1 / 18

Critical Infrastructure Assurance Office

Protecting America’s Cyberspace: Version 1.0 of the National Plan Jeffrey Hunker National Security Council July 7, 1999. Critical Infrastructure Assurance Office. Cyber Threat Spectrum. We know of foreign governments creating offensive attack capabilities against US Cyber Networks.

menora
Télécharger la présentation

Critical Infrastructure Assurance Office

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Protecting America’s Cyberspace: Version 1.0 of the National Plan Jeffrey Hunker National Security Council July 7, 1999 Critical Infrastructure Assurance Office

  2. Cyber Threat Spectrum • We know of foreign governments creating offensiveattack capabilities against US Cyber Networks Info Warrior Reduce U.S. Decision Space, Strategic Advantage, Chaos, Target Damage National Security Threats National Intelligence Information for Political, Military, Economic Advantage Terrorist Visibility, Publicity, Chaos, Political Change Shared Threats Industrial Espionage Competitive Advantage Intimidation Organized Crime Revenge, Retribution, Financial Gain, Institutional Change Institutional Hacker Monetary Gain Thrill, Challenge, Prestige Local Threats Thrill, Challenge Recreational Hacker

  3. PDD-63: National Goal • Protect Critical Infrastructures • Intentional attacks that would significantly diminish capabilities • Action by Federal, state and local, private sector: • Federal: National security, public health and safety • State and local governments: Maintain order, essential services • Private sector: Essential telecom, energy, financial, transportation services • Initial Operating Capability by 2000 • Final Operating Capability in 2003

  4. Prepare and Prevent Detect and Respond Strong Foundations A Family of Plans National Plan for Information Systems Protection Program Federal Government’s Infrastructure Assurance Plan Framework for Critical Infrastructure Assurance Plan Civilian Agency Protection & Gov’t Wide Initiatives DoD Infrastructure Protection Plan • Private Sector/State & Local Government • Non-DOD USG • DOD Assess and eliminate significant vulnerabilities to information warfare attack on America’s critical information systems in private sector and government Develop systems to assess, warn, isolate, respond and reconstitute essential information dependent components of economy and government Create a strong foundation for secure cyber systems including public-private partnership of systems operators and customers, sound legal footing, widespread public understanding of the importance of information assurance and security, and international cooperation Different Constituencies, Shared Goals

  5. New Initiatives • Supported by President’s FY 2000 Budget Request • $1.4 B • 38% Increase from 1999 • Focus On • Federal Sector a Model • Foundations for Public-Private Partnership

  6. Objective:Prepare and Prevent • Program 1: Identify and Address Vulnerabilities • Key Components for identifying vulnerabilities: • network assessment • network analyzer software programs • Red Team attacks • Best Practices and Standards • New Programs and Focus within Federal Government • Expert Review Team

  7. Objective:Detect and Respond • Program 2: Detect Attacks and Unauthorized Intrusions • Multi-layered protection -- firewalls, intrusion detection monitors, enterprise-wide management systems, malicious code scanners • Program 3: Robust Law Enforcement and Intelligence Capabilities to Protect Critical Information Systems • NIPC taking the lead

  8. Objective:Detect and Respond (cont’d) • Program 4: Share Attack Warnings and Information • Computer Security Centers • DOD: JTF-CND • Non-DOD Federal Government: FIDNET • Industry: Computer Security Centers/ISACs • Three Pillar System of Intrusion and Attack Detection • Program 5: System for Response, Reconstitution, and Recovery

  9. Computer Intrusion Detection Network Network Center Notification 1 Intrusion attempt detected 4 2 Intrusion attempt detected 3

  10. ISAC Creation: Questions 1. One or many ISACs? By Sector? 2. Role limited to warning and real-time networks’ security? 3. Government role in sponsoring, starting? 4. New institution or add function to existing entity? 5. Measures of success?

  11. Objective:Build Strong Foundations • Program 6: Enhance Research and Development • FY 2000 Budget Request: $508 MM • Priorities: • large scale networks of intrusion detection monitors • malicious code detection • interactive multi-layered defenses for enterprise wide management • modeling responses and interdependencies to cyberattack

  12. Objective:Build Strong Foundations (cont’d) • Program 7: Train and Employ Adequate Numbers of Information Security Specialists • Federal scholarship for service program (CyberCorps) • Retraining and certifying current Federal IT security personnel • New pay scale and incentive systems for Federal IT personnel • INFOSECURITY Centers of Excellence in universities • Support for additional university faculty development

  13. CyberCorps Problems: • Lack of computer systems talent nationwide • Inability of US Government to compete for talented computer experts Solution: • “ROTC” like programs in colleges • Stimulate colleges’ comp sci programs • Expands numbers of students in field • Trades undergraduate financial aid for commitment to work for Federal Government upon graduation • Summer schools, internships, Institute

  14. Objective:Build Strong Foundations (cont’d) • Program 8: Outreach to Americans on the Need for Cyber-Security • Partnership for Critical Information Systems Security • Program 9: Adopt Legislation and Appropriations in Support of Programs 1-8 • Program 10: Ensure Full Protection of American Citizen’s Civil Liberties

  15. Partnership for Critical Information Security (draft) National Awareness Campaign Aimed at Corporate and IT Executives Participation in Partnership requires: • Action to protect Critical Information Infrastructure • Promote Education • Support Outreach

  16. Goals With Economic Sectors • Create Information Sharing and Assessment Centers for intrusion monitoring networks • Establish process to agree upon ‘Best Practices’ for computer security in each sector • Develop processes for certification of hardware, software, firmware, computer security personnel • Jointly develop Awareness and Education campaign, perhaps through a new foundation or institute

  17. Summary Evolving Threat Environment - PDD-63 In Response • Federal Initiatives Under Development • R&D • Cybercorps • Intrusion Detection • Reconstitution • Industry Leadership Necessary in Key Areas • Information Sharing • Best Practices/Accreditation • Education/Awareness

  18. Contact Information National Security Council Jeffrey_A._Hunker@nsc.eop.gov Phone: (202) 456-9361 Fax: (202) 456-9360 Critical Infrastructure Assurance Office Please visit our website at: www.ciao.ncr.gov Phone: (703) 595-9395

More Related