Got Security? An Overview of the DHS Federal Network Security Branch
DHS National Cyber Security Division
GFIRST August 27th, 2009 3:45pm - 5:00pm
�Abstract
The Federal Network Security (FNS) Branch addresses the need for a single, accountable focal point for achieving Cybersecurity throughout the federal enterprise. The creation of FNS was in response to multiple policy mandates, directives, and legislative acts. FNS was initially formed in 2008 to coordinate management and execution of the Information Systems Security Line of Business (ISSLOB) and the Trusted Internet Connection (TIC) Initiative outlined in OMB Memo 08-05 also known as CNCI #1. Since then, FNS has evolved into distinct program areas focused on: Providing a holistic approach to government network security Addressing common challenges faced by federal agencies Designing, implementing and maintaining solutions that address the Cybsersecurity needs of federal agencies While each agency maintains responsibility for the operations and security of its internal networks, FNS will reduce duplication of individual agency efforts; increase the baseline security of federal government networks; provide enhanced capabilities for small and micro agencies; and ensure the long-term prevention of attacks against the federal enterprise by assisting agencies with implementation and compliance management of Information Systems Security policies and guidelines. This presentation given by FNS executives will highlight the Branch’s mission, goals and priorities in helping agencies address Cybersecurity issues.
Presenter’s Name
June 17, 2003
�Federal Network Security
Addresses the need for a single, accountable focal point for achieving a federal enterprise security model. Focuses on providing the means to enable long-term strategic prevention of attacks against federal government networks by addressing common challenges faced by all agencies. Collaborates with the federal agency community and other National Cyber Security Division program areas in designing, implementing, and maintaining evolving security solutions that address the aggregate needs of the federal enterprise.
Presenter’s Name
June 17, 2003
�FNS Vision
To be the recognized leader for driving change that enhances the Cybersecurity posture of the Federal Government
Homeland Security
Cybersecurity and Communications
�Themes for Change
AS-IS
• Inconsistent understanding of network topology • Subjective measures of Cybersecurity posture • No centrally defined and communicated Cybersecurity baseline
TO-BE
• Fully mapped and understood network topology • Objective quantification of Cybersecurity posture • Established, communicated, and continuously improving Cybersecurity baseline • Coordinated/aligned audit assurance responsibilities • Sufficient and consistent authority and funding for D/A CIOs/CISOs • Culture of “continuous improvement towards perfection”
• Potentially overlapping “audit” responsibilities • Authority and funding of CIOs/CISOs is variable across D/As • Culture of “close enough” with respect to IT Security
Homeland Security
Cybersecurity and Communications
�HSPD-23 Authorities
“Manage and oversee…the external access points, including access to the Internet, for all Federal Systems”
“In coordination with the Director of OMB, set minimum operational standards for Federal Government NOCs and SOCs which the Secretary will certify & enforce”
“Director of OMB shall annually assess, in coordination with the Secretary of Homeland Security, network security best practices of Federal agencies, recommend changes to policies or architecture that should be applied across the Federal Government, and ensure Federal agencies comply with standards and policies…”
Assess Assess Influence Influence Drive Drive Measure Measure
Presenter’s Name
June 17, 2003
�FNS Process
Assess Enterprise Needs and Required Capabilities
Through interagency collaboration identify and prioritize actions required to mitigate risks and improve Cybersecurity posture across the Enterprise
Assess Assess
Influence Policy and Strategies to Implement
Promote actionable Cybersecurity policies, initiatives, standards, and guidelines for implementation
Influence Influence
Drive Implementation of Capabilities
Enable and drive the effective implementation of Cybersecurity risk mitigation activities and capabilities
Drive Drive
Measure and Monitor Implementation and Security Posture
Measure and monitor agency implementation strategies and compliance with published Cybersecurity policies, initiatives, standards, guidelines and directives
Measure Measure
Presenter’s Name
June 17, 2003
�Federal Network Security Branch
Federal Network Security Matt Coose Director
Focus: Leadership and strategic direction of NCSD efforts aimed at improving the aggregate network security of the Federal Government Information Security Enterprise Holistic approach to government network security Work across all federal agencies Address common challenges faced by all agencies Design, implement, and maintain solutions that address the aggregate need DHS – NPPD – CS&C – NCSD Started in 2008 to coordinate the Information System’s Security Line of Business (ISSLOB) Identified in OMB M-08-05 to oversee CNCI #1, also known as the Trusted Internet Connection (TIC) Initiative Recently grew into 4 distinct programs
Presenter’s Name June 17, 2003
Integrated PMO Michael Smith Deputy Director
Security Management Antione Manson, Program Manager
Network & Infrastructure Security Sean Donelan, Program Manager
Compliance & Assurance Don Benack, Program Manager
Requirements & Acquisition Support Doug Andre, Program Manager
�Security Management Program
Federal Network Security Matt Coose Director
Integrated PMO Michael Smith Deputy Director
Mission: Assess and drive Cybersecurity best practices for the federal enterprise. Goals Monitor and support cyber initiatives Evaluate and analyze emerging technologies and trends Promote enterprise risk mitigation strategies and initiatives
Security Management Antione Manson, Program Manager
Network & Infrastructure Security Sean Donelan, Program Manager
Compliance & Assurance Don Benack, Program Manager
Requirements & Acquisition Support Doug Andre, Program Manager
Presenter’s Name
June 17, 2003
�Network & Infrastructure Security
Mission: Optimize Individual agency network services into a common solution for the federal government
Federal Network Security Matt Coose Director
TIC Initiative: Responsible for championing agency implementation and oversight of CNCI #1:
Reduce and consolidate external access points, including connections to the Internet across the federal government Define and maintain baseline security capabilities for TICs and TIC Access Providers (currently 51 capabilities including statefull firewalls, email virus/spyware/spam blocking, 24x7 NOC/SOC) Agencies can implement additional security capabilities on top of the baseline TIC security capabilities 20 Agencies have been designated TIC Access Providers (TICAP) by OMB
Integrated PMO Michael Smith Deputy Director
Security Management Antione Manson, Program Manager
Network & Infrastructure Security Sean Donelan, Program Manager
MTIPS: Managed Trusted IP Services (MTIPS) is the sole GSA Networx vehicle for other federal civilian agencies in the US to acquire TIC-compliant services
Four MTIPS awards (AT&T, Qwest, Sprint, and Verizon) Bundles Internet access, managed security services (24x7 NOC/SOC) and baseline TIC security capabilities Agencies can buy additional security capabilities to augment MTIPS
Compliance & Assurance Don Benack, Program Manager
Requirements & Acquisition Support Doug Andre, Program Manager
Architecture and Standards: Assist in the clarification and implementation of NIST standards.
Lead efforts to clarify ambiguous terms (e.g., “external connection”) Maintain Federal Network Security Architecture Document Share implementation experiences and best practices
Presenter’s Name
June 17, 2003
�Compliance & Assurance Program
Mission: Provide government agencies value-added security services that improve their individual Cybersecurity posture and enable the development of enterprise-wide security and risk mitigation strategies.
Federal Network Security Matt Coose Director
Goals:
Measure compliance by federal agencies with information security laws, regulations, policies, standards, initiatives and directives Establish and maintain a holistic, enterprise view of the federal government’s security posture
Integrated PMO Michael Smith Deputy Director
Security Management Antione Manson, Program Manager
Sub Programs:
Compliance Assessments: Assessments to evaluate an agency’s compliance with laws, regulations, policies, standards and directives. TIC Compliance Validation NOC/SOC Operational Standards Enterprise Awareness: Activities conducted collaboratively and independently in order to develop an understanding of the federal government’s IT services and infrastructure; particularly at the perimeter between government and non-government systems and networks. Agencyspecific findings will be shared with the agency. Network Mapping and Baselining Route Diversity Analysis Risk & Vulnerability Analysis (Future Capability): Risk and vulnerability assessments to identify agency-specific threats so that appropriate mitigation techniques can be prioritized and implemented.
Network & Infrastructure Security Sean Donelan, Program Manager
Compliance & Assurance Don Benack, Program Manager
Requirements & Acquisition Support Doug Andre, Program Manager
Presenter’s Name
June 17, 2003
�Requirements & Acquisition Support
Mission: Identify common security needs and enable enterprisewide implementation and sustainment of standard security products and services
Federal Network Security Matt Coose Director
FISMA Reporting:
Provide agencies with shared products & services to comply with FISMA reporting requirements - using pre-existing standardized tools for this process. Government Shared Service Centers: – EPA – DOJ
Integrated PMO Michael Smith Deputy Director
Security Awareness Training:
Security Management Antione Manson, Program Manager
Common suites of ISS training products and training services for the Federal Government, to include government-wide licenses for commercial IT applications and security training products. Government Shared Service Centers: – DOD – DOS – OPM
Network & Infrastructure Security Sean Donelan, Program Manager
C&A:
Government Shared Service Centers: – DOJ – TREAS – BPD – DOT – FAA – DOI – NBC
Compliance & Assurance Don Benack, Program Manager
Requirements & Acquisition Support Doug Andre, Program Manager
Partnering with GSA to coordinate an Industry RFQ release for C&A Services
SAIR:
Provide federal enterprise situational awareness and incident response capabilities. GSA SmartBUY for the following tools: Baseline Configuration Testing Vulnerability Assessment Network Mapping & Discovery
Presenter’s Name June 17, 2003
�Driving Results
TIC DNSSEC BGPSEC
2 Factor Authentication
IPv6
Data at Rest Encryption
E-Mail Scanning
Patch Management
FDCC
Homeland Security
Cybersecurity and Communications
�FNS Presentations at GFIRST
Presentation on TIC and the TIC Compliance Validation Process. August 25th Agencies Point of View of Trusted Internet Connections (Panel Discussion). August 26th
Presenter’s Name
June 17, 2003
�Questions?
Presenter’s Name
June 17, 2003
��