La Governance della Sicurezza delle Informazioni in Italia: stato

Rev. 0_18

La Governance della Sicurezza delle

Informazioni in Italia:

stato dell’arte e nuove prospettive

Genova 18 Febbraio 2011

2© 2011 SELEX Sistemi Integrati. All rights reserved

Posizionamento strategico dell’ offerta

Selex SI

Offerta allo Stato dell’Arte: dai singoli Prodotti ai Sistemi Integrati

PROTEZIONE DEL

TERRITORIO

SISTEMI DI DIFESA

PROTEZIONE DEL TERRITORIO E DEI CONFINI,

PROTEZIONE DELLE INFRASTRUTTURE CRITICHE,

GESTIONE DELLE CRISI E GRANDI EVENTI

SISTEMI C4ISTAR,

INFRASTRUTTURE NCW,

SISTEMI DI DIFESA AEREA,

SISTEMI C4ISTAR PER IL CAMPO DI

BATTAGLIA

SISTEMI DI BORDO, DI SORVEGLIANZA E SICUREZZA

SISTEMI DI MISSIONE

AEREA

SISTEMI

ATC/ATM E AEROPORTI

VTMS &

CONTROLLO MARITTIMO

IT AVANZATA PER LA

SICUREZZA, LOGISTICA,

AUTOMAZIONE

AVIONICA (EW, RADAR, EO),

RADAR NAVALI E SISTEMI DI

DIREZIONE DI TIRO,

RADAR TERRESTRI

INTEGRAZIONE SISTEMI DI

COMBATTIMENTO NAVALE,

SISTEMI COMANDO E CONTROLLO

TERRESTRI

NAVALI E TERRESTRI,

AVIONICA CNI,

PROFESSIONAL TETRA, WiMAX

SENSORI

SISTEMI INTEGRATI

COMANDO E CONTROLLO COMUNICAZIONI

©2011 S

ELE

X S

iste

mi In

teg

rati

-com

merc

ial in

confide

nce

TERRAATC & ATPFINMECCANICASELEX SISTEMI

INTEGRATINAVALE MAPPASICUREZZAC4I LOGISTICA


L’offerta dei Sistemi di Sicurezza

SISTEMI DI CONTROLLO DEI

CONFINI MARITTIMI E DEL

TRAFFICO NAVALE

SISTEMI DI CONTROLLO

DEL TERRITORIO

SISTEMI DI PROTEZIONE DEI

CONFINI TERRESTRI SISTEMI DI PROTEZIONE PORTUALESISTEMI DI CONTROLLO DELLE

INFRASTRUTTURE CRITICHE

SISTEMI PER LA GESTIONE DELLE

CRISI E LA PROTEZIONE CIVILE

©2011 S

ELE

X S

iste

mi In

teg

rati

-com

merc

ial in

confide

nce

TERRAATC & ATPFINMECCANICASELEX SISTEMI

INTEGRATINAVALE MAPPASICUREZZAC4I LOGISTICA


Cyber: Threats

Critical Infrastructure attacksRobbery of digital identity

Web Vandalism

Equipment Distruction Robbery of sensible and reserved files

Buffer overflow; Shellcode; Cracking; Backdoor; Port scanning; Sniffing; Keylogging; Spyware

Examples: Spoofing; Trojan; Virus; DoS (Denial of Service); DDoS (Distributed Denial of Service);

Propaganda


Cyber: Vulnerabilities

ExploitPiece of software, a chunk of data, or

sequence of commands that take

advantage of a bug, glitch or vulnerability

in order to cause unintended or

unanticipated behavior to occur on

computer software and hardware.

BackdoorMethod of bypassing normal

authentication, securing remote

access to a computer, obtaining

access to plaintext, and so on,

while attempting to remain

undetected.

EavesdroppingThe act of secretly

listening to the private

conversation of others

without their consent

Bad Social engineeringMalicious individuals have regularly

penetrated well-designed, secure computer

systems by taking advantage of the

carelessness of trusted individuals,

or by deliberately deceiving them.

RootkitA rootkit is software that enables

continued privileged access to a

computer, while actively hiding its

presence from administrators by

subverting standard operating system

functionality or other applications.

KeyloggingThe action of tracking/logging the

keys struck on a keyboard,

typically in a covert manner so that

the person using the keyboard is

unaware that their actions are

being monitored


CyberDefence: Architectural Context

• Symmetric and A-Symmentric Threats

• Active, Passive, Conventional and non – Conventional Defence

• High level complexity in Organizational Structure

• Evolution in Employment Concept

• Expeditionary Missions and in nations and out of the area

• Interoperability Requirements

• Multi level Security Needs

• Multinational and multiforces missions (combined, joint) with

different lead (NATO, EU, Nations, ONU)

• CIMIC Integration : Civil and Military Infrastructure Protection

• NCW, NCO, NEC Trasformation

• Open Source and open standards adoption

• Speed change in technology evolution


Cyber Industrial Enablers

• Establish Governance for Cyber Defence Issues

• Share and Synchronize Culture

• Develop and Synchronize a different Business ModelsOrganization

• Strengthen Life Cycle Management & Develop a Collaborative Working Environment

• Manage and Synchronize Frameworks

• Re-use of existing Cyber efforts and investments

• Program Management & Risk/ Cost Control/Reduction

• Methodologies of Continuous Training forCyber

Methodology

• Develop a Cyber Assessment Environment

• Develop Interoperability Framework

• Setup a Federated and Secured Communications Infrastructure through specific SO and HW

• Setup an Information & Core Services Infrastructure

• Setup an Information Assurance (IA) Infrastructure and Security Services

• Anticipate Man-in-the-Loop and Improve Human Factors

• Setup a System Management

Technical


System of System Engineering Approach:

From AF to SysML

SYSTEM OF SYSTEM

DOMAIN

ISFM

ISFM

SW Requir

Specification

SW Code

ImplementionSW

Unit TestSW

Integration

SW/HW Test

Validation

SYSTEM DOMAINSystem

Requirement

Specification

HMI

Requirement

Specification

Requirement

Analysis

Functional

Analysis & DesignSpecialised

Studies

Interface

Requirement

Specification

HMI Functional

Analysis & Design

ISFM

HMI Interface

Requirement

Specification

Performance

Analysis

Integration &

Test

Activity

Battelab

Int. Lab

Field Int.

Tra

ceability

SOFTWARE

DOMAIN


Network Operation Center (IT+UK)


The appliance implements

Vulnerability Assessment

functions aimed to control the

presence of vulnerabilities in the

different OS versions and

configurations, and network

system applications.

Security Audit

operates Security Alerts,

generates events and forwards

them to the main collector .

Intrusion detection

Manage the network bandwidth

partitioning according to

different criteria

Bandwith management

Has the aim to analyse both

network traffic (up to application

level) and Netflow information

Traffic Monitoring

Has the aim to gather and store

SNMPTrap and syslog messages from

different host and applications, and to

extract and visualise them according to

different criteria.

Log Server

Italian+UK Security Operation Centre


The Finmeccanica Business Model

• FNM provided a contribution to COPASIR

Report ( Italian Government Report)

• Internal Organization – IPT : FNM Cyber team

lead by Selex SI (Selex Sistemi Integrati, Selex

Communications, Elsag Datamat, Digint,

Vega, Selex Sistem Integration)

• Strategic issue:

– SELEX Sistemi Integrati has been

engaged by FNM corporate to partecipate

to Cyber Defence Exercise (Cyber Shot

2010)


CyberShield Solution (1/2)

SELEX Sistemi Integrati has developed a prototype project on a security

architecture that has been integrated into a product CyberShield_SoS, which

offers an advanced modular and flexible solution to the market, based on the

following building blocks

Cyber SensorsEvery Sensor usable to

detect the threats

Cyber C4The infrastructure is needed to

manage the 5° dimension (Cyber

Sfera)

Cyber EffectorsEvery single resource is needed

to react to the threat


Cyber EffectorsTo stop, to ban, to recover

•Select and activate countermeasure

•To Ban neutralize the threats

•Verify effects of the response

•Recover to normal activities

CyberShield Solution (2/2)

Cyber Sensors“Learn” information

•Threats analysis and identification and prevention of threat and sources•Discovery of intrusion and network traffic flow analysis•Cyber intelligence on open sources•Monitoring upon event and network activities

Cyber C4Overlook the fifth dimension

•Supervision of the correlation analysis of the

information domains

•Generation and Evalutation of the operative pictures

(CYOP, Cyber Operational Picture)

•Implementation of operative Pictures and Geografical

network Maps

•Advanced Management of information in the classified

domains.


CYBER

GOVERNANCE

& RULES OF

ENGAGEMENT

CYBER

SENSORS AND

EFFECTORS

CYBER C4 : CYOP

Recover

Protect

Deter

DetectRespond

CyberShield : Architecture and Domains


• OSN – Osservatorio Sicurezza Nazionale

(Selex SI/Finmeccanica – CASD)

Programmi di rilievo per la Cyber Defence

Documents

La Governance della Sicurezza delle Informazioni in Italia: stato