Homeland Security Perspectives:

Oregon Fire District Directors

Association

October 25, 2018

Ronald D. Watters Jr M.Ed GSLC

Cybersecurity Advisor Region X

Stakeholder Engagement and Cyber Infrastructure Resilience (SECIR)

Cybersecurity and Communications (CS&C)

HomelandSecurity

Cybersecurity Advisor (CSA) Program

The CSA Mission:

To provide direct coordination, outreach, and regional support and assistance in the

protection of cyber components essential to the Nation’s Critical Infrastructure.

In service of this mission, CSAs are guided by the following goals:

– Assess: Assess critical infrastructure cyber risk.

– Promote: Promote best practices and risk mitigation strategies.

– Build: Initiate, build capacity, and support cyber communities-of-

interest and working groups.

– Educate: Educate and raise awareness.

– Listen: Collect stakeholder requirements.

– Coordinate: Coordinate incident support and lessons-learned.

HomelandSecurity

Critical Infrastructure (CI) Sectors

HomelandSecurity

What Is Cyber Resilience?

“… the ability to prepare for and adapt to changing

conditions and withstand and recover rapidly from

disruptions. Resilience includes the ability to

withstand and recover from deliberate attacks,

accidents, or naturally occurring threats or

incidents…”

- Presidential Policy Directive – PPD 21

February 12, 2013

Protect (Security) Sustain (Continuity)

Perform (Capability) Repeat (Maturity)

HomelandSecurity

Critical Questions for Consideration

HomelandSecurity

Some Critical Cybersecurity Questions:

• How do you measure if your cybersecurity efforts are going

well?

HomelandSecurity

Some Critical Cybersecurity Questions:

• How do you measure if your cybersecurity efforts are going

well?

• Do you plan your cybersecurity activities?

HomelandSecurity

Some Critical Cybersecurity Questions:

• How do you measure if your cybersecurity efforts are going

well?

• Do you plan your cybersecurity activities?

• Do you adhere to a cybersecurity standard of practice? Is

your system accredited? Is the Accreditation reviewed

regularly?

HomelandSecurity

Some Critical Cybersecurity Questions:

• How do you measure if your cybersecurity efforts are going

well?

• Do you plan your cybersecurity activities?

• Do you adhere to a cybersecurity standard of practice? Is

your system accredited? Is the Accreditation reviewed

regularly?

• Who is responsible and accountable for cybersecurity? Are

they measuring and managing the effort?

HomelandSecurity

Some Critical Cybersecurity Questions:

• What’s at risk? Have you identified the potential consequences if

your systems are compromised? Is your system scalable?

HomelandSecurity

Some Critical Cybersecurity Questions:

• What’s at risk? Have you identified the potential consequences if

your systems are compromised? Is your system scalable?

• Have you planned for cyber incident management and exercised

that plan?

HomelandSecurity

Some Critical Cybersecurity Questions:

• What’s at risk? Have you identified the potential consequences

if your systems are compromised? Is your system scalable?

• Have you planned for cyber incident management and exercised

that plan?

• Can you sustain operations of critical processes following a

significant cyber incident?

HomelandSecurity

Analysis Paralysis

• PSUEDO Medical term for “Brain Freeze” when faced with multiple critical

projects or objectives leading to failure to complete any.

– Take one item at a time and complete it, chip away at the problem one step at a time.

• Advantage is that you can show progress completing tasks

• Disadvantage is that it takes more planning and time.

– Plan and Budget for ongoing projects• You are not going to be able to complete major infrastructure projects quickly, so plan and prepare.

• Convene a Configuration Change Management meeting to discuss and have plan approved far in

advance of actual commencement of work.

• Move expensive portions to the next Fiscal year and budget for them.

13

HomelandSecurity

Cybersecurity Offerings for CIKR and SLTT

• National Cybersecurity and Communications Integration Center (NCCIC)

• Operations

• US-CERT/ ICS-CERT Operations

• Cyber Threat Hunting and Incident Response Teams

• National Cyber Assessments and Technical Services (NCATS)

• Risk and Vulnerability Assessments (RVAs)

• Phishing Campaign Assessments (PCA)

• Vulnerability Scanning

• Industrial Control Systems (ICS) Evaluations

• Cyber Security Evaluation Tool (CSET™)

• Cyber Threat Detection and Analysis

• Cyber Exercises

• Malware Analysis

• National Cyber Awareness System

• Publications and Communications

• Stakeholder Engagement Cyber Infrastructure Resilience (SECIR)

• Cyber Education and Awareness• Federal Virtual Training Environment (Fed

VTE)

• National Initiative for Cybersecurity Careers and Studies (NICCS)

• Stop.Think.Connect.™

• Partnership and Engagements• State, Local, Tribal, and Territorial (SLTT)

engagements

• Critical Infrastructure Cyber Community Voluntary Program (C3VP) http://us-cert.gov/ccubedvp

• Stakeholder Risk Assessment and Mitigations-

• Cybersecurity Advisors (CSA)

• Cyber Resilience Reviews (CRR™)

• External Dependency Management (EDM) Assessments

• Cyber Infrastructure Surveys

Contact Information

Department of Homeland SecurityNational Protection and Programs Directorate

Office of Cybersecurity and Communications

Stakeholder Engagement and Cyber Infrastructure Resilience

Stakeholder Risk Assessment and Mitigation

General Inquiries

cyberadvisor@hq.dhs.gov

Incident Response and Information Sharing

ncciccustomerservice@hq.dhs.gov

Contact InformationRonald WattersCybersecurity Advisor Region XSeattle, WA

Ronald.watters@hq.dhs.gov(206)348-4071

HomelandSecurity

The Last Slide

16

Questions?