Opening Moves Workshop Summary @ NPS

1
Opening Moves Workshop Summary _at_ NPS

• O. Sami Saydjari, CDA
• ssaydjari_at_CyberDefenseAgency.com
• National Cyber Defense Initiative

2
Motivation

• Strategic Threat is Real and Growing
• Critical infrastructures vulnerable to cyber
  attacks by determined adversaries
• Myriad vulnerabilities software, hardware,
  configuration, policies and procedures
• Current Research is Important but Insufficient
  for serious adversary
• Considerable research has led to technology that
  addresses current threats
• Industry technology provides strong base for a
  successful research initiative
• Much of previous govt-funded research has led
  largely to point solutions
• Current research agenda wont provide technology
  for Nations critical resources
• Important Characteristics of a major research
  initiative
• Large effort, driven by security needs of todays
  tomorrows critical applications
• Along with security, privacy concerns have to be
  respected
• Research initiative must consider economic,
  legal, usability, workforce (dev op)
• Partner research communities with industries that
  will develop and use technology
• Considerable Government leadership needed (think
  post-Sputnik)

3
Approach
End State How things behave differently to
decision-maker (What) Moves Strategic action to
mitigate a strategic threat (How)
4
Desired End States I

• Continuity of Critical Info Infrastructure
  Operations
• Technology basis for resilient US cyber
  infrastructure that would sustain critical
  functions in face of attack
• Well-Defended Critical Assets
• Make it economically prohibitive for adversary to
  cause strategic damage to US critical
  infrastructure.
• Currently, adversaries can attack critical
  systems without requiring substantial resources.
• Local/Global Cyber Situation Awareness
• Know who and whats on critical system platforms,
  network, and the threats to them.
• Cyber early warning systems while maintaining
  privacy
• Todays IDSs can see simple previously-seen
  attacks locally,
• Seek one that can see highly-sophisticated,
  novel, covert strategic attacks

5
Desired End States II

• Data-Tight Systems.
• Prevent unauthorized leaks or exfiltration of
  critical information
• Ensure accountability for information flows
  within systems--share info only with those
  intended to have it.
• Losing Valuable data, protected by perimeter
  devices such as firewalls.
• New mechanisms and architectures are needed.
• Extensible systems that safely embrace new
  technology.
• New functions can be confidently added without
  compromising existing function or assurance.
• Advance Cyber defense technology and secure
  systems engineering
• So is a highly-usable enabler for rapid pace of
  new functionality, such as Net-Centric warfare,
  instead of impediment.
• Metrics-based Quantifiable security and
  dependability
• ability to determine extent to which critical
  systems can withstand attacks
• Without such metrics, it is hard to judge
  progress and assess effectiveness of proposed
  solutions.
• Metrics are fundamental

6
Promising Moves I

• Enable creation operation of secure systems by
  architectural principals
• Organize systems so fall-back operations and
  rapid recovery and repair from attacks, even of
  an unanticipated nature, are possible.
• As a policy, favor stratified/partitioned designs
  for critical security components.
• Re-organize networks that have moved away from
  these concepts.
• Separate critical data and functions of control
  plane from operational plane.
• Design systems to satisfy critical mission
  requirements.
• Value and prioritize critical cyber
  infrastructure functions.
• As functions are automated and integrated,
  require cost of operating without the function be
  calculated as a means of assessing its
  mission-criticality.
• Quantify recovery and rollback.
• Create combine Metrics-Driven security
  analysis, simulations, testing.
• Develop adequate test and analysis environments
  to vet theories of defense, cyber offense, new
  mechanisms, and operators using best cyber
  strategy and tactics.
• Need different test environments (some
  domain-specific), with a range of scales
• Test-beds underway need improvement to be more
  usable to support experiments

7
Promising Moves II

• Authentication attestation mechanisms to
  establish trust
• Authentication of individuals to each other, to
  machines,
• and of machines to individuals and to other
  machines
• Trustworthy identity privacy-protecting
  mechanisms is a prerequisite for security policy
  enforcement and for mechanisms such as network
  admission control.
• Develop human capital
• Inaugurate national competitions in secure system
  engineering to attract new talent and integrate
  academic, industry, and government efforts.
• Create unclassified national security research
  institutes with academic, private, govt
• Revamp research funding processes to encourage
  long-term, focused engagement in crucial areas.
• Increase funding to create a cyber workforce of
  researchers, system developers, and system
  administrators for commercial and
  Government-critical systems.
• Initiate research in key technology areas. A few
  candidate areas include
• practical techniques and tools for the secure
  composition of large-scale architectures, to
  support safe system design, extension and
  evaluation,
• transparent security mechanisms, to enable rather
  than interfere with work,
• active automated forensics, to identify attackers
  and account for their actions,
• self-healing and dynamic security, to raise the
  bar for attackers,
• system security benchmarking and assessment to
  develop quantifiable metrics

8
Diversity
Testbed
Theory (calculus of priorities)
Exercises
Develop Human Capital
Redundancy in Logical And Physical Infrastructure
Stratify
Early Warning
Cyber Counter- Intelligence
Valuation
Reconstitution
Establish Priorities
Not Remote Administration
Oppose Lifecycle Attacks
End State CONTINUITY The US critical
infrastructure shall be able to sustain
operations in the face of both static and
adaptive attacks
Rebuild
Fail Soft
Restore Recover
9
Natl Keying Infrastructure
Honeypots
Control/Detect Adversary CNA
Dynamic Security
Redundancy
Diversity
Network Admiss. Control
Special Purpose Devices
Lifecycle
Detection
App Specific Test Platforms
Biometrics
High Assurance Development
Stratify
Early Warning
Protected Admin
Identity Management
Appropriate Authentication
Traceback
Attestation
Human Capital Investment
End State PROTECT Ensure that an adversary
cannot economically achieve confidence in his
ability to cause strategic damage to the US
critical infrastructure
Deception
Maneuver
Hiding
Redundancy
Deterrence
Isolation
Hardening
10
Conclusions I

• Focus on protecting critical info. infra. from
  strategic damage is essential.
• Connecting bottom-up moves approach with
  top-down end-state approach broadened thinking,
  
• yet quickly brought focus on key strategic moves
  and will produce new technology that meets the
  needs of critical applications.
• Developing and sustaining human capital is
  essential to all in both the near- and long-term.

11
Conclusions II

• Strategy for understanding and influencing
  commercial markets is a prerequisite of any move.
  
• Industry should be actively engaged in developing
  this strategy.
• Pragmatic solutions and incentives are needed.
• Some of the key vendors are fully engaged in the
  NCDI community, but more have to be involved and
  soon.
• We should be careful not to undervalue ideas and
  concepts as old because they have been
  previously identified and discussed.
• Many never actually tried in earnest and
  translation of these notions to the current
  context will be required.
• Based on advances in underlying hardware and
  software technology the workshop participants
  believe that many of the key ideas are ready to
  be incorporated into design and evaluation
  methodologies.
• Ambitious goals require concerted community
  effort
• where researchers, academics, internet service
  providers, business leaders, government leaders,
  industry technical leaders all work in close
  partnership.

12
Recommendations for Next Steps I

• Fund continuation of analysis process started in
  WS
• handful of very experienced people with security
  engineering, research, and operational
  backgrounds.
• Identify most critical moves and lay out actions
  over near, medium and long term for those moves.
• Do Closure Analysis
• moves for which there were no corresponding
  end-states to determine their importance and
  determine if any key goal states missing.
• moves identified by prior studies in the same way
  with respect to missing moves and end-states.
• For example, usability of security plays a key
  role, yet is not yet well-mapped into the
  workshop results.

13
Recommendations for Next Steps II

• Explore end-state quantification
• so that investment can be prioritized
• Engineer Market Change
• Engage industrys top key technical leaders to
  determine ways to affect change consistent with
  the mechanisms and behavior of commercial
  markets.
• Extend Plan with Focused Workshops
• Hold follow-on workshops over the next 12 months
  with domain experts (e.g. power, banking, and
  telecommunications), technology experts, and
  industry experts to extend the plan.
• Involve Government agencies responsible for
  security RD and for these sectors

14
Workshop Organization

• The National Cyber Defense Initiative Opening
  Moves Workshop was held from 3-7 December 2007
  at the Naval Postgraduate School in Monterey,
  California. Its purpose was to help develop a
  framework and plan for the protection of the
  essential fabric of our national cyber
  infrastructure from strategic damage.
• The NCDI is a grassroots activity started in late
  November 2006 to address the need for a
  large-scale effort to improve the cyber security
  of our nation. Thirty-four invited specialists
  and a small number of reviewers attended. The
  former were at the workshop for the entire week,
  whereas the latter attended only the last day.
  All participants were cyber security experts.
  Their backgrounds included industry, government,
  academe, and consulting. The principle
  organizers of the workshop were Cynthia Irvine
  (Naval Postgraduate School) and Sami Saydjari
  (Cyber Defense Agency, LLC). Three pre-chosen
  facilitators lead breakout groups Terry Benzel
  (USC/ISI), Deborah Cooper (private consultant),
  and Bridget Rodgers (Sandia). Sponsorship for
  travel costs and facilities came from NPS, IARPA,
  NSF, and ONR.
• The workshop organized the participants into
  three breakout groups each of which focused on a
  set of high-level objectives. Plenary sessions
  were limited to talks that highlighted the
  critical nature of the cyber security problem,
  the challenge cyber security poses in the context
  of existing infrastructure and practice, and for
  inter-group synchronization. The approach was
  both bottom-up regarding strategic actions
  (called moves) that can and should be taken to
  make a significant reduction in risk, and
  top-down in terms of end-state operational
  capabilities needed to achieve information
  dominance.