doe computer incident advisory capability (ciac) may 7, 2008

Lawrence Livermore National Laboratory

Denise Sumikawa

CIAC Program LeaderLLNL-PRES-403246

Lawrence Livermore National Laboratory, P. O. Box 808, Livermore, CA 94551

This work performed under the auspices of the U.S. Department of Energy by Lawrence Livermore National Laboratory under Contract DE-AC52-07NA27344

DOE Computer Incident Advisory Capability (CIAC)

May 7, 2008

2Lawrence Livermore National Laboratory

CIAC provides cyber security services to 96 DOE and NNSA Laboratories and Field Facilities


CIAC offers a full range of cyber security services to protect DOE

DOE-Wide CIAC Services

Monitor security sites

Network traffic analysis

Security notifications

Security architecture consulting

White-hat assessments

Technology watch

24x7 “on-call” incident response

Response tools & scripts

Malcode analysis

DOE incident reporting

Collaborating with Local Site Security Capabilities and Personnel

Prevention Watch and Warn Response


CIAC culls out actionable information from network traffic data

Data Volume LowHigh

Analysis Query

Results

Analysis Reports

Site and Security

Notifications

~ 250 Million Sessions per

Day


CIAC’s web and application security service helps protect DOE against application layer attacks

Full or Self-serve (sites scan their own) 190 Assessments completed C&A Web Site Testing


DOE FY07 Incident Statistics

Incident TypePercentage

of FY07 total

Malicious Code 32% Phishing attacks increasingly targeted

Loss, Theft, or Missing 24% Laptops, PDAs, removable media

Information Compromise 15% PII in unencrypted email

Compromise (Root & User) 12%

Unauthorized Use 5% Waste, fraud, abuse

Web Defacements 5%

Denial of Service 4%

Other 3%

Critical Infrastructure 0%


CIAC collaborates with DOE, NNSA, Federal, and International cyber security teams

Partnering for a secure DOE


Questions/Comments

doe computer incident advisory capability (ciac) may 7, 2008

Documents