Resiliency by Design, Defeating All Threats Cyber and ... · • “System Security Engineering:...
Transcript of Resiliency by Design, Defeating All Threats Cyber and ... · • “System Security Engineering:...
Resiliency by Design, Defeating All
Threats Cyber and Ballistic Missile-
Start Secure, Stay Secure, Return
Secure
August 7-9, 2018
Perri Nejib, Technical Fellow
Space and Missile Defense
Symposium
John Thompson, Technical Fellow
Northrop Grumman
Approved For Public Release #18-1463; Unlimited Distribution
Holistic approach to Cybersecurity
Must be in alignment and integrated for
cyber defense solution to be effective
and holistic
Approved For Public Release #18-1463; Unlimited Distribution
TRUSTED BASELINE
The Resilience Lifecycle
SECURE RE-BASELININGRESILIENT OPERATIONS
Resilience ApproachesMoving Target Defense
Proactive Restore/C2
Least Privilege Enforcement
Operate in spite of Threat Inside
Trust Zone Segmentation
Identity Attribution
Encryption
Root of Trust
Enabling Mission Assurance
Attack VectorsData
Code
Infrastructure
Communications
People
Operations
• Prevent loss of sensitive information
• Operate through attacks
• Respond to attacks across the board, not
just on IP-based connections
• Prevent mission critical function alteration
Build & Field
• Avoid supply chain intrusion
• Continually assess security
posture
• Detect & reject built-in malware
• Ensure software provenance
• Detect & reject counterfeit
parts
Maintain & Modernize
• Maintain supply chain integrity
• Preserve software integrity
• Prevent security mitigation
bypass
• Review and protect diagnostic
equipment injection points
Support
• Supply chain integrity
• Ensure software/data
integrity
• Review and protect
diagnostic equipment
injection points
Design & Acquire
• Design holistically
• Traceable supply chain
• Follow software assurance
processes
• Ensure software provenance
• Avoid contract process flaws
START SECURE. STAY SECURE. RETURN SECURE
Approved For Public Release #18-1463; Unlimited Distribution
Resilience Meets Systems Engineering
SECURE DEVELOPMENT ENVIRONMENTS
Material Solution Analysis
Technology Maturation
Engineering & manufacturing Development
Production & Deployment
BUILDING A CYBER RESILIENT SYSTEM
Trusted Baseline Continuous Trust Restoration
Start Secure
Operations & Support
Stay Secure Return Secure
Build Trusted Baseline
• System Security
Engineering
• Anti-Tamper
• Cybersecurity/RMF
• Software Security
• Mission Assurance
• Supply Chain Risk Mgmt
• TEMPEST
• Other Countermeasures
Secure our Development
Environments
• Personnel Security
• Operations Security
• Information/Industrial
Security
• Enterprise
• Lab/Development Areas
• Classified Areas
• External Networks
RegionalArchitectures
Feasibility Study/Concept
Exploration
Concept of Operations
System Requirements
High-Level Design
DetailedDesign
Software/HardwareDevelopment
Field Installations
Unit Device Testing
Subsystem Verification
System Verification & Deployment
System Validation
Operations and Maintenance
Changes and Upgrades
Retirement/Replacement
System Validation
System Verification
SubsystemVerification
Unit Test
Approved For Public Release #18-1463; Unlimited Distribution
System Security Engineering & the System Engineering V -
Details
Identify RMF CIA Impact Levels
and whether or not the systems
meets the criteria of a National
Security System
Identify required security controls
using NIST 800-53 and CNNS-
1253 (NSS Systems)
Identify the capabilities needed to
satisfy the required controls and
those needed to continuously
monitor them
Design system controls and
associated monitoring
capabilities
Implement Designs
Integrate controls monitoring
capabilities with existing security
infrastructure and ops teams
Verify controls satisfy required
capabilities and are continuously
monitored
Train staff on new capabilities,
develop O&M procedures, deliver
system documentation
Continuously monitor controls
and regularly exercise staff to
maintain a high state of cyber
readiness
Approved For Public Release #18-1463; Unlimited Distribution
INCOSE Project with the SSE
Working Group
Approved For Public Release #18-1463; Unlimited Distribution
Approach
• Research applicable published Standards and Guidance
– NIST 800-160
– ISO 15288
– INCOSE SE Handbook
• Work focused on taking SSE activities, tasks and
deliverables/artifacts and developing framework that can be used
across domains and clearly defines critical artifact roles and &
responsibilities within SSE and SE
• Make it clear to SEs how to integrate SSE products into related SE
products and the value in doing so to manage overall
program/system design and risk
The systems security engineering discipline provides the security
perspective to the systems engineering processes, activities, tasks, products,
and artifacts, with emphasis on system security risk management.
These all had major updates mid
2015 and 2016
Approved For Public Release #18-1463; Unlimited Distribution
Project Goals
• Integrate artifact roles & responsibilities framework into current
INCOSE specialty engineering section on SSE – Chapter 10
• Develop framework so that it can easily be adopted into NIST SP 800-
160 and ISO 15288
Approved For Public Release #18-1463; Unlimited Distribution
INCOSE SE Handbook & NIST SP 800-160 Organized by Processes and associated Activities and Tasks
Approved For Public Release #18-1463; Unlimited Distribution
NIST 800-160 broken down by
ISO 15288:2015/INCOSE SE
processes – expressed in
security activities and tasks
Approved For Public Release #18-1463; Unlimited Distribution
Example Process Breakout
Implementation (IP) Process Breakout
Purpose • Realize the security aspects of all system element
• Results in a system element that satisfies specified system security
requirements, architecture, and design
Outcomes • Security aspects of the implementation strategy are developed
• Security aspects of implementation that constrain the requirements,
architecture, or design are identified
• Security system element
• System elements securely packaged and stored
• Enabling systems or services needed for security aspects of implantation
• Traceability of security aspects of implemented system elements
Activities and
Tasks
• IP-1 Prepare for the security aspects of implementation
o IP 1.1 – 1.3
• IP-2 Perform the security aspects of implementation
o IP 2.1 – 2.4
• IP-3 Manage results of the security aspects of implementation
o IP 3.1 – 3.3
Inputs Security strategy, plan, traceability, requirements, design, architecture, secure
system elements, assurance evidence, assurance results and anomalies
report
Responsible and
Supporting Roles
Responsible: Systems Security Engineer (SSE)
Supporting: Program Manager (PM), Chief Engineer (CE), Systems Engineer
(SE), Systems Architect (SA), and Test Engineer (TE)
Approved For Public Release #18-1463; Unlimited Distribution
Roles and Responsibilities Framework
Approved For Public Release #18-1463; Unlimited Distribution
Roles and Responsibilities Framework
Approved For Public Release #18-1463; Unlimited Distribution
References
• “Systems Security Engineering: What Every System Engineer Needs to Know”, D. Beyer, P. Nejib and E. Yakabovicz,
INCOSE IS 2017 presentation, July 2017
• “System Security Engineering: Whose Job Is It Anyway?”, D. Beyer, P. Nejib, INCOSE Insight Journal, July 2016,
Volume 19 / Issue 2
• “Response to Cyber Security Demands for Agility”, D. Beyer, P. Nejib, INCOSE Insight Journal, July 2014, Volume 17,
Issue 2
Approved For Public Release #18-1463; Unlimited Distribution