Managing Cyber Risks to Transportation Systems. Mike Slawski Cyber Security Awareness & Outreach

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Managing Cyber Risks to Transportation Systems. Mike Slawski Cyber Security Awareness & Outreach"

Transcription

1 Managing Cyber Risks to Transportation Systems Mike Slawski Cyber Security Awareness & Outreach

2 The CIA Triad 2

3 SABSA Model 3

4 TSA Mission in Cyber Space Mission - Facilitate the measured improvement of the national transportation sector cyber security posture. Mandates National Infrastructure Protection Plan (NIPP), Homeland Security Presidential Directive -7 (HSPD-7), Quadrennial Homeland Security Review: Mission 4 (DHS). All progress monitored by Congress through annual reports. Direction TSA is designated by DHS as the Sector-Specific Agency for the Transportation Sector. The Office of Information Technology partners with the Office of Security Policy and Industry Engagement to lead cyber security activities in the sector. Approach Non-Operational. Education, Facilitation, Communication 4

5 CSAO Strategy and Goals Strategy: The Sector will manage cybersecurity risk through maintaining and enhancing continuous awareness and promoting voluntary, collaborative, and sustainable community action. Goal 1: Maintain Continuous Cybersecurity Awareness Goal 2: Improve and Expand Voluntary Participation Goal 3: Define Conceptual Environment Goal 4: Enhance Intelligence and Security Information Sharing Goal 5: Ensure Sustained Coordination and Strategic Implementation 5

6 CSAO Challenges Human Beings Ignorance Trust (NDAs, legal constraints, etc.) Information classification 6

7 Partnerships and Resources Federal: - DHS: NPPD, NCSD, NCCIC, US-CERT and ICS CERT - DoT: Federal Highway, State and Local, (Volpe - National) - Military: USCG/Cyber Command, TRANSCOM Industry: - 6 Modes: Aviation, Mass Transit, Freight Rail, Pipeline, Maritime, Highway Motor Carrier (HMC) - Associations (Ex: Association of American Railroads) - Individual Companies (Ex: Union Pacific) ISAC s: - Multi State, Surface/Public Transportation TSA Coordination: - OSPIE, Office of Intelligence and Analysis 7

8 Transportation Sector Cyber Activities Aviation Created a working group to develop an ISAC for cyber Pipeline Developing industry-wide cyber risk management approach Maritime Partnering with TSA, DOT, and DHS to develop a cyber risk management approach for the nation s port facilities. Co-hosting the 2012 Cybersecurity in Transportation Summit with TSA Freight Rail Building annual Corporate Security Review for Class 1 Railroads Mass Transit TSA partners with American Public Transportation Association to improve control systems cyber security standards Highway Motor Carrier TSA CSAO participates in CIPAC meetings and is an active member of the GCC/SCC meetings; ABE-40 8

9 Cybersecurity Exercises 2012 Initiatives Transportation Systems Sector Cyber Working Group 2012 Cybersecurity in Transportation Summit Cybersecurity Assessment and Risk Management Approach (CARMA) 9

10 National Level Exercise Overview Conducted between March and July, Included participation from nearly all critical sectors identified in the NIPP - Several phases, from threat warnings and indications, to detailed scenarios Objectives: - Improve cross-sector and intra-industry communications during crisis - Test and evaluate centralized cyber incident handling procedures Outcomes: - AAR in Development / SSI content 10

11 Cyber Security Tabletop Exercise: TSA and U.S. Transportation Command- Overview Conducted on June 20, First ever cyber security exercise between TSA and DoD Objectives: - Broaden the understanding of transportation industry impacts to mission-critical DoD functions in the event of a cyber attack on transportation systems - Identify knowledge gaps between DoD and DHS entities for cyber incident handling processes - Improve collaboration between DoD, TSA, and DHS resources 11

12 General Exercise Outcomes: 1. Foster Education, Collaboration and Awareness 2. Promote and Further Public Private Partnerships 3. Enhance Information Sharing Efforts OSPIE has developed a sector outreach cyber security strategy based on these priorities. OIT will support OSPIE through continued SME guidance, and awareness and outreach events, including the 2012 Summit 12

13 Information Sharing Resources Weekly newsletter: Published to promulgate open source stories about recent cyber events and transportation-specific news Excellent resource for busy industry leaders to maintain situational awareness Monthly Transportation Systems Sector Cyber Working Group Transportation Research Board Cyber Subcommittee Monthly meeting hosted by Mr. Mike Dinning Discussions incorporate research from academia, industry, and government on relevant cyber security topics 13

14 2012 Cyber Security in Transportation Summit September 24-25, 2012 Hilton Crystal City at National Airport, Arlington VA Mission: Help identify and sustainably manage the risk to critical transportation functions and business from cyber attacks. Co-hosted by TSA and the USCG Cyber Command Topics will include: - Combating Insider Threats - Control Systems Roadmap - Open Source Threat Briefing - DHS Cyber Security Resources - Hacking SCADA Systems - Opportunities for collaboration -. and many others 14

15 Additional Resources 15

16 CARMA Overview Stage 1: Scope Cyber Risk Management Effort - Determine Scope and Identify Subject Matter Experts - Develop Cyber Risk Management Work Plan Stage 2: Identify Cyber Infrastructure - Validate Critical Business Functions - Identify Cyber Dependent Infrastructure Stage 3: Conduct Cyber Risk Assessment - Develop and Test Threat Scenarios - Develop Cyber Risk Profile Stage 4: Develop Cyber Risk Management Strategy - Evaluate and Prioritize Risk Response Actions - Develop Cyber Risk Strategy and Validate Stage 5: Implement Risk Management Strategy and Measuring - Productize Suggested Operational Plan for Distribution - Develop Suggested Sector Cyber Metrics - Collect and Analyze Metrics Data (where requested) - Refine Risk Management Strategy Ongoing: Administrative Support and Governance 16

17 Cybersecurity Evaluation Program (CSEP) Conducts voluntary cybersecurity assessments across all 18 CIKR sectors, within state governments and large urban areas. CSEP affords critical infrastructure sector participants a portfolio of assessment tools, techniques, and analytics, ranging from those that can be self-applied to those that require expert facilitation or mentoring outreach. The CSEP works closely with internal and external stakeholders to measure key performances in cybersecurity management. The Cyber Resiliency Review is being deployed across all 18 Critical Infrastructure sectors, state, local, tribal, and Territorial governments. For more information, visit or contact 17

18 Cybersecurity Evaluation Tool (CSET) CSET is a desktop software tool that guides users through a step-by-step process for assessing the cyber security posture of their industrial control system and enterprise information technology networks. CSET is available for download or in DVD format. To learn more or download a copy, visit To obtain a DVD copy, send an with your mailing address to 18

19 Cybersecurity Vulnerability Assessments through the Control Systems Security Program (CSSP) CSSP Assessments provide on-site support to critical infrastructure asset owners by assisting them to perform a security self-assessment of their enterprise and control system networks against industry accepted standards, policies, and procedures. To request on-site assistance, asset owners may 19

20 Industrial Control Systems (ICS) Technology Assessments ICS Assessments provide a testing environment to conduct baseline security assessments on industrial control systems, network architectures, software, and control system components. These assessments include testing for common vulnerabilities and conducting vulnerability mitigation analysis to verify the effectiveness of applied security measures. To learn more about ICS testing capabilities and opportunities, e- mail 20

21 Information Technology Sector Risk Assessment (ITSRA) ITSRA provides an all-hazards risk profile that public and private IT Sector partners can use to inform resource allocation for research and development and other protective measures which enhance the security and resiliency of the critical IT Sector functions. For more information, see sment.pdf or contact 21

22 How to Get Involved us! Read our weekly newsletter Participate in our monthly TSS-CWG meetings (open to GCC and SCC members) Attend our summit! Section Chief: Ms. Kelley Bray

23 Michael Slawski, CISSP, CIPP, Sec+, SCF, Surfer Follow me on Phone:

Preventing and Defending Against Cyber Attacks November 2010

Preventing and Defending Against Cyber Attacks November 2010 Preventing and Defending Against Cyber Attacks November 2010 The Nation s first ever Quadrennial Homeland Security Review (QHSR), delivered to Congress in February 2010, identified safeguarding and securing

More information

Supplemental Tool: NPPD Resources to Support Vulnerability Assessments

Supplemental Tool: NPPD Resources to Support Vulnerability Assessments Supplemental Tool: NPPD Resources to Support Vulnerability Assessments NPPD Resources to Support Vulnerability Assessments Assessing vulnerabilities of critical infrastructure is an important step in developing

More information

Preventing and Defending Against Cyber Attacks June 2011

Preventing and Defending Against Cyber Attacks June 2011 Preventing and Defending Against Cyber Attacks June 2011 The Department of Homeland Security (DHS) is responsible for helping Federal Executive Branch civilian departments and agencies secure their unclassified

More information

United States Coast Guard Cyber Command. Achieving Cyber Security Together. Homeland Security

United States Coast Guard Cyber Command. Achieving Cyber Security Together. Homeland Security United States Coast Guard Cyber Command Achieving Cyber Together Brett Rouzer Chief of MCIKR Protection U.S. Coast Guard Cyber Command DHS NCCIC Liaison Officer (202) 372-3113 Brett.R.Rouzer@uscg.mil Vision

More information

Cybersecurity Resources

Cybersecurity Resources Assessment Resources Cybersecurity Resources Cyber Resiliency Review (CRR) is a DHS assessment tool that measures the implementation of key cybersecurity capacities and capabilities. The goal of the CRR

More information

Preventing and Defending Against Cyber Attacks October 2011

Preventing and Defending Against Cyber Attacks October 2011 Preventing and Defending Against Cyber Attacks October 2011 The Department of Homeland Security (DHS) is responsible for helping Federal Executive Branch civilian departments and agencies secure their

More information

DHS. CMSI Webinar Series

DHS. CMSI Webinar Series DHS CMSI Webinar Series Renee Forney Executive Director As the Executive Director for the Cyberskills Management Support Initiative (CMSI), Ms. Forney supports the Undersecretary for Management (USM) for

More information

2013-2023. Transportation Industrial Control Systems (ICS) Cybersecurity Standards Strategy

2013-2023. Transportation Industrial Control Systems (ICS) Cybersecurity Standards Strategy 2013-2023 Transportation Industrial Control Systems () s Strategy i Lisa Kaiser (-CERT) U.S. Department of Homeland Security Transportation Industrial Control System () s Strategy (This Page Intentionally

More information

ICS-CERT Year in Review. Industrial Control Systems Cyber Emergency Response Team. National Cybersecurity and Communications Integration Center

ICS-CERT Year in Review. Industrial Control Systems Cyber Emergency Response Team. National Cybersecurity and Communications Integration Center ICS-CERT Year in Review Industrial Control Systems Cyber Emergency Response Team 2013 National Cybersecurity and Communications Integration Center What s Inside Welcome 1 National Preparedness 2 Prevention

More information

Statement for the Record of

Statement for the Record of Statement for the Record of Roberta Stempfley Acting Assistant Secretary Office of Cyber Security and Communications National Protection and Programs Directorate Department of Homeland Security and Sean

More information

Water Security in New Jersey: Partnership and Services

Water Security in New Jersey: Partnership and Services GOV. CHRIS CHRISTIE LT. GOV. KIM GUADAGNO DIR. CHRIS RODRIGUEZ NJOHSP OFFICE OF HOMELAND SECURITY AND PREPAREDNESS Preparedness Act Water Security in New Jersey: Partnership and Services Created by the

More information

Water Critical Infrastructure and Key Resources Sector-Specific Plan as input to the National Infrastructure Protection Plan Executive Summary

Water Critical Infrastructure and Key Resources Sector-Specific Plan as input to the National Infrastructure Protection Plan Executive Summary Water Critical Infrastructure and Key Resources Sector-Specific Plan as input to the National Infrastructure Protection Plan Executive Summary May 2007 Environmental Protection Agency Executive Summary

More information

CYBER SECURITY GUIDANCE

CYBER SECURITY GUIDANCE CYBER SECURITY GUIDANCE With the pervasiveness of information technology (IT) and cyber networks systems in nearly every aspect of society, effectively securing the Nation s critical infrastructure requires

More information

Transportation Systems Sector-Specific Plan An Annex to the National Infrastructure Protection Plan

Transportation Systems Sector-Specific Plan An Annex to the National Infrastructure Protection Plan Transportation Systems Sector-Specific Plan An Annex to the National Infrastructure Protection Plan 2010 Preface The Transportation Security Administration (TSA) and the United States Coast Guard (USCG)

More information

PROTECTING CRITICAL CONTROL AND SCADA SYSTEMS WITH A CYBER SECURITY MANAGEMENT SYSTEM

PROTECTING CRITICAL CONTROL AND SCADA SYSTEMS WITH A CYBER SECURITY MANAGEMENT SYSTEM PROTECTING CRITICAL CONTROL AND SCADA SYSTEMS WITH A CYBER SECURITY MANAGEMENT SYSTEM Don Dickinson Phoenix Contact USA P.O. Box 4100 Harrisburg, PA 17111 ABSTRACT Presidential Executive Order 13636 Improving

More information

Integrating Cybersecurity with Emergency Operations Plans (EOPs) for Institutions of Higher Education (IHEs)

Integrating Cybersecurity with Emergency Operations Plans (EOPs) for Institutions of Higher Education (IHEs) Integrating Cybersecurity with Emergency Operations Plans (EOPs) for Institutions of Higher Education (IHEs) Amy Banks, U.S. Department of Education, Center for School Preparedness, Office of Safe and

More information

Department of Homeland Security Federal Government Offerings, Products, and Services

Department of Homeland Security Federal Government Offerings, Products, and Services Department of Homeland Security Federal Government Offerings, Products, and Services The Department of Homeland Security (DHS) partners with the public and private sectors to improve the cybersecurity

More information

Which cybersecurity standard is most relevant for a water utility?

Which cybersecurity standard is most relevant for a water utility? Which cybersecurity standard is most relevant for a water utility? Don Dickinson 1 * 1 Don Dickinson, Phoenix Contact USA, 586 Fulling Mill Road, Middletown, Pennsylvania, USA, 17057 (*correspondence:

More information

ABE40. Welcome Transportation Partners

ABE40. Welcome Transportation Partners ABE40 TRB Critical Transportation Infrastructure Committee Welcome Transportation Partners Jeff Western, Principal Western Management and Consulting jeffrey.western@consultingwestern.com Agenda TRB Welcome

More information

National Health Information Sharing & Analysis Center. The National Health ISAC (NH-ISAC) NH-ISAC

National Health Information Sharing & Analysis Center. The National Health ISAC (NH-ISAC) NH-ISAC National Health Information Sharing & Analysis Center The National Health ISAC (NH-ISAC) NH-ISAC Physical Threats Cyber Impacts 2 (NH-ISAC) National Healthcare & Public Health Cybersecurity Protection

More information

DHS, National Cyber Security Division Overview

DHS, National Cyber Security Division Overview DHS, National Cyber Security Division Overview Hun Kim, Deputy Director Strategic Initiatives Information Analysis and Infrastructure Protection Directorate www.us-cert.gov The strategy of DHS, as defined

More information

Homeland Security: Information Assurance Challenges and Opportunities. Building the National Cyber Security Division

Homeland Security: Information Assurance Challenges and Opportunities. Building the National Cyber Security Division Homeland Security: Information Assurance Challenges and Opportunities Building the National Cyber Security Division The Homeland Security Act and national strategies direct DHS to take the lead on cyber

More information

NATIONAL STRATEGY FOR GLOBAL SUPPLY CHAIN SECURITY

NATIONAL STRATEGY FOR GLOBAL SUPPLY CHAIN SECURITY NATIONAL STRATEGY FOR GLOBAL SUPPLY CHAIN SECURITY JANUARY 2012 Table of Contents Executive Summary 1 Introduction 2 Our Strategic Goals 2 Our Strategic Approach 3 The Path Forward 5 Conclusion 6 Executive

More information

7 Homeland. ty Grant Program HOMELAND SECURITY GRANT PROGRAM. Fiscal Year 2008

7 Homeland. ty Grant Program HOMELAND SECURITY GRANT PROGRAM. Fiscal Year 2008 U.S. D EPARTMENT OF H OMELAND S ECURITY 7 Homeland Fiscal Year 2008 HOMELAND SECURITY GRANT PROGRAM ty Grant Program SUPPLEMENTAL RESOURCE: CYBER SECURITY GUIDANCE uidelines and Application Kit (October

More information

Integrating Cybersecurity with Emergency Operations Plans (EOPs) for K-12 Education

Integrating Cybersecurity with Emergency Operations Plans (EOPs) for K-12 Education Integrating Cybersecurity with Emergency Operations Plans (EOPs) for K-12 Education Amy Banks, U.S. Department of Education, Center for School Preparedness, Office of Safe and Healthy Students Hamed Negron-Perez,

More information

Information Technology Sector-Specific Plan An Annex to the National Infrastructure Protection Plan

Information Technology Sector-Specific Plan An Annex to the National Infrastructure Protection Plan Information Technology Sector-Specific Plan An Annex to the National Infrastructure Protection Plan 2010 Preface During the past year, members of the Information Technology (IT) Government Coordinating

More information

Business Continuity for Cyber Threat

Business Continuity for Cyber Threat Business Continuity for Cyber Threat April 1, 2014 Workshop Session #3 3:00 5:30 PM Susan Rogers, MBCP, MBCI Cyberwise CP S2 What happens when a computer program can activate physical machinery? Between

More information

The Aviation Information Sharing and Analysis Center (A-ISAC)

The Aviation Information Sharing and Analysis Center (A-ISAC) The Aviation Information Sharing and Analysis Center (A-ISAC) Faye Francy Aviation ISAC March 2015 The Threat A National Security Issue Rapidly escalating cyber threats Executive action Executive Order

More information

[9110-05-P] Intent to Request Renewal From OMB of One Current Public Collection of

[9110-05-P] Intent to Request Renewal From OMB of One Current Public Collection of [9110-05-P] DEPARTMENT OF HOMELAND SECURITY Transportation Security Administration Intent to Request Renewal From OMB of One Current Public Collection of Information: Baseline Assessment for Security Enhancement

More information

Cyber Side-Effects: How Secure is the Personal Information Entered into the Flawed Healthcare.gov? Statement for the Record

Cyber Side-Effects: How Secure is the Personal Information Entered into the Flawed Healthcare.gov? Statement for the Record Cyber Side-Effects: How Secure is the Personal Information Entered into the Flawed Healthcare.gov? Statement for the Record Roberta Stempfley Acting Assistant Secretary for Cybersecurity and Communications

More information

Relationship to National Response Plan Emergency Support Function (ESF)/Annex

Relationship to National Response Plan Emergency Support Function (ESF)/Annex RISK MANAGEMENT Capability Definition Risk Management is defined by the Government Accountability Office (GAO) as A continuous process of managing through a series of mitigating actions that permeate an

More information

NH-ISAC. Cybersecurity Resilience Securing the Infrastructures that Secure Healthcare & Public Health. The National Health ISAC

NH-ISAC. Cybersecurity Resilience Securing the Infrastructures that Secure Healthcare & Public Health. The National Health ISAC Cybersecurity Resilience Securing the Infrastructures that Secure Healthcare & Public Health NH-ISAC National Health Information Sharing & Analysis Center The National Health ISAC Update Briefing Agenda

More information

Homeland Security Perspectives: Cyber Security Partnerships and Measurement Activities

Homeland Security Perspectives: Cyber Security Partnerships and Measurement Activities 16 Oct 2012 Homeland Security Perspectives: Cyber Security Partnerships and Measurement Activities Bradford Willke Cyber Security Advisor, Mid Atlantic Region National Cyber Security Division (NCSD) Office

More information

CRITICAL INFRASTRUCTURE PROTECTION. DHS Action Needed to Enhance Integration and Coordination of Vulnerability Assessment Efforts

CRITICAL INFRASTRUCTURE PROTECTION. DHS Action Needed to Enhance Integration and Coordination of Vulnerability Assessment Efforts United States Government Accountability Office Report to Congressional Requesters September 2014 CRITICAL INFRASTRUCTURE PROTECTION DHS Action Needed to Enhance Integration and Coordination of Vulnerability

More information

THE WHITE HOUSE. Office of the Press Secretary. For Immediate Release February 12, 2013. February 12, 2013

THE WHITE HOUSE. Office of the Press Secretary. For Immediate Release February 12, 2013. February 12, 2013 THE WHITE HOUSE Office of the Press Secretary For Immediate Release February 12, 2013 February 12, 2013 PRESIDENTIAL POLICY DIRECTIVE/PPD-21 SUBJECT: Critical Infrastructure Security and Resilience The

More information

Testimony of. Mr. Anish Bhimani. On behalf of the. Financial Services Information Sharing and Analysis Center (FS-ISAC) before the

Testimony of. Mr. Anish Bhimani. On behalf of the. Financial Services Information Sharing and Analysis Center (FS-ISAC) before the Testimony of Mr. Anish Bhimani On behalf of the Financial Services Information Sharing and Analysis Center (FS-ISAC) before the Committee on Homeland Security United States House of Representatives DHS

More information

The U.S. Department of Homeland Security s Response to Senator Franken s July 1, 2015 letter

The U.S. Department of Homeland Security s Response to Senator Franken s July 1, 2015 letter The U.S. Department of Homeland Security s Response to Senator Franken s July 1, 2015 letter 1. In what ways do private entities currently share with, and receive from, the government cyber threat information?

More information

U.S. Cyber Security Readiness

U.S. Cyber Security Readiness U.S. Cyber Security Readiness Anthony V. Teelucksingh Senior Counsel United States Department of Justice John Chris Dowd Special Agent Federal Bureau of Investigation Overview U.S. National Plan National

More information

NIPP-Related Activities and Events

NIPP-Related Activities and Events In support of the National Infrastructure protection plan Issue 41: MARCH 2009 Topics in this Issue > DHS Helps Coordinate Security and CIKR Protection for Super Bowl 2009 > DHS Set to Launch icav Next

More information

CYBERSECURITY BEST PRACTICES FOR SMALL AND MEDIUM PENNSYLVANIA UTILITIES. second edition

CYBERSECURITY BEST PRACTICES FOR SMALL AND MEDIUM PENNSYLVANIA UTILITIES. second edition CYBERSECURITY BEST PRACTICES FOR SMALL AND MEDIUM PENNSYLVANIA UTILITIES second edition The information provided in this document is presented as a courtesy to be used for informational purposes only.

More information

DOT HS 812 076 October 2014. Assessment of the Information Sharing and Analysis Center Model

DOT HS 812 076 October 2014. Assessment of the Information Sharing and Analysis Center Model DOT HS 812 076 October 2014 Assessment of the Information Sharing and Analysis Center Model DISCLAIMER This publication is distributed by the U.S. Department of Transportation, National Highway Traffic

More information

Cybersecurity & the Department of Homeland Security

Cybersecurity & the Department of Homeland Security Cybersecurity & the Department of Homeland Security Recommendations of the Aspen Homeland Security Group s Cyber Working Group for the Department of Homeland Security The Aspen Institute Homeland Security

More information

Department of Homeland Security

Department of Homeland Security Department of Homeland Security Cybersecurity Awareness for Colleges and Universities EDUCAUSE Live! July 24, 2014 Overview Dramatic increase in cyber intrusions, data breaches, and attacks at institutions

More information

Education Facilities Sector-Specific Plan An Annex to the Government Facilities Sector-Specific Plan

Education Facilities Sector-Specific Plan An Annex to the Government Facilities Sector-Specific Plan Education Facilities Sector-Specific Plan An Annex to the Government Facilities Sector-Specific Plan 2010 Department of Education Table of Contents Executive Summary... 1 Introduction.... 5 1. Subsector

More information

JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015

JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015 JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015 The following consists of the joint explanatory statement to accompany the Cybersecurity Act of 2015. This joint explanatory statement

More information

Resources and Capabilities Guide

Resources and Capabilities Guide Resources and Capabilities Guide The National Cybersecurity and Communications Integration Center (NCCIC) October 21, 2013 1 Contents I. Purpose... 3 II. Introduction... 4 III. Information Sharing... 7

More information

NH!ISAC"ADVISORY"201.13" NATIONAL"CRITICAL"INFRASTRUCTURE"RESILIENCE"ANALYSIS"REPORT""

NH!ISACADVISORY201.13 NATIONALCRITICALINFRASTRUCTURERESILIENCEANALYSISREPORT National(Health#ISAC#(NH!ISAC) GlobalInstituteforCybersecurity+Research7GlobalSituationalAwarenessCenter NASA SpaceLifeSciencesLaboratory KennedySpaceCenter,FL NH!ISACADVISORY201.13 NATIONALCRITICALINFRASTRUCTURERESILIENCEANALYSISREPORT

More information

Statement for the Record. Dr. Andy Ozment Assistant Secretary, Cybersecurity and Communications U.S. Department of Homeland Security

Statement for the Record. Dr. Andy Ozment Assistant Secretary, Cybersecurity and Communications U.S. Department of Homeland Security Statement for the Record Dr. Andy Ozment Assistant Secretary, Cybersecurity and Communications U.S. Department of Homeland Security Before the United States House of Representatives Committee on Homeland

More information

[This page intentionally left blank]

[This page intentionally left blank] TH [This page intentionally left blank] PREFACE [This page intentionally left blank.] [Undergoing internal DHS preface coordination.] For more information please contact NCCIC@dhs.gov SEPTEMBER 2010 i

More information

DHS Cyber Security & Resilience Resources: Cyber Preparedness, Risk Mitigation, & Incident Response

DHS Cyber Security & Resilience Resources: Cyber Preparedness, Risk Mitigation, & Incident Response February 2015 DHS Cyber Security & Resilience Resources: Cyber Preparedness, Risk Mitigation, & Incident Response Cyber Security Advisor Program Office of Cybersecurity & Communications National Protection

More information

HOMELAND SECURITY INTERNET SOURCES

HOMELAND SECURITY INTERNET SOURCES I&S Internet Sources I&S HOMELAND SECURITY INTERNET SOURCES USEFUL SITES, PORTALS AND FORUMS Homeland Security Home Page http://www.whitehouse.gov/homeland/ A federal agency whose primary mission is to

More information

BRIDGING THE GAP BETWEEN EMERGENCY MANAGEMENT AND TRANSPORTATION. Sheena Connolly Open Roads Consulting

BRIDGING THE GAP BETWEEN EMERGENCY MANAGEMENT AND TRANSPORTATION. Sheena Connolly Open Roads Consulting BRIDGING THE GAP BETWEEN EMERGENCY MANAGEMENT AND TRANSPORTATION Sheena Connolly Open Roads Consulting Your Perspective on Transportation 1. What s your perspective on transportation? (e.g. experience,

More information

CIPAC Water Sector Cybersecurity Strategy Workgroup: FINAL REPORT & RECOMMENDATIONS

CIPAC Water Sector Cybersecurity Strategy Workgroup: FINAL REPORT & RECOMMENDATIONS CIPAC Water Sector Cybersecurity Strategy Workgroup: FINAL REPORT & RECOMMENDATIONS April 2015 TABLE OF CONTENTS Acronyms and Abbreviations... 1 Workgroup Background... 2 Workgroup Findings... 3 Workgroup

More information

Subject: Critical Infrastructure Identification, Prioritization, and Protection

Subject: Critical Infrastructure Identification, Prioritization, and Protection For Immediate Release Office of the Press Secretary The White House December 17, 2003 Homeland Security Presidential Directive / HSPD-7 Subject: Critical Infrastructure Identification, Prioritization,

More information

Chemical Sector Training Resources Guide. 010 July 2011

Chemical Sector Training Resources Guide. 010 July 2011 Chemical Sector Training Resources Guide 010 July 2011 Homeland Security DRAFT June 2010 Table of Contents Introduction... 1 Organizations Federal Emergency Management Agency.. 1 National Protection and

More information

National Cybersecurity & Communications Integration Center (NCCIC)

National Cybersecurity & Communications Integration Center (NCCIC) National Cybersecurity & Communications Integration Center (NCCIC) FOR OFFICIAL USE ONLY NCCIC Overview NCCIC Overview The National Cybersecurity and Communications Integration Center (NCCIC), a division

More information

Water Security Issues: The Federal Perspective. J. Alan Roberson, P.E. Director of Security and Regulatory Affairs AWWA Washington, DC

Water Security Issues: The Federal Perspective. J. Alan Roberson, P.E. Director of Security and Regulatory Affairs AWWA Washington, DC Water Security Issues: The Federal Perspective J. Alan Roberson, P.E. Director of Security and Regulatory Affairs AWWA Washington, DC Outline The Overall Concept for Water Security What s Important in

More information

All. Presidential Directive (HSPD) 7, Critical Infrastructure Identification, Prioritization, and Protection, and as they relate to the NRF.

All. Presidential Directive (HSPD) 7, Critical Infrastructure Identification, Prioritization, and Protection, and as they relate to the NRF. Coordinating Agency: Department of Homeland Security Cooperating Agencies: All INTRODUCTION Purpose Scope This annex describes the policies, responsibilities, and concept of operations for Federal incident

More information

State Homeland Security Strategy (2012)

State Homeland Security Strategy (2012) Section 1 > Introduction Purpose The purpose of the State Homeland Security Strategy (SHSS) is to identify statewide whole community priorities to achieve and sustain a strengthened ability to prevent,

More information

TESTIMONY OF DANIEL DUFF VICE PRESIDENT - GOVERNMENT AFFAIRS AMERICAN PUBLIC TRANSPORTATION ASSOCIATION BEFORE THE

TESTIMONY OF DANIEL DUFF VICE PRESIDENT - GOVERNMENT AFFAIRS AMERICAN PUBLIC TRANSPORTATION ASSOCIATION BEFORE THE TESTIMONY OF DANIEL DUFF VICE PRESIDENT - GOVERNMENT AFFAIRS AMERICAN PUBLIC TRANSPORTATION ASSOCIATION BEFORE THE HOUSE COMMITTEE ON GOVERNMENT REFORM ON THE 9/11 COMMISSION RECOMMENDATIONS ******* August

More information

Statement of Gil Vega. Associate Chief Information Officer for Cybersecurity and Chief Information Security Officer. U.S. Department of Energy

Statement of Gil Vega. Associate Chief Information Officer for Cybersecurity and Chief Information Security Officer. U.S. Department of Energy Statement of Gil Vega Associate Chief Information Officer for Cybersecurity and Chief Information Security Officer U.S. Department of Energy Before the Subcommittee on Oversight and Investigations Committee

More information

Table 1. Recommendations

Table 1. Recommendations EXECUTIVE SUMMARY Securing the Nation s surface transportation network requires a coordinated effort among all levels of government, the private and nonprofit sectors, communities, and individual citizens.

More information

Written Statement of Richard Dewey Executive Vice President New York Independent System Operator

Written Statement of Richard Dewey Executive Vice President New York Independent System Operator Written Statement of Richard Dewey Executive Vice President New York Independent System Operator Senate Standing Committee on Veterans, Homeland Security and Military Affairs Senator Thomas D. Croci, Chairman

More information

TEXAS HOMELAND SECURITY STRATEGIC PLAN 2015-2020: PRIORITY ACTIONS

TEXAS HOMELAND SECURITY STRATEGIC PLAN 2015-2020: PRIORITY ACTIONS TEXAS HOMELAND SECURITY STRATEGIC PLAN 2015-2020: PRIORITY ACTIONS INTRODUCTION The purpose of this document is to list the aligned with each in the Texas Homeland Security Strategic Plan 2015-2020 (THSSP).

More information

Department of Defense DIRECTIVE

Department of Defense DIRECTIVE Department of Defense DIRECTIVE NUMBER 3020.40 January 14, 2010 Incorporating Change 2, September 21, 2012 USD(P) SUBJECT: DoD Policy and Responsibilities for Critical Infrastructure References: See Enclosure

More information

Cyber Incident Annex. Cooperating Agencies: Coordinating Agencies:

Cyber Incident Annex. Cooperating Agencies: Coordinating Agencies: Cyber Incident Annex Coordinating Agencies: Department of Defense Department of Homeland Security/Information Analysis and Infrastructure Protection/National Cyber Security Division Department of Justice

More information

CYBERSECURITY RISK MANAGEMENT

CYBERSECURITY RISK MANAGEMENT CYBERSECURITY RISK MANAGEMENT Evan Wolff Maida Lerner Peter Miller Kate Growley 233 Roadmap Cybersecurity Risk Overview Cybersecurity Trends Selected Cybersecurity Topics Critical Infrastructure DFARS

More information

Healthcare and Public Health Sector-Specific Plan An Annex to the National Infrastructure Protection Plan

Healthcare and Public Health Sector-Specific Plan An Annex to the National Infrastructure Protection Plan Healthcare and Public Health Sector-Specific Plan An Annex to the National Infrastructure Protection Plan 2010 Department of Health & Human Services Preface The Healthcare and Public Health (HPH) Sector

More information

Statement of. Mike Sena. President, National Fusion Center Association. Director, Northern California Regional Intelligence Center (NCRIC)

Statement of. Mike Sena. President, National Fusion Center Association. Director, Northern California Regional Intelligence Center (NCRIC) Statement of Mike Sena President, National Fusion Center Association Director, Northern California Regional Intelligence Center (NCRIC) Joint Hearing of the Subcommittee on Emergency Preparedness, Response,

More information

NICE and Framework Overview

NICE and Framework Overview NICE and Framework Overview Bill Newhouse NIST NICE Leadership Team Computer Security Division Information Technology Lab National Institute of Standards and Technology TABLE OF CONTENTS Introduction to

More information

ENERGY SECTOR CYBERSECURITY FRAMEWORK IMPLEMENTATION GUIDANCE

ENERGY SECTOR CYBERSECURITY FRAMEWORK IMPLEMENTATION GUIDANCE ENERGY SECTOR CYBERSECURITY FRAMEWORK IMPLEMENTATION GUIDANCE JANUARY 2015 U.S. DEPARTMENT OF ENERGY OFFICE OF ELECTRICITY DELIVERY AND ENERGY RELIABILITY Energy Sector Cybersecurity Framework Implementation

More information

Infrastructure Protection Gateway

Infrastructure Protection Gateway Infrastructure Protection Gateway Our Nation s critical infrastructure is essential to sustaining our security, the economy, and the American way of life. The Department of Homeland Security (DHS), National

More information

UCF Office of Emergency Management. 2013-2018 Strategic Plan

UCF Office of Emergency Management. 2013-2018 Strategic Plan UCF Office of Emergency Management 2013-2018 Strategic Plan Table of Contents I. Introduction... 2 Purpose... 2 Overview... 3 Mission... 5 Vision... 5 II. Mandates... 6 III. Accomplishments and Challenges...

More information

US-CERT Year in Review. United States Computer Emergency Readiness Team

US-CERT Year in Review. United States Computer Emergency Readiness Team US-CERT Year in Review United States Computer Emergency Readiness Team CY 2012 US-CERT Year in Review United States Computer Emergency Readiness Team CY 2012 What s Inside Welcome 1 Vison, Mission, Goals

More information

GAO. CRITICAL INFRASTRUCTURE PROTECTION DHS Leadership Needed to Enhance Cybersecurity

GAO. CRITICAL INFRASTRUCTURE PROTECTION DHS Leadership Needed to Enhance Cybersecurity GAO For Release on Delivery Expected at 3 p.m. EDT Wednesday, September 13, 2006 United States Government Accountability Office Testimony Before the House Committee on Homeland Security, Subcommittee on

More information

April 8, 2013. Ms. Diane Honeycutt National Institute of Standards and Technology 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899

April 8, 2013. Ms. Diane Honeycutt National Institute of Standards and Technology 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899 Salt River Project P.O. Box 52025 Mail Stop: CUN204 Phoenix, AZ 85072 2025 Phone: (602) 236 6011 Fax: (602) 629 7988 James.Costello@srpnet.com James J. Costello Director, Enterprise IT Security April 8,

More information

NIST CYBERSECURITY FRAMEWORK IMPLEMENTATION: ENERGY SECTOR APPROACH

NIST CYBERSECURITY FRAMEWORK IMPLEMENTATION: ENERGY SECTOR APPROACH NIST CYBERSECURITY FRAMEWORK IMPLEMENTATION: ENERGY SECTOR APPROACH SANS ICS Security Summit March 18, 2014 Jason D. Christopher Nadya Bartol Ed Goff Agenda Background Use of Existing Tools: C2M2 Case

More information

December 17, 2003 Homeland Security Presidential Directive/Hspd-7

December 17, 2003 Homeland Security Presidential Directive/Hspd-7 For Immediate Release Office of the Press Secretary December 17, 2003 December 17, 2003 Homeland Security Presidential Directive/Hspd-7 Subject: Critical Infrastructure Identification, Prioritization,

More information

Actions and Recommendations (A/R) Summary

Actions and Recommendations (A/R) Summary Actions and Recommendations (A/R) Summary Priority I: A National Cyberspace Security Response System A/R 1-1: DHS will create a single point-ofcontact for the federal government s interaction with industry

More information

National Infrastructure Protection Plan Partnering to enhance protection and resiliency

National Infrastructure Protection Plan Partnering to enhance protection and resiliency National Infrastructure Protection Plan Partnering to enhance protection and resiliency 2009 Preface Risk in the 21st century results from a complex mix of manmade and naturally occurring threats and

More information

Computer Network Security & Privacy Protection

Computer Network Security & Privacy Protection Overview Computer Network Security & Privacy Protection The Nation s electronic information infrastructure is vital to the functioning of the Government as well as maintaining the Nation s economy and

More information

Roadmaps to Securing Industrial Control Systems

Roadmaps to Securing Industrial Control Systems Roadmaps to Securing Industrial Control Systems Insert Photo Here Mark Heard Eastman Chemical Company Rockwell Automation Process Solutions User Group (PSUG) November 14-15, 2011 Chicago, IL McCormick

More information

CYBERSECURITY BEST PRACTICES FOR SMALL AND MEDIUM PENNSYLVANIA UTILITIES

CYBERSECURITY BEST PRACTICES FOR SMALL AND MEDIUM PENNSYLVANIA UTILITIES CYBERSECURITY BEST PRACTICES FOR SMALL AND MEDIUM PENNSYLVANIA UTILITIES The information provided in this document is presented as a courtesy to be used for informational purposes only. This information

More information

Department of Homeland Security Federal Network Security

Department of Homeland Security Federal Network Security Department of Federal Network Trusted Internet Connections (TIC) Update for the Information and Privacy Advisory Board July 29, 2009 Federal Network (FNS) Federal Network Branch Branch Vision: To be the

More information

NASCIO 2014 State IT Recognition Awards

NASCIO 2014 State IT Recognition Awards NASCIO 2014 State IT Recognition Awards Project: California Cybersecurity Task Force Category: Cybersecurity Initiatives Project Initiation Date: September, 2012 Project Completion Date: May 2013 Carlos

More information

FY2010 CONFERENCE SUMMARY: HOMELAND SECURITY APPROPRIATIONS

FY2010 CONFERENCE SUMMARY: HOMELAND SECURITY APPROPRIATIONS Wednesday,October7,2009 Contact:RobBlumenthal/JohnBray,w/Inouye(202)224-7363 EllisBrachman/JenileeKeefeSinger,w/Obey(202)225-2771 FY2010CONFERENCESUMMARY: HOMELANDSECURITYAPPROPRIATIONS TheHomelandSecurityAppropriaOonsBillisfocusedonsecuringournaOon

More information

The Comprehensive National Cybersecurity Initiative

The Comprehensive National Cybersecurity Initiative The Comprehensive National Cybersecurity Initiative President Obama has identified cybersecurity as one of the most serious economic and national security challenges we face as a nation, but one that we

More information

September 28, 2 012 MEMORANDUM FOR. MR. ANTONY BLINKEN Deputy Assistant to the President and National Security Advisor to the Vice President

September 28, 2 012 MEMORANDUM FOR. MR. ANTONY BLINKEN Deputy Assistant to the President and National Security Advisor to the Vice President 004216 THE WHITE HOUSE WASHINGTON MEMORANDUM FOR September 28, 2 012 MR. ANTONY BLINKEN Deputy Assistant to the President and National Security Advisor to the Vice President MR. STEPHEN D. MULL Executive

More information

A Framework to Gauge Cyber Defenses

A Framework to Gauge Cyber Defenses White Paper A Framework to Gauge Cyber Defenses NIST s Cybersecurity Framework Helps Critical Infrastructure Owners to Cost-Effectively Defend National & Economic Security of the U.S. Executive Summary

More information

Resilient and Secure Solutions for the Water/Wastewater Industry

Resilient and Secure Solutions for the Water/Wastewater Industry Insert Photo Here Resilient and Secure Solutions for the Water/Wastewater Industry Ron Allen DA/Central and Steve Liebrecht Rockwell Automation Detroit W/WW Team Leader Your slides here Copyright 2011

More information

Comprehensive European Security Approaches: EU Security Programmes. Robert HAVAS EOS Chairman of the Board

Comprehensive European Security Approaches: EU Security Programmes. Robert HAVAS EOS Chairman of the Board Comprehensive European Security Approaches: EU Security Programmes Robert HAVAS EOS Chairman of the Board INTRODUCTION the EOS Programmes rationale Why implementing EU Security Programmes / ASPIDA approach?

More information

Cyber Incident Annex. Federal Coordinating Agencies. Coordinating Agencies. ITS-Information Technology Systems

Cyber Incident Annex. Federal Coordinating Agencies. Coordinating Agencies. ITS-Information Technology Systems Cyber Incident Annex Coordinating Agencies ITS-Information Technology Systems Support Agencies Mississippi Department of Homeland Security Mississippi Emergency Management Agency Mississippi Department

More information

Communications Sector-Specific Plan An Annex to the National Infrastructure Protection Plan

Communications Sector-Specific Plan An Annex to the National Infrastructure Protection Plan Communications Sector-Specific Plan An Annex to the National Infrastructure Protection Plan 2010 Preface Establishing a strategic framework for protecting the Nation s critical communications infrastructure

More information

Critical Infrastructure Security and Resilience

Critical Infrastructure Security and Resilience U.S. Department of Homeland Security in partnership with the National Coordination Office for Space-Based Positioning, Navigation and Timing Critical Infrastructure Security and Resilience International

More information

Statement of Peter Neffenger. Administrator. Transportation Security Administration. U.S. Department of Homeland Security.

Statement of Peter Neffenger. Administrator. Transportation Security Administration. U.S. Department of Homeland Security. Statement of Peter Neffenger Administrator Transportation Security Administration U.S. Department of Homeland Security before the United States Senate Committee on Commerce, Science, & Transportation April

More information

Get the most out of Public Sector Cyber Security Associations & Collaboration

Get the most out of Public Sector Cyber Security Associations & Collaboration Get the most out of Public Sector Cyber Security Associations & Collaboration Gary Coverdale Chief Information Security Officer County of Napa, CA Stacey A. Wright Intel Manager MS-ISAC Get the most out

More information

cyberr by e-management The Leader in Cybersecurity Risk Intelligence (RI) Cybersecurity Risk: What You Don t Know CAN Hurt You!

cyberr by e-management The Leader in Cybersecurity Risk Intelligence (RI) Cybersecurity Risk: What You Don t Know CAN Hurt You! cyberr by e-management The Leader in Cybersecurity Risk Intelligence (RI) Cybersecurity Risk: What You Don t Know CAN Hurt You! Cybersecurity is all over the news. Target, University of Maryland, Neiman

More information

Nationwide Cyber Security Review (NCSR) Frequently Asked Questions

Nationwide Cyber Security Review (NCSR) Frequently Asked Questions Nationwide Cyber Security Review (NCSR) Frequently Asked Questions Table of Contents NCSR Frequently Asked Questions Nationwide Cyber Security Review (NCSR)... 1 Frequently Asked Questions... 1 1. What

More information