1 / 18

National Cyber Security Division/ U.S. Computer Emergency Readiness Team (US-CERT) Overview

National Cyber Security Division/ U.S. Computer Emergency Readiness Team (US-CERT) Overview. Lawrence Hale Deputy Director, US-CERT March 10, 2004 17 th Federal Information Systems Security Educators’ Association. Mission. Mission components include:

maximus
Download Presentation

National Cyber Security Division/ U.S. Computer Emergency Readiness Team (US-CERT) Overview

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. National Cyber Security Division/U.S. Computer Emergency Readiness Team (US-CERT)Overview Lawrence Hale Deputy Director, US-CERT March 10, 2004 17th Federal Information Systems Security Educators’ Association

  2. Mission • Mission components include: • Identifying, analyzing and reducing threats and vulnerabilities • Disseminating threat warning information • Coordinating incident response • Providing technical assistance in continuity of operations and recovery • Serving as national focal point for the public and private sector regarding cyber security issues • …Implement the National Strategy… The National Cyber Security Division (NCSD) is the National focal point for addressing cyber security issues in the United States.

  3. The National Strategy’s Five Priorities

  4. U.S. Department of Homeland Security Information Analysis and Infrastructure Protection Homeland Security Presidential Directive 7 December 17, 2003 Paragraph 16. The Secretary will continue to maintain an organization to serve as a focal point for the security of cyberspace. The organization will facilitate interactions and collaborations between and among Federal departments and agencies, State and local governments, the private sector, academia and international organizations. To the extent permitted by law, Federal departments and agencies with cyber expertise, including but not limited to the Departments of Justice, Commerce, the Treasury, Defense, Energy, and State, and the Central Intelligence Agency, will collaborate with and support the organization in accomplishing its mission. The organization's mission includes analysis, warning, information sharing, vulnerability reduction, mitigation, and aiding national recovery efforts for critical infrastructure information systems. The organization will support the Department of Justice and other law enforcement agencies in their continuing missions to investigate and prosecute threats to and attacks against cyberspace, to the extent permitted by law.

  5. U.S. Department of Homeland Security Information Analysis and Infrastructure Protection NCSD’s Integrated Capability Strategy, Policy, Programs: Support, Studies, Analysis, and Policy Leadership FedCIRC: Securing Government’s Cyberspace US-CERT: The National Cyber Preparedness and Response System

  6. US-CERT: Readiness • The National Response System • National Level Watch and Incident Management • 24/7 Watch Operations • Cyber Interagency Incident Management Group (C-IIMG) • Develop and practice capabilities: Livewire • Early warning initiatives and displays • Vulnerability Assessment and Remediation • Current and potential vulnerabilities & remediation mechanisms • Malware lab and analysis capability • Common vulnerabilities and exposures identification • Critical Infrastructure Program cyber review matrix • Internet infrastructure critical system matrix

  7. U.S. Department of Homeland Security Information Analysis and Infrastructure Protection Homeland Security Presidential Directive 7 December 17, 2003 Paragraph 16. The Secretary will continue to maintain an organization to serve as a focal point for the security of cyberspace. The organization will facilitate interactions and collaborations between and among Federal departments and agencies, State and local governments, the private sector, academia and international organizations. To the extent permitted by law, Federal departments and agencies with cyber expertise, including but not limited to the Departments of Justice, Commerce, the Treasury, Defense, Energy, and State, and the Central Intelligence Agency, will collaborate with and support the organization in accomplishing its mission. The organization's mission includes analysis, warning, information sharing, vulnerability reduction, mitigation, and aiding national recovery efforts for critical infrastructure information systems. The organization will support the Department of Justice and other law enforcement agencies in their continuing missions to investigate and prosecute threats to and attacks against cyberspace, to the extent permitted by law.

  8. US-CERT: Readiness (continued) • Outreach: Public-Private Partnership • Information dissemination, alerting and information products • Secure Communications Infrastructure for collaboration and response • National Cyber Security Summit • Partnerships for awareness, exchange and response • Incident Responders (Federal Government, International, Law Enforcement, Other) • Critical infrastructure owners and operators • Service providers and backbone providers • Security product vendors and software industry

  9. National Cyber Security Division • Providing strategy and policy support and leadership • Software Assurance • Software development processes • Security enhancement through automated tools • International Collaboration • Intelligence community requirements • Economic analysis • Standards and best practices • NIAP review in conjunction with DoD and NIST, and others • Training and Education

  10. Training and Education • Centers of Academic Excellence Program • Co-sponsor NSA Centers of Academic Excellence in Information Assurance Education and expand to National program • IT Security Professional Certification Effort • Work with DoD and Federal agencies to collect requirements for IT security professional certification • Define job functions, skills and knowledge required, and common body of knowledge • Scholarship for Service Program • Work with National Science Foundation and Federal CIO Council, Workforce Committee to promote Scholarship for Service Program among all Federal agencies • IT Security Awareness • Work with Department of Education and existing organizations such as EDUCAUSE and National Cyber Security Alliance to promote IT security training and education in universities and primary/secondary schools

  11. FedCIRC Initiatives • Securing Government’s Cyberspace • Security Analysis Program • Passive vulnerability discovery and analysis capability • Capability exists on existing systems, being deployed • Incident Management • Processes, incident support and correlation • Consolidated NIPC, FedCIRC and other watches • Security collaboration groups • CISO Forum, GFIRST, others

  12. National Cyber Alert System • Provides credible and timely information on cyber security issues to include: • Cyber Security Tips • Cyber Security Bulletin • Cyber Security Alerts • All information products are available on a free subscription basis and are delivered via email. • Sign up at www.us-cert.gov

  13. Vulnerabilities • US-CERT has recently issued alerts on: • Multiple Vulnerabilities in MS ASN.1 Library • HTTP Parsing Vulnerabilities in Checkpoint FW-1 • Multiple Vulnerabilities in MS Internet Explorer • Actions taken may include release of standard and • technical advisories, informational bulletins, and • vulnerability notes; coordination with affected vendors; • coordination of remediation efforts with the federal • government and private industry; LE and IC contact

  14. Recent Events E-mail Borne Viruses • Beagle/Bagle • Mydoom/Novarg/Doomjuice • Netsky • Blaster/Welchia/Nachi

  15. Long-term needs • Stronger foundations • R&D investments in • The “science” of information assurance • Well defined security properties of components • Security metrics • Component composition rules that preserve security properties • Engineering practices that build-in (rather than bolt-on) security • Protocols that limit damage from distributed attacks

  16. Near to mid-term needs • Education and Training organizations • Undergraduate & Graduate programs • Increased emphasis on secure development practices in CS & Engineering programs • Executive education programs on risk management and information security • Security training for IT staff

  17. Near to mid-term needs • Software Developers • Dramatic reduction in the number of vulnerabilities • Secure out-of-the-box configurations • “Virus-proof” software • Response Groups • Global indications and warning systems with predictive capabilities

  18. Lawrence Hale • Deputy Director, NCSD, US-CERT • 202 708-7000

More Related