Click to edit Master title style

Transcription

1 Click to edit Master title style Click to edit Master text styles Second level

2 Click What to To edit Do Master When title They style Come For You: How to Safeguard Your UCTI Click to edit Master text styles Second level Breakout Third Session level # G11 Ted A. Bonanno, VP, Commercial Meggitt Control Systems Date: Wednesday, July 29, 2015 Time: 9:45am 11:00am 1

3 Click Bio to edit Master title style VP, Click Commercial, to edit Master Meggitt text Control styles Systems Second level Contracts, Customer Service, Dispute resolution Previous Director, Contracts and Compliance Corporate Attorney, M&A, VC financing Other Lieutenant Colonel, USMCR 15 years of active/reserve service 2

4 Click Meggitt to Control edit Master Systems title style Division Click to of edit Meggitt Master PLC text styles UK-based aerospace and defense company Second level Designs and produces components and subsystems 11K employees, US$4B market cap Control Systems Division HQ in Simi Valley, CA Supplier of pneumatic, fluid control, thermal management, and electro-mechanical equip and sub-systems 3

5 Click Agenda to edit Master title style Why Click is to this edit important? Master text styles Unpacking Second level the clause Demystifying UCTI and where it resides NIST expectations NIST equivalency Practical guide for compliance 4

6 Click Why is to this edit important? Master title style Macro Click to cyber edit Master security text issues styles Weaponized Second level IT Successful attacks Government Private sector Mandatory flow-down Is it enough? 5

7 Click Unpacking to edit the Master clause: title style DFARS Click to edit Master text styles SECURE in accordance with NIST controls Option 1: Meet NIST controls Second level Option 2: Demonstrate equivalency and notify REPORT actual or potential incident Via DIBNET Membership and a secure computer 72-hours from incident Plan and rehearse 6

8 Click Unclassified to edit Controlled Master title Technical style Information ( UCTI ) What Click to is edit UCTI? Master text styles Marked Second with level statement B-F in DoD Inst Stmt Fourth A: Approved level for Public Release Stmt B-F: All limit dist. to USG or contractors, ITAR, ECCN What it is not Lawful public information From pre-nov 2013 contract 7

9 Click Where to is edit UCTI? Master title style UCTI Click Storage edit Master text styles Engineering Second level drawings Presentations with ITAR tech data HR and personnel info UCTI in Transit with technical attachments Workflows with tech attachments Laptops, smart phones Cloud drives 8

10 Click Step 1: to edit Secure Master UCTI title style Dissect Click to edit the NIST Master controls text styles Assemble Second level the right team Mix Third of skills level and attitude Record your findings Use government guidance and pubs Communicate with CO if struggling Consider hiring an IT consultant Deliver notice of equivalency Tier II+ suppliers may need a campaign 9

11 Click Step 2: to edit Report Master Incidents title style 72 Click hours to edit to report Master text styles Prepare Second for level an incident Draft a policy Additional» Fifth considerations level Timely notification Which systems Which contracts 10

12 Click Steps to for edit UCTI Master clause title success style Gain Click executive to edit Master support text styles You Second will need level time and money Ensure Third you level have the right team Document your work Control Category Control Number Control Name Implement or Equivalent Owner Equivalency Measure Gap Closure Action AC 20(1) Use of External Info. Sys. Limits on Auth. Use Equivalent J. Doe Company policy limits use to authorized parties Amend policy to confirm limits AC 20(2) Use of external Info. Sys. Portable Storage Devices Equivalent J. Doe Company policy and monitoring of connected devices Amend policy to qualify CM 2 Baseline configuration Equivalent B. Smith Unified equipment setup Prepare a checklist for techs to ensure uniformity 11

13 Click Steps to for edit UCTI Master Success title style Draft Click a to policy edit Master text styles Define Second how level to internally report Third Set parameters level for incidents Define roles/responsibilities Backward plan for 72-hour timeline Circulate internal FAQs Use form letter for notification Prepare templates for incident notification 12

14 Click Final Thoughts to edit Master title style Incidents Click to edit always Master occur text after styles 5pm on the Second Friday level of a holiday weekend Someone in your incident reporting chain will be out of the office Determining if UCTI is covered by the clause is harder than it seems 13

15 Click Contact to edit Information Master title style Ted A. Bonanno Click to edit Master text styles VP, Commercial Meggitt Second Control level Systems 14