chris gabbard, cisa - cyber security summit · cisa is with you the department of homeland security...
TRANSCRIPT
![Page 1: Chris Gabbard, CISA - Cyber Security Summit · CISA is with you The Department of Homeland Security is honing its focus on how it helps state and local governments and small and medium](https://reader034.vdocument.in/reader034/viewer/2022042710/5f5a67296cb60f506813c181/html5/thumbnails/1.jpg)
Chris Gabbard, CISACybersecurity Advisor Region 5: Minneapolis
October 29, 2019
![Page 2: Chris Gabbard, CISA - Cyber Security Summit · CISA is with you The Department of Homeland Security is honing its focus on how it helps state and local governments and small and medium](https://reader034.vdocument.in/reader034/viewer/2022042710/5f5a67296cb60f506813c181/html5/thumbnails/2.jpg)
2
A secure and resilient critical infrastructure for the American people.
Lead the National effort to understand and manage cyber and physical risk to our critical infrastructure.
![Page 3: Chris Gabbard, CISA - Cyber Security Summit · CISA is with you The Department of Homeland Security is honing its focus on how it helps state and local governments and small and medium](https://reader034.vdocument.in/reader034/viewer/2022042710/5f5a67296cb60f506813c181/html5/thumbnails/3.jpg)
3
CISA is the Nation’s lead civilian cybersecurity agency and the national coordinator for critical infrastructure security and resilience efforts.
We work with partners to: DEFEND TODAY and SECURE TOMORROW
![Page 4: Chris Gabbard, CISA - Cyber Security Summit · CISA is with you The Department of Homeland Security is honing its focus on how it helps state and local governments and small and medium](https://reader034.vdocument.in/reader034/viewer/2022042710/5f5a67296cb60f506813c181/html5/thumbnails/4.jpg)
4
![Page 5: Chris Gabbard, CISA - Cyber Security Summit · CISA is with you The Department of Homeland Security is honing its focus on how it helps state and local governments and small and medium](https://reader034.vdocument.in/reader034/viewer/2022042710/5f5a67296cb60f506813c181/html5/thumbnails/5.jpg)
5
Serving Critical Infrastructure
![Page 6: Chris Gabbard, CISA - Cyber Security Summit · CISA is with you The Department of Homeland Security is honing its focus on how it helps state and local governments and small and medium](https://reader034.vdocument.in/reader034/viewer/2022042710/5f5a67296cb60f506813c181/html5/thumbnails/6.jpg)
6
Threat Actors Are Sophisticated…
![Page 7: Chris Gabbard, CISA - Cyber Security Summit · CISA is with you The Department of Homeland Security is honing its focus on how it helps state and local governments and small and medium](https://reader034.vdocument.in/reader034/viewer/2022042710/5f5a67296cb60f506813c181/html5/thumbnails/7.jpg)
7
But They Don’t Always Need To Be
![Page 8: Chris Gabbard, CISA - Cyber Security Summit · CISA is with you The Department of Homeland Security is honing its focus on how it helps state and local governments and small and medium](https://reader034.vdocument.in/reader034/viewer/2022042710/5f5a67296cb60f506813c181/html5/thumbnails/8.jpg)
8
But They Don’t Always Need To Be
…
![Page 9: Chris Gabbard, CISA - Cyber Security Summit · CISA is with you The Department of Homeland Security is honing its focus on how it helps state and local governments and small and medium](https://reader034.vdocument.in/reader034/viewer/2022042710/5f5a67296cb60f506813c181/html5/thumbnails/9.jpg)
9
Against an Expanding Attack Surface
![Page 10: Chris Gabbard, CISA - Cyber Security Summit · CISA is with you The Department of Homeland Security is honing its focus on how it helps state and local governments and small and medium](https://reader034.vdocument.in/reader034/viewer/2022042710/5f5a67296cb60f506813c181/html5/thumbnails/10.jpg)
10
With Tools Aimed Directly At You
![Page 11: Chris Gabbard, CISA - Cyber Security Summit · CISA is with you The Department of Homeland Security is honing its focus on how it helps state and local governments and small and medium](https://reader034.vdocument.in/reader034/viewer/2022042710/5f5a67296cb60f506813c181/html5/thumbnails/11.jpg)
11
Leading to Successful Attacks
![Page 12: Chris Gabbard, CISA - Cyber Security Summit · CISA is with you The Department of Homeland Security is honing its focus on how it helps state and local governments and small and medium](https://reader034.vdocument.in/reader034/viewer/2022042710/5f5a67296cb60f506813c181/html5/thumbnails/12.jpg)
12
• The challenges continue to grow • An efficient approach to managing risk helps you
serve your customers and stakeholders• Avoid “paralysis by analysis”
• Manage your cybersecurity posture against established standards
• Develop an improvement plan and take action• Manage improvements and work on “operational
resilience” to address ongoing change and shifting threats.
Cyber Risk Management Considerations
![Page 13: Chris Gabbard, CISA - Cyber Security Summit · CISA is with you The Department of Homeland Security is honing its focus on how it helps state and local governments and small and medium](https://reader034.vdocument.in/reader034/viewer/2022042710/5f5a67296cb60f506813c181/html5/thumbnails/13.jpg)
In highly complex, Internet-dependent, technically enabled organizations, cybersecurity is a business problem.Cyber impacts/risks are not just disruptions of technology, but of the business missions that rely on the supporting technology.Approaching cybersecurity as an operational business risk brings cybersecurity into the organization’s risk management process.
Actions of People
Systems and Technology
Failures
Failed Internal
Processes
External Events
Bring “the Business” into Cybersecurity
![Page 14: Chris Gabbard, CISA - Cyber Security Summit · CISA is with you The Department of Homeland Security is honing its focus on how it helps state and local governments and small and medium](https://reader034.vdocument.in/reader034/viewer/2022042710/5f5a67296cb60f506813c181/html5/thumbnails/14.jpg)
14
Resilience Defined
“… the ability to prepare for and adapt to changing conditions and withstand and recover rapidly from disruptions. Resilience includes the ability to withstand and recover from deliberate attacks, accidents, or naturally occurring threats or incidents…”
- Presidential Policy Directive 21February 12, 2013
Protect (Security) Sustain (Continuity)
Perform (Capability) Repeat (Maturity)
![Page 15: Chris Gabbard, CISA - Cyber Security Summit · CISA is with you The Department of Homeland Security is honing its focus on how it helps state and local governments and small and medium](https://reader034.vdocument.in/reader034/viewer/2022042710/5f5a67296cb60f506813c181/html5/thumbnails/15.jpg)
15
• Consider your health. • How do you become healthy?• Can you buy good health? • Can you “manufacture” good
health?
• You can’t buy it in a product.
• Good health and resilience are both emergent properties.
• They develop – or emerge –from what we do.
Resilience Emerges From What You Do
![Page 16: Chris Gabbard, CISA - Cyber Security Summit · CISA is with you The Department of Homeland Security is honing its focus on how it helps state and local governments and small and medium](https://reader034.vdocument.in/reader034/viewer/2022042710/5f5a67296cb60f506813c181/html5/thumbnails/16.jpg)
16
• Identifying critical services and mitigating risks,• Planning for and managing vulnerabilities and incidents,• Performing service-continuity processes and planning,• Managing IT operations,• Managing, training, & deploying people,• Protecting and securing important assets, and• Working with external partners.
Operational Resilience in Practice
Operational resilience emerges from what we do, such as:
![Page 17: Chris Gabbard, CISA - Cyber Security Summit · CISA is with you The Department of Homeland Security is honing its focus on how it helps state and local governments and small and medium](https://reader034.vdocument.in/reader034/viewer/2022042710/5f5a67296cb60f506813c181/html5/thumbnails/17.jpg)
17
CISA is with you
The Department of Homeland Security is honing its focus on how it helps state and local governments and small and medium businesses in the area of cyber security amid a number of recent ransomware attacks and continued threats to critical infrastructures
- Jeanette Manfra, assistant Director for Cybersecurity with the Cybersecurity and Infrastructure Security Agency
![Page 18: Chris Gabbard, CISA - Cyber Security Summit · CISA is with you The Department of Homeland Security is honing its focus on how it helps state and local governments and small and medium](https://reader034.vdocument.in/reader034/viewer/2022042710/5f5a67296cb60f506813c181/html5/thumbnails/18.jpg)
CSA Deployed Personnel- Region 5
18
CSA Offices
![Page 19: Chris Gabbard, CISA - Cyber Security Summit · CISA is with you The Department of Homeland Security is honing its focus on how it helps state and local governments and small and medium](https://reader034.vdocument.in/reader034/viewer/2022042710/5f5a67296cb60f506813c181/html5/thumbnails/19.jpg)
19
In support of the CISA mission, Cybersecurity Advisors:• Assess: Evaluate critical infrastructure cyber risk.
• Promote: Encourage best practices and risk mitigation strategies.
• Build: Initiate, develop capacity, and support cyber communities-of-interest and working groups.
• Educate: Inform and raise awareness.
• Listen: Collect stakeholder requirements.• Coordinate: Bring together incident support and
lessons learned.
Cybersecurity Advisor Program
![Page 20: Chris Gabbard, CISA - Cyber Security Summit · CISA is with you The Department of Homeland Security is honing its focus on how it helps state and local governments and small and medium](https://reader034.vdocument.in/reader034/viewer/2022042710/5f5a67296cb60f506813c181/html5/thumbnails/20.jpg)
20
Sampling of Cybersecurity Offerings
• Response Assistance• Remote / On-Site Assistance• Malware Analysis• Hunt and Incident Response Teams• Incident Coordination
• Cybersecurity Advisors• Assessments• Working group collaboration• Best Practices private-public• Incident assistance coordination
• Protective Security Advisors• Assessments• Incident liaisons between
government and private sector• Support for National Special
Security Events
• Preparedness Activities• Information / Threat Indicator Sharing• Cybersecurity Training and Awareness• Cyber Exercises and “Playbooks”• National Cyber Awareness System• Vulnerability Notes Database• Information Products and Recommended
Practices• Cybersecurity Evaluations
• Cyber Resilience Reviews (CRR™)• Cyber Infrastructure Surveys• Phishing Campaign Assessment• Vulnerability Scanning• Risk and Vulnerability Assessments (aka
“Pen” Tests)• External Dependency Management Reviews• Cyber Security Evaluation Tool (CSET™)• Validated Architecture Design Review
(VADR)
![Page 21: Chris Gabbard, CISA - Cyber Security Summit · CISA is with you The Department of Homeland Security is honing its focus on how it helps state and local governments and small and medium](https://reader034.vdocument.in/reader034/viewer/2022042710/5f5a67296cb60f506813c181/html5/thumbnails/21.jpg)
21
• Cyber Resilience Review (Strategic)
• External Dependencies Management (Strategic)
• Cyber Infrastructure Survey (Strategic)
• Cybersecurity Evaluations Tool (Strategic/Technical)
• Phishing Campaign Assessment (Technical)
• Vulnerability Scanning / Hygiene (Technical)
• Validated Architecture Design Review (Technical)
• Risk and Vulnerability Assessment (Technical)
Range of Cybersecurity Assessments
TECHNICAL(Network-Administrator Level)
STRATEGIC(C-Suite Level)
![Page 22: Chris Gabbard, CISA - Cyber Security Summit · CISA is with you The Department of Homeland Security is honing its focus on how it helps state and local governments and small and medium](https://reader034.vdocument.in/reader034/viewer/2022042710/5f5a67296cb60f506813c181/html5/thumbnails/22.jpg)
22
• Periodic assessments are essential for resilience, helping you:• Measure your cybersecurity efforts• Manage improvements over time
Criticality of Periodic Assessments
![Page 23: Chris Gabbard, CISA - Cyber Security Summit · CISA is with you The Department of Homeland Security is honing its focus on how it helps state and local governments and small and medium](https://reader034.vdocument.in/reader034/viewer/2022042710/5f5a67296cb60f506813c181/html5/thumbnails/23.jpg)
Available Resource Guides
![Page 24: Chris Gabbard, CISA - Cyber Security Summit · CISA is with you The Department of Homeland Security is honing its focus on how it helps state and local governments and small and medium](https://reader034.vdocument.in/reader034/viewer/2022042710/5f5a67296cb60f506813c181/html5/thumbnails/24.jpg)
24
§us-cert.gov/ccubedvp
C3VP Resources
![Page 25: Chris Gabbard, CISA - Cyber Security Summit · CISA is with you The Department of Homeland Security is honing its focus on how it helps state and local governments and small and medium](https://reader034.vdocument.in/reader034/viewer/2022042710/5f5a67296cb60f506813c181/html5/thumbnails/25.jpg)
25
CSA Contact InformationChris GababrdCyber Security Advisor
CyberAdvisor [email protected]
Questions?