Presentation is loading. Please wait.

Presentation is loading. Please wait.

An Urgent National Imperative

Published byAldous Poole Modified over 6 years ago

Similar presentations

Presentation on theme: "An Urgent National Imperative"— Presentation transcript:

1 An Urgent National Imperative
Building Trustworthy, Secure Systems for the United States Critical Infrastructure An Urgent National Imperative

2 It’s a dangerous world in cyberspace…
The Current Landscape. It’s a dangerous world in cyberspace…

3 Cyber Risk. Function (threat, vulnerability, impact, likelihood)
Energy Cyber Risk. Function (threat, vulnerability, impact, likelihood) Transportation Defense Manufacturing

4 Defense Science Board Reports
Resilient Military Systems and the Advanced Cyber Threat Cyber Supply Chain Cyber Deterrence Make statement about ALL controls being monitoring – it is only the frequency that varies Defense Science Board Reports

5 Complexity.

6 Our appetite for advanced technology is rapidly exceeding our ability to protect it.

7 Data. Data. Everywhere.

8 Houston, we have a problem.

9 Protecting critical systems and assets—
The highest priority for the national and economic security interests of the United States.

10 Defending cyberspace in 2018 and beyond.

11 Simplify. Innovate. Automate.

12 Federal Government’s Modernization Strategy
Identify and develop federal shared services. Move to FedRAMP-approved cloud services. Isolate and strengthen protection for high value assets. Reduce and manage the complexity of systems and networks… Engineer more trustworthy, secure, and resilient solutions.

13 Limit damage to the target
Reducing susceptibility to cyber threats requires a multidimensional strategy. System Harden the target First Dimension Limit damage to the target Second Dimension Make the target resilient Third Dimension

14 Cyber Resiliency. The ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on systems that use or are enabled by cyber resources.

15 Resilience and Survivability
Reliability Fault Tolerance Privacy Cyber resiliency relationships with other specialty engineering disciplines. Security Safety Resilience and Survivability

16 CREF Constructs CYBER RESILIENCY ENGINEERING FRAMEWORK Goals
protection. Damage limitation. Resiliency. Goals Objectives Techniques Approaches Strategic Design Principles Structural Design Principles Risk Management Strategy Constructs

17 Relationship among cyber resiliency constructs.
TECHNIQUES Approaches Structural Design Principles Strategic Design Principles Why OBJECTIVES Understand Prevent/Avoid Prepare Continue Constrain Reconstitute Transform Re-architect What GOALS Anticipate Withstand Recover Adapt Risk Management Strategy How Inform selection and prioritization Inform selection and prioritization Inform selection and prioritization Inform selection prioritization Inform selection

18 CREF Techniques CYBER RESILIENCY ENGINEERING FRAMEWORK
protection. Damage limitation. Resiliency. Adaptive Response Analytic Monitoring Coordinated Protection Substantiated Integrity Privilege Restriction Dynamic Positioning Dynamic Representation Non-Persistence Diversity Realignment Redundancy Segmentation Deception Unpredictability Techniques

19 Cyber Resiliency Constructs in System Life Cycle.
Business or mission analysis Stakeholder needs and requirements definition System requirements definition Architecture definition Design definition System analysis Implementation Integration Verification Transition Validation Operation Maintenance Disposal ISO/IEC/IEEE 15288:2015 Systems and software engineering — System life cycle processes NIST SP

20 NIST SP , Revision 2 Risk Management Framework for Information Systems and Organizations A System Life Cycle Approach for Security and Privacy Make statement about ALL controls being monitoring – it is only the frequency that varies

21 Just released for public review and comment.
Risk Management Framework (RMF) 2.0 Just released for public review and comment. CATEGORIZE ASSESS AUTHORIZE MONITOR PREPARE IMPLEMENT SELECT

22 Communication between C-Suite and Implementers and Operators
A unified framework for managing security, privacy, and supply chain risks. Communication between C-Suite and Implementers and Operators RMF 2.0 Security Risk Management Privacy Risk Management Alignment with NIST Cybersecurity Framework Alignment with Security Engineering Processes Supply Chain Risk Management

23 Transparency. Traceability. Trust.

24 On the Horizon… NIST Special Publication 800-37, Revision 2
Risk Management Framework for Information Systems and Organizations Final Publication: October 2018 NIST Special Publication , Revision 5 Security and Privacy Controls for Information Systems and Organizations Final Publication: December 2018 NIST Special Publication A, Revision 5 Assessing Security and Privacy Controls in Information Systems and Organizations Final Publication: September 2019

25 On the Horizon… NIST Special Publication 800-160, Volume 2
Systems Security Engineering Cyber Resiliency Considerations for the Engineering of Trustworthy Secure Systems Final Publication: October 2018 NIST Special Publication , Volume 3 Software Assurance Considerations for the Engineering of Trustworthy Secure Systems Final Publication: December 2019 NIST Special Publication , Volume 4 Hardware Assurance Considerations for the Engineering of Trustworthy Secure Systems Final Publication: December 2020

26 Some final thoughts.

27 Work smarter, not harder.

28 The ultimate objective for security and privacy.
Institutionalize. The ultimate objective for security and privacy. Operationalize.

29

30 The essential partnership.
Government Academia The essential partnership. Industry

31 Security. Privacy. Freedom.

32 RMF RISK MANAGEMENT FRAMEWORK
Simplify. Innovate. Automate. 100 Bureau Drive Mailstop 8930 Gaithersburg, MD USA Mobile LinkedIn Twitter Web Comments csrc.nist.gov

Download ppt "An Urgent National Imperative"

Similar presentations

NISTs Role in Securing Health Information AMA-IEEE Medical Technology Conference on Individualized Healthcare Kevin Stine, Information Security Specialist.

NISTs Role in Securing Health Information AMA-IEEE Medical Technology Conference on Individualized Healthcare Kevin Stine, Information Security Specialist.
NOTE: To change the image on this slide, select the picture and delete it. Then click the Pictures icon in the placeholde r to insert your own image. Cybersecurity.

NOTE: To change the image on this slide, select the picture and delete it. Then click the Pictures icon in the placeholde r to insert your own image. Cybersecurity.
Current impacts of cloud migration on broadband network operations and businesses David Sterling Partner, i 3 m 3 Solutions.

Current impacts of cloud migration on broadband network operations and businesses David Sterling Partner, i 3 m 3 Solutions.
NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 1 Health IT Standards Committee Meeting Security Risk Management For Health IT Systems and Networks.

NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 1 Health IT Standards Committee Meeting Security Risk Management For Health IT Systems and Networks.
U.S. General Services Administration Presentation to: Software and Supply Chain Assurance Forum Improving Cybersecurity through Acquisition December 17,

U.S. General Services Administration Presentation to: Software and Supply Chain Assurance Forum Improving Cybersecurity through Acquisition December 17,
National Infrastructure Protection Plan

National Infrastructure Protection Plan
National Institute of Standards and Technology 1 NIST Guidance and Standards on System Level Information Security Management Dr. Alicia Clay Deputy Chief.

National Institute of Standards and Technology 1 NIST Guidance and Standards on System Level Information Security Management Dr. Alicia Clay Deputy Chief.
1 Federal Communications Commission Public Safety and Homeland Security Bureau NARUC Summer Committee Meetings Dallas, Texas July 13, 2014 Clete D. Johnson.

1 Federal Communications Commission Public Safety and Homeland Security Bureau NARUC Summer Committee Meetings Dallas, Texas July 13, 2014 Clete D. Johnson.
Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.

Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.
1 Dan Steinberg, JD Portland, OR May 4, 2011 Speaking Notes Privacy and Security for Research Repositories Please do not reuse or republish without attribution.

1 Dan Steinberg, JD Portland, OR May 4, 2011 Speaking Notes Privacy and Security for Research Repositories Please do not reuse or republish without attribution.
Framework for Improving Critical Infrastructure Cybersecurity Overview and Status Executive Order 13636 “Improving Critical Infrastructure Cybersecurity”

Framework for Improving Critical Infrastructure Cybersecurity Overview and Status Executive Order “Improving Critical Infrastructure Cybersecurity”
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.

Resiliency Rules: 7 Steps for Critical Infrastructure Protection.
Getting Smarter with Information An Information Agenda Approach

Getting Smarter with Information An Information Agenda Approach
Disaster & Smart City in Aging Society – Designing a secure and resilient smart city Smart City and Resiliency Jirapon Sunkpho College of Innovation Thammasat.

Disaster & Smart City in Aging Society – Designing a secure and resilient smart city Smart City and Resiliency Jirapon Sunkpho College of Innovation Thammasat.
© 2011 IBM Corporation Smarter Software for a Smarter Planet The Capabilities of IBM Software Borislav Borissov SWG Manager, IBM.

© 2011 IBM Corporation Smarter Software for a Smarter Planet The Capabilities of IBM Software Borislav Borissov SWG Manager, IBM.
Topic: Information Security Risk Management Framework: China Aerospace Systems Engineering Corporation (Case Study) Supervisor: Dr. Raymond Choo Student:

Topic: Information Security Risk Management Framework: China Aerospace Systems Engineering Corporation (Case Study) Supervisor: Dr. Raymond Choo Student:
NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 1 Information Security Standards Promoting Trust, Transparency, and Due Diligence E-Gov Washington Workshop.

NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 1 Information Security Standards Promoting Trust, Transparency, and Due Diligence E-Gov Washington Workshop.
1 NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY Federal Government Perspectives on Secure Information Sharing Technology Leadership Series August 14,

1 NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY Federal Government Perspectives on Secure Information Sharing Technology Leadership Series August 14,
The U. S. National Strategy for Global Supply Chain Security Neema Khatri Office of International Affairs U.S. Department of Homeland Security.

The U. S. National Strategy for Global Supply Chain Security Neema Khatri Office of International Affairs U.S. Department of Homeland Security.
INTERNET2 COLLABORATIVE INNOVATION PROGRAM DEVELOPMENT Florence D. Hudson Senior Vice President and Chief Innovation.

INTERNET2 COLLABORATIVE INNOVATION PROGRAM DEVELOPMENT Florence D. Hudson Senior Vice President and Chief Innovation.

Similar presentations

Ads by Google