• Home

  • Documents

  • National Cybersecurity Center Policy Capture - … · monitor IC networks. Collection: ... provides...
1
National Cybersecurity Center Policy Capture Domains Main Functions Intelligence Strategy Incident Response System Protection Defense Collaboration Dissemination Civil Monitor R&D Disruption Law Enforcement/ Collection Education/Awareness Investigation Counterintelligence Analysis Training/Exercises Attribution Core Competencies Center/Dept. Description Situational NCSC/DHS National Cybersecurity Center Awareness US-CERT/DHS United States Computer Emergency Readiness Team Public-private JTF-GNO/DoD Joint Task Force—Global Network Operations Coordination NCIJTF/FBI National Cyber Investigative Joint Task Force IC-IRC/DNI Intelligence Community—Incident Response Center National Security NTOC/NSA NSA/CSS Threat Operations Center Foreign Intelligence DC3/DoD Defense Cyber Crime Center The centers connect, communicate, and share information with each other through established relationships or through strategically placed liaison officers. NCSC will draw insight from six existing federal cyber centers to create cross-domain situational awareness. INTELLIGENCE IC-IRC Attribution: Provides foreign threat- based analysis to assist in gaining attribution regarding a cyber attack Collaboration: Collaborates with and shares information among Intelligence and CND communities, DoD, US-CERT and other incident response organizations Monitor: Manage and monitor IC networks Collection: 24/7 operation facilitates collection and sharing of cyber event information among the Intelligence community Training/Exercises: Plans and conducts IC TS network exercises Dissemination: Provides vulnerability management notification and status reporting for IC as well as threat message dissemination and status monitoring Incident Response: Provides Intelligence incident reporting and response for IC continuity of operations; Serves as cyber alert and notification focal point Analysis: Conducts network threat analysis and correlation DEFENSE OC Collaboration: Collaborates with NIST, US-CERT, and JTF-GNO; facilitates cooperation, planning, and coordination between organizations (such as DISA) responsible for information systems security incidents Monitor: Reviews information to determine cyber threats and vulnerabilities and to develop NT mitigation strategies Analysis: Coordinates with DIA for all-source threat analysis Incident Response: Facilitates and coordinates identification and development of countermeasures; provides support during security incidents when needed Training/Exercises: Supports cyber defense elements of major Combatant Commander and national-level exercises; provides network analyst training courses at the National Cryptologic School Education/Awareness: Publishes security configuration guides; partners with DHS to sponsor CAEIAE Dissemination: Facilitates security incident reporting to the appropriate authority; provides worldwide dissemination of threat advisories LAW ENFORCEMENT/ COUNTERINTELLIGENCE Strategy: Developing global view Attribution: Seeks to identify threats to computer networks affecting national security Investigation: Conducts LE/CI/CT cyber-related investigations and response to counterintelligence threats Disruption: Proactively disrupts the foreign exploitation of U.S. computer networks NCIJTF Training/Exercises: Planning to conduct training with FY09 budget request for training funds Dissemination: Produces quarterly reports to allow ed targeted entities to take action Incident Response: Identifies new methods of attacks; intends to develop 24/7 operations center of information warfare activity; creating strategic framework for centralizing coordination of existing operational initiatives and developing new initiatives Collaboration: Collaborates with Intelligence, Law Enforcement, USSS, other USG entities, foreign LE agencies, state and local government, and private sector; Developing synchronization and collaboration approach for investigations Monitor: Reviews all-source data and identifies intelligence gaps Collection: Collects and synthesizes common operating picture of hostile-intrusion-relat activity to aid investigations CIVIL NCSC Strategy: Will develop strategic reporting and view of the state of cyber; will develop mitigation strategies based on identified risks Collaboration: Will work with private sector on IT analytic tools and methodologies; will coordinate with six centers and use their existing structures for further collaboration Monitor: Will monitor and track events as highlighted by centers Collection: Will collect information across centers to create fused picture of cyber activity across U.S. networks and systems R&D: Will advocate for R&D efforts through various Federal Government working forums Dissemination: Will receive, share and report on active incidents and their impacts; will provide cross- domain situational awareness Incident Response: Will assist with development and coordination of courses of action in response to unfolding cyber activities; will provide 24/7 operational support Analysis: Will correlate, analyze and synthesize reporting across centers; will develop and implement process of publishing analysis results Collaboration: Primarily collaborates with private sector on incident handling and analysis; collaborates with international and domestic CERTs; provides interface for the public, government at all levels, and private sector Monitor: Monitors activity on .gov; monitors cybersecurity events from various sources Collection: Collects and documents cyber US-CERT incidents related to .gov or call from public Analysis: Analyzes all EINSTEIN data; provides digital analysis, malware analysis and related vulnerability assessments; Incident Response analyzes anomalies or Provides 24/7 supp intrusions into .gov systems to federal, state, an local entities System Protection: Established the TIC and EINSTEIN initiatives to improve the protection and integrity of U.S. federal networks Training/Exercises: Encourages IT studies through the Scholarship for Service Program; participates in DHS/NCSD-sponsored Cyber Storm biannual, international cybersecurity exercises Education/Awareness: Provides quarterly trends report for public consumption; participates in DHS/NSA sponsored CAEIAE Dissemination: Comprehends broad network activity and supports incident handling : and analysis of cybersecurity ort trends for federal agencies d Investigations: DC3 supports investigative missions for the DCIOs; DCFL supports those investigations by conducting Training/Exercises: Operates the digital forensic examinations on seized media; DCITA Defense Computer Investigations conducts cyber investigations training for DoD personnel Training Academy; conducts and law enforcement/counterintelligence organizations computer investigation training Collaboration: Serves as focal courses for DoD organizations, point for the Defense Industrial military counterintelligence agencies, Base (DIB); collaborates with DoD and law enforcement organizations offices and other agencies on Education/Awareness: Provides digital forensic intelligence efforts; DC3 DC3 Dispatch daily email on partners with governmental, cybercrime, LE, technology and legal academic and private sector news; hosts the DoD Cyber Crime computer security officials Conference on current and future Analysis: DCFL conducts cybercrime trends electronic forensic analysis, supports operations and R&D: DCCI provides accepted standards, techniques, provides counterintelligence methodologies, research, tools, and technologies on analysis and diagnostics computer forensics to meet current and future DoD needs Strategy: Develops strategic framework for GIG operations Disruption: Uses deliberate, authorized defensive measures that protect and defend DoD information, Collaboration: Primarily computers, and networks collaborates with US-CERT, intelligence community, Dissemination: Provides all select foreign governments, NetOps centers with incident and private sector reports and potential JTF-GNO countermeasures Monitor: Monitors the DoD Incident Response: Provides network and determines investigative mitigation and vulnerabilities support to DoD and other Collection: Identifies emerging agencies if asked technologies and associated threats to integrate migrations and response Analysis: Analyzes anomalies or actions into current CND posture intrusions into DoD systems

National Cybersecurity Center Policy Capture - … · monitor IC networks. Collection: ... provides worldwide ... Developing global view . Attribution: Seeks to identify threats to

Embed Size (px)

Citation preview

Page 1: National Cybersecurity Center Policy Capture - … · monitor IC networks. Collection: ... provides worldwide ... Developing global view . Attribution: Seeks to identify threats to

National Cybersecurity Center Policy Capture Domains Main Functions

Intelligence Strategy Incident Response System Protection Defense Collaboration Dissemination

Civil Monitor R&D Disruption

Law Enforcement/ Collection Education/Awareness Investigation Counterintelligence Analysis Training/Exercises Attribution

Core Competencies Center/Dept. Description

Situational NCSC/DHS National Cybersecurity Center Awareness US-CERT/DHS United States Computer Emergency Readiness Team Public-private JTF-GNO/DoD Joint Task Force—Global Network Operations Coordination NCIJTF/FBI National Cyber Investigative Joint Task Force

IC-IRC/DNI Intelligence Community—Incident Response Center National Security NTOC/NSA NSA/CSS Threat Operations Center Foreign Intelligence DC3/DoD Defense Cyber Crime Center

The centers connect, communicate, and share information with each other through established relationships or through strategically placed liaison officers.NCSC will draw insight from six existing federal cyber centers to create cross-domain situational awareness.

INTELLIGENCE

IC-IRC

Attribution: Provides foreign threat-based analysis to assist in gaining attribution regarding a cyber attack

Collaboration: Collaborates with and shares information among Intelligence and CND communities, DoD, US-CERT and other incident response organizations

Monitor: Manage and monitor IC networks

Collection: 24/7 operation facilitates collection and sharing of cyber event information among the Intelligence community

Training/Exercises: Plans and conducts IC TS network exercises

Dissemination: Provides vulnerability management notification and status reporting for IC as well as threat message dissemination and status monitoring

Incident Response: Provides Intelligence incident reporting and response for IC continuity of operations; Serves as cyber alert and notification focal point

Analysis: Conducts network threat analysis and correlation

DEFENSE

OC

Collaboration: Collaborates with NIST, US-CERT, and JTF-GNO; facilitates cooperation, planning, and coordination between organizations (such as DISA) responsible for information systems security incidents

Monitor: Reviews information to determine cyber threats and vulnerabilities and to develop NTmitigation strategies

Analysis: Coordinates with DIA for all-source threat analysis

Incident Response: Facilitates and coordinates identification and development of countermeasures; provides support during security incidents when needed

Training/Exercises: Supports cyber defense elements of major Combatant Commander and national-level exercises; provides network analyst training courses at the National Cryptologic School

Education/Awareness: Publishes security configuration guides; partners with DHS to sponsor CAEIAE

Dissemination: Facilitates security incident reporting to the appropriate authority; provides worldwide dissemination of threat advisories

LAW ENFORCEMENT/COUNTERINTELLIGENCE

Strategy: Developing global view Attribution: Seeks to identify threats to computer networks affecting national security

Investigation: Conducts LE/CI/CT cyber-related investigations and response to counterintelligence threats

Disruption: Proactively disrupts the foreign exploitation of U.S. computer networksNCIJTF

Training/Exercises: Planning to conduct training with FY09 budget request for training funds

Dissemination: Produces quarterly reports to allow

ed targeted entities to take actionIncident Response: Identifies new methods of attacks; intends to develop 24/7 operations center

of information warfare activity; creating strategic framework for centralizing coordination of existing operational initiatives and developing new initiatives

Collaboration: Collaborates with Intelligence, Law Enforcement, USSS, other USG entities, foreign LE agencies, state and local government, and private sector; Developing synchronization and collaboration approach for investigations

Monitor: Reviews all-source data and identifies intelligence gaps

Collection: Collects and synthesizes common operating picture of hostile-intrusion-relatactivity to aid investigations

CIVIL

NCSC

Strategy: Will develop strategic reporting and view of the state of cyber; will develop mitigation strategies based on identified risks

Collaboration: Will work with private sector on IT analytic tools and methodologies; will coordinate with six centers and use their existing structures for further collaboration

Monitor: Will monitor and track events as highlighted by centers

Collection: Will collect information across centers to create fused picture of cyber activity across U.S. networks and systems

R&D: Will advocate for R&D efforts through various Federal Government working forums

Dissemination: Will receive, share and report on active incidents and their impacts; will provide cross- domain situational awareness

Incident Response: Will assist with development and coordination of courses of action in response to unfolding cyber activities; will provide 24/7 operational support

Analysis: Will correlate, analyze and synthesize reporting across centers; will develop and implement process of publishing analysis results

Collaboration: Primarily collaborates with private sector on incident handling and analysis; collaborates with international and domestic CERTs; provides interface for the public, government at all levels, and private sector

Monitor: Monitors activity on .gov; monitors cybersecurity events from various sources

Collection: Collects and documents cyber US-CERTincidents related to .gov or call from public

Analysis: Analyzes all EINSTEIN data; provides digital analysis, malware analysis and related vulnerability assessments; Incident Responseanalyzes anomalies or Provides 24/7 suppintrusions into .gov systems to federal, state, an

local entities

System Protection: Established the TIC and EINSTEIN initiatives to improve the protection and integrity of U.S. federal networks

Training/Exercises: Encourages IT studies through the Scholarship for Service Program; participates in DHS/NCSD-sponsored Cyber Storm biannual, international cybersecurity exercises

Education/Awareness: Provides quarterly trends report for public consumption; participates in DHS/NSA sponsored CAEIAE

Dissemination: Comprehends broad network activity and supports incident handling : and analysis of cybersecurity ort trends for federal agenciesd

Investigations: DC3 supports investigative missions for the DCIOs; DCFL supports those investigations by conducting

Training/Exercises: Operates the digital forensic examinations on seized media; DCITA Defense Computer Investigations conducts cyber investigations training for DoD personnel Training Academy; conducts and law enforcement/counterintelligence organizationscomputer investigation training

Collaboration: Serves as focal courses for DoD organizations, point for the Defense Industrial military counterintelligence agencies, Base (DIB); collaborates with DoD and law enforcement organizationsoffices and other agencies on Education/Awareness: Provides digital forensic intelligence efforts; DC3 DC3 Dispatch daily email on partners with governmental, cybercrime, LE, technology and legal academic and private sector news; hosts the DoD Cyber Crime computer security officials Conference on current and future

Analysis: DCFL conducts cybercrime trendselectronic forensic analysis, supports operations and R&D: DCCI provides accepted standards, techniques, provides counterintelligence methodologies, research, tools, and technologies on analysis and diagnostics computer forensics to meet current and future DoD needs

Strategy: Develops strategic framework for GIG operations Disruption: Uses deliberate,

authorized defensive measures that protect and defend DoD information, Collaboration: Primarily computers, and networkscollaborates with US-CERT,

intelligence community, Dissemination: Provides all select foreign governments, NetOps centers with incident and private sectorreports and potential

JTF-GNO countermeasuresMonitor: Monitors the DoD

Incident Response: Provides network and determines investigative mitigation and vulnerabilitiessupport to DoD and other

Collection: Identifies emerging agencies if askedtechnologies and associated threats to integrate migrations and response Analysis: Analyzes anomalies or actions into current CND posture intrusions into DoD systems

Cybersecurity Test and Evaluation Process Sponsored Documents/Cybersecurity... · Program Office Implementation Plan must include cybersecurity ... – Ensures cybersecurity is part

Cybersecurity Test and Evaluation Process Sponsored Documents/Cybersecurity... · Program Office Implementation Plan must include cybersecurity ... – Ensures cybersecurity is part

Documents
Attribution Theory

Attribution Theory

Education
Attribution presentation

Attribution presentation

Technology
Cybersecurity 3 cybersecurity costs and causes

Cybersecurity 3 cybersecurity costs and causes

Technology
Source 1 - 나 자신을 알자 · Web viewInternal Factors (person/ dispositional attribution) versus External Factors (situation attribution) Attribution I. Definitions. Attribution

Source 1 - 나 자신을 알자 · Web viewInternal Factors (person/ dispositional attribution) versus External Factors (situation attribution) Attribution I. Definitions. Attribution

Documents
CYBERSECURITY ROADMAP CYBERSECURITY OPERATIONS …

CYBERSECURITY ROADMAP CYBERSECURITY OPERATIONS …

Documents
Attribution Analysis

Attribution Analysis

Business
Cybersecurity 5 improving cybersecurity

Cybersecurity 5 improving cybersecurity

Technology
Cybersecurity Workforce CompetenciesIntroduction: Cybersecurity Industry Snapshot Career Opportunities in the Cybersecurity Industry Defining a Common Set of Cybersecurity Professional

Cybersecurity Workforce CompetenciesIntroduction: Cybersecurity Industry Snapshot Career Opportunities in the Cybersecurity Industry Defining a Common Set of Cybersecurity Professional

Documents
Morningstar Total Portfolio Performance Attribution ... · PDF fileTotal Portfolio Performance Attribution Methodology ... macro attribution or balanced portfolio ... attribution when

Morningstar Total Portfolio Performance Attribution ... · PDF fileTotal Portfolio Performance Attribution Methodology ... macro attribution or balanced portfolio ... attribution when

Documents
Attribution Komunikasi

Attribution Komunikasi

Education
Karen F Worstell · Talent Retention - Keeping your Cybersecurity Talent (and Avoiding Loss) COMPANY PROFILE Karen Worstell seeks to create opportunity for cyber pros in the critical

Karen F Worstell · Talent Retention - Keeping your Cybersecurity Talent (and Avoiding Loss) COMPANY PROFILE Karen Worstell seeks to create opportunity for cyber pros in the critical

Documents
Cybersecurity Data Science (CSDS)...2020/02/11  · 20 AI in Cybersecurity * Sikos ed., 2018 21 Malware Data Science: Attack Detection and Attribution Saxe & Sanders, 2018 22 Machine

Cybersecurity Data Science (CSDS)...2020/02/11  · 20 AI in Cybersecurity * Sikos ed., 2018 21 Malware Data Science: Attack Detection and Attribution Saxe & Sanders, 2018 22 Machine

Documents
Critical Cybersecurity Questions Cybersecurity... · Critical Cybersecurity Questions 1 • How do you measure successful cybersecurity efforts? • Who is accountable for cybersecurity?

Critical Cybersecurity Questions Cybersecurity... · Critical Cybersecurity Questions 1 • How do you measure successful cybersecurity efforts? • Who is accountable for cybersecurity?

Documents
IRR attribution / profit and loss attribution

IRR attribution / profit and loss attribution

Economy & Finance
MMI Surveillance Solution · video surveillance solution provider, MOBOTIX is the right choice for everyone who seeks intelligent cybersecurity systems to enhance daily business operations

MMI Surveillance Solution · video surveillance solution provider, MOBOTIX is the right choice for everyone who seeks intelligent cybersecurity systems to enhance daily business operations

Documents
Attribution in the press Quotation and attribution

Attribution in the press Quotation and attribution

Documents
Attribution Model

Attribution Model

Documents
The Healthcare Industry Seeks Cybersecurity Remedies · Health, agrees that the greatest cybersecurity threat in healthcare is access to patient and employee information. “For verification

The Healthcare Industry Seeks Cybersecurity Remedies · Health, agrees that the greatest cybersecurity threat in healthcare is access to patient and employee information. “For verification

Documents
AMING WITHOUT SHAMING ACCUSATIONS AND …1 See Jon R. Lindsay, Tipping the scales: the attribution problem and the feasibility of deterrence against cyberattack, 1 J. CYBERSECURITY

AMING WITHOUT SHAMING ACCUSATIONS AND …1 See Jon R. Lindsay, Tipping the scales: the attribution problem and the feasibility of deterrence against cyberattack, 1 J. CYBERSECURITY

Documents
Ad Attribution

Ad Attribution

Education
Attribution-fu: Using Correlation Data to Track Marketing Attribution

Attribution-fu: Using Correlation Data to Track Marketing Attribution

Marketing
Lec attribution

Lec attribution

Self Improvement
Attribution Primer

Attribution Primer

Business
Measuring Cybersecurity Readiness: The Cybersecurity ... · PDF fileMeasuring Cybersecurity Readiness: The Cybersecurity Maturity Model ... Gartner IAM Maturity Model . ... Gartner

Measuring Cybersecurity Readiness: The Cybersecurity ... · PDF fileMeasuring Cybersecurity Readiness: The Cybersecurity Maturity Model ... Gartner IAM Maturity Model . ... Gartner

Documents
BUILDING CYBERSECURITY IN SMALL AND MIDSIZE BUSINESSES › downloads › SB0365-whitepaper-cybersecurity… · AND MIDSIZE BUSINESSES CYBERSECURITY WHITEPAPER. CYBERSECURITY WHITEPAPER

BUILDING CYBERSECURITY IN SMALL AND MIDSIZE BUSINESSES › downloads › SB0365-whitepaper-cybersecurity… · AND MIDSIZE BUSINESSES CYBERSECURITY WHITEPAPER. CYBERSECURITY WHITEPAPER

Documents
AVIATION CYBERSECURITY - Atlantic Council · 1.3.3 Safety, security, enterprise cybersecurity, and aviation cybersecurity Where aviation cybersecurity crosses the traditional elements

AVIATION CYBERSECURITY - Atlantic Council · 1.3.3 Safety, security, enterprise cybersecurity, and aviation cybersecurity Where aviation cybersecurity crosses the traditional elements

Documents
The Healthcare Industry Seeks Cybersecurity Remedies · The rise of digital healthcare makes cybersecurity even more critical, particularly with the strict regulations intended to

The Healthcare Industry Seeks Cybersecurity Remedies · The rise of digital healthcare makes cybersecurity even more critical, particularly with the strict regulations intended to

Documents
Attribution 101

Attribution 101

Documents
Top-down attribution StatPro Revolution: Advanced Equity Attribution · StatPro Revolution: Advanced Equity Attribution StatPro Revolution provides advanced equity attribution following

Top-down attribution StatPro Revolution: Advanced Equity Attribution · StatPro Revolution: Advanced Equity Attribution StatPro Revolution provides advanced equity attribution following

Documents