Download Open resource

Cyber Security & Homeland Security:
Cyber Security for CIKR and SLTT
Michael Leking
Cyber Security Advisor – Northeast Region
Office of Cybersecurity and Communications (CS&C)
U.S. Department of Homeland Security (DHS)
19 March 2014
Office of Cybersecurity and Communications
MISSION:
To enhance the security, resilience, and reliability of the Nation’s cyber
and communications infrastructure.
Capabilities:
 CS&C works collaboratively with public, private, and international entities to
secure, assess, and mitigate cyber risk; and prepare for, prevent, and respond to
cyber incidents.
 CS&C leads efforts to protect the federal “.gov” domain of civilian government
networks and to collaborate with the private sector—the “.com” domain—to
increase the security of critical networks.
 Build and maintain a world-class organization to advance the Nation’s
cybersecurity preparedness and raise awareness across the Nation on
cybersecurity
 Sector-Specific Agency for the Communications and Information Technology
(IT) sectors, CS&C coordinates national-level reporting that is consistent with
the National Response Framework (NRF).
Presenter’s Name
June 17, 2003
2
Cyber Security Advisor Initiative
Roles and Responsibilities







Assist in the identification of cyber systems, networks, and infrastructure
supporting CIKR assets and be knowledgeable of corresponding
interdependencies in their region
Coordinate and lead cyber security evaluations of critical infrastructure
within the region represented
Raise awareness of CS&C activities
Function as the National Cyber Security Division representative to State
and local emergency operations centers (EOCs) and State and local fusion
centers
Establish working relationship and rapport with State and local area
CISOs in the region represented
Coordinate with Federal personnel within region to integrate cyber
security response and assessment perspectives (i.e., with PSAs, FEMA,
Federal LE, etc)
Coordinate cyber and communications incident response
Presenter’s Name
June 17, 2003
3 3
The Cybersecurity Framework
 In February 2013 the President issues Executive Order 13636: Improving
Critical Infrastructure Cybersecurity
 One component of that Executive Order directed the National Institute of
Standards and Technology (NIST) to work with stakeholders to develop a
voluntary framework – based on existing standards, guidelines, and
practices - for reducing cyber risks to critical infrastructure
 The resulting Cybersecurity Framework (CSF), created through
collaboration between industry and government, consists of standards,
guidelines, and practices to promote the protection of critical
infrastructure
 The prioritized, flexible, repeatable, and cost-effective approach of the
Framework helps owners and operators of critical infrastructure to manage
cybersecurity-related risk
Additional information on the NIST Cybersecurity Framework can be found on
the official webpage at http://www.nist.gov/cyberframework/
4
Critical Infrastructure
Cyber Community (C3)
Website:


http://www.us-cert.gov/ccubedvp
General C3 inquiries:
[email protected]


DHS launched the C3 Program in February,
2014 to complement the launch of the NIST
CSF
The C³ Voluntary Program helps sectors and
organizations that want to use the CSF by
connecting them to existing cyber risk
management capabilities provided by DHS,
other U.S. Government organizations, and the
private sector.
The C3 website (http://www.uscert.gov/ccubedvp) describes the various
programs DHS offers to critical infrastructure
partners, including Federal, State, local, and
private sector organizations
Many of the programs described on the
following slides can also be found on the
website
5
Cyber Resilience and the Framework
Relationship between DHS’ Cyber Resilience Review and the
Cybersecurity Framework.
Identify
Services
Create Asset
Inventory
Protect
& Sustain
Assets
Identify and
prioritize
services
Identify assets,
align assets to
services, and
inventory assets
Establish risk
management,
resilience
requirements,
control objectives,
and controls
Disruption
Management
Establish
continuity
requirements
for assets
and develop
service
continuity
plans
Cyber
Exercise
Define objectives
for cyber exercise,
perform
exercises, and
evaluate results
Process Management and Improvement
Homeland
Security
of Cybersecurity and Communications
* CRR to NIST CSFOffice
crosswalk
available
6 6
A Wide Range of Offerings for Critical Infrastructure
 Technical Assistance
– National Cybersecurity and
Communications Integration
Center (NCCIC)
• US-CERT Operations Center
o Remote and On-Site Assistance
o Malware Analysis
o Incident Response Teams
• ICS-CERT Operations Center
o ICS-CERT Malware Lab
o Cyber Security Evaluation Tool
o Incident Response Teams
• NCATS
o Cyber Hygiene service
o Risk and Vulnerability
Assessment
 Resilience and Strategy
– US-CERT
• National Cyber Awareness System
• Vulnerability Notes Database
• Security Publications
– Control Systems Security Program
• Cybersecurity Training
• Information Products and
Recommended Practices
– Cyber Exercise Program
– Cyber Security Evaluations
Program
• Cyber Resilience Review
• Cyber Infrastructure Survey Tool
7
DHS’ Cyber Security Evaluations:
• Cyber Resilience Review (CRR)
• Cyber Security Evaluation Tool (CSET)
• Cyber Infrastructure Survey Tool (C-IST)
• Cyber Hygiene (CH) Evaluations
• Pen Test (aka RVA)
• ICS Architecture Review
• Cybersecurity Framework
Presenter’s Name
June 17, 2003
8 8
Cyber Resilience Review (CRR)
 Based on the CERT® Resilience Management Model (RMM), a process
improvement model for managing operational resilience
 Development of CRR methodology began in early 2009
 Deployment across all 18 CIKR sectors as well as State, local, tribal, and
territorial governments
 Primary goal: Evaluate how CIKR providers manage cyber security of
significant information services and assets (information, technology,
facilities, and personnel)
 Secondary goal: Identify opportunities for improvement in cyber security
management and reduce operational risks related to cyber security
Presenter’s Name
June 17, 2003
9
CRR Architecture Overview
10
Domains
Focused Activity
Required
(What to do to achieve
the capability)
Expected
(How to accomplish
the goal)
Domain
Goals
Domain
Practice
Questions
MIL Levels
[per Domain]
MIL Questions
[per Domain]
Process
Institutionalization
Elements
10
CRR Domains
Configuration and Change
Management
ensure the integrity of IT systems and networks
IM
identify, document, and manage assets during
their life cycle
Incident Management
SCM
CCM
AM
Asset Management
Controls Management
identify, analyze, and manage IT and security
controls
EXD
TRNG
identify, analyze, and mitigate risks to critical
service and IT assets
Vulnerability Management
identify, analyze, and manage vulnerabilities
Service Continuity Management
ensure the continuity of essential IT operations if a
disruption occurs
External Dependencies
Management
establish processes to manage an appropriate
level of IT, security, contractual, and
organizational controls that are dependent on the
actions of external entities
Training and Awareness
promote awareness and develop skills and
knowledge of people
Situational Awareness
SA
VM
CNTL
RISK
Risk Management
identify and analyze IT events, detect cyber
security incidents, and determine an
organizational response
actively discover and analyze information related
to immediate operational stability and security
11
Benefits of the CRR
 Identification of cyber security risks and improved organization-wide awareness
of the need for effective cyber security management
 Understanding how similar organizations manage cyber security around a
common critical infrastructure service
 DHS will provide organizations with a CRR Report that includes :
 Documented strengths and weaknesses in cyber security management
 Options for consideration to improve cyber security in support of critical infrastructure
operations
 Establish/strengthen collaborative relationships with DHS
 Increased awareness of DHS programs related to cyber security:
 Control Systems security
 Cyber exercises
 Training/education resources
Presenter’s Name
June 17, 2003
12
CRR Report
Presenter’s Name
June 17, 2003
13
DHS CRR Analytical Findings
14
Cyber Resilience Workshops
 DHS facilitated four or eight-hour workshop introduces cyber security managers and
practitioners to cyber resilience concepts and to capability and capability building activities in
key performance areas related to cyber security, IT operations, and business continuity.
 These collaborative and interactive workshops:
 Raise awareness to gaps in cyber management
practices and to process improvements for CIKR
and SLTT communities.
 Reinforce cyber security best practices and
examine resilience concepts and objectives.
 Share information with communities-ofinterest related to national cyber security
policies, initiatives, and federal capabilities.
 Enhance cyber incident response and
business continuity capabilities and discuss
federal coordination for incident notification,
containment, and recovery.
 What to Expect:
 A four or eight-hour, collaborative
workshop, with interactive discussions
between operations and cyber security
personnel.
 Structured dialogs and scenario walkthroughs to reinforce resilience concepts
and best practices.
 Sector/industry-specific content and
threat examples.
Presenter’s Name
June 17, 2003
15
Cyber Security Evaluation Tool (CSET )
TM



Stand-alone software application
Self-assessment using recognized standards
Tool for integrating cybersecurity into existing
corporate risk management strategy
CSET Download:
us-cert.gov/control_systems/csetdownload.html
16
Help and Guidance
Video
Tutorial
Users
Guide
Screen
Specific
Guidance
Topic/
Question
Help
17
Hard-copy Reports
18
Contact Information
Michael Leking ([email protected])
Cyber Security Advisor - Northeast Region
Office of Cybersecurity and Communications
Department of Homeland Security
Presenter’s Name
June 17, 2003
19