Government of Canada Cyber Security Event Management Plan (formerly GC IT Incident Management Plan)



Similar documents
FEDERAL EMERGENCY RESPONSE PLAN

Action Plan for Canada s Cyber Security Strategy

Digital government toolkit

Audit of Business Continuity Audit of Business Planning Continuity Planning

NATIONAL CYBERSECURITY STRATEGIES: AUSTRALIA AND CANADA

Course 4202: Fraud Awareness and Cyber Security Workshop (3 days)

MEMORANDUM. Date: October 28, Federally Regulated Financial Institutions. Subject: Cyber Security Self-Assessment Guidance

Specific recommendations

Information Technology Control Framework in the Federal Government Considerations for an Audit Strategy

Enterprise Planning and Governance Government of Canada

Overview TECHIS Carry out risk assessment and management activities

Anatomy of a Breach: A case study in how to protect your organization. Presented By Greg Sparrow

Technology and Cyber Resilience Benchmarking Report December 2013

CYBER AND IT SECURITY: CLOUD SECURITY FINAL SESSION. Architecture Framework Advisory Committee November 4, 2014

Chief Review Services REVIEW OF DND/CF INFORMATION SECURITY. October (CRS) Canada

Federal Emergency Preparedness and Response System

Government of Canada Transformation of Pay Administration Initiative. Presentation to Financial Management Institute

$1 Items included in these Supplementary Estimates

NSERC SSHRC AUDIT OF IT SECURITY Corporate Internal Audit Division

PRIVY COUNCIL OFFICE. Audit of Information Technology (IT) Security. Final Report

JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015

2010 Data Breach Investigations Report

7 Homeland. ty Grant Program HOMELAND SECURITY GRANT PROGRAM. Fiscal Year 2008

PRIVACY IMPACT ASSESSMENT FROM A REGULATOR S S POINT OF VIEW

PWGSC YOUR SERVICE OUR SERVICES, STANDARDS AND RESULTS

The data breach lifecycle: From prevention to response IAPP global privacy summit March 6, 2014 (4:30-5:30) Draft v

Government of Canada Update. Municipal CIO Summit April 10-12, 2014 Banff, AB

NIST National Institute of Standards and Technology

Guidance on the Governance and Management of Evaluations of Horizontal Initiatives

Protecting against cyber threats and security breaches

Royal Canadian Mounted Police Cybercrime Strategy

UNCLASSIFIED. Briefing to Critical Infrastructure Sector Organizations on the Canadian Cyber Incident Response Centre (CCIRC)

Auditor General of Canada to the House of Commons

Cyber Incident Response

Cyber Threat Intelligence and Incident Coordination Center (C 3 ) Protecting the Healthcare Industry from Cyber Attacks

Information Security Incident Management Guidelines

Cyber-Security. FAS Annual Conference September 12, 2014

SSC Operations IT Transformation in Motion

ENISA s Study on the Evolving Threat Landscape. European Network and Information Security Agency

Audit of Information Technology Security: Certification and Accreditation

Audit of the Policy on Internal Control Implementation

Audit of Project Management Governance. Audit Report

Cyber Incident Annex. Federal Coordinating Agencies. Coordinating Agencies. ITS-Information Technology Systems

IT Security Risk Management: A Lifecycle Approach

IT Professional Standards. Information Security Discipline. Sub-discipline 605 Information Security Testing and Information Assurance Methodologies

Cyber threat intelligence and the lessons from law enforcement. kpmg.com.au

How To Write A Listing Policy For A Species At Risk Act

E-SECURITY REVIEW 2008 DISCUSSION PAPER FOR PUBLIC CONSULTATION

Cyber Security Information Sharing: A Case Study of Olympic Proportions

2 Gabi Siboni, 1 Senior Research Fellow and Director,

Threat Management: Incident Handling. Incident Response Plan

National Cybersecurity Assessment and Technical Services

Lessons from Defending Cyberspace

FFIEC Cybersecurity Assessment Tool Overview for Chief Executive Officers and Boards of Directors

Keynote: FBI Wednesday, February 4 noon 1:10 p.m.

Cyber Incident Management Planning Guide. For IIROC Dealer Members

ASEAN Regional Forum Cyber Incident Response Workshop Republic of Singapore 6-7 September Co-Chair s Summary Report

National Approach to Information Assurance

Risk Management Guide for Critical Infrastructure Sectors

Risk Profiling Toolkit DEVELOPING A CORPORATE RISK PROFILE FOR YOUR ORGANIZATION

Passenger Protect Program Transport Canada

Interoperability Business Case: An Introduction to Ongoing Local Funding

Cyber Threat Intelligence Move to an intelligencedriven cybersecurity model

DRAFT Report on Office of the Superintendent of Financial Report on Institutions Office of the Superintendent of Financial

Cyber Incident Annex. Cooperating Agencies: Coordinating Agencies:

STATE OF NEW HAMPSHIRE STRATEGIC PLAN TO ADDRESS CYBER CRIME

Impact of Cybersecurity Innovations in Key Sectors (Technical Insights)

September 20, 2013 Senior IT Examiner Gene Lilienthal

Data Masking Best Practices

PASTA Abstract. Process for Attack S imulation & Threat Assessment Abstract. VerSprite, LLC Copyright 2013

CYBER SECURITY Cyber Security for Canadian Directors in the Wake of Ashley Madison

Water Security in New Jersey: Partnership and Services

How we see malware introduced Phishing Targeted Phishing Water hole Download (software (+ free ), music, films, serialz)

NATO Cyber Security Capabilities & Industry Opportunities Building on Solid Foundations. Ian J West Chief, Cyber Security

ENSURING SECURITY IN AND FACILITATING INTERNATIONAL TRADE. Measures toward enhancing maritime cybersecurity. Submitted by Canada SUMMARY

Assuring Telecom (Infrastructure and Services) An Operations Perspective

Industry Engagement Event. CLOUD COMPUTING SOLUTIONS CONSULTATION EN /A November 13 th, 2014 Delta Hotel, Ottawa.

PUBLIC SAFETY. Industry Solutions Harness the Power of GIS for Public Safety

Standard: Information Security Incident Management

No. 33 February 19, The President

ESKISP Conduct security testing, under supervision

Information Security Management System (ISMS) Policy

Keynote Speech. Beth Dugan Deputy Comptroller for Operational Risk. The Clearing House s First Operational Risk Colloquium

Canada s Cyber Security Strategy. For a stronger and more prosperous Canada

Update On Smart Grid Cyber Security

CYBER SECURITY GUIDANCE

PBSi Business Continuity Planning

INVESTMENT PLANNING AND PRIORITY SETTING: Management Approaches to Resource Allocation

Phase II of Compliance to the Policy on Internal Control: Audit of Entity-Level Controls

Transcription:

Government of Canada Cyber Security Event Management Plan (formerly GC IT Incident Management Plan) Presentation to PSCIOC March 5 th, 2015

Overview Drivers Current Landscape Proposed Changes Expected Outcomes Next Steps 2

Recent GC Headlines 3

Drivers Recent incidents have shown that the GC continues to be a target for cyber attacks Exploited vulnerability, compromising 900 SINs at Revenue Canada (April 2014) Sophisticated, targeted cyber intrusion at National Research Council (June 2014) Two incidents on different ends of the spectrum provided good insight into GC incident management processes Lessons Learned exercises from both incidents revealed some recurring themes related to the GC IT Incident Management Plan 4

Current Landscape: Incident Management Roles and Responsibilities All departments/agencies Departmental security (people, information, assets and services) Treasury Board Secretariat Security policy direction & oversight All depts. TBS Canadian Security Intelligence Service Investigations of threats to national security CSIS CSE Communications Security Establishment IT Security advice, guidance & intelligence Monitoring and detection on internal systems Royal Canadian Mounted Police Criminal investigations, cyber crime, forensics RCMP SSC Shared Services Canada (for 43 departments & agencies) Service provider & infrastructure owner IT Security for servers, networks and email Public Safety (Canadian Cyber Incident Response Centre) National incident response coordination for non-federal government systems Public Safety (CCIRC) DND SSC (GC-CIRT) GC Computer Incident Response Team (for all of the GC) Central coordination authority for incident response (housed at SSC) Department of National Defence Investigations and intelligence related to national defence 5

Current Landscape: GC IT Incident Management Plan (IMP) Provides an operational framework for the horizontal management of IT security incidents on GC networks Originally published in 2009, updated in 2012 Due for renewal Lessons Learned exercises following Heartbleed and NRC incidents revealed some issues with the IMP: Focuses on incidents only after a compromise occurs Lacks clearly defined invocation/escalation triggers Complex governance structure Missing link to Public Safety s Federal Emergency Response Plan (FERP) 1 Contains minimal reporting requirements 1 Additional FERP detail found in Annex A 6

A New Approach: GC Cyber Security Event Management Plan Drafting of the new GC Cyber Security Event Management Plan (GC CS EMP) is currently underway Addresses lessons learned and improves the GC s ability to respond in consistent and coordinated manner GC IT IMP (old) Focused on confirmed incidents only Lack of clearly defined invocation and escalation triggers Complex governance structure No link to FERP Minimal reporting requirements GC CS EMP (new) Considers all cyber events (which include potential threats & vulnerabilities, as well as confirmed incidents) Clearly defined triggers for invocation and escalation, based on priority levels Streamlined governance structure, with dynamic invocation of appropriate committees based on event priority Clearly defined priority level that implies immediate invocation of FERP Detailed reporting and communication requirements (including timelines) for all stakeholders 7

GC CS EMP: Other Changes UNCLASSIFIED / NON CLASSIFIÉ Other changes to the GC CS EMP include: A detailed RACI (Responsible, Authority, Consulted, Informed) matrix to clarify roles and responsibilities Updated processes and clearly defined inputs/outputs for each phase of the event management lifecycle Clearly defined departmental expectations in all phases More granular departmental requirements have been removed (to be included in a separate departmental incident management best practices guide) New event priority levels that dictate level of response required (see next slide) Explicitly defined communications channels Ensures that situational awareness is maintained throughout the event management lifecycle Includes clear linkages between the GC and Public Safety to enable effective sharing of technical information and coordination of public communication 8

GC CS EMP: Proposed Priority Levels* *Draft, based on the multi-state information sharing & analysis center methodology (https://msisac.cisecurity.org/alert-level/) 9

Expected Outcomes The GC CS EMP is expected to: Improve coordination and incident management planning within the GC Mitigate threats and vulnerabilities before a compromise can occur Enhance situational awareness across the GC Inform decision-making at all levels Enhance public confidence in GC 10

Impact to Provinces/Territories UNCLASSIFIED / NON CLASSIFIÉ The GC CS EMP is used to address cyber security events in the GC only No explicit role for P/Ts in this plan P/Ts are assumed to have their own incident management framework that ultimately links into the FERP GC CS EMP does have indirect benefits to P/Ts: More effective coordination of GC-wide events will minimize impact on federal programs and services that P/Ts rely on A normalized view of the federal cyber landscape will be shared with CCIRC through more efficient information sharing channels More value added federal event information that P/Ts can to respond to similar events 11

Next Steps March 2015 Finalize draft of GC CS EMP Q1 2015/16 Table top exercises at varying levels Departments Lead Security Agencies (first responders) Senior Management (DG/ADM) Finalization of GC CS EMP (including formal approval) Q2 2015/16 Publish GC CS EMP 12

ANNEX A: Federal Emergency Response Plan Federal Emergency Response Plan (FERP) background: Harmonizes federal emergency response efforts with those of provinces and territories, NGOs, and the private sector Allows for horizontal and vertical harmonization of effort throughout the federal government Provides an integrated, strategic GC response FERP coordination is utilized when: A province or territory requests federal support to deal with an emergency An emergency of such magnitude occurs that it impacts multiple jurisdictions and/or government departments An event directly involves federal assets, services, employees, statutory authority/responsibilities, or impacts confidence in government Aspects of the national interest are affected 13

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information