June 9, 2003 Updated July 2004 Slide 1 Critical Infrastructure Assurance: The US Experience.
-
date post
20-Dec-2015 -
Category
Documents
-
view
214 -
download
1
Transcript of June 9, 2003 Updated July 2004 Slide 1 Critical Infrastructure Assurance: The US Experience.
June 9, 2003Updated July 2004
Slide 1
Critical Infrastructure Assurance:
The US Experience
June 9, 2003Updated July 2004
Slide 2
OverviewOverview Critical Infrastructure Protection (CIP) History
National Security Telecommunications Advisory Committee (NSTAC)
National Infrastructure Advisory Council (NIAC)
Partnership for Critical Infrastructure SecurityRelationships in transitionAccomplishmentsInformation Sharing & Analysis Centers
CIP Sector Lead AgenciesHistorical RolesTransitions to Dept. of Homeland Security
CIP Challenges
June 9, 2003Updated July 2004
Slide 3
www.pcis.orgwww.pcis.org
PDD-63Critical
Infrastructures
PDD-63Critical
Infrastructures
WaterWater
TransportationTransportation
Oil & GasOil & GasBanking & FinanceBanking & Finance
Electric PowerElectric Power
Emergency ServicesEmergency Services
Government ServicesGovernment Services
TelecommunicationsTelecommunications
Critical InfrastructuresCritical Infrastructures
June 9, 2003Updated July 2004
Slide 4
www.pcis.orgwww.pcis.org
Critical InfrastructuresCritical Infrastructures
Added Critical InfrastructuresAdded Critical Infrastructures
Chemical Industry and Hazardous Materials
Chemical Industry and Hazardous Materials
AgricultureAgriculture Key National Assets*Key National Assets*
Public HealthPublic Health
Postal and ShippingPostal and Shipping
FoodFood
Defense Industrial BaseDefense Industrial Base
June 9, 2003Updated July 2004
Slide 5
www.pcis.orgwww.pcis.org
National Security InterestNational Security Interest
are critical to safety, security, our way of life depend on commercial networks are interdependent are largely owned and operated by private companies cannot entirely depend on the Federal government for
defense against cyber attacks
Infrastructures…
Government needs industry in a true public-private partnership
June 9, 2003Updated July 2004
Slide 6
www.pcis.orgwww.pcis.org
The Business CaseThe Business Case
Businesses dependent on the Internet for survival
Vulnerabilities threaten economic survivability/competitiveness
InterdependencySupply chainPartnersCustomersInfrastructure industries
Companies are on the front lines of defense
Industry needs government in true public-private partnership
June 9, 2003Updated July 2004
Slide 7
www.pcis.orgwww.pcis.org
Critical Infrastructure AssuranceCritical Infrastructure Assurance
Partnership for Critical Infrastructure Security
“Efforts to promote and assure reliable provision of critical infrastructure services in the face of emerging risks to economic and national security”
June 9, 2003Updated July 2004
Slide 8
www.pcis.orgwww.pcis.org
HistoryHistory
• 1982 National Coordination Center for Telecommunications / National Security Telecommunications Advisory Committee
• 1997 President’s Commission on Critical Infrastructure Protection
• 1998 Presidential Decision Directive 63
Critical Infrastructure Assurance Office (CIAO)National Infrastructure Protection Center (NIPC)Office of National Coordinator
• 1999 Partnership for Critical Infrastructure Security; Financial Services Information Sharing and Analysis Center (ISAC)
• 2000 Telecom ISAC
• 2001 IT-ISAC; Worldwide-ISAC; ES-ISAC; Special Advisor to the President for Cyberspace Security
• 2002 Surface Transportation ISAC; Energy ISAC; more
• 2003 Department of Homeland Security
June 9, 2003Updated July 2004
Slide 9
www.pcis.orgwww.pcis.org
National Security Telecommunications National Security Telecommunications Advisory Committee (NSTAC)Advisory Committee (NSTAC)
Provides industry-based advice and expertise to the President on issues and problems related to implementing national security and emergency preparedness (NS/EP) communications policy
• Information Sharing• Education, Training, &
Awareness• Network Convergence• R&D Exchange• Information Assurance• Infrastructure Protection• Cyber Security & Crime
• Network Security• Widespread Telecommunications
Service Outages• Intrusion Detection• National Coordinating
Mechanism• Telecommunications Legislation
and Regulation• Telecom ISAC
June 9, 2003Updated July 2004
Slide 10
www.pcis.orgwww.pcis.org
National Infrastructure Advisory Council National Infrastructure Advisory Council (NIAC)(NIAC)
Enhance public and private partnership in protecting information systems for critical infrastructures
Propose and develop ways to encourage private industry to perform periodic risk assessments
Monitor development of private sector ISAC’s (Information Sharing and Analysis Centers)
Foster improved cooperation among ISAC’s
Advise the President through the Secretary of Homeland Security as well as lead agencies with critical infrastructure responsibilities, sector coordinators, and the ISACs
June 9, 2003Updated July 2004
Slide 11
www.pcis.orgwww.pcis.org
Cross-sector CollaborationCross-sector Collaboration
Partnership for Critical Infrastructure Security
(PCIS)
http://www.pcis.org
• Participation by leaders from government, industry & academia
• Coordinates cross-sector initiatives and compliments public-private efforts
• Board of Directors majority always critical infrastructure “sector coordinators”
June 9, 2003Updated July 2004
Slide 12
www.pcis.orgwww.pcis.org
PCIS MissionPCIS Mission
Coordinate cross-sector initiatives and cross-sector initiatives and complement public-private efforts to public-private efforts to promote and assure reliable provision of promote and assure reliable provision of critical infrastructure services in the face of critical infrastructure services in the face of emerging risks to economic and national emerging risks to economic and national security.security.
June 9, 2003Updated July 2004
Slide 13
www.pcis.orgwww.pcis.org
Pre-DHS PCIS RelationshipsPre-DHS PCIS Relationships
State and LocalGovernments
State and LocalGovernments
Critical Infrastructure Industry SectorsCritical Infrastructure Industry Sectors
LawLaw EnforcementEnforcement
FBIFBI
NIPCNIPC
Federal Departments and AgenciesFederal Departments and Agencies
CIAOCIAO
President of the President of the United StatesUnited States
Advisory CommitteesAdvisory Committees
PCISPCISPCISPCIS
June 9, 2003Updated July 2004
Slide 14
www.pcis.orgwww.pcis.org
Key PCIS AccomplishmentsKey PCIS Accomplishments
• Brought together critical infrastructure sector leaders• Identified public policy needs
•Three white papers•Congress drafted new legislation after attending PCIS meeting
• Coordinated industry input to National Strategy to Secure Cyberspace
• Developed cross-sector information sharing taxonomy• Published Critical Infrastructure Protection awareness
resource repository• Stay Safe Online campaign
June 9, 2003Updated July 2004
Slide 15
www.pcis.orgwww.pcis.org
National Strategy to Secure CyberspaceNational Strategy to Secure Cyberspace
Five National PrioritiesNational Cyberspace Response System National Cyberspace Threat and Vulnerability Reduction Program National Cyberspace Awareness & EducationSecuring Government Cyber Systems
Public-private partnership Primarily market-based approach Multi-level risk assessments National Security and
International Cooperation
June 9, 2003Updated July 2004
Slide 16
www.pcis.orgwww.pcis.org
Stay Safe Online CampaignStay Safe Online Campaign
• Security education for homes, small businesses
• “Top Ten” tips, Tech Talks, security guides, links
• 105 companies; 15 Federal agencies
• 6+ million page views since Feb 7 rollout (2 million per month)
• National Cyber Security Alliance (NCSA)—educational foundation of PCIS
Poster contest winners meet Tom Ridge in West Wing Apr 18, 2002
www.staysafeonline.info
June 9, 2003Updated July 2004
Slide 17
www.pcis.orgwww.pcis.org
PCIS Current PrioritiesPCIS Current Priorities
• Cross-sector information exchange
• Outreach to new sectors
• Risk Assessment Guidebook
• Effective Practices Compendium
• Digital control systems security R&D
June 9, 2003Updated July 2004
Slide 18
www.pcis.orgwww.pcis.org
Information Sharing and Information Sharing and Analysis Centers (ISACs)Analysis Centers (ISACs)
• Vital part of Critical Infrastructure Protection (CIP)
• Gather, analyze, and disseminate information on security threats,vulnerabilities, incidents, countermeasures, and best practices
• Early and trusted advance notification of member threats and attacks
• Organized by industry: cross-sector awareness, outreach, response and recovery
June 9, 2003Updated July 2004
Slide 19
www.pcis.orgwww.pcis.org
The ISACs (Cont.)The ISACs (Cont.)
• ISAC Benefits:•Early notification
•Relevant information
•Industry-wide vigilance
•Subject matter expertise
•Anonymous information sharing
•Trending, metrics, benchmark data
June 9, 2003Updated July 2004
Slide 20
www.pcis.orgwww.pcis.org
CIP Relationship TransitionsCIP Relationship Transitions
June 9, 2003Updated July 2004
Slide 21
www.ntia.doc.govwww.ntia.doc.gov
U.S. CIP Effort: Sector Lead AgenciesU.S. CIP Effort: Sector Lead Agencies• Commerce Information and Communications
• Treasury Banking and Finance
• EPA Water Supply
• Transportation Aviation Highways (including trucking and intelligent transportation
systems) Mass Transit Pipelines Rail Waterborne Commerce
• Justice/FBI Emergency Law Enforcement Services
• FEMA Emergency Fire Service Continuity of Government Service
• HHS Lab Services Public Health Services, including Prevention, Surveillance and Personal Health Services
• Energy Electric Power Oil and Gas Production and Storage ------------------------------------------------------------------------------
CIAO Critical Infrastructure Assurance OfficeNIPC National Infrastructure Protection Center
June 9, 2003Updated July 2004
Slide 22
www.ntia.doc.govwww.ntia.doc.gov
New Sector Lead AgenciesNew Sector Lead Agencies
• DHS Information & Communications Transportation (aviation, rail, mass transit,
waterborne commerce, pipelines, and highways (incl. Trucking & intelligent transportation systems)
Postal and Shipping Emergency Services Continuity of Government
• Treasury Banking and Finance
• HHS Public Health Food (all except for meat and poultry)
• Energy Electric power, oil & gas production and storage
• EPA Water Chemical Industry and Hazardous Materials
• USDA Agriculture Food (meat and poultry)
• DOD Defense Industrial Base
June 9, 2003Updated July 2004
Slide 23
www.pcis.orgwww.pcis.org
Critical Infrastructure Protection ChallengesCritical Infrastructure Protection Challenges
• Government in transition/turmoil• New sectors• Physical and cyber strategies to merge• War on terrorism• Balancing budgets/priorities
242424
www.pcis.org