Upload
john-palfreyman
View
277
Download
1
Tags:
Embed Size (px)
DESCRIPTION
Systems of Engagement offer much value to the military, but care needs to be taken in how they are protected against cyber attack. In this presentation (given to EUCOM Cyber Endeavour on the 9th September 2014) I explain Systems of Engagement & illustrate the military benefits using case studies. I then discuss the security challenges Systems of Engagement pose and how to address them with commercial software technologies. Finally I look ahead to how to defend Systems of Insight hosted on future generations of cloud technology.
Citation preview
© 2014 IBM Corporation
Smarter Security for Systems of
Engagement
V5; 4 Sep 14
John Palfreyman, IBM
© 2014 IBM Corporation
Agenda
2
Systems of Engagement
Cyber Security Implications
Cyber Security Risk Mitigation
Future Perspective
© 2014 IBM Corporation
Smarter Defence
3
Ever increasing range of sensors Volume, velocity, variety Military collectors & open source
Agility & mobility Highly connected systems – blurred edges Collaboration across coalitions
From data to actionable intelligence From reactive to proactive Whole lifecycle system optimisation
Instrumented
Interconnected
Intelligent
Information Superiority through Leveraging Technology
© 2014 IBM Corporation
Cloud
Drivers Mission speed and agility New business models – alternatives to escalating CAPEX
Sample Use Cases Back office functions (HR, CRM, SCM) as a service Predictive and analytics functions (e.g. for smart procurement) as a service
4
© 2014 IBM Corporation
Mobile
Drivers Inherently mobile deployments Mission agility and flexibility Rate of change of commercial
technology
Sample Use Cases Mobile Intelligence capture, with
workflow management Education in theatre Improved logistics operations
5
© 2014 IBM Corporation
Big Data / Analytics
Drivers Masses of sensor data available
to modern military Need for intelligence to help make
operations “smarter” Increasing proportion of
“unreliable” data
Sample Use Cases Analysis of enemy networks
based on their Social Media usage
Adaptive sensor data processing at speed
Predictive operations based on historical mission data analysis & sensor data
6
© 2014 IBM Corporation
Social Business
Drivers Use of Social Channels by
adversary New recruitment approach /
increased reservist numbers Personnel rotation
Sample Use Cases Terrorism detection,
investigation & prevention Knowledge capture and
dissemination Recruitment, rapid onboarding
& retention of key staff
7
© 2014 IBM Corporation
Systems of Engagement
8
Collaborative Interaction oriented User centric Unpredictable Dynamic
Social Business
Mobile
Big Data / Analytics
Cloud
© 2014 IBM Corporation
Case Study – Major European Air Force
Business Challenge
• Support Organisational Transformation
• HQ Task Distribution
• Senior Staff demanding Mobile Access
IBM Solution
• IBM Connections (including Mobile App)
• MS Sharepoint Integration (Doc Management)
• MaaS 360 based Tablet Security
Benefits
• Improved work efficiency
• Consistent & timely information access
• Secure MODERN tablet
9
© 2014 IBM Corporation
Section Summary
10
1. Cloud, Big Data / Analytics, Social Business & Mobile are all relevant to, and increasingly used by the military
2. Most value accrues at the points of intersection – Systems of Engagement
3. Systems of Engagement can underpin military transformation, enhancing information superiority
© 2014 IBM Corporation
Agenda
11
Systems of Engagement
Cyber Security Implications
Cyber Security Risk Mitigation
Future Perspective
© 2014 IBM Corporation
IBM’s Definition . . .
Cyber Security /–n 1. the protection of an organisation and its assets from electronic attack to minimise the risk of business disruption.
12
© 2014 IBM Corporation
The Millennial Generation . . .
13
Expect: to embrace technology for
improved productivity and simplicity in their personal lives
tools that seem made for and by them
freedom of choice, embracing change and innovation
Innovate in a new way: Actively involve a large user
population Work at Internet Scale and Speed Discover the points of value via
iteration Engage the Millennial generation
© 2014 IBM Corporation
Smart Phones (& Tablets) . . .
14
Used in the same way as a personal computer Ever increasing functionality (app store culture) . . . . . . and more accessible architectures Offer “anywhere” banking, social media, e-mail . . . Include non-PC (!) features Context, MMS, TXT Emergence of authentication devices
© 2014 IBM Corporation
. . . are harder to defend . . .
15
Anti-virus software missing, or inadequate
Encryption / decryption drains the battery
Battery life is always a challenge Most users disable security features Stolen or “found” devices information
– and very easy to loose Malware, mobile spyware, account
impersonation Need to extend password, encryption
policies Extends set of attack vectors
© 2014 IBM Corporation
. . . and now mainstream.
16
Bring-your-own device expected
Securing corporate data Additional complexities Purpose-specific endpoints Device Management
© 2014 IBM Corporation
Social Media – Lifestyle Centric Computing
17 www.theconversationprism.com
Different ChannelsWeb centricConversationalPersonalOpenExplosive growth
© 2014 IBM Corporation
Social Business – Relevance for Defence
18
Driver How social business can help . . .
Coalition operations the norm
Find and connect with experts other coalition membersDemonstrate clear coalition value to stakeholders
Budgetary pressures Improved efficiencies through use of social media platformDevelop critical skills by virtual training
Ever more complex missions
Tap into mission expertise and lessons learntUse jams, blogs & wikis to solve problems
Cyber security threat Secure hosted social media platformAnalysis of threat social media activity
Technology driven change Promote technology usage through blogs, jamsInformation & education on mission value of technology
Unknown asymmetric threat
Supplement intelligence on threat by monitoring social media usageCollaborate cross department on specific threats
© 2014 IBM Corporation
Internal Amnesia, External Ignorance – Case Study
19
Client’s Challenges• Silo’d Organisation• Lack of Consistent Methodology• External Ignorance• Internal AmnesiaMonitor bad guys • Early Warning of events / incident• Information to CommanderAlternatives to• Workflow Centric Analysis• Traditional Intelligence SourcesIBM Solution• IBM Connections• Analysis Software• GBS Integration & Configuration
© 2014 IBM Corporation
Social Media - Special Security Challenges
Too much information Online impersonation Trust / Social
Engineering / PSYOP Targeting
20
Source: Digital Shadows, Sophos, Facebook
© 2014 IBM Corporation
Section Summary
21
1. Social Business and Mobile are underpinning organisational transformation
2. Millennial Generation expect technologies in the workplace
3. Introduce new vulnerabilities – understand to contain
© 2014 IBM Corporation
Agenda
22
Systems of Engagement
Cyber Security Implications
Cyber Security Risk Mitigation
Future Perspective
© 2014 IBM Corporation
Balance
Technical Mitigation Better firewalls Improved anti-virus Advanced Crypto
23
People Mitigation Leadership Education Culture Process
© 2014 IBM Corporation
Risk Management Approach
24
Monitor threats Understand (your) systems Assess Impact & Probability Design containment mechanisms Don’t expect perfect defences Containment & quarantine planning Learn & improve
Maturity-based approach
Proactive
Aut
omat
edM
anua
l
Reactive
Proficient
Basic
Optimized
Securityintelligence
© 2014 IBM Corporation
Securing a Mobile Device
Device Security
• Enrolment & access control
• Security Policy enforcement
• Secure data container
• Remote wipe
Transaction Security
• Allow transactions on individual basis
• Device monitoring & event detection
• Sever based risk engine – allow,
restrict, flag for review
Software & Application
• Endpoint management – software
• Application: secure by design
• Application scanning for vulnerabilities
Access Control
• Enforce access policies
• Approved devices and users
• Context aware authorisation
25
© 2014 IBM Corporation
Secure, Social Business
26
Leadership
• More senior, most impact
• Important to leader, important to all
• Setting “tone” for culture
Culture
• Everyone knows importance AND risk
• Full but SAFEusage
• Mentoring
Process
• What’s allowed, what’s not
• Internal & external usage
• Smart, real time black listing
Education
• Online education (benefits, risks)
• Annual recertification
• For all, at all levels
© 2014 IBM Corporation
Security Intelligence & Big Data / Analytics
* Truthfulness, accuracy or precision, correctness
Volume Velocity Veracity*Variety
Data at Rest
Terabytes to exabytes of
existing data to process
Data in Motion
Streaming data, milliseconds to
seconds to respond
Data in Many Forms
Structured, unstructured, text,
multimedia
Data in Doubt
Uncertainty due to data inconsistency& incompleteness,
ambiguities, latency, deception, model approximations
© 2014 IBM Corporation
Data ingest
Insights
IBM Security QRadar• Hadoop-based• Enterprise-grade• Any data / volume• Data mining• Ad hoc analytics
• Data collection and enrichment
• Event correlation• Real-time analytics• Offense prioritization
Big Data Platform
Custom AnalyticsAdvanced Threat Detection
Traditional data sources
IBM InfoSphere BigInsights
Non-traditional
Security Intelligence Platform
Integrated Approach
© 2014 IBM Corporation
Section Summary
29
1. Containment is possible with correct approach
2. Need for a business / mission based (not technology) viewpoint
3. Holistic, balanced, risk centric approach
© 2014 IBM Corporation
Agenda
30
Systems of Engagement
Cyber Security Implications
Cyber Security Risk Mitigation
Future Perspective
© 2014 IBM Corporation
Systems of Insight
31
© 2014 IBM Corporation
Generation 3 Cloud Challenges . . .
32
Static, Perimeter Controls
Cloud 1.0 Cloud 2.0
Cloud 3.0
Static Perimeter controls
Reactive, Defence in Depth
Adaptive, Contextual Security
Attackers exploit platform shifts to launch new attacks on
high value workloads and
data
Challenge 1 Challenge 2 Challenge 3
Fragmented and complex security controls
Sophisticated threats and attackers
Increased attack surface due to agile and composable systems
© 2014 IBM Corporation
Contextual, Adaptive Security
33
Monitorand Distill
Correlate and Predict
Adapt and Pre-empt
Security 3.0
Risk Prediction and Defence Planning
Encompassing event correlation, risk prediction,
business impact assessment and defensive
strategy formulation
Multi-level monitoring &big data analytics
Ranging from Active, in device to passive monitoring
Adaptive and optimized response
Adapt network architecture, access protocols / privileges to maximize attacker
workload
© 2014 IBM Corporation
Cyber Security – Fitness for Purpose?
1. Are you ready to respond to a security incident and quickly remediate?
2. Do you have the visibility and analytics needed to monitor threats?
3. Do you know where your corporate crown jewels are and are they adequately protected?
4. Can you manage your endpoints from servers to mobile devices and control network access?
5. Do you build security in and continuously test all critical web/mobile applications?
6. Can you automatically manage and limit the identities and access of your employees, partners and vendors to your enterprise?
7. Do you have a risk aware culture and management system that can ensure compliance?
34
Maturity-based approach
Proactive
Aut
omat
edM
anua
l
Reactive
Proficient
Basic
Optimized
Securityintelligence
© 2014 IBM Corporation
Section Summary
35
1. Systems of Insight further extend business / mission value
2. Delivered on (secure) “generation 3” Cloud
3. Cyber Security must be designed in, evolving
© 2014 IBM Corporation
Summary
36
1. Systems of Engagement (& Insight) help military transform, maintain information advantage
2. Social Business & Mobile drive much value, but new vulnerabilities need to be understood to be mitigated
3. Cyber security approach needs to be balanced, risk management based and “designed in”.