us-cert national cyber security division/ u.s. computer emergency readiness team (us-cert) overview...
TRANSCRIPT
US-CERTUS-CERT
www.us-cert.govwww.us-cert.gov
National Cyber Security Division/National Cyber Security Division/U.S. Computer Emergency U.S. Computer Emergency Readiness Team (US-CERT)Readiness Team (US-CERT)OverviewOverview
Lawrence Hale
Deputy Director, US-CERTMarch 10, 2004
17th Federal Information Systems Security Educators’ Association
2
The National Cyber Security Division (NCSD) is the National focal point The National Cyber Security Division (NCSD) is the National focal point for addressing cyber security issues in the United States.for addressing cyber security issues in the United States.
Mission components include:
1. Identifying, analyzing and reducing threats and vulnerabilities2. Disseminating threat warning information3. Coordinating incident response4. Providing technical assistance in continuity of operations and
recovery5. Serving as national focal point for the public and private sector
regarding cyber security issues
…Implement the National Strategy…
MissionMission
3
PRIORITY IMPLICATION
• National Cyberspace Security Response System
• Rapid identification, information exchange, and remediation can mitigate damage• Response system will involve public and private institutions and cyber centers to
perform analyses, conduct watch and warning, enable information exchange, and facilitate restoration efforts
• National Cyber Security Threat and Vulnerability Reduction Program
• Coordinated national efforts by government and private sector to identify and remediate serious cyber vulnerabilities through collaborative activities, such as sharing best practices and evaluating and implementing new technologies
• Raise awareness, increase criminal justice activities, and develop national security programs to deter cyber threats
• National Cyberspace Security Awareness and Training Program
• Promote comprehensive national awareness program to empower all Americans – businesses, workforce, and general population to secure their parts of cyberspace
• Foster adequate training and education programs for Nation’s cyber-security needs• Promote private support for independent certification of cybersecurity professionals
• Securing Governments’ Cyberspace
• Federal, State and Local Governments’ systems protection and resilience • Continuously assess threats and vulnerabilities to cyber systems
• International Cyberspace Security Cooperation
• Improve attack attribution and prevention capabilities• International cooperation
– Facilitate and promote global “culture of security”– Foster international watch-and-warning networks to detect emerging attacks
The National Strategy’s Five PrioritiesThe National Strategy’s Five Priorities
Homeland Security Presidential Directive 7December 17, 2003
U.S. Department of Homeland Security
Information Analysis and Infrastructure Protection
Paragraph 16. The Secretary will continue to maintain an organization to serve as a focal point for the security of cyberspace. The organization will facilitate interactions and collaborations between and among Federal departments and agencies, State and local governments, the private sector, academia and international organizations.
To the extent permitted by law, Federal departments and agencies with cyber expertise, including but not limited to the Departments of Justice, Commerce, the Treasury, Defense, Energy, and State, and the Central Intelligence Agency, will collaborate with and support the organization in accomplishing its mission.
The organization's mission includes analysis, warning, information sharing, vulnerability reduction, mitigation, and aiding national recovery efforts for critical infrastructure information systems. The organization will support the Department of Justice and other law enforcement agencies in their continuing missions to investigate and prosecute threats to and attacks against cyberspace, to the extent permitted by law.
U.S. Department of Homeland Security
Information Analysis and Infrastructure Protection
Strategy,Policy,
Programs:Support, Studies,
Analysis, and PolicyLeadership
US-CERT:The National
Cyber Preparedness and Response System
FedCIRC:Securing
Government’s Cyberspace
NCSD’s Integrated CapabilityNCSD’s Integrated Capability
6
US-CERT: ReadinessUS-CERT: Readiness
The National Response System
National Level Watch and Incident Management — 24/7 Watch Operations— Cyber Interagency Incident Management Group (C-IIMG)— Develop and practice capabilities: Livewire— Early warning initiatives and displays
Vulnerability Assessment and Remediation— Current and potential vulnerabilities & remediation mechanisms— Malware lab and analysis capability— Common vulnerabilities and exposures identification— Critical Infrastructure Program cyber review matrix— Internet infrastructure critical system matrix
Homeland Security Presidential Directive 7December 17, 2003
U.S. Department of Homeland Security
Information Analysis and Infrastructure Protection
Paragraph 16. The Secretary will continue to maintain an organization to serve as a focal point for the security of cyberspace. The organization will facilitate interactions and collaborations between and among Federal departments and agencies, State and local governments, the private sector, academia and international organizations.
To the extent permitted by law, Federal departments and agencies with cyber expertise, including but not limited to the Departments of Justice, Commerce, the Treasury, Defense, Energy, and State, and the Central Intelligence Agency, will collaborate with and support the organization in accomplishing its mission.
The organization's mission includes analysis, warning, information sharing, vulnerability reduction, mitigation, and aiding national recovery efforts for critical infrastructure information systems. The organization will support the Department of Justice and other law enforcement agencies in their continuing missions to investigate and prosecute threats to and attacks against cyberspace, to the extent permitted by law.
8
US-CERT: Readiness (continued) US-CERT: Readiness (continued)
Outreach: Public-Private Partnership
Information dissemination, alerting and information products
– Secure Communications Infrastructure for collaboration and response
National Cyber Security Summit Partnerships for awareness, exchange and response
– Incident Responders (Federal Government, International, Law Enforcement, Other)
– Critical infrastructure owners and operators– Service providers and backbone providers– Security product vendors and software industry
9
National Cyber Security DivisionNational Cyber Security Division
Providing strategy and policy support and leadership
Software Assurance– Software development processes– Security enhancement through automated tools
International Collaboration Intelligence community requirements Economic analysis Standards and best practices
– NIAP review in conjunction with DoD and NIST, and others Training and Education
10
Training and EducationTraining and EducationCenters of Academic Excellence Program
− Co-sponsor NSA Centers of Academic Excellence in Information Assurance Education and expand to National program
IT Security Professional Certification Effort
− Work with DoD and Federal agencies to collect requirements for IT security professional certification
− Define job functions, skills and knowledge required, and common body of knowledge
Scholarship for Service Program
− Work with National Science Foundation and Federal CIO Council, Workforce Committee to promote Scholarship for Service Program among all Federal agencies
IT Security Awareness
− Work with Department of Education and existing organizations such as EDUCAUSE and National Cyber Security Alliance to promote IT security training and education in universities and primary/secondary schools
11
FedCIRC InitiativesFedCIRC Initiatives
Securing Government’s Cyberspace
Security Analysis Program – Passive vulnerability discovery and analysis capability – Capability exists on existing systems, being deployed
Incident Management– Processes, incident support and correlation – Consolidated NIPC, FedCIRC and other watches
Security collaboration groups– CISO Forum, GFIRST, others
12
National Cyber Alert SystemNational Cyber Alert System
Provides credible and timely information on cyber security issues to include:
• Cyber Security Tips
• Cyber Security Bulletin
• Cyber Security Alerts
All information products are available on a free subscription basis and are delivered via email.
Sign up at www.us-cert.gov
13
VulnerabilitiesVulnerabilities
US-CERT has recently issued alerts on: Multiple Vulnerabilities in MS ASN.1 Library HTTP Parsing Vulnerabilities in Checkpoint FW-1 Multiple Vulnerabilities in MS Internet Explorer
Actions taken may include release of standard andtechnical advisories, informational bulletins, andvulnerability notes; coordination with affected vendors;coordination of remediation efforts with the federalgovernment and private industry; LE and IC contact
14
Recent EventsRecent Events
E-mail Borne Viruses Beagle/Bagle Mydoom/Novarg/Doomjuice Netsky Blaster/Welchia/Nachi
15
Long-term needsLong-term needs
Stronger foundations
• R&D investments in• The “science” of information assurance
– Well defined security properties of components– Security metrics– Component composition rules that preserve security
properties
• Engineering practices that build-in (rather than bolt-on) security
• Protocols that limit damage from distributed attacks
16
Near to mid-term needsNear to mid-term needs
Education and Training organizations• Undergraduate & Graduate programs• Increased emphasis on secure development
practices in CS & Engineering programs• Executive education programs on risk
management and information security• Security training for IT staff
17
Near to mid-term needsNear to mid-term needs
Software Developers• Dramatic reduction in the number of vulnerabilities • Secure out-of-the-box configurations• “Virus-proof” software
Response Groups• Global indications and warning systems with
predictive capabilities
18
Lawrence HaleLawrence Hale
Deputy Director, NCSD, US-CERTDeputy Director, NCSD, US-CERT
202 708-7000202 708-7000