11/03/2016.

Slides:

Advertisements

Similar presentations

Marc Grégoire, DRDC Ottawa Luc Beaudoin, Bologik Inc.

Advertisements

Microsoft ® System Center Configuration Manager 2007 R3 and Forefront ® Endpoint Protection Infrastructure Planning and Design Published: October 2008.

GAMMA Overview. Key Data Grant Agreement n° Starting date: 1 st September 2013 Duration: 48 months (end date 31 st August 2017) Total Budget:

SAFE Blueprint and the Security Ecosystem. 2 Chapter Topics  SAFE Blueprint Overview  Achieving the Balance  Defining Customer Expectations  Design.

ITIL: Service Transition

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Security Controls – What Works

Trusted Internet Connections. Background Pervasive and sustained cyber attacks against the United States continue to pose a potentially devastating impact.

8 Managing Risk Teaching Strategies

Demonstrating IT Relevance to Business Aligning IT and Business Goals with On Demand Automation Solutions Robert LeBlanc General Manager Tivoli Software.

CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,

Introduction to Network Defense

Computer Associates Solutions Managing eBusiness Catalin Matei, April 12, 2005

Capability Cliff Notes Series HPP Capability 1—Healthcare System Preparedness What Is It And How Will We Measure It?

SEC835 Database and Web application security Information Security Architecture.

1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.

BA 378: Accounting Information Systems Instructor: Dr. James R. Coakley.

Operational Capability: An underlying simplification of a data encoding standard has been developing over the past decade and is being demonstrated in.

“Assuring Reliable and Secure IT Services”. IT Redundancy: Its Value How much reliability to buy? Customer Service impacted as a result of 15 minutes.

Slide 1 Using Models Introduced in ISA-d Standard: Security of Industrial Automation and Control Systems (IACS) Rahul Bhojani ISA SP99 WG4 Meeting.

NIST Special Publication Revision 1

Certification and Accreditation CS Phase-1: Definition Atif Sultanuddin Raja Chawat Raja Chawat.

© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Confidential. For Channel Partners only. Do not distribute. C

1 Smart Grid Cyber Security Annabelle Lee Senior Cyber Security Strategist Computer Security Division National Institute of Standards and Technology June.

Service Level Agreements Service Level Statements NO YES The process of negotiating and defining the levels of user service (service levels) required.

1 Accounting systems design & evaluation Karen Lau 25 Feb 2002.

Security Snapshot Assessment Maximizing Return on Security Investment What assets do we have? What is running on those assets? What is our risk level?

Urban Infrastructure and Its Protection Responding to the Unexpected Interest Group Report.

IS3220 Information Technology Infrastructure Security

Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011.

Keynote 9: Cyber Security in Emerging C4I Systems: Deployment and Implementation Perspectives By Eric J. Eifert, Sr. VP of DarkMatter’s Managed Security.

Security and Resilience Pat Looney Brookhaven National Laboratory April 2016.

Dr. Gerry Firmansyah CID Business Continuity and Disaster Recovery Planning for IT (W-XIV)

INF526: Secure Systems Administration Student Presentations And Review for Final Prof. Clifford Neuman Lecture July 2016 OHE100C.

Headquarters U.S. Air Force

Proactive Incident Response

REMOTE MANAGEMENT OF SYSTEM

Proposed Updates to the Framework for Improving Critical Infrastructure Cybersecurity (Draft Version 1.1) March 2017

ITIL: Service Transition

Deployment Planning Services

Information Security Program

Cybersecurity - What’s Next? June 2017

CIM Modeling for E&U - (Short Version)

Rootkit Detection and Mitigation

8 Managing Risk (Premium).

Cyber Resilient Energy Delivery Consortium

CHAPTER11 Project Risk Management

Software Requirements

Instantiation of the Concept in GAMMA Prototypes

RESEARCH, EDUCATION, AND TRAINING FOR THE SMART GRID

Cyber defense management

Building a Security Operations Center

11/17/2018 9:32 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.

Hazard and Vulnerability Assessment

Shifting from “Incident” to “Continuous” Response

Cyber System-Centric Approach To Cyber Security and CIP

Specification of Countermeasures for CYRAIL

Jigar.B.Katariya (08291A0531) E.Mahesh (08291A0542)

How to Mitigate the Consequences What are the Countermeasures?

Security Management Platform

What are the Resilience Mechanisms? Hugo Pereira Evoleo Technologies

Cybersecurity ATD technical

Work Programme 2012 COOPERATION Theme 6 Environment (including climate change) Challenge 6.4 Protecting citizens from environmental hazards European.

Matteo Merialdo RHEA Group Innovative aspects in cyber range solutions.

Cyber Security in a Risk Management Framework

Counter APT Counter APT HUNT operations combine best of breed endpoint detection response technology with an experienced cadre of cybersecurity experts.

IT Management Services Infrastructure Services

MODULE 11: Creating a TSMO Program Plan

CMGT/431 INFORMATION SYSTEMS SECURITY The Latest Version // uopcourse.com

CMGT 431 CMGT431 cmgt 431 cmgt431 Entire Course // uopstudy.com

Presentation transcript:

11/03/2016

PANOPTESEC Critical infrastructure protection and cyber response management Continuous cyber monitoring and response capability Prevent, detect, manage and respond to cyber vulnerabilities and incidents

Consortium Participants

MAPE-K cycle for continuous cyber security management Automated support for cyber vulnerability, incident detection and response management MONITOR for cyber vulnerabilities and incidents ANALYZE cyber risks and operational impacts PLAN and prioritize mitigation actions through response modeling EXECUTE mitigation actions through policy-based deployment Knowledge-base contains all raw and processed information State-of-the-art weaknesses addressed by PANOPTESEC: Complex multi-source correlations (Monitor) Operational/financial impact evaluation (Analyze) Automated decision support (Planning) Closed loop process to deployment (Execute) MAPE-K based on “An architectural blueprint for autonomic computing “, IBM, 2003.

Architecture Automated support for cyber vulnerability and incident detection and response management MONITOR: Data collection and correlation system ANALYZE: Attack and risk modeling PLAN: Response modeling EXECUTE: Policy deployment Knowledge base supporting entire cycle

PANOPTESEC General Approach Operational use of “Dynamic Risk Approaches (DRA) for Automated Cyber Defence” Address constantly evolving state of the operations, systems and threat Accurately assess the risk (impact, likelihood) Provide continuous monitoring Proactive Response System (Strategic Response) Focus on potential attack paths to high priority systems Response optimization to minimize operational impact and financial costs Reactive Response System (Tactical Response) Focus on blocking or preventing spread of ongoing attacks Rapid response through automation

Functional concept (continuous proactive chain) Analyze: Perform security analysis of collected information to: Generate the Attack Graph from hypothetical source to critical supporting assets Quantify risk to critical supporting assets Plan: Conduct automated decision support analysis to: Identify potential response plans to reduce risk Evaluate response plans against business/mission and financial impact Propose prioritized response plans Monitor: Collect network and security relevant information from diverse data sources and build the following correlated information Network Inventory Vulnerability inventory Mission Graph (identifies critical supporting assets) Network and system dependency model (from real-time flow data) Reachability matrix Execute: Prepare and issue selected response plans: Response plans may consist of several mitigation actions Defined according to acceptable policies Formatted for connected deployment capability Knowledge Base: Provides access to relevant data at different levels of detail/abstraction Contains all raw data collected by the system Contains current and historical results of analytic processes

Functional concept (continuous reactive chain) Analyze: Perform security analysis of collected information to: Localize incidents on Attack Graphs Quantify risk to critical supporting assets Plan: Conduct automated decision support analysis to: Identify potential response plans to reduce risk Evaluate response plans against business/mission and financial impact Propose prioritized response plans Monitor: Augment proactive data with real-time (reactive) incident data: Network events Intrusion events Execute: Prepare and issue selected response plans: Response plans may consist of several mitigation actions Defined according to acceptable policies Formatted for connected deployment capability Knowledge Base: Provides access to relevant data at different levels of detail/abstraction Contains all raw data collected by the system Contains current and historical results of analytic processes

PANOPTESEC Mission Impact and Dependency Model Device dependent Business/Mission Functions, Processes and Companies illustrated with weighted dependency links Provides capability for prioritized security response plans based on business impact Analysis of mission impact due to ‘shock events’ Shock events include Impact of known vulnerabilities Impact of incidents Impact of proposed response plans

Advanced visual interface Mission impact analysis Threat-risk quantification Geographic display of risk by affected region Prioritized course of action tables Operator options for course of action selection Tailored views through versatile layering

Operator(s) Interface Vulnerability view Attack and response view Network and Mission view High Level Management view Operator view(s) Component data sources

Vulnerability view

Attack and response view Vulnerability view demo (Synthetic dat

High Level Management demo

Modularized architecture OSGi based integration framework Component Composition and Service Integration layers deliver a modular architecture Loosely coupled modules support diverse options deployment as both self contained system and distributed environments Based on Open Source widely used frameworks

PANOPTESEC Simulation Environment The Simulation Environment (Sim-Env) has been created by RHEA within Work Package 7 starting from ACEA Distribution Energy environment, using the resources of the Disaster Recovery site. The Disaster Recovery systems used are real operational systems in 'cold standby' mode. These are then augmented by real (standby and test) equipment with virtual clones in order to 'emulate' the scale of the operational environment. The Sim-Env for PANOPTESEC Project is composed of several logical blocks, described below: Emulation Environment: it represents the “monitored system” from the PANOPTESEC System point of view and it is composed of real physical devices, virtualized clone of real devices, virtualized devices with the same role as the real devices, in order to have the greater affinity with real production environment. Developing Environment: it represents the environment, composed of several virtual machines, for PANOPTESEC System development. It is composed of VMs used by partners for module development and dedicated VMs for PANOPTESEC integration steps in order to create a PANOPTESEC prototype. Sim-Env Management Network: it represents the management network to control the hardware and software technologies (e.g. IaaS, VM Hypervisors, switches, etc.) used to build, control and share the Simulation Environment. Partners Portal for Panoptesec Project Development and Testing: it represents the technologies used to give access to the partner developers on VMs assigned to them inside the Simulation Environment. PANOPTESEC Demo Environment: it represents several VMs dedicated to Demonstrate the PANOPTESEC Project.

Project Status and Ongoing Activity Version 2 component prototypes delivered October 2015 Ongoing experimentation and test Pre-integration complete for both Proactive and Reactive response chains Integration prototypes development ongoing Target delivery planned April 2016 Start formal System Integration and Test activities Planned operational workshop – October 2016 Hosted by ACEA, Rome, Italy Demonstration on PANOPTESEC Cyber Emulation Environment Wide and open attendance desired Not limited to Critical Infrastructure markets

Additional information The PANOPTESEC project is sponsored in part by the European Commission, Seventh Framework Programme, DG Connect, Project number 610416 The following PANOPTESEC documents are publically available at www.panoptesec.eu Operational requirements document System high level design Data collection and correlation requirements Response system for Dynamic Risk Management Requirements Visualization Component Requirements For additional information please contact: m.merialdo@rheagroup.com or d.wiemer@rheagroup.com

The PANOPTESEC Data Flow: Proactive View Visualization Policy Deployer SRD MIM Emulation Environment AGG_TRQ NDA NIP VIP RMC Persistency Manager

The PANOPTESEC Data Flow: Proactive View Visualization Policy Deployer SRD MIM Emulation Environment AGG_TRQ NDA NIP VIP RMC Persistency Manager

The PANOPTESEC Data Flow: Proactive View Visualization Policy Deployer SRD MIM Emulation Environment AGG_TRQ NDA NIP VIP RMC Persistency Manager

The PANOPTESEC Data Flow: Proactive View Visualization Policy Deployer SRD MIM Emulation Environment AGG_TRQ NDA NIP VIP RMC Persistency Manager

The PANOPTESEC Data Flow: Proactive View Visualization Policy Deployer SRD MIM Emulation Environment AGG_TRQ NDA NIP VIP RMC Persistency Manager

The PANOPTESEC Data Flow: Proactive View Visualization Policy Deployer SRD MIM Emulation Environment AGG_TRQ NDA NIP VIP RMC Persistency Manager

The PANOPTESEC Data Flow: Proactive View Visualization Policy Deployer SRD MIM Emulation Environment AGG_TRQ NDA NIP VIP RMC Persistency Manager

The PANOPTESEC Data Flow: Proactive View Visualization Policy Deployer SRD MIM Emulation Environment AGG_TRQ NDA NIP VIP RMC Persistency Manager

The PANOPTESEC Data Flow: Proactive View Visualization Policy Deployer SRD MIM Emulation Environment AGG_TRQ NDA NIP VIP RMC Persistency Manager

The PANOPTESEC Data Flow: Proactive View Visualization Policy Deployer SRD MIM Emulation Environment AGG_TRQ NDA NIP VIP RMC Persistency Manager

The PANOPTESEC Data Flow: Reactive View Policy Deployer Visualization MIM TRD Emulation Environment LLC HOC-ABE HOC-QBE NIP VIP RMC AGG_TRQ Persistency Manager

The PANOPTESEC Data Flow: Reactive View Policy Deployer Visualization MIM TRD Emulation Environment LLC HOC-ABE HOC-QBE NIP VIP RMC AGG_TRQ Persistency Manager

The PANOPTESEC Data Flow: Reactive View Policy Deployer Visualization MIM TRD Emulation Environment LLC HOC-ABE HOC-QBE NIP VIP RMC AGG_TRQ Persistency Manager

The PANOPTESEC Data Flow: Reactive View Policy Deployer Visualization MIM TRD Emulation Environment LLC HOC-ABE HOC-QBE NIP VIP RMC AGG_TRQ Persistency Manager

The PANOPTESEC Data Flow: Reactive View Policy Deployer Visualization MIM TRD Emulation Environment LLC HOC-ABE HOC-QBE NIP VIP RMC AGG_TRQ Persistency Manager

The PANOPTESEC Data Flow: Reactive View Policy Deployer Visualization MIM TRD Emulation Environment LLC HOC-ABE HOC-QBE NIP VIP RMC AGG_TRQ Persistency Manager

The PANOPTESEC Data Flow: Reactive View Policy Deployer Visualization MIM TRD Emulation Environment LLC HOC-ABE HOC-QBE NIP VIP RMC AGG_TRQ Persistency Manager

The PANOPTESEC Data Flow: Reactive View Policy Deployer Visualization MIM TRD Emulation Environment LLC HOC-ABE HOC-QBE NIP VIP RMC AGG_TRQ Persistency Manager