The U.S. Coast Guard s Role in Cybersecurity Mr. Thomas P. Michelli Deputy Chief Information Officer U.S. Coast Guard
What is Cyberspace? Domain characterized by the use of electronics and the electromagnetic spectrum to store, modify, and exchange data via network systems and associated physical infrastructures A domain that is no different than the ones that we routinely operate in; air, land, sea and space Cyberspace is the human created domain
CGCYBER Vision & Mission VISION A safe, secure and resilient cyber operating environment that allows for the execution of Coast Guard missions and maritime transportation interests of the United States. MISSION Coast Guard Cyber Command s mission is to identify, protect against, enhance resiliency in the face of, and counter electromagnetic threats to the Coast Guard and maritime interests of the United States, provide cyber capabilities that foster excellence in the execution of Coast Guard operations, support DHS cyber missions, and serve as the Service Component Command to U.S. Cyber Command. Computer Network Defense Protecting Maritime Critical Infrastructure and Key Resources Enabling Operations Through Cyber Capability
Defend the Platform Cyber affects the full spectrum of Coast Guard operations. It s not an information technology niche it cuts across every aspect of the Coast Guard. - Admiral Zukunft
Cyberspace Roles and Responsibilities Operate in Cyberspace Defend Respond Recover
CGCYBER Designated Computer Network Defense Service Provider (CNDSP) for the Service defense of the DoDIN Cyber Operations Center (CSOC) - 24x7x365 Watch Service Cyber Component to USCYBERCOM - executes TASKORDs from USCYBERCOM Intelligence fusion/indicators and warnings from NTOC
C4ITSC Technical Authority Configuration management for CG networks Build, deploy and maintain security systems and sensors
Maritime Critical Infrastructure The Coast Guard is the Sector Specific Agency (SSA) for the Maritime component of the Transportation Sector 1 of the 16 Critical Sectors Collaboration with our partners in DHS, TSA and DOT Protect maritime sector from all threats (physical, personnel, and cyber)
NIST Voluntary Cybersecurity Framework Voluntary federal cybersecurity standards developed by the National Institute for Standards and Technology in cooperation w/ the private sector Designed for owners and operators of CIKR scalable to suite industry Focuses on; Identification Protection Detection Response Recovery Complimented by the Critical Infrastructure Cyber Community program (C-Cubed)
C-Cubed Voluntary Program Public/private partnership aligning business enterprises and government to resources that will assist their efforts in using the NIST Voluntary Framework Assists with understanding the use of the Framework and other risk management efforts Link and customer relationship manager to help organizations with Framework utilization Encourages feedback from stakeholders about their experiences with the Framework to help drive future updates Aligns with the process and efforts outlined in the 2013 National Infrastructure Protection Plan
Enabling Operations Through Cyber Capabilities Leverage intelligence community (IC) and law enforcement (LE) authorities to understand adversaries intentions and capabilities in cyberspace Capitalize on cyber and SIGINT capabilities Drive tactical cyber intelligence to the front-line operator
Cyberspace Roles and Responsibilities Operate in Cyberspace Defend Respond Recover COLLABORATION COORDINATION Maintain Cyberspace Build Engineer Support
Cyber Tool: ACAS Enterprise vulnerability & compliance scanning infrastructure. Provides capabilities to allow for credentialed scanning of all USCG assets, enterprise scan management, alerting, & reporting against vulnerability and compliance requirements. Deployment Fully Deployed on SIPR and NIPR. Official full transition to be completed by 31 OCT 2014 Full enterprise scans conducted every 30 days Standalone Scanners for OOB networks and systems Management TISCOM ACAS system support and engineering IAD User management, end user training, enterprise dashboard/report template publishing Unclassified / FOUO 5-Nov-14
ACAS Requirement USCYBERCOM TASKORD 13-0670 and the subsequent CGCYBER TASKORD 13-010 mandates the deployment and use of ACAS to provide situational awareness into the health of the networks and actionable intelligence to support risk management decisions. Unclassified / FOUO 5-Nov-14
ACAS Benefits Actionable Information Reporting Specific Vulnerability Triggers Unclassified / FOUO 5-Nov-14
ACAS Architecture Goals Goals Single USCG reporting capability for all assets Credentialed scanning ability for all USCG assets Ability to scan all USCG assets within 30 days Unclassified / FOUO 5-Nov-14
ACAS Components ACAS DoD Phase I Components: Center: The central command and control console for the ACAS infrastructure. (Red Hat) Nessus Vulnerability Scanner: vulnerability auditing/analysis, compliance auditing, and network discovery. ACAS DoD Phase II Components: Passive Vulnerability Scanner (PVS): real-time traffic monitoring for application, vulnerability and protocol analysis. Unclassified / FOUO 5-Nov-14
ACAS Architecture Overview SBU Two independent Center servers located at TISCOM and Alameda. 51 shore side scanners. Two Center servers in MainTest with 3 scanners. SIPR Two independent Center servers located at TISCOM. 105 shore side scanners. Unclassified / FOUO 5-Nov-14
USCG s ACAS Objectives Spiral I Objectives: Deploy Center and Nessus with the same scanning coverage for SBU and SIPR as the previous IAD-VAT enterprise managed scanning infrastructure. 99% SBU Coverage, solution accepted by IAD on 15SEPT14 100% SIPR Coverage, solution accepted by IAD on 31OCT14 Provide recommendations for non-enterprise scanning solutions. USCG Offline scanning guide posted on ACAS CGPortal site. Spiral II Objectives: Optimize Architecture for central reporting, efficiencies, and cost savings. Unclassified / FOUO 5-Nov-14
ACAS Current Initiatives OSC LAN Coverage: Deploy scanners that are centrally managed to all OSC LAN segments. DMZ Coverage: Deploy scanners that are centrally managed with automated reporting to USCG Center. Unclassified / FOUO 5-Nov-14
ACAS Swimlane Overview TISCOM Information Assurance EISI PL Infrastructure Design Product Testing Root Infrastructure Administration ACAS License Key Maintenance ESOD (in support of EISI) Tentative Phase II Transition Infrastructure Health Monitoring Product Deployment Monthly Maintenance IAD VAT Monthly Scanning Scan Processes End User Account Management Initial Asset List Development IAD C&A ISSOs Cyber ITCCB Unclassified / FOUO 5-Nov-14
Questions? ACT Achieving Cybersecurity Together It s our Shared Responsibility.
Backup Slides Unclassified / FOUO 5-Nov-14
ACAS Timeline Center 4.8.2 Architecture Deployment Optimization MAR15 DEC14 SIPR Testing SBU Testing AUG14 01OCT14 Passive Vulnerability Sensor USCYBERCOM SAR 2012-0404 04APR12 SBU Center Deployment SEPT12 USCYBERCOM TASKORD 12-0603 24MAY12 USCYBERCOM TASKORD 13-0670 01AUG13 SBU Nessus Deployment (CONUS) JUL13 CGCYBER TASKORD 13-010 18SEPT13 SPIRAL I SBU OCONUS NESSUS Deployment OCT13 SIPR Center Deployment SEPT13 Retina EOL 31OCT14 Center 4.8 SIPR NESSUS Deployment NOV14 Deployment SETP14 Unclassified / FOUO SPIRAL II Center 5.0 Deployment DEC15 SIPRAL III 5-Nov-14
For Official Use Only DISA ACAS Roadmap FY14-15 Overall Indicator Center v4.8: ACAS Deployment: 24 Sept 2014 (Build 1) New enhanced user/group/role model New HTML5 based analysis Prompting for Assets in Dashboard/Report templates Enhanced Asset Lists Unique ID capability Center v4.8.2: ACAS Deployment: 26 March 2015 ACAS ARF/ASR Publishing Updates for CMRS UpdatedARF reports to include version of the plugin, name of the scan policy, timestamp for credentialed scans, BIOS GUID and McAfee Agent GUID. Updated Plugin text to include Scan Policy, Banchmark Names, Unsupported Products, and whether scans were authenticated or unauthenticated. Center v5.0: ACAS Deployment: 1 Dec 2015 Fully completed HTML5 user interface Support for greater than 4GB repository sizes (now allows for 32GB repositories) Vulnerability Trending backend improvements (reducing storage requirements) Center API rewritten to a RESTful one Additional integration with other ACAS products (Nessus & PVS) Updates to ARF/ASR reports and plugin text to meet CMRS requirements Nessus v6.0: ACAS Deployment: 15 Jan 2015 The ability to restore a scan (after an unexpected crash/shutdown/etc.) Automatic update of the scanners Use Windows events for all I/O PVS v4.2: ACAS Deployment: 20 Jan 2015 Increased throughput of 10GB PVS v4.4: ACAS Deployment: 12 Jun 2015 Automatic update of the PVS engine This document is informational only. Tenable reserves the right to change the schedule or list of features without prior notice. For Official Use Only 25 Version 1