U.S. Department of Homeland Security Office of Cybersecurity & Communications

Similar documents
The Deloitte-NASCIO Cybersecurity Study Insights from

Cyber Security & Homeland Security:

DHS Cybersecurity: Services for State and Local Officials. February 2017

Information Collection Request: The Department of Homeland. Security, Stakeholder Engagement and Cyber Infrastructure

Department of Homeland Security Updates

Water Information Sharing and Analysis Center

Implementing the Administration's Critical Infrastructure and Cybersecurity Policy

2016 Nationwide Cyber Security Review: Summary Report. Nationwide Cyber Security Review: Summary Report

Software & Supply Chain Assurance: Enabling Enterprise Resilience through Security Automation, Software Assurance and Supply Chain Risk Management

The Office of Infrastructure Protection

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013

Testimony. Christopher Krebs Director Cybersecurity and Infrastructure Security Agency U.S. Department of Homeland Security FOR A HEARING ON

The Office of Infrastructure Protection

NGA Governor s Energy Advisors Energy Policy Institute Resiliency Panel

Statement for the Record

State Governments at Risk: State CIOs and Cybersecurity. CSG Cybersecurity and Privacy Policy Academy November 2, 2017

December 10, Statement of the Securities Industry and Financial Markets Association. Senate Committee on Banking, Housing, and Urban Development

The Office of Infrastructure Protection

PA TechCon. Cyber Wargaming: You ve been breached: Now what? April 26, 2016

DHS Cybersecurity. Election Infrastructure as Critical Infrastructure. June 2017

2017 SPRING INTERNSHIP PROGRAM OPPORTUNITY

FEMA Region III Cyber Security Program

79th OREGON LEGISLATIVE ASSEMBLY Regular Session. Senate Bill 90

Cyber Resilience. Think18. Felicity March IBM Corporation

Homeland Security Perspectives: Oregon Fire District Directors Association October 25, 2018

The Office of Infrastructure Protection

PIPELINE SECURITY An Overview of TSA Programs

DHS Emergency Services Sector Presents Tools and Resources for First Responders. June 1, pm ET

PROTECTING ARIZONA AGAINST CYBER THREATS THE ARIZONA CYBERSECURITY TEAM

CALIFORNIA CYBERSECURITY TASK FORCE

Emergency Support Function #2 Communications Annex INTRODUCTION. Purpose. Scope. ESF Coordinator: Support Agencies: Primary Agencies:

Critical Infrastructure Protection and Suspicious Activity Reporting. Texas Department of Public Safety Intelligence & Counterterrorism Division

Standing Together for Financial Industry Resilience Quantum Dawn 3 After-Action Report. November 19, 2015

Implementing Executive Order and Presidential Policy Directive 21

Public Safety Communications Evolution

Advanced Cyber Risk Management Threat Modeling & Cyber Wargaming April 23, 2018

Cybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com

S&T Stakeholders Conference

Critical Infrastructure Mission Implementation by State, Local, Tribal, and Territorial Agencies and Public-Private Partnerships.

POSITION DESCRIPTION

National Preparedness System (NPS) Kathleen Fox, Acting Assistant Administrator National Preparedness Directorate, FEMA April 27, 2015

Cybersecurity: Federalism as Defense-in-Depth

300 Riverview Plaza Odysseus Marcopolus, Chief Operating Officer Trenton, NJ POLICY NO: SUPERSEDES: N/A VERSION: 1.0

Federal Information Sharing Resources for Small and Midsize Businesses

Executive Order on Coordinating National Resilience to Electromagnetic Pulses

Federal Civilian Executive branch State, Local, Tribal, Territorial government (SLTT) Private Sector (PS) Unclassified / Business Networks

Critical Infrastructure Sectors and DHS ICS CERT Overview

June 5, 2018 Independence, Ohio

Implementation Strategy for Cybersecurity Workshop ITU 2016

The Office of Infrastructure Protection

CyberUSA Government Cyber Opportunities for your Region: The Federal Agenda - Federal, Grants & Resources Available to Support Community Cyber

ASSEMBLY, No STATE OF NEW JERSEY. 217th LEGISLATURE INTRODUCED FEBRUARY 4, 2016

AGENCY: National Weather Service, National Oceanic and Atmospheric Administration, U.S.

Election Infrastructure Security: The How and Why of It

Critical Infrastructure Resilience

NATIONAL DEFENSE INDUSTRIAL ASSOCIATION Homeland Security Symposium

Media Kit. California Cybersecurity Institute

Office of Infrastructure Protection Overview

ICS-CERT Year in Review. Industrial Control Systems Cyber Emergency Response Team

Updates to the NIST Cybersecurity Framework

Cybersecurity and Data Protection Developments

Legal and Regulatory Developments for Privacy and Security

Quadrennial Homeland Security Review (QHSR) Ensuring Resilience to Disasters

National Policy and Guiding Principles

Cybersecurity and Hospitals: A Board Perspective

POSITION DESCRIPTION

Incident Response Services

Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure

Emergency Support Function #12 Energy Annex. ESF Coordinator: Support Agencies:

Emergency Management Response and Recovery. Mark Merritt, President September 2011

Security in Today s Insecure World for SecureTokyo

THE WHITE HOUSE. Office of the Press Secretary. EMBARGOED UNTIL DELIVERY OF THE PRESIDENT'S February 12, 2013 STATE OF THE UNION ADDRESS

GridEx IV Initial Lessons Learned and Resilience Initiatives

Today s cyber threat landscape is evolving at a rate that is extremely aggressive,

2014 Sector-Specific Plan Guidance. Guide for Developing a Sector-Specific Plan under NIPP 2013 August 2014

An Overview of DHS s Role and Missions. James McCament Chief of Legislative Affairs, USCIS

Awareness as a Cyber Security Vulnerability. Jack Whitsitt Team Lead, Cyber Security Awareness and Outreach TSA Office of Information Technology

CLOSING IN FEDERAL ENDPOINT SECURITY

FEMA Update. Tim Greten Technological Hazards Division Deputy Director. NREP April 2017

Homeland Security Enterprise (HSE) Geospatial Concept of Operations (GeoCONOPS)

DHS Supply Chain Activity: Cross-Sector Supply Chain Working Group and Strategy on Global Supply Chain Security

Alternative Fuel Vehicles in State Energy Assurance Planning

Standing Together for Financial Industry Resilience Quantum Dawn IV after-action report June 2018

South Dakota Utah Wyoming Needs and Challenges Funding assistance Training Federal program enhancements Exercises

The Center of Innovation: Creating an Innovation

STATE ENERGY RISK ASSESSMENT INITIATIVE ENERGY INFRASTRUCTURE MODELING AND ANALYSIS. National Association of State Energy Of ficials

American Association of Port Authorities Port Security Seminar & Expo Cyber Security Preparedness and Resiliency in the Marine Environment

The Office of Infrastructure Protection

UNCLASSIFIED. National and Cyber Security Branch. Presentation for Gridseccon. Quebec City, October 18-21

March 21, 2016 MEMORANDUM FOR THE HEADS OF EXECUTIVE DEPARTMENTS AND AGENCIES. Building National Capabilities for Long-Term Drought Resilience

Cybersecurity for State and Local Law Enforcement: A Roadmap to Enhance Capabilities

SOLUTION BRIEF Virtual CISO

GEORGIA CYBERSECURITY WORKFORCE ACADEMY. NASCIO 2018 State IT Recognition Awards

Cyber Attacks & Breaches It s not if, it s When

Briefing to National Association of Regulatory Utility Commissioners

Greg Garcia President, Garcia Cyber Partners Former Assistant Secretary for Cyber Security and Communications, U.S. Department of Homeland Security

COUNTERING IMPROVISED EXPLOSIVE DEVICES

STRATEGIC PLAN VERSION 1.0 JANUARY 31, 2015

STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE

2 nd Cybersecurity Workshop Test and Evaluation to Meet the Advanced Persistent Threat

Transcription:

U.S. Department of Homeland Security Office of Cybersecurity & Communications Council of State Governments Cybersecurity Session November 3, 2017

Cybersecurity & Communications (CS&C) CS&C s Mission ensure the security, resiliency, and reliability of the Nation s cyber and communications infrastructure CS&C works to prevent or minimize disruptions to our critical information infrastructure in order to protect the public, the economy, government services, and the overall security of the United States. Prepare for, protect against, and respond to incidents that could degrade or overwhelm the networks, systems, and assets that make up our Nation s information technology, cyber, and communications infrastructure Protect Federal Civilian networks (.gov,.com) Host, conduct exercises to prepare Federal, state, local, and private sectors for cyber attack

Stakeholder Engagement & Cyber Infrastructure Resilience (SECIR) The SECIR division serves as the Department s primary coordination point for cybersecurity stakeholder engagement and national security and emergency preparedness communications activities. SECIR also leads a number of key cybersecurity and communications resilience programs. Each of the divisions within CS&C rely upon SECIR to streamline coordination and engagement with government and industry partners, while SECIR leverages the capabilities and subject matter experts across CS&C to meet stakeholder needs.

National Cybersecurity & Communications Integration Center (NCCIC) The NCCIC is a 24x7 cyber situational awareness, incident response, and management center that is a national nexus of cyber and communications integration for Federal civilian agencies, the intelligence community, law enforcement, State and local government, and the private sector

UNCLASSIFIED 5

UNCLASSIFIED 6

Office of Emergency Communications (OEC) OEC supports and promotes communications used by emergency responders and government officials to keep America safe, secure, and resilient. Leads the Nation s operable and interoperable public safety and national security and emergency preparedness communications efforts Provides training, coordination, tools, and guidance to help its federal, state, local, tribal, territorial and industry partners develop their emergency communications capabilities OEC s programs and services coordinate emergency communications planning, preparation and evaluation, to ensure safer, better-prepared communities nationwide.

Deloitte-NASCIO Cybersecurity Study 2016 2014 Frequency of cybersecurity discussion with executive leadership Monthly Quarterly Annually 45% 16% 6% 30% 18% 8% Frequency of cybersecurity reporting to the governor Monthly Quarterly Annually Ad hoc Frequency of cybersecurity reporting to the state legislature Monthly Quarterly Annually Ad hoc Top 5 barriers in addressing cybersecurity challenges Lack of sufficient funding Inadequate availability of cybersecurity professionals Lack of documented processes Increasing sophistication of threats Lack of visibility and influence within the enterprise Top human resource factors that negatively impact CISO s ability to develop, support and maintain cybersecurity workforce State s salary rates and pay grade structure Lack qualified candidates due to federal agencies/private sector demand Workforce leaving for private sector Intrastate attrition for higher salary positions Lengthy hiring process Lack of defined career path and opportunities 29% 2% 12% 39% 4% 6% 29% 35% 80% 51% 45% 45% 33% 96% 59% 47% * * * 17% 4% 15% 40% 0% 0% 28% 40% 75.5% 59.2% 32.7% 61.2% 49.0% 89.9% * 71.4% 32.7% 53.1% 67.3%

National Preparedness Report 2015 2012 Addressing cybersecurity capability gaps perceived as entirely or mostly a 70% 49% state responsibility Percent of 53 states and territories surveyed by NEMA indicating need for continued Federal support to augment cybersecurity efforts 100% * o Percent identifying financial assistance as among federal resources 60% needed o Percent identifying training opportunities as among federal 94% resources needed o Percent identifying technical assistance as among federal 91% resources needed o Percent identifying support for sharing best practices between states as among federal resources needed 85% MS-ISAC Nationwide Cyber Security Review Top security concerns Lack of security program funding (State and local) Increasing sophistication of threats (State and local) Lack of documented processes (local) Lack of a cybersecurity strategy (local) Lack of available security professionals (tribal, but emerging across SLTT)

UNCLASSIFIED 10

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback