Information Sharing Initiatives In Critical Infrastructure Protection and Resilience

1
Information Sharing Initiatives In Critical
Infrastructure Protection and Resilience

• Denise Anderson
• Vice Chair-National Council of ISACs
• Vice President FS-ISAC, Government and Cross
  Sector Programs
• Financial Services Information Sharing
  Analysis Center (FS-ISAC)

National Council of ISACs
2
Agenda

• Critical Infrastructure
• What is an ISAC?
• Descriptions of the various ISACs and
  capabilities/reach
• What is the National Council of ISACs?
• Overview of Council Activities
• Case Studies Lessons Learned
• Five Initiatives To Enhance Critical
  Infrastructure Protection and Resilience

3
Critical Infrastructure

• 18 Defined Sectors

Agriculture and Food Defense Industrial
Base Energy Healthcare Public Health Banking
Finance Water Chemical Commercial
Facilities Critical Manufacturing Dams Communicati
ons Postal Shipping Transportation
Systems Government Facilities Emergency
Services Nuclear Reactors, Materials
Waste Information Technology National Monuments
Icons
4
What is an ISAC?

• Relationship to sectors
• Funding
• Structure/Operations
• Functions

5
Why ISACs?

• Trusted entities established by CI/KR owners
  
• and operators.
• Comprehensive sector analysis
• Reach-within their sectors, with other sectors,
  and
• with government to share critical
  information.
• All-hazards approach
• Threat level determination for sector

6
Why ISACs?

• Operational services such as risk mitigation,
• incident response, and information sharing
• Fast response on accurate, actionable and
• relevant information
• Empower business resiliency through security
• planning, disaster response and recovery
• execution. Most ISACs, by
• definition, have 24/7
• threat warning,
• incident reporting capabilities

7
ISACs

• Communications ISAC
• Electricity ISAC
• Emergency Management Response ISAC
• Financial Services ISAC
• Highway ISAC
• Information Technology ISAC
• Maritime ISAC
• Multi-State ISAC

8
ISACs

• National Health ISAC
• Public Transit ISAC
• Real Estate ISAC
• Research and Education ISAC
• Supply Chain ISAC
• Surface Transportation ISAC
• Water ISAC

9
Other Operational Entities

• Defense Industrial Base (DIB)
• Nuclear
• Oil Gas
• Chemical
• Airline

10
ISAC EXAMPLE FS-ISAC Information Sharing and
Analysis Tools for Members

• Cyber Physical alerts from 24/7 Security Ops
  Center
• Briefings/white papers
• Risk Mitigation Toolkit
• Document Repository
• Anonymous Submissions
• Committee Listservs
• Member surveys

• Bi-weekly Threat calls
• Special info sharing member conference calls
• Crisis Management process CMLT, CINS
• Semi-annual conferences
• Webinars
• Regional Program
• Viewpoints

11
Communications ISAC

• The DHS National Coordinating Center partners
  with the private sector in the ISAC and provides
  24x7 operational support
• Members include communications equipment and
  software vendors, wire line communications
  providers, wireless communications providers,
  including satellite providers, Internet Service
  Provider backbone networks
• www.ncs.gov/ncc

12
Electricity ISAC

• The ES-ISACs coverage includes bulk power system
  entities and 18 Reliability Coordinators and
  covers the entire continental United States and
  Canada
• Working on developing the necessary communication
  and participation with non-bulk power system
  entities and their critical suppliers
• www.esisac.com

13
EMR ISAC

• Initiated in 2000 by a FEMA contract, operates
  from the National Emergency Training Center in
  Emmitsburg, MD
• Reaches over 40,000 ESS departments and agencies
  directly, thousands more reached through ESS
  associations, departments
  and agencies as well as
  state and local fusion centers
• www.usfa.dhs.gov/emr-isac

14
Financial Services ISAC

• The only industry forum for collaboration on
  critical security threats facing the financial
  services sector
• Over 4,200 direct members and 30 member
  associations
• Ability to reach 99 of the banks and credit
  unions and 85 of the securities industry, and
  nearly 50 of the insurance industry
• www.fsisac.com

15
Highway ISAC

• Cooperative Agreement with (DHS) Trucking
  Security Program (TSP)
• Provide anti-terrorism and security awareness
  training for highway professionals and recruit
  volunteers to report suspicious activities
• Reach over 2 million
• www.firstobserver.com

16
Information Technology ISAC

• Reaches 90 of all desktop operating systems, 85
  of all databases 76 of the global
  microprocessor market 85 of all routers and 65
  of software security
• www.it-isac.org

17
Maritime Security ISAC

• Established in 1988
• Non-profit, member driven organization
  representing ocean carriers, cruise lines, port
  facilities and terminals, logistics providers,
  importers, exporters and related maritime
  industries throughout the world 
• http//www.maritimesecurity.org/

18
Multi-State ISAC

• Includes all 50 States, the District of Columbia,
  five U.S. Territories, one local governments per
  state and all state homeland security offices
• The MS-ISAC continues to broaden its local
  government participation to include all of the
  approximate 39,000 municipalities and fusion
  centers
• www.msisac.org

19
National Health ISAC

• The NH-ISAC serves to protect the nation's
  healthcare and public health critical
  infrastructure against security threats and
  vulnerabilities.
• Founded in 2010 leveraging Center for Technology
  Innovation at Kennedy Space Center
• Healthcare and Public Health organizations
• www.nhisac.org

20
Public Transit ISAC

• Created by The American Public Transportation
  Association (APTA). APTA is designated by the US
  Department of Transportation as the sector
  coordinator for the US public transit industry
• Members serve more than 90 of persons using
  public transportation in the United States and
  Canada
• www.surfacetransportationisac.org/APTA.asp

21
Real Estate ISAC

• Created by the Real Estate Roundtable in 2003
• Membership comprised of 11 major associations
  such as BOMA, IREM, American Hotel Lodging,
  National Apartment Association, International
  Institute of Shopping Centers, Real Estate
  Roundtable
• http//reisac.org/

22
REN ISAC

• Supported by Indiana University and through
  relationships with EDUCAUSE and Internet2, the
  REN-ISAC is an integral part of higher
  education's strategy to improve network security
  specifically designed to support the unique
  environment and needs of over 1,400 organizations
  connected to served higher education and research
  networks
• Ability to reach 4,000 EDU organizations
• www.ren-isac.net

23
Supply Chain ISAC

• Includes over 661 manufacturers shippers, cargo
  carriers (air, rail, highway and maritime),
  consignees, supply chain service suppliers, law
  enforcement and federal government agencies,
  which reach almost 1,700 users
• Launched in June 2006 with the announcement of
  its sponsorship by the International Cargo
  Security Council (ICSC) at the ICSC Annual
  Conference
• www.secure.sc-investigate.net/SC-ISAC

24
Surface Transportation ISAC

• Created by the Association of American Railroads
  in 2002 at the request of the Secretary of
  Transportation
• The ST-ISAC supports 95 of the North American
  freight railroad infrastructure
• www.surfacetransportationisac.org

25
Water ISAC

• Currently provides security information to water
  and wastewater utilities that provide services to
  more than 65 of the American population
• www.waterisac.org

26
National Council of ISACs

• Began meeting in 2003 to address common concerns
  and cross-sector interdependencies
• Volunteer group of ISACs who meet monthly to
  develop trusted working relationships among
  sectors on issues of common interest and work on
  initiatives of value to CI/KR

27
National Council of ISACs-Structure

• National Council of ISACs four designated
  operational representatives from each ISAC sit on
  the Council.
• ISAC Plus all other entities/representatives
  such as operations centers who participate in
  information sharing
• Leadership
• Chair Will Pelgrin-Multi-State ISAC
• Vice-Chair William Nelson-Financial Services
  ISAC
• Secretary Denise Anderson-Financial Services
  ISAC

28
National Council of ISACs Mission

• The mission of the National Council of
  Information Sharing and Analysis Centers Council
  (ISACs) is to advance the physical and cyber
  security of the critical infrastructures of North
  America by establishing and maintaining a
  framework for valuable interaction between and
  among the ISACs and with governments.

29
Information Sources
Communications
National Council of ISACs
30
National Council of ISACs Activities-Examples

• Increase involvement of sectors without ISACs
• Drills/Exercises Such as NLEs, Cyber Storm
• Private Sector Liaison at the NICC
• Emergency Classified Briefing Process
• Cross Sector Information Sharing Framework
• Implement Real-Time sector Threat Level Reporting
• Directorate

31
(No Transcript)
32
(No Transcript)
33
Case Studies Recent Incidents

• DNS Cache Poisoning
• Hurricanes Gustav and Ike
• H1N1
• ISAC Example
• RSA Breach
• Account Take Over Attacks

34
DNS Cache Poisoning

• When the DNS Cache Poisoning vulnerability was
  discovered in July 2008, ISACs alerted each other
  and shared mitigation strategies
• Sector Call
• Information Sharing via ListServ
• Information Sharing via trusted relationships
• Weekly Inter-ISAC calls
• Joint Bulletin published by IT, Communications
  and FS ISACs

35
Hurricanes Gustav Ike

• During Hurricanes Gustav Ike, the National
  Council of ISACs stood up (in partnership with
  DHS and PCIS) a private sector liaison seat at
  the NICC
• Information Sharing via ListServ
• Information Sharing via trusted relationships
• Weekly Inter-ISAC calls
• ENS and Crisis calls
• Success Stories

36
Information Shared

• List of ATMs that have been used in the last 24
  hours in affected regions along the gulf coast
• Missing ACH Files
• List of merchants in affected regions that have
  seen credit/debit card transactions in the last
  24 hours, categorized by Fuel, Building
  Materials, Food and Medicine

37
Lessons Learned

• Education reach out to sectors and down to
  owners/operators-A new way of thinking
• Compiling common situations/questions for
  training and future incidents
• Politics
• Successes
• EPA
• VISA

38
H1N1

• The ISACs were and are actively engaged in
• Sector Calls with DHS and CDC
• Information Sharing via ListServ
• Information Sharing via trusted relationships
• FS-ISAC Business Resiliency Committee calls
• Best practices guidelines

39
RSA Breach

• March 11, 2011-Breach detected not public
• Thursday March 17, 2011 story broke
• Threat Intelligence Committee Call
• Friday March 18, 2011
• Cyber UCG call
• NCI call with DHS
• Threat Intelligence Committee Call w/RSA
• FS-ISAC Membership Call w/RSA
• NCI call
• Mitigation Report Working Group Calls
• Mitigation Report

40
Five Major Initiatives To Enhance Critical
Infrastructure Protection and Resilience

• NICC Liaison
• Classified Briefing Initiative
• Joint Coordination Center Pilot
• NLE 11
• NCCIC UCG

41
NICC Liaison Purpose

• Establish a private sector liaison with a
  physical presence at the National Infrastructure
  Coordinating Center (NICC) to serve as a conduit
  for information between the CI/KR Private Sector
  and DHS Office of Infrastructure Protection (IP)
  particularly in instances of incidents of
  national significance but also during special
  security events, exercises and drills.

42
NICC Liaison Activities

• Work with IP Partners to validate CIKR
  information and assessments for all 18 sectors
• Support activities relating to RFIs and RFAs
• Contribute to reports, as necessary
• Help facilitate situational awareness
• Facilitate CIKR private sector pull
  teleconferences as necessary
• Staff seat during certain exercises and other
  situations as appropriate

43
NICC Liaison Qualifications

• Sector-designated operational representative
• Maintain minimum of a secret level clearance
• Complete 3-Hour Training Program
• Visit Freedom Center once every 4 weeks
• Sign an agreement to represent all sectors

44
NICC Liaison Contact Information

• niccprivatesector_at_isaccouncil.org
• 703-563-3430

45
Classified Briefing Objective

• The Emergency Private Sector Classified
  Briefing Program enables Federal intelligence
  agencies to reach all Private Sector Critical
  Infrastructure represented by the National
  Council of ISACs Members, PCIS, and other private
  sector participating entities to relay classified
  information on an emergency basis.

46
Classified Briefing Who

• Private Sector representatives from all 18
  Sectors
• 8 designated representatives per sector
• 4 designated operations and 4 designated policy
• Minimum clearance level-Secret

47
Classified Briefing How

• Classified Briefing Group on ENS list
• Any intelligence agency can trigger notification
  via NICC
• 24-hour notice period

48
Joint Coordination Center-Pilot

• National Security Telecommunications Advisory
  Council-NSTAC
• Cross-Sector Cyber Security Collaboration and
  Analysis
• Pilot project initially involving the FS-ISAC
  IT-ISAC Defense Security Information Exchange
  (DSIE) and Communications ISAC.

49
Joint Coordination Center-Pilot

• Private Sector Component
• Establish a common operating picture amongst
  sectors and analysis products to support efforts
  to detect, prevent, mitigate and respond to cyber
  security events through a 24x7 Joint Coordination
  Center
• Current Activity

50
NLE 11

• Private Sector Working Group
• Ground Truth Documents
• Electricity, Water, Surface Transportation,
  Communications
• Sim Cell and Private Sector Liaison Play
• Long-Term Recovery Workshops and TTX

51
What Is The NCCIC?

• National Cybersecurity and Communications
  Integration Center
• DHS-led Unified Operations Watch Warning Center
• Operates 24 hours/day, 7 days/week, 365 days a
  year.
• Classification Level-Top Secret/Sensitive
  Compartmented Information (TS/SCI)

52
NCCIC Mission
Address threats and incidents affecting the
Nations critical information technology and
cyber infrastructure
53
Who Is The NCCIC?
DHS Office of Cybersecurity and Communications
(CSC)
UCG
NCCIC
Liaisons
US CERT
NCSC
NCC
DHS IA
ICS-CERT
54
Operations

• Data and situational awareness from component
  operations/ Information Sharing
• Fusion and analysis of information to see
  trends/incidents
• Joint Incident Management
• Decision Support

Steady State
Incident Response
De-escalation
55
Who Is Currently At The Table?
DHS Office of Cybersecurity and Communications
(CSC)
NCCIC
ES-ISAC
Comms ISAC
IT-ISAC
FS-ISAC
MS-ISAC
56
The UCG

• Unified Command Group-composed of private and
  public sector representatives
• UCG-Staff and UCG Seniors
• UCG Staff meet on a regular basis. Both meet as
  needed during an incident
• Advise Assistant Secretary of CSC on
  cybersecurity matters, provide subject matter
  expertise and response as necessary during an
  incident that requires national coordination.

57
Cyber Incident Response
Cyber Incident Manager
Cyber UCG Incident Management Team
UCG Seniors
UCG Staff
Private Sector
NGOs/Others
NCCIC
Federal Government
International
State/Local Government
58
CONTACT
Will Pelgrin-Chair Denise Anderson-Vice
Chair Scott Algeier-Secretary William.Pelgrin_at_
msisac.org danderson_at_fsisac.us
salgeier_at_it-isac.org
www.natlisacs.org