U s government demonstrating leadership in cyber security l.jpg
1 / 18

U.S. Government: Demonstrating Leadership in Cyber-Security.

Uploaded on:
Category: Animals / Pets
U.S. Government: Demonstrating Leadership in Cyber-Security. March 14, 2000. Cyber-Attack. Economy and National Security dependent upon computer controlled systems One-Third of US Economic Growth 95-98 Security not a design consideration for most critical systems/networks
Slide 1

U.S. Government: Demonstrating Leadership in Cyber-Security March 14, 2000

Slide 2

Cyber-Attack Economy and National Security subordinate upon PC controlled frameworks One-Third of US Economic Growth 95-98 Security not an outline thought for most basic frameworks/organizes Large number of 'assaults', unapproved interruptions, down-burdens, noxious code insertion Other countries creating hostile digital assault abilities - went for the U.S. New and Novel Intrusions

Slide 3

PDD-63: Protecting Critical Infrastructures Action by Federal, state and neighborhood, private segment members Federal: National Security, general wellbeing and security State and nearby governments: Maintain request and key administrations Private Sector: Essential interchanges, vitality, money related, and transportation administrations Initial Operating Capability by 2000; Final Operating Capability by 2003 Established: National Coordinator - NSC National Infrastructure Protection Center (NIPC) Critical Infrastructure Assurance Office (CIAO)

Slide 4

National Plan Blueprint: Four Key Themes US Government a Model of Information Security Building the Public Private Partnership R&D for Solutions Law Enforcement and National Security Capabilities

Slide 5

The White House Is Watching ( So is Congress) President National Plan for Information Systems Protection Cyber-Summit Agency Directive White House OMB Director Lew Guidance Chief of Staff Podesta Guidance Ongoing Chief of Staff Conference Calls Congress GSA reports Many Hearings Many Bills

Slide 6

FY 2000/2001 Budget FY 2000 - $1.75 B Appropriated 10% Civilian Agency FY 2001 - $2.01 B Requested 25% Civilian Agency Key Initiatives - $100 M Institute for Information Infrastructure Protection Federal Cyber Service FIDNET PKI ISACs Expert Review Team R&D - $606 M FY 2000 Supplemental - $9 M

Slide 7

Future Budgets OMB/NSC/Interagency Process 1) Proposals Developed From Agency Experts From Interagency Working Groups 2) Interagency/White House OK 3) Action by Departments 4) OMB Review if not some portion of Departmental Request New Process In Use for Other Cross-cutting Issues

Slide 8

National Plan Blueprint: Four Key Themes US Government a Model of Information Security Building the Public Private Partnership R&D for Solutions Law Enforcement and National Security Capabilities

Slide 9

U.S. Government as Model Identify and Address Vulnerabilities Implement Best Practices Install Defensive Detection Systems Train and Recruit Security Experts Fund R&D

Slide 10

One: Identify and Address Vulnerabilities Vulnerability Assessment versus Threat Analysis Tension amongst Cyber and Physical Interdependencies and Single Points of Failure New Elements : Project Matrix Expert Review Team Open Source Software Patch Prioritization Recommended Practices PKI

Slide 11

Project Matrix Shared Interdependencies Complete Picture of Asset Dependencies and Interdependencies Three Steps Identify PDD-63 Relevant Assets Capture Major Nodes and Networks which USG Critical Assets Depend Tie Critical Assets and Supporting Nodes/Networks to Underlying Infrastructures

Slide 12

Two: Implement Best Practices Convergence of Three Initiatives Critical Infrastructure Protection Working Group Model Information Systems Security Program CIO Council Strategic Objectives CIO Council Security, Privacy and Critical Infrastructure Committee Lead Objective: under the control of professionals soon

Slide 13

Three: Defensive Detection Systems Invest in Current Best of Breed Intrusion Detection Monitors/Firewalls Access/Activity Rules Enterprise Wide Management Systems Deploy Next Generation Government-Wide Systems JTF-CND - for DOD FIDNet - for Civilian Agences NSIRC - for national security frameworks Drive Technology Vendor meeting 3/15

Slide 14

FIDNet Architecture System of Systems Departments run own interruption identification frameworks Link to FIDNet Information Exchange Enhances FedCIRC Capabilities Run by GSA Base for Additional Capabilities patch circulation

Slide 15

Four: Train and Recruit Security Experts: Centers for IT Excellence Scholarship for Service Program High School Recruitment and Computer Security Awareness program Federal Computer Security Awareness Program IT Occupational Study/Reform

Slide 16

Five: Fund R&D Institute for Information Infrastructure Protection National structure: Coordinated Federal and Private Sector endeavors Key Priorities Indications of atypical conduct inside frameworks Large-scale computerized relationship of occasions Automated caution investigation

Slide 17

Summary Federal Government Must be a Model White House Support for Budget and Resources Need for Action Vulnerabilities Best Practices FIDNet and Detection Systems Training and Recruitment R&D

Slide 18

CHAIR, USG as a Model Working Group Tom Burke General Services Administration (GSA) 202 708 7000 Tom.Burke@GSA.GOV NSC Senior Director for Critical Infrastructure Jeffrey Hunker National Security Council (NSC) 202 456 9351 Jeffrey_A._Hunker@NSC.EOP.GOV CONTACT