2014-12-16 defense news - shutdown the hackers
-
Upload
shawn-wells -
Category
Software
-
view
16 -
download
0
Transcript of 2014-12-16 defense news - shutdown the hackers
![Page 1: 2014-12-16 defense news - shutdown the hackers](https://reader031.fdocuments.in/reader031/viewer/2022030207/58ac3cc41a28ab145e8b665b/html5/thumbnails/1.jpg)
Shut Down the Hackers Presented with
![Page 2: 2014-12-16 defense news - shutdown the hackers](https://reader031.fdocuments.in/reader031/viewer/2022030207/58ac3cc41a28ab145e8b665b/html5/thumbnails/2.jpg)
50 MINUTES, 3 GOALS (+10MIN Q&A)
1. Discuss existing & emerging technologies for continuous monitoring - Vulnerability Management - Configuration Management
2. Share DoD Centralized Super Computing Facility story
3. Data standardization technologies
![Page 3: 2014-12-16 defense news - shutdown the hackers](https://reader031.fdocuments.in/reader031/viewer/2022030207/58ac3cc41a28ab145e8b665b/html5/thumbnails/3.jpg)
Reliance on Technology over
Time
![Page 4: 2014-12-16 defense news - shutdown the hackers](https://reader031.fdocuments.in/reader031/viewer/2022030207/58ac3cc41a28ab145e8b665b/html5/thumbnails/4.jpg)
Reliance on Technology over
Time 2 units of 0me
Trivial consequences …… IT as helpdesk …… IT as ancillary cost
![Page 5: 2014-12-16 defense news - shutdown the hackers](https://reader031.fdocuments.in/reader031/viewer/2022030207/58ac3cc41a28ab145e8b665b/html5/thumbnails/5.jpg)
Reliance on Technology over
Time 2 units of 0me 2 units of 0me
Severe consequences a6er IT failure …… “IT Guy” now “Chief Architect” …… Rise of the CISO …… IT performance metrics to O5/O6+
![Page 6: 2014-12-16 defense news - shutdown the hackers](https://reader031.fdocuments.in/reader031/viewer/2022030207/58ac3cc41a28ab145e8b665b/html5/thumbnails/6.jpg)
Ever-Increasing Capability & Complexity
FUNCTIONALITY & COMPLEXITY
OPERATIONAL RISK
Biplane: 0 LOC
![Page 7: 2014-12-16 defense news - shutdown the hackers](https://reader031.fdocuments.in/reader031/viewer/2022030207/58ac3cc41a28ab145e8b665b/html5/thumbnails/7.jpg)
Ever-Increasing Capability & Complexity
FUNCTIONALITY & COMPLEXITY
OPERATIONAL RISK
Biplane: 0 LOC Lunar Module: 2K LOC
![Page 8: 2014-12-16 defense news - shutdown the hackers](https://reader031.fdocuments.in/reader031/viewer/2022030207/58ac3cc41a28ab145e8b665b/html5/thumbnails/8.jpg)
Ever-Increasing Capability & Complexity
FUNCTIONALITY & COMPLEXITY
OPERATIONAL RISK
Biplane: 0 LOC Lunar Module: 2K LOC F-35: 9.9M LOC
![Page 9: 2014-12-16 defense news - shutdown the hackers](https://reader031.fdocuments.in/reader031/viewer/2022030207/58ac3cc41a28ab145e8b665b/html5/thumbnails/9.jpg)
![Page 10: 2014-12-16 defense news - shutdown the hackers](https://reader031.fdocuments.in/reader031/viewer/2022030207/58ac3cc41a28ab145e8b665b/html5/thumbnails/10.jpg)
April 2013
![Page 11: 2014-12-16 defense news - shutdown the hackers](https://reader031.fdocuments.in/reader031/viewer/2022030207/58ac3cc41a28ab145e8b665b/html5/thumbnails/11.jpg)
![Page 12: 2014-12-16 defense news - shutdown the hackers](https://reader031.fdocuments.in/reader031/viewer/2022030207/58ac3cc41a28ab145e8b665b/html5/thumbnails/12.jpg)
h2p://www.state.gov/documents/organiza0on/225886.pdf
“In April 2013, AQI’s leader Abu Bakr al-‐Baghdadi declared the group was opera0ng in Syria and changed its public name to the Islamic State of Iraq and the Levant(ISIL).”
“On April 30, the U.S. State Department noted that private dona0ons from Persian Gulf countries were "a major source of funding for Sunni terrorist groups, par0cularly...in Syria," calling the problem one of the most important counterterrorism issues during the previous calendar year. Groups such as al-‐Qaeda's Syrian affiliate, Jabhat al-‐Nusra, and the Islamic State of Iraq and al-‐Sham (ISIS), previously known as al-‐Qaeda in Iraq, are believed to be frequent recipients of some of the hundreds of millions of dollars that wealthy ci0zens and others in the Gulf peninsula have been dona0ng during the Syrian conflict.”
![Page 13: 2014-12-16 defense news - shutdown the hackers](https://reader031.fdocuments.in/reader031/viewer/2022030207/58ac3cc41a28ab145e8b665b/html5/thumbnails/13.jpg)
2014 U.S. State of Cybercrime Survey
What percent of Electronic Crime events are known or suspected to have been caused by . . .
Insider, 28%
Outsider, 72%
Source: 2014 US State of Cybercrime Survey, CSO Magazine (sponsored by Secret Service, Software Engineering Institute CERT Program at Carnegie Mellon University and Price Waterhouse Cooper, April 2014)
![Page 14: 2014-12-16 defense news - shutdown the hackers](https://reader031.fdocuments.in/reader031/viewer/2022030207/58ac3cc41a28ab145e8b665b/html5/thumbnails/14.jpg)
2014 U.S. State of Cybercrime Survey
Which Electronic Crimes were more costly or damaging to your organization, those perpetrated by . . .
Source: 2014 US State of Cybercrime Survey, CSO Magazine (sponsored by Secret Service, Software Engineering Institute CERT Program at Carnegie Mellon University and Price Waterhouse Cooper, April 2014)
Insider, 46% Outsider, 54%
![Page 15: 2014-12-16 defense news - shutdown the hackers](https://reader031.fdocuments.in/reader031/viewer/2022030207/58ac3cc41a28ab145e8b665b/html5/thumbnails/15.jpg)
2014 U.S. State of Cybercrime Survey
Source: 2014 US State of Cybercrime Survey, CSO Magazine (sponsored by Secret Service, Software Engineering Institute CERT Program at Carnegie Mellon University and Price Waterhouse Cooper, April 2014)
75%
10%
12%
3% How Intrusions Are Handled
Internally (without legal ac0on or law enforcement)
Internally (with legal ac0on)
Externally (no0fying law enforcement)
Externally (filing a civil ac0on)
![Page 16: 2014-12-16 defense news - shutdown the hackers](https://reader031.fdocuments.in/reader031/viewer/2022030207/58ac3cc41a28ab145e8b665b/html5/thumbnails/16.jpg)
2014 U.S. State of Cybercrime Survey
Source: 2014 US State of Cybercrime Survey, CSO Magazine (sponsored by Secret Service, Software Engineering Institute CERT Program at Carnegie Mellon University and Price Waterhouse Cooper, April 2014)
75%
10%
12%
3%
How Intrusions Are Handled
Internally (without legal ac0on or law enforcement)
Internally (with legal ac0on)
Top 5 Reasons Cyber Crimes were not referred for legal acNon Damage level insufficient to warrant prosecu0on
34%
Lack of evidence/not enough informa0on to prosecute
36%
Could not iden0fy the individuals responsible
37%
Nega0ve publicity 12%
Don’t know 21%
è
![Page 17: 2014-12-16 defense news - shutdown the hackers](https://reader031.fdocuments.in/reader031/viewer/2022030207/58ac3cc41a28ab145e8b665b/html5/thumbnails/17.jpg)
![Page 18: 2014-12-16 defense news - shutdown the hackers](https://reader031.fdocuments.in/reader031/viewer/2022030207/58ac3cc41a28ab145e8b665b/html5/thumbnails/18.jpg)
Crossing the Chasm
![Page 19: 2014-12-16 defense news - shutdown the hackers](https://reader031.fdocuments.in/reader031/viewer/2022030207/58ac3cc41a28ab145e8b665b/html5/thumbnails/19.jpg)
Crossing the Chasm
![Page 20: 2014-12-16 defense news - shutdown the hackers](https://reader031.fdocuments.in/reader031/viewer/2022030207/58ac3cc41a28ab145e8b665b/html5/thumbnails/20.jpg)
Crossing the Chasm
![Page 21: 2014-12-16 defense news - shutdown the hackers](https://reader031.fdocuments.in/reader031/viewer/2022030207/58ac3cc41a28ab145e8b665b/html5/thumbnails/21.jpg)
Crossing the Chasm
![Page 22: 2014-12-16 defense news - shutdown the hackers](https://reader031.fdocuments.in/reader031/viewer/2022030207/58ac3cc41a28ab145e8b665b/html5/thumbnails/22.jpg)
Case Study: U.S. Department of Defense
Centralized Super Compu0ng Facility
![Page 23: 2014-12-16 defense news - shutdown the hackers](https://reader031.fdocuments.in/reader031/viewer/2022030207/58ac3cc41a28ab145e8b665b/html5/thumbnails/23.jpg)
“Innova0on Programs” – Review of ongoing work with NSA’s Informa0on Assurance Directorate and NIST
![Page 24: 2014-12-16 defense news - shutdown the hackers](https://reader031.fdocuments.in/reader031/viewer/2022030207/58ac3cc41a28ab145e8b665b/html5/thumbnails/24.jpg)
![Page 25: 2014-12-16 defense news - shutdown the hackers](https://reader031.fdocuments.in/reader031/viewer/2022030207/58ac3cc41a28ab145e8b665b/html5/thumbnails/25.jpg)
h2p://www.gao.gov/assets/120/110329.pdf
“80% of a2acks leverage known vulnerabili0es and configura0on
management sekng weaknesses”
![Page 26: 2014-12-16 defense news - shutdown the hackers](https://reader031.fdocuments.in/reader031/viewer/2022030207/58ac3cc41a28ab145e8b665b/html5/thumbnails/26.jpg)
UNIFIED SYSTEMS - LOWERING RISK
- Correcting “tunnel vision” -
- -
- - - -
![Page 27: 2014-12-16 defense news - shutdown the hackers](https://reader031.fdocuments.in/reader031/viewer/2022030207/58ac3cc41a28ab145e8b665b/html5/thumbnails/27.jpg)
UNIFIED SYSTEMS - LOWERING RISK
- Correcting “tunnel vision” - Using math and statistics to accelerate
corrective action - -
- - - -
![Page 28: 2014-12-16 defense news - shutdown the hackers](https://reader031.fdocuments.in/reader031/viewer/2022030207/58ac3cc41a28ab145e8b665b/html5/thumbnails/28.jpg)
UNIFIED SYSTEMS - LOWERING RISK
- Correcting “tunnel vision” - Using math and statistics to accelerate
corrective action - Daily risk calculations/priorities -
- - - -
![Page 29: 2014-12-16 defense news - shutdown the hackers](https://reader031.fdocuments.in/reader031/viewer/2022030207/58ac3cc41a28ab145e8b665b/html5/thumbnails/29.jpg)
UNIFIED SYSTEMS - LOWERING RISK
- Correcting “tunnel vision” - Using math and statistics to accelerate
corrective action - Daily risk calculations/priorities - Automated business processes (patch
distribution, corrective actions, etc)
- … WHILE NOT CHANGING - Structure of departments or agencies - Decentralized technology management - Structure of security program
![Page 30: 2014-12-16 defense news - shutdown the hackers](https://reader031.fdocuments.in/reader031/viewer/2022030207/58ac3cc41a28ab145e8b665b/html5/thumbnails/30.jpg)
UNIFIED SYSTEMS - LOWERING RISK
- Correcting “tunnel vision” - Using math and statistics to accelerate
corrective action - Daily risk calculations/priorities - Automated business processes (patch
distribution, corrective actions, etc)
- … WHILE NOT CHANGING - Structure of departments or agencies - Decentralized technology management - Structure of security program
OBSTACLE: CxO’s accountable for IT security
BUT Directly supervise only a small % of systems in use
![Page 31: 2014-12-16 defense news - shutdown the hackers](https://reader031.fdocuments.in/reader031/viewer/2022030207/58ac3cc41a28ab145e8b665b/html5/thumbnails/31.jpg)
![Page 32: 2014-12-16 defense news - shutdown the hackers](https://reader031.fdocuments.in/reader031/viewer/2022030207/58ac3cc41a28ab145e8b665b/html5/thumbnails/32.jpg)
An SCAP Primer - Security Content Automation Protocol (SCAP)
![Page 33: 2014-12-16 defense news - shutdown the hackers](https://reader031.fdocuments.in/reader031/viewer/2022030207/58ac3cc41a28ab145e8b665b/html5/thumbnails/33.jpg)
An SCAP Primer - Security Content Automation Protocol (SCAP)
- Defines standardized formats
- Standardized inputs (e.g. a compliance baseline, status query) - Standardized outputs (machine readable results)
- NIST 800-117: Guide to Adopting and Using the Security Content Automation Protocol - NIST 800-126: The Technical Specification for the Security Content Automation Protocol
- NIST IR 7511: Requirements for vendors to attain NIST Validation
![Page 34: 2014-12-16 defense news - shutdown the hackers](https://reader031.fdocuments.in/reader031/viewer/2022030207/58ac3cc41a28ab145e8b665b/html5/thumbnails/34.jpg)
An SCAP Primer - Security Content Automation Protocol (SCAP)
- Defines standardized formats
- Standardized inputs (e.g. a compliance baseline, status query) - Standardized outputs (machine readable results)
- Provides the DoD enterprise with liberty with regard to product choices - Avoids vendor lock-in, enables interoperability - Provides common technical position to vendors, integrators, mission partners - Federal procurement language requires SCAP support in some cases
(e.g. new Common Criteria language)
![Page 35: 2014-12-16 defense news - shutdown the hackers](https://reader031.fdocuments.in/reader031/viewer/2022030207/58ac3cc41a28ab145e8b665b/html5/thumbnails/35.jpg)
SCAP Security Guide
https://github.com/OpenSCAP/scap-security-guide
![Page 36: 2014-12-16 defense news - shutdown the hackers](https://reader031.fdocuments.in/reader031/viewer/2022030207/58ac3cc41a28ab145e8b665b/html5/thumbnails/36.jpg)
Contributors include . . .
![Page 37: 2014-12-16 defense news - shutdown the hackers](https://reader031.fdocuments.in/reader031/viewer/2022030207/58ac3cc41a28ab145e8b665b/html5/thumbnails/37.jpg)
Live Demo
![Page 38: 2014-12-16 defense news - shutdown the hackers](https://reader031.fdocuments.in/reader031/viewer/2022030207/58ac3cc41a28ab145e8b665b/html5/thumbnails/38.jpg)
SCAP Security Guide - ~1.66M lines of code from 80 developers across DoD, IC, Civilian, industry,
academia
- NIST Validated tooling (OpenSCAP)
- Upstream for US Gov Enterprise Linux baselines - STIG: DoD RHEL6 baseline, produced by DISA FSO - C2S: Intelligence Community “Commercial Cloud” for JWICS - CSCF: NRO’s Centralized Super Computing Facility (CNSSI 1253 controls) - CS2: NSA RHEL6 baseline - US Navy JBoss EAP
- Shipping natively in Enterprise Linux
![Page 39: 2014-12-16 defense news - shutdown the hackers](https://reader031.fdocuments.in/reader031/viewer/2022030207/58ac3cc41a28ab145e8b665b/html5/thumbnails/39.jpg)
![Page 40: 2014-12-16 defense news - shutdown the hackers](https://reader031.fdocuments.in/reader031/viewer/2022030207/58ac3cc41a28ab145e8b665b/html5/thumbnails/40.jpg)
![Page 41: 2014-12-16 defense news - shutdown the hackers](https://reader031.fdocuments.in/reader031/viewer/2022030207/58ac3cc41a28ab145e8b665b/html5/thumbnails/41.jpg)
![Page 42: 2014-12-16 defense news - shutdown the hackers](https://reader031.fdocuments.in/reader031/viewer/2022030207/58ac3cc41a28ab145e8b665b/html5/thumbnails/42.jpg)
![Page 43: 2014-12-16 defense news - shutdown the hackers](https://reader031.fdocuments.in/reader031/viewer/2022030207/58ac3cc41a28ab145e8b665b/html5/thumbnails/43.jpg)
![Page 44: 2014-12-16 defense news - shutdown the hackers](https://reader031.fdocuments.in/reader031/viewer/2022030207/58ac3cc41a28ab145e8b665b/html5/thumbnails/44.jpg)
![Page 45: 2014-12-16 defense news - shutdown the hackers](https://reader031.fdocuments.in/reader031/viewer/2022030207/58ac3cc41a28ab145e8b665b/html5/thumbnails/45.jpg)
![Page 46: 2014-12-16 defense news - shutdown the hackers](https://reader031.fdocuments.in/reader031/viewer/2022030207/58ac3cc41a28ab145e8b665b/html5/thumbnails/46.jpg)
![Page 47: 2014-12-16 defense news - shutdown the hackers](https://reader031.fdocuments.in/reader031/viewer/2022030207/58ac3cc41a28ab145e8b665b/html5/thumbnails/47.jpg)
![Page 48: 2014-12-16 defense news - shutdown the hackers](https://reader031.fdocuments.in/reader031/viewer/2022030207/58ac3cc41a28ab145e8b665b/html5/thumbnails/48.jpg)
![Page 49: 2014-12-16 defense news - shutdown the hackers](https://reader031.fdocuments.in/reader031/viewer/2022030207/58ac3cc41a28ab145e8b665b/html5/thumbnails/49.jpg)
![Page 50: 2014-12-16 defense news - shutdown the hackers](https://reader031.fdocuments.in/reader031/viewer/2022030207/58ac3cc41a28ab145e8b665b/html5/thumbnails/50.jpg)
SCAP Deployment: CSCF • Established September 1985 to provide HPC resources for use by
the classified NRT and scientific computing communities • DS&T was facilitator with SMUG committee of user groups • WF took over with consolidation of WF to current management
• CSCF is currently located in ADF-E
• Applications support – code optimization, code parallelization, conversion, algorithm development/modification
• O&M support – OS configuration, help desk, backups, disaster recovery, etc
![Page 51: 2014-12-16 defense news - shutdown the hackers](https://reader031.fdocuments.in/reader031/viewer/2022030207/58ac3cc41a28ab145e8b665b/html5/thumbnails/51.jpg)
SCAP Deployment: CSCF • CSCF followed the ICD 503 Six steps with standard controls and Cross
Domain System (CDS) controls (CDS is approximately equal to MLS)
• Controls were straight forward
• Testing was very problematic • Testers unfamiliar with Linux, much less MLS. • Test Output Formatting
• CSCF moving to SCAP with Red Hat using the xml and html outputs to standardize on with Red Hat support
![Page 52: 2014-12-16 defense news - shutdown the hackers](https://reader031.fdocuments.in/reader031/viewer/2022030207/58ac3cc41a28ab145e8b665b/html5/thumbnails/52.jpg)
![Page 53: 2014-12-16 defense news - shutdown the hackers](https://reader031.fdocuments.in/reader031/viewer/2022030207/58ac3cc41a28ab145e8b665b/html5/thumbnails/53.jpg)
![Page 54: 2014-12-16 defense news - shutdown the hackers](https://reader031.fdocuments.in/reader031/viewer/2022030207/58ac3cc41a28ab145e8b665b/html5/thumbnails/54.jpg)
![Page 55: 2014-12-16 defense news - shutdown the hackers](https://reader031.fdocuments.in/reader031/viewer/2022030207/58ac3cc41a28ab145e8b665b/html5/thumbnails/55.jpg)
![Page 56: 2014-12-16 defense news - shutdown the hackers](https://reader031.fdocuments.in/reader031/viewer/2022030207/58ac3cc41a28ab145e8b665b/html5/thumbnails/56.jpg)
![Page 57: 2014-12-16 defense news - shutdown the hackers](https://reader031.fdocuments.in/reader031/viewer/2022030207/58ac3cc41a28ab145e8b665b/html5/thumbnails/57.jpg)
PORTABLE WORKLOADS
![Page 58: 2014-12-16 defense news - shutdown the hackers](https://reader031.fdocuments.in/reader031/viewer/2022030207/58ac3cc41a28ab145e8b665b/html5/thumbnails/58.jpg)
Data Sources
![Page 59: 2014-12-16 defense news - shutdown the hackers](https://reader031.fdocuments.in/reader031/viewer/2022030207/58ac3cc41a28ab145e8b665b/html5/thumbnails/59.jpg)
Data Sources
JBoss Data Virtualiza0on Format consistency
1234567890
123-‐456-‐7890 (123)-‐456-‐7890 123/456/7890 123,456,7890 [123]-‐456-‐7890
![Page 60: 2014-12-16 defense news - shutdown the hackers](https://reader031.fdocuments.in/reader031/viewer/2022030207/58ac3cc41a28ab145e8b665b/html5/thumbnails/60.jpg)
Report 1 Report 2 Report 3 Report 4 Data Consumers
Data Sources
JBoss Data Virtualiza0on Format consistency
1234567890
123-‐456-‐7890 (123)-‐456-‐7890 123/456/7890 123,456,7890 [123]-‐456-‐7890
![Page 61: 2014-12-16 defense news - shutdown the hackers](https://reader031.fdocuments.in/reader031/viewer/2022030207/58ac3cc41a28ab145e8b665b/html5/thumbnails/61.jpg)
Data
Sources
Hadoop NoSQL Cloud Apps Data Warehouse & Databases
Mainframe XML, CSV & Excel Files
Enterprise Apps
Siloed & Complex
![Page 62: 2014-12-16 defense news - shutdown the hackers](https://reader031.fdocuments.in/reader031/viewer/2022030207/58ac3cc41a28ab145e8b665b/html5/thumbnails/62.jpg)
Connect
Compose
Consume
Na0ve Data Connec0vity
Standard based Data Provisioning JDBC, ODBC, SOAP, REST, OData
JBoss D
ata
Virtua
lizaN
on
Data
Sources
Design Tools
Dashboard
OpNmizaNon
Caching
Security
Metadata
Hadoop NoSQL Cloud Apps Data Warehouse & Databases
Mainframe XML, CSV & Excel Files
Enterprise Apps
Siloed & Complex
Virtualize Transform Federate Unified Virtual Database / Common Data Model
Data Transforma0ons
![Page 63: 2014-12-16 defense news - shutdown the hackers](https://reader031.fdocuments.in/reader031/viewer/2022030207/58ac3cc41a28ab145e8b665b/html5/thumbnails/63.jpg)
Connect
Compose
Consume
BI Reports & Analy0cs
Mobile Applica0ons SOA Applica0ons & Portals
ESB, ETL
Na0ve Data Connec0vity
Standard based Data Provisioning JDBC, ODBC, SOAP, REST, OData
JBoss D
ata
Virtua
lizaN
on
Data
Consum
ers
Data
Sources
Design Tools
Dashboard
OpNmizaNon
Caching
Security
Metadata
Hadoop NoSQL Cloud Apps Data Warehouse & Databases
Mainframe XML, CSV & Excel Files
Enterprise Apps
Siloed & Complex
Virtualize Transform Federate
Easy, Real-‐Cme InformaCon
Unified Virtual Database / Common Data Model Data Transforma0ons
![Page 64: 2014-12-16 defense news - shutdown the hackers](https://reader031.fdocuments.in/reader031/viewer/2022030207/58ac3cc41a28ab145e8b665b/html5/thumbnails/64.jpg)
![Page 65: 2014-12-16 defense news - shutdown the hackers](https://reader031.fdocuments.in/reader031/viewer/2022030207/58ac3cc41a28ab145e8b665b/html5/thumbnails/65.jpg)
![Page 66: 2014-12-16 defense news - shutdown the hackers](https://reader031.fdocuments.in/reader031/viewer/2022030207/58ac3cc41a28ab145e8b665b/html5/thumbnails/66.jpg)
Shawn Wells Director, Innova0on Programs Red Hat Public Sector [email protected] || 443-‐534-‐0130