South Carolina Cyber.

Slides:



Advertisements
Similar presentations
The U.S. Merchant Marine and America’s Maritime Security
Advertisements

Philippine Cybercrime Efforts
AFCEA DC Cyber Security Symposium Military Joint Cyber Command Panel Harry Raduege Lieutenant General, USAF (Ret) Chairman, Center for Network Innovation.
Homeland Security at the FCC July 10, FCCs Homeland Security Focus Interagency Partnerships Industry Partnerships Infrastructure Protection Communications.
The Military Challenge of Cyber AOC Talk on Cyber, EW and IO Dr Gary Waters, 17 April 2012.
David A. Brown Chief Information Security Officer State of Ohio
Cyber and Maritime Infrastructure
National Infrastructure Protection Plan
Brian Connett, LCDR, USN US NAVAL ACADEMY
CYBERSPACE A Global War-fighting Domain Every minute of every day, Airmen in the United States Air Force are flying and fighting in cyberspace.
The U.S. Coast Guard’s Role in Cybersecurity
Cyber Security R&D Challenges: A Homeland Security Perspective Simon Szykman, Ph.D. Director, Cyber Security R&D
DHS, National Cyber Security Division Overview
Internet as a Military-Free Zone: The Kaspersky Vision Eugene Kaspersky Chairman & CEO, Kaspersky Lab.
CIAO July Critical Infrastructure Assurance Office Protecting America’s Cyberspace: Version 1.0 of the National Plan Jeffrey Hunker National.
National Space-Based Positioning, Navigation, and Timing (PNT) Federal Advisory Board DHS Challenges & Opportunities Captain Curtis Dubay, P.E. Department.
SECR 5140-FL Critical Infrastructure Protection Dr. Barry S. Hess Spring 2 Semester Week 3: 1 April 2006.
June 9, 2003 Updated July 2004 Slide 1 Critical Infrastructure Assurance: The US Experience.
AFCEA State of Combat Comm Advancing Warfighter Capabilities in, through and from Cyberspace.
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.
US-CERT National Cyber Security Division/ U.S. Computer Emergency Readiness Team (US-CERT) Overview Lawrence Hale Deputy Director, US-CERT.
Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 DRAFT.
Seán Paul McGurk National Cybersecurity and Communications
Network Security Resources from the Department of Homeland Security National Cyber Security Division.
Isdefe ISXXXX XX Your best ally Panel: Future scenarios for European critical infrastructures protection Carlos Martí Sempere. Essen.
FBI’s InfraGard.
BOTSWANA NATIONAL CYBER SECURITY STRATEGY PROJECT
Copyright © 20XX Raytheon Company. All rights reserved. Fostering Indiana Technology Engaging In Long Term Partnerships Tim Morris
Critical Infrastructures CJ416 Unit 7 Seminar Eric Salvador.
Introduction to the National Cybersecurity & Communications Integration Center (NCCIC) “A Partnership for Strength” 1.
Association of Defense Communities June 23, 2015
International Cyber Warfare and Security Conference Cyber Defence Germany's Analysis of Global Threats 19th November 2013, Ankara.
Critical Infrastructure Protection Overview Building a safer, more secure, more resilient America The National Infrastructure Protection Plan, released.
Information Sharing Challenges, Trends and Opportunities
“Collaborating On Cyberspace in San Diego” CAPT Mark Kohlheim, Commanding Officer 06 OCT 09 Information.. a weapon and a target! Distribution A: Approved.
EECS 710: Information Security and Assurance Assignment #3 Brent Frye 10/13/
1 State Homeland Security: Priorities and Funding R. Chris McIlroy Homeland Security and Technology Division National Governors Association.
InfraGard A Government and Private Sector Alliance Information sharing begins with human relationships – people talking with people whom they trust. Information.
Mission: NCSA’s mission is to educate and therefore empower a digital society to use the Internet safely and securely at home, work, and school, protecting.
International Telecommunication Union Geneva, 9(pm)-10 February 2009 BEST PRACTICES FOR ORGANIZING NATIONAL CYBERSECURITY EFFORTS James Ennis US Department.
The Challenging Landscape of Critical Information Infrastructure: Are We Ready? Leonard Bailey Senior Counsel Computer Crime & Intellectual Property Section.
Ms. Sandra Stanar-Johnson
Created by: Ashley Spivey For Department of Homeland Security All information from:
What is “national security”?  No longer defined only by threat of arms  It really is the economy  Infrastructure not controlled by the government.
UNCLASSIFIED Homeland Security Introduction to the National Cybersecurity & Communications Integration Center (NCCIC) “A Partnership for Strength” 1.
UNCLASSIFIED 1 National Security in Cyberspace: It Takes a Nation Sandra Stanar-Johnson NSA/CSS Representative to the Department of Homeland Security February.
Latest Strategies for IT Security Margaret Myers Principal Director, Deputy CIO United States Department of Defense North American Day 2006.
US CYBER COMMAND The overall classification of this brief is: UNCLASSIFIED 1 Perspectives from the Command to APEX LtGen Robert E. Schmidle USMC Deputy.
CNCI-SCRM STANDARDIZATION Discussion Globalization Task Force OASD-NII / DoD CIO Unclassified / FOUO.
1 AFCOM Data Center World March 15, 2016 Moderator: Donna Jacobs, MBA Panel: Greg Hartley Bill Kiss Adam Ringle, MBA ITM 9.2 The New Security Challenge:
Coast Guard Cyber Command
How to Make Cyber Threat Intelligence Actionable
BY: AUSTIN NEIGH. WHAT IS CYBER WARFARE? Hacking that is politically motivated to conduct sabotage or espionage Form of information warfare Typically.
Citizen Corps Volunteer for America “Engaging Citizens In Homeland Security”
UNCLASSIFIED Homeland Security 2016 TRB Annual Meeting Cyber Risk Management CAPT Verne Gifford (CG-5PC) 1.
Colonel Chaipun Nilvises Deputy Director, Office of ASEAN Affairs Office of Policy and Planning Ministry of Defence of Thailand.
Broadband Challenges 2017 Christopher Tamarin
Washington DC – Mar 16, 2017 DL Name(s)
DoD Cyberspace Workforce Definitions
Information Technology Sector
DISA Global Operations
California Cybersecurity Integration Center (Cal-CSIC)
United States Coast Guard
2017 New York State Cybersecurity Conference
8 Building Blocks of National Cyber Strategies
By: Tekeste Berhan Habtu Chief Executive Officer Venue: African Union
DoD Cyberspace Workforce Definitions
Unit 5- IS 800 Introduction to the National Response Framework
THE CYBER LANDSCAPE UNCLASSIFIED CROSS DOMAIN NETWORK & INFO SHARING
Role of US Security and Intelligence Agencies
Presentation transcript:

South Carolina Cyber

675 265 13 Nature of Cyberspace PETABYTES BILLION MILLION OF INTERNET TRAFFIC PER DAY (2011); GROWING 60% PER YEAR 265 EMAILS PER DAY 13 HOURS OF VOIP PER DAY PETABYTES BILLION MILLION Cyberspace: (DoD) “A global domain within the information environment consisting of the interdependent network of information technology infrastructures and resident data, including the internet, telecommunications networks, computer systems, and embedded processors and controllers.” Source: Joint Pub 3-12 However… Manmade domain/ever changing/privately owned Virtual Programming code and protocols define rules of the domain Environment/TTPs evolve at net speed The official definition of cyberspace defines cyberspace as the fifth battlefield domain in addition to land, air, sea and space. The official definition is very focused on information infrastructure and does not capture the characteristics of this logical domain which make it different from the four physical domains. Unlike the natural domains, the cyber domain is manmade. With its roots in DoD’s Advanced Research Projects Agency Network (ARPANET), which was a limited network of known, trusted users, cyberspace has now grown to a vast network with billions of users (2.26B as of December 2011), most of which are unknown and not trusted—and this domain continues to evolve. From the beginning of ARPANET, virtual connectivity and openness in the programming code and protocols defined the rules of the domain and took precedence in system design over data integrity and security. These characteristics remain inherent in today’s network technology, which leave us vulnerable to potentially crippling attacks. [ref. DoD Strategy for Operating in Cyberspace, May 2011] Given the rapidly evolving nature of this environment, success in the cyber domain requires us to be smarter, more creative, faster and stealthier than our adversaries operating in cyberspace. Success in this domain means being smarter, more creative, faster, and stealthier than our opponent. 1/28/2013 4:37 PM

Environment: Exponential Rate of Change Predecisional Draft UNCLASSIFIED Environment: Exponential Rate of Change 6.4 Billion 2012 1 Billion Users, 2012 Library of Congress = 10 Terabytes 34% 2010 At best transmission line speed: 1998 = 16.5 days 2013 = .00008 seconds 634 Million 5.3 Billion Billion 5 2008 28% 255 Million Billion 4 Facebook Launch, 2004 2000 2.3 Billion 20% 740 Million 187 Million (U) The Internet – it’s users, data speeds, repositories, connected devices, etc. – continues to grow at a tremendous rate. Innovative people are coming up with new devices to connect to the Internet, and new ways to combine and understand the data that resides there. (U) Questions to discuss: What do you use to connect to the Internet? Have your habits or behaviors changed as the Internet has grown? Do you have any devices that connect without action on your part (car, smartmeter, console game system, fridge)? (U) Source: http://royal.pingdom.com/2013/01/16/internet-2012-in-numbers/ (U) Source cell data: http://www.itu.int Worldwide cell subscribers 5% 758 Million World population on the Internet 15.6 Million 10 Billion Mobile Devices Projected by 2016 (1.4 per person on the planet) 42 Million Number of websites Transistors per microchip UNCLASSIFIED

THREAT ACTORS THREAT ACTORS THREAT VECTORS FOREIGN INTELLIGENCE Supply Chain Vulnerability Negligent Users HACKTIVISTS Wireless Access Points CRIMINAL ELEMENTS There are threats in cyberspace everywhere- but they are not all nation states. Certainly nation states are a threat, but so are non-nation states, hacktivists like Lulzsec and Anonymous, Criminal Elements like Russia’s FSB and terrorist organization. There are also those that work a cyber job legally by day, and moonlight at night when they are home. And the threat comes in through many vectors, the biggest one may be the negligent user. Operation Buckshot Yankee, where we found foreign malware on DoD’s Secret network, Siprnet. And we thought- someone is putting malware on our systems. But it ended up that it was our poor hygiene. The malware got there because a service member who placed a thumb drive in an unclassified machine, the thumb drive was infected, and then they transferred it to the Secret machine. So the result was to stop allowing the use of thumb drives, (the Navy even put glue in the USB ports for a while), stop allowing data transfers without a lot of pain. And the government realized that there was really no organization that could deal with this mass infection. Thus, Operation Buckshot Yankee ensured, and was a major catalyst for the formation of USCYBERCOM. CYBERCOM has a joke- if we sent an e-mail with a message that said “don’t open the attachment, it’s bad”, someone would still open it. We can be our own worst threat. Removable media TERRORIST ACTS Insider Threats

A Disturbing Trend The Threat is Evolving Exploitation Disruption Destruction Many leaders believe our networks are secure, or that adversaries do not have the capability – or the intent – to cause dangerous effects in cyberspace.   This disturbing trend has to be dispelled for the U.S. to realistically move forward to address our current and future national security objectives. Over the past two decades, the DoD has observed a disturbing trend by adversaries in the cyber domain – from exploitation to disruption, and the next logical step, destruction. Let me explain in more detail. As an example…China, one of many, is suspected of being behind an extensive long-standing campaign to acquire advanced U.S. military technologies [F-35]. Experts estimate that 79% of software in China is pirated – that billions of dollars in proprietary property lost [Sans Institute]. Symantec just reported 75% of Internet users have been the victims of cyber crime [Symantec]. 75%!!! If you have not been victimized, you are in the minority. In August 2008, the global media reported that significant and effective cyber Distributed Denial of Service (DDOS) attacks were synchronized with Russian air and ground offensives into South Ossetia. Who was behind the DDOS attacks? EVERYONE. Suspected Russian hackers appealed (and provided the mechanism) to the global community to launch a “cyber riot” that effectively cut off government communications to its citizenry during a crisis. [ref. New York Times] Other countries that have been the victims of disruptive effects include Latvia, Lithuania, and Estonia. Some of this cyber activity was described as “cyber rioting” or “crowdsourcing” – tapping into the global hacker community for loosely marshaling and massing forces. These types of “piling-on” cyber effects against “targets of opportunity” cause great concern for us. Sept 2012: large financial institutions hit by DDOS attacks [SECDEF Bens speech Oct 12, 2012] Examples: JP Morgan Chase, Citigroup, Bank of America, Wells Fargo, PNC, US Bancorp; also NY stock exchange [zdnet oct 2012] The websites were flooded with traffic on volume and scale 10 to 20 times greater than typical DOS attack [crowdstrike] The next logical step is DESTRUCTIVE capability via networks. The Sayano–Shushenskaya (Sa-yan-o Shush-en-sky-a) hydroelectric power station is Russia’s largest hydroelectric dam and the 6th largest in the world. On 17 August 2009, via a SCADA (Supervisory Control and Data Acquisition) network, an operator in the Central Dispatch Department remotely placed a turbine online to provide additional power to the Moscow power grid. He didn’t realize the turbine was at its end-of-life and had been plagued with poor maintenance. The turbine catastrophically failed causing the death of 75 workers and the destruction of the power production facility (not the dam). Recent Destructive attack example: August 2012 – Shamoon infected more than 30,000 computers in Saudi Arabia’s Aramco [SECDEF Bens speech Oct 2012] Just days later, a similar attack on Ras Gas of Qatar[SECDEF Bens speech Oct 2012]. These attacks are deemed as destructive because the virus actually wiped clean operating systems the companies lost all personnel, financial and maintenance records. Imagine that happening to any company in the United States. ------------------------------------- Ref: 2008 Cyber Attacks in South Ossetia. Markoff, John (13 August 2008). "Before the Gunfire, Cyberattacks". The New York Times. The Joint Strike Fighter, also known as the F-35 Lightning II, is the costliest and most technically challenging weapons program the Pentagon has ever attempted. The plane, led by Lockheed Martin Corp., relies on 7.5 million lines of computer code, which the Government Accountability Office said is more than triple the amount used in the current top Air Force fighter. Ref: F-35. Wall Street Journal, “Computer Spies Breach Fighter-Jet Project”, April 21, 2009 Six current and former officials familiar with the matter confirmed that the fighter program had been repeatedly broken into. The Air Force has launched an investigation. Summary:  The 17 August 2009 Sayano–Shushenskaya hydroelectric power station accident occurred when an operator at the Central Dispatch Department (main control center) remotely increased power supply from the hydroelectric station after a fire in a different electrical supply station caused a drop in the power supply to the main power grid.  The hydroelectric power station violently broke apart causing catastrophic destruction of the power plant. Nine of 10 turbines were damaged or destroyed and 75 people were killed. The plant’s entire output (6,400 MW – a significant portion of the supply to the local grid) was lost, leading to widespread power failure in the local area[i]. Background:  The Russian Power Grid is the world's largest highly automated power distribution infrastructure. The entire Russian electrical power infrastructure is managed through a single Central Dispatch Department of the Unified Energy System (UES) of Russia. This automated system involves modern networked systems, which are remotely controlled and operated[ii]. i Ref: Reuters, 17 August 2009. ii Unified Energy System (UES) of Russia, 1997 Annual Report (Publically Traded Company). [i] Ref: Reuters, 17 August 2009. [ii] Unified Energy System (UES) of Russia, 1997 Annual Report (Publically Traded Company).

5 Key Challenges in Cyber USCYBERCOM Mission Defend the Nation CCMD Support GIG Ops and Defense Ends Command & Control Authorities, ROE, Policy Ways & Key Challenges Trained & Ready Situational Awareness Defensible Architecture This is the Cliff Notes version of the 5 challenges. 1. Defensible Architecture: DoD has 15,000 networks, except that we apparently didn’t graduate from the 1st grade, we can’t count. We might have 16,000 or 17,000. This is inherently indefensible. There are two major initiatives to help: DoD’s Joint Information Environment and the Intelligence Community’s IT Efficiencies. Both use cloud computing and thin clients to reduce the number of networks we have. We won’t ever get down to 1 network, but we need to make this more defensible. 2. Operational Construct: We want to move from CSE’s to a Joint Cyber Component Commander or JCCC, supporting the Combatant Commands. Right now, CCMDs have an air, maritime, land a special operations component commander and we think they should have the same in cyber. 3. Global Situational Awareness: We talked about that we need to “see” in order to defend. Right now, we all have different ways of viewing our data. Not just NSA and USCYBERCOM, but across the government and industry. DoD doesn’t have all the cyber sensors. We need to be able to get the data that others see, in near real time, and display it on a common system. We may not need a Common Operator Picture- the CDR USCYBERCOM and the Captain of Navy destroyer may need to see different things- (so we like to say we need a User Defined Operating Picture) but we do need to make sure that if two different people ask for the same data- they are getting a consistent answer. GEN Alexander would like to see cyber legislation passed that supports information sharing in near real time. 4. Authorities to Act: GEN A believed is it CYBERCOM’s implied mission to Defend the Nation in cyberspace. To do so, we must protect our Critical Infrastructure and Key Resources, or CIKR. Today this list is broadly defined and includes finance, energy, and defense. So, the Bank of America, which 55% of Americans have some financial transaction with, probably makes the list- but what about your community bank? The largest complaint against protecting CIKR is that CYBERCOM is going to militarize cyberspace and that we will invade individual civil liberties. CYBERCOM is advocating that the Government provide computer defense information that ISPs can use to protect CIKR companies and organizations that volunteer for the protection. CYBERCOM is no more reading someone’s mail than the anti-virus software on your home computer is reading the word document you are working on. 5. Trained and Ready Forces: The is the long pole in the tent. If 10,000 people showed up at CYBERCOM’s door tomorrow, it wouldn’t do us much good without a codified training standard. We have to have individual, team and staff training standards to prove that we can do our job. Materiel, Technology, Facilities, Engagement Means 1/28/2013 4:37 PM

U.S. Federal Cybersecurity Operations Team UNCLASSIFIED U.S. Federal Cybersecurity Operations Team National Roles and Responsibilities AGREED March 5, 2013 * DOJ/FBI DHS DoD Investigate, attribute, disrupt and prosecute cyber crimes Lead domestic national security operations Conduct domestic collection, analysis, and dissemination of cyber threat intelligence Support the national protection, prevention, mitigation of, and recovery from cyber incidents Coordinate cyber threat investigations Coordinate the national protection, prevention, mitigation of, and recovery from cyber incidents Disseminate domestic cyber threat and vulnerability analysis Protect critical infrastructure Secure federal civilian systems Investigate cyber crimes under DHS’s jurisdiction Defend the nation from attack Gather foreign cyber threat intelligence and determine attribution Secure national security and military systems Support the national protection, prevention, mitigation of, and recovery from cyber incidents Investigate cyber crimes under military jurisdiction US Government Departments and Agencies DHS LEAD FOR Protection NPPD, USSS, ICE DoD LEAD FOR National Defense USCYBERCOM, NSA, DISA, DC3 DOJ/FBI LEAD FOR Investigation and Enforcement FBI, NSD, CRM, USAO INTELLIGENCE COMMUNITY: Cyber Threat Intelligence & Attribution SHARED SITUATIONAL AWARENESS ENABLING INTEGRATED OPERATIONAL ACTIONS PROTECT | PREVENT | MITIGATE | RESPOND | RECOVER Global Cyberspace Coordinate with Public, Private, and International Partners * Note: Nothing in this chart alters existing DOJ, DHS, and DoD roles, responsibilities, or authorities

Partnerships: Team Cyber & International engagements Network Vulnerabilities Are Not Solely a US Problem Shared Situational Awareness Agile Tipping and Cueing Integrated Defensive & Offensive Capabilities Synchronized Command & Control SUGGESTED SCRIPT: To successfully operate in cyberspace, CYBERCOM works closely with NSA’s and other partners in the intelligence community, such as CIA and DIA; military community, including the service components; federal civilian community, such as the Departments of Homeland Security and Justice; foreign governments, particularly our Five Eyes allies; and industry partners. These relationships are crucial for Team Cyber to be successful. 1/28/2013 4:37 PM 1/28/2013 4:37 PM 10

Cyber Partnering Framework

What other proactive partners are doing

Government Industry Academia Cyber South Carolina

Cyber South Carolina Cyber Protection and Awareness Cyber Relevance Leverages Economic Engagement and Opportunity Synergy of Effort and Capabilities Between Government/Industry/Academia

South Carolina Cyber Partners Russian Gang Said to Amass More Than a Billion Stolen Internet Credentials Aug 2014 Government Academia Industry South Carolina Cyber Partners The Cyber solution

Questions?