1 / 24

Critical Infrastructure Assurance:

Critical Infrastructure Assurance:. The US Experience. Overview. Critical Infrastructure Protection (CIP) History National Security Telecommunications Advisory Committee (NSTAC) National Infrastructure Advisory Council (NIAC) Partnership for Critical Infrastructure Security

amaris
Télécharger la présentation

Critical Infrastructure Assurance:

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Critical Infrastructure Assurance: The US Experience

  2. Overview • Critical Infrastructure Protection (CIP) History • National Security Telecommunications Advisory Committee (NSTAC) • National Infrastructure Advisory Council (NIAC) • Partnership for Critical Infrastructure Security • Relationships in transition • Accomplishments • Information Sharing & Analysis Centers • CIP Sector Lead Agencies • Historical Roles • Transitions to Dept. of Homeland Security • CIP Challenges

  3. Critical Infrastructures Transportation Government Services Electric Power PDD-63 CriticalInfrastructures Telecommunications Emergency Services Water Oil & Gas Banking & Finance

  4. Critical Infrastructures Agriculture Food Key National Assets* Added Critical Infrastructures Postal and Shipping Defense Industrial Base Chemical Industry and Hazardous Materials Public Health

  5. National Security Interest Infrastructures… • are critical to safety, security, our way of life • depend on commercial networks • are interdependent • are largely owned and operated by private companies • cannot entirely depend on the Federal government for defense against cyber attacks Government needs industry in a true public-private partnership

  6. The Business Case • Businesses dependent on the Internet for survival • Vulnerabilities threaten economic survivability/competitiveness • Interdependency • Supply chain • Partners • Customers • Infrastructure industries • Companies are on the front lines of defense • Industry needs government in true public-private partnership

  7. Critical Infrastructure Assurance “Efforts to promote and assure reliable provision of critical infrastructure services in the face of emerging risks to economic and national security” Partnership for Critical Infrastructure Security

  8. 1982 National Coordination Center for Telecommunications / National Security Telecommunications Advisory Committee 1997 President’s Commission on Critical Infrastructure Protection 1998 Presidential Decision Directive 63 Critical Infrastructure Assurance Office (CIAO) National Infrastructure Protection Center (NIPC) Office of National Coordinator 1999 Partnership for Critical Infrastructure Security; Financial Services Information Sharing and Analysis Center (ISAC) 2000 Telecom ISAC 2001 IT-ISAC; Worldwide-ISAC; ES-ISAC; Special Advisor to the President for Cyberspace Security 2002 Surface Transportation ISAC; Energy ISAC; more 2003 Department of Homeland Security History

  9. National Security Telecommunications Advisory Committee (NSTAC) • Provides industry-based advice and expertise to the President on issues and problems related to implementing national security and emergency preparedness (NS/EP) communications policy • Information Sharing • Education, Training, & Awareness • Network Convergence • R&D Exchange • Information Assurance • Infrastructure Protection • Cyber Security & Crime • Network Security • Widespread Telecommunications Service Outages • Intrusion Detection • National Coordinating Mechanism • Telecommunications Legislation and Regulation • Telecom ISAC

  10. National Infrastructure Advisory Council (NIAC) • Enhance public and private partnership in protecting information systems for critical infrastructures • Propose and develop ways to encourage private industry to perform periodic risk assessments • Monitor development of private sector ISAC’s (Information Sharing and Analysis Centers) • Foster improved cooperation among ISAC’s • Advise the President through the Secretary of Homeland Security as well as lead agencies with critical infrastructure responsibilities, sector coordinators, and the ISACs

  11. Cross-sector Collaboration Partnership for Critical Infrastructure Security (PCIS) http://www.pcis.org • Participation by leaders from government, industry & academia • Coordinates cross-sector initiatives and compliments public-private efforts • Board of Directors majority alwayscritical infrastructure “sector coordinators”

  12. PCIS Mission Coordinate cross-sector initiatives and complementpublic-private efforts to promote and assure reliable provision of critical infrastructure services in the face of emerging risks to economic and national security.

  13. President of the United States Federal Departments and Agencies Advisory Committees FBI PCIS CIAO NIPC State and Local Governments LawEnforcement Critical Infrastructure Industry Sectors Pre-DHS PCIS Relationships

  14. Key PCIS Accomplishments • Brought together critical infrastructure sector leaders • Identified public policy needs • Three white papers • Congress drafted new legislation after attending PCIS meeting • Coordinated industry input to National Strategy to Secure Cyberspace • Developed cross-sector information sharing taxonomy • Published Critical Infrastructure Protection awareness resource repository • Stay Safe Online campaign

  15. National Strategy to Secure Cyberspace • Five National Priorities • National Cyberspace Response System • National Cyberspace Threat and Vulnerability Reduction Program • National Cyberspace Awareness & Education • Securing Government Cyber Systems • Public-private partnership • Primarily market-based approach • Multi-level risk assessments • National Security and International Cooperation

  16. Stay Safe Online Campaign www.staysafeonline.info • Security education for homes, small businesses • “Top Ten” tips, Tech Talks, security guides, links • 105 companies; 15 Federal agencies • 6+ million page views since Feb 7 rollout (2 million per month) • National Cyber Security Alliance (NCSA)—educational foundation of PCIS Poster contest winners meet Tom Ridge in West Wing Apr 18, 2002

  17. PCIS Current Priorities • Cross-sector information exchange • Outreach to new sectors • Risk Assessment Guidebook • Effective Practices Compendium • Digital control systems security R&D

  18. Vital part of Critical Infrastructure Protection (CIP) Gather, analyze, and disseminate information on security threats,vulnerabilities, incidents, countermeasures, and best practices Early and trusted advance notification of member threats and attacks Organized by industry: cross-sector awareness, outreach, response and recovery Information Sharing and Analysis Centers (ISACs)

  19. The ISACs (Cont.) • ISAC Benefits: • Early notification • Relevant information • Industry-wide vigilance • Subject matter expertise • Anonymous information sharing • Trending, metrics, benchmark data

  20. CIP Relationship Transitions

  21. U.S. CIP Effort: Sector Lead Agencies • CommerceInformation and Communications • Treasury Banking and Finance • EPA Water Supply • Transportation Aviation Highways (including trucking and intelligent transportation systems) Mass Transit Pipelines Rail Waterborne Commerce • Justice/FBI Emergency Law Enforcement Services • FEMA Emergency Fire Service Continuity of Government Service • HHS Lab Services Public Health Services, including Prevention, Surveillance and Personal Health Services • Energy Electric Power Oil and Gas Production and Storage ------------------------------------------------------------------------------ CIAO Critical Infrastructure Assurance Office NIPC National Infrastructure Protection Center

  22. New Sector Lead Agencies • DHS Information & Communications Transportation (aviation, rail, mass transit, waterborne commerce, pipelines, and highways (incl. Trucking & intelligent transportation systems) Postal and Shipping Emergency Services Continuity of Government • Treasury Banking and Finance • HHS Public Health Food (all except for meat and poultry) • Energy Electric power, oil & gas production and storage • EPA Water Chemical Industry and Hazardous Materials • USDA Agriculture Food (meat and poultry) • DOD Defense Industrial Base

  23. Critical Infrastructure Protection Challenges • Government in transition/turmoil • New sectors • Physical and cyber strategies to merge • War on terrorism • Balancing budgets/priorities

  24. www.pcis.org 24 24 24

More Related