© 2014 IBM Corporation

Smarter Security for Systems of

Engagement

V5; 4 Sep 14

John Palfreyman, IBM

© 2014 IBM Corporation

Agenda

2

Systems of Engagement

Cyber Security Implications

Cyber Security Risk Mitigation

Future Perspective

© 2014 IBM Corporation

Smarter Defence

3

Ever increasing range of sensors Volume, velocity, variety Military collectors & open source

Agility & mobility Highly connected systems – blurred edges Collaboration across coalitions

From data to actionable intelligence From reactive to proactive Whole lifecycle system optimisation

Instrumented

Interconnected

Intelligent

Information Superiority through Leveraging Technology

© 2014 IBM Corporation

Cloud

Drivers Mission speed and agility New business models – alternatives to escalating CAPEX

Sample Use Cases Back office functions (HR, CRM, SCM) as a service Predictive and analytics functions (e.g. for smart procurement) as a service

4

© 2014 IBM Corporation

Mobile

Drivers Inherently mobile deployments Mission agility and flexibility Rate of change of commercial

technology

Sample Use Cases Mobile Intelligence capture, with

workflow management Education in theatre Improved logistics operations

5

© 2014 IBM Corporation

Big Data / Analytics

Drivers Masses of sensor data available

to modern military Need for intelligence to help make

operations “smarter” Increasing proportion of

“unreliable” data

Sample Use Cases Analysis of enemy networks

based on their Social Media usage

Adaptive sensor data processing at speed

Predictive operations based on historical mission data analysis & sensor data

6

© 2014 IBM Corporation

Social Business

Drivers Use of Social Channels by

adversary New recruitment approach /

increased reservist numbers Personnel rotation

Sample Use Cases Terrorism detection,

investigation & prevention Knowledge capture and

dissemination Recruitment, rapid onboarding

& retention of key staff

7

© 2014 IBM Corporation

Systems of Engagement

8

Collaborative Interaction oriented User centric Unpredictable Dynamic

Social Business

Mobile

Big Data / Analytics

Cloud

© 2014 IBM Corporation

Case Study – Major European Air Force

Business Challenge

• Support Organisational Transformation

• HQ Task Distribution

• Senior Staff demanding Mobile Access

IBM Solution

• IBM Connections (including Mobile App)

• MS Sharepoint Integration (Doc Management)

• MaaS 360 based Tablet Security

Benefits

• Improved work efficiency

• Consistent & timely information access

• Secure MODERN tablet

9

© 2014 IBM Corporation

Section Summary

10

1. Cloud, Big Data / Analytics, Social Business & Mobile are all relevant to, and increasingly used by the military

2. Most value accrues at the points of intersection – Systems of Engagement

3. Systems of Engagement can underpin military transformation, enhancing information superiority

© 2014 IBM Corporation

Agenda

11

Systems of Engagement

Cyber Security Implications

Cyber Security Risk Mitigation

Future Perspective

© 2014 IBM Corporation

IBM’s Definition . . .

Cyber Security /–n 1. the protection of an organisation and its assets from electronic attack to minimise the risk of business disruption.

12

© 2014 IBM Corporation

The Millennial Generation . . .

13

Expect: to embrace technology for

improved productivity and simplicity in their personal lives

tools that seem made for and by them

freedom of choice, embracing change and innovation

Innovate in a new way: Actively involve a large user

population Work at Internet Scale and Speed Discover the points of value via

iteration Engage the Millennial generation

© 2014 IBM Corporation

Smart Phones (& Tablets) . . .

14

Used in the same way as a personal computer Ever increasing functionality (app store culture) . . . . . . and more accessible architectures Offer “anywhere” banking, social media, e-mail . . . Include non-PC (!) features Context, MMS, TXT Emergence of authentication devices

© 2014 IBM Corporation

. . . are harder to defend . . .

15

Anti-virus software missing, or inadequate

Encryption / decryption drains the battery

Battery life is always a challenge Most users disable security features Stolen or “found” devices information

– and very easy to loose Malware, mobile spyware, account

impersonation Need to extend password, encryption

policies Extends set of attack vectors

© 2014 IBM Corporation

. . . and now mainstream.

16

Bring-your-own device expected

Securing corporate data Additional complexities Purpose-specific endpoints Device Management

© 2014 IBM Corporation

Social Media – Lifestyle Centric Computing

17 www.theconversationprism.com

Different ChannelsWeb centricConversationalPersonalOpenExplosive growth

© 2014 IBM Corporation

Social Business – Relevance for Defence

18

Driver How social business can help . . .

Coalition operations the norm

Find and connect with experts other coalition membersDemonstrate clear coalition value to stakeholders

Budgetary pressures Improved efficiencies through use of social media platformDevelop critical skills by virtual training

Ever more complex missions

Tap into mission expertise and lessons learntUse jams, blogs & wikis to solve problems

Cyber security threat Secure hosted social media platformAnalysis of threat social media activity

Technology driven change Promote technology usage through blogs, jamsInformation & education on mission value of technology

Unknown asymmetric threat

Supplement intelligence on threat by monitoring social media usageCollaborate cross department on specific threats

© 2014 IBM Corporation

Internal Amnesia, External Ignorance – Case Study

19

Client’s Challenges• Silo’d Organisation• Lack of Consistent Methodology• External Ignorance• Internal AmnesiaMonitor bad guys • Early Warning of events / incident• Information to CommanderAlternatives to• Workflow Centric Analysis• Traditional Intelligence SourcesIBM Solution• IBM Connections• Analysis Software• GBS Integration & Configuration

© 2014 IBM Corporation

Social Media - Special Security Challenges

Too much information Online impersonation Trust / Social

Engineering / PSYOP Targeting

20

Source: Digital Shadows, Sophos, Facebook

© 2014 IBM Corporation

Section Summary

21

1. Social Business and Mobile are underpinning organisational transformation

2. Millennial Generation expect technologies in the workplace

3. Introduce new vulnerabilities – understand to contain

© 2014 IBM Corporation

Agenda

22

Systems of Engagement

Cyber Security Implications

Cyber Security Risk Mitigation

Future Perspective

© 2014 IBM Corporation

Balance

Technical Mitigation Better firewalls Improved anti-virus Advanced Crypto

23

People Mitigation Leadership Education Culture Process

© 2014 IBM Corporation

Risk Management Approach

24

Monitor threats Understand (your) systems Assess Impact & Probability Design containment mechanisms Don’t expect perfect defences Containment & quarantine planning Learn & improve

Maturity-based approach

Proactive

Aut

omat

edM

anua

l

Reactive

Proficient

Basic

Optimized

Securityintelligence

© 2014 IBM Corporation

Securing a Mobile Device

Device Security

• Enrolment & access control

• Security Policy enforcement

• Secure data container

• Remote wipe

Transaction Security

• Allow transactions on individual basis

• Device monitoring & event detection

• Sever based risk engine – allow,

restrict, flag for review

Software & Application

• Endpoint management – software

• Application: secure by design

• Application scanning for vulnerabilities

Access Control

• Enforce access policies

• Approved devices and users

• Context aware authorisation

25

© 2014 IBM Corporation

Secure, Social Business

26

Leadership

• More senior, most impact

• Important to leader, important to all

• Setting “tone” for culture

Culture

• Everyone knows importance AND risk

• Full but SAFEusage

• Mentoring

Process

• What’s allowed, what’s not

• Internal & external usage

• Smart, real time black listing

Education

• Online education (benefits, risks)

• Annual recertification

• For all, at all levels

© 2014 IBM Corporation

Security Intelligence & Big Data / Analytics

* Truthfulness, accuracy or precision, correctness

Volume Velocity Veracity*Variety

Data at Rest

Terabytes to exabytes of

existing data to process

Data in Motion

Streaming data, milliseconds to

seconds to respond

Data in Many Forms

Structured, unstructured, text,

multimedia

Data in Doubt

Uncertainty due to data inconsistency& incompleteness,

ambiguities, latency, deception, model approximations

© 2014 IBM Corporation

Data ingest

Insights

IBM Security QRadar• Hadoop-based• Enterprise-grade• Any data / volume• Data mining• Ad hoc analytics

• Data collection and enrichment

• Event correlation• Real-time analytics• Offense prioritization

Big Data Platform

Custom AnalyticsAdvanced Threat Detection

Traditional data sources

IBM InfoSphere BigInsights

Non-traditional

Security Intelligence Platform

Integrated Approach

© 2014 IBM Corporation

Section Summary

29

1. Containment is possible with correct approach

2. Need for a business / mission based (not technology) viewpoint

3. Holistic, balanced, risk centric approach

© 2014 IBM Corporation

Agenda

30

Systems of Engagement

Cyber Security Implications

Cyber Security Risk Mitigation

Future Perspective

© 2014 IBM Corporation

Systems of Insight

31

© 2014 IBM Corporation

Generation 3 Cloud Challenges . . .

32

Static, Perimeter Controls

Cloud 1.0 Cloud 2.0

Cloud 3.0

Static Perimeter controls

Reactive, Defence in Depth

Adaptive, Contextual Security

Attackers exploit platform shifts to launch new attacks on

high value workloads and

data

Challenge 1 Challenge 2 Challenge 3

Fragmented and complex security controls

Sophisticated threats and attackers

Increased attack surface due to agile and composable systems

© 2014 IBM Corporation

Contextual, Adaptive Security

33

Monitorand Distill

Correlate and Predict

Adapt and Pre-empt

Security 3.0

Risk Prediction and Defence Planning

Encompassing event correlation, risk prediction,

business impact assessment and defensive

strategy formulation

Multi-level monitoring &big data analytics

Ranging from Active, in device to passive monitoring

Adaptive and optimized response

Adapt network architecture, access protocols / privileges to maximize attacker

workload

© 2014 IBM Corporation

Cyber Security – Fitness for Purpose?

1. Are you ready to respond to a security incident and quickly remediate?

2. Do you have the visibility and analytics needed to monitor threats?

3. Do you know where your corporate crown jewels are and are they adequately protected?

4. Can you manage your endpoints from servers to mobile devices and control network access?

5. Do you build security in and continuously test all critical web/mobile applications?

6. Can you automatically manage and limit the identities and access of your employees, partners and vendors to your enterprise?

7. Do you have a risk aware culture and management system that can ensure compliance?

34

Maturity-based approach

Proactive

Aut

omat

edM

anua

l

Reactive

Proficient

Basic

Optimized

Securityintelligence

© 2014 IBM Corporation

Section Summary

35

1. Systems of Insight further extend business / mission value

2. Delivered on (secure) “generation 3” Cloud

3. Cyber Security must be designed in, evolving

© 2014 IBM Corporation

Summary

36

1. Systems of Engagement (& Insight) help military transform, maintain information advantage

2. Social Business & Mobile drive much value, but new vulnerabilities need to be understood to be mitigated

3. Cyber security approach needs to be balanced, risk management based and “designed in”.

© 2014 IBM Corporation

Thanks!John Palfreyman

2dsegma@uk.ibm.com