13 juillet 2020 | International, C4ISR, Sécurité
By SPLUNKon July 10, 2020 at 6:39 PM
The Defense Department's most recent National Defense Strategy (NDS) describes a complex military environment characterized by increased global disorder, a decline in the long-standing rules-based international order, myriad threats from rogue states like Iran and North Korea, great power peers like China and Russia, malicious hackers, and terrorists in places like Yemen. One of the military domains where this dynamic is most evident is cyberspace, where bad actors arguably have comparable or better cyber capabilities than us.
“This increasingly complex security environment is defined by rapid technological change, challenges from adversaries in every operating domain, and the impact on current readiness from the longest continuous stretch of armed conflict in our nation's history,” the NDS states. “In this environment, there can be no complacency—we must make difficult choices and prioritize what is most important...”
More cybersecurity threats mean more cyberattacks on DoD networks. Essye Miller, former principal deputy for the DoD CIO, said recently that attacks on department networks are surging and that the attack surface is expanding as adversaries target DoD employees working from home during the coronavirus pandemic.
This surge in cyberattacks means that analysts working in DoD information security operations centers (SOCs) are being bombarded with security alerts. With so many events, it's hard for them to differentiate true alerts from false ones, and to determine which events are priorities to address immediately. Through no fault of their own, they end up chasing their tail when their time could be better spent on mission-critical activities that directly support warfighters.
The solution for this domain is automation. While popular in commercial software segments for years—including SalesForce automation, marketing automation, human resources automation, and IT automation—DoD security teams are just beginning to realize the benefits of what's known as security orchestration, automation, and response.
The Value of Security Automation
“Automation is nothing new to the military. The Defense Department is making great inroads into DevSecOps, for example,” explained Drew Church, senior security advisor at Splunk, referring to an agile software development process where software is quickly developed, tested, and improved over weeks and months rather than years. “A key, fundamental concept of DevSecOps is automation. The point of automation in DevSecOps is to bring together different technologies, tools, people, and processes to develop code and get it out to the war fighter more rapidly.
“Automation provides that same capability inside IT operations procedures, security operations procedures, and other business processes,” said church. “It does this in a reliable and repeatable fashion every time, and at speed and scale.”
Splunk's SOAR solution is called Phantom. It helps security teams work to identify, analyze, and mitigate threats facing their organizations. It can be used to improve efficiency, shorten incident response times and reduce the growing backlog of security incidents, even when there's a shortfall of DoD security personnel to analyze the volume of daily security alerts.
Phantom does so by integrating teams, processes, and tools, and by automating tasks, orchestrating workflows, and supporting a range of SOC functions to include event and case management, collaboration, and reporting.
In essence, it frees SOC analysts of the usual Tier I-type activities of gathering data from the security information and event management (SIEM) platform, prioritizing these alerts, performing triage to determine if an alert is real or a false alarm, configuring and managing security monitoring tools, and generating trouble tickets.
Instead, Splunk Phantom lets them spend more time on the value-added work of Tier II SOC analysts. This includes actually investigating the trouble tickets, responding to incidents, and leveraging threat intelligence to better understand the threat and be proactive rather than reactive.
“Focusing on the bureaucracy of security rather than the actual doing of security limits the effectiveness of security analysts,” said Church. “Better to free them of the tasks that can be easily automated like reviewing IP addresses, domain names, and URLs so that they can be force multipliers in conducting the thoughtful work needed to protect DoD networks.
“That automation is done for them in Phantom. It let's analysts focus on investigating and taking remediation or mitigation steps as appropriate. Where humans excel is in actually thinking through a problem. Copying and pasting from websites, emails, and reports is not the most effective use of a highly paid, resource-limited talent pool.”
Integration With Existing SOC Tools
SOC analysts make their decisions by gathering information. They sometimes review classified military intelligence, but usually they look at a lot of open-source information and data from commercial off-the-shelf products from myriad providers of cybersecurity threat intelligence products.
Some of the common ones that are relevant to the Defense Department include: McAfee's ePolicy Orchestrator, which the DoD refers to as Host Based Security Systems (HBSS); and Tenable's Security Center, which is known inside the DoD as Assured Compliance Assessment Solution (ACAS).
Splunk Phantom has more than 300 out-of-the-box integrations with products like HBSS and ACAS.
“Being integrated with each of those products permits the analyst to get the information they need without having to go to another browser window, or another tab, or a different computer,” said Church. “Phantom automatically brings all that data to the analyst. That takes somebody who spends most of their time copying information from page A into system B and lets them make more rapid and accurate determinations about the threat.”
Through the use of APIs (application programming interface), that same integration is also found with government off-the-shelf (GOTs) solutions that haven't before been integrated with Splunk Phantom because there was never a request to do so. The same goes for a custom app created by a DevSecOps shop like the Air Force's Kessel Run project in Boston, for example.
Automating these vital but drudgerous processes also pays dividends during both staffing shortfalls and times of surge, and brings consistency to SOC activities. Military service members are constantly rotating and changing duty stations; senior leadership turns over regularly. Contractors have to be relied upon to provide continuity from tour to tour.
That means that SOC processes that were well oiled on a Monday may no longer be operating smoothly on Friday because of a change of command. Or maybe there is a compelling event that grabs everyone's attention. Or possibly there are legal or policy requirements that need to be addressed, and though they don't add mission value they still must be completed.
Automation by Splunk Phantom smooths out the bumps associated with those all-to-common scenarios by keeping the flow of vital data moving to where it can be acted upon best.
“The computer's running the marathon for you so that you are free to sprint and swarm on the problems that need the most resources at any particular time,” said Church.
The Takeaway
For security analysts, incident handlers/responders, IT operations managers, security operations managers, and forward-leaning business process experts, Splunk Phantom is all about removing barriers so people can get back to accomplishing the mission, maximizing productivity of skilled personnel and organizations.
“For anybody that has a business process, a mission process, an IT operations process, or a security process and wants to free those skilled workers to get back to what you brought them onboard to do, we can help you with that,” said Church. “We do that through orchestration, we do that through automation. We bring in collaboration, and we're able to do that at scale because of the value that a company like Splunk brings to the table. By being able to have a rich ecosystem of partners and support across the board, we're able to do that even with differences from organization to organization.”
Splunk Phantom addresses technology-based processes, and orchestrates and automates those processes to get people back to doing what they do best.
13 octobre 2021 | International, Aérospatial
The new undersecretary of defense for research and engineering, Heidi Shyu, laid out some of her top priorities for the Pentagon in its innovation race with China at the Association of the U.S. Army's annual meeting on Tuesday.
27 février 2020 | International, Autre défense
MINOT AIR FORCE BASE, N.D. — With a major arms control agreement between the U.S. and Russia set to expire next February, members of the nonproliferation community have been watching for signs that negotiations may begin in earnest. For those observers, some welcome news: Movement on the Trump administration's arms control plan is “imminent,” according to a senior defense official familiar with internal administration discussions. However, what that looks like appears to be up in the air: a short-term extension of the New START agreement with Russia; something that involves nuclear-armed China; a combination of those two; or all parties walking away entirely. “All the options are literally on the interagency table,” the official told Defense News on condition of anonymity. The New START agreement, signed in 2010, is an arms control pact between Russia and the U.S. that restricts each country to a total of 1,550 warheads deployed on bombers, submarines and in underground silos. Following the dissolution of the Intermediate-Range Nuclear Forces Treaty, New START is the only major nuclear arms control agreement left between the two nuclear powers. China has traditionally refused to sign onto arms control agreements. But Beijing has become a focus for those in Washington convinced that any new arms control agreement must include the Asian nation. China is estimated by the Federation of American Scientists to have 290 nuclear warheads, compared to more than 6,000 for Russia and the U.S. each, and the country is investing in nuclear modernization efforts. Though top Chinese officials made clear that Beijing will not participate in trilateral talks, U.S. President Donald Trump in December expressed optimism that a deal could happen, saying Chinese officials “were extremely excited about getting involved. ... So some very good things can happen with respect to that.” While traveling last week to tour the intercontinental ballistic missile fields at Minot Air Force Base, North Dakota, Defense Secretary Mark Esper declined to speculate on the state of negotiations and what he would recommend Trump do. But he did indicate there would be a meeting at his level “soon” on the issue. “If we proceed forward [with New START], we have to include Russia's new strategic weapons. They have to be included in the treaty. Number two, we should include Russia's nonstrategic nuclear weapons. They have nearly 2,000 of them,” Esper said. “Then I think we should put on the table: Can we bring China into the fold? We're trying to create strategic stability. It's hard to do that if you have a country of China's capacity and capability outside of that treaty.” Speaking at Minot later, Esper added: “If we want to preserve strategic stability using arms control as a counterpart of that, as a tool in that toolkit, then China should be in as well.” State of discussion While some have theorized that the Trump administration is trying to run out the clock on negotiations, the official ascribed the slow public movement to myriad “distractions” around Washington that has sucked attention from Trump, Esper and Secretary of State Mike Pompeo. The official added that the outbreak of the coronavirus known as COVID-19, which originated in China, has made discussions with Chinese counterparts difficult. There have been ongoing meetings on the issue at the assistant secretary level across the Defense Department, the National Security Council, the State Department and the National Nuclear Security Administration. “Ultimate decisions haven't been taken yet, but [a proposal] should be imminent,” the official said. The first challenge, timewise, is the Feb. 5, 2021, expiration date for New START. Getting something done before then may be a challenge, especially if the goal is an expanded arms control agreement that loops in China, but “physically, you could do it because it doesn't require senate ratification, just a couple of notes signed by just getting everyone — the three sides — to agree to something,” the official said. The question of New START's fate is complicated by the desire to loop in China on a new agreement. Administration officials have been working to develop a compelling case for how to convince Beijing to join a trilateral nuclear deal. The argument largely comes in two forms. First, that if China does not sign onto a nuclear arrangement of some sort, it could lead Russia or the U.S. to consider growing their own arsenals — ensuring China's nuclear inferiority at a time when the Pacific power is racing to grow its stockpile. The second argument is that great powers work on nuclear agreements together — and so joining one as equals with Washington and Moscow should appeal to Beijing's desire for recognition on the global stage. Meia Nouwens, an expert on Chinese military affairs with the International Institute for Strategic Studies, says those two arguments are the most sensible ones to put forth to Beijing, particularly the appeal to China as a great power. She also speculated that if China's economy takes a downturn, it may find cooperating with the rules-based international system to be a “greater priority” than a China-first agenda. But, Nouwens predicts, “it will require the U.S. and Russia to make the first steps though before China decides to agree to reducing what it views as an already significantly smaller Chinese nuclear arsenal. The trust isn't there.” Rose Gottemoeller, who served as undersecretary of state for arms control and international security at the U.S. State Department during the Obama administration, before becoming deputy secretary general of NATO from 2016-2019, believes a careful calibration of what, exactly, is being negotiated will be key to any negotiation involving the Chinese. “I think you can make a case for the Chinese to come to the table early on intermediate-range constraints of ground-launched missiles because they are staring at the possibility of a deployment of very capable U.S. missiles of this kind,” she said at a January event hosted by the Defense Writers Group. “But I am concerned, they have so few warheads that if you put an emphasis on controlling their warheads, the incentive is for them to run the other direction rather than come to the table,” she added. Gottemoeller also indicated that the question of extending New START is a separate one from trying to bring China into the arms control fold. “The way the expansion program of New START is written, it's written so that it remains in place four to five years, so from '21 to '26, or until superseded by a new treaty. So it's not as if the administration is stuck with New START for another five years,” she said. “Go for it. Work on the new treaty. Get it done. And then New START would be superseded by the new treaty entering into force,” if ratified. “Let's just get on with what we need to do in negotiating new treaties. I am concerned that there will be a lot of gamesmanship going on, and as I said, the Russians are excellent in that kind of game as well,” she added. “Let us not play around with leverage in this case, but simply extend the thing for five years and then get done what we need to get done, which is to negotiate these new treaties." https://www.defensenews.com/pentagon/2020/02/26/arms-control-decisions-by-trump-administration-could-be-imminent-will-china-be-involved/
29 novembre 2021 | International, Aérospatial
Les autorités n'ont pas de plan de rechange si le peuple suisse devait rejeter le choix de l'avion de combat américain F-35 par le Conseil fédéral, a reconnu vendredi 26 novembre un responsable du ministère