Download presentation
Presentation is loading. Please wait.
1
Cybersecurity ATD technical
2
Threat – GPS Spoofing Available at
3
outcome – maritime collision
4
Threat concerns Core Questions:
What is the potential loss from a successful attack What is the likelihood What is our tolerance for such a loss What is our strategy to mitigate or manage this loss
5
Gps spoofing solutions …
Available at:
6
DoD Cybersecurity outcomes
Available at: “Build and Operate a Trusted DoDIN,” high level outcomes are: Design for the Fight Develop the Workforce Secure Data in Transit Manage Access Understand the Battlespace Prevent and Delay Attackers/Prevent Attackers from Staying Develop and Maintain Trust Strengthen Cyber Resilience Sustain Missions
7
Goals p. 73
8
Cybersecurity Artifacts
9
Provides a way to … The NIST Cybersecurity Framework provides a way to: • Access a current position; • Describe a target state; • Identify & prioritize opportunities; • Assess progress toward a target state; and • Communicate among stakeholders about cybersecurity risk
10
Framework components Framework Core Framework Tiers Framework Profile
Identify – Develop the organizational understanding to manage cybersecurity risk to systems, assets, data, and capabilities. The activities in the Identify Function are foundational for effective use of the Framework. Understanding the business context, the resources that support critical functions, and the related cybersecurity risks enables an organization to focus and prioritize its efforts, consistent with its risk management strategy and business needs. Protect – Develop and implement the appropriate safeguards to ensure delivery of critical infrastructure services. The Protect Function supports the ability to limit or contain the impact of a potential cybersecurity event. Examples of outcome Categories within this Function include: Access Control; Awareness and Training; Data Security; Information Protection Processes and Procedures; Maintenance; and Protective Technology. Detect – Develop and implement the appropriate activities to identify the occurrence of a cybersecurity event. The Detect Function enables timely discovery of cybersecurity events. Examples of outcome Categories within this Function include: Anomalies and Events; Security Continuous Monitoring; and Detection Processes. Respond – Develop and implement the appropriate activities to take action regarding a detected cybersecurity event. The Respond Function supports the ability to contain the impact of a potential cybersecurity event. Examples of outcome Categories within this Function include: Response Planning; Communications; Analysis; Mitigation; and Improvements. • Recover – Develop and implement the appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity event. The Recover Function supports timely recovery to normal operations to reduce the impact from a cybersecurity event. Examples of outcome Categories within this Function include: Recovery Planning; Improvements; and Communications.
11
Framework CORE Identify – Develop the organizational understanding to manage cybersecurity risk to systems, assets, data, and capabilities. Protect – Develop and implement the appropriate safeguards to ensure delivery of critical infrastructure services. Detect – Develop and implement the appropriate activities to identify the occurrence of a cybersecurity event. Respond – Develop and implement the appropriate activities to take action regarding a detected cybersecurity event. Recover – Develop and implement the appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity event. Identify – Develop the organizational understanding to manage cybersecurity risk to systems, assets, data, and capabilities. The activities in the Identify Function are foundational for effective use of the Framework. Understanding the business context, the resources that support critical functions, and the related cybersecurity risks enables an organization to focus and prioritize its efforts, consistent with its risk management strategy and business needs. Protect – Develop and implement the appropriate safeguards to ensure delivery of critical infrastructure services. The Protect Function supports the ability to limit or contain the impact of a potential cybersecurity event. Examples of outcome Categories within this Function include: Access Control; Awareness and Training; Data Security; Information Protection Processes and Procedures; Maintenance; and Protective Technology. Detect – Develop and implement the appropriate activities to identify the occurrence of a cybersecurity event. The Detect Function enables timely discovery of cybersecurity events. Examples of outcome Categories within this Function include: Anomalies and Events; Security Continuous Monitoring; and Detection Processes. Respond – Develop and implement the appropriate activities to take action regarding a detected cybersecurity event. The Respond Function supports the ability to contain the impact of a potential cybersecurity event. Examples of outcome Categories within this Function include: Response Planning; Communications; Analysis; Mitigation; and Improvements. • Recover – Develop and implement the appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity event. The Recover Function supports timely recovery to normal operations to reduce the impact from a cybersecurity event. Examples of outcome Categories within this Function include: Recovery Planning; Improvements; and Communications.
12
Cybersecurity risk Management
13
Maritime profiles “The USCG is working with industry to develop these voluntary industry‐focused Profiles to mitigate risks in their joint mission areas. The USCG determined the first industry‐focused Profile should address MBLT. … Other mission areas regulated under 33 CFR 104‐106 to be evaluated in future Profiles include maritime cybersecurity for passenger vessels, cargo vessels, navigation, and offshore facilities.” (p. 8)
14
Manage Cybersecurity Requirements
Federal agencies can use the Cybersecurity Framework Core Subcategories to align and de-conflict cybersecurity requirements applicable to their organizations. This reconciliation of requirements helps to ensure compliance and provides input in prioritizing requirements across the organization using the subcategory outcomes. This becomes a means of operationalizing cybersecurity activities and a tool for iterative, dynamic, and prioritized risk management for the agency.“ (p )
15
Cybersecurity requirements
“Requirements are positive, testable statements about the system - statements on the systems’ functional behaviors and non-functional properties often captured as ‘shall’ statements.” “Cyber requirements are often statements on what the system should not do, i.e., shall not statements.” (p . 5)
16
Questions
17
Gps jam/spoof p. 11
18
Range of mitigations (p. 14)
19
Framework profile “Framework Profile: The profile represents the outcomes based on business needs, risk tolerance, and resource requirements that an organization has selected from Framework categories and subcategories. To ensure adaptability and enable technical innovation, the Framework is technology neutral.” (p. 5) Identify – Develop the organizational understanding to manage cybersecurity risk to systems, assets, data, and capabilities. The activities in the Identify Function are foundational for effective use of the Framework. Understanding the business context, the resources that support critical functions, and the related cybersecurity risks enables an organization to focus and prioritize its efforts, consistent with its risk management strategy and business needs. Protect – Develop and implement the appropriate safeguards to ensure delivery of critical infrastructure services. The Protect Function supports the ability to limit or contain the impact of a potential cybersecurity event. Examples of outcome Categories within this Function include: Access Control; Awareness and Training; Data Security; Information Protection Processes and Procedures; Maintenance; and Protective Technology. Detect – Develop and implement the appropriate activities to identify the occurrence of a cybersecurity event. The Detect Function enables timely discovery of cybersecurity events. Examples of outcome Categories within this Function include: Anomalies and Events; Security Continuous Monitoring; and Detection Processes. Respond – Develop and implement the appropriate activities to take action regarding a detected cybersecurity event. The Respond Function supports the ability to contain the impact of a potential cybersecurity event. Examples of outcome Categories within this Function include: Response Planning; Communications; Analysis; Mitigation; and Improvements. • Recover – Develop and implement the appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity event. The Recover Function supports timely recovery to normal operations to reduce the impact from a cybersecurity event. Examples of outcome Categories within this Function include: Recovery Planning; Improvements; and Communications.
20
Agency Accountability
(c) Risk Management. (i) Agency heads will be held accountable by the President for implementing risk management measures commensurate with the risk and magnitude of the harm that would result from unauthorized access, use, disclosure, disruption, modification, or destruction of IT and data. … (ii) Effective immediately, each agency head shall use The Framework for Improving Critical Infrastructure Cybersecurity (the Framework) developed by the National Institute of Standards and Technology, or any successor document, to manage the agency's cybersecurity risk. Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure Dated 11 May 2017
21
Leverage “By seamlessly integrating the Cybersecurity Framework and key NIST cybersecurity risk management standards and guidelines … agencies can develop, implement, and continuously improve agency-wide cybersecurity risk management processes that inform strategic, operational, and other enterprise risk decisions.” (p. 8) (p. 10)
22
mechanism for … “The Cybersecurity Framework offers a mechanism for reconciling mission objectives and cybersecurity requirements into Profiles, …Profiles can be a reconciliation of cybersecurity requirements and associated priorities from many sources, Profiles can be used as a concise and important artifact for consideration when tailoring SP initial control baselines to final control baselines.” (p. 20)
23
objectives
24
Document of compliance
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.