u s government demonstrating leadership in cyber security l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
U.S. Government: Demonstrating Leadership in Cyber-Security PowerPoint Presentation
Download Presentation
U.S. Government: Demonstrating Leadership in Cyber-Security

Loading in 2 Seconds...

play fullscreen
1 / 18

U.S. Government: Demonstrating Leadership in Cyber-Security - PowerPoint PPT Presentation


  • 360 Views
  • Uploaded on

U.S. Government: Demonstrating Leadership in Cyber-Security. March 14, 2000. Cyber-Attack. Economy and National Security dependent upon computer controlled systems One-Third of US Economic Growth 95-98 Security not a design consideration for most critical systems/networks

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

U.S. Government: Demonstrating Leadership in Cyber-Security


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
    Presentation Transcript
    1. U.S. Government: Demonstrating Leadership in Cyber-Security March 14, 2000

    2. Cyber-Attack • Economy and National Security dependent upon computer controlled systems • One-Third of US Economic Growth 95-98 • Security not a design consideration for most critical systems/networks • Large number of ‘attacks’, unauthorized intrusions, down-loads, malicious code insertion • Other nations developing offensive cyber-attack capabilities -- aimed at the U.S. • New and Novel Intrusions

    3. PDD-63: Protecting Critical Infrastructures • Action by Federal, state and local, private sector participants • Federal: National Security, public health and safety • State and local governments: Maintain order and essential services • Private Sector: Essential communications, energy, financial, and transportation services • Initial Operating Capability by 2000; Final Operating Capability by 2003 • Established: • National Coordinator -- NSC • National Infrastructure Protection Center (NIPC) • Critical Infrastructure Assurance Office (CIAO)

    4. National Plan Blueprint:Four Key Themes • US Government a Model of Information Security • Building the Public Private Partnership • R&D for Solutions • Law Enforcement and National Security Capabilities

    5. The White House Is Watching(So is Congress) • President • National Plan for Information Systems Protection • Cyber-Summit • Agency Directive • White House • OMB Director Lew Guidance • Chief of Staff Podesta Guidance • Ongoing Chief of Staff Conference Calls • Congress • GSA reports • Many Hearings • Many Bills

    6. FY 2000/ 2001 Budget • FY 2000 - $1.75 B Appropriated • 10% Civilian Agency • FY 2001 - $2.01 B Requested • 25% Civilian Agency • Key Initiatives - $100 M • Institute for Information Infrastructure Protection • Federal Cyber Service • FIDNET • PKI • ISACs • Expert Review Team • R&D - $606 M • FY 2000 Supplemental - $9 M

    7. Future Budgets • OMB/NSC/Interagency Process • 1) Proposals Developed • From Agency Experts • From Interagency Working Groups • 2) Interagency/White House OK • 3) Action by Departments • 4) OMB Review if not part of Departmental Request • New Process • In Use for Other Cross-cutting Issues

    8. National Plan Blueprint:Four Key Themes • US Government a Model of Information Security • Building the Public Private Partnership • R&D for Solutions • Law Enforcement and National Security Capabilities

    9. U.S. Government as Model • Identify and Address Vulnerabilities • Implement Best Practices • Install Defensive Detection Systems • Train and Recruit Security Experts • Fund R&D

    10. One: Identify and Address Vulnerabilities • Vulnerability Assessment vs Threat Analysis • Tension between Cyber and Physical • Interdependencies and Single Points of Failure • New Elements: • Project Matrix • Expert Review Team • Open Source Software • Patch Prioritization • Recommended Practices • PKI

    11. Project MatrixShared Interdependencies • Complete Picture of Asset Dependencies and Interdependencies • Three Steps • Identify PDD-63 Relevant Assets • Capture Major Nodes and Networks which USG Critical Assets Depend • Tie Critical Assets and Supporting Nodes/Networks to Underlying Infrastructures

    12. Two:Implement Best Practices • Convergenceof Three Initiatives • Critical Infrastructure Protection Working Group • Model Information Systems Security Program • CIO Council Strategic Objectives • CIO Council Security, Privacy and Critical Infrastructure Committee Lead • Objective: Into the hands of practitioners soon

    13. Three:Defensive Detection Systems • Invest in Current Best of Breed • Intrusion Detection Monitors/Firewalls • Access/Activity Rules • Enterprise Wide Management Systems • Deploy Next Generation Government-Wide Systems • JTF-CND -- for DOD • FIDNet -- for Civilian Agences • NSIRC -- for national security systems • Drive Technology • Vendor conference 3/15

    14. FIDNet Architecture • System of Systems • Departments run own intrusion detection systems • Link to FIDNet • Information Exchange • Enhances FedCIRC Capabilities • Run by GSA • Base for Additional Capabilities • patch distribution

    15. Four: Train and Recruit Security Experts: • Centers for IT Excellence • Scholarship for Service Program • High School Recruitment and Computer Security Awareness program • Federal Computer Security Awareness Program • IT Occupational Study/Reform

    16. Five:Fund R&D • Institute for Information Infrastructure Protection • National framework: Coordinated Federal and Private Sector efforts • Key Priorities • Indications of anomalous behavior within systems • Large-scale automated correlation of events • Automated alarm analysis

    17. Summary • Federal Government Must be a Model • White House Support for Budget and Resources • Need for Action • Vulnerabilities • Best Practices • FIDNet and Detection Systems • Training and Recruitment • R&D

    18. CHAIR, USG as a Model Working Group Tom Burke General Services Administration (GSA) 202 708 7000 Tom.Burke@GSA.GOV NSC Senior Director for Critical Infrastructure Jeffrey Hunker National Security Council (NSC) 202 456 9351 Jeffrey_A._Hunker@NSC.EOP.GOV CONTACT