c i s a | c y b e r s e c u r i t y a n d i n f r a s t r ...€¦ · september 11, 2019 c i s a |...
TRANSCRIPT
September 11, 2019
C I S A | C Y B E R S E C U R I T Y A N D I N F R A S T R U C T U R E S E C U R I T Y A G E N C Y
CYBERSECURITY ROLES ACROSS THE
FEDERAL GOVERNMENT
STAKEHOLDER ENGAGEMENT DIVISION
1
September 11, 2019
September 11, 2019
The Cybersecurity Workforce Challenge
3
Globally
• According (ISC)², the global cybersecurity workforce shortage is projected to reach 1.8 million by 2022
• That’s more than 1 new cybersecurity expert needed every minute*
• The top in demand
work roles are:
• Information Systems
Security Developer
• Information Systems
Security Manager
• Systems Developer
• Research &
Development
Specialist
• Software Developer
There are over 300,000
vacant cybersecurity
jobs in the United States
Domestically Specifically
September 11, 2019
CISA Efforts to Close the Cybersecurity Skills Gap
4
• National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework
• Cybersecurity Workforce Development and Planning Tools and Resources
Workforce
Cybersecurity Education, Training, and Assistance Program (CETAP) Grant / K-12 Curricula
National Centers of Academic Excellence (CAE)CyberCorps®: Scholarship for Service (SFS)Federal Virtual Training Environment (FedVTE) cybersecurity training platform
Education and Training
• National Initiative for Cybersecurity Careers and Studies (NICCS) website- hosting all CE&A resources
• Quarterly outreach efforts to targeted stakeholder groups
Outreach
• Stop. Think. Connect.™
• National Cybersecurity Awareness Month (NCSAM)
Awareness
September 11, 2019
Workforce Development Toolkit and Tools
ADVANCE
PREPARE➢ Assess goals
➢ Evaluate readiness
➢ Inventory workforce
➢ Ongoing workforce
planning
➢ Close skill gaps
➢ Recruit for key skills
➢ Retain staff
➢ Provide continuous
development
o Workforce Planning Capability
Maturity Matrix (CMM)
o Cybersecurity Workforce Planning
Diagnostics
o NICE Framework
o Workforce Mapping Tool
o Team Traits/ Interview Questions
o Recruitment Checklist
o PushButton PD™ Generator Tool
o Retention Tips by Level
o Career Path Template
o NICCS Training Catalog
WO
RK
FO
RC
E D
EV
EL
OP
ME
NT
TO
OL
KIT
PH
AS
ES
TOOLS
BUILD
PLAN
September 11, 2019
Significant Cybersecurity Authorities
6
Clinger-Cohen Act (1996) also known as
the Information Technology Management
Reform Act
Changed how the government managed IT for several decades; allowed agencies to acquire IT
resources more independently; required agencies to appoint a chief information officer (CIO);
increased accountability for IT planning and operations
Federal Information Security
Management Act (2002)
Outlined roles and responsibilities for federal cybersecurity management; required agencies to
develop, document, and implement programs to secure their data and information systems
Federal Information Security
Modernization Act (2014)
Modified the original 2002 law; clarified and updated the responsibilities and authorities of DHS and
OMB in relation to federal agency information security
National Cybersecurity Protection Act
(2014)
Formalized the National Cybersecurity and Communications Integration Center
within DHS to interface and share cybersecurity information across federal and non-federal entities
Federal Information Technology
Acquisition Reform Act (2014)
Expanded the authorities of CIOs; addressed matters like risk management for IT investments, data
center consolidation, IT training, and acquisition/procurement
Cybersecurity Act of 2015 Incentivized information sharing between the federal government and private industry, via DHS, by
providing liability protections for private sector actors that share threat indicators and defensive
measures with DHS; required all civilian agencies to implement EINSTEIN, a DHS program to detect
and block threats to federal networks
Cybersecurity National Security Action
Plan (2016)
Established a commission to expand the nation’s cybersecurity workforce; established a Federal Chief
Information Security Officer and increased government-wide shared services for IT and cybersecurity
September 11, 2019
The Government’s Role in a Cybersecurity Event
By law, every federal agency and state is responsible for its own cybersecurity.
The Presidential Policy Directive (PPD) United States Cyber Incident Coordination,
outlines the federal response to any cyber incident (government or private sector)
▪ The Department of Justice leads the investigative component
▪ The Department of Homeland Security leads asset protection
▪ The Director of National Intelligence leads intelligence support activities
▪ The National Security Council’s (NSC) Cyber Response Group will drive
national policy coordination
▪ The Cyber Unified Coordination Group coordinates national operations
September 11, 2019
High-level Roles
8https://www.belfercenter.org/sites/default/files/files/publication/Understanding%20Federal%20Cyber
security%2004-2018_0.pdf
September 11, 2019
▪ Cybersecurity and Infrastructure Security
Agency (CISA)
▪ Office of Management and Budget (OMB)
▪ National Institute of Standards and
Technology (NIST)
▪ Government Services Agency (GSA)
▪ Department of Defense (DoD)
▪ Office of the Director of National Intelligence
(ODNI)
▪ Department of Justice (DOJ)
▪ Federal Bureau of Investigation (FBI)
▪ Department of State (DOS)
▪ United States Secret Service (USSS)
▪ National Security Agency (NSA)
▪ Federal Security Centers
▪ National Cybersecurity and Communications
Integration Center (NCCIC)
▪ National Cyber Investigative Joint Task Force
(NCIJTF)
▪ National Security Agency Cybersecurity Threat
Operations Center (NCTOC)
▪ Department of Defense Cyber Crime Center (DC3)
▪ Intelligence Community – Security Coordination
Center (IC-SCC)
Agencies with Cybersecurity Responsibility
9
September 11, 2019
As many tools are already available, is the government’s job
complete?
If so, what comes next?
If not, what should the government’s role in cybersecurity workforce
development be?
Do We Have it Right?
10
October is National Cybersecurity Awareness Month (NCSAM)
For more information, contact [email protected]
September 11, 2019 12
For more information:
cisa.gov
niccs.us-cert.gov
Questions?
Email: [email protected]
September 11, 2019
Back-up slides
13
September 11, 2019
▪ Lead agency for asset response during a significant cyber incident, acting through the
National Cybersecurity and Communications Integration Center
▪ Plays a leadership and operational role, supporting federal civilian agencies in their
cybersecurity risk management
▪ Provides a “common baseline” of security to all agencies
▪ Acts a hub for information sharing across the federal government and between the
government and private sector
▪ Promotes widespread adoption of NIST guidance and conducts risk assessments with other
agencies
▪ Assists other agencies in responding to incidents and responsible for critical infrastructure
security
CISA Role
14
September 11, 2019
▪ Develops and oversees the implementation of policies, principles, standards, and
guidelines on information security
▪ Directs federal departments and agencies to report major cyber incidents within
seven days as well as submit to reporting to Congress, CISA, and OMB annually
▪ Develops, communicates, and enforces information security policies and adoption of
standards and guidelines across federal agencies
▪ Provides data and risk-based oversight to federal cybersecurity programs
▪ Supports CISA to reduce adverse impacts of major incidents and vulnerabilities
within the federal government
OMB Role
15
September 11, 2019
▪ Develops standards and guidelines for information systems not related to national
security
▪ Creates Federal information processing standards
▪ Provides guidelines to federal agencies through multi-stakeholder engagement
process with industry (i.e. BIOS management, wireless protocol, supply chain risk
management)
NIST Role
16
September 11, 2019
▪ Supports federal government agencies by identifying and delivering cybersecurity
products and services (i.e. standardized acquisition vehicles)
▪ Promotes cybersecurity of connected devices used by federal agencies, such as
those used in buildings or vehicles
▪ Provides risk advisory as well as assessment, training, and support to election
infrastructure
▪ Plays a smaller role in partnering with agencies to improve the user experience of
government (websites, digitizing internal systems, fixing tech problems)
GSA Role
17
September 11, 2019
▪ Responsible for threat response to cyber incidents affecting DoD assets and the DoD
Information Network (DoDIN)
▪ Supports civil authorities for cyber incidents outside the DoDIN when requested by the lead
federal agency, approved by the appropriate DoD official, directed by the President
▪ Provides support based upon the needs of the incident, the capabilities required, and the
readiness of available forces
▪ Provides intelligence on election infrastructure threats to CISA and helps update
sensors to compromised systems
▪ “Defend forward” to disrupt or halt malicious cyber activity at its source, including
activity that falls below the level of armed conflict
▪ Protects the .mil cyber space
DoD Role
18
September 11, 2019
▪ Lead coordinator for intelligence support during a significant cyber incident, acting
through the Cyber Threat Intelligence Integration Center
▪ Provides intelligence support and related activities to federal asset and threat
agencies
▪ Facilitates the building of situational threat awareness and sharing of related
intelligence; the integrated analysis of threat trends and events; the identification of
knowledge gaps; and the ability to degrade or mitigate adversary threat capabilities
ODNI Role
19
September 11, 2019
▪ Lead agency for threat response during a significant cyber incident, acting through
the Federal Bureau of Investigations (FBI) and National Cyber Investigative Joint
Task Force
▪ Provides threat response activities such as conducting appropriate law enforcement
and national security investigative activities at the affected entity's site; collecting
evidence and gathering intelligence; providing attribution; linking related incidents;
identifying additional affected entities; identifying threat pursuit and disruption
opportunities; developing and executing courses of action to mitigate the immediate
threat; and facilitating information sharing and operational coordination with asset
response
DOJ Role
20
September 11, 2019
▪ Collects and coordinates the sharing of relevant intelligence and other information
between FBI domestic personnel and FBI staff assigned to Legal Attaché offices
around the world
▪ Coordinates the sharing of intelligence among and between federal agencies and
international intelligence and law enforcement elements
▪ Produces and shares analytical products, including those that assess threats to the
homeland and inform related planning, capability development, and operational
activities
▪ Coordinates with ODNI mission and support centers that provide unique capabilities
for homeland security partners
FBI Role
21
September 11, 2019
▪ Represents the United States in all global diplomatic engagements across the full
range of international policy imperatives, including cyber issues
▪ Leverages its diplomats in the embassies and posts around the globe to provide
international diplomatic support for cyber incident response around the clock
▪ Coordinates diplomatic outreach related to cyber incidents
▪ Many federal departments and agencies actively maintain and leverage multilateral and
bilateral partnerships
DOS Role
22
September 11, 2019
▪ Maintains a national network of Electronic Crimes Task Forces, combining the
resources of academia, private sector, and SLTT law enforcement
▪ Prevents, detects, and investigates electronic crimes, including potential terrorist
attacks against critical infrastructure and financial payment systems
USSS Role
23
September 11, 2019
▪ The National Security Agency Cybersecurity Threat Operations Center (NCTOC) is
the 24/7/365 NSA element that characterizes and assesses foreign cybersecurity
threats.
▪ Informs partners of current and potential malicious cyber activity through its analysis
of foreign intelligence, with a focus on adversary computer network attacks,
capabilities, and exploitations
▪ Provides technical assistance to U.S. Government departments and agencies upon
request
NSA Role
24
September 11, 2019
▪ National Cybersecurity and Communications Integration Center (NCCIC) As an
operational element of CISA, the NCCIC is the primary platform to coordinate the
federal government’s asset response to cyber incidents. The NCCIC is authorized
under Section 3 of the National Cybersecurity Protection Act of 2014.
▪ National Cyber Investigative Joint Task Force (NCIJTF) is a multi-agency center
hosted by the FBI and is the primary platform to coordinate the Federal
Government’s threat response. The NCIJTF is chartered under paragraph 31 of
National Security Presidential Directive-54/Homeland Security Presidential Directive-
23.
Federal Security Centers
25
September 11, 2019
▪ Cyber Threat Intelligence Integration Center (CTIIC) Operated by the Office of the
Director of National Intelligence, the CTIIC is the primary platform for intelligence
integration, analysis, and supporting activities for the Federal Government. CTIIC
also provides integrated all-source analysis of intelligence related to foreign cyber
threats or cyber incidents affecting U.S. national interests.
▪ U.S. Cyber Command (USCYBERCOM) Joint Operations Center (JOC) The
USCYBERCOM JOC directs the U.S. military’s cyberspace operations and defense
of the DoDIN. USCYBERCOM manages both the threat and asset responses for the
DoDIN during incidents affecting the DoDIN and receives support from the other
centers, as needed.
Federal Security Centers (cont.)
26
September 11, 2019
▪ National Security Agency Cybersecurity Threat Operations Center (NCTOC) is
the 24/7/365 NSA element that characterizes and assesses foreign cybersecurity
threats. The NCTOC informs partners of current and potential malicious cyber activity
through its analysis of foreign intelligence, with a focus on adversary computer
network attacks, capabilities, and exploitations. Upon request, the NCTOC also
provides technical assistance to U.S. Government departments and agencies.
▪ Department of Defense Cyber Crime Center (DC3) supports law enforcement,
counterintelligence, information assurance, network defense, and critical
infrastructure protection communities through digital forensics, focused threat
analysis, and training. DC3 provides analytical and technical capabilities to federal
agency mission partners conducting national cyber incident response.
Federal Security Centers (cont.)
27
September 11, 2019
▪ Intelligence Community – Security Coordination Center (IC-SCC) monitors and
oversees the integrated defense of the IC Information Environment in conjunction
with IC mission partners and in accordance with the authority and direction of the
Office of the Director of National Intelligence Chief Information Officer.
Federal Security Centers (cont.)
28