The Role of ISACs in Protecting Critical Infrastructure. Denise Anderson Chair National Council of ISACs. Agenda

Transcription

1 The Role of ISACs in Protecting Critical Infrastructure Denise Anderson Chair National Council of ISACs Agenda What is Critical Infrastructure? Public/Private Partnership Framework What is an ISAC? Descriptions of the various ISACs and capabilities/reach Case Studies What is the National Council of ISACs? National Council of ISACs Activities and Initiatives Four Major Initiatives

2 What is Critical Infrastructure? Systems & assets, whether physical or virtual, so vital that the incapacity or destruction of such may have a debilitating impact on the security, economy, public health or safety, environment, or any combination of these matters across any Federal, State, Regional, Territorial or local jurisdiction Critical Infrastructure 18 Defined Sectors: Agriculture and Food Defense Industrial Base Energy Healthcare & Public Health Banking & Finance Water Chemical Commercial Facilities Critical Manufacturing Dams Communications Postal & Shipping Transportation Systems Government Facilities Emergency Services Nuclear Reactors, Materials & Waste Information Technology National Monuments & Icons

3 What is Critical Infrastructure? Sub-Sectors: Energy: refining, storage and distribution of gas, oil and electric power Transportation: Aviation, Highway & Motor Carrier, Mass Transit, Railroad, Maritime Public/Private Partnership Framework PDD 63 HSPD-7 National Infrastructure Protection Plan (NIPP)

4 The Players Private DHS SCC/PCIS ISACs O/O Academia/Industry Associations Liaisons IP NICC/NOC NCSD-NCCIC SOPD-PSAs GCC/SSAs Sector Specialists SLTTGCC RCCC USSS FBI State/Local Public LE NIPP - Operations

5 What is an ISAC? Relationship to sectors Funding Structure/Operations Why ISACs? Trusted entities established by CI/KR owners and operators. Comprehensive sector analysis Reach-within their sectors, with other sectors, and with government to share critical information. All-hazards approach Threat level determination for sector

6 Why ISACs? Operational services such as risk mitigation, incident response, and information sharing Fast response on accurate, actionable and relevant information Empower business resiliency through security planning, disaster response and recovery execution. Most ISACs, by definition, have 24/7 threat warning, incident reporting capabilities ISACs Communications ISAC Electricity ISAC Emergency Management & Response ISAC Financial Services ISAC Highway ISAC Information Technology ISAC Maritime ISAC Multi-State ISAC

7 ISACs National Health ISAC Public Transit ISAC Real Estate ISAC Research and Education ISAC Supply Chain ISAC Surface Transportation ISAC Water ISAC Other Operational Entities Defense Industrial Base (DIB) Nuclear Oil & Gas Chemical Airline

8 Communications ISAC The DHS National Coordinating Center partners with the private sector in the ISAC and provides 24x7 operational support Members include communications equipment and software vendors, wire line communications providers, wireless communications providers, including satellite providers, Internet Service Provider backbone networks Electricity ISAC The ES-ISAC s coverage includes bulk power system entities and 18 Reliability Coordinators and covers the entire continental United States and Canada Working on developing the necessary communication and participation with non-bulk power system entities and their critical suppliers

9 Financial Services ISAC The only industry forum for collaboration on critical security threats facing the financial services sector Over 4,200 direct members and 30 member associations Ability to reach 99% of the banks and credit unions and 85% of the securities industry, and nearly 50% of the insurance industry Information Technology ISAC Reaches 90% of all desktop operating systems, 85% of all databases; 76% of the global microprocessor market; 85% of all routers and 65% of software security

10 Multi-State ISAC Includes all 50 States, the District of Columbia, five U.S. Territories, one local governments per state and all state homeland security offices The MS-ISAC continues to broaden its local government participation to include all of the approximate 39,000 municipalities and fusion centers Surface Transportation ISAC Created by the Association of American Railroads in 2002 at the request of the Secretary of Transportation The ST-ISAC supports 95% of the North American freight railroad infrastructure

11 Water ISAC Currently provides security information to water and wastewater utilities that provide services to more than 65% of the American population ISAC EXAMPLE: FS-ISAC Information Sharing and Analysis Tools for Members Cyber & Physical alerts from 24/7 Security Ops Center Viewpoints/white papers Risk Mitigation Toolkit Document Repository Anonymous Submissions Community Listservs Member surveys Bi-weekly Threat calls Special info sharing member conference calls Crisis Management process CINS Semi-annual conferences Webinars Regional Program Task Forces -ATOTF

12 Information Sharing Protocols Classification Target Audience FS-ISAC Red Restricted to a defined group (e.g., only those present in a meeting.) Information labeled RED should not be shared with anyone outside of the group FS-ISAC Yellow This information may be shared with FS-ISAC members. FS-ISAC Green Information within this category may be shared with FS-ISAC members and partners (e.g., DHS, Treasury and other government agencies and ISACs). Information in this category is not to be shared in public forums FS-ISAC White This information may be shared freely and is subject to standard copyright rules Case Studies: Sample Incidents Cyber Trends RSA Breach Hurricanes Gustav and Ike H1N1

13 Cyber Trends 2011 Year of the Data Breach 2012 Year of the DDoS Phishing: UPS, DHL, Fedex, Airlines Targeted Drive-by Downloads Resurgence of exploit kits Blackhole/Phoenix Resurgence of Trojans Poison Ivy, Cridex, Zeus CASE STUDY: RSA Breach March 11, 2011-Breach detected not public Thursday March 17, 2011 story broke Threat Intelligence Committee Call Friday March 18, 2011 Cyber UCG call NCI call with DHS Threat Intelligence Committee Call w/rsa FS-ISAC Membership Call w/rsa NCI call Mitigation powerpoint and communications Mitigation Report Working Group Calls & Report

14 Hurricanes Gustav & Ike During Hurricanes Gustav & Ike, the ISAC Council stood up (in partnership with DHS and PCIS) a private sector liaison seat at the NICC Information Sharing via ListServ Information Sharing via trusted relationships Weekly Inter-ISAC calls ENS and Crisis calls Success Stories H1N1 The ISACs were and are actively engaged in Sector Calls with DHS and CDC Information Sharing via ListServ Information Sharing via trusted relationships FS-ISAC Business Resiliency Committee calls Best practices guidelines

15 National Council of ISACs Began meeting in 2003 to address common concerns and cross-sector interdependencies Volunteer group of ISACs who meet monthly to develop trusted working relationships among sectors on issues of common interest and work on initiatives of value to CI/KR Information Sources ISAC Ops Centers PCIS Communications Daily & Weekly ISAC Calls ListServ and Trusted Relationships ISACs & Other Sectors DHS & Other Government Partners Private Sector Liaison At The NICC NCCIC Liaisons Other Sources (Hundreds) National Council of ISACs ENS Calls And Crisis Calls Monthly Meetings Best Practice Sharing - Joint Statements - White Papers Briefings

16 National Council of ISACs Activities- Examples 1. Increase involvement of sectors without ISACs 2. Drills/Exercises Such as NLEs, Cyber Storm, RCES 3. Information Sharing During Meetings 4. Implement Real-Time sector Threat Level Reporting Directorate

17 Four Major Initiatives To Enhance Critical Infrastructure Protection and Resilience 1. NICC Liaison 2. Cross Sector Information Sharing Framework 3. Advanced Threat Task Force 4. NCCIC NICC Liaison Contact Information

18 Joint Coordination Center- Pilot Private Sector Component Establish a common operating picture amongst sectors and analysis products to support efforts to detect, prevent, mitigate and respond to cyber security events through a 24x7 Joint Coordination Center Current Activity What Is The NCCIC? National Cybersecurity and Communications Integration Center DHS-led Unified Operations Watch & Warning Center Operates 24 hours/day, 7 days/week, 365 days a year. Classification Level-Top Secret/Sensitive Compartmented Information (TS/SCI)

19 Who Is The NCCIC? DHS Office of Cybersecurity and Communications (CS&C) UCG US CERT NCCIC Liaisons NCC ICS- CERT DHS I&A NCSC Who Is Currently At The Table? DHS Office of Cybersecurity and Communications (CS&C) Comms ISAC NCCIC ES- ISAC IT-ISAC MS-ISAC FS-ISAC

20 The UCG Unified Command Group-composed of private and public sector representatives UCG-Staff and UCG Seniors UCG Staff meet on a regular basis. Both meet as needed during an incident Advise Assistant Secretary of CS&C on cybersecurity matters, provide subject matter expertise and response as necessary during an incident that requires national coordination. Cyber Incident Response Cyber Incident Manager Cyber UCG Incident Management Team UCG Seniors UCG Staff Private Sector Federal Government NCCIC State/Local Government NGOs/Others International

21 CONTACT