northrop grumman corporation
play

Northrop Grumman Corporation Operating Safely in a Cyber Dense - PowerPoint PPT Presentation

Apr 29, 2023 •357 likes •496 views

Northrop Grumman Corporation Operating Safely in a Cyber Dense Environment the Good, the Bad, and the Ugly. World Air Traffic Management Congress March 2016 Dr. Dennis McCallam, DIA. Northrop Grumman Fellow Who we are Leading global

  1. Northrop Grumman Corporation Operating Safely in a Cyber Dense Environment – the Good, the Bad, and the Ugly. World Air Traffic Management Congress March 2016 Dr. Dennis McCallam, DIA. Northrop Grumman Fellow

  2. Who we are • Leading global security company • $24 billion sales in 2014 • $38.2 billion total backlog • Leading capabilities in: – Unmanned Systems – Cyber – C4ISR – Logistics Focus on Performance 2 Approved For Public Release # 16-0385; Unlimited Distribution

  3. Agenda • Lets put a context on the cyber threat from a capability standpoint • The cyber environment out there….ugly • Understanding that our environment has both enterprise and platform information systems • Some thoughts on security engineering and resilience • Some ways ahead (and some good news) Approved For Public Release # 16-0385; Unlimited Distribution

  4. Looking at the Threat Landscape - Capabilities 1 Use existing malicious code and known exploits The Known - Develop tools to use known exploits against publically 2 Known known vulnerabilities Develop and use unknown malicious code against known 3 The vulnerabilities Known- Unknown Criminal or state actors who discover new vulnerabilities 4 and develop exploits against known vulnerabilities State actors who create vulnerabilities and impact products The 5 in the supply chain to enable exploitation of networks and systems of interest Unknown - Unknown States with the ability to successfully execute full spectrum 6 cyber operations * Defense Science Board Task Force Report: Resilient Military Systems and the Advanced Cyber Threat January 2013 4 Approved For Public Release # 16-0385; Unlimited Distribution

  5. So….How vulnerable are things • Some factual attacks or alerts – Computer researcher hacked into aircraft control system (masquerading as a passenger): May 2015 • Contention between safety and security – Johnson, C. (2016). Why We Cannot (Yet) Ensure the Cyber-Security of Safety- Critical Systems. – Need to address the difference between platform (sensor, etc) systems and enterprise systems • Some urban legend attacks – Was it a virus or a bad maintenance computer? 5 Approved For Public Release # 16-0385; Unlimited Distribution

  6. Cyber resilience impacts a lot of things Enterprise IT System of Systems Platform IT The traditional IP based IT Combination of platform and The IT residing within and on infrastructure: HW/SW and all enterprise IT systems (their platforms that it touches sensors and components) that make up the mission KEY CHARACTERISTICS KEY CHARACTERISTICS KEY CHARACTERISTICS • More homogenous and known • Hybrid – multiple interfaces • Some non-Internet operating • Infrastructure dependent across enterprise and systems, protocols and transport • Designed to manage large platform • Proprietary components volumes of critical data • Huge attack surface • Some legacy systems, • Events are played out in • Risk of “Pearl Harbor” if pre-“cyber era” massive scale in public “jump the gap” events • Solutions must be safety-centric • Vast array of COTS cyber tools of varying effectiveness Not everything is the same. 6 Derived from DoDD 8500.1, Paragraph E2.1.16.4 Approved For Public Release # 16-0385; Unlimited Distribution

  7. Security Engineering: Simplified • Continuously improve your C4ISR architecture with security in mind – Think: “Secure by Design” • The Internet of Things (and a lesson for us) 192.168.0.63 …and I just hacked a bank. Where Should We Protect From? 7 Approved For Public Release # 16-0385; Unlimited Distribution

  8. Cyber Threats…Are They Really Everywhere? Performance Data Recorder Supply Chain Bluetooth/4G/OnStar Keyless Entry Remote Start Security Engineering and Vulnerability Analysis Enable Successful Cyber Design and Test 8 Approved For Public Release # 16-0385; Unlimited Distribution

  9. The Resilience Lifecycle Start Secure. Stay Secure. Return Secure. ™ TRUSTED BASELINE RESILIENT OPERATIONS SECURE RE-BASELINING Operations & Support Upgrade & Modernize Design, Acquire, Build & Field • Detect/prevent loss of sensitive information • Maintain supply chain • Avoid supply chain intrusion integrity • Operate through attacks • Continually assess security • Preserve software integrity posture • Respond to attacks across the board, not just on IP-based connections • Prevent malware injection • Detect & reject built-in malware and undocumented features • Detect RF links & code insertion • Prevent security mitigation bypass • Design holistically • Prevent mission critical function alteration • Detect non-intentional S/W • Follow software assurance • Monitor for mission load compromise modifications processes • Review & protect diagnostic • Ensure software provenance equipment injection points • Detect & reject counterfeit parts Attack Vectors Resilience Approaches • Ensure software/data • Prevent contract process flaws Data integrity Start Secure Code • Secure related environments Infrastructure Communications Stay Secure People Return Secure Mission Assurance 9 Approved For Public Release # 16-0385; Unlimited Distribution

  10. Some good news • The enterprise IT side is well understood – Build on the shoulders of giants • The safety and operational demands on ATC Platform IT is a GREAT start towards cyber protection – Code evaluations – Secure CM and patch control • We can and should get into two rhythms – Start secure, Stay secure, Seturn secure™ to help with the development and architecture of the next generation systems – Secure it, Optimize it, Evolve it ™ to make sure we always know where we are and know where we are going • Secure the design data of your system – it is critical 10 Approved For Public Release # 16-0385; Unlimited Distribution

  11. Final thoughts - maintain your vision with education • The development of processes around E System Security Engineering is a natural extension of the formal Systems Engineering 20 1 100 process • Engineering a solid system to protect the D U 20 integrity of the supply chain is necessary 50 2 • Educate application developers about risks to 20 C A T E 3 20 the supply chain and what to watch for Information Supply Chain Security Security Standards Policy and Regulations Systems and Vendors 11 Approved For Public Release # 16-0385; Unlimited Distribution

Recommend

Northrop Grumman Today April 2016 Gloria Pualani Corporate Director, GSDP/Government Relations

Northrop Grumman Today April 2016 Gloria Pualani Corporate Director, GSDP/Government Relations

Northrop Grumman Today April 2016 Gloria Pualani Corporate Director, GSDP/Government Relations Northrop Grumman Today Leading global security company $23.5 billion sales in 2015 $35.9 billion total backlog (as of Dec. 31, 2015)

302 views • 11 slides
Fault-tolerant Quantum Computing Bryan Eastin Northrop Grumman Corporation Aurora, CO December

Fault-tolerant Quantum Computing Bryan Eastin Northrop Grumman Corporation Aurora, CO December

Fault-tolerant Quantum Computing Bryan Eastin Northrop Grumman Corporation Aurora, CO December 2014 Bryan Eastin Fault-tolerant Quantum Computing What do we mean by quantum computer ? Quantum computer properties (in theory) General purpose -

860 views • 55 slides
Northrop Grumman Cybersecurity Research Consortium (NGCRC) Intelligent Autonomous Systems based

Northrop Grumman Cybersecurity Research Consortium (NGCRC) Intelligent Autonomous Systems based

Northrop Grumman Cybersecurity Research Consortium (NGCRC) Intelligent Autonomous Systems based on Data Analytics and Machine Learning 19 April 2018 Bharat Bhargava Purdue University Technical Champions : Jason Kobes, Jeffrey Ciocco, Will

932 views • 71 slides
Business Value and Customer Benefits Derived from High Maturity Alan Pflugrad Northrop Grumman

Business Value and Customer Benefits Derived from High Maturity Alan Pflugrad Northrop Grumman

CMMI sm Technology Conference and User Group November 2002 Business Value and Customer Benefits Derived from High Maturity Alan Pflugrad Northrop Grumman Information Technology Defense Enterprise Solutions (DES) Chair, DES Engineering Process

565 views • 17 slides
Maybe There is a Better Way Sandy Burney & Shawn Larson Northrop Grumman Aerospace Systems

Maybe There is a Better Way Sandy Burney & Shawn Larson Northrop Grumman Aerospace Systems

The Peculiar World of Sole Source Contracting; Maybe There is a Better Way Sandy Burney & Shawn Larson Northrop Grumman Aerospace Systems What should you expect for the next 45 minutes? Peculiarities of sole source estimating

207 views • 19 slides
State of US Aerospace the Industry and Northrop Grumman Heritage August 16, 2019 Approved for

State of US Aerospace the Industry and Northrop Grumman Heritage August 16, 2019 Approved for

The Aerospace & Defense Forum Los Angeles Chapter August 16, 2019 State of US Aerospace the Industry and Northrop Grumman Heritage August 16, 2019 Approved for Limited Public Distribution # 18-1289 1 Presentation The State of

449 views • 11 slides
Matthew Hause UPDM Co-Chair UPDM Group Adaptive Mitre Artisan Software Northrop Grumman ASMG

Matthew Hause UPDM Co-Chair UPDM Group Adaptive Mitre Artisan Software Northrop Grumman ASMG

UPDM Unifie d Pr ofile for DoDAF / MODAF Matthew Hause UPDM Co-Chair UPDM Group Adaptive Mitre Artisan Software Northrop Grumman ASMG L3 Comms BAE Systems MOD DoD NoMagic DND Raytheon embeddedPlus Rolls Royce Generic Sparx

574 views • 29 slides
Shipping Hazardous Materials Who? Me? Overview of transportation of samples and small

Shipping Hazardous Materials Who? Me? Overview of transportation of samples and small

Shipping Hazardous Materials Who? Me? Overview of transportation of samples and small quantities of hazardous materials by highway and air John Fowlkes, CHMM Principal Environmental Engineer Northrop Grumman Corporation Hazardous

610 views • 35 slides
"Right-sized Architecture: Integrity for Emerging Designs" Presented by: Ken Kubo

"Right-sized Architecture: Integrity for Emerging Designs" Presented by: Ken Kubo

AW7 Concurrent Session 11/7/2012 2:15 PM "Right-sized Architecture: Integrity for Emerging Designs" Presented by: Ken Kubo Northrop Grumman Corporation Brought to you by: 340 Corporate Way, Suite 300, Orange Park, FL 32073 888 268

563 views • 23 slides
Introduction to OSGi University of Colorado, Boulder CSCI 5828 Foundations of Software

Introduction to OSGi University of Colorado, Boulder CSCI 5828 Foundations of Software

Introduction to OSGi University of Colorado, Boulder CSCI 5828 Foundations of Software Engineering Spring 2012 Professor Kenneth Anderson Presentation by: Brendan Greene Software Developer Northrop Grumman Corporation Introduction to

651 views • 30 slides
Presentation 3 Keven Benavente Rayne Dobson Savannah Hillebrand David McNealy Sami Scarcello

Presentation 3 Keven Benavente Rayne Dobson Savannah Hillebrand David McNealy Sami Scarcello

Presentation 3 Keven Benavente Rayne Dobson Savannah Hillebrand David McNealy Sami Scarcello Tyler Schafer [1] Review: Scope and Objectives Northrop Grumman Corporation (NGC) Requested team design of functional handling arm Able

169 views • 15 slides
Preliminary Presentation Keven Benevante Rayne Dobson Savannah Hillebrand David McNealy Sami

Preliminary Presentation Keven Benevante Rayne Dobson Savannah Hillebrand David McNealy Sami

Preliminary Presentation Keven Benevante Rayne Dobson Savannah Hillebrand David McNealy Sami Scarcello Tyler Schafer [1] Scope and Objectives Northrop Grumman Corporation (NGC) Requested team design of functional handling arm

444 views • 21 slides
November 11, 2003 R. Lai, M. Siddiqui, B. Pitman, M. Nishimoto, K. Johnson, S. Din, O. Fordham,

November 11, 2003 R. Lai, M. Siddiqui, B. Pitman, M. Nishimoto, K. Johnson, S. Din, O. Fordham,

Highly Linear and Compact MMW Phased Array Transmitters November 11, 2003 R. Lai, M. Siddiqui, B. Pitman, M. Nishimoto, K. Johnson, S. Din, O. Fordham, G. Schreyer, R. Grundbacher, L. Callejo and D. Streit, Northrop Grumman Space Technology,

315 views • 13 slides
A Practical Example of the Integration of Simulations, Battle Command, and Modern Technology

A Practical Example of the Integration of Simulations, Battle Command, and Modern Technology

A Practical Example of the Integration of Simulations, Battle Command, and Modern Technology International European Multi Conference And Simulation Interoperability Workshop 2009 Dr. J. Mark Pullen Lori Topor C4I Center Northrop Grumman IT

468 views • 29 slides
SENSOR PLACEMENT OPTIMIZATION Science and Technology for Chem-Bio Information Systems 25-28

SENSOR PLACEMENT OPTIMIZATION Science and Technology for Chem-Bio Information Systems 25-28

SENSOR PLACEMENT OPTIMIZATION Science and Technology for Chem-Bio Information Systems 25-28 October 2005 Keith Gardner Northrop Grumman IT Problem of Interest Multiple Biological detectors to be placed around and within a fixed facility

196 views • 16 slides
Illusionist: Transforming Lightweight Cores into Aggressive Cores on Demand Amin Ansari 1 ,

Illusionist: Transforming Lightweight Cores into Aggressive Cores on Demand Amin Ansari 1 ,

Illusionist: Transforming Lightweight Cores into Aggressive Cores on Demand Amin Ansari 1 , Shuguang Feng 2 , Shantanu Gupta 3 , Josep Torrellas 1 , and Scott Mahlke 4 1 University of Illinois, Urbana-Champaign 2 Northrop Grumman Corp. 3 Intel

349 views • 23 slides
and Wafer-Scale Assembly Technologies May 17, 2010 CS MANTECH Workshop 6 Portland OR Patty

and Wafer-Scale Assembly Technologies May 17, 2010 CS MANTECH Workshop 6 Portland OR Patty

Wafer-Level Packaging and Wafer-Scale Assembly Technologies May 17, 2010 CS MANTECH Workshop 6 Portland OR Patty Chang-Chien Northrop Grumman Aerospace Systems Acknowledgement Multi-center effort at NGAS: Microelectronics, RF Product

571 views • 43 slides
Cyber Catastrophe in the Movies: Realistic Threat or Hollywood Hokum? MODERATOR: PANELISTS:

Cyber Catastrophe in the Movies: Realistic Threat or Hollywood Hokum? MODERATOR: PANELISTS:

Cyber Catastrophe in the Movies: Realistic Threat or Hollywood Hokum? MODERATOR: PANELISTS: Larry Clinton Scott Borg US Cyber Consequences Unit Internet Security Alliance Paul Davis NJVC Tim McKnight Northrop Grumman Danny McPherson

661 views • 32 slides
Larry Clinton President & CEO Internet Security Alliance lclinton@isalliance.org

Larry Clinton President & CEO Internet Security Alliance lclinton@isalliance.org

Larry Clinton President & CEO Internet Security Alliance lclinton@isalliance.org 703-907-7028 202-236-0001 www.isalliance.org Board of Directors Tim McKnight, Chair , VP and CISO , Northrop Grumman Jeff Brown, First Vice Chair ,

572 views • 28 slides
Intelligence Driven Malware Analysis (IDMA) Malicious Profiling 14 January 2015 Homeland

Intelligence Driven Malware Analysis (IDMA) Malicious Profiling 14 January 2015 Homeland

Intelligence Driven Malware Analysis (IDMA) Malicious Profiling 14 January 2015 Homeland National Cybersecurity and Communications Integration Center Security whoami Cyber Threat Analyst at Northrop Grumman Performed wide range of

550 views • 20 slides
Don't leave your Architecture Behind - Kanban-enabled Model Driven Software Development SATURN

Don't leave your Architecture Behind - Kanban-enabled Model Driven Software Development SATURN

Don't leave your Architecture Behind - Kanban-enabled Model Driven Software Development SATURN 2012 May 9 th , 2012 Esther Johnson and Chris Williams Northrop Grumman Aerospace Systems, Software Engineering Approved for Public Release:

571 views • 31 slides
Status of Cross-Track Infrared Sounder (CrIS) Prelaunch Calibration Denise Hagan, Chunming

Status of Cross-Track Infrared Sounder (CrIS) Prelaunch Calibration Denise Hagan, Chunming

Status of Cross-Track Infrared Sounder (CrIS) Prelaunch Calibration Denise Hagan, Chunming Wang, Giovanni DeAmici, Paul Lee (Northrop Grumman Space Technology) Denis Tremblay (Science Data Processing Inc.) Gene Kratz (Raytheon Information

449 views • 19 slides
Status of Cross-Track Infrared Sounder (CrIS) Prelaunch Calibration: Update Denise Hagan,

Status of Cross-Track Infrared Sounder (CrIS) Prelaunch Calibration: Update Denise Hagan,

Status of Cross-Track Infrared Sounder (CrIS) Prelaunch Calibration: Update Denise Hagan, Chunming Wang, Giovanni De Amici, Degui Gu (Northrop Grumman Space Technology) Denis Tremblay (Science Data Processing Inc.) Gene Kratz (Raytheon

604 views • 11 slides
Can Fault Tree Analysis Technique Resolve Fault Isolation Ambiguity? Alpana Gangopadhyaya

Can Fault Tree Analysis Technique Resolve Fault Isolation Ambiguity? Alpana Gangopadhyaya

Reliability Maintenance and Managing Risk Conference 2019 Can Fault Tree Analysis Technique Resolve Fault Isolation Ambiguity? Alpana Gangopadhyaya Supportability Systems Engineer Northrop Grumman Alpana.Gangopadhyaya@ngc.com Phone Number

466 views • 18 slides

More recommend