MYTH vs. REALITY The Revised Cybersecurity Act of 2012, S. 3414

Size: px
Start display at page:

Download "MYTH vs. REALITY The Revised Cybersecurity Act of 2012, S. 3414"

Transcription

1 MYTH vs. REALITY The Revised Cybersecurity Act of 2012, S The Cybersecurity Act of 2012, S. 3414, has not been the subject of a legislative hearing and has skipped regular order. HSGAC has not marked it up and the Majority Leader used Rule 14 to bypass committee action and proceed directly to the floor with this legislation. The American people deserve to have the opportunity to learn what is in this bill, how much it will cost, and what this highly-technical, 211 page bill that uses the word shall 295 times means for personal and economic freedom. MYTH Title I: Critical Cyber Infrastructure REALITY This bill creates a public-private partnership with private sector developed voluntary standards. (S Summary) This Council would conduct risk assessments to determine which sectors are subject to the greatest and most immediate cyber risk and would identify particular categories of critical infrastructure as critical cyber infrastructure. (S Summary) Congress should not authorize open-ended, undefined regulatory schemes. Dodd-Frank, Cap & Trade, and Internet regulations like network neutrality were all regulatory bills with a defined universe of impacted industries. This revised bill is even worse because it has two core, unprecedented components: it allows the DHS-led, government-only National Council (including Federal regulators) to (1) define the scope of who they want to regulate; and (2) develop whatever regulations it wants in the name of cybersecurity. This limitless, unbridled government authority will be handed over to every federal agency connected to the Internet.... this revised legislation would establish a robust public private partnership (S Summary) Industry would develop voluntary cybersecurity practices and a multi agency Government council would ensure these practices are adequate to secure systems from attacks. (S Summary) Under the bill, the government, not the private sector, adopts and promulgates all standards, and sector coordinating councils (private sector) must comply with them. In Sec. 103(a), sector coordinating councils (private sector) shall propose voluntary outcome-based cybersecurity practices, which are then submitted to the DHS-led, government-only National Council. The government then decides whether and how to amend or add to those voluntary cybersecurity practices (Sec. 103(b)(1)(D)). Under this bill, the private sector cannot object; there is no due process available or any means to stop the government from deciding to completely change these voluntary standards. In short, what began in one subsection as voluntary proposed 1

2 standards, will likely become government developed and approved standards, with no recourse for the private sector. Nothing in this bill ensures that any consideration will be given to the specific needs and economic interests of small businesses. This Council (government) would conduct risk assessments to determine which sectors are subject to the greatest and most immediate cyber risk and would identify particular categories of critical infrastructure as critical cyber infrastructure. (S Summary) The Political and Chinese Carve-out For political, not national security reasons, the bill carves-out technology products including those manufactured in countries like China. Under Section 102(b)(5), the DHS-led, government-only National Council may not identify these products as critical cyber infrastructure. Having the Council single out certain critical infrastructure in the first place is bad policy, but the flawed process and exemptions for politically selected products including from countries like China is exactly the opposite of common sense cybersecurity. The bill creates no new regulators, and provides no new authority for an agency to establish standards that are not otherwise authorized by law. (S Summary) If these standards are voluntary, then federal taxes are optional. Given that the standards will be what the government wants (Sec. 103(b)(1)(D)), there are big regulatory consequences from sector specific regulators like SEC, FCC, DoE and DHS. Section 103(g)(1)(A) is clear: A Federal agency with responsibilities for regulating the security of critical infrastructure may adopt the cybersecurity practices as mandatory requirements. So what began, and is being sold as voluntary proposals will soon become mandatory requirements. As our economy falters and regulations strangle American businesses, now is no time to give regulatory agencies even more unbridled authority. But the bill does not stop there. Section 103(g)(B) mandates a report to Congress if a Federal Agency with responsibilities for regulating the security of critical infrastructure has NOT adopted the cybersecurity practices as mandatory requirements. That s right, if the voluntary proposals are NOT mandated by regulatory agencies, the regulatory agency must explain why. This is an explicit presumption in favor of regulation. 2

3 Section 105 drives this point home: Nothing in this title shall be construed to limit the ability of a Federal agency with responsibilities for regulating the security of critical infrastructure from requiring that the cybersecurity practices developed under section 103 be met. Title VII: Information Sharing Improve Information Sharing While Protecting Privacy and Civil Liberties. (S Summary) While it promotes the sharing of cyber threat information, this legislation also ensures that privacies and civil liberties are protected. (S Summary) The information sharing provisions in the revised bill are a big step back. In order to appease certain privacy groups and their inaccurate perceptions about defense agencies, the revised bill eliminates DoD s existing ability to get cyber threat information immediately and directly from the private sector (Sec. 703(a)(1)). Requiring that NSA and other DoD agencies get such information from DHS-selected exchanges in as close to real time as possible (Sec. 703(a)(2)) means only that our response to real-time cyber threats including those from China, Russia and Iran will be seriously delayed. Both the private sector and the government have information about cyber threats that help protect networks. (S Summary) As we learned from 9/11, information about national security threats must be shared fully and timely within the government so that the right people have access to the right information. Yet, the revised bill rebuilds the pre-9/11 walls by limiting the government s use of cyber threat information to only investigating cyber crimes, or cases of imminent threats of death or child safety (Sec. 704(g)). This means that, unless information is related to one of those cases, the government cannot ever use cyber threat information it gets from the private sector to prevent terrorist acts or catch spies. Sec. 104(c)(4) allows the government to use real-time sharing of classified cyber threat information as an incentive for a private entity to be certified under title I, directly undermining the attempted improvements to information sharing in title VII. Non-certified entities have a singificant need to know the nature of the threats so that they will take action, but under this punitive measure, these companies will be in line for information behind all certified owners. 3

4 It [the bill, S. 3414] would also provide a framework for private sector companies to share information about cyber threats with each other and with the federal government and provide certain liability protection for companies that do so. (S Summary) The framework for sharing information under this bill is more government bureaucracy. The DHS Secretary is given unchecked authority to designate Federal and non-federal entities as cyber exchanges (Sec. 703(a)). Non- Federal entities have no ability to challenge a designation, or receive liability protection for serving in this role. Right now, six cybersecurity centers exist that can and do serve as information sharing partners with the private sector, but this bill opts instead for more bureaucracy which adds layers between the information and those who are most able to keep Americans safe - at the sole discretion of one department, DHS. The information sharing procedures are designed to ensure that privacy and civil liberties are protected when information is shared under this bill. (S Summary) This bill would authorize the government to provide security clearances to companies with a need to receive classified information to protect their networks. (S Summary) If ensuring that privacy and civil liberties are protected means providing more job security for trial lawyers, then the revised bill is right on target. From providing a broad cause of action against the Federal government (Sec. 704(g)(7)), to putting the onus on one private entity to know if another is unreliable (Sec. 702(c)), to complicated and multi-tiered liability provisions (Sec. 706)), this bill will ensure that information sharing activities will be a constant source of litigation. If this is the incentive for the private sector to share with the government and with each other, we should not be surprised if company lawyers advise their clients that it s just not worth the risk. Unfortunately, because of the lack of strong liability protection and the probability of putting a company at legal liability risk, companies will be less likely to share the information they have which makes Americans less safe. Remember, the private sector plays a critical role because they own 80 to 90 percent of America s cyber infrastructure. Congress should encourage the sharing of classified information, but tying security clearances, that should be based on a need-to-know and eligibility, to compliance with a government certification process (Sec. 104(c)(2)) is bad policy. 4

5 5

How Cybersecurity Initiatives May Impact Operators. Ross A. Buntrock, Partner

How Cybersecurity Initiatives May Impact Operators. Ross A. Buntrock, Partner How Cybersecurity Initiatives May Impact Operators Ross A. Buntrock, Partner ross.buntrock@agg.com 202.669.0495 Agenda Rise in Data Breaches Effects of Increase in Cybersecurity Threats Cybersecurity Framework

More information

-Eight types of cyber data, (Sec. 708(7))

-Eight types of cyber data, (Sec. 708(7)) WHAT INFORMATION MAY BE SHARED H.R. 624, the Cyber Intelligence sharing and Protection Act of 2013 (CISPA) (Rogers- -Notwithstanding any provision of law, S. 3414, the Cybersecurity Act of 2012 (Lieberman-Collins-

More information

Implementing the Administration's Critical Infrastructure and Cybersecurity Policy

Implementing the Administration's Critical Infrastructure and Cybersecurity Policy Implementing the Administration's Critical Infrastructure and Cybersecurity Policy Cybersecurity Executive Order and Critical Infrastructure Security & Resilience Presidential Policy Directive Integrated

More information

- Cyber threat information: information directly pertaining to,

- Cyber threat information: information directly pertaining to, WHAT INFORMATION MAY BE SHARED H.R. 3674, the PRECISE Act of 2011, as reported from HHSC Subcmte on Cybersecurity (Lungren) law, H.R. 3523, the Cyber Intelligence sharing and Protection Act of 2011, as

More information

G7 Bar Associations and Councils

G7 Bar Associations and Councils COUNTRY PAPER UNITED STATES G7 Bar Associations and Councils SEPTEMBER 14, 2017 ROME, ITALY The American Bar Association P R E F A C E As we have witnessed, cyber terrorism is an extremely serious threat

More information

Cybersecurity Information Sharing Legislation

Cybersecurity Information Sharing Legislation Government entities and private-sector organizations in the United States now have a common framework that encourages the sharing of cybersecurity threat information among each other, thanks to new federal

More information

STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE

STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE By the authority vested in me as President by the Constitution and the laws of the United States of America, it is hereby

More information

National Policy and Guiding Principles

National Policy and Guiding Principles National Policy and Guiding Principles National Policy, Principles, and Organization This section describes the national policy that shapes the National Strategy to Secure Cyberspace and the basic framework

More information

Cyber and Supply Chain Policy Issues

Cyber and Supply Chain Policy Issues Manufacturing Division Meeting Cyber and Supply Chain Policy Issues Eisenhower School for National Security and Resource Strategy National Defense University Fort McNair, Washington, DC February 21, 2013

More information

NATIONAL DEFENSE INDUSTRIAL ASSOCIATION Homeland Security Symposium

NATIONAL DEFENSE INDUSTRIAL ASSOCIATION Homeland Security Symposium NATIONAL DEFENSE INDUSTRIAL ASSOCIATION Homeland Security Symposium Securing Cyber Space & America s Cyber Assets: Threats, Strategies & Opportunities September 10, 2009, Crystal Gateway Marriott, Arlington,

More information

The Impact of US Cybersecurity Policies on Submarine Cable Systems

The Impact of US Cybersecurity Policies on Submarine Cable Systems The Impact of US Cybersecurity Policies on Submarine Cable Systems International Cable Protection Committee 2013 Plenary Meeting May 21-23, 2013 Eric Fishman, Esq., Partner, Phillips Nizer LLP 666 Fifth

More information

COMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN

COMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN COMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN 24-27 July 2016 1 CONTENT INTRODUCTION POLICY OBJECTIVES POLICY AND LEGISLATIVE PRINCIPLES CYBER SECURITY STRATEGY CHALLENGES AND OPPORTUNITIES CAPACITY BUILDING

More information

Section One of the Order: The Cybersecurity of Federal Networks.

Section One of the Order: The Cybersecurity of Federal Networks. Summary and Analysis of the May 11, 2017 Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure. Introduction On May 11, 2017, President Donald

More information

Erik Puskar Standards Coordination Office 30 May, 2013 World Trade Center Moscow

Erik Puskar Standards Coordination Office 30 May, 2013 World Trade Center Moscow NIST and the Government Role in the U.S. Standards System Erik Puskar Standards Coordination Office 30 May, 2013 World Trade Center Moscow 1 Discussion Outline NIST Overview Government Role National Technology

More information

Implementing Executive Order and Presidential Policy Directive 21

Implementing Executive Order and Presidential Policy Directive 21 March 26, 2013 Implementing Executive Order 13636 and Presidential Policy Directive 21 Mike Smith, Senior Cyber Policy Advisor, Office of Electricity Delivery and Energy Reliability, Department of Energy

More information

Cybersecurity & Privacy Enhancements

Cybersecurity & Privacy Enhancements Business, Industry and Government Cybersecurity & Privacy Enhancements John Lainhart, Director, Grant Thornton The National Institute of Standards and Technology (NIST) is in the process of updating their

More information

DHS Cybersecurity: Services for State and Local Officials. February 2017

DHS Cybersecurity: Services for State and Local Officials. February 2017 DHS Cybersecurity: Services for State and Local Officials February 2017 Department of Established in March of 2003 and combined 22 different Federal departments and agencies into a unified, integrated

More information

Executive Order on Coordinating National Resilience to Electromagnetic Pulses

Executive Order on Coordinating National Resilience to Electromagnetic Pulses Executive Order on Coordinating National Resilience to Electromagnetic Pulses The Wh... Page 1 of 11 EXECUTIVE ORDERS Executive Order on Coordinating National Resilience to Electromagnetic Pulses INFRASTRUCTURE

More information

Testimony. Christopher Krebs Director Cybersecurity and Infrastructure Security Agency U.S. Department of Homeland Security FOR A HEARING ON

Testimony. Christopher Krebs Director Cybersecurity and Infrastructure Security Agency U.S. Department of Homeland Security FOR A HEARING ON Testimony Christopher Krebs Director Cybersecurity and Infrastructure Security Agency U.S. Department of Homeland Security FOR A HEARING ON Defending Our Democracy: Building Partnerships to Protect America

More information

Smart Grid Update. Christopher J. Eisenbrey. Director, Business Information Edison Electric Institute (EEI)

Smart Grid Update. Christopher J. Eisenbrey. Director, Business Information Edison Electric Institute (EEI) 1 Smart Grid Update Christopher J. Eisenbrey Director, Business Information Edison Electric Institute (EEI) The Council of State Governments (CSG) April 26, 2012 Edison Electric Institute (EEI) The Edison

More information

Written Statement of. Timothy J. Scott Chief Security Officer The Dow Chemical Company

Written Statement of. Timothy J. Scott Chief Security Officer The Dow Chemical Company Written Statement of Timothy J. Scott Chief Security Officer The Dow Chemical Company Representing The Dow Chemical Company and the American Chemistry Council To the United States Senate Committee on Homeland

More information

Cyber Security Strategy

Cyber Security Strategy Cyber Security Strategy Committee for Home Affairs Introduction Cyber security describes the technology, processes and safeguards that are used to protect our networks, computers, programs and data from

More information

What Why Value Methods

What Why Value Methods Compliance What = Compliance for purposes of this discussion is the overarching guidance established as Federal & State Statutes; Federal Regulations, Directives, Instructions, Guidelines, Policies, &

More information

SECURITY CODE. Responsible Care. American Chemistry Council. 7 April 2011

SECURITY CODE. Responsible Care. American Chemistry Council. 7 April 2011 American Chemistry Council Responsible Care SECURITY CODE 7 April 2011 Debra Phillips Managing Director, Responsible Care American Chemistry Council Why develop a Separate Security Code? Need for a clearly

More information

COMMENTARY. Federal Banking Agencies Propose Enhanced Cyber Risk Management Standards

COMMENTARY. Federal Banking Agencies Propose Enhanced Cyber Risk Management Standards November 2016 COMMENTARY Federal Banking Agencies Propose Enhanced Cyber Risk Management Standards The Board of Governors of the Federal Reserve System ( Federal Reserve Board ), the Federal Deposit Insurance

More information

THE WHITE HOUSE. Office of the Press Secretary EXECUTIVE ORDER

THE WHITE HOUSE. Office of the Press Secretary EXECUTIVE ORDER THE WHITE HOUSE Office of the Press Secretary FOR IMMEDIATE RELEASE May 11, 2017 EXECUTIVE ORDER - - - - - - - STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE By the authority

More information

Cybersecurity and Data Privacy

Cybersecurity and Data Privacy DECEMBER 2015 NO. 2 Cybersecurity and Data Privacy Landmark Cybersecurity Legislation Included in Omnibus Package Action Item: Congress included the Cybersecurity Act of 2015 (the Act ) in the Consolidated

More information

DHS Cybersecurity. Election Infrastructure as Critical Infrastructure. June 2017

DHS Cybersecurity. Election Infrastructure as Critical Infrastructure. June 2017 DHS Cybersecurity Election Infrastructure as Critical Infrastructure June 2017 Department of Homeland Security Safeguard the American People, Our Homeland, and Our Values Homeland Security Missions 1.

More information

Senate Comprehensive Energy Bill

Senate Comprehensive Energy Bill Senate Comprehensive Energy Bill Both the House and Senate energy committees are currently in the process of developing comprehensive energy bills. The Senate Energy and Natural Resources Committee released

More information

Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure

Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure EXECUTIVE ORDER [13800] - - - - - - - STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS

More information

New Grid Security Measures for 2016

New Grid Security Measures for 2016 New Grid Security Measures for 2016 Two new laws that may have escaped attention by the industry have the potential to dramatically change the grid security landscape By Joel dejesus 40 Public Utilities

More information

Robert Holleyman, President and CEO, BSA The Software Alliance

Robert Holleyman, President and CEO, BSA The Software Alliance Testimony Bolstering US Cybersecurity Robert Holleyman, President and CEO, BSA The Software Alliance Testimony before the US House of Representatives, Committee on the Judiciary, Subcommittee on Crime,

More information

CYBERSECURITY LEGISLATION IT OUT!

CYBERSECURITY LEGISLATION IT OUT! ATTEMPTS TO PASS US U.S. CYBERSECURITY LEGISLATION YOU NEED A SCORECARD TO FIGURE YOU NEED A SCORECARD TO FIGURE IT OUT! Professor Pauline C. Reich Waseda University School of Law cyberasia2@gmail.com

More information

Cybersecurity in Asia-Pacific State of play, key issues for trade and e-commerce

Cybersecurity in Asia-Pacific State of play, key issues for trade and e-commerce Cybersecurity in Asia-Pacific State of play, key issues for trade and e-commerce 5-8 September 2017 Yogyakarta, Indonesia Sameer Sharma Senior Advisor ITU Digital Infrastructure for Connectivity SDGs Evolution

More information

RELIABILITY COMPLIANCE ENFORCEMENT IN ONTARIO

RELIABILITY COMPLIANCE ENFORCEMENT IN ONTARIO RELIABILITY COMPLIANCE ENFORCEMENT IN ONTARIO June 27, 2016 Training provided for Ontario market participants by the Market Assessment and Compliance Division of the IESO Module 1 A MACD training presentation

More information

Statement for the Record

Statement for the Record Statement for the Record of Seán P. McGurk Director, Control Systems Security Program National Cyber Security Division National Protection and Programs Directorate Department of Homeland Security Before

More information

Building Privacy into Cyber Threat Information Sharing Cyber Security Symposium Securing the Public Trust

Building Privacy into Cyber Threat Information Sharing Cyber Security Symposium Securing the Public Trust Building Privacy into Cyber Threat Information Sharing Cyber Security Symposium Securing the Public Trust Jamie Danker Director, Senior Privacy Officer National Protection and Programs Directorate, U.S.

More information

Robert Bond. Respecting Privacy, Securing Data and Enabling Trust a view from Europe

Robert Bond. Respecting Privacy, Securing Data and Enabling Trust a view from Europe Respecting Privacy, Securing Data and Enabling Trust a view from Europe Robert Bond, Partner & Notary Public Robert Bond Robert Bond has nearly 40 years' experience in advising national and international

More information

Greg Garcia President, Garcia Cyber Partners Former Assistant Secretary for Cyber Security and Communications, U.S. Department of Homeland Security

Greg Garcia President, Garcia Cyber Partners Former Assistant Secretary for Cyber Security and Communications, U.S. Department of Homeland Security 1 Greg Garcia President, Garcia Cyber Partners Former Assistant Secretary for Cyber Security and Communications, U.S. Department of Homeland Security 2 Government Services 3 Business Education Social CYBERSPACE

More information

THE WHITE HOUSE Office of the Press Secretary EXECUTIVE ORDER

THE WHITE HOUSE Office of the Press Secretary EXECUTIVE ORDER FOR IMMEDIATE RELEASE May 11, 2017 THE WHITE HOUSE Office of the Press Secretary EXECUTIVE ORDER - - - - - - - STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE By the authority

More information

Why you should adopt the NIST Cybersecurity Framework

Why you should adopt the NIST Cybersecurity Framework Why you should adopt the NIST Cybersecurity Framework It s important to note that the Framework casts the discussion of cybersecurity in the vocabulary of risk management Stating it in terms Executive

More information

ISAO SO Product Outline

ISAO SO Product Outline Draft Document Request For Comment ISAO SO 2016 v0.2 ISAO Standards Organization Dr. Greg White, Executive Director Rick Lipsey, Deputy Director May 2, 2016 Copyright 2016, ISAO SO (Information Sharing

More information

December 10, Statement of the Securities Industry and Financial Markets Association. Senate Committee on Banking, Housing, and Urban Development

December 10, Statement of the Securities Industry and Financial Markets Association. Senate Committee on Banking, Housing, and Urban Development December 10, 2014 Statement of the Securities Industry and Financial Markets Association Senate Committee on Banking, Housing, and Urban Development Hearing Entitled Cybersecurity: Enhancing Coordination

More information

Navigation and Vessel Inspection Circular (NVIC) 05-17; Guidelines for Addressing

Navigation and Vessel Inspection Circular (NVIC) 05-17; Guidelines for Addressing This document is scheduled to be published in the Federal Register on 07/12/2017 and available online at https://federalregister.gov/d/2017-14616, and on FDsys.gov 9110-04-P DEPARTMENT OF HOMELAND SECURITY

More information

Presidential Documents

Presidential Documents Federal Register Vol. 84, No. 61 Friday, March 29, 2019 Presidential Documents 12041 Title 3 Executive Order 13865 of March 26, 2019 The President Coordinating National Resilience to Electromagnetic Pulses

More information

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 PPD-21: CI Security and Resilience On February 12, 2013, President Obama signed Presidential Policy Directive

More information

RESOLUTION 45 (Rev. Hyderabad, 2010)

RESOLUTION 45 (Rev. Hyderabad, 2010) 212 RESOLUTION 45 (Rev. Hyderabad, 2010) The World Telecommunication Development Conference (Hyderabad, 2010), recalling a) Resolution 45 (Doha, 2006) of the World Telecommunication Development Conference

More information

Draft Resolution for Committee Consideration and Recommendation

Draft Resolution for Committee Consideration and Recommendation Draft Resolution for Committee Consideration and Recommendation Committee A: Security and Transparency in a Digital Environment The General Assembly; Draft Resolution Submitted for revision by the delegations

More information

Statement of Chief Richard Beary President of the International Association of Chiefs of Police

Statement of Chief Richard Beary President of the International Association of Chiefs of Police Statement of Chief Richard Beary President of the International Association of Chiefs of Police Subcommittee on Counterterrorism and Intelligence Committee on Homeland Security United States of House of

More information

Program 1. THE USE OF CYBER ACTIVE DEFENSE BY THE PRIVATE SECTOR

Program 1. THE USE OF CYBER ACTIVE DEFENSE BY THE PRIVATE SECTOR Program The structure of the workshop will be fully participatory for each session. We will ask several participants to take the lead in some panels, and to present the main challenges or comment on certain

More information

Mapping to the National Broadband Plan

Mapping to the National Broadband Plan The National Telecommunications and Information Administration Mapping to the National Broadband Plan 37 th Annual PURC Conference Smart Technology vs. Smart Policy February 3, 2010 1 About NTIA The National

More information

Electricity Sub-Sector Coordinating Council Charter FINAL DISCUSSION DRAFT 7/9/2013

Electricity Sub-Sector Coordinating Council Charter FINAL DISCUSSION DRAFT 7/9/2013 Electricity Sub-Sector Coordinating Council Charter FINAL DISCUSSION DRAFT 7/9/2013 Purpose and Scope The purpose of the Electricity Sub-Sector Coordinating Council (ESCC) is to facilitate and support

More information

NYDFS Cybersecurity Regulations: What do they mean? What is their impact?

NYDFS Cybersecurity Regulations: What do they mean? What is their impact? June 13, 2017 NYDFS Cybersecurity Regulations: What do they mean? What is their impact? Gus Coldebella Principal, Boston Caroline Simons Principal, Boston Agenda 1) Overview of the new regulations 2) Assessing

More information

Security of Critical Information Infrastructure: Legal Issues

Security of Critical Information Infrastructure: Legal Issues Security of Critical Information Infrastructure: Legal Issues Edward Bekeschenko, Partner INFOC Committee Meeting 26 May 2017 Agenda 1 Trends in Russia 3 2 International Practices 8 1 Trends in Russia

More information

Cybersecurity Considerations for GDPR

Cybersecurity Considerations for GDPR Cybersecurity Considerations for GDPR What is the GDPR? The General Data Protection Regulation (GDPR) is a brand new legislation containing updated requirements for how personal data of European Union

More information

Cybersecurity and Data Protection Developments

Cybersecurity and Data Protection Developments Cybersecurity and Data Protection Developments Nathan Taylor March 8, 2017 NY2 786488 MORRISON & FOERSTER LLP 2017 mofo.com Regulatory Themes 2 A Developing Regulatory Environment 2016 2017 March CFPB

More information

Cybersecurity Policy in the EU: Security Directive - Security for the data in the cloud

Cybersecurity Policy in the EU: Security Directive - Security for the data in the cloud Cybersecurity Policy in the EU: The Network and Information Security Directive - Security for the data in the cloud Microsoft Commitment to Cybersecurity Security at the heart of our products and services

More information

IMPROVING CYBERSECURITY AND RESILIENCE THROUGH ACQUISITION

IMPROVING CYBERSECURITY AND RESILIENCE THROUGH ACQUISITION IMPROVING CYBERSECURITY AND RESILIENCE THROUGH ACQUISITION Briefing for OFPP Working Group 19 Feb 2015 Emile Monette GSA Office of Governmentwide Policy emile.monette@gsa.gov Cybersecurity Threats are

More information

POSTMARKET MANAGEMENT OF CYBERSECURITY IN MEDICAL DEVICES FINAL GUIDANCE MARCH 29, TH ANNUAL MEDICAL DEVICE QUALITY CONGRESS

POSTMARKET MANAGEMENT OF CYBERSECURITY IN MEDICAL DEVICES FINAL GUIDANCE MARCH 29, TH ANNUAL MEDICAL DEVICE QUALITY CONGRESS POSTMARKET MANAGEMENT OF CYBERSECURITY IN MEDICAL DEVICES FINAL GUIDANCE MARCH 29, 2017 14TH ANNUAL MEDICAL DEVICE QUALITY CONGRESS 1 Fact vs. Myth Let s Play: Fact vs. Myth The FDA is the federal entity

More information

Legal, Ethical, and Professional Issues in Information Security

Legal, Ethical, and Professional Issues in Information Security Legal, Ethical, and Professional Issues in Information Security Downloaded from http://www.utc.edu/center-information-securityassurance/course-listing/cpsc3600.php Minor Changes from Dr. Enis KARAARSLAN

More information

U.S. Japan Internet Economy Industry Forum Joint Statement October 2013 Keidanren The American Chamber of Commerce in Japan

U.S. Japan Internet Economy Industry Forum Joint Statement October 2013 Keidanren The American Chamber of Commerce in Japan U.S. Japan Internet Economy Industry Forum Joint Statement 2013 October 2013 Keidanren The American Chamber of Commerce in Japan In June 2013, the Abe Administration with the support of industry leaders

More information

Promoting Global Cybersecurity

Promoting Global Cybersecurity Promoting Global Cybersecurity Presented to ITU-T Study Group 17 Geneva, Switzerland 6 October 2005 Robert Shaw ITU Internet Strategy and Policy Advisor ITU Strategy and Policy Unit 1 Agenda Critical Infrastructures

More information

Use of Standards and Conformity Assessment in U.S. Regulation: Perspective of the Private Sector

Use of Standards and Conformity Assessment in U.S. Regulation: Perspective of the Private Sector Use of Standards and Conformity Assessment in U.S. Regulation: Perspective of the Private Sector Standards Alliance Peru Workshop on Regulatory Decision Making October 29-30, 2014 Presentation Objectives

More information

Cybersecurity and Hospitals: A Board Perspective

Cybersecurity and Hospitals: A Board Perspective Cybersecurity and Hospitals: A Board Perspective Cybersecurity is an important issue for both the public and private sector. At a time when so many of our activities depend on information systems and technology,

More information

Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure

Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure Executive Order 13800 Update July 2017 In Brief On May 11, 2017, President Trump issued Executive Order 13800, Strengthening

More information

The APEC Model. Global Partnership through Regional Initiatives

The APEC Model. Global Partnership through Regional Initiatives The APEC Model Global Partnership through Regional Initiatives Tony Beard Office of Transport Security (OTS), Department of Transport and Regional Services (DOTARS), Australia Office of Transport Security

More information

Cybersecurity for the Electric Grid

Cybersecurity for the Electric Grid Cybersecurity for the Electric Grid Electric System Regulation, CIP and the Evolution of Transition to a Secure State A presentation for the National Association of Regulatory Utility Commissioners March

More information

Conference for Food Protection. Standards for Accreditation of Food Protection Manager Certification Programs. Frequently Asked Questions

Conference for Food Protection. Standards for Accreditation of Food Protection Manager Certification Programs. Frequently Asked Questions Conference for Food Protection Standards for Accreditation of Food Protection Manager Certification Programs Frequently Asked Questions Q. What was the primary purpose for the Conference for Food Protection

More information

Critical Infrastructure Resilience

Critical Infrastructure Resilience Critical Infrastructure Resilience Climate Resilience Webinar Series U.S. Department of Housing and Urban Development Disclaimer This presentation is intended to provide communities and states with the

More information

Information Bulletin

Information Bulletin Application of Primary and Secondary Reference Documents Version 1.1 Approved for release July 2014 Table of Contents 1.0 Purpose statement... 3 2.0 Audience... 3 3.0 BCA requirements and referenced documents...

More information

Cybersecurity Risk Management

Cybersecurity Risk Management Cybersecurity Risk Management NIST Guidance DFARS Requirements MEP Assistance David Stieren Division Chief, Programs and Partnerships National Institute of Standards and Technology (NIST) Manufacturing

More information

Critical Infrastructure Protection and Suspicious Activity Reporting. Texas Department of Public Safety Intelligence & Counterterrorism Division

Critical Infrastructure Protection and Suspicious Activity Reporting. Texas Department of Public Safety Intelligence & Counterterrorism Division Critical Infrastructure Protection and Suspicious Activity Reporting Texas Department of Public Safety Intelligence & Counterterrorism Division GOAL: Prevent terrorist attacks in Texas and prevent criminal

More information

The Stakes Are Going Up: Hacking and the New Paradigm of Data Breaches

The Stakes Are Going Up: Hacking and the New Paradigm of Data Breaches The Stakes Are Going Up: Hacking and the New Paradigm of Data Breaches Edward McNicholas Global Co-Leader, Privacy, Data Security and Information Law Sidley Austin LLP The cyber threat is one of the most

More information

Investigating Insider Threats

Investigating Insider Threats Investigating Insider Threats February 9, 2016 Jonathan Gannon, AT&T Brenda Morris, Booz Allen Hamilton Benjamin Powell, WilmerHale 1 Panelist Biographies Jonathan Gannon, AT&T, Executive Director & Senior

More information

California Code of Regulations TITLE 21. PUBLIC WORKS DIVISION 1. DEPARTMENT OF GENERAL SERVICES CHAPTER 1. OFFICE OF THE STATE ARCHITECT

California Code of Regulations TITLE 21. PUBLIC WORKS DIVISION 1. DEPARTMENT OF GENERAL SERVICES CHAPTER 1. OFFICE OF THE STATE ARCHITECT California Code of Regulations TITLE 21. PUBLIC WORKS DIVISION 1. DEPARTMENT OF GENERAL SERVICES CHAPTER 1. OFFICE OF THE STATE ARCHITECT SUBCHAPTER 2.5. VOLUNTARY CERTIFIED ACCESS SPECIALIST PROGRAM Program

More information

Chemical Facility Anti- Terrorism Standards

Chemical Facility Anti- Terrorism Standards SATA Presentation Regarding Chemical Facility Anti- Terrorism Standards Joe Hartline, CHMM Rindt-McDuff Associates Marietta, Georgia October 6, 2007 Presentation Outline Introduction Rule Requirements

More information

Grid Security & NERC

Grid Security & NERC Grid Security & NERC Janet Sena, Senior Vice President, Policy and External Affairs Southern States Energy Board 2017 Associate Members Winter Meeting February 27, 2017 Recent NERC History Energy Policy

More information

Framework for Improving Critical Infrastructure Cybersecurity. and Risk Approach

Framework for Improving Critical Infrastructure Cybersecurity. and Risk Approach Framework for Improving Critical Infrastructure Cybersecurity Implementation of Executive Order 13636 and Risk Approach June 9, 2016 cyberframework@nist.gov Executive Order: Improving Critical Infrastructure

More information

Legal and Regulatory Developments for Privacy and Security

Legal and Regulatory Developments for Privacy and Security Legal and Regulatory Developments for Privacy and Security Rodney Petersen Government Relations Officer and Director of EDUCAUSE Cybersecurity Initiative Overview Context for Federal Policy Policy Directions

More information

We collect information from you when You register for an Traders account to use the Services or Exchange and when You use such Services. V.

We collect information from you when You register for an Traders account to use the Services or Exchange and when You use such Services. V. Privacy Policy General A. The parties involved in reference to this policy are Company and You, the User of these sites: www.bittrademarket.com A.1 Bittrade Market decentralize system is the publisher

More information

USA HEAD OFFICE 1818 N Street, NW Suite 200 Washington, DC 20036

USA HEAD OFFICE 1818 N Street, NW Suite 200 Washington, DC 20036 US-China Business Council Comments on The Draft Measures for Security Review of Online Products and Services March 6, 2017 On behalf of the more than 200 members of the US-China Business Council (USCBC),

More information

US-China Business Council Comments on The Draft Cybersecurity Law

US-China Business Council Comments on The Draft Cybersecurity Law US-China Business Council Comments on The Draft Cybersecurity Law On behalf of the more than 200 members of the US-China Business Council (USCBC), we appreciate the opportunity to provide comments to the

More information

ASSEMBLY, No STATE OF NEW JERSEY. 217th LEGISLATURE INTRODUCED FEBRUARY 4, 2016

ASSEMBLY, No STATE OF NEW JERSEY. 217th LEGISLATURE INTRODUCED FEBRUARY 4, 2016 ASSEMBLY, No. STATE OF NEW JERSEY th LEGISLATURE INTRODUCED FEBRUARY, 0 Sponsored by: Assemblywoman VALERIE VAINIERI HUTTLE District (Bergen) Assemblyman DANIEL R. BENSON District (Mercer and Middlesex)

More information

Special Action Plan on Countermeasures to Cyber-terrorism of Critical Infrastructure (Provisional Translation)

Special Action Plan on Countermeasures to Cyber-terrorism of Critical Infrastructure (Provisional Translation) Special Action Plan on Countermeasures to Cyber-terrorism of Critical Infrastructure (Provisional Translation) December 15, 2000 1. Goals of the Special Action Plan The goal of this action plan is to protect

More information

VERSION 1.3 MAY 1, 2018 SNOWFLY PRIVACY POLICY SNOWFLY PERFORMANCE INC. P.O. BOX 95254, SOUTH JORDAN, UT

VERSION 1.3 MAY 1, 2018 SNOWFLY PRIVACY POLICY SNOWFLY PERFORMANCE INC. P.O. BOX 95254, SOUTH JORDAN, UT VERSION 1.3 MAY 1, 2018 SNOWFLY PRIVACY POLICY SNOWFLY PERFORMANCE INC. P.O. BOX 95254, SOUTH JORDAN, UT 84095-9998 SNOWFLY PRIVACY POLICY This Privacy Policy describes Snowfly s practices regarding the

More information

OUTCOME DOCUMENT OF THE INTERNATIONAL CONFERENCE ON CYBERLAW, CYBERCRIME & CYBERSECURITY

OUTCOME DOCUMENT OF THE INTERNATIONAL CONFERENCE ON CYBERLAW, CYBERCRIME & CYBERSECURITY OUTCOME DOCUMENT OF THE INTERNATIONAL CONFERENCE ON CYBERLAW, CYBERCRIME & CYBERSECURITY ADOPTED BY THE PARTICIPANTS OF THE INTERNATIONAL CONFERENCE ON CYBERLAW, CYBERCRIME & CYBERSECURITY AT NEW DELHI

More information

Policy. London School of Economics & Political Science. Remote Access Policy. IT Services. Jethro Perkins. Information Security Manager.

Policy. London School of Economics & Political Science. Remote Access Policy. IT Services. Jethro Perkins. Information Security Manager. London School of Economics & Political Science IT Services Policy Remote Access Policy Jethro Perkins Information Security Manager Summary This document outlines the controls from ISO27002 that relate

More information

CHAPTER 13 ELECTRONIC COMMERCE

CHAPTER 13 ELECTRONIC COMMERCE CHAPTER 13 ELECTRONIC COMMERCE Article 13.1: Definitions For the purposes of this Chapter: computing facilities means computer servers and storage devices for processing or storing information for commercial

More information

HPH SCC CYBERSECURITY WORKING GROUP

HPH SCC CYBERSECURITY WORKING GROUP HPH SCC A PRIMER 1 What Is It? The cross sector coordinating body representing one of 16 critical infrastructure sectors identified in Presidential Executive Order (PPD 21) A trust community partnership

More information

Indonesia Cyber Security Market

Indonesia Cyber Security Market Indonesia Cyber Security Market EXECUTIVE SUMMARY: Indonesia offers abundant demand for cyber security exports. Defense spending is modest, totaling $8 billion, but is expected to increase. Increase in

More information

The Office of Infrastructure Protection

The Office of Infrastructure Protection The Office of Infrastructure Protection National Protection and Programs Directorate Department of Homeland Security Organisation for the Prohibition of Chemical Weapons September 13, 2011 Overall Landscape

More information

Cyber Security and Cyber Fraud

Cyber Security and Cyber Fraud Cyber Security and Cyber Fraud Remarks by Andrew Ross Director, Payments and Cyber Security Canadian Bankers Association for Senate Standing Committee on Banking, Trade, and Commerce October 26, 2017 Ottawa

More information

Angela McKay Director, Government Security Policy and Strategy Microsoft

Angela McKay Director, Government Security Policy and Strategy Microsoft Angela McKay Director, Government Security Policy and Strategy Microsoft Demographic Trends: Internet Users in 2005.ru.ca.is.uk.nl.be.no.de.pl.ua.us.fr.es.ch.it.eg.il.sa.jo.tr.qa.ae.kz.cn.tw.kr.jp.mx.co.br.pk.th.ph.ng.in.sg.my.ar.id.au

More information

Economic and Social Council

Economic and Social Council United Nations Economic and Social Council ECE/TRANS/WP.29/2017/46 Distr.: General 23 December 2016 Original: English Economic Commission for Europe Inland Transport Committee World Forum for Harmonization

More information

Privacy Statement. Your privacy and trust are important to us and this Privacy Statement ( Statement ) provides important information

Privacy Statement. Your privacy and trust are important to us and this Privacy Statement ( Statement ) provides important information Privacy Statement Introduction Your privacy and trust are important to us and this Privacy Statement ( Statement ) provides important information about how IT Support (UK) Ltd handle personal information.

More information

Cybersecurity: CRS Experts

Cybersecurity: CRS Experts July 23, 2012 CRS Report for Congress Prepared for Members and Committees of Congress Congressional Research Service 7-5700 www.crs.gov R42619 T he following table provides names and contact information

More information

Homeland Security Institute. Annual Report. pursuant to. Homeland Security Act of 2002

Homeland Security Institute. Annual Report. pursuant to. Homeland Security Act of 2002 Homeland Security Institute Annual Report pursuant to Homeland Security Act of 2002 July 1, 2005 Homeland Security Institute ANNUAL REPORT Introduction Established in April 2004, the Homeland Security

More information

Package of initiatives on Cybersecurity

Package of initiatives on Cybersecurity Package of initiatives on Cybersecurity Presentation to Members of the IMCO Committee Claire Bury Deputy Director-General, DG CONNECT Brussels, 12 October 2017 Building EU Resilience to cyber attacks Creating

More information

Content. Privacy Policy

Content. Privacy Policy Content 1. Introduction...2 2. Scope...2 3. Application...3 4. Information Required...3 5. The Use of Personal Information...3 6. Third Parties...4 7. Security...5 8. Updating Client s Information...5

More information

Regulating Cyber: the UK s plans for the NIS Directive

Regulating Cyber: the UK s plans for the NIS Directive Regulating Cyber: the UK s plans for the NIS Directive September 2017 If you are a digital service provider or operate an essential service then new security and breach notification obligations may soon

More information