Download presentation
Presentation is loading. Please wait.
Published byThomasina Byrd Modified over 9 years ago
1
CIAO.0209 - July 99 - 1 Critical Infrastructure Assurance Office Protecting America’s Cyberspace: Version 1.0 of the National Plan Jeffrey Hunker National Security Council July 7, 1999
2
CIAO.0209 - July 99 - 2 Cyber Threat Spectrum Info Warrior Terrorist Industrial Espionage Industrial Espionage Revenge, Retribution, Financial Gain, Institutional Change Reduce U.S. Decision Space, Strategic Advantage, Chaos, Target Damage Monetary Gain Thrill, Challenge, Prestige Monetary Gain Thrill, Challenge, Prestige Thrill, Challenge National Intelligence National Intelligence Institutional Hacker Institutional Hacker Recreational Hacker Information for Political, Military, Economic Advantage Visibility, Publicity, Chaos, Political Change Competitive Advantage Intimidation Competitive Advantage Intimidation Organized Crime National Security Threats National Security Threats Shared Threats Shared Threats Local Threats Local Threats We know of foreign governments creating offensive attack capabilities against US Cyber Networks
3
CIAO.0209 - July 99 - 3 PDD-63: National Goal Protect Critical Infrastructures –Intentional attacks that would significantly diminish capabilities Action by Federal, state and local, private sector: –Federal: National security, public health and safety –State and local governments: Maintain order, essential services –Private sector: Essential telecom, energy, financial, transportation services Initial Operating Capability by 2000 Final Operating Capability in 2003
4
CIAO.0209 - July 99 - 4 A Family of Plans National Plan for Information Systems Protection Program Assess and eliminate significant vulnerabilities to information warfare attack on America’s critical information systems in private sector and government Develop systems to assess, warn, isolate, respond and reconstitute essential information dependent components of economy and government Create a strong foundation for secure cyber systems including public-private partnership of systems operators and customers, sound legal footing, widespread public understanding of the importance of information assurance and security, and international cooperation Strong Foundations Strong Foundations Detect and Respond Detect and Respond Prepare and Prevent Prepare and Prevent Non-DOD USG Civilian Agency Protection & Gov’t Wide Initiatives Civilian Agency Protection & Gov’t Wide Initiatives DOD DoD Infrastructure Protection Plan DoD Infrastructure Protection Plan Different Constituencies, Shared Goals Federal Government’s Infrastructure Assurance Plan Federal Government’s Infrastructure Assurance Plan Private Sector/State & Local Government Framework for Critical Infrastructure Assurance Plan Framework for Critical Infrastructure Assurance Plan
5
CIAO.0209 - July 99 - 5 New Initiatives Supported by President’s FY 2000 Budget Request –$1.4 B –38% Increase from 1999 Focus On –Federal Sector a Model –Foundations for Public-Private Partnership
6
CIAO.0209 - July 99 - 6 Objective: Prepare and Prevent Program 1: Identify and Address Vulnerabilities –Key Components for identifying vulnerabilities: network assessment network analyzer software programs Red Team attacks –Best Practices and Standards –New Programs and Focus within Federal Government Expert Review Team
7
CIAO.0209 - July 99 - 7 Objective: Detect and Respond Program 2: Detect Attacks and Unauthorized Intrusions –Multi-layered protection -- firewalls, intrusion detection monitors, enterprise-wide management systems, malicious code scanners Program 3: Robust Law Enforcement and Intelligence Capabilities to Protect Critical Information Systems –NIPC taking the lead
8
CIAO.0209 - July 99 - 8 Objective: Detect and Respond (cont’d) Program 4: Share Attack Warnings and Information –Computer Security Centers DOD: JTF-CND Non-DOD Federal Government: FIDNET Industry: Computer Security Centers/ISACs –Three Pillar System of Intrusion and Attack Detection Program 5: System for Response, Reconstitution, and Recovery
9
CIAO.0209 - July 99 - 9 1 Intrusion attempt detected Notification 2 3 4 Intrusion attempt detected Network Center Computer Intrusion Detection Network
10
CIAO.0209 - July 99 - 10 ISAC Creation: Questions 1.One or many ISACs? By Sector? 2.Role limited to warning and real-time networks’ security? 3.Government role in sponsoring, starting? 4.New institution or add function to existing entity? 5. Measures of success?
11
CIAO.0209 - July 99 - 11 Objective: Build Strong Foundations Program 6: Enhance Research and Development –FY 2000 Budget Request: $508 MM –Priorities: large scale networks of intrusion detection monitors malicious code detection interactive multi-layered defenses for enterprise wide management modeling responses and interdependencies to cyberattack
12
CIAO.0209 - July 99 - 12 Objective: Build Strong Foundations (cont’d) Program 7: Train and Employ Adequate Numbers of Information Security Specialists –Federal scholarship for service program (CyberCorps) –Retraining and certifying current Federal IT security personnel –New pay scale and incentive systems for Federal IT personnel –INFOSECURITY Centers of Excellence in universities –Support for additional university faculty development
13
CIAO.0209 - July 99 - 13 CyberCorps Problems: –Lack of computer systems talent nationwide –Inability of US Government to compete for talented computer experts Solution: –“ROTC” like programs in colleges –Stimulate colleges’ comp sci programs –Expands numbers of students in field –Trades undergraduate financial aid for commitment to work for Federal Government upon graduation –Summer schools, internships, Institute
14
CIAO.0209 - July 99 - 14 Objective: Build Strong Foundations (cont’d) Program 8: Outreach to Americans on the Need for Cyber-Security –Partnership for Critical Information Systems Security Program 9: Adopt Legislation and Appropriations in Support of Programs 1-8 Program 10: Ensure Full Protection of American Citizen’s Civil Liberties
15
CIAO.0209 - July 99 - 15 Partnership for Critical Information Security (draft) National Awareness Campaign Aimed at Corporate and IT Executives Action to protect Critical Information Infrastructure Promote Education Support Outreach Participation in Partnership requires:
16
CIAO.0209 - July 99 - 16 Goals With Economic Sectors Create Information Sharing and Assessment Centers for intrusion monitoring networks Establish process to agree upon ‘Best Practices’ for computer security in each sector Develop processes for certification of hardware, software, firmware, computer security personnel Jointly develop Awareness and Education campaign, perhaps through a new foundation or institute
17
CIAO.0209 - July 99 - 17 Summary Federal Initiatives Under Development –R&D –Cybercorps –Intrusion Detection –Reconstitution Industry Leadership Necessary in Key Areas –Information Sharing –Best Practices/Accreditation –Education/Awareness Evolving Threat Environment - PDD-63 In Response
18
CIAO.0209 - July 99 - 18 Contact Information National Security Council Jeffrey_A._Hunker@nsc.eop.gov Phone: (202) 456-9361 Fax: (202) 456-9360 Critical Infrastructure Assurance Office Please visit our website at: www.ciao.ncr.gov Phone: (703) 595-9395
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.