Ics Isac   Overview V0.1pub
Upcoming SlideShare
Loading in...5
×

Like this? Share it with your network

Share

Ics Isac Overview V0.1pub

  • 377 views
Uploaded on

Overview of the Industrial Control System Information Sharing and Analysis Center

Overview of the Industrial Control System Information Sharing and Analysis Center

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
377
On Slideshare
377
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
0
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide
  • Regardless of the detail within the global knowledge sharing network, at the highest level it follows a standard architecture that is reflected in this diagram. The three major components – Facility Capabilities, Aggregation, and Knowledge Centers – arrange in different topologies depending on specific conditions at the smaller scale, but follow the same pattern.Facility Baseline Requirements:===================Facilities must have a basic capability to produce information and/or utilize knowledge to participate in the global knowledge network.Aggregation:======== - One-to-One connectivity between all asset owners and individual knowledge centers is topologically complex and operationally difficult for all parties. - Many facilities do not and will not have the capability to manage security on their cyber infrastructure, and will require outsourced operations. - Aggregation of asset-owner information can be performed by public or private Managed Security Service Provider (MSSP) offerings or other means.The Knowledge Sharing Triad:==================Public Knowledge Centers:--------------------------------- - Public knowledge centers perform diligence for government responsibility for infrastructure security. (i.e. ICS-CERT) - Public centers exist at international, national, state, regional, county and municipal levels in the US governmental model, for example. - Public knowledge centers generally have access to information Private centers may not. - Public knowledge centers generally have legal restrictions regarding dissemination of knowledge Private centers may not.Private Knowledge Centers:---------------------------------- - Private knowledge centers perform diligence for private organizations’ responsibility for infrastructure security. (i.e. WCX) - Private knowledge centers exist as for-profit and non-profit entities. (i.e. NESCO TAC [non-profit], McAfee GTI [for-profit]) - Private knowledge centers can be dedicated operations or a unit within other private entities. (i.e. Red Sky Alliance [dedicated], IBM Xforce [unit])Public/Private knowledge centers:------------------------------------------ - “Public/Private”: public-sector centers where the private sector comes to share knowledge (i.e. ICSJWG). - Public/Private knowledge centers provide forums for public sector to engage in knowledge sharing with the private sector. - “Private/Public”: private-sector centers where the public sector comes to share knowledge (i.e. ICS-ISAC). - Private/Public knowledge centers provide forums for private sector to engage in knowledge sharing with the public sector.
  • The ISACs (Information Sharing and Analysis Centers) were initiated by Presidential Decision Direct NSC-63 (PDD-63) in 1998 by President Bill Clinton. In 2003 at the direction of President George H Bush, the Department of Homeland Security issued Homeland Security Presidential Directive 7 (HSPD-7). HSPD-7 expands on the charter of PDD-63 to more clearly define the function of the ISACs as centers of Public/Private information sharing.A matrix of vertical and horizontal ISACs has developed over this period. Vertical ISACs provide sector-specific information sharing and analysis nodes. Horizontal ISACs act to either bring all sectors together for regional or national purposes, or as mechanisms to collect and transport commonalities between sectors. The Multi-State ISAC and National Council of ISACs are examples of horizontal ISACs which bundle sectors, the IT ISAC and Supply Chain ISAC are examples of horizontal ISACs that transport cross-sector knowledge among vertical ISACs and other parties.As all sectors are impacted by security considerations of Information Technology and Supply Chain topics, all are also impacted by Industrial Control System security risks. The ICS-ISAC was established to act as a horizontal information sharing and analysis center focused on: identifying ICS security commonalities between sectors as well as sector-specific ICS security risks; ensuring high-fidelity, low-latency and effectively-targeted ICS security information sharing across sectors; and to support national indications and warnings architectures.
  • Regardless of the detail within the global knowledge sharing network, at the highest level it follows a standard architecture that is reflected in this diagram. The three major components – Facility Capabilities, Aggregation, and Knowledge Centers – arrange in different topologies depending on specific conditions at the smaller scale, but follow the same pattern.Facility Baseline Requirements:===================Facilities must have a basic capability to produce information and/or utilize knowledge to participate in the global knowledge network.Aggregation:======== - One-to-One connectivity between all asset owners and individual knowledge centers is topologically complex and operationally difficult for all parties. - Many facilities do not and will not have the capability to manage security on their cyber infrastructure, and will require outsourced operations. - Aggregation of asset-owner information can be performed by public or private Managed Security Service Provider (MSSP) offerings or other means.The Knowledge Sharing Triad:==================Public Knowledge Centers:--------------------------------- - Public knowledge centers perform diligence for government responsibility for infrastructure security. (i.e. ICS-CERT) - Public centers exist at international, national, state, regional, county and municipal levels in the US governmental model, for example. - Public knowledge centers generally have access to information Private centers may not. - Public knowledge centers generally have legal restrictions regarding dissemination of knowledge Private centers may not.Private Knowledge Centers:---------------------------------- - Private knowledge centers perform diligence for private organizations’ responsibility for infrastructure security. (i.e. WCX) - Private knowledge centers exist as for-profit and non-profit entities. (i.e. NESCO TAC [non-profit], McAfee GTI [for-profit]) - Private knowledge centers can be dedicated operations or a unit within other private entities. (i.e. Red Sky Alliance [dedicated], IBM Xforce [unit])Public/Private knowledge centers:------------------------------------------ - “Public/Private”: public-sector centers where the private sector comes to share knowledge (i.e. ICSJWG). - Public/Private knowledge centers provide forums for public sector to engage in knowledge sharing with the private sector. - “Private/Public”: private-sector centers where the public sector comes to share knowledge (i.e. ICS-ISAC). - Private/Public knowledge centers provide forums for private sector to engage in knowledge sharing with the public sector.
  • The ICS-ISAC is architected as a secure cloud environment. Each member is assigned a virtual machine inside the ICS-ISAC cloud within which they are able to control knowledge exchange with other members and knowledge centers.
  • At the regional level the architecture is as shown here. - A consistent set of capabilities and functions will be instantiated at state Security Operations Centers. - The state SOCs will ensure consistent visibility into and communication with all state assets. - The state SOC will share filtered information and knowledge bi-directionally with other: public/private; private; and state, federal and international public information sharing centers. - Some critical assets will establish relationships directly with the state SOC. - County, tribal and other regional public information sharing centers will share filtered information and knowledge bi-directionally with the state SOC. - County, tribal and other regional public information sharing centers will share filtered information and knowledge bi-directionally with Municipal and othe sub-regional information sharing centers. - Municipal and other sub-regional public information sharing centers will share filtered information and knowledge bi-directionally with regional centers. - Municipal and other sub-regional public information sharing centers will receive filtered information from and share knowledge with asset owners.
  • At the state level the architecture is as shown here. - The state SOCs will ensure consistent visibility into and communication with all state assets. - The state SOC will share filtered information and knowledge bi-directionally with other: public/private; private; and state, federal and international public information sharing centers. - Some critical assets will establish relationships directly with the state SOC. - County, tribal and other regional public information sharing centers will share filtered information and knowledge bi-directionally with the state SOC. - County, tribal and other regional public information sharing centers will share filtered information and knowledge bi-directionally with Municipal and othe sub-regional information sharing centers. - Municipal and other sub-regional public information sharing centers will share filtered information and knowledge bi-directionally with regional centers. - Municipal and other sub-regional public information sharing centers will receive filtered information from and share knowledge with asset owners. - Asset owners within the state may communicate with the state information sharing network with a direct connection to the state SOC, through regional or sub-regional public information sharing centers, and/or through other means.

Transcript

  • 1. ICS-ISAC Private/Public ICS Security Knowledge SharingCopyright ICS Cybersecurity, Inc. 2012, Confidential, not for distribution
  • 2. ICS-ISACPublic/Private information sharing and analysis center to capture andtransport ICS security information across sectors. The ISAC structure ismandated by Homeland Security Presidential Directive 7 (HSPD-7). Copyright ICS Cybersecurity, Inc. 2012, Confidential, not for distribution
  • 3. ICS-ISAC• Cross-ISAC Integration Vehicle – Capture commonalities and sector-specific attributes• Vendor-Customer Communications – Standardized communication format• Global Integration Center – Develop global ICS security knowledge – Aggregate public & private knowledge centers Copyright ICS Cybersecurity, Inc. 2012, Confidential, not for distribution
  • 4. Overview• Leadership – Chris Blask, Chair – Brad Blask, Executive Director – Sean Paul McGurk, Senior Policy Advisor – Gib Sorebo, Senior Technology Advisor• Membership – Vendors – Services Providers – Asset Owners – Knowledge Centers Copyright ICS Cybersecurity, Inc. 2012, Confidential, not for distribution
  • 5. Public Knowledge ICS-ISAC in the Global Knowledge Network Centers Private Knowledge Centers Legend Filtered or Raw Data Private/Public Knowledge Filtered Data Centers Knowledge AggregationICS-ISAC Copyright ICS Cybersecurity, Inc. 2012, Confidential, not for distribution
  • 6. Public/Private Information Sharing Matrix: ISACs ICS-ISAC IT-ISAC MS-ISAC SC-ISAC NC-ISAC Copyright ICS Cybersecurity, Inc. 2012, Confidential, not for distribution
  • 7. Knowledge Flow ISACs NCCIC Vendors ICS-ISAC Service Private Providers Knowledge SharingCopyright ICS Cybersecurity, Inc. 2012, Confidential, not for distribution
  • 8. Real Time Knowledge Sharing Capgemini Maritime Yokogawa ISAC CPNI US ICS-ISAC LIGHTS Yokogawa Japan JP-CERTCopyright ICS Cybersecurity, Inc. 2012, Confidential, not for distribution
  • 9. ICS-ISAC ArchitectureCopyright ICS Cybersecurity, Inc. 2012, Confidential, not for distribution
  • 10. Value to Vendors• Single Consistent Communications Channel – Advisory distribution and experience collection – Reduced cost and increased effectiveness• Private-Sector Voice in Public-Sector – De facto private sector partner to government – Negotiating center for private/public knowledge sharing standards Copyright ICS Cybersecurity, Inc. 2012, Confidential, not for distribution
  • 11. Value to Asset Owners• Single Consistent Feed – Threats, Vulnerabilities and Best Practices – Vendor notifications – Private/Public, Private & Public Knowledge Centers• All-Hazards Visibility – Cross-sector for all critical functions • i.e. power, water, supply chain, transportation…• Global knowledge sharing network – Access to local, national and International resources Copyright ICS Cybersecurity, Inc. 2012, Confidential, not for distribution
  • 12. Value to Knowledge Sharing Centers• Single Interface to Global Knowledge Sharing Network – Propagate knowledge feed worldwide – Real-time access to all ICS security knowledge sources• Collaboration Platform – Produce joint content with other knowledge centers• Interoperability Platform – Private sector forum for negotiation of knowledge interchange standards• Public Sector Portal – Stand-off from public knowledge centers – Private sector voice to negotiate knowledge sharing with public sector Copyright ICS Cybersecurity, Inc. 2012, Confidential, not for distribution
  • 13. Global Knowledge NetworkICS Cybersecurity focuses on the enablement of critical infrastructureknowledge sharing architectures for Municipal, Regional, National and Globalapplications. Copyright ICS Cybersecurity, Inc. 2012, Confidential, not for distribution
  • 14. PublicKnowledge Knowledge Sharing ModelCenters Private Knowledge Centers Legend Filtered or Raw DataPublic/PrivateKnowledge KnowledgeCenters Aggregation Copyright ICS Cybersecurity, Inc. 2012, Confidential, not for distribution
  • 15. International Regional Model Information Sharing Public/Private Federal Knowledge District Regional Security Operations CentersMunicipal - tightly monitor critical assets - coordinate county and municipal State Province Territory Region Copyright ICS Cybersecurity, Inc. 2012, Confidential, not for distribution
  • 16. State ModelFederal ProcessCERT ISAC StateOther SectorSharing ISAC District Municipality Municipality Copyright ICS Cybersecurity, Inc. 2012, Confidential, not for distribution
  • 17. Thank You Brad Blask Executive Director brad@ics-isac.orgCopyright ICS Cybersecurity, Inc. 2012, Confidential, not for distribution