Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

The Role of State IT in Homeland Security

advertisement 
The Role of State IT in
Homeland Security
Robert L. Womack
Director, State and Local Government
Computer Associates International, Inc.
13 October 2004
© 2003 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
Outline
 Challenges
 Federal Guidance
 NASCIO Vision – a Homeland Security
Dashboard
 Concerns implied by the NASCIO Vision
 Enterprise Concerns
 Intelligence Concerns
 Situational Awareness Concerns
 Next Steps
© 2003 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
Today’s Challenges
New Challenges seen since 9/11
 Must assume that new attacks are possible
and probable – need to build systems to
“warn, detect, defend & restore”
 Attacks will be against:
 Information Systems
 People and Property
 All critical infrastructures are at risk and
novel attacks are possible
 “Intelligence” and “knowledge” within each
infrastructure are precious resources – need
to leverage this resource
 Since 9/11, we have learned that a vast
quantity of data has little or no value in its
undigested form.
© 2003 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
Today’s Challenges*
 But, great added value comes when the data
from multiple sources is…
 collected in an organized way from vigilant and
discerning sources in a timely and comprehensive
manner,
 analyzed for short-term and long-term as well as
localized and widespread implications,
 disseminated to appropriate recipients to
 alert potential targets,
 apprehend potential perpetrators, and
 inform incident managers in order to prevent attacks, reduce
vulnerabilities to attacks, and expedite recovery from attacks.
*This presentation is based on a line of reasoning first discussed in an as yet unpublished
NASCIO white paper. NASCIO, “Using Information and Communications Technology to Support
the State Homeland Security Mission” draft dated May 7, 2004. While this document has not yet
been formally approved, we believe it makes a compelling case.
© 2003 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
Today’s Challenges
Using secure information and knowledge systems to
protect our nation’s critical infrastructures
 Systems must leverage “human intelligence”
 Systems must become intelligent:
 Learn from all the data available
 Present information intuitively
 Be brilliant 24 x 7 x 365
 Be secure
Need to turn data into knowledge and action
© 2003 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
Front Line Integrated Threat Analysis Support
Tailored visualization of operational real-time and
historical information that officers can act on
Human
support
Defined rules, Intelligence and workflow to support
information processing and knowledge management
Secure, identity-& role-based, access control to Infrastructure
indications & warnings
support
A secure, robust network & information
infrastructure
Crisis management support for emergencies and
disaster recovery
© 2003 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
Federal Guidance
 The National Strategy for the Physical Protection of Critical
Infrastructures and Key Assets states:
 All U.S. states and territories have established homeland security
liaison offices to manage their counter-terrorism and infrastructure
protection efforts.
 Like the federal government, states should identify and secure the
critical infrastructures and key assets under their control.
 States should promote the coordination of protective and
emergency response activities and resource support among
local jurisdictions and between regional partners
 States should further facilitate coordinated planning and
preparedness by applying unified criteria for determining
criticality, prioritizing protection investments, and exercising
preparedness within their jurisdictions.
 They should also act as conduits for requests for federal assistance
when the threat at hand exceeds the capabilities of state and local
jurisdictions and the private entities within them.
 States should also facilitate the exchange of relevant security
information and threat alerts down to the local level.
© 2003 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
Federal Guidance
 “FY 2005 is a start up year for [National Incident Management
System] NIMS implementation and full compliance with the NIMS is
not required for you to receive FY 2005 grant funds. Since FY 2005
is a critical year for initial NIMS adoption, you should start now
by prioritizing your FY 2005 preparedness assistance (in
accordance with the eligibility and allowable uses of the grant)
to facilitate its implementation.”
 “States, territories, tribes, and local entities are encouraged to
achieve full NIMS implementation during FY 2005. To the extent
that full implementation is not possible during FY 2005, Federal
preparedness assistance must be leveraged to complete NIMS
implementation by FY 2006. By FY 2007, Federal preparedness
assistance will be conditioned by full compliance with the NIMS.”
Secretary Tom Ridge
Department of Homeland Security
“Letter to Governors” dated 8 September 2004
© 2003 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
Draft NASCIO Vision
 The Homeland Security Dashboard
 Is the business of the state IT organization
 Is a decision support tool based on current
information and communications technologies
 Forms the core of an integrated threat analysis center
for the state’s homeland security team
 Is the primary source for “actionable intelligence”
 Leverages state IT investments to provide a common
operating picture and “situational awareness” to both
first responders and “first preventers”
 Will be encouraged by the National Incident
Management System (NIMS) standards.
© 2003 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
Concerns Implied by the NASCIO Vision
 Enterprise Concerns
 Intelligence Concerns
 Situational Awareness Concerns
© 2003 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
Enterprise Concerns
 Use an existing enterprise advisory or governing board
to assess the current and likely impact of homeland
security information and communications technology
(ICT) on the state enterprise. Tomorrow’s silos are being
built today.
 Use an existing enterprise architecture (EA) advisory or
governing board to assess the impact of homeland
security decision support needs on the larger state EA
program in order to support needs for flexible, secure,
reliable, and appropriately handled homeland security
information.
 Identity management must be at the heart of homeland
security decision support systems. Does the current
identity management strategy provide the necessary
foundation for homeland security decision support? How
must the current strategy be changed or extended?
© 2003 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
Intelligence Concerns
 Download the Global Intelligence Working Group’s “National
Criminal Intelligence Sharing Plan” at
http://it.ojp.gov/topic.jsp?topic_id=93.
 Assess the impact of moving sensitive law enforcement, homeland
security, and health care information across the statewide ICT
infrastructure.
 Assess the implications for developing a statewide intelligence
“fusion” center, information sharing and analysis program, or critical
infrastructure protection (CIP) office where analysis of intelligence
will be conducted and warnings/alerts produced.
 Be prepared to contribute intelligence regarding physical and
“cyber”-based threats to state government’s critical
information assets as part of the state’s larger intelligencegathering efforts. “Strobes” of IT systems supporting first
responders may be a precursor to an attack.
© 2003 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
Situational Awareness Concerns
 Download FEMA’s National Incident Management
System (NIMS) plan at
http://www.dhs.gov/dhspublic/display?content=3258.
Watch for compliance guidelines to be issued in October
2004.
 Assess the impact of requirements for complying with
NIMS. Pay close attention to chapter five
“Communication and Information Management” and tab
nine “Examples of ICS Forms,” which will likely lead
XML-based standards development for interjurisdictional document exchange.
© 2003 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
Actionable Intelligence
Get the right information
to the right person
at the right time
in the right way
DoIT
DHS
IJIS
IT Security
Systems
Information
Sources
Enterprise Resource Management
Information Knowledge
Information Delivery
Information Gateway
© 2003 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
Next Steps
 Participate in homeland security planning.
 Consider IT security as you deploy new
applications.
 Remember that alerts from your IT security
system(s) are valuable inputs to your state’s
integrated threat analysis center.
 Assist your CISO community in making cyber
security a part of your state/agency’s homeland
security plan.
 If you support First Responders, begin NIMS
planning this year.
© 2003 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
Questions?
© 2003 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
References
© 2003 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
First Responder Grant Budget Trends
DHS First Responder Funding
4.2
4.1
$ Billions
4
3.6
3.75
3.75
3.8
3.6
3.5
3.4
3.2
3
FY 2003 Final
FY 2004 Final
Fiscal Year
Source: INPUT, 5 October 2004
© 2003 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
FY 2005
DHS / ODP Permitted Spending for Cyber Security
 Intrusion Detection
 Configuration Management
and Patch Distribution
 Scanning and Detection
Tools
 Geographic Information
Systems
 Network Systems
Management (NSM) and
Analysis
 Encryption Systems
 Firewall and
Authentication
 Security Hardware and
Software for Counter
measures
© 2003 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
Security Control Center
Data On Demand
Integrated Security View
Physical Security
View
Cyber-security View
www transferred data (KBytes)
Top 10 Active Clients
Real Time – Or –
Time Lapse
Total
security
violations
Entering Cyberspace
Compile, Display & Analyze Security Events from Disparate Sources
-- Fully Customizable for Group or Individual Needs
© 2003 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
Physical Security View
© 2003 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
CA Fast Facts






Founded in 1976
Headquartered in Islandia, New York
Fiscal Year 2004 revenues of $3.28 billion
More than15,000 employees in more than 40 countries
Committed to the highest corporate governance standards
Executive Team







Lewis Ranieri, Chairman
Kenneth Cron, Interim Chief Executive Officer
Jeff Clarke, Chief Operating Officer and Chief Financial Officer
Kenneth Handal, Executive Vice President and General Counsel
Mark Barrenechea, Executive Vice President of Product Development
Greg Corgan, Executive Vice President of Worldwide Sales
Yogesh Gupta, Chief Technology Officer
© 2003 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
CA Leadership Credentials
 Shaping the industry through innovation




Pioneered enterprise systems management software
Awarded 280 patents for advanced technology solutions
Active in every major standards organization
First to earn the International Organization for Standardization’s (ISO)
9002:1994 Global Certification and 9001:2000, the new, ultimate ISO
certification
 Only company to use one system to manage quality throughout its
worldwide operations
 World’s leading businesses partner with us
 95 percent of the Fortune 500® as well as thousands of other companies
worldwide use our software
 Partnerships drive success
 Developed significant relationships with customers, industry peers and
community organizations
 Organized channel operations to make it easier for customers of all
sizes to purchase and use CA solutions
© 2003 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
Contacts
 Contacts for more information:
 Erin Sullivan
 VP, State and Local Government – 908-531-0128
 Rod Hovater
 Account Director – State and Local – 770-953-3640
 Bob Womack
 Business Development Director – HLS – 617-733-5741
© 2003 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
The Role of State IT in
Homeland Security
Robert L. Womack
Director, State and Local Government
Computer Associates International, Inc.
13 October 2004
© 2003 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
Related documents
Go-Live with CA Move to Production Plan
Go-Live with CA Move to Production Plan
MDB High Level CA World WO108SN
MDB High Level CA World WO108SN
Ingres r3
Ingres r3
WCF - The CA Plex Wiki
WCF - The CA Plex Wiki
5S * Foundation to Lean - dpzietlow & associates llc
5S * Foundation to Lean - dpzietlow & associates llc
Essentials of ITIL Service Management
Essentials of ITIL Service Management
Educational Research (B) MAE 327
Educational Research (B) MAE 327
lOgO For this reason, the most powerful texts function like logos, a
lOgO For this reason, the most powerful texts function like logos, a
Firewall Considerations for CCI
Firewall Considerations for CCI
Proper Care and Feeding of your Ingres MDB
Proper Care and Feeding of your Ingres MDB
Download
advertisement