executive leadership - industry outreach · 2019-05-16 · 16 october 31, 2016 — fs-isac...
TRANSCRIPT
FFIEC
Executive Leadership of Cybersecurity:
Threat Intelligence and Getting the Most Out of Your FS-ISAC Membership
External Use: General Public 1
FFIEC External Use: General Public 2
• Logistics: – Call-in number: 888-625-5230
– Conference code: 7184 6724#
– https://www.webcaster4.com/Webcast/Page/583/17540
• How we’ll take questions: – Use the Ask Question button in the webinar
• Webinar: – You can choose to listen to the audio
through your PC speakers or dial in through the phone option. Please note: If you experience problems with the PC audio at any time, you can dial in using the number and code above.
– Use the Materials button to access a pdf version of the presentation.
FFIEC
Use of these materials by participants, including video and audio recording of this presentation, is strictly prohibited except by written permission of the FFIEC or its members1. The views expressed in this presentation are individual views, intended for informational purposes, and are not formal opinions of, nor binding on, the FFIEC or its members. 1Board of Governors of the Federal Reserve System, Consumer Financial Protection Bureau, Federal Deposit Insurance Corporation, Office of the Comptroller of the Currency, National Credit Union Administration, and State Liaison Committee.
External Use: General Public 3
FFIEC
Chair of the FFIEC’s Task Force on Supervision
- Grace E. Dailey
4
How to Get the Most of FS-ISAC Membership
John Carlson, Chief of Staff, FS-ISAC
FFIEC Webinar
October 31, 2016
5
6 October 31, 2016 — FS-ISAC Confidential. © 2016 FS-ISAC 6
A nonprofit private sector initiative formed in 1999
Designed/developed/owned by financial services industry
Sharing information globally (members in 36 countries w/ a user base in 72
countries)
Members: about 7,000 financial institutions
• 5,000+ Commercial Banks (over 80% of total banks and 90% of assets)
• Major Credit Card Companies
• 90+ Registered Broker Dealers; 50+ Asset Managers
• 500+ Credit Unions
• 100+ Insurance Companies
• 42 Bank Associations
• Financial Associations
MISSION: Share Timely, Relevant, Actionable Cyber
and Physical Security Information & Analysis
October 31, 2016 — FS-ISAC Confidential 7
Information Sharing in the Spotlight
The Cybersecurity Information Sharing Act (CISA) is now law.
• The Cybersecurity Information Sharing Act
(CISA) was enacted on December 18, 2015.
• It encourages the public and private sector
to share voluntarily cybersecurity threat
information.
• Private sector incentives for sharing
covered information:
• Exemption from antitrust laws;
• Liability protection; and
• Exemption from disclosure under the Freedom
of Information Act (FOIA) for information shared
with the federal government.
October 31, 2016 — FS-ISAC Confidential 8
• Institutionalizes Federal cyber incident response and coordination efforts in the event of a “significant cyber incident”
• Defines significant cyber incident as event(s) “likely to result in demonstrable harm to the national security interests, foreign
relations, or economy of the U.S. or to the public confidence, civil liberties, or public health and safety of the American
people”
Five principles to guide the Federal government during a cyber incident response
Presidential Policy Directive – 41 U.S. Cyber Incident Coordination
Shared responsibility Risk-based response Respecting affected
entities Unity of effort
Enabling restoration and recovery
Federal response activities in three lines and lead agency for each
Threat response
Lead: DOJ acting through the FBI and the National Cyber Investigative Joint
Task Force
Asset response
Lead: DHS acting through the National Cybersecurity & Communication Center
in coordination with relevant SSA
Intelligence support
Lead: Office of the Director of National Intelligence acting through the Cyber Threat Intelligence Integration Center
Three-tier coordination architecture for handling a significant cyber incident
National Policy Level
Institutionalizes Cyber Response Group to coordinate development and implementation of policy and
strategy
National Operational Level
Directs agencies to activate enhanced internal coordination
procedures and to create a Unified Coordination Group
Field Level
Directs lead agencies for each line of effort to coordinate interaction with each other and the affected
entity
October 31, 2016 — FS-ISAC Confidential 9
FS-ISAC Intelligence Flow
Information Sources Member Communications
FS-ISAC 24/7
Security Operations
Center
• CERTs
• FS Regulators
• Other Intel Agencies
• Law Enforcement
• Cross Sector (other
ISACS)
• Open Sources
(Hundreds)
• iSIGHT Partners Info Sec
• Secunia Vulnerabilities
• Wapack Labs Malware
Forensics
• NC4 Phy Sec Incidents
• MSA Phy Sec Analysis
• Cyber-Threats
• Disaster Response
• Incident Response
• Business Continuity
• Fraud Investigations
• Information Security
• Payments/ Risk
• Physical Security
Alerts
Member Communications
October 31, 2016 — FS-ISAC Confidential 10
Expanding Range of Services
» Information Sharing
» Analysis
» Threat Monitoring & Crisis Escalation
» Exercises
» Support for regional coalitions
» Automation/“Soltra”
» Conferences/Education/Training
» Best Practices/Advisories
» Global Growth
» Support for other Sectors
» Platform for collaboration w/ other sectors and gov agencies
» Communications
10
October 31, 2016 — FS-ISAC Confidential 11
The Need for Info Sharing is Increasing
Exploding
Threat
Indicator
“Noise”
Growing
Regulatory
Pressures
Rising
Breach
Costs
Increasing
Attack
Volume,
Complexity
Challenges Addressed by Information Sharing
October 31, 2016 — FS-ISAC Confidential 12
Better Understand Threats & Adversaries
Hacktivists
• “Anonymous”
response to
WikiLeaks donation
stoppage
• DDoS attacks
• Website defacement
Nation State • Motivations:
espionage, disruption, or destruction
• Targeting Government + private sector
• Attempt to gain economic advantage
Cyber Crime
• Bad actors are
typically concentrated
in a few geographic
areas but utilize a
global hacking
infrastructure
• A complete
service
based
economy
supporting
activities
• Attacks, often
blended threats,
a mix of social
engineering and
technical attack
October 31, 2016 — FS-ISAC Confidential 13
Circles of Trust
• Clearing House and Exchange Forum (CHEF)
• Payments Risk Council (PRC)
• Payments Processor Information Sharing Council (PPISC)
• Business Resilience Committee (BRC)
• Threat Intelligence Committee (TIC)
• Community Institution Council (CIC)
• NEW Credit Union Council (CUC)
• Insurance Risk Council (IRC)
• Compliance and Audit Council (CAC)
• European Threat & Strategy Committee (ETSC)
• Singapore Threat Intelligence Group (STIG)
• Cyber Intelligence Mail List
• Securities Industry Risk Group (SIRG)
• Asset Managers, Alternative Investors, Broker Dealers
• APAC Threat & Strategy Committee (ATSC)
FS-ISAC
CYBER INTEL ETSC
STIG
BRC
CIC
CUC
CAC TIC
PPISC
CHEF
SIRG
IRC
PRC
TLP Green
October 31, 2016 — FS-ISAC Confidential 14
Councils, Exercises, and Working Groups
FS-ISAC Business
Continuity Compliance
Fraud
Payments
Info
Security
Physical
Security
Public
Affairs Securities
Cyber-Attack Against
Payment Systems
Business Resiliency
Council
Cyber Intelligence
Tradecraft Training
Community Institution
Council
Compliance Audit
Council
Data Analytics Working
Group
Media Response Team
Payment Risk Council
Security Automation
Working Group
Security Industry Risk
Group
October 31, 2016 — FS-ISAC Confidential 15
Portal Information
Member Services
FS-ISAC Portal Overview Recording
FS-ISAC Membership Guide September
2016
FS-ISAC Point of Contact Responsibilities
Guide
New Member Orientation Recording for Basic
Core Standard
New Member Orientation Recording for
Premier Gold Platinum
FS-ISAC Webinar - Aid to Processing Shared
Information
Understanding FS-ISAC Alerts and Emails
Community Institution Council
Documents Change Management
Cyber Security
Fraud – Loss Prevention
IT Strategic Plan
Incident Response Documents
Risk Summary Reports
Security Policies
FFIEC CAT FSSCC ACAT
FFIEC CAT(Japanese)
All-Hazards Crisis
Response Playbook
October 31, 2016 — FS-ISAC Confidential 16
Community Institution Growth
• Community Institutions in the US are
defined as banks and credit unions under
$20 billion in assets
• This subset of the financial industry makes
up FS-ISAC’s largest and most active
council (the Community Institutions Council)
• Within the CIC, Community Institutions
make up 85% of the membership and
Credit Unions make up 15%
October 31, 2016 — FS-ISAC Confidential 17
Community Institution Council
Top Member Discussion Topics
1. What types of information technology and security solutions are
you using?
2. Requests for policy, programs and processes to address
regulatory guidance, internal audit and employee compliance.
3. Fraud and cyber exploits and emerging trends
4. Requests for information (Operational, vendor solution)
October 31, 2016 — FS-ISAC Confidential 18
Benefits of Being an FS-ISAC Member
FS-ISAC’s value proposition includes:
Access to services and solutions that support cyber security
initiatives, increasing member shares through loss avoidance;
enhance security reducing the risk of cyber-incidents, and
subsequent financial loss impacting members
Proven practices which align to regulatory requirements while
increasing the maturity of your cyber, vendor management,
information and physical security programs
Access to free educational training programs, which increase
security awareness
Networking and access to trusted community
October 31, 2016 — FS-ISAC Confidential 19
FS-ISAC Alert Types
ANC:
Announcement
CYT:
Cyber
Threat
CYI: Cyber
Incidents
COI:
Collective
Intelligence
CYV: Cyber
Vulnerability PHT: Physical
Threats
PHI: Physical
Incidents
October 31, 2016 — FS-ISAC Confidential 20
Processing FS-ISAC Information
FS-ISAC strives to provide relevant and actionable threat and
vulnerability information to thousands of member organizations
worldwide.
Determining which information is of value to your organization is
for you to decide. We want to make sure you get the exact
information you need, when you need it.
Streamline Your Threat Intelligence Feeds
action simplified
Timely
Actionable
Trusted
Intelligence
October 31, 2016 — FS-ISAC Confidential 21
Alert Types
At a minimum, we recommend selecting and reading the
following alert types daily:
If all you received were alerts in these categories, you would
only get approximately 10 emails per day. If you belong to a
listserver such as the CIC, you have the ability to create filters
to review other alerts and emails at a time you determine best
based on your workload or to delegate them to other personnel
within your institution.
FS-ISAC Alert Types
ANC:
Announcements
CYT:
Cyber Threat
CYI:
Cyber Incidents
COI: Collective
Intelligence
CYV: Cyber
Vulnerability PHT:
Physical Threats
PHI: Physical
Incidents
• Cyber Incidents: CYI
• Collective Intelligence: COI
• Cyber Threats: CYT
• Announcements: ANC
October 31, 2016 — FS-ISAC Confidential 22
Processing FS-ISAC Information
Log into your Portal Account
and follow steps 1-5 to
enable alerts.
You have the ability to select
a variety of topics based on
your role and needs.
You have the ability to
deselect alerts in your portal
account by reversing the
above process.
Select alert types by clicking
in the appropriate box.
The FS-ISAC
and RE-ISAC
reports provide
a daily recap of
current events.
October 31, 2016 — FS-ISAC Confidential 23
Criticality and Choice Based Roles
Alert Type Compliance Business
Continuity
Fraud
Payments Info Security
Physical
Security
CYI: Cyber Incidents
CYT: Cyber Threat
PHI: Physical Incidents
PHT: Physical Threats
CYV: Cyber Vuln
COI: Collective
Intelligence
ANC: Announcements
CIS: CISCP Reports
High Medium Low
October 31, 2016 — FS-ISAC Confidential 24
Executive Summaries by Type
Executive Brief Risk Summary Report
Board of Directors
Executive Mgmt.
Compliance Mgmt.
Bank Security Mgmt.
Business Resiliency Mgmt.
Info Security Mgmt.
Info Technology Mgmt.
High Medium Low
October 31, 2016 — FS-ISAC Confidential 25
When Receiving Alerts, Remember
Understand the Alert Types
Understanding Criticality & Priority
Choice Based Roles
In order to take full advantage of the Portal
Alerts and Email Mail Lists while maximizing
your daily productivity, consider establishing
rules within your email client.
Member Questions: Contact Member Services,
[email protected], 877.612.2622, prompt 1.
1
2
3
ANC:
Announcement
CYT:
Cyber
Threat
CYI: Cyber
Incidents
COI:
Collective
Intelligence
CYV: Cyber
Vulnerability PHT: Physical
Threats
PHI: Physical
Incidents
October 31, 2016 — FS-ISAC Confidential 26
Creating Filters
1. Highlight an email from the CIC list.
2. Select Home-->Rules-->Create Rule
3. Under "When I get email with all of the
selected conditions," check the box next
to "From CIC".
4. Under "Do the following", select "Move
the item to folder."
5. Click "Select folder..."
6. Under "Choose a folder:", either select an
existing folder, or select "New" to create
a new folder.
7. If desired, select "Run this rule now..." to
move existing messages.
8. Select OK to save the rule.
October 31, 2016 — FS-ISAC Confidential 27
Ransomware Roadshow
Objective:
» Increase awareness of the risk of Ransomware and potential mitigations
Features:
» Included 14 cities across the US in August – October 2016
» Reached more than 2,000 attendees
» Developed and produced cooperatively with three ISACs, Federal Bureau of Investigations, and United States Secret Service
» Included audience participation in exercises
» Introduced the concept of ISACs to the public
October 31, 2016 — FS-ISAC Confidential 28
Sharing in Action: Monthly Executive Summary
• FS-ISAC publishes a monthly brief
for CEOs and other senior
executives.
• Labeled TLP Green – information
can be shared with employees and
trusted partners.
• Communicates the latest threat
landscape and trends using non-
technical language.
• Promotes a proactive approach to
cyber security.
October 31, 2016 — FS-ISAC Confidential 29
The AHCR Playbook
serves as the financial
sector’s guide on how to
escalate, coordinate and
communicate information
and actions pertaining to
disruptive cyber and
physical threats & events
that could impact
operations or safety.
All-Hazards Crisis Response Playbook
(AHCRP) FS-ISAC 2016 REVISION
October 31, 2016 — FS-ISAC Confidential 30
AHCR Exercise Program
Phase 1
Phase 2
Phase 3
Phase 4
Phase 5
Business Impact
& Risk Analysis
Identify Strategic
BCP Alternatives
Design/Develop the
Bus. Continuity Plan
The Business
Contingency Plan
Design Business
Continuity Program
Establish and Achieve Short
- Long Term Objectives
Establish and Achieve
Governance - Compliance
Incident Response
Business Continuity
October 31, 2016 — FS-ISAC Confidential 31
Looking Ahead
• Expand membership (US and globally)
• Expand services: • Credit Union Council
• Add additional capabilities for secure storage and retrieval of critical customer account data by establishing common technical and operating standards
• Support for Critical Infrastructure FIs
• Conferences, Education and Training
• Increase response readiness and capabilities
• Support for others sectors (e.g., retail, real estate, oil and natural gas, law firms
• Cyber risks are not abating…..
• Physical threats (e.g., hurricanes, mass shootings, acts of terror)
• Financial regulators intensifying focus on cyber
• Increasing government involvement – US Federal Reserve System’s payments modernization initiative,
Executive Orders resulting in NIST Cybersecurity Framework, increased government and private sector information sharing)
October 31, 2016 — FS-ISAC Confidential 32
FS-ISAC Membership Levels & Fees
Basic Core Standard Premier Gold Platinum
Financial Institutions, Insurance Companies , Publicly Held Securities / Brokerage Firms
Assets:
$1B - $10B
Assets:
$1B - $10B
Assets:
$10B - $20B
Assets:
$20B - $100B
Assets:
$100B - $250B
Assets:
> $250B
Processors, Utilities and
Privately Held Stand Alone
Securities Firms*
Revenue:
< $100M
Revenue:
< $100M
Revenue:
$100M - $1B
Revenue:
$1B - $2.5B
Revenue:
$2.5B - $5B
Revenue:
> $5B
Annual Membership Fees
USD $250 USD $850 USD $5,000 USD $10,000 USD $24,950 USD $49,950
Join online: https://www.fsisac.com/join
877-612-2622, prompt 3
October 31, 2016 — FS-ISAC Confidential 33
Contact
John Carlson,
Chief of Staff
571.446.3892
New members:
If currently a member and want a
refresh on our services:
October 31, 2016 — FS-ISAC Confidential 34
FS-ISAC Team
Member Services CIC
BRC
Marketing/Sales
Global Business Services
MRT
IAT
BRM
SIRG
IRC
PRC/PPISC
Other Contacts
Community Institutions Jeffrey Korte [email protected] Business Resiliency Council Susan Rogers [email protected]
Robin Fantin [email protected] Ray Irving [email protected] Andrew Hoerner [email protected]
Member Services Beth Hubbard [email protected]
Payments/Processors Risk Charles Bretz [email protected]
Insurance Risk Council Rick Lacafta [email protected]
Securities Industry Peter Falco [email protected]
IAT Michael O’Donnell [email protected] Business Relationship Management [email protected]