Transcript No Slide Title

National Infrastructure
Protection Center
PARTNERSHIP FOR PROTECTION
STATUS AND INITIATIVES November
2, 1999
CRITICAL INFRASTRUCTURES
Services so vital that their
incapacity or destruction would
have a debilitating impact on the
defense or economic security of
the United States
CRITICAL INFRASTRUCTURES
•
•
•
•
•
•
•
•
Telecommunications / Computer Systems
Electrical Power
Oil & Gas
Transportation
Banking & Finance
Water
Emergency Services
Government Operations
WHOSE PROBLEM IS IT ?
• NOT JUST A FEDERAL GOVERNMENT ISSUE
• AND NOT JUST A GOVERNMENT ISSUE
• ANYONE - AT ANY LEVEL - CAN BE A
TARGET OR A VICTIM OF TERRORISM
THREATS - HARD TO DEFINE
CAPABILITY + INTENT x VULNERABILITY = THREAT
– Traditional Adversaries
– Economic Adversaries
– Political Adversaries
– Others / Potential
Terrorists / Organized Crime / Non-State / Opportunists
• RANGE OF CAPABILITY - - BUT
SIGNIFICANT CAPABILITY IS EASY TO GET
POSSIBLE FUTURE THREATS
• Cyber Mercenaries
• Cyber Militia
• Cyber Civil Disobedience (Domestic)
• Cyber Protesters (International)
• Cyber Terrorists
• Cyber Activists / Futurists / Unknowns
Presidential Decision Directive 63
• Sets goal of a secure information system
infrastructure by the year 2003, and increased
government security by the year 2000
• Requires federal agencies to serve as a model in
reducing cyber and physical infrastructure
vulnerabilities
• Seeks participation of private industry
• Sets up a new structure to deal with this challenge
Presidential Decision Directive 63 - National Structure
Executive Office of the President
National Infrastructure
Assurance Council
OSTP
(R&D)
National Security
Advisor
National Coordinator
National
Infrastructure
Protection Center
Information
Sharing and
Analysis
Center(s)
Critical Infrastructure
Coordinating Group
Critical Infrastructure
Assurance Office
SECTOR
LEAD AGENCY
Banking & Finance
Dept of Treasury
Transportation
Dept of Transportation
Electric and Gas & Oil
Dept of Energy
Information / Comms
Dept of Commerce
Emergency Law Enforcement
Dept of Justice
Government Services
FEMA
Emergency Fire
FEMA
Special Function
Agencies
DoJ / FBI
Law Enforcement
Internal Security
DoD
The
Private Sector
National Defense
CIA
Intelligence
Public Health Services
HHS
Water Supply
EPA
DoS
Foreign Affairs
8
NIPC MISSION
PDD-63, May 22, 1998:
• The NIPC will provide a national focal point for gathering
information on threats to the infrastructures.
• Its mission will include providing timely warnings of
intentional threats, comprehensive analyses and law
enforcement investigation and response.
• The NIPC will provide the principal means of facilitating
and coordinating the Federal Government’s response to
an incident, mitigating attacks, investigating threats and
monitoring reconstitution efforts.
NATIONAL INFRASTRUCTURE
PROTECTION CENTER
• Composition - Interagency, multi-level
– Multiple government agencies
– Federal, state, and local law enforcement
– Private sector representatives
• Manning
– FBI - 78 of 93 on board
– Other government agencies - 29 of 40 on board
DoD, DCIS, NSA, Services, NASA,
GSA, CIA, USSS, DOE, USPS, State
– Inbound includes FDIC, others
NIPC Organization
NIPC Director
Deputy Director
Computer Investigations and
Operations Section (CIOS)
Analysis and Warning
Section (AWS)
Training, Outreach and
Strategy Section (TOSS)
Computer Investigations
Unit
Analysis and Information
Sharing Unit
Training and Continuing
Education Unit
Special Technologies
Applications Unit
Watch and Warning
Unit
Outreach and Field
Support Unit
Cyber Emergency Support
Team
Strategic Planning Unit
NIPC CAPABILITIES
• Protection - Analysis & Warning Section
is issuing warnings, alerts, other products
• Prevention - STAU to coordinate R&D of
tools and applications to be shared
• Investigation - still strongest element;
built on CITAC foundation
NIPC INFORMATION FLOW
WATCH
CENTER
PRIVATE
SECTOR
ISACs
ANALYSIS
&
WARNING
COMPUTER
INTRUSION
INVESTIGATIONS
WARNINGS
ALERTS
ADVISORIES
INTERAGENCY
INVESTIGATION
INFRAGARD
FED GOV’T
INTELLIGENCE
OTHERS
DECISION MAKERS
A DIFFICULT PROCESS
• IDENTIFICATION / ATTRIBUTION
• LEGAL CONSTRAINTS
• ARE WE SURE WE’RE SURE ?
NIPC INITIATIVES
REPORTS & PRODUCT
• Warnings, Alerts, and Advisories
• Daily Watch Report
• Biweekly CYBERNOTES
• Critical Infrastructure Developments
• Quarterly Infrastructure Protection Digest
• Special Reports
NIPC INITIATIVES
PRIVATE SECTOR CONTACTS
NIPC establishing informal
channels for the exchange
of information
– ISACs
– Other structures
NIPC INITIATIVES
InfraGard
• Government alliance with private sector. Representatives from
industry, government, academia, state & local law enforcement
• Mechanism for systems owners and operators to communicate
with colleagues
• Improves dissemination of security information
– Intrusion alert network & Secure web site
– Chapter committees dedicated to concerns of membership
– Seminars and training & Meetings with colleagues
• Membership requirements
– Membership agreement
– Confidentiality pledge
– Commitment to actively participate
NIPC INITIATIVES
KEY ASSET INITIATIVE
• FBI PROGRAM REVITALIZED
• KEY ASSETS NEED TO BE REDEFINED
• DATA BASE MAINTAINED AT NIPC
• FIELD OFFICES GATHERING INFO
• MUST BE COMPATIBLE WITH DOD PROGRAM
NIPC INITIATIVES
SECTOR ACTIVITY
FBI / NIPC - the lead for the Emergency
Law Enforcement Services Sector
– DIR, NIPC IS SECTOR LIAISON OFFICIAL
– INVITED STATE & LOCAL LAW ENFORCEMENT
ORGANIZATIONS
– SECTOR COORDINATOR SELECTED
– QUARTERLY MEETINGS
– SECTOR PLAN UNDER REVIEW
– FEDERAL LAW ENFORCEMENT TO BE INVITED
TO NEXT MEETING
NIPC INITIATIVES
INTERNATIONAL ACTIVITY
• Investigative cooperation
– G8
– Council of Europe
• Participation in State-led effort to define
international cooperative effort
• Issues - What can be shared ? How ?
With whom ?
Building the Partnership
• Protect self using tools
• Report intrusions
• Safeguard information
Private Sector
Government
•Collect info about tools
•Collect info about threat
•Collect info about
organizations
•Coordinate R&D
•Provide info about tools
•Issue Warnings, Alerts
& Advisories
•Protect proprietary data
Doug Perritt
National Infrastructure Protection Center
Federal Bureau of Investigation
Room 11719
935 Pennsylvania Avenue, NW
Washington, DC 20535
[email protected]
[email protected]
(202) 324-0305
ADMINISTRATION INITIATIVES
R & D
Additional funding sought for research
into recognizing malicious code,
detecting unauthorized intrusions,
and developing other tools for
infrastructure protection.
ADMINISTRATION INITIATIVES
FEDERAL CYBER SERVICE PROGRAM
• Would provide college scholarships for
IT and Information Systems Security
majors - up to 300 per year
• Would require some amount of
government service in return
(Similar to ROTC concept)
ADMINISTRATION INITIATIVES
INFORMATION SECURITY INSTITUTE
• Would provide a national technical
training center for Information
Technology and Information Systems
Security professionals
• Would focus on continuing education
ADMINISTRATION INITIATIVES
TRAINING PROGRAMS
Through the institute and other
mechanisms, would provide for
professional training, certification,
recognition and enhanced status for
systems administrators and other
information systems operators and
security specialists.
ADMINISTRATION INITIATIVES
EDUCATON AND AWARENESS
• An effort to raise awareness of the
seriousness of cyber security
• In partnership with the private sector
• To be launched in December