Cyber_Huntsville by wuzhenguang

VIEWS: 1 PAGES: 19

									                                    Huntsville Advanced
                                    Defense Technology
                                          Cluster

A vision for the future of Huntsville




                                                          1
                       Agenda


 Cyber Huntsville Background and
  Overview
 •   Mission
 •   Vision
 •   Organization
 •   Potential Low Hanging Fruit
 •   Timeline



         Secure the Cyber Mission for Huntsville

                                                   2
                         Cyber: A National Vulnerability


 “I believe that the dawn of cyber attacks and
  cyber defense is going to have the same impact
  on relations between nations that the dawn of
  nuclear weapons had.”
 “The threat of cyber attack is very real and it is
  available not only to nations but to groups of
  individuals who may or may not be sanctioned
  by nations, and to criminals, and to terrorists.”
 “Cyber attack and cyber defense are here to
  stay. We as a nation are ill prepared for it, as is
  every other nation.”

- General Peter Pace, USMC (Ret), former Chairman of the Joint
   Chiefs of Staff


             Huntsville is the U.S.’s #2 target for foreign intelligence efforts

                                                                                   3
                           Why Cyber Huntsville?
                           Our Value Proposition


 History of Leadership on the National Stage: Space, Missile Defense,
  Intelligence, and Modeling and Simulation
 Agile, Responsive, and Mutually Supportive Community
   •   Industrial Base Partners With Significant Technology Capabilities
   •   Cyber Capabilities (Labs, Workforce, Technology) Available
   •   Educational Institutions With IA/Cyber Programs
   •   Strong Support From Local and National Elected Officials

 Unmatched Technology Base and Cleared Workforce
 Experts in Solving Complex System Level Problems
  • Superb System Engineering Talent Readily Available
 Very Competitive Cost of Living That Reduces Total Costs to Customers

Leveraging Huntsville’s collective intellectual capital to solve the most pressing
      problem of our time… protecting the national cyber infrastructure

                                                                                     4
               Cyber Huntsville Approach


Secure the Cyber Mission for Huntsville
• Leverage What Huntsville Does Best - High-technology
  Solutions to Complex Problem Sets
• Focus on the Critical Cyber “Hard Problems”
• Leverage the Community’s Proven Cyber Leaders
• Harness the Power of Partnerships

• Execution Via an Agile and Flexible Organization Oriented
  on Achieving Measurable Results
• Involve Participants With “Skin in the Game”


            Identify – Partner – Innovate – Solve
                                 Why Should We Pursue?
                                Benefits of Cyber Huntsville



                    Government
                                                                      Value to the
                    • Integral part of the
                      national cyber                                  Community
                      infrastructure
                    • Expand RDT&E                               Creation of local jobs
                      capabilities in cyber
                                                                 Influx of cyber talent
                                                                 Diversify community
                                                                 capabilities
   Academia                                                      Workforce enhancement
   • Expand competitive                Industry
     position                          • Enhanced RDT&E
                                                                 Collaboration
   • Careers for                         capabilities in cyber
     graduates




  Cyber Huntsville: Builds on Huntsville’s nationally-recognized talent pool and
experience with focus on cyber R&D, M&S, engineering, T&E and experimentation

                                                                                           6
                        Draft Vision Statement



       By 2015 Huntsville will have a thriving Cyber
        Center:
         • HSV will be part of the $800 billion Global Cyber market
         • The city will be recognized Nationally and
           Internationally as a leader in Cyber R&D, M&S,
           engineering, T&E, and experimentation
         • Local academia will be producing cyber graduates from
           degree and certificate programs
         • There will be a thriving and close-knit network of
           Government, Academia, and Industry working all
           aspects of Cybersecurity


HSV will be an integral part of the national cyber infrastructure and activities



                                                                                   7
                  Draft Mission Statement


• Build A Cyber Center Of Excellence With Global
  Reputation And Global Reach Through A Collaborative
  Community Effort

• By Creating The Cyber Center, Bring Cyber Work To
  Huntsville And Execute This Work In Huntsville

• By Creating The Cyber Center, Leverage Huntsville’s
  Collective Intellectual Capital To Solve The Critical
  Challenges Facing The National Cyber Infrastructure

          An Internationally Recognized Cyber Leader That
    Serves DoD, Other Federal Agencies, And Commercial Markets

                                                                 8
                                                               Cyber Domain

                                                          Cyber Analysis Capabilities
                                               Ground-based, Ship-borne, and Airborne Radar
            Cyber Tools                      Systems -- Guided Missiles and Rockets
                                               Electronic Warfare (EW) Systems -- Command,                                                                         Testing and Analysis
                                             Control, Communications, and Computer (C4) Systems                                                                                                 Network Infrastructure
                                                                                                                                                                                                   Attack Vectors




                                                                                                              SNMP Community               Telnet\SSH                                                    MITM
                                                                                                            String Dictionary Attack    Dictionary Attack    UNIX NetMgt Server                       ARP Poisoning                                                  HP OpenView Server
                                                                                                                                                                                                                            Network Mgt Application                    Enumerate Oracle
                                                                                                                with Spoofing to        Router\Switches\      Running NIS v1                            Sniffing
                                                                                                               Download Router\          NetMgt Server                                                                                                                  TNS Listener to




                                                           The
                                                                                                             Switch Configuration                                                                                                                                    Identify Default SID’s
                                                                                                                                                              Ypcat -d <domain>                 Capture SNMP Community
                                                                                                                                                              <server IP> passwd                 Strings and Unencrypted    Attempt to Login Using
                                                                                                              Build New Router
                                                                                                             Configuration File to
                                                                                                                                       Own Network          Grab shadow file hashes
                                                                                                                                                                                                Login\Passwords, Protocol   Default Login\Password
                                                                                                                                                                                                        Passwords                                                                      Further Enumerate
                                                                                                            enable further privilege   Infrastructure                                                                                                   Further Enumerate
                                                                                                                                                                                                                                                                                         Oracle SID’s to
                                                                                                                   escation                                                                                                                               Oracle SID’s to
                                                                                                                                                                                                                                                                                       Identify User Accts.
                                                                                                                                                                                                                                                          Identify Default
                                                                                                                                                                                                                                Reconfigure             DBA System Level




                                                      Cyber Domain
                                                                                                                                                               Crack Passwords                                 Configure                                                                Perform Dictionary
                                                                                                                                                                                         Inject New Routes                     Router or Switch          Accts\Passwords
                                                                                                                                                                                                               Device for                                                                     Attack
                                                                                                                Upload New                                                               Or Bogus Protocol      Further
                                                                                                              Configuration File                                                               Packets          Privilege
                                                                                                             Using Comprimised                                                                                 Escalation
                                                                                                              SNMP RW String                                  Access Server                                                   Own Network                             Login to Oracle DB
                                                                                                                                                                 Directly
                                                                                                                                                                                                                              Infrastructure                         with Discovered DBA
                                                                                                                                                                                                  Own Network                                                          Privilege Account
                                                                                                             Own Network                                                                          Infrastructure
                                                                                                             Infrastructure
                                                                                                                                                               Discover Backup
                                                                                                                                                                                                                                      Execute OS CMDs from          Run Oracle SQL CMDs            Run Oracle SQL
                                                                                                                                                                 HW Configs
                                                                                                                                                                                                                                         Oracle PL/SQL                Execute OS CMDs                   CMDs
                                                                                                                                     Exploit ACL Trust                                  Find NetMgt                                                                                               Execute OS CMDs
                                                                                                                                       Relationship                                    passwords and                                  Attack Network from DB      Find NetMgt Passwords,               Add New
                                                                                                                                 Attack SNMP\Telnet\SSH                                                                                                           SNMP info, OS password            Privileged OS




  IA Architecture and Integration                           IT Security
                                                                                                                                                                                      SNMP config files




•
                                                                                                                                                                                                                                                                           files                       Account




                                                                               RF Collect                                                                    Crack Passwords


                                                                                                                                                                                                                                                                                                  Use New Privileged




  Security Assessments
                                                                                                                                                                                                                                                                      Crack Passwords




•
                                                                                                                                                                                                                                                                                                    OS account to
                                                                                                                                                                                                                                                                                                  Escalate Privileged
                                                                                                                                                                                                                                                                                                  Access to Network
                                                                                                                                                             Own Network



                                                                          C2
                                                                                                                                                             Infrastructure


                                                     Certification and                      IO
  Technical Vulnerability Assessments
                                                                                                                                                                                                                                                                     Own Network



•
                                                                                                                                                                                                                                                                     Infrastructure



                                                    Accreditation                                                                                                                            Cyber M&S
• Information Systems Security Engineering                                                   EW
• Network Voice/Video/Data Systems                Secure Network
  Engineering                                     Engineering             CNA          ISR
• Strategic Security Program Development
• Security Product Implementation                                                                    CND
                                                   Incident     CND
• Cyber-security Modeling and Simulation           Response                CNE
                                                                                     Foreign
             Cyber Labs                              Skill Assess                    Signals
                                                       and Training

                                                                               GIS    FME                                                                   Kill Chain Development
                                                              NOC’S


                                                                                                                            Process                                                   Supply Chain                                                     Algorithm
                                                                                                                          Exploitation                                                Exploitation                                                    Exploitation

    Cyber Training and Testing
                                                                                                      Subsystems Characterized
                                                                      RF and EO/IR Sensors and Detectors–Antennas–Phased Arrays–Transmitters–Receivers–Signal
                                                                      Processors–Operator Displays and Controls–Data-links–Computers–Software Algorithms–RF and
                                                                      EO/IR Missile Seekers–Warheads–Proximity Fuzes–Autopilots–Inertial Instruments–Altimeters–
                                                                      Guidance Computers–Propulsion Systems–Airframes and Control Surfaces–Power Systems

                                                                                                                                                                                                                                                                                      9
      Cyber Huntsville’s Core Mission


                   Weapon
                   Systems
                    HWIL
                     SIL


 Weapon
 Systems                             Huntsville
                                      Cyber
  Systems                           Capabilities
Engineering                        and Facilities
   Talent      Federal Agencies/
                 Organization
                SMDC      SED
                AMCOM     MSIC
                AMC       TSMO
                MDA       TVA
                NASA

                                                    10
Role of Cyber Huntsville in the National Cyber Network


                                              Huntsville Can
                                             Provide Cyber:
                                         • R&D
                                         • M&S
                                         • Engineering
                                         • T&E
                                         • Experimentation
                                      …To fight in a degraded cyber
                                      environment
                                      … To protect infrastructure




                                    Common Goal: To establish
                                   dominance in cyberspace to
                                 assure our critical infrastructure
                                      and national security


                                                                  11
                       Constructing Cyber Huntsville




         Build upon the teamwork and cooperation found in the
          Huntsville area to establish a Cyber alliance
         Leverage Huntsville’s cyber technology capabilities and
          significant, on-going cyber projects of national scope
         Draw upon the existing DoD, Federal, State, academic, and
          industry capabilities in technology, science, and services to
          build Huntsville as a Cyber Center of Excellence
         Serve as a regional center of cyber expertise, products,
          and services
          • Build locally and serve regionally and Nationally

Huntsville has been a Missile and Space Town for decades ---- It’s time to leverage the
         engineering, science, and R&D capabilities to become a Cyber Town


                                                                                    12
                          Integrated Cyber Domain



                                                              Defense
 Cyber requires highly integrated
  capabilities
                                               Intelligence                    Offense
  • No stovepipes
                                                              Cyberspace
  • No hierarchies
                                                  R&D         Ecosystem
                                                                              Execution
                                                 M&S
 Individual Organizations must leverage
  capabilities from others to be effective            Governance
                                                                           Human
                                                                           Capital

 This requires a high level of coordination
  across the functional areas of Cyber


    Huntsville Has All The Capabilities Necessary To Address The Cyber Challenge

                                                                                         13
     Organizational Concept



        Cyber Huntsville
        Advisory Panel



        Cyber Huntsville
        Working Group



Tennessee Valley Cyber Community




                                   14
                         Advisory Panel


 Requested to serve and provide advice
  • “Small” Group to Advise the Cyber Huntsville initiative
  • Senior Level Participation by Key Organizational Stakeholders.
    Provides Emphasis Within Their Organizations and within the
    community
  • Zealots for the Initiative
  • Influence In and Out of Huntsville
  • Interface and be responsive to elected officials
  • “Policy-level” guidance / strategy for implementing Cyber Huntsville

 Actions
  • Approve Cyber Huntsville initiative charter (Drafted by WG)
  • Provide Strategic guidance and direction for Cyber Huntsville
    Working Group activities
  • Promote / advocate the Cyber Huntsville mission



                                                                           15
                           Working Group

 WG Charter approved by Advisory Panel
 Takes strategic guidance from the Advisory Panel
 Executes the day-to-day activities of Cyber Huntsville Initiative
  • Larger Group of Executers
    –   Enthusiastically support Cyber Huntsville initiative
    –   Focused on cooperation and collaboration – one team!
    –   Organizes and executes Community outreach and conferences
    –   Study other “Cyber City” initiatives (best practices & lessons learned)
  • Composed of known Community Cyber leaders
 Provides Reports/updates to Advisory Group Meetings
 Near Term Actions
  • Develop group charter for Advisory Group’s approval
  • Develop the Cyber Huntsville Action Plan
  • Develop the Cyber Huntsville Strategic Roadmap for Advisory Group
    Approval
  • Document Current Huntsville Cyber Requirements (government and
    commercial) and Huntsville’s Current Cyber capabilities


                                                                                  16
                                      Working Group

                                Chair: Dr. Rodney Robertson
                                       Co-Chair: TBD

Local Government          Federal             Industry            Academia            Other
Mayors Office            SMDC               Small              UAH                FBI
Chamber of               SED                Medium             Auburn             Infraguard
Commerce                  AMCOM              Large              A&M                Local NCIS
County                   NASA                                   Calhoun            902d
Commission                MSIC                                                       DSS
Legislative              AMC
Delegations               MDA
                          TSMO
                          TVA
         Federal/DoD Organizations That Are Executing Cyber Tasks
         Companies With Significant Cyber Capabilities and Cyber Investments in Huntsville
         Educational Organizations Teaching Cyber Courses or Conducting Cyber Research
         Security and Law enforcement organizations involved in Cyber Security in Huntsville

            Working Group 1. Day-to-Day Operations of the Cyber Huntsville Activities
                             2. Frames Issues for Advisory Council/Mayor’s Decisions
            3. Coordinates Cyber Initiatives Across the Community

                                                                                                    17
                               Timeline

 19 November - Advisory Panel Kickoff
 13 January - Working Group Kickoff
 • 18 January – Map IPT membership and chairs
 • 25 January - Meet with IPT chairs
 • 1 February - Next working Group Meeting, UAH 8:00 – 10:00
 Early February – Advisory Panel Meeting
 • Draft Charter
 • IPT Membership
 Community Outreach Briefings
 • 10 Dec - HAMA
 • 19 Jan - Huntsville Advanced Defense Technology Cluster
 • 24 Jan - Space and Cyber Engineering / S&T Mega-Community Pilot
   Meeting
 WG Roadmap Draft
 • TBD (2011) – Cyber Event
Discussion
             19

								
To top