1 / 23

Securing Voice and Data Systems in the Emergency Services Sector

Securing Voice and Data Systems in the Emergency Services Sector. 2012 National Homeland Security Conference Columbus, Ohio May 24, 2012. Agenda. Overview of the Emergency Services Sector (ESS) Cybersecurity Initiatives

julio
Download Presentation

Securing Voice and Data Systems in the Emergency Services Sector

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Securing Voice and Data Systems in the Emergency Services Sector 2012 National Homeland Security Conference Columbus, Ohio May 24, 2012

  2. Agenda • Overview of the Emergency Services Sector (ESS) Cybersecurity Initiatives • Introduction to the Cybersecurity Assessment and Risk Management Approach (CARMA) and the Emergency Services Sector–Cybersecurity Risk Assessment (ESS-CRA) • Panel discussion focused on the ESS-CRA and Cybersecurity in the ESS

  3. The ESS Cyber Working Group has worked with the National Cyber Security Division since June 2010 to coordinate sector cyber activities Accomplishments • Conducted site-specific cybersecurity risk assessments in their cities in Fall 2010 • Hosted a cybersecurity webinar in January 2011, exceeding 150 registrants • Shared cyber resources via HSIN-CS and HSIN ESS portals • Conducted the ESS Cyber Risk Assessment (ESS-CRA) using the Cybersecurity Assessment and Risk Management Approach (CARMA) Future Efforts • Release a sector cybersecurity roadmap in August 2012 that will provide a path forward for the ESS cybersecurity program • Develop webinars and training around the vulnerabilities highlighted in the ESS-CRA and emerging technologies (NG9-1-1, Cloud Computing, etc.)

  4. CARMA brought together ESS jurisdictions in 2011 to strategically and uniformly address cyber risk Process • “The CARMA methodology has helped ESS work collectively as a large, dispersed group of public partners from across the country. By focusing on cyber risk in manageable phases, we are better able to understand and address our sector’s complex, cyber dependencies and interdependencies.” • - Mark Hogan, Co-Chair, ESS Cyber Security Working Group • Recruited members from all ESS disciplines to work to identify, prioritize, and manage cyber risks • CARMA solicited input on widely impactful nationwide threats, vulnerabilities, and consequences through seven targeted evaluation sessions and scenarios • CARMA’s flexibility addressed the ESS’ public-service mission to protect citizens and other sectors Outcomes • Conducting CARMA fostered greater cyber collaboration between ESS stakeholders from diverse districts and disciplines • The finalized list of critical ESS functions and associated cyber infrastructure informs a sector-wide, cyber risk profile which will help determine appropriate incident response • CARMA will help the sector prioritize risks of concern and determine where to focus their cyber efforts and will link to the ESS cybersecurity roadmap* *Roadmap to Secure Voice and Data Systems in the Emergency Services Sector

  5. As NCSD’s lead for cybersecurity planning and strategic cyber risk management, CIP CS helps sectors meet NIPP objectives NIPP Objectives* DHS Critical Infrastructure Protection Cyber Security (CIP CS)Roles *Reference: http://www.dhs.gov/xlibrary/assets/NIPP_Plan.pdf

  6. CIP CS applies a functions-based, cyber risk management approach that aligns with traditional critical infrastructure protection efforts NIPP Risk Management Framework Set Goals and Objectives Identify Assets, Systems, and Networks Assess Risks Prioritize Implement Programs Measure Effectiveness Physical Cyber Human Cybersecurity Assessment and Risk Management Approach (CARMA) Identify critical functions and other cyber infrastructure (CARMA Stage II) Scope risk management activities (CARMA Stage I) Conduct cyber risk assessment and develop cyber risk management strategy (CARMA Stage III and IV) Implement strategy and measure effectiveness (CARMA Stage V) CARMA provides a strategic view of risk that is best able to address the complex and dynamic nature of cyberspace

  7. The CARMA methodology helps partners develop and implement a national-level approach to cyber risk management • CybersecurityAssessment and Risk Management Approach (CARMA) • Enables partners to effectively identify, assess, and manage national level cyber risks to their infrastructure • Assists partners in assessing cyber threats, vulnerabilities, and consequences to formulate a cyber risk profile • Allows partners to identify best practices, programs, subject matter experts, and partners to manage cyber risks to mitigate cyber risk impact to their mission

  8. CARMA relies on a variety of sources to produce cyber risk management materials that address a sector’s critical functions CARMA Stage Inputs Outputs Sector Engagement Scope Risk Management Activities (I) Cyber Risk Work Plan Identify Cyber Infrastructure (II) Critical Sector Functions List Interdependency Studies Sector SMEs Sector Cyber Risk Profile Conduct Cyber Risk Assessment (III) Open Source Research Cyber Risk Response Strategy Develop Cyber Risk Management Strategy (IV) Research & Analysis Cyber Risk Effectiveness Measures Implement Strategy & Measure Effectiveness (V)

  9. Critical functions are vital to a sector’s ability to fulfill its mission • Critical functions are sets of processes that produce, provide, and maintain a sector’s products and services • A sector’s critical functions encompass the full set of processes involved in transforming supply chain inputs into products and services the sector provides, including R&D, manufacturing, distribution, upgrades, and maintenance • Critical functions support the sector’s ability to produce and provide high assurance products, services, and practices that are resilient to threats and can be rapidly recovered • For this assessment, the term critical function is synonymous with ESS discipline Emergency Services Sector critical functions include: • Law Enforcement • Fire and Emergency Services • Emergency Medical Services • Emergency Management • Public Works • Public Safety Communication and Coordination/Fusion

  10. CARMA identifies and assesses the cyber infrastructure that supports ESS critical functions ESS Example Law Enforcement Critical Services/ Functions People, Facilities, Equipment, Information, Communications Systems, etc. Value Chain (per function) Business Systems, Access Control, & Other Specialty Systems Critical Cyber Infrastructure • Security and Surveillance Systems • Watch and Warning Systems • Computer Aided Dispatch • Geospatial Tools & Systems • Criminal Justice Networks & Systems • Internet • Telecommunications Systems • Radio Infrastructure Serve, Respond, Operate Share, Communicate, Notify Record, Save, Review Gather, Collect Analyze

  11. CARMA results provided the ESS with tangible cyber risk analyses and laid the groundwork for risk management strategies • Future Risk Activities Table • Summarizes areas for future evaluation • Provides a snapshot of key milestones for risk management activities • Risk Priority Matrix • Summarizes risks to the most basic level • Prioritizes risks by showing relative likelihood and consequence evaluations Activities Date • Risk Response Table • Summarizes strategy for managing identified risks • Risk response options can be: accept; avoid; transfer; or mitigate. • Cybersecurity Metrics List/Dashboard • Articulates the measurements that evaluate risk response implementation • Can be displayed in list or dashboard format • List of Relevant Protective Programs and R&D • Captures key initiatives that seek to address risks • Captures research and development (R&D) efforts that seek to address risks NOTE: To view an example of what an end product of the assessment can look like, please visit the following link to the IT Sector Baseline Risk Assessment (August 2009): http://www.dhs.gov/xlibrary/assets/nipp_it_baseline_risk_assessment.pdf. To view an example of what a risk management strategy can look like, please visit the following link to the Domain Name System Risk Management Strategy (June 2011): http://www.dhs.gov/xlibrary/assets/it-sector-risk-management-strategy-domain-name-resolution-services-june2011.pdf This is not a prescriptive format to follow; just an example. All CARMA evaluations will likely be different and result in unique end products that meet the needs of the stakeholder group conducting the assessment.

  12. The ESS CARMA engagement resulted in several positive outcomes for the sector • Fostered cyber collaboration between ESS stakeholders from diverse districts and disciplines • Enhanced national cybersecurity awareness among sector members • Identified emerging cyber issues, such as threats to closed circuit television and cloud computing • Provided a framework to identify and prioritize cyber risks of concern • Informed a cyber risk profile in the ESS-CRA that shows how scenarios affect each discipline and ranks risks to each discipline in terms of likelihood and consequence

  13. Scenario 1: A natural disaster causes the loss of 9-1-1 • capabilities • Natural disasters are threats to ESS disciplines and their cyber infrastructure • Natural disasters typically affect specific geographic locations or regions and cause immediate impacts or degradation in normal day-to-day ESS cyber infrastructure and communications capabilities including 9-1-1 capabilities • This scenario would have compounding consequences

  14. Scenario 2: Lack of availability of sector database causes disruption of mission capability • ESS cyber infrastructure includes databases and their supporting elements • ESS databases are critical to supporting sector missions and activities • Should a database be unavailable, there will be disruption to mission capabilities within and across ESS disciplines

  15. Scenario 3: Compromised sector database causes corruption or loss of confidentiality of critical information • ESS databases are critical to supporting sector missions and activities • In the case of a compromised sector database causing corruption or loss of confidentiality of critical information, there will be disruption to mission capabilities

  16. Scenario 4: Public alerting and warning system disseminates inaccurate information • Public alerting and warning systems contribute to several ESS disciplines’ operational capabilities • These systems range from the national-level Integrated Public Alert Warning System (IPAWS) for major emergencies to regional and local alert and warning systems • These systems provide alerts for a variety of events and ESS disciplines

  17. Scenario 5: Loss of communications lines results in disrupted communications capabilities • Scenario 5 focuses on loss as a result of manmade deliberate and manmade unintentional threats to all ESS-related communications • This scenario expands the scope of Scenario 1 (Natural Disaster) • The components of this scenario include undesired consequences, the vulnerabilities that can lead to those undesired consequences, and the threats that can exploit those vulnerabilities

  18. Scenario 6: Closed-Circuit Television (CCTV) jamming/blocking results in disrupted surveillance capabilities • Many CCTV networks are switching to IP-based communications, creating new vulnerabilities for threat actors to exploit • Older CCTV networks are also prone to attacks from various threats

  19. Scenario 7: Overloaded communications network results in denial of service conditions for public safety and emergency services communications networks • This scenario specifically focuses on the loss of availability of Public Safety Communications & Coordination/Fusion networks as a result of denial of service conditions • This scenario can occur deliberately as a result of a malicious actor launching a denial of service attack or unintentionally as a result of a network overload caused by a sudden and unexpected surge in public use

  20. Scenario outputs resulted in key findings about cyber threats to ESS • ESS is susceptible to a range of manmade deliberate, manmade unintentional, and natural threats • Manmade deliberate threat actors can include disgruntled insiders, criminals, protestors, and hacktivists • Manmade unintentional threats can include inadequately trained employees misusing software, technical flaws, or lack of oversight enabling incidents as a result of employee errors • Natural threats affecting ESS can consist of biological threats (e.g., epidemics), geological threats (e.g., earthquakes), or meteorological threats (e.g., floods) • The likelihood of these threats causing an incident increases when paired with common vulnerabilities such as weak security policies and procedures, poorly secured technology and software, or inadequate security architectures

  21. Several initiatives in the ESS are inadvertently creating new • cyber risk 21

  22. ESS operates an active HSIN portal to share cybersecurity resources • The Homeland Security Information Network Critical Sector-Emergency Services (HSIN-CS-ESS) Portal can be found at: https://hsin.gov • The portal provides members with various sector-specific cybersecurity resources • Cybersecurity products, materials, and initiatives within the sector including the ESS-CRA Final Report • Cyber Security Working Group updates • Information about upcoming events and conferences • To request permission to the portal, please contact: • Emergency Services Sector • ESSTeam@hq.dhs.gov

More Related