Archive

Archive for June, 2010

The US National Strategy for Trusted Identities in Cyberspace

June 30, 2010 Leave a comment

The National Strategy for Trusted Identities in Cyberspace or simply (NSTIC), calls for the creation of an online environment, or an Identity Ecosystem, where individuals and organizations can complete online transactions with confidence, trusting the identities of each other and the identities of the infrastructure that the transaction runs on. For example, no longer should individuals have to remember an ever-expanding and potentially insecure list of usernames and passwords to login into various online services. Through the strategy we seek to enable a future where individuals can voluntarily choose to obtain a secure, interoperable, and privacy-enhancing credential (e.g., a smart identity card, a digital certificate on their cell phone, etc) from a variety of service providers – both public and private – to authenticate themselves online for different types of transactions (e.g., online banking, accessing electronic health records, sending email, etc.). Another key concept in the strategy is that the Identity Ecosystem is user-centric – that means you, as a user, will be able to have more control of the private information you use to authenticate yourself on-line, and generally will not have to reveal more than is necessary to do so.

IAPC

IAPC

The complexity of the entire ecosystem can be judged by the Chart above.
Download the Information Assurance Policy Chart
Download the National Strategy Document for Trusted Identity in Cyber Space

Source: White House Blog “By Howard Schmidt”

Advertisements

DHS Cyber Security Resources Catalog

June 13, 2010 Leave a comment

Copied from http://www.Infosecisland.com

The Department of Homeland Security (DHS) has released a “Private Sector Resources Catalog” collecting training, publications, guidance, alerts, newsletters, programs, and services available to the private sector. This is the first such effort to encompass all of DHS and represents a commitment to facilitate public access and increase transparency. The publication recognizes the diversity of the private sector and includes resources for academia, nonprofits, NGOs, and businesses large and small. DHS has repeatedly stated the important role played by these actors in our nation’s homeland security and has worked to strengthen partnerships and increase engagement at the local, state, and federal levels. Earlier this year, DHS released the Quadrennial Homeland Security Review report to Congress outlining an enterprise approach to homeland security in which multiple partners including the private sector share roles and responsibilities in upholding the public safety and well-being of the United States.

Link to the DHS CyberSecurity Catalog

High Impact, Low Frequency Risks to the NA Power Grid

June 9, 2010 Leave a comment

NERC issued a report that speaks about the challenges posed by ‘High Impact, Low Frequency Risks’ on the Power Grid.

Although the report is not exclusive to cyber attacks, I will try and highlight the areas of interest to people like me, cyber security fanatics.

Attack Window

Attack Window

Snippet from page 10/11

The risk of a coordinated cyber, physical, or blended attack against the North American bulk power system has become more acute over the past 15 years as digital communicating equipment has introduced cyber vulnerability to the system, and resource optimization trends have allowed some inherent physical redundancy within the system to be reduced. The specific concern with respect to these threats is the targeting of multiple key nodes on the system that, if damaged, destroyed, or interrupted in a coordinated fashion, could bring the system outside the protection provided by traditional planning and operating criteria. Such an attack would behave very differently than traditional risks to the system in that an intelligent attacker could mount an adaptive attack that would manipulate assets and potentially provide misleading information to system operators attempting to address the issue.

it also adds:

While no such attack has occurred on the bulk power system to date, the electric sector has taken important steps toward mitigating these issues with the development of NERC’s Critical Infrastructure Protection standards5, the standing
Critical Infrastructure Protection Committee6, and a myriad of other efforts. More comprehensive work is needed, however, to realize the vision of a secure grid. Better technology solutions for the cyber portion of the threat should be developed, with specific focus on forensic tools and network architectures to support graceful system degradation that would allow operators to “fly with fewer controls.” Component and system design criteria should also be reevaluated with respect to these threats and an eye toward designing for survivability. Prioritization of key assets for protection will be a critical component of a successful mitigation approach.

The report reflects a significant shift in industry specific standards by referencing active security monitoring, security intelligence and specially designed forensics tools.

You can download a copy of the (120 pages) report here

HILF- NERC Report

HILF- NERC Report