multinational cyber defence capability development (mncd2) · multinational cyber defence...
TRANSCRIPT
Multinational Cyber Defence Capability Development
(MNCD2) Cyber Defence Smart Defence Projects Conference
Lisbon – 28th of April 2016
N A T O U N C L A S S I F I E D
AGENDA
1. MNCD2 background
2. Project portfolio CIICS CDSA DMCCI CSAT
3. Future developments
4. What’s in it for you?
5. Questions
S M A R T D E F E N C E?
‘It is a renewed culture of cooperation that encourages Allies to cooperate in developing, acquiring and maintaining military capabilities to undertake the Alliance’s essential core tasks agreed in the new NATO strategic concept.’
‘That means pooling and sharing capabilities, setting priorities and coordinating efforts better.’
N A T O U N C L A S S I F I E D
MNCD2 background
PARTICIPATING NATIONS:
PROJECT OFFICE:
PARTNERING:
N A T O U N C L A S S I F I E D
Synergy
Efficiency
Industry & academia
Agile
Born-interoperable
Legal framework
Investments
€ 2.591.024
2013
N A T O U N C L A S S I F I E D
Project portfolio
N A T O U N C L A S S I F I E D
•Cyber Information and Incident Coordination System
CIICS •Cyber Defence Situational Awareness
CDSA •Distributed Multi-sensor Collection and Correlation Infrastructure
DMCCI •Cyber Security Assessment Team
CSAT
Project portfolio: CIICS
N A T O U N C L A S S I F I E D
(Technical) Information Sharing: 1. Ticketing incident data
2. Threat, vulnerability, other CD data
STAND-ALONE & FEDERATED
IMPL
EMEN
TATI
ON
PLANN
ED
PLANN
ED
TBD
Obtain a license? [email protected]
Project portfolio: CDSA
• New missions & priorities
• Constant change
• Constant attack
• Cascading dependencies
• Conflicting information
• Limited resources
N A T O U N C L A S S I F I E D
Project portfolio: CDSA
Requirements gathering and use case prioritization
(2013-2014)
Request for Information; conference;
selection (2015)
Pre-contract testing
(Jan-May 2016)
Tailoring and high-fidelity
demonstration (May-Nov 2016)
Implementation recommendations; Virtual machines
for testing (Jan 2017)
1 Raytheon 2 HP ES 3 Deloitte 4 IBM 5 Thales 6 TeraMach Technologies 7 General Dynamics 8 BT Security 9 RSA 10 Codenomicon 11 Oracle 12 Solana Networks inc. 13 SMT 14 Secure Decisions 15 RHEA 16 Compusult 17 Northrop Grumman MNCD2 CIICS Mitre Corporation
RFI responses
1 Raytheon 2 HP ES 3 Deloitte 4 IBM 5 Thales 6 General Dynamics 7 BT Security 8 RSA 9 Codenomicon 10 Oracle 11 Solana Networks inc. 12 SMT 13 Northrop Grumman MNCD2 CIICS Mitre Corporation
Conference
1 Raytheon 2 HP ES 3 Deloitte 4 IBM 5 General Dynamics 6 BT Security 7 RSA
Shortlist
1 Raytheon (Forcepoint) 2 HP ES 3 General Dynamics 4 RSA
Readiness testing
N A T O U N C L A S S I F I E D
Project portfolio: DMCCI
N A T O U N C L A S S I F I E D
’… any mechanism that gives deeper insight into the unusual, abnormal and potentially malicious in an organization would be a great addition to the arsenal of tools available ...’
STORAGE
PARSING
CORRELATION
Project portfolio: CSAT
N A T O U N C L A S S I F I E D
CSAT Concept
Independent assessment
Assess overall effectiveness of security measures
Testing of Operational CIS
Demonstrate mission impacts through cyber domain
Provide mission assurance to stakeholders and senior decision makers
Improve the ability of users and operators to detect and respond to cyber attacks
Goals and objectives
Governance
Emulated threats
Assessment activities
Assessment lifecycle
Overarching concept
CSAT ConOps
CORE ConOps Implementation
Organizational structure &
staffing
Facilities & equipment
Documentation
Services
Organizational structure &
staffing
Facilities & equipment
Documentation
Implementation options
Implementation plan
Business case
New capabilities?
CD Moving Target
Principle Honey Tokens
Semi Automated Response
Open source Quick
Scanning CENSYS
High-level Reference
Architecture
Deception Networks
Recognized Cyber
Picture
Vulnerability Handling
Tools
SCADA Supervisor
Detection through Big Data
CyberViz
Online Forensics Analysis
Malware Analysis
Tools
Formatting &
IERs
AI Integration
to Detection
Tactical C2
Cyber tools
Overarching Concept/
TTPs for CD
Valid hash integration
CMDBs
Multi-level monitoring & logging
N A T O U N C L A S S I F I E D
What’s in it for you?
N A T O U N C L A S S I F I E D
• In-depth information • Licensed use (CIICS)
• Adopt results (CDSA)
• Share the other way around
Questions
N A T O U N C L A S S I F I E D
Management structure
N A T O U N C L A S S I F I E D