AFCEA International Cyber Committee RECOMMENDED IMPLEMENTATION STRATEGIES FOR A NATIONAL CYBER INFORMATION SHARING INITIATIVE

Similar documents
Statement of Gil Vega. Associate Chief Information Officer for Cybersecurity and Chief Information Security Officer. U.S. Department of Energy

COUNTERINTELLIGENCE. Protecting Key Assets: A Corporate Counterintelligence Guide

Understanding the NIST Cybersecurity Framework September 30, 2014

Docket No. DHS , Notice of Request for Public Comment Regarding Information Sharing and Analysis Organizations

FFIEC Cybersecurity Assessment Tool Overview for Chief Executive Officers and Boards of Directors

FFIEC Cybersecurity Assessment Tool

The Comprehensive National Cybersecurity Initiative

How To Write A Cybersecurity Framework

A Guide to Successfully Implementing the NIST Cybersecurity Framework. Jerry Beasley CISM and TraceSecurity Information Security Analyst

INFORMATION & DATA WHAT THIS MAP IS:

RESPONSIBLE CARE SECURITY CODE OF MANAGEMENT PRACTICES

NATIONAL STRATEGY FOR GLOBAL SUPPLY CHAIN SECURITY

THE WHITE HOUSE Office of the Press Secretary

BlacKnight. Cyber Security international A BUSINESS / MARKETING PRESENTATION

Cybersecurity Risk Information Sharing Program (CRISP): Bi-Directional Trust

2. OVERVIEW OF THE PRIVATE INFRASTRUCTURE

ICBA Summary of FFIEC Cybersecurity Assessment Tool

BSA GLOBAL CYBERSECURITY FRAMEWORK

CForum: A Community Driven Solution to Cybersecurity Challenges

NIST Cybersecurity Initiatives. ARC World Industry Forum 2014

RE: Experience with the Framework for Improving Critical Infrastructure Cybersecurity

4.1 Identify what is working well and what needs adjustment Outline broad strategies that will help to effect these adjustments.

JOB DESCRIPTION. IS teams, Hanover colleagues, third party suppliers. Principal Duties and Responsibilities

CYBERSECURITY RISK RESEARCH CENTRE (832)

Framework for Improving Critical Infrastructure Cybersecurity

National Security & Homeland Security Councils Review of National Cyber Security Policy. Submission of the Business Software Alliance March 19, 2009

ENERGY SECTOR CYBERSECURITY FRAMEWORK IMPLEMENTATION GUIDANCE

HR Business Consulting Optimizing your HR service delivery

C DIG COMMITTED TO EXCELLENCE IN CYBER DEFENCE. ONE MISSION. ONE GROUP. CSCSS / DEFENCE INTELLIGENCE GROUP

ITU National Cybersecurity/CIIP Self-Assessment Tool

Lessons from Defending Cyberspace

Cybersecurity Framework: Current Status and Next Steps

Members respond to help identify what makes RNs unique and valuable to healthcare in Alberta.

NASCIO 2014 State IT Recognition Awards

Cyber ROI. A practical approach to quantifying the financial benefits of cybersecurity

The NIST Cybersecurity Framework (CSF) Unlocking CSF - An Educational Session

An Assessment of Capacity Building in Washington State

PREMIER SERVICES MAXIMIZE PERFORMANCE AND REDUCE RISK

Cybersecurity: Mission integration to protect your assets

Testimony of. Wm. Douglas Johnson. American Bankers Association. Subcommittee on Information Technology

Utah Educational Leadership Standards, Performance Expectations and Indicators

Healthcare Internal Audit: In a Time of Transition

Cybersecurity in the Utilities Sector Best Practices and Implementation 2014 Canadian Utilities IT & Telecom Conference September 24, 2014

Some Thoughts on the Future of Cyber-security

Suzanne B. Schwartz, MD, MBA Director Emergency Preparedness/Operations & Medical Countermeasures (EMCM Program) CDRH/FDA

CENTRE FOR STRATEGIC CYBERSPACE + SECURITY SCIENCE LEADERSHIP. RESEARCH. DEFENCE.

The Dow Chemical Company. statement for the record. David E. Kepler. before

Creating Business Value with Mature QA Practices

DoD Strategy for Defending Networks, Systems, and Data

IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE

September 10, Dear Administrator Scott:

White Paper on Financial Industry Regulatory Climate

MODERNIZING IT PLATFORMS SUCCESSFULLY HOW PLATFORM RENEWAL PROJECTS CREATE VALUE

The New International Standard on the Practice of Risk Management A Comparison of ISO 31000:2009 and the COSO ERM Framework

Partnership for Cyber Resilience

Effective Information Sharing and Analysis Process

Securing the Network: Cybersecurity Recommendations for Critical Infrastructure and the Global Supply Chain Telecommunications Industry Association

State Agency Cyber Security Survey v October State Agency Cybersecurity Survey v 3.4

Cybersecurity Framework. Executive Order Improving Critical Infrastructure Cybersecurity

White Paper Case Study: How Collaboration Platforms Support the ITIL Best Practices Standard

Cybersecurity MORE THAN A GOOD HEADLINE. Protect more

Cloud Cyber Incident Sharing Center (CISC) Jim Reavis CEO, Cloud Security Alliance

JOB ANNOUNCEMENT. Chief Security Officer, Cheniere Energy, Inc.

NIST Cybersecurity Framework. ARC World Industry Forum 2014

Senate Committee on Commerce, Science, and Transportation March 19, 2015, Hearing Examining the Evolving Cyber Insurance Marketplace

Critical Infrastructure Cybersecurity Framework. Overview and Status. Executive Order Improving Critical Infrastructure Cybersecurity

Strategic Planning Process Map

Business Architecture: a Key to Leading the Development of Business Capabilities

THE WHITE HOUSE. Office of the Press Secretary. For Immediate Release February 12, February 12, 2013

Critical Infrastructure in a CyberPhysicalHuman World

Summary of ESD S Proposal for the NIST s New York MEP Designation

Testimony of Dan Nutkis CEO of HITRUST Alliance. Before the Oversight and Government Reform Committee, Subcommittee on Information Technology

Applying Framework to Mobile & BYOD

Enterprise Security Tactical Plan

(U) Appendix E: Case for Developing an International Cybersecurity Policy Framework

cyberr by e-management The Leader in Cybersecurity Risk Intelligence (RI) Cybersecurity Risk: What You Don t Know CAN Hurt You!

REVENUE BUREAU ANNUAL PERFORMANCE EVALUATION PURPOSE & PROCESS SUBJECT TO LMC REVIEW AND REVISION IN SEPTEMBER 2009 INTRODUCTION

Framework for Improving Critical Infrastructure Cybersecurity

Before the FEDERAL COMMUNICATIONS COMMISSION Washington, D.C Comments of CTIA The Wireless Association

GAO. IT SUPPLY CHAIN Additional Efforts Needed by National Security- Related Agencies to Address Risks

ITI Cybersecurity Principles for Industry and Government

IT STARTS WITH CHANGE MANAGEMENT

Threat Information Sharing; Perspectives, Strategies, and Scenarios

CRR Supplemental Resource Guide. Volume 6. Service Continuity Management. Version 1.1

Before the DEPARTMENT OF COMMERCE National Telecommunications and Information Administration Washington, DC ) ) ) ) )

NCCIC CYBER INCIDENT SCORING SYSTEM OVERVIEW

JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015

Tools to Support Public Policy Grantmaking

May 23, Background and Introduction

UNIVERSITY OF MIAMI SCHOOL OF BUSINESS ADMINISTRATION MISSION, VISION & STRATEGIC PRIORITIES. Approved by SBA General Faculty (April 2012)

Northrop Grumman / Integrated Cyber Threat Response

OPERATIONAL COMMUNICATIONS STRATEGY

Supplemental Tool: Executing A Critical Infrastructure Risk Management Approach

CYBER SECURITY GUIDANCE

Department of Homeland Security Information Sharing Strategy

LinkedIn 10x Medical Device Conference Tuesday May 5 th, 2015

United States Air Force Academy Strategic Plan

Where insights lead Cybersecurity and the role of internal audit: An urgent call to action

National Technical Information Service U.S. Department of Commerce. FAQs on NTIS Joint Venture Opportunity Announcement

Transcription:

AFCEA International Cyber Committee RECOMMENDED IMPLEMENTATION STRATEGIES FOR A NATIONAL CYBER INFORMATION SHARING INITIATIVE April 2016

INTRODUCTION The AFCEA Cyber Committee has continued to evaluate the appropriate strategies for improving our nation s approaches to information sharing. In the fall of 2014, the committee developed a set of recommendations and provided them to the White House team evaluating this topic. More recently, the committee provided recommendations regarding the appropriate context and framework for developing a national cyber information sharing infrastructure. This paper addresses recommendations for implementation strategies that should be pursued in implementing the provisions of the executive order (EO) on information sharing 1. However, the committee believes that a successful implementation of the EO requires an appropriate context for these efforts as well as a framework that could be used to define success. ROLL-OUT OPPORTUNITIES AND IMPLEMENTATION As implementation continues, the government must specifically enable the outcomes envisioned in the EO and remove potential obstacles, including those described below. Define standards that the private sector will find useful. A broad-based input into the information sharing standards is essential for success. As the National Institute of Standards and Technology (NIST) Cyber Framework is undergoing revision in parallel, we suggest leveraging the framework working groups to simultaneously engage in the development of ideas and a companion framework for information sharing. This will allow those organizations debating enhancements and updates to the NIST Cyber Framework to address the two very interconnected activities simultaneously. This will also avoid duplication of convening industry review groups, making it clear that the two issues are mutually beneficial, and help ensure compatible and complementary language. This approach has the additional benefit of broadening industry participation in both efforts because some communities concern themselves with one over the other; both are critical and could benefit from broader participation. 1 Executive Order -- Promoting Private Sector Cybersecurity Information Sharing (EO 13691)

Enable (some) of the Information Sharing and Analysis Organizations (ISAOs) to get their feet under them by providing direct, and in some cases, ongoing support from the Department of Homeland Security (DHS). The support needed by the future ISAOs will vary widely and will evolve over time. One thing is common to all current Information Sharing and Analysis Centers (ISACs) many of which will become ISAOs no two are alike. This is not by design, but by necessity. What will ultimately work for ISAOs will be a spectrum of approaches and the unique maturity needs of the ISAOs will, by necessity, require varying kinds of support: financial, technical or other types of support. Enabling these will require careful consideration of the relative value to ISAO members, as well as the broader ecosystem they may represent. Define a clear value proposition to establish, join and stay actively engaged with ISAOs. Organizations may enthusiastically come to the ISAO table on day one; but, curiosity, promises, patriotism and fear will only keep people in the room for so long. Organizations will not sustain active participation without seeing immediate value and return on their investment (be it time, money or intellectual capital) in the form of demonstrable enhancements to their individual security position. Understanding what brings each of the ISAO participants in; what sustains them; what they value; and how they can explain it to their organizational decision makers will all be essential success factors. As government officials have acknowledged, the need for the entities waging this cyber war to be able to collaborate and share relevant information with their partners is of paramount importance. As such, the standards developed by DHS must not only motivate organizations to dedicate resources to share but must also align them with evolving individual organization value assessments. As it enacts the vision of the EO, DHS must put in place programs and funding to carry out the intent and not simply the spirit of the EO. CHANGE THE ENGAGEMENT Adopt flexible engagement approaches that help organizations improve protection of their communications and information infrastructures. The value of threat intelligence sharing comes not from a few but in the many, typically the very entities that are under attack from cyber actors. These organizations are diverse with different infrastructures and solution needs. DHS must champion initial ISAO participation and help facilitate solutions while recognizing the ISAOs need for flexibility to contribute their own tailored innovative approaches. This dual responsibility of DHS to provide a flexible and supportive framework to bring organizations to the table, yet still allow them the autonomy to protect their own infrastructures is essential for long-term benefits and enduring protection strategies.

Specifically, DHS must work with organizations on identifying the business risks that individual sectors face. Understanding stakeholders whose missions are most critical from a homeland security perspective will strengthen the development of appropriately tailored protection strategies while effectively sharing our resources. Building upon the Section 9 List, 2 identify those organizations whose infrastructure is most at risk and whose protection is most critical to assuring national prosperity, security and public safety. Prioritize the development of closer ISAO partnerships with those organizations most at risk. Identify and work with influential organizations to increase national awareness of the issues facing ALL constituents. Understand the business of the Internet and focus its internal programs on identifying, monitoring and characterizing only those threats that have strategic significance to the nation s security and where the U.S. government can engage to help the private sector. Tailor engagements by understanding each ISAO partner s needs and operating environments and collaboratively developing and implementing approaches to address their specific risks. Provide options for ISAOs to effectively and uniquely define and promote value to their stakeholders. Increase opportunities for ISAO partners to expand their own knowledge and expertise. FULLY AND PUBLICLY COMMIT TO A DUTY TO SHARE Enable rapid, consistent sharing of valuable information as close to the point of information creation as possible. As the EO directed, essential to addressing the threat environment is the ability to quickly share threat and mitigation information across organizations so that other organizations can rapidly understand, adapt to and address changing conditions. This requires shifting from an environment where a duty to share becomes the norm and need to know becomes the exception. Convening safe, effective, non-attribution ISAO environments may require seed funding to help get them off the ground and to prime the pump with tools, techniques, processes, 2 Executive Order 13636 - Improving Critical Infrastructure Cybersecurity February 12, 2013

templates, lessons learned and threat data. Bringing a greater consistency to information sharing will allow organizations to place greater focus on addressing and responding to or preventing threats, rather than getting the information in the first place. Actively advocate and promote duty to share concepts and ideas in all it does. Working through its standards organization, understand and address the policy, procedural and technical barriers that inhibit sharing. Working in partnership with the Small Business Administration, NIST and other organizations, DHS should provide starter kits for ISAOs consisting of initial funding where appropriate and capabilities to remove as many of the barriers as possible to enable this commitment to sharing. Leveraging its current private sector partners, identify, fund and support the establishment of new ISAOs by promulgating the standards, tools and best practices to key lifeline sectors and critically focused regions. Fully commit to the ongoing sustainment of these ISAOs by helping them expand their value to both their individual members and the broader information sharing ecosystem through the following actions: engaging these ISAOs routinely in national exercises; convening threat exchange forums; and providing opportunities to the entities to represent the interests of the ISAO in a dialogue with the research community and in development of additional standards. Continuously seek opportunities to support mechanisms and standards that enhance sharing of relevant threat information and mitigation approaches across and between partners, regardless of the direct benefit to the government. CHALLENGE THE MARKETPLACE DHS must continue to challenge the marketplace to deliver effective products and services that reduce mission and business risk. Today s markets do not yet provide the full range of products and solutions required to securely and reliably address the threat environment. Moreover, market needs shift quickly as threats change. At the same time, consistent standards are an essential foundation for sharing information across organizations and developing interoperable technologies. DHS engagement with the breadth of organizations that rely on communications and information infrastructure should enable them to identify and communicate emerging market needs. DHS should support a range of activities to enable development of a range of more innovative products and solutions that, in part, enable organizations to better and collaboratively address common threats. Identify and communicate emerging technology needs and foster innovations to address those needs. Connect users to available and emerging solutions. Support standards adoption through appropriate research, development and testing.

STRENGTHEN AGILITY Enable operational agility to threats before, during and after incidents occur. Effective operational response is required to address the potential harm caused by attacks or disasters affecting critical communications and information infrastructure. In this environment, distributed response models are the norm, making control inherently diffuse and requiring agility. DHS should strengthen analytic capabilities that enable partners to continually understand the environment so that anomalous threats can be better spotted, addressed, countered and constrained. The goal is to prevent attacks through effective analysis of shared information. Focus also is required to collaboratively define coordination models that enable effective action across a network of organizations. Strengthening these models will enable organizations to work in a more consistent way with their partners so they can jointly respond to changes in the environment more effectively. Work with all ISAO partners to actively identify, coordinate and support responses to incidents that may cause significant harm. Identify and promote coordination models appropriate to the environment. Improve the sophistication, comprehensiveness and utility of analysis and mitigation approaches. Strengthen the skills of analysts and equip them with the necessary resources, processes and tools. SUMMARY The AFCEA Cyber Committee strongly supports the objective of improving our nation s ability to deter cyber attacks. Properly focused, the guidance in the recent executive order can be of great benefit toward achieving this objective. The observations and suggestions in this paper provide what we believe to be sound approaches for establishing a successful cyber information sharing infrastructure. The committee will continue to assess the area of information sharing and provide additional papers, as appropriate. Copyright 2016 AFCEA International. All rights reserved. All distribution must include www.afcea.org.

The AFCEA International Cyber Committee White Paper Series www.afcea.org/committees/cyber

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information