digital kung fu a.k.a. protecting yourself in our digital world
TRANSCRIPT
Security Professionals Conference 2015
Deciphering the DHS Alphabet Soup for Higher Ed
Jodi Ito Information Security Officer • University of Hawaiʻi [email protected] • (808) 956-2400
Security Professionals Conference 2015
Goal for Today’s Session
• Provide an overview of resources, tools and services available from DHS
CSET
NCCIC
CRR MS-ISAC
NCATS
RVA
C3VP
CH/CyHy
CSA PSA
US-CERT
NCSAM
Security Professionals Conference 2015
Department of Homeland Security (DHS)
• United States Citizenship and Immigration Services (USCIS)
• United States Customs and Border Protection (CBP)
• United States Coast Guard (USCG)
• Federal Law Enforcement Training Center (FLETC)
• United States Immigration and Customs Enforcement (ICE)
• Transportation Security Administration (TSA)
• United States Secret Service (USSS)
• Management Directorate
• National Protection and Programs Directorate (NPPD)
• Science and Technology Directorate (S&T)
• Domestic Nuclear Detection Office (DNDO)
• Office of Health Affairs (OHA)
• Office of Intelligence and Analysis (I&A)
• Office of Operations Coordination and Planning
• Office of Policy
http://www.dhs.gov/department-components
Security Professionals Conference 2015
DHS Cyber Resources
• Cyber Security Overview
• Information Sharing
• Privacy
• Cyber crime
• Careers, etc.
• http://www.dhs.gov/topic/cybersecurity
Security Professionals Conference 2015
NCSAM
• National Cyber Security Awareness Month
• Every October
• http://www.dhs.gov/national-cyber-security-awareness-month
Security Professionals Conference 2015
Stop.Think.Connect.TM
• Awareness campaign launched in 2010
• Stop.Think.Connect.™ Campaign
• Launched in 2010
• Designed to help citizens reduce cyber risk online by promoting safe online habits
• Developed by coalition of private companies, non-profits, and government organizations, including DHS, through the Anti-Phishing Working Group Messaging Convention and the National Cyber Security Alliance (NCSA).
• http://dhs.gov/stopthinkconnect
Security Professionals Conference 2015
US-CERT
• US Computer Emergency Readiness Team
• www.us-cert.gov
Security Professionals Conference 2015
US-CERT Services
• Alerts: https://www.us-cert.gov/ncas
• TA15-105A : Simda Botnet
• Resources: https://www.us-cert.gov/security-publications
• Malware Analysis:
• https://malware.us-cert.gov/MalwareSubmission/pages/submission.jsf
Security Professionals Conference 2015
US-CERT Reporting
Security Professionals Conference 2015
C3VP (Critical infrastructure Cyber Community Voluntary Program)
• https://www.us-cert.gov/ccubedvp
• Maps NIST Cybersecurity Framework to existing cyber risk management capabilities
• CRR: Cyber Resilience Review
• Self Assessment
• https://www.us-cert.gov/sites/default/files/c3vp/csc-crr-method-description-and-user-guide.pdf
Security Professionals Conference 2015
CSET & more
• Cyber Security Evaluation Tool
• Evaluates automated industrial control or business systems
• Self-contained tool; run on desktop or laptop
• Provides prioritized list of recommendations
• https://ics-cert.us-cert.gov/Downloading-and-Installing-CSET
• US-CERT for Academia:
• https://www.us-cert.gov/ccubedvp/getting-started-academia
Security Professionals Conference 2015
MS-ISAC
• Multi-State Information Sharing Analysis Center
• Cyber threat prevention, protection, response and recovery
• State, local, tribal, territories (state institutions)
• Resources: links to free training, videos, cyber security guides, webcasts, etc.
• 24x7 Security Operations Center (SOC) services for members
Security Professionals Conference 2015
DHS People
• PSA: Protective Security Advisor – National Protection and Programs Directorate,
Office of Infrastructure Protection
– Planning, coordinating, and conducting security surveys and assessments
• CSA: Cyber Security Advisor – Office of Cybersecurity & Communications
– Principal field liaisons
– primary goal is to assist in the protection of cyber components essential within the nation‘s critical infrastructure and key resources (CIKR)
Security Professionals Conference 2015
NCCIC: National Cybersecurity & Communications Integration Center
• Works with critical infrastructure owners and operators to reduce risk;
• Collaborates with state and local governments through the Multi-State Information Sharing and Analysis Center (MS-ISAC);
• Cooperates with international partners to share information and respond to incidents;
• Coordinates national response to significant cyber incidents in accordance with the National Cyber Incident Response Plan (NCIRP);
Security Professionals Conference 2015
NCCIC Mission: continued
• Analyze data to develop and share actionable mitigation recommendations
• Create and maintain shared situational awareness among its partners and constituents;
• Orchestrate national protection, prevention, mitigation, and recovery activities associated with significant cyber and communication incidents;
• Disseminate cyber threat and vulnerability analysis information;
Security Professionals Conference 2015
NCCIC Capabilities & Resources
• US-CERT
• ICS-CERT
• MS-ISAC
• NCC
• NCATS
• Texas A&M Engineering Extension Service (TEEX): – https://teex.org/Pages/Program.aspx?catID=607&courseTitle=C
ybersecurity
• Exercise Planning
Security Professionals Conference 2015
NCATS
• National Cybersecurity Assessments & Technical Services – Full-Scope Red Team/Penetration Testing
– Services are tailored to fit agency requirements
– Risk and Vulnerability Assessments (RVA) (signup now! already scheduling into 2016)
– Cyber Hygiene (CH)
– Independent (third party) review; results of assessment
– will not be shared or disseminated
– Services provided at “No-Cost” to agencies
Security Professionals Conference 2015
CH / CyHy
• Cyber Hygiene – Remote assessment which broadly analyzes
Internet accessible systems for known vulnerabilities and configuration errors on a frequently recurring basis.
– Network Mapping
– Network Vulnerability Scanning
– Configuration Scanning
– Recurring assessment
– Reports on vulnerability and configuration errors
Security Professionals Conference 2015
RVA
• Risk and Vulnerability Assessments - Remote and On-Site
- Vulnerability Scanning and Testing
- Penetration Testing
- Social Engineering (Phishing)
- Wireless Discovery & Identification
- Web Application Scanning & Testing
- Database Scanning
- Operating System Scanning for compliance checks
Security Professionals Conference 2015
UH RVA EXPERIENCE
Security Professionals Conference 2015
NICCS
• National Initiative For Cybersecurity Careers and Studies
• Workforce Development Initiative
• Encourage students to pursue cyber security as an education AND career pathway
• http://niccs.us-cert.gov/education/education-home
Security Professionals Conference 2015
A Few More…
• CISCP: Cyber Information Sharing & Collaboration Program – Indicator Bulletins
– Analysis Bulletins
– Alert Bulletins
– Recommended Practices
• Sign CRADA to participate (or join REN-ISAC)
• CRADA: Cooperative Research And Development Agreement
• Email: [email protected]
Security Professionals Conference 2015
Last ones!
• TAXIITM: Trusted Automated eXchange of Indicator Information
• STIXTM: Structured Threat Information eXpression
• CybOXTM: Cyber Observable eXpression
• A framework to automate and structure operational cybersecurity information sharing techniques across the globe
• www.us-cert.gov/TAXII
Security Professionals Conference 2015
DHS Point Of Contacts
• Sean McAfee
• Distribution List:
Security Professionals Conference 2015
Jodi Ito • UH Information Security Officer
[email protected] • (808) 956-2400