MSDGS19 presentation - Cybersecurity Resources – You're Not Alone by Tara Brewer

Please download to get full document.

View again

All materials on our website are shared by users. If you have any questions about copyright issues, please report us to resolve them. We are always happy to assist you.
 3
 
  1. C I S A | C Y B E R S E C U R I T Y A N D I N F R A S T R U C T U R E S E C U R I T Y A G E N C Y CISA Resources For Building Cyber Resilience Tara Brewer…
Share
Transcript
  • 1. C I S A | C Y B E R S E C U R I T Y A N D I N F R A S T R U C T U R E S E C U R I T Y A G E N C Y CISA Resources For Building Cyber Resilience Tara Brewer Cybersecurity Analyst Cybersecurity Advisor Program Cybersecurity and Infrastructure Security Agency 9/17/2019
  • 2. 2 • Cybersecurity and Infrastructure Security Agency (CISA) mission: • Lead the collaborative national effort to strengthen the security and resilience of America’s critical infrastructure • CISA vision: • A Nation with secure, resilient, and reliable critical infrastructure upon which the American way of life can thrive CISA Mission and Vision
  • 3. 3 ▪ CISA consists of: CISA in Brief Cybersecurity Division Emergency Communications Division Infrastructure Security Division National Risk Management Center
  • 4. Cyber Threat Landscape 4
  • 5. DNI Worldwide Threat Assessment 2018 5 • Adversaries using cyber to shape societies and markets to their advantage • 30+ countries with cyber attack capabilities • Maturity & sophistication of capabilities varies • Exponential growth since 2012
  • 6. 6 CISA CYBERSECURITY
  • 7. 7 National Cybersecurity and Communications Integration Center (NCCIC): Working with and for you • Operations • Cyber Threat Hunting and Incident Response Teams • National Cyber Assessments and Technical Services (NCATS) • Risk and Vulnerability Assessments (RVAs) • Phishing Campaign Assessments (PCA) • Vulnerability Scanning • Validated Architecture Design Review (VADR) • Cyber Security Evaluation Tool (CSET™) • Cyber Threat Detection and Analysis • Cyber Exercises • Malware Analysis • National Cyber Awareness System • Publications and Communications National Cybersecurity and Communications Integration Center
  • 8. 8 CISA mission: Lead the collaborative national effort to strengthen the security and resilience of America’s critical infrastructure In support of that mission: Cybersecurity Advisors (CSAs): • Assess: Evaluate critical infrastructure cyber risk. • Promote: Encourage best practices and risk mitigation strategies. • Build: Initiate, develop capacity, and support cyber communities- of-interest and working groups. • Educate: Inform and raise awareness. • Listen: Collect stakeholder requirements. • Coordinate: Bring together incident support and lessons learned. Cybersecurity Advisor Program
  • 9. 9 Serving Critical Infrastructure
  • 10. 10 CSA Deployed Personnel CSA’s Office Region X Region III Region IV Region VII Region VIII Deron McElroy Los Angeles, CA Western U.S. Supervisory CSA Rich Richard New York, NY George Reeves San Antonio, TX Ron Watters Seattle, WA Sean McCloskey Charlotte, NC Eastern U.S. Supervisory CSA Harley Rinerson Denver, CO Central U.S. Supervisory CSA Tony Enriquez Chicago, IL Ron Ford Boston, MA Franco Cappa Philadelphia, PA Jennine Gilbeau San Francisco, CA Rick Gardner Salt Lake City, UT Region IX Region V Region I Region II Region IV Region VI Geoffrey Jenista Kansas City, MO J.D. Henry St. Louis, MO Ben Gilbert Richmond, VA Klint Walker Atlanta, GA Chad Adams Dallas, TX Mike Lettman Phoenix, AZ Giovanni Williams Honolulu, HI David Sonheim Denver, CO Kelley Goldblatt Detroit, MI Joe Oregon Laguna Niguel, CA
  • 11. 11 DHS Cybersecurity Resources • National Cybersecurity Assessments • Cyber Resilience Review (CRR™) • Cyber Infrastructure Review (CIS) • External Dependencies Management (EDM) • Phishing Campaign Assessment (PCA) • Risk and Vulnerability Assessment (RVA) • Cyber Hygiene: Vulnerability Scanning - Control Systems Validated Architecture Design Review (VADR) Cyber Security Evaluation Tool (CSET™) • Cyber Threat Detection and Incident Response • Incident Response, Recovery, and Cyber Threat Hunting • National Coordinating Center for Communication Watch • Malware Analysis – 24x7 contact number: 1-888-282-0870 • Cybersecurity Advisor (CSA) cyberadvisor@hq.dhs.gov • Preparedness • Cybersecurity Workshop • Cyber Protective Visit (CPV) • National Cyber Exercise and Planning Program (NCEPP) • Information Sharing and Analysis • Automated Indicator Sharing (AIS) • Enhanced Cybersecurity Services (ECS) • Cyber Information Sharing and Collaboration Program (CISCP) • Information Sharing and Analysis Organizations (ISAOs) • Information Sharing and Analysis Centers (ISACs) • Cyber Resources and Awareness • National Cyber Awareness System • Federal Virtual Training Environment (FedVTE) • National Initiative for Cyber Careers and Studies (NICCS) • STOP.THINK.CONNECT • DHS National Cybersecurity and Communications Integration Center (NCCIC) NCCICcustomerservice@hq.dhs.gov
  • 12. Homeland Security Cybersecurity Division 12 ASSESSMENTS
  • 13. 13 Criticality of Periodic Assessments • Periodic assessments are essential for resilience • Can’t protect if you don’t know what needs protection • Can’t fix what needs if you don’t know what’s wrong
  • 14. 14 Protected Critical Infrastructure Information (PCII) Program Guards Your Information • Sensitive critical infrastructure information voluntarily given to CISA is protected by law from: • Public release under Freedom of Information Act requests • Public release under State, local, tribal, or territorial disclosure laws • Use in civil litigation • Use in regulatory purposes Protected Critical Infrastructure Information Program
  • 15. 15 CYBER RESILIENCE REVIEW
  • 16. 16 Purpose: Evaluate operational resilience and cybersecurity practices of critical services. Delivery: Either • CSA-facilitated, or • Self-administered Benefits: • Helps public and private sector partners understand and measure cybersecurity capabilities as they relate to operational resilience and cyber risk Cyber Resilience Review CRR Question Set & Guidance
  • 17. 17 Critical Service Focus Organizations use assets (people, information, technology, and facilities) to provide operational services and accomplish missions. FOUO
  • 18. 18 Cyber Resilience Review Domains Asset Management Know your assets being protected & their requirements, e.g., CIA Risk Management Know and address your biggest risks that considers cost and your risk tolerances Configuration and Change Management Manage asset configurations and changes Service Continuity Management Ensure workable plans are in place to manage disruptions Controls Management Manage and monitor controls to ensure they are meeting your objectives Situational Awareness Discover and analyze information related to immediate operational stability and security External Dependencies Management Know your most important external entities and manage the risks posed to essential services Training and Awareness Ensure your people are trained on and aware of cybersecurity risks and practices Incident Management Be able to detect and respond to incidents Vulnerability Management Know your vulnerabilities and manage those that pose the most risk For more information: http://www.us-cert.gov/ccubedvp
  • 19. 19 CRR Sample Report Each CRR report includes: Domain performance of existing cybersecurity capability and options for consideration for all responses A summary “snapshot” graphic, related to the NIST Cyber Security Framework. Comparison data with other CRR participants *facilitated only
  • 20. 20 EXTERNAL DEPENDENCIES MANAGEMENT ASSESSMENT
  • 21. 21 Purpose: Evaluate an entity’s management of their dependencies on third-party entities Delivery: CSA-facilitated Benefits: • Better understanding of the entity’s cyber posture relating to external dependencies • Identification of improvement areas for managing third parties that support the organization External Dependencies Management Assessment EDM process outlined per the External Dependencies Management Resource Guide
  • 22. 22 EDM Assessment Report Each EDM report includes: • Performance summary of existing capability managing external dependencies • Comparison data with other EDM participants • Sub-domain performance of existing capability managing external dependencies and options for consideration for all responses
  • 23. 23 CYBER INFRASTRUCTURE SURVEY
  • 24. 24 Purpose: Evaluate security controls, cyber preparedness, overall resilience. Delivery: CSA-facilitated Benefits: • Effective assessment of cybersecurity controls in place for a critical service • Easy-to-use interactive dashboard to support cybersecurity planning and resource allocation) • Access to peer performance data visually depicted on the dashboard Cyber Infrastructure Survey Highlights
  • 25. 25 Example of CIS Dashboard Threat-based PMI:  Natural Disaster  Distributed Denial-of-Service  Remote Access Compromise  System Integrity Compromise Scenario:  Where should we to invest?  Weakest area in comparison to peers  Show management improvement Comparison:  Low Performers  Median Performers  High Performers Cyber Infrastructure Survey for
  • 26. 26 ▪ Shows the low, median, and high performers ▪ Compares your organization to the aggregate CIS Dashboard - Comparison
  • 27. 27 PHISHING CAMPAIGN ASSESSMENT
  • 28. 28 Purpose: Test an organization’s susceptibility and reaction to phishing emails. Delivery: Online delivery by CISA Benefits: • Identify the risk phishing poses to your organization • Decrease risk of successful malicious phishing attacks, limit exposure, reduce rates of exploitation • Receive actionable metrics • Highlight need for improved security training • Increase cyber awareness among staff Phishing Campaign Assessment
  • 29. 29 VULNERABILITY SCANNING
  • 30. 30 Vulnerability Scanning Purpose: Assess Internet-accessible systems for known vulnerabilities and configuration errors. Delivery: Online by CISA Benefits: • Continual review of system to identify potential problems • Weekly reports detailing current and previously mitigated vulnerabilities • Recommended mitigation for identified vulnerabilities Network Vulnerability & Configuration Scanning • Identify network vulnerabilities and weakness
  • 31. 31 VALIDATED ARCHITECTURE DESIGN REVIEW
  • 32. 32 Purpose: Analyze network architecture, system configurations, log file review, network traffic and data flows to identify abnormalities in devices and communications traffic. Delivery: CISA staff working with entity staff Benefits: • In-depth review of network and operating system • Recommendations to improve an organization’s operational maturity and enhancing their cybersecurity posture • Evaluation of network architecture Validated Architecture Design Review
  • 33. 33 RISK AND VULNERABILITY ASSESSMENT [PENETRATION TEST]
  • 34. 34 • Purpose: Perform network penetration and deep technical analysis of enterprise IT systems and an organization’s external resistance to specific IT risks • Delivery: Onsite by CISA • Benefits: • Identification of vulnerabilities • Specific remediation recommendations • Improves an entity’s cyber posture, limits exposure, reduces rates of exploitation • Increases speed and effectiveness of future cyber attack responses. Risk and Vulnerability Assessment
  • 35. 35 INFORMATION SHARING
  • 36. 36 • Automated Indicator Sharing (AIS): Rapid and wide sharing of machine-readable cyber threat indicators and defensive measures at machine-speed for network defense purposes • AIS is about volume and velocity of sharing indicators, not human validation. Automated Indicator Sharing
  • 37. 37 AIS Today More than 278 Federal and non-Federal entities are connected to AIS (about 190 non-Federal). Of non-Federal connections, about 35 are Information Sharing and Analysis Centers, Information Sharing and Analysis Organizations, or managed security providers, who further distribute AIS indicators to members or customers. Twelve international computer emergency response teams connect to our AIS server. Overall, more than 5 million unique indicators have been shared through AIS since implementation in 2016. For more information, visit NCCICcustomerservice@hq.dhs.gov or (888) 282-0870. Join us!
  • 38. 38 • Cyber Information Sharing and Collaboration Program (CISCP) • Enhances cyber collaboration between CISA and critical infrastructure owners and operators, and uses government and industry subject matter experts to collaboratively respond to incidents. • Supports data flow and analytical collaboration to support threat sharing across all sectors. • Provides timely, actionable products including threat/vulnerability indicators, early warnings and alerts focused on single threats/vulnerabilities expected to impact critical infrastructure, and recommended practices. • For more CISCP information, email ciscp_coordination@hq.dhs.gov. Additional Information Sharing Opportunities
  • 39. 39 • Enhanced Cybersecurity Services (ECS) Program • Improves protection of critical infrastructure systems from unauthorized access, exploitation, or data exfiltration. Cyber threat information shared with qualified commercial service providers. • Operationalizes sensitive or classified information • For more ECS information, visit http://www.dhs.gov/enhanced-cybersecurity- services, or email ECS_Program@HQ.DHS.gov. Additional Information Sharing Opportunities
  • 40. 40 • Multi-State Information Sharing and Analysis Center • Focal point for cyber threat prevention, protection, response and recovery for state, local, tribal, and territorial governments. • Operates 24 x7 cyber security operations center, providing real-time network monitoring, early cyber threat warnings and advisories, vulnerability identification and mitigation and incident response. For more information, visit www.cisecurity.org/ms-isac or email info@msisac.org • ISACs and ISAOs • Information Sharing and Analysis Centers (ISACs) or Organizations (ISAOs) are communities of interest sharing cybersecurity risk, threat information, and incident management to members. For more information on ISACs, visit www.nationalisacs.org. For more on ISAOs visit www.isao.org/about. Additional Information Sharing Opportunities
  • 41. 41 ADDITIONAL CYBERSECURITY RESOURCES
  • 42. 42 Malware Analysis To submit malware: • Email submissions to NCCIC at: submit@malware.us-cert.gov • Send in password-protected zip file(s). Use password “infected.” • Upload submission online: https://malware.us-cert.gov
  • 43. 43 Cyber Exercises and Planning • Cyber Storm Exercise – DHS’s flagship national-level biennial exercise • Exercise Planning and Conduct • Cyber Exercise Consulting and Subject Expertise Support • Cyber Planning Support • Off-the-Shelf Resources CISA’s National Cyber Exercise and Planning Program develops, conducts, and evaluates cyber exercises and planning activities for state, local, tribal and territorial governments and public and private sector critical infrastructure organizations.
  • 44. 44 Cybersecurity Training Resources The NICCS website includes: • Searchable Training Catalog with 4,400 plus cyber- related courses offered by nationwide cybersecurity educators • Interactive National Cybersecurity Workforce Framework • Cybersecurity Program information: FedVTE, Scholarships for Service, Centers for Academic Excellence, and Cyber Competitions • Tools and resources for cyber managers • Upcoming cybersecurity events list CISA offers easily accessible education and awareness resources through the National Initiative for Cybersecurity Careers and Studies (NICCS) website. For more information, visit https://niccs.us-cert.gov/training/search
  • 45. 45 Free Federal Cyber Training DHS offers FREE cybersecurity training for U.S. government employees and Veterans! ✓ Available to U.S federal, state, local, tribal, and territorial government employees, along with U.S. Active Duty Military and Veterans Fedvte.usalearning.gov ✓ Courses range from beginner to advanced levels ✓ 280,000+ registered users ✓ 40,000+ Veteran users (through our non-profit partner Hire Our Heroes™) ✓ 65+ courses – and growing!
  • 46. 46 Federal Incident Response Threat Response Asset Response Federal Bureau of Investigation 855-292-3937 or cywatch@ic.fbi.gov CISA NCCIC 888-282-0870 or NCCIC@hq.dhs.gov Report suspected or confirmed cyber incidents, including when the affected entity may be interested in government assistance in removing the adversary, restoring operations, and recommending ways to further improve security. U.S. Secret Service secretservice.gov/contact/field-offices Immigration and Customs Homeland Security Investigations 866-347-2423 or ice.gov/contact/hsi Report Internet Crimes: FBI Internet Crime Complaint Center ic3.gov
  • 47. Contact Information Tara Brewer Cybersecurity Advisor Program, DC Cybersecurity and Infrastructure Security Agency (CISA) Tara.Brewer@hq.dhs.gov Mobile: (202) 875-3489 Klint Walker Cybersecurity Advisor (CSA), Region IV Cybersecurity and Infrastructure Security Agency (CISA) Klint.Walker@hq.dhs.gov Mobile: (404) 895-1127 Tracey Dover Intelligence Officer Cybersecurity and Infrastructure Security Agency (CISA) Tracy.Dover@hq.dhs.gov Mobile: (601) 665-2164 Max Fenn Protective Security Advisor (PSA) Cybersecurity and Infrastructure Security Agency (CISA) Max.Fenn@hq.dhs.gov Mobile: (601) 965-4436 NCCIC NCCICcustomerservice@hq.dhs.gov or (888) 282-0870 FBI Cyber Watch (CyWatch) CyWatch@fbi.gov or (855) 292-3937
  • Related Search
    We Need Your Support
    Thank you for visiting our website and your interest in our free products and services. We are nonprofit website to share and download documents. To the running of this website, we need your help to support us.

    Thanks to everyone for your continued support.

    No, Thanks
    SAVE OUR EARTH

    We need your sign to support Project to invent "SMART AND CONTROLLABLE REFLECTIVE BALLOONS" to cover the Sun and Save Our Earth.

    More details...

    Sign Now!

    We are very appreciated for your Prompt Action!

    x