Published on February 4, 2014
SECURITY IN LARGE, STRATEGIC AND COMPLEX SYSTEMS Dr. ing. Marco Lisi (firstname.lastname@example.org) Master di II Livello in "Homeland Security" Università degli Studi Campus Bio-Medico di Roma, A. A. 2012-2013
Introduction All critical infrastructures of our society rely on ICT systems, rendering them more intelligent but more vulnerable at the same time Cybercrime caused about US $67 billion to US companies in 2004, according to an estimate based on the Federal Bureau of Investigation’s 2005 Computer Crime Survey A 2011 report commissioned by the UK Cabinet office estimated cybercrime’s annual cost to the UK to be to be £27bn (about 1.8% of GDP) Information security is a “must have” option not only for “dual use” systems, but in general for all those systems constituting critical infrastructures or devoted to emergency services, disaster recovery, crisis management, homeland security, environment monitoring and control 2
Projects and Systems Evolution 3
Products vs. Services Cars Highways Trains Railways Stations Parking areas Aircrafts Airports Ships Etc. 4
From Platforms to Service Systems 5
WIRED MAGAZINE: Wired Issue 15.12 How Technology Almost Lost the War: In Iraq, the Critical Networks Are Social — Not Electronic The future of war began with an act of faith. In 1991, Navy captain Arthur Cebrowski met John Garstka, a captain in the Air Force, at a McLean, Virginia, Bible-study class. The two quickly discovered they shared more than just their conservative Catholic beliefs. They both had an interest in military strategy. (…) Over the next several years, the two men traded ideas and compared experiences. They visited businesses embracing the information revolution, ultimately becoming convinced that the changes sweeping the corporate world had applications for the military as well. (…) In an article for the January 1998 issue of the naval journal Proceedings, "Network-Centric Warfare: Its Origin and Future“, they not only named the philosophy but laid out a new direction for how the US would think about war. Their model was Wal-Mart. Here was a sprawling, bureaucratic monster of an organization — sound familiar? — that still managed to automatically order a new lightbulb every time it sold one. Warehouses were networked, but so were individual cash registers. So were the guys who sold Wal-Mart the bulbs. If that company could wire everyone together and become more efficient, then US forces could, too.
From Network‐Centric Warfare Systems… 8
…To Network‐Centric “Welfare” Systems 9
How many more disasters like these can we tolerate? 10
Net‐Centric Emergency Response System 11
Large and Complex Systems (1/2) A large and complex system is a system composed of a large number of interconnected elements, often developed and deployed worldwide, which interact dynamically, giving rise to emergent properties Examples of complex systems for civil applications include: 12 global satellite navigation systems air traffic control systems railway control systems space systems such as the International Space Station or space transportation and exploration vehicles surveillance, Earth observation and Homeland security systems electric power distribution systems telecommunication systems complex computer networks, including Internet.
Large and Complex Systems (2/2) A complex system often integrates existing systems (or parts of them) in an overall large-scale architecture (“System of systems”) containing a large number of interfaces and implementing multiple modes of operation, in a highly dynamic environment Large and complex systems require extensive logistics and maintenance support capabilities Large and complex space-based systems (e.g. Galileo) are conceived to be in service for a long time; in this case the evolution of the system (upgradings and modifications) has to be taken into account from the beginning. 13
Characteristics of Service Systems Large and complex systems Software intensive (several million lines of code) Capabilities-based rather than platform-based Organization and governance (human factor) Technical performance is a prerequisite for production and delivery of services, not a final objective Requirements related to operations, in addition to technical ones, assume a very high relevance: Quality of Service (QoS) Reliability, Availability, Continuity Maintainability Safety Security 14 Flexibility Expandability Interoperability Resilience
"Systems of Systems" and Information Security Security standards often demand that a system be disconnected from all networks before it can be given the highest security rating In a “system of systems”, based on an “open” architecture, trusted and untrusted domains need to co-exist and operate together A connected machine (or system) is a vulnerable machine (or system). But a “system of systems” is inherently “network-centric” This apparent contradiction must be resolved, finding the optimum balance between protection of information and availability of it Need for security certification standards, encryption techniques, “air gap” and firewall technologies, secure gateways and network routers 15
• The Common Criteria Standard The Common Criteria (ISO/IEC 15408-2005) define the international standard for performing and documenting the security certification of an ICT system • The Common Criteria define a set of seven “Evaluation Assurance Levels” • An EAL 1 Common Criteria Evaluation requires a small set of assurance activities and provides a relatively low level of confidence in the product protection, whereas an EAL 7 Common Criteria Evaluation requires a large set of activities which provide a very high level of 16 confidence.
Common Criteria Evaluation Assurance Levels (EAL’s) EAL1 - functionally tested EAL2 - structurally tested EAL3 - methodically tested and checked EAL4 - methodically designed, tested and reviewed EAL5 - semiformally designed and tested EAL6 - semiformally verified design and tested EAL7 - formally verified design and tested 17
Common Criteria Certification: Open Issues • Long time required for the execution of the • • • • • • • 18 evaluation/certification process High cost of the evaluation/certification process Need for “air-gap” technologies at the boundaries between trusted and untrusted domains Availability of jointly certified hardware and software platforms Severe limitations in the use of commercial off-theshelf (COTS) software products Limitations in the use of commonly adopted communications protocols (e.g. TCP/IP) Loss of certification because of minor modifications or obsolescence of both hardware and software Need for “encapsulation” techniques for the utilization of non-certified components
Conclusions In today’s world the demand for safety, security and value-added services is increasing at a very fast pace This implies the development of complex, integrated, highly networked systems or “systems of systems” The “network-centric” paradigm, originally conceived for military applications, is progressively migrating towards “welfare” applications, such as safety, security, environment protection and monitoring As technology and communications become commodities, value-added services will be provided in the future by ever more complex systems, based on network-centric architectures September 13 Page 19
SECURITY IN SATELLITE SYSTEMS Dr. ing. Marco Lisi (email@example.com) Master di II Livello in "Homeland Security" Università degli Studi Campus Bio-Medico di Roma, A. A. 2012-2013
Summary All critical infrastructures of our society rely on ICT systems; their confidentiality, availability, integrity, continuity and quality of service have to be guaranteed and protected Satellite systems, integrated into world-wide ICT infrastructures, are more and more vulnerable to intentional and non-intentional threats Satellite security is often limited to encryption and anti-jamming technologies, but satellite ground segments are exposed to the same type of threats typically experienced by terrestrial information systems Information security is no longer a “nice to have”, but rather a “must have” option. 26/09/2013
Satellite Integration in Network‐Centric Architectures 26/09/2013
Satellite Pirating The most famous case of satellite pirating is that of John MacDougall, alias “Captain Midnight”, who was able in 1986 to superimpose his messages onto a commercial DTH TV channel. 26/09/2013
Satellite System Components and Links 26/09/2013
Unintentional Threats to Satellite Systems 26/09/2013
Intentional Threats to Satellite Systems 26/09/2013
Satellite Systems: Threats and Countermeasures 26/09/2013
Spacecraft Communications Infrastructure 26/09/2013
Space Communications Standards The European Space Agency (ESA) is integrating security features into its space communications standards ESA communications with its spacecrafts are based on the CCSDS (Consultative Committee for Space Data Systems) Packet TM/TC Protocol Family, that does not presently integrate default security features CCSDS, however, has proposed new standards (Space Communication Protocol Standards, SCPS) providing built-in security support functions. 26/09/2013
Conclusions In a network-centric perspective, satellite systems need to incorporate standardized and certifiable approaches to information security So far information security has been perceived as a customized add-on, leading to a variety of security requirements and to a number of proprietary solutions, adopted by space agencies and industries Certification standards and security solutions for network-centric military systems can be effectively applied to complex, network-centric satellite systems Information security features, including encryption, keys management and conditional access control, will have to be designed into the network from the beginning, as an integral part of it. All rights reserved © 2007, Telespazio 26/09/2013
The Galileo System, Services and Security Accreditation Dr. ing. Marco Lisi European Space Agency Special Advisor to the European Commission and to the European GNSS Agency Navigation solutions powered by Europe
Summary • EGNOS and Galileo are the key elements of the European • • • navigation “system of systems”, a strategic and critical infrastructure of the European Union; The Galileo global navigation satellite system, joint initiative by the European Union and the European Space Agency, is one of the most ambitious and technologically advanced service systems being developed in Europe, by European industries and with European resources; While the system procurement and deployment proceed following an incremental Implementation Plan, all steps are being taken for the delivery of Early Services; After a political decision of Vice-President Antonio Tajani, then included by President Manuel Barroso in the agenda of the European Commission, Galileo will start officially delivering Early Services, i.e. the guaranteed and committed delivery of capabilities to the community of potential customers/users, as from the end of 2014.
Galileo Implementation Plan
The Galileo Constellation
Galileo IOV Spacecraft
Galileo FOC Spacecraft
From a System… 38
…to a Service Galileo Service Centre, Madrid European GNSS Agency (GSA), Prague Early Services Task Force Galileo Security Monitoring Centre Galileo System Infrastructure 39
Galileo Deployed Configuration
Galileo Service Centers in Europe
Galileo Stations for Early Services
GALILEO: The System ... Direct C-band Up-links for Integrity Constellation - 30 MEO Satellites Total: 5 S-band heads Total: at least 31 C-band heads 13 m antenna Mission C-band Up-link (Nav/Integ/SAR/NRS/PRS) TT&C S-band Up-link 5 combined Galileo Up-links Sites (global coverage) SDDN Mission C-band Up-link (Nav/Integ/SAR/NRS/PRS) + 4 dedicated Mission Up-links Sites MDDN/ ULS Network ERIS ERIS - External Regional Integrity Systems GCS - Galileo Control System GMS - Galileo Mission System GSS - Galileo Sensor Stations Ground Control and Mission Segments Facilities MDDN - Mission Data Dissemination Network NRS - Navigation Related Service to external Service Providers and other entities Galileo Control Centre 2 (GCC2) (geographical redundant) PRS - Public Regulated Service SAR - Search And Rescue SDDN - Satallite Data Dissemination Network TT&C - Telemetry, Tracking and Telecommand Galileo Control Centre 1 (GCC1) ULS - Up-Link Station MDDN/ GSS Network Elements of GCS and GMS Elements of GMS ~ 40 GSS Elements of GCS 43
The Galileo “System of Systems” 44
Galileo Security Doctrine 45
Accreditation Core Activities Accreditation Authority Security Accreditation Board (SAB) Galileo Security Accreditation Panel (GSAP) Crypto Distribution Authority (CDA) System accreditation System design review System audits Verify that all Galileo security requirements are met Site accreditation Audits and on-site inspections Ensure that local security requirements are met Components Review Security Targets Follow evaluation and certification process PRS User Segment PRS receiver certification, evaluation and accreditation PRS manufacturers accreditation 46
Available GNSS (GPS) Jammers 47
Susceptibility to Interference/Jamming 48
Conclusion Galileo is ready and eager to serve 49
Presentación que realice en el Evento Nacional de Gobierno Abierto, realizado los ...
In this presentation we will describe our experience developing with a highly dyna...
Presentation to the LITA Forum 7th November 2014 Albuquerque, NM
Un recorrido por los cambios que nos generará el wearabletech en el futuro
Um paralelo entre as novidades & mercado em Wearable Computing e Tecnologias Assis...
1. SECURITY IN LARGE, STRATEGIC AND COMPLEX SYSTEMS Dr. ing. Marco Lisi (firstname.lastname@example.org) Master di II Livello in "Homeland Security" Università ...
Centralized Security Management for Large ... management systems. With each security ... exceedingly complex. Device, network and security aspects ...
Risk Management in Complex Product Systems (CoPS) ... on the precept that risk management is essentially a strategic change ... in large-scale complex ...
... AND STRATEGIC SECURITY EVENTS ON LARGE AND ... realized systems which attempt to visualize security ... security of a large and complex ...
Transforming the Practice of Engineering for Large Complex Systems ... complex systems critical to our national security, ... of Strategic Initiatives ...
Ultra-large-scale systems hold ... Managing traditional qualities such as security, ... The UK’s research programme in Large-scale Complex IT Systems ...
... Complex Systems, Big Data/Secure Computing ... Computer Systems Security (CIACSS) ... relies on the theory of Complex Systems. This strategic
SCS and BiG announce strategic partnership. ... Defence and security consultancy Systems ... including safety analysis of complex information systems, ...