National Cyber Security Division/ U.S. Computer Emergency Readiness Team (US-CERT) Overview - PowerPoint PPT Presentation

Loading...

PPT – National Cyber Security Division/ U.S. Computer Emergency Readiness Team (US-CERT) Overview PowerPoint presentation | free to download - id: 51b5ca-MDg0Y



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

National Cyber Security Division/ U.S. Computer Emergency Readiness Team (US-CERT) Overview

Description:

National Cyber Security Division/ U.S. Computer Emergency Readiness Team (US-CERT) Overview Lawrence Hale Deputy Director, US-CERT March 10, 2004 17th ... – PowerPoint PPT presentation

Number of Views:153
Avg rating:3.0/5.0
Slides: 19
Provided by: Booz7
Learn more at: http://csrc.nist.gov
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: National Cyber Security Division/ U.S. Computer Emergency Readiness Team (US-CERT) Overview


1
National Cyber Security Division/ U.S. Computer
Emergency Readiness Team (US-CERT) Overview
  • Lawrence Hale
  • Deputy Director, US-CERT
  • March 10, 2004
  • 17th Federal Information Systems Security
    Educators Association

2
Mission
  • Mission components include
  • Identifying, analyzing and reducing threats and
    vulnerabilities
  • Disseminating threat warning information
  • Coordinating incident response
  • Providing technical assistance in continuity of
    operations and recovery
  • Serving as national focal point for the public
    and private sector regarding cyber security
    issues
  • Implement the National Strategy


The National Cyber Security Division (NCSD) is
the National focal point for addressing cyber
security issues in the United States.
3
The National Strategys Five Priorities
PRIORITY IMPLICATION
National Cyberspace Security Response System Rapid identification, information exchange, and remediation can mitigate damage Response system will involve public and private institutions and cyber centers to perform analyses, conduct watch and warning, enable information exchange, and facilitate restoration efforts
National Cyber Security Threat and Vulnerability Reduction Program Coordinated national efforts by government and private sector to identify and remediate serious cyber vulnerabilities through collaborative activities, such as sharing best practices and evaluating and implementing new technologies Raise awareness, increase criminal justice activities, and develop national security programs to deter cyber threats
National Cyberspace Security Awareness and Training Program Promote comprehensive national awareness program to empower all Americans businesses, workforce, and general population to secure their parts of cyberspace Foster adequate training and education programs for Nations cyber-security needs Promote private support for independent certification of cybersecurity professionals
Securing Governments Cyberspace Federal, State and Local Governments systems protection and resilience Continuously assess threats and vulnerabilities to cyber systems
International Cyberspace Security Cooperation Improve attack attribution and prevention capabilities International cooperation Facilitate and promote global culture of security Foster international watch-and-warning networks to detect emerging attacks
4
Homeland Security Presidential Directive
7 December 17, 2003
Paragraph 16. The Secretary will continue to
maintain an organization to serve as a focal
point for the security of cyberspace. The
organization will facilitate interactions and
collaborations between and among Federal
departments and agencies, State and local
governments, the private sector, academia and
international organizations. To the extent
permitted by law, Federal departments and
agencies with cyber expertise, including but not
limited to the Departments of Justice, Commerce,
the Treasury, Defense, Energy, and State, and the
Central Intelligence Agency, will collaborate
with and support the organization in
accomplishing its mission. The organization's
mission includes analysis, warning, information
sharing, vulnerability reduction, mitigation, and
aiding national recovery efforts for critical
infrastructure information systems. The
organization will support the Department of
Justice and other law enforcement agencies in
their continuing missions to investigate and
prosecute threats to and attacks against
cyberspace, to the extent permitted by law.
5
NCSDs Integrated Capability
Strategy, Policy, Programs Support,
Studies, Analysis, and Policy Leadership
US-CERT The National Cyber Preparedness and
Response System
FedCIRC Securing Governments Cyberspace
6
US-CERT Readiness
  • The National Response System
  • National Level Watch and Incident Management
  • 24/7 Watch Operations
  • Cyber Interagency Incident Management Group
    (C-IIMG)
  • Develop and practice capabilities Livewire
  • Early warning initiatives and displays
  • Vulnerability Assessment and Remediation
  • Current and potential vulnerabilities
    remediation mechanisms
  • Malware lab and analysis capability
  • Common vulnerabilities and exposures
    identification
  • Critical Infrastructure Program cyber review
    matrix
  • Internet infrastructure critical system matrix

7
Homeland Security Presidential Directive
7 December 17, 2003
Paragraph 16. The Secretary will continue to
maintain an organization to serve as a focal
point for the security of cyberspace. The
organization will facilitate interactions and
collaborations between and among Federal
departments and agencies, State and local
governments, the private sector, academia and
international organizations. To the extent
permitted by law, Federal departments and
agencies with cyber expertise, including but not
limited to the Departments of Justice, Commerce,
the Treasury, Defense, Energy, and State, and the
Central Intelligence Agency, will collaborate
with and support the organization in
accomplishing its mission. The organization's
mission includes analysis, warning, information
sharing, vulnerability reduction, mitigation, and
aiding national recovery efforts for critical
infrastructure information systems. The
organization will support the Department of
Justice and other law enforcement agencies in
their continuing missions to investigate and
prosecute threats to and attacks against
cyberspace, to the extent permitted by law.
8
US-CERT Readiness (continued)
  • Outreach Public-Private Partnership
  • Information dissemination, alerting and
    information products
  • Secure Communications Infrastructure for
    collaboration and response
  • National Cyber Security Summit
  • Partnerships for awareness, exchange and response
  • Incident Responders (Federal Government,
    International, Law Enforcement, Other)
  • Critical infrastructure owners and operators
  • Service providers and backbone providers
  • Security product vendors and software industry

9
National Cyber Security Division
  • Providing strategy and policy support and
    leadership
  • Software Assurance
  • Software development processes
  • Security enhancement through automated tools
  • International Collaboration
  • Intelligence community requirements
  • Economic analysis
  • Standards and best practices
  • NIAP review in conjunction with DoD and NIST, and
    others
  • Training and Education

10
Training and Education
  • Centers of Academic Excellence Program
  • Co-sponsor NSA Centers of Academic Excellence in
    Information Assurance Education and expand to
    National program
  • IT Security Professional Certification Effort
  • Work with DoD and Federal agencies to collect
    requirements for IT security professional
    certification
  • Define job functions, skills and knowledge
    required, and common body of knowledge
  • Scholarship for Service Program
  • Work with National Science Foundation and Federal
    CIO Council, Workforce Committee to promote
    Scholarship for Service Program among all Federal
    agencies
  • IT Security Awareness
  • Work with Department of Education and existing
    organizations such as EDUCAUSE and National Cyber
    Security Alliance to promote IT security training
    and education in universities and
    primary/secondary schools

11
FedCIRC Initiatives
  • Securing Governments Cyberspace
  • Security Analysis Program
  • Passive vulnerability discovery and analysis
    capability
  • Capability exists on existing systems, being
    deployed
  • Incident Management
  • Processes, incident support and correlation
  • Consolidated NIPC, FedCIRC and other watches
  • Security collaboration groups
  • CISO Forum, GFIRST, others

12
National Cyber Alert System
  • Provides credible and timely information on cyber
    security issues to include
  • Cyber Security Tips
  • Cyber Security Bulletin
  • Cyber Security Alerts
  • All information products are available on a free
    subscription basis and are delivered via email.
  • Sign up at www.us-cert.gov

13
Vulnerabilities
  • US-CERT has recently issued alerts on
  • Multiple Vulnerabilities in MS ASN.1 Library
  • HTTP Parsing Vulnerabilities in Checkpoint FW-1
  • Multiple Vulnerabilities in MS Internet Explorer
  • Actions taken may include release of standard and
  • technical advisories, informational bulletins,
    and
  • vulnerability notes coordination with affected
    vendors
  • coordination of remediation efforts with the
    federal
  • government and private industry LE and IC contact

14
Recent Events
  • E-mail Borne Viruses
  • Beagle/Bagle
  • Mydoom/Novarg/Doomjuice
  • Netsky
  • Blaster/Welchia/Nachi

15
Long-term needs
  • Stronger foundations
  • RD investments in
  • The science of information assurance
  • Well defined security properties of components
  • Security metrics
  • Component composition rules that preserve
    security properties
  • Engineering practices that build-in (rather than
    bolt-on) security
  • Protocols that limit damage from distributed
    attacks

16
Near to mid-term needs
  • Education and Training organizations
  • Undergraduate Graduate programs
  • Increased emphasis on secure development
    practices in CS Engineering programs
  • Executive education programs on risk management
    and information security
  • Security training for IT staff

17
Near to mid-term needs
  • Software Developers
  • Dramatic reduction in the number of
    vulnerabilities
  • Secure out-of-the-box configurations
  • Virus-proof software
  • Response Groups
  • Global indications and warning systems with
    predictive capabilities

18
Lawrence Hale Deputy Director, NCSD, US-CERT 202
708-7000
About PowerShow.com