Homeland Security Advanced Research Projects Agency A View from Washington: The Latest in Cyber Security November 7, 2013 TCIPG Annual Meeting Douglas Maughan Division Director http://www.dhs.gov/cyber-research
Presentation Outline Threat Space National / Federal Activities DHS Activities Cyber Security Division (CSD) Overview What’s Ahead Summary Q&A Presenter ’ s Name June 17, 2003 2
Environment: Greater Use of Technology, More Threats, Less Resources Anywhere in the Globalization & world in 24 hours Transportation L Tenuous Border Security balance E & Immigration S Violent Insider S Extremism Threat R Low cost Strategic Cyber Domain E of entry potential S O Both sides get Aviation as an Predictive & Nature of example … to innovate Reactive U Innovation R Historical Misuse of C Perspective Technology E S Natural Disasters & Pushing Beyond Design Limits MORE THREATS
“Cyber” – Where is it used? … DHS DHS provides collaborates advice and with sectors alerts to the through Sector 16 critical Coordinating infrastructure Councils (SCC) areas … X X Business / Personal Shopping & Banking Point of Sale (in store or on line) Personnel Social Media …
Cyber Threat Sources Ready to Exploit Weaknesses Nation States Cyber Criminals Terrorists, DTOs, etc. Insider Threats Hackers/Hacktivists Presenter ’ s Name June 17, 2003
Cyber Threats Malware – Malicious software to disrupt computers Viruses, worms, … Theft of Intellectual Property or Data Hactivism – Cyber protests that are socially or politically motivated Mobile Devices and Applications and their associated Cyber Attacks Social Engineering – Entice users to click on Malicious Links Spear Phishing – Deceptive communications (E- Mails, Texts, Tweets…) Domain Name System (DNS) Hijacking Router Security – BGP Hijacking Denial of Service (DOS) – blocking access to web sites Others ….. Presenter ’ s Name June 17, 2003 6
Recent Events Presenter ’ s Name June 17, 2003 7
Targeting of DHS through Email The primary method of specifically targeting DHS is through phishing emails Emails contain malicious attachment or link Targeted Malicious Email Detection and Response Recipients often “ BCCed ” A single compromise can provide an attacker with a foothold for complete network access Notable Targeted Email Statistics: 60% of malicious emails sent from Gmail Account names are believable 17% spoof other Government agencies Total Emails per Year 2010 – 1108 emails (143 campaigns) 2011 – 1312 emails (157 campaigns) 2012 – 1497 emails (102 campaigns) 2012 - Average new campaign every 3.6 days Presenter ’ s Name June 17, 2003
Cyberspace Definitions “ The interdependent network of information and communications technology infrastructures, including the Internet, telecommunications networks, computer systems and networks, and embedded processors and controllers in facilities and industries. ” White House Cyberspace Policy Review, May 2009 AND PEOPLE!!! Presenter ’ s Name June 17, 2003
EO-13636 and PPD-21 In February 2013, the President issued two new policies: 1) Executive Order 13636: Improving Critical Infrastructure Cybersecurity 2) Presidential Policy Directive – 21: Critical Infrastructure Security and Resilience America's national security and economic prosperity are dependent upon the operation of critical infrastructure that are increasingly at risk to the effects of cyber attacks The vast majority of U.S. critical infrastructure is owned and operated by private companies A strong partnership between government and industry is indispensible to reducing the risk to these vital systems
Integrating Cyber-Physical Security Executive Order 13636: Improving Presidential Policy Directive-21: Critical Infrastructure Cybersecurity Critical Infrastructure Security and directs the Executive Branch to: Resilience replaces Homeland Security Presidential Directive-7 and directs the Develop a technology-neutral Executive Branch to: voluntary cybersecurity framework Develop a situational awareness Promote and incentivize the capability that addresses both adoption of cybersecurity physical and cyber aspects of how practices infrastructure is functioning in near- real time Increase the volume, timeliness and Understand the cascading quality of cyber threat information consequences of infrastructure sharing failures Incorporate strong privacy and civil Evaluate and mature the public- liberties protections into every private partnership initiative to secure our critical Update the National Infrastructure infrastructure Protection Plan Explore the use of existing Develop comprehensive research regulation to promote cyber security and development plan (CSD / RSD) Presenter ’ s Name June 17, 2003 11
EO-PPD Deliverables 120 days – June 12, 2013 C • Publish instructions: unclassified threat information • Report on cybersecurity incentives • Publish procedures: expand the Enhanced Cybersecurity Services 150 Days - July 12, 2013 C • Identify cybersecurity critical infrastructure • Evaluate public-private partnership models • Expedite security clearances for private sector 240 Days – October 10, 2013 C • Develop a situational awareness capability • Update the National Infrastructure Protection Plan • Publish draft voluntary Cybersecurity Framework 365 days – February 12, 2014 • Report on privacy and civil rights and civil liberties cybersecurity enhancement risks • Stand up voluntary program based on finalized Cybersecurity Framework Beyond 365 - TBD • Critical Infrastructure Security and Resilience R&D Plan Presenter’s Name June 17, 2003 12
Cybersecurity Framework (NIST lead) Developed in collaboration with industry, provides guidance to an organization on managing cybersecurity risk Supports the improvement of cybersecurity for the Nation’s Critical Infrastructure using industry-known standards and best practices Provides a common language and mechanism for organizations to 1. describe current cybersecurity posture; 2. describe their target state for cybersecurity; 3. identify and prioritize opportunities for improvement within the context of risk management; 4. assess progress toward the target state; 5. Foster communications among internal and external stakeholders. Composed of three parts: the Framework Core , the Framework Implementation Tiers , and Framework Profiles Presenter’s Name June 17, 2003 13
Cybersecurity Framework Function Category Asset Management Business Environment IDENTIFY Governance Risk Assessment Risk Management Access Control Awareness and Training PROTECT Data Security Information Protection Processes and Procedures Protective Technology Anomalies and Events DETECT Security Continuous Monitoring Detection Processes Communication Analysis RESPOND Mitigation Improvements Recovery Planning RECOVER Improvements Communication Presenter’s Name June 17, 2003 14
Recommended Incentives Areas: 1. Cybersecurity Insurance 6. Public Recognition 2. Grants 7. Rate Recovery for Price Regulated Industries 3. Process Preference 8. Cybersecurity Research 4. Liability Limitation 5. Streamline Regulations “ While these reports do not yet represent a final Administration policy, they do offer an initial examination of how the critical infrastructure community could be incentivized to adopt the Cybersecurity Framework as envisioned in the Executive Order. We will be making more information on these efforts available as the Framework and Program are completed.” Michael Daniel , Special Assistant to the President and Cybersecurity Coordinator White House Blog, August 6, 2013 Presenter’s Name June 17, 2003 15
R&D guidance from PPD-21 Within 2 years , DHS in coordination with OSTP, SSA’s, DOC and other Federal D&A, shall provide to the President a National Critical Infrastructure Security and Resilience R&D Plan that takes into account the evolving threat landscape, annual metrics, and other relevant information to identify priorities and guide R&D requirements and investments…plan issued every 4 years …updates as needed . Innovation and Research & Development: DHS in coordination with OSTP, SSA’s, Commerce and other Federal D&A, shall provide input to align those Federal and Federally-funded R&D activities that seek to strengthen the security and resiliency of the Nation’s critical infrastructure, including: Promoting R&D to enable the secure and resilient design and construction of critical infrastructure and more secure accompanying cyber technology; Enhancing modeling capabilities to determine potential impacts … and cascading effects; Facilitating initiatives to incentivize cyber security investments and the adoption of critical infrastructure design features that strengthen all-hazards security and resilience; Prioritizing efforts to support the strategic guidance issued by the Secretary. Working Group headed up by DHS S&T Presenter’s Name June 17, 2003 16
Recommend
More recommend