Integrated Cyber Defense Working Group (ICD WG) Introduction

Similar documents
Cybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013

Updates to the NIST Cybersecurity Framework

Greg Garcia President, Garcia Cyber Partners Former Assistant Secretary for Cyber Security and Communications, U.S. Department of Homeland Security

Executive Order & Presidential Policy Directive 21. Ed Goff, Duke Energy Melanie Seader, EEI

Cyber Partnership Blueprint: An Outline

Federal Continuous Monitoring Working Group. March 21, DOJ Cybersecurity Conference 2/8/2011

Testimony. Christopher Krebs Director Cybersecurity and Infrastructure Security Agency U.S. Department of Homeland Security FOR A HEARING ON

NATIONAL DEFENSE INDUSTRIAL ASSOCIATION Homeland Security Symposium

National Policy and Guiding Principles

ISAO SO Product Outline

Food and Agriculture Sector Criticality Assessment

NORTH CAROLINA NC MRITE. Nominating Category: Enterprise IT Management Initiatives

The U.S. National Spatial Data Infrastructure

INFORMATION ASSURANCE DIRECTORATE

Critical Infrastructure Sectors and DHS ICS CERT Overview

National Counterterrorism Center

Achieving a Secure and Resilient Cyber Ecosystem: A Way Ahead

The US National Near-Earth Object Preparedness Strategy and Action Plan

Advanced Cyber Risk Management Threat Modeling & Cyber Wargaming April 23, 2018

Framework for Improving Critical Infrastructure Cybersecurity

NCSF Foundation Certification

Statement for the Record

Cybersecurity-Related Information Sharing Guidelines Draft Document Request For Comment

Government IT Modernization and the Adoption of Hybrid Cloud

National Strategy for CBRNE Standards

White Paper. View cyber and mission-critical data in one dashboard

INFORMATION ASSURANCE DIRECTORATE

Current Research and Standards for Security Automation An overview of US Government efforts to support and promote security automation

GAO CYBERSECURITY. Key Challenges Need to Be Addressed to Improve Research and Development. Report to Congressional Requesters

Five-Year Strategic Plan

HPH SCC CYBERSECURITY WORKING GROUP

Integrating TOGAF, Zachman and DoDAF Into A Common Process

GAO CYBERSPACE POLICY. Executive Branch Is Making Progress Implementing 2009 Policy Review Recommendations, but Sustained Leadership Is Needed

INFORMATION ASSURANCE DIRECTORATE

An Overview of TOGAF Version 9.1

Proposed Regional ehealth Strategy ( )

Mitigation Framework Leadership Group (MitFLG) Charter DRAFT

National Infrastructure Protection Plan (NIPP) Transportation Sector Specific Plan (TSSP) and The TSSP R&D Working Group

INFORMATION ASSURANCE DIRECTORATE

UNCLASSIFIED. FY 2016 Base FY 2016 OCO

INFORMATION ASSURANCE DIRECTORATE

Industry role moving forward

The NIST Cybersecurity Framework

Information Security Continuous Monitoring (ISCM) Program Evaluation

Improving Cybersecurity through the use of the Cybersecurity Framework

Forensics and Biometrics Enterprise Reference Architecture (FBEA)

Utilizing Terrorism Early Warning Groups to Meet the National Preparedness Goal. Ed Reed Matthew G. Devost Neal Pollard

Click to edit Master title style

First Session of the Asia Pacific Information Superhighway Steering Committee, 1 2 November 2017, Dhaka, Bangladesh.

INFORMATION ASSURANCE DIRECTORATE

S&T Stakeholders Conference

HELLO, MOSCOW. GREETINGS, BEIJING. ADDRESSING RISK IN YOUR IT SUPPLY CHAIN

Achieving & Measuring the Value of Cyber Threat Information Sharing. Lindsley Boiney, Clem Skorupka (presenting)

Bird of a Feather Automated Responses

Why you should adopt the NIST Cybersecurity Framework

INFORMATION ASSURANCE DIRECTORATE

ACF Interoperability Human Services 2.0 Overview. August 2011 David Jenkins Administration for Children and Families

Emergency Support Function #2 Communications Annex INTRODUCTION. Purpose. Scope. ESF Coordinator: Support Agencies: Primary Agencies:

DoD Software Assurance (SwA) Update

Domestic Nuclear Detection Office (DNDO) DNDO Overview

Joint Federated Assurance Center (JFAC): 2018 Update. What Is the JFAC?

Cyber Maryland 2017: Continuous Innovation and Cyber Incident Response

Accelerate Your Enterprise Private Cloud Initiative

INFORMATION ASSURANCE DIRECTORATE

National Information Assurance Partnership (NIAP) 2017 Report. PPs Completed in CY2017

Cyber Security & Homeland Security:

THE WHITE HOUSE. Office of the Press Secretary. EMBARGOED UNTIL DELIVERY OF THE PRESIDENT'S February 12, 2013 STATE OF THE UNION ADDRESS

Integrated Consortium of Laboratory Networks (ICLN) Brief to the NPDN National Meeting

Build Your Cybersecurity Team: Create a Strong Cybersecurity Workforce Using Best Practices in Development

Medical Device Vulnerability Management

Proposed Capability-Based Reference Architecture for Real-Time Network Defense

Framework for Improving Critical Infrastructure Cybersecurity

Long-Term Power Outage Response and Recovery Tabletop Exercise

Position Description. Engagement Manager UNCLASSIFIED. Outreach & Engagement Information Assurance and Cyber Security Directorate.

Identity Management (IdM) is a crosscutting focus area for DHS

INFORMATION ASSURANCE DIRECTORATE

FedRAMP: Understanding Agency and Cloud Provider Responsibilities

IMPACT Global Response Centre. Technical Note GLOBAL RESPONSE CENTRE

Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure

ERO Enterprise IT Projects Update

POSITION DESCRIPTION

Module 3. Overview of TOGAF 9.1 Architecture Development Method (ADM)

Solutions Technology, Inc. (STI) Corporate Capability Brief

United States Energy Association Energy Technology and Governance Program REQUEST FOR PROPOSALS

DELIVERING MISSION BASED OUTCOMES TO THE INTELLIGENCE COMMUNITY SINCE 2002 MISSION-DRIVEN SOLUTIONS 1

ANSI Homeland Security Standards Panel (ANSI-HSSP) Open Forum for Standards Developers

INFORMATION ASSURANCE DIRECTORATE

Department of Defense. Installation Energy Resilience

Election Infrastructure Security: The How and Why of It

Aligning Agency Cybersecurity Practices with the Cybersecurity Framework

DHS Election Task Force Updates. Geoff Hale, Elections Task Force

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

Information Systems Security Requirements for Federal GIS Initiatives

INFORMATION ASSURANCE DIRECTORATE

Biometric Standards for DoD Operational Requirements

Federal & NASA IPv6 Updates

DHS Automated Information Sharing (AIS) Program

Sustainable Security Operations

Information Collection Request: The Department of Homeland. Security, Stakeholder Engagement and Cyber Infrastructure

Transcription:

Integrated Cyber Defense Working Group (ICD WG) Introduction Cory Huyssoon Allison Cline October 16, 2017 2017 by The Johns Hopkins Applied Physics Laboratory. Material is made available under the Creative Commons Attribution 4.0 International License.

Agenda Today s Goals What is Integrated Cyber Defense (ICD)? Background Overview Information Sharing and Automation ICD WG Purpose and Goals Strategy Overall Plan Next Steps Community Actions Next ICD WG

Today s Goals To kick off the ICD WG To define the group s purpose and plan To communicate about the effort to the larger community

Background National Security Presidential Directive 54/Homeland Security Presidential Directive 23 established the Comprehensive National Cybersecurity Initiative (CNCI), with 12 sub-initiatives CNCI Initiative #5 (CNCI-5) called for increased connections between Federal Cyber Centers to create cyber shared situational awareness In 2012, CNCI-5 was recast by the Administration as the Enhance Shared Situational Awareness (ESSA) Initiative machine-speed sharing became an increased focus ESSA provided one of the cyber community s only mechanisms for future-looking, operational collaboration; it has facilitated: Development and implementation of requirements-based community-wide capabilities Development and adoption of processes and standards across DHS, DOD, DOJ, the IC, and the DOE 4

National Roles and Responsibilities ( Bubble Chart )

Background Information Sharing Architecture (ISA) Developed by the Enhance Shared Situational Awareness (ESSA) participants as a framework to guide investments in shared and organizational capability The ISA Framework was designed to establish a construct for multi-partner sharing and delineated capability and information needs for collaboration across multiple domains It defined seven cybersecurity functions that encompass cybersecurity activities performed by a particular organization It also defined seven categories of information, called Enduring Functional Exchanges (EFEs), which are exchanged on an ongoing basis to enhance SSA and enable integrated operational response The ISA Framework defined a list of technical needs, that established the baseline for developing capabilities being implemented today, that enable real-time cyber information sharing

(U) Former ESSA Coordination Forums (U) Inter-organizational Coordination Group (ICG) (U) Strategic Management and policy level coordination across the ISA (U) Establishes IPTs, WG, and coordinating policies among the members (U) Implementation Working Group (IWG) (U) An interagency and inter-organizational body that will develop and coordinate the execution of the plan for the realization of the ISA. (U) Policy Working Group (PWG) - (U) Will Identify and solve functional policy requirements necessary to resolve policy issues that impede net-speed cybersecurity information sharing among ISA participants and their partners

ESSA Producing the Foundation December 2010 Published and delivered to the community and ODNI the Information Sharing Architecture (ISA): Framework April 2011 As-Is Definition and Assessment of current information sharing activities among Centers October 2013 ISA: Shared Situational Awareness Requirements Document v2.1 (Mission, Technology, and Information) released 2012 2015 ESSA funds initial STIX/TAXII development February 2014 ISA: Access Control Specification (ACS) version 1.1 released April 2014 ISA: Technical Implementation Plan v2.0 released September 2016 ESSA stands down; full transition to DHS, Shared Capability Providers (SCPs), and community

ICD Overview ICD Overview

Integrated Cyber Defense Overview Integrated Cyber Defense Extensible and flexible integration of cyber defense capabilities across all levels (platform, service, system, enterprise, multi-enterprise) that: Enables rapid insertion of emerging solutions Measurably reduces timeline for cyber defense operations Measurably increases the effectiveness of cyber defense operations Endures in capability while allowing changes in hardware, software, and services Extends across both traditional and emerging environments

Relationship Between Cyber Threat Information Sharing and Active Cyber Defense Automation Increased Cyber Threat Information Sharing Sightings Intelligence Industry-driven Automated Sharing Automated Indicator Sharing (AIS) ESSA Malware Storefront STIX Advanced Autoimmunity Threat Intelligence Platforms (TIP) Increase in Shared Information Increased Active Cyber Defense Automation Deduplication Security Orchestration Products SOC Automation Increased Automation Indicator Sightings Automated Indicator Generation Analytics-based IT Automation Refined Information Sharing To Further Advance Automated Capabilities IACD An increase in the volume and types of Cyber Threat Information Sharing both enable and require Active Cyber Defense Automation.

ICD Working Group ICD Working Group

ICD WG Purpose and Goals Definition A common forum to discuss, question, and strategize cross-cutting technical evolution and migration Purpose To create and communicate a single, cohesive vision of common technology and information needs To work with Departments/Agencies to further advance AIS and IACD, and potentially other associated federal infrastructure Goals Produce community-accepted guidance for technical implementation of capabilities that enable automated defensive actions and cybersecurity information sharing

Overall ICD WG Plan Identify the hard technical challenges Lay out the order based on dependencies Summarize each challenge and invite feedback and input from the IACD Community Allows for input from vendor and private communities Establish focus groups for each challenge Identify POCs to lead Identify participants Define products and schedule Report plan and progress back to ICD WG Leverage ICD WG for review and comment Finalize products

Next Steps Next Steps

Actions to Community Identify ICD WG POCs from Federal Departments and Agencies Work within your organization to identify candidate challenges that should be worked by the ICD WG

Next ICD WG Meeting November 14, 2017 Plan the working group s activities List of candidate technical challenges What are the common hard challenges to solve? Prioritize based on urgency and interdependencies What do we look at first? Establish first focus group Draft the charter outline for review and comments Describe the gap this WG is meant to fill Lay out who we are and why we are here Establish expectations for: Scope and Time Constraints Activities Membership Reporting/Deliverables

Questions or Concerns? Back-up Slides

Backup Slides Back-up Slides

ICD WG Meeting Logistics Repository of Materials Shared online working space OMB MAX https://max.gov/maxportal/home.action Meeting Schedule Nominally every 6-8 weeks Roster primary/alternates/support staff Listserv for managing large membership roster Establish Prioritization Process Establish Review and Comments Process

Potential Candidate Challenges Tiered Trust Markings Feed Management Scoring IACDaaS De-duplication / Echo Chamber Sightings COA Sharing Onboarding Revocation What else?

https://secwww.jhuapl.edu/iacd @IACD_automate https://www.linkedin.com/groups/8608114 icd@jhuapl.edu

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback