latest in cyber security
play

Latest in Cyber Security November 7, 2013 TCIPG Annual Meeting - PowerPoint PPT Presentation

Oct 24, 2023 •461 likes •794 views

Homeland Security Advanced Research Projects Agency A View from Washington: The Latest in Cyber Security November 7, 2013 TCIPG Annual Meeting Douglas Maughan Division Director http://www.dhs.gov/cyber-research Presentation Outline

  1. Homeland Security Advanced Research Projects Agency A View from Washington: The Latest in Cyber Security November 7, 2013 TCIPG Annual Meeting Douglas Maughan Division Director http://www.dhs.gov/cyber-research

  2. Presentation Outline  Threat Space  National / Federal Activities  DHS Activities  Cyber Security Division (CSD) Overview  What’s Ahead  Summary  Q&A Presenter ’ s Name June 17, 2003 2

  3. Environment: Greater Use of Technology, More Threats, Less Resources Anywhere in the Globalization & world in 24 hours Transportation L Tenuous Border Security balance E & Immigration S Violent Insider S Extremism Threat R Low cost Strategic Cyber Domain E of entry potential S O Both sides get Aviation as an Predictive & Nature of example … to innovate Reactive U Innovation R Historical Misuse of C Perspective Technology E S Natural Disasters & Pushing Beyond Design Limits MORE THREATS

  4. “Cyber” – Where is it used? … DHS DHS provides collaborates advice and with sectors alerts to the through Sector 16 critical Coordinating infrastructure Councils (SCC) areas … X X  Business / Personal  Shopping & Banking Point of Sale (in store or on line)  Personnel  Social Media  …

  5. Cyber Threat Sources Ready to Exploit Weaknesses Nation States Cyber Criminals Terrorists, DTOs, etc. Insider Threats Hackers/Hacktivists Presenter ’ s Name June 17, 2003

  6. Cyber Threats  Malware – Malicious software to disrupt computers  Viruses, worms, …  Theft of Intellectual Property or Data  Hactivism – Cyber protests that are socially or politically motivated  Mobile Devices and Applications and their associated Cyber Attacks  Social Engineering – Entice users to click on Malicious Links  Spear Phishing – Deceptive communications (E- Mails, Texts, Tweets…)  Domain Name System (DNS) Hijacking  Router Security – BGP Hijacking  Denial of Service (DOS) – blocking access to web sites  Others ….. Presenter ’ s Name June 17, 2003 6

  7. Recent Events Presenter ’ s Name June 17, 2003 7

  8. Targeting of DHS through Email  The primary method of specifically targeting DHS is through phishing emails  Emails contain malicious attachment or link Targeted Malicious Email Detection and Response  Recipients often “ BCCed ”  A single compromise can provide an attacker with a foothold for complete network access  Notable Targeted Email Statistics:  60% of malicious emails sent from Gmail  Account names are believable  17% spoof other Government agencies  Total Emails per Year  2010 – 1108 emails (143 campaigns)  2011 – 1312 emails (157 campaigns)  2012 – 1497 emails (102 campaigns) 2012 - Average new campaign every 3.6 days Presenter ’ s Name June 17, 2003

  9. Cyberspace Definitions “ The interdependent network of information and communications technology infrastructures, including the Internet, telecommunications networks, computer systems and networks, and embedded processors and controllers in facilities and industries. ” White House Cyberspace Policy Review, May 2009 AND PEOPLE!!! Presenter ’ s Name June 17, 2003

  10. EO-13636 and PPD-21  In February 2013, the President issued two new policies: 1) Executive Order 13636: Improving Critical Infrastructure Cybersecurity 2) Presidential Policy Directive – 21: Critical Infrastructure Security and Resilience  America's national security and economic prosperity are dependent upon the operation of critical infrastructure that are increasingly at risk to the effects of cyber attacks  The vast majority of U.S. critical infrastructure is owned and operated by private companies  A strong partnership between government and industry is indispensible to reducing the risk to these vital systems

  11. Integrating Cyber-Physical Security  Executive Order 13636: Improving  Presidential Policy Directive-21: Critical Infrastructure Cybersecurity Critical Infrastructure Security and directs the Executive Branch to: Resilience replaces Homeland Security Presidential Directive-7 and directs the  Develop a technology-neutral Executive Branch to: voluntary cybersecurity framework  Develop a situational awareness  Promote and incentivize the capability that addresses both adoption of cybersecurity physical and cyber aspects of how practices infrastructure is functioning in near- real time  Increase the volume, timeliness and  Understand the cascading quality of cyber threat information consequences of infrastructure sharing failures  Incorporate strong privacy and civil  Evaluate and mature the public- liberties protections into every private partnership initiative to secure our critical  Update the National Infrastructure infrastructure Protection Plan  Explore the use of existing  Develop comprehensive research regulation to promote cyber security and development plan (CSD / RSD) Presenter ’ s Name June 17, 2003 11

  12. EO-PPD Deliverables 120 days – June 12, 2013  C • Publish instructions: unclassified threat information • Report on cybersecurity incentives • Publish procedures: expand the Enhanced Cybersecurity Services 150 Days - July 12, 2013  C • Identify cybersecurity critical infrastructure • Evaluate public-private partnership models • Expedite security clearances for private sector 240 Days – October 10, 2013  C • Develop a situational awareness capability • Update the National Infrastructure Protection Plan • Publish draft voluntary Cybersecurity Framework 365 days – February 12, 2014 • Report on privacy and civil rights and civil liberties cybersecurity enhancement risks • Stand up voluntary program based on finalized Cybersecurity Framework Beyond 365 - TBD • Critical Infrastructure Security and Resilience R&D Plan Presenter’s Name June 17, 2003 12

  13. Cybersecurity Framework (NIST lead)  Developed in collaboration with industry, provides guidance to an organization on managing cybersecurity risk  Supports the improvement of cybersecurity for the Nation’s Critical Infrastructure using industry-known standards and best practices  Provides a common language and mechanism for organizations to 1. describe current cybersecurity posture; 2. describe their target state for cybersecurity; 3. identify and prioritize opportunities for improvement within the context of risk management; 4. assess progress toward the target state; 5. Foster communications among internal and external stakeholders.  Composed of three parts: the Framework Core , the Framework Implementation Tiers , and Framework Profiles Presenter’s Name June 17, 2003 13

  14. Cybersecurity Framework Function Category Asset Management Business Environment IDENTIFY Governance Risk Assessment Risk Management Access Control Awareness and Training PROTECT Data Security Information Protection Processes and Procedures Protective Technology Anomalies and Events DETECT Security Continuous Monitoring Detection Processes Communication Analysis RESPOND Mitigation Improvements Recovery Planning RECOVER Improvements Communication Presenter’s Name June 17, 2003 14

  15. Recommended Incentives Areas: 1. Cybersecurity Insurance 6. Public Recognition 2. Grants 7. Rate Recovery for Price Regulated Industries 3. Process Preference 8. Cybersecurity Research 4. Liability Limitation 5. Streamline Regulations “ While these reports do not yet represent a final Administration policy, they do offer an initial examination of how the critical infrastructure community could be incentivized to adopt the Cybersecurity Framework as envisioned in the Executive Order. We will be making more information on these efforts available as the Framework and Program are completed.” Michael Daniel , Special Assistant to the President and Cybersecurity Coordinator White House Blog, August 6, 2013 Presenter’s Name June 17, 2003 15

  16. R&D guidance from PPD-21  Within 2 years , DHS in coordination with OSTP, SSA’s, DOC and other Federal D&A, shall provide to the President a National Critical Infrastructure Security and Resilience R&D Plan that takes into account the evolving threat landscape, annual metrics, and other relevant information to identify priorities and guide R&D requirements and investments…plan issued every 4 years …updates as needed .  Innovation and Research & Development: DHS in coordination with OSTP, SSA’s, Commerce and other Federal D&A, shall provide input to align those Federal and Federally-funded R&D activities that seek to strengthen the security and resiliency of the Nation’s critical infrastructure, including:  Promoting R&D to enable the secure and resilient design and construction of critical infrastructure and more secure accompanying cyber technology;  Enhancing modeling capabilities to determine potential impacts … and cascading effects;  Facilitating initiatives to incentivize cyber security investments and the adoption of critical infrastructure design features that strengthen all-hazards security and resilience;  Prioritizing efforts to support the strategic guidance issued by the Secretary.  Working Group headed up by DHS S&T Presenter’s Name June 17, 2003 16

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Security Testing Checking for what shouldnt happen Azqa Nadeem PhD Student @ Cyber Security

Security Testing Checking for what shouldnt happen Azqa Nadeem PhD Student @ Cyber Security

Security Testing Checking for what shouldnt happen Azqa Nadeem PhD Student @ Cyber Security Group The Cyber Security lecture series 1 Agenda for today Part I Latest security news Security vulnerabilities in Java

2.02k views • 185 slides
Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework

Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework

Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework Reporting Objectives Executive Summary Information Assess Current Cyber Security Posture Measure Progress Toward Improvement Assess

634 views • 5 slides
Cyber Security in Mining Automation Ragnar Schierholz, Head of Cyber Security, Industrial

Cyber Security in Mining Automation Ragnar Schierholz, Head of Cyber Security, Industrial

ABB MINING USER CONFERENCE, MAY 02-05, 2017 Cyber Security in Mining Automation Ragnar Schierholz, Head of Cyber Security, Industrial Automation Division Agenda Why worry about cyber security? ABBs approach to cyber security Cyber security

1.07k views • 39 slides
Web Security Cyber Security Lab Spring '10 04/15/10 Cyber Security Lab 1 Outline Web

Web Security Cyber Security Lab Spring '10 04/15/10 Cyber Security Lab 1 Outline Web

Web Security Cyber Security Lab Spring '10 04/15/10 Cyber Security Lab 1 Outline Web application weaknesses XSS AJAX weaknesses SQL Injection Attacks (Slides from Lars Olson)

588 views • 41 slides
Cyber Security Maintaining Your Identity on the Net Why Cyber Security? There are three

Cyber Security Maintaining Your Identity on the Net Why Cyber Security? There are three

Cyber Security Maintaining Your Identity on the Net Why Cyber Security? There are three points of failure in any secure network: Technology (hardware and software) Technology Support (ITS) End Users (USD students and employees)

359 views • 23 slides
CYBER SECURITY PROTECTING AGAINST CYBER FRAUD IN SCALEUP COMPANIES AND WHAT TO DO SHOULD THEY

CYBER SECURITY PROTECTING AGAINST CYBER FRAUD IN SCALEUP COMPANIES AND WHAT TO DO SHOULD THEY

CYBER SECURITY PROTECTING AGAINST CYBER FRAUD IN SCALEUP COMPANIES AND WHAT TO DO SHOULD THEY HAPPEN London June 2019 INTRODUCTION Cyber Security The activity or process, ability or capability, or state whereby information and

735 views • 24 slides
ICSS2015: International Cyber Security Strategy Congress: Cyber Security and Forensic Readiness* *

ICSS2015: International Cyber Security Strategy Congress: Cyber Security and Forensic Readiness* *

ICSS2015: International Cyber Security Strategy Congress: Cyber Security and Forensic Readiness* * Preliminary programme, subject to revision/update status 16 December 2014 4 February 2015 Day 1: Cyber Security Readiness Registration KU

306 views • 4 slides
Homeland Security Perspectives: Cyber Security Partnerships and Measurement Activities Bradford

Homeland Security Perspectives: Cyber Security Partnerships and Measurement Activities Bradford

16 Oct 2012 Homeland Security Perspectives: Cyber Security Partnerships and Measurement Activities Bradford Willke Cyber Security Advisor, MidAtlantic Region National Cyber Security Division (NCSD) Office of Cybersecurity and Communications

443 views • 20 slides
Cyber security Current challenges Ludovic M, septembre 2019 Cyber security ? Three triptychs !

Cyber security Current challenges Ludovic M, septembre 2019 Cyber security ? Three triptychs !

Cyber security Current challenges Ludovic M, septembre 2019 Cyber security ? Three triptychs ! 3 properties ... Confidentiality (including personal data) Integrity Availability 2 -Sminaire LIRIMA: Cyber security: current

876 views • 64 slides
2018 Legislative Ag Chairs Summit Cyber Security Geoff Jenista, CISSP Cyber Security Advisor,

2018 Legislative Ag Chairs Summit Cyber Security Geoff Jenista, CISSP Cyber Security Advisor,

2018 Legislative Ag Chairs Summit Cyber Security Geoff Jenista, CISSP Cyber Security Advisor, Region VII Office of Cybersecurity and Communications (CS&C) National Protection and Programs Directorate (NPPD) FOUO / UNCLASS Cyber Security

333 views • 12 slides
CIP 101 Training CIP-007-3a Cyber Security System Security Management Overview September

CIP 101 Training CIP-007-3a Cyber Security System Security Management Overview September

Eric Weston Wally Magda, CISSP, PSP, CISA Compliance Auditor, Cyber Compliance Auditor, Cyber Security Security CIP 101 Training CIP-007-3a Cyber Security System Security Management Overview September 24-25, 2013 Salt Lake City, UT No

2.02k views • 198 slides
CYBER SECURITY Nick Kervin Partner, IT Advisory August 2017 Page 1 CYBER SECURITY Overview

CYBER SECURITY Nick Kervin Partner, IT Advisory August 2017 Page 1 CYBER SECURITY Overview

CYBER SECURITY Nick Kervin Partner, IT Advisory August 2017 Page 1 CYBER SECURITY Overview 1. What is at risk? 2. Global industry trends 3. BDO/AusCERT survey 4. Recent cyber case studies 5. Cyber risk mitigation strategies Page

481 views • 35 slides
Healthy Approach to Cyber Security : For data-intensive healthcare, cyber security is integral to

Healthy Approach to Cyber Security : For data-intensive healthcare, cyber security is integral to

1 Healthy Approach to Cyber Security : For data-intensive healthcare, cyber security is integral to innovation Sallie Sweeney KPMG The healthcare industrys evolution toward a true value based system, assuming responsibility for complex

797 views • 10 slides
Centre for Cyber Security Thomas Kristmar Centre for Cyber Security Danish Defence Intelligence

Centre for Cyber Security Thomas Kristmar Centre for Cyber Security Danish Defence Intelligence

Centre for Cyber Security Thomas Kristmar Centre for Cyber Security Danish Defence Intelligence Service 05-10-2015 05-10-2015 Who are we? Centre for Cyber Security In respect of the Rule of Law and Privacy Cyber is a priority (Gov.

455 views • 18 slides
Cyber Security Information Sharing Oscar Serrano NCI Agency Cyber Security Service Line

Cyber Security Information Sharing Oscar Serrano NCI Agency Cyber Security Service Line

Cyber Security Information Sharing Oscar Serrano NCI Agency Cyber Security Service Line DeepSec 2014, Vienna, 21 November 2014 NATO UNCLASSIFIED Cyber Security In NATO NATO in a nutshell: Collective defence Interoperable

666 views • 42 slides
Cyber security Tiered approach to cyber security preparedness in water National Sector

Cyber security Tiered approach to cyber security preparedness in water National Sector

Cyber security Tiered approach to cyber security preparedness in water National Sector What I am Company utilities in the UK going to Water UK good practice cover NIS Directive Dr Jim Marshall, Senior Policy Advisor,

231 views • 4 slides
Enhancing UNTs Presence in Sub -Saharan Africa: Building Partnerships with Ethiopian Higher

Enhancing UNTs Presence in Sub -Saharan Africa: Building Partnerships with Ethiopian Higher

Enhancing UNTs Presence in Sub -Saharan Africa: Building Partnerships with Ethiopian Higher Education Institutions Daniel Gelaw Alemneh, Ph.D University of North Texas Daniel.Alemneh@unt.edu AFRICA RESEARCH SYMPOSIUM Thinking and

608 views • 27 slides
Privacy and security in the cloud Challenges and solutions for our future information society

Privacy and security in the cloud Challenges and solutions for our future information society

Privacy and security in the cloud Challenges and solutions for our future information society Panel Building trust the technical challenges World Summit on the Information Society Forum 25-29 May 2015 ITU, UNESCO, UNDP and UNCTAD

709 views • 17 slides
Communications and Electric Power Sectors: Need for Common Situation Awareness and Tools DIMACS

Communications and Electric Power Sectors: Need for Common Situation Awareness and Tools DIMACS

Communications and Electric Power Sectors: Need for Common Situation Awareness and Tools DIMACS Workshop on Algorithmic Decision Theory for the Smart Grid October 25, 2010 Daniel C. Hurley, Jr. Director, Critical Infrastructure

284 views • 14 slides
Attracting and Retaining Foreign Capital Flows Claude Lopez, PhD Director of International

Attracting and Retaining Foreign Capital Flows Claude Lopez, PhD Director of International

Attracting and Retaining Foreign Capital Flows Claude Lopez, PhD Director of International Finance and Macroeconomics Research Global Capital Inflows by Destination 2 The Reversal Observed Is Asset-Specific 3 And Country-Specific 4 How to

393 views • 10 slides
Lecture 24 Anonymity and Privacy Stephen Checkoway University of Illinois at Chicago CS 487

Lecture 24 Anonymity and Privacy Stephen Checkoway University of Illinois at Chicago CS 487

Lecture 24 Anonymity and Privacy Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Slides based on Miller and Baileys ECE 422 Anonymity Anonymity: Concealing your identity In the context of the Internet, we

860 views • 61 slides
RFID Security Gildas Avoine UCL, Louvain-la-Neuve, Belgium Department of Computing Science and

RFID Security Gildas Avoine UCL, Louvain-la-Neuve, Belgium Department of Computing Science and

Ecole Internationale de Printemps Syst` emes R epartis : METIS2008 RFID Security Gildas Avoine UCL, Louvain-la-Neuve, Belgium Department of Computing Science and Engineering RFID Security gildas.avoine@uclouvain.be Introduction Outline

1.28k views • 95 slides
DMAP : Global Name Resolution Services Through Direct Mapping Tam Vu WINLAB, Rutgers University

DMAP : Global Name Resolution Services Through Direct Mapping Tam Vu WINLAB, Rutgers University

DMAP : Global Name Resolution Services Through Direct Mapping Tam Vu WINLAB, Rutgers University http://www.winlab.rutgers.edu/~tamvu/ (Joint work with Akash Baid, Yanyong Zhang, Thu D. Nguyen, Junichiro Fukuyama, Richard P. Martin, Dipankar

584 views • 35 slides
Verteilte Systeme (Distributed Systems) Karl M. Gschka Karl.Goeschka@tuwien.ac.at

Verteilte Systeme (Distributed Systems) Karl M. Gschka Karl.Goeschka@tuwien.ac.at

Verteilte Systeme (Distributed Systems) Karl M. Gschka Karl.Goeschka@tuwien.ac.at http://www.infosys.tuwien.ac.at/teaching/courses/ VerteilteSysteme/ Lecture 5: Naming and Discovery Name, Address, Identifier Name Space and Name

670 views • 66 slides

More recommend