the u.s. coast guard’s role in cybersecurity · • aligns with the process and efforts outlined...
TRANSCRIPT
Homeland Security
UNCLASSIFIED
Mr. Thomas P. Michelli Deputy Chief Information Officer U.S. Coast Guard
The U.S. Coast Guard’s Role in Cybersecurity
UNCLASSIFIED
UNCLASSIFIED
Homeland Security
What is Cyberspace? __________________________________________________ Domain characterized by the use of electronics
and the electromagnetic spectrum to store, modify, and exchange data via network systems and associated physical infrastructures
• A domain that is no different than the ones that we routinely operate in; air, land, sea and space
Cyberspace is the “human created domain”
UNCLASSIFIED
UNCLASSIFIED
Homeland Security
CGCYBER Vision & Mission __________________________________________________
VISION
“A safe, secure and resilient cyber operating environment that allows for the execution of Coast Guard missions and maritime transportation interests of the United States.“
MISSION
Coast Guard Cyber Command’s mission is to identify, protect against, enhance resiliency in the face of, and counter electromagnetic threats to the Coast Guard and maritime interests of the United States, provide cyber capabilities that foster excellence in the execution of Coast Guard operations, support DHS cyber missions, and serve as the Service Component Command to U.S. Cyber Command.
• Computer Network Defense
• Protecting Maritime Critical Infrastructure and Key Resources
• Enabling Operations Through Cyber Capability
UNCLASSIFIED
UNCLASSIFIED
Homeland Security
Defend the Platform __________________________________________________
“Cyber affects the full spectrum of Coast Guard operations. It’s not an information technology niche…it cuts across
every aspect of the Coast Guard.”
- Admiral Zukunft
UNCLASSIFIED
UNCLASSIFIED
Homeland Security
Cyberspace Roles and Responsibilities
Operate in Cyberspace
• Defend
• Respond
• Recover
UNCLASSIFIED
UNCLASSIFIED
Homeland Security
CGCYBER • Designated Computer Network Defense Service Provider (CNDSP) for the Service – defense of the DoDIN
• Cyber Security Operations Center (CSOC) - 24x7x365 Watch
• Service Cyber Component to USCYBERCOM - executes TASKORDs from USCYBERCOM
• Intelligence fusion/indicators and warnings from NTOC
UNCLASSIFIED
UNCLASSIFIED
Homeland Security
C4ITSC • Technical Authority
• Configuration management for CG networks
• Build, deploy and maintain security systems and sensors
UNCLASSIFIED
UNCLASSIFIED
Homeland Security
Maritime Critical Infrastructure __________________________________________________
The Coast Guard is the Sector Specific Agency (SSA) for the Maritime component of the Transportation Sector
• 1 of the 16 Critical Sectors
• Collaboration with our partners in DHS, TSA and DOT
• Protect maritime sector from all threats (physical, personnel, and cyber)
UNCLASSIFIED
UNCLASSIFIED
Homeland Security
NIST Voluntary Cybersecurity Framework __________________________________________________ • Voluntary federal cybersecurity standards developed by the National Institute for Standards and Technology in cooperation w/ the private sector • Designed for owners and operators of CIKR…scalable to suite industry
• Focuses on; • Identification • Protection • Detection • Response • Recovery
• Complimented by the Critical Infrastructure Cyber Community program (C-Cubed)
UNCLASSIFIED
UNCLASSIFIED
Homeland Security
“C-Cubed” Voluntary Program __________________________________________________
• Public/private partnership aligning business enterprises and government to resources that will assist their efforts in using the NIST Voluntary Framework
• Assists with understanding the use of the Framework and other risk management efforts
• Link and customer relationship manager to help organizations with Framework utilization
• Encourages feedback from stakeholders about their experiences with the Framework to help drive future updates
• Aligns with the process and efforts outlined in the 2013 National Infrastructure Protection Plan
UNCLASSIFIED
UNCLASSIFIED
Homeland Security
Enabling Operations Through Cyber Capabilities
Leverage intelligence community (IC) and law enforcement (LE) authorities to understand adversaries intentions and capabilities in cyberspace
• Capitalize on cyber and SIGINT capabilities
• Drive tactical cyber intelligence to the front-line operator
UNCLASSIFIED
UNCLASSIFIED
Homeland Security
Cyberspace Roles and Responsibilities
Operate in Cyberspace
• Defend
• Respond
• Recover
Maintain Cyberspace
• Build
• Engineer
• Support
COLLABORATION…COORDINATION
UNCLASSIFIED
UNCLASSIFIED
Homeland Security
Cyber Tool: ACAS
5-Nov-14 Unclassified / FOUO
Enterprise vulnerability & compliance scanning infrastructure. Provides capabilities to allow for credentialed scanning of all USCG assets, enterprise scan management, alerting, & reporting against vulnerability and compliance requirements.
Deployment •Fully Deployed on SIPR and NIPR. Official full transition to be completed by 31 OCT 2014 •Full enterprise scans conducted every 30 days •Standalone Scanners for OOB networks and systems
Management
•TISCOM – ACAS system support and engineering •IAD – User management, end user training, enterprise dashboard/report template publishing
UNCLASSIFIED
UNCLASSIFIED
Homeland Security
ACAS Requirement
USCYBERCOM TASKORD 13-0670 and the subsequent CGCYBER TASKORD 13-010 mandates the deployment and use of ACAS to provide situational awareness into the health of the networks and actionable intelligence to support risk management decisions.
5-Nov-14 Unclassified / FOUO
UNCLASSIFIED
UNCLASSIFIED
Homeland Security
ACAS Benefits
Actionable Information – Reporting – Specific Vulnerability
Triggers
5-Nov-14 Unclassified / FOUO
UNCLASSIFIED
UNCLASSIFIED
Homeland Security
ACAS Architecture Goals
Goals Single USCG reporting capability for all assets Credentialed scanning ability for all USCG assets Ability to scan all USCG assets within 30 days
5-Nov-14 Unclassified / FOUO
UNCLASSIFIED
UNCLASSIFIED
Homeland Security
ACAS Components
ACAS DoD Phase I Components: Security Center: The central command and control
console for the ACAS infrastructure. (Red Hat) Nessus Vulnerability Scanner: vulnerability
auditing/analysis, compliance auditing, and network discovery.
ACAS DoD Phase II Components: Passive Vulnerability Scanner (PVS): real-time traffic
monitoring for application, vulnerability and protocol analysis.
5-Nov-14 Unclassified / FOUO
UNCLASSIFIED
UNCLASSIFIED
Homeland Security
ACAS Architecture Overview
SBU Two independent SecurityCenter servers
located at TISCOM and Alameda. 51 shore side scanners. Two SecurityCenter servers in MainTest with 3
scanners. SIPR
Two independent SecurityCenter servers located at TISCOM.
105 shore side scanners.
5-Nov-14 Unclassified / FOUO
UNCLASSIFIED
UNCLASSIFIED
Homeland Security
USCG’s ACAS Objectives
Spiral I Objectives: Deploy SecurityCenter and Nessus with the same scanning
coverage for SBU and SIPR as the previous IAD-VAT enterprise managed scanning infrastructure.
99% SBU Coverage, solution accepted by IAD on 15SEPT14 100% SIPR Coverage, solution accepted by IAD on 31OCT14
Provide recommendations for non-enterprise scanning solutions.
USCG Offline scanning guide posted on ACAS CGPortal site.
Spiral II Objectives: Optimize Architecture for central reporting, efficiencies, and
cost savings.
5-Nov-14 Unclassified / FOUO
UNCLASSIFIED
UNCLASSIFIED
Homeland Security
ACAS Current Initiatives
OSC LAN Coverage: Deploy scanners that are centrally managed to all
OSC LAN segments.
DMZ Coverage: Deploy scanners that are centrally managed with
automated reporting to USCG SecurityCenter.
5-Nov-14 Unclassified / FOUO
UNCLASSIFIED
UNCLASSIFIED
Homeland Security
ACAS Swimlane Overview
5-Nov-14 Unclassified / FOUO
EISI PL
ESOD (in support of EISI)
IAD C&A IAD
VAT ISSOs
Cyber
ITCCB
•Infrastructure Design •Product Testing •Root Infrastructure Administration • ACAS License Key Maintenance •Tentative Phase II
Transition • Infrastructure Health Monitoring • Product Deployment • Monthly Maintenance
• Monthly Scanning • Scan Processes • End User Account Management • Initial Asset List Development
TISCOM Information Assurance
UNCLASSIFIED
UNCLASSIFIED
Homeland Security
ACT Achieving Cybersecurity Together
“It’s our Shared Responsibility”.
Questions? __________________________________________________
UNCLASSIFIED
UNCLASSIFIED
Homeland Security
Backup Slides
5-Nov-14 Unclassified / FOUO
UNCLASSIFIED
UNCLASSIFIED
Homeland Security
ACAS Timeline
5-Nov-14 Unclassified / FOUO
USCYBERCOM SAR 2012-0404 04APR12
USCYBERCOM TASKORD 12-0603 24MAY12
USCYBERCOM TASKORD 13-0670 01AUG13
SBU Security Center Deployment SEPT12
SBU Nessus Deployment (CONUS) JUL13
SIPR Security Center Deployment SEPT13
CGCYBER TASKORD 13-010 18SEPT13
SBU OCONUS NESSUS Deployment OCT13
SBU Testing AUG14
SIPR NESSUS Deployment SETP14
SIPR Testing 01OCT14
Retina EOL 31OCT14
SPIRAL I
Architecture Optimization DEC14
SPIRAL II
Passive Vulnerability Sensor
SIPRAL III
SecurityCenter 4.8 Deployment NOV14
SecurityCenter 4.8.2 Deployment MAR15
SecurityCenter 5.0 Deployment DEC15
UNCLASSIFIED
UNCLASSIFIED
Homeland Security
For Official Use Only
For Official Use Only
Overall Indicator
DISA ACAS Roadmap FY14-15
25
Version 1
This document is informational only. Tenable reserves the right to change the schedule or list of features without prior notice.
• SecurityCenter v4.8: ACAS Deployment: 24 Sept 2014 (Build 1) New enhanced user/group/role model New HTML5 based analysis Prompting for Assets in Dashboard/Report templates Enhanced Asset Lists Unique ID capability
• SecurityCenter v4.8.2: ACAS Deployment: 26 March 2015 ACAS ARF/ASR Publishing Updates for CMRS
UpdatedARF reports to include version of the plugin, name of the scan policy, timestamp for credentialed scans, BIOS GUID and McAfee Agent GUID.
Updated Plugin text to include Scan Policy, Banchmark Names, Unsupported Products, and whether scans were authenticated or unauthenticated.
• SecurityCenter v5.0: ACAS Deployment: 1 Dec 2015 Fully completed HTML5 user interface Support for greater than 4GB repository sizes (now allows for 32GB repositories) Vulnerability Trending backend improvements (reducing storage requirements) SecurityCenter API rewritten to a RESTful one Additional integration with other ACAS products (Nessus & PVS) Updates to ARF/ASR reports and plugin text to meet CMRS requirements
• Nessus v6.0: ACAS Deployment: 15 Jan 2015 The ability to restore a scan (after an unexpected crash/shutdown/etc.) Automatic update of the scanners Use Windows events for all I/O
• PVS v4.2: ACAS Deployment: 20 Jan 2015 Increased throughput of 10GB
• PVS v4.4: ACAS Deployment: 12 Jun 2015 Automatic update of the PVS engine