Information Sharing Initiatives In Critical Infrastructure Protection and Resilience

1. Information Sharing Initiatives In Critical Infrastructure Protection and Resilience Denise Anderson Vice Chair-National Council of ISACs Vice President FS-ISAC, Government and Cross Sector Programs Financial Services Information Sharing & Analysis Center (FS-ISAC) National Council of ISACs

2. Agenda • Critical Infrastructure • What is an ISAC? • Descriptions of the various ISACs and capabilities/reach • What is the National Council of ISACs? • Overview of Council Activities • Case Studies: Lessons Learned • Five Initiatives To Enhance Critical Infrastructure Protection and Resilience

3. Critical Infrastructure • 18 Defined Sectors: Agriculture and Food Defense Industrial Base Energy Healthcare & Public Health Banking & Finance Water Chemical Commercial Facilities Critical Manufacturing Dams Communications Postal & Shipping Transportation Systems Government Facilities Emergency Services Nuclear Reactors, Materials & Waste Information Technology National Monuments & Icons

4. What is an ISAC? • Relationship to sectors • Funding • Structure/Operations • Functions

5. Why ISACs? • Trusted entities established by CI/KR owners • and operators. • Comprehensive sector analysis • Reach-within their sectors, with other sectors, and • with government to share critical information. • All-hazards approach • Threat level determination for sector

6. Why ISACs? • Operational services such as risk mitigation, • incident response, and information sharing • Fast response on accurate, actionable and • relevant information • Empower business resiliency through security • planning, disaster response and recovery • execution. Most ISACs, by • definition, have 24/7 • threat warning, • incident reporting capabilities

7. ISACs Communications ISAC Electricity ISAC Emergency Management & Response ISAC Financial Services ISAC Highway ISAC Information Technology ISAC Maritime ISAC Multi-State ISAC

8. ISACs National Health ISAC Public Transit ISAC Real Estate ISAC Research and Education ISAC Supply Chain ISAC Surface Transportation ISAC Water ISAC

9. Other Operational Entities • Defense Industrial Base (DIB) • Nuclear • Oil & Gas • Chemical • Airline

10. ISAC EXAMPLE: FS-ISAC Information Sharing and Analysis Tools for Members • Cyber & Physical alerts from 24/7 Security Ops Center • Briefings/white papers • Risk Mitigation Toolkit • Document Repository • Anonymous Submissions • Committee Listservs • Member surveys • Bi-weekly Threat calls • Special info sharing member conference calls • Crisis Management process– CMLT, CINS • Semi-annual conferences • Webinars • Regional Program • Viewpoints

11. Communications ISAC • The DHS National Coordinating Center partners with the private sector in the ISAC and provides 24x7 operational support • Members include communications equipment and software vendors, wire line communications providers, wireless communications providers, including satellite providers, Internet Service Provider backbone networks • www.ncs.gov/ncc

12. Electricity ISAC • The ES-ISAC’s coverage includes bulk power system entities and 18 Reliability Coordinators and covers the entire continental United States and Canada • Working on developing the necessary communication and participation with non-bulk power system entities and their critical suppliers • www.esisac.com

13. EMR ISAC • Initiated in 2000 by a FEMA contract, operates from the National Emergency Training Center in Emmitsburg, MD • Reaches over 40,000 ESS departments and agencies directly, thousands more reached through ESS associations, departments and agencies as well as state and local fusion centers • www.usfa.dhs.gov/emr-isac

14. Financial Services ISAC • The only industry forum for collaboration on critical security threats facing the financial services sector • Over 4,200 direct members and 30 member associations • Ability to reach 99% of the banks and credit unions and 85% of the securities industry, and nearly 50% of the insurance industry • www.fsisac.com

15. Highway ISAC • Cooperative Agreement with (DHS) Trucking Security Program (TSP) • Provide anti-terrorism and security awareness training for highway professionals and recruit volunteers to report suspicious activities • Reach over 2 million • www.firstobserver.com

16. Information Technology ISAC • Reaches 90% of all desktop operating systems, 85% of all databases; 76% of the global microprocessor market; 85% of all routers and 65% of software security • www.it-isac.org

17. Maritime Security ISAC • Established in 1988 • Non-profit, member driven organization representing ocean carriers, cruise lines, port facilities and terminals, logistics providers, importers, exporters and related maritime industries throughout the world  • http://www.maritimesecurity.org/

18. Multi-State ISAC • Includes all 50 States, the District of Columbia, five U.S. Territories, one local governments per state and all state homeland security offices • The MS-ISAC continues to broaden its local government participation to include all of the approximate 39,000 municipalities and fusion centers • www.msisac.org

19. National Health ISAC • The NH-ISAC serves to protect the nation's healthcare and public health critical infrastructure against security threats and vulnerabilities. • Founded in 2010 leveraging Center for Technology Innovation at Kennedy Space Center • Healthcare and Public Health organizations • www.nhisac.org

20. Public Transit ISAC • Created by The American Public Transportation Association (APTA). APTA is designated by the US Department of Transportation as the sector coordinator for the US public transit industry • Members serve more than 90% of persons using public transportation in the United States and Canada • www.surfacetransportationisac.org/APTA.asp

21. Real Estate ISAC • Created by the Real Estate Roundtable in 2003 • Membership comprised of 11 major associations such as BOMA, IREM, American Hotel & Lodging, National Apartment Association, International Institute of Shopping Centers, Real Estate Roundtable • http://reisac.org/

22. REN ISAC • Supported by Indiana University and through relationships with EDUCAUSE and Internet2, the REN-ISAC is an integral part of higher education's strategy to improve network security specifically designed to support the unique environment and needs of over 1,400organizations connected to served higher education and research networks • Ability to reach 4,000 EDU organizations • www.ren-isac.net

23. Supply Chain ISAC • Includes over 661 manufacturers & shippers, cargo carriers (air, rail, highway and maritime), consignees, supply chain service suppliers, law enforcement and federal government agencies, which reach almost 1,700 users • Launched in June 2006 with the announcement of its sponsorship by the International Cargo Security Council (ICSC) at the ICSC Annual Conference • www.secure.sc-investigate.net/SC-ISAC

24. Surface Transportation ISAC • Created by the Association of American Railroads in 2002 at the request of the Secretary of Transportation • The ST-ISAC supports 95% of the North American freight railroad infrastructure • www.surfacetransportationisac.org

25. Water ISAC • Currently provides security information to water and wastewater utilities that provide services to more than 65% of the American population • www.waterisac.org

26. National Council of ISACs Began meeting in 2003 to address common concerns and cross-sector interdependencies Volunteer group of ISACs who meet monthly to develop trusted working relationships among sectors on issues of common interest and work on initiatives of value to CI/KR

27. National Council of ISACs-Structure National Council of ISACs: four designated operational representatives from each ISAC sit on the Council. ISAC Plus: all other entities/representatives such as operations centers who participate in information sharing Leadership: Chair: Will Pelgrin-Multi-State ISAC Vice-Chair: William Nelson-Financial Services ISAC Secretary: Denise Anderson-Financial Services ISAC

28. National Council of ISACs Mission The mission of the National Council of Information Sharing and Analysis Centers Council (ISACs) is to advance the physical and cyber security of the critical infrastructures of North America by establishing and maintaining a framework for valuable interaction between and among the ISACs and with governments.

29. Information Sources Communications Daily & Weekly ISAC Calls PCIS ListServ and Trusted Relationships ISAC Ops Centers ISACs & Other Sectors Monthly Meetings National Council of ISACs Best Practice Sharing - Joint Statements -White Papers DHS & Other Government Partners Private Sector Liaison At The NICC CIP Congress ENS Calls And Crisis Calls Briefings Other Sources (Hundreds)

30. National Council of ISACs Activities-Examples Increase involvement of sectors without ISACs Drills/Exercises Such as NLEs, Cyber Storm Private Sector Liaison at the NICC Emergency Classified Briefing Process Cross Sector Information Sharing Framework Implement Real-Time sector Threat Level Reporting Directorate

31. CLICK

33. Case Studies: Recent Incidents • DNS Cache Poisoning • Hurricanes Gustav and Ike • H1N1 • ISAC Example: • RSA Breach • Account Take Over Attacks

34. DNS Cache Poisoning When the DNS Cache Poisoning vulnerability was discovered in July 2008, ISACs alerted each other and shared mitigation strategies: • Sector Call • Information Sharing via ListServ • Information Sharing via trusted relationships • Weekly Inter-ISAC calls • Joint Bulletin published by IT, Communications and FS ISACs

35. Hurricanes Gustav & Ike During Hurricanes Gustav & Ike, the National Council of ISACs stood up (in partnership with DHS and PCIS) a private sector liaison seat at the NICC • Information Sharing via ListServ • Information Sharing via trusted relationships • Weekly Inter-ISAC calls • ENS and Crisis calls • Success Stories

36. Information Shared • List of ATM’s that have been used in the last 24 hours in affected regions along the gulf coast • Missing ACH Files • List of merchants in affected regions that have seen credit/debit card transactions in the last 24 hours, categorized by Fuel, Building Materials, Food and Medicine

37. Lessons Learned Education: reach out to sectors and down to owners/operators-A new way of thinking Compiling common situations/questions for training and future incidents Politics Successes EPA VISA

38. H1N1 The ISACs were and are actively engaged in • Sector Calls with DHS and CDC • Information Sharing via ListServ • Information Sharing via trusted relationships • FS-ISAC Business Resiliency Committee calls • Best practices guidelines

39. RSA Breach March 11, 2011-Breach detected not public • Thursday March 17, 2011 story broke • Threat Intelligence Committee Call • Friday March 18, 2011 • Cyber UCG call • NCI call with DHS • Threat Intelligence Committee Call w/RSA • FS-ISAC Membership Call w/RSA • NCI call • Mitigation Report Working Group Calls • Mitigation Report

40. Five Major Initiatives To Enhance Critical Infrastructure Protection and Resilience NICC Liaison Classified Briefing Initiative Joint Coordination Center Pilot NLE 11 NCCIC & UCG

41. NICC Liaison: Purpose Establish a private sector liaison with a physical presence at the National Infrastructure Coordinating Center (NICC) to serve as a conduit for information between the CI/KR Private Sector and DHS Office of Infrastructure Protection (IP) particularly in instances of incidents of national significance but also during special security events, exercises and drills.

42. NICC Liaison: Activities • Work with IP Partners to validate CIKR information and assessments for all 18 sectors • Support activities relating to RFIs and RFAs • Contribute to reports, as necessary • Help facilitate situational awareness • Facilitate CIKR private sector pull teleconferences as necessary • Staff seat during certain exercises and other situations as appropriate

43. NICC Liaison: Qualifications Sector-designated operational representative Maintain minimum of a secret level clearance Complete 3-Hour Training Program Visit Freedom Center once every 4 weeks Sign an agreement to represent all sectors

44. NICC Liaison Contact Information niccprivatesector@isaccouncil.org 703-563-3430

45. Classified Briefing: Objective The Emergency Private Sector Classified Briefing Program enables Federal intelligence agencies to reach all Private Sector Critical Infrastructure represented by the National Council of ISACs Members, PCIS, and other private sector participating entities to relay classified information on an emergency basis.

46. Classified Briefing: Who • Private Sector representatives from all 18 Sectors • 8 designated representatives per sector • 4 designated operations and 4 designated policy • Minimum clearance level-Secret

47. Classified Briefing: How • Classified Briefing Group on ENS list • Any intelligence agency can trigger notification via NICC • 24-hour notice period

48. Joint Coordination Center-Pilot • National Security Telecommunications Advisory Council-NSTAC • Cross-Sector Cyber Security Collaboration and Analysis • Pilot project initially involving the FS-ISAC; IT-ISAC; Defense Security Information Exchange (DSIE) and Communications ISAC.

49. Joint Coordination Center-Pilot • Private Sector Component • Establish a common operating picture amongst sectors and analysis products to support efforts to detect, prevent, mitigate and respond to cyber security events through a 24x7 Joint Coordination Center • Current Activity

50. NLE 11 • Private Sector Working Group • Ground Truth Documents • Electricity, Water, Surface Transportation, Communications • Sim Cell and Private Sector Liaison Play • Long-Term Recovery Workshops and TTX