U s government demonstrating leadership in cyber security l.jpg
This presentation is the property of its rightful owner.
Sponsored Links
1 / 18

U.S. Government: Demonstrating Leadership in Cyber-Security PowerPoint PPT Presentation


U.S. Government: Demonstrating Leadership in Cyber-Security. March 14, 2000. Cyber-Attack. Economy and National Security dependent upon computer controlled systems One-Third of US Economic Growth 95-98 Security not a design consideration for most critical systems/networks

Download Presentation

U.S. Government: Demonstrating Leadership in Cyber-Security

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


U s government demonstrating leadership in cyber security l.jpg

U.S. Government: Demonstrating Leadership in Cyber-Security

March 14, 2000


Cyber attack l.jpg

Cyber-Attack

  • Economy and National Security dependent upon computer controlled systems

    • One-Third of US Economic Growth 95-98

  • Security not a design consideration for most critical systems/networks

  • Large number of ‘attacks’, unauthorized intrusions, down-loads, malicious code insertion

  • Other nations developing offensive cyber-attack capabilities -- aimed at the U.S.

  • New and Novel Intrusions


Pdd 63 protecting critical infrastructures l.jpg

PDD-63: Protecting Critical Infrastructures

  • Action by Federal, state and local, private sector participants

    • Federal: National Security, public health and safety

    • State and local governments: Maintain order and essential services

    • Private Sector: Essential communications, energy, financial, and transportation services

  • Initial Operating Capability by 2000; Final Operating Capability by 2003

  • Established:

    • National Coordinator -- NSC

    • National Infrastructure Protection Center (NIPC)

    • Critical Infrastructure Assurance Office (CIAO)


National plan blueprint four key themes l.jpg

National Plan Blueprint:Four Key Themes

  • US Government a Model of Information Security

  • Building the Public Private Partnership

  • R&D for Solutions

  • Law Enforcement and National Security Capabilities


The white house is watching so is congress l.jpg

The White House Is Watching(So is Congress)

  • President

    • National Plan for Information Systems Protection

    • Cyber-Summit

    • Agency Directive

  • White House

    • OMB Director Lew Guidance

    • Chief of Staff Podesta Guidance

    • Ongoing Chief of Staff Conference Calls

  • Congress

    • GSA reports

    • Many Hearings

    • Many Bills


Fy 2000 2001 budget l.jpg

FY 2000/ 2001 Budget

  • FY 2000 - $1.75 B Appropriated

    • 10% Civilian Agency

  • FY 2001 - $2.01 B Requested

    • 25% Civilian Agency

    • Key Initiatives - $100 M

      • Institute for Information Infrastructure Protection

      • Federal Cyber Service

      • FIDNET

      • PKI

      • ISACs

      • Expert Review Team

    • R&D - $606 M

  • FY 2000 Supplemental - $9 M


Future budgets l.jpg

Future Budgets

  • OMB/NSC/Interagency Process

    • 1) Proposals Developed

      • From Agency Experts

      • From Interagency Working Groups

    • 2) Interagency/White House OK

    • 3) Action by Departments

    • 4) OMB Review if not part of Departmental Request

  • New Process

    • In Use for Other Cross-cutting Issues


National plan blueprint four key themes8 l.jpg

National Plan Blueprint:Four Key Themes

  • US Government a Model of Information Security

  • Building the Public Private Partnership

  • R&D for Solutions

  • Law Enforcement and National Security Capabilities


U s government as model l.jpg

U.S. Government as Model

  • Identify and Address Vulnerabilities

  • Implement Best Practices

  • Install Defensive Detection Systems

  • Train and Recruit Security Experts

  • Fund R&D


One identify and address vulnerabilities l.jpg

One: Identify and Address Vulnerabilities

  • Vulnerability Assessment vs Threat Analysis

  • Tension between Cyber and Physical

  • Interdependencies and Single Points of Failure

  • New Elements:

    • Project Matrix

    • Expert Review Team

    • Open Source Software

    • Patch Prioritization

    • Recommended Practices

    • PKI


Project matrix shared interdependencies l.jpg

Project MatrixShared Interdependencies

  • Complete Picture of Asset Dependencies and Interdependencies

  • Three Steps

    • Identify PDD-63 Relevant Assets

    • Capture Major Nodes and Networks which USG Critical Assets Depend

    • Tie Critical Assets and Supporting Nodes/Networks to Underlying Infrastructures


Two implement best practices l.jpg

Two:Implement Best Practices

  • Convergenceof Three Initiatives

    • Critical Infrastructure Protection Working Group

    • Model Information Systems Security Program

    • CIO Council Strategic Objectives

  • CIO Council Security, Privacy and Critical Infrastructure Committee Lead

  • Objective: Into the hands of practitioners soon


Three defensive detection systems l.jpg

Three:Defensive Detection Systems

  • Invest in Current Best of Breed

    • Intrusion Detection Monitors/Firewalls

    • Access/Activity Rules

    • Enterprise Wide Management Systems

  • Deploy Next Generation Government-Wide Systems

    • JTF-CND -- for DOD

    • FIDNet -- for Civilian Agences

    • NSIRC -- for national security systems

  • Drive Technology

    • Vendor conference 3/15


Fidnet architecture l.jpg

FIDNet Architecture

  • System of Systems

    • Departments run own intrusion detection systems

    • Link to FIDNet

  • Information Exchange

  • Enhances FedCIRC Capabilities

  • Run by GSA

  • Base for Additional Capabilities

    • patch distribution


Four train and recruit security experts l.jpg

Four: Train and Recruit Security Experts:

  • Centers for IT Excellence

  • Scholarship for Service Program

  • High School Recruitment and Computer Security Awareness program

  • Federal Computer Security Awareness Program

  • IT Occupational Study/Reform


Five fund r d l.jpg

Five:Fund R&D

  • Institute for Information Infrastructure Protection

  • National framework: Coordinated Federal and Private Sector efforts

  • Key Priorities

    • Indications of anomalous behavior within systems

    • Large-scale automated correlation of events

    • Automated alarm analysis


Summary l.jpg

Summary

  • Federal Government Must be a Model

  • White House Support for Budget and Resources

  • Need for Action

    • Vulnerabilities

    • Best Practices

    • FIDNet and Detection Systems

    • Training and Recruitment

    • R&D


Contact l.jpg

CHAIR, USG as a Model Working Group

Tom Burke

General Services Administration (GSA)

202 708 7000

[email protected]

NSC Senior Director for Critical Infrastructure

Jeffrey Hunker

National Security Council (NSC)

202 456 9351

[email protected]

CONTACT


  • Login