Secure Data Centers For America A SOLUTION TO
|
|
- Victor McBride
- 8 years ago
- Views:
Transcription
1 Secure Data Centers For America A SOLUTION TO A HOMELAND & NATIONAL SECURITY THREAT AGAINST CRITICAL INFRASTRUCTURE AND KEY RESOURCES IN STATE AND LOCAL GOVERNMENTS By Ralph R. Zerbonia and Universe Central Corporation NOTE: This was part of a project planning document I wrote in December 2006 and began using to try and launch a project to attack the problem discussed. It is the text and notes from the selected items in the table of contents, essentially the definition of the problem, our suggested solution and project steps with early preliminary budget figures. I have removed certain portions relating to the partners (of the project) at the time and the letters of support we received in pursuing the concept. In short, due to what is referred to as local control I discovered that the project was untenable and it became defunct without my personal involvement. This document is available only as a warning for what may be. Times have changed since it was written and some very fine work has been done. I am no longer up to date on the subject, though I keep an eye out. I believe that in coming days we will find this threat to be actuated as it already has been, to an even greater Lex Luthor extent, by pirates, terrorists, crooks and countries. Ralph R. Zerbonia 12/30/08, 02/19/09
2 Contents The Problem Definition of the Solution Next steps Generic budget information This document was prepared by Ralph R. Zerbonia. Document and contents remain the property of Ralph R. Zerbonia, and may not be reproduced in any manner. Intellectual Property owned by Ralph R. Zerbonia and Universe Central Corporation. Secure Data Centers For America and SDC and Secure Data Centers For America and SDC stylized logos are trademarks of Universe Central Corporation in the United States and other countries. All other names are trademarks or registered trademarks of their respective holders. The information in this document is subject to change without notice. Printed in the U.S.A Universe Central Corporation The Problem Local government computer operations are under attack on a multiplicity of fronts populated by criminals, terrorists and nation/states. In 2006 the rate of attacks and probes on [business and] government networked computer systems grew at an alarming rate. 1 Equally alarming is the increase in probes and attacks not detected in a timely or effective manner. These incidences are measured only by after-the-fact discovery and reporting. Indicators for this type of activity rose throughout It is axiomatic that there are yet-to-be discovered occurrences of these silent attacks and that their numbers also increased, continuing to always accumulate and grow. Analysis shows an organized intent to these probes and attacks, with foreign nation/state 3 involvement and complicity. 4 There is ample evidence of foreign intelligence/defense agency s aimed at national security and homeland security assets. 5 One measure, detailed in a U.S. 1 Pentagon: Efforts to steal U.S. tech rising 1/03/07 Reuters 2 Brian Krebs, 12/27/2006 Cybercrooks Deliver Trouble Washington Post 3 Annual Report To Congress Military Power of the People s Republic of China 2006 Office of the Secretary of Defense, Department of Defense page Lisa Myers & the NBC Investigative Unit 11/20/06 U.S. worries about Chinese espionage MSNBC.com 5 Technology Collection Trends in the U.S. Defense Industry 2006 Report published by the U.S. Defense Security Service Counterintelligence Office
3 Pentagon report reveals that over 88% of the occurrences originated from five interconnected regions: East Asia, the Pacific, Near East, Eurasia and South Asia. The whole of Africa and the Western Hemisphere, (not including the United States) accounted for the remaining 11.5 percent. 6 A common and ever-increasing form of computer network/server attacks is the probe. As their name suggests, probe attacks covertly seek out vulnerabilities and weaknesses, points-for-attack in a hosted (networked) system. Automated for unlimited usability, yet designed to remain undetected while carrying out a reconnaissance mission, these probes will continue to report back weaknesses and potential vulnerabilities, cataloguing these points-for-attack, for use by the attacker when they choose. It is hard to overstate the ominous significance and potential-to-harm of such probe attacks. 7 With the virtually unlimited computing resources available to foreign powers, these probe attacks become not just a highly developed intelligence tool but also a military weapon. 8 With infinite automated pre-programmed patience, a probe secretly and silently catalogs critical and non-critical vulnerabilities for a day in the future, when the assembled catalog becomes a target list. This target list can be exploited in any number of ways, efficiently betraying any and all of the discovered vulnerabilities, individually and custom designed to wreak maximum havoc, even in timed conjunction with other (physical, economic, political, criminal, etc.) launched attacks Of the over 74,000 local government entities in the United States, very few have adequate equipment and personnel budgets to secure themselves in any adequate way. Even more important, almost none have the knowledge and expertise to defend their operations against the nation/state probe attacks. 6 Ibid 7 Ben Worthen, 10/1/05 The Sky Really Is Falling Interview with Ed Lazowska Co-chair of the President s Information Technology Advisory Committee published in CIO Magazine 8 David C. Gompert, Autumn 1998, National Security in the Information Age Naval War College Review 9 Ibid 10 Lt. General Kenneth Minihan, Director, National Security Agency, November 1998, Defending the Nation Against Cyber Attack USIA Electronic Journal
4 The U.S. Dept. of Homeland Security has designated these local government operations as Critical Infrastructure and Key Resources. These local government units run everything in daily life from water supply to emergency response to real property financial records to justice and penal systems. While there are many sensitive areas within the workflow of local government that are highly vulnerable, there are also greater risks when one considers the possibility of the disruption of that daily life within the context of other simultaneous attacks against the nation. Most of the solutions proposed for this area of homeland security have centered on the protection of data alone. We suggest that is not sufficient in an increasingly electronic society: there must be a more complete protection of the local government system, its applications, hardware and software as well as the data itself, in real time, and with no downtime. Consider that each and every computer that has Internet access, or phone line access, or comes in contact with another computer that has any such access is immediately vulnerable to manipulation of varying degrees by criminal and political nation/state enemies. This threat includes not just the data, but the operating systems, application software, and hardware. Because of low local funding availability/priority, lack of high-level cybersecurity expertise and lack of physical and operational security and expertise, local government critical infrastructure and key resources are vulnerable and are in clear and present danger. The source of the danger is such (nation/state 13 ), that the local government entities are inevitably unable to fashion any credible defense. Definition of the solution: Against nation/state level of attacks there must be a nation/state level of cyberdefense. The solution is to create a set of secure data centers, utilizing existing full security and information technology best practices from the IT industry, with federal level oversight and 11 As a Critical Infrastructure Sector, from a U.S. Department of Homeland Security publication: 2003, THE NATIONAL STRATEGY FOR PHYSICAL PROTECTION OF CRITICAL INFRSTARUCTURES AND KEY ASSETS. 12 National Infrastructure Protection Plan 2006 U.S. Dept. of Homeland Security 13 Annual Report To Congress Military Power of the People s Republic of China 2006 Office of the Secretary of Defense, Department of Defense
5 protection. This integrates well with Federal Homeland Security goals and objectives for local and state government. Secure Data Centers for America, a non-profit government services corporation, will develop secure data centers for local government entities and their computer operations providing high level secure hosting and the provision of security oversight. Federal and state involvement in cybersecurity protection and defense will be fully integrated, providing the economy of knowledge currently unavailable. This proposal seeks to consolidate local government server room operations into these centers, using the economies of scale and scope now available to provide the same/better information technology services and an increased security quality, at a lesser cost than local governments are currently paying. As this nation/state level of cyberdefense is primarily knowledge and best practices oriented and already is an existing process for many federal government information system defense systems, it is without a need for scale, and can be easily provided and used, to identified and enabled systems without additional effort or cost other than those incurred in its original creation. This means that if you consolidate the (74,000) local government units computer server room operations) into a much smaller order number (10) of service delivery centers, you can use the already available and superior federal knowledge to create and maintain cyberdefense for the whole. This plan would assist the U.S. Department of Homeland Security in the performance of several key goals of The National Strategy to Secure Cyberspace, especially those covered under Priority IV Section C State and Local Governments. 14 The Dept. of Homeland Security has been charged with providing a focal point for federal outreach to state, local, and nongovernmental organizations. 15 The mission of this program is consistent with and integrates into the five National Priorities of the Federal program. 16 Additionally this project assists in the achievement of goals and objectives stated in 2006 Homeland Security National Infrastructure Protection Plan The business model is to utilize existing federal/state grants to build the secure data centers and bring the operating plan to where a critical mass of local government communities then begin paying a consortium-like fee for service to cover all costs. It is expected that such fee for service 14 The National Strategy To Secure Cyberspace February 2003 U.S. Department of Homeland Security 15 Ibid Page x. Executive Summary 16 Ibid Page x. Executive Summary
6 will be less than what the local government is currently paying for similar service even without the added benefit of high level effective security. The initial steps would involve the creation of two secure data centers, the number of centers expanding with local government integration up to an including virtually all local government server room operations and server based operations. It is currently estimated that several thousand local technology jobs will be created at each location, with an annual pay range of $40- $50, annually, with benefits and ongoing skill training. Next steps: Phase 1 - Acquire funding to deliver a full project proposal document. The project requires funding to produce a project proposal document describing the plan and approach of the project as well as the detailed roles of the major partners and contractors to the project: Inclusive of merit evaluation, development of business models, project management plan to carry out the planning process and a description of phases and deliverable of the overall project and its ongoing operations as well as planning for development of process and procedure. Phase 2 - Acquire funding to deliver project specification and bid documents; Upon delivery of Phase 1, the project can proceed to the development of detailed engineering and specifications, operational processes and procedures, and necessary bid documentation. Inclusive of an Overall Project Plan, design specifications and bid process documentation for: Best Practices Management Plan, Service Levels Documentation, project management process, knowledge management plan and process, and Evaluation process plan, IT Operations documentation, Security, Physical Infrastructure, Staffing, Administration, Command and Control and integration with existing federal Homeland Security planning/operations. Phase 3 - Acquire funding to build initial two centers in two separated locations.
7 The initial proposal is to build two geographically separated secure data centers. The project headquarters and 1 st site is proposed to be located in northeast Ohio. The Ohio Supercomputer Center provides this northeast Ohio location with multiple 2 nd location possibilities as they have direct connections with other supercomputer centers. It is anticipated that each secure data center will be in partnership with a supercomputer center. Each facility will require large sites with adequate space for security provisioning. Additionally, sites with water and/or other non-traditional power generation potentials are favored. Generic budget information Phase 1 Development of project definition and planning documents, project proposal documents, overall project and operational plan, a clearer estimate of Phase 2 & 3 costs - $175,000 - $325,000. Phase 2.a Project Specifications & Bid Documents including full security and data center engineering - estimated - $1,500, $2,250,000. Engineering and documentation for multiple areas of secure data center construction. Phase 2.b Operations process and procedures specifications and budget estimates including staffing and organization parameters - estimated - $1,000, $2,000,000. Best Practices management, Operations management, process and procedure. Phase 3 Build initial two secure data centers in two separated geographical areas to delivered specifications - estimated - $400,000, $500,000,000. Land, bricks, security, equipment, construction and initial startup.
Confrontation or Collaboration?
Confrontation or Collaboration? Congress and the Intelligence Community Cyber Security and the Intelligence Community Eric Rosenbach and Aki J. Peritz Cyber Security and the Intelligence Community The
More informationCOUNTERINTELLIGENCE. Protecting Key Assets: A Corporate Counterintelligence Guide
COUNTERINTELLIGENCE O F F I C E O F T H E N A T I O N A L C O U N T E R I N T E L L I G E N C E Protecting Key Assets: A Corporate Counterintelligence Guide E X E C U T I V E Counterintelligence for the
More informationWRITTEN TESTIMONY OF
WRITTEN TESTIMONY OF KEVIN MANDIA CHIEF EXECUTIVE OFFICER MANDIANT CORPORATION BEFORE THE SUBCOMMITTEE ON CRIME AND TERRORISM JUDICIARY COMMITTEE UNITED STATES SENATE May 8, 2013 Introduction Thank you
More informationAppendix A: Gap Analysis Spreadsheet. Competency and Skill List. Critical Thinking
Appendix A: Gap Analysis Spreadsheet Competency and Skill List Competency Critical Thinking Data Collection & Examination Communication & Collaboration Technical Exploitation Information Security Computing
More informationDHS, National Cyber Security Division Overview
DHS, National Cyber Security Division Overview Hun Kim, Deputy Director Strategic Initiatives Information Analysis and Infrastructure Protection Directorate www.us-cert.gov The strategy of DHS, as defined
More informationRemarks by. Thomas J. Curry Comptroller of the Currency. Before a Meeting of CES Government. Washington, DC April 16, 2014
Remarks by Thomas J. Curry Comptroller of the Currency Before a Meeting of CES Government Washington, DC April 16, 2014 Good afternoon. It s a pleasure to finally be here with you. I had very much hoped
More informationA Detailed Strategy for Managing Corporation Cyber War Security
A Detailed Strategy for Managing Corporation Cyber War Security Walid Al-Ahmad Department of Computer Science, Gulf University for Science & Technology Kuwait alahmed.w@gust.edu.kw ABSTRACT Modern corporations
More informationThe Senior Executive s Role in Cybersecurity. By: Andrew Serwin and Ron Plesco.
The Senior Executive s Role in Cybersecurity. By: Andrew Serwin and Ron Plesco. 1 Calling All CEOs Are You Ready to Defend the Battlefield of the 21st Century? It is not the norm for corporations to be
More informationCyber Incident Annex. Cooperating Agencies: Coordinating Agencies:
Cyber Incident Annex Coordinating Agencies: Department of Defense Department of Homeland Security/Information Analysis and Infrastructure Protection/National Cyber Security Division Department of Justice
More informationHigh Level Cyber Security Assessment 2/1/2012. Assessor: J. Doe
2/1/2012 Assessor: J. Doe Disclaimer This report is provided as is for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information
More informationSTATEMENT BY DAVID DEVRIES PRINCIPAL DEPUTY DEPARTMENT OF DEFENSE CHIEF INFORMATION OFFICER BEFORE THE
STATEMENT BY DAVID DEVRIES PRINCIPAL DEPUTY DEPARTMENT OF DEFENSE CHIEF INFORMATION OFFICER BEFORE THE HOUSE OVERSIGHT AND GOVERNMENT REFORM COMMITTEE S INFORMATION TECHNOLOGY SUBCOMMITTEE AND THE VETERANS
More informationENISA s Study on the Evolving Threat Landscape. European Network and Information Security Agency
ENISA s Study on the Evolving Threat Landscape European Network and Information Security Agency Agenda Introduction to ENISA Preliminary remarks The ENISA report Major findings Conclusions 2 ENISA The
More informationGAO CRITICAL INFRASTRUCTURE PROTECTION. Significant Challenges in Developing Analysis, Warning, and Response Capabilities.
GAO United States General Accounting Office Testimony Before the Subcommittee on Technology, Terrorism and Government Information, Committee on the Judiciary, U.S. Senate For Release on Delivery Expected
More informationNATIONAL STRATEGY FOR GLOBAL SUPPLY CHAIN SECURITY
NATIONAL STRATEGY FOR GLOBAL SUPPLY CHAIN SECURITY JANUARY 2012 Table of Contents Executive Summary 1 Introduction 2 Our Strategic Goals 2 Our Strategic Approach 3 The Path Forward 5 Conclusion 6 Executive
More informationCybersecurity: Mission integration to protect your assets
Cybersecurity: Mission integration to protect your assets C Y B E R S O L U T I O N S P O L I C Y O P E R AT I O N S P E O P L E T E C H N O L O G Y M A N A G E M E N T Ready for what s next Cyber solutions
More informationKeynote: FBI Wednesday, February 4 noon 1:10 p.m.
Keynote: FBI Wednesday, February 4 noon 1:10 p.m. Speaker: Leo Taddeo Special Agent in Change, Cyber/Special Operations Division Federal Bureau of Investigation Biography: Leo Taddeo Leo Taddeo is the
More informationHow To Write A National Cybersecurity Act
ROCKEFELLER SNOWE CYBERSECURITY ACT SUBSTITUTE AMENDMENT FOR S.773 March 17, 2010 BACKGROUND & WHY THIS LEGISLATION IS IMPORTANT: Our nation is at risk. The networks that American families and businesses
More informationGAO CYBERSECURITY. Progress Made but Challenges Remain in Defining and Coordinating the Comprehensive National Initiative
GAO United States Government Accountability Office Report to Congressional Requesters March 2010 CYBERSECURITY Progress Made but Challenges Remain in Defining and Coordinating the Comprehensive National
More informationDr. Starnes E. Walker Founding Director, Cybersecurity Initiative starnes@udel.edu (302) 831 1580
Dr. Starnes E. Walker Founding Director, Cybersecurity Initiative starnes@udel.edu (302) 831 1580 The Cybersecurity Initiative was established at the University of Delaware in 2014 as an integrated learning
More informationCyber Incident Annex. Federal Coordinating Agencies. Coordinating Agencies. ITS-Information Technology Systems
Cyber Incident Annex Coordinating Agencies ITS-Information Technology Systems Support Agencies Mississippi Department of Homeland Security Mississippi Emergency Management Agency Mississippi Department
More informationCYBER SECURITY AND CYBER DEFENCE IN THE EUROPEAN UNION OPPORTUNITIES, SYNERGIES AND CHALLENGES
CYBER SECURITY AND CYBER DEFENCE IN THE EUROPEAN UNION OPPORTUNITIES, SYNERGIES AND CHALLENGES By Wolfgang Röhrig, Programme Manager Cyber Defence at EDA and Wg Cdr Rob Smeaton, Cyber Defence Staff Officer
More informationCyberSecurity Solutions. Delivering
CyberSecurity Solutions Delivering Confidence Staying One Step Ahead Cyber attacks pose a real and growing threat to nations, corporations and individuals globally. As a trusted leader in cyber solutions
More informationNATIONAL CYBERSECURITY STRATEGIES: AUSTRALIA AND CANADA
NATIONAL CYBERSECURITY STRATEGIES: AUSTRALIA AND CANADA JOÃO MANUEL ASSIS BARBAS Coronel de Artilharia. Assessor de Estudos do IDN INTRODUCTION Globalization and information and communication technologies
More informationStatement for the Record. Richard Bejtlich. Chief Security Strategist. FireEye, Inc. Before the. U.S. House of Representatives
Statement for the Record Richard Bejtlich Chief Security Strategist FireEye, Inc. Before the U.S. House of Representatives Committee on Energy and Commerce Subcommittee on Oversight and Investigations
More informationIssue Paper. Wargaming Homeland Security and Army Reserve Component Issues. By Professor Michael Pasquarett
Issue Paper Center for Strategic Leadership, U.S. Army War College May 2003 Volume 04-03 Wargaming Homeland Security and Army Reserve Component Issues By Professor Michael Pasquarett Background The President
More informationCybersecurity on a Global Scale
Cybersecurity on a Global Scale Time-tested Leadership A global leader for more than a century with customers in 80 nations supported by offices in 19 countries worldwide, Raytheon recognizes that shared
More informationLegislative Language
Legislative Language SECTION 1. DEPARTMENT OF HOMELAND SECURITY CYBERSECURITY AUTHORITY. Title II of the Homeland Security Act of 2002 (6 U.S.C. 121 et seq.) is amended (a) in section 201(c) by striking
More informationCyber Threat Intelligence and Incident Coordination Center (C 3 ) Protecting the Healthcare Industry from Cyber Attacks
Cyber Threat Intelligence and Incident Coordination Center (C 3 ) Protecting the Healthcare Industry from Cyber Attacks July 2014 Cyber Threat Intelligence and Incident Coordination Center: Protecting
More informationCENTRE FOR STRATEGIC CYBERSPACE + SECURITY SCIENCE LEADERSHIP. RESEARCH. DEFENCE.
CSCSS CENTRE FOR STRATEGIC CYBERSPACE + SECURITY SCIENCE LEADERSHIP. RESEARCH. DEFENCE. CSCSS CENTRE FOR STRATEGIC CYBERSPACE + SECURITY SCIENCE The early 21st century has been defined by the Internet,
More informationEverything You Wanted to Know about DISA STIGs but were Afraid to Ask
Everything You Wanted to Know about DISA STIGs but were Afraid to Ask An EiQ Networks White Paper 2015 EiQ Networks, Inc. All Rights Reserved. EiQ, the EiQ logo, the SOCVue logo, SecureVue, ThreatVue,
More informationThe FBI Cyber Program. Bauer Advising Symposium //UNCLASSIFIED
The FBI Cyber Program Bauer Advising Symposium October 11, 2012 Today s Agenda What is the threat? Who are the adversaries? How are they attacking you? What can the FBI do to help? What can you do to stop
More informationwww.pwc.com Developing a robust cyber security governance framework 16 April 2015
www.pwc.com Developing a robust cyber security governance framework 16 April 2015 Cyber attacks are ubiquitous Anonymous hacker group declares cyber war on Hong Kong government, police - SCMP, 2 October
More informationHomeland Security: Information Assurance Challenges and Opportunities. Building the National Cyber Security Division
Homeland Security: Information Assurance Challenges and Opportunities Building the National Cyber Security Division The Homeland Security Act and national strategies direct DHS to take the lead on cyber
More informationcyber Threat Intelligence - A Model for the 21st Century
HOW DO YOU CREATE A WORLD FINANCIAL COMMUNITY THAT IS RESILIENT IN THE FACE OF CYBER-SECURITY, CYBER-ESPIONAGE, AND HACKING? Biographies of Authors William Abbott Foster, PhD is a Senior Research Associate
More informationPreventing and Defending Against Cyber Attacks November 2010
Preventing and Defending Against Cyber Attacks November 2010 The Nation s first ever Quadrennial Homeland Security Review (QHSR), delivered to Congress in February 2010, identified safeguarding and securing
More informationOne Hundred Twelfth Congress of the United States of America
S. 3454 One Hundred Twelfth Congress of the United States of America AT THE SECOND SESSION Begun and held at the City of Washington on Tuesday, the third day of January, two thousand and twelve An Act
More informationCybersecurity, Foreign Policy, and Business
Summary Report Cybersecurity, Foreign Policy, and Business Washington, DC Workshop January 11, 2011 8:00 a.m. 3:00 p.m. In early 2011, the Council on Foreign Relations held a workshop focused on the intersection
More informationStatement of Gil Vega. Associate Chief Information Officer for Cybersecurity and Chief Information Security Officer. U.S. Department of Energy
Statement of Gil Vega Associate Chief Information Officer for Cybersecurity and Chief Information Security Officer U.S. Department of Energy Before the Subcommittee on Oversight and Investigations Committee
More informationDETECT. LEARN. ADAPT. DEFEND. WIN EVERY ATTACK.
DETECT. LEARN. ADAPT. DEFEND. WIN EVERY ATTACK. A Brief History of IT Security Once upon a time, IT security was simple. Viruses were written to attack any system they came in contact with. As a result,
More informationGAO. IT SUPPLY CHAIN Additional Efforts Needed by National Security- Related Agencies to Address Risks
GAO For Release on Delivery Expected at 10:00 a.m. EDT Tuesday, March 27, 2012 United States Government Accountability Office Testimony Before the Subcommittee on Oversight and Investigations, Committee
More informationMiddle Class Economics: Cybersecurity Updated August 7, 2015
Middle Class Economics: Cybersecurity Updated August 7, 2015 The President's 2016 Budget is designed to bring middle class economics into the 21st Century. This Budget shows what we can do if we invest
More informationIndustrial Cyber Security Risk Manager. Proactively Monitor, Measure and Manage Cyber Security Risk
Industrial Cyber Security Risk Manager Proactively Monitor, Measure and Manage Cyber Security Risk With Today s Cyber Threats, How Secure is Your Control System? Today, industrial organizations are faced
More informationJOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015
JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015 The following consists of the joint explanatory statement to accompany the Cybersecurity Act of 2015. This joint explanatory statement
More informationThe Comprehensive National Cybersecurity Initiative
The Comprehensive National Cybersecurity Initiative President Obama has identified cybersecurity as one of the most serious economic and national security challenges we face as a nation, but one that we
More informationDIVISION N CYBERSECURITY ACT OF 2015
H. R. 2029 694 DIVISION N CYBERSECURITY ACT OF 2015 SEC. 1. SHORT TITLE; TABLE OF CONTENTS. (a) SHORT TITLE. This division may be cited as the Cybersecurity Act of 2015. (b) TABLE OF CONTENTS. The table
More informationSurvey of Cyber Security Frameworks
Survey of Cyber Security Frameworks Alice Nambiro Wechuli (Department of Computer Science, Masinde Muliro University of Science and Technology, Kenya alicenambiro@yahoo.com) Geoffrey Muchiri Muketha (Department
More informationHow To Audit The Mint'S Information Technology
Audit Report OIG-05-040 INFORMATION TECHNOLOGY: Mint s Computer Security Incident Response Capability Needs Improvement July 13, 2005 Office of Inspector General Department of the Treasury Contents Audit
More informationCyber Adversary Characterization. Know thy enemy!
Cyber Adversary Characterization Know thy enemy! Brief History of Cyber Adversary Modeling Mostly Government Agencies. Some others internally. Workshops DARPA 2000 Other Adversaries, RAND 1999-2000 Insider
More informationAdvanced Threat Protection with Dell SecureWorks Security Services
Advanced Threat Protection with Dell SecureWorks Security Services Table of Contents Summary... 2 What are Advanced Threats?... 3 How do advanced threat actors operate?... 3 Addressing the Threat... 5
More informationCyber Information-Sharing Models: An Overview
PARTNERSHIP Cyber Information-Sharing Models: An Overview October 2012. The MITRE Corporation. All rights reserved. Approved for Public Release. Case Number 11-4486. Distribution Unlimited. Table of Contents
More informationA Community Position paper on. Law of CyberWar. Paul Shaw. 12 October 2013. Author note
A Community Position paper on Law of CyberWar Paul Shaw 12 October 2013 Author note This law and cyberwar paper / quasi-treatise was originally written for a course in a CISO certification curriculum,
More informationSince creation of the first interconnected computer network in
Lt Col August G. Roesener, PhD, USAF Maj Carl Bottolfson, USAF CDR Gerry Fernandez, USN Since creation of the first interconnected computer network in 1969 as an Advanced Research Projects Agency endeavor,
More informationChairman Johnson, Ranking Member Carper, and Members of the committee:
UNITED STATES OFFICE OF PERSONNEL MANAGEMENT STATEMENT OF THE HONORABLE KATHERINE ARCHULETA DIRECTOR U.S. OFFICE OF PERSONNEL MANAGEMENT before the COMMITTEE ON HOMELAND SECURITY AND GOVERNMENTAL AFFAIRS
More informationSTATEMENT OF MR. THOMAS ATKIN ACTING ASSISTANT SECRETARY OF DEFENSE FOR HOMELAND DEFENSE AND GLOBAL SECURITY OFFICE OF THE SECRETARY OF DEFENSE;
STATEMENT OF MR. THOMAS ATKIN ACTING ASSISTANT SECRETARY OF DEFENSE FOR HOMELAND DEFENSE AND GLOBAL SECURITY OFFICE OF THE SECRETARY OF DEFENSE; LIEUTENANT GENERAL JAMES K. MCLAUGHLIN DEPUTY COMMANDER,
More informationTrends Concerning Cyberspace
Section 2 Trends Concerning Cyberspace 1 Cyberspace and Security Owing to the information technology (IT) revolution in recent years, information and communication networks such as the Internet are becoming
More informationDeveloping a Mature Security Operations Center
Developing a Mature Security Operations Center Introduction Cybersecurity in the federal government is at a crossroads. Each month, there are more than 1.8 billion attacks on federal agency networks, and
More informationFBI AND CYBER SECURITY
FBI AND CYBER SECURITY SSA John Caruthers SSA Ken Schmutz SSA Tom Winterhalter Mission The FBI is the only U.S. agency charged with the authority to investigate both criminal and national security investigations.
More informationU.S. Department of Energy Office of Inspector General Office of Audits & Inspections. Evaluation Report
U.S. Department of Energy Office of Inspector General Office of Audits & Inspections Evaluation Report The Department's Unclassified Cyber Security Program - 2012 DOE/IG-0877 November 2012 MEMORANDUM FOR
More informationCyberterror. Cyberspace computer-mediated communication systems has become a battleground between states and terrorists, and among nation states.
Cyberterror Cyberspace computer-mediated communication systems has become a battleground between states and terrorists, and among nation states. What are terrorists main uses of cyberspace? How does cyberterror
More informationTestimony of Matthew Rhoades Director Cyberspace & Security Program Truman National Security Project & Center for National Policy
Testimony of Matthew Rhoades Director Cyberspace & Security Program Truman National Security Project & Center for National Policy House Committee on Homeland Security Subcommittee on Cybersecurity, Infrastructure
More informationSTATEMENT OF JOSEPH M. DEMAREST, JR. ASSISTANT DIRECTOR CYBER DIVISION FEDERAL BUREAU OF INVESTIGATION
STATEMENT OF JOSEPH M. DEMAREST, JR. ASSISTANT DIRECTOR CYBER DIVISION FEDERAL BUREAU OF INVESTIGATION BEFORE THE SUBCOMMITTEE ON CRIME AND TERRORISM COMMITTEE ON JUDICIARY UNITED STATES SENATE ENTITLED:
More informationDefending Against Data Beaches: Internal Controls for Cybersecurity
Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity
More informationThe Importance of Cybersecurity Monitoring for Utilities
The Importance of Cybersecurity Monitoring for Utilities www.n-dimension.com Cybersecurity threats against energy companies, including utilities, have been increasing at an alarming rate. A comprehensive
More information2 Gabi Siboni, 1 Senior Research Fellow and Director,
Cyber Security Build-up of India s National Force 2 Gabi Siboni, 1 Senior Research Fellow and Director, Military and Strategic Affairs and Cyber Security Programs, Institute for National Security Studies,
More informationSubject: Critical Infrastructure Identification, Prioritization, and Protection
For Immediate Release Office of the Press Secretary The White House December 17, 2003 Homeland Security Presidential Directive / HSPD-7 Subject: Critical Infrastructure Identification, Prioritization,
More informationActions and Recommendations (A/R) Summary
Actions and Recommendations (A/R) Summary Priority I: A National Cyberspace Security Response System A/R 1-1: DHS will create a single point-ofcontact for the federal government s interaction with industry
More informationOffice of Emergency Communications (OEC) Mobile Applications for Public Safety (MAPS)
Office of Emergency Communications (OEC) Mobile Applications for Public Safety (MAPS) PSCR Public Safety Broadband Stakeholder Conference June 4 th, 2014 Alex Kreilein Technology Policy Strategist Office
More informationDecember 17, 2003 Homeland Security Presidential Directive/Hspd-7
For Immediate Release Office of the Press Secretary December 17, 2003 December 17, 2003 Homeland Security Presidential Directive/Hspd-7 Subject: Critical Infrastructure Identification, Prioritization,
More informationHanh Do, Director, Information System Audit Division, GAA. SUBJECT: Review of HUD s Information Technology Contingency Planning and Preparedness
Issue Date: August 31, 2006 Audit Report Number 2006-DP-0005 TO: Lisa Schlosser, Chief Information Officer, A FROM: Hanh Do, Director, Information System Audit Division, GAA SUBJECT: Review of HUD s Information
More informationFederal Bureau of Investigation. Los Angeles Field Office Computer Crime Squad
Federal Bureau of Investigation Los Angeles Field Office Computer Crime Squad Overview FBI and Infrastructure Protection Cyber Crime Cases Cyber Law What to do Infrastructure Protection: Traditional Threat
More informationWORLDWIDE SECURITY PROTECTION
Worldwide Security Protection Resource Summary ($ in thousands) Appropriations FY 2008 Actual FY 2009 Estimate FY 2010 Request Increase / Decrease Positions 1,458 1,558 1,898 340 Funds 1,178,938 1,313,383
More informationC ETS C/ETS: CYBER INTELLIGENCE + ENTERPRISE SOLUTIONS CSCSS / ENTERPRISE TECHNOLOGY + SECURITY
CSCSS / ENTERPRISE TECHNOLOGY + SECURITY C/ETS: CYBER INTELLIGENCE + ENTERPRISE SOLUTIONS CENTRE FOR STRATEGIC CSCSS CYBERSPACE + SECURITY SCIENCE CSCSS / ENTERPRISE TECHNOLOGY + SECURITY GROUP Information
More informationCorporate Spying An Overview
Corporate Spying An Overview With the boom in informational and technological advancements in recent years, there comes the good and the bad the bad being more susceptibility to the theft of confidential
More informationDefense Security Service
Defense Security Service Defense Security Service Cybersecurity Operations Division Counterintelligence UNCLASSIFIED Defense Security Service DSS Mission DSS Supports national security and the warfighter,
More informationManaging SSL Certificates with Ease
WHITE PAPER: MANAGING SSL CERTIFICATES WITH EASE White Paper Managing SSL Certificates with Ease Best Practices for Maintaining the Security of Sensitive Enterprise Transactions Managing SSL Certificates
More informationStatement for the Record by. Dr. Donald M. Kerr. Director, National Reconnaissance Office, Nominee for the Position of
Statement for the Record by Dr. Donald M. Kerr Director, National Reconnaissance Office, Nominee for the Position of Principal Deputy Director of National Intelligence, before the Senate Select Committee
More informationThe Geospatial Approach to Cybersecurity: An Executive Overview. An Esri White Paper January 2014
The Geospatial Approach to Cybersecurity: An Executive Overview An Esri White Paper January 2014 Copyright 2014 Esri All rights reserved. Printed in the United States of America. The information contained
More informationAddressing FISMA Assessment Requirements
SOLUTION BRIEF Heeding FISMA s Call for Security Metrics and Continuous Network Monitoring Addressing FISMA Assessment Requirements Using RedSeal november 2011 WHITE PAPER RedSeal Networks, Inc. 3965 Freedom
More informationCybersecurity Delivering Confidence in the Cyber Domain
Cybersecurity Delivering Confidence in the Cyber Domain With decades of intelligence and cyber expertise, Raytheon offers unmatched, full-spectrum, end-to-end cyber solutions that help you secure your
More informationCybersecurity and United States Policy Issues
Global Security Studies, Summer 2014, Volume 5, Issue 3 Cybersecurity and United States Policy Issues Cristina Berriz Peace, War and Defense Program University of North Carolina at Chapel Hill Chapel Hill,
More informationGOOD SECURITY IS A GROUP EFFORT
THE OFFICE OF SECURITY Operations Security (OPSEC) GOOD SECURITY IS A GROUP EFFORT Operations Security (OPSEC) "Even minutiae should have a place in our collection, for things of a seemingly trifling nature,
More informationDEPARTMENT OF DEFENSE 6000 DEFENSE PENTAGON WASHINGTON, D.C. 20301-6000
DEPARTMENT OF DEFENSE 6000 DEFENSE PENTAGON WASHINGTON, D.C. 20301-6000 CHIEF INFORMATION OFFICER December 9, 2015 MEMORANDUM FOR SECRETARIES OF THE MILITARY DEPARTMENTS CHAIRMAN OF THE JOINT CHIEFS OF
More informationGuy Ron Managing Director, Bayon Security guyron@bayoncon.com
Guy Ron Managing Director, Bayon Security guyron@bayoncon.com About Me Started my career at the Israeli Defense Forces developing mission critical solutions for the Air Force and retiring as a Captain
More informationState of Security Survey GLOBAL FINDINGS
2011 State of Security Survey GLOBAL FINDINGS CONTENTS Introduction... 4 Methodology... 6 Finding 1: Cybersecurity is important to business... 8 Finding 2: The drivers of security are changing... 10 Finding
More informationDepartment of Defense DIRECTIVE
Department of Defense DIRECTIVE NUMBER 3020.40 January 14, 2010 Incorporating Change 2, September 21, 2012 USD(P) SUBJECT: DoD Policy and Responsibilities for Critical Infrastructure References: See Enclosure
More informationDEPARMTMENT OF HOMELAND SECURITY AUTHORIZATION BILL FOR FY 2008 AND FY 2009 SECTION-BY-SECTION
DEPARMTMENT OF HOMELAND SECURITY AUTHORIZATION BILL FOR FY 2008 AND FY 2009 SECTION-BY-SECTION TITLE I: AUTHORIZATION OF APPROPRIATIONS Sec. 101. Authorization of Appropriations. This section authorizes
More informationU.S. Department of Energy Office of Inspector General Office of Audits and Inspections
U.S. Department of Energy Office of Inspector General Office of Audits and Inspections Audit Report The Department's Configuration Management of Non-Financial Systems OAS-M-12-02 February 2012 Department
More informationComputer Network Security & Privacy Protection
Overview Computer Network Security & Privacy Protection The Nation s electronic information infrastructure is vital to the functioning of the Government as well as maintaining the Nation s economy and
More informationInternet Security. Submitted Testimony of Dave McCurdy President Electronic Industries Alliance
Internet Security Submitted Testimony of Dave McCurdy President Electronic Industries Alliance For the Subcommittee on Science, Technology and Space for the Senate Commerce Committee Monday, July 16, 2001
More informationUnderstanding ZDI: Separating Fact from Fiction WHITE PAPER
Understanding ZDI: Separating Fact from Fiction WHITE PAPER Contents Introduction... 1 Background... 1 Rise in Zero Day Vulnerabilities... 2 Enter the Zero Day Initiative (ZDI)... 2 The ZDI Process...
More informationEnergy Industry Cybersecurity Report. July 2015
Energy Industry Cybersecurity Report July 2015 Energy Industry Cybersecurity Report INTRODUCTION Due to information sharing concerns, energy industry cybersecurity information is not readily available.
More informationTHE drop cap white spread is the chartacter style to use for the drop cap. Use this masater
Headline White, Etc. Etc. Etc. Cybersecurity: Subhead Main White Byline White Program Managers Have Questions. Got Answers? THE drop cap white spread is the chartacter style to use for the drop cap. Use
More informationHow To Manage A Network Security Risk
Scanless Vulnerability Assessment: Skybox Security whitepaper July 2014 1 Overview Vulnerability scanning, or the process of identifying a list of known security gaps in the network environment, is the
More informationCombatting the Biggest Cyber Threats to the Financial Services Industry. A White Paper Presented by: Lockheed Martin Corporation
Combatting the Biggest Cyber Threats to the Financial Services Industry A White Paper Presented by: Lockheed Martin Corporation Combatting the Biggest Cyber Threats to the Financial Services Industry Combatting
More informationC DIG COMMITTED TO EXCELLENCE IN CYBER DEFENCE. ONE MISSION. ONE GROUP. CSCSS / DEFENCE INTELLIGENCE GROUP
C DIG CSCSS / DEFENCE INTELLIGENCE GROUP COMMITTED TO EXCELLENCE IN CYBER DEFENCE. ONE MISSION. ONE GROUP. CENTRE FOR STRATEGIC CSCSS CYBERSPACE + SECURITY SCIENCE C DIG CSCSS / DEFENCE INTELLIGENCE GROUP
More informationGAO. INFORMATION SECURITY Persistent Weaknesses Highlight Need for Further Improvement
GAO For Release on Delivery Expected at time 1:00 p.m. EDT Thursday, April 19, 2007 United States Government Accountability Office Testimony Before the Subcommittee on Emerging Threats, Cybersecurity,
More informationThomas J. Schlagel Chief Information Officer, BNL
Thomas J. Schlagel Chief Information Officer, BNL PhD in Nuclear Physics from the University of Illinois at Urbana-Champaign in 1990 Joined BNL in 1990 as a Postdoctoral Associate in the Nuclear Theory
More informationPreparing Millennials to Lead in Cyberspace
Preparing Millennials to Lead in Cyberspace A Raytheon-commissioned study of attitudes, behaviors and career aspirations among young American adults online Overview Today s Highly Connected and networked
More informationCyber threats are growing.
Cyber threats are growing. So are your career opportunities. Put the future of your cybersecurity career in the hands of a respected online education leader. Everything you need to succeed. Excelsior College
More information