Michael Daly, the CTO of Raytheon Cyber talks about securing the Internet of Things. Daly spoke at The Security of Things Forum on Sept. 10, 2015.

1. Copyright © 2015 Raytheon Company. All rights reserved.
Customer Success Is Our Mission is a registered trademark of Raytheon Company.
Michael K. Daly
Chief Technology Officer
Cybersecurity and Special Missions
Daly has more than 29 years in security and
information systems, in both the federal
government and private sector. As CTO of
Raytheon’s CSM division, he provides cyber
solutions to domestic and international government
and commercial customers, delivers quick-reaction
mission solutions, and provides support to high
consequence special missions. He is a principle
engineering fellow, and provides leadership in
Raytheon's cyber technologies for our global
customers. Additionally, Daly supports the National
Security Telecommunications Advisory Committee
to the President of the United States.
SECURE YOUR SPACE: THE INTERNET OF THINGS

2. SECURE YOUR SPACE: THE INTERNET OF THINGS
People Connecting with People.

3. SECURE YOUR SPACE: THE INTERNET OF THINGS
Machines, Machines and Sometimes People.

4. SECURE YOUR SPACE: THE INTERNET OF THINGS
That’s a lot of stuff talking to other stuff.
In 2014 there were:

5. SECURE YOUR SPACE: THE INTERNET OF THINGS
And there is so much more coming.
6.8B today 12.5B today

6. SECURE YOUR SPACE: THE INTERNET OF THINGS
IoT has its roots in Net-Centric Warfare.

7. SECURE YOUR SPACE: THE INTERNET OF THINGS
IoT has its roots in Net-Centric Warfare.

8. SECURE YOUR SPACE: THE INTERNET OF THINGS
Sensors. Effectors. Data. Lots of Data.

9. SECURE YOUR SPACE: THE INTERNET OF THINGS
… vulnerable to everything and everyone else.

10. SECURE YOUR SPACE: THE INTERNET OF THINGS
Trusted, Innovative Solutions to Make the World a Safer Place

11. SECURE YOUR SPACE: THE INTERNET OF THINGS
Understand the impacts of IoT devices before we implement.
Data proliferation impact
What controls are in place to protect the data and the systems that transmit,
process and store the data (e.g., encryption, authentication, monitoring)?
Physical impact and harm introduced by
effectors and actuators
What controls are in place to limit the physical impact in the event of
a compromise?
Risk of diminished interoperability amongst
government systems
What would happen to adjacent and reliant systems if this IoT set
should fail to provide trustworthy information or to operate properly?
Opportunities for adversaries to implement new
covert communications methods
What mechanisms do we have to identify and control unwanted
communications?
Opportunities for an adversary to conduct large scale PsyOps,
creating events or complicating emergency response
What measures can be implemented to identify and constrain unwanted social engineering?
Attack surface impact
What controls are in place to limit the exposure of the attack
surface and to contain a threat in the event of a compromise?

12. SECURE YOUR SPACE: THE INTERNET OF THINGS
Raytheon | Websense Addressing the Commercial Market
29MAY2015
Raytheon announced the
completion of a joint venture
transaction with leading
private equity firm, Vista
Equity Partners, to create a
first-of-its-kind commercial
company specifically designed
to meet the needs of the
evolving cybersecurity
environment. The joint venture
combines Websense, a
leading provider of Data Theft
Prevention solutions, with
Raytheon Cyber Products, the
products-focused portion of
Raytheon’s overall cyber
business.

13. SECURE YOUR SPACE: THE INTERNET OF THINGS
Maintaining Trust in Time & Space

14. SECURE YOUR SPACE: THE INTERNET OF THINGS
Platform Hardening & Resilience
Electronic Armor and UAVs
At this year’s Association of
the United States Army annual
meeting and exposition in
Washington, D.C., Raytheon’s
cyber team demonstrated how
an adversary could hack and
crash a drone not protected
by Raytheon’s Electronic
Armor, and how a protected
drone could persist through
the commands.
“We’re trying to illustrate the
destructive nature of what can
happen in an operational
environment,” said Brian
Stites, portfolio manager for
the Cyber and Special
Missions. “We believe the
next few decades will be
dominated by advancements
in cyber and hardware like
drones and robotics.”
http://web.onertn.ray.com/news/2014/10/201
41024_DQC8YQ46MG.html

15. SECURE YOUR SPACE: THE INTERNET OF THINGS
Wearable Situational Awareness
Wearables
Raytheon’s Distributed
Common Ground System –
Army Lite software integrated
with its Wearable Situational
Awareness capabilities
(DCGS-A Lite) is an “all
source” intelligence analysis
software suite that provides
the ability to discover and
visualize enterprise data from
the Department of Defense
and Intelligence Community,
and disseminate hostile force
locations down to the
network’s edge.
DCGS-A Lite addresses
intelligence gaps with the
ability to operate in
connected, disconnected and
limited bandwidth modes.
http://web.onertn.ray.com/news/2014/10/201
41024_DQC8YQ46MG.html

16. SECURE YOUR SPACE: THE INTERNET OF THINGS
Bringing Situational Awareness to the Battlefield

17. SECURE YOUR SPACE: THE INTERNET OF THINGS
 Rapid 3-D Prototyping and Manufacturing of Slow-Wave
Structures for mmW and THz High-Power Electronic Devices
 3-D Printing of Radomes
 3-D Printed Radomes for UAV-Based Wideband Comms
 3-D Printed Rocket Motor for Small Munitions
Advances in Additive Manufacturing

18. SECURE YOUR SPACE: THE INTERNET OF THINGS
Self-Healing: Fully Automated Computer Security
“… a new generation of fully automated cyber defense
systems … automated Cyber Reasoning Systems will
compete against each other in real time.”

19. SECURE YOUR SPACE: THE INTERNET OF THINGS
Quantum Computing
Quantum Information Research Company, Raytheon BBN, Honored for Sustained Innovation
2FEB2013
Raytheon BBN Technologies
has been awarded the
National Medal of
Technology and Innovation
for "sustained innovation
through the engineering of
first-of-a kind, practical
systems in acoustics, signal
processing, and information
technology." President Barack
Obama presented the medal
in a White House ceremony
Friday.
“Superconducting artificial
atoms offer fast and reliable
processing, and light offers
fast and reliable transmission
over long distances.
Combining light and
superconducting artificial
atoms offers the best of
both and is a promising
development for building a
large-scale quantum
computer.” –Will Kelly,
Raytheon BBN, 2010
http://arxiv.org/pdf/0912.3291v3.pdf

21. SECURE YOUR SPACE: THE INTERNET OF THINGS
Questions?

22. SECURE YOUR SPACE: THE INTERNET OF THINGS
Know Your Data.
With the large amount of data
generated by the IoT, a key question
is “How can I ensure the data
used by this system remains
reliable?” The answer can actually
be found within existing government
strategies for information assurance
for FOUO and classified systems
interoperability.
Data can be encrypted with simple
tools like S/MIME or more complex
systems like Information Rights
Management solutions. Data
separation and risk containment can
be provided through virtual machine
technology, database containers,
and cross-domain solutions brought
over from the military domain.
Systems must be hardened, not just
patched; unnecessary services and
applications must be removed and
remaining software configured
appropriately. (So many systems
built for the IoT either on the device
side or the cloud side are based on
multi-purpose operating systems
and are left with many features
running that unnecessarily expose
risk.) And, critically, the use of the
data should be monitored with a
privileged user monitoring and
insider threat tool.

23. SECURE YOUR SPACE: THE INTERNET OF THINGS
Know The Device.
General Keith Alexander, the
National Security Agency’s director,
said “The cyber domain is a
dynamic domain that changes every
time you power on a device.” With
each new device that enters this
domain, new vulnerabilities and
threats are introduced. In military
parlance, we say that we have an
increased attack surface.
A good security organization must
do solid research on new devices to
understand what is embedded in the
devices entering their business
ecosystem:
 what data is generated and what
data is being transmitted;
 where does the device transmit
its data;
 what connections will it accept
from other devices in your
environment;
 does the device have on-board
storage that an adversary could
use to store software and data;
 does the device try to do
automatic updates; and most
importantly,
 if an adversary had access to
the sensors and data generated
by this device (including the
personal devices your users are
bringing into the building), what
advantage would it give them?

24. SECURE YOUR SPACE: THE INTERNET OF THINGS
Know The Insider.
The IoT brings its benefits through
the analysis of changes, based on
the collection of vast amounts of
data that are often personal and
sensitive. This information,
particularly in the aggregate, is
extremely valuable not only to the
society but to our potential
adversaries. Protecting sensitive
data from external threats has been
the focus of cybersecurity
investments since the first
computers were used. But that’s
only half the story.
It’s critical for companies to have
insider-focused security and
continuous monitoring that can
detect anomalies, inappropriate
privileged user activity, and
determine when information has
been accessed inappropriately.
These strategies must include
behavioral analytics, not just simple
rules and policies. Episodes such
as the Target, Wikileaks and the
Snowden breaches have shown that
the most significant risk of damage
to customer trust and to our
missions is posed by internal system
access. This can come from the
disgruntled employee, or the
unaware supplier, or an advanced
nation-state adversary using a
sophisticated chain to operate from
the inside.

25. SECURE YOUR SPACE: THE INTERNET OF THINGS
Privacy
Decentralizing Privacy:
Using Blockchain to Protect
Personal Data (Enigma)
Users can own and control
their data without
compromising security or
limiting personalized services
by combining a blockchain,
re-purposed as an access-
control moderator, with an off-
blockchain storage solution.
Users are not required to trust
any third-party and are always
aware of the data that is being
collected about them and how
it is used.
Moreover, laws and
regulations could be
programmed into the
blockchain itself, so that they
are enforced automatically. In
other situations, the ledger
can act as legal evidence for
accessing (or storing) data,
since it is (computationally)
tamper-proof.
http://web.media.mit.edu/~guyzys/data/ZNP1
5.pdf
Not Raytheon, but interesting …

26. SECURE YOUR SPACE: THE INTERNET OF THINGS
Intel and Micron have new class of non-volatile memory that is 1000 times
faster and 10 times denser than NAND Flash memory
Next Big Future, 28JUL2015
3D XPoint™ technology is a non-volatile memory that has the potential to
revolutionize any device, application or service that benefits from fast access to
large sets of data. Now in production, 3D XPoint technology is a major breakthrough
in memory process technology and the first new memory category since the
introduction of NAND flash in 1989.
As the digital world quickly grows – from 4.4 zettabytes
of digital data created in 2013 to an expected 44
zettabytes by 2020 – 3D XPoint technology can turn
this immense amount of data into valuable information
in nanoseconds. For example, retailers may use 3D
XPoint technology to more quickly identify fraud
detection patterns in financial transactions; healthcare
researchers could process and analyze larger data
sets in real time, accelerating complex tasks such as
genetic analysis and disease tracking.
Cybersecurity of Big Data Requires Faster Storage
http://nextbigfuture.com/2015/07/intel-and-micron-have-new-class-of-non.html
Not Raytheon, but interesting …