ITAPS Comments on the Fiscal Year 2015 National Defense Authorization Act House-passed H.R & Senate Committee-reported S.
|
|
- Ira Edwards
- 6 years ago
- Views:
Transcription
1 ITAPS Comments on the Fiscal Year 2015 National Defense Authorization Act House-passed H.R & Senate Committee-reported S October 23, 2014 Table of Contents Sec 1083 of H.R Division E of H.R and H.R FITARA... 5 Section 901 of S Cloud Computing Report Language from H.R and S About ITAPS The Information Technology Alliance for Public Sector (ITAPS), a division of ITI, is an alliance of leading technology companies (including ICT companies and the defense industrial base (DIB)) offering the latest innovations and solutions to public sector markets. With a focus on the federal, state and local levels of government, as well as on educational institutions, the ITAPS team advocates for improved procurement policies and practices, while identifying business development opportunities and sharing market intelligence with our industry participants. Visit itaps.itic.org to learn more.
2 2 P a g e HOUSE SECTION 1083: REPORT ON CERTAIN INFORMATION TECHNOLOGY SYSTEMS AND TECHNOLOGY AND CRITICAL NATIONAL SECURITY INFRASTRUCTURE ISSUE: Section 1083 of H.R (Rep. Mike Rogers (R-AL) amendment no. 105) in the House-passed National Defense Authorization Act (NDAA) for fiscal year 2015 contains a provision that would require the Secretary of Defense and the Director of National Intelligence to submit to the appropriate congressional committees a notification of each instance in which the Secretary or the Director determine through analysis or reporting that an information technology or telecommunications component from a company suspected of being influenced by a foreign country, or a suspected affiliate of such a company, is competing for or has been awarded a contract to include the technology of such company or such affiliate into a covered network. A covered network is defined to include information technology or telecommunications networks of the Department of Defense (DoD) or the intelligence community (IC) as well as networks of network operators supporting systems in proximity to DoD or IC facilities. DISCUSSION: The IT Alliance for Public Sector (ITAPS) has strong concerns about Section 1083 for a number of reasons, as discussed below. In short, we fear the language in Section 1083 will not help the government achieve its security objectives and could have several unintended economic and security consequences. ITAPS supports the federal government s efforts to strengthen its cybersecurity posture through procurement. Improving and strengthening our nation s cyber posture is rightly a top priority for our government and changing how the federal government integrates security into its own procurement processes will help improve the cyber resiliency of the United States. Cybersecurity also is critical for ITAPS/ITI member companies. The protection of our customers, our brands, and our intellectual property - which are essential components of our business - is critical to our ability to grow and innovate in the future. We seek to maintain the highest levels of integrity in our products and services, regardless of whether they are sold to commercial or government markets. Moreover, as both providers and users of cybersecurity products and services, our members have extensive experience working with governments around the world on cybersecurity policy, and we are committed to working with the U.S. federal government to improve cybersecurity in its acquisition of goods and services. Our concerns are as follows: The language is ambiguous and many terms are not defined. The provision is written broadly and contains many undefined terms such as suspected and influence. The provision does not define the criteria required to warrant suspicion and is overly broad in nature. Furthermore, there is no definition of influenced by a foreign country or the criteria that will be used to determine influence, which could sweep into the bill s scope a whole range of multinational companies including U.S.-based ones who have R&D, manufacturing, and sales activities all over the world, and often related relationships with various governments. A vague reporting requirement based on analysis or reporting on U.S.-based subsidiaries of multinational corporations considered U.S. Persons under Executive Order by the heads of the military and IC raises unwelcome concerns over domestic surveillance on privately held information technology or telecommunications networks. Lastly, as noted above, the definition of covered network" includes information technology or telecommunications networks of network
3 3 P a g e operators supporting systems in proximity to DoD or IC facilities, another undefined term vast in scope. In fact, DoD and ODNI do not have the authority to assess privately held telecommunications or information technology networks or the private facilities, businesses or residences that are in proximity to DoD or IC facilities. We believe this could have unintended consequences and encroach upon civil rights and liberties. Moreover, the text s ambiguous, vague wording will place stakeholders at risk of not accomplishing the statutory objectives. Standing alone, a company s relationship with a foreign country may not be dispositive as to whether its products or services are secure. Product security is a function of how a product is made, used, and maintained, not only by whom or where it is made, or by the relationship a vendor has with any particular government. Geographic restrictions may not be helpful to improving cybersecurity and could in fact preclude a customer from procuring the best or most appropriate technologies for the mission. There is strong potential for global backlash on U.S. ICT companies. Governments around the world closely watch U.S. policies, and a U.S. law (or even proposal) that would discriminate against a vendor based on its relationship with a foreign country (or government) could embolden other governments to enact similar restrictions as a condition of sale into their own markets. Such an eventuality is particularly concerning, and perhaps even likely, given the heightened suspicion and scrutiny many foreign governments are shining on U.S-based ICT companies in light of the Snowden revelations and stories about U.S. ICT companies collusion with the U.S. government. In fact, governments already are enacting or proposing policies that are causing U.S. firms to be shut out of foreign markets, and Section 1083 may only serve to fan those flames. It is unclear what DoD, ODNI or Congress will do with these findings. The proposal does not define what is expected to be done with the report information, nor is it clear to industry how reports to Congress would meaningfully address any threats or vulnerabilities that may be identified. As noted above, identification of products in IT or telecommunications networks that are influenced by a foreign country does not, in and of itself, identify a potential risk. We would also express strong concerns about these reports being used pursuant to Section 806 of the FY 2011 NDAA (PL ) and Section 310 of the FY 2012 Intelligence Authorization Act (PL ) to exclude vendors from a contract with the federal government without notification to the vendor (or its affiliates). Exclusion without an opportunity for the vendor to rebut or mitigate a concern could have a number of unintended consequences. A company could become known, either openly or confidentially, as a tainted source and their government business eventually could cease to exist. Furthermore, such a cessation of government business could trigger clauses in companies commercial contracts that bar them from business if the federal government has excluded them as a source. Thus, should the government exclusion become known to their commercial customers, it is not unreasonable to expect that commercial business for the excluded company also would be affected, if not cease. The economic impact from the exclusion of any one reasonably sized innovative commercial IT or telecommunications company under such conditions could easily have an impact in the hundreds of millions and cost countless jobs. The provision is not clear on whether this report will be classified or shared with other federal agencies or entities outside government. The proposal also does not identify whether the company owning or operating the suspected IT or telecommunications network or the manufacturer of the suspected item will be notified of the report to Congress, thereby permitting rebuttal, mitigation or elimination of the risk. Such a lack of information sharing could have significant consequences for a company if the report is accidently released and the company has not been given the option to remedy the risk.
4 4 P a g e RECOMMENDATION: The member companies represented by ITAPS have long-shared a common interest with Congress to ensure the quality and performance of the products they manufacture or integrate for both the commercial and public sector markets. These interests have produced a multitude of industry-led initiatives to address risks that may be found in the globally sourced supply chains of today s interconnected global economy. These industry-led efforts have also shared the objectives of scores of legislative proposals and executive branch initiatives to improve security in the federal government supply chain. Section 1083 causes more questions and confusion and offers no meaningful solutions to improving the integrity of information technology and telecommunication products and services. ITAPS strongly recommends that Section 1083 be removed from the final version of the bill because it does not meaningfully address risks and has significant potential to cause irreparable economic harm to U.S.-based corporations.
5 5 P a g e H.R HOUSE DIVISION E and H.R. 1232: FEDERAL INFORMATION TECHNOLOGY ACQUISITION REFORM ACT (FITARA) ISSUE: Information technology (IT) is a mission critical component of success for the United States government today. The way in which the departments and agencies procure IT, however, was designed in decades past; it does not allow the government to acquire cutting edge technologies in the most effective way, and inhibits the warfighter s ability to utilize best in breed products and services to protect themselves and their units on the battlefield and in cyberspace. Division E, the Federal Information Technology Acquisition Reform Act (FITARA), of the H.R. 4435, the FY15 National Defense Authorization Act (NDAA), seeks to address some of these barriers by reforming IT acquisition. The Senate Homeland Security and Governmental Affairs Committee has also advanced a version of FITARA, H.R. 1232, that includes some of the same provisions and objectives. ITAPS believes that these proposals can be consolidated to fashion an effective reform provision. Specifically, the H.R version of FITARA seeks to give enhanced management and budgetary authorities to the Chief Information Officers (CIOs), provides tools for multi-year revolving funds for IT investments, encourages the departments and agencies to transition to the cloud to garner maximum efficiency and cost savings, improves data center optimization, strengthens the IT acquisition workforces, and encourages enhanced communications with industry partners. The Senate committeeapproved version, H.R. 1232, includes enhanced CIO authorities, IT management risk mitigation strategies, a governmentwide software purchasing program, and data center consolidation initiatives. DISCUSSION: We support inclusion of the following elements from both of these proposals into a final FITARA provision and believe they should be adopted as part of the FY15 NDAA conference report: Enhanced Authorities for the Civilian Chief Information Officers ITAPS supports enhanced authority for CIOs, including consolidation of the position to improve management of IT investment decisions, reduce redundancy, and drive efficiency across the entire department. ITAPS further supports provisions establishing direct executive agency personnel engagement in the IT investment strategy for the agency. 1 In the context of considering provisions for CIO authority as part of FITARA, we must call attention to Section 901 of S and the support ITAPS offers below for enhancing the roles and responsibilities it establishes for the Office of the CIO at the Department of Defense. We believe that the provisions of Section 101 of H.R 1232 as passed by the Senate Homeland Security and Governmental Affairs Committee, and Section 901 of S as passed by the Senate Armed Services Committee, can and should be reconciled to improve the CIO role in IT investment decisions across the federal government. Data Center Optimization ITAPS supports provisions that seek to create effective data center optimization plans. These plans would establish metrics for optimizing data center usage and drive efficiencies in their utilization, while also encouraging the wider use of commercial data centers and commercial cloud services. The bill seeks to eliminate non-optimized data centers, 1 Included in the OMB 25-point plan for IT Investment and Management
6 6 P a g e and, subject to appropriations, use the savings achieved to promote other IT capabilities and services throughout the agency involved. Furthermore, the Senate s version of H.R is missing some of the key provisions that have enjoyed multi-stakeholder support 2 as part of FITARA since its inception. We believe that some of these missing elements must be added back in if the language is to satisfy the bill s original intention. Considering that the CBO score is neutral on these provisions, we further believe that reintroducing the elements that are not currently in H.R is not in conflict with the Senate s goals for this bill, either. Multi-Year Revolving Funds for IT Investment (Section 5503(c) of H.R. 4435) ITAPS strongly supports the funding availability for agencies wishing to transition to the cloud. We see this as a significant improvement that will allow the government acquisition of technology to keep pace with innovation, and to provide more flexibility in budget models than currently exists. We further believe that flexible funding mechanisms should be extended to all IT investments as recommended in the OMB 25 Point Implementation Plan to Reform Federal Information Technology Management. 3 Transition to the Cloud (Section 5503 of H.R. 4435) ITAPS supports the provisions that promote the government s transition to a cloud services environment, particularly in light of the data center consolidation provisions already included in this proposal. Industry has emphasized the need for government to utilize the most innovative advancements in information technology to increase efficiency and reduce costs, and transitioning to the cloud will provide the government with more reliable, more affordable, and more flexible access to IT infrastructure than currently exists. Strengthening the IT Acquisition Workforce (Section of H.R. 4435) ITAPS is very supportive of provisions that enhance the IT acquisition workforce s capabilities. These provisions, particularly regarding the development of a career path for IT program management, represent a key step toward meaningful improvements in the management of IT investments. 4 Enhanced Communication with Industry (Section 5506 of H.R. 4435) ITAPS supports the provisions that encourage a more robust dialogue between industry and government. This promotes responsible and constructive dialogues between federal acquisition personnel and industry and we strenuously encourage this point. 5 Finally, as the committees consider inclusion of other elements of these proposals, we would note the following sections as needing further attention before they would be ready for inclusion in the conference report: Industry believes that technology inventories in the federal government should account for all IT assets, not just software. In point of fact, it is not possible to determine if one has the appropriate number of software licenses without determining the number of devices where it may be used. (Section 5301 of H.R. 4435) 2 ITAPS letter to House Oversight and Government Reform Committee on May 21, Included in the OMB 25 point plan for IT Investment and Management 4 Included in the OMB 25 point plan for IT Investment and Management 5 Included in the OMB 25 point plan for IT Investment and Management
7 7 P a g e ITAPS believes that more efficient software-licensing agreements can be achieved; however, such actions should be informed by an inventory of IT assets and is worthy of further study. (Section 5502 of H.R and Section 103(b) of H.R. 1232) Industry continues to have concerns about strategic sourcing generally and does not believe the concept has adequately matured. (Section 5501 of H.R and Section 103(a) of H.R. 4435) ITAPS believes that transparency regarding blanket purchase agreements and cost data without context does not serve to improve acquisition decisions. (Section 5503 of H.R. 4435) RECOMMENDATION: ITAPS believes that both chambers of Congress share mutual goals regarding FITARA, and that developing a compromise version can be a step in the right direction to improving how the government acquires IT. In order to achieve a successful outcome, we believe the conference process should yield a FITARA section that can be fashioned by combining the following elements of these various proposals: CIO Authority (Section 101 of H.R. 1232) Data Center Optimization (Section 202 of H.R. 1232) Multi-Year Revolving Funds for IT Investment (Section 5503(c) of H.R. 4435) Transition to the Cloud (Section 5503 of H.R. 4435) Strengthening the IT Acquisition Workforce (Section of H.R. 4435) Enhanced Communication with Industry (Section 5506 of H.R. 4435) Furthermore, we must note that FITARA should not be seen as an end to the effort to improve the way the federal government acquires and manages IT and IT investments. However, these provisions are steps that can be taken now and would serve to advance the effort in the short term. To achieve a meaningful and lasting solution to the complex issues surrounding federal acquisition, we must include in the final product a restoration of commercial item preferences, better management of IT investments, a focus on improving the acquisition workforce, a rationalization of the oversight environment, more flexibility in IT investment and funding options, and an alignment with the realities of our trade interests and a global market. 6 ITAPS advocates for a concerted review of the entire acquisition process, like that undertaken in the mid-1990s by the Section 800 Panel, or, more recently, the efforts of the House and Senate Armed Services Committees, to provide an effective venue for the discussions and recommendations still needed in order to achieve true federal IT acquisition reform. 6
8 8 P a g e Senate Section 901: Reorganization of the Office of the Secretary of Defense and Related Matters ISSUE: The Department of Defense relies heavily on the authorities and responsibilities of its management in order to be successful on the battlefield. Senate Section 901, Reorganization of the Office of the Secretary of Defense and Related Matters, combines the Deputy Chief Management Officer (DCMO) with the office of the Chief Information Officer (CIO) to become the Chief Management Officer (CMO). This change will elevate within the department the authorities established by the Clinger-Cohen Act for the office of CIO, thereby increasing the level of senior leadership engagement in information technology (IT) investment and management decisions. DISCUSSION: Industry has long supported senior executive engagement in IT investment and management decisions as a very significant determinant for success in IT programs. Section 901 restores the role and authorities of the CIO within the Department of Defense to a senior executive level and provides the level of attention that contributes to success. RECOMMENDATION: ITAPS supports Senate Section 901 and encourages its inclusion in the final passage of the FY15 NDAA. Furthermore, we believe that this provision is complementary to Division E, the Federal Information Technology Acquisition Reform Act (FITARA), in the House-passed version of the NDAA. Both address the need for enhancing the authorities and roles of the office of the CIO and should be reconciled in conference to permit passage of FITARA, as amended, as part of the final FY15 NDAA.
9 9 P a g e Senate Report (S. 2410) Title III Operation and Maintenance: Measuring Department of Defense use of commercial cloud computing capabilities and services House Report (H.R. 4435) Title VIII Acquisition Policy, Acquisition Management, and Related Matters Items of Special Interest: Independent Assessment of Department of Defense Cloud Computing Acquisition and Brokerage Policies ISSUE: Both the House and Senate reports to the fiscal year 2015 National Defense Authorization Act (NDAA) call for the Department of Defense (DoD) to conduct an assessment on the use of commercial cloud computing acquisition, capabilities and services. DISCUSSION: ITAPS strongly supports the House and Senate provisions to assess DoD s progress in evaluating and adopting commercial cloud capabilities. We also support assessing and comparing the features, security, performance cost, and functionality of the comparable cloud offerings developed by the Defense Information Systems Agency. With budget cuts and sequestration, commercial cloud solutions have been proven to deliver savings in a national security environment. Encouraging adoption of commercial cloud offerings for the provision of public, hybrid, private and community clouds can play an important role in delivering greater capabilities, exposing data to the service member and driving savings and efficiencies within the department. RECOMMENDATION: ITAPS supports the oversight the committees have undertaken on this important issue and would encourage continued attention to these report requests and the implementation of subsequent recommendations.
Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure
Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure Executive Order 13800 Update July 2017 In Brief On May 11, 2017, President Trump issued Executive Order 13800, Strengthening
More informationSTRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE
STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE By the authority vested in me as President by the Constitution and the laws of the United States of America, it is hereby
More informationTHE WHITE HOUSE. Office of the Press Secretary EXECUTIVE ORDER
THE WHITE HOUSE Office of the Press Secretary FOR IMMEDIATE RELEASE May 11, 2017 EXECUTIVE ORDER - - - - - - - STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE By the authority
More informationTHE WHITE HOUSE Office of the Press Secretary EXECUTIVE ORDER
FOR IMMEDIATE RELEASE May 11, 2017 THE WHITE HOUSE Office of the Press Secretary EXECUTIVE ORDER - - - - - - - STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE By the authority
More informationPresidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure
Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure EXECUTIVE ORDER [13800] - - - - - - - STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS
More informationNational Policy and Guiding Principles
National Policy and Guiding Principles National Policy, Principles, and Organization This section describes the national policy that shapes the National Strategy to Secure Cyberspace and the basic framework
More informationSection One of the Order: The Cybersecurity of Federal Networks.
Summary and Analysis of the May 11, 2017 Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure. Introduction On May 11, 2017, President Donald
More informationRocky Mountain Cyberspace Symposium 2018 DoD Cyber Resiliency
Rocky Mountain Cyberspace Symposium 2018 DoD Cyber Resiliency Mr. Ed Brindley Acting Deputy Cyber Security Department of Defense 7 March 2018 SUPPORT THE WARFIGHTER 2 Overview Secretary Mattis Priorities
More informationImplementing Executive Order and Presidential Policy Directive 21
March 26, 2013 Implementing Executive Order 13636 and Presidential Policy Directive 21 Mike Smith, Senior Cyber Policy Advisor, Office of Electricity Delivery and Energy Reliability, Department of Energy
More informationDecember 10, Statement of the Securities Industry and Financial Markets Association. Senate Committee on Banking, Housing, and Urban Development
December 10, 2014 Statement of the Securities Industry and Financial Markets Association Senate Committee on Banking, Housing, and Urban Development Hearing Entitled Cybersecurity: Enhancing Coordination
More informationThe next generation of knowledge and expertise
The next generation of knowledge and expertise UNDERSTANDING FISMA REPORTING REQUIREMENTS 1 HTA Technology Security Consulting., 30 S. Wacker Dr, 22 nd Floor, Chicago, IL 60606, 708-862-6348 (voice), 708-868-2404
More information79th OREGON LEGISLATIVE ASSEMBLY Regular Session. Senate Bill 90
th OREGON LEGISLATIVE ASSEMBLY-- Regular Session Senate Bill 0 Printed pursuant to Senate Interim Rule. by order of the President of the Senate in conformance with presession filing rules, indicating neither
More informationFederal Government. Each fiscal year the Federal Government is challenged CATEGORY MANAGEMENT IN THE WHAT IS CATEGORY MANAGEMENT?
CATEGORY MANAGEMENT IN THE Federal Government Each fiscal year the Federal Government is challenged to accomplish strategic goals while reducing spend and operating more efficiently. In 2014, the Federal
More informationIMPROVING CYBERSECURITY AND RESILIENCE THROUGH ACQUISITION
IMPROVING CYBERSECURITY AND RESILIENCE THROUGH ACQUISITION Briefing for OFPP Working Group 19 Feb 2015 Emile Monette GSA Office of Governmentwide Policy emile.monette@gsa.gov Cybersecurity Threats are
More informationHow Cybersecurity Initiatives May Impact Operators. Ross A. Buntrock, Partner
How Cybersecurity Initiatives May Impact Operators Ross A. Buntrock, Partner ross.buntrock@agg.com 202.669.0495 Agenda Rise in Data Breaches Effects of Increase in Cybersecurity Threats Cybersecurity Framework
More informationAdvanced Technology Academic Research Council Federal CISO Summit. Ms. Thérèse Firmin
Advanced Technology Academic Research Council Federal CISO Summit Ms. Thérèse Firmin Acting Deputy DoD CIO Cyber Security Department of Defense 25 January 2018 2 Overview Secretary Mattis Priorities Cybersecurity
More informationMapping to the National Broadband Plan
The National Telecommunications and Information Administration Mapping to the National Broadband Plan 37 th Annual PURC Conference Smart Technology vs. Smart Policy February 3, 2010 1 About NTIA The National
More informationUNITED STATES OFFICE OF PERSONNEL MANAGEMENT
UNITED STATES OFFICE OF PERSONNEL MANAGEMENT TESTIMONY OF BETH F. COBERT ACTING DIRECTOR U.S. OFFICE OF PERSONNEL MANAGEMENT before the COMMITTEE ON OVERSIGHT AND GOVERNMENT REFORM UNITED STATES HOUSE
More informationGovernment Resolution No of February 15, Resolution: Advancing National Regulation and Governmental Leadership in Cyber Security
Government Resolution No. 2443 of February 15, 2015 33 rd Government of Israel Benjamin Netanyahu Resolution: Advancing National Regulation and Governmental Leadership in Cyber Security It is hereby resolved:
More informationComments on the Report to the President on Federal IT Modernization
September 20, 2017 To: Ms. Margie Graves Acting Chief Federal Chief Information Officer Director, CIO Council Filed via email to: itmodernization@cio.gov From: BSA The Software Alliance Re: Comments on
More informationPrinciples for a National Space Industry Policy
Principles for a National Space Industry Policy Commonwealth of Australia 2011 DIISR 11/144 This work is copyright. Apart from any use as permitted under the Copyright Act 1968, no part may be reproduced
More informationInapplicability to Non-Federal Sales and Use
Security Industry Association 8405 Colesville Road, Suite 500 Silver Spring, MD, 20190 301-804-4705 www.securityindustry.org Submitted by email: osd.dfars@mail.mil October 19, 2018 Re: Section 889 of the
More informationG7 Bar Associations and Councils
COUNTRY PAPER UNITED STATES G7 Bar Associations and Councils SEPTEMBER 14, 2017 ROME, ITALY The American Bar Association P R E F A C E As we have witnessed, cyber terrorism is an extremely serious threat
More informationTRIAEM LLC Corporate Capabilities Briefing
TRIAEM LLC Corporate Capabilities Briefing 3/4/ 1 CORPORATE OVERVIEW CORPORATE VALUES MISSION STATEMENT SERVICES WORKFORCE EXPERIENCE CORPORATE CONTACTS 3/4/ 2 CORPORATE OVERVIEW TRIAEM is certified through
More informationU.S. Japan Internet Economy Industry Forum Joint Statement October 2013 Keidanren The American Chamber of Commerce in Japan
U.S. Japan Internet Economy Industry Forum Joint Statement 2013 October 2013 Keidanren The American Chamber of Commerce in Japan In June 2013, the Abe Administration with the support of industry leaders
More informationCybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com
Cybersecurity Presidential Policy Directive Frequently Asked Questions kpmg.com Introduction On February 12, 2013, the White House released the official version of the Presidential Policy Directive regarding
More informationWhite Paper. View cyber and mission-critical data in one dashboard
View cyber and mission-critical data in one dashboard Table of contents Rising cyber events 2 Mitigating threats 2 Heighten awareness 3 Evolving the solution 5 One of the direct benefits of the Homeland
More information2017 LEGISLATIVE recommendations cyber security
2017 LEGISLATIVE recommendations cyber security Cyber security risk is a policy-level issue to be handled at the elected and appointed official level, not just administratively at an agency or within information
More informationGAO. HOMELAND SECURITY OMB s Temporary Cessation of Information Technology Funding for New Investments
GAO United States General Accounting Office Testimony Before the Subcommittee on Technology and Procurement Policy, Committee on Government Reform, House of Representatives For Release on Delivery Expected
More informationNATIONAL DEFENSE INDUSTRIAL ASSOCIATION Homeland Security Symposium
NATIONAL DEFENSE INDUSTRIAL ASSOCIATION Homeland Security Symposium Securing Cyber Space & America s Cyber Assets: Threats, Strategies & Opportunities September 10, 2009, Crystal Gateway Marriott, Arlington,
More informationNotification of Issuance of Binding Operational Directive and Establishment of. AGENCY: National Protection and Programs Directorate, DHS.
This document is scheduled to be published in the Federal Register on 09/19/2017 and available online at https://federalregister.gov/d/2017-19838, and on FDsys.gov 9110-9P-P DEPARTMENT OF HOMELAND SECURITY
More informationBrussels, 19 May 2011 COUNCIL THE EUROPEAN UNION 10299/11 TELECOM 71 DATAPROTECT 55 JAI 332 PROCIV 66. NOTE From : COREPER
COUNCIL OF THE EUROPEAN UNION Brussels, 19 May 2011 10299/11 TELECOM 71 DATAPROTECT 55 JAI 332 PROCIV 66 NOTE From : COREPER To: COUNCIL No Cion. prop.: 8548/11 TELECOM 40 DATAPROTECT 27 JAI 213 PROCIV38
More informationDepartment of Defense (DoD) Joint Federated Assurance Center (JFAC) Overview
Department of Defense (DoD) Joint Federated Assurance Center (JFAC) Overview Kristen Baldwin Principal Deputy, Office of the Deputy Assistant Secretary of Defense for Systems Engineering (DASD(SE)) 17
More informationOverview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013
Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 PPD-21: CI Security and Resilience On February 12, 2013, President Obama signed Presidential Policy Directive
More informationMYTH vs. REALITY The Revised Cybersecurity Act of 2012, S. 3414
MYTH vs. REALITY The Revised Cybersecurity Act of 2012, S. 3414 The Cybersecurity Act of 2012, S. 3414, has not been the subject of a legislative hearing and has skipped regular order. HSGAC has not marked
More informationASSEMBLY, No STATE OF NEW JERSEY. 217th LEGISLATURE INTRODUCED FEBRUARY 4, 2016
ASSEMBLY, No. STATE OF NEW JERSEY th LEGISLATURE INTRODUCED FEBRUARY, 0 Sponsored by: Assemblywoman VALERIE VAINIERI HUTTLE District (Bergen) Assemblyman DANIEL R. BENSON District (Mercer and Middlesex)
More informationROADMAP TO DFARS COMPLIANCE
ROADMAP TO DFARS COMPLIANCE ARE YOU READY FOR THE 12/31/17 DEADLINE? In our ebook, we have answered the most common questions we receive from companies preparing for DFARS compliance. Don t risk terminated
More informationCyber Security and Cyber Fraud
Cyber Security and Cyber Fraud Remarks by Andrew Ross Director, Payments and Cyber Security Canadian Bankers Association for Senate Standing Committee on Banking, Trade, and Commerce October 26, 2017 Ottawa
More informationSOC for cybersecurity
April 2018 SOC for cybersecurity a backgrounder Acknowledgments Special thanks to Francette Bueno, Senior Manager, Advisory Services, Ernst & Young LLP and Chris K. Halterman, Executive Director, Advisory
More informationWritten Statement of. Timothy J. Scott Chief Security Officer The Dow Chemical Company
Written Statement of Timothy J. Scott Chief Security Officer The Dow Chemical Company Representing The Dow Chemical Company and the American Chemistry Council To the United States Senate Committee on Homeland
More informationUNCLASSIFIED. FY 2016 Base FY 2016 OCO
Exhibit R-2, RDT&E Budget Item Justification: PB 2016 Office of the Secretary Of Defense : February 2015 0400: Research, Development, Test & Evaluation, Defense-Wide / BA 7: Operational Systems Development
More informationTechnical Conference on Critical Infrastructure Protection Supply Chain Risk Management
Technical Conference on Critical Infrastructure Protection Supply Chain Risk Management Remarks of Marcus Sachs, Senior Vice President and the Chief Security Officer North American Electric Reliability
More informationCyber Security Summit 2014 USCENTCOM Cybersecurity Cooperation
Cyber Security Summit 2014 USCENTCOM Cybersecurity Cooperation COL Michael R. Corpening Deputy Chief, Operations Division (CCJ6-O) 1 December 2014 The overall classification of this brief is UNCLASSIFIED
More informationISAO SO Product Outline
Draft Document Request For Comment ISAO SO 2016 v0.2 ISAO Standards Organization Dr. Greg White, Executive Director Rick Lipsey, Deputy Director May 2, 2016 Copyright 2016, ISAO SO (Information Sharing
More informationTHE WHITE HOUSE. Office of the Press Secretary. For Immediate Release September 23, 2014 EXECUTIVE ORDER
THE WHITE HOUSE Office of the Press Secretary For Immediate Release September 23, 2014 EXECUTIVE ORDER - - - - - - - CLIMATE-RESILIENT INTERNATIONAL DEVELOPMENT By the authority vested in me as President
More informationInformation Systems Security Requirements for Federal GIS Initiatives
Requirements for Federal GIS Initiatives Alan R. Butler, CDP Senior Project Manager Penobscot Bay Media, LLC 32 Washington Street, Suite 230 Camden, ME 04841 1 Federal GIS "We are at risk," advises the
More informationViews on the Framework for Improving Critical Infrastructure Cybersecurity
This document is scheduled to be published in the Federal Register on 12/11/2015 and available online at http://federalregister.gov/a/2015-31217, and on FDsys.gov Billing Code: 3510-13 DEPARTMENT OF COMMERCE
More informationCommonwealth Cyber Declaration
Commonwealth Cyber Declaration Recognising that the development of cyberspace has made a powerful contribution to the economic, social, cultural and political life of the Commonwealth; Underlining that
More informationSecurity and Privacy Governance Program Guidelines
Security and Privacy Governance Program Guidelines Effective Security and Privacy Programs start with attention to Governance. Governance refers to the roles and responsibilities that are established by
More informationExecutive Order on Coordinating National Resilience to Electromagnetic Pulses
Executive Order on Coordinating National Resilience to Electromagnetic Pulses The Wh... Page 1 of 11 EXECUTIVE ORDERS Executive Order on Coordinating National Resilience to Electromagnetic Pulses INFRASTRUCTURE
More informationCybersecurity Risk Management:
Cybersecurity Risk Management: Building a Culture of Responsibility G7 ICT and Industry Multistakeholder Conference September 25 2017 Adam Sedgewick asedgewick@doc.gov Cybersecurity in the Department of
More informationOFFICE OF THE UNDER SECRETARY OF DEFENSE 3000DEFENSEPENTAGON WASHINGTON, DC
OFFICE OF THE UNDER SECRETARY OF DEFENSE 3000DEFENSEPENTAGON WASHINGTON, DC 20301-3000 ACQUISITION, TECHNO LOGY. A N D LOGISTICS SEP 2 1 2017 MEMORANDUM FOR COMMANDER, UNITED ST A TES SPECIAL OPERATIONS
More informationImplementing a Modular Open Systems Approach (MOSA) to Achieve Acquisition Agility in Defense Acquisition Programs
Implementing a Modular Open Systems Approach (MOSA) to Achieve Acquisition Agility in Defense Acquisition Programs Philomena Zimmerman Office of the Deputy Assistant Secretary of Defense for Systems Engineering
More informationNATIONAL GUIDELINES ON CLOUD COMPUTING FOR GOVERNMENT, MINISTRIES, DEPARTMENTS AND AGENCIES
NATIONAL GUIDELINES ON CLOUD COMPUTING FOR GOVERNMENT, MINISTRIES, DEPARTMENTS AND AGENCIES DOCUMENT DETAIL Security Classification Unclassified Authority National Information Technology Authority - Uganda
More informationImplementing the Administration's Critical Infrastructure and Cybersecurity Policy
Implementing the Administration's Critical Infrastructure and Cybersecurity Policy Cybersecurity Executive Order and Critical Infrastructure Security & Resilience Presidential Policy Directive Integrated
More informationEvaluating and Improving Cybersecurity Capabilities of the Electricity Critical Infrastructure
Evaluating and Improving Cybersecurity Capabilities of the Electricity Critical Infrastructure March 2015 Pamela Curtis Dr. Nader Mehravari Katie Stewart Cyber Risk and Resilience Management Team CERT
More informationTestimony. Christopher Krebs Director Cybersecurity and Infrastructure Security Agency U.S. Department of Homeland Security FOR A HEARING ON
Testimony Christopher Krebs Director Cybersecurity and Infrastructure Security Agency U.S. Department of Homeland Security FOR A HEARING ON Defending Our Democracy: Building Partnerships to Protect America
More informationState Governments at Risk: State CIOs and Cybersecurity. CSG Cybersecurity and Privacy Policy Academy November 2, 2017
State Governments at Risk: State CIOs and Cybersecurity CSG Cybersecurity and Privacy Policy Academy November 2, 2017 About NASCIO National association representing state chief information officers and
More informationCYBERSECURITY LEGISLATION IT OUT!
ATTEMPTS TO PASS US U.S. CYBERSECURITY LEGISLATION YOU NEED A SCORECARD TO FIGURE YOU NEED A SCORECARD TO FIGURE IT OUT! Professor Pauline C. Reich Waseda University School of Law cyberasia2@gmail.com
More informationRequest for Information Strategies to Improve Maritime Supply Chain Security and Achieve 100% Overseas Scanning
Request for Information Strategies to Improve Maritime Supply Chain Security and Achieve 100% Overseas Scanning May 2, 2016 1 STRATEGIES TO IMPROVE MARITIME SUPPLY CHAIN SECURITY AND ACHIEVE 100% OVERSEAS
More informationTHE POWER OF TECH-SAVVY BOARDS:
THE POWER OF TECH-SAVVY BOARDS: LEADERSHIP S ROLE IN CULTIVATING CYBERSECURITY TALENT SHANNON DONAHUE DIRECTOR, INFORMATION SECURITY PRACTICES 1 IT S A RISK-BASED WORLD: THE 10 MOST CRITICAL UNCERTAINTIES
More informationToday s cyber threat landscape is evolving at a rate that is extremely aggressive,
Preparing for a Bad Day The importance of public-private partnerships in keeping our institutions safe and secure Thomas J. Harrington Today s cyber threat landscape is evolving at a rate that is extremely
More informationThe Interim Report on the Revision of the Guidelines for U.S.-Japan Defense Cooperation
The Interim Report on the Revision of the Guidelines for U.S.-Japan Defense Cooperation I. Introduction At the 2+2 U.S.-Japan Security Consultative Committee (SCC) meeting in Tokyo on October 3, 2013,
More informationDHS Cybersecurity: Services for State and Local Officials. February 2017
DHS Cybersecurity: Services for State and Local Officials February 2017 Department of Established in March of 2003 and combined 22 different Federal departments and agencies into a unified, integrated
More informationDefense Security Service. Strategic Plan Addendum, April Our Agency, Our Mission, Our Responsibility
Strategic Plan 2020 Addendum, April 2017 Our Agency, Our Mission, Our Responsibility [2] DSS Strategic Plan Addendum 2020 Addendum The DSS Strategic Plan 2020 is designed to support the agency s continuous
More informationCybersecurity and Hospitals: A Board Perspective
Cybersecurity and Hospitals: A Board Perspective Cybersecurity is an important issue for both the public and private sector. At a time when so many of our activities depend on information systems and technology,
More informationOFFICE OF THE ASSISTANT SECRETARY OF DEFENSE HEALTH AFFAIRS SKYLINE FIVE, SUITE 810, 5111 LEESBURG PIKE FALLS CHURCH, VIRGINIA
OFFICE OF THE ASSISTANT SECRETARY OF DEFENSE HEALTH AFFAIRS SKYLINE FIVE, SUITE 810, 5111 LEESBURG PIKE FALLS CHURCH, VIRGINIA 22041-3206 TRICARE MANAGEMENT ACTIVITY MEMORANDUM FOR: SEE DISTRIBUTION SUBJECT:
More informationRESPONSE TO 2016 DEFENCE WHITE PAPER APRIL 2016
RESPONSE TO 2016 DEFENCE WHITE PAPER APRIL 2016 HunterNet Co-Operative Limited T: 02 4908 7380 1 P a g e RESPONSE TO 2016 DEFENCE WHITE PAPER APRIL 2016 Project Manager Marq Saunders, HunterNet Defence
More informationLegal and Regulatory Developments for Privacy and Security
Legal and Regulatory Developments for Privacy and Security Rodney Petersen Government Relations Officer and Director of EDUCAUSE Cybersecurity Initiative Overview Context for Federal Policy Policy Directions
More informationIT-CNP, Inc. Capability Statement
Securing America s Infrastructure Security Compliant IT Operations Hosting Cyber Security Information FISMA Cloud Management Hosting Security Compliant IT Logistics Hosting 1 IT-CNP, Inc. is a Government
More informationMitigation Framework Leadership Group (MitFLG) Charter DRAFT
Mitigation Framework Leadership Group (MitFLG) Charter DRAFT October 28, 2013 1.0 Authorities and Oversight The Mitigation Framework Leadership Group (MitFLG) is hereby established in support of and consistent
More informationPIPELINE SECURITY An Overview of TSA Programs
PIPELINE SECURITY An Overview of TSA Programs Jack Fox Pipeline Industry Engagement Manager Surface Division Office of Security Policy & Industry Engagement May 5, 2014 TSA and Pipeline Security As the
More informationMarch 21, 2016 MEMORANDUM FOR THE HEADS OF EXECUTIVE DEPARTMENTS AND AGENCIES. Building National Capabilities for Long-Term Drought Resilience
This document is scheduled to be published in the Federal Register on 03/25/2016 and available online at http://federalregister.gov/a/2016-06901, and on FDsys.gov March 21, 2016 MEMORANDUM FOR THE HEADS
More informationENISA EU Threat Landscape
ENISA EU Threat Landscape 24 th February 2015 Dr Steve Purser ENISA Head of Department European Union Agency for Network and Information Security www.enisa.europa.eu Agenda ENISA Areas of Activity Key
More informationBoston Chapter AGA 2018 Regional Professional Development Conference Cyber Security MAY 2018
Boston Chapter AGA 2018 Regional Professional Development Conference Cyber Security BRANDEIS UNIVERSITY PROFESSOR ERICH SCHUMANN MAY 2018 1 Chinese military strategist Sun Tzu: Benchmark If you know your
More informationVdTÜV Statement on the Communication from the EU Commission A Digital Single Market Strategy for Europe
Author Date VdTÜV-WG Cybersecurity October, 3 rd 2015 VdTÜV Statement on the Communication from the EU Commission A Digital Single Market Strategy for Europe VdTÜV e.v. welcomes the Communication on a
More information300 Riverview Plaza Odysseus Marcopolus, Chief Operating Officer Trenton, NJ POLICY NO: SUPERSEDES: N/A VERSION: 1.0
P.O. Box 212 Philip D. Murphy, Governor 300 Riverview Plaza Odysseus Marcopolus, Chief Operating Officer Trenton, NJ 08625-0212 www.tech.nj.gov STATE OF NEW JERSEY TECHNOLOGY CIRCULAR Enterprise Information
More informationInformation Collection Request: The Department of Homeland. Security, Stakeholder Engagement and Cyber Infrastructure
This document is scheduled to be published in the Federal Register on 07/18/2017 and available online at https://federalregister.gov/d/2017-15068, and on FDsys.gov 9110-9P P DEPARTMENT OF HOMELAND SECURITY
More informationData to Decisions Terminate, Tolerate, Transfer, or Treat
I N S T I T U T E F O R D E F E N S E A N A L Y S E S Data to Decisions Terminate, Tolerate, Transfer, or Treat Laura A. Odell 25 July 2016 Approved for public release; distribution is unlimited. IDA Non-Standard
More informationStatement for the Record
Statement for the Record of Seán P. McGurk Director, Control Systems Security Program National Cyber Security Division National Protection and Programs Directorate Department of Homeland Security Before
More informationThe Current State of Federal Information Technology Acquisition Reform and Management
The Current State of Federal Information Technology Acquisition Reform and Management Updated June 8, 2018 Congressional Research Service https://crsreports.congress.gov R44843 Summary The Government Accountability
More informationNational Strategy for CBRNE Standards
National Strategy for CBRNE Standards Franca R. Jones Assistant Director Chemical and Biological Countermeasures National Security and International Affairs Office of Science and Technology Policy 11 September
More informationControl Systems Cyber Security Awareness
Control Systems Cyber Security Awareness US-CERT Informational Focus Paper July 7, 2005 Produced by: I. Purpose Focus Paper Control Systems Cyber Security Awareness The Department of Homeland Security
More informationCybersecurity, Trade, and Economic Development
Cybersecurity, Trade, and Economic Development G7 ICT Priorities: Technology, Innovation, and the Global Economy UNCTAD E-Commerce Week Danielle Kriz Senior Director, Global Policy Palo Alto Networks April
More informationPromoting accountability and transparency of multistakeholder partnerships for the implementation of the 2030 Agenda
2016 PARTNERSHIP FORUM Promoting accountability and transparency of multistakeholder partnerships for the implementation of the 2030 Agenda 31 March 2016 Dialogue Two (3:00 p.m. 5:45 p.m.) ECOSOC CHAMBER,
More informationSUMMARY DEPARTMENT OF DEFENSE CYBER STRATEGY
SUMMARY DEPARTMENT OF DEFENSE CYBER STRATEGY This page left intentionally blank INTRODUCTION American prosperity, liberty, and security depend upon open and reliable access to information. The Internet
More informationA BUSINESS PERSPECTIVE ON INTERNATIONAL CLIMATE CHANGE POLICY
A BUSINESS PERSPECTIVE ON INTERNATIONAL CLIMATE CHANGE POLICY POLICY STATEMENT Prepared by the ICC Commission on Environment and Energy Document No. 213-11 November 2014 A business perspective on international
More informationDEPARTMENT OF THE AIR FORCE PRESENTATION TO THE SUBCOMMITTEE ON STRATEGIC FORCES U.S. HOUSE OF REPRESENTATIVES
NOT FOR PUBLICATION UNTIL RELEASED BY THE UNITED STATES HOUSE OF REPRESENTATIVES DEPARTMENT OF THE AIR FORCE PRESENTATION TO THE U.S. HOUSE OF REPRESENTATIVES SUBJECT: Assuring National Security Space:
More informationSTRATEGY ATIONAL. National Strategy. for Critical Infrastructure. Government
ATIONAL STRATEGY National Strategy for Critical Infrastructure Government Her Majesty the Queen in Right of Canada, 2009 Cat. No.: PS4-65/2009E-PDF ISBN: 978-1-100-11248-0 Printed in Canada Table of contents
More informationUAE National Space Policy Agenda Item 11; LSC April By: Space Policy and Regulations Directory
UAE National Space Policy Agenda Item 11; LSC 2017 06 April 2017 By: Space Policy and Regulations Directory 1 Federal Decree Law No.1 of 2014 establishes the UAE Space Agency UAE Space Agency Objectives
More informationSTRATEGIC PLAN. USF Emergency Management
2016-2020 STRATEGIC PLAN USF Emergency Management This page intentionally left blank. Organization Overview The Department of Emergency Management (EM) is a USF System-wide function based out of the Tampa
More informationSenate Comprehensive Energy Bill
Senate Comprehensive Energy Bill Both the House and Senate energy committees are currently in the process of developing comprehensive energy bills. The Senate Energy and Natural Resources Committee released
More informationPEOPLE INNOVATION CAPITAL INFRASTRUCTURE AGILITY. New Brunswick Growth Opportunity. Cybersecurity
PEOPLE INNOVATION CAPITAL INFRASTRUCTURE AGILITY New Brunswick Growth Opportunity New Brunswick Growth Opportunity Province of New Brunswick PO 6000, Fredericton NB E3B 5H1 Canada ISBN 978-1-4605-1669-0
More informationDoug Couto Texas A&M Transportation Technology Conference 2017 College Station, Texas May 4, 2017
Cyber Concerns of Local Government and What Does It Mean to Transportation Doug Couto Texas A&M Transportation Technology Conference 2017 College Station, Texas May 4, 2017 Transportation and Infrastructure
More informationMapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective
Mapping Your Requirements to the NIST Cybersecurity Framework Industry Perspective 1 Quest has the solutions and services to help your organization identify, protect, detect, respond and recover, better
More informationSummary Comparison of Current Data Security and Breach Notification Bills
Topic S. 117 (Nelson) S. (Carper/Blunt) H.R. (Blackburn/Welch) Comments Data Security Standards The FTC shall promulgate regulations requiring information security practices that are appropriate to the
More informationPosition Description. Engagement Manager UNCLASSIFIED. Outreach & Engagement Information Assurance and Cyber Security Directorate.
Position Description Engagement Manager Business unit: Position purpose: Direct reports: Directorate overview: Business Unit Overview Remuneration indicator: Outreach & Engagement Information Assurance
More informationLarry Clinton President & CEO (703)
For information about membership opportunities, please contact: Larry Clinton President & CEO lclinton@isalliance.org (703) 907-7028 For more information about the Internet Security Alliance, please visit
More informationThe UNISDR Private Sector Alliance for Disaster Resilient Societies
The UNISDR Private Sector Alliance for Disaster Resilient Societies Sandra Amlang United Nations Office for Disaster Risk Reduction (UNISDR) Regional Office- the Americas. 24 August 2017 Increase in Frequency
More informationThailand Digital Government Development Plan Digital Government Development Agency (Public Organization) (DGA)
ขอแค ประมาณ ร ปน นะโม Thailand Digital Government Development Plan Digital Government Development Agency (Public Organization) (DGA) 1 Government agencies need to develop the Digital Government Master
More information