Cyber Security Summit 2014 USCENTCOM Cybersecurity Cooperation

Transcription

1 Cyber Security Summit 2014 USCENTCOM Cybersecurity Cooperation COL Michael R. Corpening Deputy Chief, Operations Division (CCJ6-O) 1 December 2014 The overall classification of this brief is UNCLASSIFIED // FOUO 1

2 Agenda Cybersecurity Overview Purpose: Cybersecurity To provide Strategy information / Assessment on how USCENTCOM is committed to building Critical Infrastructure partner capacity Key and Resources strengthening (CIKR) cyber defense posture throughout the region. Public-Private Partnerships Concluding Remarks 2

3 Cybersecurity Overview Cyber security is a collection of elements that can be used to protect the cyber environment, organization, and user s assets Security Concepts Risk Manageme nt Approache s Best Practices & Actions Training Trainin g Tools & Technologi es Policies & Guidelines Security Safeguards Cybersecurity strives to ensure the attainment and maintenance of the security properties of the organization and user s assets against relevant security risks in the cyber environment General cybersecurity objectives comprise the following: Confidentiality of data Integrity, which may include authenticity and non-repudiation of data Availability of data 3 Elements of Cybersecurity Reference - International Telecommunications Union ITU. T X.1205, Overview of Cybersecurity

4 Global Cyberspace US Government Departments and Agencies 4 UNCLASSIFIED U.S. Federal Cybersecurity Operations Team National Roles and Responsibilities DOJ/FBI Investigate, attribute, disrupt and prosecute cyber crimes Lead domestic national security operations Conduct domestic collection, analysis, and dissemination of cyber threat intelligence Support the national protection, prevention, mitigation of, and recovery from cyber incidents Coordinate cyber threat investigations DOJ/FBI LEAD FOR Investigation and Enforcement FBI, NSD, CRM, USAO DHS Coordinate the national protection, prevention, mitigation of, and recovery from cyber incidents Disseminate domestic cyber threat and vulnerability analysis Protect critical infrastructure Secure federal civilian systems Investigate cyber crimes under DHS s jurisdiction DHS LEAD FOR Protection NPPD, USSS, ICE DoD * Note: Nothing in this chart alters existing DOJ, DHS, and DoD roles, responsibilities, or authorities Defend the nation from attack Gather foreign cyber threat intelligence and determine attribution Secure national security and military systems Support the national protection, prevention, mitigation of, and recovery from cyber incidents Investigate cyber crimes under military jurisdiction DoD LEAD FOR National Defense USCYBERCOM, NSA, DISA, DC3 Coordinate with Public, Private, and International Partners UNCLASSIFIED

5 Cybersecurity Strategy (1 of 2) In order to effectively address evolving cybersecurity requirements we need to consider the following: National Cybersecurity Strategic Interests Ministry of Defense Cyber Roles and Responsibilities Ministry of Defense Cyber Security Organization and Workforce Cybersecurity Training Requirements Technological/Equipment and software solutions required to develop and maintain the requisite cyber security posture A Cybersecurity Strategy should precede organizational and technological solutions Requires identification of cyber risks, requirements, and key resource interdependencies 5

6 Cybersecurity Strategy (2 of 2) FOREIGN INTELLIGENCE SUPPLY CHAIN VULNERABILITY HACKTIVISTS NEGLIGENT USERS CRIMINAL ELEMENTS WIRELESS ACCESS POINTS REMOVABLE MEDIA TERRORIST ACTS INSIDER THREATS 6

7 Cybersecurity Strategy Development National Cybersecurity Strategy Requirements Armed Forces Cybersecurity Strategy Organize Man Objective(s) Equip Train Missions Roles Responsibilities 7 Requirements must be derived from strategic objectives

8 Cybersecurity Assessment Overview Line of Effort 1: Strategy, Policy, & Organization Align the institution & the missions Line of Effort 2: Workforce Development Optimally trained & equipped Line of Effort 3: Network Provide & Operate Communications available and ready Line of Effort 4: Network Protect & Defend Defense In Depth 8

9 CIKR Protection National Infrastructure Protection Plan (NIPP) Department of Homeland Security 9

10 Partnerships The United States will facilitate cyber-security capacity-building abroad, bilaterally and through multilateral organizations 2011 United States International Strategy for Cyberspace Cybersecurity Partnerships are essential to global stability The United States is committed to our regional partners Requires a Whole-of-Government Approach Cybersecurity is a Department of Defense Priority The DoD will work closely with its allies and international partners to develop shared warning capabilities, engage in capacity building, and conduct joint training activities [which] will enable collective selfdefense and collective deterrence. Department of Defense Strategy for Operating in Cyberspace, July

11 Questions 11

12 Cyber Security Summit 2014 USCENTCOM Cyber Security Cooperation COL Michael R. Corpening Deputy Chief, Operations Division (CCJ6-O) 1 December 2014 The overall classification of this brief is UNCLASSIFIED // FOUO 12