National Cybersecurity Assessment and Technical Services



Similar documents
National Cybersecurity Assessment and Technical Services: Capability Brief. Presented by: Sean McAfee Updated: May 5, 2014

Department of Homeland Security

National Cybersecurity Assessment and Technical Services (NCATS) Year-End Engagement Report 2014

DHS Cyber Security & Resilience Resources: Cyber Preparedness, Risk Mitigation, & Incident Response

Integrating Cybersecurity with Emergency Operations Plans (EOPs) for K-12 Education

ESKISP Manage security testing

Department of Homeland Security

Cyber Side-Effects: How Secure is the Personal Information Entered into the Flawed Healthcare.gov? Statement for the Record

Preventing and Defending Against Cyber Attacks November 2010

CYBER SECURITY GUIDANCE

Integrating Cybersecurity with Emergency Operations Plans (EOPs) for Institutions of Higher Education (IHEs)

Homeland Security Lessons Learned: An Analysis from Cyber Security Evaluations

Overview TECHIS Carry out security testing activities

National Cybersecurity & Communications Integration Center (NCCIC)

ESKISP Direct security testing

ESKISP Conducts vulnerability assessment under supervision

Department of Homeland Security Federal Government Offerings, Products, and Services

VULNERABILITY MANAGEMENT AND RESEARCH PENETRATION TESTING OVERVIEW

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

Statement for the Record. Dr. Andy Ozment Assistant Secretary, Cybersecurity and Communications U.S. Department of Homeland Security

NASA OFFICE OF INSPECTOR GENERAL

IT Professional Standards. Information Security Discipline. Sub-discipline 605 Information Security Testing and Information Assurance Methodologies

ESKISP Conduct security testing, under supervision

Defending against modern threats Kruger National Park ICCWS 2015

Resources and Capabilities Guide

Strategic Plan On-Demand Services April 2, 2015

Written Testimony. Dr. Andy Ozment. Assistant Secretary for Cybersecurity and Communications. U.S. Department of Homeland Security.

Supplemental Tool: NPPD Resources to Support Vulnerability Assessments

U.S. Office of Personnel Management. Actions to Strengthen Cybersecurity and Protect Critical IT Systems

Minimizing Risk Through Vulnerability Management. Presentation for Rochester Security Summit 2015 Security Governance Track October 7, 2015

Compliance Guide ISO Compliance Guide. September Contents. Introduction 1. Detailed Controls Mapping 2.

The U.S. Department of Homeland Security s Response to Senator Franken s July 1, 2015 letter

U.S. Department of Energy Office of Inspector General Office of Audits & Inspections. Evaluation Report

What s Inside. ICS-CERT Year in Review Welcome 1. ICS-CERT Introduction 2. ICS-CERT 2014 Highlights 3. ICS-CERT Watch Floor Operations 4

How we see malware introduced Phishing Targeted Phishing Water hole Download (software (+ free ), music, films, serialz)

ForeScout CounterACT CONTINUOUS DIAGNOSTICS & MITIGATION (CDM)

Homeland Security Perspectives: Cyber Security Partnerships and Measurement Activities

STATEMENT OF WORK (SOW) for CYBER VULNERABILITY ASSESSMENT

Release of the Draft Cybersecurity Procurement Language for Energy Delivery Systems

How To Improve Nasa'S Security

Overview TECHIS Carry out risk assessment and management activities

INFRAGARD.ORG. Portland FBI. Unclassified 1

NICE and Framework Overview

Payment Card Industry (PCI) Penetration Testing Standard

GAO. INFORMATION SECURITY Persistent Weaknesses Highlight Need for Further Improvement

NSA/DHS Centers of Academic Excellence for Information Assurance/Cyber Defense

Department of Management Services. Request for Information

U.S. Department of Energy Office of Inspector General Office of Audits and Inspections. Evaluation Report

Statement of Danny Harris, Ph.D. Chief Information Officer U.S. Department of Education

WHITE PAPER AUTOMATED, REAL-TIME RISK ANALYSIS AND REMEDIATION

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.

Vulnerability Risk Management 2.0. Best Practices for Managing Risk in the New Digital War

GAO Information Security Issues

Improving Visibility into your Vulnerability Management Program

Independent Evaluation of NRC s Implementation of the Federal Information Security Modernization Act of 2014 for Fiscal Year 2015

NH!ISAC"ADVISORY"201.13" NATIONAL"CRITICAL"INFRASTRUCTURE"RESILIENCE"ANALYSIS"REPORT""

Cybersecurity Enhancement Account. FY 2017 President s Budget

Priority III: A National Cyberspace Security Awareness and Training Program

EVALUATION REPORT. Weaknesses Identified During the FY 2014 Federal Information Security Management Act Review. March 13, 2015 REPORT NUMBER 15-07

Industrial Security & Compliance Using the Holistic Lifecycle Model

High Level Cyber Security Assessment 2/1/2012. Assessor: J. Doe

NYS LOCAL GOVERNMENT VULNERABILITY SCANNING PROJECT September 22, 2011

Cybersecurity Risk Management Activities Instructions Fiscal Year 2015

Reducing Application Vulnerabilities by Security Engineering

White Paper The Dynamic Nature of Virtualization Security

US-CERT Year in Review. United States Computer Emergency Readiness Team

The DS Information Assurance and Cybersecurity Role-Based Training Program. Diplomatic Security Training Center (DSTC) Dunn Loring, VA

The ICS Approach to Security-Focused IT Solutions

IAPP Global Privacy Summit Protecting Privacy Under the Cybersecurity Microscope

Introduction. Jason Lawrence, MSISA, CISSP, CISA Manager, EY Advanced Security Center Atlanta, Georgia

Standard: Web Application Development

Cloud Infrastructure Security Management

Piloting Supply Chain Risk Management Practices for Federal Information Systems

NGA Paper. Act and Adjust: A Call to Action for Governors. for cybersecurity;

FEDERAL HOUSING FINANCE AGENCY ADVISORY BULLETIN AB Cyber Risk Management Guidance. Purpose

Information Security Assessment and Testing Services RFQ # Questions and Answers September 8, 2014

Cyber Security for Competitve Advantage: How SaaS Providers are Transforming their Business

Technical Testing. Network Testing DATA SHEET

Network Test Labs Inc Security Assessment Service Description Complementary Service Offering for New Clients

New Zealand Company Six full time technical staff Offices in Auckland and Wellington

NERC CIP VERSION 5 COMPLIANCE

Cautela Labs Cloud Agile. Secured.

Looking at the SANS 20 Critical Security Controls

U.S. Department of Energy Office of Inspector General Office of Audits and Inspections

State Agency Cyber Security Survey v October State Agency Cybersecurity Survey v 3.4

Delivering IT Security and Compliance as a Service

Figure 1. Number of High-Risk Vulnerability Instances in the JPSS Ground System, by Quarter, FY 2012 to FY nd Quarter

Managing Vulnerabilities for PCI Compliance White Paper. Christopher S. Harper Managing Director, Agio Security Services

Is your business prepared for Cyber Risks in 2016

Preventing and Defending Against Cyber Attacks October 2011

A HELPING HAND TO PROTECT YOUR REPUTATION

Network Security Deployment Obligation and Expenditure Report

Evaluation of DHS' Information Security Program for Fiscal Year 2014

Threat and Vulnerability Management (TVM) Protecting IT assets through a comprehensive program. Chicago IIA/ISACA

Seven Strategies to Defend ICSs

Information Technology Risk Management

Access FedVTE online at: fedvte.usalearning.gov

Preventing and Defending Against Cyber Attacks June 2011

Audit of the Board s Information Security Program

Transcription:

National Cybersecurity Assessment and Technical Services Updated: September 9, 2015

NCATS Program Overview Offer Full-Scope Red Team/Penetration Testing Capabilities through two primary programs: Risk and Vulnerability Assessment (RVA) and Cyber Hygiene Focus is on proactive engagements with stakeholders to improve their cybersecurity posture, limit exposure, reduce rates of exploitation Offers a full suite of tailored threat, vulnerability and risk assessment services and penetration testing capabilities to stakeholders Acts as a trusted advisor and provides independent review and recommendations for cybersecurity improvement 2

Objectives and Benefits Provide Enhanced Situational Awareness and Data Visibility to Leadership Types of information: Vulnerabilities Mitigations Operating Systems Applications Trending and Comparison Data Federal, SLTT, PS 3

Stakeholder Groups Federal Civilian Executive Branch State, Local, Tribal, Territorial Governments (SLTT) Private Sector (PS) Unclassified / Business Networks Cyber Hygiene Mandatory for Federal Optional for SLTT and PS Risk and Vulnerability Assessments Optional for Federal, SLTT and PS FY15 Current Stakeholders Service Fed SLTT PS Total RVA 24 10 12 46 Cyber Hygiene 126* 35 22 183 * Includes House of Representatives 4

Services and Capabilities Vulnerability Scanning Service Description Internal/ External to Customer Network Program Conduct Vulnerability Assessments Both Cyber Hygiene RVA Penetration Testing Exploit weakness or test responses in systems, applications, network and security controls Both RVA Social Engineering Wireless Discovery & Identification Web Application Scanning and Testing Crafted e-mail at targeted audience to test Security Awareness / Used as an attack vector to internal network Identify wireless signals (to include identification of rogue wireless devices) and exploit access points External Internal RVA RVA Identify web application vulnerabilities Both Cyber Hygiene RVA Database Scanning Security Scan of database settings and controls Internal RVA Operating System Scanning Security Scan of Operating System to do Compliance Checks (ex. FDCC/USGCB) Internal RVA 5

RVA Assessment Lifecycle Pre ROE Stakeholder contacted Briefed on NCATS services Service is Requested Schedule Confirmed ROE Distributed/Stakeholder signs ROE Pre Assessment (Minimum) 2 weeks Assessment 2 weeks Reporting 3 weeks Pre-Assessment Package Distributed Receive Completed Pre-Assessment Package Conduct Pre-Assessment Teleconference Receive Pre-Assessment Artifacts (1 week) Notification to NCCIC Floor for dissemination Off-Site Assessment Activities On-Site Assessment Activities Draft Report Started/Completed Submit Draft Report to Stakeholder Receive Draft Report with Stakeholder Comments Q&A Process Started/Completed Post Assessment 1 week Final Draft Completed Final Report Delivered to Customer Assessment Out brief 6

RESULTS 7

Cyber Hygiene Activities Identify Scanning Active hosts, Operating System and Services Vulnerabilities and weaknesses Common configuration errors Improperly signed Domains Expired SSL Certificates Understand how external systems and infrastructure appear to potential attackers Past and Present Use Federal Response to Heartbleed OMB: M-15-01 Identification of publicly available vulnerabilities DHS Binding Operational Directive Individual Stakeholder persistent scans and exposure status 2300+ Reports delivered this Fiscal Year 183 Stakeholders and growing 8

Technical Output: Sample Snapshots 9

Past Performance, Success Story: HeartBleed Reduction % Vulnerable Hosts 250 200 150 100 50 0 100% 80% 60% 40% 20% 0% Vulnerable Hosts Found Over Time Potential vs. Actual Vulnerability Reduction Over Time Notable Observations: DHS had the capability to initiate scanning immediately but was delayed due to a lack of authorization Observed 98% vulnerability reduction between first and last scan Had scanning started April 7th and achieved similar results the length of exposure could have been reduced by 29% Actual Potential 10

Visual 1: Current U.S. Scanning 11

Questions? NCATS_INFO@hq.dhs.gov 12

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information