CIAO.0209 - July 99 - 1 Critical Infrastructure Assurance Office Protecting America’s Cyberspace: Version 1.0 of the National Plan Jeffrey Hunker National.

Slides:

Advertisements

Similar presentations

Thai delegation Presentation at 4 th ARF seminar on Cyber-terrorism

Advertisements

Philippine Cybercrime Efforts

Critical Infrastructure Protection Policy Priorities Sara Pinheiro European Commission DG Home Affairs.

AFCEA DC Cyber Security Symposium Military Joint Cyber Command Panel Harry Raduege Lieutenant General, USAF (Ret) Chairman, Center for Network Innovation.

4-H Administrative Update 2006 Youth Development Institutes March 2006.

Panel themes of the International Conference “Europe against Counterfeit Medicines” G.N. Gildeeva, Deputy head of the Department of Registration of Medicines.

Prepared for: DISA September 17, 2003 Establishing a Government Information Security System Presented to the IT AND COMMUNICATIONS SYSTEMS SECURITY CONFERENCE.

The U.S. Coast Guard’s Role in Cybersecurity

Cyber Security R&D Challenges: A Homeland Security Perspective Simon Szykman, Ph.D. Director, Cyber Security R&D

Addressing Terrorist Use of the Internet, Cyber Crime and Other Threats: National Expert Workshop Forging a Comprehensive Approach to Cyber Security Richard.

DHS, National Cyber Security Division Overview

Management’s Role in Information Security V.T. Raja, Ph.D., Oregon State University.

Speaker: Tamar Shapatava

Greg Shaw How do we turn private sector preparedness into an investment rather than a cost of doing.

SECR 5140-FL Critical Infrastructure Protection Dr. Barry S. Hess Spring 2 Semester Week 3: 1 April 2006.

PPA 573 – Emergency Management and Homeland Security Lecture 9b - Department of Homeland Security Strategic Plan.

June 9, 2003 Updated July 2004 Slide 1 Critical Infrastructure Assurance: The US Experience.

Cyberspace and the Police Mamoru TAKAHASHI Head of Computer Forensic Center, Hi-tech Crime Technology Division National Police Agency, Japan.

Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.

IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.

Security Issues on Campus: Government Initiatives Rodney J. Petersen University of Maryland Educause/Internet2 Security Task Force Copyright Rodney J.

Framework for Improving Critical Infrastructure Cybersecurity Overview and Status Executive Order “Improving Critical Infrastructure Cybersecurity”

Providing Practical Solutions Winning the Talent Wars for Recruiting and Retaining 21 st Century Cyber Engineers Jeff Kubik, PMP, CISSP Sr PM, Praxis Engineering.

Accessibility, Integrity, & Confidentiality: Security Challenges for E-Business Rodney J. Petersen University of Maryland & Educause/Internet2 Security.

August 2011Beyond the Border1 Beyond the Border: A Shared Vision for Perimeter Security and Economic Competitiveness CSG-ERC Canada-U.S. Relations Committee.

Resiliency Rules: 7 Steps for Critical Infrastructure Protection.

Horizon 2020 Secure Societies Security Research and Industry DG Enterprise and Industry 2013.

IT Security Policy in Japan 23 September 2002 Office of IT Security Policy Ministry of Economy, Trade and Industry JAPAN.

Technician Module 2 Unit 8 Slide 1 MODULE 2 UNIT 8 Prevention, Intelligence & Deterrence.

Bill Newhouse Program Lead National Initiative for Cybersecurity Education Cybersecurity R&D Coordination National Institute of Standards and Technology.

US-CERT National Cyber Security Division/ U.S. Computer Emergency Readiness Team (US-CERT) Overview Lawrence Hale Deputy Director, US-CERT.

Module 3 Develop the Plan Planning for Emergencies – For Small Business –

Federal Cyber Service Training and Education Initiative CICG Personnel, Training and Education Subgroup Mark Montgomery National Security Council November.

Cybersecurity and the Department of Justice Vincent A. Citro, Assistant United States Attorney July 9-10, 2014 Unclassified – For Public Use.

Isdefe ISXXXX XX Your best ally Panel: Future scenarios for European critical infrastructures protection Carlos Martí Sempere. Essen.

1 © 2003 Cisco Systems, Inc. All rights reserved. CIAG-HLS Security For Infrastructure Protection: Public-Private Partnerships KEN WATSON 15 OCT.

IAEA International Atomic Energy Agency IAEA Nuclear Security Programme Enhancing cybersecurity in nuclear infrastructure TWG-NPPIC – IAEA May 09 – A.

Role of the Local Public Health Department Michele Belovich-Faust, RN, MPH Director of Health Care Initiatives Lehigh Valley Hospital Ann Ligi, BA, MPH,

Critical Infrastructure Protection Overview Building a safer, more secure, more resilient America The National Infrastructure Protection Plan, released.

Certification and Accreditation CS Phase-1: Definition Atif Sultanuddin Raja Chawat Raja Chawat.

Information Sharing Challenges, Trends and Opportunities

Cyber Security Nevada Businesses Overview June, 2014.

NATO Advanced Research Workshop “Best Practices and Innovative Approaches to Develop Cyber Security and Resiliency Policy Framework” Scenario for Discussion.

Critical Infrastructure: Commerce/NTIA Lead Agency Role by Shirl Kinney Deputy Assistant Secretary, NTIA October - November, 1998 A Composite of Recent.

Salary Possibilities Newly assigned Special Agents start at a yearly salary of $43,441, or also recognized as a GS-10, plus multiple other pay increases.

CYBERWARFARE LAW AND POLICY PROPOSALS FOR U.S. AND GLOBAL GOVERNANCE By Stuart S. Malawer, J.D., Ph.D. Distinguished Service Professor of Law & International.

Unclassified  1 Critical Infrastructure Protection Chuck Whitley EMS User’s Group June 9, 1999.

International Telecommunication Union Geneva, 9(pm)-10 February 2009 BEST PRACTICES FOR ORGANIZING NATIONAL CYBERSECURITY EFFORTS James Ennis US Department.

Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.

Center for Cybersecurity Research and Education (CCRE)

A Global Approach to Protecting the Global Critical Infrastructure Dr. Stephen D. Bryen.

Created by: Ashley Spivey For Department of Homeland Security All information from:

What is “national security”?  No longer defined only by threat of arms  It really is the economy  Infrastructure not controlled by the government.

Business Crisis and Continuity Management (BCCM) Class Session

UNCLASSIFIED 1 National Security in Cyberspace: It Takes a Nation Sandra Stanar-Johnson NSA/CSS Representative to the Department of Homeland Security February.

NATIONAL CYBER SECURITY GOVERNANCE & EMERGING CYBER SECURITY THREATS

Expedition Workshop Strategic Leadership For Networking and Information Technology Education September 16, 2008 Chris Greer Director, NCO.

Coast Guard Cyber Command

EUROPEAN SECURITY POLICY A SNAPSHOT ON SURVEILLANCE AND PRIVACY DESSI WORKSHOP, CPH 24 JUNE 2014 Birgitte Kofod Olsen, Chair Danish Council for Digital.

BY: AUSTIN NEIGH. WHAT IS CYBER WARFARE? Hacking that is politically motivated to conduct sabotage or espionage Form of information warfare Typically.

Activu-Powered Video Wall Prominently Featured during President Obama’s Visit to the National Cybersecurity and Communications Integration Center On January.

November 19, 2002 – Congress passed the Homeland Security Act of 2002, creating a new cabinet-level agency DHS activated in early 2003 Original Mission.

Disaster and Emergency Management

National Workshop on Cyber Crimes and Cyber Laws

Cybersecurity Education & Awareness Overview

Critical Infrastructure Protection Policy Priorities

© 2016 Global Market Insights, Inc. USA. All Rights Reserved Industrial Control Systems Security Market to reach $7bn by 2024: Global.

8 Building Blocks of National Cyber Strategies

NERC Critical Infrastructure Protection Advisory Group (CIP AG)

Presentation transcript:

CIAO July Critical Infrastructure Assurance Office Protecting America’s Cyberspace: Version 1.0 of the National Plan Jeffrey Hunker National Security Council July 7, 1999

CIAO July Cyber Threat Spectrum Info Warrior Terrorist Industrial Espionage Industrial Espionage Revenge, Retribution, Financial Gain, Institutional Change Reduce U.S. Decision Space, Strategic Advantage, Chaos, Target Damage Monetary Gain Thrill, Challenge, Prestige Monetary Gain Thrill, Challenge, Prestige Thrill, Challenge National Intelligence National Intelligence Institutional Hacker Institutional Hacker Recreational Hacker Information for Political, Military, Economic Advantage Visibility, Publicity, Chaos, Political Change Competitive Advantage Intimidation Competitive Advantage Intimidation Organized Crime National Security Threats National Security Threats Shared Threats Shared Threats Local Threats Local Threats We know of foreign governments creating offensive attack capabilities against US Cyber Networks

CIAO July PDD-63: National Goal  Protect Critical Infrastructures –Intentional attacks that would significantly diminish capabilities  Action by Federal, state and local, private sector: –Federal: National security, public health and safety –State and local governments: Maintain order, essential services –Private sector: Essential telecom, energy, financial, transportation services  Initial Operating Capability by 2000  Final Operating Capability in 2003

CIAO July A Family of Plans National Plan for Information Systems Protection Program Assess and eliminate significant vulnerabilities to information warfare attack on America’s critical information systems in private sector and government Develop systems to assess, warn, isolate, respond and reconstitute essential information dependent components of economy and government Create a strong foundation for secure cyber systems including public-private partnership of systems operators and customers, sound legal footing, widespread public understanding of the importance of information assurance and security, and international cooperation Strong Foundations Strong Foundations Detect and Respond Detect and Respond Prepare and Prevent Prepare and Prevent Non-DOD USG Civilian Agency Protection & Gov’t Wide Initiatives Civilian Agency Protection & Gov’t Wide Initiatives DOD DoD Infrastructure Protection Plan DoD Infrastructure Protection Plan Different Constituencies, Shared Goals Federal Government’s Infrastructure Assurance Plan Federal Government’s Infrastructure Assurance Plan Private Sector/State & Local Government Framework for Critical Infrastructure Assurance Plan Framework for Critical Infrastructure Assurance Plan

CIAO July New Initiatives  Supported by President’s FY 2000 Budget Request –$1.4 B –38% Increase from 1999  Focus On –Federal Sector a Model –Foundations for Public-Private Partnership

CIAO July Objective: Prepare and Prevent  Program 1: Identify and Address Vulnerabilities –Key Components for identifying vulnerabilities: network assessment network analyzer software programs Red Team attacks –Best Practices and Standards –New Programs and Focus within Federal Government Expert Review Team

CIAO July Objective: Detect and Respond  Program 2: Detect Attacks and Unauthorized Intrusions –Multi-layered protection -- firewalls, intrusion detection monitors, enterprise-wide management systems, malicious code scanners  Program 3: Robust Law Enforcement and Intelligence Capabilities to Protect Critical Information Systems –NIPC taking the lead

CIAO July Objective: Detect and Respond (cont’d)  Program 4: Share Attack Warnings and Information –Computer Security Centers DOD: JTF-CND Non-DOD Federal Government: FIDNET Industry: Computer Security Centers/ISACs –Three Pillar System of Intrusion and Attack Detection  Program 5: System for Response, Reconstitution, and Recovery

CIAO July Intrusion attempt detected Notification Intrusion attempt detected Network Center Computer Intrusion Detection Network

CIAO July ISAC Creation: Questions 1.One or many ISACs? By Sector? 2.Role limited to warning and real-time networks’ security? 3.Government role in sponsoring, starting? 4.New institution or add function to existing entity? 5. Measures of success?

CIAO July Objective: Build Strong Foundations  Program 6: Enhance Research and Development –FY 2000 Budget Request: $508 MM –Priorities: large scale networks of intrusion detection monitors malicious code detection interactive multi-layered defenses for enterprise wide management modeling responses and interdependencies to cyberattack

CIAO July Objective: Build Strong Foundations (cont’d)  Program 7: Train and Employ Adequate Numbers of Information Security Specialists –Federal scholarship for service program (CyberCorps) –Retraining and certifying current Federal IT security personnel –New pay scale and incentive systems for Federal IT personnel –INFOSECURITY Centers of Excellence in universities –Support for additional university faculty development

CIAO July CyberCorps Problems: –Lack of computer systems talent nationwide –Inability of US Government to compete for talented computer experts Solution: –“ROTC” like programs in colleges –Stimulate colleges’ comp sci programs –Expands numbers of students in field –Trades undergraduate financial aid for commitment to work for Federal Government upon graduation –Summer schools, internships, Institute

CIAO July Objective: Build Strong Foundations (cont’d)  Program 8: Outreach to Americans on the Need for Cyber-Security –Partnership for Critical Information Systems Security  Program 9: Adopt Legislation and Appropriations in Support of Programs 1-8  Program 10: Ensure Full Protection of American Citizen’s Civil Liberties

CIAO July Partnership for Critical Information Security (draft) National Awareness Campaign Aimed at Corporate and IT Executives Action to protect Critical Information Infrastructure Promote Education Support Outreach Participation in Partnership requires:

CIAO July Goals With Economic Sectors Create Information Sharing and Assessment Centers for intrusion monitoring networks Establish process to agree upon ‘Best Practices’ for computer security in each sector Develop processes for certification of hardware, software, firmware, computer security personnel Jointly develop Awareness and Education campaign, perhaps through a new foundation or institute

CIAO July Summary  Federal Initiatives Under Development –R&D –Cybercorps –Intrusion Detection –Reconstitution  Industry Leadership Necessary in Key Areas –Information Sharing –Best Practices/Accreditation –Education/Awareness Evolving Threat Environment - PDD-63 In Response

CIAO July Contact Information National Security Council Phone: (202) Fax: (202) Critical Infrastructure Assurance Office Please visit our website at: Phone: (703)