SECURITY IN LARGE, STRATEGIC AND COMPLEX SYSTEMS
-
Upload
marco-lisi -
Category
Technology
-
view
119 -
download
4
description
Transcript of SECURITY IN LARGE, STRATEGIC AND COMPLEX SYSTEMS
Dr. ing. Marco Lisi([email protected])
Master di II Livello in "Homeland Security"Università degli Studi Campus Bio-Medico di Roma, A. A. 2012-2013
SECURITY IN LARGE, STRATEGIC AND COMPLEX SYSTEMS
2
Introduction All critical infrastructures of our society rely on ICT
systems, rendering them more intelligent but more vulnerable at the same time
Cybercrime caused about US $67 billion to US companies in 2004, according to an estimate based on the Federal Bureau of Investigation’s 2005 Computer Crime Survey
A 2011 report commissioned by the UK Cabinet office estimated cybercrime’s annual cost to the UK to be to be £27bn (about 1.8% of GDP)
Information security is a “must have” option not only for “dual use” systems, but in general for all those systems constituting critical infrastructures or devoted to emergency services, disaster recovery, crisis management, homeland security, environment monitoring and control
3
Projects and Systems Evolution
4
Products vs. ServicesCars
Highways
Trains Railways
Stations Parking areas Aircrafts Airports Ships Etc.
5
From Platforms to Service Systems
How Technology Almost Lost the War: In Iraq, the Critical Networks Are Social — Not Electronic
WIRED MAGAZINE: Wired Issue 15.12
The future of war began with an act of faith. In 1991, Navy captain Arthur Cebrowski met John Garstka, a captain in the Air Force, at a McLean, Virginia, Bible-study class. The two quickly discovered they shared more than just their conservative Catholic beliefs. They both had an interest in military strategy.
(…) Over the next several years, the two men traded ideas and compared experiences. They visited businesses embracing the information revolution, ultimately becoming convinced that the changes sweeping the corporate world had applications for the military as well.
(…) In an article for the January 1998 issue of the naval journal Proceedings, "Network-Centric Warfare: Its Origin and Future“, they not only named the philosophy but laid out a new direction for how the US would think about war.
Their model was Wal-Mart. Here was a sprawling, bureaucratic monster of an organization — sound familiar? — that still managed to automatically order a new lightbulb every time it sold one. Warehouses were networked, but so were individual cash registers. So were the guys who sold Wal-Mart the bulbs. If that company could wire everyone together and become more efficient, then US forces could, too.
8
From Network‐Centric Warfare Systems…
9
…To Network‐Centric “Welfare” Systems
10
How many more disasters like these can we tolerate?
11
Net‐Centric Emergency Response System
12
Large and Complex Systems (1/2) A large and complex system is a system composed of
a large number of interconnected elements, often developed and deployed worldwide, which interact dynamically, giving rise to emergent properties
Examples of complex systems for civil applications include: global satellite navigation systems air traffic control systems railway control systems space systems such as the International Space Station or
space transportation and exploration vehicles surveillance, Earth observation and Homeland security
systems electric power distribution systems telecommunication systems complex computer networks, including Internet.
13
Large and Complex Systems (2/2) A complex system often integrates existing systems
(or parts of them) in an overall large-scale architecture (“System of systems”) containing a large number of interfaces and implementing multiple modes of operation, in a highly dynamic environment
Large and complex systems require extensive logistics and maintenance support capabilities
Large and complex space-based systems (e.g. Galileo) are conceived to be in service for a long time; in this case the evolution of the system (up-gradings and modifications) has to be taken into account from the beginning.
14
Characteristics of Service Systems Large and complex systems Software intensive (several million lines of code) Capabilities-based rather than platform-based Organization and governance (human factor) Technical performance is a prerequisite for
production and delivery of services, not a final objective
Requirements related to operations, in addition to technical ones, assume a very high relevance:
Quality of Service (QoS) FlexibilityReliability, Availability, Continuity ExpandabilityMaintainability InteroperabilitySafety ResilienceSecurity
15
"Systems of Systems" and Information Security Security standards often demand that a system be
disconnected from all networks before it can be given the highest security rating
In a “system of systems”, based on an “open” architecture, trusted and untrusted domains need to co-exist and operate together
A connected machine (or system) is a vulnerable machine (or system). But a “system of systems” is inherently “network-centric”
This apparent contradiction must be resolved, finding the optimum balance between protection of information and availability of it
Need for security certification standards, encryption techniques, “air gap” and firewall technologies, secure gateways and network routers
16
The Common Criteria Standard• The Common Criteria (ISO/IEC
15408-2005) define the international standard for performing and documenting the security certification of an ICT system
• The Common Criteria define a set of seven “Evaluation Assurance Levels”
• An EAL 1 Common Criteria Evaluation requires a small set of assurance activities and provides a relatively low level of confidence in the product protection, whereas an EAL 7 Common Criteria Evaluation requires a large set of activities which provide a very high level of confidence.
17
Common Criteria Evaluation AssuranceLevels (EAL’s)
EAL1 - functionally testedEAL2 - structurally testedEAL3 - methodically tested
and checkedEAL4 - methodically designed,
tested and reviewedEAL5 - semiformally designed
and testedEAL6 - semiformally verified
design and testedEAL7 - formally verified
design and tested
18
Common Criteria Certification: Open Issues• Long time required for the execution of the
evaluation/certification process • High cost of the evaluation/certification process• Need for “air-gap” technologies at the boundaries
between trusted and untrusted domains• Availability of jointly certified hardware and
software platforms • Severe limitations in the use of commercial off-the-
shelf (COTS) software products• Limitations in the use of commonly adopted
communications protocols (e.g. TCP/IP) • Loss of certification because of minor modifications
or obsolescence of both hardware and software• Need for “encapsulation” techniques for the
utilization of non-certified components
September 13 Page 19
Conclusions In today’s world the demand for safety, security
and value-added services is increasing at a very fast pace
This implies the development of complex, integrated, highly networked systems or “systems of systems”
The “network-centric” paradigm, originally conceived for military applications, is progressively migrating towards “welfare” applications, such as safety, security, environment protection and monitoring
As technology and communications become commodities, value-added services will be provided in the future by ever more complex systems, based on network-centric architectures
Dr. ing. Marco Lisi([email protected])
Master di II Livello in "Homeland Security"Università degli Studi Campus Bio-Medico di Roma, A. A. 2012-2013
SECURITY IN SATELLITE SYSTEMS
26/09/2013
Summary All critical infrastructures of our society rely on ICT
systems; their confidentiality, availability, integrity, continuity and quality of service have to be guaranteed and protected
Satellite systems, integrated into world-wide ICT infrastructures, are more and more vulnerable to intentional and non-intentional threats
Satellite security is often limited to encryption and anti-jamming technologies, but satellite ground segments are exposed to the same type of threatstypically experienced by terrestrial information systems
Information security is no longer a “nice to have”,but rather a “must have” option.
26/09/2013
Satellite Integration in Network‐Centric Architectures
26/09/2013
Satellite Pirating
The most famous case of satellite pirating is that of John MacDougall, alias “Captain Midnight”, who was able in 1986 to superimpose his messages onto a commercial DTH TV channel.
26/09/2013
Satellite System Components and Links
26/09/2013
Unintentional Threats to Satellite Systems
26/09/2013
Intentional Threats to Satellite Systems
26/09/2013
Satellite Systems: Threats and Countermeasures
26/09/2013
Spacecraft Communications Infrastructure
26/09/2013
Space Communications Standards
The European Space Agency (ESA) is integratingsecurity features into its space communicationsstandards
ESA communications with its spacecrafts are basedon the CCSDS (Consultative Committee for SpaceData Systems) Packet TM/TC Protocol Family, thatdoes not presently integrate default securityfeatures
CCSDS, however, has proposed new standards (SpaceCommunication Protocol Standards, SCPS) providingbuilt-in security support functions.
26/09/2013All rights reserved © 2007, Telespazio
Conclusions In a network-centric perspective, satellite systems
need to incorporate standardized and certifiable approaches to information security
So far information security has been perceived as a customized add-on, leading to a variety of security requirements and to a number of proprietary solutions, adopted by space agencies and industries
Certification standards and security solutions for network-centric military systems can be effectively applied to complex, network-centric satellite systems
Information security features, including encryption, keys management and conditional access control, will have to be designed into the network from the beginning, as an integral part of it.
Navigation solutions powered by Europe
The Galileo System, Servicesand Security Accreditation
Dr. ing. Marco LisiEuropean Space Agency
Special Advisor to the European Commissionand to the European GNSS Agency
Summary • EGNOS and Galileo are the key elements of the European
navigation “system of systems”, a strategic and critical infrastructure of the European Union;
• The Galileo global navigation satellite system, joint initiative by the European Union and the European Space Agency, is one of the most ambitious and technologically advanced service systems being developed in Europe, by European industries and with European resources;
• While the system procurement and deployment proceed following an incremental Implementation Plan, all steps are being taken for the delivery of Early Services;
• After a political decision of Vice-President Antonio Tajani, then included by President Manuel Barroso in the agenda of the European Commission, Galileo will start officially delivering Early Services, i.e. the guaranteed and committed delivery of capabilities to the community of potential customers/users, as from the end of 2014.
Galileo Implementation Plan
The Galileo Constellation
Galileo IOV Spacecraft
Galileo FOC Spacecraft
Galileo Services
From a System…
38
…to a Service
39
European GNSS Agency (GSA),Prague
Galileo Service Centre, Madrid
Early Services Task Force
Galileo System Infrastructure
Galileo Security
Monitoring Centre
Galileo Deployed Configuration
Galileo Service Centers in Europe
Galileo Stations for Early Services
43
GALILEO: The System
toexternalService
Providersand otherentities
~ 40 GSS
Constellation - 30 MEO Satellites
ERIS - External Regional Integrity Systems
GCS - Galileo Control System
GMS - Galileo Mission System
GSS - Galileo Sensor Stations
MDDN - Mission Data Dissemination Network
NRS - Navigation Related Service
PRS - Public Regulated Service
SAR - Search And Rescue
SDDN - Satallite Data Dissemination Network
TT&C - Telemetry, Tracking and Telecommand
ULS - Up-Link Station
Galileo Control Centre 2 (GCC2)(geographical redundant)
Galileo Control Centre 1 (GCC1)
ERIS13 m antenna
TT&C S-band Up-linkMission C-band Up-link
(Nav/Integ/SAR/NRS/PRS)5 combined Galileo Up-links Sites
(global coverage)
Total: 5 S-band heads Total: at least 31 C-band heads
Mission C-band Up-link(Nav/Integ/SAR/NRS/PRS)
+ 4 dedicated Mission Up-linksSites
... Direct C-band Up-linksfor Integrity
SDDN MDDN/ ULS Network
MDDN/ GSS Network
Elements of GCS and GMS
Elements of GMS
Elements of GCS
Ground Control and Mission Segments Facilities
44
The Galileo “System of Systems”
45
Galileo Security Doctrine
46
Accreditation Core ActivitiesAccreditation Authority
Security Accreditation Board (SAB)Galileo Security Accreditation Panel (GSAP)Crypto Distribution Authority (CDA)
System accreditationSystem design reviewSystem auditsVerify that all Galileo security requirements are met
Site accreditationAudits and on-site inspectionsEnsure that local security requirements are met
ComponentsReview Security TargetsFollow evaluation and certification process
PRS User SegmentPRS receiver certification, evaluation and accreditationPRS manufacturers accreditation
47
Available GNSS (GPS) Jammers
48
Susceptibility to Interference/Jamming
Conclusion
49
Galileo is readyand
eager to serve