US Cybersecurity capability. National Preparedness Report

The “National Preparedness Report” is the first assessment, directly commissioned by President Obama, on the US capabilities of response to a terrorist attacks and man-made and natural disasters.

Really interesting is the component related to cyber security, U.S. Computer Emergency Readiness Team (US-CERT) has reported an impressive growth of the number of cyber attacks and incident registered in the last five years, involving government agencies and also US businesses.

Presidential Policy Directive 8 describes the Nation’s response to threats and hazards that pose the greatest risk to the security of the United States requiring a an annual report summarizing the progress made toward building, sustaining, and delivering the 31 core capabilities described in the National Preparedness Goal (the Goal), the document is called National Preparedness Report (NPR). The Report addresses several areas of overall national strength identifying for them the capabilities to response to the incidents and external threats.

In this article I will detail the cyber capabilities of the US presented in the report. The following chart illustrates the core capabilities ranked by capability level, 100% would mean that all states and territories of the Nation attained their desired capability levels. The cybersecurity rank only 42% showing a worrying scenario, to contribute to a serious situation is the increasing of incidents such as cyber attacks and data breach.

In a technology era this data are really alerting, let’s consider that cyber systems play a fundamental role in the public and private, the main problem is that despite this consideration the population has a low awareness regarding the cyber threats and the related risks. The cyber threats have different origin, cybercrime, foreign states and hacktivism.

Prevention Capabilities are fundamental to approach the threats, in particular for cyber security great importance is given to the forensics techniques to identify the origin of the incidents. The report refers that a Cyber Action Teams, composed by technical experts, can be deployed within 72 hours to investigate cybercrimes and conduct forensic analysis.  The report, under the cyber security section, confirms the needs to protect against damage, unauthorized accesses, use and exploitation of electronic communications systems and services. Very important is also the protection of the information stored in the systems, it must be ensured the integrity, availability, or confidentiality of the data managed.

Number of cyber attacks and related  complexity have increased significantly in recent years, the U.S. Computer Emergency Readiness Team (US-CERT) reported an over 650-percent increase in the number of cyber incidents reported by federal agencies over a five-year period, passing from 5,503 in 2006, to 41,776 in 2010.  In the following chart are proposed the specific threat or hazard for each of the 31 core capabilities identified by states and territories. The events that could stress the capabilities of the country are for natural hazards, earthquakes and hurricanes, while the man made threats the most worrying are cyber attacks and radiological dispersion device/nuclear attacks topped the list.

Very worrying is the impact of the cyber threats on the private sector, almost two-thirds of U.S. firms have been the victim of cyber security incidents or information breaches. Concerning is also the approach to the incidents, the response to this kind of events must be improved, consider that only 50 percent of owners of response operations report cyber incidents to external parties, a behavior that could trigger a domino effect with unpredictable effect in different sectors.

Cybersecurity must be identified as a priority issue to enhance the efficiency of the prevention and the response to any kind of incidents. The reports invites federal and private sector partners to accelerate initiatives to enhance data collection, detect events, raise awareness, and respond to cyber incidents.

At least 10 different critical infrastructure sectors have established joint public-private working groups through the SCCs and GCCs focused on cyber issues.  

The report presents the role assumed by government agencies such as DHS and DOD and their support to the development of cyber strategy. Assessment programs, audit of critical infrastructures, definition of best practices and tools for the audit of sensible systems and networks are key component in the fight to the cyber threats.

In some activities, like monitoring of cyber attacks, the program seems to have reached excellent results, consider in fact that by the end of 2011, the National Cybersecurity Protection System was monitoring cyber intrusions with advanced technology for 37 of 116 federal agencies (32 percent), overcoming the proposed target of 28 percent.

Fundamental is the cooperation between these organization, DHS and DOD for example are jointly undertaking a proof-of-concept called the Joint Cybersecurity Services Pilot. The purpose of the partnership is to define a pilot program to enhance the cybersecurity of participating Defense Industrial Base (DIB) critical infrastructure entities and to protect sensitive DOD information and DIB intellectual property that directly supports DOD missions or the development of DOD capabilities from unauthorized access, exfiltration, and exploitation.

The report also provides some useful information regarding the main activities of the principal government office that operate for the national cyber security, the most operative are:

• DHS that implemented and manages the National Cybersecurity and Communications Integration Center responsible for coordinating cyber and communications warning information across federal, state, and local governments, intelligence and law enforcement communities, and the private sector.  This function is the core of the cyber structure of the nation because represents a central government that is able to coordinate the operation made by offices that in the past were totally misaligned. DHS is also responsible for the establishment of the Cybersecurity Information Sharing and Collaboration Program (CISCP), an entity responsible for information sharing between critical infrastructure owners and operators also involving private representatives.
• FBI that is responsible for the activities made by the National Cyber Investigative Joint Task Force (NCIJTF), an entity that facilitates federal interagency collaboration and serves as a central point of entry for coordinating, integrating, and sharing pertinent information related to cyber-threat investigations. The FBI also runs 65 cyber task forces across the country that integrate federal, state, and local assets.
• The Multi-State Information Sharing and Analysis Center is a cybersecurity office that provides real-time network monitoring, early cyber threat warnings and advisories, vulnerability identification and mitigation, and incident response.
• The Secret Service that is working to fight cybercrime implementing an agency’s network of 33 Electronic Crimes Task Forces (ECTFs), some of them also localized in Europe, demonstrating the cybercrime has no boundaries.
• DHS’s National Cyber Security Division (NCSD) and Science and Technology Directorate also contribute to the development of international cybersecurity standards by participating in standards bodies such as the International Telecommunication Union, the International Organization for Standardization, and the Internet Engineering Task Force.

Despite the great effort spent in cyber security by US and the progress achieved in the recent year, the report shows that cyber capabilities are lagging at the state level, with an average capability level of 42 percent.

Other data are really worrying on the situation, the non-uniformity of the cyber capabilities in the country and also the gaps in cyber-related preparedness among 162 state and local entities. In this phase we can say that the Nation is aware of the cyber threats and related risks but too much is still to reach a satisfactory level of capabilities.

In several articles I have alerted on this complicated situation that is common also to several European States, too many critical infrastructures are still vulnerable and the processes to secure them are still too slow to implementation level. This means that we face a situation where, despite efforts, we are serious risks of exposure to cyber threats.

Personally I appreciate the report that I think is an expression of high maturity in security, an example for all to follow. Obviously it is desirable that highlighted vulnerabilities will be mediated, as soon as possible, also thanks to the strong commitment that wanted this study.

Pierluigi Paganini