Information sharing initiatives in critical infrastructure protection and resilience
This presentation is the property of its rightful owner.
Sponsored Links
1 / 58

Information Sharing Initiatives In Critical Infrastructure Protection and Resilience PowerPoint PPT Presentation


  • 322 Views
  • Uploaded on
  • Presentation posted in: General

Information Sharing Initiatives In Critical Infrastructure Protection and Resilience. Denise Anderson Vice Chair-National Council of ISACs Vice President FS-ISAC, Government and Cross Sector Programs Financial Services Information Sharing & Analysis Center (FS-ISAC).

Download Presentation

Information Sharing Initiatives In Critical Infrastructure Protection and Resilience

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Information sharing initiatives in critical infrastructure protection and resilience

Information Sharing Initiatives In Critical Infrastructure Protection and Resilience

Denise Anderson

Vice Chair-National Council of ISACs

Vice President FS-ISAC, Government and Cross Sector Programs

Financial Services Information Sharing & Analysis Center (FS-ISAC)

National Council of ISACs


Agenda

Agenda

  • Critical Infrastructure

  • What is an ISAC?

  • Descriptions of the various ISACs and capabilities/reach

  • What is the National Council of ISACs?

  • Overview of Council Activities

  • Case Studies: Lessons Learned

  • Five Initiatives To Enhance Critical Infrastructure Protection and Resilience


Critical infrastructure

Critical Infrastructure

  • 18 Defined Sectors:

Agriculture and Food

Defense Industrial Base

Energy

Healthcare & Public Health

Banking & Finance

Water

Chemical

Commercial Facilities

Critical Manufacturing

Dams

Communications

Postal & Shipping

Transportation Systems

Government Facilities

Emergency Services

Nuclear Reactors, Materials & Waste

Information Technology

National Monuments & Icons


What is an isac

What is an ISAC?

  • Relationship to sectors

  • Funding

  • Structure/Operations

  • Functions


Why isacs

Why ISACs?

  • Trusted entities established by CI/KR owners

  • and operators.

  • Comprehensive sector analysis

  • Reach-within their sectors, with other sectors, and

  • with government to share critical information.

  • All-hazards approach

  • Threat level determination for sector


Why isacs1

Why ISACs?

  • Operational services such as risk mitigation,

  • incident response, and information sharing

  • Fast response on accurate, actionable and

  • relevant information

  • Empower business resiliency through security

  • planning, disaster response and recovery

  • execution. Most ISACs, by

  • definition, have 24/7

  • threat warning,

  • incident reporting capabilities


Isacs

ISACs

Communications ISAC

Electricity ISAC

Emergency Management & Response ISAC

Financial Services ISAC

Highway ISAC

Information Technology ISAC

Maritime ISAC

Multi-State ISAC


Isacs1

ISACs

National Health ISAC

Public Transit ISAC

Real Estate ISAC

Research and Education ISAC

Supply Chain ISAC

Surface Transportation ISAC

Water ISAC


Other operational entities

Other Operational Entities

  • Defense Industrial Base (DIB)

  • Nuclear

  • Oil & Gas

  • Chemical

  • Airline


Isac example fs isac information sharing and analysis tools for members

ISAC EXAMPLE: FS-ISAC Information Sharing and Analysis Tools for Members

  • Cyber & Physical alerts from 24/7 Security Ops Center

  • Briefings/white papers

  • Risk Mitigation Toolkit

  • Document Repository

  • Anonymous Submissions

  • Committee Listservs

  • Member surveys

  • Bi-weekly Threat calls

  • Special info sharing member conference calls

  • Crisis Management process– CMLT, CINS

  • Semi-annual conferences

  • Webinars

  • Regional Program

  • Viewpoints


Communications isac

Communications ISAC

  • The DHS National Coordinating Center partners with the private sector in the ISAC and provides 24x7 operational support

  • Members include communications equipment and software vendors, wire line communications providers, wireless communications providers, including satellite providers, Internet Service Provider backbone networks

  • www.ncs.gov/ncc


Electricity isac

Electricity ISAC

  • The ES-ISAC’s coverage includes bulk power system entities and 18 Reliability Coordinators and covers the entire continental United States and Canada

  • Working on developing the necessary communication and participation with non-bulk power system entities and their critical suppliers

  • www.esisac.com


Emr isac

EMR ISAC

  • Initiated in 2000 by a FEMA contract, operates from the National Emergency Training Center in Emmitsburg, MD

  • Reaches over 40,000 ESS departments and agencies directly, thousands more reached through ESS associations, departments and agencies as well as state and local fusion centers

  • www.usfa.dhs.gov/emr-isac


Financial services isac

Financial Services ISAC

  • The only industry forum for collaboration on critical security threats facing the financial services sector

  • Over 4,200 direct members and 30 member associations

  • Ability to reach 99% of the banks and credit unions and 85% of the securities industry, and nearly 50% of the insurance industry

  • www.fsisac.com


Highway isac

Highway ISAC

  • Cooperative Agreement with (DHS) Trucking Security Program (TSP)

  • Provide anti-terrorism and security awareness training for highway professionals and recruit volunteers to report suspicious activities

  • Reach over 2 million

  • www.firstobserver.com


Information technology isac

Information Technology ISAC

  • Reaches 90% of all desktop operating systems, 85% of all databases; 76% of the global microprocessor market; 85% of all routers and 65% of software security

  • www.it-isac.org


Maritime security isac

Maritime Security ISAC

  • Established in 1988

  • Non-profit, member driven organization representing ocean carriers, cruise lines, port facilities and terminals, logistics providers, importers, exporters and related maritime industries throughout the world 

  • http://www.maritimesecurity.org/


Multi state isac

Multi-State ISAC

  • Includes all 50 States, the District of Columbia, five U.S. Territories, one local governments per state and all state homeland security offices

  • The MS-ISAC continues to broaden its local government participation to include all of the approximate 39,000 municipalities and fusion centers

  • www.msisac.org


National health isac

National Health ISAC

  • The NH-ISAC serves to protect the nation's healthcare and public health critical infrastructure against security threats and vulnerabilities.

  • Founded in 2010 leveraging Center for Technology Innovation at Kennedy Space Center

  • Healthcare and Public Health organizations

  • www.nhisac.org


Public transit isac

Public Transit ISAC

  • Created by The American Public Transportation Association (APTA). APTA is designated by the US Department of Transportation as the sector coordinator for the US public transit industry

  • Members serve more than 90% of persons using public transportation in the United States and Canada

  • www.surfacetransportationisac.org/APTA.asp


Real estate isac

Real Estate ISAC

  • Created by the Real Estate Roundtable in 2003

  • Membership comprised of 11 major associations such as BOMA, IREM, American Hotel & Lodging, National Apartment Association, International Institute of Shopping Centers, Real Estate Roundtable

  • http://reisac.org/


Ren isac

REN ISAC

  • Supported by Indiana University and through relationships with EDUCAUSE and Internet2, the REN-ISAC is an integral part of higher education's strategy to improve network security specifically designed to support the unique environment and needs of over 1,400organizations connected to served higher education and research networks

  • Ability to reach 4,000 EDU organizations

  • www.ren-isac.net


Supply chain isac

Supply Chain ISAC

  • Includes over 661 manufacturers & shippers, cargo carriers (air, rail, highway and maritime), consignees, supply chain service suppliers, law enforcement and federal government agencies, which reach almost 1,700 users

  • Launched in June 2006 with the announcement of its sponsorship by the International Cargo Security Council (ICSC) at the ICSC Annual Conference

  • www.secure.sc-investigate.net/SC-ISAC


Surface transportation isac

Surface Transportation ISAC

  • Created by the Association of American Railroads in 2002 at the request of the Secretary of Transportation

  • The ST-ISAC supports 95% of the North American freight railroad infrastructure

  • www.surfacetransportationisac.org


Water isac

Water ISAC

  • Currently provides security information to water and wastewater utilities that provide services to more than 65% of the American population

  • www.waterisac.org


National council of isacs

National Council of ISACs

Began meeting in 2003 to address common concerns and cross-sector interdependencies

Volunteer group of ISACs who meet monthly to develop trusted working relationships among sectors on issues of common interest and work on initiatives of value to CI/KR


National council of isacs structure

National Council of ISACs-Structure

National Council of ISACs: four designated operational representatives from each ISAC sit on the Council.

ISAC Plus: all other entities/representatives such as operations centers who participate in information sharing

Leadership:

Chair: Will Pelgrin-Multi-State ISAC

Vice-Chair: William Nelson-Financial Services ISAC

Secretary: Denise Anderson-Financial Services ISAC


National council of isacs mission

National Council of ISACs Mission

The mission of the National Council of Information Sharing and Analysis Centers Council (ISACs) is to advance the physical and cyber security of the critical infrastructures of North America by establishing and maintaining a framework for valuable interaction between and among the ISACs and with governments.


Information sharing initiatives in critical infrastructure protection and resilience

Information Sources

Communications

Daily & Weekly ISAC Calls

PCIS

ListServ and Trusted Relationships

ISAC Ops Centers

ISACs & Other Sectors

Monthly Meetings

National Council of ISACs

Best Practice Sharing - Joint Statements -White Papers

DHS & Other Government Partners

Private Sector Liaison At The NICC

CIP Congress

ENS Calls And Crisis Calls

Briefings

Other Sources

(Hundreds)


National council of isacs activities examples

National Council of ISACs Activities-Examples

Increase involvement of sectors without ISACs

Drills/Exercises Such as NLEs, Cyber Storm

Private Sector Liaison at the NICC

Emergency Classified Briefing Process

Cross Sector Information Sharing Framework

Implement Real-Time sector Threat Level Reporting

Directorate


Information sharing initiatives in critical infrastructure protection and resilience

CLICK


Case studies recent incidents

Case Studies: Recent Incidents

  • DNS Cache Poisoning

  • Hurricanes Gustav and Ike

  • H1N1

  • ISAC Example:

    • RSA Breach

    • Account Take Over Attacks


Dns cache poisoning

DNS Cache Poisoning

When the DNS Cache Poisoning vulnerability was discovered in July 2008, ISACs alerted each other and shared mitigation strategies:

  • Sector Call

  • Information Sharing via ListServ

  • Information Sharing via trusted relationships

  • Weekly Inter-ISAC calls

  • Joint Bulletin published by IT, Communications and FS ISACs


Hurricanes gustav ike

Hurricanes Gustav & Ike

During Hurricanes Gustav & Ike, the National Council of ISACs stood up (in partnership with DHS and PCIS) a private sector liaison seat at the NICC

  • Information Sharing via ListServ

  • Information Sharing via trusted relationships

  • Weekly Inter-ISAC calls

  • ENS and Crisis calls

  • Success Stories


Information shared

Information Shared

  • List of ATM’s that have been used in the last 24 hours in affected regions along the gulf coast

  • Missing ACH Files

  • List of merchants in affected regions that have seen credit/debit card transactions in the last 24 hours, categorized by Fuel, Building Materials, Food and Medicine


Lessons learned

Lessons Learned

Education: reach out to sectors and down to owners/operators-A new way of thinking

Compiling common situations/questions for training and future incidents

Politics

Successes

EPA

VISA


Information sharing initiatives in critical infrastructure protection and resilience

H1N1

The ISACs were and are actively engaged in

  • Sector Calls with DHS and CDC

  • Information Sharing via ListServ

  • Information Sharing via trusted relationships

  • FS-ISAC Business Resiliency Committee calls

  • Best practices guidelines


Rsa breach

RSA Breach

March 11, 2011-Breach detected not public

  • Thursday March 17, 2011 story broke

    • Threat Intelligence Committee Call

  • Friday March 18, 2011

    • Cyber UCG call

    • NCI call with DHS

    • Threat Intelligence Committee Call w/RSA

    • FS-ISAC Membership Call w/RSA

    • NCI call

  • Mitigation Report Working Group Calls

  • Mitigation Report


Five major initiatives to enhance critical infrastructure protection and resilience

Five Major Initiatives To Enhance Critical Infrastructure Protection and Resilience

NICC Liaison

Classified Briefing Initiative

Joint Coordination Center Pilot

NLE 11

NCCIC & UCG


Nicc liaison purpose

NICC Liaison: Purpose

Establish a private sector liaison with a physical presence at the National Infrastructure Coordinating Center (NICC) to serve as a conduit for information between the CI/KR Private Sector and DHS Office of Infrastructure Protection (IP) particularly in instances of incidents of national significance but also during special security events, exercises and drills.


Nicc liaison activities

NICC Liaison: Activities

  • Work with IP Partners to validate CIKR information and assessments for all 18 sectors

  • Support activities relating to RFIs and RFAs

  • Contribute to reports, as necessary

  • Help facilitate situational awareness

  • Facilitate CIKR private sector pull teleconferences as necessary

  • Staff seat during certain exercises and other situations as appropriate


Nicc liaison qualifications

NICC Liaison: Qualifications

Sector-designated operational representative

Maintain minimum of a secret level clearance

Complete 3-Hour Training Program

Visit Freedom Center once every 4 weeks

Sign an agreement to represent all sectors


Nicc liaison contact information

NICC Liaison Contact Information

[email protected]

703-563-3430


Classified briefing objective

Classified Briefing: Objective

The Emergency Private Sector Classified Briefing Program enables Federal intelligence agencies to reach all Private Sector Critical Infrastructure represented by the National Council of ISACs Members, PCIS, and other private sector participating entities to relay classified information on an emergency basis.


Classified briefing who

Classified Briefing: Who

  • Private Sector representatives from all 18 Sectors

  • 8 designated representatives per sector

  • 4 designated operations and 4 designated policy

  • Minimum clearance level-Secret


Classified briefing how

Classified Briefing: How

  • Classified Briefing Group on ENS list

  • Any intelligence agency can trigger notification via NICC

  • 24-hour notice period


Joint coordination center pilot

Joint Coordination Center-Pilot

  • National Security Telecommunications Advisory Council-NSTAC

  • Cross-Sector Cyber Security Collaboration and Analysis

  • Pilot project initially involving the FS-ISAC; IT-ISAC; Defense Security Information Exchange (DSIE) and Communications ISAC.


Joint coordination center pilot1

Joint Coordination Center-Pilot

  • Private Sector Component

  • Establish a common operating picture amongst sectors and analysis products to support efforts to detect, prevent, mitigate and respond to cyber security events through a 24x7 Joint Coordination Center

  • Current Activity


Nle 11

NLE 11

  • Private Sector Working Group

  • Ground Truth Documents

    • Electricity, Water, Surface Transportation, Communications

  • Sim Cell and Private Sector Liaison Play

  • Long-Term Recovery Workshops and TTX


What is the nccic

What Is The NCCIC?

  • National Cybersecurity and Communications Integration Center

  • DHS-led Unified Operations Watch & Warning Center

  • Operates 24 hours/day, 7 days/week, 365 days a year.

  • Classification Level-Top Secret/Sensitive Compartmented Information (TS/SCI)


Nccic mission

NCCIC Mission

Address threats and incidents affecting the Nation’s critical information technology and cyber infrastructure


Who is the nccic

Who Is The NCCIC?

DHS Office of Cybersecurity and Communications (CS&C)

UCG

NCCIC

Liaisons

US CERT

NCSC

NCC

DHS I&A

ICS-CERT


Operations

Operations

  • Data and situational awareness from component operations/ Information Sharing

  • Fusion and analysis of information to see trends/incidents

  • Joint Incident Management

  • Decision Support

Steady State

Incident Response

De-escalation


Who is currently at the table

Who Is Currently At The ‘Table’?

DHS Office of Cybersecurity and Communications (CS&C)

NCCIC

ES-ISAC

Comms ISAC

IT-ISAC

FS-ISAC

MS-ISAC


The ucg

The UCG

  • Unified Command Group-composed of private and public sector representatives

  • UCG-Staff and UCG Seniors

  • UCG Staff meet on a regular basis. Both meet as needed during an incident

  • Advise Assistant Secretary of CS&C on cybersecurity matters, provide subject matter expertise and response as necessary during an incident that requires national coordination.


Cyber incident response

Cyber Incident Response

Cyber Incident Manager

Cyber UCG

Incident Management Team

UCG Seniors

UCG Staff

Private Sector

NGOs/Others

NCCIC

Federal

Government

International

State/Local

Government


Information sharing initiatives in critical infrastructure protection and resilience

CONTACT

Will Pelgrin-Chair

Denise Anderson-Vice Chair

Scott Algeier-Secretary

[email protected]

[email protected]

[email protected]

www.natlisacs.org


  • Login