Presentation is loading. Please wait.

Presentation is loading. Please wait.

Robert H. Mayer USTelecom Vice President, Industry and State Affairs Anthony Jones USTelecom Director, Critical Infrastructure and Compliance DISCLAIMER:

Similar presentations


Presentation on theme: "Robert H. Mayer USTelecom Vice President, Industry and State Affairs Anthony Jones USTelecom Director, Critical Infrastructure and Compliance DISCLAIMER:"— Presentation transcript:

1 Robert H. Mayer USTelecom Vice President, Industry and State Affairs Anthony Jones USTelecom Director, Critical Infrastructure and Compliance DISCLAIMER: This material is provided for informational and educational purposes only. USTelecom does not assume responsibility for the accuracy or currency of the information provided herein which has been aggregated from publicly available sources. The primary sources should be consulted for further information on any specific topic. © 2012 United States Telecom Association. All Rights Reserved. CYBERSECURITY TOOLKIT

2 The 2012 USTelecom Cybersecurity Toolkit is designed to provide a broad set of stakeholders with a current, comprehensive, web-enabled and user-friendly tool to access the complex and innovative world of cybersecurity. While the Internet offers an abundance of exceptional resources to choose from, we have selected sites which we believe allow the novice, the expert, and those somewhere in between to locate a wealth of organized information that can be accessed in a self-guided manner. This effort is dedicated to the countless professionals in government, industry, academia and not-for-profit organizations who work tirelessly to ensure that our digital society and the information and broadband infrastructure that it relies upon remains safe, secure and resilient. We trust you will find this tool to be a useful, valued and often-used resource. Walter B. McCormick, Jr. USTelecom President & CEO INTRODUCTION

3 TOOLKIT GUIDE 1-2-3 TOOLKIT GUIDE 1-2-3 VIEW POWERPOINT IN “SLIDE SHOW” MODE CLICK ON ANY RAISED BUTTON TO ACTIVATE LINK USE TOOLBAR BELOW TO NAVIGATE TOOLKIT 1 2 3...

4 TABLE OF CONTENTS TABLE OF CONTENTS CYBERSPACE AND THE INTERNET SHARED AND DIVERSE ECOSYSTEM BASIC SECURITY CONCEPTS THREAT SOURCE ASSESSMENT COMMON ATTACK METHOD 1 2 3 4 5 CONTINUE

5 TABLE OF CONTENTS TABLE OF CONTENTS CYBER POLICY ECOSYSTEM PARTNERSHIP VENUES THE WHITE HOUSE DEPARTMENT OF HOMELAND SECURITY DEPARTMENT OF COMMERCE 6 7 8 9 10 CONTINUE

6 TABLE OF CONTENTS TABLE OF CONTENTS DEPARTMENT OF JUSTICE FEDERAL COMMUNICATIONS COMMISSION DEPARTMENT OF DEFENSE U.S. CONGRESS KEY STATUTES 11 12 13 14 15 CONTINUE

7 TABLE OF CONTENTS TABLE OF CONTENTS INTERNATIONAL STANDARDS BODIES USTELECOM MEMBER SERVICES CYBER RESOURCE CENTER INDEX ACKNOWLEDGEMENTS AND CONTACTS 16 17 18 19 20

8 Single, interconnected, worldwide system of computer networks that share:  the Internet Architecture Board (IAB) specified protocol suite and  the name and address spaces managed by the Internet Corp. for Assigned Names and Numbers (ICANN). Single, interconnected, worldwide system of computer networks that share:  the Internet Architecture Board (IAB) specified protocol suite and  the name and address spaces managed by the Internet Corp. for Assigned Names and Numbers (ICANN). INTERNET CYBERSPACE AND THE INTERNET CYBERSPACE AND THE INTERNET A global domain within the information environment consisting of the inter-dependent network of information technology infrastructures, including:  the Internet,  telecommunications networks,  computer systems,  and embedded processors and controllers A global domain within the information environment consisting of the inter-dependent network of information technology infrastructures, including:  the Internet,  telecommunications networks,  computer systems,  and embedded processors and controllers CYBERSPACE

9 A SHARED AND DIVERSE A SHARED AND DIVERSE ECOSYSTEM CONTINUE

10 THE ECOSYSTEM (Cont.) THE ECOSYSTEM (Cont.)

11 Cyber Insecurity VULNERABILITY SOCIAL ENGINEERING EAVESDROPPING EXPLOITS TROJANS VIRUSES WORMS DENIAL OF SERVICE PAYLOADS BACKDOORS ROOTKITS KEYLOGGERS BASIC SECURITY CONCEPTS BASIC SECURITY CONCEPTS Cybersecurity is defined as “the collection of tools, policies, security concepts, security safeguards, guidelines, risk management approaches, actions, training, best practices, assurance and technologies that can be used to protect the cyber environment and organization and user’s assets.” International Telecommunications Union - TX 1205 Cyber Security SECURE OPERATING SYSTEMS SECURITY ARCHITECTURE SECURITY BY DESIGN SECURE CODING

12 THREAT SOURCE ASSESSMENT THREAT SOURCE ASSESSMENT U.S GOVERNMENT THREAT SOURCE ASSESSMENT (US CERT) U.S GOVERNMENT THREAT SOURCE ASSESSMENT (US CERT) NATION STATES TERRORISTS ORGANIZED CRIME HACKERS

13 COMMON ATTACK METHODS COMMON ATTACK METHODS CROSS SITE SCRIPTING CROSS SITE SCRIPTING DENIAL OF SERVICE DENIAL OF SERVICE PHISHING ZIP BOMB SQL INJECTION TROJAN HORSE LOGIC BOMB WORM VIRUS WAR DRIVING ZERO-DAY EXPLOITS ZERO-DAY EXPLOITS APTs BOTNETS

14 OFFICIAL DEPICTION OF CYBER OFFICIAL DEPICTION OF CYBER POLICY ECOSYSTEM POLICY ECOSYSTEM SOURCE: WHITE HOUSE WEBSITE SOURCE: WHITE HOUSE WEBSITE

15 ILLUSTRATIVE AND ILLUSTRATIVE AND UNOFFICIAL DEPICTION UNOFFICIAL DEPICTION CONGRESS INTERNATIONAL PARTNERSHIPS MS_ISAC US CERT IT-SCC CSCC FS-ISAC ESF-#2 IT-ISAC NCCIC DOJ NIST FBI DOD LAW ENFORCEMENT DHS NSA Treasury NCC DOC EOP NTIA STANDARDS ORGS Cyber UCG NCIRP DOS WCIT2012 NATO DHS-CS&C IS-IRC NTOC NOCs USSS InfraGard CERTs CNCI Int’l. Cyber Strategy COMMS-ISAC DC3 DIB DNI CSRIC ATIS IBG DHS-IP JTF-GNO NITRD OSTP NCIJTF GOP-CTF House-CSTF WG7:BOTNETs CISPA SOPA WG2A:CyberBPs NERC ITU IEEE THE WHITE HOUSE ICS-CERT INTELLIGENCE 24+ GOVERNMENT AGENCIES DEFENSE PRIVATE SECTOR

16 SAMPLE OF PARTNERSHIP AND SAMPLE OF PARTNERSHIP AND COLLABORATION VENUES COLLABORATION VENUES Industry Botnet Group (IBG) Comms ISAC

17 THE WHITE HOUSE THE WHITE HOUSE “Cyberspace touches nearly every part of our daily lives. It's the broadband networks beneath us and the wireless signals around us, the local networks in our schools and hospitals and businesses, and the massive grids that power our nation. It's the classified military and intelligence networks that keep us safe, and the World Wide Web that has made us more interconnected than at any time in human history.” - The White House Website “Cyberspace touches nearly every part of our daily lives. It's the broadband networks beneath us and the wireless signals around us, the local networks in our schools and hospitals and businesses, and the massive grids that power our nation. It's the classified military and intelligence networks that keep us safe, and the World Wide Web that has made us more interconnected than at any time in human history.” - The White House Website WHITE HOUSE CYBERSECURITY OVERVIEW WHITE HOUSE CYBERSECURITY OVERVIEW

18 THE WHITE HOUSE THE WHITE HOUSE KEY OFFICES/PROGRAMS

19 WHITE HOUSE REPORTS WHITE HOUSE REPORTS AND PUBLICATIONS OF INTEREST AND PUBLICATIONS OF INTEREST CYBERSPACE POLICY REVIEW NATIONAL STRATEGY FOR TRUSTED I.D. IN CYBERSPACE THE NATIONAL STRATEGY TO SECURE CYBERSPACE POLICY REVIEW SUPPORT DOCUMENTS Supporting Documents INTER- NATIONAL STRATEGY FOR CYBERSPACE

20 DEPARTMENT OF DEPARTMENT OF HOMELAND SECURITY HOMELAND SECURITY “Cybersecurity is a shared responsibility – the responsibility of government, our private sector partners, and every computer user… DHS has set out on a path to build a cyber system that supports secure and resilient infrastructure, encourages innovation, and protects openness, privacy and civil liberties.” - DHS Secretary Janet Napolitano May 30, 2012 “Cybersecurity is a shared responsibility – the responsibility of government, our private sector partners, and every computer user… DHS has set out on a path to build a cyber system that supports secure and resilient infrastructure, encourages innovation, and protects openness, privacy and civil liberties.” - DHS Secretary Janet Napolitano May 30, 2012 PARTNERSHIP STRUCTURE KEY OFFICES AND PROGRAMS EDUCATION/AWARENESS TRAINING/EXERCISES REPORTS AND PUBLICATIONS OPERATIONS DEPARTMENT OF HOMELAND SECURITY CYBERSECURITY OVERVIEW DEPARTMENT OF HOMELAND SECURITY CYBERSECURITY OVERVIEW

21 DEPARTMENT OF DEPARTMENT OF HOMELAND SECURITY HOMELAND SECURITY PUBLIC-PRIVATE PARTNERSHIP STRUCTURE CRITICAL INFRASTRUCTURE SECTOR PARTNERSHIPS CRITICAL INFRASTRUCTURE SECTOR PARTNERSHIPS REGIONAL PARTNERSHIPS AND MISSION COLLABORATION REGIONAL PARTNERSHIPS AND MISSION COLLABORATION CRITICAL INFRASTRUCTURE PARTNERSHIP ADVISORY COUNCIL (CIPAC) CRITICAL INFRASTRUCTURE PARTNERSHIP ADVISORY COUNCIL (CIPAC) NATIONAL INFRASTRUCTURE PROTECTION PLAN (NIPP) NATIONAL INFRASTRUCTURE PROTECTION PLAN (NIPP) PROTECTED CRITICAL INFRASTRUCTURE INFORMATION (PCII) PROGRAM PROTECTED CRITICAL INFRASTRUCTURE INFORMATION (PCII) PROGRAM NATIONAL SECURITY TELECOMMUNICATIONS ADVISORY COUNCIL (NSTAC) NATIONAL SECURITY TELECOMMUNICATIONS ADVISORY COUNCIL (NSTAC)

22 DEPARTMENT OF DEPARTMENT OF HOMELAND SECURITY HOMELAND SECURITY KEY OFFICES AND PROGRAMS OFFICE OF CYBERSECURITY AND COMMUNICATIONS (CS&C) OFFICE OF CYBERSECURITY AND COMMUNICATIONS (CS&C) NATIONAL RESPONSE FRAMEWORK NATIONAL RESPONSE FRAMEWORK NATIONAL COMMUNICATIONS SYSTEM (NCS) NATIONAL COMMUNICATIONS SYSTEM (NCS) NATIONAL CYBERSECURITY DIVISION (NCSD) NATIONAL CYBERSECURITY DIVISION (NCSD) OFFICE OF EMERGENCY COMMUNICATIONS (OEC) OFFICE OF EMERGENCY COMMUNICATIONS (OEC) CYBER INCIDENT ANNEX NATIONAL CYBER INCIDENT RESPONSE PLAN (NCIRP) NATIONAL CYBER INCIDENT RESPONSE PLAN (NCIRP) NATIONAL CYBER AWARENESS SYSTEM NATIONAL CYBER AWARENESS SYSTEM

23 DEPARTMENT OF DEPARTMENT OF HOMELAND SECURITY HOMELAND SECURITY ICE CYBER CRIME CENTER (C3) ICE CYBER CRIME CENTER (C3) KEY OFFICES AND PROGRAMS (CONT.) OPERATIONS FEMA NATIONAL INCIDENT MANAGEMENT SYSTEM (NIMS) FEMA NATIONAL INCIDENT MANAGEMENT SYSTEM (NIMS) ELECTRONIC CRIMES TASK FORCES AND WORKING GROUPS ELECTRONIC CRIMES TASK FORCES AND WORKING GROUPS NATIONAL COORDINATING CENTER FOR TELECOM (NCC) NATIONAL COORDINATING CENTER FOR TELECOM (NCC) NATIONAL CYBERSECURITY COMMUNICATIONS INTEGRATION CENTER (NCCIC) NATIONAL CYBERSECURITY COMMUNICATIONS INTEGRATION CENTER (NCCIC) U.S. CERT INDUSTRIAL CONTROL SYSTEMS (ICS) CERT INDUSTRIAL CONTROL SYSTEMS (ICS) CERT

24 DEPARTMENT OF DEPARTMENT OF HOMELAND SECURITY HOMELAND SECURITY EDUCATION AND AWARENESS EDUCATION AND WORKFORCE DEVELOPMENT EDUCATION AND WORKFORCE DEVELOPMENT NATIONAL CYBER SECURITY AWARENESS MONTH NATIONAL CYBER SECURITY AWARENESS MONTH STOP, THINK AND CONNECT TRAINING AND EXERCISES NATIONAL LEVEL EXERCISES CONTROL SYSTEM SECURITY TRAINING CONTROL SYSTEM SECURITY TRAINING DHS/FEMA CERTIFIED CYBERSECURITY TRAINING DHS/FEMA CERTIFIED CYBERSECURITY TRAINING CYBER STORM EXERCISES

25 DHS REPORTS AND PUBLICATIONS DHS REPORTS AND PUBLICATIONS OF INTEREST OF INTEREST ENABLING DISTRIBUTED SECURITY IN CYBERSPACE NATIONAL CYBER INCIDENT RESPONSE PLAN NATIONAL INFRASTRUCTURE PROTECTION PLAN (NIPP) BLUEPRINT FOR A SECURE CYBER FUTURE CONTINUE

26 DHS REPORTS AND PUBLICATIONS DHS REPORTS AND PUBLICATIONS OF INTEREST (CONT.) OF INTEREST (CONT.) COMM SECTOR- SPECIFIC PLAN CYBER STORM II FINAL REPORT PRIVACY COMPLIANCE REVIEW EINSTEIN PROGRAM QUADRENNIAL HOMELAND SECURITY REPORT

27 DEPARTMENT OF COMMERCE DEPARTMENT OF COMMERCE NATIONAL TELECOMMUNICATIONS AND INFORMATION ADMINISTRATION (NTIA) INTERNET POLICY OVERVIEW NATIONAL TELECOMMUNICATIONS AND INFORMATION ADMINISTRATION (NTIA) INTERNET POLICY OVERVIEW INTERNET POLICY TASK FORCE CYBERSECURITY INITIATIVES MODELS TO ADVANCE VOLUNTARY CORPORATE NOTIFICATION TO CONSUMERS BOTNETS AND MALWARE MODELS TO ADVANCE VOLUNTARY CORPORATE NOTIFICATION TO CONSUMERS BOTNETS AND MALWARE DOMAIN NAME SYSTEMS (DNS) ADOPTION AND DEPLOYMENT IPv6 ADOPTION AND DEPLOYMENT IPv6 CYBERSECURITY INNOVATIONS AND THE INTERNET ECONOMY CYBERSECURITY INNOVATIONS AND THE INTERNET ECONOMY

28 DEPARTMENT OF COMMERCE DEPARTMENT OF COMMERCE NATIONAL INFORMATION AND STANDARDS TECHNOLOGY (NIST) INFORMATION TECHNOLOGY PORTAL OVERVIEW NATIONAL INFORMATION AND STANDARDS TECHNOLOGY (NIST) INFORMATION TECHNOLOGY PORTAL OVERVIEW NATIONAL CYBERSECURITY CENTER OF EXCELLENCE NATIONAL CYBERSECURITY CENTER OF EXCELLENCE NATIONAL VULNERABILITY DATABASE NATIONAL VULNERABILITY DATABASE SMALL BUSINESS CORNER AND WORKSHOPS SMALL BUSINESS CORNER AND WORKSHOPS SMART GRID CYBER SECURITY WORKING GROUP SMART GRID CYBER SECURITY WORKING GROUP CYBERSECURITY PROGRAMS INFORMATION TECHNOLOGY LABORATORY (ITL) CYBERSECURITY PROGRAMS INFORMATION TECHNOLOGY LABORATORY (ITL) COMPUTER SECURITY RESOURCE CENTER COMPUTER SECURITY RESOURCE CENTER NATIONAL INITIATIVE FOR CYBERSECURITY EDUCATION (NICE) NATIONAL INITIATIVE FOR CYBERSECURITY EDUCATION (NICE)

29 DEPARTMENT OF COMMERCE DEPARTMENT OF COMMERCE PUBLICATIONS AND REPORTS PUBLICATIONS AND REPORTS OF INTEREST OF INTEREST GUIDE TO NIST SECURITY DOCUMENTS CYBERSECURITY INNOVATION AND THE INTERNET ECONOMY GLOSSARY OF KEY INFORMATION SECURITY TERMS CLOUD COMPUTING SYNOPSIS

30 DEPARTMENT OF JUSTICE DEPARTMENT OF JUSTICE FEDERAL BUREAU INVESTIGATION CYBER OVERVIEW FEDERAL BUREAU INVESTIGATION CYBER OVERVIEW DOJ CYBER PROGRAMS AND INITIATIVES INTERNET CRIME COMPLAINT CENTER (IC3) INTERNET CRIME COMPLAINT CENTER (IC3) INFRAGUARD CYBER ACTION TEAMS STRATEGIC ALLIANCE CYBER CRIME WORKING GROUP STRATEGIC ALLIANCE CYBER CRIME WORKING GROUP COMPUTER CRIME TASK FORCES NATIONAL CYBER INVESTIGATIVE JOINT TASK FORCE (NCIJTF) NATIONAL CYBER INVESTIGATIVE JOINT TASK FORCE (NCIJTF) CRIMINAL DIVISION COMPUTER CRIME INTELLECTUAL PROPERTY CRIMINAL DIVISION COMPUTER CRIME INTELLECTUAL PROPERTY OFFICE OF U.S ATTORNEYS CYBERCRIME OVERVIEW OFFICE OF U.S ATTORNEYS CYBERCRIME OVERVIEW

31 DEPARTMENT OF JUSTICE DEPARTMENT OF JUSTICE OTHER DOJ PROGRAMS COMPUTER HACKING AND INTELLECTUAL PROPERTY (CHIP) UNIT COMPUTER HACKING AND INTELLECTUAL PROPERTY (CHIP) UNIT SECRET SERVICE COMPUTER FORENSIC TRAINING CENTER SECRET SERVICE COMPUTER FORENSIC TRAINING CENTER COUNTER INTELLIGENCE STRATEGIC PARTNERSHIPS COUNTER INTELLIGENCE STRATEGIC PARTNERSHIPS COMMON INTERNET FRAUD SCHEMES COMMON INTERNET FRAUD SCHEMES COMPUTER AND INTERNET CRIME REPORTING COMPUTER AND INTERNET CRIME REPORTING

32 DEPARTMENT OF JUSTICE DEPARTMENT OF JUSTICE REPORTS AND PUBLICATIONS REPORTS AND PUBLICATIONS OF INTEREST OF INTEREST Cyber Terror By William L. Tafoya, Ph.D. CYBER TERROR FBI ABILITY TO ADDRESS CYBER INTRUSION THREAT 2011 FBI INTERNET CRIME REPORT Smishing and Vishing CYBER CRIMES TO WATCH OUT FOR

33 FEDERAL COMMUNICATIONS FEDERAL COMMUNICATIONS COMMISSION (FCC) COMMISSION (FCC) "Over the years, the FCC has worked through its Federal Advisory Committee, the Communications Security, Reliability, and Interoperability Council – CSRIC – to develop voluntary industry wide best practices that promote reliable networks, including for 911 calling. CSRIC and its working groups is made up of industry leaders, academics, and innovators in communications, Federal partners, public safety entities, state and local government officials, and Internet registries.” - The FCC Website "Over the years, the FCC has worked through its Federal Advisory Committee, the Communications Security, Reliability, and Interoperability Council – CSRIC – to develop voluntary industry wide best practices that promote reliable networks, including for 911 calling. CSRIC and its working groups is made up of industry leaders, academics, and innovators in communications, Federal partners, public safety entities, state and local government officials, and Internet registries.” - The FCC Website FEDERAL COMMUNICATIONS COMMISSION CYBER SECURITY OVERVIEW FEDERAL COMMUNICATIONS COMMISSION CYBER SECURITY OVERVIEW THE NETWORK RELIABILITY AND INTEROPERABILITY (NRIC) COUNCIL THE NETWORK RELIABILITY AND INTEROPERABILITY (NRIC) COUNCIL COMMUNICATIONS SECURITY, RELIABILITY AND INTEROPERABILITY COUNCIL (CSRIC) II COMMUNICATIONS SECURITY, RELIABILITY AND INTEROPERABILITY COUNCIL (CSRIC) II PREVIOUS VOLUNTARY COUNCILS

34 FEDERAL COMMUNICATIONS FEDERAL COMMUNICATIONS COMMISSION (FCC) COMMISSION (FCC) RECENT CSRIC III CYBER REPORTS DNSSEC SECURE BGP ANTI BOTNET COMMUNICATIONS SECURITY, RELIABILITY AND INTEROPERABILITY COUNCIL (CSRIC) III COMMUNICATIONS SECURITY, RELIABILITY AND INTEROPERABILITY COUNCIL (CSRIC) III CYBER FOR SMALL BUSINESS CYBER FOR SMALL BUSINESS CURRENT CSRIC III WORKING GROUPS CURRENT CSRIC III WORKING GROUPS PUBLIC SAFETY AND HOMELAND SECURITY BUREAU PUBLIC SAFETY AND HOMELAND SECURITY BUREAU

35 “Our assessment is that cyber attacks will be a significant component of future conflicts. Over thirty countries are creating cyber units in their militaries. It is unrealistic to believe that each one will limit its capabilities to defense. Moreover, the centrality of information technology to the U.S. military and society virtually guarantees that future adversaries will target it.” - Deputy Secretary of Defense William Lynn “Our assessment is that cyber attacks will be a significant component of future conflicts. Over thirty countries are creating cyber units in their militaries. It is unrealistic to believe that each one will limit its capabilities to defense. Moreover, the centrality of information technology to the U.S. military and society virtually guarantees that future adversaries will target it.” - Deputy Secretary of Defense William Lynn DEPARTMENT OF DEFENSE DEPARTMENT OF DEFENSE DEPARTMENT OF DEFENSE UNITED STATES CYBER COMMAND DEPARTMENT OF DEFENSE UNITED STATES CYBER COMMAND DOD CYBER STRATEGY DOD CYBER CRIME CENTER (DC3) DOD CYBER CRIME CENTER (DC3) DOD COMPUTER CRIME PROGRAM DOD COMPUTER CRIME PROGRAM COMPLETE ARTICLE HERE

36 DEPARTMENT OF DEFENSE DEPARTMENT OF DEFENSE REPORTS AND PUBLICATIONS REPORTS AND PUBLICATIONS OF INTEREST OF INTEREST DOD STRATEGY FOR OPERATING IN CYBERSPACE USAF CYBER COMMAND STRATEGIC VISION DOD CYBERSPACE POLICY REPORT

37 ACCESS LIBRARY OF CONGRESS WEBSITE FOR STATUS ON CYBERSECURITY LEGISLATION U.S. CONGRESS U.S. CONGRESS “There is no single congressional committee or executive agency with primary responsibility over all aspects of cybersecurity; each entity involved pursues cybersecurity from a limited vantage point dictated by committee jurisdiction. Many different initiatives exist, but because of fragmentation of missions and responsibilities, ‘stove- piping,’ and a lack of mutual awareness between stakeholders, it is difficult to ascertain where there may be programmatic overlap or gaps in cybersecurity policy.” - Congressional Research Service “There is no single congressional committee or executive agency with primary responsibility over all aspects of cybersecurity; each entity involved pursues cybersecurity from a limited vantage point dictated by committee jurisdiction. Many different initiatives exist, but because of fragmentation of missions and responsibilities, ‘stove- piping,’ and a lack of mutual awareness between stakeholders, it is difficult to ascertain where there may be programmatic overlap or gaps in cybersecurity policy.” - Congressional Research Service CONGRESSIONAL CYBERSECURITY CAUCUS CONGRESSIONAL CYBERSECURITY CAUCUS

38 CONGRESSIONAL RESEARCH CONGRESSIONAL RESEARCH SERVICE AND GAO REPORTS SERVICE AND GAO REPORTS CYBERSECURITY: AUTHORITATIVE REPORTS AND RESOURCES (7/24/12) FEDERAL LAWS RELATING TO CYBERSECURITY (7/25/12) CYBERSECURITY: SELECTED LEGAL ISSUES (4/20/12) GOVERNMENT ACOUNTABILITY OFFICE (GAO) CYBER REPORTS GOVERNMENT ACOUNTABILITY OFFICE (GAO) CYBER REPORTS

39 KEY STATUTES ADDRESSING KEY STATUTES ADDRESSING CYBERSECURITY COMPUTER FRAUD AND ABUSE ACT OF 1986 ELECTRONIC COMMUNICATIONS PRIVACY ACT (ECPA) OF 1986 ELECTRONIC COMMUNICATIONS PRIVACY ACT (ECPA) OF 1986 COMPUTER SECURITY ACT OF 1987 PAPER WORK REDUCTION ACT OF 1995 CLINGER-COHEN ACT OF 1996 CONTINUE

40 KEY STATUTES ADDRESSING KEY STATUTES ADDRESSING CYBERSECURITY (CONT.) CYBERSECURITY (CONT.) HOMELAND SECURITY ACT OF 2002 THE U.S. PATRIOT ACT OF 2001 THE E-GOVERNMENT ACT OF 2002 THE FEDERAL INFORMATION SECURITY MANAGEMENT ACT OF 2002 (FISMA) THE FEDERAL INFORMATION SECURITY MANAGEMENT ACT OF 2002 (FISMA) THE CYBER SECURITY RESEARCH AND DEVELOPMENT ACT OF 2002 THE CYBER SECURITY RESEARCH AND DEVELOPMENT ACT OF 2002 SEE CONGRESSIONAL RESEARCH REPORT TABLE 2 LAWS IDENTIFIED AS HAVING RELEVANT CYBERSECURITY PROVISIONS

41 INTERNATIONAL STANDARDS INTERNATIONAL STANDARDS BODIES INTERNET CORPORATION FOR ASSIGNED NAMES AND NUMBERS (ICANN) INTERNET CORPORATION FOR ASSIGNED NAMES AND NUMBERS (ICANN) THE INTERNET SOCIETY (ISOC) INTERNET ARCHITECTURE BOARD (IAB) INTERNET ARCHITECTURE BOARD (IAB) REGIONAL INTERNET REGISTRIES (RIRS) REGIONAL INTERNET REGISTRIES (RIRS) INTERNET ENGINEERING TASK FORCE (IETF) INTERNET ENGINEERING TASK FORCE (IETF) INTERNATIONAL TELECOMMUNICATIONS UNION (ITU) INTERNATIONAL TELECOMMUNICATIONS UNION (ITU) THE INTERNET ASSIGNED NUMBER AUTHORITY (IANA) THE INTERNET ASSIGNED NUMBER AUTHORITY (IANA)

42 USTELECOM MEMBER USTELECOM MEMBER CYBER SERVICES AND RESOURCES CYBER SERVICES AND RESOURCES AT&T CENTURY L INK WINDSTREAM FAIRPOINT VERIZON HAWAIIAN TELCOM CONSOLIDATED COMMUNICATIONS NTT COMMUNICATIONS

43 CYBERSECURITY RESOURCE CENTER RESOURCE CENTER ACADEMIC CYBERSECURITY CENTERS ACADEMIC CYBERSECURITY CENTERS SELF-HELP AND AWARENESS SELF-HELP AND AWARENESS BEST PRACTICES AND INDUSTRY GUIDELINES BEST PRACTICES AND INDUSTRY GUIDELINES SITUATIONAL AWARENESS SITUATIONAL AWARENESS

44 SITUATIONAL AWARENESS SITUATIONAL AWARENESS U.S CERT CURRENT ACTIVITY U.S CERT CURRENT ACTIVITY SANS INTERNET STORM CENTER SANS INTERNET STORM CENTER KEYNOTE INTERNET HEALTH REPORT KEYNOTE INTERNET HEALTH REPORT DOWN RIGHT NOW DOWN RIGHT NOW ARBOR NETWORKS ATLAS ARBOR NETWORKS ATLAS MULTI-STATE ISAC - CYBER DASHBOARD MULTI-STATE ISAC - CYBER DASHBOARD CYBER SECURITY OPERATIONAL PICTURE CYBER SECURITY OPERATIONAL PICTURE INTERNET TRAFFIC REPORT INTERNET TRAFFIC REPORT

45 BEST PRACTICES BEST PRACTICES INDUSTRY GUIDELINES INDUSTRY GUIDELINES FCC NRIC BEST PRACTICES DATABASE FCC NRIC BEST PRACTICES DATABASE U.S CERT SECURITY PUBLICATIONS U.S CERT SECURITY PUBLICATIONS NIST SECURITY RESEARCH AND GUIDELINES NIST SECURITY RESEARCH AND GUIDELINES ANSI STANDARDS GUIDANCE DOCUMENTS ANSI STANDARDS GUIDANCE DOCUMENTS DHS BUILD SECURITY IN BEST PRACTICES DHS BUILD SECURITY IN BEST PRACTICES CLOUD COMPUTING BEST PRACTICES CLOUD COMPUTING BEST PRACTICES WIKIPEDIA STANDARDS REFERENCES WIKIPEDIA STANDARDS REFERENCES IETF BEST CURRENT PRACTICES (RFCs) IETF BEST CURRENT PRACTICES (RFCs)

46 ACADEMIC CENTERS ACADEMIC CENTERS CARNEGIE MELLON CYLAB CARNEGIE MELLON CYLAB GEORGIA TECH INFORMATION SECURITY CENTER GEORGIA TECH INFORMATION SECURITY CENTER UNIVERSITY OF CALIFORNIA BERKELEY DETER TESTBED PROJECT UNIVERSITY OF CALIFORNIA BERKELEY DETER TESTBED PROJECT GEORGE WASHINGTON CYBER SECURITY POLICY AND RESEARCH INSTITUTE GEORGE WASHINGTON CYBER SECURITY POLICY AND RESEARCH INSTITUTE UNIVERSITY OF TEXAS SAN ANTONIO INSTITUTE FOR CYBER SECURITY (ICS) UNIVERSITY OF TEXAS SAN ANTONIO INSTITUTE FOR CYBER SECURITY (ICS) CYBER WATCH CONSORTUIM CYBER WATCH CONSORTUIM UNIVERSITY OF MARYLAND CYBERSECURITY CENTER UNIVERSITY OF MARYLAND CYBERSECURITY CENTER STANFORD UNIVERSITY CYBERSECURITY CENTER STANFORD UNIVERSITY CYBERSECURITY CENTER

47 SELF-HELP AND AWARENESS SELF-HELP AND AWARENESS BADWARE BUSTERS BADWARE BUSTERS MICROSOFT MALWARE PROTECTION CENTER MICROSOFT MALWARE PROTECTION CENTER ALL ABOUT COOKIES ALL ABOUT COOKIES GET CYBER SAFE GET CYBER SAFE ABOUT.COM ANTI-VIRUS SOFTWARE ABOUT.COM ANTI-VIRUS SOFTWARE U.S CHAMBER SECURITY ESSENTIALS FOR BUSINESS U.S CHAMBER SECURITY ESSENTIALS FOR BUSINESS TEN WAYS TO IMPROVE COMPUTER SECURITY TEN WAYS TO IMPROVE COMPUTER SECURITY STAY SAFE ONLINE STAY SAFE ONLINE

48 A Acknowledgements 55 Academic 44 47 Akamai 9 10 Amazon 9 10 Application Developers 10 Arbor Networks 45 AT&T 9 10 43 B Backbone Providers 9 Badware Busters 48 Basic Security Concepts 12 Best Practices 12 34 44 46 Blueprint for a Secure Cyber Future 26 Botnet 14 16 17 28 38 INDEX

49 C Carnegie Mellon CYLAB 4747 CenturyLink 9 10 4391043 CERT 13 16 24 45 461316244546 Cloud Computing 10 30 46103046 Comcast 9 10910 Communications Sector Coordinating Council (CSCC) 1616 Communications Security, Reliability and Interoperability Council (CSRIC) 16 34 35163435 Comprehensive National Cybersecurity Initiative (CNCI) 16 181618 Congress 6 16 38 396163839 Content Delivery Providers 99 Crime 13 24 31 32 33 36132431323336 Critical Infrastructure Partnership Advisory Council (CIPAC) 2222 CSRIC 16 34 35163435 Cyber Policy Ecosystem 1515 Cybersecurity (defined) 1212 Cyberspace (described) 88 INDEX

50 D Dashboards 4545 Department of Commerce 6 28 29 306282930 Department of Defense 6 16 36 376163637 Department of Homeland Security 5 21 22 23 24 25 27 35 4152122232425273541 Department of Justice 6 31 32 336313233 DHS Cyber Education/Awareness 21 252125 DHS Cybersecurity Overview 2121 DHS Key Offices & Programs 21 23 24212324 DHS Office of Cybersecurity & Communications (CS&C) 16 231623 DHS Operations 21 242124 DOD Cyber Crime Center 3636 DOJ Cyber Programs 21 23 24212324 DownRightNow.com 4545E eBay 9 10910 E-Commerce Providers 9 10910 Education & Awareness 25 292529 INDEX

51 F Facebook 9 10910 FairPoint 9 10 4391043 FBI Cyber Overview 3131 FCC Cyber Security Overview 3434 Federal Communications Commission (FCC) 34 353435G GAO 3939 Get Cyber Safe 4848 Global Backbone Providers 99 Glossary of Key Information Security Terms 3030 Google 9 10910I Industrial Control Systems (ICS) CERT 2424 Industry Botnet Group 1717 International Strategy for Cyberspace 7 12 4271242 Internet Policy Task Force (NTIA) 2424 Internet Service Providers 99 IPv6 2828 INDEX

52 L - M Laws 39 403940 Legal Issues 3939 Legislation 3838 Level 3 9 10910 Microsoft 9 10910N National Cyber Awareness System 2323 National Cyber Incident Response Plan (NCIRP) 2323 National Cybersecurity Communications Integration Center (NCCIC) 2424 National Initiative for Cybersecurity Education (NICE) 18 281828 National Strategy for Trusted Identities (NSTIC) 1818 NTIA Cyber Security Initiatives 2828 NTT Communications 4242 O - R Office of Science & Technology Policy (OSTP) 16 191619 Operating System Developers 9 10910 Partnerships 5 16 17 21 22 3251617212232 Real-Time Dashboards 4545 INDEX

53 S SANS Internet Storm Center 4545 Search Service Providers 1010 Self-Help 44 484448 Situational Awareness 44 454445 Small Business 29 352935 Smart Grid 2929 Social Network Services 1010 Sprint 9 10910 Standards 7 16 29 42 46 716294246 Stay Safe Online 4848 Symantec 9 10910 T - U Training & Exercises 21 25 32212532 U.S. CERT 13 16 24 45 461316244546 U.S. CERT Current Activity 4545 U.S. Chamber Security Essentials for Business 4848 University of California Berkeley DETER Testbed Project 4747 University of Maryland Cybersecurity Center 4747 INDEX

54 V Verizon 9 10 4391043W White House 5 15 16 18 19 2051516181920 White House Cybersecurity Overview 1818 White House Key Cyber Offices/Programs 1919 White House Cyberpace Policy Review 18 201820 White House Reports & Publications 2020 INDEX

55 This toolkit was made possible with the input of many individuals in the cybersecurity stakeholder community. Special thanks go to the following government organizations for their generous advice and assistance throughout the development of the USTelecom Cybersecurity Toolkit: The developers want to particularly thank our USTelecom interns who supported us with their research, creativity, and inspiring passion for learning. ACKNOWLEGEMENTS AND CONTACTS AND CONTACTS Anthony V. Jones USTelecom Director of Critical Infrastructure Bus: (202) 326-7277 E-mail: ajones@ustelecom.org Robert H. Mayer USTelecom Vice President of Industry and State Affairs Bus: (202) 326-7221 E-mail: rmayer@ustelecom.org Department of Commerce Department of Defense Department of Justice Department of Homeland Security Federal Communications Commission The White House Oliver Eisler David Feenstra Rachel Kellerman Elizabeth Tauke


Download ppt "Robert H. Mayer USTelecom Vice President, Industry and State Affairs Anthony Jones USTelecom Director, Critical Infrastructure and Compliance DISCLAIMER:"

Similar presentations


Ads by Google