Cyber Security – the Vital Ingredient for Today’s and Tomorrow’s

Infrastructure NeedsEnergy, Environment, Defenseand Security 2011 (E2DS ’11)

4 May 2011

Robert F. Brammer, Ph.D.VP Advanced Technology and Chief Technology Officer

Northrop Grumman Information Systems

INTRODUCTION AND NORTHROP GRUMMAN SUMMARY

2

Key Points for This Presentation

• Critical Infrastructure and Key Resources (CIKR) are increasingly valuable and increasingly vulnerable in many ways

– North American energy assets worth more than $1T, US capital markets issuance $1.83T during 4Q2010, etc.

– US Federal Budget for 2012 for CIKR -- ~$28B

• Much of our CIKR are aging, deteriorating, and inefficient– Account for much of the US energy use and greenhouse gas emissions

• Plans for renovation involve significant use of information technology– Cost reduction, improved functionality and flexibility, environmental benefits

• Cybersecurity threats growing in number, sophistication, and significance– Advanced Persistent Threat, intellectual property and other monetary theft, critical

infrastructure, cyber warfare, …

• Improved cybersecurity is not only for protection of assets but also a key enabler for key areas of energy, environment, defense and security

• Northrop Grumman is addressing several areas to protect US CIKR from cyber threats and to help to enable new capabilities and services

3

Northrop Grumman Today

• $34.8 billion sales in 2010

• $64 billion total backlog

• 75,000 people, 50 states, 25 countries

• Leading capabilities in:– C4ISR and battle management

– Climate and environment

– Cybersecurity

– Defense electronics

– Homeland Security

– Information technology and networks

– Logistics

– Space and missile defense

– Systems integration

– Unmanned Systems

4

Northrop Grumman’s Cybersecurity Experience

Relevant Expertise

Description

KeyPrograms

Northrop Grumman Global Network (NGGN)

DHS/DOJ CISO SupportDoS Enterprise NW/Security, Treasury

JTF-GNO, ARMY I2WD, 1st IO, DARPA, USSTRATCOM, MCNOSC

Restricted Programs,Multiple Customers

• Enterprise security and risk mgmt (120,000 users)

• 24x7 CyberSecurity Operations (Protect, Detect, Respond, Recover)

• APT defensive technologies• Smart Card/HSPD-12

• SOCs/CSIRCs• TIC implementation• FISMA, PKI• Deep packet inspection• Continuous vulnerability

assessment and risk mgmt• Forensics

• Tier-1 Incident Handling and Response for DoD Global Information Grid

• Security architecture, engineering & testing

• Cyber Test & Exercises• Research &

Development

• Cyber sensors and system development, integration & test

• System deployment, sustainment, training

• Collaborative, agile software development

• Integrated COTS and custom solutions

• InfoShield™ framework• Legal/privacy issues • CyberSecurity info sharing

across .mil, .gov, .com• R&D Investments to

enhance capabilities

• Collaboration tools to improve notification

• Risk management and prioritization

• Executive dashboard –vulnerability status

• Enterprise Patch Mgmt• Visualization tools

• Near real-time CND situational awareness

• C2, coordination• CNO Mission & Exercise

Planning• Vulnerability mgmt• Cyber Threat Analysis• Emulation, Modeling &

Simulation

• Interfaces to IC-based capabilities for response and threat tracking

• Support transfer of IC capabilities/knowledge

• Advanced threat detection and analytics

Department of Defense

Federal Intelligence Community

Private Sector

5

CYBERSECURITY THREATS TO CRITICAL INFRASTRUCTURE AND KEY RESOURCES

6

US Critical Infrastructure and Key Resources (CIKR) – High Degree of Interdependencies

• Critical infrastructure – “systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters” (Homeland Security Act of 2002)

• Interdependencies create the potential for catastrophic cascading failures7

Cybersecurity Threats to CIKR

Stuxnet: Malware more complex, targeted and dangerous than everCNN September 27, 2010

(CNN) – “… potentially the most dangerous piece of computer malware discovered. It's been developed on an unprecedented scale and has the ability to target and control specified industrial machinery.

Trojan-ridden warning system implicated in Spanair crashThe Register, 20th August 2010

Malware may have been a contributory cause of a fatal Spanair crash that killed 154 people two years ago. Spanair flight JK 5022 crashed with 172 on board after taking off from Madrid's Barajas Airport on 20 August 2008. The airline's central computer which registered technical problems on planes was infected by Trojans at the time of the fatal crash and this resulted in a failure to raise an alarm over multiple problems with the plane.

Experimental Security Analysis of a Modern AutomobileKoscher, et al2010 IEEE Security and Privacywww.autosec.org

FBI, DoJ Act to Block International BotnetDecade-Old 'Coreflood' Said to Have Infected 2 Million ComputersGovInfoSecurity.com, April 14, 2011

“Coreflood steals usernames, passwords and other private personal and financial information…”

8

Cap and Trade, Cybersecurity, and Climate Change

Cap and trade is an environmental policy tool that delivers results with a mandatory cap on emissions while providing sources flexibility in how they comply. Successful cap and trade programs reward innovation, efficiency, and early action and provide strict environmental accountability without inhibiting economic growth.

US EPA

Cap-and-Trade Is Beginning to Raise Some Concerns

“Critics have warned for years that this form of offsetting would encourage profiteering, with little or no value in efforts to curb climate change.”

“The controversy over offsetting is the latest blow to emissions trading, which has been racked by a spate of problems in Europe including cyberattacks, tax fraud and recycling of used credits.”

New York Times, August 29, 2010

EU plans to link emissions tradingscheme with California

Guardian UK, 7 April 2011

“But the European scheme has been fraught with problems including over-allocation of allowances resulting in windfall profits for energy corporations and allegedly fraudulent "missing trader" transactions worth €5bn. The scheme has also been subjected to cyber attacks.”9

European Union faces legal action over fraudulent carbon emissions trading

Guardian UK, 20 February 2011

“The European Union faces legal and political challenges over its handling of the carbon markets which remain in chaos after a cyber attack forced partial closure of theEmissions Trading Scheme.”

The Smart Grid, Cybersecurity, and Climate Change

• “… integrate advanced functions into the nation's electric grid to enhance reliability, efficiency, and security, and would also contribute to the climate change strategic goal of reducing carbon emissions”

US DOE Smart Grid

• Transmission Technology assessment additional mitigation required – “ensure that cyber and physical security are part of the planning, design, and operations of the bulk power system”

NERC

• “Ninety to ninety-five percent of the people working on the smart grid are not concerned about security and only see it as a last box they have to check.”

Jim WoolseyFormer CIA Director

Reliability Impacts of Climate Change

Initiatives

Technology Assessment and Scenario Development

NERCNorth American Electric Reliability Corporation

July 2010

In the Dark

Crucial Industries Confront Cyberattacks

McAfee and CSIS,The Center for Strategic and

international Studies

February 2011

Grid 2030

A Vision for Electricity’s Second 100 Years

US Department of EnergyOffice of Electric Transmission and

Distribution

July 2003

10

SELECTED NORTHROP GRUMMAN CYBERSECURITY PROGRAMS FOR

CRITICAL INFRASTRUCTURE

11

12

TSCP Member Northrop Grumman Presents Use Case on Federated Identity Management

LOS ANGELES, Feb. 8, 2010 /PRNewswire/ Northrop Grumman, will explain how the organization leverages Transglobal Secure Collaboration Program (TSCP) specifications for federated identity management . The presentation will cover methods for secure information sharing between customers and partners.

Northrop Grumman, Microsoft, CA Technologies and CertiPath Participate in National Strategy for Trusted Identities in Cyberspace Announcement

WASHINGTON, April 15, 2011 (GLOBE NEWSWIRE) -- A newly developed Cross-Sector Digital Identity Initiative –led by Northrop Grumman Corporation, Microsoft, CA Technologies, and CertiPath – was demonstrated today as a "Proof of Concept" for the administration's announcement of the National Strategy for Trusted Identities in Cyberspace.

The strategy aims to deploy a system that helps secure transactions on the Internet, improve the public's awareness and control of personal information and stimulate growth of online commerce.

Northrop Grumman's OneBadge Awarded Information Security North America Project of the Year

MCLEAN, Va., Nov. 18, 2010 (GLOBE NEWSWIRE)

Northrop Grumman Corporation (NYSE:NOC) was presented with the 2010 Information Security Executive™ (ISE™) North America Project of the Year Award last month for the High Assurance OneBadge.

Selected Northrop Grumman Identity Management Programs

Northrop Grumman Designed and Built the New York City Wireless Network (NYCWiN)

• Provides NYC broadband mobile services for public-safety and other city functions

• Most comprehensive network of its kind

• State-of-the-art data and video applications for first responders

• Key technology investments by NGC in broadband mobile IP networks, QOS, and security

New York City Wireless Network Goes Live CitywideGovernment TechnologyMay 22, 2009

New York City first responders have high-speed wireless connectivity anywhere across the city's more than 300 square miles, thanks to the newly deployed New York City Wireless Network.

“With Northrop Grumman, we have worked to deploy a network and capabilities that will propel New York City into the 21st century,” said DoITT Commissioner Paul J. Cosgrave.

“NYCWiN will provide robust, reliable, and resilient data communications, enhancing coordination and ensuring that critical information reaches our mobile workforce, to the benefit of all City agencies and the people we serve.”13

Northrop Grumman Power Grid Cybersecurity Research

• Northrop Grumman has developed federated cyber ranges for cybersecurity research and testing– Both US and UK locations– HPC facilities and massive

databases for advanced cybersecurity research

• Cyber ranges can be rapidly configured to emulate or simulate IT and control system networks

• We are collaborating with CMU CyLab and UIUC ITI on cyber-physical security of a SmartGrid infrastructure

14

Telecommunications

Northrop Grumman Cyber Security Solutions Center Cyber Range

CONCLUDING REMARKS

15

Concluding Remarks

16

• Critical Infrastructure and Key Resources (CIKR) are increasingly valuable and increasingly vulnerable

• Much of our CIKR are aging, deteriorating, and inefficient

• Plans for renovation involve significant use of IT and networks

• Cybersecurity threats are growing in number, sophistication, and significance

• Improved cybersecurity is not only for protection of assets but also a key enabler for key areas of energy, environment, defense and security

• Northrop Grumman is addressing several areas to protect US CIKR from cyber threats and to help to enable new capabilities and services

17