free cyber crime resources for the justice professional · 2017-07-13 · international association...
TRANSCRIPT
Ben Spear
Senior Intelligence Analyst
Free Cyber Crime Resources for the Justice Professional
2 TLP: WHITE
• National Resources
• Working Groups, Clubs, and Organizations
• Research and Handouts
• Assessments and Tools
• Free Training
• Other Resources
Agenda
National Resources
Disclaimer: Inclusion does not imply support. Listed resources are free but may be affiliated with for-profit companies and products.
4 TLP: WHITE
Multi-State Information Sharing and Analysis Center
The MS-ISAC is the focal point for cyber threat prevention, protection, response and recovery for the nation's
SLTT governments.
https://www.msisac.cisecurity.org
5 TLP: WHITE
Free and Voluntary
No Mandated Information Sharing
One Membership Document Required
About MS-ISAC Membership
Benefits:
− Access to information, intelligence,
products, resources, and webcasts
− Insider access to federal information
− Training and resource discounts
− CIS Security Benchmarks discounts
− HSIN Portal access
− Cybersecurity exercise participation
− Malicious Code Access Program
(MCAP) access
https://learn.cisecurity.org/ms-isac-registration
6 TLP: WHITE
• Support: – Network Monitoring Services – Research and Analysis
• Analysis and Monitoring: – Threats – Vulnerabilities – Attacks
• Reporting: – Cyber Alerts & Advisories – Web Defacements – Account Compromises – Hacktivist Notifications
24x7 Security Operations Center
Central location to report any cybersecurity incident
To report an incident or request
assistance:
Phone: 1-866-787-4722
Email: [email protected]
7
NCCIC
National Cybersecurity & Communications Integration Center
https://www.us-cert.gov/nccic
8
• US-CERT strives for a safer, stronger internet for all Americans by responding to major incidents, analyzing threats, and exchanging critical cybersecurity information with trusted partners around the world
• The ICS-CERT mission is to guide a cohesive effort between government and industry to improve the cyber security posture of control systems within the nation’s critical infrastructure
• Alerts
• Advisories
• ICS-CERT Monitor newsletter
• Joint Security Awareness Reports
• Other Reports
• References to other resources
• www.US-Cert.gov
• Ics-cert.us-cert.gov
US-CERT & ICS-CERT
U.S Computer Emergency Response Team ( US-CERT)
Industrial Control System Computer Emergency Response Team (ICS-CERT)
https://www.us-cert.gov/
https://ics-cert.us-cert.gov/
9 TLP: WHITE
PSA & CSA
https://www.dhs.gov/protective-security-advisors
Protective & Cyber Security Advisors
Trained critical infrastructure protection and vulnerability mitigation subject matter experts who facilitate local field
activities in coordination with other Department of Homeland Security offices to proactively engage with federal & SLTT
government mission partners and the private sector to protect critical infrastructure
• Five mission areas – Security and resilience surveys
– Critical infrastructure security
– Support National Special Security Events (NSSEs)
– Liaisons between government & private sector
– Support IED awareness and training
– Coordination with the Office of Cybersecurity
– Work alongside FBI and USSS
10 TLP: WHITE
NCC
National Coordinating Center for Communications
• Share and analyze threat information
• Assess the operating status and understanding the risk posture of our communications infrastructure
Public-private partnership that allows governments at all levels, private industry, and our global allies to work
together in a 24x7 “Whole Community” effort
• Coordinate the Nation’s efforts to prepare for, prevent, protect against, mitigate, respond to, and recover from significant communications disruptions
https://www.dhs.gov/national-coordinating-center-communications
11 TLP: WHITE
Created via PDD 61, May 22,1998, to allow the private sector to come together, share information, perform
analysis, and respond to incidents
ISACs
EMR-ISAC
Legal Services
Information Sharing and Analysis Centers
12 TLP: WHITE
Fusion Centers
HI
AK
AL
AZ
AR
CA CO
CT
DE
FL
GA
ID
IL IN
IA
KY
LA
ME
MD
MA
MI
MN
MS
MO
MT
NB NV
NH
NJ
NM
NY
NC
ND
OH
OK
OR
PA
RI
SC
SD
TN
TX
UT
VT
VA
WA
WV
WI
WY
KS
WV
ID
GU MP AS VI
PR
https://www.dhs.gov/fusion-center-locations-and-contact-information
13 TLP: WHITE
• EO 13636- February 2013
• A Voluntary framework- based on existing standards, guidelines, and practices – for reducing cyber risks to critical infrastructure
NIST Cyber Security Framework & Roadmap
https://www.nist.gov/cyberframework
14
Partnership between government, academia and the private sector focused on cybersecurity education,
training and workforce development
• References to other resources
• Current press releases
NICE
National Initiative for Cyber Security Education
https://www.nist.gov/itl/applied-cybersecurity/nice
15
NICE Cybersecurity Workforce Framework
A Common Taxonomy and lexicon that describe types of cybersecurity work and the skills required
to perform it
• 7 Categories
• 30+ Specialty Areas
• 50+ Work Roles
https://www.nist.gov/itl/applied-cybersecurity/nice/resources/nice-cybersecurity-workforce-framework
16
• 2,000+ courses in the NICCS Training Catalog mapped to the National Cybersecurity Workforce Framework
• 40+ courses available to SLTT government employees and U.S. Veterans
• Tools for managers
• Monthly events
• Customized job searches
NICCS™ One Stop Shop for Cybersecurity Careers and Studies
niccs.us-cert.gov
Working Groups, Clubs, and Organizations
Disclaimer: Inclusion does not imply support. Listed resources are free but may be affiliated with for-profit companies and products.
18 TLP: WHITE
In support of the national effort to counter threats posed by terrorist, nation-state, and criminal cyber actors, each CTF
synchronizes domestic cyber threat investigations in the local community through information sharing, incident response, and
joint enforcement and intelligence actions.
• Provides:
– Enhanced understanding of threats
– Surge capability for cyber incidents
– Participation with national teams
– SME for instruction, presentations, research
CTF
https://www.fbi.gov/file-repository/cyber-task-forces-fact-sheet.pdf/view
Cyber Task Force
19 TLP: WHITE
The ECTF network is meant to bring together federal, state, and local law enforcement, prosecutors, private industry and academia for the prevention, detection,
mitigations, and aggressive investigation of attacks on the nation’s financial and critical infrastructures
ECTF
https://www.secretservice.gov/investigation/#field
Electronic Crimes Task Force
20 TLP: WHITE
• Partnership between the FBI and Sector
• Free membership
• Vetted members gain access to:
– TLP: GREEN and U//FOUO info
– Briefings and meetings
InfraGard
NY Chapters:
Albany
Buffalo
Hudson Valley
Long Island
New York City Metro
Rochester
https://www.infragard.org/
21
Develop a more efficient means for granting clearances to private sector individuals who are members of an ISAO via a designated critical infrastructure protection program
and engage in continuous, collaborative, and inclusive coordination with ISAOs via the DHS NCCIC
• Created EO 13691, February 12, 2015
• Key Goals
− Voluntary
− Transparent
− Inclusive
− Actionable
− Flexible
ISAO
Information Sharing & Analysis Organizations
https://www.dhs.gov/isao
22 TLP: WHITE
Independent, nonprofit, global association, ISACA engages in the development, adoption and use of globally accepted, industry-leading knowledge and practices for information
systems
• Established in 1969
• More than 520,000 engaged professionals
ISACA
https://www.isaca.org/pages/default.aspx
Information Systems Audit and Control Association
23 TLP: WHITE
The community of choice for international cybersecurity professionals dedicated to advancing individual growth,
managing technology risk and protecting critical information and infrastructure
• Mission
− Being a respected forum for networking and collaboration
− Providing education and knowledge sharing at all career lifecycle stages
− Be a highly regarded voice of information security
ISSA
http://www.issa.org/
Information Systems Security Association
24
Brings together organizations actively engaged in the field of digital and multimedia evidence to foster
communication and cooperation as well as to ensure quality and consistency within the forensic community
https://www.swgde.org/
Scientific Working Group on Digital Evidence
SWGDE
25 TLP: WHITE
HTCIA
https://htcia.org/
High Technology Crime Investigation Association
Formed to provide education and collaboration to global members for the prevention and investigation of high tech crimes and aspires to help all those in the high technology
field by providing extensive information, education, collective partnerships, mutual member benefits, astute
board leadership and professional management.
26 TLP: WHITE
IACP Cyber Center
http://www.iacpcybercenter.org/
International Association of Chiefs of Police
A collaborative project of the International Association of Chiefs of Police (IACP), RAND Corporation, and the Police
Executive Research Forum (PERF) developed to enhance the awareness, expand the education, and build the capacity of justice and public safety agencies to prevent, investigate,
prosecute, and respond to cyber threats and cyber crimes.
• Functional areas:
– Cyber crime investigations
– Digital forensics
– Information systems security
27 TLP: WHITE
PERF
http://www.policeforum.org/
Police Executive Research Forum
A police research and policy organization and a provider of management services, technical assistance, and executive-
level education to support law enforcement agencies.
• Founded in 1976
• Goals
– Improve delivery of police services through national leadership
– Public debate of police and criminal justice issues
– Research and policy development
28 TLP: WHITE
IACIS
https://www.iacis.com/
International Association of Computer Investigation Specialists
A non-profit, volunteer organization wholly dedicated to training, certifying and providing membership services to
computer forensic professionals around the world.
• Founded in 1990
29 TLP: WHITE
NASCIO
https://www.nascio.org/
National Association of State Chief Information Officers
Provides state CIOs and state members with products and services designed to support the challenging role of the state CIO, stimulate the exchange of information and promote the
adoption of IT best practices and innovations.
• Founded in 1969
• Mission
– Foster government excellence through quality business practices, information management, and technology policy.
30 TLP: WHITE
NCFTA
https://www.ncfta.net
National Cyber-Forensics & Training Alliance
Non-profit corporation, focused on identifying, mitigating, and neutralizing cyber crime threats globally. The NCFTA
operates by conducting real time information sharing and analysis with Subject Matter Experts (SME) in the public,
private, and academic sectors.
• Founded in 2002
31 TLP: WHITE
NCJTC
https://ncjtc.fvtc.edu/
National Criminal Justice Training Center
Extensive experience managing complex national training and technical assistance projects that demand attention to detail,
competency, diversity, flexibility, and innovation aimed to equip criminal justice professionals with the right training and
tools to affect lasting and meaningful change in their communities.
32 TLP: WHITE
OnGuard Online
https://www.consumer.ftc.gov/features/feature-0038-onguardonline
Provides practical tips from the federal government and the technology industry to help you be on guard
against Internet fraud, secure your computer, and protect your personal information.
33 TLP: WHITE
HackerSpaces
https://wiki.hackerspaces.org/
A community-operated physical place, where people can meet and work on their projects. This website is for anyone and everyone who wants to share their hackerspace stories and questions with the global
hackerspaces community.
Assessments and Tools
Disclaimer: Inclusion does not imply support. Listed resources are free but may be affiliated with for-profit companies and products.
35 TLP: WHITE
A voluntary self-assessment survey designed to evaluate cyber security management within SLTT governments
October 1 – November 30
All states (and agencies within), local government jurisdictions (and departments within),
tribal and territorial governments can participate.
Nationwide Cyber Security Review
NCSR
https://www.cisecurity.org/ms-isac/services/ncsr
36
• Secure configuration benchmarks
• Automated configuration assessment tools and content
• Security metrics
• Security software product certifications
• Benchmarks.cisecurity.org
Security Benchmarks
Well-defined, un-biased, consensus-based industry best practices
https://www.cisecurity.org/cis-benchmarks/
37
www.cisecurity.org/critical-controls.cfm
CIS Critical Security Controls
For Effective Cyber Defense, Version 6.1
https://www.cisecurity.org/controls/
38
To support the enhancement of critical infrastructure cybersecurity and to encourage the adoption of the National
Institute of Standards and Technology’s (NIST) Cybersecurity Framework while rendering Hands-On Support to SLTT
governments address their cybersecurity needs
• Cyber Resilience Review (CRR)
• Cybersecurity Advisors (CSAs) and Protective Security Advisors (PSAs)
• SLTT Cybersecurity Engagement Program
• C3 Voluntary Program Partners
C3 Voluntary Program
Critical Infrastructure Cyber Community Voluntary Program
https://www.us-cert.gov/ccubedvp
39 TLP: WHITE
NCATS leverages existing “best in breed” cybersecurity assessment methodologies, commercial best practices
and integration of threat intelligence that enable cybersecurity stakeholders with decision making/risk
management guidance and recommendations.
• Available services – Risk and Vulnerability Assessment
– Cyber Hygiene Assessment
– Social Engineering Tests
– Configuration Review
NCATS
National Cybersecurity Assessment & Technical Services
40 TLP: WHITE
CRR
https://www.us-cert.gov/ccubedvp/assessments
Cyber Resilience Review
A no-cost, voluntary, non-technical assessment to evaluate an organization’s operational resilience and cybersecurity practices. The CRR may be conducted
as a self-assessment or as an on-site assessment facilitated by DHS cybersecurity professionals.
• Downloadable Resources – Self-Assessment Package
– Method Description & User Guide
– Question Set with Guidance
– NIST Framework Crosswalk
– Information Sheet
– Resource Guides
41 TLP: WHITE
CSET
https://ics-cert.us-cert.gov/Assessments
Cybersecurity Evaluation Tool
A desktop software tool that guides users through a step-by-step process to assess their control system and information technology network security practices against recognized industry standards. The CSET output is a prioritized list of
recommendations for improving the cybersecurity posture of the organization's enterprise and industrial control systems.
• Key Benefits – Enhances organizational risk management
– Raises awareness on Cybersecurity
– Highlights vulnerabilities & recommendations
– Identifies areas of strength
– Industry-wide tool for assessments
– Method to improve Cybersecurity systems
42 TLP: WHITE
A free evaluation derived from the NIST Framework for Improving Critical Infrastructure Cybersecurity which helps give a detailed evaluation of an organizations cybersecurity program
against industry and government standards
RSA Cybersecurity Maturity Assessment Survey
http://emc.tool11.webcontentor.com/tools/securityassessmentsurvey.emc
43 TLP: WHITE
FEMA Cyber TTX
Cyber Capabilities Tabletop Exercise
Designed to increase understanding of cyber threat alerts, warning, and information sharing across sectors, and to test
and evaluate government-private sector coordinating structures, processes, and capabilities regarding cyber event
response and recovery. This Tabletop Exercise is an interactive exercise, complete with accompanying facilitator’s notes and
scripted video injects.
https://www.fema.gov/media-library/assets/documents/26845
44 TLP: WHITE
FTC Identity Theft
https://www.identitytheft.gov/
Is the federal government’s one-stop resource for identity theft victims. The site provides streamlined checklists and sample
letters to guide you through the recovery process.
45 TLP: WHITE
CISCP
https://www.dhs.gov/ciscp
Cyber Information Sharing and Collaboration Program
DHS's flagship program for public-private information sharing and complements ongoing DHS information
sharing efforts. In CISCP, DHS and participating companies share information about cyber threats,
incidents, and vulnerabilities.
• CISCP Products and Briefings
– Indicator Bulletins (IB)
– Analysis Reports (AR)
– Priority Alert (PA)
– Recommended Practices (RP)
46 TLP: WHITE
AIS
https://www.dhs.gov/ais
Automated Indicator Sharing
Enables the exchange of cyber threat indicators between the Federal Government and the private sector at machine speed.
Threat indicators are pieces of information like malicious IP addresses or the sender address of a phishing email
• AIS Processes – Automated analyses and technical mitigations to delete PII
– Minimize the amount of data included in a cyber
threat indicator
– Retain only information needed to address cyber threats
– Ensure any information collected is used only for network
defense or limited law enforcement purposes
47 TLP: WHITE
MCAP
Malicious Code Analysis Platform
https://www.cisecurity.org/ms-isac/services/
A web-based service which allows members to submit suspicious les, including executables, dlls, documents,
quarantine les and archives for analysis in a controlled and non-public fashion. MCAP also enables users to perform threat
analysis based on domain, IP address, URL, HASH, and various IOCs
48 TLP: WHITE
VMP
Vulnerability Management Program
https://www.cisecurity.org/ms-isac/services/
Notifies members on a monthly basis about any outdated software that could pose a threat to assets. A scripted GET
request is sent to over 30,000 SLTT domains that the MS-ISAC maintains, to pull data on versioning information that is related
to each domain.
• Analysis & review categories
– Vulnerable
• System is not up to date
• Provides CVE score and links to the CVE
– Not Vulnerable
• System’s patch level is up to date
49 TLP: WHITE
A tool that provides users the ability to submit suspected malware files and within as little as an hour, receive
detailed technical information about what the malware does and what it may be targeting
Malware Investigator
https://www.malwareinvestigator.gov/
50 TLP: WHITE
A database of Internet service and other online content providers that will help you get the information you need for your case
Site includes:
• Instructions to serve:
– Subpoenas
– Court orders
– Search warrants
• Legal contact info
Search.Org ISP List
http://www.search.org/resources/isp-list/
51 TLP: WHITE
No More Ransom
https://www.nomoreransom.org/
An initiative by the National High Tech Crime Unit of the Netherlands’ police, Europol’s European Cybercrime Centre and two cyber security companies – Kaspersky Lab and Intel Security – with the goal to help victims of ransomware retrieve
their encrypted data without having to pay the criminals
Disclaimer: Inclusion does not imply support. Listed resources are free but may be affiliated with for-profit companies and products.
Research and Handouts
53 TLP: WHITE
Features over 2,630 original computer security white papers in 101 different categories
SANS Reading Room
https://www.sans.org/reading-room
54 TLP: WHITE
The SEI Digital Library provides more than 3,500 documents from three decades of research into best
practices in software engineering.
• Including: – Technical reports
– Presentations
– Webinars
– Podcasts
SEI
http://resources.sei.cmu.edu/library/
Software Engineering Institute
55 TLP: WHITE
IC3
• Best place to file a complaint regarding an online crime (e.g. auction fraud, phishing emails, malware, etc.)
• Publishes:
− Alerts
− Advisories
− Reports
• Law Enforcement can query
https://www.ic3.gov/default.aspx
Internet Crime Complaint Center
56 TLP: WHITE
Distributed in template form to allow for re-branding and redistribution by your agency
Monthly Newsletter
https://www.cisecurity.org/resources/newsletter/
57 TLP: WHITE
•Publishes:
− Tip sheets
− Resources for Teachers
− Business Resources
National Cyber Security Alliance
https://staysafeonline.org/
58
•Tips & Advice
•Campaigns
•Resources
− Tip sheets
− Videos
− Posters
Stop.Think.Connect™
https://www.stopthinkconnect.org/
A national public awareness campaign aimed at increasing the understanding of cyber threats and
empowering the American public to be safer and more secure online.
59 TLP: WHITE
NCSC Raise Your Shield
https://www.dni.gov/index.php/ncsc-how-we-work/ncsc-know-the-risk-raise-your-shield
Dedicated to raising awareness among government employees and private industry about foreign intelligence threats, the risks they pose, and the defensive measures necessary for individuals and organizations to safeguard
that which has been entrusted to their protection.
National Counterintelligence and Security Center
60 TLP: WHITE
NCSC Raise Your Shield
https://www.dni.gov/index.php/ncsc-how-we-work/ncsc-know-the-risk-raise-your-shield
Dedicated to raising awareness among government employees and private industry about foreign intelligence threats, the risks they pose, and the defensive measures necessary for individuals and organizations to safeguard
that which has been entrusted to their protection.
National Counterintelligence and Security Center
Disclaimer: Inclusion does not imply support. Listed resources are free but may be affiliated with for-profit companies and products.
Free Training
62 TLP: WHITE
• Free, online, on-demand and live cybersecurity training
• Available to U.S. government employees and veterans
FedVTE
https://fedvte.usalearning.gov/
• 60+ courses including prep for certification exams − Network +
− Security +
− CISSP
− CEH
Federal Virtual Training Environment
63 TLP: WHITE
Dedicated to instructing state and local officials in digital evidence and cyber crime investigations.
• Free to state and local law enforcement, prosecutors and judges via federal funding
– Includes travel, lodging, equipment (partial), and course fees
https://www.ncfi.usss.gov/ncfi/
NCFI
National Computer Forensics Institute
64 TLP: WHITE
Nationwide support for law enforcement and regulatory agencies involved in the prevention, investigation and
prosecution of economic and high-tech crime.
• Training options include instruction in all areas of economic and cyber crime investigation and prosecution.
– Free for Law enforcement
NW3C
www.nw3c.org
National White Collar Crime Center
65
Provides career-long training to law enforcement professionals to help them fulfill their responsibilities
safely and proficiently.
• Mission:
– Train all those who protect the homeland in audiences that include state, local, and tribal departments throughout the U.S.
• Provides: – Firearms
– Driving
– Tactics
– Investigations
– Legal Training
FLETC
Federal Law Enforcement Training Centers
https://www.fletc.gov/
66 TLP: WHITE
Web- Based Training available on the ICS-CERT Virtual Learning Portal:
1. Operational Security (OPSEC) for Control Systems (100W)
– 1 hour
2. Cybersecurity for Industrial Control Systems (210W)
– 15 hours
3. Introduction to Control Systems Cybersecurity (101)
– 8 hours
4. Intermediate Cybersecurity for Industrial Control Systems (201)
– 8 hours
5. Intermediate Cybersecurity for Industrial Control Systems (202)
– 8 hours
6. ICS Cybersecurity (301)
– 5 days
ICS-CERT Training
https://ics-cert.us-cert.gov/Training-Available-Through-ICS-CERT
67 TLP: WHITE
The Federal Bureau of Investigation’s (FBI) Cyber Shield Alliance provides extensive resources for state, local,
tribal, and territorial (SLTT) law enforcement partners via the Law Enforcement Enterprise Portal to access
eGuardian as a way to report cyber incidents, to share intelligence, and to access federally sponsored training.
FBI Cyber Shield Alliance – Virtual Academy
https://www.cjis.gov/CJISEAI/EAIController
68 TLP: WHITE
Self-paced and Instructor led courses at varying levels of difficulty
Search.Org Training
http://www.search.org/get-help/training/high-tech-crime-investigations/self-paced-training/
69 TLP: WHITE
Supported by DHS and the Federal Emergency Management Emergency Agency (FEMA)
• 10 courses in three discipline-specific tracks:
– Non-Technical for End-Users
– Technical for IT Professional
– Business Managers and Professionals
TEEX
https://teex.org/Pages/default.aspx
Texas A&M Engineering Extension Service
70 TLP: WHITE
•1 hour webinars
•20,000+ members
•Year-round “virtual conference”
Justice Clearinghouse
http://justiceclearinghouse.com
71 TLP: WHITE
A one stop, full service forensics laboratory and training center devoted entirely to the examination of digital evidence in
support of criminal investigations. Training is available in the nationwide training centers.
• Investigative areas:
− Terrorism
− Child Pornography
− Crimes of Violence
− Trade secret theft
− Theft or destruction to intellectual property
− Financial Fraud & Property crime
− Internet crimes
RCFL
https://www.rcfl.gov/training
Regional Computer Forensics Lab
72 TLP: WHITE
Provides training and outreach to state and local law enforcement, prosecutors, and government officials. In
addition CCIPS attorneys are available to speak to prosecutors, law enforcement and others regarding a
range of IT, cybersecurity and privacy topics
Department of Justice CCIPS
https://www.justice.gov/criminal-ccips/arranging-speakers
Computer Crime and Intellectual Property Section
73 TLP: WHITE
Colleges Courses Online
https://www.edx.org/
No credits toward a degree
74 TLP: WHITE
Provides everyone who seeks to learn about Cybersecurity with quality, up-to-date training
and resources completely free of cost
Cybrary
https://www.cybrary.it/
75 TLP: WHITE
W3 Schools
https://www.w3schools.com/
A web developers site, with tutorials and references on web development languages such as HTML, CSS,
JavaScript, PHP, SQL, W3.CSS, and Bootstrap, covering most aspects of web programming.
• Easy Learning
– Focus on simplicity
– Practice easy and straight-forward learning
– Uses simple code explanations with simple illustrations of how to
use it.
– Tutorials start from basic level and move all the way up to
professional references.
76 TLP: WHITE
Webcasts and Podcasts
Other Resources
Disclaimer: Inclusion does not imply support. Listed resources are free but may be affiliated with for-profit companies and products.
78 TLP: WHITE
Firehose Coding Project
https://www.thefirehoseproject.com/?home=true
Become a software engineer through part or full-time programs combining expert 1-on-1 mentorship, a customized curriculum,
and a worldwide student support community.
Ben Spear
Senior Intelligence Analyst
518.880.0705
MS-ISAC 24x7 Security Operations Center
1-866-787-4722