Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
Webinar Series
Positioning the National Guard and Civilian Organizations to Augment the Cybersecurity Workforce
June 21, 2017
• NationalGuardBureau• ColoradoArmyNationalGuardCyberTeams• CPTandDCOComparison• Exercises&KineticCyberDemo• Training&Certifications
2
Outline
Exercise&KineticCyberDemo
6
• DamSimulatorVulnerabilities• RogueAccessPoint• WAPwithaCriticalVulnerability• AttackVectors• LiveExploits• Aftermath…
EngagementwithMissionPartnersincluding:State,County,LocalGovernments;Academia;
CriticalInfrastructureOwners;Industry
TrainingSources:•CyberCenterofExcellence(FortGordon,GA)•NationalGuardProfessionalEducationCenter•CyberCenterofExcellenceMobileTrainingTeams•Academia•Contracted(e.g.SANSInstitute)
7
Certifications&TrainingDoD8570-M(soontobereplacebyDoD8140-M)
CyberExercises:• CyberShield(National)• CyberGuard(National)• CyberYankee(Regional)• Local/State(e.g.VitalConnectioninColorado)
ManySoldiersfromindustrywithskillssuchas:PenetrationTesting,Coding,Auditing,SystemsAdministration,SystemsEngineering,NetworkSecurity,RoutingandSwitching,ApplicationDevelopment,etc…
TrainingApproach
11
§ Army and Air Guard train in similar fashion§ Often we attend exercises with a joint team
(Cyber Shield 2018 we expect to take a multi agency team)
§ Both teams are stretched thin and recruiting and training as fast as we can
§ Army is currently working toward recruiting 150% - 200% strength
DefensiveCyberOperationsElement CyberSupportSquad
CNDManager CPT 17A
CyberOpsOfficer W2 170A
SystemsArchitect W2 255A
NetworkInfrastructureServiceSpecialist W2 255N
CyberSecurityAnalyst SFC 25D
CloseAccessNetworkOperator SSG 25D
AllSourceIntelligenceAnalyst SSG 35F
CNDManager CPT 17A
SystemsArchitect W2 255A
SystemsArchitect W2 255A
NetworkInfrastructureServiceSpecialist W3 255N
CyberSecurityAnalyst SFC 25D
CloseAccessNetworkOperator SSG 25D
AllSourceIntelligenceAnalyst SGT 35F
MichiganArmyNationalGuardTaskOrganization
MissionProtectionSquad
TeamChief LTC 25G
TeamChief MAJ 25G
AsstTeamChief CPT 01A
AsstTeamChief CPT 01A
Info ServiceTech W2 255A
InfoProtection Tech W3 255S
NetworkMgmtTech W2 255N
IncidentResponder MSG 25D
IncidentResponder SFC 25D
InfoTech Specialist SSG 25BAll SourceIntelAnalyst SSG 35F
12
TrainingApproach
13
Though we have distinct Task Organization, the we (Army) view our 3 sections as one team and train everyone to function on all teams.
Advantages:• Can leverage expertise across the teams for internal training• Allows Leadership to spread the wealth when ad-hoc missions come down• Team is exposed to wide range of training
Disadvantages:• Training may not be as in depth as it may otherwise be• Team is expected to maintain a broader range of knowledge
SupportinMichigan
14
Defend the Guard Military Network in Michigan• We can be activated to supplement the full time organization if the need arises• By doctrine, this is the mission of the DCO-E. However, we reach across all
teams• We were recently activated to respond to an incident
Support Local Industry• State Police are the lead agency• Guard can be activated by the Governor using State Active Duty funding• Guardsmen can only Coordinate, Train, Assist, and Advise • We have been activated one time to assist a hospital during the Flint Water Crisis
ExternalSupport
15
Federal Government• Members of the National Guard can be activated under Title 10 • By doctrine, this is the mission of the CPT• Currently have 9 pax on Title 10 • Will not necessarily mobilize a total unit, may ask for eaches• Annual rotations for the foreseeable future
Challenges• Security Clearances – Top Secret takes a year or more to get approved• Amount and length of training
Ø Takes roughly 2 years to train a Warrant OfficerØ Takes roughly 15 months +/- to train a Cyber Operations Officer
• Retention – private sector wants our people as they are highly skilled
ContactData
16
Major Robert A. Maciolek, Team Chief, Defensive Cyber Operations, Michigan Army National Guard
Army: [email protected]
Civilian: [email protected]
MiC3:Overview
InformationsecurityprofessionalswhovolunteertoprovideexpertassistancetoenhancetheState’sabilitytorapidlyresolvecyberincidentswhenActivatedunderaGovernordeclaredStateofEmergency
•OperateunderstateCyberDisruptionResponseplan•Legislationinprocess
• Providestortimmunity;indemnity• LowerthresholdtoActivate• ProvideforAdvisoryBoard
•CommunityService
19
MiC3:Overview
Unique:- Onlystatesponsoredall-volunteerforceofcyberdefenders(todate)(thatweknowof!)
- 56Members(asoftoday;200byYE2018)- HalfofmembersmeetDoDDirective8570forskillsCertifications(GCIHandothers)
20
MiC3:RequirementstoApply
• Membersmusthave:- Atleasttwoyearsofinformationsecurity,incidentresponse,and/ordigitalornetworkforensics
- OnefoundationalSecuritycertification- (Security+,C|EH,CISSP,orGIAC,etc.)
- 10daysofsupportfromemployer(asignedletterofagreementisrequired)
- 5-6daysfortraining,1-2exercises,communityvolunteering,etc.(weekendspossibleinthecount)
21
MiC3:MembershipRequirements(1)
PassaseriesofSecurityCompetencyAssessments• Seriesofteststodemonstratebasicandadvancedknowledgeofnetworkingandsecurityconcepts,aswellasbasicIR(IncidentResponse)andForensicsskills
22
MiC3:MembershipRequirements(2)
BackgroundCheck“Ten-Print” (FBINational)backgroundcheck
ConfidentialDisclosureAgreementToaddresspotentialconflictsofinterest
23
MiC3:MembershipBenefits
Training• SignificantTrainingOpportunities
• 2016:SANSSEC504,2017:SANSSEC511• CollaborationwithNationalGuard&StatePolice
ProfDev
• NetworkingthroughoutMichigan• CollaborationwithITsecurityprofessionalsacrossmultipleeconomic
verticals,industries,theacademy,publicsector,localgovernment,andprivatesector
CivicDuty • Providingmembersaplatformtoaidthestateincrisis(orpreventingit!)whiledoingwhattheylove
24
MiC3:History
GovernorRickSnyder’sidea:MiC3,
announcementat2013NorthAmerican
InternationalCyberSummit
2013 2015 2016 2017
PartnershipbetweentheStateofMichigan,theMeritNetworkInc.,andMich HealthandHumans
Services
DecisionwasmadetoconsolidatetheprogrammanagementwiththeStateofMichigan,withMeritasapartner
21st CenturyInfrastructure
CommissionReport(Communications)Gov.Snydersetsgoalof
expandingMiC3to200
25
MiC3:Calendar
FerrisStateUniversityDay-LongandExercise
April12
SANSTrainingSEC511
July24-29
NorthAmericanInternationalCyber
Summit
October30
Planned2017Events
QuarterlyFace-to-FaceMeeting
MonthlyMiC3ConferenceCall:AllMembers,Executive
Sponsor,Staff
26
MiC3:ContactUs
• Contacts- RayDavidson,Ph.D.,CISSP,ETC(ProgramManager)
[email protected],[email protected] Twitter:@raydavidson
- PatrickChandler(ProjectCoordinator)- [email protected] PaulGroll,MS,CISSO,CISSP,CCSE(ExecutiveSponsor)- [email protected]
• Links- MiC3Website https://www.micybercorps.org
27