Cyber_Huntsville by wuzhenguang


									                                    Huntsville Advanced
                                    Defense Technology

A vision for the future of Huntsville


 Cyber Huntsville Background and
 •   Mission
 •   Vision
 •   Organization
 •   Potential Low Hanging Fruit
 •   Timeline

         Secure the Cyber Mission for Huntsville

                         Cyber: A National Vulnerability

 “I believe that the dawn of cyber attacks and
  cyber defense is going to have the same impact
  on relations between nations that the dawn of
  nuclear weapons had.”
 “The threat of cyber attack is very real and it is
  available not only to nations but to groups of
  individuals who may or may not be sanctioned
  by nations, and to criminals, and to terrorists.”
 “Cyber attack and cyber defense are here to
  stay. We as a nation are ill prepared for it, as is
  every other nation.”

- General Peter Pace, USMC (Ret), former Chairman of the Joint
   Chiefs of Staff

             Huntsville is the U.S.’s #2 target for foreign intelligence efforts

                           Why Cyber Huntsville?
                           Our Value Proposition

 History of Leadership on the National Stage: Space, Missile Defense,
  Intelligence, and Modeling and Simulation
 Agile, Responsive, and Mutually Supportive Community
   •   Industrial Base Partners With Significant Technology Capabilities
   •   Cyber Capabilities (Labs, Workforce, Technology) Available
   •   Educational Institutions With IA/Cyber Programs
   •   Strong Support From Local and National Elected Officials

 Unmatched Technology Base and Cleared Workforce
 Experts in Solving Complex System Level Problems
  • Superb System Engineering Talent Readily Available
 Very Competitive Cost of Living That Reduces Total Costs to Customers

Leveraging Huntsville’s collective intellectual capital to solve the most pressing
      problem of our time… protecting the national cyber infrastructure

               Cyber Huntsville Approach

Secure the Cyber Mission for Huntsville
• Leverage What Huntsville Does Best - High-technology
  Solutions to Complex Problem Sets
• Focus on the Critical Cyber “Hard Problems”
• Leverage the Community’s Proven Cyber Leaders
• Harness the Power of Partnerships

• Execution Via an Agile and Flexible Organization Oriented
  on Achieving Measurable Results
• Involve Participants With “Skin in the Game”

            Identify – Partner – Innovate – Solve
                                 Why Should We Pursue?
                                Benefits of Cyber Huntsville

                                                                      Value to the
                    • Integral part of the
                      national cyber                                  Community
                    • Expand RDT&E                               Creation of local jobs
                      capabilities in cyber
                                                                 Influx of cyber talent
                                                                 Diversify community
   Academia                                                      Workforce enhancement
   • Expand competitive                Industry
     position                          • Enhanced RDT&E
   • Careers for                         capabilities in cyber

  Cyber Huntsville: Builds on Huntsville’s nationally-recognized talent pool and
experience with focus on cyber R&D, M&S, engineering, T&E and experimentation

                        Draft Vision Statement

       By 2015 Huntsville will have a thriving Cyber
         • HSV will be part of the $800 billion Global Cyber market
         • The city will be recognized Nationally and
           Internationally as a leader in Cyber R&D, M&S,
           engineering, T&E, and experimentation
         • Local academia will be producing cyber graduates from
           degree and certificate programs
         • There will be a thriving and close-knit network of
           Government, Academia, and Industry working all
           aspects of Cybersecurity

HSV will be an integral part of the national cyber infrastructure and activities

                  Draft Mission Statement

• Build A Cyber Center Of Excellence With Global
  Reputation And Global Reach Through A Collaborative
  Community Effort

• By Creating The Cyber Center, Bring Cyber Work To
  Huntsville And Execute This Work In Huntsville

• By Creating The Cyber Center, Leverage Huntsville’s
  Collective Intellectual Capital To Solve The Critical
  Challenges Facing The National Cyber Infrastructure

          An Internationally Recognized Cyber Leader That
    Serves DoD, Other Federal Agencies, And Commercial Markets

                                                               Cyber Domain

                                                          Cyber Analysis Capabilities
                                               Ground-based, Ship-borne, and Airborne Radar
            Cyber Tools                      Systems -- Guided Missiles and Rockets
                                               Electronic Warfare (EW) Systems -- Command,                                                                         Testing and Analysis
                                             Control, Communications, and Computer (C4) Systems                                                                                                 Network Infrastructure
                                                                                                                                                                                                   Attack Vectors

                                                                                                              SNMP Community               Telnet\SSH                                                    MITM
                                                                                                            String Dictionary Attack    Dictionary Attack    UNIX NetMgt Server                       ARP Poisoning                                                  HP OpenView Server
                                                                                                                                                                                                                            Network Mgt Application                    Enumerate Oracle
                                                                                                                with Spoofing to        Router\Switches\      Running NIS v1                            Sniffing
                                                                                                               Download Router\          NetMgt Server                                                                                                                  TNS Listener to

                                                                                                             Switch Configuration                                                                                                                                    Identify Default SID’s
                                                                                                                                                              Ypcat -d <domain>                 Capture SNMP Community
                                                                                                                                                              <server IP> passwd                 Strings and Unencrypted    Attempt to Login Using
                                                                                                              Build New Router
                                                                                                             Configuration File to
                                                                                                                                       Own Network          Grab shadow file hashes
                                                                                                                                                                                                Login\Passwords, Protocol   Default Login\Password
                                                                                                                                                                                                        Passwords                                                                      Further Enumerate
                                                                                                            enable further privilege   Infrastructure                                                                                                   Further Enumerate
                                                                                                                                                                                                                                                                                         Oracle SID’s to
                                                                                                                   escation                                                                                                                               Oracle SID’s to
                                                                                                                                                                                                                                                                                       Identify User Accts.
                                                                                                                                                                                                                                                          Identify Default
                                                                                                                                                                                                                                Reconfigure             DBA System Level

                                                      Cyber Domain
                                                                                                                                                               Crack Passwords                                 Configure                                                                Perform Dictionary
                                                                                                                                                                                         Inject New Routes                     Router or Switch          Accts\Passwords
                                                                                                                                                                                                               Device for                                                                     Attack
                                                                                                                Upload New                                                               Or Bogus Protocol      Further
                                                                                                              Configuration File                                                               Packets          Privilege
                                                                                                             Using Comprimised                                                                                 Escalation
                                                                                                              SNMP RW String                                  Access Server                                                   Own Network                             Login to Oracle DB
                                                                                                                                                                                                                              Infrastructure                         with Discovered DBA
                                                                                                                                                                                                  Own Network                                                          Privilege Account
                                                                                                             Own Network                                                                          Infrastructure
                                                                                                                                                               Discover Backup
                                                                                                                                                                                                                                      Execute OS CMDs from          Run Oracle SQL CMDs            Run Oracle SQL
                                                                                                                                                                 HW Configs
                                                                                                                                                                                                                                         Oracle PL/SQL                Execute OS CMDs                   CMDs
                                                                                                                                     Exploit ACL Trust                                  Find NetMgt                                                                                               Execute OS CMDs
                                                                                                                                       Relationship                                    passwords and                                  Attack Network from DB      Find NetMgt Passwords,               Add New
                                                                                                                                 Attack SNMP\Telnet\SSH                                                                                                           SNMP info, OS password            Privileged OS

  IA Architecture and Integration                           IT Security
                                                                                                                                                                                      SNMP config files

                                                                                                                                                                                                                                                                           files                       Account

                                                                               RF Collect                                                                    Crack Passwords

                                                                                                                                                                                                                                                                                                  Use New Privileged

  Security Assessments
                                                                                                                                                                                                                                                                      Crack Passwords

                                                                                                                                                                                                                                                                                                    OS account to
                                                                                                                                                                                                                                                                                                  Escalate Privileged
                                                                                                                                                                                                                                                                                                  Access to Network
                                                                                                                                                             Own Network


                                                     Certification and                      IO
  Technical Vulnerability Assessments
                                                                                                                                                                                                                                                                     Own Network


                                                    Accreditation                                                                                                                            Cyber M&S
• Information Systems Security Engineering                                                   EW
• Network Voice/Video/Data Systems                Secure Network
  Engineering                                     Engineering             CNA          ISR
• Strategic Security Program Development
• Security Product Implementation                                                                    CND
                                                   Incident     CND
• Cyber-security Modeling and Simulation           Response                CNE
             Cyber Labs                              Skill Assess                    Signals
                                                       and Training

                                                                               GIS    FME                                                                   Kill Chain Development

                                                                                                                            Process                                                   Supply Chain                                                     Algorithm
                                                                                                                          Exploitation                                                Exploitation                                                    Exploitation

    Cyber Training and Testing
                                                                                                      Subsystems Characterized
                                                                      RF and EO/IR Sensors and Detectors–Antennas–Phased Arrays–Transmitters–Receivers–Signal
                                                                      Processors–Operator Displays and Controls–Data-links–Computers–Software Algorithms–RF and
                                                                      EO/IR Missile Seekers–Warheads–Proximity Fuzes–Autopilots–Inertial Instruments–Altimeters–
                                                                      Guidance Computers–Propulsion Systems–Airframes and Control Surfaces–Power Systems

      Cyber Huntsville’s Core Mission


 Systems                             Huntsville
  Systems                           Capabilities
Engineering                        and Facilities
   Talent      Federal Agencies/
                SMDC      SED
                AMCOM     MSIC
                AMC       TSMO
                MDA       TVA

Role of Cyber Huntsville in the National Cyber Network

                                              Huntsville Can
                                             Provide Cyber:
                                         • R&D
                                         • M&S
                                         • Engineering
                                         • T&E
                                         • Experimentation
                                      …To fight in a degraded cyber
                                      … To protect infrastructure

                                    Common Goal: To establish
                                   dominance in cyberspace to
                                 assure our critical infrastructure
                                      and national security

                       Constructing Cyber Huntsville

         Build upon the teamwork and cooperation found in the
          Huntsville area to establish a Cyber alliance
         Leverage Huntsville’s cyber technology capabilities and
          significant, on-going cyber projects of national scope
         Draw upon the existing DoD, Federal, State, academic, and
          industry capabilities in technology, science, and services to
          build Huntsville as a Cyber Center of Excellence
         Serve as a regional center of cyber expertise, products,
          and services
          • Build locally and serve regionally and Nationally

Huntsville has been a Missile and Space Town for decades ---- It’s time to leverage the
         engineering, science, and R&D capabilities to become a Cyber Town

                          Integrated Cyber Domain

 Cyber requires highly integrated
                                               Intelligence                    Offense
  • No stovepipes
  • No hierarchies
                                                  R&D         Ecosystem
 Individual Organizations must leverage
  capabilities from others to be effective            Governance

 This requires a high level of coordination
  across the functional areas of Cyber

    Huntsville Has All The Capabilities Necessary To Address The Cyber Challenge

     Organizational Concept

        Cyber Huntsville
        Advisory Panel

        Cyber Huntsville
        Working Group

Tennessee Valley Cyber Community

                         Advisory Panel

 Requested to serve and provide advice
  • “Small” Group to Advise the Cyber Huntsville initiative
  • Senior Level Participation by Key Organizational Stakeholders.
    Provides Emphasis Within Their Organizations and within the
  • Zealots for the Initiative
  • Influence In and Out of Huntsville
  • Interface and be responsive to elected officials
  • “Policy-level” guidance / strategy for implementing Cyber Huntsville

 Actions
  • Approve Cyber Huntsville initiative charter (Drafted by WG)
  • Provide Strategic guidance and direction for Cyber Huntsville
    Working Group activities
  • Promote / advocate the Cyber Huntsville mission

                           Working Group

 WG Charter approved by Advisory Panel
 Takes strategic guidance from the Advisory Panel
 Executes the day-to-day activities of Cyber Huntsville Initiative
  • Larger Group of Executers
    –   Enthusiastically support Cyber Huntsville initiative
    –   Focused on cooperation and collaboration – one team!
    –   Organizes and executes Community outreach and conferences
    –   Study other “Cyber City” initiatives (best practices & lessons learned)
  • Composed of known Community Cyber leaders
 Provides Reports/updates to Advisory Group Meetings
 Near Term Actions
  • Develop group charter for Advisory Group’s approval
  • Develop the Cyber Huntsville Action Plan
  • Develop the Cyber Huntsville Strategic Roadmap for Advisory Group
  • Document Current Huntsville Cyber Requirements (government and
    commercial) and Huntsville’s Current Cyber capabilities

                                      Working Group

                                Chair: Dr. Rodney Robertson
                                       Co-Chair: TBD

Local Government          Federal             Industry            Academia            Other
Mayors Office            SMDC               Small              UAH                FBI
Chamber of               SED                Medium             Auburn             Infraguard
Commerce                  AMCOM              Large              A&M                Local NCIS
County                   NASA                                   Calhoun            902d
Commission                MSIC                                                       DSS
Legislative              AMC
Delegations               MDA
         Federal/DoD Organizations That Are Executing Cyber Tasks
         Companies With Significant Cyber Capabilities and Cyber Investments in Huntsville
         Educational Organizations Teaching Cyber Courses or Conducting Cyber Research
         Security and Law enforcement organizations involved in Cyber Security in Huntsville

            Working Group 1. Day-to-Day Operations of the Cyber Huntsville Activities
                             2. Frames Issues for Advisory Council/Mayor’s Decisions
            3. Coordinates Cyber Initiatives Across the Community


 19 November - Advisory Panel Kickoff
 13 January - Working Group Kickoff
 • 18 January – Map IPT membership and chairs
 • 25 January - Meet with IPT chairs
 • 1 February - Next working Group Meeting, UAH 8:00 – 10:00
 Early February – Advisory Panel Meeting
 • Draft Charter
 • IPT Membership
 Community Outreach Briefings
 • 10 Dec - HAMA
 • 19 Jan - Huntsville Advanced Defense Technology Cluster
 • 24 Jan - Space and Cyber Engineering / S&T Mega-Community Pilot
 WG Roadmap Draft
 • TBD (2011) – Cyber Event

To top