PMW 130 Overview EDO Course

Report
Program Executive Office
Command, Control, Communications,
Computers and Intelligence (PEO C4I)
PMW 130 Overview for NDIA
11 May 2011
Kevin McNally
Program Manager PMW 130
858-537-0682
[email protected]
Statement A: Approved for public release; distribution is unlimited
Information Dominance
Anytime, Anywhere…
Why Cyber Matters?
"If the nation went to war today in a cyber war, we would lose.”
- Admiral Mike McConnell (retired), 23 Feb 2010
• Over 2.08 billion Internet users (420M in China) – UN International
Telecommunication Union (ITU)
• DOD makes 1 billion+ Internet connections daily, passing 40TBs of
data – RADM Edward H. Deets, III
• DOD Networks scanned and probed 6M times/day – USCYBERCOM
• Several years ago, zero countries armed for cyber warfare, today
20+ countries – Dr. Eric Cole, McAfee
• Stuxnet – Most advanced Cyber Weapon ever seen – CEO McAfee
“The next battle is in the information domain, and the first shots
have already been fired.”- Admiral Gary Roughead, CNO
2
McAfee Threat Summary
New stats:
•
•
•
•
20 Million new malware in 2010
~55,000 new malwares/day (new record)
Growth in sites hosting malware
Number of new mobile malware in 2010
increased by 46 percent over 2009
Malware growth since Jan 09
Adobe products still
the top target
Source: McAfee Threats Report Q4 2010
3
Symantec
Expansion of Tool Kits
61% of threat activity
on malicious websites
is toolkit specific
Source: Symantec Intelligence Quarterly (April-June 2010)
44
ZeuS, aka Zbot
Adaptable Trojan for sale
TOOLKIT TO BUILD YOUR OWN TROJAN HORSE
• Infect PCs by simply visiting an infected Web site
• Oct 2010, over 30 individuals were arrested for ZeuS-based
attacks against U.S. and U.K. bank account holders
• Dec 2010, spoof email from “White House” to UK Government
• U.K. officials suggest the cyber attack originated from China
• Cost on the black market
•The Private Version is $3-4K
•VNC private module is $10K
• ZeuS author earned $15M in
commissions from license rights
77% of infected PCs have up-to-date anti-virus software
5
Can you tell the difference?
6
Amazing Coincidence?
7
Is our supply chain safe?
January 2008, a joint task
force seized $78M of
counterfeit Cisco
networking hardware
Source: Defense Tech
April 2009, Chinese spies
may have put chips in U.S.
planes
Source: The Times of India
May 2010, Counterfeit
Cisco Network Gear Traced
to China, Not Surprisingly
Source: Security Magazine
8
Conficker Spreading
5 Versions in 5 Months
Mid Jan 2009
Conficker A and B explodes.
Estimates range from 3-12 million
machines infected
Mid Feb 2009
CONFICKER B++
Direct Update Feature
Early Feb 2009
CONFICKER C
50K Domains
Kills Security Software
+ Robust Peer-to-Peer Comms
Malware Analysis Countermeasures
+ Improved HTTP Command & Control
End Dec 2008:
CONFICKER B
Code Cryptography
+ Password Cracking
+ USB Infection Vector
Anti-Virus Countermeasures
+ Primitive Peer-to-Peer Comms
Software Update Countermeasures
20 Nov 2008:
March 2009
IBM announces:
Asia has 45% of
infections; Europe 32%;
South America 14%;
North America 6%
CONFICKER.A
April 2009
CONFICKER E
No Software Armoring
HTTP Command & Control
Spam
“Scareware”
50,000 PCs a day are attacked
9
9
Conficker
(At the one year mark)
1010
What about specialized weapons
and aircraft?
French fighter planes grounded by computer virus
- The Telegraph, 07 Feb 2009
French fighter planes were unable to take off after military
computers were infected by a computer virus. Microsoft had
warned that the "Conficker" virus, transmitted through
Windows, was attacking computer systems in October last year
11
Android Disasters
• March 1, 2011:
confirmed that 58 malicious
apps were uploaded to Android Market
• Rootkit granting hackers deep access
• Google initiated “remote kill” to affected devices
• Admits they can’t patch the hole causing the
vulnerability
• Symantec: Android app called
“Steamy Windows” was modified to
SMS premium rate numbers owned
by Chinese hackers
Source: http://techcrunch.com/2011/03/05/android-malware-rootkit-google-response/
http://www.computerworld.com/s/article/9211879/Infected_Android_app_runs_up_big_texting_bills
12
SCADA
Supervisory Control And Data Acquisition
• Shumukh Al-Islam Network call
to Mujahadin Brigades to “strike
the soft underbelly…”
• “…strikes…simultaneous”;
“…spread hysterical horror…”
• Infrastructure processes include:
•
•
•
•
•
•
•
Water treatment & distribution
Wastewater collection & treatment
Oil & gas pipelines
Wind farms
Civil Defense siren systems
Large communication systems
Electrical power transmission & distribution
OSC Web monitoring report found an article dated 18 December 2010 on
Shumukh Al-Islam Network titled “Launch SCADA Missiles” urging an attack
13
Social Networking Event
Robin Sage
• Purportedly Cyber Threat Analyst
for the Naval Network Warfare
Command
• Impressive resume at 24, highlevel security clearances
• 10 years' experience in the
cybersecurity field
• Friends list included people
working for the nation's most
senior military officer, the
chairman of the Joint Chiefs of
Staff, NRO, a senior intelligence
official in the U.S. Marine Corps,
the chief of staff for a U.S.
congressman, and several senior
executives at defense contractors
• Job offers from industry
“One soldier uploaded a
picture of himself taken on
patrol in Afghanistan
containing embedded data
revealing his exact location”
14
Information Assurance &
Cyber Security (PMW 130)
•
•
•
•
Computer Network Defense (CND) – ACAT IVT
EKMS/KMI - Component of NSA – ACAT IAM
PKI - Component of DISA – ACAT IAM
Cryptography (modernization; legacy)
• Navy, USMC, USCG, MSC
• Radiant Mercury (RM)
• Cross Domain Solution
• Tactical Key Loader (TKL)
• USMC and SPECOPS
• Information Assurance (IA) Services
PMW 130 collaborates with
FLTCYBERCOM, 10th Fleet,
NCF, NNWC, and NCDOC
15
C4I Networks Today
Defense In Depth
Enterprise Management
• Prometheus
Enterprise View
Navy Computer Network
Defense Centers
Regional
Views
Network Operations
Service Centers
Platform
Views
–
Advanced Data Correlation
• Governance
• Situational Awareness: CND-COP
• CND C2
• Coordinated Response Actions
WAN Defenses
• Boundary Defense (firewalls)
• Enclave Protection (IPS/IDS)
• Data Correlation
• Virus Protection
LAN Defenses
• Host Protection (HIDS, Firewall,
anti-virus, baselining)
• Vulnerability Scanning
• Vulnerability Patch Remediation
• Network Intrusion Detection
Mission Operations
16
Navy Computer Network Defense
High-Level Operational View
17
Cyber Defense and the Navy
What Lies Ahead
•
•
•
•
•
•
•
•
•
•
•
Identifying network anomalies & behaviors
Moving from reactive to predictive
Advanced Persistent Threat
Insider Threat/Data loss prevention
Advanced spear phishing
Web security, Social Networks
Web enabled application security
Correlation and Analysis of sensor data
Cloud Security
Wireless/handheld device security
Cyber Situation Awareness
18
Future Collaboration
• Collaboration is vital to our future
• Welcome collaboration across government,
commercial, academia and other stakeholders
• PMW 130 Government/Industry Exchange
• An opportunity for industry to present products they feel may
be of interest to PMW 130
• Attendees include PMW 130 senior leadership, SPAWAR
and PEO C4I invitees, and other PMW 130 personnel
(Assistant Program Managers, engineers, etc.)
• Held once a month
• 50 minutes, including Q&A
• Please contact Carol Cooper at [email protected]
19
We get IT.
We also integrate it, install it and
support it. For today and tomorrow.
Visit us at www.peoc4i.navy.mil
20

similar documents