Information Dominance Anytime, Anywhere… Program Executive Office Command, Control,...
-
Upload
gerardo-snipe -
Category
Documents
-
view
222 -
download
0
Transcript of Information Dominance Anytime, Anywhere… Program Executive Office Command, Control,...
![Page 1: Information Dominance Anytime, Anywhere… Program Executive Office Command, Control, Communications, Computers and Intelligence (PEO C4I) Statement A: Approved.](https://reader036.fdocuments.net/reader036/viewer/2022062515/56649ca35503460f94963e94/html5/thumbnails/1.jpg)
Information Dominance Anytime, Anywhere…
Program Executive OfficeCommand, Control, Communications, Computers and Intelligence (PEO C4I)
Statement A: Approved for public release; distribution is unlimited
PMW 130 Overview for NDIA
11 May 2011Kevin McNally
Program Manager PMW 130858-537-0682
![Page 2: Information Dominance Anytime, Anywhere… Program Executive Office Command, Control, Communications, Computers and Intelligence (PEO C4I) Statement A: Approved.](https://reader036.fdocuments.net/reader036/viewer/2022062515/56649ca35503460f94963e94/html5/thumbnails/2.jpg)
Why Cyber Matters?
• Over 2.08 billion Internet users (420M in China) – UN International
Telecommunication Union (ITU)
• DOD makes 1 billion+ Internet connections daily, passing 40TBs of
data – RADM Edward H. Deets, III
• DOD Networks scanned and probed 6M times/day – USCYBERCOM• Several years ago, zero countries armed for cyber warfare, today 20+
countries – Dr. Eric Cole, McAfee
• Stuxnet – Most advanced Cyber Weapon ever seen – CEO McAfee
“The next battle is in the information domain, and the first shots have already been fired.”- Admiral Gary Roughead, CNO
“The next battle is in the information domain, and the first shots have already been fired.”- Admiral Gary Roughead, CNO
"If the nation went to war today in a cyber war, we would lose.” - Admiral Mike McConnell (retired), 23 Feb 2010
"If the nation went to war today in a cyber war, we would lose.” - Admiral Mike McConnell (retired), 23 Feb 2010
2
![Page 3: Information Dominance Anytime, Anywhere… Program Executive Office Command, Control, Communications, Computers and Intelligence (PEO C4I) Statement A: Approved.](https://reader036.fdocuments.net/reader036/viewer/2022062515/56649ca35503460f94963e94/html5/thumbnails/3.jpg)
McAfee Threat Summary
New stats:• 20 Million new malware in 2010• ~55,000 new malwares/day (new record)• Growth in sites hosting malware• Number of new mobile malware in 2010
increased by 46 percent over 2009
Source: McAfee Threats Report Q4 2010
3
Malware growth since Jan 09
Adobe products still the top target
![Page 4: Information Dominance Anytime, Anywhere… Program Executive Office Command, Control, Communications, Computers and Intelligence (PEO C4I) Statement A: Approved.](https://reader036.fdocuments.net/reader036/viewer/2022062515/56649ca35503460f94963e94/html5/thumbnails/4.jpg)
Symantec Expansion of Tool Kits
Source: Symantec Intelligence Quarterly (April-June 2010)
4
61% of threat activity on malicious websites
is toolkit specific
4
![Page 5: Information Dominance Anytime, Anywhere… Program Executive Office Command, Control, Communications, Computers and Intelligence (PEO C4I) Statement A: Approved.](https://reader036.fdocuments.net/reader036/viewer/2022062515/56649ca35503460f94963e94/html5/thumbnails/5.jpg)
ZeuS, aka ZbotAdaptable Trojan for sale
• Cost on the black market •The Private Version is $3-4K•VNC private module is $10K
• ZeuS author earned $15M in commissions from license rights
• Infect PCs by simply visiting an infected Web site• Oct 2010, over 30 individuals were arrested for ZeuS-based attacks against U.S. and U.K. bank account holders• Dec 2010, spoof email from “White House” to UK Government• U.K. officials suggest the cyber attack originated from China
5
TOOLKIT TO BUILD YOUR OWN TROJAN HORSE
77% of infected PCs have up-to-date anti-virus software
![Page 6: Information Dominance Anytime, Anywhere… Program Executive Office Command, Control, Communications, Computers and Intelligence (PEO C4I) Statement A: Approved.](https://reader036.fdocuments.net/reader036/viewer/2022062515/56649ca35503460f94963e94/html5/thumbnails/6.jpg)
Can you tell the difference?
6
![Page 7: Information Dominance Anytime, Anywhere… Program Executive Office Command, Control, Communications, Computers and Intelligence (PEO C4I) Statement A: Approved.](https://reader036.fdocuments.net/reader036/viewer/2022062515/56649ca35503460f94963e94/html5/thumbnails/7.jpg)
Amazing Coincidence?
7
![Page 8: Information Dominance Anytime, Anywhere… Program Executive Office Command, Control, Communications, Computers and Intelligence (PEO C4I) Statement A: Approved.](https://reader036.fdocuments.net/reader036/viewer/2022062515/56649ca35503460f94963e94/html5/thumbnails/8.jpg)
Is our supply chain safe?
8
January 2008, a joint task force seized $78M of counterfeit Cisco networking hardwareSource: Defense Tech
May 2010, Counterfeit Cisco Network Gear Traced to China, Not SurprisinglySource: Security Magazine
April 2009, Chinese spies may have put chips in U.S. planesSource: The Times of India
![Page 9: Information Dominance Anytime, Anywhere… Program Executive Office Command, Control, Communications, Computers and Intelligence (PEO C4I) Statement A: Approved.](https://reader036.fdocuments.net/reader036/viewer/2022062515/56649ca35503460f94963e94/html5/thumbnails/9.jpg)
Conficker Spreading5 Versions in 5 Months
9
9
End Dec 2008: CONFICKER B
Code Cryptography+ Password Cracking
+ USB Infection VectorAnti-Virus Countermeasures
+ Primitive Peer-to-Peer CommsSoftware Update Countermeasures
20 Nov 2008:CONFICKER.A
No Software ArmoringHTTP Command & Control
Mid Feb 2009CONFICKER B++Direct Update Feature
Early Feb 2009CONFICKER C
50K DomainsKills Security Software
+ Robust Peer-to-Peer CommsMalware Analysis Countermeasures
+ Improved HTTP Command & Control
April 2009CONFICKER E
Spam“Scareware”
50,000 PCs a day are attacked
March 2009IBM announces: Asia has 45% of
infections; Europe 32%; South America 14%;
North America 6%
Mid Jan 2009Conficker A and B explodes.
Estimates range from 3-12 million machines infected
![Page 10: Information Dominance Anytime, Anywhere… Program Executive Office Command, Control, Communications, Computers and Intelligence (PEO C4I) Statement A: Approved.](https://reader036.fdocuments.net/reader036/viewer/2022062515/56649ca35503460f94963e94/html5/thumbnails/10.jpg)
Conficker(At the one year mark)
1010
![Page 11: Information Dominance Anytime, Anywhere… Program Executive Office Command, Control, Communications, Computers and Intelligence (PEO C4I) Statement A: Approved.](https://reader036.fdocuments.net/reader036/viewer/2022062515/56649ca35503460f94963e94/html5/thumbnails/11.jpg)
What about specialized weapons and aircraft?
11
French fighter planes grounded by computer virus- The Telegraph, 07 Feb 2009
French fighter planes were unable to take off after military computers were infected by a computer virus. Microsoft had warned that the "Conficker" virus, transmitted through Windows, was attacking computer systems in October last year
![Page 12: Information Dominance Anytime, Anywhere… Program Executive Office Command, Control, Communications, Computers and Intelligence (PEO C4I) Statement A: Approved.](https://reader036.fdocuments.net/reader036/viewer/2022062515/56649ca35503460f94963e94/html5/thumbnails/12.jpg)
Android Disasters
• March 1, 2011: confirmed that 58 malicious apps were uploaded to Android Market
• Rootkit granting hackers deep access• Google initiated “remote kill” to affected devices • Admits they can’t patch the hole causing the
vulnerability
Source: http://techcrunch.com/2011/03/05/android-malware-rootkit-google-response/http://www.computerworld.com/s/article/9211879/Infected_Android_app_runs_up_big_texting_bills
• Symantec: Android app called “Steamy Windows” was modified to SMS premium rate numbers owned by Chinese hackers
12
![Page 13: Information Dominance Anytime, Anywhere… Program Executive Office Command, Control, Communications, Computers and Intelligence (PEO C4I) Statement A: Approved.](https://reader036.fdocuments.net/reader036/viewer/2022062515/56649ca35503460f94963e94/html5/thumbnails/13.jpg)
SCADASupervisory Control And Data Acquisition
13
• Infrastructure processes include:• Water treatment & distribution• Wastewater collection & treatment • Oil & gas pipelines • Wind farms • Civil Defense siren systems• Large communication systems• Electrical power transmission & distribution
• Shumukh Al-Islam Network call to Mujahadin Brigades to “strike the soft underbelly…”
• “…strikes…simultaneous”; “…spread hysterical horror…”
OSC Web monitoring report found an article dated 18 December 2010 on Shumukh Al-Islam Network titled “Launch SCADA Missiles” urging an attack
![Page 14: Information Dominance Anytime, Anywhere… Program Executive Office Command, Control, Communications, Computers and Intelligence (PEO C4I) Statement A: Approved.](https://reader036.fdocuments.net/reader036/viewer/2022062515/56649ca35503460f94963e94/html5/thumbnails/14.jpg)
Social Networking Event
Robin Sage• Purportedly Cyber Threat Analyst
for the Naval Network Warfare Command
• Impressive resume at 24, high-level security clearances
• 10 years' experience in the cybersecurity field
• Friends list included people working for the nation's most senior military officer, the chairman of the Joint Chiefs of Staff, NRO, a senior intelligence official in the U.S. Marine Corps, the chief of staff for a U.S. congressman, and several senior executives at defense contractors
• Job offers from industry
“One soldier uploaded a picture of himself taken on patrol in Afghanistan containing embedded data revealing his exact location”
14
![Page 15: Information Dominance Anytime, Anywhere… Program Executive Office Command, Control, Communications, Computers and Intelligence (PEO C4I) Statement A: Approved.](https://reader036.fdocuments.net/reader036/viewer/2022062515/56649ca35503460f94963e94/html5/thumbnails/15.jpg)
Information Assurance & Cyber Security (PMW 130)
• Computer Network Defense (CND) – ACAT IVT• EKMS/KMI - Component of NSA – ACAT IAM• PKI - Component of DISA – ACAT IAM• Cryptography (modernization; legacy)
• Navy, USMC, USCG, MSC• Radiant Mercury (RM)
• Cross Domain Solution• Tactical Key Loader (TKL)
• USMC and SPECOPS• Information Assurance (IA) Services
15
PMW 130 collaborates with FLTCYBERCOM, 10th Fleet, NCF, NNWC, and NCDOC
![Page 16: Information Dominance Anytime, Anywhere… Program Executive Office Command, Control, Communications, Computers and Intelligence (PEO C4I) Statement A: Approved.](https://reader036.fdocuments.net/reader036/viewer/2022062515/56649ca35503460f94963e94/html5/thumbnails/16.jpg)
C4I Networks TodayDefense In Depth
Enterprise View
RegionalViews
LAN Defenses• Host Protection (HIDS, Firewall,
anti-virus, baselining)• Vulnerability Scanning• Vulnerability Patch Remediation• Network Intrusion Detection
WAN Defenses• Boundary Defense (firewalls)• Enclave Protection (IPS/IDS)• Data Correlation • Virus Protection
Enterprise Management• Prometheus
– Advanced Data Correlation• Governance• Situational Awareness: CND-COP• CND C2• Coordinated Response Actions
PlatformViews
Navy Computer Network Defense Centers
Network Operations Service Centers
Mission Operations16
![Page 17: Information Dominance Anytime, Anywhere… Program Executive Office Command, Control, Communications, Computers and Intelligence (PEO C4I) Statement A: Approved.](https://reader036.fdocuments.net/reader036/viewer/2022062515/56649ca35503460f94963e94/html5/thumbnails/17.jpg)
Navy Computer Network Defense High-Level Operational View
17
![Page 18: Information Dominance Anytime, Anywhere… Program Executive Office Command, Control, Communications, Computers and Intelligence (PEO C4I) Statement A: Approved.](https://reader036.fdocuments.net/reader036/viewer/2022062515/56649ca35503460f94963e94/html5/thumbnails/18.jpg)
Cyber Defense and the NavyWhat Lies Ahead
• Identifying network anomalies & behaviors• Moving from reactive to predictive• Advanced Persistent Threat • Insider Threat/Data loss prevention• Advanced spear phishing• Web security, Social Networks• Web enabled application security• Correlation and Analysis of sensor data• Cloud Security• Wireless/handheld device security• Cyber Situation Awareness
18
![Page 19: Information Dominance Anytime, Anywhere… Program Executive Office Command, Control, Communications, Computers and Intelligence (PEO C4I) Statement A: Approved.](https://reader036.fdocuments.net/reader036/viewer/2022062515/56649ca35503460f94963e94/html5/thumbnails/19.jpg)
Future Collaboration
• Collaboration is vital to our future• Welcome collaboration across government,
commercial, academia and other stakeholders• PMW 130 Government/Industry Exchange
• An opportunity for industry to present products they feel may be of interest to PMW 130
• Attendees include PMW 130 senior leadership, SPAWAR and PEO C4I invitees, and other PMW 130 personnel (Assistant Program Managers, engineers, etc.)
• Held once a month • 50 minutes, including Q&A• Please contact Carol Cooper at [email protected]
19
![Page 20: Information Dominance Anytime, Anywhere… Program Executive Office Command, Control, Communications, Computers and Intelligence (PEO C4I) Statement A: Approved.](https://reader036.fdocuments.net/reader036/viewer/2022062515/56649ca35503460f94963e94/html5/thumbnails/20.jpg)
We get IT.We also integrate it, install it and
support it. For today and tomorrow.
Visit us at www.peoc4i.navy.mil
20