I Sammy m lam To CSEC Cyber Threat Capabilities SIGINT and ITS an end to end approach Safeguarding Canada's security through in formation superiority Pr soworia s our do Cans o'a par Ia supon'on't do i informa on I i mam SE my Centre de 3 ME- SECRETIIC-DHIHTHR EL To Fva Esaabisrvnerrt Canada des teleoolnmunta ons anada 1i m Cyber Security - What do we mean by Cyber Detection Discovery and Tracking of State Sponsored Hacking Counter Intelligence Reporting Mitigation Advice and Defence against Cyber Threats SIGINT Detects Cyber Activity Access Canadian and Allied collection to discover and track covert networks counter-intelligence IT Security Defends against Cyber Activity Sensors Government of Canada networks to identify malicious activity and enhance defences Sa feg'oa ro'I'ng Canada '5 security through superiority can Pres erver I'a seco rite o'u Canada oar fa Sup erio rife de i'in formation a a Comicam 5mm mm 39 la TGI F'll'E l I Establishment Canada desmleoonunmica ens Ganada an m The Grand Challenge Detection - EONBLUE is the cyber threat detection sensor developed and deployed in SIGINT and ITS Cyberthreat tracking signature-based detection Cyber threat discoveryr anomaly-based detectionyear effort that incorporates the best of breed detection algorithmsitech nology in collaboration with our 5-eyes partners Based on classi ed knowledge Scales to major ISP network speeds 106 Enables rapid prototyping to adapt to ever changing threats Safeguarding Canada 5 security rare-ugh inf-s rmatu'or sup-arid nin It Prue-server sass rite o'u Canada bar Superie-nre o'e forma Hon 3 a I 3 i 5 tl CE de la TDF SECRETHGEIMIHTIIREL TO Establish'nenl Canada oatation-ITIan Canada The Cyber Landscape Adversaries and Targets Operate globally Varying degrees of sophistication Constantly changing tools and techniques - Detection Discovery - Tools must operate at all network speeds Deep Packet Inspection at scale Targeting tradecraft protocols vs individuals We must live in cyber space Safeguarding Canada '5 security through information superiority I Preaamer Ia securite du Canada par la sup riorr'te o'e 1' Info rmaa'on 3 21 wmica ms I Estat hmam Canada I Has t l canrrmiaatic s Canada Why is Cyber Critical Hodong Missile Range 130mm Type Ballistic 3 i I 53 I Baum mm 53mm Cent the a SEC HETIICDHIHTHH EL TD EstabEshrantCar-ade dues I l oemmicabons anada - Working in Cyber Space Tools must adapt constantly I quickly Signature based targeting Metadata analytics Custom tradecraft for discoveryF Would I do a betterjob from my PC at home Enhance Enable collaboration Adopt Internet technologies on our Classi ed networks - SKYPE Web 2J1 i Video Chat 1 Google Apps i etc Centralize our cyber analytics CyberDMZ Safeguarding Canada 5 security through information superiority dI-Irl Pres-earlier la seen-rite do Cane be par la sup-armors de I'm-forms tic-n a 3 I M ms 5 my GEde Emma TGIF TU Estatishnu Canada des Canada SEEDSPHERE - Discovery - EONBLUE anomaly detection utilities isolate network anomalies Discover network beacons in Warranted full-ta ke collection Knowledge developed is shared with ONE During CNE activities implant is found to be cohabitating Implant is copied to CSEC HQ for reverse engineering - IT Security detects SEEDSPHERE attacks against Government of Canada weekly Safeguarding Canada's secur -ty through r rn ormaaon sugaricrity Cal dlil ta securite du Canada par la superiorite de in formation 3 a EmEstatishn'ient arada Repositories - At Collection Site Global Access is pushing tradecraft to the front-end of access 50 terabytes of high speed storage Processing cver125 33fhcur of metadata 3 mam I 'l ll I II tea-1Edi EJZH W12 32755 I #1 Black Line Total date inte Ihe Cluster Data hate the cluster is balanced across Blue line Data 0141me SAN mullipie nudes Each micrdenetes separate nude the c3 1- 5 31 i m Data deduplicatien at sight results in muelt 10 am g 3 Sisal- 5 Era-e m- Tau hetteruseef limited bandwidth Safeguarding Canada's security through in formation superiority Can d Fraser-var la s eun te du Canada par Ia supermn't de a a Canada dest laocm-nunica ons Gannon a Cyber Repositories - In 2009 an average of 112 794 IP traf c items related to cyber threat collected each day from Canadian and Allied sources Traditional SIGINT sources prove invaluable in cyber threat analysis Travel Tracking Databases used to attribute CNE activity along with SMS collection - IT Security domestic sensors store BOUTB of full-take Equivalent to months' of traf c Enables historical analysis and anomaly detection In 2099 IT Security domestic sensors enable 95 mitigation actions Safeyuard ng Canada's security rhrough information prose- var I'a seco rite o u Canada par la su'o-ara'orire o'e information a a is I Enlamhm I - William TDF Cyber Analysis Cyber Report Network Anatysis mare Reverse Engineering Traffic Anatyreis Tasking ane Collection Safeguarding Canada '5 security rmugh inferme on superiority Preserver Ia securfte du Canada parra superfume de I r'nfonnatfen 33113113 Gum I 153E my maelamm TDF Eastishnm anada dest i cormu ications anada Mitigation - Direct protection of 30 systems and information Prevention and response activity Leverage SIGINT and 5 Eyes intelligence complemented by our own GC domestic sensorcapabM es Report - Actionable technical mitigation reports provided to cl ient s IPC - Cyber threat situational awareness reports provided to departments CSEC review of incidents against systems of importance CSEC deployed to capture technical evidence to developisupport mitigation activity CS EC information is merged with all-source cyber threat activities to create complete picture of cyber threats Safeguarding Canada's security through information superiority Can d l Presarver ia secs-rite do Canada par la superi orite de l information a 3- OUTCOMES I ACCESS 35C My It Tumnan from RESPONSE at ACTDOH Safeguarding Canada's security through in Formatfnn superimin I Pr seruer fa securit du Canada par Ia sup rfarite' ale J a nfonnan'an a Ealahiamm Canada $35 I I Canada anmnt n1 Gamma GLOBAL IHFHAETFIUBTUFIE cum I Furdgn Canada s security through fafonna an sum I I- I Prasarwr I'a satum e du Canada par fa sup rfan t de I'Tnfannai'fon Sammy at la TDP I Establist'ment Canada oesmlecmwnunica ons Canada Situational Awareness SA is The perception of environmental elements within a volume of space and time - The comprehension of their meaning Projection of their status in the near future - Insight the capacity to understand hidden truths In the Cyber Context Gathering and enabling access to cyber information Event lvletadata i Event Content r Near Real-Time Exchange Data mining of cyber information to create understanding in broader context Predict our adversaries actions based on this knowledge Safegcaro'i'ng Canada through Information Sumerians Pres-any seca me do Canada bar sac eriorne o'e infornrarion a a mam TGIF Cyb er Se-ssion Collection Canad' WM TD Emil- arm dun Canasta Enabled by Sydney Resolution 0 ff L4 SIGHT Ewart 5mm Safeguarding Canada 5 security through sup armrin Frauen-far fa S cun'r du Canada par la sup riurir de- i r'nfarmarr'an a 5 3mm gamma 3 mm TGIF THREL TD I Estahishmam Canada das Carlene Tipping and Cueing Why SIGINT data volumeslnetwork speeds impose severe temporal restrictions on collection use it or lose it ability to extend cyber target tracking across all 5-Eyes accesses andlor analytic event stores instead of just domestic global aperture ability to uncover covert overlay networks cyber session collection Uncover tradecrafb binarieslexploit CND - network edge vs network core microscope vs telescope enable mitigation of cyber exploitation andlor attack dynamic defence facilitate indications and warning - can SIGINT provide me with the true threat picture in Could we detect test ring of new toolsl'techniques collaborative defence can my partners see malicious activity in SIGINT against networks I need to protect Can they tell me in Safeguarding Canada '5 through informant-n superiority Prue-server fa rite o'u Can ada per a superic rite o'e information a a Ecmmun a ms gammy Camdela cume TD Fva - Estatz ishroe ISanaos des te' ISanada ITS Tipping Sample of CHO tips provided to ITS from SIGINT 530 on May 05 201i ossom SEEDSPHERE - ossom SEEDSPHERE - ossom SEEDSPHERE - ossnm SEEDSPHERE - ossom SEEDSPHERE - oseooi SEEDSPHERE - osenm SUPERDRAKE - SEEDSPHERE ossom SUPERDRAHE ossom SEEDSPHERE - The Network Name is oanadian house of commons The Network Name is environment oanada The Network Name is federal office of regional development queheo The Network Home is forestry oanada The Network Name is public works and government services oanada 5 9mm 3 3mm Emma TGIF TD Eata shmem Canada ties Canada fauna Taft Dynamic Defense All elements acting as one Defence at Network Edge - Localizedttailored mitigation blocking binaryr neutering redirection - Focused reSponse to ongoing and potential threats Network Core SIGINT Global mitigation possible redirection null routing ltering Large scale but still focused response to ongoing and potential threats Space CHE Reconnaissance probetexploretlearn adversarial network space - Co-habitate covert network infrastructure for info gathering tool extraction etc Safeguarding Canada 5 security to rough in formation superiority 1 Pres error securite do Garza ofa par J'a sopen'on'te Lie i'i'nformati'on a a 1 mm t 5 CE mderam TGIF SEC-RETHCCIIHIHTHREL TD Eli's lit am mm Cyber Activity Spectrum CHEJCMA ma among pin Emu - Ilul Canada I 5 5mm Emma TIDP TO Next Steps SIGINT and Mission I Alignment with C'bef Strategy I Funding I Joint Approach for Domestic Partners n I I Recruitment and Staf ng for Growth Flam - Joint Capabilities Development Sensors and Analytics Pf-ling and Cueing I interoperability I Poqu Coordination and Policy Safeguarding Canada '5 security through information Superiority Preserverl'a securit du Canada par la superiorite o e l'informa on - Ii 5 5mm Camdelamum TOP SECRETHCUMIHTHREL TD - Estat shm Canada EIES Canada 1 i If xou gb'uiild will come Zr urn r'r-a var-3'Evf 5 bend- me Jz- ud-r- dd gr 3 a a
OCR of the Document
View the Document >>