M&S Support for Cyber Defence Bert Boltjes 2 BERT.BOLTJES@TNO.NL M&S Support for Cyber Defence Agenda Modelling, Simulation & Gaming Supporting Cyber Operations Tools & Projects Examples NATO Modelling & Simulation Group 117 Questions 3 BERT.BOLTJES@TNO.NL M&S Support for Cyber Defence Agenda Modelling, Simulation & Gaming Supporting Cyber Operations Tools & Projects Examples NATO Modelling & Simulation Group 117 Questions 4 BERT.BOLTJES@TNO.NL M&S Support for Cyber Defence Our background Modelling, Simulation and Gaming: Supporting of Ministry of Defence Advanced Concept Development and Experimentation (ACE) Cyber Security R&D – in support of: Ministry of Defence Ministry of Security and Justice NATO 5 BERT.BOLTJES@TNO.NL M&S Support for Cyber Defence Integration in training models No detailed cyber modelling Integrating possible effects of cyber ops in CD&E: Reduced availability Loss of integrity Loss of information Work in progress: Vulnerability Situational Awareness Tools Critical Infrastructure Protection Gaming: Information from real and simulated systems Lessons learned Playing “What-if” Scenarios 6 BERT.BOLTJES@TNO.NL M&S Support for Cyber Defence Agenda Modelling, Simulation & Gaming Supporting Cyber Operations Tools & Projects Examples NATO Modelling & Simulation Group 117 Questions 7 BERT.BOLTJES@TNO.NL M&S Support for Cyber Defence TNO’s Cyber Security Expertise Historically defence-related R&D on information security Knowledge applied to ‘high profile’ and complex organisations Information assurance studies in support of MoD Critical Infrastructure Protection Vulnerability studies hacker’s view Cyber crime Cyber espionage Cyber terrorism / warfare Cyber activism 8 BERT.BOLTJES@TNO.NL M&S Support for Cyber Defence Project Example: Awareness trainer for Cyber – MoD MoD: develop a demonstrator that will help raising the awareness level of the higher-ranked military personnel on Cyber Result: WIKI running on the MoDs network with hundreds of annotated relevant Cyber documents e-learning package on the MoDs network scenario packed with multimedia injects to train decision makers in a table-top simulation game 9 BERT.BOLTJES@TNO.NL M&S Support for Cyber Defence Track Record Critical Infrastructure Projects: Deliverables Useful for M&S of Cyber Induced Chain Effects DESEREC (EU) DIESIS (EU) ACRIMAS (EU) UrbanFlood (EU), Flood Control 2015 (NL) Showcase Veilig Nederland / Secure Haven 10 BERT.BOLTJES@TNO.NL M&S Support for Cyber Defence Agenda Modelling, Simulation & Gaming Supporting Cyber Operations Tools & Projects Examples NATO Modelling & Simulation Group 117 Questions 11 BERT.BOLTJES@TNO.NL M&S Support for Cyber Defence NATO Modelling & Simulation Group 117 (NMSG-117) NATO Policy background, Summit in Lisbon (November 2010): NATO Heads of State and Government decided to enhance NATO’s cyber defence capabilities. “Ensure NATO’s permanent and unfettered access to cyberspace and integrity of its critical systems” 12 BERT.BOLTJES@TNO.NL M&S Support for Cyber Defence NATO Modelling & Simulation Group 117 (NMSG-117) Objectives Investigate and recommend what aspects of Cyber Defence can be supported with M&S. Give support to the NATO Computer Incident Response Capability Next Generation (NCIRC NG) Activity will focus on: Education, training, exercise, evaluation. Conops Development and their validation. Cyber threat assessment, enhancing cyber capabilities, and technical solutions. 13 BERT.BOLTJES@TNO.NL M&S Support for Cyber Defence NATO Modelling & Simulation Group 117 (NMSG-117) Nations which have agreed to participate: ACT (NATO), CAN, DEU, GBR, NIAG (Thales FR), NLD USA Co-Chairs: Mrs Stella Croom-Johnson (GBR), Mrs Marieke Klaver (NLD / TNO). Secretary: Mr Frank Jonat (DEU). 14 BERT.BOLTJES@TNO.NL M&S Support for Cyber Defence NATO Modelling & Simulation Group 117 (NMSG-117) Topics prioritized in the first meeting (September 2012): 1. Decision support system (model) including Course Of Action analysis 2. Cyber CAX and training programs, after action review and metrics for training effectiveness 3. Cyber awareness education for personnel 4. M&S environments, synthetic environments, standards, processes 15 BERT.BOLTJES@TNO.NL M&S Support for Cyber Defence NATO Modelling & Simulation Group 117 (NMSG-117) Upcoming events: Second Task Group meeting (February 2013) Development of Interpanel workshop programme Interpanel workshop (San Diego, SISO,10 or 11-12 April 2013) The interpanel workshop will be open for participation. Will focus on the topics as prioritized by the TG. The results of workshop will be in a interim technical report. Contact: scjohnson1@dstl.gov.uk 16 BERT.BOLTJES@TNO.NL M&S Support for Cyber Defence Questions? Bert.Boltjes@tno.nl Marieke.Klaver@tno.nl hacker’s view Cyber crime Cyber espionage Cyber terrorism / warfare Cyber activism 17 BERT.BOLTJES@TNO.NL M&S Support for Cyber Defence Reserve slides 18 BERT.BOLTJES@TNO.NL M&S Support for Cyber Defence TNO Test-Bed Tools ACE: Advanced Concept development & evaluation (CD&E) Environment. Multi-Touch Tables for Situational Awareness Building & Populating Virtual Worlds from SATCOM Imagery and with TNO’s SketchaWorld Simulation of Communication Networks Flooding & Evacuation modelling TNO Publish/Subscribe Enterprise Bus Integration of Simulators And Many More! 19 BERT.BOLTJES@TNO.NL M&S Support for Cyber Defence Cyber and modelling and simulation Training and exercises some examples mostly table top exercises education and training environment for MoD (work in progress) Concept development and assessment exploring the possibilities for cyber defence Models in support of analysis linked to Critical Infrastructure Protection EU wide projects 20 BERT.BOLTJES@TNO.NL M&S Support for Cyber Defence M&S for cyber: models for analysis Exploring the role of models in evaluating different modes of operation exploring what-if scenario’s Build on experience with modelling Critical infrastructures build on past and current EU projects Exploring the role of specialised model environments, e.g. COTS environments targeted for cyber simulation COTS environments for network simulation Working towards a cyber test range 21 BERT.BOLTJES@TNO.NL M&S Support for Cyber Defence NATO Modelling & Simulation Group 117 (NMSG-117) National Cyber Defence Dutch Policy Background Dutch Cyber Security strategy (February 2011) an integral approach by public and private parties. intensify investigation and prosecution of cyber crime. stimulate research and education. Defence Cyber strategy - Ministry of Defence (June 2012) strengthening the cyber defence of the Defence organisation developing the military capability to conduct cyber operations intensifying cooperation, both nationally and internationally 22 BERT.BOLTJES@TNO.NL M&S Support for Cyber Defence NATO Modelling & Simulation Group 117 (NMSG-117) Modelling and Simulation experience in research, analysis and training should be leveraged to assist in Cyber Defence capability. NMSG-117 will inform and be exploited by national Cyber Defence initiatives. Give support to the NATO Computer Incident Response Capability Next Generation (NCIRC NG) NCIRC NG operational in 2020. BERT.BOLTJES@TNO.NL M&S 23 Support for Cyber Defence M&S for cyber: CD&E Experience the Challenges Develop Concept for Solution Refine Concept for Solution Complex Situation Implement Solution Experience brings change of mind-set Change of mind-set brings a better solution faster 24 BERT.BOLTJES@TNO.NL M&S Support for Cyber Defence M&S for cyber: training and exercises Scenario exercises both civil and military scenarios mostly table top exercises Some examples national table top exercises on decision making process on large scale ICT incidents cyber exercises at the EU level awareness trainer – MoD