2014 Communications Sector Year in Review Cybersecurity Risk Management Framework. Sector Year in Review
|
|
- Monica Price
- 5 years ago
- Views:
Transcription
1 2014 Communications Sector Year in Review Cybersecurity Risk Management Framework Sector Year in Review Kathryn Condello, Chair Communications Sector Coordinating Council
2 Five Segments: Broadcast, Cable, Satellite, Wireless, and Wireline Reach: 9700 Network/Service Providers across all 5 segments Overarching Sector Goals: Protect and enhance the overall physical and logical/cyber health of communications; Rapidly reconstitute critical communications services during a disruption and mitigate cascading effects; and Improve the sector s National Security / Emergency Preparedness posture with Federal, State, Local, Tribal, Territorial, and private sector entities to reduce risk. 2
3 INDUSTRY GOVERNMENT NSTAC POLICY EOP C-SCC PLANNING C-GCC ISAC OPERATIONS NCC Industry Initiatives Standards Best Practices Segment-Only
4 Internet of Things ICT Mobilization 4
5 Risk Mitigation: GPS Issues Assessments Qualitative Risk Assessment to the Public Network Planning Joint National Priorities Communication Sector Specific Plan Education/Outreach NIST Cybersecurity Framework Education 5
6 Information Sharing Partners NCCIC, US-CERT, NCC, State Fusion Centers, NCIJTF National Council of ISACs FS-ISAC, RE-ISAC, Water-ISAC, MS-ISAC and others 2014 USG/Sector Info Sharing: > 1200 Notices Received Exercises ESF#2 Training FEMA Region 1, FEMA Region III Gov t/industry TTX, National Council of ISACs Aug 2014 Response Planning: Asset Movement to Remote Venues Education: Potential vs. Real vs. CNN Events 6
7 Best Practice Development: CSRIC 1. NextGen Wireless Emergency Alerts 3. Emergency Alert System 4. Cybersecurity Best Practices (NIST CSF) 5. Remediation of Server-Based DDoS Attacks 6. Long-term Core Internet Protocols Improvements 7. Legacy Best Practice Updates 8. Submarine Cable Landing Sites 9. Infrastructure Sharing During Emergencies 10. Customer Premise Equipment 7
8 Cybersecurity Framework Core 22 Categories Five Function s 98 Subcategorie s ISO 27001, NIST , COBIT
9 Cybersecurity Framework Core Function ID Function Category ID Category ID.AM Asset Management ID.BE Business Environment ID Identify ID.GV Governance ID.RA Risk Assessment ID.RM Risk Management Strategy PR.AC Access Control PR.AT Awareness & Training PR Protect PR.DS PR.IP Data Security Information Protection Processes and Procedures PR.MA Maintenance PR.PT Protective Technology
10 Cybersecurity Framework Core Function ID DE RS RC Function Category ID Category Detect Respond Recover DE.AE DE.CM DE.DP RS.RP RS.CO RS.AN RS.MI RS.IM RC.RP RC.IM Anomalies & Events Security Continuous Monitoring Detection Processes Response Planning Communications Analysis Mitigation Improvements Recovery Planning Improvements RC.CO Communications 10
11 In order to provide for confidence in the resilience and reliability of the core public communications functions in the face of cyber threats. Working Group 4 will develop voluntary mechanisms to provide macro-level assurance to the FCC and the public that communications providers are taking the necessary corporate and operational measures to manage cybersecurity risks across the enterprise. The macro-level assurance will demonstrate how communications providers are reducing cybersecurity risks through the application of the NIST Cybersecurity Framework, or an equivalent construct. These assurances: (1) can be tailored by individual companies to suit their unique needs, characteristics, and risks (i.e., not one-size-fits-all), (2) are based on meaningful indicators of successful (and unsuccessful) cyber risk management (i.e., outcome-based indicators as opposed to process metrics), and (3) allow for meaningful assessments both internally (e.g., CSO and senior corporate management) and externally (e.g., business partners)
12 WG4 Leadership Team Co-Chairs: Robert Mayer, USTelecom and Brian Allen, Time Warner Cable Segment Leads Broadcast, Kelly Williams, NAB Cable, Matt Tooley, NCTA Wireless, John Marinho, CTIA Wireline, Chris Boyer, AT&T Satellite, Donna Bethea Murphy, Iridium Feeder Group Initiatives Requirements and Barriers to Implementation, Co-Leads, Harold Salters T-Mobile, Larry Clinton, Internet Security Alliance Mids/Smalls Co-Leads, Susan Joseph, Cable Labs, Jesse Ward, NTCA Top Cyber Threats and Vectors - Russell Eubanks, Cox, Joe Viens, TWCable Ecosystem Shared Responsibilities, Co-Leads, Tom Soroka, USTelecom, Brian Scarpelli, TIA Measurement, Co-Leads, Chris Boyer, AT&T, Chris Roosenraad, TimeWarnerCable Advisors Donna Dodson, WG4 Sr. Technical Advisor, NIST, Deputy Chief Cybersecurity Advisor & Division Chief for Computer Security Division Lisa Carnahan, NIST, Computer Scientist Emily Talaga, WG4 Sr. Economic Advisor, FCC Tony Sager, Council on Cybersecurity Engineering and Operational Review Co-Leads - Tom Soroka, USTelecom and John Marinho, CTIA Segment Leads Support Drafting Team Co-Leads Stacy Hartman and Paul Diamond, CenturyLink, Robert Thornberry, Alcatel/Lucent 12
13 Cyber Ecosystem Players User/ Device Mobility UE CPE Provider-mgd Gateway M2M/IoT Corporations Device Provider O/S Embedded Systems OEM AV/IDS/MDM Provider Edge Internet Control Plane (DNS/BGP/TCP/IP) Macro Wireless WiFi Broadband High-Speed Access Satellite Core Internet Control Plane (DNS/BGP/TCP/IP) Public Peering Private Peering Private Network s Mobility EPC Standards/Policies/Practices (e.g., IETF) Physical Security Infrastructure Provider Internet Control Plane (DNS/BGP/TCP/IP) DNS & IP Registrars CAs Cloud Hosting CDN MSS Application/ Content OTT Comms Social Networks Video Applications One of the more comprehensive Ecosystem diagrams, comes from a joint industry/government partnership called the U.S. Communications Sector Coordinating Council (CSCC). The Ecosystem Feeder group determined that this diagram captured a large number of the categories of the Ecosystem that were previously identified and it was an excellent depiction of the various Cyber Ecosystem relationships within the Communications Sector. Malicious Actors 13
14 Issue: Critical infrastructure sectors, including the financial sector, have been under assault from a barrage of DDoS attacks emanating from data centers and hosting providers. Deliverable: Recommend measures communications providers can take to mitigate the incidence and impact of DDoS attacks from data centers and hosting providers, particularly those targeting the information systems of critical sectors. ACS Akamai/ Prolexic Cox Communications Intrado Public Interest Registry CSG International MAAWG Shadowserver Arbor Networks CTIA Microsoft Sprint AT&T DHS NCTA Time Warner Cable ATIS Fed Reserve Board of Governors Neustar Univ of Oregon/Internet2 Bell Labs, Alcatel-Lucent FSSCC Nsight VeriSign, Inc. CAUCE Google NTT Verizon CenturyLink Comcast IEEE Online Trust Alliance Wells Fargo PA Public Utility Internet Identity Commission Windstream 14
15 Plan Locally Respond Globally A whole of community approach to advance the national resilience effort A borderless approach to advance cyber response norms. 15
16 Planning National Resiliency Framework Development Information Sharing Framework Assessment: Sector Cyber Measures (WG4) Dependency / Inter-Dependency Analysis Electricity Sector (ESCC + CSCC Issues) Data Center Dependencies (Regional Assessment) Financial Services Dependencies on Data Centers (Regional Assessment) 16
17 Regional Risk Assessments: Data Center Dependencies: Ashburn, VA Financial Services Dependencies: Chicago, IL Findings from Regional Risk Assessments are reviewed for incorporation into Sector Best Practices 17
18 Cloud/Data Centers increasingly relied upon for functions critical to the Nation s security. No specific SCC or ISAC for Cloud/Data Center Providers Suggest alignment with IT or Communication Sector 18
19 National Security Telecommunications Advisory Committee dhs.gov/nstac Communications Sector Coordinating Council commscc.org National Coordinating Center for Communications (NCC) National Cybersecurity & Communications Integration Center Department of Homeland Security dhs.gov/national-coordinating-center-communications Communications Security, Reliability and Interoperability Council (IV) Kathryn Condello CenturyLink Director, National Security / Emergency Preparedness Kathryn.Condello@CenturyLink.com 11
20 Questions?
Cybersecurity Risk Management Guide for Voluntary Use of the NIST Cybersecurity Framework
Cybersecurity Risk Management Guide for Voluntary Use of the NIST Cybersecurity Framework Joint Meeting Committee on Critical Infrastructure and Telecommunications July 13, 2015 New York City Robert H.
More informationThe Road Ahead for Healthcare Sector: What to Expect in Cybersecurity Session CS6, February 19, 2017 Donna F. Dodson, Chief Cybersecurity Advisor,
The Road Ahead for Healthcare Sector: What to Expect in Cybersecurity Session CS6, February 19, 2017 Donna F. Dodson, Chief Cybersecurity Advisor, National Institute of Standards and Technology 1 Speaker
More informationFunction Category Subcategory Implemented? Responsible Metric Value Assesed Audit Comments
Function Category Subcategory Implemented? Responsible Metric Value Assesed Audit Comments 1 ID.AM-1: Physical devices and systems within the organization are inventoried Asset Management (ID.AM): The
More informationOpportunities (a.k.a challenges) Interfaces Governance Security boundaries expanded Legacy systems New application Compliance
KY HEALTH & NIST CSF 1115 Waiver Involves legacy systems New development Interfaces between systems with and without sensitive information Changes the security boundaries Opportunities (a.k.a challenges)
More informationNIST Cybersecurity Testbed for Transportation Systems. CheeYee Tang Electronics Engineer National Institute of Standards and Technology
NIST Cybersecurity Testbed for Transportation Systems CheeYee Tang Electronics Engineer National Institute of Standards and Technology National Institute of Standards and Technology (NIST) About NIST NIST
More informationCyber Information Sharing
Cyber Information Sharing Renault Ross CISSP, MCSE, CHSS, VCP5 Chief Cybersecurity Business Strategist Ian Schmertzler President Know Your Team Under Pressure Trust Your Eyes Know the Supply Chain Have
More informationFramework for Improving Critical Infrastructure Cybersecurity
Framework for Improving Critical Infrastructure Cybersecurity May 2017 cyberframework@nist.gov Why Cybersecurity Framework? Cybersecurity Framework Uses Identify mission or business cybersecurity dependencies
More informationAcalvio Deception and the NIST Cybersecurity Framework 1.1
Acalvio Deception and the NIST Cybersecurity Framework 1.1 June 2018 The Framework enables organizations regardless of size, degree of cybersecurity risk, or cybersecurity sophistication to apply the principles
More informationCritical Infrastructure Partnership
Critical Infrastructure Partnership Overview Chris Boyer AVP Global Public Policy December 11, 2017 2016 AT&T Intellectual Property. All rights reserved. AT&T, Globe logo, Mobilizing Your World and DIRECTV
More informationSecuring an IT. Governance, Risk. Management, and Audit
Securing an IT Organization through Governance, Risk Management, and Audit Ken Sigler Dr. James L. Rainey, III CRC Press Taylor & Francis Group Boca Raton London New York CRC Press Is an imprint cf the
More informationCybersecurity Framework Manufacturing Profile
Cybersecurity Framework Manufacturing Profile Keith Stouffer Project Leader, Cybersecurity for Smart Manufacturing Systems Engineering Lab, NIST National Institute of Standards and Technology (NIST) NIST
More informationMapping and Auditing Your DevOps Systems
Mapping and Auditing Your DevOps Systems David Cuthbertson, CEO Square Mile Systems Ltd david.cuthbertson@squaremilesystems.com www.squaremilesystems.com Personal Background Personal Experience Industry
More informationNIST (NCF) & GDPR to Microsoft Technologies MAP
NIST (NCF) & GDPR to Microsoft Technologies MAP Digital Transformation Realized.TM IDENTIFY (ID) Asset Management (ID.AM) The data, personnel, devices, systems, and facilities that enable the organization
More informationHow to Align with the NIST Cybersecurity Framework
How to Align with the NIST Cybersecurity Framework 1 Title Table of Contents Identify (ID) 4 Protect (PR) 5 Detect (DE) 6 Respond (RS) 7 Recover (RC) 8 visibility detection control 2 SilentDefense Facilitates
More informationIn support of this, the Coalition intends to host an event bringing together government and private sector leaders and experts to further discuss this
Coalition for Cybersecurity Policy & Law Coalition for Cybersecurity Policy & Law 600 Massachusetts Ave, NW, Washington, DC 20001 February 12, 2018 VIA EMAIL: counter_botnet@list.commerce.gov Evelyn L.
More informationNIST Cybersecurity Framework Based Written Information Security Program (WISP)
Cybersecurity Governance (GOV) Title 52.20 21 66A.622 GOV 1 Publishing Cybersecurity Policies & s ID.GV 1 500.02 500.03 66A.622(2)(d) GOV 2 Periodic Review & Update of Cybersecurity Documentation ID.GV
More informationKnowledge Set of Attack Surface and Cybersecurity Rating for Firms in a Supply Chain Dr. Shaun Wang, FCAS, CERA
Knowledge Set of Attack Surface and Cybersecurity Rating for Firms in a Supply Chain Dr. Shaun Wang, FCAS, CERA 04/13/2018 ULaval Shaun.Wang@ntu.edu.sg 1 Cyber Risk Management Project Government University
More informationFramework for Improving Critical Infrastructure Cybersecurity
Framework for Improving Critical Infrastructure Cybersecurity Version 1.0 National Institute of Standards and Technology February 12, 2014 Table of Contents Executive Summary...1 1.0 Framework Introduction...3
More informationNATIONAL DEFENSE INDUSTRIAL ASSOCIATION Homeland Security Symposium
NATIONAL DEFENSE INDUSTRIAL ASSOCIATION Homeland Security Symposium Securing Cyber Space & America s Cyber Assets: Threats, Strategies & Opportunities September 10, 2009, Crystal Gateway Marriott, Arlington,
More informationCyber Bounty Hunter. Key capabilities of today s. Renault Ross CISSP,MCSE,VCP5,CHSS Distinguished Engineer Chief Security Business Strategist
Key capabilities of today s Cyber Bounty Hunter Renault Ross CISSP,MCSE,VCP5,CHSS Distinguished Engineer Chief Security Business Strategist Copyright 2016 Symantec Corporation 1 2 3 The Cyber Skills Gap
More informationDesigning & Building a Cybersecurity Program. Based on the NIST Cybersecurity Framework (CSF)
Designing & Building a Cybersecurity Program Based on the NIST Cybersecurity Framework (CSF) Larry Wilson Lesson 2 June, 2015 1 Lesson 2: Controls Factory Components Part 1: The Controls Factory Part 2:
More informationDHS Cybersecurity: Services for State and Local Officials. February 2017
DHS Cybersecurity: Services for State and Local Officials February 2017 Department of Established in March of 2003 and combined 22 different Federal departments and agencies into a unified, integrated
More informationUpdates to the NIST Cybersecurity Framework
Updates to the NIST Cybersecurity Framework NIST Cybersecurity Framework Overview and Other Documentation October 2016 Agenda: Overview of NIST Cybersecurity Framework Updates to the NIST Cybersecurity
More informationNCS OVERVIEW: The Priority Service Programs. Presented to the U.S.-Japan Experts Workshop on Critical Information Infrastructure Protection (CIIP)
NCS OVERVIEW: The Priority Service Programs Presented to the U.S.-Japan Experts Workshop on Critical Information Infrastructure Protection (CIIP) John W. Graves Acting Chief, Technology and Program Division
More informationImproving Critical Infrastructure Cybersecurity Executive Order Preliminary Cybersecurity Framework
1 Improving Critical Infrastructure Cybersecurity Executive Order 13636 Preliminary Cybersecurity Framework 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35
More informationGreg Garcia President, Garcia Cyber Partners Former Assistant Secretary for Cyber Security and Communications, U.S. Department of Homeland Security
1 Greg Garcia President, Garcia Cyber Partners Former Assistant Secretary for Cyber Security and Communications, U.S. Department of Homeland Security 2 Government Services 3 Business Education Social CYBERSPACE
More informationThe Office of Infrastructure Protection
The Office of Infrastructure Protection National Protection and Programs Directorate Department of Homeland Security Protective Security Advisors and Special Event Domestic Incident Tracker Overview Federal
More informationTrack 4A: NIST Workshop
Track 4A: NIST Workshop National Institute of Standards and Technology (NIST) National Cybersecurity Center of Excellence (NCCoE) GridSecCon October 18, 2016 AGENDA TOPIC PRESENTER(S) DURATION NIST/NCCoE
More informationBriefing to National Association of Regulatory Utility Commissioners
Critical Infrastructure Threat Information Sharing Framework Briefing to National Association of Regulatory Utility Commissioners February 12, 2017 The Info Sharing Problem 2 Because I m a Government Employee
More informationNIST Framework for Improving Critical Infrastructure Cybersecurity Technical Control Automation
NIST Framework for Improving Critical Infrastructure Cybersecurity Technical Control Automation Automating Cybersecurity Framework Technical Controls with Tenable SecurityCenter Continuous View February
More informationElection Infrastructure Security: The How and Why of It
Election Infrastructure Security: The How and Why of It Minnesota County Auditor Election Training Conference May 3, 2018 Contents Election Infrastructure Security Overview Cyber and Physical Security
More informationISO based Written Information Security Program (WISP) (a)(1)(i) & (a)(3)(i) & (ii) & (A) (A)(5)(ii) & (ii)(a)
1 Information Security Program Policy 1.2 Management Direction for Information Security 5.1 1.2.8 1.2.1.1 Publishing An Information Security Policy 5.1.1 500.03 1.1.0 2.1.0-2.2.3 3.1.0-3.1.2 4.1.0-4.2.4
More informationFEMA Region III Cyber Security Program
FEMA Region III Cyber Security Program Maryland Cyber Security Workshop (January 16, 2019) (Presented again at the October 16, 2018, meeting of the Maryland Cybersecurity Council and published with permission.)
More informationDepartment of Defense. Installation Energy Resilience
Department of Defense Installation Energy Resilience Lisa A. Jung DASD (Installation Energy) OASD(Energy, Installations and Environment) 19 June 2018 Installation Energy is Energy that Powers Our Military
More informationusing COBIT 5 best practices?
How to effectively mitigate Risks and ensure effective deployment of IOT using COBIT 5 best practices? CA. Abdul Rafeq, FCA, CISA, CIA, CGEIT Managing Director, Wincer Infotech Limited Past Member, COBIT
More informationU.S. Department of Homeland Security Office of Cybersecurity & Communications
U.S. Department of Homeland Security Office of Cybersecurity & Communications Council of State Governments Cybersecurity Session November 3, 2017 Cybersecurity & Communications (CS&C) CS&C s Mission ensure
More informationStrengthening the Cybersecurity of Federal Networks and Critical Infrastructure
Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure Executive Order 13800 Update July 2017 In Brief On May 11, 2017, President Trump issued Executive Order 13800, Strengthening
More informationIntroduction brief to the ISCe Satellite and Communications Conference
Introduction brief to the ISCe Satellite and Communications Conference Bill Ryan Continuity Communications Architecture (CCA) Program Manager Bill.Ryan@dhs.gov (703) 235-5833 June10, 2008 Introduction
More informationOverview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013
Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 PPD-21: CI Security and Resilience On February 12, 2013, President Obama signed Presidential Policy Directive
More informationStatement for the Record
Statement for the Record of Seán P. McGurk Director, Control Systems Security Program National Cyber Security Division National Protection and Programs Directorate Department of Homeland Security Before
More informationCyber Security & Homeland Security:
Cyber Security & Homeland Security: Cyber Security for CIKR and SLTT Michael Leking 19 March 2014 Cyber Security Advisor Northeast Region Office of Cybersecurity and Communications (CS&C) U.S. Department
More informationThe NIST Cybersecurity Framework
The NIST Cybersecurity Framework U.S. German Standards Panel 2018 April 10, 2018 Adam.Sedgewick@nist.gov National Institute of Standards and Technology About NIST Agency of U.S. Department of Commerce
More informationTestimony. Christopher Krebs Director Cybersecurity and Infrastructure Security Agency U.S. Department of Homeland Security FOR A HEARING ON
Testimony Christopher Krebs Director Cybersecurity and Infrastructure Security Agency U.S. Department of Homeland Security FOR A HEARING ON Defending Our Democracy: Building Partnerships to Protect America
More information2016 Nationwide Cyber Security Review: Summary Report. Nationwide Cyber Security Review: Summary Report
Nationwide Cyber Security Review: Summary Report Nationwide Cyber Security Review: Summary Report ii Nationwide Cyber Security Review: Summary Report Acknowledgments The Multi-State Information Sharing
More informationJune 5, 2018 Independence, Ohio
June 5, 2018 Independence, Ohio The Office of Infrastructure Protection National Protection and Programs Directorate Department of Homeland Security Securing the Nation at the Community Level 2018 Cuyahoga
More informationThe Office of Infrastructure Protection
The Office of Infrastructure Protection National Protection and Programs Directorate Department of Homeland Security Protective Security Coordination Division Overview ND Safety Council Annual Conference
More informationOil & Natural Gas Third Party Collaboration IT Security NIST Profile API ITSS Third Party Collaboration IT Security Workgroup
Oil & Natural Gas Third Party Collaboration IT Security NIST Profile API ITSS Third Party Collaboration IT Security Workgroup 12/16/2016 Contents 1 Introduction... 3 2 Approach... 3 2.1 Relevant NIST Categories...
More informationResponsible Care Security Code
Chemical Sector Guidance for Implementing the NIST Cybersecurity Framework and the ACC Responsible Care Security Code ACC Chemical Information Technology Council (ChemITC) January 2016 Legal and Copyright
More informationCyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.
Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK. In today s escalating cyber risk environment, you need to make sure you re focused on the right priorities by
More informationFramework for Improving Critical Infrastructure Cybersecurity
Framework for Improving Critical Infrastructure Cybersecurity November 2017 cyberframework@nist.gov Supporting Risk Management with Framework 2 Core: A Common Language Foundational for Integrated Teams
More informationWater Information Sharing and Analysis Center
SUPERCHARGE YOUR SECURITY Water Information Sharing and Analysis Center DHS Hunt and Incident Response Team September 12, 2018 SUPERCHARGE YOUR SECURITY Presenter Brian Draper, DHS NCCIC HIRT Slides and
More informationNational Cybersecurity Center of Excellence
The 3rd Annual Intelligence and National Security Forum Jim McCarthy NIST / NCCoE 05/11/2018 This presentation is unclassified in its entirety Foundations Collaborative Hub The NCCoE assembles experts
More informationCybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com
Cybersecurity Presidential Policy Directive Frequently Asked Questions kpmg.com Introduction On February 12, 2013, the White House released the official version of the Presidential Policy Directive regarding
More informationNational Cyber Security Strategy - Qatar. Michael Lewis, Deputy Director
National Cyber Security Strategy - Qatar Michael Lewis, Deputy Director 2 Coordinating a National Approach to Cybersecurity ITU Pillars of Cybersecurity as a Reference Point providing the collected best
More informationMember of the County or municipal emergency management organization
EMERGENCY OPERATIONS PLAN SUUPPORT ANNEX B PRIVATE-SECTOR COORDINATION Coordinating Agency: Cooperating Agencies: Chatham Emergency Management Agency All Introduction Purpose This annex describes the policies,
More informationWhy you should adopt the NIST Cybersecurity Framework
Why you should adopt the NIST Cybersecurity Framework It s important to note that the Framework casts the discussion of cybersecurity in the vocabulary of risk management Stating it in terms Executive
More informationDHS Cybersecurity. Election Infrastructure as Critical Infrastructure. June 2017
DHS Cybersecurity Election Infrastructure as Critical Infrastructure June 2017 Department of Homeland Security Safeguard the American People, Our Homeland, and Our Values Homeland Security Missions 1.
More informationCybersecurity Overview
Cybersecurity Overview DLA Energy Worldwide Energy Conference April 12, 2017 1 Enterprise Risk Management Risk Based: o Use of a risk-based approach for cyber threats with a focus on critical systems where
More informationISAO SO Product Outline
Draft Document Request For Comment ISAO SO 2016 v0.2 ISAO Standards Organization Dr. Greg White, Executive Director Rick Lipsey, Deputy Director May 2, 2016 Copyright 2016, ISAO SO (Information Sharing
More informationDear Mr. Games: Please see our submission attached. With kind regards, Aaron
From: Aaron P. Padilla Date: Mon, Apr 10, 2017 at 3:16 PM Subject: API Response to the Proposed Update to the Framework for Improving Critical Infrastructure Cybersecurity To: "cyberframework@nist.gov"
More information5G Security. Jason Boswell. Drew Morin. Chris White. Head of Security, IT, and Cloud Ericsson North America
5G Security Jason Boswell Head of Security, IT, and Cloud Ericsson North America Drew Morin Director Federal Cybersecurity Technology and Engineering Programs T-Mobile USA Chris White Head of Algorithms,
More informationAssurance over Cybersecurity using COBIT 5
Assurance over Cybersecurity using COBIT 5 Special thanks to ISACA for supplying material for this presentation. Anthony Noble, VP IT Audit, Viacom Inc. Anthony.noble@viacom.com Disclamer The opinions
More informationK12 Cybersecurity Roadmap
K12 Cybersecurity Roadmap Introduction Jason Brown, CISSP Chief Information Security Officer Merit Network, Inc jbrown@merit.edu @jasonbrown17 https://linkedin.com/in/jasonbrown17 2 Agenda 3 Why Use the
More informationSecurity Leaders: Manage the Forest Not the Trees. Presented by: Adam Stone Secure Digital Solutions, LLC 15 March :50 pm
Security Leaders: Manage the Forest Not the Trees Presented by: Adam Stone Secure Digital Solutions, LLC 15 March 2018 2:50 pm Copyright 2018 Secure Digital Solutions, LLC All rights reserved. Your Facilitator
More informationCyberUSA Government Cyber Opportunities for your Region: The Federal Agenda - Federal, Grants & Resources Available to Support Community Cyber
CyberUSA Government Cyber Opportunities for your Region: The Federal Agenda - Federal, Grants & Resources Available to Support Community Cyber Initiatives 30 January 2018 1 Agenda Federal Landscape Cybersecurity
More informationFramework for Improving Critical Infrastructure Cybersecurity
1 Framework for Improving Critical Infrastructure Cybersecurity Standards Certification Education & Training Publishing Conferences & Exhibits Dean Bickerton ISA New Orleans April 5, 2016 A Brief Commercial
More informationNGA Governor s Energy Advisors Energy Policy Institute Resiliency Panel
U.S. DEPARTMENT OF ENERGY Infrastructure Security & Energy Restoration Prepare. Respond. Adapt. NGA Governor s Energy Advisors Energy Policy Institute Resiliency Panel Puesh M. Kumar Director, Preparedness
More informationApr. 10, Vulnerability disclosure and handling processes strengthen security programs
Joint Comments on "Framework for Improving Critical Infrastructure Cybersecurity" version 1.1 Before the National Institute of Standards and Technology Apr. 10, 2017 We the undersigned companies, civil
More informationInstitute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO #IIACHI
Institute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO CHAPTER: @IIACHI #IIACHI WWW.FACEBOOK.COM/IIACHICAGO HTTPS://WWW.LINKEDIN.COM/GROUPS/1123977 1 CAE Communications and Common Audit Committee
More information2014 Sector-Specific Plan Guidance. Guide for Developing a Sector-Specific Plan under NIPP 2013 August 2014
2014 -Specific Plan Guidance Guide for Developing a -Specific Plan under NIPP 2013 August 2014 How to Use this Guidance This page provides a roadmap to assist critical infrastructure partners in navigating
More informationPanelists. Moderator: Dr. John H. Saunders, MITRE Corporation
SCADA/IOT Panel This panel will focus on innovative & emerging solutions and remaining challenges in the cybersecurity of industrial control systems ICS/SCADA. Representatives from government and infrastructure
More informationStatement for the Record. J. Michael Hickey. Vice President - Government Affairs National Security Policy Verizon. Before the
Statement for the Record J. Michael Hickey Vice President - Government Affairs National Security Policy Verizon Before the Committee on Homeland Security Subcommittee on Emerging Threats, Cyber Security
More informationCritical Infrastructure Sectors and DHS ICS CERT Overview
Critical Infrastructure Sectors and DHS ICS CERT Overview Presented by Darryl E. Peek II REGIONAL INTELLIGENCE SEMINAR AND NATIONAL SECURITY FORUM 2 2 Authorities and Related Legislation Homeland Security
More informationAppendix A. Syllabus. NIST Cybersecurity Foundation. Syllabus. Status: First Draft
Appendix A Syllabus NIST Cybersecurity Foundation Syllabus Status: First Draft Version Status Sign off Date / Names V1.0.0 First Draft Content Group Lead Author: Mark E.S. Bernard Copyright 2018 Secure
More informationThe Office of Infrastructure Protection
The Office of Infrastructure Protection National Protection and Programs Directorate Department of Homeland Security Organisation for the Prohibition of Chemical Weapons September 13, 2011 Overall Landscape
More informationThe CIS Critical Security Controls are a relatively small number of prioritized, well-vetted, and supported security actions that organizations can
The CIS Critical Security are a relatively small number of prioritized, well-vetted, and supported security actions that organizations can take to assess and improve their current security state. They
More informationImplementing the Administration's Critical Infrastructure and Cybersecurity Policy
Implementing the Administration's Critical Infrastructure and Cybersecurity Policy Cybersecurity Executive Order and Critical Infrastructure Security & Resilience Presidential Policy Directive Integrated
More informationImplementing Executive Order and Presidential Policy Directive 21
March 26, 2013 Implementing Executive Order 13636 and Presidential Policy Directive 21 Mike Smith, Senior Cyber Policy Advisor, Office of Electricity Delivery and Energy Reliability, Department of Energy
More informationCritical Infrastructure Resilience
Critical Infrastructure Resilience Climate Resilience Webinar Series U.S. Department of Housing and Urban Development Disclaimer This presentation is intended to provide communities and states with the
More informationThe Office of Infrastructure Protection
The Office of Infrastructure Protection National Protection and Programs Directorate Department of Homeland Security Regional Resiliency Assessment Program 2015 State Energy Risk Assessment Workshop April
More informationEffectively Measuring Cybersecurity Improvement: A CSF Use Case
SESSION ID: GRC R03F Effectively Measuring Cybersecurity Improvement: A CSF Use Case Greg Witte Sr. Cybersecurity Engineer G2, Inc. @TheNetworkGuy Tom Conkle Cybersecurity Engineer G2, Inc. @TomConkle
More informationNCCoE TRUSTED CLOUD: A SECURE SOLUTION
SESSION ID: SPO1-W14 NCCoE TRUSTED CLOUD: A SECURE SOLUTION Donna Dodson Associate Director Chief Cyber Security Advisor of the Information Technology Laboratory, Chief Cybersecurity Advisor for the National
More informationCALIFORNIA CYBERSECURITY TASK FORCE
CALIFORNIA CYBERSECURITY TASK FORCE Advancing California s cybersecurity priorities through public, private, corporate, and academic sector collaboration. Agenda Task Force Overview California Cybersecurity
More informationAmerican Association of Port Authorities Port Security Seminar & Expo Cyber Security Preparedness and Resiliency in the Marine Environment
American Association of Port Authorities Port Security Seminar & Expo Cyber Security Preparedness and Resiliency in the Marine Environment July 20, 2017 DECIDEPLATFORM.COM The new Reality of Cyber Security
More informationDesigning and Building a Cybersecurity Program
Designing and Building a Cybersecurity Program Based on the NIST Cybersecurity Framework (CSF) Larry Wilson lwilson@umassp.edu ISACA Breakfast Meeting January, 2016 Designing & Building a Cybersecurity
More informationCyber and Supply Chain Policy Issues
Manufacturing Division Meeting Cyber and Supply Chain Policy Issues Eisenhower School for National Security and Resource Strategy National Defense University Fort McNair, Washington, DC February 21, 2013
More information1200 G Street, NW P: Suite 500 F: Washington, DC W:
1200 G Street, NW P: 202-628-6380 Suite 500 F: 202-393-5453 Washington, DC 20005 W: www.atis.org ATIS Board Officers Chair Kristin Rinne AT&T First Vice Chair Stephen Bye Sprint July 10, 2013 Via Email
More informationAwareness as a Cyber Security Vulnerability. Jack Whitsitt Team Lead, Cyber Security Awareness and Outreach TSA Office of Information Technology
Awareness as a Cyber Security Vulnerability Jack Whitsitt Team Lead, Cyber Security Awareness and Outreach TSA Office of Information Technology Background TSA Cyber Security Awareness and Outreach (CSAO)
More informationEmergency Support Function #2 Communications Annex INTRODUCTION. Purpose. Scope. ESF Coordinator: Support Agencies: Primary Agencies:
ESF Coordinator: Homeland Security/National Protection and Programs/Cybersecurity and Communications Primary Agencies: Homeland Security/National Protection and Programs/Cybersecurity and Communications
More informationBusiness Services Resilience and Restoration. Financial Services Sector Preparation for an Extreme Event
Business Services Resilience and Restoration Financial Services Sector Preparation for an Extreme Event Draft as Draft of March as of March 13, 2019 13, 2019 Overview As the financial lives, interests,
More informationCybersecurity & Privacy Enhancements
Business, Industry and Government Cybersecurity & Privacy Enhancements John Lainhart, Director, Grant Thornton The National Institute of Standards and Technology (NIST) is in the process of updating their
More informationTechnical Conference on Critical Infrastructure Protection Supply Chain Risk Management
Technical Conference on Critical Infrastructure Protection Supply Chain Risk Management Remarks of Marcus Sachs, Senior Vice President and the Chief Security Officer North American Electric Reliability
More informationCalifornia Cybersecurity Integration Center (Cal-CSIC)
California Cybersecurity Integration Center (Cal-CSIC) Agenda Mission and Scope Whole of State Government Approach Where is the Cal-CSIC? Cal-CSIC Partners Attaining Cyber Maturity in Parallel Machine
More informationUnderstanding Holistic Effects of Cyber Events on Critical Infrastructure
Understanding Holistic Effects of Cyber Events on Critical Infrastructure Shane Cherry Infrastructure Analysis and Technology Development National and Homeland Security Directorate March 20, 2018 INL/CON-17-42513
More informationDepartment of Homeland Security Updates
American Association of State Highway and Transportation Officials Special Committee on Transportation Security and Emergency Management 2016 Critical Infrastructure Committee Joint Annual Meeting Department
More informationMitigation Framework Leadership Group (MitFLG) Charter DRAFT
Mitigation Framework Leadership Group (MitFLG) Charter DRAFT October 28, 2013 1.0 Authorities and Oversight The Mitigation Framework Leadership Group (MitFLG) is hereby established in support of and consistent
More informationSupply Chain Integrity and Security Assurance for ICT. Mats Nilsson
Supply Chain Integrity and Security Assurance for ICT Mats Nilsson The starting point 2 B Internet users 85% Population coverage 5+ B Mobile subscriptions 10 years of Daily upload E-Books surpassing Print
More informationCyber Resilience. Think18. Felicity March IBM Corporation
Cyber Resilience Think18 Felicity March 1 2018 IBM Corporation Cyber Resilience Cyber Resilience is the ability of an organisation to maintain its core purpose and integrity during and after a cyber attack
More informationHPH SCC CYBERSECURITY WORKING GROUP
HPH SCC A PRIMER 1 What Is It? The cross sector coordinating body representing one of 16 critical infrastructure sectors identified in Presidential Executive Order (PPD 21) A trust community partnership
More informationUsing the NIST Cybersecurity Framework to Guide your Security Program August 31, 2017
Using the NIST Cybersecurity Framework to Guide your Security Program August 31, 2017 Presenters: Allie Russell, Conexxus Kara Gunderson, DSSC Chair, CITGO Petroleum Chris Lietz & Bob Post, Coalfire Housekeeping
More information