Get the most out of Public Sector Cyber Security Associations & Collaboration Gary Coverdale Chief Information Security Officer County of Napa, CA Stacey A. Wright Intel Manager MS-ISAC
Get the most out of Public Sector Cyber Security Associations Public Support: MS-ISAC/CIS C-Cube (C3) InfraGard Regional Fusion Centers & Collaboration Critical Infrastructure Council for SLTTs DHS Schools/Education Sector NIST (Cybersecurity Framework) http://www.nist.gov/cyberframework/index.cfm
Get the most out of Public Sector Cyber Security Associations Private Sector Support & Collaboration Verizon Cyber Threat Report http://www.verizonenterprise.com/dbir/2015/ SANS http://alliance.cisecurity.org/opportunity/sanstraining.cfm WEBSENSE Cyber Report http://www.websense.com/content/websense-2015- threat-report.aspx
C 3 Voluntary Program Critical Infrastructure Cyber Community Hands-On Support for State, Local, Tribal, and Territorial (SLTT) Governments The Department of Homeland Security (DHS) and its partners provide multiple hands-on resources to help State, local, tribal, and territorial (SLTT) governments address their cybersecurity needs. o Cyber Resilience Review (CRR) o Cybersecurity Advisors (CSAs) and Protective Security Advisors (PSAs) o SLTT Cybersecurity Engagement Program o C3 Voluntary Program Partners
National Cybersecurity & Communications Integration Center (NCCIC)
Center for Internet Security CISOs and CIOs; security professionals from SLTT governments Fusion Centers Critical Infrastructure Sectors Law Enforcement Nonprofit Organizations Academia Who We Serve Large Global Enterprises; Small and Medium-sized businesses How We Do Business We cultivate a collaborative and trusted environment for information sharing. We focus on readiness and response. We facilitate partnerships between and among the public and private sectors. We ensure that timely, actionable information is collected, analyzed, and shared with partners.
Multi-State Information Sharing and Analysis Center (MS-ISAC) at the Center for Internet Security We Can Achieve Much More Collectively Than We Can Individually MS-ISAC is the key resource for cyber threat prevention, protection, response, and recovery for the nation s state, local, territorial and tribal (SLTT) governments, including all law enforcement agencies, fusion centers, and Homeland Security Advisors.
Members include: All 50 US states MS-ISAC All 78 DHS-recognized fusion centers More than 724 local governments 4 Territories 9 Tribal governments 7 x 24 x 365 Monitoring analysis of ~250 billion logs/month State, Local, Tribal, and Territorial cities, towns, airports, schools, police departments, ports, transit associations, & more
Nationwide Cyber Security Review What is the NCSR? The NCSR, or Nationwide Cyber Security Review, is a voluntary self-assessment survey designed to evaluate cyber security management within state, local, tribal and territorial governments. The Senate Appropriations Committee has requested an ongoing effort to chart nationwide progress in cybersecurity and identify emerging areas of concern. In response, the U.S. Department of Homeland Security (DHS) has partnered with the Center for Internet Security's Multi-State Information Sharing and Analysis Center (MS-ISAC), the National Association of State Chief Information Officers (NASCIO), and the National Association of Counties (NACo) to develop and conduct the second NCSR. Who can participate? All States (and all agencies within), Local government jurisdictions (and all departments within), Tribal and Territorial governments. When does the Survey take place? The survey will start October 1, to coincide with National Cyber Security Awareness Month, and must be completed by November 30, 2014 but will be offered again next year!
Malicious Code Analysis Platform Web based service Members to submit and analyze suspicious files in a controlled and non public fashion including: Executables DLLs Documents Quarantine files Archives (MCAP) Contact MCAP@cisecurity.org This platform is available to all members free of charge. Access can be obtained by sending an email to mcap@cisecurity.org
24x7 Security Operations Center Central location to report any cyber security incident 24x7 support for: Network Monitoring Services Research and Analysis 24x7 analysis and monitoring of: Threats Vulnerabilities Attacks 24x7 reporting: Cyber Alerts & Advisories Web Defacements Account Compromises Hacktivist Notifications Partner Reporting Spamhaus Notifications
Cyber Threat Information & Intelligence 24x7 Assistance Answers to technical questions Incident response and assistance (even just explaining what happened/what it means) Recommendations for mitigation, response, and remediation Trainings Statistics and Intelligence Joint Papers Pointers toward other resources Introductions to other people
Computer Emergency Response Team (CERT) Incident Response (includes on-site assistance) Malware Analysis Computer & Network Forensics Network & Web Application Vulnerability Assessments Log Analysis Netflow Monitoring/Albert Rapid Sensor Deployment Penetration Testing
Vulnerability Management Program any SLTT government, agency, or department may participate What You Get: Victim Notifications when that domain/ip is observed in a malicious context (e.g. data dumps, sending spam, etc.) Website Vulnerability Review that checks to ensure you have the most up to date software on your website What We Need: Domains IP ranges Contact info (name, email, phone number) Contact SOC@cisecurity.org
Products CIS Cyber Security Advisory: extremely short, extremely timely, emails containing technical information regarding system patching and similar system maintenance activity Purchasing Alliance Discounted purchasing buys Incident Notifications via phone or email, as appropriate domain & IP based National Webcasts 6 bi-monthly webcasts on national topics of interest End User Newsletters Monthly newsletter to rebrand and distribute CIS Cyber Alerts: extremely short, extremely timely, emails containing information on a specific cyber incident or threat Intel Papers: Intelligence-driven papers on TTPs, trends, patterns, and actors affecting SLTT governments October Toolkit: Items to promote cyber security awareness in your organization Threat Information: Information on malicious domains, IPs, and current threat events Training Webcasts: Monthly training & guest speakers for CPE credit
Soltra Edge Machine-to-Machine indicator transfer FS-ISAC Missouri State MS-ISAC Attacking IPs Contact Scott.Parish@cisecurity.org
Who do I call? Security Operations Center (SOC) SOC@cisecurity.org - 1-866-787-4722 31 Tech Valley Dr., East Greenbush, NY 12061-4134 www.cisecurity.org to join or get more information: https://msisac.cisecurity.org/members/index.cfm
Information Sharing & Analysis Centers (ISACs) Information Sharing & Analysis Organizations (ISAOs) ISACs created via PDD 61, May 22, 1998 to allow the private sector to come together, share information, perform analysis, and respond to incidents ISAOs created EO 13691, February 13, 2015 to gather, analyze, and disseminate critical infrastructure information Information Sharing and Analysis Centers Multi-State Electric Sector Public Transit Aviation ICS Communications Nuclear Sector Supply Chain Water Sector Maritime Oil and Gas Research and Education Emergency Management and Response Health Defense Industrial Base Downstream Natural Gas Real Estate Sector Surface Transportation Information Technology Automotive Financial Services
InfraGard Partnership between the FBI and the Private Sector Free membership Vetted members gain access to: TLP: GREEN and U//FOUO documents Briefings and meetings California Chapters: Los Angeles Sacramento San Diego San Francisco Bay Area
Mission: Electronic Crimes Task Force To increase the resources, skills and vision by which State, local, and federal law enforcement agencies team with prosecutors, private industry and academia to fully maximize what each has to offer in an effort to combat criminal activity California Chapters: Los Angeles San Francisco
Cyber Task Force Mission: In support of the national effort to counter threats posed by terrorist, nation-state, and criminal cyber actors, each CTF synchronizes domestic cyber threat investigations in the local community through information sharing, incident response, and joint enforcement and intelligence actions Provides: Enhanced understanding of threat Surge capability for cyber incidents Participation with national teams SME for instruction, presentations, research
Fusion Centers HI AK AL AZ AR CA CO CT DE FL GA ID IL IN IA KY LA ME MD MA MI MN MS MO MT NB NV NH NJ NM NY NC ND OH OK OR PA RI SC SD TN TX UT VT VA WA WV WI WY KS WV ID GU MP AS VI PR
California Fusion Centers Northern California Regional Intelligence Center (NCRIC) San Francisco Statewide Threat Assessment Center (STAC) Sacramento Central California Intelligence Center (CICC)/Sacramento Regional Threat Assessment Center (SACRTAC) Sacramento Joint Regional Intelligence Center (JRIC) Los Angeles Orange County Intelligence Assessment Center (OCIAC) Santa Ana San Diego Law Enforcement Coordination Center (SD-LECC) San Diego
CA Counties Info Sec Forum For CISOs/CSOs/Techies Meets every six months for a face to face Committees to: Build best practice white papers Develop Policy Boilerplates Discuss problems and solutions Build response teams Supported by vendors
Building a Collaboration Group Set a mission and goal: What do you want to achieve? Drives who to invite: - Public or private sector, or both? - Executives or techies, or both? - IT, forensics, law enforcement, intelligence, etc. Will inviting a particular group restrict information sharing? How are future members invited? Vetted? Get help from a professional event coordinator Tier Approach: Permanent Members Resource Members
Building a Collaboration Group Meetings: How often and via what channels? Can you sustain this level? Is there value? Distribution Lists: What level of information can be transmitted? How are people added? Do you need multiple distribution lists? Who Pays? Vendors are willing to support costs if they see market opportunities!
Get the most out of Public Sector Cyber Security Associations LINKS: http://msisac.cisecurity.org/ & Collaboration https://www.us-cert.gov/ccubedvp https://www.sfbay-infragard.org/ http://www.dhs.gov/national-network-fusion-centers-fact-sheet http://www.dhs.gov/critical-infrastructure-partnership-advisorycouncil http://www.dhs.gov/ http://alliance.cisecurity.org/opportunity/training.cfm http://www.nist.gov/cyberframework/index.cfm
Gary Coverdale Chief Information Security Officer County of Napa, CA Gary.Coverdale@countyofnapa.org Stacey A. Wright Intel Manager MS-ISAC Stacey.Wright@cisecurity.org