DHS Cybersecurity Analyst details the US Department of Homeland Security Services for all businesses to build cyber resilience at the Technology Association of Louisville's CyberSecurity Summit on June 14, 2019.
DHS Cybersecurity Services for Building Cyber Resilience
1. C I S A | C Y B E R S E C U R I T Y A N D I N F R A S T R U C T U R E S E C U R I T Y A G E N C Y
Cybersecurity Services For
Building Cyber Resilience
Tara brewer
Cybersecurity Analyst
Cybersecurity Advisor Program
Cybersecurity and Infrastructure Security Agency
6/14/2019
2. 2
• Cybersecurity and Infrastructure Security Agency (CISA)
mission:
• Lead the collaborative national effort to strengthen the security and resilience
of America’s critical infrastructure
• CISA vision:
• A Nation with secure, resilient, and reliable critical infrastructure upon which
the American way of life can thrive
CISA Mission and Vision
4. 4
CISA mission: Lead the collaborative national effort to strengthen the security
and resilience of America’s critical infrastructure
In support of that mission: Cybersecurity Advisors (CSAs):
• Assess: Evaluate critical infrastructure cyber risk.
• Promote: Encourage best practices and risk mitigation strategies.
• Build: Initiate, develop capacity, and support cyber communities-of-
interest and working groups.
• Educate: Inform and raise awareness.
• Listen: Collect stakeholder requirements.
• Coordinate: Bring together incident support and lessons learned.
Cybersecurity Advisor Program
6. 6
CSA Deployed Personnel
CSA’s Office
Region X
Region III
Region IV
Region VII
Region VIII
Deron McElroy
Los Angeles, CA
Western U.S. Supervisory CSA
Rich Richard
New York, NY
George Reeves
Houston, TX
Ron Watters
Seattle, WA
Sean McCloskey
Washington, D.C. Metro
Eastern U.S. Supervisory CSA
Harley Rinerson
Denver, CO
Central U.S. Supervisory CSA
Tony Enriquez
Chicago, IL Ron Ford
Boston, MA
Franco Cappa
Philadelphia, PA
Region VI – Houston District
Jennine Gilbeau
San Francisco, CA
Rick Gardner
Salt Lake City, UT
Region IX
Region V Region I
Region II
Region IV
Region VI
Geoffrey Jenista
Kansas City, MO
Joseph Henry
St. Louis, MO
Ben Gilbert
Richmond, VA
Klint Walker
Atlanta, GA
Chad Adams
Dallas, TX
Mike Lettman
Phoenix, AZ
Giovanni Williams
Honolulu, HI
7. 7
National Cybersecurity and Communications Integration Center
(NCCIC): Working with and for you
• Operations
• Cyber Threat Hunting and Incident
Response Teams
• National Cyber Assessments and Technical Services (NCATS)
• Risk and Vulnerability Assessments (RVAs)
• Phishing Campaign Assessments (PCA)
• Vulnerability Scanning
• Validated Architecture Design Review (VADR)
• Cyber Security Evaluation Tool (CSET™)
• Cyber Threat Detection and Analysis
• Cyber Exercises
• Malware Analysis
• National Cyber Awareness System
• Publications and Communications
National Cybersecurity and Communications
Integration Center
8. 8
Sampling of Cybersecurity Offerings
• Response Assistance
• Remote / On-Site Assistance
• Malware Analysis
• Hunt and Incident Response Teams
• Incident Coordination
• Cybersecurity Advisors
• Assessments
• Working group collaboration
• Best Practices private-public
• Incident assistance coordination
• Protective Security Advisors
• Assessments
• Incident liaisons between
government and private sector
• Support for National Special
Security Events
• Preparedness Activities
• Information / Threat Indicator Sharing
• Cybersecurity Training and Awareness
• Cyber Exercises and “Playbooks”
• National Cyber Awareness System
• Vulnerability Notes Database
• Information Products and Recommended
Practices
• Cybersecurity Evaluations
• Cyber Resilience Reviews (CRR™)
• Cyber Infrastructure Surveys
• Phishing Campaign Assessment
• Vulnerability Scanning
• Risk and Vulnerability Assessments (aka
“Pen” Tests)
• External Dependency Management Reviews
• Cyber Security Evaluation Tool (CSET™)
• Validated Architecture Design Review
(VADR)
10. 10
• Purpose: Evaluate operational resilience
and cybersecurity practices of critical
services.
• Delivery: Either
• CSA-facilitated, or
• Self-administered
• Benefits include: Helps public and private
sector partners understand and measure
cybersecurity capabilities as they relate to
operational resilience and cyber risk
Cyber Resilience Review
CRR Question Set & Guidance
11. 11
Critical Service Focus
Organizations use assets (people, information, technology, and
facilities) to provide operational services and accomplish missions.
FOUO
12. 12
Cyber Resilience Review Domains
Asset Management
Know your assets being protected & their
requirements, e.g., CIA
Risk Management
Know and address your biggest risks that considers
cost and your risk tolerances
Configuration and Change Management
Manage asset configurations and changes
Service Continuity Management
Ensure workable plans are in place to manage
disruptions
Controls Management
Manage and monitor controls to ensure they
are meeting your objectives
Situational Awareness
Discover and analyze information related to
immediate operational stability and security
External Dependencies Management
Know your most important external entities and
manage the risks posed to essential services
Training and Awareness
Ensure your people are trained on and aware of
cybersecurity risks and practices
Incident Management
Be able to detect and respond to incidents
Vulnerability Management
Know your vulnerabilities and manage those that
pose the most risk
For more information: http://www.us-cert.gov/ccubedvp
13. 13
Process Institutionalization
Practices are
performed
See Notes
Processes are
defined,
measured, and
governed
CRR maturity indicator levels (MILs) are to measure process institutionalization:
Practices are
incomplete
Higher MIL degrees
translate to more stable
processes that:
• Produce consistent
results over time
• Are retained during
times of stress
MIL 0-Incomplete
MIL 1-Performed
MIL 2-Planned
MIL 3-Managed
MIL 4-Measured
MIL 5-Defined
14. Contact Information
Tara Brewer
Cybersecurity Advisor Program, DC
U.S. Department of Homeland Security
Tara.brewer@hq.dhs.gov
Mobile: (202) 875-3489
Klint Walker
Cybersecurity Advisor, Region IV
Cybersecurity and Infrastructure Security Agency
klint.walker@hq.dhs.gov
Office: (404) 895-1127
NCCIC NCCICcustomerservice@hq.dhs.gov or (888) 282-0870
FBI Cyber Watch (CyWatch) CyWatch@fbi.gov or (855) 292-3937
Notes de l'éditeur
Change Presenter’s Name and Date in Slide Master view.
We are one agency with one mission and one vision. This is the mission and vision for every division, branch, and office within CISA. The purpose of every program, service, and tool CISA offers is to support this mission and vision.
As I said, we at CISA have one mission: to lead the collaborative national effort to strengthen the security and resilience of America’s critical infrastructure. We do so by providing direct coordination, outreach, and regional support and assistance to protect cyber components essential to the Nation’s critical infrastructure.
The purpose of CISA’s Cybersecurity Advisor program is to promote and further cybersecurity preparedness, risk mitigation, and incident response capabilities of public and private sector owners and operators of critical infrastructure, and state, local, tribal, and territorial (SLTT) governments, through stakeholder partnerships and direct assistance activities which we undertake with you at no cost to you. All our services, programs, and tools we offer to you are strictly voluntary – you do not have to use any of them – and ALL are free – there is no charge to you whatsoever for any service and tool we offer.
Specifically, to promote the security and resilience of critical infrastructure we:
Undertake risk-based cybersecurity assessments -- such as the Cyber Resilience Review (CRR), Cyber Infrastructure Survey (CIS), and the External Dependency Management (EDM) assessment, which are all free to the critical infrastructure owner and operator, whether SLTT or private sector;
Promote use of best practices such as the NIST Cybersecurity Framework, which is designed as a foundation upon which industry and government can better manage and reduce their cyber risk;
Build and strengthen private-public cybersecurity partnerships through information exchanges, and cyber protective visits;
Educate by raising awareness of various cybersecurity services offered by CISA and other federal and local government programs through cyber resilience workshops, keynotes, panel discussions, and program briefs;
Listen to stakeholder requirements and needs through various working groups, tabletop exercises, and other technical exchanges; and
Coordinate direct assistance and resourcing support conducted in times of cyber threats, disruptions, and attacks.
CISA focuses on critical infrastructure – and CSAs work with critical infrastructure and owners and operators across the 16 sectors. Our assistance (as described later) is designed to support and enhance the security of infrastructure entities. And, as CSAs are in the field and SLTT governments often cut across infrastructure sectors and are an important constituency, CSAs directly assist SLTT governments as well as the private sector.
I mentioned we are in the field – well, here we are. We support 56 U.S. states, territories, and the District of Columbia.
We are known as “a very small cybersecurity field force with immense reach-back and scalability.’ NEED UPDATED STATs re BELOW
Currently 11 with 12th on the way. Hiring an additional 11 more soon. (Jobs closes Jan 21 for Portland, SF, Phoenix, Baton Rouge, St Louis, Salt Lake City, Buffalo, Minneapolis, Richmond, Tampa, Nashville.
CISA’s National Cybersecurity and Communications Integration Center, or “NCCIC” for short, is our – and yours – 24/7 cyber situational awareness, incident response, and cyber risk management center. NCCIC is the national nexus of cyber and communications information. It seeks to reduce the likelihood and severity of incidents and vulnerabilities significantly compromising the security and resilience of the Nation’s critical infrastructure, information technology, and communications networks in both the public and private sectors. I refer to it as our, meaning CISA / DHS, and “yours” because NCCIC works with all the infrastructure sectors and all levels of government in the United States and with international partners in government and private sector on behalf of the country. .
Speaker notes needed by a CSA. Original slide notes: ALT Slide- general narrative on this one is “Left of “BOOM”, right of “BOOM”, where boom= incident.
The goal of the Cyber Resilience Review, or CRR, is to understand an organization’s operational resilience and ability to manage cyber risk to its critical services during normal operations and times of operational stress and crisis. The CRR is based on the CERT Resilience Management Model [http://www.cert.org/resilience/rmm.html], a process improvement model developed by Carnegie Mellon University’s Software Engineering Institute for managing operational resilience. The Review is a no-cost method to assess cybersecurity postures and measure your standing against the NIST Cybersecurity Framework
One foundational principle of the CRR is the idea that an organization deploys its assets (people, information, technology, and facilities) to support specific operational missions (i.e., critical services). Applying this principle, the CRR seeks to understand an organization’s capacities and capabilities in performing, planning, managing, measuring, and defining cybersecurity practices and behaviors in various areas.
Assets
Services and business processes “fueled” by assets.
Four asset types are viewed as components of services:
People – to operate and monitor the service
Information to feed the process and to be produced by the service
Technology – to automate and support the service
Facilities – in which to perform the service
One of the primary focuses of resilience management is identifying the critical dependencies or “interconnectedness” between high-value services and their related assets
People – employees, contractors, technologists, auditors, consultants etc.
Information – data, documents, procedures, intellectual property, personally identifiable information, electronic health records etc.
Technology – servers, networks, routers, switches, firewalls, mobile devices etc.
Facilities – buildings, data centers, operations centers, power plants, hospitals etc.
Disruptions to Assets can disrupt operations, which can impact a critical service, disrupting the organization’s mission. We focus on those critical services so we can understand, protect and sustain the assets that support them.
Speaker notes needed from a CSA. Highlighted in red question: Do you want to keep “CIA” listed?