US-CERT Year in Review. United States Computer Emergency Readiness Team



Similar documents
Preventing and Defending Against Cyber Attacks November 2010

Network Security Deployment (NSD)

Preventing and Defending Against Cyber Attacks October 2011

Request for Records Disposition Authority

National Cybersecurity & Communications Integration Center (NCCIC)

Preventing and Defending Against Cyber Attacks June 2011

Network Security Deployment Obligation and Expenditure Report

The Comprehensive National Cybersecurity Initiative

National Cybersecurity Protection System (NCPS)

Cyber Side-Effects: How Secure is the Personal Information Entered into the Flawed Healthcare.gov? Statement for the Record

THE 411 ON CYBERSECURITY, INFORMATION SHARING AND PRIVACY

Department of Homeland Security Federal Government Offerings, Products, and Services

DHS Cyber Security & Resilience Resources: Cyber Preparedness, Risk Mitigation, & Incident Response

Legislative Language

Microsoft s cybersecurity commitment

The Importance of Cybersecurity Monitoring for Utilities

ICS-CERT Year in Review. Industrial Control Systems Cyber Emergency Response Team. National Cybersecurity and Communications Integration Center

Written Testimony. Dr. Andy Ozment. Assistant Secretary for Cybersecurity and Communications. U.S. Department of Homeland Security.

Department of Homeland Security

CYBERSECURITY BEST PRACTICES FOR SMALL AND MEDIUM PENNSYLVANIA UTILITIES

Integrating Cybersecurity with Emergency Operations Plans (EOPs) for Institutions of Higher Education (IHEs)

Resources and Capabilities Guide

Symantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team

Applying machine learning techniques to achieve resilient, accurate, high-speed malware detection

What s Inside. ICS-CERT Year in Review Welcome 1. ICS-CERT Introduction 2. ICS-CERT 2014 Highlights 3. ICS-CERT Watch Floor Operations 4

INFRAGARD.ORG. Portland FBI. Unclassified 1

ICS-CERT Incident Response Summary Report

North American Electric Reliability Corporation (NERC) Cyber Security Standard

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.

Computer Network Security & Privacy Protection

Cyber Threat Intelligence and Incident Coordination Center (C 3 ) Protecting the Healthcare Industry from Cyber Attacks

Cyber Information-Sharing Models: An Overview

DHS, National Cyber Security Division Overview

STATEMENT OF RANDY S. MISKANIC VICE PRESIDENT, SECURE DIGITAL SOLUTIONS U.S. POSTAL SERVICE BEFORE THE SUBCOMMITTEE ON FEDERAL WORKFORCE, U.

How we see malware introduced Phishing Targeted Phishing Water hole Download (software (+ free ), music, films, serialz)

Integrating Cybersecurity with Emergency Operations Plans (EOPs) for K-12 Education

FROM INBOX TO ACTION AND THREAT INTELLIGENCE:

Department of Homeland Security

Testimony of. Mr. Anish Bhimani. On behalf of the. Financial Services Information Sharing and Analysis Center (FS-ISAC) before the

Statement for the Record. Dr. Andy Ozment Assistant Secretary, Cybersecurity and Communications U.S. Department of Homeland Security

Actions and Recommendations (A/R) Summary

7 Homeland. ty Grant Program HOMELAND SECURITY GRANT PROGRAM. Fiscal Year 2008

Attachment A. Identification of Risks/Cybersecurity Governance

The U.S. Department of Homeland Security s Response to Senator Franken s July 1, 2015 letter

2. OVERVIEW OF THE PRIVATE INFRASTRUCTURE

EINSTEIN 3 - Accelerated (E 3 A)

NASCIO 2015 State IT Recognition Awards

How To Protect Your Network From Attack From A Network Security Threat

Ecom Infotech. Page 1 of 6

CYBER SECURITY GUIDANCE

CYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS

Cloud and Critical Infrastructures how Cloud services are factored in from a risk perspective

Cyber/IT Risk: Threat Intelligence Countering Advanced Adversaries Jeff Lunglhofer, Principal, Booz Allen. 14th Annual Risk Management Convention

Obtaining Enterprise Cybersituational

Middle Class Economics: Cybersecurity Updated August 7, 2015

AANVAL INDUSTRY FOCUS SOLUTIONS BRIEF. Aanval for Financial Services

SPSP Phase III Recruiting, Selecting, and Developing Secure Power Systems Professionals: Job Profiles

CYBERSECURITY BEST PRACTICES FOR SMALL AND MEDIUM PENNSYLVANIA UTILITIES. second edition

Data Driven Assessment of Cyber Risk:

Initiative Three Exercise

Statement for the Record of

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst

Effective Threat Management. Building a complete lifecycle to manage enterprise threats.

Enterprise Security Platform for Government

aecert Roadmap Eng. Mohammed Gheyath Director, Technical Affairs TRA

SCOPE. September 25, 2014, 0930 EDT

Security Controls Implementation Plan

Effective Information Sharing and Analysis Process

Cyber4sight TM Threat. Anticipatory and Actionable Intelligence to Fight Advanced Cyber Threats

Machine-to-Machine Exchange of Cyber Threat Information: a Key to Mature Cyber Defense

Statement of. Mike Sena. President, National Fusion Center Association. Director, Northern California Regional Intelligence Center (NCRIC)

Commonwealth IT Threat Management: Keeping Out the Cyber Villains Category: Cyber Security Initiatives. Initiation date: January 2012

Defending against modern threats Kruger National Park ICCWS 2015

[This page intentionally left blank]

Priority III: A National Cyberspace Security Awareness and Training Program

The Aviation Information Sharing and Analysis Center (A-ISAC)

Find the needle in the security haystack

Big Data Platform (BDP) and Cyber Situational Awareness Analytic Capabilities (CSAAC)

A COMPLETE APPROACH TO SECURITY

A Funny Thing Happened On The Way To OASIS: From Specifications to Standards

(U) Appendix D: Evaluation of the Comprehensive National Cybersecurity Initiative

C ETS C/ETS: CYBER INTELLIGENCE + ENTERPRISE SOLUTIONS CSCSS / ENTERPRISE TECHNOLOGY + SECURITY

JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015

How To Manage Security On A Networked Computer System

How To Audit The Mint'S Information Technology

Advanced Threat Protection with Dell SecureWorks Security Services

DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER

Cyber Security Metrics Dashboards & Analytics

Manned Information Security

National Cybersecurity Assessment and Technical Services: Capability Brief. Presented by: Sean McAfee Updated: May 5, 2014

OCIE CYBERSECURITY INITIATIVE

I N T E L L I G E N C E A S S E S S M E N T

Working with the FBI

Sourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data

Incident Response. Proactive Incident Management. Sean Curran Director

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

Overcoming Five Critical Cybersecurity Gaps

GETTING REAL ABOUT SECURITY MANAGEMENT AND "BIG DATA"

Transcription:

US-CERT Year in Review United States Computer Emergency Readiness Team CY 2012

US-CERT Year in Review United States Computer Emergency Readiness Team CY 2012 What s Inside Welcome 1 Vison, Mission, Goals 1 US-CERT 2012 Accomplishments 2 US-CERT Provides Assistance to a Partner 3 US-CERT Organization 5 Critical Mission Activities, Key Initiatives, and Programs 6 US-CERT Contact Information 9

Welcome The United States Computer Emergency Response Team (US-CERT) is a 24x7 operational entity focused on collecting and analyzing data and disseminating the information to federal agencies, state and local partners, domestic and international organizations.the US-CERT mission, vision, and goals are as follows: US-CERT Mission: Improve the nation s cybersecurity posture, coordinate cyber information sharing, and proactively manage cyber risks to the nation while protecting the constitutional rights of Americans. US-CERT Vision: Be a trusted global leader in cybersecurity - collaborative, agile, and responsive in a complex environment. US-CERT Goals: In the upcoming year US-CERT will: Improve onsite and remote assistance capabilities to provide rapid and comprehensive operational support to our public and private partners; Partner with physical first responders to integrate physical and cyber information sharing and response processes; and Increase outreach to public, private, and international partners. US-CERT Year In Review - CY 2012 1

US-CERT 2012 Accomplishments Transitioned to a key role as a fully integrated element of the National Cybersecurity and Communications Integration Center (NCCIC) providing critical information and analysis feeds needed to perform their mission; Provided key support to public and private sector partners to respond to and mitigate current cyber intrusions and cyber risks; Developed the Advanced Malware Analysis Center (AMAC) to analyze malware threat data; Improved our International outreach and coordination to share cyber intrusion, detection, analysis, and mitigation strategies with our international partners; and Improved and expanded our outreach to our domestic public and private sector partners to share indicators and coordinate responses to domestic cyber events. 2 US-CERT Year In Review - CY 2012

US-CERT Provides Assistance to a Partner To enhance the Nation s cybersecurity posture, US-CERT actively partners with public and private sector entities. These partners include, but are not limited to, private sector critical infrastructure owners and operators, academia, federal agencies, Information Sharing and Analysis Centers (ISAC), state and local partners, and domestic and international organizations. Case Study In 2012, a partner asked US-CERT to provide technical assistance related to an intrusion event. US-CERT provided an on-site team to review the technical data in order to develop mitigation strategies and recommendations to prevent future events of similar nature. During the course of the review, US-CERT determined that the partner did not realize the full extent of the intrusion. Due to the partner s reliance on standard intrusion detection and analysis procedures focused on single machines and servers, they were unaware that a nation state was conducting a series of large scale intrusions. Originally, they believed they were experiencing concurrent large scale intrusions from multiple single actors. US-CERT identified the full scope of the intrusion activity and provided a detailed, in-depth analysis document that focused on mitigation strategies with four specific controls the partner could use to deal more effectively with the intrusion. The partner accepted US-CERT s recommendations and implemented the strategies to reduce their risk and exposure to the cyber vulnerabilities in question. Using these controls, the partner was able to reduce the time between initial intrusion detection and initial response from 30 days to 45 minutes. Additionally, the partner made significant progress determining the difference between single and multiple intrusion events and those that were conducted by non-state and state actors. US-CERT Year In Review - CY 2012 3

4 US-CERT Year In Review - CY 2012

US-CERT Organization US-CERT is the National Cybersecurity and Communications Integration Center s (NCCIC) 24 hour operational cyber arm. US-CERT provides NCCIC with critical information and analysis feeds needed to perform their mission. Along with the National Coordinating Center (NCC) and the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), US-CERT is a key component for the NCCIC. US-CERT Year In Review - CY 2012 5

Critical Mission Activities, Key Initiatives, and Programs US-CERT s critical mission activities include applying our analytic expertise to identify, correlate and, where possible, predict the behaviors and tactics of our adversaries. US-CERT also develops machine readable indicators and actionable mitigation approaches to promote collaborative response activities within our stakeholder communities. US-CERT s capabilities inform and enable US-CERT to provide critical onsite deployments when our partners request them in order to assist those partners with incident response activities. US-CERT provides a unique vantage point at the intersection of civilian Federal government, law enforcement, the intelligence community, International partners, State and Local government and the private sector to detect, prevent and develop mitigation strategies against national-level cyber threats. Additionally, US-CERT has received increasing numbers of cyber incident reports during the past three years. In response to many of these incidents, US-CERT s key initiatives over the past year have included the development and implementation of the Advanced Malware Analysis Center (AMAC). The AMAC enables US-CERT to analyze data related to malware threats targeted against the United States government s network space.the AMAC provides a segregated, closed, computer network system that is used to analyze computer network vulnerabilities and threats. US-CERT receives malicious code, submitted by AMAC, and analyzes the code or images to discover how to secure or defend computer systems against the threat. US-CERT publishes corrective action information in vulnerability and malware reports, as well as, alerts for use by partners. 6 US-CERT Year In Review - CY 2012

Other key initiatives include: US-CERT s International Outreach Program to share information with the National Cyber Response Centers of our foreign partners in a proactive and timely fashion; and, working groups such as the Joint Agency Cyber Knowledge Exchange (JACKE) and the Government Forum of Incident Response and Security Teams (GFIRST) to facilitate collaboration for detecting and mitigating threats to the.gov domain. Through the use of such working groups, US-CERT encourages proactive and preventative security practices and conference presentations. US-CERT personnel regularly speak and present technical papers at FloCon, Blackhat, GFIRST, the MS-ISAC Annual Meeting, Federal Networks Conference, and the Symantec Government Symposium. US-CERT also shares detection, analysis, and mitigation information for our partners in key information sharing products such as Joint Indicator Bulletins (JIB), Early Warning and Indicators Notices (EWIN), Malware Initial Findings Reports (MIFR), and Malware Analysis Reports (MAR). US-CERT published increasing numbers of technical cyber reports during the past three years. US-CERT Year In Review - CY 2012 7

US-CERT is responsible for the National Cybersecurity Protection System s Einstein program, which provides an automated process for collecting, correlating, analyzing, and sharing computer security information across the Federal Government to improve the nation s cyber situational awareness. EINSTEIN 1 uses an automated process to collect network flow information from voluntary participating federal executive agencies. Using this information, US-CERT can detect cyber threats and vulnerabilities and coordinate with the appropriate federal executive agencies to mitigate them. US-CERT shares this analysis, along with additional computer network security information, as appropriate, with both the public and private sectors, via the US-CERT web site at www.us-cert.gov. EINSTEIN 2 augments, rather than replacing or reducing the current computer network security practices of participating federal executive agencies. It passively observes network traffic to and from participating federal executive agency networks and adds an intrusion detection system (IDS) capability that alerts when a pre-defined specific cyber threat is detected. US-CERT is then able to analyze cyber threat activity occurring across the federal Information Technology (IT) infrastructure. This results in improved computer network security situational awareness through the sharing of the information with individual federal executive agencies in an effort to reduce and prevent computer network vulnerabilities. EINSTEIN 2 s network intrusion detection technology custom signatures, based upon known or suspected cyber threats, are derived from numerous sources such as: commercial or public computer security information; incidents reported to US-CERT; information from federal partners; or, independent analysis by US-CERT analysts. US-CERT also manages the National Cyber Awareness System s (NCAS) National Vulnerability Database (NVD). The NVD is the U.S. Government s repository of standardsbased vulnerability management data. This data enables automation of vulnerability management, security measurement, and compliance. US-CERT participates in the Protected Critical Infrastructure Information (PCII) program which enables private sector partners to voluntarily provide their privately held cyber data to create time sensitive indicator information about current anomalous and/or malicious cyber activity from across private partner networks. US-CERT provides anonymized data to mission partners that can be used to implement effective Computer Network Defense (CND) measures in response to the identified indicators. 8 US-CERT Year In Review - CY 2012

US-CERT Contact Information US-CERT assistance is readily available for all partners 24 hours a day. US-CERT encourages all public and private sector partners to report suspicious cyber activity as soon as possible by using the US-CERT contact information below. To contact US-CERT: info@us-cert.gov (888) 282-0870 www.us-cert.gov To report a cyber incident to US-CERT online: https://forms.us-cert.gov/report/ For PCII Data Submissions to US-CERT: www.dhs.gov/pcii

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information