Ben Spear

Senior Intelligence Analyst

Free Cyber Crime Resources for the Justice Professional

2 TLP: WHITE

• National Resources

• Working Groups, Clubs, and Organizations

• Research and Handouts

• Assessments and Tools

• Free Training

• Other Resources

Agenda

National Resources

Disclaimer: Inclusion does not imply support. Listed resources are free but may be affiliated with for-profit companies and products.

4 TLP: WHITE

Multi-State Information Sharing and Analysis Center

The MS-ISAC is the focal point for cyber threat prevention, protection, response and recovery for the nation's

SLTT governments.

https://www.msisac.cisecurity.org

5 TLP: WHITE

Free and Voluntary

No Mandated Information Sharing

One Membership Document Required

About MS-ISAC Membership

Benefits:

− Access to information, intelligence,

products, resources, and webcasts

− Insider access to federal information

− Training and resource discounts

− CIS Security Benchmarks discounts

− HSIN Portal access

− Cybersecurity exercise participation

− Malicious Code Access Program

(MCAP) access

https://learn.cisecurity.org/ms-isac-registration

6 TLP: WHITE

• Support: – Network Monitoring Services – Research and Analysis

• Analysis and Monitoring: – Threats – Vulnerabilities – Attacks

• Reporting: – Cyber Alerts & Advisories – Web Defacements – Account Compromises – Hacktivist Notifications

24x7 Security Operations Center

Central location to report any cybersecurity incident

To report an incident or request

assistance:

Phone: 1-866-787-4722

Email: soc@msisac.org

7

NCCIC

National Cybersecurity & Communications Integration Center

https://www.us-cert.gov/nccic

8

• US-CERT strives for a safer, stronger internet for all Americans by responding to major incidents, analyzing threats, and exchanging critical cybersecurity information with trusted partners around the world

• The ICS-CERT mission is to guide a cohesive effort between government and industry to improve the cyber security posture of control systems within the nation’s critical infrastructure

• Alerts

• Advisories

• ICS-CERT Monitor newsletter

• Joint Security Awareness Reports

• Other Reports

• References to other resources

• www.US-Cert.gov

• Ics-cert.us-cert.gov

US-CERT & ICS-CERT

U.S Computer Emergency Response Team ( US-CERT)

Industrial Control System Computer Emergency Response Team (ICS-CERT)

https://www.us-cert.gov/

https://ics-cert.us-cert.gov/

9 TLP: WHITE

PSA & CSA

https://www.dhs.gov/protective-security-advisors

Protective & Cyber Security Advisors

Trained critical infrastructure protection and vulnerability mitigation subject matter experts who facilitate local field

activities in coordination with other Department of Homeland Security offices to proactively engage with federal & SLTT

government mission partners and the private sector to protect critical infrastructure

• Five mission areas – Security and resilience surveys

– Critical infrastructure security

– Support National Special Security Events (NSSEs)

– Liaisons between government & private sector

– Support IED awareness and training

– Coordination with the Office of Cybersecurity

– Work alongside FBI and USSS

10 TLP: WHITE

NCC

National Coordinating Center for Communications

• Share and analyze threat information

• Assess the operating status and understanding the risk posture of our communications infrastructure

Public-private partnership that allows governments at all levels, private industry, and our global allies to work

together in a 24x7 “Whole Community” effort

• Coordinate the Nation’s efforts to prepare for, prevent, protect against, mitigate, respond to, and recover from significant communications disruptions

https://www.dhs.gov/national-coordinating-center-communications

11 TLP: WHITE

Created via PDD 61, May 22,1998, to allow the private sector to come together, share information, perform

analysis, and respond to incidents

ISACs

EMR-ISAC

Legal Services

Information Sharing and Analysis Centers

12 TLP: WHITE

Fusion Centers

HI

AK

AL

AZ

AR

CA CO

CT

DE

FL

GA

ID

IL IN

IA

KY

LA

ME

MD

MA

MI

MN

MS

MO

MT

NB NV

NH

NJ

NM

NY

NC

ND

OH

OK

OR

PA

RI

SC

SD

TN

TX

UT

VT

VA

WA

WV

WI

WY

KS

WV

ID

GU MP AS VI

PR

https://www.dhs.gov/fusion-center-locations-and-contact-information

13 TLP: WHITE

• EO 13636- February 2013

• A Voluntary framework- based on existing standards, guidelines, and practices – for reducing cyber risks to critical infrastructure

NIST Cyber Security Framework & Roadmap

https://www.nist.gov/cyberframework

14

Partnership between government, academia and the private sector focused on cybersecurity education,

training and workforce development

• References to other resources

• Current press releases

NICE

National Initiative for Cyber Security Education

https://www.nist.gov/itl/applied-cybersecurity/nice

15

NICE Cybersecurity Workforce Framework

A Common Taxonomy and lexicon that describe types of cybersecurity work and the skills required

to perform it

• 7 Categories

• 30+ Specialty Areas

• 50+ Work Roles

https://www.nist.gov/itl/applied-cybersecurity/nice/resources/nice-cybersecurity-workforce-framework

16

• 2,000+ courses in the NICCS Training Catalog mapped to the National Cybersecurity Workforce Framework

• 40+ courses available to SLTT government employees and U.S. Veterans

• Tools for managers

• Monthly events

• Customized job searches

NICCS™ One Stop Shop for Cybersecurity Careers and Studies

niccs.us-cert.gov

Working Groups, Clubs, and Organizations

Disclaimer: Inclusion does not imply support. Listed resources are free but may be affiliated with for-profit companies and products.

18 TLP: WHITE

In support of the national effort to counter threats posed by terrorist, nation-state, and criminal cyber actors, each CTF

synchronizes domestic cyber threat investigations in the local community through information sharing, incident response, and

joint enforcement and intelligence actions.

• Provides:

– Enhanced understanding of threats

– Surge capability for cyber incidents

– Participation with national teams

– SME for instruction, presentations, research

CTF

https://www.fbi.gov/file-repository/cyber-task-forces-fact-sheet.pdf/view

Cyber Task Force

19 TLP: WHITE

The ECTF network is meant to bring together federal, state, and local law enforcement, prosecutors, private industry and academia for the prevention, detection,

mitigations, and aggressive investigation of attacks on the nation’s financial and critical infrastructures

ECTF

https://www.secretservice.gov/investigation/#field

Electronic Crimes Task Force

20 TLP: WHITE

• Partnership between the FBI and Sector

• Free membership

• Vetted members gain access to:

– TLP: GREEN and U//FOUO info

– Briefings and meetings

InfraGard

NY Chapters:

Albany

Buffalo

Hudson Valley

Long Island

New York City Metro

Rochester

https://www.infragard.org/

21

Develop a more efficient means for granting clearances to private sector individuals who are members of an ISAO via a designated critical infrastructure protection program

and engage in continuous, collaborative, and inclusive coordination with ISAOs via the DHS NCCIC

• Created EO 13691, February 12, 2015

• Key Goals

− Voluntary

− Transparent

− Inclusive

− Actionable

− Flexible

ISAO

Information Sharing & Analysis Organizations

https://www.dhs.gov/isao

22 TLP: WHITE

Independent, nonprofit, global association, ISACA engages in the development, adoption and use of globally accepted, industry-leading knowledge and practices for information

systems

• Established in 1969

• More than 520,000 engaged professionals

ISACA

https://www.isaca.org/pages/default.aspx

Information Systems Audit and Control Association

23 TLP: WHITE

The community of choice for international cybersecurity professionals dedicated to advancing individual growth,

managing technology risk and protecting critical information and infrastructure

• Mission

− Being a respected forum for networking and collaboration

− Providing education and knowledge sharing at all career lifecycle stages

− Be a highly regarded voice of information security

ISSA

http://www.issa.org/

Information Systems Security Association

24

Brings together organizations actively engaged in the field of digital and multimedia evidence to foster

communication and cooperation as well as to ensure quality and consistency within the forensic community

https://www.swgde.org/

Scientific Working Group on Digital Evidence

SWGDE

25 TLP: WHITE

HTCIA

https://htcia.org/

High Technology Crime Investigation Association

Formed to provide education and collaboration to global members for the prevention and investigation of high tech crimes and aspires to help all those in the high technology

field by providing extensive information, education, collective partnerships, mutual member benefits, astute

board leadership and professional management.

26 TLP: WHITE

IACP Cyber Center

http://www.iacpcybercenter.org/

International Association of Chiefs of Police

A collaborative project of the International Association of Chiefs of Police (IACP), RAND Corporation, and the Police

Executive Research Forum (PERF) developed to enhance the awareness, expand the education, and build the capacity of justice and public safety agencies to prevent, investigate,

prosecute, and respond to cyber threats and cyber crimes.

• Functional areas:

– Cyber crime investigations

– Digital forensics

– Information systems security

27 TLP: WHITE

PERF

http://www.policeforum.org/

Police Executive Research Forum

A police research and policy organization and a provider of management services, technical assistance, and executive-

level education to support law enforcement agencies.

• Founded in 1976

• Goals

– Improve delivery of police services through national leadership

– Public debate of police and criminal justice issues

– Research and policy development

28 TLP: WHITE

IACIS

https://www.iacis.com/

International Association of Computer Investigation Specialists

A non-profit, volunteer organization wholly dedicated to training, certifying and providing membership services to

computer forensic professionals around the world.

• Founded in 1990

29 TLP: WHITE

NASCIO

https://www.nascio.org/

National Association of State Chief Information Officers

Provides state CIOs and state members with products and services designed to support the challenging role of the state CIO, stimulate the exchange of information and promote the

adoption of IT best practices and innovations.

• Founded in 1969

• Mission

– Foster government excellence through quality business practices, information management, and technology policy.

30 TLP: WHITE

NCFTA

https://www.ncfta.net

National Cyber-Forensics & Training Alliance

Non-profit corporation, focused on identifying, mitigating, and neutralizing cyber crime threats globally. The NCFTA

operates by conducting real time information sharing and analysis with Subject Matter Experts (SME) in the public,

private, and academic sectors.

• Founded in 2002

31 TLP: WHITE

NCJTC

https://ncjtc.fvtc.edu/

National Criminal Justice Training Center

Extensive experience managing complex national training and technical assistance projects that demand attention to detail,

competency, diversity, flexibility, and innovation aimed to equip criminal justice professionals with the right training and

tools to affect lasting and meaningful change in their communities.

32 TLP: WHITE

OnGuard Online

https://www.consumer.ftc.gov/features/feature-0038-onguardonline

Provides practical tips from the federal government and the technology industry to help you be on guard

against Internet fraud, secure your computer, and protect your personal information.

33 TLP: WHITE

HackerSpaces

https://wiki.hackerspaces.org/

A community-operated physical place, where people can meet and work on their projects. This website is for anyone and everyone who wants to share their hackerspace stories and questions with the global

hackerspaces community.

Assessments and Tools

Disclaimer: Inclusion does not imply support. Listed resources are free but may be affiliated with for-profit companies and products.

35 TLP: WHITE

A voluntary self-assessment survey designed to evaluate cyber security management within SLTT governments

October 1 – November 30

All states (and agencies within), local government jurisdictions (and departments within),

tribal and territorial governments can participate.

Nationwide Cyber Security Review

NCSR

https://www.cisecurity.org/ms-isac/services/ncsr

36

• Secure configuration benchmarks

• Automated configuration assessment tools and content

• Security metrics

• Security software product certifications

• Benchmarks.cisecurity.org

Security Benchmarks

Well-defined, un-biased, consensus-based industry best practices

https://www.cisecurity.org/cis-benchmarks/

37

www.cisecurity.org/critical-controls.cfm

CIS Critical Security Controls

For Effective Cyber Defense, Version 6.1

https://www.cisecurity.org/controls/

38

To support the enhancement of critical infrastructure cybersecurity and to encourage the adoption of the National

Institute of Standards and Technology’s (NIST) Cybersecurity Framework while rendering Hands-On Support to SLTT

governments address their cybersecurity needs

• Cyber Resilience Review (CRR)

• Cybersecurity Advisors (CSAs) and Protective Security Advisors (PSAs)

• SLTT Cybersecurity Engagement Program

• C3 Voluntary Program Partners

C3 Voluntary Program

Critical Infrastructure Cyber Community Voluntary Program

https://www.us-cert.gov/ccubedvp

39 TLP: WHITE

NCATS leverages existing “best in breed” cybersecurity assessment methodologies, commercial best practices

and integration of threat intelligence that enable cybersecurity stakeholders with decision making/risk

management guidance and recommendations.

• Available services – Risk and Vulnerability Assessment

– Cyber Hygiene Assessment

– Social Engineering Tests

– Configuration Review

NCATS

ncats_info@hq.dhs.gov

National Cybersecurity Assessment & Technical Services

40 TLP: WHITE

CRR

https://www.us-cert.gov/ccubedvp/assessments

Cyber Resilience Review

A no-cost, voluntary, non-technical assessment to evaluate an organization’s operational resilience and cybersecurity practices. The CRR may be conducted

as a self-assessment or as an on-site assessment facilitated by DHS cybersecurity professionals.

• Downloadable Resources – Self-Assessment Package

– Method Description & User Guide

– Question Set with Guidance

– NIST Framework Crosswalk

– Information Sheet

– Resource Guides

41 TLP: WHITE

CSET

https://ics-cert.us-cert.gov/Assessments

Cybersecurity Evaluation Tool

A desktop software tool that guides users through a step-by-step process to assess their control system and information technology network security practices against recognized industry standards. The CSET output is a prioritized list of

recommendations for improving the cybersecurity posture of the organization's enterprise and industrial control systems.

• Key Benefits – Enhances organizational risk management

– Raises awareness on Cybersecurity

– Highlights vulnerabilities & recommendations

– Identifies areas of strength

– Industry-wide tool for assessments

– Method to improve Cybersecurity systems

42 TLP: WHITE

A free evaluation derived from the NIST Framework for Improving Critical Infrastructure Cybersecurity which helps give a detailed evaluation of an organizations cybersecurity program

against industry and government standards

RSA Cybersecurity Maturity Assessment Survey

http://emc.tool11.webcontentor.com/tools/securityassessmentsurvey.emc

43 TLP: WHITE

FEMA Cyber TTX

Cyber Capabilities Tabletop Exercise

Designed to increase understanding of cyber threat alerts, warning, and information sharing across sectors, and to test

and evaluate government-private sector coordinating structures, processes, and capabilities regarding cyber event

response and recovery. This Tabletop Exercise is an interactive exercise, complete with accompanying facilitator’s notes and

scripted video injects.

https://www.fema.gov/media-library/assets/documents/26845

44 TLP: WHITE

FTC Identity Theft

https://www.identitytheft.gov/

Is the federal government’s one-stop resource for identity theft victims. The site provides streamlined checklists and sample

letters to guide you through the recovery process.

45 TLP: WHITE

CISCP

https://www.dhs.gov/ciscp

Cyber Information Sharing and Collaboration Program

DHS's flagship program for public-private information sharing and complements ongoing DHS information

sharing efforts. In CISCP, DHS and participating companies share information about cyber threats,

incidents, and vulnerabilities.

• CISCP Products and Briefings

– Indicator Bulletins (IB)

– Analysis Reports (AR)

– Priority Alert (PA)

– Recommended Practices (RP)

46 TLP: WHITE

AIS

https://www.dhs.gov/ais

Automated Indicator Sharing

Enables the exchange of cyber threat indicators between the Federal Government and the private sector at machine speed.

Threat indicators are pieces of information like malicious IP addresses or the sender address of a phishing email

• AIS Processes – Automated analyses and technical mitigations to delete PII

– Minimize the amount of data included in a cyber

threat indicator

– Retain only information needed to address cyber threats

– Ensure any information collected is used only for network

defense or limited law enforcement purposes

47 TLP: WHITE

MCAP

Malicious Code Analysis Platform

https://www.cisecurity.org/ms-isac/services/

A web-based service which allows members to submit suspicious les, including executables, dlls, documents,

quarantine les and archives for analysis in a controlled and non-public fashion. MCAP also enables users to perform threat

analysis based on domain, IP address, URL, HASH, and various IOCs

48 TLP: WHITE

VMP

Vulnerability Management Program

https://www.cisecurity.org/ms-isac/services/

Notifies members on a monthly basis about any outdated software that could pose a threat to assets. A scripted GET

request is sent to over 30,000 SLTT domains that the MS-ISAC maintains, to pull data on versioning information that is related

to each domain.

• Analysis & review categories

– Vulnerable

• System is not up to date

• Provides CVE score and links to the CVE

– Not Vulnerable

• System’s patch level is up to date

49 TLP: WHITE

A tool that provides users the ability to submit suspected malware files and within as little as an hour, receive

detailed technical information about what the malware does and what it may be targeting

Malware Investigator

https://www.malwareinvestigator.gov/

50 TLP: WHITE

A database of Internet service and other online content providers that will help you get the information you need for your case

Site includes:

• Instructions to serve:

– Subpoenas

– Court orders

– Search warrants

• Legal contact info

Search.Org ISP List

http://www.search.org/resources/isp-list/

51 TLP: WHITE

No More Ransom

https://www.nomoreransom.org/

An initiative by the National High Tech Crime Unit of the Netherlands’ police, Europol’s European Cybercrime Centre and two cyber security companies – Kaspersky Lab and Intel Security – with the goal to help victims of ransomware retrieve

their encrypted data without having to pay the criminals

Disclaimer: Inclusion does not imply support. Listed resources are free but may be affiliated with for-profit companies and products.

Research and Handouts

53 TLP: WHITE

Features over 2,630 original computer security white papers in 101 different categories

SANS Reading Room

https://www.sans.org/reading-room

54 TLP: WHITE

The SEI Digital Library provides more than 3,500 documents from three decades of research into best

practices in software engineering.

• Including: – Technical reports

– Presentations

– Webinars

– Podcasts

SEI

http://resources.sei.cmu.edu/library/

Software Engineering Institute

55 TLP: WHITE

IC3

• Best place to file a complaint regarding an online crime (e.g. auction fraud, phishing emails, malware, etc.)

• Publishes:

− Alerts

− Advisories

− Reports

• Law Enforcement can query

https://www.ic3.gov/default.aspx

Internet Crime Complaint Center

56 TLP: WHITE

Distributed in template form to allow for re-branding and redistribution by your agency

Monthly Newsletter

https://www.cisecurity.org/resources/newsletter/

57 TLP: WHITE

•Publishes:

− Tip sheets

− Resources for Teachers

− Business Resources

National Cyber Security Alliance

https://staysafeonline.org/

58

•Tips & Advice

•Campaigns

•Resources

− Tip sheets

− Videos

− Posters

Stop.Think.Connect™

https://www.stopthinkconnect.org/

A national public awareness campaign aimed at increasing the understanding of cyber threats and

empowering the American public to be safer and more secure online.

59 TLP: WHITE

NCSC Raise Your Shield

https://www.dni.gov/index.php/ncsc-how-we-work/ncsc-know-the-risk-raise-your-shield

Dedicated to raising awareness among government employees and private industry about foreign intelligence threats, the risks they pose, and the defensive measures necessary for individuals and organizations to safeguard

that which has been entrusted to their protection.

National Counterintelligence and Security Center

60 TLP: WHITE

NCSC Raise Your Shield

https://www.dni.gov/index.php/ncsc-how-we-work/ncsc-know-the-risk-raise-your-shield

Dedicated to raising awareness among government employees and private industry about foreign intelligence threats, the risks they pose, and the defensive measures necessary for individuals and organizations to safeguard

that which has been entrusted to their protection.

National Counterintelligence and Security Center

Disclaimer: Inclusion does not imply support. Listed resources are free but may be affiliated with for-profit companies and products.

Free Training

62 TLP: WHITE

• Free, online, on-demand and live cybersecurity training

• Available to U.S. government employees and veterans

FedVTE

https://fedvte.usalearning.gov/

• 60+ courses including prep for certification exams − Network +

− Security +

− CISSP

− CEH

Federal Virtual Training Environment

63 TLP: WHITE

Dedicated to instructing state and local officials in digital evidence and cyber crime investigations.

• Free to state and local law enforcement, prosecutors and judges via federal funding

– Includes travel, lodging, equipment (partial), and course fees

https://www.ncfi.usss.gov/ncfi/

NCFI

National Computer Forensics Institute

64 TLP: WHITE

Nationwide support for law enforcement and regulatory agencies involved in the prevention, investigation and

prosecution of economic and high-tech crime.

• Training options include instruction in all areas of economic and cyber crime investigation and prosecution.

– Free for Law enforcement

NW3C

www.nw3c.org

National White Collar Crime Center

65

Provides career-long training to law enforcement professionals to help them fulfill their responsibilities

safely and proficiently.

• Mission:

– Train all those who protect the homeland in audiences that include state, local, and tribal departments throughout the U.S.

• Provides: – Firearms

– Driving

– Tactics

– Investigations

– Legal Training

FLETC

Federal Law Enforcement Training Centers

https://www.fletc.gov/

66 TLP: WHITE

Web- Based Training available on the ICS-CERT Virtual Learning Portal:

1. Operational Security (OPSEC) for Control Systems (100W)

– 1 hour

2. Cybersecurity for Industrial Control Systems (210W)

– 15 hours

3. Introduction to Control Systems Cybersecurity (101)

– 8 hours

4. Intermediate Cybersecurity for Industrial Control Systems (201)

– 8 hours

5. Intermediate Cybersecurity for Industrial Control Systems (202)

– 8 hours

6. ICS Cybersecurity (301)

– 5 days

ICS-CERT Training

https://ics-cert.us-cert.gov/Training-Available-Through-ICS-CERT

67 TLP: WHITE

The Federal Bureau of Investigation’s (FBI) Cyber Shield Alliance provides extensive resources for state, local,

tribal, and territorial (SLTT) law enforcement partners via the Law Enforcement Enterprise Portal to access

eGuardian as a way to report cyber incidents, to share intelligence, and to access federally sponsored training.

FBI Cyber Shield Alliance – Virtual Academy

https://www.cjis.gov/CJISEAI/EAIController

68 TLP: WHITE

Self-paced and Instructor led courses at varying levels of difficulty

Search.Org Training

http://www.search.org/get-help/training/high-tech-crime-investigations/self-paced-training/

69 TLP: WHITE

Supported by DHS and the Federal Emergency Management Emergency Agency (FEMA)

• 10 courses in three discipline-specific tracks:

– Non-Technical for End-Users

– Technical for IT Professional

– Business Managers and Professionals

TEEX

https://teex.org/Pages/default.aspx

Texas A&M Engineering Extension Service

70 TLP: WHITE

•1 hour webinars

•20,000+ members

•Year-round “virtual conference”

Justice Clearinghouse

http://justiceclearinghouse.com

71 TLP: WHITE

A one stop, full service forensics laboratory and training center devoted entirely to the examination of digital evidence in

support of criminal investigations. Training is available in the nationwide training centers.

• Investigative areas:

− Terrorism

− Child Pornography

− Crimes of Violence

− Trade secret theft

− Theft or destruction to intellectual property

− Financial Fraud & Property crime

− Internet crimes

RCFL

https://www.rcfl.gov/training

Regional Computer Forensics Lab

72 TLP: WHITE

Provides training and outreach to state and local law enforcement, prosecutors, and government officials. In

addition CCIPS attorneys are available to speak to prosecutors, law enforcement and others regarding a

range of IT, cybersecurity and privacy topics

Department of Justice CCIPS

https://www.justice.gov/criminal-ccips/arranging-speakers

Computer Crime and Intellectual Property Section

73 TLP: WHITE

Colleges Courses Online

https://www.edx.org/

No credits toward a degree

74 TLP: WHITE

Provides everyone who seeks to learn about Cybersecurity with quality, up-to-date training

and resources completely free of cost

Cybrary

https://www.cybrary.it/

75 TLP: WHITE

W3 Schools

https://www.w3schools.com/

A web developers site, with tutorials and references on web development languages such as HTML, CSS,

JavaScript, PHP, SQL, W3.CSS, and Bootstrap, covering most aspects of web programming.

• Easy Learning

– Focus on simplicity

– Practice easy and straight-forward learning

– Uses simple code explanations with simple illustrations of how to

use it.

– Tutorials start from basic level and move all the way up to

professional references.

76 TLP: WHITE

Webcasts and Podcasts

Other Resources

Disclaimer: Inclusion does not imply support. Listed resources are free but may be affiliated with for-profit companies and products.

78 TLP: WHITE

Firehose Coding Project

https://www.thefirehoseproject.com/?home=true

Become a software engineer through part or full-time programs combining expert 1-on-1 mentorship, a customized curriculum,

and a worldwide student support community.

Ben Spear

Senior Intelligence Analyst

518.880.0705

ben.spear@cisecurity.org

MS-ISAC 24x7 Security Operations Center

1-866-787-4722

SOC@cisecurity.org