View
219
Download
0
Category
Tags:
Preview:
Citation preview
Information Dominance Anytime, Anywhere…
Program Executive OfficeCommand, Control, Communications, Computers and Intelligence (PEO C4I)
Statement A: Approved for public release; distribution is unlimited
PMW 130 Overview for NDIA
11 May 2011Kevin McNally
Program Manager PMW 130858-537-0682
Kevin.mcnally@navy.mil
Why Cyber Matters?
• Over 2.08 billion Internet users (420M in China) – UN International
Telecommunication Union (ITU)
• DOD makes 1 billion+ Internet connections daily, passing 40TBs of
data – RADM Edward H. Deets, III
• DOD Networks scanned and probed 6M times/day – USCYBERCOM• Several years ago, zero countries armed for cyber warfare, today 20+
countries – Dr. Eric Cole, McAfee
• Stuxnet – Most advanced Cyber Weapon ever seen – CEO McAfee
“The next battle is in the information domain, and the first shots have already been fired.”- Admiral Gary Roughead, CNO
“The next battle is in the information domain, and the first shots have already been fired.”- Admiral Gary Roughead, CNO
"If the nation went to war today in a cyber war, we would lose.” - Admiral Mike McConnell (retired), 23 Feb 2010
"If the nation went to war today in a cyber war, we would lose.” - Admiral Mike McConnell (retired), 23 Feb 2010
2
McAfee Threat Summary
New stats:• 20 Million new malware in 2010• ~55,000 new malwares/day (new record)• Growth in sites hosting malware• Number of new mobile malware in 2010
increased by 46 percent over 2009
Source: McAfee Threats Report Q4 2010
3
Malware growth since Jan 09
Adobe products still the top target
Symantec Expansion of Tool Kits
Source: Symantec Intelligence Quarterly (April-June 2010)
4
61% of threat activity on malicious websites
is toolkit specific
4
ZeuS, aka ZbotAdaptable Trojan for sale
• Cost on the black market •The Private Version is $3-4K•VNC private module is $10K
• ZeuS author earned $15M in commissions from license rights
• Infect PCs by simply visiting an infected Web site• Oct 2010, over 30 individuals were arrested for ZeuS-based attacks against U.S. and U.K. bank account holders• Dec 2010, spoof email from “White House” to UK Government• U.K. officials suggest the cyber attack originated from China
5
TOOLKIT TO BUILD YOUR OWN TROJAN HORSE
77% of infected PCs have up-to-date anti-virus software
Can you tell the difference?
6
Amazing Coincidence?
7
Is our supply chain safe?
8
January 2008, a joint task force seized $78M of counterfeit Cisco networking hardwareSource: Defense Tech
May 2010, Counterfeit Cisco Network Gear Traced to China, Not SurprisinglySource: Security Magazine
April 2009, Chinese spies may have put chips in U.S. planesSource: The Times of India
Conficker Spreading5 Versions in 5 Months
9
9
End Dec 2008: CONFICKER B
Code Cryptography+ Password Cracking
+ USB Infection VectorAnti-Virus Countermeasures
+ Primitive Peer-to-Peer CommsSoftware Update Countermeasures
20 Nov 2008:CONFICKER.A
No Software ArmoringHTTP Command & Control
Mid Feb 2009CONFICKER B++Direct Update Feature
Early Feb 2009CONFICKER C
50K DomainsKills Security Software
+ Robust Peer-to-Peer CommsMalware Analysis Countermeasures
+ Improved HTTP Command & Control
April 2009CONFICKER E
Spam“Scareware”
50,000 PCs a day are attacked
March 2009IBM announces: Asia has 45% of
infections; Europe 32%; South America 14%;
North America 6%
Mid Jan 2009Conficker A and B explodes.
Estimates range from 3-12 million machines infected
Conficker(At the one year mark)
1010
What about specialized weapons and aircraft?
11
French fighter planes grounded by computer virus- The Telegraph, 07 Feb 2009
French fighter planes were unable to take off after military computers were infected by a computer virus. Microsoft had warned that the "Conficker" virus, transmitted through Windows, was attacking computer systems in October last year
Android Disasters
• March 1, 2011: confirmed that 58 malicious apps were uploaded to Android Market
• Rootkit granting hackers deep access• Google initiated “remote kill” to affected devices • Admits they can’t patch the hole causing the
vulnerability
Source: http://techcrunch.com/2011/03/05/android-malware-rootkit-google-response/http://www.computerworld.com/s/article/9211879/Infected_Android_app_runs_up_big_texting_bills
• Symantec: Android app called “Steamy Windows” was modified to SMS premium rate numbers owned by Chinese hackers
12
SCADASupervisory Control And Data Acquisition
13
• Infrastructure processes include:• Water treatment & distribution• Wastewater collection & treatment • Oil & gas pipelines • Wind farms • Civil Defense siren systems• Large communication systems• Electrical power transmission & distribution
• Shumukh Al-Islam Network call to Mujahadin Brigades to “strike the soft underbelly…”
• “…strikes…simultaneous”; “…spread hysterical horror…”
OSC Web monitoring report found an article dated 18 December 2010 on Shumukh Al-Islam Network titled “Launch SCADA Missiles” urging an attack
Social Networking Event
Robin Sage• Purportedly Cyber Threat Analyst
for the Naval Network Warfare Command
• Impressive resume at 24, high-level security clearances
• 10 years' experience in the cybersecurity field
• Friends list included people working for the nation's most senior military officer, the chairman of the Joint Chiefs of Staff, NRO, a senior intelligence official in the U.S. Marine Corps, the chief of staff for a U.S. congressman, and several senior executives at defense contractors
• Job offers from industry
“One soldier uploaded a picture of himself taken on patrol in Afghanistan containing embedded data revealing his exact location”
14
Information Assurance & Cyber Security (PMW 130)
• Computer Network Defense (CND) – ACAT IVT• EKMS/KMI - Component of NSA – ACAT IAM• PKI - Component of DISA – ACAT IAM• Cryptography (modernization; legacy)
• Navy, USMC, USCG, MSC• Radiant Mercury (RM)
• Cross Domain Solution• Tactical Key Loader (TKL)
• USMC and SPECOPS• Information Assurance (IA) Services
15
PMW 130 collaborates with FLTCYBERCOM, 10th Fleet, NCF, NNWC, and NCDOC
C4I Networks TodayDefense In Depth
Enterprise View
RegionalViews
LAN Defenses• Host Protection (HIDS, Firewall,
anti-virus, baselining)• Vulnerability Scanning• Vulnerability Patch Remediation• Network Intrusion Detection
WAN Defenses• Boundary Defense (firewalls)• Enclave Protection (IPS/IDS)• Data Correlation • Virus Protection
Enterprise Management• Prometheus
– Advanced Data Correlation• Governance• Situational Awareness: CND-COP• CND C2• Coordinated Response Actions
PlatformViews
Navy Computer Network Defense Centers
Network Operations Service Centers
Mission Operations16
Navy Computer Network Defense High-Level Operational View
17
Cyber Defense and the NavyWhat Lies Ahead
• Identifying network anomalies & behaviors• Moving from reactive to predictive• Advanced Persistent Threat • Insider Threat/Data loss prevention• Advanced spear phishing• Web security, Social Networks• Web enabled application security• Correlation and Analysis of sensor data• Cloud Security• Wireless/handheld device security• Cyber Situation Awareness
18
Future Collaboration
• Collaboration is vital to our future• Welcome collaboration across government,
commercial, academia and other stakeholders• PMW 130 Government/Industry Exchange
• An opportunity for industry to present products they feel may be of interest to PMW 130
• Attendees include PMW 130 senior leadership, SPAWAR and PEO C4I invitees, and other PMW 130 personnel (Assistant Program Managers, engineers, etc.)
• Held once a month • 50 minutes, including Q&A• Please contact Carol Cooper at Cooper_carolyn@bah.com
19
We get IT.We also integrate it, install it and
support it. For today and tomorrow.
Visit us at www.peoc4i.navy.mil
20
Recommended