Cybertelecom Federal Internet Law & Policy An Educational Project

Department of H. Security

"Federal policy establishes the Department of H. Security (DHS) as the focal point for the security of cyberspace — including analysis, warning, information sharing, vulnerability reduction, mitigation, and recovery efforts for public and private critical infrastructure information systems. To accomplish this mission, DHS is to work with other federal agencies, state and local governments, and the private sector. Among the many CIP responsibilities established for DHS and identified in federal law and policy are 13 key cybersecurity-related responsibilities. These include general CIP responsibilities that have a cyber element (such as developing national plans, building partnerships, and improving information sharing) as well as responsibilities that relate to the five priorities established by the National Strategy to Secure Cyberspace. The five priorities are (1) developing and enhancing national cyber analysis and warning, (2) reducing cyberspace threats and vulnerabilities, (3) promoting awareness of and training in security issues, (4) securing governments’ cyberspace, and (5) strengthening national security and international cyberspace security cooperation. " - GAO Critical Infrastructure Protection: Challenges in Addressing Cybersecurity GAO-05-827T page 6 June 19, 2005

"The H. Security Act of 2002 (P.L. 107-296) mandated several infrastructure protection responsibilities that relate to the Department’s cybersecurity mission. The Act also transferred many of the existing federal cyber programs to DHS. Among those programs and functions transferred were the following:

• National Infrastructure Protection Center (from the Federal Bureau of Investigation);
• National Communication System (an interagency group formerly supported by the
  Department of Defense);
• Critical Infrastructure Assurance Office (from the Department of Commerce);
• National Infrastructure Simulation and Analysis Center (a partnership between Sandia and Los Alamos National Laboratories, supported by the Department of Energy); and
• Federal Computer Incident Response Center (from the General Services Administration)."

- CyberSecurity for the H., Report of the Activities and Findings by the Chairman and Ranking Member Subcommittee on Cybersecurity, Science, and Research Development of the US House of Representatives Select Committee on H. Security p 16 (December 2004)

• Law
  • H. Security Act of 2002 (P.L. 107-296)
• Executive Orders / Whitehouse Documents
  • National Strategy to Secure Cyberspace ("DHS will become a federal center of excellence for cybersecurity and provide a focal point for federal outreach to state, local, and nongovernmental organizations including the private sector, academia, and the public.")
  • Executive Order establishing the Office of H. Security and the H. Security Council.  10/8/2001
• DHS: Research and Technology: Information and Infrastructure
• Marcus H. Sachs, P.E., Cyber Program Director, Information Analysis and Infrastruction Protection, US Department of H. Security Sachs Family Website
• H. Security Science and Technology Advisory Committee (HSSTAC)
• GAO-08-825, Critical Infrastructure Protection: DHS Needs to Fully Address Lessons Learned from Its First Cyber Storm Exercise, September 9, 2008, GAO 9/16/2008
• GAO-08-588, Cyber Analysis and Warning: DHS Faces Challenges in Establishing a Comprehensive National Capability, July 31, 2008, GAO 9/16/2008
• Internet Infrastructure: DHS Faces Challenges in Developing a Joint Public/Private Recovery Plan. GAO-06-672, June 16, GAO 8/8/2006
• CyberSecurity for the H., Report of the Activities and Findings by the Chairman and Ranking Member Subcommittee on Cybersecurity, Science, and Research Development of the US House of Representatives Select Committee on H. Security (December 2004)
• DHS Brews Up Cyber Storm 2, eweek 2/15/2007
• New cybersecurity chief lays out guidance, CW 2/9/2007
• H. Security sees cyberthreats on the rise, CNET 2/9/2007

National Cyber Security Division (NCSD)

"In June 2003, DHS created NCSD to serve as a national focal point for addressing cybersecurity issues and to coordinate the implementation of the National Strategy to Secure Cyberspace. Its mission is to secure cyberspace and America’s cyber assets in cooperation with public, private, and international entities.

"NCSD is the government lead on a public/private partnership supporting the US-CERT, an operational organization responsible for analyzing and addressing cyber threats and vulnerabilities and disseminating cyber-threat warning information. In the event of an Internet disruption, US-CERT facilitates coordination of recovery activities with the network and security operations centers of owners and operators of the Internet and with government incident response teams.

"NCSD also serves as the lead for the federal government’s cyber incident response through the National Cyber Response Coordination Group. This group is the principal federal interagency mechanism for coordinating the preparation for, and response to, significant cyber incidents—such as a major Internet disruption. In the event of a major disruption, the group convenes to facilitate intragovernmental and public/private preparedness and operations. The group brings together officials from national security, law enforcement, defense, intelligence, and other government agencies that maintain significant cybersecurity responsibilities and capabilities. Members use their established relationships with the private sector and with state and local governments to help coordinate and share situational awareness, manage a cyber crisis, develop courses of action, and devise response and recovery strategies.

"NCSD also recently formed the Internet Disruption Working Group, which is a partnership between NCSD, NCS, the Department of the Treasury, the Department of Defense, and private-sector companies, to plan for ways to improve DHS’s ability to respond to and recover from major Internet disruptions. The goals of the working group are to identify and prioritize the short-term protective measures necessary to prevent major disruptions to the Internet or reduce their consequences and to identify reconstitution measures in the event of a major disruption. - GAO 06-672 Internet Infrastructure: DHS Faces Challenges in Developing a Joint Public/Private Recovery Plan, GAO Report (June 2006)

NCSD Leadership

• July, 2006 - Present, Robert Zitz, Acting Director
• Oct, 2004 - July, 2006, Andy Purdy, Acting Director
• 2003, Sept - Oct, 2004 Amit Yoran, Director NCSD

• George W Foresman claimed to be the head of NCSD during a cybersecurity hearing on the hill Sept 13, 2006
• July 2005 Director position elevated to Assistant Secretary for Cyber Security and Telecommunications
• 2003 - 2005 Robert Liscouski, Assistant Secretary for Infrastructure Protection
• 2003 June DHS announces creation of NCSD
• 2003 Feb. White House Releases National Strategy for Cyberspace
• Lawrence Hale, Deputy Director NCSD
• Richard Clarke refused the initial position
• 2002 DHS Created
• Sept. 11, 2001

News

• Should NSA take over federal cybersecurity efforts?, CNET 9/22/2008
• Critics: Homeland Security unprepared for cyberthreats, CNET 9/18/2008
• White House picks tech entrepreneur for security post, CNET 3/20/2008
• DHS five years later: So, where's the beef, guys?, CNET 3/7/2008
• U.S. cybersecurity czar: Help us help you, CNET 10/2/2007
• Software Being Developed to Monitor Opinions of U.S., NYT 10/6/2006
• DHS Names Cyber-Security Chief, eweek 9/18/2006
• Top Cyber-Security Post Is Filled, Wash Post 9/18/2006
• CyberCzar Wait Is Almost Over, eWeek Sept 2006
• DHS puts Zitz in charge of cybersecurity division, Search Security, July 2006
• Cyber Storm tests US Defenses, BBC Feb 12, 2006
• US CyberSecurity Chief May Have a Conflict of Internet, WashPost June 2006 ("The Bush administration's cybersecurity chief is a contract employee who earns $577,000 under an agreement with a private university that does extensive business with the federal office he manages")
• DHS Shakes Things Up, eWeek July 2005
• DHS CyberSecurity Head Resigns, eWeek Jan 12, 2005
• US Gets New Cyber Security Chief, BBC Oct 2004 (Purdy)
• U.S. Cyber-Security Chief Calls It Quits, eWeek, Oct. 2004
• US Cyber Security Chief Resigns, BBC Oct 2004 (Yoran)
• Robert Liscouski, GovEXEC March 1, 2004

US CERT

The United States Computer Emergency Readiness Team (US-CERT) is a partnership between the Department of H. Security and the public and private sectors. Established in 2003 to protect the nation's Internet infrastructure, US-CERT coordinates defense against and responses to cyber attacks across the nation.

US-CERT is charged with protecting our nation's Internet infrastructure by coordinating defense against and response to cyber attacks. US-CERT is responsible for

• analyzing and reducing cyber threats and vulnerabilities
• disseminating cyber threat warning information
• coordinating incident response activities

US-CERT interacts with federal agencies, industry, the research community, state and local governments, and others to disseminate reasoned and actionable cyber security information to the public.

"Cyber Cop Portal: A secure, Internet-based, information-sharing mechanism that allows members of local, state, and federal government law enforcement organizations to discuss issues related to electronic/cyber crime and threat reduction."

National Control Systems Center

Law Enforcement and Intelligence Section:

"Serves a liaison function that provides a mechanism for information sharing of cyber-related efforts with the law enforcement and intelligence communities.
• Manages the National Cyber Response Coordination Groupa protection efforts.
• Facilitates the coordination of law enforcement and intelligence cyber-related efforts for NCSD."

National Cyber Response Coordination Group (NCRCG)

"a forum of 13 principal agencies that coordinate intra-governmental and public/private preparedness operations to respond to and recover from large-scale cyber attacks."

Protected Critical Infrastructure Information Program

"The PCII Program is designed to encourage private industry to voluntarily share their sensitive and proprietary business information with the Federal Government.  The Department of H. Security will use PCII in pursuit of a more secure H., focusing primarily on:

• Analyzing and securing critical infrastructure and protected systems,
• Identifying vulnerabilities and developing risk assessments, and
• Enhancing recovery preparedness measures.

"Information submitted, if it satisfies the requirements of the Critical Infrastructure Information Act of 2002, is protected from public disclosure under:

• The Freedom of Information Act,
• State and local sunshine laws, and
• Use in civil litigation. "

- DHS | PCII

Cyber Warning and Information Network CWIN

• Government Creates Its Own Private Cyber Network, Fox News March 2003
• Cyber Warning Net Launched, Public Sector Institute, Aug 2003
• DHS Network Broadcasts Cyberthreat Warnings, GCN June 2003

Strategic Initiatives Branch

"Coordinates with public and private sector security partners to understand the cyber threats confronting the nation’s critical infrastructure, including cybercrime, and factoring it into risk assessment and management activities."

Build in Security

"As part of the Software Assurance program, Build Security In (BSI) is a project of the Strategic Initiatives Branch of the National Cyber Security Division (NCSD) of the Department of H. Security (DHS). The Software Engineering Institute (SEI) was engaged by the NCSD to provide support in the Process and Technology focus areas of this initiative. The SEI team and other contributors develop and collect software assurance and software security information that helps software developers, architects, and security practitioners to create secure systems."

Secret Service

• Derived From: GAO Cybercrime Public and Private Entities Face Challenges in Addressing Cyberthreats p 31 (June 2007)
  • Investigates crimes that are a threat to the country’s financial infrastructures and places emphasis on computer fraud, cybercrime, identity theft, and other types of electronic crime."
  • "Electronic Crimes Special Agents: Agents assigned to headquarters and over 70 domestic and foreign offices.
    • Investigate cybercrime and conduct cyberforensics.
    • Train agents to investigate cybercrime, network intrusions, and Internet-based crime.
    • Assist other federal, state, and local law enforcement agencies.
    Electronic Crimes State and Local Program: A program to train state and local law enforcement officers to investigate cybercrime.
    • Trains officers in the areas of basic electronic crimes investigations, network intrusions, and computer forensics.
    • Creates cybercrime first responders at the state and local level.
    Electronic Crimes Task Forces: A network of 24 task forces creating strategic alliances among federal, state, and local law enforcement agencies and private sector entities.
    • Prevent, detect, and investigate various forms of electronic crime by increasing resources and sharing information to disrupt criminal activity.
    • Suppress technology-based criminal activity by building partnerships and sharing information.
    Criminal Intelligence Section: Serves as a central repository for data generated through Secret Service field investigations, open source Internet content, and information obtained through financial and private industry partnerships.
    • Coordinates, analyzes, and disseminates data in support of Secret Service investigations.
    • Generates investigative leads based upon criminal intelligence.
    • Monitors developing technologies and trends in the financial payments industry to prevent and mitigate attacks against the financial infrastructure.
    National Computer Forensic Institute: In collaboration with the State of Alabama, a national cybercrime training facility is being developed to train state and local law enforcement officers, prosecutors, and judges in the areas of basic electronic crimes investigation, network intrusion investigation, and computer forensics. "
• Electronic Crimes Branch

National Communications System

Mission: "Assist the President, the National Security Council, the Director of the Office of Science and Technology Policy and the Director of the Office of Management and Budget in (1) the exercise of the telecommunications functions and responsibilities, and (2) the coordination of the planning for and provision of national security and emergency preparedness communications for the Federal government under all circumstances, including crisis or emergency, attack & recovery and reconstitution."

"NCS is responsible for ensuring that communications infrastructure used by the federal government is available under all conditions-ranging from normal situations to national emergencies and international crises. The system does this through several activities, including a program that gives calling priority to federal executives, first responders, and other key officials in times of emergency. NCS was established by presidential direction in August 1963 in response to voice communication failures associated with the Cuban Missile Crisis. Its role was further clarified through an executive order issued in April 1984 that established the Secretary of Defense as the executive agent for NCS. In 2003, it was transferred to the responsibility of the Secretary of DHS.

"NCS is composed of members from 24 federal departments and agencies. Although it originally focused on "traditional" voice services via common carriers, NCS has now taken a larger role in Internet-related issues due to the convergence of voice and data networks. For example, it now helps manage issues related to disruptions of the Internet backbone (e.g., high-capacity data routes). NCC, which serves as the coordination component of NCS, is the point of contact with the private sector on issues that could affect the availability of the communications infrastructure. According to DHS, the center includes 47 members from major telecommunications organizations, such as Verizon and AT&T. These members represent 95 percent of the wireless and wire line telecommunications service providers and 90 percent of the Internet service provider backbone networks. 

"During a major disruption in telecommunications services, NCC Watch is to coordinate with NCC members in an effort to restore service as soon as possible. In the event of a major Internet disruption, it is to assist recovery efforts through its partnerships and collaboration with telecommunications and Internet-related companies. Using these partnerships, NCC has also created several programs that, in times of emergency, provide calling priority in to enable first responders and key officials at all levels to communicate using both landline phones and cellular devices.

- GAO Report to the Subcommittee on Emerging Threats, Cybersecurity , and Science and Technology, Committee on H. Security, House of Representatives (June 2008)

Cyber Security R&D Center

"The Cyber Security R&D Center was established by the Department of H. Security in 2004 to develop security technology for protection of the U.S. cyber infrastructure. The Center conducts its work through partnerships between government and private industry, the venture capital community, and the research community."

Immigration and Customs Enforcement

Derived From: GAO Cybercrime Public and Private Entities Face Challenges in Addressing Cyberthreats p 33 (June 2007)

"Investigates and seeks prosecution of domestic and transborder criminal activities occurring on or facilitated by the Internet, primarily within its authority to investigate immigration and customs violations.

"Cyber Crimes Center: Headquarters center that provides cyber-related technical and investigative services, training, and guidance to ICE headquarters and field office investigators and foreign attachés, as well as other foreign and domestic law enforcement entities.
• Develops and coordinates national-level Internet investigations, including online undercover operations, related to crimes investigated by ICE such as: transborder child exploitation, identity and benefit fraud, intellectual property rights, commercial fraud, strategic and national security, financial crimes, and general smuggling investigations.
• Performs forensics examination of electronic devices such as personal computers, personal digital assistants, cellular telephones, and other communication devices and operates the ICE National Digital Forensics Laboratory.
• Conducts research and development on new and emerging technologies.
ICE Field Offices: Digital Forensics Agents located in field offices throughout the United States perform forensic examinations of detained and/or seized digital storage devices in field laboratories, assist online field investigators in preparing search warrants targeting digital evidence, and provide expert testimony and support to state and local law enforcement agencies.
ICE Foreign Attachés Offices: Attachés located in ICE foreign offices coordinate investigative efforts with foreign law enforcement entities."

• US Customs Service CyberSmuggling Center 703-293-8005, c3@customs.ustreas.gov

GovNet

One of Tom Ridge's first recommendations was that the federal government should get out of cyberspace; in other words, that critical government communications be conducted over a secure private network and not over the Internet.  The proposed network is referred to as Govnet.

Federal Advisory Councils

• H. Security Science and Technology Advisory Committee (HSSTAC)
• National Security Telecommunications Advisory Committee
  • "Executive Order 13286, Section 47, issued in February 28, 2003, directed the National Security Telecommunications Advisory Committee (NSTAC) (established by Executive Order 12382 in September 1982) to report to the President through the Secretary of H. Security. DHS is tasked with providing the Council with appropriate administrative services and financial support. The NSTAC provides the President advice on the security and continuity of communications systems essential for national security and emergency preparedness."
• National Infrastructure Advisory Council

  "The National Infrastructure Advisory Council shall provide the President through the Secretary of H. Security with advice on the security of the critical infrastructure sectors and their information systems. The council is composed of a mazimum of 30 members, appointed by the President from privacy industry, academia, and state and local government."

Other DHS Stuff

• DNSSEC Deployment Initiative ("The U.S. Department of H. Security provides support for coordination of the initiative." See DNS Security)

Archive:

Federal Computer Incident Response Center

The Federal Computer Incident Response Center (FedCIRC) was created, pursuant to Presidential Decision Directive 63, as the central effort coordinating internal federal civilian preparation, analysis, and response to computer security issues.  FedCIRC is sponsored by the Federal CIO Council; it is administered by the Federal Technology Services Office of the General Services Administration.   FedCIRC provides a means for the multitude of federal agencies and organizations to coordinate and collaborate in their work, bringing together members of the Department of Defense, law enforcement, intelligence community, academia and computer security specialists.  FedCIRC's focus seems to be to take the work of groups such as CERT/CC and NIPC and disseminate that information internally to federal agencies, facilitating readiness of federal networks. FedCIRC

Papers

• GAO, Critical Infrastructure Protection: Department of H. Security Faces Challenges in Fulfilling Cybersecurity Responsibilities, GAO-05-434 (Washington, D.C.: May 26, 2005).

The role of NIPC has been assumed by DHS and NIPC no longer exists. See US CERT. The other vital federal effort is the National Infrastructure Protection Center (NIPC).  NIPC is charged with the monumental task of playing watchdog to the nationals critical infrastructure, including telecommunications, energy, money, water, the government, and emergency services.  The NIPC conducts threat assessment, producing analysis, warnings, and response information.  Housed in the DHS, NIPC is a collaborative effort between US agencies, intelligence community, and law enforcement - which creates a logistical challenge ensuring that the disparate participates remained confined within their congressionally mandated missions (for example, that military personnel cannot be used for domestic law enforcement).  Established in 1998, the NIPC was created pursuant to the recommendations of President Clinton's President's Council on Critical Infrastructure Protection.  NIPC is the central federal effort pulling together information on threats to critical infrastructure, enabling NIPC to disseminate information to facilitate readiness and also to have information with which to advise the President and the US Congress.  NIPC conducts an outreach program known as InfraGuard to critical infrastructure owners which, more than anything, facilitates the establishment of information sharing mechanisms.

• Papers
  • GAO, Critical Infrastructure Protection: Department of H. Security Faces Challenges in Fulfilling Cybersecurity Responsibilities, GAO-05-434 (Washington, D.C.: May 26, 2005)

• H. Security Reorganization Enhances Cyber Security, Americas Network 7/19/2005
• Computer Security Lacking at H. Security, Slashdot 6/10/2005
• FBI ponders changes to cybersecurity unit NIPC, CNN 3/21/02