Presentation is loading. Please wait.

Presentation is loading. Please wait.

National Cyber Security Division (NCSD): Approved Overview Briefing Wednesday, July 1, 2003.

Similar presentations


Presentation on theme: "National Cyber Security Division (NCSD): Approved Overview Briefing Wednesday, July 1, 2003."— Presentation transcript:

1 National Cyber Security Division (NCSD): Approved Overview Briefing Wednesday, July 1, 2003

2 2 Strategy A secure and robust national cyber infrastructure is vital to the protection of the nations critical infrastructure and key assets CRITICAL INFRASTRUCTURE SECTORS Agriculture Food Water Public Health Emergency Services Defense Industry Base Information and Telecommunications Energy Banking & Finance Chemical Industry & Hazardous Materials Postal & Shipping KEY ASSETS National Monuments & Icons Nuclear Power Plants Dams Government Facilities Commercial Assets CYBER ASSETS PEOPLE ASSETS PHYSICAL ASSETS CRITICAL INFRASTRUCTURE ASSET CATEGORIES

3 3 The Homeland Security Act and national strategies direct DHS to take the lead on cyber security Homeland Security Act of 2002 Directed IAIP to develop a national plan for protecting key resources and critical infrastructure of the United States and the physical and technological assets that support such systems Directed IAIP, in cooperation with other Federal agencies, state and local government, and the private sector, to recommend measures necessary to protect the key resources and critical infrastructure Directed IAIP to provide analysis related to the threats or vulnerabilities to critical information systems and provide crisis management support to threats to or attacks on critical information systems Directed IAIP to develop a national plan for protecting key resources and critical infrastructure of the United States and the physical and technological assets that support such systems Directed IAIP, in cooperation with other Federal agencies, state and local government, and the private sector, to recommend measures necessary to protect the key resources and critical infrastructure Directed IAIP to provide analysis related to the threats or vulnerabilities to critical information systems and provide crisis management support to threats to or attacks on critical information systems National Strategy to Secure Cyberspace (February, 2003) Designated the Department of Homeland Security as the agency primarily responsible for the implementation of the strategic objectives of the strategy National Strategy for Homeland Security (July, 2002) Established securing cyberspace as a major initiative in protecting critical infrastructures and key assets

4 4 The National Strategy to Secure Cyberspace articulates five priorities PriorityImplication National Cyberspace Security Response System Rapid identification, information exchange, and remediation can mitigate damage Response system will involve public and private institutions and cyber centers to perform analyses, conduct watch and warning, enable information exchange, and facilitate restoration efforts National Cyber Security Threat and Vulnerability Reduction Program Coordinated national efforts by government and private sector to identify and remediate serious cyber vulnerabilities through collaborative activities, such as sharing best practices and evaluating and implementing new technologies Also: raise awareness, increase criminal justice activities, and develop national security programs to deter cyber threats National Cyberspace Security Awareness and Training Program Promote comprehensive national awareness program to empower all Americans – businesses, workforce, and general population to secure their own parts of cyberspace Foster adequate training and education programs to support Nations cyber-security needs Increase efficiency of existing federal training Promote private support for independent certification of cybersecurity professionals Securing Governments Cyberspace Federal Government: –Continuously assess threats and vulnerabilities to cyber systems –Agency-specific processes Identify and document enterprise architecture Continuously assess threats and vulnerabilities Implement security controls and remediation efforts

5 5 The National Strategy to Secure Cyberspace articulates five priorities (contd.) PriorityImplication Securing Governments Cyberspace (contd.) Additional Government-wide Challenges –Authenticate and maintain authorization for users of Federal systems –Secure Federal wireless local area networks –Improve security in government outsourcing and procurement –Develop specific criteria for independent security reviews and reviewers and certification State and local governments: –With increasing dependence on integrated systems, state, local and Federal agencies must collectively combat cyber attacks –Information sharing to protect systems is important foundation for ensuring government continuity –DHS will work with state and local govts. And encourage their efforts to establish IT security programs and participate in ISACs with similar governments International Cyberspace Security Cooperation Ensuring Americas national security –Strengthen counterintelligence efforts in cyberspace –Improve attack attribution and prevention capabilities –Improve coordination for responding to cyber attacks in national security community –Reserve right to respond in an appropriate manner International cooperation –Work with international organizations and industry to facilitate and promote global culture of security –Develop secure networks –Promote North American cyberspace security –Foster establishment of national and interntl watch-and-warning networks to detect and prevent cyber attacks as they emerge

6 6 Information Analysis and Infrastructure Protection (IAIP) Directorate Infrastructure Coordination Division Infrastructure Protection Division National Cyber Security Division (NCSD) KEY FUNCTIONS: Risk, Threat, & Vulnerability Identification and Reduction Cyber Security Tracking, Analysis & Response Center (CSTARC) Outreach, Awareness & Training Infrastructure Protection Information Analysis Risk Assessment Division Indications and Warning Division This new division will be focused on the vitally important task of protecting the nations cyber assets so that we may best protect the nations critical infrastructure assets DHS Secretary Tom Ridge As a result, DHS established the National Cyber Security Division (NCSD) as the dedicated Federal focal point for cyber security

7 7 Current NCSD operations are organized into three functional areas Risk, Threat, Vulnerability Identification & Reduction Outreach, Awareness, & Training The mission of the NCSD is to implement the National Strategy to secure cyberspace and to provide a centralized coordination point for the collection and dissemination of protective measures to reduce vulnerabilities and risks to the cyber infrastructure National Cyber Security Division (NCSD) is the National focal point for addressing cyber security issues in the United States Partnerships with public and private stakeholders are critical to achievement of the NCSD mission NCSD responsibilities include: Identifying, analyzing and reducing threats and vulnerabilities Disseminating threat warning information Coordinating incident response Providing technical assistance in continuity of operations and recovery planning The mission of the NCSD is to implement the National Strategy to secure cyberspace and to provide a centralized coordination point for the collection and dissemination of protective measures to reduce vulnerabilities and risks to the cyber infrastructure National Cyber Security Division (NCSD) is the National focal point for addressing cyber security issues in the United States Partnerships with public and private stakeholders are critical to achievement of the NCSD mission NCSD responsibilities include: Identifying, analyzing and reducing threats and vulnerabilities Disseminating threat warning information Coordinating incident response Providing technical assistance in continuity of operations and recovery planning Elements of the NCSD Mission Cyber Security Tracking, Analysis, & Response Center (CSTARC) Key NCSD Functional Areas

8 8 These three key mission areas are in alignment with the National Strategy to Secure Cyberspace and highlight the execution focus of the NCSD Risk, Threat, & Vulnerability Reduction Cyber Security Tracking, Analysis, & Response Center (CSTARC) Cyber Security Tracking, Analysis, & Response Center (CSTARC) Outreach, Awareness, & Training Three Key Mission Areas of NCSD National Strategy to Secure Cyberspace Prevent cyber attacks against Americas Critical Infrastructure Reduce National vulnerability to cyber attacks Minimize damage and recovery time from cyber attacks that do occur A National Cyberspace security response system A National Cyberspace security threat & vulnerability reduction program A National Cyberspace security awareness training program Securing Governments cyberspace National Security & International Cyberspace Security Cooperation Strategic Objectives of the National Strategy to Secure Cyberspace Critical Priorities of the National Strategy to Secure Cyberspace

9 9 The NCSD is leveraging relationships with and capabilities of public and private sector partners to support current operations PartnershipsFunctional Area Description Organizations with functions that are now resident in NCSD –NIPC –FedCIRC* –NCS –CIAO Government entity partners –Law enforcement –Federal, State and Local government organizations –NASCIO –HSA –ISIP Private sector partners –Software vendors –Hardware vendors –Security vendors –Key industry associations and groups –IT outsourcers Risk, Threat, Vulnerability Identification & Reduction –Leverage, design, and lead implementation of methodologies and best practices with our partners to assess risks and threats, and to reduce vulnerabilities to attacks Cyber Security Tracking, Analysis & Response Center –Implement CSTARC by consolidating government organizations and leveraging our National and international leadership and expertise across the public sector, the private sector, and academia Outreach, Awareness & Training –Design and lead implementation of training and awareness efforts and campaigns that use a multi-level approach to education industry, government, and the public on the importance of their roles in National cyber security

10 10 Although operational on June 6 th, a Planning Team has been established to assist in developing the final NCSD business process optimization and organization design NCSD announced and Day One capabilities functioning on June 6 th NCSD Planning team established –Select group of key individuals (with contractor support) with background and experience are working to consolidate, streamline and improve processes to support NCSD operations –Responsible for identifying the structure and relationships to support those processes –Organization design and processes rely heavily on the identification of key stakeholders and partners in the cyber security industry In addition to the day-to-day work associated with each of the functions, work is being done in each of the functional areas to establish processes for effective operations –Risk, Threat, Vulnerability Identification & Reduction –Cyber Security Tracking, Analysis & Response Center –Outreach, Awareness & Training

11 11 …with an ultimate goal of developing long-term robust capability in cyber security Current CapabilitiesFuture Capabilities Analytic capability to support cyber alerts and warning process for threats and vulnerabilities Consolidated list of effective practices for cyber security including best practices risk mitigation of cyber vulnerabilities Tracking of threats, vulnerabilities, and incidents via information exchange and dissemination of alerts and warnings to Government and the private sector Coordinated operations of 24 X 7 cyber watch centers Public awareness, training, and education campaigns including Stay Safe On-Line and others Process to improve and expand international cyber security relationships Lead the implementation of a standardized National risk, threat, and vulnerability assessment methodology Correlate data to assist the critical infrastructure sectors to generate metrics on cyber security readiness and capability on a periodic basis Build a mature capability over time that utilizes interdependency analysis (physical and cyber) and adaptive protection to prevent effective attacks Implement and operate a single National 24x7 CSTARC for cyberspace security in partnership with the public and private sectors Establish standardized and efficient information sharing processes to provide real-time information and warning capabilities across the Nations cyber landscape Complete the implementation of a comprehensive multi-level campaign to promote cyber security awareness and readiness Create public/private outreach groups to assist the entire spectrum of customers in securing their systems through implementation of effective security practices

12 12 Next Steps… {This slide should be completed by presenter based on obj. of presentation and audience} Continue to protect the Nations cyber security infrastructure Continue to build strong partnerships within the public and private sectors Questions? Contact Information

13 13 Appendix: Other slides and graphics that may be used in briefings

14 14 The strategy of DHS, as defined by the Nation Strategy for Homeland Security, consists of three key objectives Three Key Objectives of the National Strategy for Homeland Security Key Objective I Prevent terrorist attacks within the United States Key Objective II Reduce Americas vulnerability to terrorism Key Objective III Minimize the damage and recover from attacks that do occur

15 15 IAIP is aligned with these key objectives through four key execution strategies: Evaluation, Communication, Coordination, and Protection Key Objective I Prevent terrorist attacks within the United States Key Objective II Reduce Americas vulnerability to terrorism Key Objective III Minimize the damage and recover from attacks that do occur Evaluation of terrorist threats Communication of warnings and information about terrorist threats Coordination and implementation of protective measures and reporting to prevent terrorist attacks Protection of the critical infrastructure through implementation and adaptation of protective measures Evaluation of terrorist threats Communication of warnings and information about terrorist threats Coordination and implementation of protective measures and reporting to prevent terrorist attacks Protection of the critical infrastructure through implementation and adaptation of protective measures Evaluation of threats, risks, and vulnerabilities Communication of information about terrorist capabilities and priorities Coordination and implementation of protective measures Protection through analysis of cross- sector and cross-asset interdependencies Evaluation of threats, risks, and vulnerabilities Communication of information about terrorist capabilities and priorities Coordination and implementation of protective measures Protection through analysis of cross- sector and cross-asset interdependencies Evaluation of impact of attacks Communication of cross-sector and cross-asset impacts and responses Coordination of event response across sectors, assets, and across DHS groups responding to attacks Protection against future attacks or repeat attacks through lessons learned, forensics, and protective measures Evaluation of impact of attacks Communication of cross-sector and cross-asset impacts and responses Coordination of event response across sectors, assets, and across DHS groups responding to attacks Protection against future attacks or repeat attacks through lessons learned, forensics, and protective measures Alignment through Evaluation, Communication, Coordination, & Protection

16 16 The Infrastructure Protection mission is to rapidly implement protective measures with our partners to reduce the vulnerabilities of Americas critical infrastructure IP, in partnership with IA and federal, state, local, private, and international entities protects Americas critical infrastructures. IP Mission Statement

17 17 The IAIP goal, as defined in the HSA, executes across 13 sectors, five key assets, and three asset categories, in alignment with the National Strategy 17 Information Analysis/Information Protection Mission Agriculture Food Water Public Health Emergency Services Government Defense Industry Base Information and Telecommunications Energy Transportation Banking & Finance Chemical Industry & Hazardous Materials Postal & Shipping Critical Infrastructure Sectors Evaluation: Assessing Value & Prioritizing Capabilities Coordination: Extracting Value & Leveraging Capabilities Protection: Preserving Value & Maintaining Capabilities Communication: Disseminating Value & Sharing Capabilities Key Activities Matrix Key Activities Matrix Identify critical infrastructures, threats, & incidents Assess & analyze risks and vulnerabilities Develop protective measures Leverage operational expertise Administer warning capability Correlate threat information, monitor and report status Coordinate with industry/federal partners Track and respond to legislative trends Assist EP&R in incident response Support implementation of protective measures Asset Categories Physical Assets People Assets Key Assets National Monuments & Icons Nuclear Power Plants Dams Government Facilities Commercial Assets Strategy Continuum Cyber Assets

18 18 To IAIP has implemented a dedicated National Cyber Security Division (NCSD) within IP, that will lead protection of the Nations critical cyber assets across three key mission areas Three Key Mission Areas of the NCSD With partnerships as the foundation for implementation, the NCSD will immediately drive design and implementation of protective measures to reduce Americas vulnerability to cyber attack Partnerships – The critical enabler of all of the key activities Risk, Threat, & Vulnerability Identification & Reduction Leverage, design, and lead implementation of methodologies and best practices with our partners to assess risks and threats, and to reduce vulnerabilities to attacks Cyber Security Tracking, Analysis,& Response Center (CSTARC) Cyber Security Tracking, Analysis,& Response Center (CSTARC) Implement CSTARC by consolidating government organizations and leveraging our National and international leadership and expertise across the public sector, the private sector, and academia. Outreach, Awareness, & Training Design and lead implementation of training and awareness efforts and campaigns that use a multi- level approach to educate industry, government, and the public on the importance of their roles in National cyber security

19 19 The National Cyber Security Division mission statement The National Cyber Security Division (NCSD) is the National focal point for addressing cyber security issues in the United States. The NCSD mission includes identifying, analyzing and reducing threats and vulnerabilities; disseminating threat warning information; coordinating incident response; and providing technical assistance in continuity of operations and recovery planning. The NCSD also serves as the single National point of contact for the public and private sector regarding cyber security issues, including outreach, awareness, and training. NCSD Mission Statement

20 20 The implementation plan for the NCSD focuses on delivering capabilities immediately, while building a streamlined team and business process, using a staged three-phased approach Phase I: IMPLEMENT IMMEDIATE OPERATING CAPABILITY 1 Apr 2003 1 Jun 2003 1 Oct 2003 1 Mar 2004 Activities: Implement coordinated cyber-security program within DHS/IAIP Formally announce new organization and recruit a leadership team Continue to deliver Day One capabilities Activities: Complete organization and process streamlining and consolidation design Validate and implement streamlined organization and processes Complete hiring of permanent leadership team Deliver 180-day capabilities Activities: Complete implementation of streamlined organization and processes Operation of 180-day capabilities under way Deliver strategic full operational capabilities Phase II: IMPLEMENT INTERIM OPERATING CAPABILITY Phase III: IMPLEMENT FULL OPERATING CAPABILITY

21 21 June 15July 30August 15August 30 September 15 The engagement plan uses a phased approach to show results quickly and to add value throughout the execution of the project Assessment of Current functions, processes, capabilities, and organizations Analysis to determine gaps and overlaps in functions, processes, capabilities, and organizations Design of consolidated and streamlined organization and processes Implementation plan to mitigate risks associated with the new organization and processes Activities: Analyze inventory of functions, processes, capabilities, and organizations from assessment task to determine duplications or overlaps in responsibility Analyze inventory of functions, processes, capabilities, and organizations from assessment task to determine gaps in critical required capabilities as defined by the NCSD strategy and the National Strategy Activities: Formulate to be business process model for new streamlined and consolidated organization Design organizational structure to support streamlined business process Validate design with key stakeholders Activities: Develop implementation plan and current function and organization transition plan Validate implementation and transition plan with key stakeholders Develop key implementation risks and risk mitigation plans Deliverables: Current process diagram and model including key activities, processes, products and services for each organization represented. Overlap and gap analysis of current Federal Government cyber security functions, processes, capabilities, and organizations including communication processes with the private sector Deliverables: Options for To be streamlined and consolidated business process model Options for organizational structure to implement new streamlined and consolidated cyber security capability Recommendations and selection criteria for options and recommendations Deliverables: Validated implementation and transition plan Validated risk mitigation plan Executive decision briefing for NCSD leader and Assistant Secretary of IP Activities: Identify and inventory existing organizations, functions, capabilities, and organizations Interview stakeholders and leaders and members of these organizations and review work products and documentation Develop complete inventory of current cyber security functions, processes, capabilities, and organizations Deliverables: Interview templates, schedule, and project plan Complete inventory of stakeholders Interview documentation Description key activities, processes, products and services for each organization represented.

22 22 The methodology for the engagement uses supply chain analysis to evaluate the activities, products, and processes of the NCSD Supplier s Supplier Products & Services Supplier Channels Custome rs Custome r Channels NCSD Products & Services NCSD Mission NCSD Key Activities Key Question: What organizations provide the products and services required by the NCSD? Key Question: What products and services do the suppliers give to the NCSD to enable its mission? Key Question: How do suppliers send/provide products, and services to the NCSD? Key Question: What products and services does the NCSD produce to protect Americas critical infrastructure? Key Question: How does the NCSD deliver products and services to its customers? Key Question: Who are the customers and recipients of NCSD products and services?

23 23 A preliminary list of stakeholders has been identified for the NCSD from all of the critical infrastructure sectors across a wide spectrum of public and private organizations Academia CERT/CC GA Tech JHU Purdue Dartmouth I3P CERT/CC GA Tech JHU Purdue Dartmouth I3P Federal & Civilian Agencies (non-DHS/DoD) NIST OMB CIO Council HSC FedCIRC OSTP NSC USSS DOJ FBI CSIRC NSF IGs Congress NIST OMB CIO Council HSC FedCIRC OSTP NSC USSS DOJ FBI CSIRC NSF IGs Congress State & Local Governments NASCIO Governor Executive Offices Law enforcement (state) Law enforcement (local) HSA Local government organizations Multi-state ISAC ISIP Congress NASCIO Governor Executive Offices Law enforcement (state) Law enforcement (local) HSA Local government organizations Multi-state ISAC ISIP Congress Department of Homeland Security IAIP Divisions S&T EP&R Homeland Security Center NCS IAIP Divisions S&T EP&R Homeland Security Center NCS Department of Defense JTF-CNO DoD-CERT NSIRC NorthCOM ASD/C3I NSA DOD-IG STRATCOM JTF-CNO DoD-CERT NSIRC NorthCOM ASD/C3I NSA DOD-IG STRATCOM Private Sector Sector ISACs Software vendors Hardware vendors Security vendors IT outsourcers Key industry associations and groups ISAC Council DNS root operators ISA Sector ISACs Software vendors Hardware vendors Security vendors IT outsourcers Key industry associations and groups ISAC Council DNS root operators ISA International Government & NGOs ISO International CERTs ISO International CERTs This list must be quickly validated and completed by the beginning of the interview process Preliminary DRAFT List

24 24 To execute the assessment, the team must first interview several key players within the NCSD, DHS, DoD, and industry and then solicit wider input Task 1 – Interview Key Players and Formalize Questionnaires for other Players NCSD subgroups: –VTRRIA –CSTARC –OA&T FedCIRC OMB HSC CERT-CC JTF-CNO/DoD-CERT IAIP/ICD IAIP/IPD Top 5 industry associations Top 5 security vendors NCSD subgroups: –VTRRIA –CSTARC –OA&T FedCIRC OMB HSC CERT-CC JTF-CNO/DoD-CERT IAIP/ICD IAIP/IPD Top 5 industry associations Top 5 security vendors Task 2 – Solicit Input from Other Players through Briefings & Questionnaires Academia Other industry associations Other federal agencies State and local governments NORTHCOM etc.. Academia Other industry associations Other federal agencies State and local governments NORTHCOM etc.. Task 3 – Follow up Briefings and Questionnaires with Phone Calls/In-person Meetings Academia Other industry associations Other federal agencies State and local governments NORTHCOM etc.. Academia Other industry associations Other federal agencies State and local governments NORTHCOM etc.. The result will be a complete inventory of the suppliers, products, channels, and customers in the cyber security protection supply chain. This inventory will allow us to quickly assess overlaps and gaps in the supply chain and to quickly prioritize actions for mitigating gaps and eliminating overlaps.

25 25

26 26


Download ppt "National Cyber Security Division (NCSD): Approved Overview Briefing Wednesday, July 1, 2003."

Similar presentations


Ads by Google