Cyber security Investor presentation 17th November 2011 JP Morgan Cazenove, London
Cyber security Investor presentation 17th November 2011 JP Morgan Cazenove, London
Rakesh Sharma Chief Executive Introduction
November 2011 © Ultra Electronics: Proprietary Data
Ultra Electronics: Slide 3
Schedule • Introduction • Cyber and the cyber threat • Cyber security • UK’s crypto modernisation programme • Key management • Summary & Questions • Demonstrations:
• Assured communications • Key management • Securing the cloud
• Dinner
Rakesh Sharma Chief Executive
Dr. Alex Tarter Group Cyber Security Technical Lead
Nigel Mackie Group Cyber Security Lead
Dr. Jonathan Blogh Chief Engineer, Communication & Integrated Systems
Paul Maguire President, ProLogic
Dr. Jonathan Blogh Chief Engineer, Communication & Integrated Systems
Peter van de Geest Managing Director, AEP Networks
Dr. Alex Tarter Group Cyber Security Technical Lead
Dr. Alex Tarter Group Cyber Security Technical Lead Cyber and the cyber threat … A bad day in cyber space!
November 2011 © Ultra Electronics: Proprietary Data
Ultra Electronics: Slide 5
What is cyber? THE EXPONENTIAL GROWTH OF THE INTERNET AND COMMUNICATIONS
THE INTERNET IS DRIVEN BY UTILITY NOT SECURITY
2 billion users on the Internet
Fibre optic bandwidth across the globe -2010
November 2011 © Ultra Electronics: Proprietary Data
Ultra Electronics: Slide 6
What is cyber? A DEFINITION
This can be divided into 4 categories:
– Data the information contained in the cyber domain
– Devices the technology on which data is processed in the cyber domain
– Networks the connects and communication traffic between devices in the cyber domain
– People the participants within the cyber domain
Need category pictures here
Cyber:
The interdependent network of Information Systems; including the Internet, telecommunications networks, critical infrastructure computer systems and embedded processors and controllers.
© 2011 Ultra Electronics
November 2011 © Ultra Electronics: Proprietary Data
Ultra Electronics: Slide 7
Activities in Cyber Security comprise the protection, defence, Information gathering or attack on the ‘Confidentiality, Integrity or Availability’ of Information Systems.
Confidentiality Only those authorised can understand the information or systems
Integrity
Only those authorised can create, modify, use or destroy information or systems
Availability
Information or systems are available to those authorised to see/use them
Cyber security:
The body of technologies, processes and practices designed to protect the network of Information systems.
What is cyber security? CIA – CONFIDENTIALITY, INTEGRITY AND AVAILABILITY
No not this one!
Courtesy of the CIA web site
November 2011 © Ultra Electronics: Proprietary Data
Ultra Electronics: Slide 8
• Online banking
– only you can access your account (C) – the balance is correct (I) – you can access it when you need to (A)
• Medical records
– only you and your doctor can see them (C) – the records accurately give your blood type (I) – in an emergency doctors can find out your blood type (A)
• Power station control system
– only authorised operators can shutdown the station (C) – commands are not corrupted from the control station to the actuator (I) – in an emergency shutdown commands can reach the actuators (A)
What is cyber security? EXAMPLES OF CONFIDENTIALITY, INTEGRITY AND AVAILABILITY
November 2011 © Ultra Electronics: Proprietary Data
Ultra Electronics: Slide 9
Cyber attacks HOW DOES THIS AFFECT YOU?
• Internet banking? – hackers routinely pretend to be your bank – cost UK nearly £60m in 2009
(New Card and Banking Fraud Figures UKCards Association)
• Mobile phone calls? – anyone can listen into a mobile call in 3 minutes with equipment
costing £10, instructions online (Wideband GSM Sniffing, Nohl & Muaut, 27th Chaos Communication Congress)
• Corporate networks? – RSA lost its SecureID secret, costing parent company EMC £50m – 20% of Fortune 100 companies hacked the same way
(Who else was hit by the RSA Attackers?, Brian Krebs, KrebsonSecurity.com)
• Confidential financial market data? – Nasdaq OMX got repeatedly hacked, attackers viewed a wealth of
confidential data (NSA to Investigate Nasdaq Hack, Kim Zetter, Wired Magazine)
• Aviation? – in 2008 a hacker almost shut down US Air Traffic Control
(FAA report number FI-2009-049)
November 2011 © Ultra Electronics: Proprietary Data
Ultra Electronics: Slide 10
Cyber attacks SOPHISTICATED ATTACKS
• Is the government spying on you? – German government has admitted installing malware on suspects’
computers to monitor and track them (Germany spyware: Minister calls for probe of state use, BBC News 11/10/11)
• Can hackers disrupt the market? – This year, hackers described how to manipulate flash trading
systems, and that they have less security than your home PC! (Security When Nano Seconds Count, Arlen, DEFCON 19)
• Effects on the physical world – Stuxnet showed how to covertly manipulate crucial control equipment
so that it broke – stopped Iranian nuclear production via a thumb drive
(W32.Stuxnet Dossier, Symantec)
• What next? – Duqu just showed up, hidden in lots of places, allows attackers to
monitor & control industrial manufacturers – could be used to turn off production facilities, power stations,
transport networks etc (W32.Duqu The precursor to the next Stuxnet, Symantec)
• But no-one is blowing anything up right? – US allegedly manipulated control software for the Trans-Siberian
Pipeline causing the largest non-nuclear explosion & fire ever seen from space! (At the Abyss: An Insider’s History of the Cold War, Thomas C. Reed former U.S. Air Force Secretary)
Nigel Mackie Group Cyber Security Lead What is cyber security?
November 2011 © Ultra Electronics: Proprietary Data
Ultra Electronics: Slide 12
What is cyber security? MARKET SEGMENTATION
© 2011 Ultra Electronics
Networks Data Devices People
Avai
labi
lity
Inte
grit
y Co
nfid
enti
alit
y
© 2011 Ultra Electronics
November 2011 © Ultra Electronics: Proprietary Data
Ultra Electronics: Slide 13
What is cyber security? KEY MARKETS
Networks Data Devices People
Avai
labi
lity
Inte
grit
y Co
nfid
enti
alit
y Traffic Encryption
& Key Management
Network Hardening &
Boundary Protection
Data at Rest Encryption
& Key Management
Transaction Protection
Multi-factor Authentication
Legal Intercept &
Cloud Computing
Reliability DDoS Protection
Collaborative Working
Penetration Testing &
Vulnerability Scanning
Attack Identification &
Response Training
© 2011 Ultra Electronics
A model to analyse the cyber security
market
© 2011 Ultra
Electronics
November 2011 © Ultra Electronics: Proprietary Data
Ultra Electronics: Slide 14
What is cyber security? MARKET SIZE AND GROWTH – GLOBAL & HIGH THREAT MARKETS
Networks Data Devices People
Avai
labi
lity
Inte
grit
y Co
nfid
enti
alit
y Traffic Encryption
& Key Management
Network Hardening &
Boundary Protection
Data at Rest Encryption
& Key Management
Transaction Protection
Multi-factor Authentication
Legal Intercept &
Cloud Computing
Reliability DDoS Protection
Collaborative Working
Penetration Testing &
Vulnerability Scanning
Attack Identification &
Response Training
6% $6.1b $2b
Annual growth % Global market p.a.
High threat market p.a.
10% $3.2b $2b
12% $2.8b $0.8b
2% $3.5b $1.5b
2% $1.5b $0.5b
11% $3.1b $0.5b
5% $2b $1b
11% $3.5b $1.5b
6% $8.5b $2b
10% $3.5b $0.5b
8% $8b $1b
20% $4.1b $0.5b
Global total: $49.8b
High threat total: $13.8b
Source: Frost & Sullivan 2011 Forrester 2009 Accenture 2009 Pike Research 2011
© 2011 Ultra Electronics
© 2011 Ultra
Electronics
November 2011 © Ultra Electronics: Proprietary Data
Ultra Electronics: Slide 15
What is cyber security? MARKET NICHES
Networks Data Devices People
Avai
labi
lity
Inte
grit
y Co
nfid
enti
alit
y
Cryptography Key Management
Meta-Data Production Legal Intercept
Keyless Decryption Disposal
Obfuscation
Storage Audited Actions Secure Software Authentication
Non-Repudiation Attack Vector
Unauthorised Duplication Malware Testing Audit
Manipulation Risk Assessment
Remote Retrieval Meta-Data Provision
Flow Control Legal Intercept Local retrieval Compression
Spoofing Access
Access Key Management Authentication
Recovery Testing
Data Retention
Link Cryptography Network Cryptography
Obfuscation Access
Key Management Multi-level Security Logical Separation
Testing
Authentication Access
Knowledge Spoofing Testing
Usage Restrictions Audited Actions
Intrusion Detection Intrusion Response Secure Operation
Attack Vector Operational Validation
Testing Risk Assessment
Damage
Usage Restrictions Routing
Attack Vector Authentication
Monitoring Direction Control Audited Actions
Spoofing Accuracy
Risk Assessment Testing
Risk Assessment Risk Appetite Procedures
Practice Behaviour
Situational Awareness Social Networks
Business Continuity Business Recovery
Access
User Interface Prioritisation
Legal Intercept Operation
Continued Operation Spoofing
Efficiency Restoration
Safety
Wired Access Wireless Access
Prioritisation Flow Control
Legal Intercept Shaping
Attack Response Safety
© 2011 Ultra Electronics
…and drill down to identify the market
niches that comprise the cyber
security market
© 2011 Ultra
Electronics
November 2011 © Ultra Electronics: Proprietary Data
Ultra Electronics: Slide 16
Cryptography Key Management
Meta-Data Production Legal Intercept
Keyless Decryption Disposal
Obfuscation
Storage Audited Actions Secure Software Authentication
Non-Repudiation Attack Vector
Unauthorised Duplication Malware Testing Audit
Manipulation Risk Assessment
Remote Retrieval Meta-Data Provision
Flow Control Legal Intercept Local retrieval Compression
Spoofing Access
Networks Data Devices People
Avai
labi
lity
Inte
grit
y Co
nfid
enti
alit
y Access
Key Management Authentication
Recovery Testing
Data Retention
Link Cryptography Network Cryptography
Obfuscation Access
Key Management Multi-level Security Logical Separation
Testing
Authentication Access
Knowledge Spoofing Testing
Usage Restrictions Audited Actions
Intrusion Detection Intrusion Response Secure Operation
Attack Vector Operational Validation
Testing Risk Assessment
Damage
Usage Restrictions Routing
Attack Vector Authentication
Monitoring Direction Control Audited Actions
Spoofing Accuracy
Risk Assessment Testing
Risk Assessment Risk Appetite Procedures
Practice Behaviour
Situational Awareness Social Networks
Business Continuity Business Recovery
Access
User Interface Prioritisation
Legal Intercept Operation
Continued Operation Spoofing
Efficiency Restoration
Safety
Wired Access Wireless Access
Prioritisation Flow Control
Legal Intercept Shaping
Attack Response Safety
Ultra’s niches:
Today’s niches Adjacent niches No current plans
© 2011 Ultra Electronics
© 2011 Ultra
Electronics
What is cyber security? MARKET NICHES
November 2011 © Ultra Electronics: Proprietary Data
Ultra Electronics: Slide 17
High Threat Club
Defence
Intelligence
Critical National Infrastructure
Financial
Telecommunications
Energy
Transport
Ultra’s target market
Cyber security ULTRA’S TARGET MARKET
Wider Market
Local government
Large businesses
Small & medium businesses
Personal
November 2011 © Ultra Electronics: Proprietary Data
Ultra Electronics: Slide 18
What is cyber security? A MARKET FRAMEWORK – INFORMATION CLASSIFICATION
Unit value
Unit volume
November 2011 © Ultra Electronics: Proprietary Data
Ultra Electronics: Slide 19
Impact of attack
Frequency of attack
Terrorists (AQ, Hamas, Hezbollah)
National governments (China, Russia, NK, Iran)
Industrial spies Organised crime
Hacktivists (Anonymous, LulzSec, etc)
Hackers (K Mitnik, B Manning etc)
Large scale harm and psychological impact
Serious financial harm and Intellectual property drain
Large scale embarrassment and confidence impact
National economic harm & war
Serious embarrassment
2
1
3
4
5
Threat scope
What is cyber security? WHY THE MARKET IS DEVELOPING SO RAPIDLY
November 2011 © Ultra Electronics: Proprietary Data
Ultra Electronics: Slide 20
Cyber security SPECIALIST CAPABILITIES
November 2011 © Ultra Electronics: Proprietary Data
Ultra Electronics: Slide 21
• Crypto and key management – to ‘high grade’
– securing the highest classification of information – over the network key management – legacy, current & future algorithms
• CARDS & Solitaire
– COMSEC accounting – secure key order & black key distribution – handheld secure key loader
• Keyper crypto
– PKI Signing – protects the internet backbone – protects valuable crypto keys
Cyber security SPECIALIST CAPABILITIES – CRYPTOGRAPHY AND KEY MANAGEMENT
November 2011 © Ultra Electronics: Proprietary Data
Ultra Electronics: Slide 22
• IP Reveal
– processes legally intercepted voice internet traffic – deep packet analysis – visualise target behaviour & communications
• Medirva
– process high volume of audio intelligence – speech-to-text conversion – data-minable results – speaker identification
Cyber security SPECIALIST CAPABILITIES – LEGAL INTERCEPT
November 2011 © Ultra Electronics: Proprietary Data
Ultra Electronics: Slide 23
• National Resilience Extranet
– secure (IL3) communication & exchange system – supports the resilience community – 800+ UK Government agencies & organisations
• Syntaxis
– secure gateway – collaborative working environment – Public Key Infrastructure (PKI) enabled
• Integrated systems - vessel traffic management
– protected and integral database – processes and controls sensors – data fusion and target tracking
Cyber security SPECIALIST CAPABILITIES – EXTRANET, GATEWAYS & INTEGRATED SOLUTIONS
November 2011 © Ultra Electronics: Proprietary Data
Ultra Electronics: Slide 24
• PacketAssure
– enforced lower layer Quality of Service – intelligent adaptive load balancing – real-time traffic shaping
• DarkNode
– non-discoverable encrypted gateway – network obfuscation – industrial control protection
• Secure WiFi
– FIPS 140-2 validated – wireless mesh networked – protects national infrastructure – web services
• CloudProtect
– security as a service – provides secure cloud computing – secure application access
Cyber security SPECIALIST CAPABILITIES – SECURE NETWORKING
Dr. Jonathan Blogh Chief Engineer, Communication & Integrated Systems The UK MOD crypto modernisation programme
November 2011 © Ultra Electronics: Proprietary Data
Ultra Electronics: Slide 26
Cryptographic equipment HIGH GRADE ENCRYPTION HERITAGE & EXPERTISE
• Developing secure communications products and systems since 1950s
• The only non-US company to design and certify a US Type 1 crypto • Awarded the End Cryptographic Unit Replacement Programme (ECU RP) in 2010 (worth £86m), the first phase of the UK MOD’s
crypto modernisation programme
• Awarded the VLF (SM) replacement in 2011 (worth £18m) protecting the highest level of classified information for UK MOD
ULTRA IS THE UK’s LEADING PROVIDER OF TACTICAL HIGH GRADE CRYPTOGRAPHIC EQUIPMENT
VLF (SM) US Type 1 Crypto
ECU RP crypto modernisation
programme
November 2011 © Ultra Electronics: Proprietary Data
Ultra Electronics: Slide 27
ECU Replacement Programme (ECU RP) A SYSTEM ENGINEERED SOLUTION
• ECU RP will replace 5,000+ high grade crypto’s
• 23 different types of crypto will be replaced
• Replacing legacy link, airborne, special, network and telephony equipment
• Ultra’s Common Core Crypto (C3) is common to all units and is the first UK programmable crypto to be introduced in high grade equipment • ECU RP equipment will be integrated on 30 platform types and 150 sites and systems
• Interoperability with UK, UK/US, 5 Eyes and coalition forces in legacy and future modes
• Field upgradeable for new algorithms and protocols
• ‘Form and Fit’ compatible with legacy equipment to minimise platform integration cost ECU RP IS THE FIRST PHASE OF THE UK’S
CRYPTO MODERNISATION PROGRAMME
The Common Core Crypto (C3)
KW-46(R)
Future Bulk Crypto (FBC)
KG-84(R)
Programmable Tactical Crypto
(PTC) Future Link Crypto (FLC)
Paul Maguire President, ProLogic Key management
Ultra Electronics: Page 29
November 2011 © Ultra Electronics: Proprietary Data
Key management MARKET • Key material is used to keep crypto hardware running
• It has to be updated periodically
• Most US and UK defence key material is still moved by secure courier
• The biggest vulnerability in the key management niche is people
• The largest cost in the key management niche is people
• Ultra’s solutions allow key material to be moved electronically
• Ultra’s solutions reduce costs by reducing people and travel
• Ultra’s solutions increase security by reducing people’s access to keys
• The consumer market is beginning to use more key material and that convergence with the defence market is fueling growth
November 2011 © Ultra Electronics: Proprietary Data
Ultra Electronics: Slide 30
Key management GLOBAL MARKET
• Key management – multi-billion dollar market
– creation – dissemination – inventory – $10 billion+
• Increased demand – 9% annual growth
• Broad solution set – hardware – software – services
• End-to-end generator-to-consumer key delivery
• Ready to support the ‘mobile internet tsunami’
• Solves the the biggest cost problem - people
© 2010 Deltek, Inc. All Rights Reserved 1 2 3 4 5 6 7 8 9
Security-related Services Still Dominate
64
Source: INPUT
4.8
2.9
0.9
7.5
4.5
1.4
0
1
2
3
4
5
6
7
8
Professional Services CAGR 9.2%
Software Products CAGR 9.2%
Equipment CAGR 8.1%
Add
ress
able
Mar
ket (
$B)
2010
2015
November 2011 © Ultra Electronics: Proprietary Data
Ultra Electronics: Slide 31
Key management CURRENT & FUTURE MARKET OFFERINGS
•Application software solutions – military and consumer – Ultra’s solutions manage the majority of US key material - CARDS – it is being sold internationally – it has applications for the consumer key management market as well
•Hardware – Solitaire – a portable computer that can be used in classified spaces to manage key material. It runs the CARDS software as an ‘app’ – programmable solutions that are upgradeable
• Services – on-site services to application software customers (e.g., Central Office of Record (COR) Management Services for CARDS users)
November 2011 © Ultra Electronics: Proprietary Data
Ultra Electronics: Slide 32
• CARDS on hand-held touch screen PC for use in secure
areas
• ‘App’ culture type device – stand alone tactical CARDS server – commercial AES 256 Key generation, overwrap, decrypt – supports barcode inventory management – ‘Black Key’ regional collector – key media conversion – from paper tape – key distribution for UAVs – configuration management – available now!
Solitaire THE COMSEC MANAGERS HAND-HELD PC
CARDS Solitaire
November 2011 © Ultra Electronics: Proprietary Data
Ultra Electronics: Slide 33
Key management FUTURE GROWTH Future growth will come from sales of value-added products and services to: • Exploit adjacent consumer
markets for key management – banking – health – mobile devices
• Exploit adjacent markets for high value asset management solutions
– parts, weapons, etc.
• Improve the use of Unmanned Systems (UxS) internationally and in the US by reducing dependence on manpower to keep systems ‘keyed’
The convergence of consumer and non-consumer level solutions will occur more rapidly in the key management niche because of the large sums of money involved in consumer transactions.
Cyber security Reference books and papers
November 2011 © Ultra Electronics: Proprietary Data
Ultra Electronics: Slide 35
References http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_duqu_the_precursor_to_the_next_stuxnet_research.pdf http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_stuxnet_dossier.pdf http://hbgary.com/hbgary-threat-report-operation-aurora http://www.mcafee.com/us/resources/white-papers/wp-operation-shady-rat.pdf http://krebsonsecurity.com/2011/10/who-else-was-hit-by-the-rsa-attackers/ http://www.ft.com/intl/indepth/cyber-warfare
Cyber security: attacks and vulnerabilities – Dr Alex Tarter Books: Dissecting the Hack – Street Cyber War – Clarke, Knake Aviation Security Engineering – Markarian, Koelle, Tarter Hacking: The Art of Exploitation - Erickson Fatal System Error - Menn