Strategic Cyber Defense

Slide 1

Slide 2
Present Information Assurance Project (FY97-00):

• Develop security and survivability for DII and NII
• Build defensible enclaves that can safely exchange data across enclave boundaries
• Detect, trace, respond, & recover from 80% of attacks
• Manage security services and policies automatically
• Set stage for broader, aggressive IA project

Payoff - provide security framework that will:
• Reduce information vulnerability
• Allow increased interoperability and functionality
• Provide operational commander assurance that he will have information when he needs it

Slide 3
What does the cone look like?
Where is the system located on the cone?

Primary Concerns:
• Confidentiality - Can be compromised
• Releasability - JV2010 needs automatic capability
• Data Integrity - Can be subverted
• Availability - Networks can be flooded

Weak Areas:
• Close-in attacks:  Hardware subversion
• Subverted software:  Java agents 
• System Engineering:  Weak links attacked 
• Stovepiped security solutions:  After-the-fact

Slide 4
Am I under attack?
What is the nature of the attack?
Class, Mechanism, From where? 
What is mission impact?
Urgency, Damage assessment & control, Initial response
When did attack start?
Follow-on damage assessment, What have I done wrong?
Who are the adversaries?
Who is attacking, What are they trying to do, What is their next step?
What can I do about it?
Course of action analysis, Collateral damage risk, Reversibility of action
What is the long-term solution?

Slide 5
• Layered defenses
• Need attack taxonomies well defined
• Need good system models
• Real-time detection and interdiction
• 80%  detection rates - state of art
• Need 99.9% + detection rates
• Tolerance - adaptation to attack
• Resource requirement prioritization
• Mission value functions
• Discover how to layer security & design principles that optimize security
investment

Slide 6
• Predict behaviors of adversaries:
• Defend as real adversaries attack - worry lifecycle
• The old "penetrate and patch" model does not work
• Acknowledge flaws - which need to be countered vs. tolerated
• Don't rely on single defense point -- don't concentrate value
• Determine most likely attacks -- prune a weighted tree
• Capture entire lifecycle and vulnerability landscape
• Compare attack characterizations with adversary characterizations
• Find optimal attacks -- cheapest, easiest, safest way to get goal
• Determine the most devastating attacks
• Determine the optimal set of countermeasures

Slide 7
What is the Problem?
• Defense of NII is not coordinated by an overall strategy
• Information Warfare (IW) capabilities are being developed without an understanding of how they can and should be employed
How is it done today?
• Each incident is treated as a unique event and the defense approach is developed in parallel with its execution
What is the new technical idea (what is theory/new science)?
• Using military history as a guide, develop strategy for defending NII
• Build IW simulation capability to test strategies without a large physical testbed
If successful, what will impact be (address technology transfer)?
• Coordinated plan for IW defense
• Understanding of capabilities needed to provide IW defense

Hypotheses:
1. System Assurance Science - Cyber security science and engineering can be converted from abstract concepts to practice, i.e., functional design & operational tools
2. Dynamic Defense Mechanisms:   An agile, mission oriented system can not  optimize static defenses against a diverse, agile adversary set
3. Cyber Situation Understanding:  Autonomic response is insufficient for defending against an IW campaign - Cyber C2 is necessary for human understanding, intervention, & control

Slide 8
• Observe:
• Advanced Boundary Controllers
• Security Wrappers
• Control & Embedded System Surety
• Malicious Code Detection
• Intrusion Detection
• Orient:
• Cyber Situation Visualization & Understanding
• National Information Warfare Indications & Warnings
• Decide:
• Risk Management & Decision Support - Adaptive Policy Specification
• Act:
• Action Enablers (tactical): OO, IIOP, NT, Proof Carrying Code
• Secure Virtual Collaboration
• Response, Recovery, and Reconstitution

Slide 9
Approach (analog VLSI CAD):

• Create languages to express operational models
• System Models
• Attack Models
• Countermeasure effectiveness models
• Apply assurance design methodology
• Red Team (RT) involved in design process
• Test system within context of OODA loop - RT attacks
• Feedback results into models & design methodology

Slide 10
What is the Problem?
• Assurance is not considered when information systems are designed

How is it done today?
• Specialists (security engineers) examine completed system design and recommend changes to provide acceptable level of assurance
• Recommendations are an art, based on specialist's experience

What is the new technical idea (what is theory/new science)?
• Develop system assurance methodology that can be incorporated in design cycle
• Provide tools that let designers explore assurance as one aspect of the design along with other important aspects 
• Develop threat models for assurance process
• Employ game theory to simulate & model adversary behavior & system response

If successful, what will impact be (address technology transfer)?
• Assurance will be an integral part of system design
• Need for specialists in the design process will be reduced