information sharing initiatives in critical infrastructure protection and resilience
Download
Skip this Video
Download Presentation
Information Sharing Initiatives In Critical Infrastructure Protection and Resilience

Loading in 2 Seconds...

play fullscreen
1 / 58

Information Sharing Initiatives In Critical Infrastructure Protection and Resilience - PowerPoint PPT Presentation


  • 397 Views
  • Uploaded on

Information Sharing Initiatives In Critical Infrastructure Protection and Resilience. Denise Anderson Vice Chair-National Council of ISACs Vice President FS-ISAC, Government and Cross Sector Programs Financial Services Information Sharing & Analysis Center (FS-ISAC).

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Information Sharing Initiatives In Critical Infrastructure Protection and Resilience' - jacqueline


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
information sharing initiatives in critical infrastructure protection and resilience

Information Sharing Initiatives In Critical Infrastructure Protection and Resilience

Denise Anderson

Vice Chair-National Council of ISACs

Vice President FS-ISAC, Government and Cross Sector Programs

Financial Services Information Sharing & Analysis Center (FS-ISAC)

National Council of ISACs

agenda
Agenda
  • Critical Infrastructure
  • What is an ISAC?
  • Descriptions of the various ISACs and capabilities/reach
  • What is the National Council of ISACs?
  • Overview of Council Activities
  • Case Studies: Lessons Learned
  • Five Initiatives To Enhance Critical Infrastructure Protection and Resilience
critical infrastructure
Critical Infrastructure
  • 18 Defined Sectors:

Agriculture and Food

Defense Industrial Base

Energy

Healthcare & Public Health

Banking & Finance

Water

Chemical

Commercial Facilities

Critical Manufacturing

Dams

Communications

Postal & Shipping

Transportation Systems

Government Facilities

Emergency Services

Nuclear Reactors, Materials & Waste

Information Technology

National Monuments & Icons

what is an isac
What is an ISAC?
  • Relationship to sectors
  • Funding
  • Structure/Operations
  • Functions
why isacs
Why ISACs?
  • Trusted entities established by CI/KR owners
  • and operators.
  • Comprehensive sector analysis
  • Reach-within their sectors, with other sectors, and
  • with government to share critical information.
  • All-hazards approach
  • Threat level determination for sector
why isacs1
Why ISACs?
  • Operational services such as risk mitigation,
  • incident response, and information sharing
  • Fast response on accurate, actionable and
  • relevant information
  • Empower business resiliency through security
  • planning, disaster response and recovery
  • execution. Most ISACs, by
  • definition, have 24/7
  • threat warning,
  • incident reporting capabilities
isacs
ISACs

Communications ISAC

Electricity ISAC

Emergency Management & Response ISAC

Financial Services ISAC

Highway ISAC

Information Technology ISAC

Maritime ISAC

Multi-State ISAC

isacs1
ISACs

National Health ISAC

Public Transit ISAC

Real Estate ISAC

Research and Education ISAC

Supply Chain ISAC

Surface Transportation ISAC

Water ISAC

other operational entities
Other Operational Entities
  • Defense Industrial Base (DIB)
  • Nuclear
  • Oil & Gas
  • Chemical
  • Airline
isac example fs isac information sharing and analysis tools for members
ISAC EXAMPLE: FS-ISAC Information Sharing and Analysis Tools for Members
  • Cyber & Physical alerts from 24/7 Security Ops Center
  • Briefings/white papers
  • Risk Mitigation Toolkit
  • Document Repository
  • Anonymous Submissions
  • Committee Listservs
  • Member surveys
  • Bi-weekly Threat calls
  • Special info sharing member conference calls
  • Crisis Management process– CMLT, CINS
  • Semi-annual conferences
  • Webinars
  • Regional Program
  • Viewpoints
communications isac
Communications ISAC
  • The DHS National Coordinating Center partners with the private sector in the ISAC and provides 24x7 operational support
  • Members include communications equipment and software vendors, wire line communications providers, wireless communications providers, including satellite providers, Internet Service Provider backbone networks
  • www.ncs.gov/ncc
electricity isac
Electricity ISAC
  • The ES-ISAC’s coverage includes bulk power system entities and 18 Reliability Coordinators and covers the entire continental United States and Canada
  • Working on developing the necessary communication and participation with non-bulk power system entities and their critical suppliers
  • www.esisac.com
emr isac
EMR ISAC
  • Initiated in 2000 by a FEMA contract, operates from the National Emergency Training Center in Emmitsburg, MD
  • Reaches over 40,000 ESS departments and agencies directly, thousands more reached through ESS associations, departments and agencies as well as state and local fusion centers
  • www.usfa.dhs.gov/emr-isac
financial services isac
Financial Services ISAC
  • The only industry forum for collaboration on critical security threats facing the financial services sector
  • Over 4,200 direct members and 30 member associations
  • Ability to reach 99% of the banks and credit unions and 85% of the securities industry, and nearly 50% of the insurance industry
  • www.fsisac.com
highway isac
Highway ISAC
  • Cooperative Agreement with (DHS) Trucking Security Program (TSP)
  • Provide anti-terrorism and security awareness training for highway professionals and recruit volunteers to report suspicious activities
  • Reach over 2 million
  • www.firstobserver.com
information technology isac
Information Technology ISAC
  • Reaches 90% of all desktop operating systems, 85% of all databases; 76% of the global microprocessor market; 85% of all routers and 65% of software security
  • www.it-isac.org
maritime security isac
Maritime Security ISAC
  • Established in 1988
  • Non-profit, member driven organization representing ocean carriers, cruise lines, port facilities and terminals, logistics providers, importers, exporters and related maritime industries throughout the world 
  • http://www.maritimesecurity.org/
multi state isac
Multi-State ISAC
  • Includes all 50 States, the District of Columbia, five U.S. Territories, one local governments per state and all state homeland security offices
  • The MS-ISAC continues to broaden its local government participation to include all of the approximate 39,000 municipalities and fusion centers
  • www.msisac.org
national health isac
National Health ISAC
  • The NH-ISAC serves to protect the nation\'s healthcare and public health critical infrastructure against security threats and vulnerabilities.
  • Founded in 2010 leveraging Center for Technology Innovation at Kennedy Space Center
  • Healthcare and Public Health organizations
  • www.nhisac.org
public transit isac
Public Transit ISAC
  • Created by The American Public Transportation Association (APTA). APTA is designated by the US Department of Transportation as the sector coordinator for the US public transit industry
  • Members serve more than 90% of persons using public transportation in the United States and Canada
  • www.surfacetransportationisac.org/APTA.asp
real estate isac
Real Estate ISAC
  • Created by the Real Estate Roundtable in 2003
  • Membership comprised of 11 major associations such as BOMA, IREM, American Hotel & Lodging, National Apartment Association, International Institute of Shopping Centers, Real Estate Roundtable
  • http://reisac.org/
ren isac
REN ISAC
  • Supported by Indiana University and through relationships with EDUCAUSE and Internet2, the REN-ISAC is an integral part of higher education\'s strategy to improve network security specifically designed to support the unique environment and needs of over 1,400organizations connected to served higher education and research networks
  • Ability to reach 4,000 EDU organizations
  • www.ren-isac.net
supply chain isac
Supply Chain ISAC
  • Includes over 661 manufacturers & shippers, cargo carriers (air, rail, highway and maritime), consignees, supply chain service suppliers, law enforcement and federal government agencies, which reach almost 1,700 users
  • Launched in June 2006 with the announcement of its sponsorship by the International Cargo Security Council (ICSC) at the ICSC Annual Conference
  • www.secure.sc-investigate.net/SC-ISAC
surface transportation isac
Surface Transportation ISAC
  • Created by the Association of American Railroads in 2002 at the request of the Secretary of Transportation
  • The ST-ISAC supports 95% of the North American freight railroad infrastructure
  • www.surfacetransportationisac.org
water isac
Water ISAC
  • Currently provides security information to water and wastewater utilities that provide services to more than 65% of the American population
  • www.waterisac.org
national council of isacs
National Council of ISACs

Began meeting in 2003 to address common concerns and cross-sector interdependencies

Volunteer group of ISACs who meet monthly to develop trusted working relationships among sectors on issues of common interest and work on initiatives of value to CI/KR

national council of isacs structure
National Council of ISACs-Structure

National Council of ISACs: four designated operational representatives from each ISAC sit on the Council.

ISAC Plus: all other entities/representatives such as operations centers who participate in information sharing

Leadership:

Chair: Will Pelgrin-Multi-State ISAC

Vice-Chair: William Nelson-Financial Services ISAC

Secretary: Denise Anderson-Financial Services ISAC

national council of isacs mission
National Council of ISACs Mission

The mission of the National Council of Information Sharing and Analysis Centers Council (ISACs) is to advance the physical and cyber security of the critical infrastructures of North America by establishing and maintaining a framework for valuable interaction between and among the ISACs and with governments.

slide29

Information Sources

Communications

Daily & Weekly ISAC Calls

PCIS

ListServ and Trusted Relationships

ISAC Ops Centers

ISACs & Other Sectors

Monthly Meetings

National Council of ISACs

Best Practice Sharing - Joint Statements -White Papers

DHS & Other Government Partners

Private Sector Liaison At The NICC

CIP Congress

ENS Calls And Crisis Calls

Briefings

Other Sources

(Hundreds)

national council of isacs activities examples
National Council of ISACs Activities-Examples

Increase involvement of sectors without ISACs

Drills/Exercises Such as NLEs, Cyber Storm

Private Sector Liaison at the NICC

Emergency Classified Briefing Process

Cross Sector Information Sharing Framework

Implement Real-Time sector Threat Level Reporting

Directorate

case studies recent incidents
Case Studies: Recent Incidents
  • DNS Cache Poisoning
  • Hurricanes Gustav and Ike
  • H1N1
  • ISAC Example:
    • RSA Breach
    • Account Take Over Attacks
dns cache poisoning
DNS Cache Poisoning

When the DNS Cache Poisoning vulnerability was discovered in July 2008, ISACs alerted each other and shared mitigation strategies:

  • Sector Call
  • Information Sharing via ListServ
  • Information Sharing via trusted relationships
  • Weekly Inter-ISAC calls
  • Joint Bulletin published by IT, Communications and FS ISACs
hurricanes gustav ike
Hurricanes Gustav & Ike

During Hurricanes Gustav & Ike, the National Council of ISACs stood up (in partnership with DHS and PCIS) a private sector liaison seat at the NICC

  • Information Sharing via ListServ
  • Information Sharing via trusted relationships
  • Weekly Inter-ISAC calls
  • ENS and Crisis calls
  • Success Stories
information shared
Information Shared
  • List of ATM’s that have been used in the last 24 hours in affected regions along the gulf coast
  • Missing ACH Files
  • List of merchants in affected regions that have seen credit/debit card transactions in the last 24 hours, categorized by Fuel, Building Materials, Food and Medicine
lessons learned
Lessons Learned

Education: reach out to sectors and down to owners/operators-A new way of thinking

Compiling common situations/questions for training and future incidents

Politics

Successes

EPA

VISA

slide38
H1N1

The ISACs were and are actively engaged in

  • Sector Calls with DHS and CDC
  • Information Sharing via ListServ
  • Information Sharing via trusted relationships
  • FS-ISAC Business Resiliency Committee calls
  • Best practices guidelines
rsa breach
RSA Breach

March 11, 2011-Breach detected not public

  • Thursday March 17, 2011 story broke
    • Threat Intelligence Committee Call
  • Friday March 18, 2011
    • Cyber UCG call
    • NCI call with DHS
    • Threat Intelligence Committee Call w/RSA
    • FS-ISAC Membership Call w/RSA
    • NCI call
  • Mitigation Report Working Group Calls
  • Mitigation Report
five major initiatives to enhance critical infrastructure protection and resilience
Five Major Initiatives To Enhance Critical Infrastructure Protection and Resilience

NICC Liaison

Classified Briefing Initiative

Joint Coordination Center Pilot

NLE 11

NCCIC & UCG

nicc liaison purpose
NICC Liaison: Purpose

Establish a private sector liaison with a physical presence at the National Infrastructure Coordinating Center (NICC) to serve as a conduit for information between the CI/KR Private Sector and DHS Office of Infrastructure Protection (IP) particularly in instances of incidents of national significance but also during special security events, exercises and drills.

nicc liaison activities
NICC Liaison: Activities
  • Work with IP Partners to validate CIKR information and assessments for all 18 sectors
  • Support activities relating to RFIs and RFAs
  • Contribute to reports, as necessary
  • Help facilitate situational awareness
  • Facilitate CIKR private sector pull teleconferences as necessary
  • Staff seat during certain exercises and other situations as appropriate
nicc liaison qualifications
NICC Liaison: Qualifications

Sector-designated operational representative

Maintain minimum of a secret level clearance

Complete 3-Hour Training Program

Visit Freedom Center once every 4 weeks

Sign an agreement to represent all sectors

classified briefing objective
Classified Briefing: Objective

The Emergency Private Sector Classified Briefing Program enables Federal intelligence agencies to reach all Private Sector Critical Infrastructure represented by the National Council of ISACs Members, PCIS, and other private sector participating entities to relay classified information on an emergency basis.

classified briefing who
Classified Briefing: Who
  • Private Sector representatives from all 18 Sectors
  • 8 designated representatives per sector
  • 4 designated operations and 4 designated policy
  • Minimum clearance level-Secret
classified briefing how
Classified Briefing: How
  • Classified Briefing Group on ENS list
  • Any intelligence agency can trigger notification via NICC
  • 24-hour notice period
joint coordination center pilot
Joint Coordination Center-Pilot
  • National Security Telecommunications Advisory Council-NSTAC
  • Cross-Sector Cyber Security Collaboration and Analysis
  • Pilot project initially involving the FS-ISAC; IT-ISAC; Defense Security Information Exchange (DSIE) and Communications ISAC.
joint coordination center pilot1
Joint Coordination Center-Pilot
  • Private Sector Component
  • Establish a common operating picture amongst sectors and analysis products to support efforts to detect, prevent, mitigate and respond to cyber security events through a 24x7 Joint Coordination Center
  • Current Activity
nle 11
NLE 11
  • Private Sector Working Group
  • Ground Truth Documents
    • Electricity, Water, Surface Transportation, Communications
  • Sim Cell and Private Sector Liaison Play
  • Long-Term Recovery Workshops and TTX
what is the nccic
What Is The NCCIC?
  • National Cybersecurity and Communications Integration Center
  • DHS-led Unified Operations Watch & Warning Center
  • Operates 24 hours/day, 7 days/week, 365 days a year.
  • Classification Level-Top Secret/Sensitive Compartmented Information (TS/SCI)
nccic mission
NCCIC Mission

Address threats and incidents affecting the Nation’s critical information technology and cyber infrastructure

who is the nccic
Who Is The NCCIC?

DHS Office of Cybersecurity and Communications (CS&C)

UCG

NCCIC

Liaisons

US CERT

NCSC

NCC

DHS I&A

ICS-CERT

operations
Operations
  • Data and situational awareness from component operations/ Information Sharing
  • Fusion and analysis of information to see trends/incidents
  • Joint Incident Management
  • Decision Support

Steady State

Incident Response

De-escalation

who is currently at the table
Who Is Currently At The ‘Table’?

DHS Office of Cybersecurity and Communications (CS&C)

NCCIC

ES-ISAC

Comms ISAC

IT-ISAC

FS-ISAC

MS-ISAC

the ucg
The UCG
  • Unified Command Group-composed of private and public sector representatives
  • UCG-Staff and UCG Seniors
  • UCG Staff meet on a regular basis. Both meet as needed during an incident
  • Advise Assistant Secretary of CS&C on cybersecurity matters, provide subject matter expertise and response as necessary during an incident that requires national coordination.
cyber incident response
Cyber Incident Response

Cyber Incident Manager

Cyber UCG

Incident Management Team

UCG Seniors

UCG Staff

Private Sector

NGOs/Others

NCCIC

Federal

Government

International

State/Local

Government

slide58

CONTACT

Will Pelgrin-Chair

Denise Anderson-Vice Chair

Scott Algeier-Secretary

[email protected]

[email protected]

[email protected]

www.natlisacs.org

ad