La Governance della Sicurezza delle Informazioni in Italia: stato
Transcript of La Governance della Sicurezza delle Informazioni in Italia: stato
Rev. 0_18
La Governance della Sicurezza delle
Informazioni in Italia:
stato dell’arte e nuove prospettive
Genova 18 Febbraio 2011
2© 2011 SELEX Sistemi Integrati. All rights reserved
Posizionamento strategico dell’ offerta
Selex SI
Offerta allo Stato dell’Arte: dai singoli Prodotti ai Sistemi Integrati
PROTEZIONE DEL
TERRITORIO
SISTEMI DI DIFESA
PROTEZIONE DEL TERRITORIO E DEI CONFINI,
PROTEZIONE DELLE INFRASTRUTTURE CRITICHE,
GESTIONE DELLE CRISI E GRANDI EVENTI
SISTEMI C4ISTAR,
INFRASTRUTTURE NCW,
SISTEMI DI DIFESA AEREA,
SISTEMI C4ISTAR PER IL CAMPO DI
BATTAGLIA
SISTEMI DI BORDO, DI SORVEGLIANZA E SICUREZZA
SISTEMI DI MISSIONE
AEREA
SISTEMI
ATC/ATM E AEROPORTI
VTMS &
CONTROLLO MARITTIMO
IT AVANZATA PER LA
SICUREZZA, LOGISTICA,
AUTOMAZIONE
AVIONICA (EW, RADAR, EO),
RADAR NAVALI E SISTEMI DI
DIREZIONE DI TIRO,
RADAR TERRESTRI
INTEGRAZIONE SISTEMI DI
COMBATTIMENTO NAVALE,
SISTEMI COMANDO E CONTROLLO
TERRESTRI
NAVALI E TERRESTRI,
AVIONICA CNI,
PROFESSIONAL TETRA, WiMAX
SENSORI
SISTEMI INTEGRATI
COMANDO E CONTROLLO COMUNICAZIONI
©2011 S
ELE
X S
iste
mi In
teg
rati
-com
merc
ial in
confide
nce
TERRAATC & ATPFINMECCANICASELEX SISTEMI
INTEGRATINAVALE MAPPASICUREZZAC4I LOGISTICA
3© 2011 SELEX Sistemi Integrati. All rights reserved
L’offerta dei Sistemi di Sicurezza
SISTEMI DI CONTROLLO DEI
CONFINI MARITTIMI E DEL
TRAFFICO NAVALE
SISTEMI DI CONTROLLO
DEL TERRITORIO
SISTEMI DI PROTEZIONE DEI
CONFINI TERRESTRI SISTEMI DI PROTEZIONE PORTUALESISTEMI DI CONTROLLO DELLE
INFRASTRUTTURE CRITICHE
SISTEMI PER LA GESTIONE DELLE
CRISI E LA PROTEZIONE CIVILE
©2011 S
ELE
X S
iste
mi In
teg
rati
-com
merc
ial in
confide
nce
TERRAATC & ATPFINMECCANICASELEX SISTEMI
INTEGRATINAVALE MAPPASICUREZZAC4I LOGISTICA
4© 2011 SELEX Sistemi Integrati. All rights reserved
Cyber: Threats
Critical Infrastructure attacksRobbery of digital identity
Web Vandalism
Equipment Distruction Robbery of sensible and reserved files
Buffer overflow; Shellcode; Cracking; Backdoor; Port scanning; Sniffing; Keylogging; Spyware
Examples: Spoofing; Trojan; Virus; DoS (Denial of Service); DDoS (Distributed Denial of Service);
Propaganda
5© 2011 SELEX Sistemi Integrati. All rights reserved
Cyber: Vulnerabilities
ExploitPiece of software, a chunk of data, or
sequence of commands that take
advantage of a bug, glitch or vulnerability
in order to cause unintended or
unanticipated behavior to occur on
computer software and hardware.
BackdoorMethod of bypassing normal
authentication, securing remote
access to a computer, obtaining
access to plaintext, and so on,
while attempting to remain
undetected.
EavesdroppingThe act of secretly
listening to the private
conversation of others
without their consent
Bad Social engineeringMalicious individuals have regularly
penetrated well-designed, secure computer
systems by taking advantage of the
carelessness of trusted individuals,
or by deliberately deceiving them.
RootkitA rootkit is software that enables
continued privileged access to a
computer, while actively hiding its
presence from administrators by
subverting standard operating system
functionality or other applications.
KeyloggingThe action of tracking/logging the
keys struck on a keyboard,
typically in a covert manner so that
the person using the keyboard is
unaware that their actions are
being monitored
6© 2011 SELEX Sistemi Integrati. All rights reserved
CyberDefence: Architectural Context
• Symmetric and A-Symmentric Threats
• Active, Passive, Conventional and non – Conventional Defence
• High level complexity in Organizational Structure
• Evolution in Employment Concept
• Expeditionary Missions and in nations and out of the area
• Interoperability Requirements
• Multi level Security Needs
• Multinational and multiforces missions (combined, joint) with
different lead (NATO, EU, Nations, ONU)
• CIMIC Integration : Civil and Military Infrastructure Protection
• NCW, NCO, NEC Trasformation
• Open Source and open standards adoption
• Speed change in technology evolution
7© 2011 SELEX Sistemi Integrati. All rights reserved
Cyber Industrial Enablers
• Establish Governance for Cyber Defence Issues
• Share and Synchronize Culture
• Develop and Synchronize a different Business ModelsOrganization
• Strengthen Life Cycle Management & Develop a Collaborative Working Environment
• Manage and Synchronize Frameworks
• Re-use of existing Cyber efforts and investments
• Program Management & Risk/ Cost Control/Reduction
• Methodologies of Continuous Training forCyber
Methodology
• Develop a Cyber Assessment Environment
• Develop Interoperability Framework
• Setup a Federated and Secured Communications Infrastructure through specific SO and HW
• Setup an Information & Core Services Infrastructure
• Setup an Information Assurance (IA) Infrastructure and Security Services
• Anticipate Man-in-the-Loop and Improve Human Factors
• Setup a System Management
Technical
8© 2011 SELEX Sistemi Integrati. All rights reserved
System of System Engineering Approach:
From AF to SysML
SYSTEM OF SYSTEM
DOMAIN
ISFM
ISFM
SW Requir
Specification
SW Code
ImplementionSW
Unit TestSW
Integration
SW/HW Test
Validation
SYSTEM DOMAINSystem
Requirement
Specification
HMI
Requirement
Specification
Requirement
Analysis
Functional
Analysis & DesignSpecialised
Studies
Interface
Requirement
Specification
HMI Functional
Analysis & Design
ISFM
HMI Interface
Requirement
Specification
Performance
Analysis
Integration &
Test
Activity
Battelab
Int. Lab
Field Int.
Tra
ceability
SOFTWARE
DOMAIN
10© 2011 SELEX Sistemi Integrati. All rights reserved
The appliance implements
Vulnerability Assessment
functions aimed to control the
presence of vulnerabilities in the
different OS versions and
configurations, and network
system applications.
Security Audit
operates Security Alerts,
generates events and forwards
them to the main collector .
Intrusion detection
Manage the network bandwidth
partitioning according to
different criteria
Bandwith management
Has the aim to analyse both
network traffic (up to application
level) and Netflow information
Traffic Monitoring
Has the aim to gather and store
SNMPTrap and syslog messages from
different host and applications, and to
extract and visualise them according to
different criteria.
Log Server
Italian+UK Security Operation Centre
11© 2011 SELEX Sistemi Integrati. All rights reserved
The Finmeccanica Business Model
• FNM provided a contribution to COPASIR
Report ( Italian Government Report)
• Internal Organization – IPT : FNM Cyber team
lead by Selex SI (Selex Sistemi Integrati, Selex
Communications, Elsag Datamat, Digint,
Vega, Selex Sistem Integration)
• Strategic issue:
– SELEX Sistemi Integrati has been
engaged by FNM corporate to partecipate
to Cyber Defence Exercise (Cyber Shot
2010)
12© 2011 SELEX Sistemi Integrati. All rights reserved
CyberShield Solution (1/2)
SELEX Sistemi Integrati has developed a prototype project on a security
architecture that has been integrated into a product CyberShield_SoS, which
offers an advanced modular and flexible solution to the market, based on the
following building blocks
Cyber SensorsEvery Sensor usable to
detect the threats
Cyber C4The infrastructure is needed to
manage the 5° dimension (Cyber
Sfera)
Cyber EffectorsEvery single resource is needed
to react to the threat
13© 2011 SELEX Sistemi Integrati. All rights reserved
Cyber EffectorsTo stop, to ban, to recover
•Select and activate countermeasure
•To Ban neutralize the threats
•Verify effects of the response
•Recover to normal activities
CyberShield Solution (2/2)
Cyber Sensors“Learn” information
•Threats analysis and identification and prevention of threat and sources•Discovery of intrusion and network traffic flow analysis•Cyber intelligence on open sources•Monitoring upon event and network activities
Cyber C4Overlook the fifth dimension
•Supervision of the correlation analysis of the
information domains
•Generation and Evalutation of the operative pictures
(CYOP, Cyber Operational Picture)
•Implementation of operative Pictures and Geografical
network Maps
•Advanced Management of information in the classified
domains.
14© 2011 SELEX Sistemi Integrati. All rights reserved
CYBER
GOVERNANCE
& RULES OF
ENGAGEMENT
CYBER
SENSORS AND
EFFECTORS
CYBER C4 : CYOP
Recover
Protect
Deter
DetectRespond
CyberShield : Architecture and Domains