1 / 16

Executive Order on Improving Critical Infrastructure Cybersecurity and Cyber Incident Response

Executive Order on Improving Critical Infrastructure Cybersecurity and Cyber Incident Response. Richard Harris Policy, Plans, and Strategy Office of Cybersecurity and Communications. April 24, 2013. Enhancing Security & Resilience.

aron
Download Presentation

Executive Order on Improving Critical Infrastructure Cybersecurity and Cyber Incident Response

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Executive Order on Improving Critical Infrastructure Cybersecurity and Cyber Incident Response Richard Harris Policy, Plans, and Strategy Office of Cybersecurity and Communications April 24, 2013

  2. Enhancing Security & Resilience • America's national security and economic prosperity are dependent upon the operation of critical infrastructure that are increasingly at risk to the effects of cyber attacks. • The vast majority of U.S. critical infrastructure is owned and operated by private sector companies. • A strong partnership between government and industry is indispensible to reducing the risk to these vital systems. • We are building critical infrastructure resiliency by establishing and leveraging these partnerships. • Security and resilience include the capabilities to protect, prevent, and respond to cyber events.

  3. Taking Action • In February 2013, the President announced two new policies • Executive Order 13636: Improving Critical Infrastructure Cybersecurity • Presidential Policy Directive – 21: Critical Infrastructure Security and Resilience • Together, they create an opportunity to work together to effect a comprehensive national approach to security and risk management. • Implementation efforts will drive action toward system and network security and resiliency.

  4. Integrating Cyber-Physical Security • Executive Order 13636: Improving Critical Infrastructure Cybersecuritydirects the Executive Branch to: • Develop a technology-neutral voluntary cybersecurity framework • Promote and incentivize the adoption of cybersecurity practices • Increase the volume, timeliness and quality of cyber threat information sharing • Incorporate strong privacy and civil liberties protections into every initiative to secure our critical infrastructure • Explore the use of existing regulation to promote cyber security • Presidential Policy Directive-21: Critical Infrastructure Security and Resilience replaces Homeland Security Presidential Directive-7 and directs the Executive Branch to: • Develop a situational awareness capability that addresses both physical and cyber aspects of how infrastructure is functioning in near-real time • Understand the cascading consequences of infrastructure failures • Evaluate and mature the public-private partnership • Update the National Infrastructure Protection Plan • Develop comprehensive research and development plan Both promote shared situational awareness and public/private sector collaboration.

  5. NCCIC Overview, Vision, and Mission NCCIC Overview The National Cybersecurity and Communications Integration Center (NCCIC),a division of DHS’ National Programs and Protection Directorate’s (NPPD) Office of Cybersecurity and Communications (CS&C), operates at the intersection of the network defense, private sector, civilian, law enforcement, intelligence, and defense communities. • NCCIC Vision • A world class cybersecurity and communications organization performing cutting edge analysis, sharing actionable and comprehensive information in real time, and ensuring a whole of nation approach to response, mitigation, and recovery efforts. • NCCIC Mission • To operate at the intersection of the private sector, civilian, law enforcement, intelligence, and defense communities, applying unique analytic perspectives, ensuring shared situational awareness, and orchestrating synchronized response efforts while protecting the Constitutional and privacy rights of Americans in both the cybersecurity and communications domains.

  6. NCCIC Organization and Structure

  7. NCCIC Focus Areas • Enhance the integration and coordination of national response to significant cyber events • Create shared situational awareness among public sector, private sector, and international partners by coordinating the joint development and dissemination of timely and actionable cybersecurity and communications information • Expand the Common Operating Picture (COP) • Expand domestic and international relationships • Increase provision of Enhanced Cybersecurity Services (ECS) • Improve machine-readable exchange of information • Improve on-site/remote assistance capabilities to rapidly respond to routine and significant cybersecurity and communications incidents in order to mitigate harmful activity, manage crisis situations, and support recovery

  8. Law Enforcement Intelligence Community DOD D/A SOC ISACs NICC Industry DHS NOC NCCIC Partnerships NCCIC Components • NCCIC is comprised of organizational components and operational liaisons • Components refers to DHS organizations that have a major presence on the NCCIC floor • Operational Liaisons refer to outside agencies such as ISACs, Law Enforcement and Industry • The execution of NCCIC’s mission relies on coordinated operations that contribute to all products and services

  9. NCCIC Pillars and Capabilities NCCIC Operational Pillars • Information Sharing • Incident Handling / Crisis Management • Analysis NCCIC In-House and Virtual Capabilities • 24/7/365 Operations Center • Critical Infrastructure / Key Resources (CI/KR) Sectors • Information Sharing & Analysis Centers (ISAC) • Fed/State/Local/Tribal Government • International Partners NCCIC Branches • United States Computer Emergency Readiness Team (US-CERT) • Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) • National Coordinating Center for Telecommunications (NCC) • Operations and Integration (O&I) • **Intelligence and Analysis (I&A) - Constant Presence on the NCCIC Operations Floor

  10. United States Computer Emergency Readiness Team (US-CERT) Subject Matter Experts in IT Network Architectures • Networking technologies, malware, digital forensics, enterprise network solutions State of the Art Advanced Malware Analysis Center (AMAC) • Analyzes media and/or malware to determine the cause and effect of probable intrusions into critical systems • Provides indicators to mitigate and prevent future intrusions Network, System and Host Analysis on Enterprise Systems • Intrusion Detection System (IDS)/ Intrusion Prevention System (IPS) Logs • Proxy and Network Infrastructure Logs • Network Traffic Analysis • Disk and Firmware Images Support for Incident Response, Recovery and Future Defense Efforts

  11. Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) Subject Matter Experts in Industrial Control Systems (ICS) • Supervisory Control and Data Acquisition (SCADA), Process Control Systems (PCS), Distributed Control Systems (DCS), Remote Terminal Units (RTUs), Human Machine Interfaces (HMIs), Programmable Logic Controllers (PLCs) Unique Awareness of Emerging Issues and Threats to Control Systems and Vendor Products State of the Art Analysis Capabilities Specific to ICS that enable – • Malware and Embedded Systems Analysis • Patch Testing • Consequence Analysis Incident Response Support for ICS-Related Response, Recovery and Future Defense Efforts

  12. National Coordinating Center for Telecommunications (NCC) Subject Matter Experts in all Communication Domains • Wireless (Cellular, Satellite, Microwave) • Wireline (Public Switched Telephone Network, Internet, Signaling Systems, Physical Infrastructure) Enrollment in Priority Service and Priority Restoration Programs • Government Emergency Telecommunications Service (GETS) • Wireless Priority Service (WPS) • Telecommunications Service Priority (TSP) Real-time Access to Telecom/Internet Service Providers During Cyber Events Support for Emergency Support Function # 2 (ESF-2) • Emergency Response Function for Events Impacting National Security/Emergency Preparedness (NS/EP) Communications • Consequence Management support in Collaboration with FEMA

  13. Operations and Integration (O&I) • O&I engages in planning, coordination, and integration capabilities to synchronize analysis, information sharing, and incident response efforts across the NCCIC’s branches and activities • 24/7 clearinghouse for critical cyber and communications information • Track and initiate critical information requirements (CIRs) that guide the dissemination of alerts to leadership • Coordinate continuity of operations (COOP) responsibilities for alternate site operations to support minimal disruption to NCCIC mission essential functions

  14. Protection of Information Traffic-Light Protocol (TLP): Originator-controlled classification system developed to encourage greater sharing of sensitive (but unclassified) information with external entities. • Protected Critical Infrastructure Information (PCII) Program: • Information-protection program that enhances voluntary information sharing between infrastructure owners and operators and the government • PCII protections guarantee Homeland Security partners that the information they share with the government will not lead to the exposure of sensitive or proprietary data

More Related