Blueprint For A Secure Cyber Future - Homeland Security
TABLE OF CONTENTSMESSAGE FROM THE SECRETARY. iiEXECUTIVE SUMMARY . iiiINTRODUCTION .1SCOPE. 2RELATIONSHIP TO OTHER KEY POLICIES AND STRATEGIES . 3MOTIVATION . 3STRATEGIC ASSUMPTIONS. 4THE FUTURE WE SEEK .5VISION. 5A Cyberspace that is Secure . 5A Cyberspace that is Resilient . 6A Cyberspace that Enables Innovation . 6A Cyberspace that Protects Public Health and Safety . 7A Cyberspace that Advances Economic Interests and National Security . 7GUIDING PRINCIPLES .8PRIVACY AND CIVIL LIBERTIES. 8TRANSPARENT SECURITY PROCESSES . 8SHARED RESPONSIBILITY IN A DISTRIBUTED ENVIRONMENT . 8RISK-BASED, COST EFFECTIVE, AND USABLE SECURITY . 9STRATEGIC CONCEPT . 10FOCUS AREAS .10DEFINING SUCCESS .11Protecting Critical Information Infrastructure .11Strengthening the Cyber Ecosystem .11HOW WE WILL PROTECT CRITICAL INFORMATION INFRASTRUCTURE .12Reduce Exposure to Cyber Risk .13Ensure Priority Response and Recovery .16Maintain Shared Situational Awareness .17Increase Resilience .19HOW WE WILL STRENGTHEN THE CYBER ECOSYSTEM .20Empower Individuals and Organizations to Operate Securely .20Make and Use More Trustworthy Cyber Protocols, Products, Services, Configurations, and Architectures .21Build Collaborative Communities .22Establish Transparent Processes.23MOVING FORWARD. 25APPENDIX A:ROLE OF DHS IN THE BLUEPRINT . A-1APPENDIX B:MAPPING QHSR GOALS AND OBJECTIVES TO THE BLUEPRINT. B-1APPENDIX C:STRATEGY DEVELOPMENT PROCESS .C-1APPENDIX D:GLOSSARY. D-1APPENDIX E:ACRONYM LIST .E-1Blueprint for a Secure Cyber FutureNovember 2011Page i
MESSAGE FROM THE SECRETARYI am pleased to release the Blueprint for a Secure Cyber Future: The CybersecurityStrategy for the Homeland Security Enterprise. This strategy was developed pursuantto the Department of Homeland Security (DHS) Quadrennial HomelandSecurity Review and reflects the importance of cyberspace to oureconomy, security, and way of life.This strategy provides a blueprint for a cyberspace that enables innovationand prosperity, advances our economic interests and national security, andintegrates privacy and civil liberties protections into the Department’scybersecurity activities. The strategy is designed to protect the critical systems and assets that arevital to the United States, and, over time, to foster stronger, more resilient information andcommunication technologies to enable government, business and individuals to be safer online.Cybersecurity is a shared responsibility, and each of us has a role to play. Emerging cyber threatsrequire the engagement of the entire society—from government and law enforcement to theprivate sector and most importantly, members of the public. Today in cyberspace, the Nationfaces a myriad of threats from criminals, including individual hackers and organized criminalgroups, as well as technologically advanced nation-states. Individuals and well-organized groupsexploit technical vulnerabilities to steal American intellectual property, personal information, andfinancial data. The increasing number and sophistication of these incidents has the potential toimpact our economic competitiveness and threaten the public’s ability to access and obtain basicservices. Government, non-governmental and private sector entities, as well as individuals,families, and communities must collaborate on ways to effectively reduce risk.In preparing the strategy, the Department benefited from the constructive engagement ofrepresentatives from state and local governments, industry, academia, non-governmentalorganizations, and many dedicated individuals from across the country. We appreciate thatsupport. DHS also worked closely with federal departments and agencies to refine the strategyand ensure consistency with the President’s 2010 National Security Strategy, the Department ofDefense Strategy for Operating in Cyberspace, and the President’s International Strategy forCyberspace.I want to acknowledge the efforts and commitment of the men and women of DHS and the manythousands of computer scientists, systems engineers, law enforcement personnel, and otherprofessionals across the country who work tirelessly to safeguard and secure cyberspace. On theirbehalf, I am pleased to release this Blueprint for a Secure Cyber Future.Janet NapolitanoBlueprint for a Secure Cyber FutureNovember 2011Page ii
EXECUTIVE SUMMARYThe Blueprint for a Secure Cyber Future builds on the Department of Homeland Security QuadrennialHomeland Security Review Report’s strategic framework by providing a clear path to create asafe, secure, and resilient cyber environment for the homeland security enterprise. With thisguide, stakeholders at all levels of government, the private sector, and our international partnerscan work together to develop the cybersecurity capabilities that are key to our economy, nationalsecurity, and public health and safety. The Blueprint describes two areas of action: Protecting ourCritical Information Infrastructure Today and Building a Stronger Cyber Ecosystem forTomorrow. The Blueprint is designed to protect our most vital systems and assets and, over time,drive fundamental change in the way people and devices work together to secure cyberspace. Theintegration of privacy and civil liberties protections into the Department’s cybersecurity activitiesis fundamental to safeguarding and securing cyberspace.The Blueprint lists four goals for protecting critical information infrastructure: Reduce Exposure to Cyber Risk Ensure Priority Response and Recovery Maintain Shared Situational Awareness Increase ResilienceThese goals are supported by nine objectives. Each objective is dependent on a variety ofcapabilities that, when implemented, will work in tandem to effectively anticipate and respond toa wide range of threats. Some of the cybersecurity capabilities described in the Blueprint are robustand at work today, while others must be expanded. Still others require further research anddevelopment. All necessitate a collaborative and responsive cybersecurity community.The Blueprint also lists four goals for strengthening the cyber ecosystem: Empower Individuals and Organizations to Operate Securely Make and Use More Trustworthy Cyber Protocols, Products, Services, Configurations andArchitectures Build Collaborative Communities Establish Transparent ProcessesThese goals are supported by eleven objectives, and depend on a broad set of capabilities,described in the Strategic Concept section of the Blueprint.Achieving a safe, secure, and resilient cyber environment includes measuring progress in buildingcapabilities and determining whether they are effective in an evolving threat environment.Accordingly, each year’s performance will be compared with that of the previous year. ThisBlueprint for a Secure Cyber FutureNovember 2011Page iii
approach will highlight where progress is being made and will identify gaps and resourcerequirements.Cyberspace underpins almost every facet of American life, and provides critical support for theU.S. economy, civil infrastructure, public safety, and national security. Protecting cyberspacerequires strong vision, leadership, and a broadly distributed effort in which all members of thehomeland security enterprise take responsibility. The Blueprint for a Secure Cyber Future was developedto address this reality.Blueprint for a Secure Cyber FutureNovember 2011Page iv
INTRODUCTIONThe 2010 Quadrennial Homeland Security Review (QHSR) 1 established a strategic framework toguide the activities of the homeland security enterprise toward a common end: a homeland thatis safe, secure, and resilient against terrorism and other hazards. To achieve this vision, the QHSRidentified five core mission areas, and, in doing so, underscored the importance of cybersecurityto the Nation.These missions are the responsibility of theentire homeland security enterprise. IndividualsHomeland Security Mission Areasacross federal, state, local, tribal, and territorial1. Prevent Terrorism and Enhance Securitygovernments, the private sector, and2. Secure and Manage our Bordersnongovernmental organizations are engaged in3. Enforce and Administer our Immigration Lawsexecuting these missions. Beyond organizations4. Safeguard and Secure Cyberspacesuch as the Department of Homeland Security5. Ensure Resilience to Disasters(DHS) that are officially charged with thecybersecurity mission, responsibility beginswith individual computer owners whose machines can be used in malicious attacks, and with theowners and operators of critical infrastructure systems. The roles and responsibilities across thehomeland security enterprise for securing cyberspace reflect its size, diversity, and interdependentnature.The creation of a mission area in the QHSR to safeguard and secure cyberspace builds on thePresident’s National Security Strategy, 2 which: Declares the Nation’s digital infrastructure astrategic national asset; Describes cyber threats as one of the mostserious national security, public safety, andeconomic challenges we face as a Nation;and Requires that protection of digitalinfrastructure be a national securitypriority.The Department of Homeland Security (DHS) has issued this Blueprint for a Secure Cyber Future (theBlueprint) to provide a clear plan of action for the homeland security enterprise to implement theNational Security Strategy and achieve the goals set forth in the QHSR:12http://www.dhs.gov/xlibrary/assets/qhsr files/rss viewer/national security strategy.pdfBlueprint for a Secure Cyber FutureNovember 2011Page 1
To Create a Safe, Secure, and Resilient Cyber Environment, and To Promote Cybersecurity Knowledge and Innovation.The Blueprint has a single unifying concept: Protect Critical Information Infrastructure Today WhileBuilding a Stronger Cyber Ecosystem for Tomorrow. This strategic concept will driveprioritization of resources in order to systematically build the multiple capabilities needed toachieve QHSR Mission 4 goals. Appendix B provides a comprehensive mapping of the QHSRgoals to the Blueprint.ScopeAs set forth in the Homeland Security Act of 2002, 3Homeland Security EnterpriseHomeland Security Presidential Directive (HSPD) 7:Federal, state, local, tribal, territorial,Critical Infrastructure Identification, Prioritization, andnongovernmental, and private-sector entities,as well as individuals, families, andProtection, 4 National Security Presidential Directive5communities who share a common national(NSPD) 54/HSPD-23: Cybersecurity and Monitoring,interest in the safety and security of Americaand Office of Management and Budget (OMB)and the American population. (Quadrennialguidance concerning implementation of the FederalHomeland Security Review Report 2010)Information Security Management Act of 2002(FISMA), 6 DHS has the lead within the FederalGovernment to secure federal civilian executive branch information and communicationsystems, 7 to work with Sector-Specific Agencies and industry to protect privately-owned andoperated critical infrastructure, and to work with State, local, tribal and territorial governments tosecure their information systems. The roles of DHS and other federal departments and agencies inidentifying, prioritizing, and protecting the Nation’s critical infrastructure are described instatutes, Presidential directives, and documents such as the National Infrastructure Protection Plan(NIPP) 8 and the National Response Framework. 9 The Federal Government is, however, only onecomponent of the homeland security enterprise, and successful implementation of this strategyrequires the shared commitment of all stakeholders. In particular, cybersecurity is dependent on astrong two-way partnership between the public and private sector in areas such as informationsharing, innovation, and implementation of best practices and standards.Accordingly, the Blueprint is designed to give tangible and meaningful guidance to those in thehomeland security enterprise who have a role in securing cyberspace and to benefit all who wantto use information and communication technologies safely and securely as they go about theirhttp://www.dhs.gov/xlibrary/assets/hr 5005 enr.pdfhttp://www.dhs.gov/xabout/laws/gc 1214597989952.shtm5 http://www.dhs.gov/xnews/releases/pr 1207684277498.shtm6 assets/memoranda 2010/m10-28.pdf7 Although DHS receives information regarding vulnerabilities and incidents on DOD and other national security systems, theDepartment does not have the lead for securing these systems in the Federal enterprise.8 http://www.dhs.gov/files/programs/editorial 0827.shtm9 rp cyberincidentannex.pdf34Blueprint for a Secure Cyber FutureNovember 2011Page 2
daily activities. Appendix C describes the strategy development process, including stakeholderoutreach.Relationship to Other Key Policies and StrategiesThe Blueprint supports a whole-of-government approach to national security and is informed bycurrent national cybersecurity strategy and policy as outlined in the following key documents: theWhite House Cyberspace Policy Review;10 the President’s International Strategy for Cyberspace; 11the President’s Strategy to Combat Transnational Organized Crime; 12 the Comprehensive NationalCybersecurity Initiative (CNCI); 13 HSPD-7; 14 NSPD 54/HSPD-23; 15 FISMA; 16 the NationalStrategy for Trusted Identities in Cyberspace; 17 and the Department of Defense Strategy forOperating in Cyberspace. 18MotivationAmerica is deeply reliant on cyberspace. It is thevery backbone of modern society. However, thetechnologies that enrich our professional andpersonal lives also empower those who woulddisrupt or destroy our way of life. Safeguardingand securing cyberspace is a homeland securitymission because the potential exists for wide-scaleor high-consequence adverse cyber events, which could cause harm to critical functions andservices across the public and private sectors and impact national security, economic vitality, andpublic health and safety.As malicious actors are using increasingly sophisticated tools, techniques, and procedures, andthe volume and velocity of cyber incidents across the homeland security enterprise continue togrow: Critical infrastructure must protect against and be resilient in the face of advanced andpersistent breaches which could degrade or disrupt the basic services upon which wedepend, and set the stage for more destructive attacks. Government agencies must guard against exploits which may remove or corrupt sensitivedata and interfere with the delivery of essential mission s/Cyberspace Policy Review iles/rss viewer/international strategy for cyberspace.pdf12 ransnational-crime13 ive-national-cybersecurity-initiative14 http://www.dhs.gov/xabout/laws/gc 1214597989952.shtm15 ive-national-cybersecurity-initiative16 .pdf17 http://www.whitehouse.gov/sites/default/files/rss viewer/NSTICstrategy 041511.pdf18 Blueprint for a Secure Cyber FutureNovember 2011Page 3
Large corporations, small businesses, and nonprofit organizations face increasinglysophisticated intrusions targeting their intellectual property and personal informationabout their customers and clients. Consumers are routinely at risk of identity theft to obtain unauthorized access to personalinformation at numerous points on the Internet.Strategic AssumptionsWhile we cannot predict what cyberspace will look like many years from now, the Nation mustseek to understand the forces that are shaping the future of cyberspace in order to lead, influence,and adapt to change. Accordingly, this strategy is based on the following assumptions: The increasing volume and sophistication of cyber exploitation demands heightenedsituational awareness, secure implementation of technology, coordinated incidentresponse, demonstrated resilience in critical functions, and a professionalizedcybersecurity workforce that is dynamically managed. Deepening social, economic, andindustrial dependence on informationand communication technologies createsopportunities for greater productivityand innovation and increases thenumber of users, devices, content, andprocesses to be protected in cyberspace. Rich interconnectivity transcendsgeographic boundaries, necessitatingstrong international collaboration. Therisks posed through cyberspace offer a fundamental shift to the Nation’s potentialvulnerability, one which requires the adaptation of existing security and deterrenceparadigms to a new reality. The aggregation of data in the cloud, combined with distributed, remote management,poses additional security opportunities and challenges. Mobile technology can expose sensitive data and processes to threat actors. Differences in cyber risk and risk tolerance at the individual, organizational, and nationallevels suggest that one-size-fits-all security measures will be less effective than risk-basedsolutions that can be tailored, focus on outcomes and performance, leverage user’s naturalreactions, promote innovation, and are cost-effective. Globalization of the information and communication technology supply chain createsnew opportunities for innovation and competition as well as greater exposure to risk.Blueprint for a Secure Cyber FutureNovember 2011Page 4
THE FUTURE WE SEEKVisionOur vision is a cyberspace that supports secure and resilient infrastructure, that enables innovation and prosperity,and that protects privacy and other civil liberties by design. It is one in which we can use cyberspace withconfidence to advance our economic interests and maintain national security under all conditions.—Quadrennial Homeland Security Review Report 2010The information revolution has transformed nearly every aspect of daily life. A trusted digitalinfrastructure will provide a continued platform for innovation and prosperity and enable us toadvance our economic and national security interests within an environment that upholds ourcore values. In order for future generations to realize the full potential of the informationrevolution, the homeland security enterprise must ensure safety, security, and resilience incyberspace and promote cybersecurity knowledge and innovation. This complex, resourceintensive effort will require substantial research and development, along with ongoingoperational refinement. The Blueprint provides a strong foundation for those efforts.In keeping with the elements of the QHSR vision, the homeland security enterprise is committedto creating:A Cyberspace that is SecureProtecting the United States and its people, vital interests, and ways of lifeIn the future we seek, there will be major advances in securing cyberspace. Sensitive informationwill be protected by improved and innovative defenses. The American public will haveconfidence in their online transactions, andincidents affecting critical informationinfrastructure will be minimized. Individuals andorganizations will be cognizant of threats andwill rapidly adopt security measures that areconsistent with them. Cybersecurity policy,regulation, and law, both domestically andinternationally, will reflect the current cyberenvironment and anticipate future needs.Regulatory agencies will have the tools and staffneeded to ensure that regulated entitiesimplement appropriate security measures. Nation-states will be responsible parties in cyberspaceand deny safe haven to those who would misuse the Internet. When cyberspace is used as anBlueprint for a Secure Cyber FutureNovember 2011Page 5
attack vector or to commit crimes, agencies will have the necessary tools to identify theperpetrators and bring them to justice. Increased prosecutions will raise the costs of attacking orexploiting our information and communication systems. Federal agencies and private sectorentities will have the technical cybersecurity workforce needed to meet their missionresponsibilities.A Cyberspace that is ResilientFostering individual, community, and system robustness, adaptability, and capacity for rapidresponse and recoveryIn the future we seek, network architects will understand current and emerging threats and willdesign information and communication systems to cope with a range of contingencies;modeling, simulation, and exercises will enable the identification and mitigation of cascadingimpacts. Exercises will regularly test response and continuity plans to address the rapid restorationof critical functions and services, and to inform policy and investment decisions. The homelandsecurity enterprise will have robust information sharing mechanisms – relevant knowledge aboutthreats, vulnerabilities, and protective capabilities will be communicated in near real-time amongpeople and devices in both the public and private sector. Critical operations will continue andnetwork architectures will respond to unexpected events with agility.A Cyberspace that Enables InnovationConnecting people, devices, and markets to promote economic growth through collaborativeinnovationIn the future we seek, the American people willhave ubiquitous access to cyber-enabled devices,enabling faster and more synergistic processes tosupport new levels of connectivity amongindividuals, businesses, and markets. Dialogueamong previously isolated communities willcontinue to increase as users adopt novel ways ofaccessing information and services. Newinformation and communication technologies will connect emerging markets with moreprosperous markets, enabling growth in less developed areas as accelerated information transferenables collaboration across diverse communities. Previously standalone devices, such as energymeters and home appliances, will be increasingly interoperable, allowing consumers andbusinesses to benefit from high efficiency. More robust security will reduce consumer risk andenable organizations to offer better service and increased capabilities online. Efforts to securecyberspace will be undertaken in a manner that safeguards free trade and the broader free flow ofinformation, recognizing our global responsibilities, as well as our national needs.Blueprint for a Secure Cyber FutureNovember 2011Page 6
A Cyberspace that Protects Public Health and SafetyEnsuring the Safety of the American PeopleIn the future we seek, industrial and supervisory control systems used to manage operations incritical infrastructure sectors such as Energy, Transportation, Water, Chemical, and CriticalManufacturing, and embedded systems used in medical devices, vehicles, and other industries,will be better protected from sabotage or attacks that could harm the general public. In addition,critical public safety functions, including law enforcement and emergency response services, willcontinue to rely on the availability and integrity of their information and communicationtechnologies.A Cyberspace that Advances Economic Interests and National SecurityEnabling Economic Competitiveness and National DefenseIn the future we seek, a safe, secure, and reliable cyberspace will fuel our domestic economy andthe United States will remain a vibrant economic power. Businesses will have confidence in theconfidentiality, integrity, and availability of their intellectual property and a better understandingof risks. A secure cyberspace will support the orderly functioning of the economy and delivery ofessential services. A healthy cyber ecosystem will also facilitate performance of the otherhomeland security missions: prevention of terrorism; border security; enforcement ofimmigration laws; and resilience to disasters. And finally, through partnership with theDepartment of Defense (DOD), a secure cyberspace will support the United States’ execution ofits critical national defense mission responsibilities.Blueprint for a Secure Cyber FutureNovember 2011Page 7
GUIDING PRINCIPLESThe Blueprint is guided by the values, principles, and way of life we expect as Americans. Theprotection of privacy and civil liberties is fundamental. The Blueprint also reflects theAdministration’s Open Government Initiative, 19 which calls for more transparent, participatory,and collaborative processes. Openness st
Blueprint for a Secure Cyber Future Page iii November 2011 EXECUTIVE SUMMARY The Blueprint for a Secure Cyber Future builds on the Department of Homeland Security Quadrennial Homeland Security Review Report's strategic framework by providing a clear path to create a safe, secure, and resilient cyber environment for the homeland security .
Bruksanvisning för bilstereo . Bruksanvisning for bilstereo . Instrukcja obsługi samochodowego odtwarzacza stereo . Operating Instructions for Car Stereo . 610-104 . SV . Bruksanvisning i original
Cyber Vigilance Cyber Security Cyber Strategy Foreword Next Three fundamental drivers that drive growth and create cyber risks: Managing cyber risk to grow and protect business value The Deloitte CSF is a business-driven, threat-based approach to conducting cyber assessments based on an organization's specific business, threats, and capabilities.
10 tips och tricks för att lyckas med ert sap-projekt 20 SAPSANYTT 2/2015 De flesta projektledare känner säkert till Cobb’s paradox. Martin Cobb verkade som CIO för sekretariatet för Treasury Board of Canada 1995 då han ställde frågan
service i Norge och Finland drivs inom ramen för ett enskilt företag (NRK. 1 och Yleisradio), fin ns det i Sverige tre: Ett för tv (Sveriges Television , SVT ), ett för radio (Sveriges Radio , SR ) och ett för utbildnings program (Sveriges Utbildningsradio, UR, vilket till följd av sin begränsade storlek inte återfinns bland de 25 största
Hotell För hotell anges de tre klasserna A/B, C och D. Det betyder att den "normala" standarden C är acceptabel men att motiven för en högre standard är starka. Ljudklass C motsvarar de tidigare normkraven för hotell, ljudklass A/B motsvarar kraven för moderna hotell med hög standard och ljudklass D kan användas vid
LÄS NOGGRANT FÖLJANDE VILLKOR FÖR APPLE DEVELOPER PROGRAM LICENCE . Apple Developer Program License Agreement Syfte Du vill använda Apple-mjukvara (enligt definitionen nedan) för att utveckla en eller flera Applikationer (enligt definitionen nedan) för Apple-märkta produkter. . Applikationer som utvecklas för iOS-produkter, Apple .
risks for cyber incidents and cyber attacks.” Substantial: “a level which aims to minimise known cyber risks, cyber incidents and cyber attacks carried out by actors with limited skills and resources.” High: “level which aims to minimise the risk of state-of-the-art cyber attacks carried out by actors with significant skills and .
polypeptide, or protein. Chapter 8 – From DNA to Proteins Translation converts mRNA messages into polypeptides. A codon is a sequence of three nucleotides that codes for an amino acid. codon for methionine (Met) codon for leucine (Leu) Chapter 8 – From DNA to Proteins The genetic code matches each codon to its amino acid or function. –three stop codons –one start codon .
