Protecng the Naon’s Crical Assets · 2019-07-15 · § Business or mission analysis §...

Post on 11-Aug-2020

1 views 0 download

Preview:

Click to see full reader
Report this document
SHARE

transcript

NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY

Protec'ngtheNa'on’sCri'calAssetsWhenCyberHygieneIsNotEnough

NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY

Pushingcomputerstotheedge.

NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY

242

NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY

Kine'cspace.Cyberspace.

NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY

CyberRisk.Func%on(threat,vulnerability,impact,likelihood)

Defense

Energy

Transporta%on

Manufacturing

NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY

Theadversariesarerelentless.

NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY

Cyberadversaries…

Na'onstates.Terroristgroups.

Criminalenterprises.Disgruntledindividuals.

NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY

Hos'leac'ons…

Exfiltrateinforma'on.Preposi'onmaliciouscode.

Disruptorbringdowncapability.Createdecep'on.

NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY

Complexity.

AMacksurface.

NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY

§  Resilient Military Systems and the Advanced Cyber Threat

§  Cyber Supply Chain

§  Cyber Deterrence

Defense Science Board Reports

NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY

Protec'ngcri'calsystemsandassetsandmakingthemcyberresilient—Thehighestpriorityforthena8onalandeconomicsecurityinterestsoftheUnitedStates.

NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY

Defendingcyberspacein2020andbeyond.

NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 13

CyberResiliency.

Theabilitytoan'cipate,withstand,recoverfrom,andadapttoadversecondi'ons,

stresses,aMacks,orcompromisesonsystemsthatuseorareenabledbycyberresources.

NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 14

§  Iden'fyanddevelopsharedservices(enterprise-wide).§  Transi'ontocloudservicesandsolu'ons(public/private).

§  Isolateandstrengthenprotec'onforhighvalueassets.

§  Reduceandmanagethecomplexity.

§  Engineertrustworthy,secure,andresilientsolu'ons.

§  Transi'ontoamul'dimensionalprotec'onstrategy.

Moderniza%onStrategyforAchievingCyberResiliency

NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY

Achievingcyberresiliencyrequiresamul'dimensionalprotec'onstrategy.

SystemHardenthe

target

FirstDimension

Limitdamagetothetarget

SecondDimension

MakethetargetcyberresilientThirdDimension

NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 16

NEXTGENERATIONSTANDARDSANDGUIDELINES

CYBERRESILIENCYENGINEERING

PROTECTION.DAMAGELIMITATION.RESILIENCY.

§  RiskManagementFramework§  SystemsSecurityEngineering§  EnhancedProtec'onofCUI§  SecurityandPrivacyControls

NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 17

NISTSpecialPublica'on800-171,Revision2Protec7ngControlledUnclassifiedInforma7oninNonfederalSystems

andOrganiza7ons

Ini%alPublicDraIPublicCommentPeriod

June19throughJuly19,2019

NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 18

NISTSpecialPublica'on800-171BProtec7ngControlledUnclassifiedInforma7oninNonfederalSystems

andOrganiza7onsEnhancedSecurityRequirementsforCri7calProgramsandHighValueAssets

Ini%alPublicDraI

PublicCommentPeriod

June19throughJuly19,2019

NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 19

RiskManagementFramework(RMF2.0)

CATEGORIZE

ASSESS

AUTHORIZE

MONITOR

PREPARE

IMPLEMENT

SELECT

CyberResiliencyControlsfromNISTSP800-53

NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY

Aunifiedframeworkformanagingsecurity,privacy,andsupplychainrisks.

RMF2.0

SecurityRiskManagement

PrivacyRiskManagement

SupplyChainRiskManagement

Communica%onbetweenC-SuiteandImplementersandOperators

AlignmentwithNISTCybersecurityFramework

AlignmentwithSecurityEngineeringProcesses

NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 21

NISTSpecialPublica'on800-160,Volume2CyberResiliencyConsidera7onsfortheEngineering

ofTrustworthySecureSystems

NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 22

CyberResiliencyEngineeringFramework

TECHNIQUES APPROACHES STRUCTURALDESIGN

PRINCIPLES

STRATEGICDESIGNPRINCIPLES

Why

OBJECTIVES •  Understand •  Prevent/Avoid •  Prepare •  Con'nue •  Constrain •  Recons'tute •  Transform •  Re-architect

What

GOALS •  An'cipate • Withstand •  Recover •  Adapt

RISKMANAGEMENT

STRATEGY

How

Informselec%onandpriori%za%on

Informselec%onandpriori%za%on

Informselec%onandpriori%za%on Informselec%onandpriori%za%on

Informselec%onandpriori%za%on

Informselec%on

priori%za%on

Informselec%on

NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 23

§  Business or mission analysis §  Stakeholder needs and requirements definition §  System requirements definition §  Architecture definition §  Design definition §  System analysis §  Implementation §  Integration

§  Verification §  Transition

§  Validation §  Operation

§  Maintenance §  Disposal

ISO/IEC/IEEE15288:2015SystemsandsoSwareengineering—Systemlifecycleprocesses

NISTSP800-160

CyberResiliencyConstructsinSystemLifeCycle.

NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 24

NISTSpecialPublica'on800-53,Revision5SecurityandPrivacyControlsfor

Informa7onSystemsandOrganiza7ons

ComingSoon

NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 25

Somefinalthoughts.

NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 26

Simplify.Innovate.Automate.

NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 27

Security.Privacy.Freedom.

NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 28

100 Bureau Drive Mailstop 8930 Gaithersburg, MD USA 20899-8930

Email Mobile ron.ross@nist.gov 301.651.5083

LinkedIn Twi_er www.linkedin.com/in/ronross-cybersecurity @ronrossecure

Web Comments csrc.nist.gov sec-cert@nist.gov

ContactInforma'onFISMAIMPLEMENTATIONPROJECT

SIMPLIFY.INNOVATE.AUTOMATE.

Top related

Lecture 5: Scheduling · • 5 points/queson. – Queson 5 was worth 1 extra point. • Memcpy ‐ “Protecng memory state” – Not privileged. – Memory state = meta‐data concerning
Documents
Data Definition Guide - Embarcadero Websitedocs.embarcadero.com/products/interbase/IB2009/IB2009_DataDef.pdf · Using the Data Definition Guide Data Definition Guide . Data definition.
Documents
Authors’ Presenta.on of BioMed Central Publica.on: ‘Crical ...€¦ · 40 slide deck : •Includes a raJonale for each change. From Slide 25 or thereabouts, the raJonale for change
Documents
PMB definition guideline for metastatic (including ... Definition Project... · PMB definition guideline for metastatic (including advanced) ... PMB definition guideline for metastatic
Documents
Session 1: Protecng the ASEAN Community from Evolving ... · Session 1: Protecng the ASEAN Community from Evolving Polical-Security Challenges ASEAN and Japan Should Take a Firmer
Documents
Protec’ng*Informaon*Assets* · 2015-06-22 · MIS$5206$Protecng$Informa/on$Assets$ GregSenko Protec’ng*Informaon*Assets* Week4 * Risk Evaluation *
Documents
J.A.$Mar(n*Gago, gago@icmm.csic · J.A.(Mar?n@Gago,(Nat.(Chem.(2011),(3,11 @NEWS(AND(VIEWS(Protecng/ group/ Molecular precursor Substrate Activation Temp. (K) Structure or molecule
Documents
HawaiianBirds MusicEd.notebook March 31, 2018...HawaiianBirds_MusicEd.notebook 2 March 31, 2018 The goal of this grassroots project is to deal with an issue that is crical to Hawaiian
Documents
Capital Budget Presentation FY12 Aug 2010 FINAL · Student Academic ... Subtotal $115,100,000 12 • Crical for USG instuons to meet major repair and ... Capital Budget Presentation
Documents
Rational Exponents and Radicals Definition of b 1/n Definition of b m/n Definition of Rational Exponents Definition of √b Definition of (√b) m Properties.
Documents
ARCS Authorisaon Services€¦ · • Super Science Iniave eResearch Components (2009‐13) • … crical importance of eResearch Infrastructure to future research compeveness •
Documents
FERNANDES HEARN LLP DECEMBER 2014 Newsletter€¦ · which)would)provide)an)acon)for)damages)in)tort.))The)“duty)of)care” analysis)is)a)crical)component)of)any)tort)case:)a)plainff)claiming)for
Documents
Tips & Tools for Protecng Honey Bees - ecocolmena · Introduc/on Bees are in trouble. They’ve been disappearing and dying at alarming rates, with beekeepers reporng astonishing
Documents
Featuring the Voices of Nurses & Midwives at the UN Commission …€¦ · Crical Health Issues in the Post‐2015 Agenda • 10:30 am at the Salvaon Army Auditorium 221 East 52nd
Documents
FALMOUTH WATER STEWARDS NEWS Summer 2016 …...FWS News Summer 2016 3 Reducing creaon of plasc debris is a monumental and crical task; Fal‐ mouth is headed in the right direc‐
Documents
CICE Performance In CESM · • Communicaon is nearest neighbor halo update, it is a crical term at high process counts – Want to minimize number of messages and size of messages
Documents
Far North Queensland · The road networks both within Cairns and connecng Cairns to regions located to the north, south and west are crical enablers for the regional economy. An effecve
Documents
Knots Module · rescue operaons. Pracce is crical, so pracce oen, mastering the tying techniques. 5/27/09 Knots Module Basic Knots • Figure 8 • Figure ...
Documents
Beyond Deficits and Crical Periods
Documents
The Sanctuary… Its Crical Understanding for us Today!€¦ · – Spiritual Israel took the gospel to the Gen2les • Satan raised up spiritual Babylon (the li]le/talking horn of
Documents

Copyright © 2018 DOCUMENTS