pmw 130 information assurance and cybersecurity program office · cybersecurity program office 25...
TRANSCRIPT
Integrated Information Warfare for the
21st CenturyPEOC4I.NAVY.MIL
Program Executive OfficeCommand, Control, Communications, Computers and Intelligence (PEO C4I)
NDIA San Diego Fall Industry EventPMW 130 Information Assurance and Cybersecurity Program Office
25 October 2017
DISTRIBUTION STATEMENT A: Approved for public release, distribution is unlimited (18 OCTOBER 2017)
Anatomy of an Attack
Exploit / Attack to Achieve
Objective
Objective / Resources
Scanning / Enumeration
Identify Vulnerabilities
Create Foothold
Multiple Footholds /
Multiple Paths
Gain Root Access
Obfuscate Presence
4321 65 7 8
Motive Discover PenetrateProbe Escalate Persist ExecuteExpand
DO
DIN
Per
imet
er D
efen
ses
Dem
ilitar
ized
Zon
e
Inte
rnal
Bou
ndar
y D
efen
ses
Cor
e S
yste
m D
efen
ses
Man
agem
ent
Net
wor
k D
efen
se
Cyb
er S
A D
efen
sive
Ope
ratio
ns
Exte
rnal
Bou
ndar
y D
efen
ses
Protect Detect
MonitorAnalyze
Respond
Defense in Depth
3Source: Steve King, Some Positive News for 2016
Program Overview
• Cryptography and Key Management: Acquire, install, and provide life cycle support for end cryptographic units for Navy, Marine Corps, and Coast Guard platforms
Data and Voice Cryptography (Modernization and Legacy)
Key Management (Electronic Key Management System (EKMS) and Key Management Infrastructure (KMI), Key Loaders)
Public Key Infrastructure (PKI)
Crypto & Key Management
4
Program Overview
• Protects against, monitors, analyzes, detects, and responds to unauthorized activity within Navy tactical networks and attacks against computer-network vulnerabilities, cyber threats, and critical assets
• CapabilitiesShore: Firewalls, host IPS/FW/Anti-virus, network IDS/IPS, event logging, security compliance scanning and assessment, spyware/malware & anti-virus protection, email scanning gateway, VPNs, web content filtering, cross-domain solution, data-at-rest encryption, identity management and smart card logon (PKI)
Afloat: Host IPS/FW/Anti-virus, security compliance scanning and assessment, identity management and smart card logon (PKI), cross-domain solution, data-at-rest encryption
Network Security
5
Threat Trends
1. Socially engineered malware2. Password phishing attacks3. Unpatched software4. Social media threats5. Advanced persistent threats6. Insider Threat
Most Likely Cyber Attacks
6Sources: CSO Online, The 5 cyber attacks you're most likely to face, 21 Aug 17Carnegie Mellon University, Common Sense Guide to Mitigating Insider Threats, Fifth Edition
Threat Trends
• More advanced malwareinstallers / trojans
• Script-based malwarealso a growth area
JavaScript & PowerShellEasier obfuscation
• Government is still theprimary target
New Malware on the Rise
7Source: September 2017 McAfee Labs Threat Report
Industry Trends
• Cloud servicesPotential for better security and availabilityImplementation has to be coordinated
• Internet of ThingsPoor manufacturer security / patching supportCommonly used to launch remote distributed attacksAlso used as a pivot point to enter networks(e.g. Las Vegas casino fish tank = data exfiltration)
Changing the Infrastructure
8Sources: SANS Institute, Cyber Security Trends: Aiming Ahead of the Target to Increase Security in 2017; Forbes, Criminals Hacked A Fish Tank To Steal Data From A Casino, July 27, 2017
DevOps Production
Management &
Control Systems
• Development• DT/OT/Integration type
testing• RMF• System Check out/Prep
for install• Data Scrub• M&S - Analysis
• Data collection• Systems interface mgmt• Cloud mgmt• Configuration
mgmt/controls• Access controls• Security controls• Others
• User access to applications and services
• Helpdesk• User interface –
GUI/HSI
Future Technical Construct
9
• Information Fusion• Threats• Vulnerabilities• Cyber weather
• Data Standardization • Modeling & Simulation
(M&S - Analytics)
• Active Detection/ Monitoring• Intelligent Security
Orchestration• Smart Responses
• Information Presentation
• Information Sharing• Battlespace
Management
• Defend at the speed of cyber• Remove the Sailor from the cyber defense decision loop or make
it easier for them to use what is deployed
Cyber DefenseAutomated
Cybersecurity Decision Support
Intelligent Cyber Information
Shared Cybersecurity Battlespace Situational
Awareness
Rapid Response Data Construct
Next Generation Cyber Defense
Networked Sensor Systems
Approaching Advanced Defense
10
PMW 130 Industry Engagement
• PMW 130 is working with DIUx to accelerate capability prototyping and deployment
• Defense Innovation Unit Experimental (DIUx), a DoD entity primarily based in Mountain View, CA (outpost in Washington D.C.; Austin, TX; Boston, MA) develops new partnerships with the private sector and many other innovation hubs to put commercial-based innovation in the hands of America's soldiers, sailors, airmen, and marines.
DIUx
11
PMW 130 Industry Partnerships
12
PMW 130 teamed with Industry to support the Navy and PEO C4I’s Cybersecurity mission
Contract/Task Number SPAWAR HQ Contract Title Contractor(Prime)
Contract Type
Ceiling Amount POP
N00039-17-F3012 PMW 130/160Installation Support ANSOL CPFF $5,480,397 10/1/2017 - 9/30/2022
N00178-14-D-8006-NS01 PMW 120/130Financial Support Services
Artemis Consulting CPFF $13,122,450 6/1/2014 - 5/31/2019
TBDPMW 130KGV-11M Crypto Mod Development/Production
TBD TBD TBD Expected award =Q3FY18
N00178-04-D-4024-NS41PMW 130Information Assurance, PM, & Technical Support
Booz Allen Hamilton CPFF $65,763,728 10/1/2012 – 2/28/2018
Note: blue rows indicate small business set-aside
Visit us at www.peoc4i.navy.mil
We Deliver Information Warfare Capabilities to the
Fleet.