/
Building Trustworthy, Secure Systems for the United States Critical Infrastructure Building Trustworthy, Secure Systems for the United States Critical Infrastructure

Building Trustworthy, Secure Systems for the United States Critical Infrastructure - PowerPoint Presentation

natalia-silvester
natalia-silvester . @natalia-silvester
Follow
343 views
Uploaded On 2019-11-21

Building Trustworthy, Secure Systems for the United States Critical Infrastructure - PPT Presentation

Building Trustworthy Secure Systems for the United States Critical Infrastructure An Urgent National Imperative The Current Landscape Its a dangerous world in cyberspace Cyber Risk Function ID: 766562

security systems nist publication systems security publication nist engineering cyber risk management resiliency privacy 800 selection inform special prioritization

Share:

Link:

Embed:

Download Presentation from below link

Download Presentation The PPT/PDF document "Building Trustworthy, Secure Systems for..." is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.


Presentation Transcript

Building Trustworthy, Secure Systems for the United States Critical InfrastructureAn Urgent National Imperative

The Current Landscape.It’s a dangerous world in cyberspace…

Cyber Risk.Function (threat, vulnerability, impact, likelihood)Defense Energy Transportation Manufacturing

Resilient Military Systems and the Advanced Cyber Threat Cyber Supply Chain Cyber Deterrence Defense Science Board Reports

Complexity.

Our appetite for advanced technology is rapidly exceeding our ability to protect it.

Data. Data. Everywhere.

Houston, we have a problem.

Protecting critical systems and assets—The highest priority for the national and economic security interests of the United States.

Defending cyberspace in 2018 and beyond.

Simplify. Innovate. Automate.

Identify and develop federal shared services. Move to FedRAMP-approved cloud services. Isolate and strengthen protection for high value assets. Reduce and manage the complexity of systems and networks… Engineer more trustworthy, secure, and resilient solutions. Federal Government’s Modernization Strategy

Reducing susceptibility to cyber threats requires a multidimensional strategy.System Harden the target First Dimension Limit damage to the target Second Dimension Make the target resilient Third Dimension

Cyber Resiliency. The ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on systems that use or are enabled by cyber resources.

Cyber resiliency relationships with other specialty engineering disciplines.Reliability Fault Tolerance Privacy Security Safety Resilience and Survivability

CREFCYBER RESILIENCY ENGINEERING FRAMEWORKprotection. Damage limitation. Resiliency. Goals Objectives Techniques Approaches Strategic Design Principles Structural Design Principles Risk Management Strategy Constructs

Relationship among cyber resiliency constructs.  TECHNIQUES Approaches Structural Design Principles Strategic Design Principles Why OBJECTIVES Understand Prevent/Avoid Prepare Continue Constrain Reconstitute Transform Re-architect What GOALS Anticipate Withstand Recover Adapt Risk Management Strategy How   Inform selection and prioritization Inform selection and prioritization Inform selection and prioritization Inform selection and prioritization Inform selection and prioritization Inform selection prioritization Inform selection

CREFCYBER RESILIENCY ENGINEERING FRAMEWORKprotection. Damage limitation. Resiliency. Adaptive Response Analytic Monitoring Coordinated Protection Substantiated Integrity Privilege Restriction Dynamic Positioning Dynamic Representation Techniques Non-Persistence Diversity Realignment Redundancy Segmentation Deception Unpredictability

Business or mission analysisStakeholder needs and requirements definitionSystem requirements definitionArchitecture definitionDesign definition System analysis Implementation Integration Verification Transition Validation Operation Maintenance Disposal ISO/IEC/IEEE 15288:2015 Systems and software engineering — System life cycle processes NIST SP 800-160 Cyber Resiliency Constructs in System Life Cycle.

NIST SP 800-37, Revision 2 Risk Management Framework for Information Systems and Organizations A System Life Cycle Approach for Security and Privacy

CATEGORIZE   ASSESS   AUTHORIZE   MONITOR   PREPARE   IMPLEMENT   SELECT   Just released for public review and comment. Risk Management Framework (RMF) 2.0

A unified framework for managing security, privacy, and supply chain risks.RMF2.0 Security Risk Management Privacy Risk Management Supply Chain Risk Management Communication between C-Suite and Implementers and Operators Alignment with NIST Cybersecurity Framework Alignment with Security Engineering Processes

Transparency.Trust. Traceability.

On the Horizon…NIST Special Publication 800-37, Revision 2 Risk Management Framework for Information Systems and OrganizationsFinal Publication: October 2018 NIST Special Publication 800-53, Revision 5 Security and Privacy Controls for Information Systems and Organizations Final Publication: December 2018 NIST Special Publication 800-53A, Revision 5 Assessing Security and Privacy Controls in Information Systems and Organizations Final Publication: September 2019

On the Horizon… NIST Special Publication 800-160, Volume 2 Systems Security Engineering Cyber Resiliency Considerations for the Engineering of Trustworthy Secure Systems Final Publication: October 2018 NIST Special Publication 800-160, Volume 3 Systems Security Engineering Software Assurance Considerations for the Engineering of Trustworthy Secure Systems Final Publication: December 2019 NIST Special Publication 800-160, Volume 4 Systems Security Engineering Hardware Assurance Considerations for the Engineering of Trustworthy Secure Systems Final Publication: December 2020

Some final thoughts.

Work smarter, not harder.

Institutionalize.The ultimate objective for security and privacy. Operationalize.

The essential partnership.IndustryGovernment Academia

Security. Privacy. Freedom.

100 Bureau Drive Mailstop 8930 Gaithersburg, MD USA 20899-8930 Email Mobile ron.ross@nist.gov 301.651.5083 LinkedIn Twitter www.linkedin.com/in/ronross-cybersecurity @ronrossecure Web Comments csrc.nist.gov sec-cert@nist.gov RMF RISK MANAGEMENT FRAMEWORK Simplify. Innovate. Automate.