Title: DHSNational Cyber Security Division: Cyber Security for Our Nation
1DHS/National Cyber Security DivisionCyber
Security for Our Nation
- Andy Purdy
- Acting Director, National Cyber Security Division
- NCSD Overview
- April 25, 2005
2Three Key Objectives Guide the Work of the
Department of Homeland Security
Authorization Homeland Security Act of 2002 at
Title 6, U.S. Code
3Directorates of the Department of Homeland
Security
Emergency Preparedness and Response
Science and Technology
Border and Transportation Security
Management
Information Analysis and Infrastructure Protectio
n
4Information Analysis and Infrastructure
Protection National Cyber Security Division
Information Analysis and Infrastructure
Protection (IAIP) Directorate
Information Analysis
Infrastructure Protection
Infrastructure Coordination Division
Protective Security Division
National Communications System
National Cyber Security Division
5Two Key Strategies Provide a Road Map for the
Protection of Cyber Space
The National Strategy to Secure Cyberspace
Homeland Security Presidential Directive-7
(HSPD-7)
6NCSD Mission
- To secure cyberspace and Americas cyber assets
in partnership with public, private, and
international entities.
7NCSD goals are strategically aligned with the
National Strategy to Secure Cyberspace HSPD-7
8National Cyber Security Division/US-CERT
DHS Cyber Security Partner Program Howard
Schmidt Office of Director Strategic
Planning Policy International Management
(Budget, HR) COOP PCII
Acting Director Andy Purdy
US-CERT Operations Jerry Dixon
Outreach/Awareness Liesyl Franz
LE/Intelligence Patrick Morrissey
Situational Awareness Analytical
Cell Production Federal Coordination
CIP Cyber Security Control Systems
Security Software Assurance Training
Education Exercise Planning Coordination Standar
ds Best Practices RD Coordination
Communications Messaging Outreach to
Stakeholders Cyber Security Awareness
Building Partnerships
Intel Requirements LE Coordination NCRCG
9NCSD Organizational Branches
Detect
Attribute
Respond
Reconstitute
10NCSD uses a lifecycle approach to implement its
goals across all stakeholder groups
Cross-agency Federal, State, and Local
Detect
Reconstitute
Recognize
Cross-sector Public and Private
Mitigate
Attribute
Cross-geography American public, international
Respond
11NCSD GOALS
1. Establish a National Cyber Security Response
System to prevent, predict, detect, respond to,
and reconstitute rapidly after cyber incidents.
2. Work with public and private sectors to reduce
vulnerabilities and minimize the severity of
cyber attacks.
3. Promote a comprehensive national awareness
program to empower all Americans - businesses,
the general workforce, and the general population
- to secure their own parts of cyberspace.
4. Foster adequate training and education
programs to support the Nations cyber security
needs.
5. Coordinate with the intelligence and law
enforcement communities to identify and reduce
threats to cyberspace.
6. Build a world-class organization that
aggressively advances its cyber security mission
and goals in partnership with its public and
private stakeholders.
12? Build and improve situational awareness
capability.
US-CERT Operations Center 24x7x365 watch and
warning capability and incident response
US-CERT Einstein Program US-CERT Portal
National Cyber Response Coordination Group
(NCRCG) National Cyber Alert System
13 Build initial capability to detect, analyze,
and respond to cyber events (completed).
Create robust capability to detect, analyze, and
respond to cyber events (Q2FY06).
14US-CERT OPERATIONS CENTER
- United States Computer Emergency Readiness Team
(US-CERT) established to protect the nations
Internet infrastructure - 24x7x365 watch and warning capability providing
operational support for monitoring the status of
systems and networks and responding to cyber
incidents. - Partnership between the Department of Homeland
Security and the public and private sectors. - US-CERT coordinates defense against and responses
to cyber attacks, and is responsible for
analyzing and reducing cyber threats and
vulnerabilities, disseminating cyber threat
warning information, and coordinating incident
response activities
US-CERT OPERATIONS
15US-CERT PORTAL
- A secure, web-based collaborative system that
allows US-CERT to share sensitive cyber-related
information with government and industry members.
- Provides for alert notification, secure e-mail
messaging, live chat, on-going forum discussions,
document libraries, and a contact locator
feature. - Provides instant access to the US-CERT Operations
team, the US-CERT Cyber Daily Briefing containing
a snapshot of the state of cyberspace, and
updated cyber-event and other newsworthy
information. - Will merge with the DHS Homeland Security
Information Network (HSIN) and become the cyber
component for the overall system.
US-CERT OPERATIONS
16NATIONAL CYBER RESPONSE COORDINATION GROUP
- NCRCG facilitates coordination of
intra-governmental and public-private
preparedness and operations to respond to, and
recover from, incidents and attacks that have
significant cyber consequences - NCRCG brings together senior officials from
national security, law enforcement, defense,
intelligence, and other government agencies that
maintain significant cyber security
responsibilities and capabilities - Status
- Monthly meetings initiated in January 2004
- Developed working Charter and CONOPS
- Developed emergency notification system has been
tested, two exercises - Developed two working groups (Botnets and
Attribution), developing another (Preparedness),
and contemplating two others (Active Defense,
Classified Intrusion Sets)
LAW ENFORCEMENT/INTELLIGENCE
17? Protect government cyberspace
- US-CERT Operations Center
- Security Line of Business (with OMB)
- IT Standard Security Configuration Settings
(with OMB) - NCRCG
- GFIRST
- CISO Forum
18 Launch initial NCRCG capabilities (completed).
Each agency improve one letter grade for each
component of the FISMA scorecard (Q1FY07).
Operationalize system to track federal
civilian agency compliance/progress in
implementing protective measures (Q1FY06).
Operationalize stable/ongoing NCRCG
capabilities (Q4FY05).
19IT SECURITY LINE OF BUSINESS
- Significant initiative in partnership with the
Office of Management and Budget - Supports Priority 4 of the National Strategy to
Secure Cyberspace, Securing Government
Information Systems - Goals include
- Improving and making more consistent security
management processes and controls across
government through reuse of proven best
practices - Achieving savings or cost-avoidance through
reduced duplication and economies of scale for
common hardware, software, and shared IT services
- DHS/NCSD is co-lead of a task force of 24
Departments and agencies to identify challenges
and solutions to strengthen agencies abilities
to identify and defend against threats, correct
vulnerabilities, and manage resulting risks.
STRATEGIC INITIATIVES
20? Increase dissemination, awareness, and
analysis of threats and responses.
US-CERT Operations Center US-CERT Einstein
Program National Cyber Alert System US-CERT
Portal NCRCG GFIRST CISO Forum
21 Install US-CERT Einstein Program at the six
volunteer pilot locations (Q3FY05). Launch
Einstein production capability (Q1FY06).
Integrate Homeland Security Information Network
(HSIN) with US-CERT Portal (Q3FY05). Draft
Common Malware Enumeration (CME) standard
(Q3FY05). Complete two portal upgrades to
increase customer satisfaction, average number of
return visits per user, and average time spent on
portal per user (Q2 and Q4FY05).
22US-CERT EINSTEIN PROGRAM
- Einstein is an innovative program designed to
build cyber-related situational awareness. This
automated system - Facilitates flow data sharing from federal
government agencies Internet access gateways and
analyzes associated traffic patterns and
behavior - Provides US-CERT and participating agencies a
better cyber security view and understanding
across the federal government. - Information sharing increases situational
awareness and facilitates the governments
ability to - identify and respond to cyber threats and attacks
- improve network security
- increase the resiliency of critical,
electronically delivered government services - enhance the survivability of the Internet
US-CERT OPERATIONS
23NATIONAL CYBER ALERT SYSTEM
- Delivers targeted, timely, and actionable
information to all citizens computer security
professionals to home computer users with basic
skills to allow them to secure their computer
systems - Identifies, analyzes, and prioritizes emerging
vulnerabilities and threats - Relays computer security update and warning
information to all users - Alerts are issued to subscription mailing lists
as well as posted on the US-CERT Web site
(www.uscert.gov)
US-CERT OPERATIONS
24? Create and pursue an international cyber
strategy to secure cyberspace.
International Sharing and Response Coordination
Coordinate bilateral and multilateral efforts
to foster public-private partnership in
international cyber security (Ongoing).
Establish framework for five key allies
cooperation (completed). Implement short-term
information sharing objectives (Q3FY05).
Establish process for work on long-term
international watch, warning, and incident
response framework (Yearly/Phases).
25NCSD INTERNATIONAL PROGRAM
- National Strategy to Secure Cyberspace
Cyberspace is borderless and our ability to
defend our Nation from cyber attack depends on
international cooperation through information
sharing and joint efforts - NCSD International Program Objectives
- Promote international cooperation on cyber
security through bilateral and multilateral
efforts in operations, strategic initiatives, and
policy making - Promote cooperation with industry and critical
infrastructure sectors globally - Encourage computer security incident response
teams (CSIRTs) to provide points-of-contact
information and share cyber security information
on a regular basis - Promote increased computer security incident
response capabilities through training and
technical assistance - Promote adoption of the Council of Europe
Convention on Cybercrime - NCSD International Program Initiatives
- Bilateral cooperation with Canada, UK, India
(among others) on cyber security - Collaborative arrangement among close allies
(Australia, Canada, New Zealand, UK) for
information sharing, incident response
coordination, and strategic initiatives - Building International Watch and Warning Network
in 15-country effort for information sharing and
incident response coordination between government
policy makers, computer security incident
response teams with national responsibility, and
law enforcement
DIRECTORS OFFICE
26? Promote collaboration, coordination, and
information sharing among public, private, and
international communities.
? US-CERT Portal ? National Cyber Alert
System ? Computer Network Defense Services ?
DHS Cyber Security Partner Program ?
International Sharing and Response Coordination
(see Objective 1.4)
27 Create federal version of Computer Network
Defense Service Provider (CNDSP) for incident
response teams (Q4FY05). Evaluate CNDSP
metrics by selected federal incident response
teams (Q3-Q4FY06). Conduct US-CERT self
assessment using federal version (Q1FY06).
Develop plan to implement CNDSP metrics across
the federal government (Q2FY07). Launch
capability to submit cyber-related PCII data
electronically (Completed). Develop
information sharing policies and practices
(Completed). CISO community to develop risk
management methodology (Q3FY05).
28? Improve the nations ability to respond to
cyber incidents by creating, sponsoring, and
learning from national, regional, and interagency
exercises and workshops.
NCSD Cyber Exercise Program National Cyber
Exercise (Cyber Storm) Regional Cyber Exercise
Program Interagency Cyber Exercise Program
Conduct the national level cyber exercise
(Q1FY06).
29? Improve the cyber security of critical
infrastructures.
National Infrastructure Protection Plan (NIPP)
Develop IT Sector vulnerability assessment
methodology and compile FY05 vulnerability
assessment information (Q3FY05).
30PREVENTING INTERNET DISRUPTION
- Established Internet Disruption Working Group
(IDWG) in partnership with National
Communications System (NCS) - Addressing the following questions
- Which sectors are functionally dependent on the
Internet? - What companies do we need to work with to prevent
a disruption of national consequence and assist
in the reconstitution efforts if an event occurs? - What surge capabilities would be needed if an
event occurs? - (e.g. coordination and analysis)
- What is the likelihood that disruption scenarios
would occur? - What key assets would be affected?
- What short-term protective measures would be
needed? - Goal of identifying and prioritizing short-term
protective measures necessary to prevent major
disruptions of the Internet and
responsive/reconstitution measures in the event
of a major disruption
STRATEGIC INITIATIVES
31? Promote cyber security and reduce
vulnerabilities of control systems.
US-CERT Control Systems Center
Sponsor government/industry workshops to
increase awareness of potential cyber incident
impacts and vulnerabilities (Q3FY05). Develop
Control Systems Security Framework (Q3FY05).
Develop taxonomies of control systems standards
across all sectors (Q4FY05). Provide control
systems operators with web-based toolkit
(Q4FY05). Publish FY05 control systems report
to ST (Q3FY05).
32CONTROL SYSTEMS SECURITY
- Control systems (or Supervisory Control and Data
Acquisition (SCADA) systems) embedded throughout
critical infrastructures - NCSD Control Systems initiative coordinates
efforts among federal, state, and local
governments, and control system owners,
operators, and vendors - Major Initiatives
- US-CERT Control Systems Watch Operation
coordinates control system incident management,
provides timely situational awareness
information, and manages control system
vulnerability and threat reduction activities - US-CERT Control Systems Security Center brings
together government, industry, and academia to
reduce vulnerabilities, respond to threats, and
foster public/private collaboration - Process Control Systems Forum collaborating to
accelerate technology development to enhance
security, safety, and reliability of process
control and SCADA systems
STRATEGIC INITIATIVES
33? Promote the security of software across the
development life cycle.
Software Assurance Industry Forum Software
Development Common Body of Knowledge Software
Assurance Security Tools Evaluation Software
Acquisition and Procurement Improvements
34 Publish materials, for training software
assurance process improvement methodologies
(Q3FY05). Conduct Software Assurance
Conference/Forum (Completed). Develop
repository of recommended standards and best
practices for secure software development
(Q3FY05). Inventory with NIST existing
software assurance tools and measure
effectiveness (Q4FY05). Publish draft software
security common body of knowledge required for
software developers (Q4FY05).
35SOFTWARE ASSURANCE PROGRAM
- Program promotes security of software across the
development lifecycle to improve cyber security
of the national critical infrastructure by
increasing the security, reliability, and quality
attributes of computer software - Comprehensive approach to produce a better
trained/educated software development workforce,
to refine software development processes and
tools, and to improve customer requirements for
acquisition of reliable and secure software
through - People Developing common body of knowledge for
education curriculum - Processes Publishing software development
lifecycle practical guidance, reference
materials, and industry benchmarks - Technology Creating a set of studies and
experiments, in coordination with NIST, to
assess, measure, and validate effectiveness of
software assurance security tools - Acquisition Improving the procurement process
by embedding software assurance requirements up
front in federal contract language
STRATEGIC INITIATIVES
36? Promote cyber security standards and best
practices.
Cyber Security Standards and Best Practices
Complete comprehensive review of the National
Information Assurance Partnership (NIAP)
(Q3FY05). Sponsor/coordinate follow-on
conference to the Common Criteria Users Forum to
develop recommendations and practical means to
improve the CC process (Q1FY06). Explore
development of protection profiles (PP) for use
commercially for commercial off-the-shelf (COTS)
products. (Q1FY06).
37? Promote awareness of cyber security.
Partnership with National Cyber Security
Alliance (NCAS) National Webcast Initiative
National Cyber Security Month National Cyber
Alert System (NCAS)
38 Establish a national cyber security awareness
plan (Q3FY05). Conduct expert workshops and
produce white papers on priority and emerging
cyber-security issues (Ongoing). Complete
government/industry assessment that identifies
highest areas of impact to focus resource
(Q3FY05). Develop outreach partnership
commitments with the private sector to increase
cyber security awareness (Completed/Ongoing).
Enhance US-CERT website to effectively
communicate program accomplishments and
initiatives (Q3FY05). Create National Cyber
Security Division Outreach Program (Q3FY05).
39OUTREACH AWARENESS
- Outreach and awareness program
- Provide cyber security information
- Coordinating government and government-industry
efforts to collaborate on increasing cyber
security awareness and preparedness - Stakeholder outreach and engagement
- Industry
- Government
- General public
OUTREACH AWARENESS
40? Promote the development of cyber security
professionals through training and education
programs.
National Centers of Academic Excellence in
Information Assurance Education (CAEIAE) Program
(with NSA) National Scholarship for Service
Program (Cyber Corps) (with NSF) IT Security
Professional Certification Program Shared
Cyber Security Training Resources
41- Identify initial job tasks of cyber security
roles within DOD to be vetted with federal
agencies, private industry, and academia
(Q3FY05). - Sponsor workshops/meetings on skills standards,
process, governance, and goals for developing an
IT security professional certification for
industry, academia, and government (Q4FY05). - Initiate federal agency-wide and private sector
job task analyses (Q4FY05). - Publish a draft nation-wide IT Security
Professional job task analysis by incorporating
input from the private sector and federal-wide
job task analyses (Q1FY06). - Co-sponsored a winter job fair for SFS students
to aid placement in federal government jobs and
summer internships (Completed). - Participate on the SFS Interagency Coordinating
Committee (Ongoing).
42? Improve coordinated cyber intelligence
capability.
National Cyber Response Coordinating Group
(NCRCG) Cyber Cop Portal Sector Specific
Top Ten Bad Actors Cyber Security Database
Cyber Incident Database National Cyber
Incident Survey State of the State Conference
43 Operationalize pilot of cyber incident database
(Q3FY05).
Conduct assessment of cyber incident database
pilot program (Q1FY06).
Launch (production) cyber incident database
(Q2FY06).
Publish results of cyber incident survey
(Q2FY06).
44? Improve threat detection and deterrence
capabilities.
National Cyber Survey Cyber Defense
Survey Sector Specific Top Ten Bad Actors
Cyber Cop Portal Electronic Criminal
Investigation Forum
45 Publish results of cyber incident survey
(Q2FY06). Launch redesigned Cyber Cop Portal
(Q3FY05). Partner with National White Collar
Crime Center to establish electronic criminal
investigation forum (Q4FY05). Convene quarterly
workshops with cyber law enforcement,
intelligence, and other stakeholders to share and
review cyber threats and analyses
(3QFY05/Ongoing).
46NATIONAL CYBER SURVEY
- First statistically relevant study of the effects
of cyber incidents in the United States, in
partnership with the DOJs Bureau of Justice
Statistics (BJS) - National survey distribution to 36,000 small,
medium, and large businesses, and covering all of
the critical infrastructure sectors - Survey will allow policy makers at all levels to
make strategic decisions about information
technology security planning and resource
allocation based on accurate data especially
useful to law enforcement
LAW ENFORCEMENT/INTELLIGENCE
47 Promote a clear understanding of vision,
mission, and strategy. Develop planning,
programming, budget, and financial execution
plans. Use strategic and operational plans and
performance metrics to drive organizational
success. Develop a diverse and effective
workforce within an entrepreneurial and
results-driven culture. Promote and represent
NCSD and US-CERT roles and capabilities to key
stakeholders and ensure standard cyber messaging
is incorporated internally and externally to DHS.
48 Administration Strategic Planning Budget
and Finance Human Capital International
Program Policy COOP PCII
49Sign up to receive alerts and important cyber
security information on the National Cyber Alert
System (NCAS). Register on the US-CERT web site
www.us-cert.gov/cas/signup.html
Cyber Tips
Best Practices
How-To Guidance
Cyber Webcasts
50Cyber security is a shared responsibility that
cannot be shouldered by government alone. Your
help is needed to protect cyberspace and
Americas cyber assets. To assist US-CERT
efforts to build cyber situational awareness,
report
Security incidents
Malicious code
Vulnerability information
To US-CERT at soc_at_us-cert.gov (888-282-0870)
51(No Transcript)