Cyber Security & Homeland Security: Cyber Security for CIKR and SLTT Michael Leking 19 March 2014 Cyber Security Advisor Northeast Region Office of Cybersecurity and Communications (CS&C) U.S. Department of Homeland Security (DHS)
Office of Cybersecurity and Communications MISSION: To enhance the security, resilience, and reliability of the Nation s cyber and communications infrastructure. Capabilities: CS&C works collaboratively with public, private, and international entities to secure, assess, and mitigate cyber risk; and prepare for, prevent, and respond to cyber incidents. CS&C leads efforts to protect the federal.gov domain of civilian government networks and to collaborate with the private sector the.com domain to increase the security of critical networks. Build and maintain a world-class organization to advance the Nation s cybersecurity preparedness and raise awareness across the Nation on cybersecurity Sector-Specific Agency for the Communications and Information Technology (IT) sectors, CS&C coordinates national-level reporting that is consistent with the National Response Framework (NRF). Presenter s Name June 17, 2003 2
Cyber Security Advisor Initiative Roles and Responsibilities Assist in the identification of cyber systems, networks, and infrastructure supporting CIKR assets and be knowledgeable of corresponding interdependencies in their region Coordinate and lead cyber security evaluations of critical infrastructure within the region represented Raise awareness of CS&C activities Function as the National Cyber Security Division representative to State and local emergency operations centers (EOCs) and State and local fusion centers Establish working relationship and rapport with State and local area CISOs in the region represented Coordinate with Federal personnel within region to integrate cyber security response and assessment perspectives (i.e., with PSAs, FEMA, Federal LE, etc) Coordinate cyber and communications incident response Presenter s Name June 17, 2003 3 3
The Cybersecurity Framework In February 2013 the President issues Executive Order 13636: Improving Critical Infrastructure Cybersecurity One component of that Executive Order directed the National Institute of Standards and Technology (NIST) to work with stakeholders to develop a voluntary framework based on existing standards, guidelines, and practices - for reducing cyber risks to critical infrastructure The resulting Cybersecurity Framework (CSF), created through collaboration between industry and government, consists of standards, guidelines, and practices to promote the protection of critical infrastructure The prioritized, flexible, repeatable, and cost-effective approach of the Framework helps owners and operators of critical infrastructure to manage cybersecurity-related risk Additional information on the NIST Cybersecurity Framework can be found on the official webpage at http://www.nist.gov/cyberframework/ 4
Critical Infrastructure Cyber Community (C 3 ) Website: http:// www.us-cert.gov/ccubedvp General C3 inquiries: ccubedvp@ hq.dhs.gov DHS launched the C 3 Program in February, 2014 to complement the launch of the NIST CSF The C³ Voluntary Program helps sectors and organizations that want to use the CSF by connecting them to existing cyber risk management capabilities provided by DHS, other U.S. Government organizations, and the private sector. The C3 website (http://www.uscert.gov/ccubedvp) describes the various programs DHS offers to critical infrastructure partners, including Federal, State, local, and private sector organizations Many of the programs described on the following slides can also be found on the website 5
Cyber Resilience and the Framework Relationship between DHS Cyber Resilience Review and the Cybersecurity Framework. Identify Services Create Asset Inventory Protect & Sustain Assets Disruption Management Cyber Exercise Identify and prioritize services Identify assets, align assets to services, and inventory assets Establish risk management, resilience requirements, control objectives, and controls Establish continuity requirements for assets and develop service continuity plans Define objectives for cyber exercise, perform exercises, and evaluate results Homeland Security Process Management and Improvement * CRR to NIST CSF crosswalk available Office of Cybersecurity and Communications 6 6
A Wide Range of Offerings for Critical Infrastructure Technical Assistance National Cybersecurity and Communications Integration Center (NCCIC) US-CERT Operations Center o Remote and On-Site Assistance o Malware Analysis o Incident Response Teams ICS-CERT Operations Center o ICS-CERT Malware Lab o Cyber Security Evaluation Tool o Incident Response Teams NCATS o Cyber Hygiene service o Risk and Vulnerability Assessment Resilience and Strategy US-CERT National Cyber Awareness System Vulnerability Notes Database Security Publications Control Systems Security Program Cybersecurity Training Information Products and Recommended Practices Cyber Exercise Program Cyber Security Evaluations Program Cyber Resilience Review Cyber Infrastructure Survey Tool 7
DHS Cyber Security Evaluations: Cyber Resilience Review (CRR) Cyber Security Evaluation Tool (CSET) Cyber Infrastructure Survey Tool (C-IST) Cyber Hygiene (CH) Evaluations Pen Test (aka RVA) ICS Architecture Review Cybersecurity Framework Presenter s Name June 17, 2003 8 8
Cyber Resilience Review (CRR) Based on the CERT Resilience Management Model (RMM), a process improvement model for managing operational resilience Development of CRR methodology began in early 2009 Deployment across all 18 CIKR sectors as well as State, local, tribal, and territorial governments Primary goal: Evaluate how CIKR providers manage cyber security of significant information services and assets (information, technology, facilities, and personnel) Secondary goal: Identify opportunities for improvement in cyber security management and reduce operational risks related to cyber security Presenter s Name June 17, 2003 9
CRR Architecture Overview Focused Activity 10 Domains Required (What to do to achieve the capability) Domain Goals MIL Levels [per Domain] Expected (How to accomplish the goal) Domain Practice Questions MIL Questions [per Domain] Process Institutionalization Elements 10
CRR Domains AM Asset Management identify, document, and manage assets during their life cycle IM Incident Management identify and analyze IT events, detect cyber security incidents, and determine an organizational response CCM Configuration and Change Management ensure the integrity of IT systems and networks SCM Service Continuity Management ensure the continuity of essential IT operations if a disruption occurs RISK Risk Management identify, analyze, and mitigate risks to critical service and IT assets EXD External Dependencies Management establish processes to manage an appropriate level of IT, security, contractual, and organizational controls that are dependent on the actions of external entities CNTL Controls Management identify, analyze, and manage IT and security controls TRNG Training and Awareness promote awareness and develop skills and knowledge of people VM Vulnerability Management identify, analyze, and manage vulnerabilities SA Situational Awareness actively discover and analyze information related to immediate operational stability and security 11
Benefits of the CRR Identification of cyber security risks and improved organization-wide awareness of the need for effective cyber security management Understanding how similar organizations manage cyber security around a common critical infrastructure service DHS will provide organizations with a CRR Report that includes : Documented strengths and weaknesses in cyber security management Options for consideration to improve cyber security in support of critical infrastructure operations Establish/strengthen collaborative relationships with DHS Increased awareness of DHS programs related to cyber security: Control Systems security Cyber exercises Training/education resources Presenter s Name June 17, 2003 12
CRR Report Presenter s Name June 17, 2003 13
DHS CRR Analytical Findings 14
Cyber Resilience Workshops DHS facilitated four or eight-hour workshop introduces cyber security managers and practitioners to cyber resilience concepts and to capability and capability building activities in key performance areas related to cyber security, IT operations, and business continuity. These collaborative and interactive workshops: Raise awareness to gaps in cyber management practices and to process improvements for CIKR and SLTT communities. Reinforce cyber security best practices and examine resilience concepts and objectives. Share information with communities-of- interest related to national cyber security policies, initiatives, and federal capabilities. Enhance cyber incident response and business continuity capabilities and discuss federal coordination for incident notification, containment, and recovery. What to Expect: A four or eight-hour, collaborative workshop, with interactive discussions between operations and cyber security personnel. Structured dialogs and scenario walkthroughs to reinforce resilience concepts and best practices. Sector/industry-specific content and threat examples. Presenter s Name June 17, 2003 15
Cyber Security Evaluation Tool (CSET ) TM Stand-alone software application Self-assessment using recognized standards Tool for integrating cybersecurity into existing corporate risk management strategy CSET Download: us-cert.gov/control_systems/csetdownload.html 16
Help and Guidance Video Tutorial Users Guide Screen Specific Guidance Topic/ Question Help 17
Hard-copy Reports 18
Contact Information Michael Leking (michael.leking@dhs.gov) Cyber Security Advisor - Northeast Region Office of Cybersecurity and Communications Department of Homeland Security Presenter s Name June 17, 2003 19