Integrated Information Warfare for the

21st CenturyPEOC4I.NAVY.MIL

Program Executive OfficeCommand, Control, Communications, Computers and Intelligence (PEO C4I)

NDIA San Diego Fall Industry EventPMW 130 Information Assurance and Cybersecurity Program Office

25 October 2017

DISTRIBUTION STATEMENT A: Approved for public release, distribution is unlimited (18 OCTOBER 2017)

Anatomy of an Attack

Exploit / Attack to Achieve

Objective

Objective / Resources

Scanning / Enumeration

Identify Vulnerabilities

Create Foothold

Multiple Footholds /

Multiple Paths

Gain Root Access

Obfuscate Presence

4321 65 7 8

Motive Discover PenetrateProbe Escalate Persist ExecuteExpand

DO

DIN

Per

imet

er D

efen

ses

Dem

ilitar

ized

Zon

e

Inte

rnal

Bou

ndar

y D

efen

ses

Cor

e S

yste

m D

efen

ses

Man

agem

ent

Net

wor

k D

efen

se

Cyb

er S

A D

efen

sive

Ope

ratio

ns

Exte

rnal

Bou

ndar

y D

efen

ses

Protect Detect

MonitorAnalyze

Respond

Defense in Depth

3Source: Steve King, Some Positive News for 2016

Program Overview

• Cryptography and Key Management: Acquire, install, and provide life cycle support for end cryptographic units for Navy, Marine Corps, and Coast Guard platforms

Data and Voice Cryptography (Modernization and Legacy)

Key Management (Electronic Key Management System (EKMS) and Key Management Infrastructure (KMI), Key Loaders)

Public Key Infrastructure (PKI)

Crypto & Key Management

4

Program Overview

• Protects against, monitors, analyzes, detects, and responds to unauthorized activity within Navy tactical networks and attacks against computer-network vulnerabilities, cyber threats, and critical assets

• CapabilitiesShore: Firewalls, host IPS/FW/Anti-virus, network IDS/IPS, event logging, security compliance scanning and assessment, spyware/malware & anti-virus protection, email scanning gateway, VPNs, web content filtering, cross-domain solution, data-at-rest encryption, identity management and smart card logon (PKI)

Afloat: Host IPS/FW/Anti-virus, security compliance scanning and assessment, identity management and smart card logon (PKI), cross-domain solution, data-at-rest encryption

Network Security

5

Threat Trends

1. Socially engineered malware2. Password phishing attacks3. Unpatched software4. Social media threats5. Advanced persistent threats6. Insider Threat

Most Likely Cyber Attacks

6Sources: CSO Online, The 5 cyber attacks you're most likely to face, 21 Aug 17Carnegie Mellon University, Common Sense Guide to Mitigating Insider Threats, Fifth Edition

Threat Trends

• More advanced malwareinstallers / trojans

• Script-based malwarealso a growth area

JavaScript & PowerShellEasier obfuscation

• Government is still theprimary target

New Malware on the Rise

7Source: September 2017 McAfee Labs Threat Report

Industry Trends

• Cloud servicesPotential for better security and availabilityImplementation has to be coordinated

• Internet of ThingsPoor manufacturer security / patching supportCommonly used to launch remote distributed attacksAlso used as a pivot point to enter networks(e.g. Las Vegas casino fish tank = data exfiltration)

Changing the Infrastructure

8Sources: SANS Institute, Cyber Security Trends: Aiming Ahead of the Target to Increase Security in 2017; Forbes, Criminals Hacked A Fish Tank To Steal Data From A Casino, July 27, 2017

DevOps Production

Management &

Control Systems

• Development• DT/OT/Integration type

testing• RMF• System Check out/Prep

for install• Data Scrub• M&S - Analysis

• Data collection• Systems interface mgmt• Cloud mgmt• Configuration

mgmt/controls• Access controls• Security controls• Others

• User access to applications and services

• Helpdesk• User interface –

GUI/HSI

Future Technical Construct

9

• Information Fusion• Threats• Vulnerabilities• Cyber weather

• Data Standardization • Modeling & Simulation

(M&S - Analytics)

• Active Detection/ Monitoring• Intelligent Security

Orchestration• Smart Responses

• Information Presentation

• Information Sharing• Battlespace

Management

• Defend at the speed of cyber• Remove the Sailor from the cyber defense decision loop or make

it easier for them to use what is deployed

Cyber DefenseAutomated

Cybersecurity Decision Support

Intelligent Cyber Information

Shared Cybersecurity Battlespace Situational

Awareness

Rapid Response Data Construct

Next Generation Cyber Defense

Networked Sensor Systems

Approaching Advanced Defense

10

PMW 130 Industry Engagement

• PMW 130 is working with DIUx to accelerate capability prototyping and deployment

• Defense Innovation Unit Experimental (DIUx), a DoD entity primarily based in Mountain View, CA (outpost in Washington D.C.; Austin, TX; Boston, MA) develops new partnerships with the private sector and many other innovation hubs to put commercial-based innovation in the hands of America's soldiers, sailors, airmen, and marines.

DIUx

11

PMW 130 Industry Partnerships

12

PMW 130 teamed with Industry to support the Navy and PEO C4I’s Cybersecurity mission

Contract/Task Number SPAWAR HQ Contract Title Contractor(Prime)

Contract Type

Ceiling Amount POP

N00039-17-F3012 PMW 130/160Installation Support ANSOL CPFF $5,480,397 10/1/2017 - 9/30/2022

N00178-14-D-8006-NS01 PMW 120/130Financial Support Services

Artemis Consulting CPFF $13,122,450 6/1/2014 - 5/31/2019

TBDPMW 130KGV-11M Crypto Mod Development/Production

TBD TBD TBD Expected award =Q3FY18

N00178-04-D-4024-NS41PMW 130Information Assurance, PM, & Technical Support

Booz Allen Hamilton CPFF $65,763,728 10/1/2012 – 2/28/2018

Note: blue rows indicate small business set-aside

Visit us at www.peoc4i.navy.mil

We Deliver Information Warfare Capabilities to the

Fleet.