Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cybersecurity for Engineers

Published byMarie-Anne Chagnon Modified over 5 years ago

Similar presentations

Presentation on theme: "Cybersecurity for Engineers"— Presentation transcript:

1 Cybersecurity for Engineers
Raymond Shanahan Day of Cyber June, 26, 2019 Cybersecurity for Engineers

2 Agenda Engineer’s Role in the National Defense Strategy (NDS)
Systems and Systems Engineering (SE) are Changing Cybersecurity Requirement/Responsibility Cybersecurity Principles Cybersecurity Risks/Issues Cyber Threat Protection Measures Systems Security Engineering (SSE) Process Overview Key Cybersecurity/Program Protection/SSE Activities Where to Start with Key Cybersecurity/Program Protection/SSE? Cybersecurity/Program Protection/SSE Across the Lifecycle Takeaways

3 Engineer’s Role in the NDS
“To keep pace with our times, the department will transition to a culture of performance and affordability that operates at the speed of relevance.  Success does not go to the country that develops a new technology first, but rather, to the one that better integrates it and more swiftly adapts its way of fighting. Our current bureaucratic processes are insufficiently responsive to the department's needs for new equipment. We will prioritize speed of delivery, continuous adaptation and frequent modular upgrades.” Remarks by Secretary James Mattis on the NDS, January 19, 2018

4 Systems and SE are Changing
Systems hardware-based; built to last; automated; standalone Heuristic-based decisions Deeply integrated architectures Hierarchical organizations Satisfying requirements Static certification Warfighting and IT systems defending against kinetic and computer network threats, respectively Systems software-based; built to evolve; learning; highly networked; composable sets of mission-focused systems Data-driven decisions Layered, modular architectures Ecosystems of partners; agile teams of teams Constant experimentation and innovation Dynamic, continuous certification Defenses required against constantly emerging threats and attack surfaces - Derived from David Long, Former INCOSE President

5 Cybersecurity Requirement/Responsibility
A requirement for all DoD programs Must be fully considered and implemented in all aspects of acquisition programs across the life cycle Acquisition activities include system concept trades, design, development, test and evaluation, production, fielding, sustainment, and disposal Responsibility extends … to every member of the acquisition workforce Starts from the earliest exploratory phases of a program Program managers, assisted by supporting organizations to the acquisition community, are responsible for the cybersecurity of their programs, systems, and information Program managers will pay particular attention to … areas where a cybersecurity breach or failure would jeopardize military technological advantage or functionality - DoDI , Enclosure 14

6 Money Hacks and Protection Measures
Rapid advance of image acquisition, processing, and printing technologies presents an ever advancing counterfeiting threat to U.S. currency as well as other products For example, Artificial Intelligence is already enabling “deepfake” images/video Deterrent measures for currency can include printed, modified substrate, composite, or electronic features providing digital encryption and chemical, thermal, optical, tactile, engineered materials, shape/elasticity, and other sensors U.S. Treasury: 1) assesses the cost-effectiveness of potential deterrent features and prioritizes them for use and 2) considers program execution risks/issues, feature-delivery phasing, and field testing requirements - Adapted from “A Path to the Next Generation of U.S. Banknotes: Keeping Them Real (2007)” System security must balance the consequence of a successful exploit against the cost-effectiveness of the planned protections

7 Cybersecurity Principles
Manage access to and use of the system and its resources Structure the system to protect and preserve its functions and resources, e.g., through segmentation, separation, isolation, or partitioning Configure the system to minimize exposure to vulnerabilities that impact the system and mission throughout the lifecycle, to include disposal Techniques include design choice, component choice, security technical implementation guides, and patch management Implement, verify, and validate risk-based system and component protection measures Anticipate, detect, and respond to security anomalies to maintain priority system functions under adverse conditions Secure the system’s internal and external interfaces Implementation must be aligned within the SE process to achieve the required cost, schedule, performance, and security of the system

8 Cybersecurity Risks/Issues
Subvertion or compromise of DoD networks, systems, support infrastructure, and employees through malicious actions Exfiltration of operational and classified data to compromise or disrupt critical DoD missions Exfiltration of intellectual property, designs, or technical documentation to weaken DoD technological and military advantage Insertion of compromised hardware, firmware, or software to disrupt or degrade system performance Reverse engineering of warfighting capabilities that have been lost, stolen, or transferred in an unauthorized manner - DoDI , Enclosure 14 In addition, there are other risks/issues, such as counterfeit/cloned products, reliability, design, or other risks/issues, that originate from an economic or other root cause, that can have an adverse security impact

9 Controller Area Network (CAN) ~ 1553 Databus
A Car Hack Think like a hacker Controller Area Network (CAN) ~ 1553 Databus Is there remote access to your system?

10 Cyber Threat Protection Measures
Information safeguarding Network protection Designed-in system protections Supply Chain Risk Management (SCRM)/component provenance/tracking Software Assurance (SwA) Hardware Assurance (HwA) Anti-counterfeit practices Anti-Tamper (AT) Defense Exportability Features (DEF) Counter-Intelligence (CI) Other program security-related activities, e.g., information security, operations security (OPSEC), personnel security, physical security, and industrial security SSE needed to integrate these risk-based protection measures - DoDI , Enclosure 14

11 Potential Protection Measures Against the Car Hack
What could have been done: Isolate wireless network from the single CAN Bus or have firewall / IDS that does not allow commands to go to other units on the CAN bus Disable gateway / enable firewall between Telematics and safety critical items Isolate safety critical functions Blacklist or whitelist IDS/IPS Encrypt messages via telematics Some systems have real-time/embedded requirements involving different considerations and components, e.q., RTOS, hypervisor, FPGA bitstream, RISC processors, etc. What are the most cost-effective protection measures for your system?

12 Where to Start with Cybersecurity/Program Protection/SSE?
Policies DoDI , Operation of the Defense Acquisition System DoDI , ENCL 14, Cybersecurity in the Defense Acquisition System DoDI , DoD Information Security Program and Protection of Sensitive Compartmented Information (SCI) and associated manuals (DoDM Vol 1-4) DoDI , Critical Program Information (CPI) Identification and Protection Within Research, Development, Test, and Evaluation (RDT&E) DoDI , Protection of Mission Critical Functions to Achieve Trusted Systems and Networks (TSN) DoDM , Instructions for Developing Security Classification Guides 1. Start with DoDI , Enclosure 14 and DAG Chapter 9 to quickly familiarize yourself with key best practices! DoDI , Distribution Statements on Technical Documents DoDD E, Anti-Tamper (AT) DoDI , Cybersecurity DoDI , Risk Management Framework (RMF) for DoD Information Technology (IT) Guidance Defense Acquisition Guidebook (DAG), Chapter 9, Program Protection DoD, Assurance of Department of Defense (DoD) Systems Security Classification Guide (SCG) (In formal coordination), October 30, 2018

13 Where to Start with Cybersecurity/Program Protection/SSE?
Training DAU ACQ 160, Program Protection Planning Awareness DAU ENG 260, Program Protection for Practitioners DAU CLE 022, Program Manager Introduction to Anti-Tamper DAU CLE 074, Cybersecurity Throughout DoD Acquisition DAU CLE 080, Supply Chain Risk Management for Information and Communications Technology DAU CLE 081, Software Assurance (SwA) Awareness DAU ISA 220, Risk Management Framework (RMF) for the Practitioner DAU WSM 015, Cybersecurity Awareness Workshop 2. Take ACQ 160 and ENG 260 for an overview of Program Protection and its methodologies 3. Contact DAU to arrange a tailored workshop

14 Where to Start with Cybersecurity/Program Protection/SSE?
Resources* DoD Acquisition Security Database (ASDB) DoD Anti-Tamper Executive Agent (ATEA)* DoD Cyber Exchange* Joint Acquisition and Protection Cell (JAPEC) Joint Federated Assurance Center (JFAC)* Trusted Systems and Networks (TSN) Roundtable DoD Defense Industrial Base (DIB) Cybersecurity (CS) Program Risk Management Framework (RMF) Knowledge Service (KS)* DoD Trusted and Assured Microelectronics (T&AM)/Microelectronics Innovation for National Security and Economic Competitiveness (MINSEC) Program 4. Consult with JAPEC, DoD Component TSN Focal Point, JFAC, and ATEA for program/ technology; SwA, HwA, and SCRM; and AT protection respectively * Additional training offered by these activities

15 Where to Start with Cybersecurity/Program Protection/SSE?
5. Categorize your system’s overall protection requirements, to include the establishment of appropriate risk-based protection levels, and baseline its protection measures Identify what tier of protection has been identified for your program and/or its technology by the JAPEC and/or the Protecting Critical Technology Task Force Using TSN and information analysis, identify the planned system assurance and cybersecurity system classification levels, respectively For weapon systems, conduct CPI and Defense Exportability analysis assuming export, allied/coalition operation, and the potential for battlefield loss and/or unauthorized transfer, and identify the planned AT level and potential export configuration(s) required Analyze the threats to, and vulnerabilities of, the system, to include the system’s interfaces Identify the baseline protection measures required for the protection levels identified and align and prioritize them for implementation based on the threat and vulnerability analysis

16 SSE Process Overview Protections identified (ID’d) and assessed in SETRs and integrated into Functional/Allocated/Product Baselines in SETRs Analyses are iteratively informing system design Results are documented in the Program Protection Plan (PPP) Program and System Analyses Criticality Analysis ID mission critical functions/ components and suppliers CPI Analysis ID capability elements providing US technological advantage Horizontal analysis Information Analysis ID information requiring protection, its classification, location, etc. SSE Decision Analysis Contractor Assess SSE risks based on analyses and assessments Implement protections in system and its developmental and operational environments Determine candidate protections to address threats/vulnerabilities Verification & Validation (V&V) Threat and Vulnerability Assessments Conduct engineering/ risk/cost trade-off analyses Conduct V&V, DT&E, and OT&E of protections and assess/evaluate residual vulnerabilities ID threats and vulnerabilities related to mission-critical functions/components, CPI, and information about the program, development environment, and system (emphasis on technical info) Establish protection measures

17 Cybersecurity/Program Protection/SSE
Across the Lifecycle Suggested Language to Incorporate System Security Engineering for Trusted Systems and Networks into Department of Defense Requests for Proposals TMRR Phase RFP EMD Phase RFP Production Contract Protection measures as a design consideration Incorporate requirements into technical baselines Entry and exit criteria in SETRs Assess technical risk and mitigation plans Integrated Product Team collaboration Test tools often custom per platform Cyber Ranges and Red Teams have limited availability Iterate with changes in architecture, threats, vulnerabilities, and testing

18 Takeaways DoD systems must prioritize speed of delivery, continuous adaption, and frequent upgrades to stay current with warfighter needs in the evolving battlespace SSE must anticipate and mitigate threats to information, support networks, the supply chain, and developmental and operational systems and their interfaces Systems must be able to defend against an ever expanding set of threats and attack surfaces Cybersecurity is required by all programs and is every workforce member’s responsibility SSE consists of a number of analyses, to include risk/cost trade-off analyses, as well as protection measure implementation and V&V Protection implementation is risk-based and must be tailored/aligned within the SE process to achieve the systems’ required cost, schedule, performance, and security Programs should take advantage of existing resources to categorize their systems’ protection levels and associated requirements and baseline their protection measures Address cybersecurity in RFPs, SETRs, risk management, and test activities across the lifecycle

19 Backup

20 Key Terminology cybersecurity (DoDI 8500.01)
Prevention of damage to, protection of, and restoration of computers, electronic communications systems, electronic communications services, wire communication, and electronic communication, including information contained therein, to ensure its availability, integrity, authentication, confidentiality, and nonrepudiation. program protection (DoDI ) Program protection is the integrating process for managing risks to DoD warfighting capability from foreign intelligence collection; from hardware, software, and cyber vulnerability or supply chain exploitation; and from battlefield loss throughout the system life cycle. Where a DoD capability advantage derives from a DoD-unique or critical technology, program protection manages and controls the risk that the enabling technology will be lost to an adversary. Where a DoD capability advantage derives from the integration of commercially available or custom-developed components, program protection manages the risk that design vulnerabilities or supply chains will be exploited to destroy, modify, or exfiltrate critical data, degrade system performance, or decrease confidence in a system. Program protection also supports international partnership building and cooperative opportunities objectives by enabling the export of capabilities without compromising underlying U.S. technology advantages. system security engineering (DoDI ) An element of system engineering that applies scientific and engineering principles to identify security vulnerabilities and minimize or contain risks associated with these vulnerabilities.

21 Key Terminology criticality analysis (DoDI 5200.44)
An end-to-end functional decomposition performed by systems engineers to identify mission critical functions and components. Includes identification of system missions, decomposition into the functions to perform those missions, and traceability to the hardware, software, and firmware components that implement those functions. Criticality is assessed in terms of the impact of function or component failure on the ability of the component to complete the system mission(s). critical components (CCs) (DoDI ) A component which is or contains [information and communication technology] ICT, including hardware, software, and firmware, whether custom, commercial, or otherwise developed, and which delivers or protects mission critical functionality of a system or which, because of the system’s design, may introduce vulnerability to the mission critical functions of an applicable system. mission critical functions. mission critical function (DoDI ) Any function, the compromise of which would degrade the system effectiveness in achieving the core mission for which it was designed

22 Key Terminology SCRM (DoDI 5200.44)
A systematic process for managing supply chain risk by identifying susceptibilities, vulnerabilities and threats throughout DoD’s “supply chain” and developing mitigation strategies to combat those threats whether presented by the supplier, the supplied product and its subcomponents, or the supply chain (e.g., initial production, packaging, handling, storage, transport, mission operation, and disposal). supply chain risk (DoDI ) The risk that an adversary may sabotage, maliciously introduce unwanted function, or otherwise subvert the design, integrity, manufacturing, production, distribution, installation, operation, or maintenance of a system so as to surveil, deny, disrupt, or otherwise degrade the function, use, or operation of such system. HwA (DAG Chapter 9) The level of confidence that microelectronics (also known as microcircuits, semiconductors, and integrated circuits, including its embedded software and/or intellectual property) function as intended and are free of known vulnerabilities, either intentionally or unintentionally designed or inserted as part of the system's hardware and/or its embedded software and/or intellectual property, throughout the life cycle. SwA (DoDI ) The level of confidence that software functions as intended and is free of vulnerabilities, either intentionally or unintentionally designed or inserted as part of the software throughout the lifecycle.

23 Key Terminology CPI (DoDI 5200.39)
U.S. capability elements that contribute to the warfighters’ technical advantage, which if compromised, undermines U.S. military preeminence. U.S. capability elements may include, but are not limited to, software algorithms and specific hardware residing on the system, its training equipment, or maintenance support equipment. AT (DoDD E) Systems engineering activities intended to prevent or delay exploitation of CPI in U.S. defense systems in domestic and export configurations to impede countermeasure development, unintended technology transfer, or alteration of a system due to reverse engineering. DEF (USD(AT&L) memo, “Defense Exportability Features Policy Implementation Memorandum and Guidelines,” April 9, 2015) Design, develop, and implement technology protection features that enable export, and/or modify or remove technologies and/or capabilities prohibited for export early in the acquisition life cycle, when possible. Technology protection features refer to the technical modifications necessary to protect CPI, which includes AT and other U.S. Government Technology Security and Foreign Disclosure (TSFD) and export policy-related modifications that must be developed and incorporated into export variants.

24 SSE Process Overview Technical Baselines* Program and System Analyses
Concept Studies System Definition(Functional Baseline) Preliminary Design (Allocated Baseline) Detailed Design (Product Baseline) Design Definition SRR Protections are identified and integrated into technical baselines Analyses are iteratively informed by and informing the design Results are documented in the Program Protection Plan (PPP) Design Definition Technical Baselines* Design Definition Program and System Analyses SSE Decision Analysis Criticality Analysis Determine critical functions and components based on critical mission threads Identify key suppliers CPI Analysis Identify capability elements providing a US technological advantage Conduct horizontal analysis Information Analysis Properly apply classification and marking procedures Implement required info protections Assess SSE risks based on program/system analyses and identified threats/ vulnerabilities Contractor Implement SSE in design, development: Respond to SSE requirements Asses security risks during design review and system implementation Determine candidate protections to address vulnerabilities. Utilize protections from across SSE specialties (e.g., cybersecurity, SwA, AT, HwA) and security specialties (e.g., OPSEC, personnel security, physical security) Verification & Validation (V&V) Conduct engineering risk/cost trade-off analyses Conduct V&V: Evaluate AT protections Assess hardware and software vulnerabilities Verify SSE reqmts (Contractor, DT&E, OT&E) Threat and Vulnerability Assessments Identify threats and vulnerabilities related to: Mission-critical functions/components CPI Key info about the program and system (emphasis on technical information) Establish protection measures System security requirements Identify acquisition mitigations Further analyses necessary

Download ppt "Cybersecurity for Engineers"

Similar presentations

Secure Systems Research Group - FAU Process Standards (and Process Improvement)

Secure Systems Research Group - FAU Process Standards (and Process Improvement)
BENEFITS OF SUCCESSFUL IT MODERNIZATION

BENEFITS OF SUCCESSFUL IT MODERNIZATION
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Lecture 1: Overview modified from slides of Lawrie Brown.

Lecture 1: Overview modified from slides of Lawrie Brown.
Information Assurance (IA) - Measures that protect and defend information and information systems by ensuring their availability, integrity, authentication,

Information Assurance (IA) - Measures that protect and defend information and information systems by ensuring their availability, integrity, authentication,
Security Controls – What Works

Security Controls – What Works
DoD Systems and Software Engineering A Strategy for Enhanced Systems Engineering Kristen Baldwin Acting Director, Systems and Software Engineering Office.

DoD Systems and Software Engineering A Strategy for Enhanced Systems Engineering Kristen Baldwin Acting Director, Systems and Software Engineering Office.
Security Engineering II. Problem Sources 1.Requirements definitions, omissions, and mistakes 2.System design flaws 3.Hardware implementation flaws, such.

Security Engineering II. Problem Sources 1.Requirements definitions, omissions, and mistakes 2.System design flaws 3.Hardware implementation flaws, such.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.

Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.
DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.

DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
Session 3 – Information Security Policies

Session 3 – Information Security Policies
IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.

IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.

Resiliency Rules: 7 Steps for Critical Infrastructure Protection.
IAEA International Atomic Energy Agency International Cooperation in Nuclear Security David Ek Office of Nuclear Security.

IAEA International Atomic Energy Agency International Cooperation in Nuclear Security David Ek Office of Nuclear Security.
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
Information Systems Security Computer System Life Cycle Security.

Information Systems Security Computer System Life Cycle Security.
CLEANROOM SOFTWARE ENGINEERING.

CLEANROOM SOFTWARE ENGINEERING.
Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 DRAFT.

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 DRAFT.

Similar presentations

Ads by Google