Transcription
Safeguarding and Securing CyberspaceSafeguarding and Securing CyberspaceOur economic vitality and national security depend today on a vast array of interdependent and critical networks, systems, services, and resources. We know this interconnectedworld as cyberspace, and without it we cannot communicate, travel, power our homes, run our economy, or obtain government services. Its benefits are tremendous. Yet as wemigrate even more of our economic and societal transactions to cyberspace, these benefits come with increasing risk. For this reason, safeguarding and securing cyberspace hasbecome one of the homeland security community‘s most important missions.Cybersecurity AssessmentToolsCyber Resiliency Review (CRR) is an assessment thatthe Cyber Security Evaluation Program offers tomeasure and enhance the implementation of keycybersecurity capacities and capabilities of criticalinfrastructure and key resources (CIKR). The purposeof the CRR is to gather information regardingcybersecurity performance from specific CIKR in orderto gain an understanding of the relationships andimpacts of CIKR performance in protecting criticalinfrastructure operations. The results can be used toevaluate a provider independent of other assessments,used with regional studies to build a commonperspective on resiliency, and used to examinesystems-of-systems (i.e., large and diverse operatingand organizing models). The key goal of the CRR isto ensure that core process-based capabilities exist, aremeasureable, and are meaningful as predictors for anorganization‘s ability to manage cyber risk to nationalcritical infrastructure. For more information aboutthe CRR, contact the CSEP program at CSE@dhs.gov.Cybersecurity Evaluation Program (CSEP) conductsvoluntary cybersecurity assessments across all 18 CIKRsectors, within state governments and large urbanareas. CSEP affords critical infrastructure sectorparticipants a portfolio of assessment tools,techniques, and analytics, ranging from those that canbe self-applied to those that require expert facilitationor mentoring outreach. The CSEP works closely withinternal and external stakeholders to measure keyperformances in cybersecurity management. TheCyber Resiliency Review is being deployed across all18 Critical Infrastructure sectors, state, local, tribal,and Territorial governments. For more orial 0839.shtmor contact CSE@dhs.gov.Cybersecurity Evaluation Tool (CSET) is a desktopsoftware tool that guides users through a step-by-stepprocess for assessing the cyber security posture oftheir industrial control system and enterpriseinformation technology networks. CSET is availablefor download or in DVD format. To learn more ordownload a copy, visit http://www.uscert.gov/control systems/satool.html. To obtain aDVD copy, send an e-mail with your mailing addressto CSET@dhs.gov.Cybersecurity Vulnerability Assessments throughthe Control Systems Security Program (CSSP)provide on-site support to critical infrastructure assetowners by assisting them to perform a security selfassessment of their enterprise and control systemnetworks against industry accepted standards, policies,and procedures. To request on-site assistance, assetowners may e-mail CSSP@dhs.gov.Industrial Control Systems (ICS) TechnologyAssessments provide a testing environment toconduct baseline security assessments on industrialcontrol systems, network architectures, software, andcontrol system components. These assessmentsinclude testing for common vulnerabilities andconducting vulnerability mitigation analysis to verifythe effectiveness of applied security measures. Tolearn more about ICS testing capabilities andopportunities, e-mail CSSP@dhs.gov.Information Technology Sector Risk Assessment(ITSRA) provides an all-hazards risk profile thatpublic and private IT Sector partners can use to informresource allocation for research and development andother protective measures which enhance the securityand resiliency of the critical IT Sector functions. Formore information, seehttp://www.dhs.gov/xlibrary/assets/nipp it baseline risk assessment.pdf or contactncsd cipcs@hq.dhs.gov.Cybersecurity IncidentResourcesCurrent Cybersecurity Activity is a regularly updatedsummary of the most frequent, high-impact types ofsecurity incidents currently being reported to theUS‑CERT. For more information, see http://www.uscert.gov/current/ or contact info@us-cert.gov (888)282-0870.Cyber Investigation Section (CIS) CIS is designed totarget and proactively investigate major internationalcriminals. This goal is accomplished through acombination of long-term undercover operations,close partnerships with other US governmentagencies, and consistently refined strategic targeting.In conjunction with this unique role, CIS hasprototyped numerous advanced technical systems thatallow for the integration and re-use of diverse formsof evidence from all US jurisdictions and foreignpartners. Also included under this unit are analystsand Criminal Research Specialists who focus onforeign language websites, money launderingactivities, and digital/electronic currency. For moreinformation, see www.secretservcie.gov/ectf.shtml.46
Safeguarding and Securing CyberspaceCyber Forensics the products developed through thisprogram are cyber forensic analysis devices used bylaw enforcement in the daily investigation of criminaland terrorist activity and the tools developed allowinvestigators to visualize, analyze, share, and presentdata derived from cell phones, GPS devices, computerhard drives, networks, personal data assistants, andother digital media. For more information, contactSandT-CyberLiaison@hq.dhs.gov.Industrial Control Systems Cyber EmergencyResponse Team (ICS-CERT) The ICS-CERT focuseson control system security across all criticalinfrastructure and key resource (CIKR) sectors. TheICS-CERT supports asset owners with reducing the riskof cyber attacks by providing alerts and advisories,conducting incident response activities, andperforming technical analysis of malware, artifacts,and vulnerabilities. For more information, visithttp://www.us-cert.gov/control systems/ics-cert orcontact ICS-CERT at ics-cert@dhs.gov.National Computer Forensics Institute (NCFI) Is theresult of a partnership between the Secret Service andthe State of Alabama. The goal of this facility is toprovide a national standard of training on a variety ofelectronic crimes investigations. This program willoffer state and local law enforcement officers thetraining necessary to conduct computer forensicsexaminations, respond to network intrusion incidents,and conduct basic electronic crimes investigations.The NCFI will also train prosecutors, and judges onthe importance of computer forensics to criminalinvestigations. This training acts as a force multiplierfor the Secret Service and other federal lawenforcement agencies, thus reducing the volume ofcyber crime cases impacting the federal judicialprocess. For more information, seewww.ncfi.usss.gov.National Cyber Alert System the US-CERT NationalCyber Awareness System offers a variety of up-to-dateinformation on general cybersecurity topics, threatsand vulnerabilities via subscription lists and feeds foralerts, bulletins, and tips. For more information, visithttp://www.us-cert.gov/cas/ or contact info@uscert.gov (888) 282-0870.U.S. Computer Emergency Readiness Team (USCERT) Monthly Activity Summary provides monthlyupdates made to the National Cyber Alert System. Thisincludes current activity updates, technical and nontechnical alerts, bulletins, and tips, in addition toother newsworthy events or highlights. For moreinformation, see ts; contact info@us-cert.gov(888) 282-0870.U. S. Computer Emergency Readiness Team (USCERT) Operations Center Report cybersecurityincidents (including unexplained network failures),the discovery of malicious code, and vulnerabilityinformation at https://forms.us-cert.gov/report/.Contact the US-CERT Operations Center at soc@uscert.gov (888) 282-0870.U.S. Computer Emergency Readiness Team (USCERT) Vulnerability Notes Database includestechnical descriptions of each vulnerability, as well asthe impact, solutions and workarounds, and lists ofaffected vendors. For more information, seehttp://www.kb.cert.org/vuls or contact info@uscert.gov (888) 282-0870.U.S. Computer Emergency Readiness Team (USCERT) Security Publications provide subscriberswith free, timely information on cybersecurityvulnerabilities, the potential impact of thosevulnerabilities, and actions required to mitigate thevulnerability and secure their computer systems. Formore information, see http://www.uscert.gov/security-publications/ or contact info@uscert.gov (888) 282-0870.Cybersecurity TechnicalResourcesCybersecurity Advisors (CSAs) act as principal fieldliaisons in cybersecurity and provide a federal resourceto regions, communities, and businesses. Theirprimary goal is to assist in the protection of cybercomponents essential within the nation‘s criticalinfrastructure and key resources (CIKR). Equallyimportant is their role in supporting cybersecurity riskmanagement efforts at the state and local homelandsecurity initiatives. CSAs will work with establishedprograms in state and local areas, such as ProtectiveSecurity Advisors, FEMA emergency managementpersonnel, and fusion center personnel. For moreinformation, contact the program at CSE@dhs.gov.Cybersecurity Research and Development Center(CSRDC) DHS S&T utilizes CSRDC to focus cybersecurity research and development efforts and toinvolve the best practices and personnel fromacademic, private industry, federal and nationallaboratories. For more information about this andother DHS S&T projects, workshop information andpresentations, cybersecurity news, events and outreachinformation, see http://www.cyber.st.dhs.gov/ orcontact SandT-Cyber-Liaison@hq.dhs.gov.Cybersecurity in the Retail Subsector Webinarprovides retail employees and managers with anoverview of the cyber threats and vulnerabilitiesfacing the industry. The webinar also reviews thetypes of cyber systems and infrastructure used by theretail industry and steps that retail personnel can taketo address the unique vulnerabilities to those cyberresources. The webinar is available on HSIN-CS athttps://connect.hsin.gov/p78334832/. For moreinformation contact CFSTeam@hq.dhs.gov.Cybersecurity Public Trends and Analysis Reportprovides awareness of the cyber security trends asobserved by the U.S. Computer Emergency ReadinessTeam (US-CERT). The analysis in this report is basedon incident information that has been reported to USCERT, incidents identified by US-CERT, andpublic/private sector information identified whencorrelating and analyzing the data. For moreinformation contact US-CERT at info@us-cert.gov(888) 282-0870.47
Safeguarding and Securing CyberspaceControl Systems Security Program (CSSP)Cybersecurity Training is provided through aninstructor-led introductory course for control systemand IT professionals or a five-day advanced coursewhich includes hands-on instruction in an actualcontrol system environment. On-line introductorycybersecurity courses are also available. For moreinformation, see http://www.uscert.gov/control systems/cstraining.html or contactCSSP@dhs.gov.Control Systems Security Program (CSSP) reducesindustrial control system risks within and across allcritical infrastructure and key resource sectors. CSSPcoordinates cybersecurity efforts among federal, state,local, and tribal governments, as well as industrialcontrol system owners, operators, and vendors. CSSPprovides many products and services that assist theindustrial control system stakeholder community toimprove their cybersecurity posture and implementrisk mitigation strategies. To learn more about theCSSP, visit http://www.us-cert.gov/control systems/or e-mail CSSP@dhs.gov.Critical Infrastructure Protection Cyber Security(CIP-CS) leads efforts with public and private sectorpartners to promote safe, secure, and resilient U.S.cyber infrastructure. Major elements of the CIP-CSprogram include: managing and strengthening cybercritical infrastructure partnerships with public andprivate entities in order to effectively implement riskmanagement and cybersecurity strategies; teamingwith cyber critical infrastructure partners in thesuccessful implementation of cybersecurity strategies;and promoting effective cyber communicationsprocesses with partners that result in a collaborative,coordinated approach to cyber awareness. For moreinformation, contact CIP-CS atncsd cipcs@hq.dhs.gov.Cybersecurity Education and WorkforceDevelopment Program (CEWD) fosters effectivecybersecurity education and workforce developmentprograms by facilitating the availability ofprofessionals qualified to support the nation‘scybersecurity needs. To support nationalcybersecurity workforce development, CEWDdeveloped the IT Security Essential Body of Knowledge(EBK), an umbrella framework that linkscompetencies and functional perspectives to ITsecurity roles to accurately reflect a nationalperspective. For more information, rity in the Emergency Services SectorWebinar is a one-hour overview of the types of cybersystems and infrastructure that the Emergency ServicesSector utilizes. The webinar also address the threatsand vulnerabilities to those cyber resources and isavailable on the Homeland Security InformationNetwork – Critical Sectors (HSIN-CS) EmergencyServices Sector Portal. For access and moreinformation, contact ESSTeam@hq.dhs.gov.Cybersecurity in the Retail Sector Webinar Thiswebinar will provide retail employees and managerswith an overview of the cyber threats andvulnerabilities facing the industry. Viewers of theWebinar will gain a heightened sense of theimportance of strengthening cybersecurity in the retailworkplace. The Webinar also will review the types ofcyber systems and infrastructure used by the retailindustry and steps that retail personnel can take toaddress the unique vulnerabilities to those cyberresources. Also includes One-pager/invitation. . TheWebinar is available on HSIN-CS athttps://connect.hsin.gov/p78334832/. For moreinformation, please contact the Commercial FacilitiesSSA at CFSTeam@dhs.gov.Cybersecurity Information Products andRecommended Practices provide currentcybersecurity information resources and recommendsecurity practices to help industry understandemerging control systems cyber security issues andmitigate vulnerabilities. This information will helpusers reduce their exposure and susceptibility to cyberattacks and exploits. For a complete list and access tocybersecurity information products, visithttp://www.uscert.gov/control systems/csdocuments.html. Formore information, contact CSSP@dhs.gov.Domain Name System Security Extensions(DNSSEC) Deployment Coordinating Initiativeprovides cryptographic support for domain namesystem (DNS) data integrity and authenticity. DHSsponsors a community-based, international effort totransition the current state of DNSSEC to large-scaleglobal deployment, including sponsorship of theDNSSEC Deployment Working Group, a group ofexperts active in the development or deployment ofDNSSEC. It is open for anyone interested inparticipation. The DNSSEC website contains articles,published research papers, DNSSEC tools, case studies,workshop information, and presentation materials.See http://www.dnssec-deployment.org/.Industrial Control System Cybersecurity Standardsand References provide an extensive collection ofcybersecurity standards and reference materials as aready resource for the industrial control systemstakeholder community. To view the collection, visithttp://www.uscert.gov/control systems/csstandards.html. Formore information, contact CSSP@dhs.gov.Information Technology Sector Specific Plan (ITSSP) outlines the IT Sector security partners‘ jointimplementation of the NIPP risk managementframework. It describes an approach for identifying,assessing, prioritizing, and protecting critical IT Sectorfunctions, establishing shared IT Sector goals andobjectives, and aligning initiatives to meet them. Toview the IT SSP, formation-tech-2010.pdf. For more information,contact ncsd cipcs@hq.dhs.gov.The National Cyber Security Division‟s (NCSD)Critical Infrastructure Protection Cyber Security(CIP-CS) program developed a flexible, repeatable,and reusable cyber risk management approach to helpCIKR sectors, state and local governments, and otherpublic and private sector organizations manage cybercritical infrastructure risk. This approach—theCybersecurity Assessment and Risk ManagementApproach (CARMA)—incorporates lessons from a48
Safeguarding and Securing Cyberspacewide variety of cyber risk management activities.CARMA is a comprehensive, functions-based riskmanagement strategy that focuses on cyber criticalinfrastructure and effectively identifies, assesses, andmanages shared risks. For more information, emailncsd cipcs@hq.dhs.gov.Network Security Information Exchange (NSIE)The NCS and the National SecurityTelecommunications Advisory Committee (NSTAC)recommended the establishment of an Industrygovernment partnership to reduce the vulnerability ofthe Nations‘ telecommunications systems to electronicintrusion. The NCS and NSTAC formed separategovernment and Industry Network SecurityInformation Exchanges to share ideas on technologiesand techniques for addressing and mitigating the risksto the public network and its supportinginfrastructures. For more information, visithttp://www.ncs.gov/nstac/reports/fact sheet/NSTAC 08.pdf.National Vulnerability Database (NVD) is the U.S.government repository of standards-basedvulnerability management data represented using theSecurity Content Automation Protocol (SCAP). Thisdata enables automation of vulnerability management,security measurement, and compliance. NVD includesdatabases of security checklists, security-relatedsoftware flaws, misconfigurations, product names,and impact metrics. For more information, visithttp://nvd.nist.gov/ or contact nvd@nist.gov.The Protected Repository for the Defense ofInfrastructure against Cyber Threats (PREDICT)facilitates the accessibility of computer and networkoperational data for use in cyber defense research anddevelopment through large-scale research datasets.PREDICT allows partners to pursue technical solutionsto protect the public and private informationinfrastructure. It also provides researchers anddevelopers with real network data to validate theirtechnology and products before deploying themonline. Within this project, the Los Angeles NetworkData Exchange and Repository (LANDER), NetworkTraffic Data Repository to Develop Secure InformationTechnology Infrastructure, Routing Topology andNetwork Reliability Dataset Project, and Virtual Centerfor Network and Security Data serve as data setcollectors and hosts. The PREDICT Data CoordinatingCenter helps manage and coordinate the research datarepository. For more information visithttps://www.predict.org or contact PREDICTcontact@rti.org.Roadmap to Enhance Cyber Systems Security in theNuclear Sector The Roadmap to Enhance CyberSystems Security in the Nuclear Sector describescoordinated activities to improve cyber systemssecurity in the Nuclear Sector. It provides nuclearcontrol and cyber systems vendors, asset owners andoperators, and relevant government agencies, with acommon vision, goals, and objectives for cybersystems security in the sector. It also providesmilestones to focus specific efforts and activities forachieving the vision, goals, and objectives over thenext 10 to 15 years, addressing the Nuclear Sector‘smost urgent challenges, as well as its longer-termneeds to reduce the cyber security risk to nuclearindustrial cyber systems. For more information, pleasecontact the NPPD/IP Nuclear SSA atNuclearSSA@hq.dhs.gov.Roadmap to Secure Control Systems in theChemical Sector The Roadmap to Secure ControlSystems in the Chemical Sector describes a plan forvoluntarily improving cybersecurity in the ChemicalSector. It brings together Chemical Sectorstakeholders, government agencies, and asset ownersand operators with a common set of goals andobjectives. For more information, please contact theNPPD/IP Chemical SSA atChemicalSector@hq.dhs.gov.Software Assurance (SwA)Automating Software Assurance Under SwAsponsorship, MITRE, in collaboration withgovernment, industry, and academic stakeholders, isimproving the measurability of security throughenumerating baseline security data, providingstandardized languages as means for accuratelycommunicating the information, and encouragingsharing of this information with users by developingrepositories (see Making Security easurable.html). MITRE issueselectronic newsletters on the following technologiesemployed in automating SwA: CommonVulnerabilities and Exposures (CVE); CommonWeakness Enumeration (CWE); Common AttackPattern Enumeration and Classification (CAPEC); OpenVulnerability and Assessment Language (OVAL); andMalware Attribute Enumeration and Characterization(MAEC).Software Assurance Program (SwA) SoftwareAssurance is the level of confidence that software isfree from vulnerabilities, either intentionally designedinto the software or accidentally inserted and thatsoftware applications function in the intendedmanner. Grounded in the National Strategy to SecureCyberspace, the SwA Program develops practicalguidance and tools, and promotes research anddevelopment of secure software engineering.Resources including articles, webinars, podcasts, andtools for software security automation and processimprovement are constantly updated at the SwACommunity Resources and Information Clearinghouselocated at https://buildsecurityin.us-cert.gov/swa/.For more information, contactsoftware.assurance@dhs.gov.Software Assurance (SwA) Forum and WorkingGroup Sessions Four times per year, under the cosponsorship of organizations in DHS, the Departmentof Defense (DoD), and the National Institute ofStandards and Technology (NIST), the SwA Forumand Working Group Sessions provide a venue forparticipants to share their knowledge and expertise insoftware security while interacting and networkingwith key leaders in industry, government, andacademia. During the Forums, the SwA Program offersfree tutorials. Several of these tutorials are availableon line from the Software Engineering Institute'sVirtual Training Environment (VTE) athttps://www.vte.cert.org/vteweb/go/3719.aspx.49
Safeguarding and Securing CyberspaceSoftware Assurance (SwA) Resources To supportSwA in higher education, SwA and the SoftwareEngineering Institute (SEI) have developed SoftwareAssurance Curriculum mswa.html)which are freely available for download. Thiscurriculum is formally recognized by the Institute ofElectrical and Electronics Engineers (IEEE) and theAssociation for Computing Machinery (ACM). At theForum and Working Group Sessions, SwA distributesCDs of SwA resources. Included on the CDs areguides, reports, and brochures on numerous topicssuch as: SwA Capability Benchmarking roself assm.html); SwA EcosystemPage html); FAQs and Fact Sheetson SwA Forums and Working .html);Whitepapers from the Software Assurance tpe research.html); Evaluating andMitigating Software Supply Chain Security Risk, May2010 MitigatingSWsupplyChainRisks10tn016.pdf); and SwA Pocket Guide Series - free,downloadable documents on critical softwareassurance topics (https://buildsecurityin.uscert.gov/swa/pocket guide series.html).Software Assurance (SwA) Email Newsletterprovides excellent updates and new informationrelated to the SwA program. To subscribe to thenewsletter, email listproc@nist.gov and put‗subscribe‘ in the subject line and ‗subscribesw.assurance‘ in the body of the email.Software Assurance (SwA) Checklist for SoftwareSupply Chain Risk Management SwA developed anddeployed the ―SwA Checklist for Software SupplyChain Risk Management‖ which identifies commonelements of publicly available software assurancemodels. The SwA Checklist provides a consolidatedview of current software assurance goals and bestpractices in the context of an organized SwA initiative.The checklist includes mappings between the SwAChecklist practices and practices identified in existingSwA maturity models and related capability maturitymodels. This mapping provides a valuable referencefor those wishing to improve their software assurancecapabilities. For more information, seehttps://buildsecurityin.uscert.gov/swa/proself assm.html#checklist.Software Assurance (SwA) Outreach As part of anextensive outreach effort, the SwA participates inconferences and webinars with the InternationalInformation Systems Security Certification Consortium(ISC)2, the Information Systems Security Association,Open Web Application Security Project (OWASP), andother organizations interested in application security.More about SwA relevant webinars is available on theBSI and CRIC websites. Please rs.html for more information.Moreover, SwA supports online communities ofinterest, such as the Software Assurance EducationDiscussion Group on r &gid 3430456) and the Software Assurance MegaCommunity(http://www.linkedin.com/groups?home &gid 1776555&trk anet ug hm)The Top 25 Common Weakness Enumerations(CWE) In cooperation with the SystemAdministration, Audit, Network Security (SANS)Institute, SwA and MITRE issued the report, ―ImproveSecurity and Software Assurance: Tackle the CWE Top25 – The Most Dangerous Programming Errors.‖ TheTop 25 CWEs represent the most significantexploitable software constructs that have madesoftware so vulnerable. Communicating andaddressing these problematic issues will serve toimprove software security, both during developmentand while in operation. Read more and see the list of―Top 25 CWE Programming Errors‖ athttps://buildsecurityin.us-cert.gov/swa/cwe/.50
Cybersecurity Evaluation Tool (CSET) is a desktop software tool that guides users through a step-by-step process for assessing the cyber security posture of their industrial control system and enterprise information technology networks. CSET is available for download or in DVD format. To learn more or
