Cyber Security Awareness for SmallSat Ground Networks

Transcription

1 Cyber Security Awareness for SmallSat Ground Networks SSC16-IX-02 SmallSat 2016 Ted Vera Colorado Springs, CO (719) Denver, CO (303) Chantilly, VA (703)

2 Verizon s 2016 Data Breach Investigations Report Threat Overview Summarizes 64,199 cyber security incidents, 2260 with confirmed data loss that occurred in 2015 Intel Security / McAfee estimates annual cost to global economy from cybercrime is >$375B Attacks targeted all types of public & private organizations SmallSat Tip: The threat is real, care should be taken when designing SmallSat ground networks 8/9/2016 2

3 RF Based Threats Threat Overview SmallSat ground networks must also consider RF based threats Amateurs, enthusiasts and potential adversaries are always listening Findings are documented on enthusiast websites such as SatBeams.com, FeedHunter.com, FastSatFinder.com Hacker conferences such as DEFCON SmallSat Tip: When possible encrypt all RF links, even unencrypted meta-data can be a potential vulnerability. 8/9/2016 3

4 Mission unique equipment RF processing (ie: radios, modems, up/down converters, recorders, multiplexers, telemetry front-end processors, etc) Test equipment (ie: spectrum analyzers, o-scopes, channel simulators) Specialized protocols Specialized applications Software defined radio C2 software IOActive A Wake-up Call for SATCOM Security Technical Whitepaper Mission-Unique Attack Surface IOActive: Summary Table Excerpt SmallSat Tip: SmallSat ground networks may contain vulnerabilities not found in most traditional IT networks 8/9/2016 4

5 NIST Special Publications NIST publishes guides and frameworks that can be used to help establish policies & procedures to help manage the security needs of the ground network organization Publication NIST SP Rev. 1 NIST SP Rev. 1 NIST SP NIST SP NIST SP NIST SP NIST SP Rev. 2 NIST SP Title Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach Contingency Planning Guide for Federal Information Systems Technical Guide to Information Security Testing and Assessment Information Security Handbook: A Guide for Managers Guide to Intrusion Detection and Prevention Systems (IDPS) Guide to Computer Security Log Management Security Considerations in the System Development Life Cycle Building an Information Technology Security Awareness and Training Program This table of NIST SP800 series publications is not comprehensive, but serves as a good list to get started with. 8/9/2016 5

6 Security Process: RMF NIST SP Step 1: Categorize the Information systems and the information they process, store and transmit, based on a risk/impact analysis Step 2: Select baseline security controls for the information system, and tailor as needed to meet the organization s risk assessment Step 3: Implement selected security controls and document how they are employed within the information system and its operational environment Step 4: Assess the security controls to ensure they are implemented correctly Step 5: Authorize operation of the information system based on determination that residual risk is acceptable to the organization Step 6: Monitor information system security controls on an ongoing basis Step 6. Monitor Step 5. Authorize Step 1. Categorize Step 4. Assess Step 2. Select Step 3. Implement 8/9/2016 6

7 System Hardening General Approach Remove unnecessary applications / packages Install all operating system and application patches Disable unnecessary services Enforce strong passwords Limit root to console login Configure firewall etc Specific Guidance and Tools Defense Information Systems Agency Security Technical Implementation Guides (STIG) STIG Viewer SmallSat Tip: Be careful not to overlook specialized systems such as oscilloscopes, spectrum analyzers, and channel simulators. They might not be thought of as IT systems but often contain an operating system. 8/9/2016 7

8 DISA Operating System STIGs 8/9/2016 8

9 DISA Application STIGs 8/9/2016 9

10 DISA STIG Viewer 8/9/

11 Security Information & Event Management (SIEM) Security Information & Event Manager Product-class which provides continuous monitoring Real-time event processing, alerting and reporting Market leaders of SIEM technologies include IBM, HP, Splunk, Intel, and LogRythm Alienvault is responsible for the Open Source Security Information & Event Manager (OSSIM) SmallSat Tip: Challenges associated with implementing a SIEM for a SmallSat ground network include: developing custom plug-ins for mission-unique equipment and monitoring specialized protocols. 8/9/

12 OSSIM 8/9/

13 SCAP Tools Security Content Automation Protocol (SCAP) Perform authenticated configuration scanning NIST maintains a list of SCAP validated products Commercial examples include: IBM Big Fix, Rapid 7 Nexpose 6, Microsoft SCAP Extensions, Tenable Security Center 5 RedHat OpenSCAP project Open source suite of tools oscap command line tool helps automate evaluating STIGs SCAP Workbench GUI Generates scan report containing results Windows version is in development 8/9/

14 SmallSat ground systems are attractive targets and vulnerable to cyber threats Care should be taken when SmallSat ground networks are being designed Security should be integrated into the design and implementation Wrap-up SmallSat operators can benefit from free resources & tools developed and used by Government & Industry NIST Special Publications DISA STIGs & STIG Viewer OSSIM Security Information & Event Manager OpenScap Project 8/9/

15 Question For The Audience Would you be interested in a free opensource Linux distro IA hardened to meet DISA STIGs? If so, please complete this form: Or send me your contact information and a brief description of your SmallSat project! Ted Vera tvera@rtlogic.com 8/9/

16 Questions & Contact Information Questions? Ted Vera ext /9/