23 July 2003PM-ITTS

TSMO

Information Assessment Test Tool (IATT)Information Assessment Test Tool (IATT)

for IO/IWfor IO/IW

Briefing by:Briefing by:

Darrell L QuarlesDarrell L Quarles

Program DirectorProgram Director

U.S. Army Threat Systems Management OfficeU.S. Army Threat Systems Management Office

PEO STRIPEO STRI

256-876-9656 ext 268 (DSN: 746)256-876-9656 ext 268 (DSN: 746)

darrell.quarles@tsmo.redstone.army.mildarrell.quarles@tsmo.redstone.army.mil

UNCLASSIFIED

UNCLASSIFIED

ARMY THREAT SYSTEMS PROGRAMARMY THREAT SYSTEMS PROGRAMARMY THREAT SYSTEMS PROGRAMARMY THREAT SYSTEMS PROGRAM

NET 3 Conference & ExhibitionNET 3 Conference & Exhibition23 July 200323 July 2003

23 July 2003PM-ITTS

TSMO

Program Background

Program Description

OTIA Methodology

Concept of Operations

Capabilities

On-Going Development

Tool Configuration

Summary

AGENDAAGENDA

ARMY THREAT SYSTEMS PROGRAMARMY THREAT SYSTEMS PROGRAMARMY THREAT SYSTEMS PROGRAMARMY THREAT SYSTEMS PROGRAM

23 July 2003PM-ITTS

TSMO

BackgroundBackground

This program was developed to supply

Information Assurance Analysis to the

Intelligence Electronic Warfare Test

Directorate (IEWTD) of ATEC/OTC for

Operational Testing

UNCLASSIFIED

UNCLASSIFIED

ARMY THREAT SYSTEMS PROGRAMARMY THREAT SYSTEMS PROGRAMARMY THREAT SYSTEMS PROGRAMARMY THREAT SYSTEMS PROGRAM

23 July 2003PM-ITTS

TSMO

Program Background (Cont’d)Program Background (Cont’d)

ARMY THREAT SYSTEMS PROGRAMARMY THREAT SYSTEMS PROGRAMARMY THREAT SYSTEMS PROGRAMARMY THREAT SYSTEMS PROGRAM

Program was started in FY 01.

Task joins the capabilities of two Contractors: Dynetics and General Dynamics (GD)

Test Methodology, Threat Definition, and Scenario Development is provided by Dynetics

IATT development and IA threat integration by GD

23 July 2003PM-ITTS

TSMO

Program DescriptionProgram Description

A multi-step Operational Test Information Assurance (OTIA) Assessment Methodology

Identification and certification of the IA related DIA validated threat

A test tool that can perform penetration testing on the System under Operational test

ARMY THREAT SYSTEMS PROGRAMARMY THREAT SYSTEMS PROGRAMARMY THREAT SYSTEMS PROGRAMARMY THREAT SYSTEMS PROGRAM

This project consists of three tasks to aid in the Information Assurance Assessment:

23 July 2003PM-ITTS

TSMO

System IS/IA Analysis:

• System SSAA• Previous IS/IA Analysis• System Documentation -Topology -Information Flow

Vulnerability Analysis

IS/IA System Scan Conducted to:

•Verify IS/IA goals met• Identify additional Routes of Intrusion• Determine OS and Hardware/Software Configuration

Create an Internal &External Port Map

IS/IA System Penetration Test conducted to:

Stress System IS/IA (Penetration Tailored to System)

Penetrate and Mark

Penetration Analysis Conducted to determine if IS/IA

System:

• Identified penetration attacks•Stopped penetration attacks

Impact of Penetration on Mission

System IS/IA Risk/Impact Matrix:

• Identifies Operational risks of IS/IA Configuration• Confirms ISSA goals are met

Assessment of System IS/IA Status

15

2

4

3

ARMY THREAT SYSTEMS PROGRAMARMY THREAT SYSTEMS PROGRAMARMY THREAT SYSTEMS PROGRAMARMY THREAT SYSTEMS PROGRAM

OTIA MethodologyOTIA Methodology

23 July 2003PM-ITTS

TSMO

IATT Concept of OperationsIATT Concept of Operations

UNCLASSIFIED

UNCLASSIFIED

ARMY THREAT SYSTEMS PROGRAMARMY THREAT SYSTEMS PROGRAMARMY THREAT SYSTEMS PROGRAMARMY THREAT SYSTEMS PROGRAM

IATT is an easily transportable IA threat launch IA threat launch platform.platform.

IATT is to be populated with a DIA validated set of IA DIA validated set of IA ThreatsThreats that are specific to the target system/test Configuration.

IATT is to provide ATEC-OTC and test community the capability to measure the IA health of systems against actual IA threatsactual IA threats exercised in realistic scenariosrealistic scenarios.

23 July 2003PM-ITTS

TSMO

IATT CAPABILITIES IATT CAPABILITIES

UNCLASSIFIED

UNCLASSIFIED

ARMY THREAT SYSTEMS PROGRAMARMY THREAT SYSTEMS PROGRAMARMY THREAT SYSTEMS PROGRAMARMY THREAT SYSTEMS PROGRAM

Information Gathering- Stealthy and non-stealthy scanning of network assets to find a entry point vulnerability to exploit.

Network Monitoring - Passive tools to map the network, steal critical communications.Infiltration

- Gain access to a local/remote system by exploiting a vulnerability in COTS software.

Password Guessing/Cracking- Guess common passwords / break systems password files.

Nefarious Data Manipulation- Intercept/inject mission data transmissions on the network.

Denial of Service- Prevent communications through computer service disruption or elimination.

23 July 2003PM-ITTS

TSMO

ON-GOING DEVELOPMENTSON-GOING DEVELOPMENTS

UNCLASSIFIED

UNCLASSIFIED

C2IATT/NOVAC2IATT/NOVA- Automated scenario execution across multiple IATT units for complex tests.

Counter-Counter Measure DevelopmentCounter-Counter Measure Development- Provides a more realistic approach of attack scenarios.

Automated Decision AidesAutomated Decision Aides- Develop capabilities to enhance users decision making process.

Wireless IA CapabilityWireless IA Capability- Current information attack systems evaluate wired networks against random and intentional threats. The military requires a capability to test military wireless networks against the same types information attack threats. Knowing the susceptibility of military wireless networks to wireless information attack threats increases overall system security. Information assurance on all data links is essential to mission success, force protection, and information dominance.

23 July 2003PM-ITTS

TSMO

Live Test Configuration

Replicate Target Network in a Test Environment

IATT Hub

Firewall /Guard

SUT 1 SUT 2 SUT 3

23 July 2003PM-ITTS

TSMO

Mass Scan• Actively scans for

hosts on target network

• Determines Operating System & Port Information

23 July 2003PM-ITTS

TSMO

Passive Detection• Passively

detects hosts on target network

• Quantifies incoming and outgoing traffic

23 July 2003PM-ITTS

TSMO

Target Relationship Tool

• Identifies communication relationships between computers on the network

• Identifies data generators / receivers

23 July 2003PM-ITTS

TSMO

Demonstration Configuration• Singled out target on

the network

• The impact of neutralizing the right target is immeasurableIATT / Illuminate

RWS V6

Simulated

23 July 2003PM-ITTS

TSMO

System Operations – Information Panel

• Display results of scan for target

• Provides access to attacks for target

23 July 2003PM-ITTS

TSMO

System Operations – Snoop

• Collects network traffic in multiple protocols, ports, directions.

• Collects data to libcap files for review / analysis

23 July 2003PM-ITTS

TSMO

System Operations – Attack

• Conducts attack operations

• Standardized test configurations

• Attack status indicators

23 July 2003PM-ITTS

TSMO

Scan Reports

Network Reconnaissance logged for After Action Reviews (AAR)

23 July 2003PM-ITTS

TSMO

Target Reports

Every Activity Logged Against Every Target

23 July 2003PM-ITTS

TSMO

Attack Reports

Every Attack Characterized and Logged

23 July 2003PM-ITTS

TSMO

Threat Scenario RequirementsThreat Scenario Requirements

SUT 2 SUT 3

SUT 4 SUT 5

Illuminate

NOVA

FirewallRouter

RouterHub

Illuminate

Illuminate

SUT 1

Hub

Test / Scenario Conductor

Threat Execution

Threat Execution

Threat Execution

23 July 2003PM-ITTS

TSMO

SUMMARYSUMMARYThe methodology and tools being developed is laying the ground work and the essential tools necessary for the T&E community to properly assess the Information Assurance issues associated with our digitized forces.

Program foundation success for future development in IA.

Program is on schedule.

UNCLASSIFIED

UNCLASSSIFIED

ARMY THREAT SYSTEMS PROGRAMARMY THREAT SYSTEMS PROGRAMARMY THREAT SYSTEMS PROGRAMARMY THREAT SYSTEMS PROGRAM

23 July 2003PM-ITTS

TSMO

QUESTIONS?QUESTIONS?