Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cybersecurity ATD technical

Published byElfreda Greene Modified over 5 years ago

Similar presentations

Presentation on theme: "Cybersecurity ATD technical"— Presentation transcript:

1 Cybersecurity ATD technical

2 Threat – GPS Spoofing Available at

3 outcome – maritime collision

4 Threat concerns Core Questions:
What is the potential loss from a successful attack What is the likelihood What is our tolerance for such a loss What is our strategy to mitigate or manage this loss

5 Gps spoofing solutions …
Available at:

6 DoD Cybersecurity outcomes
Available at: “Build and Operate a Trusted DoDIN,” high level outcomes are: Design for the Fight Develop the Workforce Secure Data in Transit Manage Access Understand the Battlespace Prevent and Delay Attackers/Prevent Attackers from Staying Develop and Maintain Trust Strengthen Cyber Resilience Sustain Missions

7 Goals p. 73

8 Cybersecurity Artifacts

9 Provides a way to … The NIST Cybersecurity Framework provides a way to: • Access a current position; • Describe a target state; • Identify & prioritize opportunities; • Assess progress toward a target state; and • Communicate among stakeholders about cybersecurity risk

10 Framework components Framework Core Framework Tiers Framework Profile
Identify – Develop the organizational understanding to manage cybersecurity risk to systems, assets, data, and capabilities. The activities in the Identify Function are foundational for effective use of the Framework. Understanding the business context, the resources that support critical functions, and the related cybersecurity risks enables an organization to focus and prioritize its efforts, consistent with its risk management strategy and business needs. Protect – Develop and implement the appropriate safeguards to ensure delivery of critical infrastructure services. The Protect Function supports the ability to limit or contain the impact of a potential cybersecurity event. Examples of outcome Categories within this Function include: Access Control; Awareness and Training; Data Security; Information Protection Processes and Procedures; Maintenance; and Protective Technology. Detect – Develop and implement the appropriate activities to identify the occurrence of a cybersecurity event. The Detect Function enables timely discovery of cybersecurity events. Examples of outcome Categories within this Function include: Anomalies and Events; Security Continuous Monitoring; and Detection Processes. Respond – Develop and implement the appropriate activities to take action regarding a detected cybersecurity event. The Respond Function supports the ability to contain the impact of a potential cybersecurity event. Examples of outcome Categories within this Function include: Response Planning; Communications; Analysis; Mitigation; and Improvements. • Recover – Develop and implement the appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity event. The Recover Function supports timely recovery to normal operations to reduce the impact from a cybersecurity event. Examples of outcome Categories within this Function include: Recovery Planning; Improvements; and Communications.

11 Framework CORE Identify – Develop the organizational understanding to manage cybersecurity risk to systems, assets, data, and capabilities. Protect – Develop and implement the appropriate safeguards to ensure delivery of critical infrastructure services. Detect – Develop and implement the appropriate activities to identify the occurrence of a cybersecurity event. Respond – Develop and implement the appropriate activities to take action regarding a detected cybersecurity event. Recover – Develop and implement the appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity event. Identify – Develop the organizational understanding to manage cybersecurity risk to systems, assets, data, and capabilities. The activities in the Identify Function are foundational for effective use of the Framework. Understanding the business context, the resources that support critical functions, and the related cybersecurity risks enables an organization to focus and prioritize its efforts, consistent with its risk management strategy and business needs. Protect – Develop and implement the appropriate safeguards to ensure delivery of critical infrastructure services. The Protect Function supports the ability to limit or contain the impact of a potential cybersecurity event. Examples of outcome Categories within this Function include: Access Control; Awareness and Training; Data Security; Information Protection Processes and Procedures; Maintenance; and Protective Technology. Detect – Develop and implement the appropriate activities to identify the occurrence of a cybersecurity event. The Detect Function enables timely discovery of cybersecurity events. Examples of outcome Categories within this Function include: Anomalies and Events; Security Continuous Monitoring; and Detection Processes. Respond – Develop and implement the appropriate activities to take action regarding a detected cybersecurity event. The Respond Function supports the ability to contain the impact of a potential cybersecurity event. Examples of outcome Categories within this Function include: Response Planning; Communications; Analysis; Mitigation; and Improvements. • Recover – Develop and implement the appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity event. The Recover Function supports timely recovery to normal operations to reduce the impact from a cybersecurity event. Examples of outcome Categories within this Function include: Recovery Planning; Improvements; and Communications.

12 Cybersecurity risk Management

13 Maritime profiles “The USCG is working with industry to develop these voluntary industry‐focused Profiles to mitigate risks in their joint mission areas. The USCG determined the first industry‐focused Profile should address MBLT. … Other mission areas regulated under 33 CFR 104‐106 to be evaluated in future Profiles include maritime cybersecurity for passenger vessels, cargo vessels, navigation, and offshore facilities.” (p. 8)

14 Manage Cybersecurity Requirements
Federal agencies can use the Cybersecurity Framework Core Subcategories to align and de-conflict cybersecurity requirements applicable to their organizations. This reconciliation of requirements helps to ensure compliance and provides input in prioritizing requirements across the organization using the subcategory outcomes. This becomes a means of operationalizing cybersecurity activities and a tool for iterative, dynamic, and prioritized risk management for the agency.“ (p )

15 Cybersecurity requirements
“Requirements are positive, testable statements about the system - statements on the systems’ functional behaviors and non-functional properties often captured as ‘shall’ statements.” “Cyber requirements are often statements on what the system should not do, i.e., shall not statements.” (p . 5)

16 Questions

17 Gps jam/spoof p. 11

18 Range of mitigations (p. 14)

19 Framework profile “Framework Profile: The profile represents the outcomes based on business needs, risk tolerance, and resource requirements that an organization has selected from Framework categories and subcategories. To ensure adaptability and enable technical innovation, the Framework is technology neutral.” (p. 5) Identify – Develop the organizational understanding to manage cybersecurity risk to systems, assets, data, and capabilities. The activities in the Identify Function are foundational for effective use of the Framework. Understanding the business context, the resources that support critical functions, and the related cybersecurity risks enables an organization to focus and prioritize its efforts, consistent with its risk management strategy and business needs. Protect – Develop and implement the appropriate safeguards to ensure delivery of critical infrastructure services. The Protect Function supports the ability to limit or contain the impact of a potential cybersecurity event. Examples of outcome Categories within this Function include: Access Control; Awareness and Training; Data Security; Information Protection Processes and Procedures; Maintenance; and Protective Technology. Detect – Develop and implement the appropriate activities to identify the occurrence of a cybersecurity event. The Detect Function enables timely discovery of cybersecurity events. Examples of outcome Categories within this Function include: Anomalies and Events; Security Continuous Monitoring; and Detection Processes. Respond – Develop and implement the appropriate activities to take action regarding a detected cybersecurity event. The Respond Function supports the ability to contain the impact of a potential cybersecurity event. Examples of outcome Categories within this Function include: Response Planning; Communications; Analysis; Mitigation; and Improvements. • Recover – Develop and implement the appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity event. The Recover Function supports timely recovery to normal operations to reduce the impact from a cybersecurity event. Examples of outcome Categories within this Function include: Recovery Planning; Improvements; and Communications.

20 Agency Accountability
(c)  Risk Management. (i)    Agency heads will be held accountable by the President for implementing risk management measures commensurate with the risk and magnitude of the harm that would result from unauthorized access, use, disclosure, disruption, modification, or destruction of IT and data. …  (ii)   Effective immediately, each agency head shall use The Framework for Improving Critical Infrastructure Cybersecurity (the Framework) developed by the National Institute of Standards and Technology, or any successor document, to manage the agency's cybersecurity risk.   Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure Dated 11 May 2017

21 Leverage “By seamlessly integrating the Cybersecurity Framework and key NIST cybersecurity risk management standards and guidelines … agencies can develop, implement, and continuously improve agency-wide cybersecurity risk management processes that inform strategic, operational, and other enterprise risk decisions.” (p. 8) (p. 10)

22 mechanism for … “The Cybersecurity Framework offers a mechanism for reconciling mission objectives and cybersecurity requirements into Profiles, …Profiles can be a reconciliation of cybersecurity requirements and associated priorities from many sources, Profiles can be used as a concise and important artifact for consideration when tailoring SP initial control baselines to final control baselines.” (p. 20)

23 objectives

24 Document of compliance

Download ppt "Cybersecurity ATD technical"

Similar presentations

EMS Checklist (ISO model)

EMS Checklist (ISO model)
Tenace FRAMEWORK and NIST Cybersecurity Framework Block IDENTIFY.

Tenace FRAMEWORK and NIST Cybersecurity Framework Block IDENTIFY.
NOTE: To change the image on this slide, select the picture and delete it. Then click the Pictures icon in the placeholde r to insert your own image. Cybersecurity.

NOTE: To change the image on this slide, select the picture and delete it. Then click the Pictures icon in the placeholde r to insert your own image. Cybersecurity.
National Protection and Programs Directorate Department of Homeland Security The Office of Infrastructure Protection Cybersecurity Brief [Date of presentation]

National Protection and Programs Directorate Department of Homeland Security The Office of Infrastructure Protection Cybersecurity Brief [Date of presentation]
Framework for Improving Critical Infrastructure Cybersecurity NIST Feb 2014.

Framework for Improving Critical Infrastructure Cybersecurity NIST Feb 2014.
Business Crisis and Continuity Management (BCCM) Class Session 3 3 - 1.

Business Crisis and Continuity Management (BCCM) Class Session
NIST framework vs TENACE Protect Function (Sestriere, 21-23 Gennaio 2015)

NIST framework vs TENACE Protect Function (Sestriere, Gennaio 2015)
The NIST Framework for Cybersecurity

The NIST Framework for Cybersecurity
Risk Assessment Frameworks

Risk Assessment Frameworks
Framework for Improving Critical Infrastructure Cybersecurity Overview and Status Executive Order 13636 “Improving Critical Infrastructure Cybersecurity”

Framework for Improving Critical Infrastructure Cybersecurity Overview and Status Executive Order “Improving Critical Infrastructure Cybersecurity”
Enterprise Architecture

Enterprise Architecture
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.

Resiliency Rules: 7 Steps for Critical Infrastructure Protection.
EASTERN MICHIGAN UNIVERSITY Continuity of Operations Planning (COOP)

EASTERN MICHIGAN UNIVERSITY Continuity of Operations Planning (COOP)
Don Von Dollen Senior Program Manager, Data Integration & Communications Grid Interop December 4, 2012 A Utility Standards and Technology Adoption Framework.

Don Von Dollen Senior Program Manager, Data Integration & Communications Grid Interop December 4, 2012 A Utility Standards and Technology Adoption Framework.
Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 DRAFT.

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 DRAFT.
Critical Infrastructure Protection: Program Overview

Critical Infrastructure Protection: Program Overview
Homeland Security UNCLASSIFIED United States Coast Guard Office of Port and Facility Compliance (CG-FAC) Cyber Security and the Marine Transportation System.

Homeland Security UNCLASSIFIED United States Coast Guard Office of Port and Facility Compliance (CG-FAC) Cyber Security and the Marine Transportation System.
Federal Acquisition Service U.S. General Services Administration June 3, 2013 Joint Working Group on Improving Cybersecurity and Resilience through Acquisition.

Federal Acquisition Service U.S. General Services Administration June 3, 2013 Joint Working Group on Improving Cybersecurity and Resilience through Acquisition.
℠ Pryvos ℠ Computer Security and Forensic Services May 27, 2015 Copyright © 2015 Pryvos, Inc. 1.

℠ Pryvos ℠ Computer Security and Forensic Services May 27, 2015 Copyright © 2015 Pryvos, Inc. 1.
12-CRS-0106 REVISED 8 FEB 2013 APO (Align, Plan and Organise)

12-CRS-0106 REVISED 8 FEB 2013 APO (Align, Plan and Organise)

Similar presentations

Ads by Google