SECR 5140-FL Critical Infrastructure Protection - PowerPoint PPT Presentation

1 / 24
About This Presentation
Title:

SECR 5140-FL Critical Infrastructure Protection

Description:

SECR 5140-FL Critical Infrastructure Protection Dr. Barry S. Hess Spring 2 Semester Week 3: 1 April 2006 Class Website Class Info http://home.covad.net/~bshess ... – PowerPoint PPT presentation

Number of Views:139
Avg rating:3.0/5.0
Slides: 25
Provided by: Barr160
Category:

less

Transcript and Presenter's Notes

Title: SECR 5140-FL Critical Infrastructure Protection


1
SECR 5140-FLCritical Infrastructure Protection
  • Dr. Barry S. Hess
  • Spring 2 Semester
  • Week 3 1 April 2006

2
Class Website
  • Class Info
  • http//home.covad.net/bshess/
  • Contact info
  • barry.hess_at_gmail.com
  • 571.237.3418

3
Agenda
  • Make-up Presentations
  • Student Presentations
  • National Strategy to Secure Cyberspace
  • Discussion

4
Presentations
5
National Strategy to Secure Cyberspace
  • White House Office of Homeland Security
  • February 2003

6
Strategic Objectives
  • Prevent cyber attacks against Americas critical
    infrastructures
  • Reduce national vulnerability to cyber attacks
    and
  • Minimize damage and recovery time from cyber
    attacks that do occur.

7
Critical Priorities for CyberspaceSecurity
  1. A National Cyberspace Security Response System
  2. A National Cyberspace Security Threat and
    Vulnerability Reduction Program
  3. A National Cyberspace Security Awareness and
    Training Program
  4. Securing Governments Cyberspace and
  5. National Security and International Cyberspace
    Security Cooperation.

8
Cyber Security Research and Development Act
(Public Law 107-305)
  • Signed by President Bush on 27 November 2002
  • Authorized over 900M over five years to the
    National Science Foundation (NSF) and the
    National Institute of Standards and Technology
    (NIST)
  • Funding will
  • Improve basic research in computer security
  • Encourage partnerships between industry and
    academia
  • Generate a new cybersecurity workforce

9
Information Sharing and Analysis Centers (ISACs)
  • Sharing Information to Protect the Economy
  • Develop ways of better protect our critical
    infrastructures and to help minimize
    vulnerabilities, DHS established ISACs to allow
    critical sectors to share information and work
    together to help better protect the economy
  • http//www.dhs.gov/dhspublic/display?theme73cont
    ent1375

10
Computer Emergency ResponseTeam/Coordination
Center (CERT/CC)
  • Identified computer securityincreased
    significantly from 2000 to 2002, going from 1,090
    to 4,129

11
Cyberspace Vulnerabilities
Source CERT/CC
12
Guiding Principles
  • A National Effort
  • Coordination and cooperation between federal,
    state, and local governments and the private
    sector is key to success
  • Protect Privacy and Civil Liberties
  • Enhanced cyber security is not an anathema to
    personal privacy rights
  • Regulation and Market Forces
  • Balance between government edicts and what
    commercial markets can do
  • Accountability and Responsibility National
    Strategy to Secure Cyberspace
  • Assigns single agency to lead cyber security
    initiative
  • Ensure Flexibility
  • As threat evolves so must our planning and
    capabilities
  • Multi-Year Planning
  • On-going process that must be updated and
    refreshed as new technologies arrive on market

13
Priority I A National CyberspaceSecurity
Response System
  • Major Actions and Initiatives
  • Establish a public-private architecture for
    responding to national-level cyber incidents
  • Provide for the development of tactical and
    strategic analysis of cyber attacks and
    vulnerability assessments
  • Encourage the development of a private sector
    capability to share a synoptic view of the health
    of cyberspace
  • Expand the Cyber Warning and Information Network
    to support the role of DHS in coordinating crisis
    management for cyberspace security
  • Improve national incident management
  • Coordinate processes for voluntary participation
    in the development of national public-private
    continuity and contingency plans
  • Exercise cybersecurity continuity plans for
    federal systems and
  • Improve and enhance public-private information
    sharing involving cyber attacks, threats, and
    vulnerabilities.

14
Priority II A National CyberspaceSecurity
Threat and VulnerabilityReduction Program
  • Major Actions and Initiatives
  • Enhance law enforcements capabilities for
    preventing and prosecuting cyberspace attacks
  • Create a process for national vulnerability
    assessments to better understand the potential
    consequences of threats and vulnerabilities
  • Secure the mechanisms of the Internet by
    improving protocols and routing
  • Foster the use of trusted digital control
    systems/supervisory control and data acquisition
    systems
  • Reduce and remediate software vulnerabilities
  • Understand infrastructure interdependencies and
    improve the physical security of cyber systems
    and telecommunications
  • Prioritize federal cybersecurity research and
    development agendas and
  • Assess and secure emerging systems

15
Priority III A National Cyberspace Security
Awareness and Training Program
  • Major Actions and Initiatives
  • Promote a comprehensive national awareness
    program to empower all Americansbusinesses, the
    general workforce, and the general populationto
    secure their own parts of cyberspace
  • Foster adequate training and education programs
    to support the Nations cybersecurity needs
  • Increase the efficiency of existing federal
    cybersecurity training programs and
  • Promote private-sector support for
    well-coordinated, widely recognized professional
    cybersecurity certifications.

16
Priority IV Securing Governments Cyberspace
  • Major Actions and Initiatives
  • Continuously assess threats and vulnerabilities
    to federal cyber systems
  • Authenticate and maintain authorized users of
    federal cyber systems
  • Secure federal wireless local area networks
  • Improve security in government outsourcing and
    procurement and
  • Encourage state and local governments to consider
    establishing information technology security
    programs and participate in information sharing
    and analysis centers with similar governments.

17
Priority V National Security andInternational
Cyberspace SecurityCooperation
  • Major Actions and Initiatives
  • Strengthen cyber-related counterintelligence
    efforts
  • Improve capabilities for attack attribution and
    response
  • Improve coordination for responding to cyber
    attacks within the U.S. national security
    community
  • Work with industry and through international
    organizations to facilitate dialogue and
    partnerships among international public and
    private sectors focused on protecting information
    infrastructures and promoting a global culture
    of security
  • Foster the establishment of national and
    international watch-and-warning networks to
    detect and prevent cyber attacks as they emerge
    and
  • Encourage other nations to accede to the Council
    of Europe Convention on Cybercrime, or to ensure
    that their laws and procedures are at least as
    comprehensive.

18
Discussion
19
Discussion Questions
  • Is the federal government doing enough to protect
    the critical infrastructure?
  • What is the role of state and local governments
    in protecting the critical infrastructure?

20
Discussion Questions
  • Does the war on terrorism have a cyber component?
  • Are we currently engaged in cyber war?

21
Assignment for Week 4
22
Briefing Assignment
  • Prepare and present a fifteen minute discussion
    on what your chosen topic question
  • Cite sources

23
Topic Questions
  1. What is the National Science Foundation doing for
    critical infrastructure protection?
  2. What is the Defense Advanced Research Projects
    Agency doing for critical infrastructure
    protection?
  3. What is the Institute for Information
    Infrastructure Protection (I3P)?
  4. What is Public Key Infrastructure (PKI)?
  5. What is Intrusion Detection and how does it work?
  6. How does the Domain Name System (DNS) work?
  7. How does a Virtual Private Network (VPN) work?
  8. What is IP spoofing and why do we care?
  9. How does Secure Sockets Layer (SSL) work?
  10. What is the Honey Net Project?
  11. Who is Kevin Mitnick and why do we care?
  12. What is a White Hat Hacker?
  13. What is the difference between a hacker and a
    cracker?
  14. What is the Electronic Frontier Foundation (EFF)?

24
Additional Readings for Week 4
  • The Cyber-Intifada Activism, Hactivism, and
    Cyber-Terrorism in the Context of the New
    Terrorism
  • Georgetown University
  • The Cyber-Posture of the National Information
    Infrastructure
  • RAND Corporation
Write a Comment
User Comments (0)
About PowerShow.com