EECS 710: Information Security and Assurance Assignment #3 Brent Frye

12 Slides3.06 MB

EECS 710: Information Security and Assurance Assignment #3 Brent Frye 10/13/2013 1

Contents Department of Justice –CCIPS Department of Justice – FBI National Security Agency – NSA Department of Homeland Security CMU/SEI Coordination Center Conclusion 2

Department of Justice - CCIPS Computer Crime and Intellectual Property Section http://www.justice.gov/criminal/cybercrime/ CCIPS prevents, investigates, and prosecutes computer crimes. Goal is to protect Intellectual Property (IP) Case highlights include U.S. v. Microsoft Antitrust case and Author’s Guild, INC. v. Google INC. Provides IP Victim Guide on how to report intellectual property crimes as well as a manual for prosecuting IP crimes and computer crimes. Leadership is John Lynch, Chief Computer Crime & Intellectual Property Section. 3

Department of Justice - FBI InfraGard program developed in 1996 as partnership between private and public sectors to protect U.S. critical infrastructure and resources. InfraGard works well since most Infrastructure components like utility companies, transportation, telecomm, water, and food suppliers are privately owned. InfraGard began with a focus on cyber crime but now encompasses computer, physical and other security breaches. FBI agent serves as coordinator between companies to evaluate threats and impacts on their respective companies. Companies use FBI resources such as an encrypted website, webmail, list serves, and message boards to communicate and share case information. 4

Department of Justice – FBI cont. FBI provides an Internet Crime Complaint Center (IC3) targeting internet crime investigations http://www.ic3.gov/default.aspx IC3 is a partnership between the FBI and the National White Collar Crime Center (NW3C) IC3 handles complains regarding IP rights, computer intrusions, economic espionage, online extortion, internet money laundering, identity theft, and more. IC3 offers Internet Crime Prevention Tips and Schemes as well as a FAQ and Consumer Alerts. IC3 website allows visitors to file a complaint online to the FBI and have their claim investigated. 5

National Security Agency - NSA The National Security Agency (NSA) operates an Information Assurance Directorate (IAD) to protect National Security Information Systems (any system critical to military or intelligence activities) The IA program provides guidance to businesses as well as the TEMPEST Certification Program which tests and certifies products. IA features an Academic Outreach program which focuses on promoting higher education an research in IA to protect the nation’s infrastructure. The IA provides a Business Affairs Office and has many partnerships with the private industry. Provides the Commercial COMSEC Evaluation Program (CCEP) for product development to meet IA standards. 6

Department of Homeland Security The National Protection and Programs Directorate is developed to protect and enhance the resilience of the nation’s physical and cyber infrastructure. NPPD has four divisions: Federal Protective Service (FPS), Office of Cybersecurity and Communications (CS&C), Office of Infrastructure Protection (IP), and US-VISIT. National Infrastructure Protection Plan (NIPP) is operated by DHS to protect the nation’s critical infrastructure by providing a framework for security efforts. Mission is to lead the federal government in securing civilian and industry computer systems as well as government and critical infrastructure systems. 7

Department of Homeland Security cont. DHS created a Stop.Think.Connect Campaign effort in 2009 for public awareness of cyber threats and to provide resources and effective tips for preventing attacks. Obama designated the month of October as National Cyber Security Awareness Month (NCSAM) to promote awareness of cyber threats. Stop.Think.Connect provides a toolkit with tipsheets, presentations, videos, press releases, fact sheets, and social media contacts for educators, industry, and both young and older Americans. US CERT (United States Computer Emergency Readiness Team) provides information and tips for cyber security as well. 8

Department of Homeland Security cont. US-CERT’s mission is to improve the nation’s cybersecurity posture, coordinate cyber information sharing, and proactively manage cyber risks to the nation while protecting constitutional rights of Americans. US-CERT provides a feed of current industry activities relating to cyber security as well as recent vulnerabilities and methods to mitigate the vulnerabilities. US-CERT provides a hotline and 24x7 operations center to respond to security incidents as well as provide technical assistance and notifications. US-CERT partners with both private sector, academic institutions, federal agencies and the Information Sharing and Analysis Centers (ISACs) 9

Department of Homeland Security cont. The National Security Telecommunications Advisory Committee (NSTAC) was created by the DHS to provide the U.S. Government the best possible industry advice in the areas of the availability and reliability of telecommunications services. The NSTAC has been around for over 30 years with partnerships in the telecommunications and aerospace companies. Addresses such issues as the convergence of traditional and broadband networks, the changing global threat environment, and the continuing global expansion of provider and user communities. Five key themes: strengthening national security, enhancing cybersecurity, maintaining the global communications infrastructure, assuring communications fro disaster response, and addressing critical infrastructure interdependencies. 10

CMU/SEI CERT Coordination Center CERT Coordination center is located at Carnegie Mellon University and studies internet security vulnerabilities, researches long-term changes in networked systems, and develops information and training for improved security. CERT.org offers both training courses and certifications for professionals interested in cyber security. CERT.org will analyze programming code that is submitted to identify vulnerabilities in the early stages of development saving time and effort for programmers. CERT.org also provides information on securing network systems as well as managing risk and governance of organizational security. Similar to the DHS Cert team CERT.org also provides a response team available to assist with security issues. 11

Conclusion There are many agencies and websites that are both government and private sector that provide valuable resources for cyber security. Learn how to use the tools provided and contact the agencies in the event of a cyber crime. 12

Back to top button