Embed Size (px)
Citation preview
The Cyber Supply Line:A Geospatial Approach to Cybersecurity
February 9–10, 2015 | Washington, DC
Federal GIS Conference
Ken Stoni and Scott Cecilio, Esri Defense Sales
The Cyber Supply LineAn Introductory Briefing and Demonstration
The ProblemDetection is Difficult, Cyber isn’t enough
Breach Timeline
Compromise: 97% <= daysExfiltration: 72% <= daysDiscovery: 66% >= MONTHSContainment: 63% <= days
**70% of breaches were discovered by external parties
http://www.verizonenterprise.com/DBIR/2013/
Our Goals:
1) Detect early
2) Detect internally
3) Respond appropriately (maintenance vs security)
Cyberspace Re-ConsideredIt’s Mappable
Social / Persona Layer
Device Layer
Logical Network Layer
Physical Network Layer
Geographic Layer
• Each device in cyberspace is owned by someone (no ‘global commons’)
• Electro-mechanical devices exist in space-time and interact with physical events
• Geography is required to integrate and align cyberspace with other data
CybersecurityA common sequence of questions
Destination
Compromise attempted?
Compromise Successful?
TechnicalImpact?
Intervention
MissionImpact?
Source
WAN
How should we respond?
RemediationHardening
MissionImpact
IDSIPS IT Inventory
Detection
WAN
Four Design Patterns
Mission Assurance(Cyber Supply Line)
Signature Detection
Anomaly Detection
External Cyber Environment Internal Cyber Environment
Mission Assurance / Penetration Testing
Data
LANBldgNet
BldgNet
LAN
Campus #1 Campus #2
Mission ImpactThe Cyber Supply Line
1. Cyber Supply Line (CSL) is a consistent path through the infrastructure 2. CSL focuses resources on only the devices that are critical3. Managing data flows is similar to traffic routing; an Esri core competency
VerizonAT&TDISA
WAN
Mission Data Flow
Mission Data FlowWAN
Cyber Supply Line
Effect PropagationMulti-level Model of Data Flow
Maintain Data Flow Mission Assurance
Cyber Supply Line
Ken Stoni & Scott Cecilio
Rio 2016 Olympic Games
Demonstration
Joe Adduci, Argonne National Labs
The Cyber Supply LineApplication to the Cyber/Physical Nexus
Risk
• RA = f(V, T)
• R = Risk, A = Asset, V = Vulnerability, T = Threat• Asset = Data, Device, Sub-Net, Mission
• Mitigation prioritized Likelihood & Consequence (of failure)
Cyber Supply Line
Cyber Physical Network Risk from Cyber Supply Lines
RISKRISKVulnerability Consequence
ThreatThreat
RISKRISKVulnerability Consequence
ThreatThreat
RISK: The potential for an unwanted outcome resulting from an incident,
event, or occurrence, as determined by its likelihood and the associated
consequences.
RA = f(T, V, C)
• R = Risk • A = Asset that is Data, Device, Sub-Net, Mission• T = Threat• V = Vulnerability• C = Consequence
AA
A
A
AA
A A
Cyber Supply Lines define the consequences to the
system missions
Consequences of Cyber Dependency Fu
nctio
nal C
apab
ility
, %
100%
Cyber attack
initiatedFunctional loss begins
Functional loss ends
Remediation starts
Steady state restored
Functional capability loss can be either in cyber or physical function Dependent cyber infrastructure often has it own set of physically dependent
infrastructure
Time
Area represents the aggregate functional loss
Responding to Cyber Dependency Fu
nctio
nal C
apab
ility
, %
100%
Cyber attack
initiatedFunctional loss begins
Functional loss ends
Remediation starts
Steady state restored
Time
Intervention upon detection may prevent or minimize functional loss
Hardening can limit the extent of functional loss or shorten the period to starting remediation
Hardened system response
Attack vector specific responses can accelerate remediation
The overall impact of improved detection, intervention, hardening, and improved response options is a more resilient cyber or physical system.
Tools for Assessing Dependencies
Cyber Network Dependencies
• Each node in the network can have a unique dependency relationship to the connected nodes
• Understanding these dependencies can guide intervention and response at the network level
• Node level detection can support network level intervention and response
• Physical geography of the system and dependent systems can support informed intervention and response
Network Physical Consequences from Cyber Dependencies
• Each node in the network can have a dependency relationships to the connected physical systems
• Understanding these consequences of these cyber dependencies can guide intervention and response
• The aggregate physical consequences of specific cyber responses can support decisions
• The geography of the physical systems can have their own set of cascading human and economic impacts
CYBER INTERDEPENDENCIES ARE ANALOGOUS TO PHYSICAL CONNECTIONS AND CONSEQUENCES
Gaye Stevens, Esri Chief Security Officer
The Cyber Supply LineA Chief Information Security Officer’s Perspective
