Michael Ogata Securing First Responder Mobile and Wearble ...
Transcript of Michael Ogata Securing First Responder Mobile and Wearble ...
![Page 1: Michael Ogata Securing First Responder Mobile and Wearble ...](https://reader030.fdocuments.net/reader030/viewer/2022032515/6235f7457a86621f3075efca/html5/thumbnails/1.jpg)
1
AtlasGoing Beyond the Public Safety Use Case
Michael OgataNIST, Applied Cybersecurity Division
#PSCR2019
![Page 2: Michael Ogata Securing First Responder Mobile and Wearble ...](https://reader030.fdocuments.net/reader030/viewer/2022032515/6235f7457a86621f3075efca/html5/thumbnails/2.jpg)
2
DISCLAIMER
Certain commercial entities, equipment, or materials may be identified in this document in order to describe an
experimental procedure or concept adequately. Such identification is not intended to imply
recommendation or endorsement by the National Institute of Standards and Technology, nor is it intended to imply that the entities, materials, or equipment are necessarily
the best available for the purpose.
*Please note, unless mentioned in reference to a NIST Publication, all information and data presented is
preliminary/in-progress and subject to change
![Page 3: Michael Ogata Securing First Responder Mobile and Wearble ...](https://reader030.fdocuments.net/reader030/viewer/2022032515/6235f7457a86621f3075efca/html5/thumbnails/3.jpg)
• The Road to Atlas
• Overview of Atlas’ Purpose and Goals
• Advantages to the Approach
• Roadmaps and Future Huddles
3
Agenda
![Page 4: Michael Ogata Securing First Responder Mobile and Wearble ...](https://reader030.fdocuments.net/reader030/viewer/2022032515/6235f7457a86621f3075efca/html5/thumbnails/4.jpg)
NISTIR 8135 NISTIR 8136
Identifying public safety mobile data
Understandingvulnerability detection
capabilities
Measuring vulnerability detection
Exploring the current state of the art in
vulnerability detection
2015 2017
2016 2018MASE SATE
PSCR Mobile App Security Work
4
![Page 5: Michael Ogata Securing First Responder Mobile and Wearble ...](https://reader030.fdocuments.net/reader030/viewer/2022032515/6235f7457a86621f3075efca/html5/thumbnails/5.jpg)
In order to determine how to secure public safety mobile apps, we first have to determine what the apps do
A Common Problem: Framing Public Safety's Needs
5
What apps do is tied to the activities Public Safety engages in.
The activities an app models will dictate the information handled by that app.
Mobile Apps Are More that Just Smart Phone Apps
![Page 6: Michael Ogata Securing First Responder Mobile and Wearble ...](https://reader030.fdocuments.net/reader030/viewer/2022032515/6235f7457a86621f3075efca/html5/thumbnails/6.jpg)
Public Safety
App Developers
• High level descriptions• Security Categorizations• Links To Information Type
Resources
Information Type Catalog
Searchable Resource
6
Atlas Goals
• Keyword• Types• Disciplines
• Increased understanding of threat landscape
• Seeing activities through the lens of Cybersecurity
• Better informed• Protocols• Best Practices
Use Case Catalog• Information Types in
Context
Functions Audience
![Page 7: Michael Ogata Securing First Responder Mobile and Wearble ...](https://reader030.fdocuments.net/reader030/viewer/2022032515/6235f7457a86621f3075efca/html5/thumbnails/7.jpg)
7
Anatomy of a Use CaseApps model Actions, Actions require Information
Who
What
Where
![Page 8: Michael Ogata Securing First Responder Mobile and Wearble ...](https://reader030.fdocuments.net/reader030/viewer/2022032515/6235f7457a86621f3075efca/html5/thumbnails/8.jpg)
8
Anatomy of a Use CaseApps model Actions, Actions require Information
Who
What
WhereDisciplines
• Responders• Victims• Witnesses• Suspects
Actors
• Fire• Law Enforcement• EMS
Organizations • State Police• Highway Patrol
![Page 9: Michael Ogata Securing First Responder Mobile and Wearble ...](https://reader030.fdocuments.net/reader030/viewer/2022032515/6235f7457a86621f3075efca/html5/thumbnails/9.jpg)
9
Anatomy of a Use CaseApps model Actions, Actions require Information
Who
What
Where• Triage• Traffic stop• Containment
Technologies and Assets
• Weather• Chemicals• Weapons
Hazards
• Radios• Wearables• Sensors
Activities
![Page 10: Michael Ogata Securing First Responder Mobile and Wearble ...](https://reader030.fdocuments.net/reader030/viewer/2022032515/6235f7457a86621f3075efca/html5/thumbnails/10.jpg)
10
Anatomy of a Use CaseApps model Actions, Actions require Information
Who
What
WhereResponders
• Urban/Rural• Interior/Exterior• Suspects
Event Location
• GPS• Floor• Geofencing
![Page 11: Michael Ogata Securing First Responder Mobile and Wearble ...](https://reader030.fdocuments.net/reader030/viewer/2022032515/6235f7457a86621f3075efca/html5/thumbnails/11.jpg)
Confidentiality
Integrity
Availability
11
Use Case Information Security Categorization
Low Moderate High
Low Moderate High
Low Moderate High
Adverse EffectsOperations Assets
Individuals Reputation
![Page 12: Michael Ogata Securing First Responder Mobile and Wearble ...](https://reader030.fdocuments.net/reader030/viewer/2022032515/6235f7457a86621f3075efca/html5/thumbnails/12.jpg)
12
Use Case Information Security Categorization
During a response to a building fire, a firefighter uses an app on his/her mobile device to navigate through the building as well as provide firefighter location to the fire incident commander.
Where
What
Who
• Responder• Name• Rank• Organization
Low Low Low
![Page 13: Michael Ogata Securing First Responder Mobile and Wearble ...](https://reader030.fdocuments.net/reader030/viewer/2022032515/6235f7457a86621f3075efca/html5/thumbnails/13.jpg)
13
Use Case Information Security Categorization
During a response to a building fire, a firefighter uses an app on his/her mobile device to navigate through the building as well as provide firefighter location to the fire incident commander.
Where
What
Who
• Building Schematics• Vital Readings• Responder Location
Low Moderate ModerateHigh High
![Page 14: Michael Ogata Securing First Responder Mobile and Wearble ...](https://reader030.fdocuments.net/reader030/viewer/2022032515/6235f7457a86621f3075efca/html5/thumbnails/14.jpg)
14
Atlas Use Case Catalog
Traffic Stop
• Collection of Use Cases
• Searchable
• Discipline
• Info Type
• Keyword
Building Fire
Cardiac Arrest
![Page 15: Michael Ogata Securing First Responder Mobile and Wearble ...](https://reader030.fdocuments.net/reader030/viewer/2022032515/6235f7457a86621f3075efca/html5/thumbnails/15.jpg)
15
Atlas Information Type Catalog• Collection of
Information Types• Searchable• Keyword• Security
Categorization• Cross reference against
Use Cases• Maps types to
resources
![Page 16: Michael Ogata Securing First Responder Mobile and Wearble ...](https://reader030.fdocuments.net/reader030/viewer/2022032515/6235f7457a86621f3075efca/html5/thumbnails/16.jpg)
First Responders
Information Security Officers
App Developers
Public Safety
Researchers
16
Atlas Target AudienceBenefits and Uses
![Page 17: Michael Ogata Securing First Responder Mobile and Wearble ...](https://reader030.fdocuments.net/reader030/viewer/2022032515/6235f7457a86621f3075efca/html5/thumbnails/17.jpg)
IdentifyAsset Management
GovernanceRisk Assessment
ProtectIdentity
Management Authentication
DetectEvent Detection
Continuous Monitoring
RespondPlanning
MitigationAnalysis
RecoverPlanning
ImprovementComms
Framework Core
17
NIST Cybersecurity Framework
![Page 18: Michael Ogata Securing First Responder Mobile and Wearble ...](https://reader030.fdocuments.net/reader030/viewer/2022032515/6235f7457a86621f3075efca/html5/thumbnails/18.jpg)
First Responders
Information Security Officers
App Developers
Public Safety
Researchers
18
Atlas Target AudienceBenefits and Uses
![Page 19: Michael Ogata Securing First Responder Mobile and Wearble ...](https://reader030.fdocuments.net/reader030/viewer/2022032515/6235f7457a86621f3075efca/html5/thumbnails/19.jpg)
19
NIEM – National Information Exchange Model
![Page 20: Michael Ogata Securing First Responder Mobile and Wearble ...](https://reader030.fdocuments.net/reader030/viewer/2022032515/6235f7457a86621f3075efca/html5/thumbnails/20.jpg)
20
NIEM – National Information Exchange Model
Responder Organization A
Responder Organization B
Responder Organization C
a
![Page 21: Michael Ogata Securing First Responder Mobile and Wearble ...](https://reader030.fdocuments.net/reader030/viewer/2022032515/6235f7457a86621f3075efca/html5/thumbnails/21.jpg)
21
NIEM – National Information Exchange Model
NIEM CoreNIEM Domains
Future Domains
![Page 22: Michael Ogata Securing First Responder Mobile and Wearble ...](https://reader030.fdocuments.net/reader030/viewer/2022032515/6235f7457a86621f3075efca/html5/thumbnails/22.jpg)
First Responders
Information Security Officers
App Developers
Public Safety
Researchers
22
Atlas Target AudienceBenefits and Uses
![Page 23: Michael Ogata Securing First Responder Mobile and Wearble ...](https://reader030.fdocuments.net/reader030/viewer/2022032515/6235f7457a86621f3075efca/html5/thumbnails/23.jpg)
• Common description of public
safety activities
• Enables collaborative research
efforts
• Identity management
• Usability
• Interoperability
Public Safety Research
23
Who
What
Where
During a response to a building fire, a firefighter uses an app on his/her mobile device to navigate through the building as well as provide firefighter location to the fire incident commander.
![Page 24: Michael Ogata Securing First Responder Mobile and Wearble ...](https://reader030.fdocuments.net/reader030/viewer/2022032515/6235f7457a86621f3075efca/html5/thumbnails/24.jpg)
• Expand the use case database
• Export/link to use case data into NIEM schemas
• Expand information type links resources
• Looking for feedback – check out the demo!
24
Hurdles and Future Work
![Page 25: Michael Ogata Securing First Responder Mobile and Wearble ...](https://reader030.fdocuments.net/reader030/viewer/2022032515/6235f7457a86621f3075efca/html5/thumbnails/25.jpg)
THANK YOU25
Michael OgataNIST, Applied Cybersecurity Division
![Page 26: Michael Ogata Securing First Responder Mobile and Wearble ...](https://reader030.fdocuments.net/reader030/viewer/2022032515/6235f7457a86621f3075efca/html5/thumbnails/26.jpg)
Security for First Responder Mobile and Wearable Devices
Gema HowellNIST, Applied Cybersecurity Division
26
![Page 27: Michael Ogata Securing First Responder Mobile and Wearble ...](https://reader030.fdocuments.net/reader030/viewer/2022032515/6235f7457a86621f3075efca/html5/thumbnails/27.jpg)
Presentation Overview
• Mobile and wearable devices identified• Purpose of the project• Project outline• Public safety security objectives• Mobile and wearable test analysis• Best practices and guidance
27
![Page 28: Michael Ogata Securing First Responder Mobile and Wearble ...](https://reader030.fdocuments.net/reader030/viewer/2022032515/6235f7457a86621f3075efca/html5/thumbnails/28.jpg)
Mobile and Wearable Device Examples
28
![Page 29: Michael Ogata Securing First Responder Mobile and Wearble ...](https://reader030.fdocuments.net/reader030/viewer/2022032515/6235f7457a86621f3075efca/html5/thumbnails/29.jpg)
The Why
• More Devices, More Problems• First Responders are/will use mobile and wearable devices to
achieve their daily life saving activities• The security of these public safety devices are important to ensure
minimal impact on their daily activities
Project Goals:• Identify security needs for public safety devices• Provide guidance to architect secure public safety systems
29
![Page 30: Michael Ogata Securing First Responder Mobile and Wearble ...](https://reader030.fdocuments.net/reader030/viewer/2022032515/6235f7457a86621f3075efca/html5/thumbnails/30.jpg)
Step Number One Step Number Two
Perform Research: Use Cases , Threats, and
Interviews
Identify Security Objectives
Develop Best Practices and Guidance
Analyze Public Safety Devices
01 03
02 04Step Number Three Step Number Four
Project Outline
30
![Page 31: Michael Ogata Securing First Responder Mobile and Wearble ...](https://reader030.fdocuments.net/reader030/viewer/2022032515/6235f7457a86621f3075efca/html5/thumbnails/31.jpg)
Confidentiality
Authentication
Integrity
Device and Ecosystem Health
Availability
Ease of Management
Interoperability
Isolation
Public Safety Security Objectives
31
NISTIR 8196 - Security Analysis of First Responder Mobile and Wearable Devices
![Page 32: Michael Ogata Securing First Responder Mobile and Wearble ...](https://reader030.fdocuments.net/reader030/viewer/2022032515/6235f7457a86621f3075efca/html5/thumbnails/32.jpg)
Testing Analysis
• Purpose:• Understand the current security features and capabilities of public safety
mobile & wearable devices
• Methodology:• Develop analysis plan using the public safety security objectives• Analyze public safety mobile and wearable devices using the analysis plan• Identify security features, capabilities, and gaps in the technology
32
![Page 33: Michael Ogata Securing First Responder Mobile and Wearble ...](https://reader030.fdocuments.net/reader030/viewer/2022032515/6235f7457a86621f3075efca/html5/thumbnails/33.jpg)
Highlighted Observations:
• Easy access and readily available device information• make, model, OS version
• Inclusive of many built-in security features• VPN, device encryption, authentication
mechanisms• May receive infrequent updates• proprietary operating system• infrequent application updates and compatibility
• No rogue base station detection
Mobile Device Analysis
33
![Page 34: Michael Ogata Securing First Responder Mobile and Wearble ...](https://reader030.fdocuments.net/reader030/viewer/2022032515/6235f7457a86621f3075efca/html5/thumbnails/34.jpg)
Highlighted Observations:
• Readily available device information but varyingin the amount of detail
• Many did not have a full-fledged operating system• Rely on external application to process data
• Older/outdated bluetooth version used in all devices• Weak authentication process• Lack encryption of data• No MAC address randomization (susceptible to
location tracking)• Infrequent updates and static device
configuration
Wearable Analysis
34
![Page 35: Michael Ogata Securing First Responder Mobile and Wearble ...](https://reader030.fdocuments.net/reader030/viewer/2022032515/6235f7457a86621f3075efca/html5/thumbnails/35.jpg)
Developing Best Practices and Guidance
• Purpose• Inform first responders of the security features necessary to achieve their
security objectives• Inform public safety device manufacturers of the security features that
should be incorporated in their devices
• Methodology• Don’t reinvent the wheel and identify relevant best practices and guidance• Reference the NIST Cybersecurity Framework• Reference NISTIR 8228 Considerations for Managing Internet of Things (IoT)
Cybersecurity and Privacy Risks
35
![Page 36: Michael Ogata Securing First Responder Mobile and Wearble ...](https://reader030.fdocuments.net/reader030/viewer/2022032515/6235f7457a86621f3075efca/html5/thumbnails/36.jpg)
IdentifyAsset Management
GovernanceRisk Assessment
ProtectIdentity
Management Authentication
DetectEvent Detection
Continuous Monitoring
RespondPlanning
MitigationAnalysis
RecoverPlanning
ImprovementComms
Framework Core
36
NIST Cybersecurity Framework
![Page 37: Michael Ogata Securing First Responder Mobile and Wearble ...](https://reader030.fdocuments.net/reader030/viewer/2022032515/6235f7457a86621f3075efca/html5/thumbnails/37.jpg)
Confidentiality
Authentication
Integrity
Device and Ecosystem Health
Availability
Ease of Management
Interoperability
Isolation
Public Safety Security Objectives
37
NISTIR 8196 - Security Analysis of First Responder Mobile and Wearable Devices
![Page 38: Michael Ogata Securing First Responder Mobile and Wearble ...](https://reader030.fdocuments.net/reader030/viewer/2022032515/6235f7457a86621f3075efca/html5/thumbnails/38.jpg)
Device Guidance and Considerations
Secure Boot/Boot Validation
Cybersecurity Framework: Protect
PS Security Objective: Authentication
DataIsolation
38
Multi-factor Authentication
Device Awareness
Cybersecurity Framework: IdentifyPS Security Objective: Ease of
Management
Cybersecurity Framework: DetectPS Security Objective: Integrity
Cybersecurity Framework: RespondPS Security Objective: Isolation
![Page 39: Michael Ogata Securing First Responder Mobile and Wearble ...](https://reader030.fdocuments.net/reader030/viewer/2022032515/6235f7457a86621f3075efca/html5/thumbnails/39.jpg)
Device Guidance and Considerations
Network InterfacesAwareness
MITM Detection
Data Encryption
39
Cybersecurity Framework: IdentifyPS Security Objective: Ease of
Management
Cybersecurity Framework: ProtectPS Security Objective: Confidentiality
Cybersecurity Framework: DetectPS Security Objective: Integrity
Updates and Patch ManagementCybersecurity Framework: RespondPS Security Objective: Device Health
![Page 40: Michael Ogata Securing First Responder Mobile and Wearble ...](https://reader030.fdocuments.net/reader030/viewer/2022032515/6235f7457a86621f3075efca/html5/thumbnails/40.jpg)
NISTIR 8235 – Security Guidance for First Responder Mobile and Wearable Devices
Closing Remarks
40
Demonstration of Bluetooth Attack on BLE Device
![Page 41: Michael Ogata Securing First Responder Mobile and Wearble ...](https://reader030.fdocuments.net/reader030/viewer/2022032515/6235f7457a86621f3075efca/html5/thumbnails/41.jpg)
41
THE POWER IS YOURS!!!
![Page 42: Michael Ogata Securing First Responder Mobile and Wearble ...](https://reader030.fdocuments.net/reader030/viewer/2022032515/6235f7457a86621f3075efca/html5/thumbnails/42.jpg)
THANK YOU42
![Page 44: Michael Ogata Securing First Responder Mobile and Wearble ...](https://reader030.fdocuments.net/reader030/viewer/2022032515/6235f7457a86621f3075efca/html5/thumbnails/44.jpg)
Come back for the
Next Session
1:50 PM
44
#PSCR2019