG 260, Program Protection for Practitioners • DAU CLE 022, Program Manager Introduction to Anti-Tamper • DAU CLE 074, Cybersecurity Throughout DoD Acquisition • DAU CLE 080, Supply Chain Risk Management for • Information and Communications Technology • DAU CLE 081, Software Assurance (SwA) Awareness • DAU ISA 220, Risk Management Framework (RMF) for the Practitioner • DAU WSM 015, Cybersecurity Awareness Workshop 2. Take ACQ 160 and ENG 260 for an overview of Program Protection and its methodologies 3. Contact DAU to arrange a tailored workshop

  14. Where to Start with Cybersecurity/Program Protection/SSE? • Resources* • DoD Acquisition Security Database (ASDB) • OSD.ASDBHelpdesk@mail.mil • DoD Anti-Tamper Executive Agent (ATEA)* • https://www.at.dod.mil/ • DoD Cyber Exchange* • https://public.cyber.mil/ • Joint Acquisition and Protection Cell (JAPEC) • osd.atl.asd-re.se@mail.mil • Joint Federated Assurance Center (JFAC)* • https://jfac.navy.mil • Trusted Systems and Networks (TSN) Roundtable • https://rmfks.osd.mil/rmf/TSN/Pages/default.aspx • DoD Defense Industrial Base (DIB) Cybersecurity (CS) Program https://dibnet.dod.mil/portal/intranet/ • Risk Management Framework (RMF) Knowledge Service (KS)* • https://rmfks.osd.mil/ • DoD Trusted and Assured Microelectronics (T&AM)/Microelectronics Innovation for National Security and Economic Competitiveness (MINSEC) Program • https://www.acq.osd.mil/se/initiatives/init_micro.html 4. Consult with JAPEC, DoD Component TSN Focal Point, JFAC, and ATEA for program/ technology; SwA, HwA, and SCRM; and AT protection respectively * Additional training offered by these activities

  15. Where to Start with Cybersecurity/Program Protection/SSE? 5. Categorize your system’s overall protection requirements, to include the establishment of appropriate risk-based protectionlevels, and baseline its protection measures • Identify what tier of protection has been identified for your program and/or its technology by the JAPEC and/or the Protecting Critical Technology Task Force • Using TSN and information analysis, identify the planned system assurance and cybersecurity system classification levels, respectively • For weapon systems, conduct CPI and Defense Exportability analysis assuming export, allied/coalition operation, and the potential for battlefield loss and/or unauthorized transfer, and identify the planned AT level and potential export configuration(s) required • Analyze the threats to, and vulnerabilities of, the system, to include the system’s interfaces • Identify the baseline protection measures required for the protection levels identified and align and prioritize them for implementation based on the threat and vulnerability analysis

  16. SSE Process Overview • Analyses are iteratively informing system design • Results are documented in the Program Protection Plan (PPP) Protections identified (ID’d) and assessed in SETRs and integrated into Functional/Allocated/Product Baselines in SETRs Program and System Analyses Criticality Analysis ID mission critical functions/ components and suppliers CPI Analysis ID capability elements providing US technological advantage Horizontal analysis Information Analysis ID information requiring protection, its classification, location, etc. Contractor SSE Decision Analysis Implement protections in system and its developmental and operational environments Assess SSE risksbased on analyses and assessments Determine candidate protections to address threats/vulnerabilities Verification & Validation (V&V) Threat and Vulnerability Assessments Conduct engineering/ risk/cost trade-off analyses Conduct V&V, DT&E, and OT&E of protections and assess/evaluate residual vulnerabilities ID threats and vulnerabilities related to mission-critical functions/components, CPI, and information about the program, development environment, and system (emphasis on technical info) Establish protection measures

  17. Cybersecurity/Program Protection/SSE Across the Lifecycle Suggested Language to Incorporate System Security Engineering for Trusted Systems and Networks into Department of Defense Requests for Proposals http://www.acq.osd.mil/se/initiatives/init_pp-sse.html • Production Contract • TMRR Phase RFP EMD Phase RFP • Protection measures as a design consideration • Incorporate requirements into technical baselines • Entry and exit criteria in SETRs • Assess technical risk and mitigation plans • Integrated Product Team collaboration • Test tools often custom per platform • Cyber Ranges and Red Teams have limited availability • Iterate with changes in architecture, threats, vulnerabilities, and testing

  18. Takeaways • DoD systems must prioritize speed of delivery, continuous adaption, and frequent upgrades to stay current with warfighter needs in the evolving battlespace • SSE must anticipate and mitigate threats to information, support networks, the supply chain, and developmental and operational systems and their interfaces • Systems must be able to defend against an ever expanding set of threats and attack surfaces • Cybersecurity is required by all programs and is every workforce member’s responsibility • SSE consists of a number of analyses, to include risk/cost trade-off analyses, as well as protection measure implementation and V&V • Protection implementation is risk-based and must be tailored/aligned within the SE process to achieve the systems’ required cost, schedule, performance, and security • Programs should take advantage of existing resources to categorize their systems’ protection levels and associated requirements and baseline their protection measures • Address cybersecurity in RFPs, SETRs, risk management, and test activities across the lifecycle

  19. Backup

  20. Key Terminology • cybersecurity (DoDI8500.01) • Prevention of damage to, protection of, and restoration of computers, electronic communications systems, electronic communications services, wire communication, and electronic communication, including information contained therein, to ensure its availability, integrity, authentication, confidentiality, and nonrepudiation. • program protection (DoDI 5000.02) • Program protection is the integrating process for managing risks to DoD warfighting capability from foreign intelligence collection; from hardware, software, and cyber vulnerability or supply chain exploitation; and from battlefield loss throughout the system life cycle. Where a DoD capability advantage derives from a DoD-unique or critical technology, program protection manages and controls the risk that the enabling technology will be lost to an adversary. Where a DoD capability advantage derives from the integration of commercially available or custom-developed components, program protection manages the risk that design vulnerabilities or supply chains will be exploited to destroy, modify, or exfiltrate critical data, degrade system performance, or decrease confidence in a system. Program protection also supports international partnership building and cooperative opportunities objectives by enabling the export of capabilities without compromising underlying U.S. technology advantages. • system security engineering (DoDI 5200.44) • An element of system engineering that applies scientific and engineering principles to identify security vulnerabilities and minimize or contain risks associated with these vulnerabilities.

  21. Key Terminology • criticality analysis (DoDI5200.44) • An end-to-end functional decomposition performed by systems engineers to identify mission critical functions and components. Includes identification of system missions, decomposition into the functions to perform those missions, and traceability to the hardware, software, and firmware components that implement those functions. Criticality is assessed in terms of the impact of function or component failure on the ability of the component to complete the system mission(s). • critical components (CCs) (DoDI 5200.44) • A component which is or contains [information and communication technology] ICT, including hardware, software, and firmware, whether custom, commercial, or otherwise developed, and which delivers or protects mission critical functionality of a system or which, because of the system’s design, may introduce vulnerability to the mission critical functions of an applicable system. mission critical functions. • mission critical function (DoDI 5200.44) • Any function, the compromise of which would degrade the system effectiveness in achieving the core mission for which it was designed

  22. Key Terminology • SCRM (DoDI5200.44) • A systematic process for managing supply chain risk by identifying susceptibilities, vulnerabilities and threats throughout DoD’s “supply chain” and developing mitigation strategies to combat those threats whether presented by the supplier, the supplied product and its subcomponents, or the supply chain (e.g., initial production, packaging, handling, storage, transport, mission operation, and disposal). • supply chain risk (DoDI 5200.44) • The risk that an adversary may sabotage, maliciously introduce unwanted function, or otherwise subvert the design, integrity, manufacturing, production, distribution, installation, operation, or maintenance of a system so as to surveil, deny, disrupt, or otherwise degrade the function, use, or operation of such system. • HwA(DAG Chapter 9) • The level of confidence that microelectronics (also known as microcircuits, semiconductors, and integrated circuits, including its embedded software and/or intellectual property) function as intended and are free of known vulnerabilities, either intentionally or unintentionally designed or inserted as part of the system's hardware and/or its embedded software and/or intellectual property, throughout the life cycle. • SwA(DoDI 5200.44) • The level of confidence that software functions as intended and is free of vulnerabilities, either intentionally or unintentionally designed or inserted as part of the software throughout the lifecycle.

  23. Key Terminology • CPI (DoDI 5200.39) • U.S. capability elements that contribute to the warfighters’ technical advantage, which if compromised, undermines U.S. military preeminence. U.S. capability elements may include, but are not limited to, software algorithms and specific hardware residing on the system, its training equipment, or maintenance support equipment. • AT (DoDD 5200.47E) • Systems engineering activities intended to prevent or delay exploitation of CPI in U.S. defense systems in domestic and export configurations to impede countermeasure development, unintended technology transfer, or alteration of a system due to reverse engineering. • DEF (USD(AT&L) memo, “Defense Exportability Features Policy Implementation Memorandum and Guidelines,” April 9, 2015) • Design, develop, and implement technology protection features that enable export, and/or modify or remove technologies and/or capabilities prohibited for export early in the acquisition life cycle, when possible. Technology protection features refer to the technical modifications necessary to protect CPI, which includes AT and other U.S. Government Technology Security and Foreign Disclosure (TSFD) and export policy-related modifications that must be developed and incorporated into export variants.

  24. Concept Studies SSE Process Overview System Definition(Functional Baseline) Preliminary Design (Allocated Baseline) Design Definition • Protections are identified and integrated into technical baselines • Analyses are iteratively informed by and informing the design • Results are documented in the Program Protection Plan (PPP) SRR Design Definition Detailed Design (Product Baseline) Technical Baselines* Design Definition SSE Decision Analysis Program and System Analyses Assess SSE risks based on program/system analyses and identified threats/ vulnerabilities Criticality Analysis Determine critical functions and components based on critical mission threads Identify key suppliers CPI Analysis Identify capability elements providing a US technological advantage Conduct horizontal analysis Contractor Information Analysis Properly apply classification and marking procedures Implement required info protections Implement SSE in design, development: Respond to SSE requirements Asses security risks during design review and system implementation Determine candidate protections to address vulnerabilities. Utilize protections from across SSE specialties (e.g., cybersecurity, SwA, AT, HwA) and security specialties (e.g., OPSEC, personnel security, physical security) Verification & Validation (V&V) Conduct engineering risk/cost trade-off analyses Conduct V&V: Evaluate AT protections Assess hardware and software vulnerabilities Verify SSE reqmts (Contractor, DT&E, OT&E) Threat and Vulnerability Assessments Identify threats and vulnerabilities related to: Mission-critical functions/components CPI Key info about the program and system (emphasis on technical information) Establish protection measures System security requirements Identify acquisition mitigations Further analyses necessary

More Related