SlideShare uma empresa Scribd logo

27 Nov 2013 Cyber defence CDE themed competition presentations

Defence and Security Accelerator
Defence and Security Accelerator

Centre for Defence Enterprise (CDE) Innovation Network. Themed competition launch - Cyber defence: securing against the insider threat.

TecnologiaNegócios
1 de 34
Baixar para ler offline
Room 1 Cyber Defence: Securing Against the Insider Threat Centre for Defence Enterprise (CDE) themed competition 29 November 2013 © Crown copyright 2013 Dstl
Defence challenges in cyber security © Crown Copyright Dstl 2011
The threat, the risk • Increasing in complexity and scale • Diverse, asymmetric & symmetric • “Non-traditional” cyber threats – Electromagnetic attack • MOD’s business – Working in dangerous situations – An obvious target 29 November 2013 © Crown copyright 2013 Dstl
MOD networks • Large and varied – 70+ countries – 1200 UK sites – 800,000 IP addresses – 225,000 users – 95% is made up of 19 core systems with 1000 applications • Planned and ad hoc • Bought as a service 29 November 2013 © Crown copyright 2013 Dstl
Platforms and weapons • Increasingly cyber-enabled, connected platforms • Tighter integration with industry • Complex logistics and support • Supply-chain security 29 November 2013 © Crown copyright 2013 Dstl
“Strange and charmed” systems • Non-standard hardware, software and protocols • Legacy hardware, software and protocols • Low-bandwidth connectivity at the fringes • Outside the envelope of IA and cyber security 29 November 2013 © Crown copyright 2013 Dstl
Defence cyber S&T © Crown Copyright Dstl 2011
Defence cyber S&T programme • Part of national & MOD cyber programmes • £25m p/a and rising • Decision support • Operations • Situational awareness • Defence • Human factors 29 November 2013 © Crown copyright 2013 Dstl
The pipeline • Sponsoring research – Centre for Defence Enterprise (CDE) – Use of existing consortia – Shaping and co-sponsoring academic research – Commercial competitions • Assessing candidate technologies – Intelligent customer function • Test and evaluation – Testbed connected to MOD networks 29 November 2013 © Crown copyright 2013 Dstl
Future challenges • Scale and sophistication of threat – Situational awareness and defence – Big data • Pace of technical changes vs government – Domestic/professional co-existence, bring-your-own-device (BYOD) – Cloud – SMART • Defence-specific issues – Cyber in MOD’s mission – The “strange and charmed” © Crown Copyright Dstl 2011
Cyber Defence: Securing Against the Insider Threat CDE themed competition – launch 27 Nov 2013 29 November 2013 © Crown copyright 2013 Dstl UK UNCLASSIFIED
Cyber defence • Substantial efforts are focused on prevention of unauthorised access to systems or platforms • However, this does not prevent the potential abuse of legitimate credentials – Both illegitimate users of legitimate credentials and cyber insiders 29 November 2013 © Crown copyright 2013 Dstl UK UNCLASSIFIED
Insider threat • Employee activity (deliberate or accidental) is one of the main causes of internal IT security incidents that lead to the leakage of confidential corporate data • Potential issues for MOD – Reputational damage – Political/diplomatic fallout – National security © BBC 2013 29 November 2013 © Crown copyright 2013 Dstl UK UNCLASSIFIED
Aim of this CDE competition Dstl is looking for novel and innovative proofof-concept tools and techniques to detect cyber insider threats or abuse of legitimate user credentials, utilising host-based solutions 29 November 2013 © Crown copyright 2013 Dstl UK UNCLASSIFIED
Focus • Challenge is based on detecting anomalous behaviour – Utilising legitimate credentials Malware utilising legitimate credentials Unauthorised personnel utilising legitimate credentials • Three main aspects – Malware – Unauthorised personnel – Legitimate personnel 29 November 2013 © Crown copyright 2013 Dstl UK UNCLASSIFIED Legitimate personnel utilising legitimate credentials
Types of threat • Malware, individuals or groups Types of activities • Permanent staff, temporary staff or contractors • May be deliberate, accidental or under the influence of a third party Espionage Sabotage Fraud IP Theft Accidental damage Outcome is negative impact on confidentiality, availability and integrity of MOD data 29 November 2013 © Crown copyright 2013 Dstl UK UNCLASSIFIED
Anomalous behaviour • Includes that which is significantly different to the standard user behaviour for a given credential set – Especially that which increases the risk to the confidentiality, availability and integrity of MOD data • May only be obvious over time – Each individual action might be innocuous and within the users authorised scope of action • Need to consider the potential risk of actions and how this changes over time (cumulative risk) 29 November 2013 © Crown copyright 2013 Dstl UK UNCLASSIFIED
Insider threat • Users often go through five steps for malicious behaviour • However, later attribution is still valuable 1. Exploration 1 Detection 2. Experimentation 0.75 Likelihood 3. Exploitation 4. Execution 5. Escape/Evasion © Crown copyright 2013 Dstl Attribution 0.25 • Want to detect as early as possible 29 November 2013 0.5 0 UK UNCLASSIFIED Time
Baseline behaviour • To spot changes in behaviour, a baseline is needed – Requires minimum burden – Learns regular patterns (diurnal, seasonal, familiarity, aging) – Ideally can account for changes of role (resulting in changed patterns) – Flags, and ideally prioritises, different types of anomalous behaviour for investigation and mitigation – Can account for variance in background behaviour 29 November 2013 © Crown copyright 2013 Dstl UK UNCLASSIFIED
Pattern of life baseline M T W T F S S 1 Regular 2 Deadline 3 Remote 4 Change Host 5 Deployed 29 November 2013 © Crown copyright 2013 Dstl UK UNCLASSIFIED
Socio-technical indicators Including, but not limited to, aspects such as: Experiences Forensic linguistics etc Contextual Forensic authorship, structural semantic analysis etc Behavioural Aspects of the interaction between the user and the host or platform Physical Potential physical aspects of the user that can be tested and evaluated 29 November 2013 © Crown copyright 2013 Dstl UK UNCLASSIFIED
Socio-technical Indicators Including, but not limited to, aspects such as: Connectivity Levels of connectivity, location, bandwidth, access etc Data access Is this consistent with role, are new data sources being sought, etc Exploration Storage & offload 29 November 2013 © Crown copyright 2013 Dstl Is the user exploring new areas unrelated to them, are they trying to access different hosts, seeking new (and unrelated) data sources etc Is the user storing large quantities of data on the local host, are they trying to offload this etc UK UNCLASSIFIED
Socio-technical methods Including, but not limited to, methods such as: Heuristics Al/Bots/Neural Networks Grid Based/Vector Space/Frequency Analysis Statistical Algorithms 29 November 2013 © Crown copyright 2013 Dstl Both behavioural and technical – can we forecast what abnormal looks like for the host? Is it possible to train systems to identify anomalous behaviour? What are the signals of insider threat? Can we identify the stages of activity? Identifying weak signals within a noisy background – individual activities might be innocuous UK UNCLASSIFIED
Socio-technical indicators • No single indicator is likely to give a complete picture • Suppliers need to indentify relevant and complementary indicators that allow for detection of anomalous behaviour – Even when spread over a long time period • Indicators should allow for prioritisation of risk – Which activities are more likely to lead to serious impact to MOD digital assets? 29 November 2013 © Crown copyright 2013 Dstl UK UNCLASSIFIED
Host-based solution 29 November 2013 All images taken from theUK UNCLASSIFIED defence image database © Crown copyright 2013 © Crown copyright 2013 Dstl
Different types of host Analysis undertaken on an inline host Analysis directly on the host itself Inline Host Platform (eg ship’s plant) Host 29 November 2013 © Crown copyright 2013 Dstl UK UNCLASSIFIED
Central analysis Central analysis Host Host Host Host Potential to perform some central analysis. However, solutions must perform a level of analysis on the host – cannot merely undertake full packet capture 29 November 2013 © Crown copyright 2013 Dstl UK UNCLASSIFIED
Testing concept demonstrators • Suppliers are expected to be able to demonstrate the benefits of their chosen approach Data Metrics Suppliers need to have access to a suitable data source to test and refine their choice approach Suppliers need to choose appropriate metrics to demonstrate the benefits of their chosen approach Must be able to demonstrate to Dstl why their data source is applicable Must include computational burden, sensitivity and specificity 29 November 2013 © Crown copyright 2013 Dstl UK UNCLASSIFIED
What we want • Novel and innovative proof-of-concept demonstrators at Technology Readiness Level (TRL) 1-4 • Success metrics for the approach • An initial test plan against relevant exemplar data • A development plan beyond the initial proof-ofconcept phase • Solutions that consider the breadth of MOD hosts 29 November 2013 © Crown copyright 2013 Dstl UK UNCLASSIFIED
What we don’t want • Existing higher TRL solutions or network analysis tools • Proposals that: – Add substantial burden – Expand the threat surface – Force users to alter their behaviour – Do not include some form of demonstrator – Are proprietary black box solutions 29 November 2013 © Crown copyright 2013 Dstl UK UNCLASSIFIED
Levels of funding • Dstl have committed up to £1M of funding for the initial proof-of-concept demonstrators • No cap on the value of proposals – However more likely that a larger number of lower-value proposals (eg £50k - £150k) will be funded at this stage • Aiming for an initial demonstration within 3-5 months Submissions via the CDE Portal 17:00 Thursday 9 January 2014 29 November 2013 © Crown copyright 2013 Dstl UK UNCLASSIFIED
Every little helps... • Problem space is broad, complex and challenging • Requires interaction between physical and social sciences • Individual suppliers may only be able to provide a solution to part of the problem space – These pieces are still potentially of value – Networking and collaborating 29 November 2013 © Crown copyright 2013 Dstl UK UNCLASSIFIED © Dstl 2013
• Technical questions cybersecurityCDE@dstl.gov.uk • CDE questions cde@dstl.gov.uk 29 November 2013 © Crown copyright 2013 Dstl UK UNCLASSIFIED
In conclusion • Opportunity! • Innovation • Demonstration • Focus – Host-based solutions – Abuse of legitimate credentials – “Strange and charmed” • Closing date - Thursday 9 January 2014 at 17:00 hrs! 29 November 2013 © Crown copyright 2013 Dstl

Recomendados

Selling to The IT Department
Selling to The IT DepartmentSelling to The IT Department
Selling to The IT Department3VR Inc.
 
Interoperability and the Internet of Things – To standardize or not to standa...
Interoperability and the Internet of Things – To standardize or not to standa...Interoperability and the Internet of Things – To standardize or not to standa...
Interoperability and the Internet of Things – To standardize or not to standa...Real-Time Innovations (RTI)
 
Rothke Computer Forensics Show 2010 Deployment Strategies For Effective E...
Rothke Computer Forensics Show 2010 Deployment Strategies For Effective E...Rothke Computer Forensics Show 2010 Deployment Strategies For Effective E...
Rothke Computer Forensics Show 2010 Deployment Strategies For Effective E...Ben Rothke
 
Making sense of big data
Making sense of big dataMaking sense of big data
Making sense of big databis_foresight
 
Towards Privacy by Design. Key issues to unlock science.
Towards Privacy by Design. Key issues to unlock science.Towards Privacy by Design. Key issues to unlock science.
Towards Privacy by Design. Key issues to unlock science.Marlon Domingus
 
Avila 3 b
Avila 3 bAvila 3 b
Avila 3 bMichael Chastain
 
Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016InfinIT - Innovationsnetværket for it
 
Lecture Data Classification And Data Loss Prevention
Lecture Data Classification And Data Loss PreventionLecture Data Classification And Data Loss Prevention
Lecture Data Classification And Data Loss PreventionNicholas Davis
 

Recomendados

Selling to The IT Department
Selling to The IT DepartmentSelling to The IT Department
Selling to The IT Department3VR Inc.
 
Interoperability and the Internet of Things – To standardize or not to standa...
Interoperability and the Internet of Things – To standardize or not to standa...Interoperability and the Internet of Things – To standardize or not to standa...
Interoperability and the Internet of Things – To standardize or not to standa...Real-Time Innovations (RTI)
 
Rothke Computer Forensics Show 2010 Deployment Strategies For Effective E...
Rothke Computer Forensics Show 2010 Deployment Strategies For Effective E...Rothke Computer Forensics Show 2010 Deployment Strategies For Effective E...
Rothke Computer Forensics Show 2010 Deployment Strategies For Effective E...Ben Rothke
 
Making sense of big data
Making sense of big dataMaking sense of big data
Making sense of big databis_foresight
 
Towards Privacy by Design. Key issues to unlock science.
Towards Privacy by Design. Key issues to unlock science.Towards Privacy by Design. Key issues to unlock science.
Towards Privacy by Design. Key issues to unlock science.Marlon Domingus
 
Avila 3 b
Avila 3 bAvila 3 b
Avila 3 bMichael Chastain
 
Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016InfinIT - Innovationsnetværket for it
 
Lecture Data Classification And Data Loss Prevention
Lecture Data Classification And Data Loss PreventionLecture Data Classification And Data Loss Prevention
Lecture Data Classification And Data Loss PreventionNicholas Davis
 
Data Classification And Loss Prevention
Data Classification And Loss PreventionData Classification And Loss Prevention
Data Classification And Loss PreventionNicholas Davis
 
Collaborative defence strategies for network security
Collaborative defence strategies for network securityCollaborative defence strategies for network security
Collaborative defence strategies for network securitysonukumar142
 
Network security
Network securityNetwork security
Network securityUjjwal 'Shanu'
 
Development of Jisc security programme - Networkshop44
Development of Jisc security programme - Networkshop44Development of Jisc security programme - Networkshop44
Development of Jisc security programme - Networkshop44Jisc
 
The Inside Story: GE Healthcare's Industrial Internet of Things (IoT) Archite...
The Inside Story: GE Healthcare's Industrial Internet of Things (IoT) Archite...The Inside Story: GE Healthcare's Industrial Internet of Things (IoT) Archite...
The Inside Story: GE Healthcare's Industrial Internet of Things (IoT) Archite...Real-Time Innovations (RTI)
 
Cloud Computing Legal Risks And Best Practices
Cloud Computing Legal Risks And Best PracticesCloud Computing Legal Risks And Best Practices
Cloud Computing Legal Risks And Best Practiceslisaabe
 
Digital Evidence in Computer Forensic Investigations
Digital Evidence in Computer Forensic InvestigationsDigital Evidence in Computer Forensic Investigations
Digital Evidence in Computer Forensic InvestigationsFilip Maertens
 
The Evolution of Advanced Persistent Threats_The Current Risks and Mitigation...
The Evolution of Advanced Persistent Threats_The Current Risks and Mitigation...The Evolution of Advanced Persistent Threats_The Current Risks and Mitigation...
The Evolution of Advanced Persistent Threats_The Current Risks and Mitigation...Lumension
 
9 September 2014: automating cyber defence responses CDE themed competition
9 September 2014: automating cyber defence responses CDE themed competition9 September 2014: automating cyber defence responses CDE themed competition
9 September 2014: automating cyber defence responses CDE themed competitionDefence and Security Accelerator
 
18 Dec 2013 - CDE enduring challenge competition webinar
18 Dec 2013 - CDE enduring challenge competition webinar18 Dec 2013 - CDE enduring challenge competition webinar
18 Dec 2013 - CDE enduring challenge competition webinarDefence and Security Accelerator
 
Advanced Persistent Threat - Evaluating Effective Responses
Advanced Persistent Threat - Evaluating Effective ResponsesAdvanced Persistent Threat - Evaluating Effective Responses
Advanced Persistent Threat - Evaluating Effective ResponsesNetIQ
 
Precision Timing and Navigation - CDE themed call launch 23 April 2013
Precision Timing and Navigation - CDE themed call launch 23 April 2013Precision Timing and Navigation - CDE themed call launch 23 April 2013
Precision Timing and Navigation - CDE themed call launch 23 April 2013Defence and Security Accelerator
 
Security in cloud computing
Security in cloud computingSecurity in cloud computing
Security in cloud computingAbhishek Kumar Sinha
 
Cyber security: A roadmap to secure solutions
Cyber security: A roadmap to secure solutionsCyber security: A roadmap to secure solutions
Cyber security: A roadmap to secure solutionsSchneider Electric
 
Network Security for Computer science and Engineering.ppt
Network Security for Computer science and Engineering.pptNetwork Security for Computer science and Engineering.ppt
Network Security for Computer science and Engineering.pptAkfeteAssefa
 
The Value of Crowd-Sourced Threat Intelligence
The Value of Crowd-Sourced Threat IntelligenceThe Value of Crowd-Sourced Threat Intelligence
The Value of Crowd-Sourced Threat IntelligenceImperva
 
Monitoring security in the externalised organisation (Auscert 2013)
Monitoring security in the externalised organisation (Auscert 2013)Monitoring security in the externalised organisation (Auscert 2013)
Monitoring security in the externalised organisation (Auscert 2013)Huntsman Security
 
9780840024220 ppt ch01
9780840024220 ppt ch019780840024220 ppt ch01
9780840024220 ppt ch01Kristin Harrison
 
The National Archives cloud storage and digital preservation
The National Archives cloud storage and digital preservationThe National Archives cloud storage and digital preservation
The National Archives cloud storage and digital preservationThe-National-Archives
 
Isaca atlanta ulf mattsson - do you have a roadmap for eu gdpr
Isaca atlanta ulf mattsson - do you have a roadmap for eu gdprIsaca atlanta ulf mattsson - do you have a roadmap for eu gdpr
Isaca atlanta ulf mattsson - do you have a roadmap for eu gdprUlf Mattsson
 
Using NetFlow to Streamline Security Analysis and Response to Cyber Threats
Using NetFlow to Streamline Security Analysis and Response to Cyber ThreatsUsing NetFlow to Streamline Security Analysis and Response to Cyber Threats
Using NetFlow to Streamline Security Analysis and Response to Cyber ThreatsEmulex Corporation
 
Advanced threat protection and big data
Advanced threat protection and big dataAdvanced threat protection and big data
Advanced threat protection and big dataPeter Wood
 

Mais conteúdo relacionado

Mais procurados

Data Classification And Loss Prevention
Data Classification And Loss PreventionData Classification And Loss Prevention
Data Classification And Loss PreventionNicholas Davis
 
Collaborative defence strategies for network security
Collaborative defence strategies for network securityCollaborative defence strategies for network security
Collaborative defence strategies for network securitysonukumar142
 
Development of Jisc security programme - Networkshop44
Development of Jisc security programme - Networkshop44Development of Jisc security programme - Networkshop44
Development of Jisc security programme - Networkshop44Jisc
 
The Inside Story: GE Healthcare's Industrial Internet of Things (IoT) Archite...
The Inside Story: GE Healthcare's Industrial Internet of Things (IoT) Archite...The Inside Story: GE Healthcare's Industrial Internet of Things (IoT) Archite...
The Inside Story: GE Healthcare's Industrial Internet of Things (IoT) Archite...Real-Time Innovations (RTI)
 
Cloud Computing Legal Risks And Best Practices
Cloud Computing Legal Risks And Best PracticesCloud Computing Legal Risks And Best Practices
Cloud Computing Legal Risks And Best Practiceslisaabe
 
Digital Evidence in Computer Forensic Investigations
Digital Evidence in Computer Forensic InvestigationsDigital Evidence in Computer Forensic Investigations
Digital Evidence in Computer Forensic InvestigationsFilip Maertens
 

Mais procurados (7)

Data Classification And Loss Prevention
Data Classification And Loss PreventionData Classification And Loss Prevention
Data Classification And Loss Prevention
 
Collaborative defence strategies for network security
Collaborative defence strategies for network securityCollaborative defence strategies for network security
Collaborative defence strategies for network security
 
Network security
Network securityNetwork security
Network security
 
Development of Jisc security programme - Networkshop44
Development of Jisc security programme - Networkshop44Development of Jisc security programme - Networkshop44
Development of Jisc security programme - Networkshop44
 
The Inside Story: GE Healthcare's Industrial Internet of Things (IoT) Archite...
The Inside Story: GE Healthcare's Industrial Internet of Things (IoT) Archite...The Inside Story: GE Healthcare's Industrial Internet of Things (IoT) Archite...
The Inside Story: GE Healthcare's Industrial Internet of Things (IoT) Archite...
 
Cloud Computing Legal Risks And Best Practices
Cloud Computing Legal Risks And Best PracticesCloud Computing Legal Risks And Best Practices
Cloud Computing Legal Risks And Best Practices
 
Digital Evidence in Computer Forensic Investigations
Digital Evidence in Computer Forensic InvestigationsDigital Evidence in Computer Forensic Investigations
Digital Evidence in Computer Forensic Investigations
 

Semelhante a 27 Nov 2013 Cyber defence CDE themed competition presentations

The Evolution of Advanced Persistent Threats_The Current Risks and Mitigation...
The Evolution of Advanced Persistent Threats_The Current Risks and Mitigation...The Evolution of Advanced Persistent Threats_The Current Risks and Mitigation...
The Evolution of Advanced Persistent Threats_The Current Risks and Mitigation...Lumension
 
9 September 2014: automating cyber defence responses CDE themed competition
9 September 2014: automating cyber defence responses CDE themed competition9 September 2014: automating cyber defence responses CDE themed competition
9 September 2014: automating cyber defence responses CDE themed competitionDefence and Security Accelerator
 
Advanced Persistent Threat - Evaluating Effective Responses
Advanced Persistent Threat - Evaluating Effective ResponsesAdvanced Persistent Threat - Evaluating Effective Responses
Advanced Persistent Threat - Evaluating Effective ResponsesNetIQ
 
Precision Timing and Navigation - CDE themed call launch 23 April 2013
Precision Timing and Navigation - CDE themed call launch 23 April 2013Precision Timing and Navigation - CDE themed call launch 23 April 2013
Precision Timing and Navigation - CDE themed call launch 23 April 2013Defence and Security Accelerator
 
Cyber security: A roadmap to secure solutions
Cyber security: A roadmap to secure solutionsCyber security: A roadmap to secure solutions
Cyber security: A roadmap to secure solutionsSchneider Electric
 
Network Security for Computer science and Engineering.ppt
Network Security for Computer science and Engineering.pptNetwork Security for Computer science and Engineering.ppt
Network Security for Computer science and Engineering.pptAkfeteAssefa
 
The Value of Crowd-Sourced Threat Intelligence
The Value of Crowd-Sourced Threat IntelligenceThe Value of Crowd-Sourced Threat Intelligence
The Value of Crowd-Sourced Threat IntelligenceImperva
 
Monitoring security in the externalised organisation (Auscert 2013)
Monitoring security in the externalised organisation (Auscert 2013)Monitoring security in the externalised organisation (Auscert 2013)
Monitoring security in the externalised organisation (Auscert 2013)Huntsman Security
 
The National Archives cloud storage and digital preservation
The National Archives cloud storage and digital preservationThe National Archives cloud storage and digital preservation
The National Archives cloud storage and digital preservationThe-National-Archives
 
Isaca atlanta ulf mattsson - do you have a roadmap for eu gdpr
Isaca atlanta ulf mattsson - do you have a roadmap for eu gdprIsaca atlanta ulf mattsson - do you have a roadmap for eu gdpr
Isaca atlanta ulf mattsson - do you have a roadmap for eu gdprUlf Mattsson
 
Using NetFlow to Streamline Security Analysis and Response to Cyber Threats
Using NetFlow to Streamline Security Analysis and Response to Cyber ThreatsUsing NetFlow to Streamline Security Analysis and Response to Cyber Threats
Using NetFlow to Streamline Security Analysis and Response to Cyber ThreatsEmulex Corporation
 
Advanced threat protection and big data
Advanced threat protection and big dataAdvanced threat protection and big data
Advanced threat protection and big dataPeter Wood
 
Solving ICS Cybersecurity Challenges in the Electric Industry
Solving ICS Cybersecurity Challenges in the Electric IndustrySolving ICS Cybersecurity Challenges in the Electric Industry
Solving ICS Cybersecurity Challenges in the Electric IndustryDragos, Inc.
 
The Cloud Security Landscape
The Cloud Security LandscapeThe Cloud Security Landscape
The Cloud Security LandscapePeter Wood
 

Semelhante a 27 Nov 2013 Cyber defence CDE themed competition presentations (20)

The Evolution of Advanced Persistent Threats_The Current Risks and Mitigation...
The Evolution of Advanced Persistent Threats_The Current Risks and Mitigation...The Evolution of Advanced Persistent Threats_The Current Risks and Mitigation...
The Evolution of Advanced Persistent Threats_The Current Risks and Mitigation...
 
9 September 2014: automating cyber defence responses CDE themed competition
9 September 2014: automating cyber defence responses CDE themed competition9 September 2014: automating cyber defence responses CDE themed competition
9 September 2014: automating cyber defence responses CDE themed competition
 
18 Dec 2013 - CDE enduring challenge competition webinar
18 Dec 2013 - CDE enduring challenge competition webinar18 Dec 2013 - CDE enduring challenge competition webinar
18 Dec 2013 - CDE enduring challenge competition webinar
 
Advanced Persistent Threat - Evaluating Effective Responses
Advanced Persistent Threat - Evaluating Effective ResponsesAdvanced Persistent Threat - Evaluating Effective Responses
Advanced Persistent Threat - Evaluating Effective Responses
 
Precision Timing and Navigation - CDE themed call launch 23 April 2013
Precision Timing and Navigation - CDE themed call launch 23 April 2013Precision Timing and Navigation - CDE themed call launch 23 April 2013
Precision Timing and Navigation - CDE themed call launch 23 April 2013
 
Security in cloud computing
Security in cloud computingSecurity in cloud computing
Security in cloud computing
 
Cyber security: A roadmap to secure solutions
Cyber security: A roadmap to secure solutionsCyber security: A roadmap to secure solutions
Cyber security: A roadmap to secure solutions
 
Network Security for Computer science and Engineering.ppt
Network Security for Computer science and Engineering.pptNetwork Security for Computer science and Engineering.ppt
Network Security for Computer science and Engineering.ppt
 
The Value of Crowd-Sourced Threat Intelligence
The Value of Crowd-Sourced Threat IntelligenceThe Value of Crowd-Sourced Threat Intelligence
The Value of Crowd-Sourced Threat Intelligence
 
Monitoring security in the externalised organisation (Auscert 2013)
Monitoring security in the externalised organisation (Auscert 2013)Monitoring security in the externalised organisation (Auscert 2013)
Monitoring security in the externalised organisation (Auscert 2013)
 
9780840024220 ppt ch01
9780840024220 ppt ch019780840024220 ppt ch01
9780840024220 ppt ch01
 
The National Archives cloud storage and digital preservation
The National Archives cloud storage and digital preservationThe National Archives cloud storage and digital preservation
The National Archives cloud storage and digital preservation
 
Isaca atlanta ulf mattsson - do you have a roadmap for eu gdpr
Isaca atlanta ulf mattsson - do you have a roadmap for eu gdprIsaca atlanta ulf mattsson - do you have a roadmap for eu gdpr
Isaca atlanta ulf mattsson - do you have a roadmap for eu gdpr
 
Using NetFlow to Streamline Security Analysis and Response to Cyber Threats
Using NetFlow to Streamline Security Analysis and Response to Cyber ThreatsUsing NetFlow to Streamline Security Analysis and Response to Cyber Threats
Using NetFlow to Streamline Security Analysis and Response to Cyber Threats
 
Advanced threat protection and big data
Advanced threat protection and big dataAdvanced threat protection and big data
Advanced threat protection and big data
 
Security challenges in 2017
Security challenges in 2017Security challenges in 2017
Security challenges in 2017
 
27 Nov 2013 CDE enduring challenge competition briefings
27 Nov 2013 CDE enduring challenge competition briefings27 Nov 2013 CDE enduring challenge competition briefings
27 Nov 2013 CDE enduring challenge competition briefings
 
Solving ICS Cybersecurity Challenges in the Electric Industry
Solving ICS Cybersecurity Challenges in the Electric IndustrySolving ICS Cybersecurity Challenges in the Electric Industry
Solving ICS Cybersecurity Challenges in the Electric Industry
 
The Cloud Security Landscape
The Cloud Security LandscapeThe Cloud Security Landscape
The Cloud Security Landscape
 
The fourth industrial revolution
The fourth industrial revolutionThe fourth industrial revolution
The fourth industrial revolution
 

Mais de Defence and Security Accelerator

DASA Security Showcase - Department for International Trade Presentation
DASA Security Showcase - Department for International Trade PresentationDASA Security Showcase - Department for International Trade Presentation
DASA Security Showcase - Department for International Trade PresentationDefence and Security Accelerator
 
DASA Security Showcase - Department for Transport and Home Office Presentation
DASA Security Showcase - Department for Transport and Home Office PresentationDASA Security Showcase - Department for Transport and Home Office Presentation
DASA Security Showcase - Department for Transport and Home Office PresentationDefence and Security Accelerator
 
Finding, funding and exploiting innovation for the benefit of UK Defence and ...
Finding, funding and exploiting innovation for the benefit of UK Defence and ...Finding, funding and exploiting innovation for the benefit of UK Defence and ...
Finding, funding and exploiting innovation for the benefit of UK Defence and ...Defence and Security Accelerator
 
DASA Jim Pennycook - challenge and opportunity - DSEI 2017
DASA Jim Pennycook - challenge and opportunity - DSEI 2017DASA Jim Pennycook - challenge and opportunity - DSEI 2017
DASA Jim Pennycook - challenge and opportunity - DSEI 2017Defence and Security Accelerator
 
27 July 2017 Innovation nework event: how to create a great proposal
27 July 2017 Innovation nework event: how to create a great proposal27 July 2017 Innovation nework event: how to create a great proposal
27 July 2017 Innovation nework event: how to create a great proposalDefence and Security Accelerator
 
27 July 2017 Innovation nework event: Working with the Accelerator
27 July 2017 Innovation nework event: Working with the Accelerator 27 July 2017 Innovation nework event: Working with the Accelerator
27 July 2017 Innovation nework event: Working with the Accelerator Defence and Security Accelerator
 
CDE themed challenge - Beyond battery power: the technical challenge and futu...
CDE themed challenge - Beyond battery power: the technical challenge and futu...CDE themed challenge - Beyond battery power: the technical challenge and futu...
CDE themed challenge - Beyond battery power: the technical challenge and futu...Defence and Security Accelerator
 
Introduction to the Centre for Defence Enterprise and introducing the Defence...
Introduction to the Centre for Defence Enterprise and introducing the Defence...Introduction to the Centre for Defence Enterprise and introducing the Defence...
Introduction to the Centre for Defence Enterprise and introducing the Defence...Defence and Security Accelerator
 

Mais de Defence and Security Accelerator (20)

DASA Security Showcase - Department for International Trade Presentation
DASA Security Showcase - Department for International Trade PresentationDASA Security Showcase - Department for International Trade Presentation
DASA Security Showcase - Department for International Trade Presentation
 
DASA Security Showcase - UK Fire Service Presentation
DASA Security Showcase - UK Fire Service Presentation DASA Security Showcase - UK Fire Service Presentation
DASA Security Showcase - UK Fire Service Presentation
 
DASA Security Showcase - Department for Transport and Home Office Presentation
DASA Security Showcase - Department for Transport and Home Office PresentationDASA Security Showcase - Department for Transport and Home Office Presentation
DASA Security Showcase - Department for Transport and Home Office Presentation
 
DASA Security Showcase - DASA Presentation
DASA Security Showcase - DASA PresentationDASA Security Showcase - DASA Presentation
DASA Security Showcase - DASA Presentation
 
DASA Security Showcase - Bank of England Presentation
DASA Security Showcase - Bank of England PresentationDASA Security Showcase - Bank of England Presentation
DASA Security Showcase - Bank of England Presentation
 
Finding, funding and exploiting innovation for the benefit of UK Defence and ...
Finding, funding and exploiting innovation for the benefit of UK Defence and ...Finding, funding and exploiting innovation for the benefit of UK Defence and ...
Finding, funding and exploiting innovation for the benefit of UK Defence and ...
 
DASA Jim Pennycook - challenge and opportunity - DSEI 2017
DASA Jim Pennycook - challenge and opportunity - DSEI 2017DASA Jim Pennycook - challenge and opportunity - DSEI 2017
DASA Jim Pennycook - challenge and opportunity - DSEI 2017
 
27 July 2017 Innovation nework event: how to create a great proposal
27 July 2017 Innovation nework event: how to create a great proposal27 July 2017 Innovation nework event: how to create a great proposal
27 July 2017 Innovation nework event: how to create a great proposal
 
27 July 2017 Innovation nework event: Working with the Accelerator
27 July 2017 Innovation nework event: Working with the Accelerator 27 July 2017 Innovation nework event: Working with the Accelerator
27 July 2017 Innovation nework event: Working with the Accelerator
 
Improving crowd resilience themed competition slides
Improving crowd resilience themed competition slidesImproving crowd resilience themed competition slides
Improving crowd resilience themed competition slides
 
Accelerator First Innovation Fund network event Session 1
Accelerator First Innovation Fund network event Session 1Accelerator First Innovation Fund network event Session 1
Accelerator First Innovation Fund network event Session 1
 
CDE themed comp -syn-bio part 2
CDE themed comp -syn-bio part 2CDE themed comp -syn-bio part 2
CDE themed comp -syn-bio part 2
 
CDE themed comp - synbio part 1
CDE themed comp - synbio part 1CDE themed comp - synbio part 1
CDE themed comp - synbio part 1
 
Beyond battery power: future autonomy
Beyond battery power: future autonomy Beyond battery power: future autonomy
Beyond battery power: future autonomy
 
CDE themed challenge - Beyond battery power: the technical challenge and futu...
CDE themed challenge - Beyond battery power: the technical challenge and futu...CDE themed challenge - Beyond battery power: the technical challenge and futu...
CDE themed challenge - Beyond battery power: the technical challenge and futu...
 
Beyond battery power - CDE themed competition part 2
Beyond battery power - CDE themed competition part 2Beyond battery power - CDE themed competition part 2
Beyond battery power - CDE themed competition part 2
 
Beyond battery power - CDE themed competition part 1
Beyond battery power - CDE themed competition part 1Beyond battery power - CDE themed competition part 1
Beyond battery power - CDE themed competition part 1
 
Beyond battery power - how the competition will work
Beyond battery power - how the competition will workBeyond battery power - how the competition will work
Beyond battery power - how the competition will work
 
Introduction to the Centre for Defence Enterprise and introducing the Defence...
Introduction to the Centre for Defence Enterprise and introducing the Defence...Introduction to the Centre for Defence Enterprise and introducing the Defence...
Introduction to the Centre for Defence Enterprise and introducing the Defence...
 
CDE Competition on FASS - technology challenge 1
CDE Competition on FASS - technology challenge 1CDE Competition on FASS - technology challenge 1
CDE Competition on FASS - technology challenge 1
 

Último

Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 

Último (20)

Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 

27 Nov 2013 Cyber defence CDE themed competition presentations

  • 1. Room 1 Cyber Defence: Securing Against the Insider Threat Centre for Defence Enterprise (CDE) themed competition 29 November 2013 © Crown copyright 2013 Dstl
  • 2. Defence challenges in cyber security © Crown Copyright Dstl 2011
  • 3. The threat, the risk • Increasing in complexity and scale • Diverse, asymmetric & symmetric • “Non-traditional” cyber threats – Electromagnetic attack • MOD’s business – Working in dangerous situations – An obvious target 29 November 2013 © Crown copyright 2013 Dstl
  • 4. MOD networks • Large and varied – 70+ countries – 1200 UK sites – 800,000 IP addresses – 225,000 users – 95% is made up of 19 core systems with 1000 applications • Planned and ad hoc • Bought as a service 29 November 2013 © Crown copyright 2013 Dstl
  • 5. Platforms and weapons • Increasingly cyber-enabled, connected platforms • Tighter integration with industry • Complex logistics and support • Supply-chain security 29 November 2013 © Crown copyright 2013 Dstl
  • 6. “Strange and charmed” systems • Non-standard hardware, software and protocols • Legacy hardware, software and protocols • Low-bandwidth connectivity at the fringes • Outside the envelope of IA and cyber security 29 November 2013 © Crown copyright 2013 Dstl
  • 7. Defence cyber S&T © Crown Copyright Dstl 2011
  • 8. Defence cyber S&T programme • Part of national & MOD cyber programmes • £25m p/a and rising • Decision support • Operations • Situational awareness • Defence • Human factors 29 November 2013 © Crown copyright 2013 Dstl
  • 9. The pipeline • Sponsoring research – Centre for Defence Enterprise (CDE) – Use of existing consortia – Shaping and co-sponsoring academic research – Commercial competitions • Assessing candidate technologies – Intelligent customer function • Test and evaluation – Testbed connected to MOD networks 29 November 2013 © Crown copyright 2013 Dstl
  • 10. Future challenges • Scale and sophistication of threat – Situational awareness and defence – Big data • Pace of technical changes vs government – Domestic/professional co-existence, bring-your-own-device (BYOD) – Cloud – SMART • Defence-specific issues – Cyber in MOD’s mission – The “strange and charmed” © Crown Copyright Dstl 2011
  • 11. Cyber Defence: Securing Against the Insider Threat CDE themed competition – launch 27 Nov 2013 29 November 2013 © Crown copyright 2013 Dstl UK UNCLASSIFIED
  • 12. Cyber defence • Substantial efforts are focused on prevention of unauthorised access to systems or platforms • However, this does not prevent the potential abuse of legitimate credentials – Both illegitimate users of legitimate credentials and cyber insiders 29 November 2013 © Crown copyright 2013 Dstl UK UNCLASSIFIED
  • 13. Insider threat • Employee activity (deliberate or accidental) is one of the main causes of internal IT security incidents that lead to the leakage of confidential corporate data • Potential issues for MOD – Reputational damage – Political/diplomatic fallout – National security © BBC 2013 29 November 2013 © Crown copyright 2013 Dstl UK UNCLASSIFIED
  • 14. Aim of this CDE competition Dstl is looking for novel and innovative proofof-concept tools and techniques to detect cyber insider threats or abuse of legitimate user credentials, utilising host-based solutions 29 November 2013 © Crown copyright 2013 Dstl UK UNCLASSIFIED
  • 15. Focus • Challenge is based on detecting anomalous behaviour – Utilising legitimate credentials Malware utilising legitimate credentials Unauthorised personnel utilising legitimate credentials • Three main aspects – Malware – Unauthorised personnel – Legitimate personnel 29 November 2013 © Crown copyright 2013 Dstl UK UNCLASSIFIED Legitimate personnel utilising legitimate credentials
  • 16. Types of threat • Malware, individuals or groups Types of activities • Permanent staff, temporary staff or contractors • May be deliberate, accidental or under the influence of a third party Espionage Sabotage Fraud IP Theft Accidental damage Outcome is negative impact on confidentiality, availability and integrity of MOD data 29 November 2013 © Crown copyright 2013 Dstl UK UNCLASSIFIED
  • 17. Anomalous behaviour • Includes that which is significantly different to the standard user behaviour for a given credential set – Especially that which increases the risk to the confidentiality, availability and integrity of MOD data • May only be obvious over time – Each individual action might be innocuous and within the users authorised scope of action • Need to consider the potential risk of actions and how this changes over time (cumulative risk) 29 November 2013 © Crown copyright 2013 Dstl UK UNCLASSIFIED
  • 18. Insider threat • Users often go through five steps for malicious behaviour • However, later attribution is still valuable 1. Exploration 1 Detection 2. Experimentation 0.75 Likelihood 3. Exploitation 4. Execution 5. Escape/Evasion © Crown copyright 2013 Dstl Attribution 0.25 • Want to detect as early as possible 29 November 2013 0.5 0 UK UNCLASSIFIED Time
  • 19. Baseline behaviour • To spot changes in behaviour, a baseline is needed – Requires minimum burden – Learns regular patterns (diurnal, seasonal, familiarity, aging) – Ideally can account for changes of role (resulting in changed patterns) – Flags, and ideally prioritises, different types of anomalous behaviour for investigation and mitigation – Can account for variance in background behaviour 29 November 2013 © Crown copyright 2013 Dstl UK UNCLASSIFIED
  • 20. Pattern of life baseline M T W T F S S 1 Regular 2 Deadline 3 Remote 4 Change Host 5 Deployed 29 November 2013 © Crown copyright 2013 Dstl UK UNCLASSIFIED
  • 21. Socio-technical indicators Including, but not limited to, aspects such as: Experiences Forensic linguistics etc Contextual Forensic authorship, structural semantic analysis etc Behavioural Aspects of the interaction between the user and the host or platform Physical Potential physical aspects of the user that can be tested and evaluated 29 November 2013 © Crown copyright 2013 Dstl UK UNCLASSIFIED
  • 22. Socio-technical Indicators Including, but not limited to, aspects such as: Connectivity Levels of connectivity, location, bandwidth, access etc Data access Is this consistent with role, are new data sources being sought, etc Exploration Storage & offload 29 November 2013 © Crown copyright 2013 Dstl Is the user exploring new areas unrelated to them, are they trying to access different hosts, seeking new (and unrelated) data sources etc Is the user storing large quantities of data on the local host, are they trying to offload this etc UK UNCLASSIFIED
  • 23. Socio-technical methods Including, but not limited to, methods such as: Heuristics Al/Bots/Neural Networks Grid Based/Vector Space/Frequency Analysis Statistical Algorithms 29 November 2013 © Crown copyright 2013 Dstl Both behavioural and technical – can we forecast what abnormal looks like for the host? Is it possible to train systems to identify anomalous behaviour? What are the signals of insider threat? Can we identify the stages of activity? Identifying weak signals within a noisy background – individual activities might be innocuous UK UNCLASSIFIED
  • 24. Socio-technical indicators • No single indicator is likely to give a complete picture • Suppliers need to indentify relevant and complementary indicators that allow for detection of anomalous behaviour – Even when spread over a long time period • Indicators should allow for prioritisation of risk – Which activities are more likely to lead to serious impact to MOD digital assets? 29 November 2013 © Crown copyright 2013 Dstl UK UNCLASSIFIED
  • 25. Host-based solution 29 November 2013 All images taken from theUK UNCLASSIFIED defence image database © Crown copyright 2013 © Crown copyright 2013 Dstl
  • 26. Different types of host Analysis undertaken on an inline host Analysis directly on the host itself Inline Host Platform (eg ship’s plant) Host 29 November 2013 © Crown copyright 2013 Dstl UK UNCLASSIFIED
  • 27. Central analysis Central analysis Host Host Host Host Potential to perform some central analysis. However, solutions must perform a level of analysis on the host – cannot merely undertake full packet capture 29 November 2013 © Crown copyright 2013 Dstl UK UNCLASSIFIED
  • 28. Testing concept demonstrators • Suppliers are expected to be able to demonstrate the benefits of their chosen approach Data Metrics Suppliers need to have access to a suitable data source to test and refine their choice approach Suppliers need to choose appropriate metrics to demonstrate the benefits of their chosen approach Must be able to demonstrate to Dstl why their data source is applicable Must include computational burden, sensitivity and specificity 29 November 2013 © Crown copyright 2013 Dstl UK UNCLASSIFIED
  • 29. What we want • Novel and innovative proof-of-concept demonstrators at Technology Readiness Level (TRL) 1-4 • Success metrics for the approach • An initial test plan against relevant exemplar data • A development plan beyond the initial proof-ofconcept phase • Solutions that consider the breadth of MOD hosts 29 November 2013 © Crown copyright 2013 Dstl UK UNCLASSIFIED
  • 30. What we don’t want • Existing higher TRL solutions or network analysis tools • Proposals that: – Add substantial burden – Expand the threat surface – Force users to alter their behaviour – Do not include some form of demonstrator – Are proprietary black box solutions 29 November 2013 © Crown copyright 2013 Dstl UK UNCLASSIFIED
  • 31. Levels of funding • Dstl have committed up to £1M of funding for the initial proof-of-concept demonstrators • No cap on the value of proposals – However more likely that a larger number of lower-value proposals (eg £50k - £150k) will be funded at this stage • Aiming for an initial demonstration within 3-5 months Submissions via the CDE Portal 17:00 Thursday 9 January 2014 29 November 2013 © Crown copyright 2013 Dstl UK UNCLASSIFIED
  • 32. Every little helps... • Problem space is broad, complex and challenging • Requires interaction between physical and social sciences • Individual suppliers may only be able to provide a solution to part of the problem space – These pieces are still potentially of value – Networking and collaborating 29 November 2013 © Crown copyright 2013 Dstl UK UNCLASSIFIED © Dstl 2013
  • 33. • Technical questions cybersecurityCDE@dstl.gov.uk • CDE questions cde@dstl.gov.uk 29 November 2013 © Crown copyright 2013 Dstl UK UNCLASSIFIED
  • 34. In conclusion • Opportunity! • Innovation • Demonstration • Focus – Host-based solutions – Abuse of legitimate credentials – “Strange and charmed” • Closing date - Thursday 9 January 2014 at 17:00 hrs! 29 November 2013 © Crown copyright 2013 Dstl