Downloaded 28 times
Uploaded byDawn Yankeelov
DHS Cybersecurity Services for Building Cyber Resilience
The Cybersecurity and Infrastructure Security Agency (CISA) aims to enhance the security and resilience of America's critical infrastructure through a collaborative national effort. The agency provides various cybersecurity services, including assessments, incident response, and training to promote best practices and mitigate risks. Key programs include the Cybersecurity Advisor Program and the National Cybersecurity and Communications Integration Center, which offer support and resources to both public and private sectors.
More Related Content
Similar to DHS Cybersecurity Services for Building Cyber Resilience
DHS Cybersecurity Services for Building Cyber Resilience
- 1. C I SA | C Y B E R S E C U R I T Y A N D I N F R A S T R U C T U R E S E C U R I T Y A G E N C Y Cybersecurity Services For Building Cyber Resilience Tara brewer Cybersecurity Analyst Cybersecurity Advisor Program Cybersecurity and Infrastructure Security Agency 6/14/2019
- 2. 2 • Cybersecurity andInfrastructure Security Agency (CISA) mission: • Lead the collaborative national effort to strengthen the security and resilience of America’s critical infrastructure • CISA vision: • A Nation with secure, resilient, and reliable critical infrastructure upon which the American way of life can thrive CISA Mission and Vision
- 3.
- 4. 4 CISA mission: Leadthe collaborative national effort to strengthen the security and resilience of America’s critical infrastructure In support of that mission: Cybersecurity Advisors (CSAs): • Assess: Evaluate critical infrastructure cyber risk. • Promote: Encourage best practices and risk mitigation strategies. • Build: Initiate, develop capacity, and support cyber communities-of- interest and working groups. • Educate: Inform and raise awareness. • Listen: Collect stakeholder requirements. • Coordinate: Bring together incident support and lessons learned. Cybersecurity Advisor Program
- 5.
- 6. 6 CSA Deployed Personnel CSA’sOffice Region X Region III Region IV Region VII Region VIII Deron McElroy Los Angeles, CA Western U.S. Supervisory CSA Rich Richard New York, NY George Reeves Houston, TX Ron Watters Seattle, WA Sean McCloskey Washington, D.C. Metro Eastern U.S. Supervisory CSA Harley Rinerson Denver, CO Central U.S. Supervisory CSA Tony Enriquez Chicago, IL Ron Ford Boston, MA Franco Cappa Philadelphia, PA Region VI – Houston District Jennine Gilbeau San Francisco, CA Rick Gardner Salt Lake City, UT Region IX Region V Region I Region II Region IV Region VI Geoffrey Jenista Kansas City, MO Joseph Henry St. Louis, MO Ben Gilbert Richmond, VA Klint Walker Atlanta, GA Chad Adams Dallas, TX Mike Lettman Phoenix, AZ Giovanni Williams Honolulu, HI
- 7. 7 National Cybersecurity andCommunications Integration Center (NCCIC): Working with and for you • Operations • Cyber Threat Hunting and Incident Response Teams • National Cyber Assessments and Technical Services (NCATS) • Risk and Vulnerability Assessments (RVAs) • Phishing Campaign Assessments (PCA) • Vulnerability Scanning • Validated Architecture Design Review (VADR) • Cyber Security Evaluation Tool (CSET™) • Cyber Threat Detection and Analysis • Cyber Exercises • Malware Analysis • National Cyber Awareness System • Publications and Communications National Cybersecurity and Communications Integration Center
- 8. 8 Sampling of CybersecurityOfferings • Response Assistance • Remote / On-Site Assistance • Malware Analysis • Hunt and Incident Response Teams • Incident Coordination • Cybersecurity Advisors • Assessments • Working group collaboration • Best Practices private-public • Incident assistance coordination • Protective Security Advisors • Assessments • Incident liaisons between government and private sector • Support for National Special Security Events • Preparedness Activities • Information / Threat Indicator Sharing • Cybersecurity Training and Awareness • Cyber Exercises and “Playbooks” • National Cyber Awareness System • Vulnerability Notes Database • Information Products and Recommended Practices • Cybersecurity Evaluations • Cyber Resilience Reviews (CRR™) • Cyber Infrastructure Surveys • Phishing Campaign Assessment • Vulnerability Scanning • Risk and Vulnerability Assessments (aka “Pen” Tests) • External Dependency Management Reviews • Cyber Security Evaluation Tool (CSET™) • Validated Architecture Design Review (VADR)
- 9.
- 10. 10 • Purpose: Evaluateoperational resilience and cybersecurity practices of critical services. • Delivery: Either • CSA-facilitated, or • Self-administered • Benefits include: Helps public and private sector partners understand and measure cybersecurity capabilities as they relate to operational resilience and cyber risk Cyber Resilience Review CRR Question Set & Guidance
- 11. 11 Critical Service Focus Organizationsuse assets (people, information, technology, and facilities) to provide operational services and accomplish missions. FOUO
- 12. 12 Cyber Resilience ReviewDomains Asset Management Know your assets being protected & their requirements, e.g., CIA Risk Management Know and address your biggest risks that considers cost and your risk tolerances Configuration and Change Management Manage asset configurations and changes Service Continuity Management Ensure workable plans are in place to manage disruptions Controls Management Manage and monitor controls to ensure they are meeting your objectives Situational Awareness Discover and analyze information related to immediate operational stability and security External Dependencies Management Know your most important external entities and manage the risks posed to essential services Training and Awareness Ensure your people are trained on and aware of cybersecurity risks and practices Incident Management Be able to detect and respond to incidents Vulnerability Management Know your vulnerabilities and manage those that pose the most risk For more information: http://www.us-cert.gov/ccubedvp
- 13. 13 Process Institutionalization Practices are performed SeeNotes Processes are defined, measured, and governed CRR maturity indicator levels (MILs) are to measure process institutionalization: Practices are incomplete Higher MIL degrees translate to more stable processes that: • Produce consistent results over time • Are retained during times of stress MIL 0-Incomplete MIL 1-Performed MIL 2-Planned MIL 3-Managed MIL 4-Measured MIL 5-Defined
- 14. Contact Information Tara Brewer CybersecurityAdvisor Program, DC U.S. Department of Homeland Security Tara.brewer@hq.dhs.gov Mobile: (202) 875-3489 Klint Walker Cybersecurity Advisor, Region IV Cybersecurity and Infrastructure Security Agency klint.walker@hq.dhs.gov Office: (404) 895-1127 NCCIC NCCICcustomerservice@hq.dhs.gov or (888) 282-0870 FBI Cyber Watch (CyWatch) CyWatch@fbi.gov or (855) 292-3937
Editor's Notes
- #2 Change Presenter’s Name and Date in Slide Master view.
- #3 We are one agency with one mission and one vision. This is the mission and vision for every division, branch, and office within CISA. The purpose of every program, service, and tool CISA offers is to support this mission and vision.
- #5 As I said, we at CISA have one mission: to lead the collaborative national effort to strengthen the security and resilience of America’s critical infrastructure. We do so by providing direct coordination, outreach, and regional support and assistance to protect cyber components essential to the Nation’s critical infrastructure. The purpose of CISA’s Cybersecurity Advisor program is to promote and further cybersecurity preparedness, risk mitigation, and incident response capabilities of public and private sector owners and operators of critical infrastructure, and state, local, tribal, and territorial (SLTT) governments, through stakeholder partnerships and direct assistance activities which we undertake with you at no cost to you. All our services, programs, and tools we offer to you are strictly voluntary – you do not have to use any of them – and ALL are free – there is no charge to you whatsoever for any service and tool we offer. Specifically, to promote the security and resilience of critical infrastructure we: Undertake risk-based cybersecurity assessments -- such as the Cyber Resilience Review (CRR), Cyber Infrastructure Survey (CIS), and the External Dependency Management (EDM) assessment, which are all free to the critical infrastructure owner and operator, whether SLTT or private sector; Promote use of best practices such as the NIST Cybersecurity Framework, which is designed as a foundation upon which industry and government can better manage and reduce their cyber risk; Build and strengthen private-public cybersecurity partnerships through information exchanges, and cyber protective visits; Educate by raising awareness of various cybersecurity services offered by CISA and other federal and local government programs through cyber resilience workshops, keynotes, panel discussions, and program briefs; Listen to stakeholder requirements and needs through various working groups, tabletop exercises, and other technical exchanges; and Coordinate direct assistance and resourcing support conducted in times of cyber threats, disruptions, and attacks.
- #6 CISA focuses on critical infrastructure – and CSAs work with critical infrastructure and owners and operators across the 16 sectors. Our assistance (as described later) is designed to support and enhance the security of infrastructure entities. And, as CSAs are in the field and SLTT governments often cut across infrastructure sectors and are an important constituency, CSAs directly assist SLTT governments as well as the private sector.
- #7 I mentioned we are in the field – well, here we are. We support 56 U.S. states, territories, and the District of Columbia. We are known as “a very small cybersecurity field force with immense reach-back and scalability.’ NEED UPDATED STATs re BELOW Currently 11 with 12th on the way. Hiring an additional 11 more soon. (Jobs closes Jan 21 for Portland, SF, Phoenix, Baton Rouge, St Louis, Salt Lake City, Buffalo, Minneapolis, Richmond, Tampa, Nashville.
- #8 CISA’s National Cybersecurity and Communications Integration Center, or “NCCIC” for short, is our – and yours – 24/7 cyber situational awareness, incident response, and cyber risk management center. NCCIC is the national nexus of cyber and communications information. It seeks to reduce the likelihood and severity of incidents and vulnerabilities significantly compromising the security and resilience of the Nation’s critical infrastructure, information technology, and communications networks in both the public and private sectors. I refer to it as our, meaning CISA / DHS, and “yours” because NCCIC works with all the infrastructure sectors and all levels of government in the United States and with international partners in government and private sector on behalf of the country. .
- #9 Speaker notes needed by a CSA. Original slide notes: ALT Slide- general narrative on this one is “Left of “BOOM”, right of “BOOM”, where boom= incident.
- #11 The goal of the Cyber Resilience Review, or CRR, is to understand an organization’s operational resilience and ability to manage cyber risk to its critical services during normal operations and times of operational stress and crisis. The CRR is based on the CERT Resilience Management Model [http://www.cert.org/resilience/rmm.html], a process improvement model developed by Carnegie Mellon University’s Software Engineering Institute for managing operational resilience. The Review is a no-cost method to assess cybersecurity postures and measure your standing against the NIST Cybersecurity Framework One foundational principle of the CRR is the idea that an organization deploys its assets (people, information, technology, and facilities) to support specific operational missions (i.e., critical services). Applying this principle, the CRR seeks to understand an organization’s capacities and capabilities in performing, planning, managing, measuring, and defining cybersecurity practices and behaviors in various areas.
- #12 Assets Services and business processes “fueled” by assets. Four asset types are viewed as components of services: People – to operate and monitor the service Information to feed the process and to be produced by the service Technology – to automate and support the service Facilities – in which to perform the service One of the primary focuses of resilience management is identifying the critical dependencies or “interconnectedness” between high-value services and their related assets People – employees, contractors, technologists, auditors, consultants etc. Information – data, documents, procedures, intellectual property, personally identifiable information, electronic health records etc. Technology – servers, networks, routers, switches, firewalls, mobile devices etc. Facilities – buildings, data centers, operations centers, power plants, hospitals etc. Disruptions to Assets can disrupt operations, which can impact a critical service, disrupting the organization’s mission. We focus on those critical services so we can understand, protect and sustain the assets that support them.
- #13 Speaker notes needed from a CSA. Highlighted in red question: Do you want to keep “CIA” listed?
- #14 Speaker notes needed from a CSA.