Resiliency by Design, Defeating All Threats Cyber and ... · • “System Security Engineering:...

Resiliency by Design, Defeating All

Threats Cyber and Ballistic Missile-

Start Secure, Stay Secure, Return

Secure

August 7-9, 2018

Perri Nejib, Technical Fellow

Space and Missile Defense

Symposium

John Thompson, Technical Fellow

Northrop Grumman

Approved For Public Release #18-1463; Unlimited Distribution

Holistic approach to Cybersecurity

Must be in alignment and integrated for

cyber defense solution to be effective

and holistic


TRUSTED BASELINE

The Resilience Lifecycle

SECURE RE-BASELININGRESILIENT OPERATIONS

Resilience ApproachesMoving Target Defense

Proactive Restore/C2

Least Privilege Enforcement

Operate in spite of Threat Inside

Trust Zone Segmentation

Identity Attribution

Encryption

Root of Trust

Enabling Mission Assurance

Attack VectorsData

Code

Infrastructure

Communications

People

Operations

• Prevent loss of sensitive information

• Operate through attacks

• Respond to attacks across the board, not

just on IP-based connections

• Prevent mission critical function alteration

Build & Field

• Avoid supply chain intrusion

• Continually assess security

posture

• Detect & reject built-in malware

• Ensure software provenance

• Detect & reject counterfeit

parts

Maintain & Modernize

• Maintain supply chain integrity

• Preserve software integrity

• Prevent security mitigation

bypass

• Review and protect diagnostic

equipment injection points

Support

• Supply chain integrity

• Ensure software/data

integrity

• Review and protect

diagnostic equipment

injection points

Design & Acquire

• Design holistically

• Traceable supply chain

• Follow software assurance

processes

• Ensure software provenance

• Avoid contract process flaws

START SECURE. STAY SECURE. RETURN SECURE


Resilience Meets Systems Engineering

SECURE DEVELOPMENT ENVIRONMENTS

Material Solution Analysis

Technology Maturation

Engineering & manufacturing Development

Production & Deployment

BUILDING A CYBER RESILIENT SYSTEM

Trusted Baseline Continuous Trust Restoration

Start Secure

Operations & Support

Stay Secure Return Secure

Build Trusted Baseline

• System Security

Engineering

• Anti-Tamper

• Cybersecurity/RMF

• Software Security

• Mission Assurance

• Supply Chain Risk Mgmt

• TEMPEST

• Other Countermeasures

Secure our Development

Environments

• Personnel Security

• Operations Security

• Information/Industrial

Security

• Enterprise

• Lab/Development Areas

• Classified Areas

• External Networks

RegionalArchitectures

Feasibility Study/Concept

Exploration

Concept of Operations

System Requirements

High-Level Design

DetailedDesign

Software/HardwareDevelopment

Field Installations

Unit Device Testing

Subsystem Verification

System Verification & Deployment

System Validation

Operations and Maintenance

Changes and Upgrades

Retirement/Replacement

System Validation

System Verification

SubsystemVerification

Unit Test


System Security Engineering & the System Engineering V -

Details

Identify RMF CIA Impact Levels

and whether or not the systems

meets the criteria of a National

Security System

Identify required security controls

using NIST 800-53 and CNNS-

1253 (NSS Systems)

Identify the capabilities needed to

satisfy the required controls and

those needed to continuously

monitor them

Design system controls and

associated monitoring

capabilities

Implement Designs

Integrate controls monitoring

capabilities with existing security

infrastructure and ops teams

Verify controls satisfy required

capabilities and are continuously

monitored

Train staff on new capabilities,

develop O&M procedures, deliver

system documentation

Continuously monitor controls

and regularly exercise staff to

maintain a high state of cyber

readiness


INCOSE Project with the SSE

Working Group


Approach

• Research applicable published Standards and Guidance

– NIST 800-160

– ISO 15288

– INCOSE SE Handbook

• Work focused on taking SSE activities, tasks and

deliverables/artifacts and developing framework that can be used

across domains and clearly defines critical artifact roles and &

responsibilities within SSE and SE

• Make it clear to SEs how to integrate SSE products into related SE

products and the value in doing so to manage overall

program/system design and risk

The systems security engineering discipline provides the security

perspective to the systems engineering processes, activities, tasks, products,

and artifacts, with emphasis on system security risk management.

These all had major updates mid

2015 and 2016


Project Goals

• Integrate artifact roles & responsibilities framework into current

INCOSE specialty engineering section on SSE – Chapter 10

• Develop framework so that it can easily be adopted into NIST SP 800-

160 and ISO 15288


INCOSE SE Handbook & NIST SP 800-160 Organized by Processes and associated Activities and Tasks


NIST 800-160 broken down by

ISO 15288:2015/INCOSE SE

processes – expressed in

security activities and tasks


Example Process Breakout

Implementation (IP) Process Breakout

Purpose • Realize the security aspects of all system element

• Results in a system element that satisfies specified system security

requirements, architecture, and design

Outcomes • Security aspects of the implementation strategy are developed

• Security aspects of implementation that constrain the requirements,

architecture, or design are identified

• Security system element

• System elements securely packaged and stored

• Enabling systems or services needed for security aspects of implantation

• Traceability of security aspects of implemented system elements

Activities and

Tasks

• IP-1 Prepare for the security aspects of implementation

o IP 1.1 – 1.3

• IP-2 Perform the security aspects of implementation

o IP 2.1 – 2.4

• IP-3 Manage results of the security aspects of implementation

o IP 3.1 – 3.3

Inputs Security strategy, plan, traceability, requirements, design, architecture, secure

system elements, assurance evidence, assurance results and anomalies

report

Responsible and

Supporting Roles

Responsible: Systems Security Engineer (SSE)

Supporting: Program Manager (PM), Chief Engineer (CE), Systems Engineer

(SE), Systems Architect (SA), and Test Engineer (TE)


Roles and Responsibilities Framework


References

• “Systems Security Engineering: What Every System Engineer Needs to Know”, D. Beyer, P. Nejib and E. Yakabovicz,

INCOSE IS 2017 presentation, July 2017

• “System Security Engineering: Whose Job Is It Anyway?”, D. Beyer, P. Nejib, INCOSE Insight Journal, July 2016,

Volume 19 / Issue 2

• “Response to Cyber Security Demands for Agility”, D. Beyer, P. Nejib, INCOSE Insight Journal, July 2014, Volume 17,

Issue 2


Resiliency by Design, Defeating All Threats Cyber and ... · • “System Security Engineering:...

Documents

Transcript of Resiliency by Design, Defeating All Threats Cyber and ... · • “System Security Engineering:...