Information sharing initiatives in critical infrastructure protection and resilience
1 / 58

Information Sharing Initiatives In Critical Infrastructure Protection and Resilience - PowerPoint PPT Presentation

  • Uploaded on

Information Sharing Initiatives In Critical Infrastructure Protection and Resilience. Denise Anderson Vice Chair-National Council of ISACs Vice President FS-ISAC, Government and Cross Sector Programs Financial Services Information Sharing & Analysis Center (FS-ISAC).

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Information Sharing Initiatives In Critical Infrastructure Protection and Resilience' - jacqueline

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Information sharing initiatives in critical infrastructure protection and resilience

Information Sharing Initiatives In Critical Infrastructure Protection and Resilience

Denise Anderson

Vice Chair-National Council of ISACs

Vice President FS-ISAC, Government and Cross Sector Programs

Financial Services Information Sharing & Analysis Center (FS-ISAC)

National Council of ISACs

Agenda Protection and Resilience

  • Critical Infrastructure

  • What is an ISAC?

  • Descriptions of the various ISACs and capabilities/reach

  • What is the National Council of ISACs?

  • Overview of Council Activities

  • Case Studies: Lessons Learned

  • Five Initiatives To Enhance Critical Infrastructure Protection and Resilience

Critical infrastructure
Critical Infrastructure Protection and Resilience

  • 18 Defined Sectors:

Agriculture and Food

Defense Industrial Base


Healthcare & Public Health

Banking & Finance



Commercial Facilities

Critical Manufacturing



Postal & Shipping

Transportation Systems

Government Facilities

Emergency Services

Nuclear Reactors, Materials & Waste

Information Technology

National Monuments & Icons

What is an isac
What is an ISAC? Protection and Resilience

  • Relationship to sectors

  • Funding

  • Structure/Operations

  • Functions

Why isacs
Why ISACs? Protection and Resilience

  • Trusted entities established by CI/KR owners

  • and operators.

  • Comprehensive sector analysis

  • Reach-within their sectors, with other sectors, and

  • with government to share critical information.

  • All-hazards approach

  • Threat level determination for sector

Why isacs1
Why ISACs? Protection and Resilience

  • Operational services such as risk mitigation,

  • incident response, and information sharing

  • Fast response on accurate, actionable and

  • relevant information

  • Empower business resiliency through security

  • planning, disaster response and recovery

  • execution. Most ISACs, by

  • definition, have 24/7

  • threat warning,

  • incident reporting capabilities

ISACs Protection and Resilience

Communications ISAC

Electricity ISAC

Emergency Management & Response ISAC

Financial Services ISAC

Highway ISAC

Information Technology ISAC

Maritime ISAC

Multi-State ISAC

ISACs Protection and Resilience

National Health ISAC

Public Transit ISAC

Real Estate ISAC

Research and Education ISAC

Supply Chain ISAC

Surface Transportation ISAC

Water ISAC

Other operational entities
Other Operational Entities Protection and Resilience

  • Defense Industrial Base (DIB)

  • Nuclear

  • Oil & Gas

  • Chemical

  • Airline

Isac example fs isac information sharing and analysis tools for members
ISAC EXAMPLE: FS-ISAC Information Sharing and Analysis Tools for Members

  • Cyber & Physical alerts from 24/7 Security Ops Center

  • Briefings/white papers

  • Risk Mitigation Toolkit

  • Document Repository

  • Anonymous Submissions

  • Committee Listservs

  • Member surveys

  • Bi-weekly Threat calls

  • Special info sharing member conference calls

  • Crisis Management process– CMLT, CINS

  • Semi-annual conferences

  • Webinars

  • Regional Program

  • Viewpoints

Communications isac
Communications ISAC for Members

  • The DHS National Coordinating Center partners with the private sector in the ISAC and provides 24x7 operational support

  • Members include communications equipment and software vendors, wire line communications providers, wireless communications providers, including satellite providers, Internet Service Provider backbone networks


Electricity isac
Electricity ISAC for Members

  • The ES-ISAC’s coverage includes bulk power system entities and 18 Reliability Coordinators and covers the entire continental United States and Canada

  • Working on developing the necessary communication and participation with non-bulk power system entities and their critical suppliers


Emr isac
EMR ISAC for Members

  • Initiated in 2000 by a FEMA contract, operates from the National Emergency Training Center in Emmitsburg, MD

  • Reaches over 40,000 ESS departments and agencies directly, thousands more reached through ESS associations, departments and agencies as well as state and local fusion centers


Financial services isac
Financial Services ISAC for Members

  • The only industry forum for collaboration on critical security threats facing the financial services sector

  • Over 4,200 direct members and 30 member associations

  • Ability to reach 99% of the banks and credit unions and 85% of the securities industry, and nearly 50% of the insurance industry


Highway isac
Highway ISAC for Members

  • Cooperative Agreement with (DHS) Trucking Security Program (TSP)

  • Provide anti-terrorism and security awareness training for highway professionals and recruit volunteers to report suspicious activities

  • Reach over 2 million


Information technology isac
Information Technology ISAC for Members

  • Reaches 90% of all desktop operating systems, 85% of all databases; 76% of the global microprocessor market; 85% of all routers and 65% of software security


Maritime security isac
Maritime Security ISAC for Members

  • Established in 1988

  • Non-profit, member driven organization representing ocean carriers, cruise lines, port facilities and terminals, logistics providers, importers, exporters and related maritime industries throughout the world 


Multi state isac
Multi-State ISAC for Members

  • Includes all 50 States, the District of Columbia, five U.S. Territories, one local governments per state and all state homeland security offices

  • The MS-ISAC continues to broaden its local government participation to include all of the approximate 39,000 municipalities and fusion centers


National health isac
National Health ISAC for Members

  • The NH-ISAC serves to protect the nation's healthcare and public health critical infrastructure against security threats and vulnerabilities.

  • Founded in 2010 leveraging Center for Technology Innovation at Kennedy Space Center

  • Healthcare and Public Health organizations


Public transit isac
Public Transit ISAC for Members

  • Created by The American Public Transportation Association (APTA). APTA is designated by the US Department of Transportation as the sector coordinator for the US public transit industry

  • Members serve more than 90% of persons using public transportation in the United States and Canada


Real estate isac
Real Estate ISAC for Members

  • Created by the Real Estate Roundtable in 2003

  • Membership comprised of 11 major associations such as BOMA, IREM, American Hotel & Lodging, National Apartment Association, International Institute of Shopping Centers, Real Estate Roundtable


Ren isac
REN ISAC for Members

  • Supported by Indiana University and through relationships with EDUCAUSE and Internet2, the REN-ISAC is an integral part of higher education's strategy to improve network security specifically designed to support the unique environment and needs of over 1,400organizations connected to served higher education and research networks

  • Ability to reach 4,000 EDU organizations


Supply chain isac
Supply Chain ISAC for Members

  • Includes over 661 manufacturers & shippers, cargo carriers (air, rail, highway and maritime), consignees, supply chain service suppliers, law enforcement and federal government agencies, which reach almost 1,700 users

  • Launched in June 2006 with the announcement of its sponsorship by the International Cargo Security Council (ICSC) at the ICSC Annual Conference


Surface transportation isac
Surface Transportation ISAC for Members

  • Created by the Association of American Railroads in 2002 at the request of the Secretary of Transportation

  • The ST-ISAC supports 95% of the North American freight railroad infrastructure


Water isac
Water ISAC for Members

  • Currently provides security information to water and wastewater utilities that provide services to more than 65% of the American population


National council of isacs
National Council of ISACs for Members

Began meeting in 2003 to address common concerns and cross-sector interdependencies

Volunteer group of ISACs who meet monthly to develop trusted working relationships among sectors on issues of common interest and work on initiatives of value to CI/KR

National council of isacs structure
National Council of ISACs-Structure for Members

National Council of ISACs: four designated operational representatives from each ISAC sit on the Council.

ISAC Plus: all other entities/representatives such as operations centers who participate in information sharing


Chair: Will Pelgrin-Multi-State ISAC

Vice-Chair: William Nelson-Financial Services ISAC

Secretary: Denise Anderson-Financial Services ISAC

National council of isacs mission
National Council of ISACs Mission for Members

The mission of the National Council of Information Sharing and Analysis Centers Council (ISACs) is to advance the physical and cyber security of the critical infrastructures of North America by establishing and maintaining a framework for valuable interaction between and among the ISACs and with governments.

Information Sources for Members


Daily & Weekly ISAC Calls


ListServ and Trusted Relationships

ISAC Ops Centers

ISACs & Other Sectors

Monthly Meetings

National Council of ISACs

Best Practice Sharing - Joint Statements -White Papers

DHS & Other Government Partners

Private Sector Liaison At The NICC

CIP Congress

ENS Calls And Crisis Calls


Other Sources


National council of isacs activities examples
National Council of ISACs Activities-Examples for Members

Increase involvement of sectors without ISACs

Drills/Exercises Such as NLEs, Cyber Storm

Private Sector Liaison at the NICC

Emergency Classified Briefing Process

Cross Sector Information Sharing Framework

Implement Real-Time sector Threat Level Reporting


CLICK for Members

Case studies recent incidents
Case Studies: Recent Incidents for Members

  • DNS Cache Poisoning

  • Hurricanes Gustav and Ike

  • H1N1

  • ISAC Example:

    • RSA Breach

    • Account Take Over Attacks

Dns cache poisoning
DNS Cache Poisoning for Members

When the DNS Cache Poisoning vulnerability was discovered in July 2008, ISACs alerted each other and shared mitigation strategies:

  • Sector Call

  • Information Sharing via ListServ

  • Information Sharing via trusted relationships

  • Weekly Inter-ISAC calls

  • Joint Bulletin published by IT, Communications and FS ISACs

Hurricanes gustav ike
Hurricanes Gustav & Ike for Members

During Hurricanes Gustav & Ike, the National Council of ISACs stood up (in partnership with DHS and PCIS) a private sector liaison seat at the NICC

  • Information Sharing via ListServ

  • Information Sharing via trusted relationships

  • Weekly Inter-ISAC calls

  • ENS and Crisis calls

  • Success Stories

Information shared
Information Shared for Members

  • List of ATM’s that have been used in the last 24 hours in affected regions along the gulf coast

  • Missing ACH Files

  • List of merchants in affected regions that have seen credit/debit card transactions in the last 24 hours, categorized by Fuel, Building Materials, Food and Medicine

Lessons learned
Lessons Learned for Members

Education: reach out to sectors and down to owners/operators-A new way of thinking

Compiling common situations/questions for training and future incidents





H1N1 for Members

The ISACs were and are actively engaged in

  • Sector Calls with DHS and CDC

  • Information Sharing via ListServ

  • Information Sharing via trusted relationships

  • FS-ISAC Business Resiliency Committee calls

  • Best practices guidelines

Rsa breach
RSA Breach for Members

March 11, 2011-Breach detected not public

  • Thursday March 17, 2011 story broke

    • Threat Intelligence Committee Call

  • Friday March 18, 2011

    • Cyber UCG call

    • NCI call with DHS

    • Threat Intelligence Committee Call w/RSA

    • FS-ISAC Membership Call w/RSA

    • NCI call

  • Mitigation Report Working Group Calls

  • Mitigation Report

Five major initiatives to enhance critical infrastructure protection and resilience
Five Major Initiatives for MembersTo Enhance Critical Infrastructure Protection and Resilience

NICC Liaison

Classified Briefing Initiative

Joint Coordination Center Pilot

NLE 11


Nicc liaison purpose
NICC Liaison: Purpose for Members

Establish a private sector liaison with a physical presence at the National Infrastructure Coordinating Center (NICC) to serve as a conduit for information between the CI/KR Private Sector and DHS Office of Infrastructure Protection (IP) particularly in instances of incidents of national significance but also during special security events, exercises and drills.

Nicc liaison activities
NICC Liaison: Activities for Members

  • Work with IP Partners to validate CIKR information and assessments for all 18 sectors

  • Support activities relating to RFIs and RFAs

  • Contribute to reports, as necessary

  • Help facilitate situational awareness

  • Facilitate CIKR private sector pull teleconferences as necessary

  • Staff seat during certain exercises and other situations as appropriate

Nicc liaison qualifications
NICC Liaison: Qualifications for Members

Sector-designated operational representative

Maintain minimum of a secret level clearance

Complete 3-Hour Training Program

Visit Freedom Center once every 4 weeks

Sign an agreement to represent all sectors

Classified briefing objective
Classified Briefing: Objective for Members

The Emergency Private Sector Classified Briefing Program enables Federal intelligence agencies to reach all Private Sector Critical Infrastructure represented by the National Council of ISACs Members, PCIS, and other private sector participating entities to relay classified information on an emergency basis.

Classified briefing who
Classified Briefing: Who for Members

  • Private Sector representatives from all 18 Sectors

  • 8 designated representatives per sector

  • 4 designated operations and 4 designated policy

  • Minimum clearance level-Secret

Classified briefing how
Classified Briefing: How for Members

  • Classified Briefing Group on ENS list

  • Any intelligence agency can trigger notification via NICC

  • 24-hour notice period

Joint coordination center pilot
Joint Coordination Center-Pilot for Members

  • National Security Telecommunications Advisory Council-NSTAC

  • Cross-Sector Cyber Security Collaboration and Analysis

  • Pilot project initially involving the FS-ISAC; IT-ISAC; Defense Security Information Exchange (DSIE) and Communications ISAC.

Joint coordination center pilot1
Joint Coordination Center-Pilot for Members

  • Private Sector Component

  • Establish a common operating picture amongst sectors and analysis products to support efforts to detect, prevent, mitigate and respond to cyber security events through a 24x7 Joint Coordination Center

  • Current Activity

Nle 11
NLE 11 for Members

  • Private Sector Working Group

  • Ground Truth Documents

    • Electricity, Water, Surface Transportation, Communications

  • Sim Cell and Private Sector Liaison Play

  • Long-Term Recovery Workshops and TTX

What is the nccic
What Is The NCCIC? for Members

  • National Cybersecurity and Communications Integration Center

  • DHS-led Unified Operations Watch & Warning Center

  • Operates 24 hours/day, 7 days/week, 365 days a year.

  • Classification Level-Top Secret/Sensitive Compartmented Information (TS/SCI)

Nccic mission
NCCIC Mission for Members

Address threats and incidents affecting the Nation’s critical information technology and cyber infrastructure

Who is the nccic
Who Is The NCCIC? for Members

DHS Office of Cybersecurity and Communications (CS&C)









Operations for Members

  • Data and situational awareness from component operations/ Information Sharing

  • Fusion and analysis of information to see trends/incidents

  • Joint Incident Management

  • Decision Support

Steady State

Incident Response


Who is currently at the table
Who Is Currently At The ‘Table’? for Members

DHS Office of Cybersecurity and Communications (CS&C)



Comms ISAC




The ucg
The UCG for Members

  • Unified Command Group-composed of private and public sector representatives

  • UCG-Staff and UCG Seniors

  • UCG Staff meet on a regular basis. Both meet as needed during an incident

  • Advise Assistant Secretary of CS&C on cybersecurity matters, provide subject matter expertise and response as necessary during an incident that requires national coordination.

Cyber incident response
Cyber Incident Response for Members

Cyber Incident Manager

Cyber UCG

Incident Management Team

UCG Seniors

UCG Staff

Private Sector








CONTACT for Members

Will Pelgrin-Chair

Denise Anderson-Vice Chair

Scott Algeier-Secretary

[email protected]

[email protected]

[email protected]