Download presentation
Presentation is loading. Please wait.
Published byMabel Osborne Modified over 9 years ago
1
1 1 Cybersecurity : Optimal Approach for PSAPs FCC Task Force on Optimal PSAP Architecture Working Group 1 Final Report December 10 th, 2015
2
2 2 Report Outline Objective, Scope, and Methodology Section 1 – Cybersecurity Today Section 2 – Best Practices Section 3 – Architecture Options for NG9-1-1 Appendices FCC Task Force on Optimal PSAP Architecture
3
3 3 Objective The objective of Working Group 1 is to address the issues of increasing exposure to cyber threats and vulnerabilities that did not exist in the legacy 9-1-1 environment, and develop recommendations for PSAP-specific Cybersecurity practices FCC Task Force on Optimal PSAP Architecture
4
4 4 Scope The defined scope of this work is limited to the identification of cybersecurity issues and documentation of recommended cybersecurity practices for Public Safety Answering Points. However, in the context of this work effort, a local PSAP is much more than a stand-alone entity but rather is the connection point in a complex system of integrated networks that form the critical infrastructure necessary to enable delivery of life saving services. Therefore, as a necessity, there must be reference to other network elements outside of the local PSAP construct. FCC Task Force on Optimal PSAP Architecture
5
5 5 Methodology The reduction of any cybersecurity framework to practice is rooted in the ability to identify assets, owners of these assets, threats/risks to these assets, and methods to mitigate the threats/risks. Current and NG architectures serve as a starting point to understand the PSAP ecosystem. Forward looking issues will then be used to expand the context of the threat to the PSAP as a result of the expansion of the public safety ecosystem. Use cases are used to communicate the types of cybersecurity threats to PSAPs as an illustrative tool for demonstrated vulnerabilities or attack surfaces currently threatening PSAPs today and Finally, based on the foregoing, the Working Group developed a checklist and roadmap for PSAPs and a set of recommendations. FCC Task Force on Optimal PSAP Architecture
6
6 6 Section 1 - Cybersecurity Today Overarching Information Security Management System (ISMS) Documented Policies, Procedures and Controls in support of the ISMS Compliance Awareness Access Control Policy identifies proper approval based on access gates and ratings Physical Security – Limited access and based on need to know Human Resources FCC Task Force on Optimal PSAP Architecture
7
7 7 Section 1 - Cybersecurity Today Security Controls Business Continuity Plan/Disaster Recovery (BCP/DR) Geo-diverse in Active/Active or N+1 configurations Media Handling Incident Management Vulnerability Management Internal network security and monitoring Internal network security, Private DNS (internal facing only) External network connections Network entry point security FCC Task Force on Optimal PSAP Architecture
8
8 8 Section 2 – Best Practices NIST Cybersecurity Framework (NCF) Identity Credentialing Access Management (ICAM) DHS recommendations and resources NICE Workforce Framework CSRIC Best Practices Related to Public Safety FCC Task Force on Optimal PSAP Architecture
9
9 9 NIST and NICE Framework U.S. Department of Commerce NIST: Cybersecurity Framework NIST: Cyber Physical Systems- Public Work Group Report Relationship To PSAPs: Identify, Protect, Detect, Respond, Recover NICE Workforce Framework Relationship of occupational specialties to PSAPs Define any new/missing occupational specialties Consider Cyber Professional Best Practices for PSAP workforce FCC Task Force on Optimal PSAP Architecture
10
10 Department of Homeland Security Critical Infrastructure Cyber Community Voluntary Program (C3VP) Critical Infrastructure Cyber Information Sharing and Collaboration Program (CISCP) Cyber Reports & Recommendations Cybersecurity Products & Solutions: National Cybersecurity and Communications Integration Center (NCCIC) NCCIC/National Coordinating Center for Communications (NCC) NCCIC/United States Computer Emergency Readiness Team (US- CERT) FCC Task Force on Optimal PSAP Architecture
11
11 Identity Credentialing Access Management (ICAM) General Services Administration Identity Credentialing Access Management (ICAM) NIST Special Publication 800-63-2 FICAM Roadmap and Implementation Guidance Identity Management Credential Management Access Management ICAM Intersection ICAM Goals and Objectives FCC Task Force on Optimal PSAP Architecture
12
12 CSRIC CSRIC IV Working Group 4 (WG4) was tasked with developing voluntary mechanisms that give the Commission and the public assurance that communication providers are taking the necessary measures to manage cybersecurity risks across the enterprise. WG4 also was charged with providing implementation guidance to help communication providers use and adapt the NCF. WG1 supports the use of NIST CSF as recommendation as they apply in the final WG4 report. The report is available at: https://transition.fcc.gov/pshs/advisory/csric4/CSRIC_IV_WG4_Final_Report_031815.pdf https://transition.fcc.gov/pshs/advisory/csric4/CSRIC_IV_WG4_Final_Report_031815.pdf FCC Task Force on Optimal PSAP Architecture
13
13 Section 3 – Cybersecurity For The Future The threat is real and increasing TDoS and DDoS attacks have occurred, and continue to occur in a legacy environment Both criminal and Nation State actors are involved This threat will increase exponentially as we transition to IP based architectures We must think “outside the box” and consider unifying, information sharing based, architectures and options. FCC Task Force on Optimal PSAP Architecture
14
14 Section 3 - Cybersecurity Architecture Options For The Future The Emergency Communications Cybersecurity Center (EC3) Description of Intrusion Detection and Prevention Systems Proposed Approach for IDPS in the NG9-1-1 Environment The EC3 Concept Explained Cost Considerations FCC Task Force on Optimal PSAP Architecture
15
15 FCC Task Force on Optimal PSAP Architecture Emergency Communications Cybersecurity Center
16
16 FCC Task Force on Optimal PSAP Architecture Distributed Integration of EC3 Deployments
17
17 Cybersecurity Plan For The Future PSAPs: Funding The Cybersecurity Plan Discussion of basis for cost estimates Funding Opportunities The importance of information sharing and partnerships FCC Task Force on Optimal PSAP Architecture
18
18 Appendix 1- PSAP: Cybersecurity Use Cases Specific Use Cases Addressing: TDoS DDoS SWATTING Single PSAP Compromised, Need exists to protect Interconnected PSAPs FCC Task Force on Optimal PSAP Architecture
19
19 Appendix 2: Cybersecurity Best Practices for PSAPs PSAP Cybersecurity Checklists Roadmap to secure PSAPs Cybersecurity Life Cycle Roadmap Example Starting Activities for Basic Security Hygiene FCC Task Force on Optimal PSAP Architecture
20
20 Appendix 3: Cybersecurity PSAP Resources Government & Commercial Resources Reference Material for Further Study Includes Specific Documents as well as General Process/Framework Information FCC Task Force on Optimal PSAP Architecture
21
21 FCC Task Force on Optimal PSAP Architecture Questions
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.