Post on 16-Dec-2015
COL (R) Michael F. Brown
Director, Information Systems Security
Cyber Security:
An Educator’s Challenge
2
TSD REPLAY, SEPTEMBER 11, 2001TSD REPLAY, SEPTEMBER 11, 2001
Prepared By: Prepared By:
Air Traffic Tactical OperationsAir Traffic Tactical Operations
LOWER 48 STATESLOWER 48 STATES
3
LOWER 48 STATES 1230Z TO 1530Z
ATCSCC Actions:1306Z ZNY GS1311Z ZBW GS1326Z GS all centers1345Z All centers to land airborne traffic ASAP
FLIGHT KEY:
MILITARY OTHER U.S. TRAFFIC
4
LOWER 48 STATES 1230Z TO 1530Z
ATCSCC Actions:1306Z ZNY GS1311Z ZBW GS1326Z GS all centers1345Z All centers to land airborne traffic ASAP
FLIGHT KEY:
MILITARY OTHER U.S. TRAFFIC
5
LOWER 48 STATES 1230Z TO 1530Z
ATCSCC Actions:1306Z ZNY GS1311Z ZBW GS1326Z GS all centers1345Z All centers to land airborne traffic ASAP
FLIGHT KEY:
MILITARY OTHER U.S. TRAFFIC
6
LOWER 48 STATES 1230Z TO 1530Z
ATCSCC Actions:1306Z ZNY GS1311Z ZBW GS1326Z GS all centers1345Z All centers to land airborne traffic ASAP
FLIGHT KEY:
MILITARY OTHER U.S. TRAFFIC
7
LOWER 48 STATES 1230Z TO 1530Z
ATCSCC Actions:1306Z ZNY GS1311Z ZBW GS1326Z GS all centers1345Z All centers to land airborne traffic ASAP
FLIGHT KEY:
MILITARY OTHER U.S. TRAFFIC
8
LOWER 48 STATES 1230Z TO 1530Z
ATCSCC Actions:1306Z ZNY GS1311Z ZBW GS1326Z GS all centers1345Z All centers to land airborne traffic ASAP
FLIGHT KEY:
MILITARY OTHER U.S. TRAFFIC
9
LOWER 48 STATES 1230Z TO 1530Z
ATCSCC Actions:1306Z ZNY GS1311Z ZBW GS1326Z GS all centers1345Z All centers to land airborne traffic ASAP
FLIGHT KEY:
MILITARY OTHER U.S. TRAFFIC
10
LOWER 48 STATES 1230Z TO 1530Z
ATCSCC Actions:1306Z ZNY GS1311Z ZBW GS1326Z GS all centers1345Z All centers to land airborne traffic ASAP
FLIGHT KEY:
MILITARY OTHER U.S. TRAFFIC
11
LOWER 48 STATES 1230Z TO 1530Z
ATCSCC Actions:1306Z ZNY GS1311Z ZBW GS1326Z GS all centers1345Z All centers to land airborne traffic ASAP
FLIGHT KEY:
MILITARY OTHER U.S. TRAFFIC
12
LOWER 48 STATES 1230Z TO 1530Z
ATCSCC Actions:1306Z ZNY GS1311Z ZBW GS1326Z GS all centers1345Z All centers to land airborne traffic ASAP
FLIGHT KEY:
MILITARY OTHER U.S. TRAFFIC
13
LOWER 48 STATES 1230Z TO 1530Z
ATCSCC Actions:1306Z ZNY GS1311Z ZBW GS1326Z GS all centers1345Z All centers to land airborne traffic ASAP
FLIGHT KEY:
MILITARY OTHER U.S. TRAFFIC
14
LOWER 48 STATES 1230Z TO 1530Z
ATCSCC Actions:1306Z ZNY GS1311Z ZBW GS1326Z GS all centers1345Z All centers to land airborne traffic ASAP
FLIGHT KEY:
MILITARY OTHER U.S. TRAFFIC
15
LOWER 48 STATES 1230Z TO 1530Z
ATCSCC Actions:1306Z ZNY GS1311Z ZBW GS1326Z GS all centers1345Z All centers to land airborne traffic ASAP
FLIGHT KEY:
MILITARY OTHER U.S. TRAFFIC
16
LOWER 48 STATES 1230Z TO 1530Z
ATCSCC Actions:1306Z ZNY GS1311Z ZBW GS1326Z GS all centers1345Z All centers to land airborne traffic ASAP
FLIGHT KEY:
MILITARY OTHER U.S. TRAFFIC
17
LOWER 48 STATES 1230Z TO 1530Z
ATCSCC Actions:1306Z ZNY GS1311Z ZBW GS1326Z GS all centers1345Z All centers to land airborne traffic ASAP
FLIGHT KEY:
MILITARY OTHER U.S. TRAFFIC
18
LOWER 48 STATES 1230Z TO 1530Z
ATCSCC Actions:1306Z ZNY GS1311Z ZBW GS1326Z GS all centers1345Z All centers to land airborne traffic ASAP
FLIGHT KEY:
MILITARY OTHER U.S. TRAFFIC
19
LOWER 48 STATES 1230Z TO 1530Z
ATCSCC Actions:1306Z ZNY GS1311Z ZBW GS1326Z GS all centers1345Z All centers to land airborne traffic ASAP
FLIGHT KEY:
MILITARY OTHER U.S. TRAFFIC
20
LOWER 48 STATES 1230Z TO 1530Z
ATCSCC Actions:1306Z ZNY GS1311Z ZBW GS1326Z GS all centers1345Z All centers to land airborne traffic ASAP
FLIGHT KEY:
MILITARY OTHER U.S. TRAFFIC
21
LOWER 48 STATES 1230Z TO 1530Z
ATCSCC Actions:1306Z ZNY GS1311Z ZBW GS1326Z GS all centers1345Z All centers to land airborne traffic ASAP
FLIGHT KEY:
MILITARY OTHER U.S. TRAFFIC
22
LOWER 48 STATES 1230Z TO 1530Z
ATCSCC Actions:1306Z ZNY GS1311Z ZBW GS1326Z GS all centers1345Z All centers to land airborne traffic ASAP
FLIGHT KEY:
MILITARY OTHER U.S. TRAFFIC
23
LOWER 48 STATES 1230Z TO 1530Z
ATCSCC Actions:1306Z ZNY GS1311Z ZBW GS1326Z GS all centers1345Z All centers to land airborne traffic ASAP
FLIGHT KEY:
MILITARY OTHER U.S. TRAFFIC
24
LOWER 48 STATES 1230Z TO 1530Z
ATCSCC Actions:1306Z ZNY GS1311Z ZBW GS1326Z GS all centers1345Z All centers to land airborne traffic ASAP
FLIGHT KEY:
MILITARY OTHER U.S. TRAFFIC
25
LOWER 48 STATES 1230Z TO 1530Z
ATCSCC Actions:1306Z ZNY GS1311Z ZBW GS1326Z GS all centers1345Z All centers to land airborne traffic ASAP
FLIGHT KEY:
MILITARY OTHER U.S. TRAFFIC
26
LOWER 48 STATES 1230Z TO 1530Z
ATCSCC Actions:1306Z ZNY GS1311Z ZBW GS1326Z GS all centers1345Z All centers to land airborne traffic ASAP
FLIGHT KEY:
MILITARY OTHER U.S. TRAFFIC
27
LOWER 48 STATES 1230Z TO 1530Z
ATCSCC Actions:1306Z ZNY GS1311Z ZBW GS1326Z GS all centers1345Z All centers to land airborne traffic ASAP
FLIGHT KEY:
MILITARY OTHER U.S. TRAFFIC
28
LOWER 48 STATES 1230Z TO 1530Z
ATCSCC Actions:1306Z ZNY GS1311Z ZBW GS1326Z GS all centers1345Z All centers to land airborne traffic ASAP
FLIGHT KEY:
MILITARY OTHER U.S. TRAFFIC
29
LOWER 48 STATES 1230Z TO 1530Z
ATCSCC Actions:1306Z ZNY GS1311Z ZBW GS1326Z GS all centers1345Z All centers to land airborne traffic ASAP
FLIGHT KEY:
MILITARY OTHER U.S. TRAFFIC
30
LOWER 48 STATES 1230Z TO 1530Z
ATCSCC Actions:1306Z ZNY GS1311Z ZBW GS1326Z GS all centers1345Z All centers to land airborne traffic ASAP
FLIGHT KEY:
MILITARY OTHER U.S. TRAFFIC
31
LOWER 48 STATES 1230Z TO 1530Z
ATCSCC Actions:1306Z ZNY GS1311Z ZBW GS1326Z GS all centers1345Z All centers to land airborne traffic ASAP
FLIGHT KEY:
MILITARY OTHER U.S. TRAFFIC
32
LOWER 48 STATES 1230Z TO 1530Z
ATCSCC Actions:1306Z ZNY GS1311Z ZBW GS1326Z GS all centers1345Z All centers to land airborne traffic ASAP
FLIGHT KEY:
MILITARY OTHER U.S. TRAFFIC
33
LOWER 48 STATES 1230Z TO 1530Z
ATCSCC Actions:1306Z ZNY GS1311Z ZBW GS1326Z GS all centers1345Z All centers to land airborne traffic ASAP
FLIGHT KEY:
MILITARY OTHER U.S. TRAFFIC
34
LOWER 48 STATES 1230Z TO 1530Z
ATCSCC Actions:1306Z ZNY GS1311Z ZBW GS1326Z GS all centers1345Z All centers to land airborne traffic ASAP
FLIGHT KEY:
MILITARY OTHER U.S. TRAFFIC
35
LOWER 48 STATES 1230Z TO 1530Z
ATCSCC Actions:1306Z ZNY GS1311Z ZBW GS1326Z GS all centers1345Z All centers to land airborne traffic ASAP
FLIGHT KEY:
MILITARY OTHER U.S. TRAFFIC
36
LOWER 48 STATES 1230Z TO 1530Z
ATCSCC Actions:1306Z ZNY GS1311Z ZBW GS1326Z GS all centers1345Z All centers to land airborne traffic ASAP
FLIGHT KEY:
MILITARY OTHER U.S. TRAFFIC
37
LOWER 48 STATES 1230Z TO 1530Z
ATCSCC Actions:1306Z ZNY GS1311Z ZBW GS1326Z GS all centers1345Z All centers to land airborne traffic ASAP
FLIGHT KEY:
MILITARY OTHER U.S. TRAFFIC
38
LOWER 48 STATES 1230Z TO 1530Z
ATCSCC Actions:1306Z ZNY GS1311Z ZBW GS1326Z GS all centers1345Z All centers to land airborne traffic ASAP
FLIGHT KEY:
MILITARY OTHER U.S. TRAFFIC
39MENU
LOWER 48 STATES 1230Z TO 1530Z
ATCSCC Actions:1306Z ZNY GS1311Z ZBW GS1326Z GS all centers1345Z All centers to land airborne traffic ASAP
FLIGHT KEY:
MILITARY OTHER U.S. TRAFFIC
40
PMAPMA
FISMAFISMA
Sarbains OxleySarbains Oxley
Business RequirementsBusiness Requirements
Business StrategyBusiness Strategy
National Cyber Strategy
“CALL TO ACTION”
•Federal Regulations
•Customer Requirements
•Strategy
41
WELCOME TO THE EXCITING WORLD OF HPVAC
HACKINGHACKINGPHREAKINGPHREAKING
VIRIVIRIANARCHYANARCHYCARDING/CARDING/CELLULARCELLULAR
42
HACKED WWW HOMEPAGES
CIA HOMEPAGE
DOJ HOMEPAGE
USAF HOMEPAGE
43
The mission of the Information Security department is to protect the information assets, the information systems, and the networks that deliver theinformation from damage resulting from failures of confidentiality, integrity, andavailability.
Security’s objective is to enhance the productivity of the business by reducingprobability of loss through the design and implementation of policy, standards,procedures, and guidelines that enhance the protection of business assets.
Defining the Role
“Departmentally” Specific ……
Business Objective ……
44
Resou
rces
Resou
rces
NationalNational
CyberCyber
SecuritySecurity
StrategyStrategyRequirements
Requirements
Strategy Determines Requirements and
Requirements Drive Resources
TOA
Strategy
StrategyStrategyStrategy
OperationalOperational
RequirementsRequirements
Mission NeedsMission Needs
The Business PlanThe Business Plan
The Flight Plan The Flight Plan GoalsGoals
ObjectivesObjectives
Sub-ObjectivesSub-Objectives
Prioritized TasksPrioritized Tasks
FA
A C
ybe r S
ec urit y
FA
A C
yber S
e cur ity
Str ate g
yS
t rat egy
Fed
era l Info
r ma tio
nF
e de ral In
form
ati on
Sec u
r ity Man
agem
ent A
c tS
e curity M
a na g
emen
t Act
LOB Participation and Influence
ExternalInternalDrivers
45
Prioritizing Constrained Resources
BoundaryProtection
Vulnerability Scanning
Insider/Outsider ThreatIntrusion Detection
and Prevention
SystemCertification
Transport/Application LayerVPNs
Firewalls
Anti-viral
46
A Case Study
The FAA Information
Systems Security
Program
47
System of Systems
Internet Access Points
Messaging
Systems
Finance
and Budget
Personnel and PayrollAsset Management
Flight Procedures
Security
Inspection
Safety
Analysis
Accident / Incident Investigation
48
• Manage more than 30,000 commercial flights to move 2,000,000 passengers safely each day
• Support more than 35,000 general aviation flights on a daily basis
• Regulate and certify the people and aircraft that use our airspace
FAA’s Job
National Airspace System (NAS)
49
The Evolving Landscape of Cyber Security
50
The Evolving Landscape of Cyber Security
51
The Evolving Landscape of Cyber Security
52
The Evolving Landscape of Cyber Security
•Standardized Certification
53
A New Look at Cyber Defense
The “Android” Approach
54
The “Android” Cyber Defense –Emulates the most resilient system in the world
55
Enterprise Architecture
Admin Equip.
PPIMS
Admin Equip.
LIS
Admin Equip.
USD
Admin Equip.
MVS2000-AWP
Contracts
FAST
Contracts
ACQUIRE
Finance
Retirement
Finance
DTF
Finance
DAFIS-MIR
Finance
SPMA
Finance
TAS
Finance
FIRS-AWP
Finance
FAMIS
Finance
NPIAS
Finance
OPS FMS
Finance
AUTOGEN
Finance
ACE-MIR
Finance
ACT
Finance
RTP
Finance
MRPFinance
FED/MIL
Finance
REGIS
Finance
ATS
Finance
FEBMS
Finance
FIRS
Finance
RPMMSFinance
DAFIS
Finance
FIRS-ASW
Finance
BPCY-PCS
Finance
JF-SLH
Finance
LEASES
Finance
CHECKTRAC
Finance
PB-ICE
Finance
OIG32-9F
Finance
TRANVOUC
Finance
FEDEX
Finance
ORB-FIN
Finance
FECA
Finance
ORL
Finance
LDR
Finance
VFADMS
Finance
RED-MAR
Finance
PA
Finance
FRAN
Finance
FECS
Finance
FEDTRIP
Finance
CTS
Finance
FMS
Finance
IFAS
Finance
RPMMS-ASW
Finance
FIMS
Finance
BOSS
Finance
SPIRE
Finance
TMS
Finance
NATS
Finance
T-SERVE
Finance
OARMIS
Finance
BFM
Finance
CAS
Finance
DAFIS-ASW
Finance
MED BILL
Finance
CUPS
Finance
GTR
Finance
FMS-AHR
Finance
FAIM
Finance
DARTS
Finance
BXM
Finance
BAS
Finance
BAM
Finance
ABS
Finance
MM-SDG
Finance
WT-TVT
Finance
NACCS
Finance
C
FETS-ASO
Finance
C
MSEXCEL-FIN
Finance
C
MSWORD-FIN
Finance
CFACTS-
FIGURES
Finance
CQUICKEN-FIN-
TOOL
Finance
C
CUFF-FIN
Finance
C
CUPS-AWP
Finance
C
DAFIS-AWP
Finance
C
BU-SBP
Finance
C
QB-SAP
Finance
C
FETS-ASW
Finance
E
HHS
Finance
E
IRS
Finance
EBank ofAmerica
Finance
E
NFC
Finance
E
SSA
Finance
E
ATA
Finance
E
Treasury
Finance
E
OPM
HR
CPMIS
HR
SSAS
HR
IPPS
HR
CTTMS
HR
EE
HR
C
CUPS-LOCAL
IT Services
NASPAS
IT Services
TIMS
Assets
PMSRS
Assets
PMMS
Assets
FSEP
Av. Training
A/C TRAINING
Space
LIMS
Space
ESIS
Space
REMS
Finance Services
As Is To Be
Finance Services
• Reduction in applications and interfaces• Improved connectivity• Simplified architecture• Reduced potential vulnerabilities
56
The “Android” Cyber Defense –Emulates the most resilient system in the world
57
Element Hardening and Boundary Protection
Element Hardening
– 96% of IT systems certified and authorized
– Vulnerability scanning of public facing and internal servers on a regular basis
– Patch management to facilitate timely remediation of discovered vulnerabilities
Boundary Protection
– Security a major component of Federal Telecommunications Infrastructure, IAPs limited to 8 and hardened, e-mail post offices reduced from 850 to 12 and hardened
– Defense in-depth approach—firewalls, encryption, virtual private networks, and anti-viral software
58
The “Android” Cyber Defense –Emulates the most resilient system in the world
59
Computer Security Incident Response Center (CSIRC)
60
Cyber Fusion Center
61
The Keystone to Making this all Work is a Trained
and Ready Workforce
62
Purpose of Awareness and Training
The two goals of the ISS Awareness and Training Program are:
• To make all users aware of FAA ISS responsibilities
• To provide each line of business (LOB) and staff office (SO) with the training necessary to obtain the knowledge, skills, and abilities required to maintain information systems, implement ISS policies, and offer training opportunities to named key personnel.
63
Awareness and Training Program
The Federal Information Security Management Act of 2002 (FISMA)
• Requires each federal agency to “provide for the
mandatory periodic training in computer security
awareness and accepted computer practices of all
employees who are involved in the management, use or operation of each federal computer system
within or under the supervision of that agency.”
• Requires training under OMB, A130, Appendix III, and in accordance with guidelines co-developed by NIST.
64
Awareness and Training Program
In support of FISMA, the Office of Information Systems Security (AIS) Training Program shall:
• Establish an ISS awareness and training program• Provide awareness refresher briefings• Provide training to those who design, implement, or
maintain information systems• Provide specialized training to key personnel who have
been designated by their LOB/SO
65
Awareness
The purpose of the FAA Awareness Program is:
- To focus attention on security
- To create sensitivity to the threats and vulnerabilities of
information systems
- To recognize the need to protect data, information and systems
66
Awareness Methods
- Broadcast Email Messages
- Web-based activity: Security Awareness Virtual Initiative (SAVI)
- Warning Banners
- Information Security Newsletters
- Awareness Events (briefings, conferences, expositions)
- Meetings/Lectures related to ISS topics
- Interactive Kiosk
67
Training
Develop relevant and needed skills that map to defined responsibilities for each role.
Methods of Training
– Instructor-led training or face-to-face communications is the most personal method of training. The type of training is the most effective in the FAA.
– Computer Based Training (CBT) is offered at the FAA. CBT is utilized by a small percentage of FAA employees.
– System Administrator Simulation Training
68
Training
As part of the Training Program the FAA’s 2005 IT/ISS Conference was held February 28 through March 4 in San Diego, California.
Technical Training Sessions Held:
– Patch Management– Public Key Infrastructure– FAA Telecommunications Infrastructure– Enterprise License Agreement– Web Security– Vulnerability
The training classes were video taped to be provided as a learning tool for
those key personnel who were unable to attend. The tapes will be taken to
each Region and used in conjunction with other training.
69
Outreach Program
Technology is accelerating and changing complexity daily
To keep up with technology FAA must:
- Seek new talent through colleges and universities
- Use the Scholarship for Students Program sponsored
by OPM
- FAA (AIS) will utilize internship programs
- FAA will leverage research and development efforts at
colleges and universities that can be adapted to FAA’s
ISS program goals and objectives
70
Academia Outreach
Program Roles and Responsibilities
- Ensure success of overall ISS efforts and promote the exchange of information with colleges and universities.
- FAA will use academia in the area of research and development.
Program Goals for 2005
- Work with institutions of higher learning who have been designated as Academic Centers of Excellence by the National Science Foundation that are participants in the Scholarship for Services Program.
- Leverage knowledge students have gained and place them in the information security field.
71
Federal Efforts
The National Strategy to Secure Cyberspace
– Need to build foundations for the development of security certification programs that will be broadly accepted by the public and private sectors. DHS and other federal agencies can aid these efforts by effectively articulating the needs of the federal IT security community.
72
Current IT Security ProfessionalCertification Environment:
Challenge:
Need to identify highly qualified people to develop, maintain, and secure our information systems and networks
No nationally recognized certification for IT security professionals
73
IT Security Professional Certification
- Goal: Set up nationally recognized, privately administered certifications at appropriate levels
- Scope: Vendor-neutral certifications
- Product: Industry led IT Security Professional Certification structure/ process in place
- Outcome: National IT security professional certifications
74
Notional IT Security Professional Certification Process
1
75
Expected Outcomes
- Standard position categories
- Standard position levels- How many- Nomenclature (e.g., I, II, III; entry, intermediate,
advanced)
- Standard functions within categories and levels- Nomenclature (what are the functions; what are they
called)
- Skill Standards- By category and level: performance standards that
delineate what a person must know and be able to do in order to successfully perform roles related to a specific job, an occupational cluster or across an industry sector
76
Certification Related Issues
- Governance structure Stakeholder participation
- Common body of knowledge & standardsJob task analysis, competencies
- Training, testing & accreditationAdjudication: evaluation and feedback
- Continuing education
- Mapping current IT security certifications and transitioning current certificate holders
- Business Models
77
Status and Next Steps
- Working with Government and private sectors to leverage ongoing efforts
- Working with the Federal CIO Council, Workforce and Human Capital Committee to leverage existing structure
- Exploring options for setting up nationally recognized, privately administered IT security professional certifications at appropriate levels
- Others?
78
AN OPPORTUNITY TO DO “ISS” RIGHT
Who says trains can’t fly?