digital kung fu a.k.a. protecting yourself in our digital world

Security Professionals Conference 2015

Deciphering the DHS Alphabet Soup for Higher Ed

Jodi Ito Information Security Officer • University of Hawaiʻi [email protected] • (808) 956-2400


Goal for Today’s Session

• Provide an overview of resources, tools and services available from DHS

CSET

NCCIC

CRR MS-ISAC

NCATS

RVA

C3VP

CH/CyHy

CSA PSA

US-CERT

NCSAM


Department of Homeland Security (DHS)

• United States Citizenship and Immigration Services (USCIS)

• United States Customs and Border Protection (CBP)

• United States Coast Guard (USCG)

• Federal Law Enforcement Training Center (FLETC)

• United States Immigration and Customs Enforcement (ICE)

• Transportation Security Administration (TSA)

• United States Secret Service (USSS)

• Management Directorate

• National Protection and Programs Directorate (NPPD)

• Science and Technology Directorate (S&T)

• Domestic Nuclear Detection Office (DNDO)

• Office of Health Affairs (OHA)

• Office of Intelligence and Analysis (I&A)

• Office of Operations Coordination and Planning

• Office of Policy

http://www.dhs.gov/department-components


DHS Cyber Resources

• Cyber Security Overview

• Information Sharing

• Privacy

• Cyber crime

• Careers, etc.

• http://www.dhs.gov/topic/cybersecurity


NCSAM

• National Cyber Security Awareness Month

• Every October

• http://www.dhs.gov/national-cyber-security-awareness-month


Stop.Think.Connect.TM

• Awareness campaign launched in 2010

• Stop.Think.Connect.™ Campaign

• Launched in 2010

• Designed to help citizens reduce cyber risk online by promoting safe online habits

• Developed by coalition of private companies, non-profits, and government organizations, including DHS, through the Anti-Phishing Working Group Messaging Convention and the National Cyber Security Alliance (NCSA).

• http://dhs.gov/stopthinkconnect


US-CERT

• US Computer Emergency Readiness Team

• www.us-cert.gov

http://www.us-cert.gov




US-CERT Services

• Alerts: https://www.us-cert.gov/ncas

• TA15-105A : Simda Botnet

• Resources: https://www.us-cert.gov/security-publications

• Malware Analysis:

• https://malware.us-cert.gov/MalwareSubmission/pages/submission.jsf

https://www.us-cert.gov/ncas



https://www.us-cert.gov/security-publications






US-CERT Reporting


C3VP (Critical infrastructure Cyber Community Voluntary Program)

• https://www.us-cert.gov/ccubedvp

• Maps NIST Cybersecurity Framework to existing cyber risk management capabilities

• CRR: Cyber Resilience Review

• Self Assessment

• https://www.us-cert.gov/sites/default/files/c3vp/csc-crr-method-description-and-user-guide.pdf


CSET & more

• Cyber Security Evaluation Tool

• Evaluates automated industrial control or business systems

• Self-contained tool; run on desktop or laptop

• Provides prioritized list of recommendations

• https://ics-cert.us-cert.gov/Downloading-and-Installing-CSET

• US-CERT for Academia:

• https://www.us-cert.gov/ccubedvp/getting-started-academia

https://ics-cert.us-cert.gov/Downloading-and-Installing-CSET












MS-ISAC

• Multi-State Information Sharing Analysis Center

• Cyber threat prevention, protection, response and recovery

• State, local, tribal, territories (state institutions)

• Resources: links to free training, videos, cyber security guides, webcasts, etc.

• 24x7 Security Operations Center (SOC) services for members


DHS People

• PSA: Protective Security Advisor – National Protection and Programs Directorate,

Office of Infrastructure Protection

– Planning, coordinating, and conducting security surveys and assessments

• CSA: Cyber Security Advisor – Office of Cybersecurity & Communications

– Principal field liaisons

– primary goal is to assist in the protection of cyber components essential within the nation‘s critical infrastructure and key resources (CIKR)


NCCIC: National Cybersecurity & Communications Integration Center

• Works with critical infrastructure owners and operators to reduce risk;

• Collaborates with state and local governments through the Multi-State Information Sharing and Analysis Center (MS-ISAC);

• Cooperates with international partners to share information and respond to incidents;

• Coordinates national response to significant cyber incidents in accordance with the National Cyber Incident Response Plan (NCIRP);


NCCIC Mission: continued

• Analyze data to develop and share actionable mitigation recommendations

• Create and maintain shared situational awareness among its partners and constituents;

• Orchestrate national protection, prevention, mitigation, and recovery activities associated with significant cyber and communication incidents;

• Disseminate cyber threat and vulnerability analysis information;


NCCIC Capabilities & Resources

• US-CERT

• ICS-CERT

• MS-ISAC

• NCC

• NCATS

• Texas A&M Engineering Extension Service (TEEX): – https://teex.org/Pages/Program.aspx?catID=607&courseTitle=C

ybersecurity

• Exercise Planning

https://teex.org/Pages/Program.aspx?catID=607&courseTitle=Cybersecurity





NCATS

• National Cybersecurity Assessments & Technical Services – Full-Scope Red Team/Penetration Testing

– Services are tailored to fit agency requirements

– Risk and Vulnerability Assessments (RVA) (signup now! already scheduling into 2016)

– Cyber Hygiene (CH)

– Independent (third party) review; results of assessment

– will not be shared or disseminated

– Services provided at “No-Cost” to agencies


POC for NCATS Services

[email protected]


CH / CyHy

• Cyber Hygiene – Remote assessment which broadly analyzes

Internet accessible systems for known vulnerabilities and configuration errors on a frequently recurring basis.

– Network Mapping

– Network Vulnerability Scanning

– Configuration Scanning

– Recurring assessment

– Reports on vulnerability and configuration errors


RVA

• Risk and Vulnerability Assessments - Remote and On-Site

- Vulnerability Scanning and Testing

- Penetration Testing

- Social Engineering (Phishing)

- Wireless Discovery & Identification

- Web Application Scanning & Testing

- Database Scanning

- Operating System Scanning for compliance checks


UH RVA EXPERIENCE


NICCS

• National Initiative For Cybersecurity Careers and Studies

• Workforce Development Initiative

• Encourage students to pursue cyber security as an education AND career pathway

• http://niccs.us-cert.gov/education/education-home


A Few More…

• CISCP: Cyber Information Sharing & Collaboration Program – Indicator Bulletins

– Analysis Bulletins

– Alert Bulletins

– Recommended Practices

• Sign CRADA to participate (or join REN-ISAC)

• CRADA: Cooperative Research And Development Agreement

• Email: [email protected]


Last ones!

• TAXIITM: Trusted Automated eXchange of Indicator Information

• STIXTM: Structured Threat Information eXpression

• CybOXTM: Cyber Observable eXpression

• A framework to automate and structure operational cybersecurity information sharing techniques across the globe

• www.us-cert.gov/TAXII


DHS Point Of Contacts

• Sean McAfee

[email protected]

• Distribution List:

[email protected]


Jodi Ito • UH Information Security Officer

[email protected] • (808) 956-2400

digital kung fu a.k.a. protecting yourself in our digital world

Documents