Upload
lemien
View
217
Download
0
Embed Size (px)
Citation preview
U.S. Department of Homeland SecurityOffice of Cybersecurity & Communications
Council of State Governments Cybersecurity Session
November 3, 2017
▪ CS&C’s Mission – ensure the security, resiliency, and reliability of the Nation’s cyber and communications infrastructure
▪ CS&C works to prevent or minimize disruptions to our critical information infrastructure in order to protect the public, the economy, government services, and the overall security of the United States.
▪ Prepare for, protect against, and respond to incidents that could degrade or overwhelm the networks, systems, and assets that make up our Nation’s information technology, cyber, and communications infrastructure
▪ Protect Federal Civilian networks (.gov, .com)
▪ Host, conduct exercises to prepare Federal, state, local, and private sectors for cyber attack
Cybersecurity & Communications (CS&C)
Stakeholder Engagement & Cyber Infrastructure
Resilience (SECIR)
▪ The SECIR division serves as the Department’s
primary coordination point for cybersecurity
stakeholder engagement and national security and
emergency preparedness communications activities.
▪ SECIR also leads a number of key cybersecurity and
communications resilience programs.
▪ Each of the divisions within CS&C rely upon SECIR
to streamline coordination and engagement with
government and industry partners, while SECIR
leverages the capabilities and subject matter experts
across CS&C to meet stakeholder needs.
National Cybersecurity & Communications
Integration Center (NCCIC)
▪ The NCCIC is a 24x7 cyber situational
awareness, incident response, and management
center that is a national nexus of cyber and
communications integration for Federal civilian
agencies, the intelligence community, law
enforcement, State and local government, and
the private sector
Office of Emergency Communications (OEC)
▪ OEC supports and promotes communications
used by emergency responders and government
officials to keep America safe, secure, and
resilient.
▪ Leads the Nation’s operable and interoperable
public safety and national security and
emergency preparedness communications
efforts
▪ Provides training, coordination, tools, and
guidance to help its federal, state, local, tribal,
territorial and industry partners develop their
emergency communications capabilities
▪ OEC’s programs and services coordinate
emergency communications planning,
preparation and evaluation, to ensure safer,
better-prepared communities nationwide.
Deloitte-NASCIO Cybersecurity Study 2016 2014
Frequency of cybersecurity discussion with executive leadership
• Monthly
• Quarterly
• Annually
45% 16% 6%
30% 18% 8%
Frequency of cybersecurity reporting to the governor
• Monthly
• Quarterly
• Annually
• Ad hoc
29% 2%
12% 39%
17% 4%
15% 40%
Frequency of cybersecurity reporting to the state legislature
• Monthly
• Quarterly
• Annually
• Ad hoc
4% 6%
29% 35%
0% 0%
28% 40%
Top 5 barriers in addressing cybersecurity challenges
• Lack of sufficient funding
• Inadequate availability of cybersecurity professionals
• Lack of documented processes
• Increasing sophistication of threats
• Lack of visibility and influence within the enterprise
80% ↑ 51% ↓ 45% ↑ 45% ↓ 33% ↓
75.5% 59.2% 32.7% 61.2% 49.0%
Top human resource factors that negatively impact CISO’s ability to develop, support and maintain cybersecurity workforce
• State’s salary rates and pay grade structure
• Lack qualified candidates due to federal agencies/private sector demand
• Workforce leaving for private sector
• Intrastate attrition for higher salary positions
• Lengthy hiring process
• Lack of defined career path and opportunities
96% 59% 47%
* * *
89.9% *
71.4% 32.7% 53.1% 67.3%
National Preparedness Report 2015 2012
• Addressing cybersecurity capability gaps perceived as entirely or mostly a state responsibility
70% 49%
• Percent of 53 states and territories surveyed by NEMA indicating need for continued Federal support to augment cybersecurity efforts
100% *
o Percent identifying financial assistance as among federal resources needed
60%
o Percent identifying training opportunities as among federal resources needed
94%
o Percent identifying technical assistance as among federal resources needed
91%
o Percent identifying support for sharing best practices between states as among federal resources needed
85%
MS-ISAC Nationwide Cyber Security Review
Top security concerns
• Lack of security program funding (State and local)
• Increasing sophistication of threats (State and local)
• Lack of documented processes (local)
• Lack of a cybersecurity strategy (local)
• Lack of available security professionals (tribal, but emerging across SLTT)