DHSNational Cyber Security Division: Cyber Security for Our Nation - PowerPoint PPT Presentation

1 / 51
About This Presentation
Title:

DHSNational Cyber Security Division: Cyber Security for Our Nation

Description:

Promote international cooperation on cyber security through bilateral and ... Promote cooperation with industry and critical infrastructure sectors globally ... – PowerPoint PPT presentation

Number of Views:359
Avg rating:3.0/5.0
Slides: 52
Provided by: itaa
Category:

less

Transcript and Presenter's Notes

Title: DHSNational Cyber Security Division: Cyber Security for Our Nation


1
DHS/National Cyber Security DivisionCyber
Security for Our Nation
  • Andy Purdy
  • Acting Director, National Cyber Security Division
  • NCSD Overview
  • April 25, 2005

2
Three Key Objectives Guide the Work of the
Department of Homeland Security
Authorization Homeland Security Act of 2002 at
Title 6, U.S. Code
3
Directorates of the Department of Homeland
Security
Emergency Preparedness and Response
Science and Technology
Border and Transportation Security
Management
Information Analysis and Infrastructure Protectio
n
4
Information Analysis and Infrastructure
Protection National Cyber Security Division
Information Analysis and Infrastructure
Protection (IAIP) Directorate
Information Analysis
Infrastructure Protection
Infrastructure Coordination Division
Protective Security Division
National Communications System
National Cyber Security Division
5
Two Key Strategies Provide a Road Map for the
Protection of Cyber Space
The National Strategy to Secure Cyberspace
Homeland Security Presidential Directive-7
(HSPD-7)
6
NCSD Mission
  • To secure cyberspace and Americas cyber assets
    in partnership with public, private, and
    international entities.

7
NCSD goals are strategically aligned with the
National Strategy to Secure Cyberspace HSPD-7
8
National Cyber Security Division/US-CERT
DHS Cyber Security Partner Program Howard
Schmidt Office of Director Strategic
Planning Policy International Management
(Budget, HR) COOP PCII
Acting Director Andy Purdy
US-CERT Operations Jerry Dixon
Outreach/Awareness Liesyl Franz
LE/Intelligence Patrick Morrissey
Situational Awareness Analytical
Cell Production Federal Coordination
CIP Cyber Security Control Systems
Security Software Assurance Training
Education Exercise Planning Coordination Standar
ds Best Practices RD Coordination
Communications Messaging Outreach to
Stakeholders Cyber Security Awareness
Building Partnerships
Intel Requirements LE Coordination NCRCG
9
NCSD Organizational Branches
Detect
Attribute
Respond
Reconstitute
10
NCSD uses a lifecycle approach to implement its
goals across all stakeholder groups
Cross-agency Federal, State, and Local
Detect
Reconstitute
Recognize
Cross-sector Public and Private
Mitigate
Attribute
Cross-geography American public, international
Respond
11
NCSD GOALS
1. Establish a National Cyber Security Response
System to prevent, predict, detect, respond to,
and reconstitute rapidly after cyber incidents.
2. Work with public and private sectors to reduce
vulnerabilities and minimize the severity of
cyber attacks.
3. Promote a comprehensive national awareness
program to empower all Americans - businesses,
the general workforce, and the general population
- to secure their own parts of cyberspace.
4. Foster adequate training and education
programs to support the Nations cyber security
needs.
5. Coordinate with the intelligence and law
enforcement communities to identify and reduce
threats to cyberspace.
6. Build a world-class organization that
aggressively advances its cyber security mission
and goals in partnership with its public and
private stakeholders.
12
? Build and improve situational awareness
capability.
US-CERT Operations Center 24x7x365 watch and
warning capability and incident response
US-CERT Einstein Program US-CERT Portal
National Cyber Response Coordination Group
(NCRCG) National Cyber Alert System
13
Build initial capability to detect, analyze,
and respond to cyber events (completed).
Create robust capability to detect, analyze, and
respond to cyber events (Q2FY06).
14
US-CERT OPERATIONS CENTER
  • United States Computer Emergency Readiness Team
    (US-CERT) established to protect the nations
    Internet infrastructure
  • 24x7x365 watch and warning capability providing
    operational support for monitoring the status of
    systems and networks and responding to cyber
    incidents.
  • Partnership between the Department of Homeland
    Security and the public and private sectors.
  • US-CERT coordinates defense against and responses
    to cyber attacks, and is responsible for
    analyzing and reducing cyber threats and
    vulnerabilities, disseminating cyber threat
    warning information, and coordinating incident
    response activities

US-CERT OPERATIONS
15
US-CERT PORTAL
  • A secure, web-based collaborative system that
    allows US-CERT to share sensitive cyber-related
    information with government and industry members.
  • Provides for alert notification, secure e-mail
    messaging, live chat, on-going forum discussions,
    document libraries, and a contact locator
    feature.
  • Provides instant access to the US-CERT Operations
    team, the US-CERT Cyber Daily Briefing containing
    a snapshot of the state of cyberspace, and
    updated cyber-event and other newsworthy
    information.
  • Will merge with the DHS Homeland Security
    Information Network (HSIN) and become the cyber
    component for the overall system.

US-CERT OPERATIONS
16
NATIONAL CYBER RESPONSE COORDINATION GROUP
  • NCRCG facilitates coordination of
    intra-governmental and public-private
    preparedness and operations to respond to, and
    recover from, incidents and attacks that have
    significant cyber consequences
  • NCRCG brings together senior officials from
    national security, law enforcement, defense,
    intelligence, and other government agencies that
    maintain significant cyber security
    responsibilities and capabilities
  • Status
  • Monthly meetings initiated in January 2004
  • Developed working Charter and CONOPS
  • Developed emergency notification system has been
    tested, two exercises
  • Developed two working groups (Botnets and
    Attribution), developing another (Preparedness),
    and contemplating two others (Active Defense,
    Classified Intrusion Sets)

LAW ENFORCEMENT/INTELLIGENCE
17
? Protect government cyberspace
  • US-CERT Operations Center
  • Security Line of Business (with OMB)
  • IT Standard Security Configuration Settings
    (with OMB)
  • NCRCG
  • GFIRST
  • CISO Forum

18
Launch initial NCRCG capabilities (completed).
Each agency improve one letter grade for each
component of the FISMA scorecard (Q1FY07).
Operationalize system to track federal
civilian agency compliance/progress in
implementing protective measures (Q1FY06).
Operationalize stable/ongoing NCRCG
capabilities (Q4FY05).
19
IT SECURITY LINE OF BUSINESS
  • Significant initiative in partnership with the
    Office of Management and Budget
  • Supports Priority 4 of the National Strategy to
    Secure Cyberspace, Securing Government
    Information Systems
  • Goals include
  • Improving and making more consistent security
    management processes and controls across
    government through reuse of proven best
    practices
  • Achieving savings or cost-avoidance through
    reduced duplication and economies of scale for
    common hardware, software, and shared IT services
  • DHS/NCSD is co-lead of a task force of 24
    Departments and agencies to identify challenges
    and solutions to strengthen agencies abilities
    to identify and defend against threats, correct
    vulnerabilities, and manage resulting risks.

STRATEGIC INITIATIVES
20
? Increase dissemination, awareness, and
analysis of threats and responses.
US-CERT Operations Center US-CERT Einstein
Program National Cyber Alert System US-CERT
Portal NCRCG GFIRST CISO Forum
21
Install US-CERT Einstein Program at the six
volunteer pilot locations (Q3FY05). Launch
Einstein production capability (Q1FY06).
Integrate Homeland Security Information Network
(HSIN) with US-CERT Portal (Q3FY05). Draft
Common Malware Enumeration (CME) standard
(Q3FY05). Complete two portal upgrades to
increase customer satisfaction, average number of
return visits per user, and average time spent on
portal per user (Q2 and Q4FY05).
22
US-CERT EINSTEIN PROGRAM
  • Einstein is an innovative program designed to
    build cyber-related situational awareness. This
    automated system
  • Facilitates flow data sharing from federal
    government agencies Internet access gateways and
    analyzes associated traffic patterns and
    behavior
  • Provides US-CERT and participating agencies a
    better cyber security view and understanding
    across the federal government.
  • Information sharing increases situational
    awareness and facilitates the governments
    ability to
  • identify and respond to cyber threats and attacks
  • improve network security
  • increase the resiliency of critical,
    electronically delivered government services
  • enhance the survivability of the Internet

US-CERT OPERATIONS
23
NATIONAL CYBER ALERT SYSTEM
  • Delivers targeted, timely, and actionable
    information to all citizens computer security
    professionals to home computer users with basic
    skills to allow them to secure their computer
    systems
  • Identifies, analyzes, and prioritizes emerging
    vulnerabilities and threats
  • Relays computer security update and warning
    information to all users
  • Alerts are issued to subscription mailing lists
    as well as posted on the US-CERT Web site
    (www.uscert.gov)

US-CERT OPERATIONS
24
? Create and pursue an international cyber
strategy to secure cyberspace.
International Sharing and Response Coordination
Coordinate bilateral and multilateral efforts
to foster public-private partnership in
international cyber security (Ongoing).
Establish framework for five key allies
cooperation (completed). Implement short-term
information sharing objectives (Q3FY05).
Establish process for work on long-term
international watch, warning, and incident
response framework (Yearly/Phases).
25
NCSD INTERNATIONAL PROGRAM
  • National Strategy to Secure Cyberspace
    Cyberspace is borderless and our ability to
    defend our Nation from cyber attack depends on
    international cooperation through information
    sharing and joint efforts
  • NCSD International Program Objectives
  • Promote international cooperation on cyber
    security through bilateral and multilateral
    efforts in operations, strategic initiatives, and
    policy making
  • Promote cooperation with industry and critical
    infrastructure sectors globally
  • Encourage computer security incident response
    teams (CSIRTs) to provide points-of-contact
    information and share cyber security information
    on a regular basis
  • Promote increased computer security incident
    response capabilities through training and
    technical assistance
  • Promote adoption of the Council of Europe
    Convention on Cybercrime
  • NCSD International Program Initiatives
  • Bilateral cooperation with Canada, UK, India
    (among others) on cyber security
  • Collaborative arrangement among close allies
    (Australia, Canada, New Zealand, UK) for
    information sharing, incident response
    coordination, and strategic initiatives
  • Building International Watch and Warning Network
    in 15-country effort for information sharing and
    incident response coordination between government
    policy makers, computer security incident
    response teams with national responsibility, and
    law enforcement

DIRECTORS OFFICE
26
? Promote collaboration, coordination, and
information sharing among public, private, and
international communities.
? US-CERT Portal ? National Cyber Alert
System ? Computer Network Defense Services ?
DHS Cyber Security Partner Program ?
International Sharing and Response Coordination
(see Objective 1.4)
27
Create federal version of Computer Network
Defense Service Provider (CNDSP) for incident
response teams (Q4FY05). Evaluate CNDSP
metrics by selected federal incident response
teams (Q3-Q4FY06). Conduct US-CERT self
assessment using federal version (Q1FY06).
Develop plan to implement CNDSP metrics across
the federal government (Q2FY07). Launch
capability to submit cyber-related PCII data
electronically (Completed). Develop
information sharing policies and practices
(Completed). CISO community to develop risk
management methodology (Q3FY05).
28
? Improve the nations ability to respond to
cyber incidents by creating, sponsoring, and
learning from national, regional, and interagency
exercises and workshops.
NCSD Cyber Exercise Program National Cyber
Exercise (Cyber Storm) Regional Cyber Exercise
Program Interagency Cyber Exercise Program
Conduct the national level cyber exercise
(Q1FY06).
29
? Improve the cyber security of critical
infrastructures.
National Infrastructure Protection Plan (NIPP)
Develop IT Sector vulnerability assessment
methodology and compile FY05 vulnerability
assessment information (Q3FY05).
30
PREVENTING INTERNET DISRUPTION
  • Established Internet Disruption Working Group
    (IDWG) in partnership with National
    Communications System (NCS)
  • Addressing the following questions
  • Which sectors are functionally dependent on the
    Internet?
  • What companies do we need to work with to prevent
    a disruption of national consequence and assist
    in the reconstitution efforts if an event occurs?
  • What surge capabilities would be needed if an
    event occurs?
  • (e.g. coordination and analysis)
  • What is the likelihood that disruption scenarios
    would occur?
  • What key assets would be affected?
  • What short-term protective measures would be
    needed?
  • Goal of identifying and prioritizing short-term
    protective measures necessary to prevent major
    disruptions of the Internet and
    responsive/reconstitution measures in the event
    of a major disruption

STRATEGIC INITIATIVES
31
? Promote cyber security and reduce
vulnerabilities of control systems.
US-CERT Control Systems Center
Sponsor government/industry workshops to
increase awareness of potential cyber incident
impacts and vulnerabilities (Q3FY05). Develop
Control Systems Security Framework (Q3FY05).
Develop taxonomies of control systems standards
across all sectors (Q4FY05). Provide control
systems operators with web-based toolkit
(Q4FY05). Publish FY05 control systems report
to ST (Q3FY05).
32
CONTROL SYSTEMS SECURITY
  • Control systems (or Supervisory Control and Data
    Acquisition (SCADA) systems) embedded throughout
    critical infrastructures
  • NCSD Control Systems initiative coordinates
    efforts among federal, state, and local
    governments, and control system owners,
    operators, and vendors
  • Major Initiatives
  • US-CERT Control Systems Watch Operation
    coordinates control system incident management,
    provides timely situational awareness
    information, and manages control system
    vulnerability and threat reduction activities
  • US-CERT Control Systems Security Center brings
    together government, industry, and academia to
    reduce vulnerabilities, respond to threats, and
    foster public/private collaboration
  • Process Control Systems Forum collaborating to
    accelerate technology development to enhance
    security, safety, and reliability of process
    control and SCADA systems

STRATEGIC INITIATIVES
33
? Promote the security of software across the
development life cycle.
Software Assurance Industry Forum Software
Development Common Body of Knowledge Software
Assurance Security Tools Evaluation Software
Acquisition and Procurement Improvements
34
Publish materials, for training software
assurance process improvement methodologies
(Q3FY05). Conduct Software Assurance
Conference/Forum (Completed). Develop
repository of recommended standards and best
practices for secure software development
(Q3FY05). Inventory with NIST existing
software assurance tools and measure
effectiveness (Q4FY05). Publish draft software
security common body of knowledge required for
software developers (Q4FY05).
35
SOFTWARE ASSURANCE PROGRAM
  • Program promotes security of software across the
    development lifecycle to improve cyber security
    of the national critical infrastructure by
    increasing the security, reliability, and quality
    attributes of computer software
  • Comprehensive approach to produce a better
    trained/educated software development workforce,
    to refine software development processes and
    tools, and to improve customer requirements for
    acquisition of reliable and secure software
    through
  • People Developing common body of knowledge for
    education curriculum
  • Processes Publishing software development
    lifecycle practical guidance, reference
    materials, and industry benchmarks
  • Technology Creating a set of studies and
    experiments, in coordination with NIST, to
    assess, measure, and validate effectiveness of
    software assurance security tools
  • Acquisition Improving the procurement process
    by embedding software assurance requirements up
    front in federal contract language

STRATEGIC INITIATIVES
36
? Promote cyber security standards and best
practices.
Cyber Security Standards and Best Practices
Complete comprehensive review of the National
Information Assurance Partnership (NIAP)
(Q3FY05). Sponsor/coordinate follow-on
conference to the Common Criteria Users Forum to
develop recommendations and practical means to
improve the CC process (Q1FY06). Explore
development of protection profiles (PP) for use
commercially for commercial off-the-shelf (COTS)
products. (Q1FY06).
37
? Promote awareness of cyber security.
Partnership with National Cyber Security
Alliance (NCAS) National Webcast Initiative
National Cyber Security Month National Cyber
Alert System (NCAS)
38
Establish a national cyber security awareness
plan (Q3FY05). Conduct expert workshops and
produce white papers on priority and emerging
cyber-security issues (Ongoing). Complete
government/industry assessment that identifies
highest areas of impact to focus resource
(Q3FY05). Develop outreach partnership
commitments with the private sector to increase
cyber security awareness (Completed/Ongoing).
Enhance US-CERT website to effectively
communicate program accomplishments and
initiatives (Q3FY05). Create National Cyber
Security Division Outreach Program (Q3FY05).
39
OUTREACH AWARENESS
  • Outreach and awareness program
  • Provide cyber security information
  • Coordinating government and government-industry
    efforts to collaborate on increasing cyber
    security awareness and preparedness
  • Stakeholder outreach and engagement
  • Industry
  • Government
  • General public

OUTREACH AWARENESS
40
? Promote the development of cyber security
professionals through training and education
programs.
National Centers of Academic Excellence in
Information Assurance Education (CAEIAE) Program
(with NSA) National Scholarship for Service
Program (Cyber Corps) (with NSF) IT Security
Professional Certification Program Shared
Cyber Security Training Resources
41
  • Identify initial job tasks of cyber security
    roles within DOD to be vetted with federal
    agencies, private industry, and academia
    (Q3FY05).
  • Sponsor workshops/meetings on skills standards,
    process, governance, and goals for developing an
    IT security professional certification for
    industry, academia, and government (Q4FY05).
  • Initiate federal agency-wide and private sector
    job task analyses (Q4FY05).
  • Publish a draft nation-wide IT Security
    Professional job task analysis by incorporating
    input from the private sector and federal-wide
    job task analyses (Q1FY06).
  • Co-sponsored a winter job fair for SFS students
    to aid placement in federal government jobs and
    summer internships (Completed).
  • Participate on the SFS Interagency Coordinating
    Committee (Ongoing).

42
? Improve coordinated cyber intelligence
capability.
National Cyber Response Coordinating Group
(NCRCG) Cyber Cop Portal Sector Specific
Top Ten Bad Actors Cyber Security Database
Cyber Incident Database National Cyber
Incident Survey State of the State Conference
43
Operationalize pilot of cyber incident database
(Q3FY05).
Conduct assessment of cyber incident database
pilot program (Q1FY06).
Launch (production) cyber incident database
(Q2FY06).
Publish results of cyber incident survey
(Q2FY06).
44
? Improve threat detection and deterrence
capabilities.
National Cyber Survey Cyber Defense
Survey Sector Specific Top Ten Bad Actors
Cyber Cop Portal Electronic Criminal
Investigation Forum
45
Publish results of cyber incident survey
(Q2FY06). Launch redesigned Cyber Cop Portal
(Q3FY05). Partner with National White Collar
Crime Center to establish electronic criminal
investigation forum (Q4FY05). Convene quarterly
workshops with cyber law enforcement,
intelligence, and other stakeholders to share and
review cyber threats and analyses
(3QFY05/Ongoing).
46
NATIONAL CYBER SURVEY
  • First statistically relevant study of the effects
    of cyber incidents in the United States, in
    partnership with the DOJs Bureau of Justice
    Statistics (BJS)
  • National survey distribution to 36,000 small,
    medium, and large businesses, and covering all of
    the critical infrastructure sectors
  • Survey will allow policy makers at all levels to
    make strategic decisions about information
    technology security planning and resource
    allocation based on accurate data especially
    useful to law enforcement

LAW ENFORCEMENT/INTELLIGENCE
47
Promote a clear understanding of vision,
mission, and strategy. Develop planning,
programming, budget, and financial execution
plans. Use strategic and operational plans and
performance metrics to drive organizational
success. Develop a diverse and effective
workforce within an entrepreneurial and
results-driven culture. Promote and represent
NCSD and US-CERT roles and capabilities to key
stakeholders and ensure standard cyber messaging
is incorporated internally and externally to DHS.
48
Administration Strategic Planning Budget
and Finance Human Capital International
Program Policy COOP PCII
49
Sign up to receive alerts and important cyber
security information on the National Cyber Alert
System (NCAS). Register on the US-CERT web site
www.us-cert.gov/cas/signup.html
Cyber Tips
Best Practices
How-To Guidance
Cyber Webcasts
50
Cyber security is a shared responsibility that
cannot be shouldered by government alone. Your
help is needed to protect cyberspace and
Americas cyber assets. To assist US-CERT
efforts to build cyber situational awareness,
report
Security incidents
Malicious code
Vulnerability information
To US-CERT at soc_at_us-cert.gov (888-282-0870)
51
(No Transcript)
Write a Comment
User Comments (0)
About PowerShow.com