CLASSIFICATION

Research and Development Directions for Cyber Resilience

ADM Cyber Security Summit 16-17 June 2015

Dr Mike Davies

Research Leader, Cyber Assurance and Operations

Introduction

Definition of Resilience Ability to recover from some shock, disturbance or failure? More so: “the ability… to provide and maintain an acceptable level of

service [capability/functionality] in the face of various faults and challengesto normal operation”

Drawn from http://simple.wikipedia.org/wiki/Resilience

Mission assurance / business continuity…

economic prosperity…

societal wellbeing…

Untrustworthy ICT from supply chain insecurity

Sophisticated attackers

Hostile operating environments

‘Insider’ shortcomings…

Goal: Mitigate the threat and reduce risks to a tolerable level

3

So how are we going so far?Defenders are losing (or at best playing catch-up), attackers are winning (or at least calling the shots)*

… presenting strategic concerns…

Increasing national dependence on ICT: cyber-physical systems pervade

Lag in cyber security, increasing the vulnerability of government, industry and society

Australia’s National Security strategy of 2013 highlights “sophisticated capabilities to maximise Australia’s strategic capacity and reach in cyberspace…” as a matter of national security

The 2013 Defence White Paper highlights the critical dependency that modern military capabilities have on information systems

PM&C 2015 Cyber Security Review

…

Goal: Mitigate the threat and reduce risks to a tolerable level

*Eg M-Trends 2015: A View from the Front Lines; Mandiant 2015 and Telstra Cyber Security Report 2014

Science and Technology

It is of strategic importance that:– Research and development is undertaken into advanced approaches to

cyber security spanning the full system life cycle (design, build, operate…)

– R&D is aligned with current and projected operational challenges

– In-government R&D is strongly differentiated from that of academia and industry and maximises its in-government position

5

DSTO’s Cyber Science and Technology Strategy

Cyber 2020 Vision: DSTO Cyber Science and Technology Plan; 2014

Foundational Research Themes

The role of DSTO CAO cyber security R&D

EXISTING COUNTERMEASURES

Mainstream Threats

Advanced

Threats

Have impact…R&D

EXISTING COUNTERMEASURES

Mainstream Threats

Advanced

Threats

NEW COUNTERMEASURES

R&D

BEFORE this!!

R&D

Sit above mainstream…

Raise the bar…

Mainstream Threats

Advanced

Threats

NEW COUNTERMEASURES

EXISTING COUNTERMEASURES

Modus Operandi in DSTO CAO Cyber Security S&T

We develop techniques to discover and counter their presence

We develop tools and techniques to discover vulnerabilities and fix predispositions

We pursue autonomous cyber security solutions

and repeat BEFORE this!!

We demonstrate robust risk-based pervasive securitypolicy and architectures

We develop and use advanced cryptologic techniques

We develop solutions for resilient and trustworthy ICT

We forecast and prototype advanced forms of adversarial software and hardware.

We demonstrate their likely appearance and effect

We focus above mainstream

We have impact and raise the bar…

Gain tactical to strategic resilience through achieving and sustaining this state

Goal: Mitigate the threat and reduce risks to a tolerable level

Definition of Resilience Ability to recover from some shock, disturbance or failure? More so: “the ability… to provide and maintain an acceptable level of service

[capability/functionality] in the face of various faults and challenges to normal operation”

Drawn from http://simple.wikipedia.org/wiki/Resilience

– Resilient cyber systems Where ‘normal operation’ means operating in the presence of

untrustworthy information and communications technology (ICT)

– Resilient military missions Where maintaining ‘an acceptable level of’ mission assurance

requires systemic cyber protection strategies and actions

DSTO R&D and Cyber Resilience: 2 examples

Resilient Cyber Systems

Threat: Hardware Trojans

Intentional modification of COTS electronic circuitry

– Penetration into our networks

– Undetectable by current methods

– Triggered at will by adversary

– Compromise operation and security of infected electronics systems

– Scale effects, e.g., broad spectrum network degradation across all government networks

– Can also re-enable already protected software threats

Threat illustrations

State-sponsored (US Embassy Moscow, 1976 –1984)

– Implant characterised data and transmitted to a local listening post

– Undetected for 8 years; many man weeks and thousands of X-Rays to find, despite tip-off

Organised crime (UK 2008)

– ATM machines opened, tampered with and perfectly resealed

– Electronics operated as normal, but also remotely captured and forwarded credit card details

– Only fortuitously discovered. America's counterintelligence chief said: "Previously only a nation state's intelligence service would have been capable of pulling off this type of operation. It's scary”.

DSTO S&T Approach

Challenge 3 assumptions concerning ICT supply chain security

– Only state-sponsored actors would have the capability

– Trojans are “always on”

– Trojans are physically detectable

Develop deep understanding of issues

– Prototype future threats and demonstrate concepts

Develop complementary countermeasures

Case Study:Network Buffer Chip

Scenario: A Nation-State with large marketpenetration modifies Ethernetnetwork cards at manufacture.

Trigger: Trojan activated by network packet activity.

Effect: Variable degradation of network performance.

Case Study:Network Buffer Chip – Prototype Exemplar

Target: Gigabit Ethernet PCI-Express network card.

Simple 8-bit MCU Hardware Trojan emulation.

Trigger attached to network activity LED:

Network Activity

Rx/Tx LED Light

Trojan Trigger Packets

6 7 8Trigger Sequence

Countermeasures

Approach

Operate safely in the presence of unknown Hardware Trojans

Combine COTS with a small amount of trustworthy hardware and logic (a trustworthy computing base (TCB))

Tradeoff between performance, size, complexity and security

Combine with smarter architectural choices

Countermeasures: the Digital Video Guard

Internet

Winner of South Australian

ICT Innovation Award 2014

DVG-enabled tablet

ENCLAVE COMPUTERS

TRUSTWORTHY COMPUTING

BASE

MLS Word support

100s of millions loc

MLS Application

Trusted OS

ComplexityTrust

Requirement

~50 thousand loc

~7 thousand loc

10 thousand loc

Medium Complexity

Circuit

Components with

billions of transistors

Untrusted

Untrusted

Trusted & Trustworthy

Trusted & Trustworthy

Trusted & Trustworthy

Trusted but Not

Trustworthy!

TCB Circuit

TCB Components - Chips

Subject of DSTO/NICTA collaboration

Countermeasures: Architectural Approach

Countermeasures: Trusted logicFragmented and Replicated Computation with Trusted Verification

Fragment processes and data

Assign to multiple homogenous or heterogeneous untrustworthy processors

No one processor has full ‘visibility’ of any process

Trusted voting function tailored to threats to Integrity, Availability and/or Confidentiality

SAFER PATH

Resilient Military Missions

23

• Cyberspace is emerging as an operational environment in its own right - ubiquitous and critical

• Existing operational concepts and doctrine are enduringly valid at a fundamental level

• Challenges face the realisation of certain technological capabilities, and analytical and decision making tradecraft

• Decision makers must determine the best course of action which achieves mission continuity in an information dense, highly dynamic and evolving environment. – Applying the appropriate context is key

– Automated analytical and decision support is critical

Military Missions within/through Cyberspace

http://www.federaltimes.co

m/article/20140922/CYBER

/309220008/IT-security-

shifts-from-prevention-

resiliency

System

Mission

Networks

Pictures

Equipment

People

Mission Assurance ‘Fight Through’

Mission D5 Effects

DevicesPictures

SystemicProtection

Systemic Effects

Computer Network Operations,Electronic Warfare

CND, EP IPSec, Encryption

Firewall, IDS, Anti-Virus

SOPS, Training, User Education, OPSEC

Malware, Trojan, Worm, Jamming.

Social Engineering, HUMINT, User Error

C2; workflow; business processes; logistics…

26

• Focuses on key concepts in context:

• Conducting R&D in concepts, tools and techniques for automated:

– Cyber domain and mission modelling/mapping

– Process Discovery: Business processes, SOPS, C2, social processes

– Behavior Patterns: MO, usage, frequency, duration, attribution

– Critical Dependencies: People, information, technologies, processes

– Vulnerability discovery: red-teaming

– Cyber analytics and decision support

System

InformationTechnologies

Processes People

Capability

MissionDSTO S&T Approach

Conclusion

Lack of cyber resilience has tactical through to strategic consequences

R&D of the science and technology needed is a strategic issue

DSTO is maximising its in-government position aided by partnerships with academia and industry

Resilient cyber systems will be those that can operate in the presence of untrustworthy ICT

Resilient military missions will be those that employ systemic cyber protection strategies and actions