National Strategy to Secure Cyber Space

1
National Strategy to Secure Cyber Space Week 2
supplementary

• Lewis University
• Legal Issues in Information Security
• Gary A Bannister
  FCMA, AICPA, CGEIT

2
Department of Homeland Security

• DHS Legislation signed Nov 25, 2002
• Cabinet level department unites 22 Fed entities
  for the common purpose of improving homeland
  security.

3
DHS Secretary

• Responsibilities
• Develop a National protection plan for securing
  key resources and critical infrastructure
• Provide crisis management in response to attacks
• Provide technical assistance to government
  entities and the private sector
• Coordinate warning information /advisories
• Perform and fund RD

4
National Strategy to Secure Cyberspace

• Part of overall effort to protect the Nation
• A Component of
• The National Strategy for Homeland Security
• National Strategy for the Physical Protection of
  Critical Infrastructures and Key Assets
• Purpose is to engage Americans to secure the
  portions of cyberspace that they own, operate,
  control or with which they interact.

5
5 Priorities for Cyberspace Security

• I. A national response system
• II. A national threat and vulnerability reduction
  program
• III. A national awareness and training program
• IV. Securing governments Cyberspace
• V. National international cooperation

6
5 Priorities for Cyberspace SecurityEach has
Specific Actions and Initiatives

• I. A national response system
• Expand the Cyber Warning Network
• II. A national threat and vulnerability reduction
  program
• Enhance law enforcements
  capabilities for preventing
• III. A national awareness and training program
• Promote a comprehensive national
  awareness program to empower all
  Americansbusinesses the general workforce, and
  the general population to secure their own parts
  of cyberspace
• IV. Securing governments Cyberspace
• National Institute of Standards and
  Technology (NIST)
• OMB, FISMA
• V. National international cooperation
• Work through International
  Organizations and with Industry to Facilitate and
  to Promote a Global Culture of Security

7
I. A national response system
8
Threat and VulnerabilityA Five-Level Problem

1. The home user / small business (SOHO)
2. Large Enterprises
3. Critical sectors Infrastructures
4. National issues vulnerabilities
5. Global

9
Threat and VulnerabilityA Five-Level Problem
10
(No Transcript)
11
Information Sharing and Analysis Centers (ISACs)

• An industry-led mechanism for gathering,
  analyzing and disseminating sector-specific
  security information and articulating and
  promoting best practices. Designed by the various
  sectors to meet their respective needs and
  financed through their membership.

12
Goal Secure the Mechanisms of the Internet

• Improve the security resilience of key
  protocols
• IP
• Transition from IPv4 to IPv6
• DNS
• Protection from DoS attacks on the 13 root
  servers
• BGP (Border Gateway Protocol)
• Interconnects thousands of networks that make up
  the Internet
• Protect against false routing information

13
Government Role

• Private sector is best equipped to respond
• Justified only when the benefits of intervention
  outweigh associated costs
• Warranted for
• Forensics and attack attribution
• Protection of networks/systems critical to
  national security
• Indications and warnings
• R D

14
Toothless Security

• Nice idea, but you dont expect us to do all
  this stuff voluntarily, do you?
• Microsoft CSO, Scott Charney
• Sept 2002

15
Questions?