1 / 31

Critical Infrastructure Assurance Office

Critical Infrastructure Assurance Office. Globalization and Terrorism: Protecting the Digital Infrastructure. U.S. Government Security Issues. June 7, 2002. Presenter: Mike Lombard. U.S. Government Security Issues. What is the U.S. Government Perspective?

kamala
Download Presentation

Critical Infrastructure Assurance Office

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Critical Infrastructure Assurance Office Globalization and Terrorism: Protecting the Digital Infrastructure U.S. Government Security Issues June 7, 2002 Presenter: Mike Lombard

  2. U.S. Government Security Issues • What is the U.S. Government Perspective? • Answered from the perspective of CIAO • What is the U.S. Government Doing? • What are we doing with other countries?

  3. What is the U.S. Government Perspective? • Attacks on our homeland such as those of Sept 11 must never be allowed to occur again. • Will require combined efforts of Federal, states and local government, private sector, and individual citizens working with common purpose.

  4. Homeland Security vs. Critical Infrastructure Assurance • Objective of homeland security is to safeguard all of America – its people, its property, and society – from terrorist threats foreign and domestic. • Critical infrastructure assurance seeks to maintain the readiness, reliability, and continuity of infrastructure services • less vulnerable to disruptions, • any impairment is of short duration and limited in scale, • services are readily restored when disruptions occur.

  5. Presidential Decision Directive 63 • PDD-63 called for a “public-private partnership to reduce vulnerability” that is “genuine, mutual and cooperative.” • Designated Lead Agency for each major sector • Act as a liaison with the infrastructure owners and operators. • Created CIAO to focus on initiatives that cut across industry sectors and are not the existing responsibility of the Lead Agencies • Ensure a cohesive approach to achieving continuity in delivering critical infrastructure services.

  6. Executive Order 13231 • Established the President’s Critical Infrastructure Protection Board, • Expanded role of CIAO.

  7. EO13231Role of CIAO • National Awareness and Outreach • Assist Federal Agencies to Identify Infrastructure Dependencies • National Strategy Development • Education & Training Coordination • Address Legislative and Legal Obstacles; Potential Market Failures • NIAC Support

  8. Direction • Oversight • Funding EO 13231 Outreach Policy Policy Outreach MATRIX CIAO Organizational Relationships Special Advisor to the President for Cyberpsace Security Secretary of Commerce Bureau of Industry and Security President’s CIP Board CIAO Director

  9. PDD-63 Eight Critical Infrastructures Gas & Oil Storage and Delivery Government Operations Emergency Services Water Supply Systems Critical Infrastructures Information Systems & Telecommunications Banking and Finance Transportation Electrical Energy

  10. New Sectors Post 9/11 • Agriculture • Food Delivery • Chemical Manufacturing • Others

  11. Sectors areInterconnected and Interdependent • Electric power generation  fuel  pipelines or rail transportation, • Information and communications systems  electricity, and • All sectors  “cyber” systems

  12. Consequences of Interdependencies • Disruptions in one sector affect others, • Cascading consequences have effects well beyond the vicinity of the initial occurrence • Regional and national disturbances

  13. Infrastructure Ownership • 85% - 90% of US critical infrastructures is owned and operated by the private sector or state and local government • Private sector is used to protecting critical infrastructures everyday disruptions, but is not prepared to cope with terrorist threats • The Federal government - no mandate or resources to protect critical infrastructure • Cyber systems cannot be protected by police or soldiers • National policy achieved by public-private partnership • Business and government at the Federal, state, and local levels.

  14. Critical Infrastructure Assurance Office(CIAO) • Mission - facilitate and coordinate the Federal government’s efforts to safeguard its own critical systems and to act as a liaison between the Federal government and the private sector, and state and local governments to increase awareness and encourage concerted action to secure our nation’s critical infrastructures in the face of new emerging threats and vulnerabilities. • Goal - help ensure that any disruptions are brief in duration, limited in impact, and quickly corrected.

  15. Outreach PartnershipsPrivate Sector • With respected channels of communication and influence within business and state and local government to raise awareness and to develop implementable actions that become self-sustainable, and • Cross-sector partnerships that identify and address common issues and interdependencies.

  16. Corporate Senior Leadership • Chief Executive Officers, Boards of Directors, Chief Operating Officers, Chief Financial Officers, and Chief Information Officers. • Key risk and business management communities were identified and engaged in partnerships to develop, and then deliver, educational programs designed to incorporate the principles of security into corporate governance and business management practices. • With communities such as the auditors, insurers and financial analysts, CIAO has worked to translate threats to critical infrastructure into business case models that corporate boards and senior management can understand.

  17. Cross Sector Partnering • Partnership for Critical Infrastructure Security (PCIS). • Satisfies a need for cross-industry dialogue and sharing of experience, beyond the scope of the Federal lead agencies’ efforts. • Organized by industry for industry, with CIAO acting as a catalyst and a participant. • CIAO will be extending its cross-sector coordination activities through its support of the activities of the National Infrastructure Advisory Council (NIAC) • Thirty senior executives from private industry, academia, and state and local government who will advise the President on matters relating to the security of information systems.

  18. Outreach PartnershipsState and Local Government • Similar to program for industry • Eg.: Emergency response planning and crisis management • Develop and disseminate a “business case for action” with recommended actions to 87,000 communities across the country • Public Technology, Inc. (National League of Cities), • National Association of Counties, • International City/County Management Association. • National Strategy for Cyberspace Security • National Governors Association (NGA), • National Association of State Chief Information Officers (NASCIO).

  19. A New Type of Warfare • The front lines of the new types of warfare, both physical and cyber, are clearly in our communities and in our individual institutions. • State conferences • “Critical Infrastructures: Working Together in a New World”

  20. Outreach Goals • Create Information Sharing and Analysis Centers for intrusion monitoring networks • Establish process to agree upon ‘Best or Recommended Practices’ for computer security in each sector • Jointly develop an ‘Awareness and Education’ campaign

  21. Infrastructure Security Analysis • The Federal Government owns or operates a portion of the infrastructure • Typically those functions or services that the private sector can’t or won’t provide • Eg.: Weather forecasting, aviation control, and economic entitlements

  22. Infrastructure Security Analysis • Each Federal department and agency must identify: • Its essential functions and services and the critical assets responsible for their performance; • All associated dependencies on assets located in other departments and agencies that are necessary to performance or delivery; and • All associated dependencies on privately owned and operated critical infrastructures that also are essential to performance or delivery of services.

  23. Project Matrix Step 1: Step 2: • Identify USG’s most critical assets • Capture major nodes and networks upon which USG’s most critical assets depend • Tie the most critical assets and their supporting nodes and networks to underlying infrastructures Step 3: “Provides a complete picture of asset dependencies and interdependencies ”

  24. Project MatrixWhat is “Critical”? • Responsibilities, assets, nodes and networks which if incapacitated or destroyed would: • Jeopardize the nation’s survival • Have a serious, deleterious effect on the nation at large • Adversely affect large portions of the American populace • Require near term, if not immediate, remediation (72 Hrs)

  25. Project Matrix Goals • Function vs. consequences • Develop a map of the Federal government’s critical national level interdependencies • Recognize critical choke points • Predict cascading effects

  26. Federal Department and Agency Actions • Complete the Step 2 & 3 analyses and send results to Project Matrix • Develop and implement plansto manage the risks • Deter attacks • Protect from damage or destruction if attacks occur • Mitigate impact if protections fail • Restore & reconstitute • Work with the owners and operators of privately owned and operated infrastructures – on mutually agreed upon terms – to ensure that adequate security measures are established and maintained.

  27. Information Integration Program Office • To improve the coordination of information sharing essential to combating terrorism nationwide • Design and help implement an interagency information architecture that will support efforts to find, track, and respond to terrorist threats within the United States and around the world, in a way that improves both the time of response and the quality of decisions • create an essential information inventory; • determine horizontal and vertical sharing requirements; • define a target architecture for information sharing; and • determine the personnel, software, hardware, and technical resources needed to implement the architecture.

  28. Integrated National Strategy for Critical Infrastructure Assurance • Threats: • physical attacks against the “real property” components of the infrastructures; and • cyber attacks against the information or communications components that control these infrastructures. • Office of Homeland Security (OHS) – “to develop and coordinate the implementation of a comprehensive national strategy to secure the United States from terrorist threats or attacks.” • President’s Critical Infrastructure Protection Board - “ensur[ing] protection of information systems for critical infrastructure, including emergency preparedness communications, and the physical assets that support such systems.” • CIAO - coordinate and facilitate input from private industry, and state and local government to the national strategies

  29. International Efforts • Bilateral government-to-government and industry-to-industry visits both abroad and in the U.S. • To share concerns, experiences, lessons learned, & methodologies • Partnerships - Eg.: Watch and Warning Centers

  30. International Partners • Recent and on-going: • Canada, Great Britain, Australia, India, Italy, & Japan • Near future: • Mexico, others…

  31. Thank You Mike Lombard (202) 482-7477 mike.lombard@ciao.gov

More Related