The Role of the ISACs in Critical Infrastructure Resilience Presented by Steve Lines Executive Director Defense Industrial Base Information Sharing

Similar documents
Critical Infrastructure Sectors and DHS ICS CERT Overview

The Role of ISACs in Protecting Critical Infrastructure. Denise Anderson Chair National Council of ISACs. Agenda

National Policy and Guiding Principles

2 nd Cybersecurity Workshop Test and Evaluation to Meet the Advanced Persistent Threat

The Office of Infrastructure Protection

PIPELINE SECURITY An Overview of TSA Programs

DHS Supply Chain Activity: Cross-Sector Supply Chain Working Group and Strategy on Global Supply Chain Security

Panelists. Moderator: Dr. John H. Saunders, MITRE Corporation

ICS-CERT Year in Review. Industrial Control Systems Cyber Emergency Response Team

Greg Garcia President, Garcia Cyber Partners Former Assistant Secretary for Cyber Security and Communications, U.S. Department of Homeland Security

The Office of Infrastructure Protection

Global Resilience Federation Trust. Collaboration. Community. Cindy Donaldson President, Global Resilience Federation October 2017

Statement for the Record

DHS Cybersecurity: Services for State and Local Officials. February 2017

Industry role moving forward

The Need for Operational and Cyber Resilience in Transportation Systems

DEFENSE LOGISTICS AGENCY

Cybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com

Briefing to National Association of Regulatory Utility Commissioners

DHS Cybersecurity. Election Infrastructure as Critical Infrastructure. June 2017

December 10, Statement of the Securities Industry and Financial Markets Association. Senate Committee on Banking, Housing, and Urban Development

Maintaining Resiliency Within the Defense Industrial Base Through Preparedness Response and Recovery

Election Infrastructure Security: The How and Why of It

Cybersecurity Overview

Critical Infrastructure Analysis and Protection - A Case for Secure Information Exchange. August 16, 2016

Mississippi Emergency Management Agency. Shawn Wise. Office Of Preparedness

ISAO SO Product Outline

Information Technology Information Sharing and Analysis Center. First Symposium Barcelona, Spain Feb. 2, 2011

CLICK TO EDIT MASTER TITLE RECENT STYLE APT CAMPAIGN TARGETING ENERGY SECTOR ASSETS

GPS Vulnerability and DHS Mitigation Efforts. David Wulf Acting Deputy Assistant Secretary Infrastructure Protection Department of Homeland Security

NGA Governor s Energy Advisors Energy Policy Institute Resiliency Panel

Department of Homeland Security Updates

Why you should adopt the NIST Cybersecurity Framework

Testimony. Christopher Krebs Director Cybersecurity and Infrastructure Security Agency U.S. Department of Homeland Security FOR A HEARING ON

EPRO. Electric Infrastructure Protection Initiative EPRO BLACK SKY SYSTEMS ENGINEERING PROCESS

Office of Infrastructure Protection Overview

ICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update)

Emergency Support Function #12 Energy Annex. ESF Coordinator: Support Agencies:

Outreach and Partnerships for Promoting and Facilitating Private Sector Emergency Preparedness

Cybersecurity A Regulatory Perspective Sara Nielsen IT Manager Federal Reserve Bank of Kansas City

Introduction to the National Response Plan and National Incident Management System

Quadrennial Homeland Security Review (QHSR) Ensuring Resilience to Disasters

Critical Infrastructure Partnership

Security and Emergency Response Issues for the Refining and Petrochemical Industry

Emergency Support Function #2 Communications Annex INTRODUCTION. Purpose. Scope. ESF Coordinator: Support Agencies: Primary Agencies:

U.S. Department of Homeland Security Office of Cybersecurity & Communications

Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure

California Cybersecurity Integration Center (Cal-CSIC)

The Office of Infrastructure Protection

Water Information Sharing and Analysis Center

Federal Information Sharing Resources for Small and Midsize Businesses

The NIST Cybersecurity Framework

Critical Infrastructure

The Australian Government s Approach to Critical Infrastructure Resilience

2016 Nationwide Cyber Security Review: Summary Report. Nationwide Cyber Security Review: Summary Report

Kansas City s Metropolitan Emergency Information System (MEIS)

Critical Infrastructure Resilience

DHS Emergency Services Sector Presents Tools and Resources for First Responders. June 1, pm ET

Bundling Arrows: Making a Business Case for Adopting an Incident Command System (ICS) 2012 The Flynt Group, Inc.; All Rights Reserved. FlyntGroup.

Regional Resilience: Prerequisite for Defense Industry Base Resilience

Sharing of Information & Intelligence on the Importation & Transportation of Food

Trends in Cybersecurity in the Water Industry A Strategic Approach to Mitigate Control System Risk

PD 7: Homeland Security Presidential Directive 7: Critical Infrastructure Identification, Prioritization, and Protection

June 5, 2018 Independence, Ohio

Mississippi Emergency Management Agency. Brittany Hilderbrand & Kamika Durr. Office Of Preparedness

All-Hazards Approach to Water Sector Security & Preparedness ANSI-HSSP Arlington, VA November 9, 2011

What Why Value Methods

National Preparedness System (NPS) Kathleen Fox, Acting Assistant Administrator National Preparedness Directorate, FEMA April 27, 2015

Business Continuity: How to Keep City Departments in Business after a Disaster

Japanese-Style STIX and TAXII Information Sharing Platform. December 7, 2017 Masato Terada Hitachi Incident Response Team Hitachi Ltd.

Business Continuity Planning

American Association of Port Authorities. Navigating the Cyber Domain. Homeland Security UNCLASSIFIED

The Office of Infrastructure Protection

Panel 1 National CSIRT Experience

End-to-End Trust, Segmentation and Segregation in the IIoT

E-ISAC Long-Term Strategic Plan April 24, 2017

GridEx IV Initial Lessons Learned and Resilience Initiatives

Bradford J. Willke. 19 September 2007

Control Systems Cyber Security Awareness

Jim Brenton Regional Security Coordinator ERCOT Electric Reliability Council of Texas

Critical Infrastructure Protection (CIP) as example of a multi-stakeholder approach.

Department of Homeland Security Science and Technology Directorate

How Advanced Persistent Threats Successfully Breach Large Organizations AND, What To Do About It

Louisiana - State Analytical & Fusion Exchange (LA-SAFE)

Community-Based Water Resiliency

It s all about Trust! Public-Private Shared Cyber Threat Situational Capability National Pilot in Hawaii

National Infrastructure Resilience

Standing Together for Financial Industry Resilience Quantum Dawn 3 After-Action Report. November 19, 2015

Advanced Technology Academic Research Council Federal CISO Summit. Ms. Thérèse Firmin

Working Draft Supplemental Tool: Connecting to the NICC and NCCIC Draft October 21, 2013

NATIONAL DEFENSE INDUSTRIAL ASSOCIATION Homeland Security Symposium

CALIFORNIA CYBERSECURITY TASK FORCE

Electric Power Industry s Approach to Grid Security

Legal, Ethical, and Professional Issues in Information Security

CRITICAL INFRASTRUCTURE AND KEY RESOURCES

The CERT Top 10 List for Winning the Battle Against Insider Threats

The Office of Infrastructure Protection

National Cyber Incident Response - Architectural Concepts

Department of Homeland Security

STRATEGIC PLAN. USF Emergency Management

Transcription:

The Role of the ISACs in Critical Infrastructure Resilience Presented by Steve Lines Executive Director Defense Industrial Base Information Sharing Analysis Center DIB ISAC December 18, 2014

Why ISACs? Trusted entities established by CI/KR owners and operators. Comprehensive sector analysis aggregation/ anonymization Reach-within their sectors, with other sectors, and with government to share critical information. All-hazards approach Threat level determination for sector Operational-timely accurate actionable

ISACS Communications ISAC Defense Industrial Base ISAC Electricity ISAC Emergency Management & Response ISAC Financial Services ISAC Information Technology ISAC Maritime ISAC Multi-State ISAC National Health ISAC Oil and Natural Gas ISAC (ONG) Over the Road & Motor Coach ISAC Public Transit ISAC Real Estate ISAC Research and Education ISAC Supply Chain ISAC Surface Transportation ISAC Water ISAC

Other Operational Sectors and Upcoming ISACs Automotive Aviation Food & Ag Nuclear Chemical Critical Manufacturing

DIB ISAC Mission The DIB ISAC was created to address an all hazards approach to securing the DIB Supply Chain. Trusted and effective threat collaboration is a critical benefit of the DIB ISAC member firms. The DIB ISAC strives to provide these firms analyst or security officers a broad, multi-sector view of emerging threats that may extend well beyond the analyst s respective organizational domain. The DIB ISAC uses a regional outreach to ensure that member companies receive actionable threat intelligence and can also share such intelligence with partner firms. The ISAC also provides assistance in responding to and recovery from manmade and natural disasters.

Member Benefits Secure collaboration Platform Ability to share information anonymously Indexed threat library to share tools and techniques for securing your infrastructure Ability to transform threat information into a common ontology for quick analysis (STIX) Direct access to US Government threat products as generated by the various agencies Access to a community of analysts to assist in rapid analysis of threats and mitigation strategies Cross Sector Information sharing through the National Council of ISACs Access to Webcasts and other resources during nationally significant events Sector to sector analyst meetings and conference calls Community Emergency Response Training (CERT) Personal and Family Preparedness American Heart Association CPR/AED First Aid Continuity of Operations (COOP) support and Crisis Management

Member Collaboration on a Secure Portal

Traffic Light Protocol (TLP) RED Restricted to a defined group (e.g., only those present in a meeting.) Information labeled RED should not be shared with anyone outside of the group AMBER information may be shared with DIB ISAC members. GREEN Information may be shared with DIB ISAC members and partners (e.g., vendors, MSSPs, customers). Information in this category is not to be shared in public forums WHITE information may be shared freely and is subject to standard copyright rules

Information Sharing Flow - External Member RFI DIB ISAC Anonymizes RFI NCCIC Liaison Pulls and distributes to Govt and Sector Partners SITREPS on Manmade or Natural Crisis Events Cyber Intel Distribution Channels National Council of ISACs NCCIC DHS Intelligence & Analysis CISCP NSA NTOC Federal Law Enforcement Agencies UK CISP Program

National Council of ISACs

Coordination During Crisis Events Employee Resilience and Preparedness (ERAP) custom tailored to your needs Corporate Emergency Response and Preparedness (CERTAP) American Heart Association CPR/AED First Aid Continuity of Operations (COOP) support Active support for critical infrastructure and key management relocation NOAA Weather Ready NationTM Ambassador

Cyber Threat Intelligence What Activity Do we see Where did this occur What weakness does it Exploit Who is Responsible What Threats can we identify What does it do Have we seen this before What can I Do

Structured Threat Information expression STIX <cybox:observable id="fireeye:observable-1c4b8b44-10fb-4b00-8a49-deb38e92e108"> <cybox:title>mutex: 8ju6thdgf</cybox:Title> - <cybox:object id="fireeye:object-363367bd-7460-49bd-9163-55378a0fa666"> - <cybox:properties xsi:type="mutexobj:mutexobjecttype"> <MutexObj:Name condition="equals">8ju6thdgf</mutexobj:name> </cybox:properties> </cybox:object> </cybox:observable> - <cybox:observable id="fireeye:observable-42f1ec7e-2a32-4ff7-84a7-fbcb6288c8c9"> <cybox:title>domain: www.dhcpserver.ns01.us</cybox:title> - <cybox:object id="fireeye:object-07e2d2f3-092d-436d-bbd6-60d2bdc36d43"> - <cybox:properties type="fqdn" xsi:type="domainnameobj:domainnameobjecttype"> <DomainNameObj:Value condition="equals">www.dhcpserver.ns01.us</domainnameobj:value> <stix:courses_of_action> - <stix:course_of_action timestamp="2014-02-20t09:00:00.000000z" id="fireeye:courseofaction-70b3d5f6-374b-4488-8688-729b6eedac5b" xsi:type="coa:courseofactiontype"> <coa:title>analyze with FireEye Calamine Toolset</coa:Title> <coa:description>calamine is a set of free tools to help organizations detect and examine Poison Ivy infections on their systems. The package includes these components: * PIVY callback-decoding tool (ChopShop module, available here: https://github.com/fireeye/chopshop) * PIVY memory-decoding tool (PIVY PyCommand script, available here: https://github.com/fireeye/pycommands)</coa:description> </stix:course_of_action> </stix:courses_of_action>

What Machines See Automated Exchange-SOLTRA (National Council) - <stix:ttp timestamp="2014-02-20t09:00:00.000000z" id="fireeye:ttp-aedd016d-12c0-4d6e-902e-9a1cefd3e7e6" xsi:type="ttp:ttptype"> <ttp:title>victim Targeting: th3bug</ttp:title> - <ttp:victim_targeting> - <ttp:identity id="fireeye:ciqidentity30instance-917ed96c-05c2-4754-aed9-9123341f7cb8" xsi:type="stixciqidentity:ciqidentity3.0instancetype"> - <stixciqidentity:specification> <xpil:organisationinfo xpil:industrytype="healthcare Sector,Higher Education Sector" /> </stixciqidentity:specification> </ttp:identity> </ttp:victim_targeting> </stix:ttp> <stix:ttp timestamp="2014-02-20t09:00:00.000000z" id="fireeye:ttp-fb6aa549-c94a-4e45-b4fd-7e32602dad85" xsi:type="ttp:ttptype"> <ttp:title>spear Phishing Attack Pattern as practiced by menupass</ttp:title> - <ttp:behavior> - <ttp:attack_patterns> - <ttp:attack_pattern capec_id="capec-163"> <ttp:description>menupass appears to favor spear phishing to deliver payloads to the intended targets. While the attackers behind menupass have used other RATs in their campaign, it appears that they use PIVY as their primary persistence mechanism.</ttp:description> </ttp:attack_pattern> </ttp:attack_patterns> </ttp:behavior

Cyber Verify Regulatory DFARS Subpart 252.204.7012 Compliance with EO/PPD directives Monetary Contractors do not have the funds to verify or maintain verification of compliance by small mid size firms to bid on contracts to meet the new DFAR requirements AT&L cannot effectively manage a program of over 17,000 CDC nationwide, the program must be managed regionally using existing resources through the Cyber Verify program

Contact Info Steve Lines steve.lines@dibisac.net 256-489-0550 Office 256-929-8987 www.dibisac.net YOU have an obligation to actively participate in the protection of Critical Sector assets from hostile threats and hazards! Leverage the ISAC communities of trust!

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback