An Overview of Large US Military Cybersecurity Organizations



Similar documents
Middle Class Economics: Cybersecurity Updated August 7, 2015

INFRAGARD.ORG. Portland FBI. Unclassified 1

Working with the FBI

Confrontation or Collaboration?

The Comprehensive National Cybersecurity Initiative

Why Cybersecurity Matters in Government Contracting. Robert Nichols, Covington & Burling LLP

NICE and Framework Overview

Introduction to NICE Cybersecurity Workforce Framework

Department of Defense DIRECTIVE

National Initiative for Cyber Security Education

Keynote: FBI Wednesday, February 4 noon 1:10 p.m.

JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015

Preventing and Defending Against Cyber Attacks November 2010

No. 33 February 19, The President

2 Gabi Siboni, 1 Senior Research Fellow and Director,

THE WHITE HOUSE. Office of the Press Secretary. For Immediate Release February 12, February 12, 2013

BlacKnight. Cyber Security international A BUSINESS / MARKETING PRESENTATION

Actions and Recommendations (A/R) Summary

Preventing and Defending Against Cyber Attacks June 2011

[This page intentionally left blank]

CYBER SECURITY GUIDANCE

Myths and Facts about the Cyber Intelligence Sharing and Protection Act (CISPA)

U.S. Cyber Security Readiness

Integrating Cybersecurity with Emergency Operations Plans (EOPs) for Institutions of Higher Education (IHEs)

STATEMENT OF MR. THOMAS ATKIN ACTING ASSISTANT SECRETARY OF DEFENSE FOR HOMELAND DEFENSE AND GLOBAL SECURITY OFFICE OF THE SECRETARY OF DEFENSE;

NICE Cybersecurity Workforce Framework Tutorial

How To Make A National Security Agreement Between Dhs And Dod

Cyber Incident Annex. Cooperating Agencies: Coordinating Agencies:

Cyber Incident Annex. Federal Coordinating Agencies. Coordinating Agencies. ITS-Information Technology Systems

National Security & Homeland Security Councils Review of National Cyber Security Policy. Submission of the Business Software Alliance March 19, 2009

Integrating Cybersecurity with Emergency Operations Plans (EOPs) for K-12 Education

Update on U.S. Critical Infrastructure and Cybersecurity Initiatives

Germany: Report on Developments in the Field of Information and Telecommunications in the Context of International Security (RES 69/28),

UNCLASSIFIED. UNCLASSIFIED Office of Secretary Of Defense Page 1 of 9 R-1 Line #139

DHS. CMSI Webinar Series

DEFENSE INFORMATION SYSTEMS AGENCY STRATEGIC PLAN UNITED IN SERVICE TO OUR NATION

Written Testimony. Dr. Andy Ozment. Assistant Secretary for Cybersecurity and Communications. U.S. Department of Homeland Security.

DEPARTMENT OF DEFENSE STRATEGY FOR OPERATING IN CYBERSPACE

Comparison of Information Sharing, Monitoring and Countermeasures Provisions in the Cybersecurity Bills

Legislative Language

Hearing before the House Permanent Select Committee on Intelligence. Homeland Security and Intelligence: Next Steps in Evolving the Mission

Department of Defense INSTRUCTION

v. 03/03/2015 Page ii

CYBERBOK Cyber Crime Security Essential Body of Knowledge: A Competency and Functional Framework for Cyber Crime Management

NATIONAL CYBERSECURITY STRATEGIES: AUSTRALIA AND CANADA

Testimony of. Before the United States House of Representatives Committee on Oversight and Government Reform And the Committee on Homeland Security

SECTION-BY-SECTION. Section 1. Short Title. The short title of the bill is the Cybersecurity Act of 2012.

TITLE III INFORMATION SECURITY

Report on CAP Cybersecurity November 5, 2015

U.S. Department of Justice FY 2016 Budget Request NATIONAL SECURITY. +$106.8 Million in Program Increases. FY 2016 Overview

ITU National Cybersecurity/CIIP Self-Assessment Toolkit. Background Information for National Pilot Tests

April 8, Ms. Diane Honeycutt National Institute of Standards and Technology 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899

Cybersecurity and Corporate America: Finding Opportunities in the New Executive Order

Capabilities for Cybersecurity Resilience

How To Protect Your Data From Being Hacked

NGA Paper. Act and Adjust: A Call to Action for Governors. for cybersecurity;

(U) Appendix D: Evaluation of the Comprehensive National Cybersecurity Initiative

Public Law th Congress An Act

Big Data Platform (BDP) and Cyber Situational Awareness Analytic Capabilities (CSAAC)

PREPUBLICATION COPY. More Intelligent, More Effective Cybersecurity Protection

CYBER SECURITY INFORMATION SHARING & COLLABORATION

FFIEC Cybersecurity Assessment Tool Overview for Chief Executive Officers and Boards of Directors

State Agency Cyber Security Survey v October State Agency Cybersecurity Survey v 3.4

National Information Assurance and Cyber Security Strategy (NIACSS) Jordan s Approach to National CS&IA

DoD Strategy for Defending Networks, Systems, and Data

(U) Appendix E: Case for Developing an International Cybersecurity Policy Framework

JOB ANNOUNCEMENT. Chief Security Officer, Cheniere Energy, Inc.

The Senior Executive s Role in Cybersecurity. By: Andrew Serwin and Ron Plesco.

2015 Michigan NASCIO Award Nomination. Cyber Security Initiatives: Michigan Cyber Disruption Response Strategy

GAO DEFENSE DEPARTMENT CYBER EFFORTS. More Detailed Guidance Needed to Ensure Military Services Develop Appropriate Cyberspace Capabilities

Legislative Language

CyberSecurity Solutions. Delivering

By: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015

C ETS C/ETS: CYBER INTELLIGENCE + ENTERPRISE SOLUTIONS CSCSS / ENTERPRISE TECHNOLOGY + SECURITY

Business Continuity for Cyber Threat

Portal Storm: A Cyber/Business Continuity Exercise. Cyber Security Initiatives

Cybersecurity Definitions and Academic Landscape

Testimony of. Doug Johnson. New York Bankers Association. New York State Senate Joint Public Hearing:

A Community Position paper on. Law of CyberWar. Paul Shaw. 12 October Author note

DIVISION N CYBERSECURITY ACT OF 2015

Cybersecurity Audit Why are we still Vulnerable? November 30, 2015

Above My Pay Grade: Incident Response at the National Level

Lessons from Defending Cyberspace

National Prevention Framework. National Prevention Framework

Threats to Local Governments and What You Can Do to Mitigate the Risks

Sharing Cybersecurity Threat Info With the Government -- Should You Be Afraid To Do So?

Transcription:

An Overview of Large US Military Cybersecurity Organizations Colonel Bruce D. Caulkins, Ph.D. Chief, Cyber Strategy, Plans, Policy, and Exercises Division United States Pacific Command

2 Agenda United States Cyber Strategy US Federal Cybersecurity Operations Team DOD Cyber Strategy JP 3-12 (R) Example: DODIN Operations Cyber Framework Conclusions

United States Cyber Strategy U.S. International Strategy for Cyberspace: combine Diplomacy, Defense & Development to enhance prosperity, security & openness Dissuading and Deterring Strengthening Partnerships Building Prosperity and Security Our strategic approach is always grounded by our unshakable commitments to fundamental freedoms of expression, privacy, and the free flow of information U.S. Joint Cyberspace Doctrine is Emerging and Evolving 3 UNCLASSIFIED

AGREED March 5, 2013 Global Cyberspace US Government Departments and Agencies UNCLASSIFIED U.S. Federal Cybersecurity Operations Team DOJ/FBI Investigate, attribute, disrupt and prosecute cyber crimes Lead domestic national security operations Conduct domestic collection, analysis, and dissemination of cyber threat intelligence Support the national protection, prevention, mitigation of, and recovery from cyber incidents Coordinate cyber threat investigations National Roles and Responsibilities * DOJ/FBI LEAD FOR Investigation and Enforcement FBI, NSD, CRM, USAO DHS Coordinate the national protection, prevention, mitigation of, and recovery from cyber incidents Disseminate domestic cyber threat and vulnerability analysis Protect critical infrastructure Secure federal civilian systems Investigate cyber crimes under DHS s jurisdiction DHS LEAD FOR Protection NPPD, USSS, ICE DoD Defend the nation from attack Gather foreign cyber threat intelligence and determine attribution Secure national security and military systems Support the national protection, prevention, mitigation of, and recovery from cyber incidents Investigate cyber crimes under military jurisdiction DoD LEAD FOR National Defense USCYBERCOM, NSA, DISA, DC3 Coordinate with Public, Private, and International * Note: Nothing in this chart alters existing DOJ, DHS, and DoD roles, responsibilities, or authorities Partners UNCLASSIFIED

Department of Defense Cyber Strategy (2015) Build and maintain ready forces and capabilities to conduct cyberspace operations; Defend the DoD information network, secure DoD data, and mitigate risks to DoD missions; Be prepared to defend the U.S. homeland and U.S. vital interests from disruptive or destructive cyberattacks of significant consequence; Build and maintain viable cyber options and plan to use those options to control conflict escalation and to shape the conflict environment at all stages; Build and maintain robust international alliances and partnerships to deter shared threats and increase international security and stability.

JP 3-12 (R) Example: DODIN Operations DOD Information Network operations are actions taken: To design, build, configure, secure, operate, maintain, and sustain DOD communications systems and networks in a way that creates and preserves data availability, integrity, confidentiality, as well as user/entity authentication and non-repudiation

USPACOM Cyberspace Security Capabilities Framework Provides foundation for assisting cyberspace maturity of allied and partner nations Facilitates collective cyber defense in the Pacific region Offers stable, flexible catalog of security controls to meet information protection needs Incorporates internationally-recognized best practices based on National Institute of Standards and Technology (NIST) 800-53 and International Organization for Standardization (ISO) 27001 security controls Aligns with operational structure of defense establishments using the DOTMLPF-P construct to categorize security controls 7

Methodology Examples Self-Assessment DOTMLPF-P

Maturity Level Maturity Level Scoring Mapped to DOTMLPF-P 5.0 4.5 Country X Cybersecurity Maturity Level (DOTMLPF-P) 4.0 3.5 3.0 2.5 2.0 1.5 1.0 0.5 0.0 Sample Assessment: Maturity Level by DOTMLPF-P Group After scoring maturity levels within 17 security control categories, we can evaluate the organization s cyberspace security maturity based on DOTMLPF-P

DOTMLPF-P Example Doctrine Organizations Training Materiel Leadership & Education Personnel Facilities Policy Are there organization(s) with the mission and appropriate authorities to implement and monitor the execution of cyberspace defensive measures? (Cyber Workforce Requirements)

DOTMLPF-P Example Doctrine Organizations Training Materiel Leadership & Education Personnel Facilities Policy Does the defense establishment conduct recurring (annual) training for all network users on basic network security principles and awareness?

DOD 8570

DOTMLPF-P Example Doctrine Organizations Training Materiel Leadership & Education Personnel Facilities Policy Does the defense establishment have leader education modules stressing the importance of security in cyberspace?

DOTMLPF-P Example Doctrine Organizations Training Materiel Leadership & Education Personnel Facilities Policy Does the organization promote cyber awareness and cooperation at the national level about the need for national action, international cooperation, and a whole-of-government approach to cyber?

Conclusions Robust cyber strategy from US Government and DOD Key components for any organization Cyber framework construct will enable U.S. and allies and partners in the USPACOM area to bolster our collective cyberspace defenses Ultimately, we need to continue to promote international norms and standards in cyberspace security concepts while promoting a whole-of-government approach

Questions?

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information