Cyber security Investor presentation - Ultra Electronics...Cyber security: The body of technologies, processes and practices designed to protect the network of Information systems.

Cyber security Investor presentation 17th November 2011 JP Morgan Cazenove, London

Rakesh Sharma Chief Executive Introduction

November 2011 © Ultra Electronics: Proprietary Data

Ultra Electronics: Slide 3

Schedule • Introduction • Cyber and the cyber threat • Cyber security • UK’s crypto modernisation programme • Key management • Summary & Questions • Demonstrations:

• Assured communications • Key management • Securing the cloud

• Dinner

Rakesh Sharma Chief Executive

Dr. Alex Tarter Group Cyber Security Technical Lead

Nigel Mackie Group Cyber Security Lead

Dr. Jonathan Blogh Chief Engineer, Communication & Integrated Systems

Paul Maguire President, ProLogic

Dr. Jonathan Blogh Chief Engineer, Communication & Integrated Systems

Peter van de Geest Managing Director, AEP Networks

Dr. Alex Tarter Group Cyber Security Technical Lead

Dr. Alex Tarter Group Cyber Security Technical Lead Cyber and the cyber threat … A bad day in cyber space!



What is cyber? THE EXPONENTIAL GROWTH OF THE INTERNET AND COMMUNICATIONS

THE INTERNET IS DRIVEN BY UTILITY NOT SECURITY

2 billion users on the Internet

Fibre optic bandwidth across the globe -2010



What is cyber? A DEFINITION

This can be divided into 4 categories:

– Data the information contained in the cyber domain

– Devices the technology on which data is processed in the cyber domain

– Networks the connects and communication traffic between devices in the cyber domain

– People the participants within the cyber domain

Need category pictures here

Cyber:

The interdependent network of Information Systems; including the Internet, telecommunications networks, critical infrastructure computer systems and embedded processors and controllers.

© 2011 Ultra Electronics



Activities in Cyber Security comprise the protection, defence, Information gathering or attack on the ‘Confidentiality, Integrity or Availability’ of Information Systems.

Confidentiality Only those authorised can understand the information or systems

Integrity

Only those authorised can create, modify, use or destroy information or systems

Availability

Information or systems are available to those authorised to see/use them

Cyber security:

The body of technologies, processes and practices designed to protect the network of Information systems.

What is cyber security? CIA – CONFIDENTIALITY, INTEGRITY AND AVAILABILITY

No not this one!

Courtesy of the CIA web site

https://www.cia.gov/library/publications/the-world-factbook/index.html



• Online banking

– only you can access your account (C) – the balance is correct (I) – you can access it when you need to (A)

• Medical records

– only you and your doctor can see them (C) – the records accurately give your blood type (I) – in an emergency doctors can find out your blood type (A)

• Power station control system

– only authorised operators can shutdown the station (C) – commands are not corrupted from the control station to the actuator (I) – in an emergency shutdown commands can reach the actuators (A)

What is cyber security? EXAMPLES OF CONFIDENTIALITY, INTEGRITY AND AVAILABILITY



Cyber attacks HOW DOES THIS AFFECT YOU?

• Internet banking? – hackers routinely pretend to be your bank – cost UK nearly £60m in 2009

(New Card and Banking Fraud Figures UKCards Association)

• Mobile phone calls? – anyone can listen into a mobile call in 3 minutes with equipment

costing £10, instructions online (Wideband GSM Sniffing, Nohl & Muaut, 27th Chaos Communication Congress)

• Corporate networks? – RSA lost its SecureID secret, costing parent company EMC £50m – 20% of Fortune 100 companies hacked the same way

(Who else was hit by the RSA Attackers?, Brian Krebs, KrebsonSecurity.com)

• Confidential financial market data? – Nasdaq OMX got repeatedly hacked, attackers viewed a wealth of

confidential data (NSA to Investigate Nasdaq Hack, Kim Zetter, Wired Magazine)

• Aviation? – in 2008 a hacker almost shut down US Air Traffic Control

(FAA report number FI-2009-049)



Cyber attacks SOPHISTICATED ATTACKS

• Is the government spying on you? – German government has admitted installing malware on suspects’

computers to monitor and track them (Germany spyware: Minister calls for probe of state use, BBC News 11/10/11)

• Can hackers disrupt the market? – This year, hackers described how to manipulate flash trading

systems, and that they have less security than your home PC! (Security When Nano Seconds Count, Arlen, DEFCON 19)

• Effects on the physical world – Stuxnet showed how to covertly manipulate crucial control equipment

so that it broke – stopped Iranian nuclear production via a thumb drive

(W32.Stuxnet Dossier, Symantec)

• What next? – Duqu just showed up, hidden in lots of places, allows attackers to

monitor & control industrial manufacturers – could be used to turn off production facilities, power stations,

transport networks etc (W32.Duqu The precursor to the next Stuxnet, Symantec)

• But no-one is blowing anything up right? – US allegedly manipulated control software for the Trans-Siberian

Pipeline causing the largest non-nuclear explosion & fire ever seen from space! (At the Abyss: An Insider’s History of the Cold War, Thomas C. Reed former U.S. Air Force Secretary)

Nigel Mackie Group Cyber Security Lead What is cyber security?



What is cyber security? MARKET SEGMENTATION


Networks Data Devices People

Avai

labi

lity

Inte

grit

y Co

nfid

enti

alit

y




What is cyber security? KEY MARKETS


Avai

labi

lity

Inte

grit

y Co

nfid

enti

alit

y Traffic Encryption

& Key Management

Network Hardening &

Boundary Protection

Data at Rest Encryption

& Key Management

Transaction Protection

Multi-factor Authentication

Legal Intercept &

Cloud Computing

Reliability DDoS Protection

Collaborative Working

Penetration Testing &

Vulnerability Scanning

Attack Identification &

Response Training


A model to analyse the cyber security

market

© 2011 Ultra

Electronics



What is cyber security? MARKET SIZE AND GROWTH – GLOBAL & HIGH THREAT MARKETS


Avai

labi

lity

Inte

grit

y Co

nfid

enti

alit

y Traffic Encryption

& Key Management

Network Hardening &

Boundary Protection

Data at Rest Encryption

& Key Management

Transaction Protection

Multi-factor Authentication

Legal Intercept &

Cloud Computing

Reliability DDoS Protection

Collaborative Working

Penetration Testing &

Vulnerability Scanning

Attack Identification &

Response Training

6% $6.1b $2b

Annual growth % Global market p.a.

High threat market p.a.

10% $3.2b $2b

12% $2.8b $0.8b

2% $3.5b $1.5b

2% $1.5b $0.5b

11% $3.1b $0.5b

5% $2b $1b

11% $3.5b $1.5b

6% $8.5b $2b

10% $3.5b $0.5b

8% $8b $1b

20% $4.1b $0.5b

Global total: $49.8b

High threat total: $13.8b

Source: Frost & Sullivan 2011 Forrester 2009 Accenture 2009 Pike Research 2011


© 2011 Ultra

Electronics



What is cyber security? MARKET NICHES


Avai

labi

lity

Inte

grit

y Co

nfid

enti

alit

y

Cryptography Key Management

Meta-Data Production Legal Intercept

Keyless Decryption Disposal

Obfuscation

Storage Audited Actions Secure Software Authentication

Non-Repudiation Attack Vector

Unauthorised Duplication Malware Testing Audit

Manipulation Risk Assessment

Remote Retrieval Meta-Data Provision

Flow Control Legal Intercept Local retrieval Compression

Spoofing Access

Access Key Management Authentication

Recovery Testing

Data Retention

Link Cryptography Network Cryptography

Obfuscation Access

Key Management Multi-level Security Logical Separation

Testing

Authentication Access

Knowledge Spoofing Testing

Usage Restrictions Audited Actions

Intrusion Detection Intrusion Response Secure Operation

Attack Vector Operational Validation

Testing Risk Assessment

Damage

Usage Restrictions Routing

Attack Vector Authentication

Monitoring Direction Control Audited Actions

Spoofing Accuracy

Risk Assessment Testing

Risk Assessment Risk Appetite Procedures

Practice Behaviour

Situational Awareness Social Networks

Business Continuity Business Recovery

Access

User Interface Prioritisation

Legal Intercept Operation

Continued Operation Spoofing

Efficiency Restoration

Safety

Wired Access Wireless Access

Prioritisation Flow Control

Legal Intercept Shaping

Attack Response Safety


…and drill down to identify the market

niches that comprise the cyber

security market

© 2011 Ultra

Electronics



Cryptography Key Management

Meta-Data Production Legal Intercept

Keyless Decryption Disposal

Obfuscation

Storage Audited Actions Secure Software Authentication

Non-Repudiation Attack Vector

Unauthorised Duplication Malware Testing Audit

Manipulation Risk Assessment

Remote Retrieval Meta-Data Provision

Flow Control Legal Intercept Local retrieval Compression

Spoofing Access


Avai

labi

lity

Inte

grit

y Co

nfid

enti

alit

y Access

Key Management Authentication

Recovery Testing

Data Retention

Link Cryptography Network Cryptography

Obfuscation Access

Key Management Multi-level Security Logical Separation

Testing

Authentication Access

Knowledge Spoofing Testing

Usage Restrictions Audited Actions

Intrusion Detection Intrusion Response Secure Operation

Attack Vector Operational Validation

Testing Risk Assessment

Damage

Usage Restrictions Routing

Attack Vector Authentication

Monitoring Direction Control Audited Actions

Spoofing Accuracy

Risk Assessment Testing

Risk Assessment Risk Appetite Procedures

Practice Behaviour

Situational Awareness Social Networks

Business Continuity Business Recovery

Access

User Interface Prioritisation

Legal Intercept Operation

Continued Operation Spoofing

Efficiency Restoration

Safety

Wired Access Wireless Access

Prioritisation Flow Control

Legal Intercept Shaping

Attack Response Safety

Ultra’s niches:

Today’s niches Adjacent niches No current plans


© 2011 Ultra

Electronics

What is cyber security? MARKET NICHES



High Threat Club

Defence

Intelligence

Critical National Infrastructure

Financial

Telecommunications

Energy

Transport

Ultra’s target market

Cyber security ULTRA’S TARGET MARKET

Wider Market

Local government

Large businesses

Small & medium businesses

Personal



What is cyber security? A MARKET FRAMEWORK – INFORMATION CLASSIFICATION

Unit value

Unit volume



Impact of attack

Frequency of attack

Terrorists (AQ, Hamas, Hezbollah)

National governments (China, Russia, NK, Iran)

Industrial spies Organised crime

Hacktivists (Anonymous, LulzSec, etc)

Hackers (K Mitnik, B Manning etc)

Large scale harm and psychological impact

Serious financial harm and Intellectual property drain

Large scale embarrassment and confidence impact

National economic harm & war

Serious embarrassment

2

1

3

4

5

Threat scope

What is cyber security? WHY THE MARKET IS DEVELOPING SO RAPIDLY



Cyber security SPECIALIST CAPABILITIES



• Crypto and key management – to ‘high grade’

– securing the highest classification of information – over the network key management – legacy, current & future algorithms

• CARDS & Solitaire

– COMSEC accounting – secure key order & black key distribution – handheld secure key loader

• Keyper crypto

– PKI Signing – protects the internet backbone – protects valuable crypto keys

Cyber security SPECIALIST CAPABILITIES – CRYPTOGRAPHY AND KEY MANAGEMENT



• IP Reveal

– processes legally intercepted voice internet traffic – deep packet analysis – visualise target behaviour & communications

• Medirva

– process high volume of audio intelligence – speech-to-text conversion – data-minable results – speaker identification

Cyber security SPECIALIST CAPABILITIES – LEGAL INTERCEPT



• National Resilience Extranet

– secure (IL3) communication & exchange system – supports the resilience community – 800+ UK Government agencies & organisations

• Syntaxis

– secure gateway – collaborative working environment – Public Key Infrastructure (PKI) enabled

• Integrated systems - vessel traffic management

– protected and integral database – processes and controls sensors – data fusion and target tracking

Cyber security SPECIALIST CAPABILITIES – EXTRANET, GATEWAYS & INTEGRATED SOLUTIONS



• PacketAssure

– enforced lower layer Quality of Service – intelligent adaptive load balancing – real-time traffic shaping

• DarkNode

– non-discoverable encrypted gateway – network obfuscation – industrial control protection

• Secure WiFi

– FIPS 140-2 validated – wireless mesh networked – protects national infrastructure – web services

• CloudProtect

– security as a service – provides secure cloud computing – secure application access

Cyber security SPECIALIST CAPABILITIES – SECURE NETWORKING

Dr. Jonathan Blogh Chief Engineer, Communication & Integrated Systems The UK MOD crypto modernisation programme



Cryptographic equipment HIGH GRADE ENCRYPTION HERITAGE & EXPERTISE

• Developing secure communications products and systems since 1950s

• The only non-US company to design and certify a US Type 1 crypto • Awarded the End Cryptographic Unit Replacement Programme (ECU RP) in 2010 (worth £86m), the first phase of the UK MOD’s

crypto modernisation programme

• Awarded the VLF (SM) replacement in 2011 (worth £18m) protecting the highest level of classified information for UK MOD

ULTRA IS THE UK’s LEADING PROVIDER OF TACTICAL HIGH GRADE CRYPTOGRAPHIC EQUIPMENT

VLF (SM) US Type 1 Crypto

ECU RP crypto modernisation

programme



ECU Replacement Programme (ECU RP) A SYSTEM ENGINEERED SOLUTION

• ECU RP will replace 5,000+ high grade crypto’s

• 23 different types of crypto will be replaced

• Replacing legacy link, airborne, special, network and telephony equipment

• Ultra’s Common Core Crypto (C3) is common to all units and is the first UK programmable crypto to be introduced in high grade equipment • ECU RP equipment will be integrated on 30 platform types and 150 sites and systems

• Interoperability with UK, UK/US, 5 Eyes and coalition forces in legacy and future modes

• Field upgradeable for new algorithms and protocols

• ‘Form and Fit’ compatible with legacy equipment to minimise platform integration cost ECU RP IS THE FIRST PHASE OF THE UK’S

CRYPTO MODERNISATION PROGRAMME

The Common Core Crypto (C3)

KW-46(R)

Future Bulk Crypto (FBC)

KG-84(R)

Programmable Tactical Crypto

(PTC) Future Link Crypto (FLC)

Paul Maguire President, ProLogic Key management

Ultra Electronics: Page 29


Key management MARKET • Key material is used to keep crypto hardware running

• It has to be updated periodically

• Most US and UK defence key material is still moved by secure courier

• The biggest vulnerability in the key management niche is people

• The largest cost in the key management niche is people

• Ultra’s solutions allow key material to be moved electronically

• Ultra’s solutions reduce costs by reducing people and travel

• Ultra’s solutions increase security by reducing people’s access to keys

• The consumer market is beginning to use more key material and that convergence with the defence market is fueling growth



Key management GLOBAL MARKET

• Key management – multi-billion dollar market

– creation – dissemination – inventory – $10 billion+

• Increased demand – 9% annual growth

• Broad solution set – hardware – software – services

• End-to-end generator-to-consumer key delivery

• Ready to support the ‘mobile internet tsunami’

• Solves the the biggest cost problem - people

© 2010 Deltek, Inc. All Rights Reserved 1 2 3 4 5 6 7 8 9

Security-related Services Still Dominate

64

Source: INPUT

4.8

2.9

0.9

7.5

4.5

1.4

0

1

2

3

4

5

6

7

8

Professional Services CAGR 9.2%

Software Products CAGR 9.2%

Equipment CAGR 8.1%

Add

ress

able

Mar

ket (

$B)

2010

2015



Key management CURRENT & FUTURE MARKET OFFERINGS

•Application software solutions – military and consumer – Ultra’s solutions manage the majority of US key material - CARDS – it is being sold internationally – it has applications for the consumer key management market as well

•Hardware – Solitaire – a portable computer that can be used in classified spaces to manage key material. It runs the CARDS software as an ‘app’ – programmable solutions that are upgradeable

• Services – on-site services to application software customers (e.g., Central Office of Record (COR) Management Services for CARDS users)



• CARDS on hand-held touch screen PC for use in secure

areas

• ‘App’ culture type device – stand alone tactical CARDS server – commercial AES 256 Key generation, overwrap, decrypt – supports barcode inventory management – ‘Black Key’ regional collector – key media conversion – from paper tape – key distribution for UAVs – configuration management – available now!

Solitaire THE COMSEC MANAGERS HAND-HELD PC

CARDS Solitaire



Key management FUTURE GROWTH Future growth will come from sales of value-added products and services to: • Exploit adjacent consumer

markets for key management – banking – health – mobile devices

• Exploit adjacent markets for high value asset management solutions

– parts, weapons, etc.

• Improve the use of Unmanned Systems (UxS) internationally and in the US by reducing dependence on manpower to keep systems ‘keyed’

The convergence of consumer and non-consumer level solutions will occur more rapidly in the key management niche because of the large sums of money involved in consumer transactions.

Cyber security Reference books and papers



References http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_duqu_the_precursor_to_the_next_stuxnet_research.pdf http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_stuxnet_dossier.pdf http://hbgary.com/hbgary-threat-report-operation-aurora http://www.mcafee.com/us/resources/white-papers/wp-operation-shady-rat.pdf http://krebsonsecurity.com/2011/10/who-else-was-hit-by-the-rsa-attackers/ http://www.ft.com/intl/indepth/cyber-warfare

Cyber security: attacks and vulnerabilities – Dr Alex Tarter Books: Dissecting the Hack – Street Cyber War – Clarke, Knake Aviation Security Engineering – Markarian, Koelle, Tarter Hacking: The Art of Exploitation - Erickson Fatal System Error - Menn

http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_duqu_the_precursor_to_the_next_stuxnet_research.pdf

http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_duqu_the_precursor_to_the_next_stuxnet_research.pdf

http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_stuxnet_dossier.pdf

http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_stuxnet_dossier.pdf

http://hbgary.com/hbgary-threat-report-operation-aurora

http://www.mcafee.com/us/resources/white-papers/wp-operation-shady-rat.pdf

http://krebsonsecurity.com/2011/10/who-else-was-hit-by-the-rsa-attackers/

http://www.ft.com/intl/indepth/cyber-warfare

Cyber security Investor presentation - Ultra Electronics...Cyber security: The body of technologies, processes and practices designed to protect the network of Information systems.

Documents