The National Strategy to Secure Cyberspace: Difference between revisions

From Cybersecurity Wiki
Jump to navigation Jump to search
 
(12 intermediate revisions by the same user not shown)
Line 12: Line 12:
==Categorization==
==Categorization==
* Resource by Type: [[US Government Reports and Documents]]
* Resource by Type: [[US Government Reports and Documents]]
* Issues: [[Public-Private Cooperation]]
* Approaches: [[Government Organization]]; [[International Cooperation]]


==Key Words==  
==Key Words==
 
[[Keyword_Index_and_Glossary_of_Core_Ideas#Cyber_Terrorism | Cyber Terrorism]],
 
[[Keyword_Index_and_Glossary_of_Core_Ideas#Department_of_Homeland_Security | Department of Homeland Security]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#DDoS_Attack | DDoS Attack]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#National_Cybersecurity_Strategy_(U.S.) | National Cybersecurity Strategy (U.S.)]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#National_Security | National Security]],
[[Keyword_Index_and_Glossary_of_Core_Ideas#SCADA_Systems | SCADA Systems]]


==Synopsis==
==Synopsis==


===Strategic Objectives===
===Executive Summary - Strategic Objectives===
Consistent with the [http://www.dhs.gov/xabout/history/gc_1193938363680.shtm ''National Strategy for Homeland Security''], the strategic objectives of this ''National Strategy to Secure Cyberspace'' are to:
Consistent with the [http://www.dhs.gov/xabout/history/gc_1193938363680.shtm ''National Strategy for Homeland Security''], the strategic objectives of this ''National Strategy to Secure Cyberspace'' are to:
* Prevent cyber attacks against America’s critical infrastructures;
* Prevent cyber attacks against America’s critical infrastructures;
* Reduce national vulnerability to cyber attacks; and
* Reduce national vulnerability to cyber attacks; and
* Minimize damage and recovery time from cyber attacks that do occur.
* Minimize damage and recovery time from cyber attacks that do occur.
===Threat and Vulnerability===
Our economy and national security are fully
dependent upon information technology and
the information infrastructure. At the core of
the information infrastructure upon which we
depend is the Internet, a system originally
designed to share unclassified research among
scientists who were assumed to be uninterested
in abusing the network. It is that same Internet
that today connects millions of other computer
networks making most of the nation’s essential
services and infrastructures work. These
computer networks also control physical objects
such as electrical transformers, trains, pipeline
pumps, chemical vats, radars, and stock
markets, all of which exist beyond cyberspace.


A spectrum of malicious actors can and do
The National Strategy to Secure Cyberspace
conduct attacks against our critical information
articulates five national priorities including:
infrastructures. Of primary concern is the threat
 
of organized cyber attacks capable of causing
<ol style="list-style-type:upper-roman">
debilitating disruption to our Nation’s critical
<li>National Cyberspace Security Response System;</li>
infrastructures, economy, or national security.
<li>A National Cyberspace Security Threat and Vulnerability Reduction Program;</li>
The required technical sophistication to carry
<li>A National Cyberspace Security Awareness and Training Program;</li>
out such an attack is high—and partially
<li>Securing Governments’ Cyberspace; and</li>
explains the lack of a debilitating attack to date.
<li>National Security and International Cyberspace Security Cooperation.</li>
We should not, however, be too sanguine. There
</ol>
have been instances where organized attackers
 
have exploited vulnerabilities that may be
The first priority focuses on improving our
indicative of more destructive capabilities.
response to cyber incidents and reducing the
potential damage from such events. The second,
third, and fourth priorities aim to reduce threats
from, and our vulnerabilities to, cyber attacks.
The fifth priority is to prevent cyber attacks
that could impact national security assets and to
improve the international management of and
response to such attacks.
 
===Priority I: A National Cyberspace Security Response System===
Rapid identification, information exchange, and
remediation can often mitigate the damage
caused by malicious cyberspace activity. For
those activities to be effective at a national level,
the United States needs a partnership between
government and industry to perform analyses,
issue warnings, and coordinate response efforts.
Privacy and civil liberties must be protected in
the process. Because no cybersecurity plan can
be impervious to concerted and intelligent
attack, information systems must be able to
operate while under attack and have the
resilience to restore full operations quickly.
 
The National Strategy to Secure Cyberspace
identifies eight major actions and initiatives for
cyberspace security response:
# Establish a public-private architecture for responding to national-level cyber incidents;
# Provide for the development of tactical and strategic analysis of cyber attacks and vulnerability assessments;
# Encourage the development of a private sector capability to share a synoptic view of the health of cyberspace;
# Expand the Cyber Warning and Information Network to support the role of DHS in coordinating crisis management for cyberspace security;
# Improve national incident management;
# Coordinate processes for voluntary participation in the development of national public-private continuity and contingency plans;
# Exercise cybersecurity continuity plans for federal systems; and
# Improve and enhance public-private information sharing involving cyber attacks, threats, and vulnerabilities.
 
===Priority II: A National Cyberspace Security Threat and Vulnerability Reduction Program===
By exploiting vulnerabilities in our cyber
systems, an organized attack may endanger the
security of our Nation’s critical infrastructures.
The vulnerabilities that most threaten cyberspace
occur in the information assets of critical
infrastructure enterprises themselves and their
external supporting structures, such as the
mechanisms of the Internet. Lesser-secured
sites on the interconnected network of networks
also present potentially significant exposures to
cyber attacks. Vulnerabilities result from
weaknesses in technology and because of
improper implementation and oversight of
technological products.
 
The National Strategy to Secure Cyberspace
identifies eight major actions and initiatives to
reduce threats and related vulnerabilities:
 
# Enhance law enforcement’s capabilities for preventing and prosecuting cyberspace attacks;
# Create a process for national vulnerability assessments to better understand the potential consequences of threats and vulnerabilities;
# Secure the mechanisms of the Internet by improving protocols and routing;
# Foster the use of trusted digital control systems/supervisory control and data acquisition systems;
# Reduce and remediate software vulnerabilities;
# Understand infrastructure interdependencies and improve the physical security of cyber systems and telecommunications;
# Prioritize federal cybersecurity research and development agendas; and
# Assess and secure emerging systems.
 
===Priority III: A National Cyberspace Security Awareness and Training Program===
Many cyber vulnerabilities exist because of a
lack of cybersecurity awareness on the part of
computer users, systems administrators,
technology developers, procurement officials,
auditors, chief information officers (CIOs),
chief executive officers, and corporate boards.
Such awareness-based vulnerabilities present
serious risks to critical infrastructures regardless
of whether they exist within the infrastructure
itself. A lack of trained personnel and the
absence of widely accepted, multi-level
certification programs for cybersecurity
professionals complicate the task of addressing
cyber vulnerabilities.


Uncertainties exist as to the intent and full
The National Strategy to Secure Cyberspace
technical capabilities of several observed
identifies four major actions and initiatives for
attacks. Enhanced cyber threat analysis is
awareness, education, and training: 
needed to address long-term trends related to
# Promote a comprehensive national awareness program to empower all Americans—businesses, the general workforce, and the general population—to secure their own parts of cyberspace;
threats and vulnerabilities.What is known is
# Foster adequate training and education programs to support the Nation’s cybersecurity needs;
that the attack tools and methodologies are
# Increase the efficiency of existing federal cybersecurity training programs; and
becoming widely available, and the technical
# Promote private-sector support for well-coordinated, widely recognized professional cybersecurity certifications.  
capability and sophistication of users bent on
causing havoc or disruption is improving.
In peacetime America’s enemies may conduct
espionage on our Government, university
research centers, and private companies. They
may also seek to prepare for cyber strikes during
a confrontation by mapping U.S. information
systems, identifying key targets, and lacing our
infrastructure with back doors and other means
of access. In wartime or crisis, adversaries may
seek to intimidate the Nation’s political leaders
by attacking critical infrastructures and key
economic functions or eroding public confidence
in information systems.


Cyber attacks on United States information
===Priority IV: Securing Governments’ Cyberspace===
networks can have serious consequences such as
Although governments administer only a
disrupting critical operations, causing loss of
minority of the Nation’s critical infrastructure
revenue and intellectual property, or loss of life.
computer systems, governments at all levels
Countering such attacks requires the development
perform essential services in the agriculture,
of robust capabilities where they do not
food, water, public health, emergency services,
exist today if we are to reduce vulnerabilities
defense, social welfare, information and
and deter those with the capabilities and intent
telecommunications, energy, transportation,
to harm our critical infrastructures.
banking and finance, chemicals, and postal and
shipping sectors that depend upon cyberspace
for their delivery. Governments can lead by
example in cyberspace security, including
fostering a marketplace for more secure
technologies through their procurement.


===The Government Role in Securing Cyberspace===
The National Strategy to Secure Cyberspace
In general, the private sector is best equipped
identifies five major actions and initiatives for
and structured to respond to an evolving cyber
the securing of governments’ cyberspace:
threat. There are specific instances, however,
# Continuously assess threats and vulnerabilities to federal cyber systems;
where federal government response is most
# Authenticate and maintain authorized users of federal cyber systems;
appropriate and justified. Looking inward,
# Secure federal wireless local area networks;
providing continuity of government requires
# Improve security in government outsourcing and procurement; and
ensuring the safety of its own cyber infrastructure
# Encourage state and local governments to consider establishing information technology security programs and participate in information sharing and analysis centers with similar governments.
and those assets required for
supporting its essential missions and services.
Externally, a government role in cybersecurity is
warranted in cases where high transaction costs
or legal barriers lead to significant coordination
problems; cases in which governments operate
in the absence of private sector forces;
resolution of incentive problems that lead to
under provisioning of critical shared resources;
and raising awareness.


Public-private engagement is a key component
===Priority V: National Security and International Cyberspace Security Cooperation===
of our Strategy to secure cyberspace. This is
America’s cyberspace links the United States to
true for several reasons. Public-private partnerships
the rest of the world. A network of networks
can usefully confront coordination
spans the planet, allowing malicious actors on
problems. They can significantly enhance
one continent to act on systems thousands of
information exchange and cooperation.
miles away. Cyber attacks cross borders at light
Public-private engagement will take a variety
speed, and discerning the source of malicious
of forms and will address awareness, training,
activity is difficult. America must be capable of
technological improvements, vulnerability
safeguarding and defending its critical systems
remediation, and recovery operations.
and networks. Enabling our ability to do so
requires a system of international cooperation to
facilitate information sharing, reduce vulnerabilities,
and deter malicious actors.


A federal role in these and other cases is only
The National Strategy to Secure Cyberspace
justified when the benefits of intervention
identifies six major actions and initiatives to
outweigh the associated costs. This standard is
strengthen U.S. national security and international
especially important in cases where there are
cooperation:
viable private sector solutions for addressing any
potential threat or vulnerability. For each case,consideration should be given to the broadbased
costs and impacts of a given government
action, versus other alternative actions, versus
non-action, taking into account any existing or
future private solutions.


Federal actions to secure cyberspace are
# Strengthen cyber-related counterintelligence efforts;
warranted for purposes including: forensics and
# Improve capabilities for attack attribution and response;
attack attribution, protection of networks and
# Improve coordination for responding to cyber attacks within the U.S. national security community;
systems critical to national security, indications
# Work with industry and through international organizations to facilitate dialogue and partnerships among international public and private sectors focused on protecting information infrastructures and promoting a global “culture of security;”
and warnings, and protection against organized
# Foster the establishment of national and international watch-and-warning networks to detect and prevent cyber attacks as they emerge; and
attacks capable of inflicting debilitating damage
# Encourage other nations to accede to the Council of Europe Convention on Cybercrime, or to ensure that their laws and procedures are at least as comprehensive.
to the economy. Federal activities should also
support research and technology development
that will enable the private sector to better
secure privately-owned portions of the Nation’s
critical infrastructure.


==Additional Notes and Highlights==
==Additional Notes and Highlights==
Expertise Required: None

Latest revision as of 15:25, 8 September 2010

Full Title of Reference

The National Strategy to Secure Cyberspace

Full Citation

Executive Office of the President of the U.S., The National Strategy to Secure Cyberspace (2003). Online Paper. Web

BibTeX Google Books Amazon

Categorization

Key Words

Cyber Terrorism, Department of Homeland Security, DDoS Attack, National Cybersecurity Strategy (U.S.), National Security, SCADA Systems

Synopsis

Executive Summary - Strategic Objectives

Consistent with the National Strategy for Homeland Security, the strategic objectives of this National Strategy to Secure Cyberspace are to:

  • Prevent cyber attacks against America’s critical infrastructures;
  • Reduce national vulnerability to cyber attacks; and
  • Minimize damage and recovery time from cyber attacks that do occur.

The National Strategy to Secure Cyberspace articulates five national priorities including:

  1. National Cyberspace Security Response System;
  2. A National Cyberspace Security Threat and Vulnerability Reduction Program;
  3. A National Cyberspace Security Awareness and Training Program;
  4. Securing Governments’ Cyberspace; and
  5. National Security and International Cyberspace Security Cooperation.

The first priority focuses on improving our response to cyber incidents and reducing the potential damage from such events. The second, third, and fourth priorities aim to reduce threats from, and our vulnerabilities to, cyber attacks. The fifth priority is to prevent cyber attacks that could impact national security assets and to improve the international management of and response to such attacks.

Priority I: A National Cyberspace Security Response System

Rapid identification, information exchange, and remediation can often mitigate the damage caused by malicious cyberspace activity. For those activities to be effective at a national level, the United States needs a partnership between government and industry to perform analyses, issue warnings, and coordinate response efforts. Privacy and civil liberties must be protected in the process. Because no cybersecurity plan can be impervious to concerted and intelligent attack, information systems must be able to operate while under attack and have the resilience to restore full operations quickly.

The National Strategy to Secure Cyberspace identifies eight major actions and initiatives for cyberspace security response:

  1. Establish a public-private architecture for responding to national-level cyber incidents;
  2. Provide for the development of tactical and strategic analysis of cyber attacks and vulnerability assessments;
  3. Encourage the development of a private sector capability to share a synoptic view of the health of cyberspace;
  4. Expand the Cyber Warning and Information Network to support the role of DHS in coordinating crisis management for cyberspace security;
  5. Improve national incident management;
  6. Coordinate processes for voluntary participation in the development of national public-private continuity and contingency plans;
  7. Exercise cybersecurity continuity plans for federal systems; and
  8. Improve and enhance public-private information sharing involving cyber attacks, threats, and vulnerabilities.

Priority II: A National Cyberspace Security Threat and Vulnerability Reduction Program

By exploiting vulnerabilities in our cyber systems, an organized attack may endanger the security of our Nation’s critical infrastructures. The vulnerabilities that most threaten cyberspace occur in the information assets of critical infrastructure enterprises themselves and their external supporting structures, such as the mechanisms of the Internet. Lesser-secured sites on the interconnected network of networks also present potentially significant exposures to cyber attacks. Vulnerabilities result from weaknesses in technology and because of improper implementation and oversight of technological products.

The National Strategy to Secure Cyberspace identifies eight major actions and initiatives to reduce threats and related vulnerabilities:

  1. Enhance law enforcement’s capabilities for preventing and prosecuting cyberspace attacks;
  2. Create a process for national vulnerability assessments to better understand the potential consequences of threats and vulnerabilities;
  3. Secure the mechanisms of the Internet by improving protocols and routing;
  4. Foster the use of trusted digital control systems/supervisory control and data acquisition systems;
  5. Reduce and remediate software vulnerabilities;
  6. Understand infrastructure interdependencies and improve the physical security of cyber systems and telecommunications;
  7. Prioritize federal cybersecurity research and development agendas; and
  8. Assess and secure emerging systems.

Priority III: A National Cyberspace Security Awareness and Training Program

Many cyber vulnerabilities exist because of a lack of cybersecurity awareness on the part of computer users, systems administrators, technology developers, procurement officials, auditors, chief information officers (CIOs), chief executive officers, and corporate boards. Such awareness-based vulnerabilities present serious risks to critical infrastructures regardless of whether they exist within the infrastructure itself. A lack of trained personnel and the absence of widely accepted, multi-level certification programs for cybersecurity professionals complicate the task of addressing cyber vulnerabilities.

The National Strategy to Secure Cyberspace identifies four major actions and initiatives for awareness, education, and training:

  1. Promote a comprehensive national awareness program to empower all Americans—businesses, the general workforce, and the general population—to secure their own parts of cyberspace;
  2. Foster adequate training and education programs to support the Nation’s cybersecurity needs;
  3. Increase the efficiency of existing federal cybersecurity training programs; and
  4. Promote private-sector support for well-coordinated, widely recognized professional cybersecurity certifications.

Priority IV: Securing Governments’ Cyberspace

Although governments administer only a minority of the Nation’s critical infrastructure computer systems, governments at all levels perform essential services in the agriculture, food, water, public health, emergency services, defense, social welfare, information and telecommunications, energy, transportation, banking and finance, chemicals, and postal and shipping sectors that depend upon cyberspace for their delivery. Governments can lead by example in cyberspace security, including fostering a marketplace for more secure technologies through their procurement.

The National Strategy to Secure Cyberspace identifies five major actions and initiatives for the securing of governments’ cyberspace:

  1. Continuously assess threats and vulnerabilities to federal cyber systems;
  2. Authenticate and maintain authorized users of federal cyber systems;
  3. Secure federal wireless local area networks;
  4. Improve security in government outsourcing and procurement; and
  5. Encourage state and local governments to consider establishing information technology security programs and participate in information sharing and analysis centers with similar governments.

Priority V: National Security and International Cyberspace Security Cooperation

America’s cyberspace links the United States to the rest of the world. A network of networks spans the planet, allowing malicious actors on one continent to act on systems thousands of miles away. Cyber attacks cross borders at light speed, and discerning the source of malicious activity is difficult. America must be capable of safeguarding and defending its critical systems and networks. Enabling our ability to do so requires a system of international cooperation to facilitate information sharing, reduce vulnerabilities, and deter malicious actors.

The National Strategy to Secure Cyberspace identifies six major actions and initiatives to strengthen U.S. national security and international cooperation:

  1. Strengthen cyber-related counterintelligence efforts;
  2. Improve capabilities for attack attribution and response;
  3. Improve coordination for responding to cyber attacks within the U.S. national security community;
  4. Work with industry and through international organizations to facilitate dialogue and partnerships among international public and private sectors focused on protecting information infrastructures and promoting a global “culture of security;”
  5. Foster the establishment of national and international watch-and-warning networks to detect and prevent cyber attacks as they emerge; and
  6. Encourage other nations to accede to the Council of Europe Convention on Cybercrime, or to ensure that their laws and procedures are at least as comprehensive.

Additional Notes and Highlights

Expertise Required: None