Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cybersecurity and Computer Forensics Education DUE:

Published byJames Shaw Modified over 6 years ago

Similar presentations

Presentation on theme: "Cybersecurity and Computer Forensics Education DUE:"— Presentation transcript:

1 Cybersecurity and Computer Forensics Education DUE:0302734
ATE PI Conference Using Cyber Security Command Post Exercises (CPX) To Identify Workforce Needs Larry Lee Cybersecurity and Computer Forensics Education DUE:

2 Overview Related Terms Critical Infrastructure Types of CPXs
Dark Screen Workforce Skills 1

3 Related Terms CPX (Command Post Exercises) Cyber War Games
Desktop Exercises Scenario-based Exercises Scenario-driven Brain Storming TTX (Tabletop Exercises) Tabletop War Gaming War Gaming 2

4 Critical Infrastructures Definition
“those systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety” 3

5 GAO Designates Cybersecurity a High Risk
Significant, pervasive information security weaknesses continue to put critical federal operations and assets at high risk. Among other reasons for designating cyber critical infrastructure protection high risk is that terrorist groups and others have stated their intentions of attacking our critical infrastructures, and failing to adequately protect these infrastructures could adversely affect our national security, national economic security, and/or national public health and safety. GAO Report to Congress on Protecting Information Systems Supporting the Federal Government and the Nation’s Critical Infrastructures (January 2003) 4

6 Critical Infrastructures
Energy Oil, Gas Transportation Air, Ground Banking and Finance Information and Telecommunications Public Utilities Transportation Government Banks/Finance Satellite WALL ST. Wall Street Oil & Gas Production and Storage Water Supply Telecom Business Emergency Services Information Electric Power Agriculture Adapted from Kelly, 2001 and Scalingi, 2003 5

7 Critical Infrastructure Interdependency
Power for Compressors, Storage, Control Systems Fuel for Generators Power for Pump and Lift Stations, Control Systems Power for Switches Water for Cooling, Emissions Reduction Heat Power for Pumping Stations, Storage, Control Systems Fuel for Generators, Lubricants Fuels, Lubricants SCADA, Communications SCADA, Communications Water for Cooling Fuel Transport, Shipping Fuel Transport, Shipping Power for Signaling, Switches Water for Production, Cooling, Emissions Reduction Water Transpor- tation Oil Telecom Natural Gas Electric Power Adapted from Rinaldi et al., 2001, and Scalingi, 2003 6

8 Critical Infrastructure Interdependency
“We, as a country, have put all of our eggs in one basket...we’ve successfully dominated the world economically and militarily because of the systems that we have designed, and relied upon....its our Achilles heel” Richard Clarke 7

9 Cyber Security CPXs Argonaut (England) Black Demon (USAF/DD)
Black Ice (DOE Office of CIP) Blue Cascade (Pacific NW) Cyber Defense Exercise (CDX) 2004 Service Academies Dark Screen (UTSA) Eligible Receiver (DOD/NSA) Hackfest (ARFL/Symantec) Livewire (DHS) TopOff (DHS/ODP) 8

10 Types of CPX Table Top Exercise Normally very low cost
Anyplace, anytime Small number of participants Could be for any type of objective Could be the first phase of a larger exercise 9

11 Types of CPX Scenario-based Many organizations, not many people
Frequently examines existing or new procedures Also could be part of an exercise “buildup” More costs, more disruption to regular activities 10

12 Type of CPX Full-scaled Highest cost Most people involved
Inter-agency, inter-governmental, inter-sector Occasional due to costs 11

13 Operation Dark Screen Year-long, three phased scenario-based exercise
Table top Scenario-based Modified Full-scaled Designed to evaluate regional organizations’ capabilities to prevent, detect, and respond to cyber security incidents Initiated by Rep. Ciro Rodriguez (D-TX) Conducted by UTSA’s Center for Infrastructure Assurance and Security (CIAS) 12

14 ODS-CC Participants 2003-2004 City of Corpus Christi (CC) MIS
Corpus Christi EOC CCPD MIS CCFD MIS CC Emergency Management Office CC Risk Management Division CC Water & Gas FBI Probado Technologies USN USCG Port of Corpus Christi Del Mar College Texas A&M Corpus Christi 13

15 Workforce Skills Interpersonal skills Analyzation and identification
Communications Written or oral Common body of language Analyzation and identification Developing Solutions Team building 14

16 Workforce Skills Gather and document data with the ability to:
Analyze information Ask relevant questions Accurately summarize and document information Synthesize and organize information 15

17 Workforce Skills Review and test plans and strategies for compliance with applicable regulations and standards with the ability to: Generate and evaluate solutions Compare multiple viewpoints Identify key sources of information Pose critical questions 16

18 Workforce Skills Identify, analyze and evaluate infrastructure and network vulnerabilities Ability to: Analyze information for accuracy and consistency Evaluate system configuration Use prior training/experience to predict outcome 17

19 Workforce Skills Implement/test contingency and backup plans and coordinate with stakeholders Ability to: Systematically organize information Evaluate critically of problems, identify possible causes and propose solutions Communicate effectively with clients 18

20 Workforce Skills Develop information assurance plans and implementation strategies Ability to: Synthesize and organize information Assume responsibility for accomplishing team goals Analyze group/individual response Create and develop new rules/principles 12

21 Workforce Skills Maintain and update information assurance plans and strategies as appropriate Ability to: Create data gathering process Monitor and correct system Devise and implement plan of action 20

22 References Kaucher, C.E., “Exercise in Defending Cyberspace: The Capstone of Education, Training and Awareness”, Nation Defense University Long, H.M., “Higher Education Contribution to the National Strategy to Secure Cyberspace”, ITS, Yale University St, Sauver,J., “Practical Steps to Take to mitigate Computer and Network Risks”. Infraguard Conference, March 2004 Goles, T; White, G; Dietrich, G; “Dark Screen: An Exercise in Cyber Security”, University of Texas-San Antonio, 2003 Building A Foundation for Tomorrow, Skill Standards for Information Technology, NWCET

Download ppt "Cybersecurity and Computer Forensics Education DUE:"

Similar presentations

Homeland Security at the FCC July 10, 2003. FCCs Homeland Security Focus Interagency Partnerships Industry Partnerships Infrastructure Protection Communications.

Homeland Security at the FCC July 10, FCCs Homeland Security Focus Interagency Partnerships Industry Partnerships Infrastructure Protection Communications.
Idaho Critical Infrastructure and Key Resources Protection Program and Fusion Center Brief.

Idaho Critical Infrastructure and Key Resources Protection Program and Fusion Center Brief.
Facilitating a Dialog between the NSDI and Utility Companies J. Peter Gomez Manager, Information Requirements, Xcel Energy.

Facilitating a Dialog between the NSDI and Utility Companies J. Peter Gomez Manager, Information Requirements, Xcel Energy.
GEORGE MASON UNIVERSITY Center for Infrastructure Protection and Homeland Security Integrating Critical Infrastructure into Emergency Management Programs.

GEORGE MASON UNIVERSITY Center for Infrastructure Protection and Homeland Security Integrating Critical Infrastructure into Emergency Management Programs.
WebCast 5 May 2003 NERC Cyber Security Standard Overview of Proposed Cyber Security Standard.

WebCast 5 May 2003 NERC Cyber Security Standard Overview of Proposed Cyber Security Standard.
DHS, National Cyber Security Division Overview

DHS, National Cyber Security Division Overview
National Protection and Programs Directorate Department of Homeland Security The Office of Infrastructure Protection Cybersecurity Brief [Date of presentation]

National Protection and Programs Directorate Department of Homeland Security The Office of Infrastructure Protection Cybersecurity Brief [Date of presentation]
National Space-Based Positioning, Navigation, and Timing (PNT) Federal Advisory Board DHS Challenges & Opportunities Captain Curtis Dubay, P.E. Department.

National Space-Based Positioning, Navigation, and Timing (PNT) Federal Advisory Board DHS Challenges & Opportunities Captain Curtis Dubay, P.E. Department.
1 Research on National Security at the Wharton Risk Center Advisory Committee Meeting Wharton School University of Pennsylvania June 16, 2006.

1 Research on National Security at the Wharton Risk Center Advisory Committee Meeting Wharton School University of Pennsylvania June 16, 2006.
Critical Infrastructure Interdependencies H. Scott Matthews March 30, 2004.

Critical Infrastructure Interdependencies H. Scott Matthews March 30, 2004.
Geneva, Switzerland, 15-16 September 2014 Critical telecommunication infrastructure protection in Brazil Antonio Guimaraes / Paulo Moura National Telecommunication.

Geneva, Switzerland, September 2014 Critical telecommunication infrastructure protection in Brazil Antonio Guimaraes / Paulo Moura National Telecommunication.
Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.

Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.
Critical Infrastructure Interdependencies H. Scott Matthews March 3, 2003.

Critical Infrastructure Interdependencies H. Scott Matthews March 3, 2003.
Infrastructure Management Review H. Scott Matthews April 30, 2003.

Infrastructure Management Review H. Scott Matthews April 30, 2003.
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
Food Safety and Inspection Service U.S. Department of Agriculture Homeland Security: Protecting the U.S. Food Supply Office of Food Security & Emergency.

Food Safety and Inspection Service U.S. Department of Agriculture Homeland Security: Protecting the U.S. Food Supply Office of Food Security & Emergency.
A project under the 7th Framework Programme CPS Workshop Stockholm 12/04/2010 Gunnar Björkman Project Coordinator A Security Project for the Protection.

A project under the 7th Framework Programme CPS Workshop Stockholm 12/04/2010 Gunnar Björkman Project Coordinator A Security Project for the Protection.
Review of Power Blackout on Telecom P. J

Review of Power Blackout on Telecom P. J
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.

Resiliency Rules: 7 Steps for Critical Infrastructure Protection.
Space Systems as Critical Infrastructure Iulia-Elena Jivanescu 1st Space Retreat, Tenerife, Spain, 8-22 January, 2013.

Space Systems as Critical Infrastructure Iulia-Elena Jivanescu 1st Space Retreat, Tenerife, Spain, 8-22 January, 2013.

Similar presentations

Ads by Google