what the workforce needs to know - nist€¦ · situational awareness action decision intelligence...
TRANSCRIPT
![Page 1: What The Workforce Needs To Know - NIST€¦ · Situational Awareness Action Decision Intelligence System Workforce ... Leadership Operations SDLC Cybersecurity Cross-Domain Collaboration](https://reader033.vdocument.in/reader033/viewer/2022042807/5f799a61ce6a363894190abf/html5/thumbnails/1.jpg)
What The Workforce Needs To Know
Equipping the workforce to buildand maintain cyber resilience systems.
Greg Jaeger, Senior Program MangerAdvanced Technology International
SSCA 2018 Spring Forum
![Page 2: What The Workforce Needs To Know - NIST€¦ · Situational Awareness Action Decision Intelligence System Workforce ... Leadership Operations SDLC Cybersecurity Cross-Domain Collaboration](https://reader033.vdocument.in/reader033/viewer/2022042807/5f799a61ce6a363894190abf/html5/thumbnails/2.jpg)
July 2013 Event Analysis
39 17 11 30 302
patchdetect
CERT
first exploit
vendor alertexploit
shutdownrecoveryoperation
A Preventable Event – Must Self-Initiate Changes
••••
![Page 3: What The Workforce Needs To Know - NIST€¦ · Situational Awareness Action Decision Intelligence System Workforce ... Leadership Operations SDLC Cybersecurity Cross-Domain Collaboration](https://reader033.vdocument.in/reader033/viewer/2022042807/5f799a61ce6a363894190abf/html5/thumbnails/3.jpg)
Team Challenge
“What can we do to use the existing data
and tools to become more aware of the
system’s cyber resilience in order to make
smart, risk-based decisions that best
utilize the finite resources?”
![Page 4: What The Workforce Needs To Know - NIST€¦ · Situational Awareness Action Decision Intelligence System Workforce ... Leadership Operations SDLC Cybersecurity Cross-Domain Collaboration](https://reader033.vdocument.in/reader033/viewer/2022042807/5f799a61ce6a363894190abf/html5/thumbnails/4.jpg)
Situational Awareness
Action Decision Intelligence
System
Workforce
CybersecuritySDLCOperationsLeaders
Perception Comprehension Projection
Workforce & Situational Awareness*
* modified Endsley Model (1995)
![Page 5: What The Workforce Needs To Know - NIST€¦ · Situational Awareness Action Decision Intelligence System Workforce ... Leadership Operations SDLC Cybersecurity Cross-Domain Collaboration](https://reader033.vdocument.in/reader033/viewer/2022042807/5f799a61ce6a363894190abf/html5/thumbnails/5.jpg)
Cross-Domain FeedbackCollab Code Build/Test Deploy Monitor
Continuous Collaboration → Proactive
Component Scans
Logging ChangesTriggers
Client Responses
![Page 6: What The Workforce Needs To Know - NIST€¦ · Situational Awareness Action Decision Intelligence System Workforce ... Leadership Operations SDLC Cybersecurity Cross-Domain Collaboration](https://reader033.vdocument.in/reader033/viewer/2022042807/5f799a61ce6a363894190abf/html5/thumbnails/6.jpg)
Risk Repository
Situational Awareness
Action Decision Intelligence
Perception Comprehension ProjectionSystem
WorkforceCybersecuritySDLCOperationsLeadership
Cross-Domain Collaboration
Amplified Situational Awareness*
* modified Endsley Model (1995)
![Page 7: What The Workforce Needs To Know - NIST€¦ · Situational Awareness Action Decision Intelligence System Workforce ... Leadership Operations SDLC Cybersecurity Cross-Domain Collaboration](https://reader033.vdocument.in/reader033/viewer/2022042807/5f799a61ce6a363894190abf/html5/thumbnails/7.jpg)
2013 vs 2017 Events vs Equifax
39 17 11 30 30
4 1 3 2 10
2
1
patchdetect
CERT
2013
2017
first exploit
Leadership Over Resources
5 DB: 75 (5/13-6/30)65 (3/8-5/12)Equifax
vendor alertexploit
shutdownrecoveryoperation
![Page 8: What The Workforce Needs To Know - NIST€¦ · Situational Awareness Action Decision Intelligence System Workforce ... Leadership Operations SDLC Cybersecurity Cross-Domain Collaboration](https://reader033.vdocument.in/reader033/viewer/2022042807/5f799a61ce6a363894190abf/html5/thumbnails/8.jpg)
Who/How to Teach• Managers, IT (developers,
engineers, quality, testing, network, database, etc.), contracting, executive leadership
• Collaborative environment• Team facilitation and
elicitation• Rapid forensics and root-
cause analysis • Foreign system design, code,
components, • Risk decision making• Log dissection, correlation
and gap analysis• Limited tools for
resourcefulness
Education Gaps• Project Management with SDLC,
Operations, and DevOps• Real-world application of skills• Cross-domain collaboration• Team self awareness• Risk management• Data distillation and
normalization• System awareness• Library decomposition/analysis• Dataflow mapping• Software stack interface layers• Discerning valid / anomalous
traffic• Assessing vulnerability reports• Meaningful cybersecurity metrics
to senior leadership on system/program security posture
![Page 9: What The Workforce Needs To Know - NIST€¦ · Situational Awareness Action Decision Intelligence System Workforce ... Leadership Operations SDLC Cybersecurity Cross-Domain Collaboration](https://reader033.vdocument.in/reader033/viewer/2022042807/5f799a61ce6a363894190abf/html5/thumbnails/9.jpg)
What Works• Engaged leadership
• Balance of all requirements
• System Knowledge
• Process feedback loops and refinement
• Quantitative, qualitative, and predictive analyses
• Actor, tactic, and component profiling
• Tactical and Strategic mitigation plans
• Repetitive team synthesis and experience is greater than individual roles (i.e., Bloom’s taxonomy of learning)
• Experience is a cross-domain multiplier
What Doesn’t Work• Waiting on alerts, patches, and
information sharing
• Compliance as the end-goal
• Disengaged Penetration Testing
• Software scans without context
• Awaiting third party and external one-directional communications
• Stovepipe stakeholders
• Regarding cyber reliance as an Information Technology, Developer, or Cybersecurity Division problem
• Contracts void of collaboration requirements
• Contract-mandated certifications
• Over-emphasis on tools, hacking, and compliance checklists
• Solicitations with inadequate emphasis of cybersecurity
![Page 10: What The Workforce Needs To Know - NIST€¦ · Situational Awareness Action Decision Intelligence System Workforce ... Leadership Operations SDLC Cybersecurity Cross-Domain Collaboration](https://reader033.vdocument.in/reader033/viewer/2022042807/5f799a61ce6a363894190abf/html5/thumbnails/10.jpg)
QUESTIONS
?? ? ?
Greg JaegerSenior Program [email protected]
o: 843.760.3216c: 843.297.1341
Brian EleazerSenior System [email protected]
o: 843.760.3317c: 843.297.0740
![Page 11: What The Workforce Needs To Know - NIST€¦ · Situational Awareness Action Decision Intelligence System Workforce ... Leadership Operations SDLC Cybersecurity Cross-Domain Collaboration](https://reader033.vdocument.in/reader033/viewer/2022042807/5f799a61ce6a363894190abf/html5/thumbnails/11.jpg)
Backups
![Page 12: What The Workforce Needs To Know - NIST€¦ · Situational Awareness Action Decision Intelligence System Workforce ... Leadership Operations SDLC Cybersecurity Cross-Domain Collaboration](https://reader033.vdocument.in/reader033/viewer/2022042807/5f799a61ce6a363894190abf/html5/thumbnails/12.jpg)
Stakeholder Information Exchange
SystemOwner
HostProvider
System Manager
12
![Page 13: What The Workforce Needs To Know - NIST€¦ · Situational Awareness Action Decision Intelligence System Workforce ... Leadership Operations SDLC Cybersecurity Cross-Domain Collaboration](https://reader033.vdocument.in/reader033/viewer/2022042807/5f799a61ce6a363894190abf/html5/thumbnails/13.jpg)