as-1 anderson - role of isacs in critical infrastructure
TRANSCRIPT
The Role of ISACs in Protecting Critical Infrastructure
Denise AndersonChair – National Council of ISACs
Agenda
• What is Critical Infrastructure?
• Public/Private Partnership Framework
• What is an ISAC?
• Descriptions of the various ISACs and capabilities/reach
• Case Studies
• What is the National Council of ISACs?
• National Council of ISACs Activities and Initiatives
• Four Major Initiatives
What is Critical Infrastructure?
• Systems & assets, whether physical or virtual, so vital that the incapacity or destruction of such may have a debilitating impact on the security, economy, public health or safety, environment, or any combination of these matters across any Federal, State, Regional, Territorial or local jurisdiction
• 18 Defined Sectors:
Critical Infrastructure
Agriculture and Food
Defense Industrial Base
Energy
Healthcare & Public Health
Banking & Finance
Water
Chemical
Commercial Facilities
Critical Manufacturing
Dams
Communications
Postal & Shipping
Transportation Systems
Government Facilities
Emergency Services
Nuclear Reactors, Materials &
Waste
Information Technology
National Monuments & Icons
What is Critical Infrastructure?
• Sub-Sectors:
Energy: refining, storage and distribution of gas, oil
and electric power
Transportation: Aviation, Highway & Motor Carrier,
Mass Transit, Railroad, Maritime
Public/Private Partnership Framework
• PDD 63
• HSPD-7
• National Infrastructure
Protection Plan (NIPP)
The Players
• LE• DHS
• Public• PrivateSCC/PCIS
ISACs
O/O
Academia/Industry
Associations
Liaisons
GCC/SSAs
Sector Specialists
SLTTGCC
RCCC
USSS
FBI
State/Local
IP NICC/NOC
NCSD-NCCIC
SOPD-PSAs
NIPP - Operations
What is an ISAC?
•Relationship to sectors
•Funding
•Structure/Operations
Why ISACs?
� Trusted entities established by CI/KR owners and operators.
� Comprehensive sector analysis
� Reach-within their sectors, with other sectors, and with government to share critical information.
� All-hazards approach
� Threat level determination for sector
Why ISACs?
� Operational services such as risk mitigation, incident response, and information sharing
� Fast response on accurate, actionable and relevant information
� Empower business resiliency through security planning, disaster response and recovery execution. Most ISACs, by definition, have 24/7 threat warning, incident reporting capabilities
ISACs• Communications ISAC
• Electricity ISAC
• Emergency Management & Response ISAC
• Financial Services ISAC
• Highway ISAC
• Information Technology ISAC
• Maritime ISAC
• Multi-State ISAC
ISACs• National Health ISAC
• Public Transit ISAC
• Real Estate ISAC
• Research and Education ISAC
• Supply Chain ISAC
• Surface Transportation ISAC
• Water ISAC
Other Operational Entities
• Defense Industrial Base (DIB)
• Nuclear
• Oil & Gas
• Chemical
• Airline
Communications ISAC
• The DHS National Coordinating Center partners with
the private sector in the ISAC and provides 24x7
operational support
• Members include communications equipment and
software vendors, wire line communications
providers, wireless communications providers,
including satellite providers, Internet Service
Provider backbone networks
• www.ncs.gov/ncc
Electricity ISAC
• The ES-ISAC’s coverage includes bulk power system
entities and 18 Reliability Coordinators and covers
the entire continental United States and Canada
• Working on developing the necessary
communication and participation with non-bulk
power system entities and their critical suppliers
• www.esisac.com
Financial Services ISAC
• The only industry forum for collaboration on critical
security threats facing the financial services sector
• Over 4,200 direct members and 30 member
associations
• Ability to reach 99% of the banks and credit
unions and 85% of the securities industry, and
nearly 50% of the insurance industry
• www.fsisac.com
Information Technology ISAC
• Reaches 90% of all desktop operating systems,
85% of all databases; 76% of the global
microprocessor market; 85% of all routers and
65% of software security
• www.it-isac.org
Multi-State ISAC
• Includes all 50 States, the District of Columbia,
five U.S. Territories, one local governments per
state and all state homeland security offices
• The MS-ISAC continues to broaden its local
government participation to include all of the
approximate 39,000 municipalities and fusion
centers
• www.msisac.org
Surface Transportation ISAC
• Created by the Association of American Railroads
in 2002 at the request of the Secretary of
Transportation
• The ST-ISAC supports 95% of the North American
freight railroad infrastructure
• www.surfacetransportationisac.org
Water ISAC
• Currently provides security information to water
and wastewater utilities that provide services to
more than 65% of the American population
• www.waterisac.org
ISAC EXAMPLE: FS-ISAC Information
Sharing and Analysis Tools for Members
• Cyber & Physical alerts
from 24/7 Security Ops
Center
• Viewpoints/white papers
• Risk Mitigation Toolkit
• Document Repository
• Anonymous Submissions
• Community Listservs
• Member surveys
• Bi-weekly Threat calls
• Special info sharing
member conference calls
• Crisis Management
process– CINS
• Semi-annual conferences
• Webinars
• Regional Program
• Task Forces - ATOTF
Classification Target Audience
FS-ISAC Red
Restricted to a defined group (e.g., only those present in a meeting.)
Information labeled RED should not be shared with anyone outside of the
group
FS-ISAC Yellow This information may be shared with FS-ISAC members.
FS-ISAC Green
Information within this category may be shared with FS-ISAC members and
partners (e.g., DHS, Treasury and other government agencies and ISACs).
Information in this category is not to be shared in public forums
FS-ISAC WhiteThis information may be shared freely and is subject to standard copyright
rules
Information Sharing Protocols
Case Studies: Sample Incidents
– Cyber Trends
– RSA Breach
– Hurricanes Gustav and Ike
– H1N1
Cyber Trends
• 2011 – Year of the Data Breach
• 2012 – Year of the DDoS
• Phishing: UPS, DHL, Fedex, Airlines
• Targeted Drive-by Downloads
• Resurgence of exploit kits – Blackhole/Phoenix
• Resurgence of Trojans – Poison Ivy, Cridex, Zeus
March 11, 2011-Breach detected not public
– Thursday March 17, 2011 story broke• Threat Intelligence Committee Call
– Friday March 18, 2011• Cyber UCG call
• NCI call with DHS
• Threat Intelligence Committee Call w/RSA
• FS-ISAC Membership Call w/RSA
• NCI call
– Mitigation powerpoint and communications
– Mitigation Report Working Group Calls & Report
CASE STUDY: RSA Breach
Hurricanes Gustav & Ike
During Hurricanes Gustav & Ike, the ISAC Council stood up (in partnership with DHS and PCIS) a private sector liaison seat at the NICC
– Information Sharing via ListServ
– Information Sharing via trusted relationships
– Weekly Inter-ISAC calls
– ENS and Crisis calls
– Success Stories
H1N1
The ISACs were and are actively engaged in
– Sector Calls with DHS and CDC
– Information Sharing via ListServ
– Information Sharing via trusted relationships
– FS-ISAC Business Resiliency Committee calls
– Best practices guidelines
National Council of ISACs
� Began meeting in 2003 to address common concerns and cross-sector interdependencies
� Volunteer group of ISACs who meet monthly to develop trusted working relationships among sectors on issues of common interest and work on initiatives of value to CI/KR
National
Council of
ISACs
Information Sources Communications
Best Practice
Sharing - Joint
Statements -
White Papers
Monthly
Meetings
Daily &
Weekly ISAC
Calls
Briefings
ENS Calls And
Crisis Calls
ListServ and
Trusted
RelationshipsISAC Ops
Centers
ISACs &
Other Sectors
DHS & Other
Government
Partners
Private Sector
Liaison At The NICC
Other Sources
(Hundreds)
PCIS
NCCIC
Liaisons
National Council of ISACs Activities-
Examples
1. Increase involvement of sectors without ISACs
2. Drills/Exercises Such as NLEs, Cyber Storm, RCES
3. Information Sharing During Meetings
4. Implement Real-Time sector Threat Level
Reporting
� Directorate
Four Major Initiatives To Enhance Critical Infrastructure Protection and Resilience
1. NICC Liaison
2. Cross Sector Information Sharing Framework
3. Advanced Threat Task Force
4. NCCIC
NICC Liaison Contact Information
703-563-3430
• Private Sector Component
• Establish a common operating picture amongst
sectors and analysis products to support efforts to
detect, prevent, mitigate and respond to cyber
security events through a 24x7 Joint Coordination
Center
• Current Activity
Joint Coordination Center-
Pilot
What Is The NCCIC?
•National Cybersecurity and
Communications Integration Center
•DHS-led Unified Operations Watch
& Warning Center
•Operates 24 hours/day, 7
days/week, 365 days a year.
•Classification Level-Top
Secret/Sensitive Compartmented
Information (TS/SCI)
Who Is The NCCIC?DHS Office of
Cybersecurity and
Communications (CS&C)
US CERT
NCCICS-
CERT
DHS
I&A
NCSC
Liaisons
UCG
NCCIC
Who Is Currently At The
‘Table’?DHS Office of
Cybersecurity and
Communications (CS&C)
Comms
ISAC
IT-ISAC FS-ISAC
MS-ISAC
ES-
ISAC
NCCIC
The UCG
•Unified Command Group-composed of private and
public sector representatives
•UCG-Staff and UCG Seniors
•UCG Staff meet on a regular basis. Both meet as
needed during an incident
•Advise Assistant Secretary of CS&C on cybersecurity
matters, provide subject matter expertise and response
as necessary during an incident that requires national
coordination.
Cyber Incident Response
Cyber Incident Manager
Private
Sector
Federal
Government State/Local
Government
International
NGOs/Others
NCCIC
UCG StaffUCG Seniors
Cyber UCG
Incident Management
Team
www.natlisacs.org
CONTACT
www.fsisac.com