Upload
dothien
View
220
Download
0
Embed Size (px)
Citation preview
TSA Mission in Cyber Space
4
Mission - Facilitate the measured improvement of the national transportation sector cyber security posture.
Mandates – National Infrastructure Protection Plan (NIPP), Homeland Security Presidential Directive -7 (HSPD-7), Quadrennial Homeland Security Review: Mission 4 (DHS). All progress monitored by Congress through annual reports.
Direction – TSA is designated by DHS as the Sector-Specific Agency for the Transportation Sector. The Office of Information Technology partners with the Office of Security Policy and Industry Engagement to lead cyber security activities in the sector.
Approach – Non-Operational. Education, Facilitation, Communication
CSAO Strategy and Goals
5
Strategy: “The Sector will manage cybersecurity risk through maintaining and enhancing continuous awareness and promoting voluntary, collaborative, and sustainable community action.”
Goal 1: Maintain Continuous Cybersecurity Awareness
Goal 2: Improve and Expand Voluntary Participation
Goal 3: Define Conceptual Environment
Goal 4: Enhance Intelligence and Security Information Sharing
Goal 5: Ensure Sustained Coordination and Strategic Implementation
CSAO Challenges
6
Human Beings
Ignorance
Trust (NDAs, legal constraints, etc.)
Information classification
Partnerships and Resources
7
Federal: - DHS: NPPD, NCSD, NCCIC, US-CERT and ICS CERT - DoT: Federal Highway, State and Local, (Volpe - National) - Military: USCG/Cyber Command, TRANSCOM
Industry: - 6 Modes: Aviation, Mass Transit, Freight Rail, Pipeline, Maritime,
Highway Motor Carrier (HMC) - Associations (Ex: Association of American Railroads) - Individual Companies (Ex: Union Pacific)
ISAC’s: - Multi State, Surface/Public Transportation
TSA Coordination: - OSPIE, Office of Intelligence and Analysis
Transportation Sector Cyber Activities
8
Aviation – Created a working group to develop an ISAC for cyber
Pipeline – Developing industry-wide cyber risk management approach
Maritime – Partnering with TSA, DOT, and DHS to develop a cyber risk management approach for the nation’s port facilities. Co-hosting the 2012 Cybersecurity in Transportation Summit with TSA
Freight Rail – Building annual Corporate Security Review for Class 1 Railroads
Mass Transit – TSA partners with American Public Transportation Association to improve control systems cyber security standards
Highway Motor Carrier – TSA CSAO participates in CIPAC meetings and is an active member of the GCC/SCC meetings; ABE-40
2012 Initiatives
9
Cybersecurity Exercises
Transportation Systems Sector Cyber Working Group
2012 Cybersecurity in Transportation Summit
Cybersecurity Assessment and Risk Management Approach (CARMA)
National Level Exercise 2012- Overview Conducted between March and July, 2012
- Included participation from nearly all critical sectors identified in the NIPP
- Several phases, from threat warnings and indications, to detailed scenarios
Objectives: - Improve cross-sector and intra-industry communications during
crisis - Test and evaluate centralized cyber incident handling procedures
Outcomes: - AAR in Development / SSI content
10
Cyber Security Tabletop Exercise: TSA and U.S. Transportation Command- Overview Conducted on June 20, 2012
- First ever cyber security exercise between TSA and DoD
Objectives: - Broaden the understanding of transportation industry impacts to
mission-critical DoD functions in the event of a cyber attack on transportation systems
- Identify knowledge gaps between DoD and DHS entities for cyber incident handling processes
- Improve collaboration between DoD, TSA, and DHS resources
11
General Exercise Outcomes:
1. Foster Education, Collaboration and Awareness
2. Promote and Further Public Private Partnerships
3. Enhance Information Sharing Efforts
OSPIE has developed a sector outreach cyber security strategy based on these priorities. OIT will support OSPIE through continued SME guidance, and awareness and outreach events, including the 2012 Summit
12
Information Sharing Resources
13
Weekly newsletter:
Published to promulgate open source stories about recent cyber events and transportation-specific news
Excellent resource for busy industry leaders to maintain situational awareness
Monthly Transportation Systems Sector Cyber Working Group
Transportation Research Board Cyber Subcommittee
Monthly meeting hosted by Mr. Mike Dinning
Discussions incorporate research from academia, industry, and government on relevant cyber security topics
2012 Cyber Security in Transportation Summit
14
September 24-25, 2012 | Hilton Crystal City at National Airport, Arlington VA
Mission: Help identify and sustainably manage the risk to critical transportation functions and business from cyber attacks.
Co-hosted by TSA and the USCG Cyber Command
Topics will include: - Combating Insider Threats - Control Systems Roadmap - Open Source Threat Briefing - DHS Cyber Security Resources - Hacking SCADA Systems - Opportunities for collaboration - …. and many others
CARMA Overview
16
Stage 1: Scope Cyber Risk Management Effort - Determine Scope and Identify Subject Matter Experts - Develop Cyber Risk Management Work Plan
Stage 2: Identify Cyber Infrastructure - Validate Critical Business Functions - Identify Cyber Dependent Infrastructure
Stage 3: Conduct Cyber Risk Assessment - Develop and Test Threat Scenarios - Develop Cyber Risk Profile
Stage 4: Develop Cyber Risk Management Strategy - Evaluate and Prioritize Risk Response Actions - Develop Cyber Risk Strategy and Validate
Stage 5: Implement Risk Management Strategy and Measuring - Productize Suggested Operational Plan for Distribution - Develop Suggested Sector Cyber Metrics - Collect and Analyze Metrics Data (where requested) - Refine Risk Management Strategy
Ongoing: Administrative Support and Governance
Cybersecurity Evaluation Program (CSEP) Conducts voluntary cybersecurity assessments across all 18
CIKR sectors, within state governments and large urban areas. CSEP affords critical infrastructure sector participants a portfolio of assessment tools, techniques, and analytics, ranging from those that can be self-applied to those that require expert facilitation or mentoring outreach. The CSEP works closely with internal and external stakeholders to measure key performances in cybersecurity management. The Cyber Resiliency Review is being deployed across all 18 Critical Infrastructure sectors, state, local, tribal, and Territorial governments.
For more information, visit www.dhs.gov/xabout/structure/editorial_0839.shtm or contact [email protected]
17
Cybersecurity Evaluation Tool (CSET)
CSET is a desktop software tool that guides users through a step-by-step process for assessing the cyber security posture of their industrial control system and enterprise information technology networks. CSET is available for download or in DVD format. To learn more or download a copy, visit http://www.us-cert.gov/control_systems/satool.html. To obtain a DVD copy, send an e-mail with your mailing address to [email protected].
18
Cybersecurity Vulnerability Assessments through the Control Systems Security Program (CSSP)
CSSP Assessments provide on-site support to critical infrastructure asset owners by assisting them to perform a security self-assessment of their enterprise and control system networks against industry accepted standards, policies, and procedures. To request on-site assistance, asset owners may e-mail [email protected]
19
Industrial Control Systems (ICS) Technology Assessments
ICS Assessments provide a testing environment to conduct baseline security assessments on industrial control systems, network architectures, software, and control system components. These assessments include testing for common vulnerabilities and conducting vulnerability mitigation analysis to verify the effectiveness of applied security measures. To learn more about ICS testing capabilities and opportunities, e-mail [email protected]
20
Information Technology Sector Risk Assessment (ITSRA)
ITSRA provides an all-hazards risk profile that public and private IT Sector partners can use to inform resource allocation for research and development and other protective measures which enhance the security and resiliency of the critical IT Sector functions. For more information, see http://www.dhs.gov/xlibrary/assets/nipp_it_baseline_risk_assessment.pdf or contact [email protected].
21
How to Get Involved
22
• Email us! [email protected]
• Read our weekly newsletter
• Participate in our monthly TSS-CWG meetings (open to GCC and SCC members)
• Attend our summit!
• Section Chief: Ms. Kelley Bray 571-227-2198 • [email protected]
Michael Slawski, CISSP, CIPP, Sec+, SCF, Surfer
23
Follow me on Twitter: @michaelslawski Email: [email protected] Phone: 571-227-4292