Transcript Protecting America’s Cyberspace: Version 1.0 of the National Plan Jeffrey Hunker National Security Council July 7, 1999 Critical Infrastructure Assurance Office CIAO.0209 - July 99 - 1

Protecting America’s
Cyberspace:
Version 1.0 of the National Plan
Jeffrey Hunker
National Security Council
July 7, 1999
Critical Infrastructure Assurance Office
CIAO.0209 - July 99 - 1
Cyber Threat Spectrum
• We know of foreign governments creating offensive
attack capabilities against US Cyber Networks
National
Security
Threats
Shared
Threats
Info Warrior
Reduce U.S. Decision Space,
Strategic Advantage, Chaos,
Target Damage
National
Intelligence
Information for Political, Military,
Economic Advantage
Terrorist
Visibility, Publicity,
Chaos, Political Change
Industrial
Espionage
Competitive Advantage
Intimidation
Revenge, Retribution, Financial
Gain, Institutional Change
Organized Crime
Local
Threats
Institutional
Hacker
Monetary Gain
Thrill, Challenge, Prestige
Recreational Hacker
Thrill, Challenge
CIAO.0209 - July 99 - 2
PDD-63: National Goal
 Protect Critical Infrastructures
– Intentional attacks that would significantly diminish
capabilities
 Action by Federal, state and local, private
sector:
– Federal: National security, public health and safety
– State and local governments: Maintain order, essential
services
– Private sector: Essential telecom, energy, financial,
transportation services
 Initial Operating Capability by 2000
 Final Operating Capability in 2003
CIAO.0209 - July 99 - 3
A Family of Plans
National Plan for Information Systems Protection Program
Framework for Critical
Infrastructure
Assurance Plan
• Private Sector/State & Local
Government
Prepare
and Prevent
Federal Government’s
Infrastructure Assurance Plan
Civilian Agency Protection &
Gov’t Wide Initiatives
• Non-DOD USG
DoD Infrastructure
Protection Plan
• DOD
Assess and eliminate significant vulnerabilities to information warfare attack
on America’s critical information systems in private sector and government
Detect
and Respond
Develop systems to assess, warn, isolate, respond and reconstitute essential
information dependent components of economy and government
Strong
Foundations
Create a strong foundation for secure cyber systems including public-private
partnership of systems operators and customers, sound legal footing,
widespread public understanding of the importance of information assurance
and security, and international cooperation
Different Constituencies, Shared Goals
CIAO.0209 - July 99 - 4
New Initiatives
 Supported by President’s FY 2000
Budget Request
– $1.4 B
– 38% Increase from 1999
 Focus On
– Federal Sector a Model
– Foundations for Public-Private Partnership
CIAO.0209 - July 99 - 5
Objective:
Prepare and Prevent
 Program 1: Identify and Address
Vulnerabilities
– Key Components for identifying vulnerabilities:
• network assessment
• network analyzer software programs
• Red Team attacks
– Best Practices and Standards
– New Programs and Focus within Federal
Government
• Expert Review Team
CIAO.0209 - July 99 - 6
Objective:
Detect and Respond
 Program 2: Detect Attacks and
Unauthorized Intrusions
– Multi-layered protection -- firewalls, intrusion
detection monitors, enterprise-wide
management systems, malicious code scanners
 Program 3: Robust Law Enforcement
and Intelligence Capabilities to Protect
Critical Information Systems
– NIPC taking the lead
CIAO.0209 - July 99 - 7
Objective:
Detect and Respond (cont’d)
 Program 4: Share Attack Warnings and
Information
– Computer Security Centers
• DOD: JTF-CND
• Non-DOD Federal Government: FIDNET
• Industry: Computer Security Centers/ISACs
– Three Pillar System of Intrusion and Attack
Detection
 Program 5: System for Response,
Reconstitution, and Recovery
CIAO.0209 - July 99 - 8
Computer Intrusion Detection
Network
Network Center
Notification
Intrusion
attempt
detected
1
Intrusion
attempt
detected
2
4
3
CIAO.0209 - July 99 - 9
ISAC Creation: Questions
1. One or many ISACs? By Sector?
2. Role limited to warning and real-time
networks’ security?
3. Government role in sponsoring,
starting?
4. New institution or add function to
existing entity?
5. Measures of success?
CIAO.0209 - July 99 - 10
Objective:
Build Strong Foundations
 Program 6: Enhance Research and
Development
– FY 2000 Budget Request: $508 MM
– Priorities:
• large scale networks of intrusion detection monitors
• malicious code detection
• interactive multi-layered defenses for enterprise
wide management
• modeling responses and interdependencies to
cyberattack
CIAO.0209 - July 99 - 11
Objective:
Build Strong Foundations (cont’d)
 Program 7: Train and Employ
Adequate Numbers of Information
Security Specialists
– Federal scholarship for service program
(CyberCorps)
– Retraining and certifying current Federal
IT security personnel
– New pay scale and incentive systems
for Federal IT personnel
– INFOSECURITY Centers of Excellence
in universities
– Support for additional university faculty
development
CIAO.0209 - July 99 - 12
CyberCorps
Problems:
– Lack of computer systems talent nationwide
– Inability of US Government to compete for
talented computer experts
Solution:
–
–
–
–
“ROTC” like programs in colleges
Stimulate colleges’ comp sci programs
Expands numbers of students in field
Trades undergraduate financial aid for
commitment to work for Federal Government
upon graduation
– Summer schools, internships, Institute
CIAO.0209 - July 99 - 13
Objective:
Build Strong Foundations (cont’d)
 Program 8: Outreach to Americans on
the Need for Cyber-Security
– Partnership for Critical Information Systems
Security
 Program 9: Adopt Legislation and
Appropriations in Support of
Programs 1-8
 Program 10: Ensure Full Protection of
American Citizen’s Civil Liberties
CIAO.0209 - July 99 - 14
Partnership for
Critical Information Security (draft)
National Awareness Campaign
Aimed at Corporate and IT Executives
Participation in
Partnership requires:
• Action to protect
Critical Information
Infrastructure
• Promote Education
• Support Outreach
CIAO.0209 - July 99 - 15
Goals With Economic
Sectors

Create Information Sharing and Assessment
Centers for intrusion monitoring networks

Establish process to agree upon ‘Best
Practices’ for computer security in each sector

Develop processes for certification of hardware,
software, firmware, computer security
personnel

Jointly develop Awareness and Education
campaign, perhaps through a new foundation or
institute
CIAO.0209 - July 99 - 16
Summary
Evolving Threat Environment - PDD-63
In Response
 Federal Initiatives Under Development
–
–
–
–
R&D
Cybercorps
Intrusion Detection
Reconstitution
 Industry Leadership Necessary in Key Areas
– Information Sharing
– Best Practices/Accreditation
– Education/Awareness
CIAO.0209 - July 99 - 17
Contact Information
National Security Council
[email protected]
Phone:
Fax:
(202) 456-9361
(202) 456-9360
Critical Infrastructure Assurance Office
Please visit our website at:
www.ciao.ncr.gov
Phone: (703) 595-9395
CIAO.0209 - July 99 - 18