Click to edit Master title style
Chris McIntoshCEO ViaSat UK
Critical Infrastructure Protection
Broadband Internet Service
Provider
Government and Enterprise
Mobile Services
Information Assurance and Cyber Security
Communications Technologies
Critical Infrastructure
Protection
ViaSat: Security and Communications
Founded in 1986$1.2bn+ Revenue 3,000+ Employees
» Intrusion Detection, Analysis and Recovery» Mobility – Assured Mobile Operations and Wireless Comms» Endpoint Client Security and Integrity» Continuous System Security Monitoring, Metrics and
Measurement of IA Posture» Virtualisation, Platform Integrity, and Trusted Platform» Usability – Transparent Security» Real-time Detection, Analysis, Defence, and Resilience» Establishing and Maintaining Assurance in Heterogeneous,
Mobile and Cloud Environments» Manage Storage and Track Access to Information
http://www.nsa.gov/ia/business_research/3
NSA: 2013 Top Technology Challenges
4
ADVANCEDPERSISTENTTHREAT
CONVENTIONALTHREAT
Agility / Speed of ActionAA BB C DD EE
Reactive & Manual Tools-Based Integrated Picture Dynamic Defense
People based followingdoctrine and doing theirbest to “put out fires”
Applying tools andtechnologies piecemealto assist people inreacting faster
Continuous monitoring controls, interoperabilityand standards baseddata exchange forIA situational awareness
Resilient Enterprise
APT response within theenterprise instantiatespolicy, illuminates eventsand helps the operatorsfind, fix, and target forresponse
Predictive & mission focused, isolates and contains damage, secure supply chains and protect key critical infrastructures to operate through cyber attack
Thre
at
EE
CC
DD
AA
Most Organizations
BB
Resilience
11
Cyber Security Maturity Model
5
ADVANCEDPERSISTENTTHREAT
CONVENTIONALTHREAT
Agility / Speed of ActionAA BB C DD EE
Reactive & Manual Tools-Based Integrated Picture Dynamic Defense
People based followingdoctrine and doing theirbest to “put out fires”
Applying tools andtechnologies piecemealto assist people inreacting faster
Continuous monitoring controls, interoperabilityand standards baseddata exchange forIA situational awareness
Resilient Enterprise
APT response within theenterprise instantiatespolicy, illuminates eventsand helps the operatorsfind, fix, and target forresponse
Predictive & mission focused, isolates and contains damage, secure supply chains and protect key critical infrastructures to operate through cyber attack
Thre
at
EE
CC
DD
AA
Most Organizations
BB
Resilience
11
Cyber Security Maturity Model
?? ???
??
Overview of LTE ArchitectureeNodeB
IntegratedSeGW
IntegratedSeGW
SeGW
x2
MME
SAE GW
OSS
Certificate Server(Identity Management)
Internet
HSS
OperatorServices
PCRF
ServicesEvolved Packet Core (EPC)Access/Transport
Control PlaneUser PlaneTSL/HTTPSIPSec
Overview of LTE Architecture
eNodeB
IntegratedSeGW
IntegratedSeGW
SeGW
x2
MME
SAE GW
OSS
Certificate Server(Identity Management)
Internet
HSS
OperatorServices
PCRF
ServicesEvolved Packet Core (EPC)Access/Transport
Control PlaneUser PlaneTSL/HTTPSIPSec
• IPSEC Sy not always installed• Comms beyond ENodeB unencrypted• Deploy now and think about sy later
syndrome• Speed of roll-out• Cost• Performance
• Increases attack vectors for hackers
Fault ØEquipment failure ØFalse readings
Individuals ØDisgruntled employeesØFinancial information accessØInternal or external
‘Hacktivist’ ØDisrupt service for political or social cause
Government ØHostile NationsØState Sponsored attacks
OrganisedCrime
ØTheftØExtortionØSelling IP to othersØState Ignored attacks
The Threat
Malicious ActivitySpoofing Man-In-The-Middle (MITM)
Denial of Service (DoS) Distributed Denial of Service (DDoS)
X XXX
IP address spoofing, Caller ID spoofing…
Eavesdropping, chosen-ciphertext attack, substitution attack, replay attack…
SYN flood, LAND attack, Smurf attack, Ping of Death, Teardrop attack…
Botnets/Dosnets, peer-to-peer attacks, Distributed Reflected DoS (DRDoS) attacks like ICMP echo request and DNS amplification attacks
Network Vulnerabilities
10
Security in Depth
11
» CCS is a real-time cyber-security monitoring, detection and response platform that provides complete network visualisation, decision support and automation.
By using sensors and traffic flow analysis it can identify and respond to suspicious and anomalous behaviour on operational control systems.
ViaSat Common Cyber Security
ViaSat Key Tenets
•All networks are ‘dirty’ to some extent•No such thing as an Air Gap•Risk owner must be part of the Cyber solution•Solution:People, Processes and Technology
Conceptual Operation
Bump-In-The-Wire
Bump-In-The-StackProxy –CCS-Enabled Gateway
Gateway
Multimedia Node
System Security
14
• Public Key Infrastructure (PKI), Identity Management• Trust Anchor Management (TAM), TAM Protocol (TAMP)Authentication
• Role Based Access Control (RBAC)• Group Domain of Interpretation (GDOI)Authorization
• Integrity Management Authority (IMA)• Trusted Boot, Trusted Network Connect (TNC)Integrity
• Secure data and control plane communication over IPsec and GDOI• Peer-to-peer control plane communication via Data Distribution
System (DDS)Confidentiality
• QoT Updates and Override• Peer-to-peer QoT Events• Session based Data Labeling : Trusted, Questionable, Untrusted
Quality-of-Trust
Ø I am who I say I am and I have not been tampered with
ØI am behaving as expected (based upon a defined list of characteristics)
ØWhat do the devices that I am physically and/or logically connected to think about by behaviour.
Quality of Trust
Identity
Status Bill of Health
QualityOf Trust
Ø A device has been authenticated and has joined the “fabric” of CCS enabled devices
Quality of Trust
Gateway
Multimedia Node
Summary
» Critical Infrastructures should be treated as such, and appropriately protected
» The threat environment is dynamic and fast moving» Often we do not know the form that an attack will take
(Behavioural anomaly detection is key)» Customised visual display of security posture aids operational
management» Integrated situational awareness of legacy and new equipment
is essential» Quarantine of compromised areas will reduce system
downtime» Mobile network growth and improvements in QoS should not
be at the expense of security» ViaSat are Government trusted security specialists
Questions?