National Infrastructure Protection Center PARTNERSHIP FOR PROTECTION STATUS AND INITIATIVES November 2, 1999 CRITICAL INFRASTRUCTURES Services so vital that their incapacity or destruction would have a debilitating impact on the defense or economic security of the United States CRITICAL INFRASTRUCTURES • • • • • • • • Telecommunications / Computer Systems Electrical Power Oil & Gas Transportation Banking & Finance Water Emergency Services Government Operations WHOSE PROBLEM IS IT ? • NOT JUST A FEDERAL GOVERNMENT ISSUE • AND NOT JUST A GOVERNMENT ISSUE • ANYONE - AT ANY LEVEL - CAN BE A TARGET OR A VICTIM OF TERRORISM THREATS - HARD TO DEFINE CAPABILITY + INTENT x VULNERABILITY = THREAT – Traditional Adversaries – Economic Adversaries – Political Adversaries – Others / Potential Terrorists / Organized Crime / Non-State / Opportunists • RANGE OF CAPABILITY - - BUT SIGNIFICANT CAPABILITY IS EASY TO GET POSSIBLE FUTURE THREATS • Cyber Mercenaries • Cyber Militia • Cyber Civil Disobedience (Domestic) • Cyber Protesters (International) • Cyber Terrorists • Cyber Activists / Futurists / Unknowns Presidential Decision Directive 63 • Sets goal of a secure information system infrastructure by the year 2003, and increased government security by the year 2000 • Requires federal agencies to serve as a model in reducing cyber and physical infrastructure vulnerabilities • Seeks participation of private industry • Sets up a new structure to deal with this challenge Presidential Decision Directive 63 - National Structure Executive Office of the President National Infrastructure Assurance Council OSTP (R&D) National Security Advisor National Coordinator National Infrastructure Protection Center Information Sharing and Analysis Center(s) Critical Infrastructure Coordinating Group Critical Infrastructure Assurance Office SECTOR LEAD AGENCY Banking & Finance Dept of Treasury Transportation Dept of Transportation Electric and Gas & Oil Dept of Energy Information / Comms Dept of Commerce Emergency Law Enforcement Dept of Justice Government Services FEMA Emergency Fire FEMA Special Function Agencies DoJ / FBI Law Enforcement Internal Security DoD The Private Sector National Defense CIA Intelligence Public Health Services HHS Water Supply EPA DoS Foreign Affairs 8 NIPC MISSION PDD-63, May 22, 1998: • The NIPC will provide a national focal point for gathering information on threats to the infrastructures. • Its mission will include providing timely warnings of intentional threats, comprehensive analyses and law enforcement investigation and response. • The NIPC will provide the principal means of facilitating and coordinating the Federal Government’s response to an incident, mitigating attacks, investigating threats and monitoring reconstitution efforts. NATIONAL INFRASTRUCTURE PROTECTION CENTER • Composition - Interagency, multi-level – Multiple government agencies – Federal, state, and local law enforcement – Private sector representatives • Manning – FBI - 78 of 93 on board – Other government agencies - 29 of 40 on board DoD, DCIS, NSA, Services, NASA, GSA, CIA, USSS, DOE, USPS, State – Inbound includes FDIC, others NIPC Organization NIPC Director Deputy Director Computer Investigations and Operations Section (CIOS) Analysis and Warning Section (AWS) Training, Outreach and Strategy Section (TOSS) Computer Investigations Unit Analysis and Information Sharing Unit Training and Continuing Education Unit Special Technologies Applications Unit Watch and Warning Unit Outreach and Field Support Unit Cyber Emergency Support Team Strategic Planning Unit NIPC CAPABILITIES • Protection - Analysis & Warning Section is issuing warnings, alerts, other products • Prevention - STAU to coordinate R&D of tools and applications to be shared • Investigation - still strongest element; built on CITAC foundation NIPC INFORMATION FLOW WATCH CENTER PRIVATE SECTOR ISACs ANALYSIS & WARNING COMPUTER INTRUSION INVESTIGATIONS WARNINGS ALERTS ADVISORIES INTERAGENCY INVESTIGATION INFRAGARD FED GOV’T INTELLIGENCE OTHERS DECISION MAKERS A DIFFICULT PROCESS • IDENTIFICATION / ATTRIBUTION • LEGAL CONSTRAINTS • ARE WE SURE WE’RE SURE ? NIPC INITIATIVES REPORTS & PRODUCT • Warnings, Alerts, and Advisories • Daily Watch Report • Biweekly CYBERNOTES • Critical Infrastructure Developments • Quarterly Infrastructure Protection Digest • Special Reports NIPC INITIATIVES PRIVATE SECTOR CONTACTS NIPC establishing informal channels for the exchange of information – ISACs – Other structures NIPC INITIATIVES InfraGard • Government alliance with private sector. Representatives from industry, government, academia, state & local law enforcement • Mechanism for systems owners and operators to communicate with colleagues • Improves dissemination of security information – Intrusion alert network & Secure web site – Chapter committees dedicated to concerns of membership – Seminars and training & Meetings with colleagues • Membership requirements – Membership agreement – Confidentiality pledge – Commitment to actively participate NIPC INITIATIVES KEY ASSET INITIATIVE • FBI PROGRAM REVITALIZED • KEY ASSETS NEED TO BE REDEFINED • DATA BASE MAINTAINED AT NIPC • FIELD OFFICES GATHERING INFO • MUST BE COMPATIBLE WITH DOD PROGRAM NIPC INITIATIVES SECTOR ACTIVITY FBI / NIPC - the lead for the Emergency Law Enforcement Services Sector – DIR, NIPC IS SECTOR LIAISON OFFICIAL – INVITED STATE & LOCAL LAW ENFORCEMENT ORGANIZATIONS – SECTOR COORDINATOR SELECTED – QUARTERLY MEETINGS – SECTOR PLAN UNDER REVIEW – FEDERAL LAW ENFORCEMENT TO BE INVITED TO NEXT MEETING NIPC INITIATIVES INTERNATIONAL ACTIVITY • Investigative cooperation – G8 – Council of Europe • Participation in State-led effort to define international cooperative effort • Issues - What can be shared ? How ? With whom ? Building the Partnership • Protect self using tools • Report intrusions • Safeguard information Private Sector Government •Collect info about tools •Collect info about threat •Collect info about organizations •Coordinate R&D •Provide info about tools •Issue Warnings, Alerts & Advisories •Protect proprietary data Doug Perritt National Infrastructure Protection Center Federal Bureau of Investigation Room 11719 935 Pennsylvania Avenue, NW Washington, DC 20535 dougperritt@fbi.gov perrittd@osd.pentagon.mil (202) 324-0305 ADMINISTRATION INITIATIVES R & D Additional funding sought for research into recognizing malicious code, detecting unauthorized intrusions, and developing other tools for infrastructure protection. ADMINISTRATION INITIATIVES FEDERAL CYBER SERVICE PROGRAM • Would provide college scholarships for IT and Information Systems Security majors - up to 300 per year • Would require some amount of government service in return (Similar to ROTC concept) ADMINISTRATION INITIATIVES INFORMATION SECURITY INSTITUTE • Would provide a national technical training center for Information Technology and Information Systems Security professionals • Would focus on continuing education ADMINISTRATION INITIATIVES TRAINING PROGRAMS Through the institute and other mechanisms, would provide for professional training, certification, recognition and enhanced status for systems administrators and other information systems operators and security specialists. ADMINISTRATION INITIATIVES EDUCATON AND AWARENESS • An effort to raise awareness of the seriousness of cyber security • In partnership with the private sector • To be launched in December