Greg Garcia President, Garcia Cyber Partners Former Assistant Secretary for Cyber Security and Communications, U.S. Department of Homeland Security

Transcription

1 1 Greg Garcia President, Garcia Cyber Partners Former Assistant Secretary for Cyber Security and Communications, U.S. Department of Homeland Security

2 2

3 Government Services 3 Business Education Social CYBERSPACE Nat l Security Law Enforcement Privacy & Civil Liberties

4 » Presidential Decision Directive 63 established the public-private National Infrastructure Protection Plan (NIPP)» Industry organizes into ISACs (information sharing and analysis centers) and SCC s (sector coordinating councils) to partner with government» 2000 ebay, Yahoo, Amazon.com, others experience distributed denial of service (DDOS) attacks; public now understands cyber security ; President Clinton calls in CEO s» 2002-Present U.S. government agencies losing massive amounts Greg Garcia of data to cyber intrusions RSI

5 » 2003 Department of Homeland Security open for business» Discovery of code-named Titan Rain Chinese cyber attacks on U.S. Government and private sector systems, focused attention on what was to become generally known as an advanced persistent threat (APT).» 2003 Government and industry develop the National Strategy to Secure Cyberspace National Cyberspace Security Response System National Cyberspace Security Threat and Vulnerability Reduction Program National Cyberspace Security Awareness and Training Program Securing Governments' Cyberspace National Security and International Cyberspace Security Cooperation 5

6 » 2003 DHS National Cyber Security Division and U.S. Computer Emergency Response Team established» 2006 the first national level cyber exercise Cyber Storm is conducted, involving federal, state and international government representatives, and industry players» The first DHS Assistant Secretary for Cyber Security and Communications appointed by President Bush» 2008 President Bush signs Comprehensive National Cybersecurity Initiative (CNCI - HSPD 23) 6

7 COMPREHENSIVE NATIONAL CYBERSECURITY INITIATIVE» Trusted Internet Connections consolidate government Internet access points, from approximately 5,000 to 100, and deploy intrusion detection and intrusion prevention capabilities across.gov» Coordinate and prioritize Federal R&D efforts and investments» Connect the 6 classified cyber operations entities (US CERT, NSA NTOC, DC3, JCITF, IC-IRC, JTF-GNO)» Develop a more robust counterintelligence strategy» Cyber education efforts to build a workforce better prepared for the future» Drive research investment toward leap-ahead technologies» Develop a more effective cyber deterrence strategy» Global supply chain risk management and mitigation strategy» Private sector engagement and critical infrastructure protection 7

8 » Establishment of the National Cyber and Communications Integration Center ( NCCIC ), fusing threat monitoring and incident response efforts of federal and stage government entities, and private sector, like Financial Services ISAC and IT ISAC» 2010 The DIB Pilot Test between the Nation Security Agency and Defense Industrial Base companies like Lockheed Martin, Northrup Grumman, etc, to protect those private sector networks with help from classified intelligence» EO / NIST Framework 8

9 According to EO 13636, the Cybersecurity Framework will:» Identify security standards and guidelines applicable across critical infrastructure» Be prioritized, flexible, repeatable, performance-based, and costeffective» Help owners and operators of critical infrastructure identify, assess, and manage cyber risk» Enable technical innovation and account for organizational differences» Provide guidance that is technology neutral and enables critical infrastructure sectors to benefit from a competitive market for products and services» Include guidance for measuring the performance of implementing the Cybersecurity Framework» Identify areas for improvement that should be addressed through future collaboration with particular sectors and standardsdeveloping organizations 9

10 20 May 2014 SO WHAT ABOUT THESE PARTNERSHIPS? WHAT DO WE GET? WHAT DO WE GIVE? 10

11 LIABILITY CONTRACTUAL RESTRICTIONS COMPETITIVE CONCERNS VULNERABILITY EXPOSURE REPUTATIONAL DAMAGE 11

12 12

13 The value of a communications network is proportional to the square of the number of users 13

14 METCALFE S LAW CYBER CRIMINALS ALREADY FIGURED OUT COLLABORATION COLLECTIVE INTELLIGENCE EARLIER WARNING/FASTER RESPONSE COST SAVINGS RISK AVERTED REPUTATION MAINTAINED CUSTOMERS PROTECTED AND RETAINED 14

15 15

16 Integrating offense and defense to build a better defense Sharing situational awareness across domains INDUSTRY Others FBI NCIJTF ODNI IC-IRC DHS US-CERT DoD DC3 CYBERCOM Allies Services NSA NTOC States 16

17 Background: Formed in 1999 A nonprofit private sector initiative Designed/developed/owned by financial services industry Considerable growth in membership Bylaw change in 2012 FS-ISAC Goal: Membership: 4500 Share timely, relevant and actionable information and analysis of physical and cyber security information pertaining to threats vulnerabilities and incidents Current 17

18 Clearing House and Exchange Forum (CHEF) CHEF IRC CYBER INTEL FS- ISAC PRC CIC Payments Risk Council (PRC) Payments Processor Information Sharing Council (PPISC) Business Resilience Committee (BRC) Threat Intelligence Committee (TIC) Community Institution Council (CIC) Insurance Risk Council (IRC) Compliance and Audit Council (CAC) Cyber Intelligence Listserv PPISC TIC CAC Education Committee Product and Services Review Committee Survey Review Committee Security Automation Working Group (SAWG) Member Reports Incident to Cyber Intel list Members respond with initial analysis and recommendations SOC completes analysis, anonymizes the source, and generates alert to general membership 18

19 STRATEGIC Sector Coordinating Councils Enduring Security Framework National Security Telecommunications Advisory Committee Trade Associations 19

20 OPERATIONAL FS-ISAC EARLY WARNING Services National Cyber Communications Integration Center (NCCIC N-Kick ) National Security Information Exchange National Cyber Forensic Training Alliance 20

21 INFORMATIONAL INFRAGARD Electronic Crimes Task Force (ECTF) Partnership for Critical Infrastructure Security (PCIS) 21

22 STANDARDS Software Assurance Forum for Excellence in Code (SAFECode) Industry Consortium for Advancement of Security on the Internet (ICASI) Information Security Forum (ISF) Open Group Trusted Technology Forum 22

23 1. Invest in vulnerability assessments and mitigation; it s about reliability, business continuity, public safety, national security and your liability 2. Information not shared might as well be a hallucination: provide timely actionable information to the government 3. Join your industry sector groups and build stronger operational relationships with government partners 4. Demand secure technology from your vendors and suppliers 5. Train your people 23

24 Greg Garcia