Analytic Approaches to Detect Insider Threat
Description: This whitepaper identifies how modern architectures can be used to collect data and invoke analytics to detect insider threats. The work expands upon published insider threat agent attack research by providing analytic indicators for early attack detection, and identifies the data needed for the analytics. The work presents a complete discussion of data sources within a representative system architecture and examines the use of “big data” architectures to capture, manage, and make the data accessible to analytic tools which power the insider threat analytics. The material is structured in a manner that facilitates organizational tailoring of the guidance based upon information technology limitations, legal authorities, corporate policies, business concerns, and workplace culture.
Security Tenets for Life Critical Embedded Systems
Description: Addresses antiquated, deficient security models for life critical embedded systems (LCES) and devices. This whitepaper captures and prioritizes core technical principles, or tenets, applicable across any industry or organization with LCES. The tenets may be used by system developers and operators to improve the overall security of such systems.
Cyber Resiliency Technical Guidance Documents
Description: This collection of 28 documents provides guidance on how an organization can best protect itself from cyber-attack. The material is written for C-suite decision makers (level 1) and technical implementers (level 2).
IT Sector Cyber Resilience White Paper
Description: This white paper explores resiliency from the public and private sector perspectives in order to better understand the commonalities and differences that Government and Industry have as it pertains to the cybersecurity and resilience of our critical infrastructure. The paper identifies areas where IT Sector stakeholders can coordinate resilience activities in building a cyber resilient critical infrastructure community.
DNS Risk Asessment
Description: This updated assessment of the Provide Domain Name Resolution Services and Provide Internet Routing, Access, and Connection Services Critical Functions Risk describes how specific existing and emerging threats, technologies, and standards affect the risk profiles of the IT Sector’s DNS and Internet routing critical functions.
Description: Cybersecurity defenders across government and industry face a daunting but serious reality that self- defense alone can no longer be the governing practice. The need for a clearly defined Collective Defense apparatus, built upon the foundation of trust between industry and government, has become an issue of both national security and economic necessity.
Internet of Things (IoT) Acquisition Guidance Document
Description: This document highlights areas of elevated risk resulting from the software-enabled and connected aspects of IoT technologies and their role in the physical world. It provides information on certain vulnerabilities and weaknesses, suggests solutions for common challenges, and identifies factors to consider before purchasing or using Internet of Things devices, systems, and services. The recommendations in the document are designed to improve the effectiveness of supply chain, vendor, and technology evaluations prior to the purchase of Internet of Things devices, systems, and services. Adoption of these recommendations by all organizations will help strengthen the Nation’s cyber resilience by ensuring the cybersecurity of IoT technologies is addressed throughout the acquisition lifecycle. The document was developed by a working group composed of members of the Information Technology (IT) Government Coordinating Council (GCC) and IT Sector Coordinating Council (SCC) to help stakeholders incorporate security considerations when acquiring Internet of Things devices, systems, and services.
Cyber Resiliency: Requirements for Recoverable Systems
Description: Despite decades of efforts by industry and academia, successful intrusions of computer systems are still commonplace. Once a cyber-intrusion occurs, a resilient computer system must be able to repair or compensate for the damage. This publication specifies the requirements for Recoverable Systems: systems that will be able to address the problems that arise after a successful destructive cyber-intrusion. Recoverable Systems repair or re-provision computing platforms that have been compromised by malware or misconfiguration.
Resilient Time Guidance for Network Operations, CIOs, and CISOs
Description: Today, nearly all organizations rely on accurate time to sustain their daily network operations. Consequently, network operators must understand time and how it affects their networks. Regardless of which timing protocol an organization uses to receive its time – Network Time Protocol (NTP), Precision Time Protocol (PTP), or via Global Positioning System (GPS) – it is important to know the source of your time and to regularly monitor and test your time systems to ensure they are available and operating properly. Through a collaborative effort, government and industry experts have developed guidance to inform network operators on time resilience and security practices in enterprise systems. The guidance addresses gaps in available time testing practices, increasing awareness of time-related issues within systems, and increasing awareness of the linkage between time and cybersecurity. Additional jointly-developed guidance includes fact sheets on resilient time for C-Suite leaders (https://ics-cert.us-cert.gov/sites/default/files/documents/Corporate_Leadership_Resilient_Timing_Overview-CISA_Fact_Sheet_508C.pdf) and technical practitioners (https://ics-cert.us-cert.gov/sites/default/files/documents/Technical-Level_Resilient_Timing_Overview-CISA_Fact_Sheet_508C.pdf). Collectively, these efforts have informed the development of national guidance on resilient position, navigation, and time, as promulgated in Executive Order 13905 (https://www.federalregister.gov/documents/2020/02/18/2020-03337/strengthening-national-resilience-through-responsible-use-of-positioning-navigation-and-timing).