DoD CIO UNCLASSIFIED. DIB CS Program Value-Added

Transcription

1 DoD CIO DoD-Defense Industrial Base Cybersecurity (DIB CS) Information Sharing Program A Public-Private Cybersecurity Partnership Ms. Vicki Michetti Director, DoD-DIB CS Program October,

2 DIB CS Program Value-Added DoD CIO A public-private cybersecurity partnership that: Provides a collaborative environment for sharing unclassified and classified cyber threat information Offers analyst-to-analyst exchanges, mitigation and remediation strategies Provides companies analytic support and forensic malware analysis Increases U.S. Government and industry understanding of cyber threat Enables companies to better protect unclassified defense information on company networks or information systems Protects confidentiality of shared information Mission: Enhance and supplement Defense Industrial Base (DIB) participants capabilities to safeguard DoD information that resides on, or transits, DIB unclassified information systems 2

3 DIB CS Program Eligibility DoD CIO A contractor must be a Cleared Defense Contractor (CDC) and shall: (1) Have an existing active Facility Clearance (FCL) granted under NISPOM (DoD M); (2) Execute the standardized Framework Agreement (FA) with the Government, (3) To receive classified cyber threat information electronically: (i) Have or acquire a Communication Security (COMSEC) account in accordance with the NISPOM Chapter 9, Section 4 (DoD M), which provides procedures and requirements for COMSEC activities; and (ii) Have or acquire approved safeguarding for at least Secret information, and continue to qualify under the NISPOM for retention of its FCL and approved safeguarding; and (iii) Obtain access to DoD's secure voice and data transmission systems supporting the voluntary DoD-DIB CS information sharing program. 3

4 DIB CS Program Participation DoD CIO DIB CS Participants are CDCs: Large, mid, and small-sized defense contractors Sole source providers, market competitors, joint-development partners, supply chain vendors Manufacturers of weapon systems, platforms, and critical parts Federally Funded Research and Development Centers (FFRDCs) Commercial Solution and Service Providers University Affiliated Research Centers 4

5 DIB CS Program Construct DoD CIO Framework Agreement Damage Assessment Information Sharing Reporting and Response 5

6 DoD CIO DIB CS Program Framework Agreement Bilateral agreement between DoD and DIB Partner Initiates unique threat information sharing environment to safeguard cyber threat information and protect company equities Precludes unfair advantage Builds trusted partnership between senior DoD and Corporate senior officials Amendments Wholly-owned Subsidiaries International Business Units 3 rd Party Service Provider 6

7 DIB CS Program Information Sharing DoD CIO The DoD Cyber Crime Center (DC3) implements the DIB CS Program and provides: - Unclassified actionable cyber threat information - Classified contextual information - Mitigation and remediation strategies - Analyst-to-Analyst discussions and other collaboration activities 7

8 DoD CIO DIB CS Program DoD Cyber Crime Center (DC3) A National Cyber Center supporting law enforcement, counterintelligence info assurance & protecting critical infrastructure National Cyber Investigative Joint Task Force (NCIJTF) DoD Cyber Crime Center (DC3) U.S. Cyber Command (USCYBERCOM) Dept of Homeland Security (DHS) Nat l Cybersecurity & Communications Integration Center (NCCIC) NSA/Central Security Service (CSS) Threat Operations Center (NTOC) NCCIC regularly partners with FBI and USSS teams in the same capacity as those from the cyber centers Intelligence Community Incident Response Center (IC-IRC) Cyber Threat Intelligence Integration Center (CTIIC) 8

9 DIB CS Program DC3 Operations DoD CIO Defense Computer Forensics Laboratory (DCFL) Defense Cyber Crime Center Analytical Group (DC3-AG) Defense Cyber Investigations Training Academy (DCITA) Defense Cyber Crime Institute (DCCI) Defense Industrial Base Collaborative Information Sharing Environment (DCISE) 9

10 DoD CIO DIB CS Program DoD-DIB Program Reporting and Response DC3 serves as the single DoD focal point for receiving all cyber incident reporting affecting unclassified networks of DoD contractors DIB companies report cyber incidents within 72 hours of discovery to DC3 at dibnet.dod.mil - DIB CS participants receive a non-attribution version of reported information in nearreal-time - DIB participants receives analytical support and mitigation and remediation strategies DC3 conducts forensic analysis of malicious software (malware) DC3 develops incident trends, best practices and other information useful to DIB CS participants 10

11 DoD CIO DIB CS Program Cyber Incident Reporting by DoD Contractors What is a cyber incident? Defined as actions taken through the use of computer networks that result in a compromise or an actual or potentially adverse effect on an information system and/or the information residing therein Who should report and why? DoD contractors report cyber incidents in accordance with the DFARS Clause DoD contractors report in accordance with other reporting requirements identified in a contract or other agreement. DoD Cloud Service Providers report cyber incidents specified in the clause , Cloud Computing Services DoD-DIB CS Participants voluntarily report cyber incidents for situational awareness 11

12 DoD CIO DIB CS Program DIB Cybersecurity Web Portal Report a Cyber Incident Access to this page requires a DoD-approved medium assurance certificate. For more information please visit the ECA website. Apply to DIB CS Program Cleared defense contractors apply to join the DIB CS Program for voluntary cyber threat information sharing. Access requires a DoDapproved medium assurance certificate. For more information please visit the ECA website. Login to DIB CS Information Sharing Portal Current DIB CS Program participants login to the DIBNet portal. Access requires a DoDapproved medium assurance certificate. For more information please visit the ECA website. DIBNet.dod.mil 12

13 DoD CIO DIB CS Program Modifications to DIB CS Program DoD published revised 32 CFR Part 236, DoD-Defense Industrial Base (DIB) Cybersecurity (CS) Activities Interim Final rule on Oct. 2, Modifies eligibility criteria to permit greater participation in voluntary DoD-DIB Cybersecurity information sharing program: All participating DIB Companies have access to unclassified cyber threat information (DIBNet-U) DIB company may also elect to receive classified cyber threat information electronically (DIBNet-S) - Encourages voluntary cyber incident and indicator reporting by DIB participants for cyber situational awareness that does not meet threshold of mandatory reporting requirements - Aligns with mandatory cyber incident reporting requirements DFARS Case 2013-D018, Network Penetration Reporting and Contracting for Cloud Services - Applies only to Other Types of Agreements (OTAs) 13

14 DoD CIO DIB CS/IA Program Enhanced Cyber Security Services (ECS) ECS is a DHS managed voluntary program that helps U.S. based public and private entities protect their systems from unauthorized access, exploitation, or data exfiltration Shares sensitive and classified government-vetted cyber threat information with qualified Commercial Service Providers (CSPs) and Operational Implementers (OIs) CSPs use cyber threat information to protect their customers OIs use cyber threat information to protect their own networks Two approved countermeasures DNS Sinkholing Filtering Four approved CSPs AT&T: ecs-pmo@list.att.com Centurylink: ecs@centurylink.com Verizon: vz-ecs@one.verizon.com Lockheed Martin: ecs.lm@lmco.com 14

15 DIB CS Program Summary DoD CIO DIB CS program: Creates a trusted sharing environment between DoD and DIB participants Enables DIB CS participants to improve network security and better understand the cyber threat Is a proven public-private cybersecurity partnership Promotes cyber threat sharing between the U.S. Government and Industry 15

16 DIB CS Program Contact Information DoD CIO DIB CS Program: Phone: (703) Toll Free Number: FAX: (571) CFR Part 236: 16