Embed Size (px)
Citation preview
© 2012 The MITRE Corporation. All rights reserved.
Approved for Public Release: 12‐2397. Distribution Unlimited
Approved for Public Release: 12‐2397. Distribution Unlimited2nd Annual Secure and Resilient Cyber Architectures Workshop
Resiliency in Context
Harriet GoldmanMay 31, 2012
Approved for Public Release: 12-2460 – Distribution Unlimited
© 2012 The MITRE Corporation. All rights reserved.Approved for Public Release: 12‐2397. Distribution Unlimited
Why is Resiliency Important?Skilled Adversaries
Computer Architectures
Traditional IA Practices
Fiscal Pressures
Critical Missions Fail When Attacked
2
© 2012 The MITRE Corporation. All rights reserved.Approved for Public Release: 12‐2397. Distribution Unlimited
What is Resiliency and How is it Achieved?
■ The ability to provide and maintain an acceptable level of service in the face of faults and challenges to normal operation*
■ Cyber resiliency addresses 2 complementary concepts:– Resilience of the set of critical cyber resources– Resilience of the mission, business process, or organization
■ Adaptive, secure resilient technical architectures and agile operational TTPs – Built from components whose resilience characteristics may be
limited, unknown, and possibly unknowable?– Includes deterrents to disrupt, confuse and impede adversary
*Sterbenz & Hutchison, “ResiliNets: Multilevel Resilient and Survivable Networking Initiative”, University of Kentucky & Lancaster University, http://www.ittc.ku.edu/resilinets/index.html
Critical missions complete successfully despite effective
cyber attacks against underlying technology
3
© 2012 The MITRE Corporation. All rights reserved.Approved for Public Release: 12‐2397. Distribution Unlimited
Government Recognition of Resilience
4
© 2012 The MITRE Corporation. All rights reserved.Approved for Public Release: 12‐2397. Distribution Unlimited
Response
5
WELCOME
Secure and Resilient
Cyber Architectures Conference
Resiliency Agility Assuring Effective Missions
Foundations of Trust
© 2012 The MITRE Corporation. All rights reserved.Approved for Public Release: 12‐2397. Distribution Unlimited
Continuity of Critical Ops While Under Attack Failover, capacity, redundancy,
COOP, and DR planning
Configuration management
Minimal essential priority
Monitoring and correlation
Consequence management– Gracefully degrade– COA Tactics, Techniques, and
Procedures (TTPs) – Reconfigure– Isolate
Recovery– Reconstitute minimal
essential functions– Assess damage– Restore trust
6
© 2012 The MITRE Corporation. All rights reserved.Approved for Public Release: 12‐2397. Distribution Unlimited
Mission Assurance Engineering Framework
7
WHAT’S MOST IMPORTANT
Cyber Risk Remediation Analysis
Identify Mission Dependencies on Cyber
Mission Impact Analysis
Threat Susceptibility Assessment
WHAT ARE THE RISKS
HOW TO MITIGATE THE RISKS
Establish Mission Priorities
Cyber Threats & Intelligence
CONOPSUse Cases
End‐to‐End Flows
Mitigations
WHAT RESOURCES ARE MOST IMPORTANT
Mitigation Techniques IncludeSystem Security
Engineering
Assurance Practices
Anti‐Tamper
SCRM Practices
Resiliency Practices
© 2012 The MITRE Corporation. All rights reserved.Approved for Public Release: 12‐2397. Distribution Unlimited
Cyber Resiliency Foundation Elements
8
Anticipate Withstand Recover EvolveGOALS
Understand Prepare Prevent ContinueOBJECTIVES
Constrain ReconstituteTransform Re‐Architect
Adaptive Response
Coordinated Defense DiversityDeception Dynamic
Positioning
Dynamic Representation
Analytic Monitoring
Privilege RestrictionRedundancy
Substantiated Integrity
SegmentationUnpredictability
Realignment
Non‐Persistence
TECHNIQUES
PROACTIVE REACTIVE
© 2012 The MITRE Corporation. All rights reserved.Approved for Public Release: 12‐2397. Distribution Unlimited
Resiliency Framework
User
Data Products
Data Products
Data ProductsCatalog
Server
Goal
Withstand
Recover
Metric
‐‐‐
‐‐‐
‐‐‐
‐‐‐
‐‐‐
‐‐‐
Technology
Deception network
Hardware trusted path
Fine‐grained controls
RIAK
Multi‐cloud storage
Crypto bindings
Technique
Deception
Segmentation
Privilege Restriction
Redundancy
Substantiated Integrity
Objective
Constrain
Reconstitute
Continue
9
© 2012 The MITRE Corporation. All rights reserved.Approved for Public Release: 12‐2397. Distribution Unlimited
Summary Achieving cyber mission assurance requires we
– Change how we think about cyber threats, security approaches, and trust
– Adopt new risk management and system engineering processes
– Design, build, and integrate mission critical systems for resilience
– Develop agile operations and decision support capabilities
– Measure meaningful metrics– Define policies and practices to promote resilience– Collaborate and partner to change the game
10
© 2012 The MITRE Corporation. All rights reserved.Approved for Public Release: 12‐2397. Distribution Unlimited
Sun Tzu
“If your enemy is secure at all points, be prepared for him.
If he is in superior strength, evade him.
If your opponent is temperamental, seek to irritate him.
Pretend to be weak, that he may grow arrogant.
If he is taking his ease, give him no rest.
If his forces are united, separate them … appear where
you are not expected.”
11
