Cybertelecom

Cybertelecom
Federal Internet Law & Policy
An Educational Project

Dept. Homeland Security

Cybersecurity
- Agencies
- - White House
- - DHS
- - NIST
- - NTIA
- - FCC
- Reference
- Cryptography

Crimes Against Network
- Worms, Viruses, Attacks
- Hackers
- DOS
- WiFi Security
- Cyberwar
- Network Reliability
- Infrastructure Protection
- - Kill Switch

Crimes Over Network
- CyberStalking
- Fraud
- - Auctions
- - Phishing
- Gambling
- ID Theft
- Offensive Words

Info Gathering
- Wiretaps
- CALEA
- ECPA
- FISA
- Forensics
- Carnivore
- Patriot Act
- Data Retention
- Safe Web Act

Emergency
- EAS
- Assessment
- Reliability
- Vulnerabilities

"Federal policies and plans assign DHS with the lead responsibility for facilitating a public/private response to and recovery from major Internet disruptions. Within DHS, responsibilities reside in two divisions within the Office of the Under Secretary for National Protection and Program, Office of Cybersecurity and Communications: the National Cyber Security Division (NCSD) and the National Communications System (NCS). NCSD operates the U.S. Computer Emergency Readiness Team (US-CERT), which coordinates defense against and response to cyber attacks. The other division, NCS, provides programs and services that assure the resilience of the telecommunications infrastructure in times of crisis. Additionally, the Federal Communications Commission can support Internet recovery by coordinating resources for restoring the basic communications infrastructures over which Internet services run. For example, after Hurricane Katrina, the commission granted temporary authority for private companies to set up wireless Internet communications supporting various relief groups; federal, state, and local government agencies; businesses; and victims in the disaster areas. " GAO Critical Infrastructure Protection: Challenges in Addressing Cybersecurity, Statement of Gregory C. Wilshusen, Director, Information Security Issues, GAO-08-212T, page 3 (Oct. 23, 2007). See also GAO Critical Infrastructure Protection: Challenges in Addressing Cybersecurity GAO-05-827T page 6 June 19, 2005

"The H. Security Act of 2002 (P.L. 107-296) mandated several infrastructure protection responsibilities that relate to the Department’s cybersecurity mission. The Act also transferred many of the existing federal cyber programs to DHS. Among those programs and functions transferred were the following:

National Infrastructure Protection Center (from the Federal Bureau of Investigation);

National Communication System (an interagency group formerly supported by the
Department of Defense);

Critical Infrastructure Assurance Office (from the Department of Commerce);

National Infrastructure Simulation and Analysis Center (a partnership between Sandia and Los Alamos National Laboratories, supported by the Department of Energy); and

Federal Computer Incident Response Center (from the General Services Administration)."

- CyberSecurity for the H., Report of the Activities and Findings by the Chairman and Ranking Member Subcommittee on Cybersecurity, Science, and Research Development of the US House of Representatives Select Committee on H. Security p 16 (December 2004)

National Protection and Programs Directorate

" The goal of the National Protection and Programs Directorate is to advance the Department's risk-reduction mission. Reducing risk requires an integrated approach that encompasses both physical and virtual threats and their associated human elements. "

NPPD > Office of Cybersecurity and Communications (CS&C) :

"The Office of Cybersecurity and Communications (CS&C) is responsible for enhancing the security, resiliency, and reliability of the nation's cyber and communications infrastructure. CS&C actively engages the public and private sectors as well as international partners to prepare for, prevent, and respond to catastrophic incidents that could degrade or overwhelm these strategic assets.

"CS&C works to prevent or minimize disruptions to our critical information infrastructure in order to protect the public, economy, government services, and the overall security of the United States. It does this by supporting a series of continuous efforts designed to further safeguard federal government systems by reducing potential vulnerabilities, protecting against cyber intrusions, and anticipating future threats.

"As the Sector-Specific Agency for the Communications and Information Technology (IT) sectors, CS&C coordinates national level reporting that is consistent with the National Response Framework (NRF) .

"Cyber Storm , the Department of Homeland Security's biennial exercise series, provides the framework for the nation's largest cybersecurity exercise and strengthens cyber preparedness in both the public and private sectors.

The Office of Emergency Communication developed the National Emergency Communications Plan (NECP) to ensure that emergency response personnel at all levels of government can communicate as needed, on demand, and as authorized. To achieve this objective, the NECP identifies the capabilities and initiatives necessary for communications operability, interoperability, and continuity for emergency responders nationwide.

Enhanced Cybersecurity Services

"The Department of Homeland Security's (DHS) Enhanced Cybersecurity Services (ECS) program is an intrusion prevention capability that helps U.S.-based companies protect their computer systems against unauthorized access, exploitation, and data exfiltration. ECS works by sharing sensitive and classified cyber threat information with accredited Commercial Service Providers (CSPs). These CSPs in turn use that information to block certain types of malicious traffic from entering customer networks. ECS is meant to augment, but not replace, existing cybersecurity capabilities.

Service Offerings

The ECS program currently offers three service offerings:

Domain Name Service (DNS) Sinkholing, which blocks access to specified malicious domain names;

Email (SMTP) Filtering, which blocks email with specified malicious criteria from entering a network; and

Netflow Analysis, which uses passive detection to identify threats.

The ECS program continues to consider additional services that can use government-vetted cyber threat indicators to enhance the protection of U.S.-based organizations.

Privacy

The ECS program embeds privacy protections into all of its operations. ECS does not monitor any private networks or collect any communications, directly or by proxy. DHS uses the Fair Information Practice Principles (FIPPs) to assess and mitigate impacts on an individual’s privacy. DHS has conducted and published a Privacy Impact Assessment (PIA) for the ECS program. To read more about the FIPPs, the ECS PIA, and related cyber programs, visit DHS's Cybersecurity and Privacy page.

Eligibility

All U.S.-based public and private entities are eligible to enroll in ECS. Program participation is voluntary and designed to protect government intelligence, corporate information security, and the privacy of participants. Four CSPs are accredited to provide ECS:

AT&T

CenturyLink

Lockheed Martin

Verizon

NPPD > CS&C > CyberStorm

"Cyber Storm, the Department of Homeland Security's biennial exercise series, provides the framework for the nation's largest cyber security exercise.

"Congress mandated the Cyber Storm exercise series to strengthen cyber preparedness in the public and private sectors. Securing cyber space is the National Cybersecurity Division 's top priority and one of the Department's four key priorities for 2008.

"Cyber Storm participants do the following:

Examine organizations' capability to prepare for, protect from, and respond to cyber attacks' potential effects;

Exercise strategic decision making and interagency coordination of incident response(s) in accordance with national level policy and procedures;

Validate information sharing relationships and communications paths for collecting and disseminating cyber incident situational awareness, response and recovery information; and

Examine means and processes through which to share sensitive information across boundaries and sectors without compromising proprietary or national security interests.

Each Cyber Storm builds on lessons learned from previous real world disasters, ensuring that participants face more sophisticated and challenging exercises every two years.

Cyberstorm II

GAO-08-825, Critical Infrastructure Protection: DHS Needs to Fully Address Lessons Learned from Its First Cyber Storm Exercise, September 9, 2008, GAO 9/16/2008

DHS Brews Up Cyber Storm 2, eweek 2/15/2007

Cyber Storm Exercise . Department of Homeland Security, September 2006. Includes Fact Sheet and Exercise Report.

Cyber Storm tests US Defenses, BBC Feb 12, 2006

NPPD > CS&C > National Cyber Security Division (NCSD)

"In June 2003, DHS created NCSD to serve as a national focal point for addressing cybersecurity issues and to coordinate the implementation of the National Strategy to Secure Cyberspace. Its mission is to secure cyberspace and America’s cyber assets in cooperation with public, private, and international entities.

"NCSD is the government lead on a public/private partnership supporting the US-CERT, an operational organization responsible for analyzing and addressing cyber threats and vulnerabilities and disseminating cyber-threat warning information. In the event of an Internet disruption, US-CERT facilitates coordination of recovery activities with the network and security operations centers of owners and operators of the Internet and with government incident response teams.

"NCSD also serves as the lead for the federal government’s cyber incident response through the National Cyber Response Coordination Group. This group is the principal federal interagency mechanism for coordinating the preparation for, and response to, significant cyber incidents—such as a major Internet disruption. In the event of a major disruption, the group convenes to facilitate intragovernmental and public/private preparedness and operations. The group brings together officials from national security, law enforcement, defense, intelligence, and other government agencies that maintain significant cybersecurity responsibilities and capabilities. Members use their established relationships with the private sector and with state and local governments to help coordinate and share situational awareness, manage a cyber crisis, develop courses of action, and devise response and recovery strategies.

"NCSD also recently formed the Internet Disruption Working Group, which is a partnership between NCSD, NCS, the Department of the Treasury, the Department of Defense, and private-sector companies, to plan for ways to improve DHS’s ability to respond to and recover from major Internet disruptions. The goals of the working group are to identify and prioritize the short-term protective measures necessary to prevent major disruptions to the Internet or reduce their consequences and to identify reconstitution measures in the event of a major disruption. - GAO 06-672 Internet Infrastructure: DHS Faces Challenges in Developing a Joint Public/Private Recovery Plan, GAO Report (June 2006)

NCSD Leadership

July, 2006 - , Robert Zitz, Acting Director

Oct, 2004 - July, 2006, Andy Purdy, Acting Director

2003, Sept - Oct, 2004 Amit Yoran, Director NCSD

George W Foresman claimed to be the head of NCSD during a cybersecurity hearing on the hill Sept 13, 2006

July 2005 Director position elevated to Assistant Secretary for Cyber Security and Telecommunications

2003 - 2005 Robert Liscouski, Assistant Secretary for Infrastructure Protection

2003 June DHS announces creation of NCSD

2003 Feb. White House Releases National Strategy for Cyberspace

Lawrence Hale, Deputy Director NCSD

Richard Clarke refused the initial position

2002 DHS Created

Sept. 11, 2001

NPPD > CS&C > NCSD > US CERT

The United States Computer Emergency Readiness Team (US-CERT) is a partnership between the Department of H. Security and the public and private sectors. Established in 2003 to protect the nation's Internet infrastructure, US-CERT coordinates defense against and responses to cyber attacks across the nation.

US-CERT is charged with protecting our nation's Internet infrastructure by coordinating defense against and response to cyber attacks. US-CERT is responsible for

analyzing and reducing cyber threats and vulnerabilities

disseminating cyber threat warning information

coordinating incident response activities

US-CERT interacts with federal agencies, industry, the research community, state and local governments, and others to disseminate reasoned and actionable cyber security information to the public.

Statement for the Record Dr. Peter Fonash Acting Director, National Cybersecurity Division Chief Technology Officer, Office of Cybersecurity and Communications National Protection and Programs Directorate U.S. Department of Homeland Security Before the United States House of Representatives Committee on Science and Technology Subcommittee on Technology and Innovation Subcommittee on Research and Science Education June 16, 2009

US-CERT has been identified by the Office of Management and Budget (OMB) as the central Federal information security incident center required by the Federal Information Security Management Act of 2002 (FISMA) and serves as the operational center for the security of cyberspace of Federal Executive Branch civilian networks and CIKR networks. Agencies report incidents to US-CERT, including the identification of malicious code, denial of service, improper usage, as well as incidents that involve Personally Identifiable Information (PII). Operating a 24/7/365 operations center, the US-CERT is the lead entity in the national effort to provide timely technical assistance to operators of agency information systems regarding cyber security incidents. In this capacity the US-CERT guides agencies on detecting and handling information security incidents, compiles and analyzes information about incidents that threaten information security, and informs operators of agency information systems about current and potential information security threats, and vulnerabilities.

US-CERT, working with OMB, is building additional capacity to fulfill its responsibilities under FISMA, as well as to better protect the Federal Executive Branch civilian systems and networks or ".gov." As a means of securing these networks, DHS is focused on implementing the Trusted Internet Connection (TIC) Initiative, which is led by the Office of Management and Budget. In addition, DHS is enhancing its EINSTEIN system, an intrusion detection capability, and deploying it at TICs across the Federal Government and at Networx Managed Trusted Internet Protocol Service (MTIPS) locations. Both of these programs support the efforts of the US-CERT-our 24/7/365 operations center that provides early watch, warning, and detection capabilities that enable us to more swiftly to identify and respond to malicious activity and to coordinate with our public and private sector partners.

The TIC initiative is a multi-faceted program which seeks to improve the U.S. Government's cybersecurity posture and build capacity to respond to incidents by reducing and consolidating the number of external connections which Federal Executive agencies have to the Internet. The multitude of external access points gives our adversaries too many avenues to seek out vulnerabilities and exploit potential security gaps in our networks. By limiting the number of entranceways into our networks to a smaller number, we can better monitor traffic entering and exiting the network and more rapidly identify when it is penetrated by an attacker.

Consolidating external connections and configuration management are the first step to creating a front line of defense. As we reduce external connections, we will deploy the EINSTEIN system at those TIC locations. This will allow us to more effectively analyze activity across Federal Executive Branch civilian networks. The EINSTEIN system helps to identify unusual network traffic patterns and trends that signal unauthorized network activity, allowing US-CERT to identify and respond to potential threats. DHS installed the first TIC on its own network and deployed the upgraded EINSTEIN 2 system. We will be using the lessons learned from our implementation process to assist other departments and agencies as we continue to build more TIC locations and install more EINSTEIN 2 systems.

In addition to installing the EINSTEIN 2 system on DHS's network, we created the National Cybersecurity Protection System (NCPS) to create the framework under which EINSTEN 2 and future upgrades will be developed and deployed. NCPS is part of the overall formal acquisition program developed to enable the acquisition of technology that supports the NCSD mission including US-CERT and CNCI-related tasking.

NCPS supports the acquisition and deployment of EINSTEIN 2. We have created a plan for EINSTEIN 2 deployment that includes four phases each with the following status:

Phase 1 - DHS Deployment: Deployment is complete and operating at initial operating capability.

Phase 2 - Deployment at five selected Departments or Agencies: Deployment has been completed and DHS expects initial operating capability at these locations in June 2009. Technical discussions for deployment and installation of the EINSTEIN 2 system at the final Phase 2 location are ongoing.

Phase 3 - Deployment at Networx/MTIPS Vendor Sites: Conducted technical discussions with each of the Networx/MTIPS contract awarded vendors. As the vendors complete their technical architectures, DHS is providing the EINSTEIN 2 capability and working with departments and agencies on implementation. DHS has commenced installation activities with one MTIPS awarded vendor.

Phase 4 - Deploy to remaining Single Service TIC Access Provider Departments or Agencies: Technical discussions have begun with some of the remaining agencies. Deployments will occur as these agencies become more technically stable in their TIC implementations.

In the future, NCPS will provide US-CERT analysts with an automated capability to better aggregate, correlate, and visualize information. In addition, DHS envisions developing an Intrusion Prevention System, EINSTEIN 3, for Federal Executive Branch networks and systems. The system once fully deployed will provide the Government with an early warning system and situational awareness, near real-time identification of malicious activity, and a more comprehensive network defense.

NPPD > CS&C > NCSD > Cybersecurity Preparedness and the National Cyber Alert System

Cyber threats are constantly changing. Both technical and non-technical computer users can stay prepared for these threats by receiving current information by signing up for the National Cyber Alert System .

Government Creates Its Own Private Cyber Network, Fox News March 2003

Cyber Warning Net Launched, Public Sector Institute, Aug 2003

DHS Network Broadcasts Cyberthreat Warnings, GCN June 2003

NPPD > CS&C > NCSD > Cyber Cop Portal

Coordination with law enforcement helps capture and convict those responsible for cyber attacks. The Cyber Cop Portal is an information sharing and collaboration tool accessed by over 5,300 investigators worldwide who are involved in electronic crimes cases. "

NPPD > CS&S > NCSD > National Cyber Response Coordination Group (NCRCG)

Made up of 13 federal agencies, this is the principal federal agency mechanism for cyber incident response. In the event of a nationally significant cyber-related incident, the NCRCG will help to coordinate the federal response, including US-CERT, law enforcement and the intelligence community.

NPPD > CS&S > NCSD > National Vulnerability Database

NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. NVD includes databases of security checklists, security related software flaws, misconfigurations, product names, and impact metrics.

NPPD > CS&C > National Communications System

NCS dissolved in 2012 Executive Order 13618

Mission: "Assist the President, the National Security Council, the Director of the Office of Science and Technology Policy and the Director of the Office of Management and Budget in (1) the exercise of the telecommunications functions and responsibilities, and (2) the coordination of the planning for and provision of national security and emergency preparedness communications for the Federal government under all circumstances, including crisis or emergency, attack & recovery and reconstitution."

"NCS is responsible for ensuring that communications infrastructure used by the federal government is available under all conditions-ranging from normal situations to national emergencies and international crises. The system does this through several activities, including a program that gives calling priority to federal executives, first responders, and other key officials in times of emergency. NCS was established by presidential direction in August 1963 in response to voice communication failures associated with the Cuban Missile Crisis. Its role was further clarified through an executive order issued in April 1984 that established the Secretary of Defense as the executive agent for NCS. In 2003, it was transferred to the responsibility of the Secretary of DHS.

"NCS is composed of members from 24 federal departments and agencies. Although it originally focused on "traditional" voice services via common carriers, NCS has now taken a larger role in Internet-related issues due to the convergence of voice and data networks. For example, it now helps manage issues related to disruptions of the Internet backbone (e.g., high-capacity data routes). NCC, which serves as the coordination component of NCS, is the point of contact with the private sector on issues that could affect the availability of the communications infrastructure. According to DHS, the center includes 47 members from major telecommunications organizations, such as Verizon and AT&T. These members represent 95 percent of the wireless and wire line telecommunications service providers and 90 percent of the Internet service provider backbone networks.

"During a major disruption in telecommunications services, NCC Watch is to coordinate with NCC members in an effort to restore service as soon as possible. In the event of a major Internet disruption, it is to assist recovery efforts through its partnerships and collaboration with telecommunications and Internet-related companies. Using these partnerships, NCC has also created several programs that, in times of emergency, provide calling priority in to enable first responders and key officials at all levels to communicate using both landline phones and cellular devices.

- GAO Report to the Subcommittee on Emerging Threats, Cybersecurity , and Science and Technology, Committee on H. Security, House of Representatives (June 2008)

NPPD > CS&S > NCS > National Coordinating Center (NCC)

"In January 2000, the NCC was designated an Information Sharing and Analysis Center (ISAC) for communications in accordance with PDD-6. The Comm ISAC wil facilitate the exchange among government and industry participants regarding vulnerability, threat, intrusion, and anomaly information affecting the telecommunications infrastructure. Since its creation, the NCC has coordinated the restoration and provisioning of NS/EP telecommunication services and facilities during natural disasters and armed conflicts

" In 1982, telecommunications industry and Federal government officials identified the need for a joint mechanism to coordinate initiation and restoration of national security and emergency preparedness (NS/EP) telecommunication services. In 1983, the group recommended to the National Security Telecommunications Advisory Committee (NSTAC) and to President Reagan that a joint industry and government-staffed NCC be created as a central organization to handle emergency telecommunication requests. On January 3, 1984, the NCC opened for business.

NPPD > CS&C > NCS > National Security Telecommunications Advisory Committee (NSTAC)

"The NSTAC Mission and Key Themes

"Meeting our Nation's critical national security and emergency preparedness (NS/EP) challenges demands attention to many issues. Among these, none could be more important than the availability and reliability of telecommunication services. The President's National Security Telecommunications Advisory Committee (NSTAC) mission is to provide the U.S. Government the best possible industry advice in these areas.

25 Years of Partnership

"For over 25 years, the NSTAC has brought together up to 30 industry chief executives from major telecommunications companies, network service providers, information technology, finance, and aerospace companies. These industry leaders provide the President with collaborative advice and expertise, as well as robust reviews and recommendations. The NSTAC's goal is to develop recommendations to the President to assure vital telecommunications links through any event or crisis, and to help the U.S. Government maintain a reliable, secure, and resilient national communications posture.

"Beyond the industry collaboration alone, the NSTAC serves as a prominent model for trusted public/private partnerships, resulting in mutually beneficial information sharing mechanisms and the implementation of several programs to reinforce that partnership. One of the NSTAC's first efforts recommended the creation of the National Coordinating Center as an operational arm of the NSTAC, and later, as the Information Sharing and Analysis Center for the communications sector, where information relevant to the protection and operation of the communications infrastructure is shared between industry and Government. Subsequently, the NSTAC also helped to establish the industry and Government Network Security Information Exchanges, allowing representatives from the public and private sectors to share sensitive information on threats to operations, administration, maintenance, and provisioning systems supporting the telecommunications infrastructure. The NSTAC recognized that information sharing is a key component to the industry and Government relationship, tying together all facets of the NSTAC agenda to provide resilient national telecommunications services.

"Since its inception, the NSTAC has addressed a wide range of policy and technical issues regarding communications, information systems, information assurance, critical infrastructure protection, and other NS/EP communications concerns. In recent years, the Government, with the support of the NSTAC, addressed new NS/EP challenges caused by several primary factors: the convergence of traditional and broadband networks; the changing global threat environment; and the continuing global expansion of both provider and user communities. In the face of this ever-increasing complexity of the domestic and global network environment, the NSTAC's work, more so than ever, is of vital national importance, and the committee remains vigilant in aggressively addressing our Nation's highest priority NS/EP communications needs.

"Throughout the NSTAC's history, five key themes continue to emerge as their major areas of focus:

Strengthening national security

Enhancing cybersecurity

Maintaining the global communications infrastructure

Assuring communications for disaster response

Addressing critical infrastructure interdependencies and dependencies

"The NSTAC remains committed to providing the best possible technical information and policy advice to assist the President and other stakeholders responsible for the critical NS/EP services for our Nation." [NSTAC Website]

NPPD > CS&C > Office of Emergency Communications

The Office of Emergency Communications (OEC) supports the Secretary of Homeland Security in developing, implementing, and coordinating interoperable and operable communications for the emergency response community at all levels of government.

NPPD > Office of Infrastructure Protection (IP)

Protecting the nation's critical infrastructure and key resources (CIKR) is a key Department of Homeland Security mission established in 2002 by the National Strategy for Homeland Security and the Homeland Security Act .

The Department's Office of Infrastructure Protection (IP) within the National Protection and Programs Directorate (NPPD) leads the coordinated national program to reduce risks to the nation's CIKR posed by acts of terrorism, and to strengthen national preparedness, timely response, and rapid recovery in the event of an attack, natural disaster, or other emergency.

This is a complex mission. CIKR range from the nation's electric power, food and drinking water to its national monuments, telecommunications and transportation systems, chemical facilities and much more. The vast majority of national CIKR is privately owned and operated, making public-private partnerships essential to protect CIKR and respond to events.

Protected Critical Infrastructure Information Program

Critical Infrastructure Information Act of 2002 (PDF, 11 pages - 53 KB)

Final Rule: Procedures for Handling Protected Critical Infrastructure Information

PCII Program FAQ, (PDF, 6 pages - 127 KB)

PCII Program Procedures Manual, (PDF, 145 pages - 1.42 MB)

PCII Cover Sheet, (PDF, 1 page - 100 KB)

"The PCII Program is designed to encourage private industry to voluntarily share their sensitive and proprietary business information with the Federal Government. The Department of H. Security will use PCII in pursuit of a more secure H., focusing primarily on:

Analyzing and securing critical infrastructure and protected systems,

Identifying vulnerabilities and developing risk assessments, and

Enhancing recovery preparedness measures.

"Information submitted, if it satisfies the requirements of the Critical Infrastructure Information Act of 2002, is protected from public disclosure under:

The Freedom of Information Act,

State and local sunshine laws, and

Use in civil litigation. "

- DHS | PCII

Science and Technology Directorate

The Science and Technology Directorate (S&T) manages science and technology research to protect the h., from development through transition for Department components and first responders.

> Homeland Security Advanced Research Projects Agency > Cyber Security Division > Cyber Security Research and Development Center

"The U.S. Department of Homeland Security Science and Technology Directorate established the Cyber Security Division (CSD), within the Directorate's Homeland Security Advanced Research Projects Agency (HSARPA), in fiscal year 2011 in response to the increasing importance of the cybersecurity mission. CSD’s mission is to contribute to enhancing the security and resilience of the Nation’s critical information infrastructure and the Internet by (1) driving security improvements to address critical weaknesses, (2) discovering new solutions for emerging cyber security threats, and (3) delivering new, tested technologies to defend against cyber security threats."

Secret Service

Derived From: GAO Cybercrime Public and Private Entities Face Challenges in Addressing Cyberthreats p 31 (June 2007)

Investigates crimes that are a threat to the country’s financial infrastructures and places emphasis on computer fraud, cybercrime, identity theft, and other types of electronic crime."

"Electronic Crimes Special Agents: Agents assigned to headquarters and over 70 domestic and foreign offices.
• Investigate cybercrime and conduct cyberforensics.
• Train agents to investigate cybercrime, network intrusions, and Internet-based crime.
• Assist other federal, state, and local law enforcement agencies.
Electronic Crimes State and Local Program: A program to train state and local law enforcement officers to investigate cybercrime.
• Trains officers in the areas of basic electronic crimes investigations, network intrusions, and computer forensics.
• Creates cybercrime first responders at the state and local level.
Electronic Crimes Task Forces: A network of 24 task forces creating strategic alliances among federal, state, and local law enforcement agencies and private sector entities.
• Prevent, detect, and investigate various forms of electronic crime by increasing resources and sharing information to disrupt criminal activity.
• Suppress technology-based criminal activity by building partnerships and sharing information.
Criminal Intelligence Section: Serves as a central repository for data generated through Secret Service field investigations, open source Internet content, and information obtained through financial and private industry partnerships.
• Coordinates, analyzes, and disseminates data in support of Secret Service investigations.
• Generates investigative leads based upon criminal intelligence.
• Monitors developing technologies and trends in the financial payments industry to prevent and mitigate attacks against the financial infrastructure.
National Computer Forensic Institute: In collaboration with the State of Alabama, a national cybercrime training facility is being developed to train state and local law enforcement officers, prosecutors, and judges in the areas of basic electronic crimes investigation, network intrusion investigation, and computer forensics. "

Electronic Crimes Branch

United States Secret Service, memorandum entitled "Electronic Crime task Forces (ECTF)" (undated)

Insider Threat Study

"The Insider Threat Study is one component of an ongoing partnership between the Secret Service's National Threat Assessment Center and the Software Engineering Institute's CERT® Coordination Center, designed to develop information to help private industry, government, and law enforcement better understand, detect and ultimately prevent harmful insider activity.

"The definition of an insider for this study includes current, former, or contract employees of an organization. The cases analyzed in the Insider Threat Study involve incidents in which an insider intentionally exceeded or misused an authorized level of system access in a manner that affected the organization's data, daily business operations, or system security, or involved other harm perpetrated via a computer.

"For the Insider Threat Study, researchers from the Secret Service CERT/CC have focused on identifying the physical and online behaviors and communications that insiders engaged in before the incidents, as well as how the incidents were eventually executed, detected, and the insider identified. This approach addresses a broader phenomenon than previous studies on the topic of insider activity.

Report 2 Computer System Sabotage in Critical Infrastructure Sectors pdf - 164 Kb
- Press Release
- Executive Summary

Report 1 Illicit Cyber Activity in the Banking and Finance Sector pdf - 107 Kb
- Press Release

Cyber Security R&D Center

"The Cyber Security R&D Center was established by the Department of H. Security in 2004 to develop security technology for protection of the U.S. cyber infrastructure. The Center conducts its work through partnerships between government and private industry, the venture capital community, and the research community."

Immigration and Customs Enforcement (ICE)

Derived From: GAO Cybercrime Public and Private Entities Face Challenges in Addressing Cyberthreats p 33 (June 2007)

"Investigates and seeks prosecution of domestic and transborder criminal activities occurring on or facilitated by the Internet, primarily within its authority to investigate immigration and customs violations.

"Cyber Crimes Center: Headquarters center that provides cyber-related technical and investigative services, training, and guidance to ICE headquarters and field office investigators and foreign attachés, as well as other foreign and domestic law enforcement entities.
• Develops and coordinates national-level Internet investigations, including online undercover operations, related to crimes investigated by ICE such as: transborder child exploitation, identity and benefit fraud, intellectual property rights, commercial fraud, strategic and national security, financial crimes, and general smuggling investigations.
• Performs forensics examination of electronic devices such as personal computers, personal digital assistants, cellular telephones, and other communication devices and operates the ICE National Digital Forensics Laboratory.
• Conducts research and development on new and emerging technologies.
ICE Field Offices: Digital Forensics Agents located in field offices throughout the United States perform forensic examinations of detained and/or seized digital storage devices in field laboratories, assist online field investigators in preparing search warrants targeting digital evidence, and provide expert testimony and support to state and local law enforcement agencies.
ICE Foreign Attachés Offices: Attachés located in ICE foreign offices coordinate investigative efforts with foreign law enforcement entities."

US Customs Service CyberSmuggling Center 703-293-8005, c3@customs.ustreas.gov

GovNet

One of Tom Ridge's first recommendations was that the federal government should get out of cyberspace; in other words, that critical government communications be conducted over a secure private network and not over the Internet. The proposed network is referred to as Govnet.

Federal Advisory Councils

H. Security Science and Technology Advisory Committee (HSSTAC)

The Homeland Security Science and Technology Advisory Committee (HSSTAC) serves as a source of independent, scientific and technical planning advice for the Under Secretary for Science and Technology.

National Security Telecommunications Advisory Committee

"Executive Order 13286, Section 47, issued in February 28, 2003, directed the National Security Telecommunications Advisory Committee (NSTAC) (established by Executive Order 12382 in September 1982) to report to the President through the Secretary of H. Security. DHS is tasked with providing the Council with appropriate administrative services and financial support. The NSTAC provides the President advice on the security and continuity of communications systems essential for national security and emergency preparedness." See NCS

National Infrastructure Advisory Council

"The National Infrastructure Advisory Council shall provide the President through the Secretary of H. Security with advice on the security of the critical infrastructure sectors and their information systems. The council is composed of a mazimum of 30 members, appointed by the President from privacy industry, academia, and state and local government."

Critical Infrastructure Protection Advisory Council

"The Department of H. Security has established the Critical Infrastructure Partnership Advisory Council (CIPAC) to facilitate effective coordination between federal infrastructure protection programs with the infrastructure protection activities of the private sector and of state, local, territorial and tribal governments. The CIPAC represents a partnership between government and critical infrastructure/key resource (CIKR) owners and operators and provides a forum in which they can engage in a broad spectrum of activities to support and coordinate critical infrastructure protection."

Critical Infrastructure Sector Partnership .

Critical infrastructure protection is a shared responsibility among federal, state, local and tribal governments, and the owners and operators of the nation's critical infrastructure and key resources.

-

Other DHS Stuff

DNSSEC Deployment Initiative ("The U.S. Department of H. Security provides support for coordination of the initiative." See DNS Security)

Reference

Law

H. Security Act of 2002 (P.L. 107-296)

Federal Information Security Management Act (FISMA) 2002

Related Laws

Communications Act

Computer Fraud and Abuse Act

Defense Production Act (DPA)

Electronic Communications Privacy Act

Intelligence Authorization Act

Intelligence Reform and Terrorism Prevention Act

National Emergencies Act

Stafford Act

DHS Documents

NSPD-54 /HSPD-23: Cyber Security and Monitoring 2008

HSPD-7: Critical Infrastructure Identification, Prioritization, and Protection 2003

HSPD-5: Management of Domestic Incidents

Reports

DHS: Research and Technology: Information and Infrastructure

Dep’t Of Homeland Security, Enabling Distributed Security In Cyberspace: Building A Healthy And Resilient Cyber Ecosystem With Automated Collective Action (2011)

GAO-08-588, Cyber Analysis and Warning: DHS Faces Challenges in Establishing a Comprehensive National Capability, July 31, 2008, GAO 9/16/2008

Internet Infrastructure: DHS Faces Challenges in Developing a Joint Public/Private Recovery Plan. GAO-06-672, June 16, GAO 8/8/2006

CyberSecurity for the H., Report of the Activities and Findings by the Chairman and Ranking Member Subcommittee on Cybersecurity, Science, and Research Development of the US House of Representatives Select Committee on H. Security (December 2004)

Papers

Marcus H. Sachs, P.E., Cyber Program Director, Information Analysis and Infrastruction Protection, US Department of H. Security Sachs Family Website

News

Director of US-CERT quits abruptly, CW 7/26/2011

US Top Cybersecurity Official Resigns, Circleid 5/20/2011

Homeland Security Department Seeks Boost in Cybersecurity Funding, $936 Million for Fiscal 2012, Circleid 2/16/2011

U.S. cybersecurity plans lagging, critics say, WAPO 9/17/2010

DHS Cyber Division Misses 1,085 Holes on Own Network, Wired 9/13/2010

DHS Cybersecurity Plan Will Involve NSA, Telecoms, Wash Post 7/7/2009

Lawmakers question whether DHS cybersecurity role will be undercut by White House appointment, CW 6/5/2009

Obama Expected to Announce "Cyber Czar" in a Few Days, CircleID 5/25/2009

US cyber-security 'embarrassing', BBC 5/1/2009

White House may relieve DHS of cybersecurity role, CNET 4/28/2009

Senate committee demands DHS explain alleged lack of support for cybersecurity office, CW 3/27/2009

House politicians search for DHS cybersecurity fix, CNET 3/12/2009

A Struggle Over U.S. Cybersecurity, Wash Post 3/10/2009

Obama hints at cybersecurity shake-up with review, CNET 2/10/2009

Obama begins cybersecurity review, BBC 2/10/2009

Hathaway to Head US Cybersecurity Effort, CircleID 2/10/2009

Should NSA take over federal cybersecurity efforts?, CNET 9/22/2008

Critics: Homeland Security unprepared for cyberthreats, CNET 9/18/2008

White House picks tech entrepreneur for security post, CNET 3/20/2008

DHS five years later: So, where's the beef, guys?, CNET 3/7/2008

U.S. cybersecurity czar: Help us help you, CNET 10/2/2007

New cybersecurity chief lays out guidance, CW 2/9/2007

H. Security sees cyberthreats on the rise, CNET 2/9/2007

Software Being Developed to Monitor Opinions of U.S., NYT 10/6/2006

DHS Names Cyber-Security Chief, eweek 9/18/2006

Top Cyber-Security Post Is Filled, Wash Post 9/18/2006

CyberCzar Wait Is Almost Over, eWeek Sept 2006

DHS puts Zitz in charge of cybersecurity division, Search Security, July 2006

US CyberSecurity Chief May Have a Conflict of Internet, WashPost June 2006 ("The Bush administration's cybersecurity chief is a contract employee who earns $577,000 under an agreement with a private university that does extensive business with the federal office he manages")

DHS Shakes Things Up, eWeek July 2005

DHS CyberSecurity Head Resigns, eWeek Jan 12, 2005

US Gets New Cyber Security Chief, BBC Oct 2004 (Purdy)

U.S. Cyber-Security Chief Calls It Quits, eWeek, Oct. 2004

US Cyber Security Chief Resigns, BBC Oct 2004 (Yoran)

Robert Liscouski, GovEXEC March 1, 2004

White House cyber czar and other security non-events of 2009, CW 12/18/2009

US Opens Unified Cyber Security Command Centre, CircleID 11/4/2009

Report: Obama close to appointing White House cybersecurity chief, CW 9/10/2009

DHS Cybersecurity Chief: We Want to Build Cybersecurity Into DNA of Infrastructure, CircleID 9/1/2009

Top Cybersecurity Official Resigns, Wash Post 8/11/2009

Archive:

Federal Computer Incident Response Center

The Federal Computer Incident Response Center (FedCIRC) was created, pursuant to Presidential Decision Directive 63, as the central effort coordinating internal federal civilian preparation, analysis, and response to computer security issues. FedCIRC is sponsored by the Federal CIO Council; it is administered by the Federal Technology Services Office of the General Services Administration. FedCIRC provides a means for the multitude of federal agencies and organizations to coordinate and collaborate in their work, bringing together members of the Department of Defense, law enforcement, intelligence community, academia and computer security specialists. FedCIRC's focus seems to be to take the work of groups such as CERT/CC and NIPC and disseminate that information internally to federal agencies, facilitating readiness of federal networks. FedCIRC

Papers

GAO, Critical Infrastructure Protection: Department of H. Security Faces Challenges in Fulfilling Cybersecurity Responsibilities, GAO-05-434 (Washington, D.C.: May 26, 2005).

The role of NIPC has been assumed by DHS and NIPC no longer exists. See US CERT. The other vital federal effort is the National Infrastructure Protection Center (NIPC). NIPC is charged with the monumental task of playing watchdog to the nationals critical infrastructure, including telecommunications, energy, money, water, the government, and emergency services. The NIPC conducts threat assessment, producing analysis, warnings, and response information. Housed in the DHS, NIPC is a collaborative effort between US agencies, intelligence community, and law enforcement - which creates a logistical challenge ensuring that the disparate participates remained confined within their congressionally mandated missions (for example, that military personnel cannot be used for domestic law enforcement). Established in 1998, the NIPC was created pursuant to the recommendations of President Clinton's President's Council on Critical Infrastructure Protection. NIPC is the central federal effort pulling together information on threats to critical infrastructure, enabling NIPC to disseminate information to facilitate readiness and also to have information with which to advise the President and the US Congress. NIPC conducts an outreach program known as InfraGuard to critical infrastructure owners which, more than anything, facilitates the establishment of information sharing mechanisms.

Papers
GAO, Critical Infrastructure Protection: Department of H. Security Faces Challenges in Fulfilling Cybersecurity Responsibilities, GAO-05-434 (Washington, D.C.: May 26, 2005)

H. Security Reorganization Enhances Cyber Security, Americas Network 7/19/2005

Computer Security Lacking at H. Security, Slashdot 6/10/2005

FBI ponders changes to cybersecurity unit NIPC, CNN 3/21/02