Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Post-quantum cryptography wikipedia , lookup
Citizen Lab wikipedia , lookup
IT risk management wikipedia , lookup
Mobile security wikipedia , lookup
Airport security wikipedia , lookup
Information security wikipedia , lookup
Security-focused operating system wikipedia , lookup
Cyberterrorism wikipedia , lookup
International cybercrime wikipedia , lookup
Computer security wikipedia , lookup
Cyber-security regulation wikipedia , lookup
Cyber Security & Homeland Security: Cyber Security for CIKR and SLTT Michael Leking Cyber Security Advisor – Northeast Region Office of Cybersecurity and Communications (CS&C) U.S. Department of Homeland Security (DHS) 19 March 2014 Office of Cybersecurity and Communications MISSION: To enhance the security, resilience, and reliability of the Nation’s cyber and communications infrastructure. Capabilities: CS&C works collaboratively with public, private, and international entities to secure, assess, and mitigate cyber risk; and prepare for, prevent, and respond to cyber incidents. CS&C leads efforts to protect the federal “.gov” domain of civilian government networks and to collaborate with the private sector—the “.com” domain—to increase the security of critical networks. Build and maintain a world-class organization to advance the Nation’s cybersecurity preparedness and raise awareness across the Nation on cybersecurity Sector-Specific Agency for the Communications and Information Technology (IT) sectors, CS&C coordinates national-level reporting that is consistent with the National Response Framework (NRF). Presenter’s Name June 17, 2003 2 Cyber Security Advisor Initiative Roles and Responsibilities Assist in the identification of cyber systems, networks, and infrastructure supporting CIKR assets and be knowledgeable of corresponding interdependencies in their region Coordinate and lead cyber security evaluations of critical infrastructure within the region represented Raise awareness of CS&C activities Function as the National Cyber Security Division representative to State and local emergency operations centers (EOCs) and State and local fusion centers Establish working relationship and rapport with State and local area CISOs in the region represented Coordinate with Federal personnel within region to integrate cyber security response and assessment perspectives (i.e., with PSAs, FEMA, Federal LE, etc) Coordinate cyber and communications incident response Presenter’s Name June 17, 2003 3 3 The Cybersecurity Framework In February 2013 the President issues Executive Order 13636: Improving Critical Infrastructure Cybersecurity One component of that Executive Order directed the National Institute of Standards and Technology (NIST) to work with stakeholders to develop a voluntary framework – based on existing standards, guidelines, and practices - for reducing cyber risks to critical infrastructure The resulting Cybersecurity Framework (CSF), created through collaboration between industry and government, consists of standards, guidelines, and practices to promote the protection of critical infrastructure The prioritized, flexible, repeatable, and cost-effective approach of the Framework helps owners and operators of critical infrastructure to manage cybersecurity-related risk Additional information on the NIST Cybersecurity Framework can be found on the official webpage at http://www.nist.gov/cyberframework/ 4 Critical Infrastructure Cyber Community (C3) Website: http://www.us-cert.gov/ccubedvp General C3 inquiries: [email protected] DHS launched the C3 Program in February, 2014 to complement the launch of the NIST CSF The C³ Voluntary Program helps sectors and organizations that want to use the CSF by connecting them to existing cyber risk management capabilities provided by DHS, other U.S. Government organizations, and the private sector. The C3 website (http://www.uscert.gov/ccubedvp) describes the various programs DHS offers to critical infrastructure partners, including Federal, State, local, and private sector organizations Many of the programs described on the following slides can also be found on the website 5 Cyber Resilience and the Framework Relationship between DHS’ Cyber Resilience Review and the Cybersecurity Framework. Identify Services Create Asset Inventory Protect & Sustain Assets Identify and prioritize services Identify assets, align assets to services, and inventory assets Establish risk management, resilience requirements, control objectives, and controls Disruption Management Establish continuity requirements for assets and develop service continuity plans Cyber Exercise Define objectives for cyber exercise, perform exercises, and evaluate results Process Management and Improvement Homeland Security of Cybersecurity and Communications * CRR to NIST CSFOffice crosswalk available 6 6 A Wide Range of Offerings for Critical Infrastructure Technical Assistance – National Cybersecurity and Communications Integration Center (NCCIC) • US-CERT Operations Center o Remote and On-Site Assistance o Malware Analysis o Incident Response Teams • ICS-CERT Operations Center o ICS-CERT Malware Lab o Cyber Security Evaluation Tool o Incident Response Teams • NCATS o Cyber Hygiene service o Risk and Vulnerability Assessment Resilience and Strategy – US-CERT • National Cyber Awareness System • Vulnerability Notes Database • Security Publications – Control Systems Security Program • Cybersecurity Training • Information Products and Recommended Practices – Cyber Exercise Program – Cyber Security Evaluations Program • Cyber Resilience Review • Cyber Infrastructure Survey Tool 7 DHS’ Cyber Security Evaluations: • Cyber Resilience Review (CRR) • Cyber Security Evaluation Tool (CSET) • Cyber Infrastructure Survey Tool (C-IST) • Cyber Hygiene (CH) Evaluations • Pen Test (aka RVA) • ICS Architecture Review • Cybersecurity Framework Presenter’s Name June 17, 2003 8 8 Cyber Resilience Review (CRR) Based on the CERT® Resilience Management Model (RMM), a process improvement model for managing operational resilience Development of CRR methodology began in early 2009 Deployment across all 18 CIKR sectors as well as State, local, tribal, and territorial governments Primary goal: Evaluate how CIKR providers manage cyber security of significant information services and assets (information, technology, facilities, and personnel) Secondary goal: Identify opportunities for improvement in cyber security management and reduce operational risks related to cyber security Presenter’s Name June 17, 2003 9 CRR Architecture Overview 10 Domains Focused Activity Required (What to do to achieve the capability) Expected (How to accomplish the goal) Domain Goals Domain Practice Questions MIL Levels [per Domain] MIL Questions [per Domain] Process Institutionalization Elements 10 CRR Domains Configuration and Change Management ensure the integrity of IT systems and networks IM identify, document, and manage assets during their life cycle Incident Management SCM CCM AM Asset Management Controls Management identify, analyze, and manage IT and security controls EXD TRNG identify, analyze, and mitigate risks to critical service and IT assets Vulnerability Management identify, analyze, and manage vulnerabilities Service Continuity Management ensure the continuity of essential IT operations if a disruption occurs External Dependencies Management establish processes to manage an appropriate level of IT, security, contractual, and organizational controls that are dependent on the actions of external entities Training and Awareness promote awareness and develop skills and knowledge of people Situational Awareness SA VM CNTL RISK Risk Management identify and analyze IT events, detect cyber security incidents, and determine an organizational response actively discover and analyze information related to immediate operational stability and security 11 Benefits of the CRR Identification of cyber security risks and improved organization-wide awareness of the need for effective cyber security management Understanding how similar organizations manage cyber security around a common critical infrastructure service DHS will provide organizations with a CRR Report that includes : Documented strengths and weaknesses in cyber security management Options for consideration to improve cyber security in support of critical infrastructure operations Establish/strengthen collaborative relationships with DHS Increased awareness of DHS programs related to cyber security: Control Systems security Cyber exercises Training/education resources Presenter’s Name June 17, 2003 12 CRR Report Presenter’s Name June 17, 2003 13 DHS CRR Analytical Findings 14 Cyber Resilience Workshops DHS facilitated four or eight-hour workshop introduces cyber security managers and practitioners to cyber resilience concepts and to capability and capability building activities in key performance areas related to cyber security, IT operations, and business continuity. These collaborative and interactive workshops: Raise awareness to gaps in cyber management practices and to process improvements for CIKR and SLTT communities. Reinforce cyber security best practices and examine resilience concepts and objectives. Share information with communities-ofinterest related to national cyber security policies, initiatives, and federal capabilities. Enhance cyber incident response and business continuity capabilities and discuss federal coordination for incident notification, containment, and recovery. What to Expect: A four or eight-hour, collaborative workshop, with interactive discussions between operations and cyber security personnel. Structured dialogs and scenario walkthroughs to reinforce resilience concepts and best practices. Sector/industry-specific content and threat examples. Presenter’s Name June 17, 2003 15 Cyber Security Evaluation Tool (CSET ) TM Stand-alone software application Self-assessment using recognized standards Tool for integrating cybersecurity into existing corporate risk management strategy CSET Download: us-cert.gov/control_systems/csetdownload.html 16 Help and Guidance Video Tutorial Users Guide Screen Specific Guidance Topic/ Question Help 17 Hard-copy Reports 18 Contact Information Michael Leking ([email protected]) Cyber Security Advisor - Northeast Region Office of Cybersecurity and Communications Department of Homeland Security Presenter’s Name June 17, 2003 19