Working with the FBI



Similar documents
Keynote: FBI Wednesday, February 4 noon 1:10 p.m.

INFRAGARD.ORG. Portland FBI. Unclassified 1

U. S. Attorney Office Northern District of Texas March 2013

Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015

The FBI Cyber Program. Bauer Advising Symposium //UNCLASSIFIED

STATEMENT OF JOSEPH M. DEMAREST, JR. ASSISTANT DIRECTOR CYBER DIVISION FEDERAL BUREAU OF INVESTIGATION

An Overview of Large US Military Cybersecurity Organizations

Into the cybersecurity breach

By: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015

CYBERSECURITY BEST PRACTICES FOR SMALL AND MEDIUM PENNSYLVANIA UTILITIES

JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015

Actions and Recommendations (A/R) Summary

Report on CAP Cybersecurity November 5, 2015

Lessons from Defending Cyberspace

State Agency Cyber Security Survey v October State Agency Cybersecurity Survey v 3.4

Federal Bureau of Investigation

THE 411 ON CYBERSECURITY, INFORMATION SHARING AND PRIVACY

Who s Doing the Hacking?

CYBER SECURITY INFORMATION SHARING & COLLABORATION

Guideline on Auditing and Log Management

Defensible Strategy To. Cyber Incident Response

Logging In: Auditing Cybersecurity in an Unsecure World

FBI CHALLENGES IN A CYBER-BASED WORLD

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.

Cyber Threat Intelligence and Incident Coordination Center (C 3 ) Protecting the Healthcare Industry from Cyber Attacks

The Protection Mission a constant endeavor

Defending Against Data Beaches: Internal Controls for Cybersecurity

Anatomy of a Breach: A case study in how to protect your organization. Presented By Greg Sparrow

THE NEW REALITY OF RISK CYBER RISK: TRENDS AND SOLUTIONS

FBI AND CYBER SECURITY

FIA Webinar Cybersecurity Threats: Preparation & Response June 29, 2015

Threat Intelligence: An Essential Component of Cyber Incident Response. Jeanie M Larson, CISSP-ISSMP, CISM, CRISC

Advanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA

Cyber Warfare. Global Economic Crime Survey. Causes of Cyber Attacks. David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP. Why Cybercrime?

Microsoft s cybersecurity commitment

I N T E L L I G E N C E A S S E S S M E N T

Data Security Incident Response Plan. [Insert Organization Name]

Standard: Information Security Incident Management

Middle Class Economics: Cybersecurity Updated August 7, 2015

Get the most out of Public Sector Cyber Security Associations & Collaboration

Sharing Cybersecurity Threat Info With the Government -- Should You Be Afraid To Do So?

GAO. INFORMATION SECURITY Persistent Weaknesses Highlight Need for Further Improvement

Targeted Intrusion Remediation: Lessons From The Front Lines. Jim Aldridge

Information Security Risk Assessment Checklist. A High-Level Tool to Assist USG Institutions with Risk Analysis

Testimony of Matthew Rhoades Director Cyberspace & Security Program Truman National Security Project & Center for National Policy

Cybersecurity: What CFO s Need to Know

Cybersecurity y Managing g the Risks

Information Technology Policy

Cyber Incident Response

Cyber-Security Risk- IP Theft and Data Breaches Protecting your Crown Jewels Internally and with Your Key Third Parties

Cybersecurity Framework Security Policy Mapping Table

CYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS

Security and Privacy

NIST Cybersecurity Framework Impacting Your Company? April 24, 2014 Presented By Sheila FitzPatrick, NetApp Jeff Greene, Symantec Andy Serwin, MoFo

WRITTEN TESTIMONY OF

Establishing a State Cyber Crimes Unit White Paper

Cyber4sight TM Threat. Anticipatory and Actionable Intelligence to Fight Advanced Cyber Threats

TASK TDSP Web Portal Project Cyber Security Standards Best Practices

Privacy Rights Clearing House

INCIDENT RESPONSE CHECKLIST

U.S. Cyber Security Readiness

THE WHITE HOUSE. Office of the Press Secretary. For Immediate Release February 12, February 12, 2013

Cybersecurity: Protecting Your Business. March 11, 2015

Host Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1

New York State Energy Planning Board. Cyber Security and the Energy Infrastructure

CYBER SECURITY GUIDANCE

SCAC Annual Conference. Cybersecurity Demystified

Threats to Local Governments and What You Can Do to Mitigate the Risks

Threat Management: Incident Handling. Incident Response Plan

Introduction. Jason Lawrence, MSISA, CISSP, CISA Manager, EY Advanced Security Center Atlanta, Georgia

AUGUST 28, 2013 INFORMATION TECHNOLOGY INCIDENT RESPONSE PLAN Siskiyou Boulevard Ashland OR 97520

Critical Security Controls

September 20, 2013 Senior IT Examiner Gene Lilienthal

The Business Case for Security Information Management

Cybersecurity and internal audit. August 15, 2014

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

Everything You Wanted to Know about DISA STIGs but were Afraid to Ask

Cyber Incident Annex. Cooperating Agencies: Coordinating Agencies:

SolarWinds Federal Cybersecurity Survey Summary Report

I ve been breached! Now what?

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management

Agenda. Introduction to SCADA. Importance of SCADA security. Recommended steps

Transcription:

Working with the FBI WMACCA Data Privacy & Security Conference September 17, 2014

Individuals Organized Crime Syndicates Hacktivist Groups Nation States Nation-States Individuals Industry Law Enforcement & Government Infrastructure

National Cybersecurity Framework DHS (Protection, Prevention, Mitigation, & Recovery) Coordinate the national protection, prevention, mitigation of, and recovery from cyber events Disseminate domestic cyber threat and vulnerability analysis Protect critical infrastructure Secure federal civilian systems Investigative cyber crimes under DHS jurisdiction FOREIGN DOMESTIC DOJ/FBI (Detection Investigation, Attribution, & Disruption) DOD/NSA (Defense, Prevention, & Overseas Intelligence) Investigate, attribute, disrupt, and prosecute cyber crimes Lead domestic national security operations Conduct domestic collection, analysis, and dissemination of cyber threat intelligence Support the national protection, prevention, mitigation of, and recovery from cyber incidents Coordinate cyber threat investigations

FBI Cyber Mission To proactively protect the United States against: Terrorist attack Foreign intelligence operations and espionage Cyber-based attacks & high technology crimes As the only United States agency with the authority to investigate both criminal and national security computer intrusions, the FBI is following a number of emerging cyber threats.

FBI Cyber Incident Response Teams Network Traffic Analysis Capabilities/Skill Sets Analysis of network traffic (netflow and pcap) Router configuration files and other network related log files Host-Based Forensics Malware Legal Collect forensic host images and live memory capture Analyze images for indicators of compromise Analyze samples of malicious code Process legal documentation (consent/trespasser) Intelligence Research evidence in FBI/USIC databases and disseminate to partners

FBI Objectives in Responding to Cyber Incident Investigate and prosecute Cyber crimes Work with victim to Continue operations System owner retains control of systems System owner (not Special Agent) produces logs, memory images, etc. No crime scene tape around your networks Protect data Not advance team for regulators or plaintiffs lawyers Maintain confidentiality of PII and other protected data Maintain confidentiality of incident Assist in mitigation and recovery Provide signatures, TTPs Provide classified information as needed

Victim Systems Owner Preparation Ensure availability of : -CISO, CSO, Legal, Senior System Administrator, Network Architect, Lead Developer Legal Banner/Computer Use Agreement Network Topography Maps Internal/External IP Address and Host List List of Network Devices (switches, routers) Incident Logs (security, host, IDS, web, database) Archived Network Traffic Forensic Images of Compromised Hosts Physical Access Logs (video, key cards)

Lessons Learned From Prior Incidents - Technical No accurate map of the network No accurate list of authorized devices on the network Insufficient logs Not logging the right activity Not maintaining logs for sufficient period of time Personnel not trained to retrieve or analyze logs Insufficient backups Inability to restore operations Proprietary software - Not secure/not patched

Lessons Learned From Prior Incidents - Legal No prior consideration of key legal issues Privacy issues data sharing Operations in foreign jurisdictions Local/state regulations re: breach notification Engaging experienced outside counsel Third party agreements Third party liabilities Insurance policies Corporate policy preventative measures

Working with Law Enforcement Are you engaged with your local FBI or Secret Service Field Office? Consent to search/monitor? How much can you share? Maintaining privilege Preservation of evidence

iguardian The FBI s Guardian platform was developed for real-time intake and management of criminal and national security cyber threat reporting iguardian: The platform for trusted industry partners For access, e-mail the following information to Unit Chief Timothy S. Marsh at timothy.marsh@ic.fbi.gov and Paul E. Konschak at paul.konschak@ic.fbi.gov : 1) First / Last name 2) Specify if current InfraGard member 3) E-mail address 4) Telephone number 5) Company name 6) Company address 7) Title / position

eguardian eguardian: The platform for law enforcement officials Access Law enforcement officials without a Law Enforcement Enterprise Portal (LEEP) account: Apply for a LEEP account at www.cjis.gov Choose the No option for are you a sponsored applicant? After submitting LEEP application, send an e-mail to SSA Brian D. Abellera at brian.abellera@ic.fbi.gov, Kelvin Blue at kelvin.blue@ic.fbi.gov, and Jasan Dahlgren at jasan.dahlgren@ic.fbi.gov with the following information: 1) First / Last name 2) E-mail address 3) Telephone number 4) Address» NOTE: If you already have a LEEP account, follow the e-mail instructions above and include your LEEP username in the e-mail

Conclusion Questions?

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information