1 / 18

U.S. Government: Demonstrating Leadership in Cyber-Security

U.S. Government: Demonstrating Leadership in Cyber-Security. March 14, 2000. Cyber-Attack. Economy and National Security dependent upon computer controlled systems One-Third of US Economic Growth 95-98 Security not a design consideration for most critical systems/networks

Mia_John
Download Presentation

U.S. Government: Demonstrating Leadership in Cyber-Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. U.S. Government: Demonstrating Leadership in Cyber-Security March 14, 2000

  2. Cyber-Attack • Economy and National Security dependent upon computer controlled systems • One-Third of US Economic Growth 95-98 • Security not a design consideration for most critical systems/networks • Large number of ‘attacks’, unauthorized intrusions, down-loads, malicious code insertion • Other nations developing offensive cyber-attack capabilities -- aimed at the U.S. • New and Novel Intrusions

  3. PDD-63: Protecting Critical Infrastructures • Action by Federal, state and local, private sector participants • Federal: National Security, public health and safety • State and local governments: Maintain order and essential services • Private Sector: Essential communications, energy, financial, and transportation services • Initial Operating Capability by 2000; Final Operating Capability by 2003 • Established: • National Coordinator -- NSC • National Infrastructure Protection Center (NIPC) • Critical Infrastructure Assurance Office (CIAO)

  4. National Plan Blueprint:Four Key Themes • US Government a Model of Information Security • Building the Public Private Partnership • R&D for Solutions • Law Enforcement and National Security Capabilities

  5. The White House Is Watching(So is Congress) • President • National Plan for Information Systems Protection • Cyber-Summit • Agency Directive • White House • OMB Director Lew Guidance • Chief of Staff Podesta Guidance • Ongoing Chief of Staff Conference Calls • Congress • GSA reports • Many Hearings • Many Bills

  6. FY 2000/ 2001 Budget • FY 2000 - $1.75 B Appropriated • 10% Civilian Agency • FY 2001 - $2.01 B Requested • 25% Civilian Agency • Key Initiatives - $100 M • Institute for Information Infrastructure Protection • Federal Cyber Service • FIDNET • PKI • ISACs • Expert Review Team • R&D - $606 M • FY 2000 Supplemental - $9 M

  7. Future Budgets • OMB/NSC/Interagency Process • 1) Proposals Developed • From Agency Experts • From Interagency Working Groups • 2) Interagency/White House OK • 3) Action by Departments • 4) OMB Review if not part of Departmental Request • New Process • In Use for Other Cross-cutting Issues

  8. National Plan Blueprint:Four Key Themes • US Government a Model of Information Security • Building the Public Private Partnership • R&D for Solutions • Law Enforcement and National Security Capabilities

  9. U.S. Government as Model • Identify and Address Vulnerabilities • Implement Best Practices • Install Defensive Detection Systems • Train and Recruit Security Experts • Fund R&D

  10. One: Identify and Address Vulnerabilities • Vulnerability Assessment vs Threat Analysis • Tension between Cyber and Physical • Interdependencies and Single Points of Failure • New Elements: • Project Matrix • Expert Review Team • Open Source Software • Patch Prioritization • Recommended Practices • PKI

  11. Project MatrixShared Interdependencies • Complete Picture of Asset Dependencies and Interdependencies • Three Steps • Identify PDD-63 Relevant Assets • Capture Major Nodes and Networks which USG Critical Assets Depend • Tie Critical Assets and Supporting Nodes/Networks to Underlying Infrastructures

  12. Two:Implement Best Practices • Convergenceof Three Initiatives • Critical Infrastructure Protection Working Group • Model Information Systems Security Program • CIO Council Strategic Objectives • CIO Council Security, Privacy and Critical Infrastructure Committee Lead • Objective: Into the hands of practitioners soon

  13. Three:Defensive Detection Systems • Invest in Current Best of Breed • Intrusion Detection Monitors/Firewalls • Access/Activity Rules • Enterprise Wide Management Systems • Deploy Next Generation Government-Wide Systems • JTF-CND -- for DOD • FIDNet -- for Civilian Agences • NSIRC -- for national security systems • Drive Technology • Vendor conference 3/15

  14. FIDNet Architecture • System of Systems • Departments run own intrusion detection systems • Link to FIDNet • Information Exchange • Enhances FedCIRC Capabilities • Run by GSA • Base for Additional Capabilities • patch distribution

  15. Four: Train and Recruit Security Experts: • Centers for IT Excellence • Scholarship for Service Program • High School Recruitment and Computer Security Awareness program • Federal Computer Security Awareness Program • IT Occupational Study/Reform

  16. Five:Fund R&D • Institute for Information Infrastructure Protection • National framework: Coordinated Federal and Private Sector efforts • Key Priorities • Indications of anomalous behavior within systems • Large-scale automated correlation of events • Automated alarm analysis

  17. Summary • Federal Government Must be a Model • White House Support for Budget and Resources • Need for Action • Vulnerabilities • Best Practices • FIDNet and Detection Systems • Training and Recruitment • R&D

  18. CHAIR, USG as a Model Working Group Tom Burke General Services Administration (GSA) 202 708 7000 Tom.Burke@GSA.GOV NSC Senior Director for Critical Infrastructure Jeffrey Hunker National Security Council (NSC) 202 456 9351 Jeffrey_A._Hunker@NSC.EOP.GOV CONTACT

More Related