Critical Infrastructure Sectors and DHS ICS CERT Overview

Similar documents
DHS Cybersecurity. Election Infrastructure as Critical Infrastructure. June 2017

DHS Cybersecurity: Services for State and Local Officials. February 2017

ICS-CERT Year in Review. Industrial Control Systems Cyber Emergency Response Team

Panelists. Moderator: Dr. John H. Saunders, MITRE Corporation

Statement for the Record

ICS-CERT Year in Review

Cybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com

National Policy and Guiding Principles

The Office of Infrastructure Protection

June 5, 2018 Independence, Ohio

Why you should adopt the NIST Cybersecurity Framework

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013

THE WHITE HOUSE. Office of the Press Secretary. EMBARGOED UNTIL DELIVERY OF THE PRESIDENT'S February 12, 2013 STATE OF THE UNION ADDRESS

Quadrennial Homeland Security Review (QHSR) Ensuring Resilience to Disasters

The Role of ISACs in Protecting Critical Infrastructure. Denise Anderson Chair National Council of ISACs. Agenda

Critical Infrastructure Resilience

The Office of Infrastructure Protection

American Association of Port Authorities. Navigating the Cyber Domain. Homeland Security UNCLASSIFIED

National Cyber Incident Response - Architectural Concepts

California Cybersecurity Integration Center (Cal-CSIC)

Top 10 ICS Cybersecurity Problems Observed in Critical Infrastructure

Election Infrastructure Security: The How and Why of It

PIPELINE SECURITY An Overview of TSA Programs

The Role of the ISACs in Critical Infrastructure Resilience Presented by Steve Lines Executive Director Defense Industrial Base Information Sharing

CYBERSECURITY. Protecting Against the Financial, Regulatory and Reputational Impacts of Cyber Attack

Testimony. Christopher Krebs Director Cybersecurity and Infrastructure Security Agency U.S. Department of Homeland Security FOR A HEARING ON

Office of Infrastructure Protection Overview

Cyber Security Summit 2014 USCENTCOM Cybersecurity Cooperation

The Office of Infrastructure Protection

Introduction to the National Response Plan and National Incident Management System

Control Systems Cyber Security Awareness

Cyber Security & Homeland Security:

Department of Homeland Security Updates

NERC Staff Organization Chart Budget 2018

The Department of Homeland Security, National Protection. and Programs Directorate, National Initiative for

Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure

Greg Garcia President, Garcia Cyber Partners Former Assistant Secretary for Cyber Security and Communications, U.S. Department of Homeland Security

NERC Staff Organization Chart Budget 2019

Executive Order on Coordinating National Resilience to Electromagnetic Pulses

Homeland Security Perspectives: Oregon Fire District Directors Association October 25, 2018

Food and Agriculture Sector Criticality Assessment

NERC Staff Organization Chart Budget 2019

Incident response to a breach: Right of boom you find ashes

Information Collection Request: The Department of Homeland. Security, Stakeholder Engagement and Cyber Infrastructure

Working Draft Supplemental Tool: Connecting to the NICC and NCCIC Draft October 21, 2013

Outreach and Partnerships for Promoting and Facilitating Private Sector Emergency Preparedness

NATIONAL CAPITAL REGION HOMELAND SECURITY STRATEGIC PLAN SEPTEMBER 2010 WASHINGTON, DC

Updates to the NIST Cybersecurity Framework

Critical Infrastructure Protection and Suspicious Activity Reporting. Texas Department of Public Safety Intelligence & Counterterrorism Division

Emergency Support Function #2 Communications Annex INTRODUCTION. Purpose. Scope. ESF Coordinator: Support Agencies: Primary Agencies:

2 nd Cybersecurity Workshop Test and Evaluation to Meet the Advanced Persistent Threat

PD 7: Homeland Security Presidential Directive 7: Critical Infrastructure Identification, Prioritization, and Protection

CRITICAL INFRASTRUCTURE AND CYBER THREAT CRITICAL INFRASTRUCTURE AND CYBER THREAT

The NIST Cybersecurity Framework

The Office of Infrastructure Protection

An Overview of DHS s Role and Missions. James McCament Chief of Legislative Affairs, USCIS

Industry role moving forward

Dr. Emadeldin Helmy Cyber Risk & Resilience Bus. Continuity Exec. Director, NTRA. The African Internet Governance Forum - AfIGF Dec 2017, Egypt

HPH SCC CYBERSECURITY WORKING GROUP

U.S. Department of Homeland Security Office of Cybersecurity & Communications

NCCIC/ICS-CERT Year in Review National Cybersecurity and Communications Integration Center/ Industrial Control Systems Cyber Emergency Response Team

Critical Infrastructure Partnership

About Issues in Building the National Strategy for Cybersecurity in Vietnam

Grid Security & NERC. Council of State Governments. Janet Sena, Senior Vice President, Policy and External Affairs September 22, 2016

ISAO SO Product Outline

Presidential Documents

Understanding Holistic Effects of Cyber Events on Critical Infrastructure

Department of Homeland Security

Status Update from the Department of Transportation

Needs and Challenges Funding assistance Training Partnership capabilities and sustainment. Implement Risk Management

Software & Supply Chain Assurance: Enabling Enterprise Resilience through Security Automation, Software Assurance and Supply Chain Risk Management

Bradford J. Willke. 19 September 2007

National Preparedness System (NPS) Kathleen Fox, Acting Assistant Administrator National Preparedness Directorate, FEMA April 27, 2015

Implementing the Administration's Critical Infrastructure and Cybersecurity Policy

S&T Stakeholders Conference

Awareness as a Cyber Security Vulnerability. Jack Whitsitt Team Lead, Cyber Security Awareness and Outreach TSA Office of Information Technology

Energy Assurance Plans

Region Snapshot Region IV

300 Riverview Plaza Odysseus Marcopolus, Chief Operating Officer Trenton, NJ POLICY NO: SUPERSEDES: N/A VERSION: 1.0

New Information Collection Request: The Department of. Homeland Security, Office of Cybersecurity and

NATIONAL ELECTRIC GRID SECURITY AND RESILIENCE ACTION PLAN

National Infrastructure Protection Plan (NIPP) Transportation Sector Specific Plan (TSSP) and The TSSP R&D Working Group

Business Continuity Planning

NERC Staff Organization Chart Budget 2017

DHS Emergency Services Sector Presents Tools and Resources for First Responders. June 1, pm ET

Department of Homeland Security Office of Inspector General

CYBERSECURITY FOR STARTUPS AND SMALL BUSINESSES OVERVIEW OF CYBERSECURITY FRAMEWORKS

2014 Sector-Specific Plan Guidance. Guide for Developing a Sector-Specific Plan under NIPP 2013 August 2014

Department of Defense. Installation Energy Resilience

NERC Staff Organization Chart Budget 2017

GPS Vulnerability and DHS Mitigation Efforts. David Wulf Acting Deputy Assistant Secretary Infrastructure Protection Department of Homeland Security

Sharing of Information & Intelligence on the Importation & Transportation of Food

Department of Homeland Security Science and Technology Directorate

NATIONAL STRATEGY FOR GLOBAL SUPPLY CHAIN SECURITY

UNCLASSIFIED//FOR OFFICIAL USE ONLY. Prepare + Prevent + Respond + Recover + Mitigate START WITH PREVENTION

The Australian Government s Approach to Critical Infrastructure Resilience

Grid Security & NERC

FEMA Update. Tim Greten Technological Hazards Division Deputy Director. NREP April 2017

STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE

Intelligence Support to Critical Infrastructure Protection Table of Contents

Transcription:

Critical Infrastructure Sectors and DHS ICS CERT Overview Presented by Darryl E. Peek II REGIONAL INTELLIGENCE SEMINAR AND NATIONAL SECURITY FORUM

2 2

Authorities and Related Legislation Homeland Security Act (HSA) (2002) NSPD-54/ HSPD- 23 Cyber Security and Monitoring (2008) PPD-8 National Preparedness (2011) PPD-21 Critical Infrastructure Security and Resilience (2013) (supersedes HSPD-7) EO 13636 Improving Critical Infrastructure Cybersecurity (2013) Federal FISMA Information Federal Information Security Modernization Security Act (2002/2014) (2002/2014) Modernization Act EO 13691 Promoting Private Sector Cybersecurity Information Sharing (2015) Cybersecurity Act (2015) 3

DHS Mission Alignment Department of Homeland Security (DHS) Missions 1)Prevent terrorism and enhancing security;2)secure and manage our borders; 3)Enforce and administer our immigration laws; 4)Safeguard and secure cyberspace; 5)Ensure resilience to disasters; National Protection and Programs Directorate (NPPD) Mission The mission of NPPD is to lead the national effort to protect and enhance the resilience of the nation's physical and cyber infrastructure. Office of Cybersecurity & Communications (CS&C) Mission Responsible for enhancing the security, resiliency, and reliability of the Nation's cyber and communications infrastructure. CS&C actively engages the public and private sectors as well as international partners to prepare for, prevent, and respond to catastrophic incidents that could degrade or overwhelm these strategic assets. 4

DHS/CS&C Organizational Chart Jeh Johnson DHS Secretary Office of the Chief Technology Officer Enterprise Performance Management Office Suzanne Spaulding NPPD Undersecretary Dr. Phyllis Schneck NPPD Deputy Undersecretary Dr. Andy Ozment CS&C Assistant Secretary Gen. Gregory Touhill CS&C Dep. Assistant Secretary Caitlin Durkovic IP Assistant Sec Office of the Chief of Staff Office of the General Counsel 5

Responsibilities Emergency Communications Capabilities Secure dot-gov Assist in Protecting dot-com Assist in Securing Critical Infrastructure National Security Communications Coordinate Cyber and Communications Incident Response 6

Critical Infrastructure Sectors Critical Manufacturing Information Technology Chemical Commercial Facilities Nuclear Reactors, Materials and Waste Emergency Services Financial Services Defense Industrial Base Energy Communications Dams Healthcare and Public Health Transportation Systems Food and Agriculture Government Facilities Water and Wastewater Systems 7

National Infrastructure Protection Plan 16 Sectors, all different, ranging from asset-focused to systems and networks Outside regulatory space 85% privately owned 100% in State and local jurisdictions 8

The National Plan s Approach to Building and Sustaining Unity of Effort 9

Sector and Cross Sector Coordinating Councils DHS coordinates the overall national effort to enhance CIKR protection and resiliency through the implementation of the NIPP Sector-specific agencies lead the activities in each of 16 sectors and develop and implement Sector-Specific Plans DHS leads 10 of the sectors IP leads six of these sectors 10

Tomorrow Land 11

Vectors to Attack Critical Infrastructure Attacker Vectors: Gain access to the control system LAN Through discovery, gain understanding of the process Gain control of the process. 12

DHS Cyber-Physical Technologies 13

NCCIC/Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) ICS CERT Watch Floor Onsite Incident Response Advance Analytical Laboratory Cybersecurity Evaluation Tool (CSET) John Felker NCCIC Director Marty Edwards ICS CERT Director Site Assistance and Evaluations Outreach and Training ICS Joint Working Group Strategy for Securing Control Systems 14

Fiscal Year 2015 Reporting Source - 295 Total Researcher, 30 Vendor, 1 Unknown, 16 Asset Owner/Operator, 34 Open Source, 24 NCCIC internal analysis, 11 Federal Partners, 179 15

ICS Incidents FY2015 97 Critical Manufacturing Incidents = 33% 46 Energy Incidents = 16% Water, 25 Unknown, 27 Commercial Facilities, 3 Communications, 13 Chemical, 4 CM-Iron and Steel, 2 CM-Aluminum, 1 CM-Engine and Power Transmission, 4 CM-Electrical Equipment, 6 CM-Motor Vehicle, 3 CM-Aviation, 27 Nuclear Reactors, Materials and Waste, 7 Transportation Systems, 23 CM-Other Transportation, 7 Information Technology, 6 Healthcare and Public Health, 14 Critical Manufacturing-Misc, 47 Government Facilities, 18 Food and Agriculture, 2 Financial, 2 Energy-Misc, 13 Energy-Natural Gas, 3 Energy-Petroleum, 14 Dams, 6 Energy-Electricity, 16 Defense Industrial Base, 2 16

Fiscal Year 2015 Attempted Infection Vector - 295 Total Unknown, 70 Abuse of Authorized Access, 7 Brute Force, 4 Network Scanning/Probing, 26 Other, 17 SQL Injection, 4 Spear Phishing, 109 17

Framework for Improving Critical Infrastructure Cybersecurity Executive Order 13636, Improving Critical Infrastructure Cybersecurity, in February 2013 Voluntary framework for reducing cyber risks to critical infrastructure Collaboration between industry and government to promote the protection of critical infrastructure Prioritized, flexible, repeatable, and cost-effective approach helps manage cyber risks 18

Critical Infrastructure Cyber Community (C 3 ) Voluntary Program Focus areas: Support increasing CI cyber resilience Increase awareness of use of the framework Encourage orgs to manage cyber as part of hazards approach to enterprise risk management 19

National Infrastructure Coordinating Center (NICC) Focus areas: Situational Awareness Information Sharing and Collaboration Processing and posting Suspicious Activity Reports (SAR) Assessment and Analysis Decision Support Future Operations 20

Cyber Information Sharing and Collaboration Program (CISCP) Focus areas: Indicator Bulletins Analysis Reports Priority Alerts Recommended Practices 21

Enhanced Cybersecurity Services (ECS) 22

Automated Information Sharing: STIX/TAXII/CybOX TAXII, the Trusted Automated exchange of Indicator Information STIX, the Structured Threat Information expression Phases: Disseminate computer-readable cyber threat indicators Receive, filter, and analyze Automate receipt, retention, use, and sharing Implement a shared services capability 23

Automated Information Sharing: STIX/TAXII 24

Information Sharing & Analysis Centers (ISACs) Information Sharing & Analysis Org(ISAOs) 25

Seven Steps to Effectively Defend Industrial Control Systems 26

Contact DHS ICS-CERT ICS CERT encourages you to report suspicious activity and vulnerabilities affecting critical infrastructure control systems To report control systems cyber incidents and vulnerabilities contact ICS-CERT: Toll Free: 1-877-776-7585 International Callers: 1-208-526-0900 Ics-cert@hq.dhs.gov For industrial control systems security information and incident reporting: http://ics-cert.us-cert.gov 27

28 28

Contact Information Darryl E. Peek II Darryl.peek@hq.dhs.gov DHS/OCIO/OCTO REGIONAL INTELLIGENCE SEMINAR AND NATIONAL SECURITY FORUM 29

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback