u s government demonstrating leadership in cyber security
Download
Skip this Video
Download Presentation
U.S. Government: Demonstrating Leadership in Cyber-Security

Loading in 2 Seconds...

play fullscreen
1 / 18

U.S. Government: Demonstrating Leadership in Cyber-Security - PowerPoint PPT Presentation


  • 326 Views
  • Uploaded on

U.S. Government: Demonstrating Leadership in Cyber-Security. March 14, 2000. Cyber-Attack. Economy and National Security dependent upon computer controlled systems One-Third of US Economic Growth 95-98 Security not a design consideration for most critical systems/networks

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'U.S. Government: Demonstrating Leadership in Cyber-Security' - Mia_John


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
cyber attack
Cyber-Attack
  • Economy and National Security dependent upon computer controlled systems
    • One-Third of US Economic Growth 95-98
  • Security not a design consideration for most critical systems/networks
  • Large number of ‘attacks’, unauthorized intrusions, down-loads, malicious code insertion
  • Other nations developing offensive cyber-attack capabilities -- aimed at the U.S.
  • New and Novel Intrusions
pdd 63 protecting critical infrastructures
PDD-63: Protecting Critical Infrastructures
  • Action by Federal, state and local, private sector participants
    • Federal: National Security, public health and safety
    • State and local governments: Maintain order and essential services
    • Private Sector: Essential communications, energy, financial, and transportation services
  • Initial Operating Capability by 2000; Final Operating Capability by 2003
  • Established:
    • National Coordinator -- NSC
    • National Infrastructure Protection Center (NIPC)
    • Critical Infrastructure Assurance Office (CIAO)
national plan blueprint four key themes
National Plan Blueprint:Four Key Themes
  • US Government a Model of Information Security
  • Building the Public Private Partnership
  • R&D for Solutions
  • Law Enforcement and National Security Capabilities
the white house is watching so is congress
The White House Is Watching(So is Congress)
  • President
    • National Plan for Information Systems Protection
    • Cyber-Summit
    • Agency Directive
  • White House
    • OMB Director Lew Guidance
    • Chief of Staff Podesta Guidance
    • Ongoing Chief of Staff Conference Calls
  • Congress
    • GSA reports
    • Many Hearings
    • Many Bills
fy 2000 2001 budget
FY 2000/ 2001 Budget
  • FY 2000 - $1.75 B Appropriated
    • 10% Civilian Agency
  • FY 2001 - $2.01 B Requested
    • 25% Civilian Agency
    • Key Initiatives - $100 M
      • Institute for Information Infrastructure Protection
      • Federal Cyber Service
      • FIDNET
      • PKI
      • ISACs
      • Expert Review Team
    • R&D - $606 M
  • FY 2000 Supplemental - $9 M
future budgets
Future Budgets
  • OMB/NSC/Interagency Process
    • 1) Proposals Developed
      • From Agency Experts
      • From Interagency Working Groups
    • 2) Interagency/White House OK
    • 3) Action by Departments
    • 4) OMB Review if not part of Departmental Request
  • New Process
    • In Use for Other Cross-cutting Issues
national plan blueprint four key themes8
National Plan Blueprint:Four Key Themes
  • US Government a Model of Information Security
  • Building the Public Private Partnership
  • R&D for Solutions
  • Law Enforcement and National Security Capabilities
u s government as model
U.S. Government as Model
  • Identify and Address Vulnerabilities
  • Implement Best Practices
  • Install Defensive Detection Systems
  • Train and Recruit Security Experts
  • Fund R&D
one identify and address vulnerabilities
One: Identify and Address Vulnerabilities
  • Vulnerability Assessment vs Threat Analysis
  • Tension between Cyber and Physical
  • Interdependencies and Single Points of Failure
  • New Elements:
    • Project Matrix
    • Expert Review Team
    • Open Source Software
    • Patch Prioritization
    • Recommended Practices
    • PKI
project matrix shared interdependencies
Project MatrixShared Interdependencies
  • Complete Picture of Asset Dependencies and Interdependencies
  • Three Steps
    • Identify PDD-63 Relevant Assets
    • Capture Major Nodes and Networks which USG Critical Assets Depend
    • Tie Critical Assets and Supporting Nodes/Networks to Underlying Infrastructures
two implement best practices
Two:Implement Best Practices
  • Convergenceof Three Initiatives
    • Critical Infrastructure Protection Working Group
    • Model Information Systems Security Program
    • CIO Council Strategic Objectives
  • CIO Council Security, Privacy and Critical Infrastructure Committee Lead
  • Objective: Into the hands of practitioners soon
three defensive detection systems
Three:Defensive Detection Systems
  • Invest in Current Best of Breed
    • Intrusion Detection Monitors/Firewalls
    • Access/Activity Rules
    • Enterprise Wide Management Systems
  • Deploy Next Generation Government-Wide Systems
    • JTF-CND -- for DOD
    • FIDNet -- for Civilian Agences
    • NSIRC -- for national security systems
  • Drive Technology
    • Vendor conference 3/15
fidnet architecture
FIDNet Architecture
  • System of Systems
    • Departments run own intrusion detection systems
    • Link to FIDNet
  • Information Exchange
  • Enhances FedCIRC Capabilities
  • Run by GSA
  • Base for Additional Capabilities
    • patch distribution
four train and recruit security experts
Four: Train and Recruit Security Experts:
  • Centers for IT Excellence
  • Scholarship for Service Program
  • High School Recruitment and Computer Security Awareness program
  • Federal Computer Security Awareness Program
  • IT Occupational Study/Reform
five fund r d
Five:Fund R&D
  • Institute for Information Infrastructure Protection
  • National framework: Coordinated Federal and Private Sector efforts
  • Key Priorities
    • Indications of anomalous behavior within systems
    • Large-scale automated correlation of events
    • Automated alarm analysis
summary
Summary
  • Federal Government Must be a Model
  • White House Support for Budget and Resources
  • Need for Action
    • Vulnerabilities
    • Best Practices
    • FIDNet and Detection Systems
    • Training and Recruitment
    • R&D
contact
CHAIR, USG as a Model Working Group

Tom Burke

General Services Administration (GSA)

202 708 7000

[email protected]

NSC Senior Director for Critical Infrastructure

Jeffrey Hunker

National Security Council (NSC)

202 456 9351

[email protected]

CONTACT
ad