(Translated from the original Italian)
The "National Preparedness Report" is an assessment directly commissioned by President Obama on the U.S. capability to respond to terrorist attacks and man-made and natural disasters.
Most interesting is the component related to cybersecurity.
U.S. Computer Emergency Readiness Team (US-CERT) has reported an impressive growth of the number of cyber attacks and incidents registered in the last five years involving government agencies and U.S. businesses.
Presidential Policy Directive 8 describes the Nation’s response to threats and hazards that pose the greatest risk to the security of the United States, requiring an annual report summarizing the progress made toward building, sustaining, and delivering the 31 core capabilities described in the National Preparedness Goal,
The document is called National Preparedness Report (NPR). The Report addresses several areas of overall national strength in the capability to respond to incidents and external threats.
In this article I will detail the cyber capabilities of the U.S. as presented in the report. The following chart illustrates the core capabilities ranked by capability level, 100% would mean that all states and territories of the Nation attained their desired capability levels.
(click image to enlarge)
In a technology era, this data is really alarming, and let's consider that cyber systems play a fundamental role in the public and private sector. The main problem is that despite this consideration, the population has a low level of awareness regarding cyber threats and the related risks from cybercrime, foreign states and hacktivism.
Prevention Capabilities are fundamental to counter these threats, in particular because cybersecurity is of great importance that forensics techniques play in identifying the origin of the incidents.
The report states that Cyber Action Teams, composed by technical experts, can be deployed within 72 hours to investigate cyber crimes and conduct analysis of an incident.
The report confirms the need to protect against damage, unauthorized accesses, use and exploitation of electronic communications systems and services. Also very important is the protection of the information stored in the systems,and ensuring the integrity, availability, and confidentiality of the data managed.
The number of cyber attacks have increased significantly in recent years - the U.S. Computer Emergency Readiness Team (US-CERT) reported more than a 650% increase in the number of cyber incidents reported by federal agencies over a five-year period, climbing from 5,503 in 2006, to 41,776 in 2010.
In the following chart are proposed the specific threats or hazards for each of the 31 core capabilities identified. The events that could stress the capabilities of the country are for natural hazards, earthquakes and hurricanes, while the man made threats that topped the list include cyber attacks and radiological dispersion devices/nuclear attacks.
(click image to enlarge)
Very worrying is the impact of the cyber threats on the private sector, as almost two-thirds of U.S. firms have been the victim of cybersecurity incidents or information breaches.
Also concerning is the approach to incident response, which must be improved. Consider that only 50% of victims report cyber incidents to external parties, a behavior that could trigger a domino effect with unpredictable consequences in different sectors.
Cybersecurity is identified as a priority issue to enhance the efficiency of the prevention and the response to any kind of incident. The report invites federal and private sector partners to accelerate initiatives to enhance data collection, detect events, raise awareness, and respond to cyber incidents.
At least 10 different critical infrastructure sectors have established joint public-private working groups through SCCs and GCCs focused on cyber issues.
The report presents the role assumed by government agencies such as DHS and DOD and their support for the development of a comprehensive cyber strategy. Assessment programs, audit of critical infrastructures, definition of best practices and tools for the audit of sensitive systems and networks are key components in the fight against cyber threats.
For some activities, like the monitoring of cyber attacks, the program seems to have reached excellent results. In fact, by the end of 2011 the National Cybersecurity Protection System was monitoring cyber intrusions with advanced technology for 37 of 116 federal agencies (32 percent), overcoming the proposed target of 28 percent.
Fundamental is the cooperation between these organizations. DHS and DOD for example are jointly undertaking a proof-of-concept called the Joint Cybersecurity Services Pilot.
The purpose of the partnership is to define a pilot program to enhance the cybersecurity of participating Defense Industrial Base (DIB) critical infrastructure entities and to protect sensitive DOD information and DIB intellectual property that directly supports DOD missions or the development of DOD capabilities from unauthorized access, exfiltration, and exploitation.
The report also provides some useful information regarding the main activities of the principal government agencies that govern national cybersecurity, which are:
- DHS implements and manages the National Cybersecurity and Communications Integration Center responsible for coordinating cyber and communications warning information across federal, state, and local governments, intelligence and law enforcement communities, and the private sector. Their function is the core of the cyber structure of the nation because it represents a central government that is able to coordinate the operations of agencies that in the past were totally misaligned. DHS is also responsible for the establishment of the Cybersecurity Information Sharing and Collaboration Program (CISCP), an entity responsible for information sharing between critical infrastructure owners and operators also involving private representatives.
- FBI is responsible for the activities conducted by the National Cyber Investigative Joint Task Force (NCIJTF), an entity that facilitates federal interagency collaboration and serves as a central point of entry for coordinating, integrating, and sharing pertinent information related to cyber-threat investigations. The FBI also runs 65 cyber task forces across the country that integrate federal, state, and local assets.
- The Multi-State Information Sharing and Analysis Center is a cybersecurity office that provides real-time network monitoring, early cyber threat warnings and advisories, vulnerability identification and mitigation, and incident response.
- The Secret Service that is working to fight cybercrime implementing an agency’s network of 33 Electronic Crimes Task Forces (ECTFs), some of them also localized in Europe, demonstrating that cybercrime has no boundaries.
- DHS’s National Cyber Security Division (NCSD) and Science and Technology Directorate contributes to the development of international cybersecurity standards by participating in standards bodies such as the International Telecommunication Union, the International Organization for Standardization, and the Internet Engineering Task Force.
Despite the great effort in cyber security by the U.S. and the progress achieved in recent years, the report shows that cyber capabilities are lagging at the state level, with an average capability level of only.
(click image to enlarge)
Other data that is really worrying is the non-uniformity of the cyber capabilities in the country and also the gaps in cyber-related preparedness among 162 state and local entities.
In several articles I have mentioned the complicated situations that are common also to several European States, as critical infrastructure is still too vulnerable and the processes to secure them are still too slow.
This means that we face a situation where, despite efforts, we are at serious risks of exposure to cyber threats.
Personally, I appreciate the report that I think is an expression of high maturity in security, an example for all to follow.
Cross-posted from Security Affairs