NIST Threat Intelligence Sharing Information

The NIST Cyber Threat Intelligence Information and Sharing document for May 2017 has been released and can be found here.  NIST Cyber Threat Intelligence Information Sharing.

Cyber-attacks continue to increase in frequency and sophistication, presenting significant challenges for organizations that must defend their data and systems from capable threat actors. These actors range from individual, autonomous attackers to well- resourced groups operating in a coordinated manner as part of a criminal enterprise or on behalf of a nation-state. Threat actors can be persistent, motivated, and agile, and they use a variety of tactics, techniques, and procedures (TTPs) to compromise systems, disrupt services, commit financial fraud, and expose or steal intellectual property and other sensitive information. Given the risks these threats present, it is increasingly important that organizations share cyber-threat information, and use the community’s experience to improve their security posture.

Cyber -threat information is any information that can help an organization to identify, assess, monitor, and respond to cyber-threat s. Examples of cyber-threat information include indicators (system artifacts or observables 2 associated with an attack), TTPs, security alerts, threat intelligence reports, and recommended security tool configurations. Most organizations already produce multiple types of cyber- threat information that are available to share internally as part of their information technology and security operations efforts.

 

Foundation for Public-Private Collaboration

Public-Private Sector Common Investments Utilized

Foundation for Public-Private Collaboration

The National Forum for Public-Private Collaboration has taken the excellent work of the Department of Defense embodied in the DESMF, referenced above, and have created a mirrored document with the minor changes of replacing the references to DoD with “organization" and “warfighter” with “customer”. We call this mirrored copy the Foundation for Public-Private Collaboration (FPPC).

The FPPC describes a life cycle for enterprise service management, including Service Strategy, Service Design, Service Transition, Service Operation, and Continual Service Improvement. Through the Forum, the FPPC establishes the base lexicon for public and private collaboration on cyber resilience and other relevant business topics. Forum activities utilize this document as a foundation for public and private collaboration.

We reference other publicly available frameworks, standards, and methods in support of balanced, reasonable and prudent guidance addressing the imperative needs of an organization such as sustainability and resilience. The FTC asks for reasonable approaches, our leadership seeks effective, prudent and disciplined use of limited resources to protect and enable business value.

We recognize the need for organizations to be adaptable and agile in the face of intentional and unintentional cyber threats, competitive and legislative landscapes, change in organizational directions and other considerations. The resulting reasonable and prudent guidance maps to the FPPC and by association the DESMF.

The Foundation for Public-Private Collaboration is a great resource because it is freely available with no licensing or other restrictions, and it provides comprehensive coverage of IT service management. The practices described are applicable to both public and private sector organizations, regardless of their size or the industry they operate in.

“Cyber resilience must be tightly coupled with and support business value. Measurable reasonable, prudent and disciplined approaches are established by including internal and external collaboration as part of each organization’s strategy to support their mission. This must not stifle the innovation needed to create and protect business value.” Charlie Tupitza

The National Foundation for Public-Private Collaboration is creating easy to use guidance, based on the existing FPPC by incorporating support for cyber resilience into every lifecycle stage and process it describes. The guidance will show how every service management process should contribute to cyber resilience, and show how cyber resilience controls can contribute to each stage of the lifecycle and to each service management process. The resulting document will be published under a Create Commons License to ensure it can be reused for purposes such as:

Helping both public and private sector organizations to incorporate cyber resilience into how they manage their IT systems and services.
Fostering collaboration between information security and IT service management teams and organizations.
Helping organizations offering tools and consulting to integrate support of both cyber resilience and IT service management into their offerings.
Providing content of value available for consideration in future releases of the DESMF and other Frameworks, as well as Standards, and Methods.

FISMA 2016 Report

FISMA 2016 Executive Summary
The State of Federal Cybersecurity In 2016, cybersecurity continued to become a household term among the American public, as millions of citizens had their personal data and devices exposed to ever expanding cyber threats. During the year, malicious actors compromised several social media and email services, leading to the exposure of personal data for a large portion of their user bases. In October 2016, a distributed denial of service attack used seemingly innocuous internet-connected devices to cripple servers that connect the public to many popular websites. The exploits that led to these cyber incidents were not new, and demonstrate that we must redouble our efforts to inform Americans and companies across the country of methods that they can employ to protect their data from malicious actors.Click for 2016 FISMA ReportFISMA 2016 report to congress

Office of Management and Budget

The Office of Management and Budget (OMB) worked with agencies to develop policies aimed at strengthening cybersecurity across the government, including a revision to OMB Circular A-130, Managing Information as a Strategic Resource, which sets the overarching framework for managing Federal IT resources. OMB also collaborated with the Office of Personnel Management (OPM) to publish the first-ever Federal Cybersecurity Workforce Strategy to help agencies recruit and retain top cyber talent. OMB and its interagency partners look to build on these policies and continue driving cybersecurity performance in the coming years.

Federal Agencies were Not Immune

Federal agencies were not immune to these exploits in 2016, with over 30,899 cyber incidents that led to the compromise of information or system functionality. Sixteen of these incidents met the threshold for a major incident, a designation that triggers a series of mandatory steps for agencies, including reporting certain information to Congress.

During the year, Federal agencies made considerable progress in strengthening their defenses and enhancing their workforces to combat cyber threats. In particular, agencies worked to enforce the use of multi-factor Personal Identity Verification (PIV) cards, with 81% of government users now using this credential to access Federal networks. Additionally, over 70% of Federal agencies have employed strong antiphishing and malware capabilities to help safeguard their networks from malicious activity. Agencies have also made significant progress toward safeguarding their high value information technology (IT) assets and employing capabilities to identify, detect, and protect hardware and software assets on their networks.

Agency FISMA Progress

This annual report provides Congress with information on agencies’ progress towards meeting cybersecurity performance goals in Fiscal Year (FY) 2016 and the results of the independent Inspectors General (IGs) assessments that identify areas in need of improvement. This report also provides information on Federal cybersecurity incidents, ongoing efforts to mitigate and prevent future incidents, and agencies’ progress in implementing cybersecurity policies and programs to protect their systems, networks, and data.

FTC Chair at NCSA event

Acting FTC Chair Maureen Ohlahausen addressed a meeting of the National Cyber Security Alliance Monday at the NASDAQ in New York City.
Charlie Tupitza asked a question about the importance of public private collaboration especially in how it helps small businesses understand reasonable approaches. She gave a very positive response.

Maureen Ohlhausen echoed the Forums opinion

about the value of helping small businesses.  It is critical to consider the needs and abilities of small businesses while we collaborate about a more holistic view of cyber resilience business value.  Since small and mid size businesses play such an important role in our supply chain we must do everything we can to help them with reasonable approaches to protect themselves, partners and customers.

Here is her quote from the event.

Charlie Tupitza

charlie tupitza nationa forum for public private collaboration
Charlie Tupitza
NFPPC CEO

We see a number of organizations struggling to map to the CSF and deal with reasonableness. We wonder what value you see in public and private collaboration to help determine reasonableness and address the difference between large and small organizations.

Maureen Ohlahause

Maureen Ohlahausen FTC Chair
Maureen Ohlahausen, FTC Acting Chair

I think there can be enormous value to have public and private collaboration and discussion on these issues of the NIST Cyber Security Framework and Reasonableness.

Reasonableness is the FTC’s touchstone and it is based on the size of the organization. We do understand that small organizations don’t have the resources of large organizations, but that doesn’t mean that they can’t take basic steps.

So the kinds of areas we have brought enforcement actions have been areas of don’t have the password be the name of your company. Have a firewall. See what data you have, why and who has access to it. Don’t give access to everybody to the most secure sensitive types of data if they don’t need access. These are some basic low cost steps and I think that business can be very useful as part of the dialog to be a resource to say what is a cost effective step. What is reasonable for a small company to take to secure data to the best of their ability understanding their ability for a small company wouldn’t necessarily be the same as a Fortune 500 company’s ability.

Australian Signals Directorate Strategies

The Australian Signals Directorate has updated their Strategies to Mitigate Cyber Security Incidents – Mitigation Details found here:

Australian_Signal_Directorate_Cyber_Mitigation_Strategies

Australian Signal Strategies to Mitigate Cyber Security Incidents
ASD Strategies to Mitigate Cyber Security Incidents
Efforts are being considered to map this to or Foundation for Public Private Collaboration.
This document, developed by the Australian Signals Directorate (ASD), replaces ASD’s publication Strategies to Mitigate Targeted Cyber Intrusions – Mitigation Details and directly complements ASD’s publication Strategies to Mitigate Cyber Security Incidents
.
Additional information is provided in this document to help organizations mitigate cyber security incidents caused by:
  • targeted cyber intrusions (e.g. executed by advanced persistent threats such as foreign intelligence services) and other external adversaries who steal data
  • ransomware denying access to data for monetary gain, and external adversaries who destroy data and prevent computers/networks from functioning
  • malicious insiders who steal data such as customer details or intellectual property malicious insiders who destroy data and prevent computers/networks from functioning
  • “business email compromise”
  • threats to industrial control systems.
Implementation guidance is provided for each of the associated mitigation strategies, including references to controls in ASD’s Australian Government Information Security Manual(ISM).
.
Readers are strongly encouraged to visit ASD’s website for the latest version of this document and additional information about implementing the mitigation strategies.
ASD’s website also has separate and specific guidance for mitigating denial of service, and securely using cloud computing and enterprise mobility including personally owned computing devices such as tablets, smartphones and laptops.
We do not provide links that are not https so you will have to search for these.

Charlie Tupitza

 Board of Directors - Acting CEO

charlie tupitza
Charlie Tupitza
CEO

Former US Head of Cyber Resilience Best practices for AXELOS a subsidiary of UK based Capita.

Charlie has extensive experience within the private and public sectors ins support of cyber resilience protecting business value and readiness. He actively participates in public private collaboration promoting the sharing of lessons learned. He was a charter member of the Presidential Policy Directive-21 working group to identify cyber security training across the entire federal procurement community headed by the DHS.

Previously Charlie was responsible for providing enterprise solutions including for the maintenance repair and operation of the Space Shuttle program along with same support for facilities at Kennedy Space Center, Patrick AFB, and Cape Canaveral, ground based FAA equipment, all dams in the US, and Navy facilities while at MRO Inc.

Charlie has extensive experience in physical security with video surveillance at all land based points of entry into the US and providing gunshot detection systems of ShotSpotter in support of the Violent Crime Task Force of the FBI.  He provided Software to automate the development of buffer zone protection plans for the DHS when they first identified Critical Infrastructure Sectors. His unique experience with both physical and cyber risk brings great value to the Forum.

He provided Enterprise Architecture software (Popkin) to the DHS as they DHS brought the agencies together making it up and the US Army.

Other experience includes being an active participant in the Software and Supply Chain Assurance Forum sponsored by the DHS, GSA, DoD, and NIST.  He is a current working group member of the National Initiative for Cybersecurity Education (NICE).  He participates in working sessions for the Cyber Security Framework (NIST) and the Incident Response and Recovery Working Group (DHS), member of OASIS-Open Cloud Application Management for Platforms Technical Committee. He was a member of the DoD working groups of Environmental Data Standards, Collaboration, and Maintenance Repair and Operation.