US Cybersecurity capability. National Preparedness Report

The “National Preparedness Report” is the first assessment, directly commissioned by President Obama, on the US capabilities of response to a terrorist attacks and man-made and natural disasters.

Really interesting is the component related to cyber security, U.S. Computer Emergency Readiness Team (US-CERT) has reported an impressive growth of the number of cyber attacks and incident registered in the last five years, involving government agencies and also US businesses.

Presidential Policy Directive 8 describes the Nation’s response to threats and hazards that pose the greatest risk to the security of the United States requiring a an annual report summarizing the progress made toward building, sustaining, and delivering the 31 core capabilities described in the National Preparedness Goal (the Goal), the document is called National Preparedness Report (NPR). The Report addresses several areas of overall national strength identifying for them the capabilities to response to the incidents and external threats.

In this article I will detail the cyber capabilities of the US presented in the report. The following chart illustrates the core capabilities ranked by capability level, 100% would mean that all states and territories of the Nation attained their desired capability levels. The cybersecurity rank only 42% showing a worrying scenario, to contribute to a serious situation is the increasing of incidents such as cyber attacks and data breach.

In a technology era this data are really alerting, let’s consider that cyber systems play a fundamental role in the public and private, the main problem is that despite this consideration the population has a low awareness regarding the cyber threats and the related risks. The cyber threats have different origin, cybercrime, foreign states and hacktivism.

Prevention Capabilities are fundamental to approach the threats, in particular for cyber security great importance is given to the forensics techniques to identify the origin of the incidents. The report refers that a Cyber Action Teams, composed by technical experts, can be deployed within 72 hours to investigate cybercrimes and conduct forensic analysis.  The report, under the cyber security section, confirms the needs to protect against damage, unauthorized accesses, use and exploitation of electronic communications systems and services. Very important is also the protection of the information stored in the systems, it must be ensured the integrity, availability, or confidentiality of the data managed.

Number of cyber attacks and related  complexity have increased significantly in recent years, the U.S. Computer Emergency Readiness Team (US-CERT) reported an over 650-percent increase in the number of cyber incidents reported by federal agencies over a five-year period, passing from 5,503 in 2006, to 41,776 in 2010.  In the following chart are proposed the specific threat or hazard for each of the 31 core capabilities identified by states and territories. The events that could stress the capabilities of the country are for natural hazards, earthquakes and hurricanes, while the man made threats the most worrying are cyber attacks and radiological dispersion device/nuclear attacks topped the list.

Very worrying is the impact of the cyber threats on the private sector, almost two-thirds of U.S. firms have been the victim of cyber security incidents or information breaches. Concerning is also the approach to the incidents, the response to this kind of events must be improved, consider that only 50 percent of owners of response operations report cyber incidents to external parties, a behavior that could trigger a domino effect with unpredictable effect in different sectors.

Cybersecurity must be identified as a priority issue to enhance the efficiency of the prevention and the response to any kind of incidents. The reports invites federal and private sector partners to accelerate initiatives to enhance data collection, detect events, raise awareness, and respond to cyber incidents.

At least 10 different critical infrastructure sectors have established joint public-private working groups through the SCCs and GCCs focused on cyber issues.  

The report presents the role assumed by government agencies such as DHS and DOD and their support to the development of cyber strategy. Assessment programs, audit of critical infrastructures, definition of best practices and tools for the audit of sensible systems and networks are key component in the fight to the cyber threats.

In some activities, like monitoring of cyber attacks, the program seems to have reached excellent results, consider in fact that by the end of 2011, the National Cybersecurity Protection System was monitoring cyber intrusions with advanced technology for 37 of 116 federal agencies (32 percent), overcoming the proposed target of 28 percent.

Fundamental is the cooperation between these organization, DHS and DOD for example are jointly undertaking a proof-of-concept called the Joint Cybersecurity Services Pilot. The purpose of the partnership is to define a pilot program to enhance the cybersecurity of participating Defense Industrial Base (DIB) critical infrastructure entities and to protect sensitive DOD information and DIB intellectual property that directly supports DOD missions or the development of DOD capabilities from unauthorized access, exfiltration, and exploitation.

The report also provides some useful information regarding the main activities of the principal government office that operate for the national cyber security, the most operative are:

  • DHS that implemented and manages the National Cybersecurity and Communications Integration Center responsible for coordinating cyber and communications warning information across federal, state, and local governments, intelligence and law enforcement communities, and the private sector.  This function is the core of the cyber structure of the nation because represents a central government that is able to coordinate the operation made by offices that in the past were totally misaligned. DHS is also responsible for the establishment of the Cybersecurity Information Sharing and Collaboration Program (CISCP), an entity responsible for information sharing between critical infrastructure owners and operators also involving private representatives.
  • FBI that is responsible for the activities made by the National Cyber Investigative Joint Task Force (NCIJTF), an entity that facilitates federal interagency collaboration and serves as a central point of entry for coordinating, integrating, and sharing pertinent information related to cyber-threat investigations. The FBI also runs 65 cyber task forces across the country that integrate federal, state, and local assets.
  • The Multi-State Information Sharing and Analysis Center is a cybersecurity office that provides real-time network monitoring, early cyber threat warnings and advisories, vulnerability identification and mitigation, and incident response.
  • The Secret Service that is working to fight cybercrime implementing an agency’s network of 33 Electronic Crimes Task Forces (ECTFs), some of them also localized in Europe, demonstrating the cybercrime has no boundaries.
  • DHS’s National Cyber Security Division (NCSD) and Science and Technology Directorate also contribute to the development of international cybersecurity standards by participating in standards bodies such as the International Telecommunication Union, the International Organization for Standardization, and the Internet Engineering Task Force.

Despite the great effort spent in cyber security by US and the progress achieved in the recent year, the report shows that cyber capabilities are lagging at the state level, with an average capability level of 42 percent.

Other data are really worrying on the situation, the non-uniformity of the cyber capabilities in the country and also the gaps in cyber-related preparedness among 162 state and local entities. In this phase we can say that the Nation is aware of the cyber threats and related risks but too much is still to reach a satisfactory level of capabilities.

In several articles I have alerted on this complicated situation that is common also to several European States, too many critical infrastructures are still vulnerable and the processes to secure them are still too slow to implementation level. This means that we face a situation where, despite efforts, we are serious risks of exposure to cyber threats.

Personally I appreciate the report that I think is an expression of high maturity in security, an example for all to follow. Obviously it is desirable that highlighted vulnerabilities will be mediated, as soon as possible, also thanks to the strong commitment that wanted this study.

Pierluigi Paganini

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Cisco addressed high-severity flaws in IOS and IOS XE software

Cisco addressed multiple vulnerabilities in IOS and IOS XE software that can be exploited to…

4 hours ago

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Google's Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively…

10 hours ago

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during…

22 hours ago

INC Ransom stole 3TB of data from the National Health Service (NHS) of Scotland

The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening…

1 day ago

CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft SharePoint vulnerability disclosed at the…

1 day ago

The DDR Advantage: Real-Time Data Defense

This is the advantage of Data Detection and Response (DDR) for organizations aiming to build…

1 day ago

This website uses cookies.