Retrofitting Ground Systems to improve Cyber Security

Similar documents
Automated Cyber Hardening of Mission Management Systems

Streamlined FISMA Compliance For Hosted Information Systems

Information Systems Security Requirements for Federal GIS Initiatives

DEVELOP YOUR TAILORED CYBERSECURITY ROADMAP

Virtustream Cloud and Managed Services Solutions for US State & Local Governments and Education

INFORMATION ASSURANCE DIRECTORATE

Introduction to AWS GoldBase

CS 356 Operating System Security. Fall 2013

RISK MANAGEMENT FRAMEWORK COURSE

New Guidance on Privacy Controls for the Federal Government

FISMAand the Risk Management Framework

Protecting Buildings Operational Technology (OT) from Evolving Cyber Threats & Vulnerabilities

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

NCSF Foundation Certification

Integrated C4isr and Cyber Solutions

DATABASE SECURITY REQUIREMENTS GUIDE (SRG) TECHNOLOGY OVERVIEW. Version 2, Release October Developed by DISA for the DoD

Continuous protection to reduce risk and maintain production availability

Security: The Key to Affordable Unmanned Aircraft Systems

TEL2813/IS2820 Security Management

Introduction to the Federal Risk and Authorization Management Program (FedRAMP)

Industrial Cyber Security. ICS SHIELD Top-down security for multi-vendor OT assets

International Standard ISO/IEC 17799:2000 Code of Practice for Information Security Management. Frequently Asked Questions

Cloud Managed Services for Government (CMSG) A secure strategy for the Department of Defense at an IBM-operated, Level 5, DoD Facility

GSAW Information Assurance in Government Space Systems: From Art to Engineering

NCSF Foundation Certification

SOC 3 for Security and Availability

Defense Information Systems Agency (DISA) Department of Defense (DoD) Cloud Service Offering (CSO) Initial Contact Form

RED HAT ENTERPRISE LINUX 6 SECURITY TECHNICAL IMPLEMENTATION GUIDE (STIG) OVERVIEW Version 1, Release 2. 3 June 2013

Cybersecurity (CS) (as a Risk Based Approach) & Supply Chain Risk Management (SCRM) (Levels of Assurance for HwA, SwA & Assured Services?

Presentation Title 11/13/2013

ACM Retreat - Today s Topics:

Securing the Smart Grid. Understanding the BIG Picture 11/1/2011. Proprietary Information of Corporate Risk Solutions, Inc. 1.

FiXs - Federated and Secure Identity Management in Operation

DoDD DoDI

Security Management Models And Practices Feb 5, 2008

Using Metrics to Gain Management Support for Cyber Security Initiatives

Ensuring System Protection throughout the Operational Lifecycle

INFORMATION ASSURANCE DIRECTORATE

INFORMATION ASSURANCE DIRECTORATE

From Terminals to Teleports to All the Tools in Between. Aerospace Broadcast Government Infrastructure. datapath.com

SIEBEL 15 RELEASE & UPGRADE SUMMARY

Appendix 12 Risk Assessment Plan

years of Satellite Ground Systems

Introduction to AWS GoldBase. A Solution to Automate Security, Compliance, and Governance in AWS

Cyber Hygiene: A Baseline Set of Practices

RED HAT ENTERPRISE LINUX. STANDARDIZE & SAVE.

CYBER SECURITY BRIEF. Presented By: Curt Parkinson DCMA

DIACAP and the GIG IA Architecture. 10 th ICCRTS June 16, 2005 Jenifer M. Wierum (O) (C)

10 Considerations for a Cloud Procurement. March 2017

Appendix 12 Risk Assessment Plan

Enterprise Ground Services (EGS) Overview. SMC/AD Col Jim Planeaux GSAW Presentation 2 Mar 2016 Distribution A: Approved for Public Release

Altius IT Policy Collection

Vol. 1 Technical RFP No. QTA0015THA

Solutions Technology, Inc. (STI) Corporate Capability Brief

Certification Requirements for High Assurance Systems

GPS OCX BLOCK 1 NETCENTRIC INTERFACES. Walid Al-Masyabi Raytheon Company, Intelligence, Information and Services,

Department of Defense Installation Energy Program

An Integrative Framework for Secure and Resilient Mission Assurance

NIST Security Certification and Accreditation Project

Top Reasons To Audit An IAM Program. Bryan Cook Focal Point Data Risk

UNCLASSIFIED. FY 2016 Base FY 2016 OCO

THE AUTOMATED TEST FRAMEWORK

IT Governance ISO/IEC 27001:2013 ISMS Implementation. Service description. Protect Comply Thrive

MICROSOFT SQL SERVER 2016 SECURITY TECHNICAL IMPLEMENTATION GUIDE (STIG) OVERVIEW. Version 1, Release March 2018

MIS Week 9 Host Hardening

DFARS Compliance. SLAIT Consulting SECURITY SERVICES. Mike D Arezzo Director of Security Services. SLAITCONSULTING.com

NERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS

Does a SAS 70 Audit Leave you at Risk of a Security Exposure or Failure to Comply with FISMA?

IT Consulting and Implementation Services

Microsoft SQL Server on Stratus ftserver Systems

Frequently Asked Questions

The Center for Internet Security

FedRAMP Security Assessment Plan (SAP) Training

Certified Information Security Manager (CISM) Course Overview

Affordable Security. Sarah Pramanik April 10, 2013

MICROSOFT (MS) WINDOWS DEFENDER ANTIVIRUS SECURITY TECHNICAL IMPLEMENTATION GUIDE (STIG) OVERVIEW. Version 1, Release 4 27 APRIL 2018

Achieving a FIPS Compliant Wireless Infrastructure using Intel Centrino Mobile Technology Clients

locuz.com SOC Services

2018 Defense Service Catalog

Campus IT Modernization OPERATIONAL CONTINUITY FLEXIBLE TECHNOLOGY MODERNIZED SYSTEMS

Towards Effective Cybersecurity for Modular, Open Architecture Satellite Systems

VERTIV SERVICE CAPABILITY

SAP Cybersecurity Solution Brief. Objectives Solution Benefits Quick Facts

Internet of Things. The Digital Oilfield: Security in SCADA and Process Control. Mahyar Khosravi

Program Review for Information Security Management Assistance. Keith Watson, CISSP- ISSAP, CISA IA Research Engineer, CERIAS

Shift Left: Putting the Process Into Action

Interagency Advisory Board HSPD-12 Insights: Past, Present and Future. Carol Bales Office of Management and Budget December 2, 2008

ANATOMY OF AN ATTACK!

Requirements for Building Effective Government WLANs

existing customer base (commercial and guidance and directives and all Federal regulations as federal)

Accelerate Your Enterprise Private Cloud Initiative

Information Warfare Industry Day

SAC PA Security Frameworks - FISMA and NIST

Five Steps to Improving Security in Embedded Systems

Software Test & Evaluation Summit/Workshop Review

SECURE SYSTEMS, NETWORKS AND DEVICES SAFEGUARDING CRITICAL INFRASTRUCTURE OPERATIONS

ISA 201 Intermediate Information Systems Acquisition

Mapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective

U.S. FLEET CYBER COMMAND U.S. TENTH FLEET Managing Cybersecurity Risk

Cyber Challenges and Acquisition One Corporate View

Transcription:

Retrofitting Ground Systems to improve Cyber Security Michael Worden Security Engineer 25 February 2014 Copyright 2014 Raytheon Company. Published by The Aerospace Corporation with permission.. Customer Success Is Our Mission is a registered trademark of Raytheon Company.

Overview Satellite System Cyber Security is particularly challenging Satellite Mission Management networks have unique designs and challenging mission constraints Security Solutions/Security COTS are not designed with Satellite Operations in mind Retrofitting legacy satellite mission management systems is particularly difficult Operations budgets are extremely limited Maintenance windows are generally short Reuse has been a common method to reduce deployment Costs Security reuse represents a way to reduce Cyber Security costs Security Patterns enable Reuse of Proven Security Solutions 2/25/2014 2

Satellite System Commonalities Merges sophisticated cutting-edge mission planning software To specialized, long-life (and often ancient) command hardware Requires 7x24 uptime, stable technologies & stable environment (no experimenting & no beta software!) Are high-value and mission-critical assets Satellite Systems have Specialized Security Requirements 2/25/2014 3

Security Challenges Escalating Focus on Cyber Security Government concern over Cyber Security has resulted in ever-increasing numbers of security requirements Federal Government - NIST SP 800-53 Over 800 Controls, describing baseline technical and procedural security DoD DoDI 8500.2/DoD 8581.01 110+ Procedural and Controls, depending on classification level ISO/IEC 27002 12 Sections 114 controls, providing goals, but little implementation guidance Measuring Cost/Benefit Cyber Risk is difficult to quantify Every dollar spent on security is not spent on expanding mission capability Retrofitting legacy systems can be costly with only nominal security benefit Applying Security to Ground Systems Can be Costly & Difficult 2/25/2014 4

Security Pattern Reuse Reuse software Design Pattern methodology to Create reusable Security Patterns Apply Security Patterns to High Value Mission Management Systems Reuse of proven Mission Management policies including: Access Control User Roles Secure Communications Network Systems Hardening Software Assurance Anti-Virus Configuration Management Product Selection Criteria Reuse of proven technology solutions, including: Reference Security Architecture Hardened OS/COTs images Security Assessments Encryption Log Reduction/SEIM Network Defense Product Approved Products Public Key Infrastructure Lower Deployment Costs and Security Risk through Reuse 2/25/2014 5

Scenario 1: Systems Hardening Reuse of Policy Templates, Automation Scripts and Assessment tools for hardening Windows/Linux Systems Templates mined from a large-scale multi-platform Command/Control system Templates were already tailored to unique CPU/Disk/performance requirements of a C2 System Benefits included: Speeds time to upgrade core Infrastructure Provides standards-compliant, tested base OS templates for application, database and web servers Includes hooks for modern security protocols, including IPSec, PKI, TLS and SSL Reduces labor and schedule time associated with COTS configuration and maximizes integration/test time Provides a higher confidence development schedule, based on schedule/cost actuals from previous deployments Cost-effective Satellite Security by Reusing Proven Cyber Solutions 2/25/2014 6

Scenario 2: Access Policy Reuse of Access Policy templates for Satellite C2 System Includes common satellite mission C2 roles, including Shift Commander, Satellite Vehicle Operator, and Payload operator Identifies roles, permissions, and constraints necessary to support Satellite Operations Validated as meeting compliance requirements Benefits: Minimizes policy development time Provides an example of an approved, accredited policy Tailored to security and mission requirements unique to satellite operations (e.g. separation of duties, shift changes, 2-man controls) Cost-effective Security by Reusing Proven Satellite C2 Solutions 2/25/2014 7

Conclusion Cost-effective security upgrades of legacy systems are possible Best value is in upgrades to core Security Enabled COTS Lowest risk is in reuse of Satellite Mission expertise Security Patterns approach allows for a buffet-style approach to improving security Not as robust as a built-in security approach, but Provides significant, measurable improvements in cyberresiliency for legacy systems 2/25/2014 8

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback