DHS Cyber Security & Resilience Resources - Laurel Ridge Community College

February 2015DHS Cyber Security & Resilience Resources:Cyber Preparedness, Risk Mitigation, & Incident ResponseCyber Security Advisor ProgramOffice of Cybersecurity & CommunicationsNational Protection and Programs DirectorateU.S. Department of Homeland Security

DHS CYBER COORDINATIONAND INCIDENT RESPONSEHomelandSecurityOffice of Cybersecurity and Communications2

A Wide Range of Offerings for Critical Infrastructure National Cybersecurity andCommunications IntegrationCenter (NCCIC)– US-CERT Operations Center Remote and On-Site Assistance Malware Analysis Incident Response Teams– ICS-CERT Operations Center ICS-CERT Malware Lab Cyber Security Evaluation Tool Incident Response Teams– NCATS Cyber Hygiene service Risk and VulnerabilityAssessment US-CERT– National Cyber Awareness System– Vulnerability Notes Database– Security Publications Control Systems Security Program– Cybersecurity Training– Information Products andRecommended Practices Cyber Exercise Program Cyber Security EvaluationsProgram– Cyber Resilience Review– Cyber Infrastructure Survey Tool Cyber Security Advisors Protective Security Advisors3

Critical InfrastructureCyber Community (C3)Website:http://www.uscert.gov/ccubedvpGeneral C3 inquiries:ccubedvp@hq.dhs.govC3 VP 51kx7/ DHS launched the C3 Program in February2014 to complement the launch of the NISTCSF The C³ Voluntary Program helps sectors andorganizations that want to use the CSF byconnecting them to existing cyber riskmanagement capabilities provided by DHS,other U.S. Government organizations, and theprivate sector. The C3 website (http://www.uscert.gov/ccubedvp) describes the variousprograms DHS offers to critical infrastructurepartners, including Federal, State, local, andprivate sector organizations Many of the programs described on thefollowing slides can also be found on thewebsitePresenter’s NameJune 17, 20034

Incident ReportingNCCIC provides real-time threat analysis and incident reportingcapabilities 24x7 contact number: 1-888-282-0870; https://forms.us-cert.gov/report/When to Report:If there is a suspected or confirmed cyber attack or incident that: Affects core government or critical infrastructure functions; Results in the loss of data, system availability; or control of systems; Indicates malicious software is present on critical systemsMalware Submission Process: Please send all submissions to theAdvance Malware Analysis Center(AMAC) at: submit@malware.us-cert.gov Must be provided in password-protectedzip files using password “infected” r’s NameJune 17, 20035

DHS CYBER PREPAREDNESSEVALUATIONSHomelandSecurityOffice of Cybersecurity and Communications6

DHS CYBER SECURITY EVALUATIONS - SUMMARY - 1NameCyber Resilience Review(CRR)Cyber Infrastructure SurveyTool (C-IST)Supply Chain / ExternalDependency Management(EDM) ReviewOnsite Cyber SecurityEvaluation Tool (CSET)AssessmentPurposeIdentify cyber securitymanagement capabilitiesand maturityTo calculate a comparativeanalysis and valuation ofprotective measures in-placeIdentify externaldependencies and the risksassociatedProvides a detailed,effective, and repeatablemethodology for assessingcontrol systems security –while encompassing anorganization’sinfrastructure, policies,and procedures.ScopeCritical Service viewCritical Cyber Service viewOrganization / BusinessUnitIndustrial Control SystemsTime to Execute8 Hours (1 business day)2 ½ to 4 Hours2 to 2 ½ Hours8 Hours (1 Business Day)Information SoughtCapabilities and maturityindicators in 10 securitydomainsProtective measures in-placeThird-party securityrequirements and contractmanagement infoIndustrial control system’score functions,infrastructure, policies,and proceduresPreparationShort, 1-hourquestionnaire plusplanning call(s)Planning call to scopeevaluationPlanning call to scopeevaluationCoordinated via Email.Planning call(s) ifrequested.ParticipantsIT/Security Manager,Continuity Planner, andIncident RespondersIT/Security ManagerIT / Security Manager withContract Managementcontrol systemoperators/engineers, IT,policy/managementpersonnel, and subjectmatter experts.7

DHS CYBER SECURITY EVALUATIONS – SUMMARY 2NameICS-CERT Design ArchitectureReview (DAR)ICS Network ArchitectureVerification and Validation(NAVV)Network Risk and VulnerabilityAssessment (RVA)Cyber Hygiene (CH) EvaluationPurposeSupports the cybersecuritydesign via investigativeanalysis, production, andmaintenance of controlsystems and ICS components.Provides analysis and baselining of ICS communicationflows, based upon a passive(non-intrusive) collection ofTCP Header Data.Perform penetration and deeptechnical analysis of enterpriseIT systems and anorganization’s externalresistance to specific IT risksIdentify public-facing Internetsecurity risks, at a high-level,through service enumerationand vulnerability scanningScopeIndustrial ControlSystems/NetworkArchitectureIndustrial ControlSystems/NetworkArchitecture/Network TrafficOrganization / Business Unit /Network-Based IT ServicePublic-Facing, Network-BasedIT ServiceTime to Execute2 Days (8 Hours Each Day)Variable (Hours to Days)Variable (Days to Weeks)Variable (Hours to Continuous)Information SoughtNetwork design,configurations,interdependencies, and itsapplications.Network traffic header-data tobe analyzed with Sophia Tool.Low-level options andrecommendations forimproving IT network andsystem securityHigh-level network service andvulnerability informationPreparationCoordinated via Email.Planning call(s).Coordinated via Email.Planning call(s).Formal rules of engagementand extensive pre-planningFormal rules of engagementand extensive pre-planningParticipantscontrol system operators/engineers, IT personnel, andICS network, architecture,and topologies SMEscontrol system operators/engineers, IT personnel, andICS network, architecture, andtopologies SMEsIT/Security Manager andNetwork AdministratorsIT/Security Manager andNetwork Administrators8

CRR Self-Assessment Package Released in February 2014 to complement thelaunch of the NIST CSF.The CRR Self-Assessment Kit allows organizations toconduct a review without outside facilitation.Contains the same questions, scoring, and reportingas the facilitated assessment.The kit contains the following resources: Method Description and User Guide Complete CRR Question Set with Guidance Self-Assessment Package (automated toolset) CRR to NIST CSF CrosswalkCRR Self-Assessment Kit website: senter’s NameJune 17, 20039

Cyber Security Evaluation Tool (CSET )R Stand-alone software application Self-assessment using recognized standards Tool for integrating cybersecurity into existingcorporate risk management strategyCSET Download:http:/us-cert.gov/control systems/csetdownload.html10

DHS Cyber Resources – Operations Focused National Cybersecurity and Communications Integration Center (NCCIC) Serves as a national center for reporting and mitigating communications and cybersecurity ecurity-communications-integration-centerProvides: 24x7 real-time threat analysis and incident reporting capabilities, at 1-888-282-0870 Malware Submission Process: Please send all submissions to: submit@malware.us-cert.gov Must be provided in password-protected zip files using password “infected” Web-submission: https://malware.us-cert.gov ICS-CERT Training: http://ics-cert.us-cert.gov/cscalendar.htmlCyber Security Evaluations Program (cse@hq.dhs.gov) Provides no-cost, voluntary cyber security evaluations and assessments, including: Cyber Resilience Review (CRR) One-day, facilitated evaluation focused on critical IT services and the security managementprocess Cyber Security Evaluation Tool (CSET) Stand-alone software application, used as a self-assessment against recognized standards anda tool for creating a baseline of cybersecurity practices Downloadable at: http:/us-cert.gov/control systems/csetdownload.html11

Contact InformationEvaluation Inquiriescse@hq.dhs.govGeneral Inquiriescyberadvisor@hq.dhs.govContact InformationBradford WillkeBradford.Willke@hq.dhs.govSean McCloskeySean.McCloskey@hq.dhs.govProgram Manager,Cyber Security Advisor ProgramActing Branch Chief,Stakeholder Risk Assessment &MitigationDepartment of Homeland SecurityNational Protection and Programs DirectorateOffice of Cybersecurity and Communications

- Cyber Resilience Review - Cyber Infrastructure Survey Tool Cyber Security Advisors Protective Security Advisors 3 . Presenter's Name June 17, 2003 Critical Infrastructure Cyber Community (C3) DHS launched the C3 Program in February 2014 to complement the launch of the NIST . DHS Cyber Resources - Operations Focused .