Presentation is loading. Please wait.

Presentation is loading. Please wait.

Washington DC – Mar 16, 2017 DL Name(s)

Published byRosanna McLaughlin Modified over 6 years ago

Similar presentations

Presentation on theme: "Washington DC – Mar 16, 2017 DL Name(s)"— Presentation transcript:

1 Washington DC – Mar 16, 2017 DL Name(s)
Michael Chipley PhD GISCP PMP LEED AP DL Title(s) and Bio(s) President, The PMC Group LLC Discussion Title DHS National Cybersecurity and Communications Integration Center Discussion Summary Michael will give an overview of the NCCIC and ICS-CERT, Incident Reporting, Alerts and Advisories, NVD and CVE’s, ICS-CERT JWG and Newsletter, Training, and CSET

2 PLATINUM GOLD SILVER/ CHAPTER
The Energy and Water Program covers a wide array of technologies that are applicable to use and management of energy and water on military installations. The technologies are organized in three main areas of focus. The first is “Smart and Secure Installation Energy Management”, which includes…, the Second is Efficient Integrated Buildings and Components, which includes…tech and tools that…and the Third is “Distributed Generation”, which includes renewables, waste heat recovery and CHP. SILVER/ CHAPTER

3 NCCIC and ICS-CERT Overview
The Department of Homeland Security is responsible for protecting our Nation's critical infrastructure from physical and cyber threats. Cyberspace enables businesses and government to operate, facilitates emergency preparedness communications, and enables critical control systems processes. Protecting these systems is essential to the resilience and reliability of the Nation's critical infrastructure and key resources and to our economic and national security. The NCCIC serves as a central location where a diverse set of partners involved in cybersecurity and communications protection coordinate and synchronize their efforts. NCCIC's partners include other government agencies, the private sector, and international entities. Working closely with its partners, NCCIC analyzes cybersecurity and communications information, shares timely and actionable information, and coordinates response, mitigation and recovery efforts. ICS-CERT reduces risk to the nation's critical infrastructure by strengthening control systems security through public-private partnerships. ICS-CERT has four focus areas: situational awareness for CIKR stakeholders; control systems incident response and technical analysis; control systems vulnerability coordination; and strengthening cybersecurity partnerships with government departments and agencies.

4 National Cybersecurity and Communications Integration Center
The Energy and Water Program covers a wide array of technologies that are applicable to use and management of energy and water on military installations. The technologies are organized in three main areas of focus. The first is “Smart and Secure Installation Energy Management”, which includes…, the Second is Efficient Integrated Buildings and Components, which includes…tech and tools that…and the Third is “Distributed Generation”, which includes renewables, waste heat recovery and CHP.

5 NCCIC Organization Chart
ESTCP is DoD’s environmental technology demonstration and validation program. The Program was established in 1995 to promote the transfer of innovative technologies that improve DoD’s environmental performance, reduce operational costs and enhance and sustain mission capabilities. ESTCP funds demonstration projects to validate technology cost and performance with the ultimate goal to transition successful technology to implementation and regulatory acceptance.

6 NCCIC Reporting Options and Subscribing to Alerts
The Energy and Water Program covers a wide array of technologies that are applicable to use and management of energy and water on military installations. The technologies are organized in three main areas of focus. The first is “Smart and Secure Installation Energy Management”, which includes…, the Second is Efficient Integrated Buildings and Components, which includes…tech and tools that…and the Third is “Distributed Generation”, which includes renewables, waste heat recovery and CHP.

7 NCCIC Revised Federal Incident Notification Guidelines Apr 2017
The Energy and Water Program covers a wide array of technologies that are applicable to use and management of energy and water on military installations. The technologies are organized in three main areas of focus. The first is “Smart and Secure Installation Energy Management”, which includes…, the Second is Efficient Integrated Buildings and Components, which includes…tech and tools that…and the Third is “Distributed Generation”, which includes renewables, waste heat recovery and CHP.

8 NCCIC Revised Federal Incident Notification Guidelines Apr 2017
These guidelines support US-CERT in executing its mission objectives and provide the following benefits: Greater quality of information – Alignment with incident reporting and handling guidance from NIST Revision 2 to introduce functional, informational, and recoverability impact classifications, allowing US-CERT to better recognize significant incidents. Improved information sharing and situational awareness – Establishing a one-hour notification time frame for all incidents to improve US-CERT’s ability to understand cybersecurity events affecting the government. Faster incident response times – Moving cause analysis to the closing phase of the incident handling process to expedite initial notification. Table of Contents Notification Requirement Submitting Incident Notifications Impact and Severity Assessment Major Incidents Impact Category Descriptions Attack Vectors Attack Vectors Taxonomy Incident Attributes The Energy and Water Program covers a wide array of technologies that are applicable to use and management of energy and water on military installations. The technologies are organized in three main areas of focus. The first is “Smart and Secure Installation Energy Management”, which includes…, the Second is Efficient Integrated Buildings and Components, which includes…tech and tools that…and the Third is “Distributed Generation”, which includes renewables, waste heat recovery and CHP.

9 NCCIC Revised Federal Incident Notification Guidelines Apr 2017
The Energy and Water Program covers a wide array of technologies that are applicable to use and management of energy and water on military installations. The technologies are organized in three main areas of focus. The first is “Smart and Secure Installation Energy Management”, which includes…, the Second is Efficient Integrated Buildings and Components, which includes…tech and tools that…and the Third is “Distributed Generation”, which includes renewables, waste heat recovery and CHP.

10 NCCIC Report Incidents
The Energy and Water Program covers a wide array of technologies that are applicable to use and management of energy and water on military installations. The technologies are organized in three main areas of focus. The first is “Smart and Secure Installation Energy Management”, which includes…, the Second is Efficient Integrated Buildings and Components, which includes…tech and tools that…and the Third is “Distributed Generation”, which includes renewables, waste heat recovery and CHP.

11 ICS-CERT Alerts

12 ICS-CERT Advisories

13 ICS-CERT Advisories VULNERABILITY OVERVIEW
CREDENTIALS MANAGEMENT CWE-255 Tableau Server is embedded within the Schneider Electric Wonderware Intelligence software and contains a system account that is installed by default. The default system account is difficult to modify to use non-default credentials after installation and changing the default credentials in the embedded Tableau Server is not documented. As such, Schneider Electric has released a new software version that removes the default system account in the embedded Tableau Server. If Tableau Server is used with Windows integrated security (Active Directory), the software is not vulnerable. However, when Tableau Server is used with local authentication mode, the software is vulnerable. The default system account could be used to gain unauthorized access. CVE has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

14 National Vulnerability Database

15 ICS-CERT

16 CVSS Calculator Score

17 ICSJWG Meetings

18 ICSJWG Newsletter

19 ICS-CERT Standards and References

20 ICS-CERT Training Hands-On Format - Technical Level
ICS Cybersecurity (301) - 5 days This event will provide hands-on training in discovering who and what is on the network, identifying vulnerabilities, learning how those vulnerabilities may be exploited, and learning defensive and mitigation strategies for control system networks. The week includes a Red Team / Blue Team exercise that takes place within an actual control systems environment. The training provides the opportunity to network and collaborate with other colleagues involved in operating and protecting control system networks. Note that this course is not a deep dive into training on specific tools, control system protocols, control system vulnerability details or exploits against control system devices. This event consists of industrial control systems cybersecurity training and a Red Team / Blue Team exercise: Day 1 - Welcome, overview of the DHS Control Systems Security Program, a brief review of cybersecurity for Industrial Control Systems, a demonstration showing how a control system can be attacked from the internet, and hands-on classroom training on Network Discovery techniques and practices. Day 2 - Hands-On classroom training on Network Discovery, using Metasploit, and separating into Red and Blue Teams. Day 3 - Hands-On classroom training on Network Exploitation, Network Defense techniques and practices, and Red and Blue Team strategy meetings. Day hour exercise where participants are either attacking (Red Team) or defending (Blue Team). The Blue Team is tasked with providing the cyber defense for a corporate environment, and with maintaining operations to a batch mixing plant, and an electrical distribution SCADA system. Day 5 - Red Team/Blue Team exercise lessons learned and round-table discussion.

21 ICS-CERT Assessments

22 ICS-CERT 2015

23 ICS-CERT Assessments 2015 Top 20

24 ICS-CERT CSET

25 CSET Process

26 CSET Visio and GrassMarlin Import
CSET has a very robust network diagramming and inventory capability, additional templates added with each new release

27 CSET Site Cyber Secuirty Plan
Generated using NIST SP R4 and NIST SP R2 Security Controls

28 Contact Michael Chipley The PMC Group LLC

29 THANK YOU CS2AI Confidential

Download ppt "Washington DC – Mar 16, 2017 DL Name(s)"

Similar presentations

Homeland Security at the FCC July 10, 2003. FCCs Homeland Security Focus Interagency Partnerships Industry Partnerships Infrastructure Protection Communications.

Homeland Security at the FCC July 10, FCCs Homeland Security Focus Interagency Partnerships Industry Partnerships Infrastructure Protection Communications.
Idaho Critical Infrastructure and Key Resources Protection Program and Fusion Center Brief.

Idaho Critical Infrastructure and Key Resources Protection Program and Fusion Center Brief.
1 Pipeline Security Presented to: Pipeline Safety Trust New Orleans, Louisiana November 5, 2010.

1 Pipeline Security Presented to: Pipeline Safety Trust New Orleans, Louisiana November 5, 2010.
BENEFITS OF SUCCESSFUL IT MODERNIZATION

BENEFITS OF SUCCESSFUL IT MODERNIZATION
Unit 1: Introductions and Course Overview Administrative Information  Daily schedule  Restroom locations  Breaks and lunch  Emergency exit routes 

Unit 1: Introductions and Course Overview Administrative Information  Daily schedule  Restroom locations  Breaks and lunch  Emergency exit routes 
David A. Brown Chief Information Security Officer State of Ohio

David A. Brown Chief Information Security Officer State of Ohio
National Infrastructure Protection Plan

National Infrastructure Protection Plan
Cyber Security and the Smart Grid George W. Arnold, Eng.Sc.D. National Institute of Standards and Technology (NIST) U.S. Department of Commerce

Cyber Security and the Smart Grid George W. Arnold, Eng.Sc.D. National Institute of Standards and Technology (NIST) U.S. Department of Commerce
DHS, National Cyber Security Division Overview

DHS, National Cyber Security Division Overview
National Protection and Programs Directorate Department of Homeland Security The Office of Infrastructure Protection Cybersecurity Brief [Date of presentation]

National Protection and Programs Directorate Department of Homeland Security The Office of Infrastructure Protection Cybersecurity Brief [Date of presentation]
South Carolina Cyber.

South Carolina Cyber.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
National Space-Based Positioning, Navigation, and Timing (PNT) Federal Advisory Board DHS Challenges & Opportunities Captain Curtis Dubay, P.E. Department.

National Space-Based Positioning, Navigation, and Timing (PNT) Federal Advisory Board DHS Challenges & Opportunities Captain Curtis Dubay, P.E. Department.
Introduction to the State-Level Mitigation 20/20 TM Software for Management of State-Level Hazard Mitigation Planning and Programming A software program.

Introduction to the State-Level Mitigation 20/20 TM Software for Management of State-Level Hazard Mitigation Planning and Programming A software program.
Framework for Improving Critical Infrastructure Cybersecurity Overview and Status Executive Order 13636 “Improving Critical Infrastructure Cybersecurity”

Framework for Improving Critical Infrastructure Cybersecurity Overview and Status Executive Order “Improving Critical Infrastructure Cybersecurity”
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.

Resiliency Rules: 7 Steps for Critical Infrastructure Protection.
Part of a Broader Strategy

Part of a Broader Strategy
US-CERT www.us-cert.gov National Cyber Security Division/ U.S. Computer Emergency Readiness Team (US-CERT) Overview Lawrence Hale Deputy Director, US-CERT.

US-CERT National Cyber Security Division/ U.S. Computer Emergency Readiness Team (US-CERT) Overview Lawrence Hale Deputy Director, US-CERT.
The U. S. National Strategy for Global Supply Chain Security Neema Khatri Office of International Affairs U.S. Department of Homeland Security.

The U. S. National Strategy for Global Supply Chain Security Neema Khatri Office of International Affairs U.S. Department of Homeland Security.
Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 DRAFT.

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 DRAFT.

Similar presentations

Ads by Google