homeland security perspectives for building cyber …
TRANSCRIPT
Franco CAPPA, CISSPCybersecurity Advisor (CSA)
C I S A | C Y B E R S E C U R I T Y A N D I N F R A S T R U C T U R E S E C U R I T Y A G E N C Y
1
HOMELAND SECURITY PERSPECTIVES FOR BUILDINGCYBER SECURITY CAPACITY, CAPABILITY AND RESILIENCE
PPA FALL ENERGY CONFERENCE & ANNUAL MEETING – 14 OCTOBER 2021
CISA Cybersecurity Advisor Program
Franco CAPPA, CISSPCybersecurity Advisor (CSA)
October 12, 2021
CISA Mission and Vision
2
• Cybersecurity and Infrastructure Security Agency (CISA) mission: • Lead the collaborative national effort to strengthen the
security and resilience of America’s critical infrastructure
• CISA vision: • A Nation with secure, resilient, and reliable critical
infrastructure upon which the American way of life can thrive
“Defend Today, Secure Tomorrow”
Franco CAPPA, CISSPCybersecurity Advisor (CSA)
October 12, 2021
Critical Infrastructure (CI) Sectors
3
“I don't know that much about cyber, but I do think that's the number one problem with mankind.”
Franco CAPPA, CISSPCybersecurity Advisor (CSA)
October 12, 2021
CISA “Pillars” & Field Resources
4
• Cybersecurity—Cybersecurity Advisors (CSAs)
• Infrastructure Security—Protective Security Advisors
(PSAs) and Chemical Security Inspectors (CSIs)
• Emergency Communications—Emergency
Communication Coordinators (ECCs)
• National Risk Management—Risk analyst
Franco CAPPA, CISSPCybersecurity Advisor (CSA)
October 12, 2021
Cyber-Physical Convergence
5
Today’s threats are targeting physical and cyber assets through sophisticated hybrid attacks with potentially devastating impacts to data, property and physical safety. CISA defines convergence as formal collaboration between previously disjoined security functions.
Source: https://www.cisa.gov/cybersecurity-and-physical-security-convergence
Franco CAPPA, CISSPCybersecurity Advisor (CSA)
October 12, 2021
Cyber-Intrusion Campaigns—ICS
6
The cybersecurity threats posed to the industrial control systems (ICS) that control and operate critical infrastructure are among the most significant and growing issues confronting our Nation.To raise awareness of the risks to—and improve the cyber protection of—critical infrastructure, CISA and the Federal Bureau of Investigation (FBI) have released a Joint Cybersecurity Advisory as well as updates to five alerts and advisories. These alerts and advisories contain information on historical cyber-intrusion campaigns that have targeted ICS
Source: https://us-cert.cisa.gov/ncas/current-activity/2021/07/20/significant-historical-cyber-intrusion-campaigns-targeting-ics
Franco CAPPA, CISSPCybersecurity Advisor (CSA)
October 12, 2021
Release date: 20 July 2021
7
Joint Cybersecurity Advisory: [AA21-201A: 2011 Gas Pipeline Sector Intrusion Campaign by PRC Actors] ICS Joint Security Awareness Report: [JSAR-12-241-
01B: Shamoon/DistTrack Malware (Update B)] ICS Advisory: [ICSA-14-178-01: ICS Focused Malware –
Havex] ICS Alert: [ICS-ALERT-14-281-01E: Ongoing
Sophisticated Malware Campaign Compromising ICS ICS Alert: [IR-ALERT-H-16-056-01: Cyber-Attack Against
Ukrainian Critical Infrastructure] Technical Alert: [TA17-163A: CrashOverride Malware]
Source: https://us-cert.cisa.gov/ncas/current-activity/2021/07/20/significant-historical-cyber-intrusion-campaigns-targeting-ics
Franco CAPPA, CISSPCybersecurity Advisor (CSA)
October 12, 2021
Emerging Cyber Threat Trends
8
Interconnected systems enabling threat actors. Targets of opportunity.
Paths of least resistance.
PII and data: high value, high-demand commodities.
Hacking as a service (HaaS) Malicious tools readily available
for purchase or download.Source: DHS I&A
Franco CAPPA, CISSPCybersecurity Advisor (CSA)
October 12, 2021
Threat Vectors
9
Phishing / Spear-phishing Social Engineering Business Email Compromise (BEC) Exploiting unpatched vulnerabilities on web-facing
systems Especially remote-access (e.g., VPN, RDP)
Exploiting third-parties (e.g., managed services) Compromising home networks of employees or family
members via emails & telework applications Focus on remote / collaboration platforms and cloud
services (O365, Webex, Google Drive credentials)
Franco CAPPA, CISSPCybersecurity Advisor (CSA)
October 12, 2021
A Wide Range of Offerings for CI
10
• Information / Threat Indicator Sharing• Cybersecurity Training and Awareness• Cyber Exercises and “Playbooks”• National Cyber Awareness System• Vulnerability Notes Database• Information Products and Recommended Practices• Cybersecurity Evaluations
Preparedness Activities
Franco CAPPA, CISSPCybersecurity Advisor (CSA)
October 12, 2021
Offerings for CI—continued
11
• Remote / On-Site Assistance• Malware Analysis• Hunt and Incident Response Teams• Incident Coordination
Response Assistance
TLP:WHITE
Franco CAPPA, CISSPCybersecurity Advisor (CSA)
October 12, 2021
Cybersecurity Assessments
13
• Cyber Resilience Review (CRR)• External Dependencies Management (EDM)• Cyber Infrastructure Survey (CIS)• Cyber Security Evaluation Tool (CSET)• Cyber Hygiene Services (Systems & Web)• Phishing Campaign Assessment• Validated Architecture Design Review (VADR)• Remote Penetration Testing (RPT)• Risk and Vulnerability Assessment (aka “Pen” Test)
STRATEGIC(HIGH-LEVEL)
TECHNICAL(LOW-LEVEL)
C-SUITE Level
NET/SYS Admin
Franco CAPPA, CISSPCybersecurity Advisor (CSA)
October 12, 2021
Protective Security Advisors
14
1. Plan, coordinate, and conduct security surveys and assessments (i.e., IST, SAFE)
2. Plan and conduct outreach activities 3. Support National Special Security Events (NSSEs) &
Special Event Activity Rating (SEAR) events4. Respond to incidents 5. Coordinate and support improvised explosive device
awareness and risk mitigation training
Five mission areas that directly support the protection of critical infrastructure
Franco CAPPA, CISSPCybersecurity Advisor (CSA)
October 12, 2021
Integrated CISA Watch
15
The mission of CISA Central is to serve as a national center for reporting of and mitigating communications and incidents.• Provide alerts, warnings, common operating picture on
cyber and communications incidents in real time to virtual and on-site partners
• Work 24X7 with partners to mitigate incidents (On-site partners include the DoD, FBI, Secret Service, Information Sharing and Analysis Centers (ISACs) and other DHS components and public partners)
Franco CAPPA, CISSPCybersecurity Advisor (CSA)
October 12, 2021
Federal Cybersecurity Response
16
PPD 41 Highlights: Released in July 2016, sets forth the principles governing
the Federal Government’s response to any cyber incident. Cybersecurity Act of 2018, landmark legislation that established CISA elevating their mission and authority within the Federal Government. Establishes the National Cyber Incident Response Plan
and Defines cyber incident and significant cyber incident severity schema scoring. CISA National Cyber Incident Scoring System (reference
below)Reference CISA NCISS: https://us-cert.cisa.gov/CISA-National-Cyber-Incident-Scoring-System
Franco CAPPA, CISSPCybersecurity Advisor (CSA)
October 12, 2021
Key Federal Points of Contact
17
Threat Response Asset Response
Federal Bureau of Investigation855-292-3937 or [email protected] Field Office Cyber Task Forceshttp://www.fbi.gov/contact-us/fieldReport cybercrime, including computer intrusions or attacks, fraud, intellectual property theft, identity theft, theft of trade secrets, criminal hacking, terrorist activity, espionage, sabotage, or other foreign intelligence activity to FBI Field Office Cyber Task Forces
CISA Watch888-282-0870 or [email protected] suspected or confirmed cyber incidents, including when the affected entity may be interested in government assistance in removing the adversary, restoring operations, and recommending ways to further improve security.
FBI Internet Crime Complaint Centerhttps://www.ic3.gov/
U.S. Secret Servicehttps://www.secretservice.gov/contact/field-offices
Franco CAPPA, CISSPCybersecurity Advisor (CSA)
October 12, 2021
CISA Mailing Lists and Feeds
18
• Alerts — timely information about current security issues, vulnerabilities, and exploits
• Analysis Reports — in-depth analysis on new or evolving cyber threats
• Bulletins — weekly summaries of new vulnerabilities. Patch information is provided when available
• Tips — advice about common security issues for the general public
• Current Activity — up-to-date information about high-impact types of security activity affecting the community at large
Source: US-CERT.gov
Franco CAPPA, CISSPCybersecurity Advisor (CSA)
October 12, 2021
Critical Manufacturing
19
Source: https://www.cisa.gov/publication/critical-manufacturing-sector-security-guide
Franco CAPPA, CISSPCybersecurity Advisor (CSA)
October 12, 2021
Securing ICS
20
Source: https://www.cisa.gov/publication/securing-industrial-control-systems
Franco CAPPA, CISSPCybersecurity Advisor (CSA)
October 12, 2021
CISA Cyber Essentials
21
Source: https://www.cisa.gov/publication/cyber-essentials-toolkits
Franco CAPPA, CISSPCybersecurity Advisor (CSA)
October 12, 2021
Telework Essentials Toolkit
22
Source: https://www.cisa.gov/publication/telework-essentials-toolkit
Franco CAPPA, CISSPCybersecurity Advisor (CSA)
October 12, 2021
STOP Ransomware Website
23
Source: https://stopransomware.gov/
Franco CAPPA, CISSPCybersecurity Advisor (CSA)
October 12, 2021
Resources
24
• CISA Cybersecurity: https://www.cisa.gov/cybersecurity• CISA Cyber Resource Hub (assessments): https://www.cisa.gov/cyber-
resource-hub• CSET + Ransomware Readiness Assessment (RRA):
https://github.com/cisagov/cset/releases• CISA Ransomware Resources: https://www.cisa.gov/stopransomware• CISA Cyber Essentials Toolkit: https://www.cisa.gov/publication/cyber-
essentials-toolkits• CISA Telework Guidance & Resources: https://www.cisa.gov/telework• Insider Threat Resources: https://www.cisa.gov/publication/insider-risk-
self-assessment-tool• CISA Incident Response: https://us-cert.cisa.gov/report• CISA Critical Infrastructure Exercises: https://www.cisa.gov/critical-
infrastructure-exercises• Training: https://www.cisa.gov/publication/stop-think-connect-toolkit and
https://fedvte.usalearning.gov
Franco CAPPA, CISSPCybersecurity Advisor (CSA)
October 12, 202125
For more information:cisa.gov
Questions?General: [email protected]