Integrated Information Warfare for the 21 st Century PEOC4I.NAVY.MIL Program Executive Office Command, Control, Communications, Computers and Intelligence (PEO C4I) NDIA San Diego Fall Industry Event PMW 130 Information Assurance and Cybersecurity Program Office 25 October 2017 DISTRIBUTION STATEMENT A: Approved for public release, distribution is unlimited (18 OCTOBER 2017)
13
Embed
PMW 130 Information Assurance and Cybersecurity Program Office · Cybersecurity Program Office 25 October 2017 DISTRIBUTION STATEMENT A: Approved for public release, distribution
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Integrated Information Warfare for the
21st CenturyPEOC4I.NAVY.MIL
Program Executive OfficeCommand, Control, Communications, Computers and Intelligence (PEO C4I)
NDIA San Diego Fall Industry EventPMW 130 Information Assurance and Cybersecurity Program Office
25 October 2017
DISTRIBUTION STATEMENT A: Approved for public release, distribution is unlimited (18 OCTOBER 2017)
• Cryptography and Key Management: Acquire, install, and provide life cycle support for end cryptographic units for Navy, Marine Corps, and Coast Guard platforms
Data and Voice Cryptography (Modernization and Legacy)
Key Management (Electronic Key Management System (EKMS) and Key Management Infrastructure (KMI), Key Loaders)
Public Key Infrastructure (PKI)
Crypto & Key Management
4
Program Overview
• Protects against, monitors, analyzes, detects, and responds to unauthorized activity within Navy tactical networks and attacks against computer-network vulnerabilities, cyber threats, and critical assets
Afloat: Host IPS/FW/Anti-virus, security compliance scanning and assessment, identity management and smart card logon (PKI), cross-domain solution, data-at-rest encryption
Network Security
5
Threat Trends
1. Socially engineered malware2. Password phishing attacks3. Unpatched software4. Social media threats5. Advanced persistent threats6. Insider Threat
Most Likely Cyber Attacks
6Sources: CSO Online, The 5 cyber attacks you're most likely to face, 21 Aug 17Carnegie Mellon University, Common Sense Guide to Mitigating Insider Threats, Fifth Edition
Threat Trends
• More advanced malwareinstallers / trojans
• Script-based malwarealso a growth area
JavaScript & PowerShellEasier obfuscation
• Government is still theprimary target
New Malware on the Rise
7Source: September 2017 McAfee Labs Threat Report
Industry Trends
• Cloud servicesPotential for better security and availabilityImplementation has to be coordinated
• Internet of ThingsPoor manufacturer security / patching supportCommonly used to launch remote distributed attacksAlso used as a pivot point to enter networks(e.g. Las Vegas casino fish tank = data exfiltration)
Changing the Infrastructure
8Sources: SANS Institute, Cyber Security Trends: Aiming Ahead of the Target to Increase Security in 2017; Forbes, Criminals Hacked A Fish Tank To Steal Data From A Casino, July 27, 2017
DevOps Production
Management &
Control Systems
• Development• DT/OT/Integration type
testing• RMF• System Check out/Prep
for install• Data Scrub• M&S - Analysis
• Data collection• Systems interface mgmt• Cloud mgmt• Configuration
• Information Fusion• Threats• Vulnerabilities• Cyber weather
• Data Standardization • Modeling & Simulation
(M&S - Analytics)
• Active Detection/ Monitoring• Intelligent Security
Orchestration• Smart Responses
• Information Presentation
• Information Sharing• Battlespace
Management
• Defend at the speed of cyber• Remove the Sailor from the cyber defense decision loop or make
it easier for them to use what is deployed
Cyber DefenseAutomated
Cybersecurity Decision Support
Intelligent Cyber Information
Shared Cybersecurity Battlespace Situational
Awareness
Rapid Response Data Construct
Next Generation Cyber Defense
Networked Sensor Systems
Approaching Advanced Defense
10
PMW 130 Industry Engagement
• PMW 130 is working with DIUx to accelerate capability prototyping and deployment
• Defense Innovation Unit Experimental (DIUx), a DoD entity primarily based in Mountain View, CA (outpost in Washington D.C.; Austin, TX; Boston, MA) develops new partnerships with the private sector and many other innovation hubs to put commercial-based innovation in the hands of America's soldiers, sailors, airmen, and marines.
DIUx
11
PMW 130 Industry Partnerships
12
PMW 130 teamed with Industry to support the Navy and PEO C4I’s Cybersecurity mission
Contract/Task Number SPAWAR HQ Contract Title Contractor(Prime)
Contract Type
Ceiling Amount POP
N00039-17-F3012 PMW 130/160Installation Support ANSOL CPFF $5,480,397 10/1/2017 - 9/30/2022
N00178-14-D-8006-NS01 PMW 120/130Financial Support Services