Leveraging Data Provenance to Enhance Cyber Resilience
|
|
- Deborah Black
- 5 years ago
- Views:
Transcription
1 Leveraging Data Provenance to Enhance Cyber Resilience Thomas Moyer Karishma Chadha, Robert Cunningham, Nabil Schear, Warren Smith, Adam Bates, Kevin Butler, Frank Capobianco, Trent Jaeger, and Patrick Cable IEEE SecDev Nov 2016 This material is based upon work supported by the Assistant Secretary of Defense for Research and Engineering under Air Force Contract No. FA C-0002 and/or FA D Any opinions, findings, conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the Assistant Secretary of Defense for Research and Engineering. DISTRIBUTION STATEMENT A. Approved for public release: distribution unlimited.
2 battles, campaigns, and even wars have been won or lost primarily because of logistics. - General Dwight D. Eisenhower Div. 5 Provenance - 2
3 Data Resilience for US Transportation Command USTRANSCOM challenges 70% of transportation work done by 3 rd party contractors APTs have targeted and attacked USTRANSCOM directly and via contractors Goal: Ensure integrity of logistics planning operations as they transition to the cloud Monitor and inform users of data integrity during logistics planning USTRANSCOM needs resilient systems to ensure DoD mission success Div. 5 Provenance - 3
4 Federal Cybersecurity Research and Development Strategic Plan What is Resilience? Malicious Cyber Activities Div. 5 Provenance - 4 Figure 1. Continuously strengthening defensive elements improves success in thwarting malicious cyber activities. Federal Cybersecurity Research and Development Strategic Plan, National Science and Technology Council, February 2016 Critical Dependencies Data provenance provides detection and adaptation capabilities for a resilient system Advancements in the following six areas are critical to developing the S&T for the four elements: Scientific foundation. The Federal Government should support research that establishes the theoretical, empirical, computational, and data mining foundation needed to address future threats. A strong,
5 Outline National Need: Resilient Systems Data Provenance Use Case: Data Integrity for USTRANSCOM Future Work and Summary Div. 5 Provenance - 5
6 Data Provenance Enables Resilience Data provenance is the history of ownership/processing to guide authenticity wasderivedfrom Processes Data Entity used Activity wasgeneratedby Entity wasattributedto wasassociatedwith wasattributedto Users, groups, other systems, etc Agent World Wide Web Consortium Data provenance helps to answer: Where are all my data? Where did they come from? Are the data secure and trustworthy? How to recover after being attacked? Div. 5 Provenance - 6
7 Secure Data Provenance Challenges Granularity Collection Encoding Storage Analysis Adaptation Granularity How much detail to collect? Collection Where to collect provenance data? Encoding Do current standards allow the system to fully express the semantics of the data? Storage How is the provenance data protected against malicious modifications? Analysis What can the collected data tell system users? Adaptation What actions are possible, based on the analysis of the provenance data? Answering these questions incorrectly leads to a provenance system that will not achieve the desired goals Div. 5 Provenance - 7
8 Lincoln Secure Data Provenance Technology Granularity Collection Encoding Storage Analysis Adaptation Context Mission System Applications Developer Annotation Library Active Response Coverage Software Infrastructure Operating Systems Provenance Collector Linux Provenance Modules Entity Activity Agent Entity World Wide Web Consortium Secure Graph Ancestors Descendants Anomaly Detection Operator Interfaces End-to-end integrated provenance system enabling mission system resilience Div. 5 Provenance - 8
9 Outline National Need: Resilient Systems Data Provenance Use Case: Data Integrity for USTRANSCOM Future Work and Summary Div. 5 Provenance - 9
10 Operational Architecture OV-1: Distribution High Level View Plan Order Ship Pay Protecting the integrity of the data and processing in the planning pipeline is critical to ensuring mission success for USTRANSCOM Div. 5 Provenance - 10
11 Provenance for the Planning Process Plans produced by the correct processing pipeline are required for mission success Requirements are generated from a request A plan is generated from requirements Ultimately, a plan is derived from a request wasderivedfrom Request used Requirements Collection wasgeneratedby Requirements used Planning Service wasgeneratedby Plan wasassociatedwith wasassociatedwith Analyst Planner Div. 5 Provenance - 11
12 Anomalies in the Planning Process If data used to create a plan is unexpectedly modified, the mission is at risk Requirements generated from a request, and modified by malicious software, or attacker A plan is generated from modified requirements Plan no longer derived from the expected requirements Request used Requirements Collection wasgeneratedby Requirements used Planning Service wasgeneratedby Plan wasassociatedwith Modified Reqs. wasassociatedwith Analyst Planner wasderivedfrom Div. 5 Provenance - 12
13 Lincoln Secure Data Provenance Technology Granularity Collection Encoding Storage Analysis Adaptation Context Mission System Applications Developer Annotation Library Active Response Coverage Software Infrastructure Operating Systems Provenance Collector Linux Provenance Modules Entity Activity Agent Entity World Wide Web Consortium Secure Graph Ancestors Descendants Anomaly Detection Operator Interfaces End-to-end integrated provenance system enabling mission system resilience Div. 5 Provenance - 13
14 Example Code Annotation Added instrumentation: 300 lines of code for 311K lines of code in system Attributes.add( RequirementsId, requirementsid ); Attributes.add( TransactionId, transactionid ); Requirements = newentity( Requirements, Attributes ); Create provenance graph entries StoreProvenance( transactionid, Requirements ); Store provenance Data provenance collection requires very little instrumentation to provide high impact on system resilience Div. 5 Provenance - 14
15 Seconds Data Storage in MB Overhead Collection Overhead Storage Overhead % Overhead <1% Overhead Req. Collect Req. Store Gen. Plan Operation 0 Data Execution Time Prov. Collection Time Planning Data Provenance Collection and storage overheads are a tiny fraction of the overall computation and storage costs for the system. Div. 5 Provenance - 15
16 USTRANSCOM Provenance Integration Provenance Analysis Integrated in Operator User Interface Good plan, using requirements from known sources Insecure plan using requirements from an unknown source Provenance-based data resilience is integrated into mission operators workflow Div. 5 Provenance - 16
17 Provenance Collector Overhead (%) Lincoln Secure Data Provenance Technology Granularity Collection Standard Encoding Secure Storage Detect Adapt Context Mission System Built Secure and Efficient OS-level Provenance Collector Coverage Applications Software Infrastructure Operating Systems Developer Annotation Library Collector Linux Provenance Modules Graph Graph Analysis Ancestors Descendants Anomaly Detection Compilation Mail Server DNA Search System Workload Active Response Operator SA Displays End-to-end integrated provenance system enabling mission system resilience Div. 5 Provenance - 17
18 Cumulative Density Lincoln Secure Data Provenance Technology Granularity Demonstrated Efficient Queries Standard on Collection Large Provenance Graphs Encoding Secure Storage Detect Adapt Context Mission System Applications 99% of queries return in less than 2.5ms Developer Annotation Library Active Response Coverage 0.96 Software Infrastructure Collector Response Time (Milliseconds) Ancestry queries on 6.5M node provenance graph using SNAP in-memory graph Linux database Operating Systems Provenance Modules Graph Graph Analysis Ancestors Descendants Anomaly Detection Operator SA Displays End-to-end integrated provenance system enabling mission system resilience Div. 5 Provenance - 18
19 Lincoln Secure Data Provenance Technology Granularity Collection Standard Encoding Secure Storage Using Data Provenance to Prevent Data Exfiltration Detect Adapt Mission System Context Applications Developer Annotation Library Active Response Coverage Software Infrastructure Operating Systems Collector Linux Provenance Modules Provenance Collector Web Server Graph? Graph Analysis Ancestors Guard Descendants Anomaly Detection 6.1ms latency to prevent SQL command injection attacks Operator SA Displays End-to-end integrated provenance system enabling mission system resilience Div. 5 Provenance - 19 W3C World Wide Web Consortium SA Situational Awareness SQL Structured Query Language
20 Outline National Need: Resilient Systems Data Provenance Use Case: Data Integrity for USTRANSCOM Future Work and Summary Div. 5 Provenance - 20
21 Future Work Challenge Current analytics only provide awareness of problems Solution Active response mechanisms to recover from anomalies Legacy code requires manual provenance instrumentation Code analysis to automatically retrofit legacy code Current analysis is tailored to workflow for a specific system Enhanced analytics that detect deviations in an automated way Systems and analytics rely on a single provenance sensor Integration of multiple provenance sensors for a holistic view of data processing Div. 5 Provenance - 21
22 Summary Granularity Collection Encoding Storage Analysis Adaptation Mission System Context Applications Developer Annotation Library Active Response Coverage Software Infrastructure Operating Systems Provenance Collector Linux Provenance Modules Entity Activity Agent Entity World Wide Web Consortium Secure Graph Ancestors Descendants Anomaly Detection Operator Interfaces Active work to transfer this technology to other mission areas within the lab ISR, Space, Ballistic Missile Defense Provenance is capable of providing resilience for data processing to ensure mission success Div. 5 Provenance - 22
23 Getting Linux Provenance Modules Linux Provenance Modules is available for download from Div. 5 Provenance - 23
24 Acknowledgements University Collaborations Kevin Butler Patrick Cable Karishma Chadha Rob Cunningham Jeff Diewald Ben Kaiser Bryan Richard Robert Rudd Nabil Schear Warren Smith Adam Bates Trent Jaeger Frank Capobianco Informatics and Decision Support Group Information Integration and Decision Support Group Michael Calder Christopher Botaish George Heineman Div. 5 Provenance - 24
25 Legal Notices 2016 Massachusetts Institute of Technology. Delivered to the U.S. Government with Unlimited Rights, as defined in DFARS Part or 7014 (Feb 2014). Notwithstanding any copyright notice, U.S. Government rights in this work are defined by DFARS or DFARS as detailed above. Use of this work other than as specifically authorized by the U.S. Government may violate any copyrights that exist in this work. Div. 5 Provenance - 25
Transparent Web Service Auditing via Network Provenance Functions
Transparent Web Service Auditing via Network Provenance Functions Adam Bates, Wajih Ul Hassan, Kevin Butler, Alin Dobra, Bradley Reaves, Patrick Cable, Thomas Moyer, Nabil Schear ased upon work supported
More informationSecure Multi-Party Computation of Probabilistic Threat Propagation
Secure Multi-Party Computation of Probabilistic Threat Propagation Emily Shen Nabil Schear, Ellen Vitercik, Arkady Yerukhimovich Graph Exploitation Symposium 216 DISTRIBUTION STATEMENT A. Approved for
More informationTrustworthy Whole-System Provenance for the Linux Kernel
Trustworthy Whole-System Provenance for the Linux Kernel Adam Bates, Dave (Jing) Tian, Thomas Moyer, and Kevin R. B. Butler In association with USENIX Security Symposium, Washington D.C., USA 13 August,
More informationAccountable SDNs for Cyber Resiliency UIUC/R2 Monthly Group Meeting. Presented by Ben Ujcich March 31, 2017
Accountable SDNs for Cyber Resiliency UIUC/R2 Monthly Group Meeting Presented by Ben Ujcich March 31, 2017 Outline Motivation for accountability Our accepted paper: Towards an Accountable Software-Defined
More informationAmani Abu Jabal 1 Elisa Bertino 2. Purdue University, West Lafayette, USA 1. 2
Amani Abu Jabal 1 Elisa Bertino 2 Purdue University, West Lafayette, USA 1 aabujaba@purdue.edu, 2 bertino@purdue.edu 1 Data provenance, one kind of metadata, which refers to the derivation history of a
More informationThe CERT Top 10 List for Winning the Battle Against Insider Threats
The CERT Top 10 List for Winning the Battle Against Insider Threats Dawn Cappelli CERT Insider Threat Center Software Engineering Institute Carnegie Mellon University Session ID: STAR-203 Session Classification:
More informationInformation Warfare Industry Day
Information Warfare Industry Day 20180510 RDML Barrett, OPNAV N2N6G TRANSPORT COMMERCIAL INTERNET DISN SCI Coalition Networks ADNS TELEPORT NMCI & ONE-NET JRSS MOC GNOC NCDOC USMC ISNS / CANES / SUBLAN
More informationDataSToRM: Data Science and Technology Research Environment
The Future of Advanced (Secure) Computing DataSToRM: Data Science and Technology Research Environment This material is based upon work supported by the Assistant Secretary of Defense for Research and Engineering
More informationTechnology Roadmap for Managed IT and Security. Michael Kirby II, Scott Yoshimura 05/24/2017
Technology Roadmap for Managed IT and Security Michael Kirby II, Scott Yoshimura 05/24/2017 Agenda Managed IT Roadmap Operational Risk and Compliance Cybersecurity Managed Security Services 2 Managed IT
More information2 nd Cybersecurity Workshop Test and Evaluation to Meet the Advanced Persistent Threat
2 nd Cybersecurity Workshop Test and Evaluation to Meet the Advanced Persistent Threat Faye Francy Aviation ISAC February 2015 Company Organization Corporate Defense, Space & Security Boeing Capital Corporation
More informationAdvanced Technology Academic Research Council Federal CISO Summit. Ms. Thérèse Firmin
Advanced Technology Academic Research Council Federal CISO Summit Ms. Thérèse Firmin Acting Deputy DoD CIO Cyber Security Department of Defense 25 January 2018 2 Overview Secretary Mattis Priorities Cybersecurity
More informationTechnology Roadmap for Managed IT and Security. Michael Kirby II, Scott Yoshimura 04/12/2017
Technology Roadmap for Managed IT and Security Michael Kirby II, Scott Yoshimura 04/12/2017 Agenda Managed IT Roadmap Operational Risk and Compliance Cybersecurity Managed Security Services 2 Managed IT
More informationAMRDEC CYBER Capabilities
Presented to: HAMA AMRDEC CYBER Capabilities Distribution Statement A: Approved for public release: distribution unlimited 08 July 16 Presented by: Julie Locker AMRDEC Cyber Lead U.S. Army Aviation and
More informationUNCLASSIFIED FY 2016 OCO. FY 2016 Base
Exhibit R-2, RDT&E Budget Item Justification: PB 2016 Office of the Secretary Of Defense Date: February 2015 0400:,, Test & Evaluation, Defense-Wide / BA 3: Advanced Technology (ATD) COST ($ in Millions)
More informationThe Insider Threat Center: Thwarting the Evil Insider
The Insider Threat Center: Thwarting the Evil Insider The CERT Top 10 List for Winning the Battle Against Insider Threats Randy Trzeciak 14 June 2012 2007-2012 Carnegie Mellon University Notices 2011 Carnegie
More informationAn Advanced Graph Processor Prototype
An Advanced Graph Processor Prototype Vitaliy Gleyzer GraphEx 2016 DISTRIBUTION STATEMENT A. Approved for public release: distribution unlimited. This material is based upon work supported by the Assistant
More informationSafeguarding Unclassified Controlled Technical Information
Safeguarding Unclassified Controlled Technical Information (DFARS Case 2011-D039): The Challenges of New DFARS Requirements and Recommendations for Compliance Version 1 Authors: Justin Gercken, TSCP E.K.
More informationDEFENSE LOGISTICS AGENCY
DEFENSE LOGISTICS AGENCY AMERICA S COMBAT LOGISTICS SUPPORT AGENCY Cyber Resilience Integration Mr. Linus Baker DLA Information Operations Director, Cybersecurity 1 Mission Assurance/Cybersecurity Concern
More informationIdentifier Binding Attacks and Defenses in Software-Defined Networks
Identifier Binding Attacks and Defenses in Software-Defined Networks Samuel Jero 1, William Koch 2, Richard Skowyra 3, Hamed Okhravi 3, Cristina Nita-Rotaru 4, and David Bigelow 3 1 Purdue University,
More informationNATIONAL DEFENSE INDUSTRIAL ASSOCIATION Homeland Security Symposium
NATIONAL DEFENSE INDUSTRIAL ASSOCIATION Homeland Security Symposium Securing Cyber Space & America s Cyber Assets: Threats, Strategies & Opportunities September 10, 2009, Crystal Gateway Marriott, Arlington,
More informationThe Perfect Storm Cyber RDT&E
The Perfect Storm Cyber RDT&E NAVAIR Public Release 2015-87 Approved for public release; distribution unlimited Presented to: ITEA Cyber Workshop 25 February 2015 Presented by: John Ross NAVAIR 5.4H Cyberwarfare
More informationSEI/CMU Efforts on Assured Systems
Unclassified//For Official Use Only SEI/CMU Efforts on Assured Systems 15 November 2018 *** Greg Shannon CERT Division Chief Scientist Software Engineering Institute Carnegie Mellon University Pittsburgh,
More informationFAA Cybersecurity Test Facility (CyTF) By: Enterprise Information Security Team ANG-B31 Patrick Hyle, William J Hughes Technical Center
FAA Cybersecurity Test Facility (CyTF) By: Enterprise Information Security Team ANG-B31 Patrick Hyle, William J Hughes Technical Center Date: 08 August, 2016 1 2 3 4 5 6 7 8 2 FAA Provides Aviation Portion
More informationCyber Partnership Blueprint: An Outline
Approved for Public Release; Distribution Unlimited. 13-3851 The MITRE Corporation Cyber Partnership Blueprint: An Outline October 26, 2013 Copyright 1997-2013, The MITRE Corporation. All rights reserved.
More informationHigh-throughput Ingest of Data Provenance Records into Accumulo
High-throughput Ingest of Data Provenance Records into Accumulo Thomas Moyer MIT Lincoln Laboratory Lexington, MA 02420 Email: tmoyer@ll.mit.edu Vijay Gadepally MIT Lincoln Laboratory Lexington, MA 02420
More informationEnhancing the Cybersecurity of Federal Information and Assets through CSIP
TECH BRIEF How BeyondTrust Helps Government Agencies Address Privileged Access Management to Improve Security Contents Introduction... 2 Achieving CSIP Objectives... 2 Steps to improve protection... 3
More informationBe Like Water: Applying Analytical Adaptability to Cyber Intelligence
SESSION ID: HUM-W01 Be Like Water: Applying Analytical Adaptability to Cyber Intelligence Jay McAllister Senior Analyst Software Engineering Institute Carnegie Mellon University @sei_etc Scuttlebutt Communications
More informationSpace Cyber: An Aerospace Perspective
Space Cyber: An Aerospace Perspective USAF Cyber Vision 2025 AFSPC 19-21 March 2012 Frank Belz and Joe Betser The Aerospace Corporation Computers and Software Division 20 March 2012 frank.belz@aero.org
More informationSTRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE
STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE By the authority vested in me as President by the Constitution and the laws of the United States of America, it is hereby
More informationDepartment of Defense Cybersecurity Requirements: What Businesses Need to Know?
Department of Defense Cybersecurity Requirements: What Businesses Need to Know? Why is Cybersecurity important to the Department of Defense? Today, more than ever, the Department of Defense (DoD) relies
More informationData to Decisions Terminate, Tolerate, Transfer, or Treat
I N S T I T U T E F O R D E F E N S E A N A L Y S E S Data to Decisions Terminate, Tolerate, Transfer, or Treat Laura A. Odell 25 July 2016 Approved for public release; distribution is unlimited. IDA Non-Standard
More informationWhy you should adopt the NIST Cybersecurity Framework
Why you should adopt the NIST Cybersecurity Framework It s important to note that the Framework casts the discussion of cybersecurity in the vocabulary of risk management Stating it in terms Executive
More informationComprehensive Database Security
Comprehensive Database Security Safeguard against internal and external threats In today s enterprises, databases house some of the most highly sensitive, tightly regulated data the very data that is sought
More informationTRACT: Threat Rating and Assessment Collaboration Tool
TRACT: Threat Rating and Assessment Collaboration Tool Robert Hollinger and Doran Smestad Advised by: George Heineman (WPI), Philip Marquardt (MIT/LL) Worcester Polytechnic Institute Major Qualifying Project
More informationCyber Threat Prioritization
Cyber Threat Prioritization FSSCC Threat and Vulnerability Assessment Committee Jay McAllister Report Documentation Page Form Approved OMB No. 0704-0188 Public reporting burden for the collection of information
More informationDeveloping the ERS Collaboration Framework
1 Developing the ERS Collaboration Framework Patrick J. Martin, Ph.D. BAE Systems Technology Solutions patrick.j.martin@baesystems.com 10-26-2016 2 ERS Development Challenges Resilient System A system
More informationMission Defense via Information-Centric Security
Mission Defense via Information-Centric Security Overview It s About the Information Traditional CND Tools are Not Sufficient Not All Data is Created Equal "The views expressed in this presentation are
More informationAutomating the Top 20 CIS Critical Security Controls
20 Automating the Top 20 CIS Critical Security Controls SUMMARY It s not easy being today s CISO or CIO. With the advent of cloud computing, Shadow IT, and mobility, the risk surface area for enterprises
More informationSecuring the Internet of Things (IoT) at the U.S. Department of Veterans Affairs
Securing the Internet of Things (IoT) at the U.S. Department of Veterans Affairs Dominic Cussatt Acting Deputy Assistant Secretary / Chief Information Security Officer (CISO) February 20, 2017 The Cyber
More informationRocky Mountain Cyberspace Symposium 2018 DoD Cyber Resiliency
Rocky Mountain Cyberspace Symposium 2018 DoD Cyber Resiliency Mr. Ed Brindley Acting Deputy Cyber Security Department of Defense 7 March 2018 SUPPORT THE WARFIGHTER 2 Overview Secretary Mattis Priorities
More informationSHARKSEER Zero Day Net Defense. Ronald Nielson Technical Director
SHARKSEER Zero Day Net Defense Ronald Nielson Technical Director SHARKSEER Program Definition: Detects and mitigates web-based malware Zero-Day and Advanced Persistent Threats using COTS technology by
More informationCyber Security Technologies
1 / Cyber Security Technologies International Seminar on Cyber Security: An Action to Establish the National Cyber Security Center Lisbon, 12 th September 2013 23 / Key highlights - Thales Group Thales
More informationIoT & SCADA Cyber Security Services
RIOT SOLUTIONS PTY LTD P.O. Box 10087 Adelaide St Brisbane QLD 4000 BRISBANE HEAD OFFICE Level 22, 144 Edward St Brisbane, QLD 4000 T: 1300 744 028 Email: sales@riotsolutions.com.au www.riotsolutions.com.au
More informationMapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective
Mapping Your Requirements to the NIST Cybersecurity Framework Industry Perspective 1 Quest has the solutions and services to help your organization identify, protect, detect, respond and recover, better
More informationCloud Managed Services for Government (CMSG) A secure strategy for the Department of Defense at an IBM-operated, Level 5, DoD Facility
A secure strategy for the Department of Defense at an IBM-operated, Level 5, DoD Facility IBM provides end-to-end strategy, migration, infrastructure and managed services on secure government premises
More informationBUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE
BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE 1 WHAT IS YOUR SITUATION? Excel spreadsheets Manually intensive Too many competing priorities Lack of effective reporting Too many consultants Not
More informationDefense Engineering Excellence
Defense Engineering Excellence Kristen J. Baldwin Principal Deputy Office of the Deputy Assistant Secretary of Defense for Systems Engineering, OUSD(AT&L) 18th Annual NDIA Systems Engineering Conference
More informationUNCLASSIFIED. UNCLASSIFIED Office of Secretary Of Defense Page 1 of 8 R-1 Line #18
Exhibit R-2, RDT&E Budget Item Justification: PB 2015 Office of Secretary Of Defense Date: March 2014 0400: Research, Development, Test & Evaluation, Defense-Wide / BA 2: Applied Research COST ($ in Millions)
More informationUNCLASSIFIED. FY 2016 Base FY 2016 OCO
Exhibit R-2, RDT&E Budget Item Justification: PB 2016 Office of the Secretary Of Defense : February 2015 0400: Research, Development, Test & Evaluation, Defense-Wide / BA 7: Operational Systems Development
More informationOverview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013
Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 PPD-21: CI Security and Resilience On February 12, 2013, President Obama signed Presidential Policy Directive
More informationUNCLASSIFIED R-1 ITEM NOMENCLATURE FY 2013 OCO
Exhibit R-2, RDT&E Budget Item Justification: PB 2013 Office of Secretary Of Defense DATE: February 2012 COST ($ in Millions) FY 2011 FY 2012 Base OCO Total FY 2014 FY 2015 FY 2016 FY 2017 Cost To Complete
More informationToward All-Hazards Security and Resilience for the Power Grid
Toward All-Hazards Security and Resilience for the Power Grid Juan Torres Associate Laboratory Director, Energy Systems Integration National Renewable Energy Laboratory December 6, 2017 1 Grid Modernization
More informationAdvanced Cyber Risk Management Threat Modeling & Cyber Wargaming April 23, 2018
Advanced Cyber Risk Management Threat Modeling & Cyber Wargaming April 23, 2018 The Homeland Security Systems Engineering and Development Institute (HSSEDI ) is a trademark of the U.S. Department of Homeland
More informationSecurity Readiness Assessment
Security Readiness Assessment Jackson Thomas Senior Manager, Sales Consulting Copyright 2015 Oracle and/or its affiliates. All rights reserved. Cloud Era Requires Identity-Centric Security SaaS PaaS IaaS
More informationData and Decision Analytics
DISTRIBUTION STATEMENT A. Approved for public release; distribution is unlimited. Data and Decision Analytics DISTRIBUTION STATEMENT A. Approved for public release; distribution is unlimited. Data Analytics
More informationArchitecting for Resiliency Army s Common Operating Environment (COE) SERC
Architecting for Resiliency Army s Common Operating Environment (COE) SERC 5 October 2011 Mr. Terry Edwards Director, ASA(ALT) Office of the Chief Systems Engineer (OCSE) (703) 614-4540 terry.edwards@us.army.mil
More informationHow Advanced Persistent Threats Successfully Breach Large Organizations AND, What To Do About It
How Advanced Persistent Threats Successfully Breach Large Organizations AND, What To Do About It Robert West Chief Information Security Officer Department of Homeland Security Top 10 misconceptions about
More informationPALANTIR CYBERMESH INTRODUCTION
100 Hamilton Avenue Palo Alto, California 94301 PALANTIR CYBERMESH INTRODUCTION Cyber attacks expose organizations to significant security, regulatory, and reputational risks, including the potential for
More informationCYBER ASSISTANCE TEAM OVERVIEW BRIEFING
CYBER ASSISTANCE TEAM OVERVIEW BRIEFING By Mr. Derek Fleischmann Cyber Assistance Team Missile Defense Agency May 16, 2018 Agenda Introduction MDA CAT Operations MDA CAT Deployment Expectations Administrative
More informationCyber Security on Commercial Airplanes
Cyber Security on Commercial Airplanes John Craig Chief Engineer Cabin and Network Systems The Boeing Company October 2014 1 Top ten tips Richard A. Clarke 1. Don t be in denial 2. Don t underestimate
More informationSeagate Supply Chain Standards and Operational Systems
DATA IS POTENTIAL Seagate Supply Chain Standards and Operational Systems Government Solutions Henry Newman May 9 2018 Supply Chain Standards and Results Agenda 1. 2. SUPPLY CHAIN REQUIREMENTS AND STANDARDS
More informationYour Challenge. Our Priority.
Your Challenge. Our Priority. Building trust and Confidence. When Federal managers and military leaders face tough challenges in cyber, data collection & analytics, enterprise IT or systems and software
More informationNational Policy and Guiding Principles
National Policy and Guiding Principles National Policy, Principles, and Organization This section describes the national policy that shapes the National Strategy to Secure Cyberspace and the basic framework
More informationAnomaly Detection in Cyber Networks using Graph-node Role-dynamics and NetFlow Bayesian Normalcy Modeling
Anomaly Detection in Cyber Networks using Graph-node Role-dynamics and NetFlow Bayesian Normalcy Modeling Anthony Palladino, PhD, Senior Research Scientist Christopher Thissen, PhD, Research Scientist
More informationProviding Information Superiority to Small Tactical Units
Providing Information Superiority to Small Tactical Units Jeff Boleng, PhD Principal Member of the Technical Staff Software Solutions Conference 2015 November 16 18, 2015 Copyright 2015 Carnegie Mellon
More informationCybersecurity Roadmap: Global Healthcare Security Architecture
SESSION ID: TECH-W02F Cybersecurity Roadmap: Global Healthcare Security Architecture Nick H. Yoo Chief Security Architect Disclosure No affiliation to any vendor products No vendor endorsements Products
More informationCalifornia Cybersecurity Integration Center (Cal-CSIC)
California Cybersecurity Integration Center (Cal-CSIC) Agenda Mission and Scope Whole of State Government Approach Where is the Cal-CSIC? Cal-CSIC Partners Attaining Cyber Maturity in Parallel Machine
More informationFidelis Overview. ISC 2 DoD and Industry Forum. Rapid Detection and Automated Incident Response DoD & Commercial Active Defense Use Cases
Fidelis Overview ISC 2 DoD and Industry Forum Rapid Detection and Automated Incident Response DoD & Commercial Active Defense Use Cases Vince Holtmann-Cyber Subject Matter Expert Vincent.Holtmann@fidelissecurity.com
More informationUBIQUITIOUS, RESILIENT, SECURE CONNECTIVITY IN THE NEAR-PEER THREAT ENVIRONMENT
2018 Viasat White Paper August 27, 2018 UBIQUITIOUS, RESILIENT, SECURE CONNECTIVITY IN THE NEAR-PEER THREAT ENVIRONMENT With Hybrid Adaptive Networking By Craig Miller Vice President, Chief Technical Officer
More informationStrengthening the Cybersecurity of Federal Networks and Critical Infrastructure
Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure Executive Order 13800 Update July 2017 In Brief On May 11, 2017, President Trump issued Executive Order 13800, Strengthening
More informationScience & Technology Directorate: R&D Overview
Science & Technology Directorate: R&D Overview August 6 th, 2012 UNCLASSIFIED//FOUO DHS S&T Mission Strengthen America s security and resiliency by providing knowledge products and innovative technology
More informationNIST Special Publication
DATASHEET NIST Special Publication 800-53 Security and Privacy Controls for Federal Information Systems and Organizations Mapping for Carbon Black BACKGROUND The National Institute of Standards and Technology
More informationSIEM Solutions from McAfee
SIEM Solutions from McAfee Monitor. Prioritize. Investigate. Respond. Today s security information and event management (SIEM) solutions need to be able to identify and defend against attacks within an
More informationEvaluating and Improving Cybersecurity Capabilities of the Electricity Critical Infrastructure
Evaluating and Improving Cybersecurity Capabilities of the Electricity Critical Infrastructure March 2015 Pamela Curtis Dr. Nader Mehravari Katie Stewart Cyber Risk and Resilience Management Team CERT
More informationSmart Grid Automation in a Cyber-Physical Context
Smart Grid Automation in a Cyber-Physical Context VIASAT PROPRIETARY 2015 ViaSat Inc. WELCOME VIASAT PROPRIETARY 2 Communications + Networking + Security Services >$1.5B in Sales 29 years, NASDAQ: VSAT
More informationSupply Chain (In)Security
Supply Chain (In)Security IEEE Cybersecurity Speaker Chris Webb Partner, Security Practice Orange County, California 20+ years of experience developing, securing, and managing enterprise systems. Specializes
More informationTechnology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited
Technology Risk Management in Banking Industry Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited Change in Threat Landscape 2 Problem & Threats faced by Banking Industry
More informationRetrofitting Ground Systems to improve Cyber Security
Retrofitting Ground Systems to improve Cyber Security Michael Worden Security Engineer 25 February 2014 Copyright 2014 Raytheon Company. Published by The Aerospace Corporation with permission.. Customer
More informationCALIFORNIA CYBERSECURITY TASK FORCE
CALIFORNIA CYBERSECURITY TASK FORCE Advancing California s cybersecurity priorities through public, private, corporate, and academic sector collaboration. Agenda Task Force Overview California Cybersecurity
More informationCybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com
Cybersecurity Presidential Policy Directive Frequently Asked Questions kpmg.com Introduction On February 12, 2013, the White House released the official version of the Presidential Policy Directive regarding
More informationUNCLASSIFIED. FY 2016 Base FY 2016 OCO
Exhibit R-2, RDT&E Budget Item Justification: PB 2016 Office of the Secretary Of Defense Date: February 2015 0400: Research, Development, Test & Evaluation, Defense-Wide / BA 2: COST ($ in Millions) Prior
More informationOSD Product Support BCA Guidebook. Joseph Colt Murphy Senior Financial Analyst ODASD Materiel Readiness 9 May 2011
OSD Product Support BCA Guidebook Joseph Colt Murphy Senior Financial Analyst ODASD Materiel Readiness 9 May 2011 Joseph.murphy@osd.mil Introduction Product Support BCA Guidebook Draft document Final review
More information3 Ways to Prevent and Protect Your Clients from a Cyber-Attack. George Anderson Product Marketing Director Business October 31 st 2017
3 Ways to Prevent and Protect Your Clients from a Cyber-Attack George Anderson Product Marketing Director Business October 31 st 2017 Agenda One ounce of prevention is worth a pound of protection 01 Aiming
More informationCORNERSTONE: Foundational Models and Services for Integrated Battle Planning
CORNERSTONE: Foundational Models and Services for Integrated Battle Planning Paper ID # 78 Topic 4: Collaboration, Shared Awareness, & Decision Making 17th ICCRTS Operationalizing C2 Agility Robert J.
More informationCritical Infrastructure Sectors and DHS ICS CERT Overview
Critical Infrastructure Sectors and DHS ICS CERT Overview Presented by Darryl E. Peek II REGIONAL INTELLIGENCE SEMINAR AND NATIONAL SECURITY FORUM 2 2 Authorities and Related Legislation Homeland Security
More informationDFARS Compliance. SLAIT Consulting SECURITY SERVICES. Mike D Arezzo Director of Security Services. SLAITCONSULTING.com
DFARS Compliance SLAIT Consulting SECURITY SERVICES Mike D Arezzo Director of Security Services Introduction 18+ year career in Information Technology and Security General Electric (GE) as Software Governance
More informationForecast to Industry 2016
Forecast to Industry 2016 Cyber Portfolio COL Brian Lyttle Program Executive Officer, Cyber 17 November 2016 UNCLASSIFIED 1 Our Mission Develop, integrate, and assure cyber capabilities in order to enable
More informationMission Aware Cybersecurity
Mission Aware Cybersecurity Cody Fleming (UVA) Scott Lucero (OSD) Peter Beling, Barry Horowitz (UVA), Calk Elks (VCU) October 2016 1 Systems Engineering Research Center (SERC) Overview DoD and the Intelligence
More informationProtecting Controlled Unclassified Information(CUI) in Nonfederal Information Systems and Organizations
Protecting Controlled Unclassified Information(CUI) in Nonfederal Information Systems and Organizations January 9 th, 2018 SPEAKER Chris Seiders, CISSP Security Analyst Computing Services and Systems Development
More informationForeScout Extended Module for Splunk
Enterprise Strategy Group Getting to the bigger truth. ESG Lab Review ForeScout Extended Module for Splunk Date: May 2017 Author: Tony Palmer, Senior Lab Analyst Abstract This report provides a first look
More informationProposed Capability-Based Reference Architecture for Real-Time Network Defense
Proposed Capability-Based Reference Architecture for Real-Time Network Defense 16 November 2015 DISTRIBUTION STATEMENT A - APPROVAL FOR PUBLIC RELEASE: DISTRIBUTION IS UNLIMITED Based on work funded by
More informationThe U.S. Coast Guard s Role in Cybersecurity
The U.S. Coast Guard s Role in Cybersecurity Mr. Thomas P. Michelli Deputy Chief Information Officer U.S. Coast Guard What is Cyberspace? Domain characterized by the use of electronics and the electromagnetic
More informationTransforming Security from Defense in Depth to Comprehensive Security Assurance
Transforming Security from Defense in Depth to Comprehensive Security Assurance February 28, 2016 Revision #3 Table of Contents Introduction... 3 The problem: defense in depth is not working... 3 The new
More informationEXABEAM HELPS PROTECT INFORMATION SYSTEMS
WHITE PAPER EXABEAM HELPS PROTECT INFORMATION SYSTEMS Meeting the Latest NIST SP 800-53 Revision 4 Guidelines SECURITY GUIDELINE COMPLIANCE There has been a rapid increase in malicious insider threats,
More informationAdversary Playbooks. An Approach to Disrupting Malicious Actors and Activity
Adversary Playbooks An Approach to Disrupting Malicious Actors and Activity Overview Applying consistent principles to Adversary Playbooks in order to disrupt malicious actors more systematically. Behind
More informationIntegrated C4isr and Cyber Solutions
Integrated C4isr and Cyber Solutions When Performance Matters L3 Communication Systems-East provides solutions in the C4ISR and cyber markets that support mission-critical operations worldwide. With a
More informationThe NIST Cybersecurity Framework
The NIST Cybersecurity Framework U.S. German Standards Panel 2018 April 10, 2018 Adam.Sedgewick@nist.gov National Institute of Standards and Technology About NIST Agency of U.S. Department of Commerce
More informationDepartment of Defense Installation Energy Resilience
Department of Defense Installation Energy Resilience Dr. Ariel Castillo Senior Energy Resilience Program Manager OASD (Energy, Installations & Environment) June 8, 2017 DISTRIBUTION STATEMENT A. Approved
More informationIT Security Training MS-500: Microsoft 365 Security Administration. Upcoming Dates. Course Description. Course Outline $2,
IT Security Training MS-500: Microsoft 365 Security Administration $2,595.00 4 Days Upcoming Dates Course Description Day 1: Managing Microsoft 365 Identity and Access (MS-500T01-A) Help protect against
More informationARC VIEW. Critical Industries Need Active Defense and Intelligence-driven Cybersecurity. Keywords. Summary. By Sid Snitkin
ARC VIEW DECEMBER 7, 2017 Critical Industries Need Active Defense and Intelligence-driven Cybersecurity By Sid Snitkin Keywords Industrial Cybersecurity, Risk Management, Threat Intelligence, Anomaly &
More information