CYBERSECURITY TOOLKIT Robert H. Mayer USTelecom Vice President, Industry and State Affairs Anthony Jones USTelecom Director, Critical Infrastructure and Compliance DISCLAIMER: This material is provided for informational and educational purposes only.  USTelecom does not assume responsibility for the accuracy or currency of the information provided herein which has been aggregated from publicly available sources. The primary sources should be consulted for further information on any specific topic. © 2012 United States Telecom Association. All Rights Reserved.

INTRODUCTION HOME INDEX NEXT SLIDE PREVIOUS SLIDE The 2012 USTelecom Cybersecurity Toolkit is designed to provide a broad set of stakeholders with a current, comprehensive, web-enabled and user-friendly tool to access the complex and innovative world of cybersecurity. While the Internet offers an abundance of exceptional resources to choose from, we have selected sites which we believe allow the novice, the expert, and those somewhere in between to locate a wealth of organized information that can be accessed in a self-guided manner. This effort is dedicated to the countless professionals in government, industry, academia and not-for-profit organizations who work tirelessly to ensure that our digital society and the information and broadband infrastructure that it relies upon remains safe, secure and resilient. We trust you will find this tool to be a useful, valued and often-used resource. Walter B. McCormick, Jr. USTelecom President & CEO HOME INDEX NEXT SLIDE PREVIOUS SLIDE

1 . 2 . 3 . TOOLKIT GUIDE 1-2-3 VIEW POWERPOINT IN “SLIDE SHOW” MODE CLICK ON ANY RAISED BUTTON TO ACTIVATE LINK 2 . 3 . USE TOOLBAR BELOW TO NAVIGATE TOOLKIT HOME INDEX NEXT SLIDE PREVIOUS SLIDE

TABLE OF CONTENTS 1 2 3 4 5 CYBERSPACE AND THE INTERNET SHARED AND DIVERSE ECOSYSTEM BASIC SECURITY CONCEPTS THREAT SOURCE ASSESSMENT COMMON ATTACK METHOD 1 2 3 4 5 CONTINUE HOME INDEX NEXT SLIDE PREVIOUS SLIDE

TABLE OF CONTENTS 6 7 8 9 10 CYBER POLICY ECOSYSTEM PARTNERSHIP VENUES THE WHITE HOUSE DEPARTMENT OF HOMELAND SECURITY DEPARTMENT OF COMMERCE 6 7 8 9 10 CONTINUE HOME INDEX NEXT SLIDE PREVIOUS SLIDE

TABLE OF CONTENTS 11 12 13 14 15 DEPARTMENT OF JUSTICE FEDERAL COMMUNICATIONS COMMISSION DEPARTMENT OF DEFENSE U.S. CONGRESS KEY STATUTES 12 13 14 15 CONTINUE HOME INDEX NEXT SLIDE PREVIOUS SLIDE

TABLE OF CONTENTS 16 17 18 19 20 INTERNATIONAL STANDARDS BODIES USTELECOM MEMBER SERVICES CYBER RESOURCE CENTER INDEX ACKNOWLEDGEMENTS AND CONTACTS 17 18 19 20 HOME INDEX NEXT SLIDE PREVIOUS SLIDE

CYBERSPACE AND THE INTERNET A global domain within the information environment consisting of the inter-dependent network of information technology infrastructures, including: the Internet, telecommunications networks, computer systems, and embedded processors and controllers CYBERSPACE Single, interconnected, worldwide system of computer networks that share: the Internet Architecture Board (IAB) specified protocol suite and the name and address spaces managed by the Internet Corp. for Assigned Names and Numbers (ICANN). INTERNET HOME HOME INDEX INDEX SITE MAP NEXT SLIDE PREVIOUS SLIDE PREVIOUS SLIDE

CONTENT DELIVERY NETWORK A SHARED AND DIVERSE ECOSYSTEM INTERNET SERVICE PROVIDERS CONTENT DELIVERY NETWORK PROVIDERS WEB HOSTING PROVIDERS E-COMMERCE PROVIDERS GLOBAL BACKBONE PROVIDERS CONTINUE HOME INDEX NEXT SLIDE PREVIOUS SLIDE

THE ECOSYSTEM (Cont.) SOCIAL NETWORK SERVICES SEARCH SERVICE PROVIDERS OPERATING SYSTEM DEVELOPERS APPLICATION DEVELOPERS EQUIPMENT AND DEVICES CLOUD SERVICE PROVIDERS HOME INDEX NEXT SLIDE PREVIOUS SLIDE

BASIC SECURITY CONCEPTS SECURE OPERATING SYSTEMS SECURITY ARCHITECTURE Cybersecurity is defined as “the collection of tools, policies, security concepts, security safeguards, guidelines, risk management approaches, actions, training, best practices, assurance and technologies that can be used to protect the cyber environment and organization and user’s assets.” International Telecommunications Union - TX 1205 Cyber Security SECURE OPERATING SYSTEMS SECURITY ARCHITECTURE SECURITY BY DESIGN SECURE CODING Cyber Insecurity VULNERABILITY SOCIAL ENGINEERING EAVESDROPPING EXPLOITS TROJANS VIRUSES WORMS DENIAL OF SERVICE PAYLOADS BACKDOORS ROOTKITS KEYLOGGERS HOME INDEX NEXT SLIDE PREVIOUS SLIDE

THREAT SOURCE ASSESSMENT U.S GOVERNMENT THREAT SOURCE ASSESSMENT (US CERT) NATION STATES HACKERS TERRORISTS ORGANIZED CRIME HOME INDEX NEXT SLIDE PREVIOUS SLIDE

COMMON ATTACK METHODS CROSS SITE SCRIPTING PHISHING VIRUS WAR DRIVING SQL INJECTION DENIAL OF SERVICE ZIP BOMB TROJAN HORSE LOGIC BOMB ZERO-DAY EXPLOITS WORM APTs BOTNETS HOME INDEX NEXT SLIDE PREVIOUS SLIDE

OFFICIAL DEPICTION OF CYBER SOURCE: WHITE HOUSE WEBSITE POLICY ECOSYSTEM SOURCE: WHITE HOUSE WEBSITE HOME INDEX NEXT SLIDE PREVIOUS SLIDE

ILLUSTRATIVE AND UNOFFICIAL DEPICTION NCIRP EOP OSTP Cyber UCG NCCIC NCC GOP-CTF NITRD CNCI SOPA JTF-GNO PRIVATE SECTOR CONGRESS THE WHITE HOUSE CISPA IBG IT-SCC NOCs DEFENSE House-CSTF Int’l. Cyber Strategy COMMS-ISAC DC3 IT-ISAC DOD ESF-#2 CSCC DHS-IP FS-ISAC DHS DIB DOC LAW ENFORCEMENT FBI CSRIC 24+ GOVERNMENT AGENCIES USSS DOJ NCIJTF WG7:BOTNETs DNI DHS-CS&C InfraGard PARTNERSHIPS Treasury INTELLIGENCE US CERT WG2A:CyberBPs INTERNATIONAL NTOC MS_ISAC ICS-CERT NTIA NSA DOS CERTs ITU STANDARDS ORGS NERC WCIT2012 IS-IRC NATO IEEE NIST ATIS HOME INDEX NEXT SLIDE PREVIOUS SLIDE

SAMPLE OF PARTNERSHIP AND COLLABORATION VENUES Industry Botnet Group (IBG) Comms ISAC HOME INDEX NEXT SLIDE PREVIOUS SLIDE

THE WHITE HOUSE WHITE HOUSE CYBERSECURITY OVERVIEW 60 DAY “Cyberspace touches nearly every part of our daily lives.  It's the broadband networks beneath us and the wireless signals around us, the local networks in our schools and hospitals and businesses, and the massive grids that power our nation.  It's the classified military and intelligence networks that keep us safe, and the World Wide Web that has made us more interconnected than at any time in human history.”  - The White House Website 60 DAY CYBERSECURITY POLICY REVIEW THE COMPREHENSIVE NATIONAL CYBERSECURITY INITIATIVE (CNCI) NATIONAL STRATEGY FOR TRUSTED IDENTITIES IN CYBERSPACE (NSTIC) NATIONAL INITIATIVE FOR CYBERSECURITY EDUCATION (NICE) HOME INDEX NEXT SLIDE PREVIOUS SLIDE

THE WHITE HOUSE KEY OFFICES/PROGRAMS OFFICE OF SCIENCE AND TECHNOLOGY POLICY (OSTP) NATIONAL SCIENCE AND TECHNOLOGY COUNCIL (NSTC) NATIONAL INFORMATION TECHNOLOGY RESEARCH AND DEVELOPMENT (NITRD) INTERAGENCY WORKING GROUP ON CYBER SECURITY AND INFORMATION ASSURANCE (CSIA IWG) HOME INDEX NEXT SLIDE PREVIOUS SLIDE

WHITE HOUSE REPORTS AND PUBLICATIONS OF INTEREST Supporting Documents THE NATIONAL STRATEGY TO SECURE CYBERSPACE NATIONAL STRATEGY FOR TRUSTED I.D. IN CYBERSPACE CYBERSPACE POLICY REVIEW POLICY REVIEW SUPPORT DOCUMENTS INTER- NATIONAL STRATEGY FOR CYBERSPACE HOME INDEX NEXT SLIDE PREVIOUS SLIDE

DEPARTMENT OF HOMELAND SECURITY CYBERSECURITY OVERVIEW “Cybersecurity is a shared responsibility – the responsibility of government, our private sector partners, and every computer user… DHS has set out on a path to build a cyber system that supports secure and resilient infrastructure, encourages innovation, and protects openness, privacy and civil liberties.” - DHS Secretary Janet Napolitano May 30, 2012 PARTNERSHIP STRUCTURE KEY OFFICES AND PROGRAMS OPERATIONS EDUCATION/AWARENESS TRAINING/EXERCISES REPORTS AND PUBLICATIONS HOME INDEX NEXT SLIDE PREVIOUS SLIDE

DEPARTMENT OF HOMELAND SECURITY PUBLIC-PRIVATE PARTNERSHIP STRUCTURE NATIONAL INFRASTRUCTURE PROTECTION PLAN (NIPP) CRITICAL INFRASTRUCTURE PARTNERSHIP ADVISORY COUNCIL (CIPAC) NATIONAL SECURITY TELECOMMUNICATIONS ADVISORY COUNCIL (NSTAC) CRITICAL INFRASTRUCTURE SECTOR PARTNERSHIPS PROTECTED CRITICAL INFRASTRUCTURE INFORMATION (PCII) PROGRAM REGIONAL PARTNERSHIPS AND MISSION COLLABORATION HOME INDEX NEXT SLIDE PREVIOUS SLIDE

DEPARTMENT OF HOMELAND SECURITY KEY OFFICES AND PROGRAMS OFFICE OF CYBERSECURITY AND COMMUNICATIONS (CS&C) NATIONAL RESPONSE FRAMEWORK NATIONAL COMMUNICATIONS SYSTEM (NCS) CYBER INCIDENT ANNEX NATIONAL CYBERSECURITY DIVISION (NCSD) NATIONAL CYBER INCIDENT RESPONSE PLAN (NCIRP) OFFICE OF EMERGENCY COMMUNICATIONS (OEC) NATIONAL CYBER AWARENESS SYSTEM HOME INDEX NEXT SLIDE PREVIOUS SLIDE

DEPARTMENT OF HOMELAND SECURITY KEY OFFICES AND PROGRAMS (CONT.) FEMA NATIONAL INCIDENT MANAGEMENT SYSTEM (NIMS) ELECTRONIC CRIMES TASK FORCES AND WORKING GROUPS ICE CYBER CRIME CENTER (C3) OPERATIONS NATIONAL CYBERSECURITY COMMUNICATIONS INTEGRATION CENTER (NCCIC) NATIONAL COORDINATING CENTER FOR TELECOM (NCC) U.S. CERT INDUSTRIAL CONTROL SYSTEMS (ICS) CERT HOME INDEX NEXT SLIDE PREVIOUS SLIDE

DEPARTMENT OF HOMELAND SECURITY EDUCATION AND AWARENESS NATIONAL CYBER SECURITY AWARENESS MONTH STOP, THINK AND CONNECT TRAINING AND EXERCISES CYBER STORM EXERCISES NATIONAL LEVEL EXERCISES CONTROL SYSTEM SECURITY TRAINING EDUCATION AND WORKFORCE DEVELOPMENT DHS/FEMA CERTIFIED CYBERSECURITY TRAINING HOME INDEX NEXT SLIDE PREVIOUS SLIDE

CONTINUE DHS REPORTS AND PUBLICATIONS OF INTEREST BLUEPRINT FOR A SECURE CYBER FUTURE NATIONAL INFRASTRUCTURE PROTECTION PLAN (NIPP) NATIONAL CYBER INCIDENT RESPONSE PLAN ENABLING DISTRIBUTED SECURITY IN CYBERSPACE CONTINUE HOME INDEX NEXT SLIDE PREVIOUS SLIDE

DHS REPORTS AND PUBLICATIONS OF INTEREST (CONT.) COMM SECTOR- SPECIFIC PLAN CYBER STORM II FINAL REPORT PRIVACY COMPLIANCE REVIEW EINSTEIN PROGRAM QUADRENNIAL HOMELAND SECURITY REPORT HOME INDEX NEXT SLIDE PREVIOUS SLIDE

DEPARTMENT OF COMMERCE NATIONAL TELECOMMUNICATIONS AND INFORMATION ADMINISTRATION (NTIA) INTERNET POLICY OVERVIEW INTERNET POLICY TASK FORCE MODELS TO ADVANCE VOLUNTARY CORPORATE NOTIFICATION TO CONSUMERS BOTNETS AND MALWARE CYBERSECURITY INITIATIVES DOMAIN NAME SYSTEMS (DNS) ADOPTION AND DEPLOYMENT IPv6 CYBERSECURITY INNOVATIONS AND THE INTERNET ECONOMY HOME INDEX NEXT SLIDE PREVIOUS SLIDE

DEPARTMENT OF COMMERCE NATIONAL INFORMATION AND STANDARDS TECHNOLOGY (NIST) INFORMATION TECHNOLOGY PORTAL OVERVIEW NATIONAL CYBERSECURITY CENTER OF EXCELLENCE CYBERSECURITY PROGRAMS INFORMATION TECHNOLOGY LABORATORY (ITL) NATIONAL VULNERABILITY DATABASE NATIONAL INITIATIVE FOR CYBERSECURITY EDUCATION (NICE) SMALL BUSINESS CORNER AND WORKSHOPS COMPUTER SECURITY RESOURCE CENTER SMART GRID CYBER SECURITY WORKING GROUP HOME INDEX NEXT SLIDE PREVIOUS SLIDE

DEPARTMENT OF COMMERCE PUBLICATIONS AND REPORTS OF INTEREST CLOUD COMPUTING SYNOPSIS GLOSSARY OF KEY INFORMATION SECURITY TERMS GUIDE TO NIST SECURITY DOCUMENTS CYBERSECURITY INNOVATION AND THE INTERNET ECONOMY HOME INDEX NEXT SLIDE PREVIOUS SLIDE

DEPARTMENT OF JUSTICE OFFICE OF U.S ATTORNEYS CYBERCRIME OVERVIEW FEDERAL BUREAU INVESTIGATION CYBER OVERVIEW CRIMINAL DIVISION COMPUTER CRIME INTELLECTUAL PROPERTY DOJ CYBER PROGRAMS AND INITIATIVES STRATEGIC ALLIANCE CYBER CRIME WORKING GROUP INTERNET CRIME COMPLAINT CENTER (IC3) COMPUTER CRIME TASK FORCES INFRAGUARD CYBER ACTION TEAMS NATIONAL CYBER INVESTIGATIVE JOINT TASK FORCE (NCIJTF) HOME INDEX NEXT SLIDE PREVIOUS SLIDE

DEPARTMENT OF JUSTICE COMMON COMPUTER AND INTERNET CRIME REPORTING OTHER DOJ PROGRAMS SECRET SERVICE COMPUTER FORENSIC TRAINING CENTER COUNTER INTELLIGENCE STRATEGIC PARTNERSHIPS COMPUTER HACKING AND INTELLECTUAL PROPERTY (CHIP) UNIT COMMON INTERNET FRAUD SCHEMES COMPUTER AND INTERNET CRIME REPORTING HOME INDEX NEXT SLIDE PREVIOUS SLIDE

DEPARTMENT OF JUSTICE REPORTS AND PUBLICATIONS OF INTEREST Smishing and Vishing Cyber Terror By William L. Tafoya, Ph.D. Cyber Terror By William L. Tafoya, Ph.D. CYBER TERROR FBI ABILITY TO ADDRESS CYBER INTRUSION THREAT 2011 FBI INTERNET CRIME REPORT CYBER CRIMES TO WATCH OUT FOR HOME INDEX NEXT SLIDE PREVIOUS SLIDE

FEDERAL COMMUNICATIONS COMMISSION (FCC) FEDERAL COMMUNICATIONS COMMISSION CYBER SECURITY OVERVIEW "Over the years, the FCC has worked through its Federal Advisory Committee, the Communications Security, Reliability, and Interoperability Council – CSRIC – to develop voluntary industry wide best practices that promote reliable networks, including for 911 calling. CSRIC and its working groups is made up of industry leaders, academics, and innovators in communications, Federal partners, public safety entities, state and local government officials, and Internet registries.” - The FCC Website PREVIOUS VOLUNTARY COUNCILS THE NETWORK RELIABILITY AND INTEROPERABILITY (NRIC) COUNCIL COMMUNICATIONS SECURITY, RELIABILITY AND INTEROPERABILITY COUNCIL (CSRIC) II HOME INDEX NEXT SLIDE PREVIOUS SLIDE

FEDERAL COMMUNICATIONS COMMISSION (FCC) PUBLIC SAFETY AND HOMELAND SECURITY BUREAU COMMUNICATIONS SECURITY, RELIABILITY AND INTEROPERABILITY COUNCIL (CSRIC) III CURRENT CSRIC III WORKING GROUPS RECENT CSRIC III CYBER REPORTS ANTI BOTNET DNSSEC SECURE BGP CYBER FOR SMALL BUSINESS HOME INDEX NEXT SLIDE PREVIOUS SLIDE

DOD CYBER CRIME CENTER (DC3) DEPARTMENT OF DEFENSE DEPARTMENT OF DEFENSE UNITED STATES CYBER COMMAND “Our assessment is that cyber attacks will be a significant component of future conflicts. Over thirty countries are creating cyber units in their militaries. It is unrealistic to believe that each one will limit its capabilities to defense. Moreover, the centrality of information technology to the U.S. military and society virtually guarantees that future adversaries will target it.” - Deputy Secretary of Defense William Lynn DOD CYBER STRATEGY DOD CYBER CRIME CENTER (DC3) DOD COMPUTER CRIME PROGRAM COMPLETE ARTICLE HERE HOME INDEX NEXT SLIDE PREVIOUS SLIDE

REPORTS AND PUBLICATIONS DOD STRATEGY FOR OPERATING IN CYBERSPACE DEPARTMENT OF DEFENSE REPORTS AND PUBLICATIONS OF INTEREST DOD CYBERSPACE POLICY REPORT DOD STRATEGY FOR OPERATING IN CYBERSPACE USAF CYBER COMMAND STRATEGIC VISION HOME INDEX NEXT SLIDE PREVIOUS SLIDE

U.S. CONGRESS CONGRESSIONAL CYBERSECURITY CAUCUS “There is no single congressional committee or executive agency with primary responsibility over all aspects of cybersecurity; each entity involved pursues cybersecurity from a limited vantage point dictated by committee jurisdiction. Many different initiatives exist, but because of fragmentation of missions and responsibilities, ‘stove-piping,’ and a lack of mutual awareness between stakeholders, it is difficult to ascertain where there may be programmatic overlap or gaps in cybersecurity policy.” - Congressional Research Service ACCESS LIBRARY OF CONGRESS WEBSITE FOR STATUS ON CYBERSECURITY LEGISLATION HOME INDEX NEXT SLIDE PREVIOUS SLIDE

CONGRESSIONAL RESEARCH SERVICE AND GAO REPORTS GOVERNMENT ACOUNTABILITY OFFICE (GAO) CYBER REPORTS CYBERSECURITY: AUTHORITATIVE REPORTS AND RESOURCES (7/24/12) FEDERAL LAWS RELATING TO CYBERSECURITY (7/25/12) CYBERSECURITY: SELECTED LEGAL ISSUES (4/20/12) HOME INDEX NEXT SLIDE PREVIOUS SLIDE

KEY STATUTES ADDRESSING CYBERSECURITY COMPUTER FRAUD AND ABUSE ACT OF 1986 ELECTRONIC COMMUNICATIONS PRIVACY ACT (ECPA) OF 1986 COMPUTER SECURITY ACT OF 1987 PAPER WORK REDUCTION ACT OF 1995 CLINGER-COHEN ACT OF 1996 PAPER WORK REDUCTION ACT OF 1995 CONTINUE HOME INDEX NEXT SLIDE PREVIOUS SLIDE

KEY STATUTES ADDRESSING CYBERSECURITY (CONT.) THE U.S. PATRIOT ACT OF 2001 SEE CONGRESSIONAL RESEARCH REPORT TABLE 2 LAWS IDENTIFIED AS HAVING RELEVANT CYBERSECURITY PROVISIONS THE CYBER SECURITY RESEARCH AND DEVELOPMENT ACT OF 2002 HOMELAND SECURITY ACT OF 2002 THE E-GOVERNMENT ACT OF 2002 THE FEDERAL INFORMATION SECURITY MANAGEMENT ACT OF 2002 (FISMA) HOME INDEX NEXT SLIDE PREVIOUS SLIDE

INTERNATIONAL STANDARDS BODIES INTERNET CORPORATION FOR ASSIGNED NAMES AND NUMBERS (ICANN) INTERNATIONAL TELECOMMUNICATIONS UNION (ITU) THE INTERNET ASSIGNED NUMBER AUTHORITY (IANA) THE INTERNET SOCIETY (ISOC) INTERNET ARCHITECTURE BOARD (IAB) REGIONAL INTERNET REGISTRIES (RIRS) INTERNET ENGINEERING TASK FORCE (IETF) HOME INDEX NEXT SLIDE PREVIOUS SLIDE

CYBER SERVICES AND RESOURCES USTELECOM MEMBER CYBER SERVICES AND RESOURCES CONSOLIDATED COMMUNICATIONS AT&T CENTURYLINK FAIRPOINT NTT COMMUNICATIONS WINDSTREAM HAWAIIAN TELCOM VERIZON HOME INDEX NEXT SLIDE PREVIOUS SLIDE

CYBERSECURITY CENTERS RESOURCE CENTER     SITUATIONAL AWARENESS BEST PRACTICES AND INDUSTRY GUIDELINES ACADEMIC CYBERSECURITY CENTERS SELF-HELP AND AWARENESS HOME INDEX NEXT SLIDE PREVIOUS SLIDE

SITUATIONAL AWARENESS U.S CERT CURRENT ACTIVITY INTERNET TRAFFIC REPORT DOWN RIGHT NOW ARBOR NETWORKS ATLAS MULTI-STATE ISAC - CYBER DASHBOARD KEYNOTE INTERNET HEALTH REPORT CYBER SECURITY OPERATIONAL PICTURE SANS INTERNET STORM CENTER HOME INDEX NEXT SLIDE PREVIOUS SLIDE

CLOUD COMPUTING BEST PRACTICES INDUSTRY GUIDELINES FCC NRIC BEST PRACTICES DATABASE IETF BEST CURRENT PRACTICES (RFCs) ANSI STANDARDS GUIDANCE DOCUMENTS DHS BUILD SECURITY IN BEST PRACTICES CLOUD COMPUTING BEST PRACTICES NIST SECURITY RESEARCH AND GUIDELINES WIKIPEDIA STANDARDS REFERENCES U.S CERT SECURITY PUBLICATIONS HOME INDEX NEXT SLIDE PREVIOUS SLIDE

POLICY AND RESEARCH INSTITUTE ACADEMIC CENTERS CARNEGIE MELLON CYLAB STANFORD UNIVERSITY CYBERSECURITY CENTER GEORGE WASHINGTON CYBER SECURITY POLICY AND RESEARCH INSTITUTE UNIVERSITY OF TEXAS SAN ANTONIO INSTITUTE FOR CYBER SECURITY (ICS) CYBER WATCH CONSORTUIM UNIVERSITY OF CALIFORNIA BERKELEY DETER TESTBED PROJECT UNIVERSITY OF MARYLAND CYBERSECURITY CENTER GEORGIA TECH INFORMATION SECURITY CENTER HOME INDEX NEXT SLIDE PREVIOUS SLIDE

SELF-HELP AND AWARENESS BADWARE BUSTERS STAY SAFE ONLINE GET CYBER SAFE ABOUT.COM ANTI-VIRUS SOFTWARE U.S CHAMBER SECURITY ESSENTIALS FOR BUSINESS ALL ABOUT COOKIES TEN WAYS TO IMPROVE COMPUTER SECURITY MICROSOFT MALWARE PROTECTION CENTER HOME INDEX NEXT SLIDE PREVIOUS SLIDE

INDEX A B A - B C D - E F - I L - R S - U V - W HOME INDEX NEXT SLIDE Acknowledgements 55 Academic 44 47 Akamai 9 10 Amazon 9 10 Application Developers 10 Arbor Networks 45 AT&T 9 10 43 B Backbone Providers 9 Badware Busters 48 Basic Security Concepts 12 Best Practices 12 34 44 46 Blueprint for a Secure Cyber Future 26 Botnet 14 16 17 28 38 A - B PAGE 1 OF 7 C PAGE 2 OF 7 D - E PAGE 3 OF 7 F - I PAGE 4 OF 7 L - R PAGE 5 OF 7 S - U PAGE 6 OF 7 V - W PAGE 7 OF 7 HOME INDEX NEXT SLIDE PREVIOUS SLIDE

INDEX C A - B C D - E F - I L - R S - U V - W HOME INDEX NEXT SLIDE Carnegie Mellon CYLAB 47 CenturyLink 9 10 43 CERT 13 16 24 45 46 Cloud Computing 10 30 46 Comcast 9 10 Communications Sector Coordinating Council (CSCC) 16 Communications Security, Reliability and Interoperability Council (CSRIC) 16 34 35 Comprehensive National Cybersecurity Initiative (CNCI) 16 18 Congress 6 16 38 39 Content Delivery Providers 9 Crime 13 24 31 32 33 36 Critical Infrastructure Partnership Advisory Council (CIPAC) 22 CSRIC 16 34 35 Cyber Policy Ecosystem 15 Cybersecurity (defined) 12 Cyberspace (described) 8 A - B PAGE 1 OF 7 C PAGE 2 OF 7 D - E PAGE 3 OF 7 F - I PAGE 4 OF 7 L - R PAGE 5 OF 7 S - U PAGE 6 OF 7 V - W PAGE 7 OF 7 HOME INDEX NEXT SLIDE PREVIOUS SLIDE

INDEX A - B C D - E F - I L - R S - U V - W HOME INDEX NEXT SLIDE Dashboards 45 Department of Commerce 6 28 29 30 Department of Defense 6 16 36 37 Department of Homeland Security 5 21 22 23 24 25 27 35 41 Department of Justice 6 31 32 33 DHS Cyber Education/Awareness 21 25 DHS Cybersecurity Overview 21 DHS Key Offices & Programs 21 23 24 DHS Office of Cybersecurity & Communications (CS&C) 16 23 DHS Operations 21 24 DOD Cyber Crime Center 36 DOJ Cyber Programs 21 23 24 DownRightNow.com 45 E eBay 9 10 E-Commerce Providers 9 10 Education & Awareness 25 29 A - B PAGE 1 OF 7 C PAGE 2 OF 7 D - E PAGE 3 OF 7 F - I PAGE 4 OF 7 L - R PAGE 5 OF 7 S - U PAGE 6 OF 7 V - W PAGE 7 OF 7 HOME INDEX NEXT SLIDE PREVIOUS SLIDE

F INDEX I A - B C D - E F - I L - R S - U V - W HOME INDEX NEXT SLIDE Facebook 9 10 FairPoint 9 10 43 FBI Cyber Overview 31 FCC Cyber Security Overview 34 Federal Communications Commission (FCC) 34 35 G GAO 39 Get Cyber Safe 48 Global Backbone Providers 9 Glossary of Key Information Security Terms 30 Google 9 10 I Industrial Control Systems (ICS) CERT 24 Industry Botnet Group 17 International Strategy for Cyberspace 7 12 42 Internet Policy Task Force (NTIA) 24 Internet Service Providers 9 IPv6 28 A - B PAGE 1 OF 7 C PAGE 2 OF 7 D - E PAGE 3 OF 7 F - I PAGE 4 OF 7 L - R PAGE 5 OF 7 S - U PAGE 6 OF 7 V - W PAGE 7 OF 7 HOME INDEX NEXT SLIDE PREVIOUS SLIDE

INDEX L - M N A - B C D - E F - I L - R S - U V - W HOME INDEX Laws 39 40 Legal Issues 39 Legislation 38 Level 3 9 10 Microsoft 9 10 N National Cyber Awareness System 23 National Cyber Incident Response Plan (NCIRP) 23 National Cybersecurity Communications Integration Center (NCCIC) 24 National Initiative for Cybersecurity Education (NICE) 18 28 National Strategy for Trusted Identities (NSTIC) 18 NTIA Cyber Security Initiatives 28 NTT Communications 42 O - R Office of Science & Technology Policy (OSTP) 16 19 Operating System Developers 9 10 Partnerships 5 16 17 21 22 32 Real-Time Dashboards 45 A - B PAGE 1 OF 7 C PAGE 2 OF 7 D - E PAGE 3 OF 7 F - I PAGE 4 OF 7 L - R PAGE 5 OF 7 S - U PAGE 6 OF 7 V - W PAGE 7 OF 7 HOME INDEX NEXT SLIDE PREVIOUS SLIDE

INDEX S A - B C D - E F - I L - R S - U V - W HOME INDEX NEXT SLIDE SANS Internet Storm Center 45 Search Service Providers 10 Self-Help 44 48 Situational Awareness 44 45 Small Business 29 35 Smart Grid 29 Social Network Services 10 Sprint 9 10 Standards 7 16 29 42 46 Stay Safe Online 48 Symantec 9 10 T - U Training & Exercises 21 25 32 U.S. CERT 13 16 24 45 46 U.S. CERT Current Activity 45 U.S. Chamber Security Essentials for Business 48 University of California Berkeley DETER Testbed Project 47 University of Maryland Cybersecurity Center 47 A - B PAGE 1 OF 7 C PAGE 2 OF 7 D - E PAGE 3 OF 7 F - I PAGE 4 OF 7 L - R PAGE 5 OF 7 S - U PAGE 6 OF 7 V - W PAGE 7 OF 7 HOME INDEX NEXT SLIDE PREVIOUS SLIDE

INDEX W A - B C D - E F - I L - R S - U V - W HOME INDEX NEXT SLIDE Verizon 9 10 43 W White House 5 15 16 18 19 20 White House Cybersecurity Overview 18 White House Key Cyber Offices/Programs 19 White House Cyberpace Policy Review 18 20 White House Reports & Publications 20 A - B PAGE 1 OF 7 C PAGE 2 OF 7 D - E PAGE 3 OF 7 F - I PAGE 4 OF 7 L - R PAGE 5 OF 7 S - U PAGE 6 OF 7 V - W PAGE 7 OF 7 HOME INDEX NEXT SLIDE PREVIOUS SLIDE

ACKNOWLEGEMENTS AND CONTACTS This toolkit was made possible with the input of many individuals in the cybersecurity stakeholder community. Special thanks go to the following government organizations for their generous advice and assistance throughout the development of the USTelecom Cybersecurity Toolkit: The developers want to particularly thank our USTelecom interns who supported us with their research, creativity, and inspiring passion for learning. Department of Commerce Department of Defense Department of Justice Department of Homeland Security Federal Communications Commission The White House Oliver Eisler David Feenstra Rachel Kellerman Elizabeth Tauke Robert H. Mayer USTelecom Vice President of Industry and State Affairs Bus: (202) 326-7221 E-mail: rmayer@ustelecom.org Anthony V. Jones USTelecom Director of Critical Infrastructure Bus: (202) 326-7277 E-mail: ajones@ustelecom.org HOME INDEX NEXT SLIDE PREVIOUS SLIDE