2019 S&T Cybersecurity and Innovation Showcase · Detecting NIDEs in Next Generation (NG)9-1-1 and...
Transcript of 2019 S&T Cybersecurity and Innovation Showcase · Detecting NIDEs in Next Generation (NG)9-1-1 and...
![Page 1: 2019 S&T Cybersecurity and Innovation Showcase · Detecting NIDEs in Next Generation (NG)9-1-1 and Other Communication Networks ... 2019. 2. Funded Contract Information . This material](https://reader034.fdocuments.us/reader034/viewer/2022052010/60207e0f10620d711f7f6e19/html5/thumbnails/1.jpg)
Solutions Now I Innovations for the Future
2019 S&T Cybersecurity and Innovation Showcase
1
![Page 2: 2019 S&T Cybersecurity and Innovation Showcase · Detecting NIDEs in Next Generation (NG)9-1-1 and Other Communication Networks ... 2019. 2. Funded Contract Information . This material](https://reader034.fdocuments.us/reader034/viewer/2022052010/60207e0f10620d711f7f6e19/html5/thumbnails/2.jpg)
Detecting NIDEs in Next Generation (NG)9-1-1 and Other Communication Networks
Mark Collier |SecureLogix CorporationMarch 18, 2019
2
![Page 3: 2019 S&T Cybersecurity and Innovation Showcase · Detecting NIDEs in Next Generation (NG)9-1-1 and Other Communication Networks ... 2019. 2. Funded Contract Information . This material](https://reader034.fdocuments.us/reader034/viewer/2022052010/60207e0f10620d711f7f6e19/html5/thumbnails/3.jpg)
Funded Contract Information This material is based on research sponsored by the Department of Homeland Security, Science and Technology Directorate via contract number 70RSAT18C00000011.
No Endorsement NotificationAny reference to any specific commercial products, processes, or services by trade name, trademark, manufacturer, or otherwise, does not constitute or imply its endorsement, recommendation, or favoring by the Department of Homeland Security or the United States Government.
Hyperlinked Web sites do not constitute endorsement by DHS of the Web site or the information, products, or services contained therein. DHS does not exercise any editorial control over materials on this website or the information on non-DHS Web sites.
Disclaimer Notification The views, opinions, findings, conclusions, or recommendations expressed in this video are those of the authors and do not necessarily reflect the official policy or position of the Department of Homeland Security (DHS) or the United States Government. The publication of these views by DHS does not confer any individual rights or cause of action against the United States. Users of information in the materials assume all liability from such use.
![Page 4: 2019 S&T Cybersecurity and Innovation Showcase · Detecting NIDEs in Next Generation (NG)9-1-1 and Other Communication Networks ... 2019. 2. Funded Contract Information . This material](https://reader034.fdocuments.us/reader034/viewer/2022052010/60207e0f10620d711f7f6e19/html5/thumbnails/4.jpg)
Team Profile Mark Collier – CTO – Principal Investigator Kelly Minyard – SVP Sales – Transition Dr. Nisar Hundewale – Chief Scientist – Machine Learning Mark O’Brien – Senior Developer – Software Development Dr. Waleed Haddad – Chief Scientist – Detection algorithms Chris Duxler – West/ECaTS – Data/ECaTS dashboard
4
![Page 5: 2019 S&T Cybersecurity and Innovation Showcase · Detecting NIDEs in Next Generation (NG)9-1-1 and Other Communication Networks ... 2019. 2. Funded Contract Information . This material](https://reader034.fdocuments.us/reader034/viewer/2022052010/60207e0f10620d711f7f6e19/html5/thumbnails/5.jpg)
Customer Need
Financial Account Take Over (ATO)
OtherHarassing
Call Patterns
Call floods that crowd-out
legitimate calls
Automated telemarketing calls & spam
Targeted social engineering
AuthenticateFinancial CC
Calls
Harassing Calls
5
![Page 6: 2019 S&T Cybersecurity and Innovation Showcase · Detecting NIDEs in Next Generation (NG)9-1-1 and Other Communication Networks ... 2019. 2. Funded Contract Information . This material](https://reader034.fdocuments.us/reader034/viewer/2022052010/60207e0f10620d711f7f6e19/html5/thumbnails/6.jpg)
Customer Need Telephony Denial of Service (TDoS) attack against D.C. 9-1-1: About 6,000 calls All from the same source number Recorded calls with bible verses
TDoS attacks against multiple counties in D.C. area: Targeted the administrative phones and police department About 6,300 calls in one case Calls were dead air, recorded message, or Arabic language Used non-local, but valid, spoofed source numbers
6
![Page 7: 2019 S&T Cybersecurity and Innovation Showcase · Detecting NIDEs in Next Generation (NG)9-1-1 and Other Communication Networks ... 2019. 2. Funded Contract Information . This material](https://reader034.fdocuments.us/reader034/viewer/2022052010/60207e0f10620d711f7f6e19/html5/thumbnails/7.jpg)
Customer Need
7
![Page 8: 2019 S&T Cybersecurity and Innovation Showcase · Detecting NIDEs in Next Generation (NG)9-1-1 and Other Communication Networks ... 2019. 2. Funded Contract Information . This material](https://reader034.fdocuments.us/reader034/viewer/2022052010/60207e0f10620d711f7f6e19/html5/thumbnails/8.jpg)
Approach – Leverage Work to Date PolicyGuru solution improvements TDoS detection improvements Unique NG9-1-1 improvements Information from existing pilots Continue the existing pilots Integrate Call Authentication Service (CAS)
8
![Page 9: 2019 S&T Cybersecurity and Innovation Showcase · Detecting NIDEs in Next Generation (NG)9-1-1 and Other Communication Networks ... 2019. 2. Funded Contract Information . This material](https://reader034.fdocuments.us/reader034/viewer/2022052010/60207e0f10620d711f7f6e19/html5/thumbnails/9.jpg)
Approach – Define NIDE Taxonomy NIDE == Network Internet Disruptive Event (NIDE) Intentional TDoS Inadvertent TDoS (robocalls, faxes, call pumping) Pool, elevator, or other phone issue Persistent harassing caller Cellular jamming (impact to 9-1-1) Service provider issues and loss of key data Text and video
9
![Page 10: 2019 S&T Cybersecurity and Innovation Showcase · Detecting NIDEs in Next Generation (NG)9-1-1 and Other Communication Networks ... 2019. 2. Funded Contract Information . This material](https://reader034.fdocuments.us/reader034/viewer/2022052010/60207e0f10620d711f7f6e19/html5/thumbnails/10.jpg)
Approach – NIDE Detection Develop machine learning models Augment existing Call Authentication Service (CAS) Integrate with existing PolicyGuru solution Use West/ECaTS dashboard for visualization Develop interface for communication of events Ideally integrate into West NG9-1-1 offering Ideally integrate into EC3 concept
10
![Page 11: 2019 S&T Cybersecurity and Innovation Showcase · Detecting NIDEs in Next Generation (NG)9-1-1 and Other Communication Networks ... 2019. 2. Funded Contract Information . This material](https://reader034.fdocuments.us/reader034/viewer/2022052010/60207e0f10620d711f7f6e19/html5/thumbnails/11.jpg)
Approach – Architecture
11
ServiceProvider Call Handling
System
SIP Trunk
SBCNetwork Tap
ENUM
ENUMAppliance
SIP/RTPProbe
Visualization
Call AuthenticationAnd NIDE Detection
Service
MediationServer
ESRP
NG9-1-1 ESINet
AWS PSAP/NCCIC
![Page 12: 2019 S&T Cybersecurity and Innovation Showcase · Detecting NIDEs in Next Generation (NG)9-1-1 and Other Communication Networks ... 2019. 2. Funded Contract Information . This material](https://reader034.fdocuments.us/reader034/viewer/2022052010/60207e0f10620d711f7f6e19/html5/thumbnails/12.jpg)
Benefits Will result in a solution that protects NG9-1-1 from NIDEs Will distinguish between NIDEs and legitimate events Usable by metro area NG9-1-1 centers Usable by National Cybersecurity & Communications Integration Center (NCCIC) Used by the Emergency Communications Cybersecurity Center (EC3) Will apply to any communication system Possibly extend to legacy systems and text/video
12
![Page 13: 2019 S&T Cybersecurity and Innovation Showcase · Detecting NIDEs in Next Generation (NG)9-1-1 and Other Communication Networks ... 2019. 2. Funded Contract Information . This material](https://reader034.fdocuments.us/reader034/viewer/2022052010/60207e0f10620d711f7f6e19/html5/thumbnails/13.jpg)
Competition/Alternatives Competitors offer less comprehensive solutions: Much less robust detection (spoofing for example)
Some service providers have limited offerings: AT&T and Verizon resell SecureLogix solutions
Ribbon communications: We partner with Cisco and Oracle
Some very small competitors Comtech, Motorola, others
1313
![Page 14: 2019 S&T Cybersecurity and Innovation Showcase · Detecting NIDEs in Next Generation (NG)9-1-1 and Other Communication Networks ... 2019. 2. Funded Contract Information . This material](https://reader034.fdocuments.us/reader034/viewer/2022052010/60207e0f10620d711f7f6e19/html5/thumbnails/14.jpg)
Current Status Defined NIDEs Designed solution architecture Developing prototype and deploying at pilots: Defined visualization screens Started implementation of machine learning detection
Working with pilot partners Working with Office of Emergency Communications (OEC) on EC3
14
![Page 15: 2019 S&T Cybersecurity and Innovation Showcase · Detecting NIDEs in Next Generation (NG)9-1-1 and Other Communication Networks ... 2019. 2. Funded Contract Information . This material](https://reader034.fdocuments.us/reader034/viewer/2022052010/60207e0f10620d711f7f6e19/html5/thumbnails/15.jpg)
Current StatusNG9-1-1
Verizon XHeaders
TRUSTID
Blacklists
NewTech
STIRSHAKEN
Patterns
Numbers
VerizonAPI
Government, DoD, DHS
TDoSEngine
ScamEngine
Call Authentication
ServiceMachine Learning Core
15
![Page 16: 2019 S&T Cybersecurity and Innovation Showcase · Detecting NIDEs in Next Generation (NG)9-1-1 and Other Communication Networks ... 2019. 2. Funded Contract Information . This material](https://reader034.fdocuments.us/reader034/viewer/2022052010/60207e0f10620d711f7f6e19/html5/thumbnails/16.jpg)
Current Status
16
![Page 17: 2019 S&T Cybersecurity and Innovation Showcase · Detecting NIDEs in Next Generation (NG)9-1-1 and Other Communication Networks ... 2019. 2. Funded Contract Information . This material](https://reader034.fdocuments.us/reader034/viewer/2022052010/60207e0f10620d711f7f6e19/html5/thumbnails/17.jpg)
Transition/Completion Activities Solution deployed at two pilot partners Solution deployed at several counties in D.C. area Interest from multiple NG9-1-1 systems Working to integrate solution into AT&T and West offerings Working to integrate solution with EC3 CAS useful in any voice environment
17
![Page 18: 2019 S&T Cybersecurity and Innovation Showcase · Detecting NIDEs in Next Generation (NG)9-1-1 and Other Communication Networks ... 2019. 2. Funded Contract Information . This material](https://reader034.fdocuments.us/reader034/viewer/2022052010/60207e0f10620d711f7f6e19/html5/thumbnails/18.jpg)
Lessons Learned 9-1-1 systems are very vulnerable to TDoS: Primary threat is through mobile calls (80% of calls) Possible to generate attacks through SIP and NSI phones Other types of annoying attacks
Existing NG9-1-1 systems have a lot of variability: No real standard NG9-1-1 Some manage ESInets, some outsource Must access vendor-specific systems
18
![Page 19: 2019 S&T Cybersecurity and Innovation Showcase · Detecting NIDEs in Next Generation (NG)9-1-1 and Other Communication Networks ... 2019. 2. Funded Contract Information . This material](https://reader034.fdocuments.us/reader034/viewer/2022052010/60207e0f10620d711f7f6e19/html5/thumbnails/19.jpg)
Lessons Learned Needed data is not in SIP: Calling number and location
No consensus on call treatment: No Session Border Controllers (SBCs) to interface with Most likely approach is control of queues and priorities
Detection belongs in the cloud: Easy to change, machine learning, EC3
Visualization is critical
19
![Page 21: 2019 S&T Cybersecurity and Innovation Showcase · Detecting NIDEs in Next Generation (NG)9-1-1 and Other Communication Networks ... 2019. 2. Funded Contract Information . This material](https://reader034.fdocuments.us/reader034/viewer/2022052010/60207e0f10620d711f7f6e19/html5/thumbnails/21.jpg)
Solutions Now I Innovations for the Future
2019 S&T Cybersecurity and Innovation Showcase
21