Government-Industry Collaboration: 7 Steps for Resiliency in Critical Infrastructure Protection

Similar documents
Critical Infrastructure Protection (CIP) as example of a multi-stakeholder approach.

Bradford J. Willke. 19 September 2007

UNCLASSIFIED. National and Cyber Security Branch. Presentation for Gridseccon. Quebec City, October 18-21

NATIONAL DEFENSE INDUSTRIAL ASSOCIATION Homeland Security Symposium

Brussels, 19 May 2011 COUNCIL THE EUROPEAN UNION 10299/11 TELECOM 71 DATAPROTECT 55 JAI 332 PROCIV 66. NOTE From : COREPER

Information sharing in the EU policy on NIS & CIIP. Andrea Servida European Commission DG INFSO-A3

Security and resilience in Information Society: the European approach

EU policy on Network and Information Security & Critical Information Infrastructures Protection

Critical Information Infrastructure Protection Law

Valérie Andrianavaly European Commission DG INFSO-A3

NATIONAL CYBER SECURITY STRATEGY. - Version 2.0 -

Resolution adopted by the General Assembly on 21 December [on the report of the Second Committee (A/64/422/Add.3)]

Member of the County or municipal emergency management organization

Dr. Emadeldin Helmy Cyber Risk & Resilience Bus. Continuity Exec. Director, NTRA. The African Internet Governance Forum - AfIGF Dec 2017, Egypt

STRATEGIC PLAN. USF Emergency Management

Her Majesty the Queen in Right of Canada, Cat. No.: PS4-66/2014E-PDF ISBN:

STRATEGY ATIONAL. National Strategy. for Critical Infrastructure. Government

Industry role moving forward

Outreach and Partnerships for Promoting and Facilitating Private Sector Emergency Preparedness

Critical Infrastructure Resilience

The Australian Government s Approach to Critical Infrastructure Resilience

Critical Information Infrastructure Protection. Role of CIRTs and Cooperation at National Level

Statement for the Record

ISRAEL NATIONAL CYBER SECURITY STRATEGY IN BRIEF

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013

COUNTERING IMPROVISED EXPLOSIVE DEVICES

Implementing the Administration's Critical Infrastructure and Cybersecurity Policy

STRATEGIC PLAN VERSION 1.0 JANUARY 31, 2015

National Cyber Incident Response - Architectural Concepts

G7 Bar Associations and Councils

All-Hazards Approach to Water Sector Security & Preparedness ANSI-HSSP Arlington, VA November 9, 2011

Plenipotentiary Conference (PP- 14) Busan, 20 October 7 November 2014

Supply Chain Integrity and Security Assurance for ICT. Mats Nilsson

COMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN

Overview of the Federal Interagency Operational Plans

Critical Infrastructure Protection Committee Strategic Plan

The European Policy on Critical Information Infrastructure Protection (CIIP) Andrea SERVIDA European Commission DG INFSO.A3

Cyber Security in Europe

ARRA State & Local Energy Assurance Planning & Implementation

Memorandum of Agreement

Cyber Security Strategy

National Cross Sector Forum Action Plan for Critical Infrastructure BUILDING A SAFE AND RESILIENT CANADA

NATIONAL STRATEGY FOR GLOBAL SUPPLY CHAIN SECURITY

Implementing Executive Order and Presidential Policy Directive 21

ASEAN COOPERATION ON DISASTER MANAGEMENT. Disaster Management & Humanitarian Assistance Division, ASEAN Secretariat

DHS Cybersecurity. Election Infrastructure as Critical Infrastructure. June 2017

ArcGIS Solutions for Community Resilience. Matthew S Deal

2014 Sector-Specific Plan Guidance. Guide for Developing a Sector-Specific Plan under NIPP 2013 August 2014

National Cyber Security Strategy - Qatar. Michael Lewis, Deputy Director

PATHWAYS TO INNOVATION IN DISASTER RISK MANAGEMENT. Paolo Venturoni CEO European Organisation For Security 4 th June 2018

Defining Computer Security Incident Response Teams

Regional Workshop on Frameworks for Cybersecurity and CIIP Feb 2008 Doha, Qatar

Emergency Management Response and Recovery. Mark Merritt, President September 2011

Critical Infrastructure Partnership

Panel 1 National CSIRT Experience

Technical Conference on Critical Infrastructure Protection Supply Chain Risk Management

Presentation to the ITU on the Q-CERT Incident Management Team. Ian M Dowdeswell Incident Manager, Q-CERT

HPH SCC CYBERSECURITY WORKING GROUP

June 5, 2018 Independence, Ohio

THE AUSTRALIA INDONESIA DISASTER REDUCTION FACILITY

Cyber Resilience. Think18. Felicity March IBM Corporation

Louisiana - State Analytical & Fusion Exchange (LA-SAFE)

Department of Defense. Installation Energy Resilience

CYBER INCIDENT REPORTING GUIDANCE. Industry Reporting Arrangements for Incident Response

THE WHITE HOUSE. Office of the Press Secretary. EMBARGOED UNTIL DELIVERY OF THE PRESIDENT'S February 12, 2013 STATE OF THE UNION ADDRESS

Plan of action for Implementation of the Sendai Framework for Disaster Risk Reduction in Central Asia and South Caucasus Region

The 10YFP Programme on Sustainable lifestyles and education

Information Sharing and Cooperation

National Policy and Guiding Principles

Introduction to the National Response Plan and National Incident Management System

COUNTERING IMPROVISED EXPLOSIVE DEVICES

U.S. Japan Internet Economy Industry Forum Joint Statement October 2013 Keidanren The American Chamber of Commerce in Japan

Strategic Foresight Initiative (SFI)

Securing Europe's Information Society

Resolution adopted by the General Assembly. [without reference to a Main Committee (A/62/L.30 and Add.1)]

RESOLUTION 130 (Rev. Antalya, 2006)

Department of Homeland Security Updates

Chapter X Security Performance Metrics

Mitigation Framework Leadership Group (MitFLG) Charter DRAFT

Israel and ICS Cyber Security

Security and resilience in the Information Society: the role of CERTs/CSIRTs in the context of the EU CIIP policy

Microsoft support for Critical Information Infrastructure Protection

COMMISSION RECOMMENDATION. of on Coordinated Response to Large Scale Cybersecurity Incidents and Crises

Transport and ICT Global Practice Smart Connections for All Sandra Sargent, Senior Operations Officer, Transport & ICT GP, The World Bank

ICS-CERT Year in Review. Industrial Control Systems Cyber Emergency Response Team

PIPELINE SECURITY An Overview of TSA Programs

Executive Order on Coordinating National Resilience to Electromagnetic Pulses

Securing Europe s IoT Devices and Services

Cybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com

The Science and Technology Roadmap to Support the Implementation of the Sendai Framework for Disaster Risk Reduction

Sustainable Networks: Challenges and Opportunities. Anne Meltzer

DHS Cybersecurity: Services for State and Local Officials. February 2017

Fundamentals of Cybersecurity/CIIP. Building Capacity: Using a National Strategy & Self-Assessment

Railroad Infrastructure Security

Enhancing the cyber security &

21ST OSCE ECONOMIC AND ENVIRONMENTAL FORUM

RFC 2350 YOROI-CSDC. Expectations for Computer Security Incident Response. Date 2018/03/26. Version 1.0

SPACE for SDGs a Global Partnership

South Dakota Utah Wyoming Needs and Challenges Funding assistance Training Federal program enhancements Exercises

TEL2813/IS2820 Security Management

Transcription:

Government-Industry Collaboration: 7 Steps for Resiliency in Critical Infrastructure Protection L. Laile Di Silvestro Senior Strategist Worldwide Public Sector Microsoft

Government Industry Collaboration 7 Steps for Resiliency in Critical Infrastructure Protection Government, infrastructure owners/operators, and IT vendors can collaboratively pursue these core enablers of resiliency and infrastructure security

1. CIP Goals & Roles Establishing Clear Goals and Roles is Central to Success Leads CIIP activities Prevents, investigates and prosecutes cybercrime Coordinates national risk management for all sectors Shared -CERT -Formal Partnerships Prioritize assets, analyze levels of impact, define acceptable risk, implement control solutions Provide products & services critical to CI IT infrastructure

2. Create Public-Private Partnerships Collaboration is key to protecting critical infrastructure

3. Identify and Prioritize Critical Functions Collaborate to understand Interdependencies y Establish an open Critical Function Infrastructure Element dialogue to understand the Key Resource Critical Function Infrastructure Element Critical Function Infrastructure Element critical functions, infrastructure elements, and key resources necessary for: Key Resource Key Resource Understand Interdependencies y delivering essential services, y maintaining the orderly operations of the economy, and y helping to ensure public safety.

4. Continuously Assess and Manage Risks Protection is the Continuous Application of Risk Management Evaluate Program Effectiveness Leverage Findings to Improve Risk Management Identify Key Functions Assess Risks Evaluate Consequences Incidences, emerging issues, & changing conditions : constantly update risk assessment Define Functional Requirements Evaluate Proposed Controls Estimate Risk Reduction/Cost Benefit Select Mitigation Strategy

5. Establish and Exercise Emergency plans Improve Operational Coordination Public- and private-sector organizations alike can benefit from developing joint plans for managing emergencies, including recovering critical functions in the event of significant incidents, including but not limited to: natural disasters terrorist attacks technological failures accidents. Emergency response plans can mitigate damage and promote resiliency. Effective emergency response plans are generally short and highly actionable so they can be readily tested, evaluated, and implemented. Testing and exercising emergency response plans promotes trust, understanding, and greater operational coordination among public- and privatesector organizations. Exercises also provide an important opportunity to identify new risk factors that can be addressed in response plans or controlled through regular risk management functions.

Security Cooperation Program Overview A worldwide program providing a structured way for governments and governmental organizations responsible for computer incident response, protection of critical infrastructure, and computing safety to collaborate with Microsoft in the area of IT security Includes incident response, information exchange, and public outreach components Benefits Public/private partnership in incident response and information exchange can help decrease risk to national security, economic strength, and social welfare from attacks on the country s IT infrastructure. Microsoft provides a 24/7 hotline for SCP participants, and works with participants to define a process for disseminating information in the event of a critical incident or emergency. 9

SCP - Information Exchange Microsoft Government To Governments: Alerts and advisories Security metrics Attack indicators Mitigations To Microsoft: Security metrics Incident details Product feedback 10

6. Build Security & Resiliency into Infrastructure Building security and resiliency into infrastructure operations Security is a continuous process Critical Functions (Global, National, Local) Security Controls Infrastructure Operations Management Technical Operational Fosters increased security and resiliency for the critical functions that support safety, security and commerce at all levels

Government Security Program Access to source code of Windows Vista, Windows 2000, Windows XP, Windows Server 2003, Windows CE, and Office 2003 / 2007 Access to Microsoft security and other technical experts Access to security and source code training Access to documentation relating to security Access to information about how Microsoft implements security on its own networks Access to authoritative, prescriptive and supportable security guidance for core operating systems and products.

Systems Hardening Program Provide early input on security guidance. Participate in co-development and testing of prescriptive security guidance. Improve products and prescriptive guidance through collaborative feedback and testing. Balance security with mutually agreed authoritative security guidance supported by Microsoft. Security Guide customization.

7. Update and Innovate Technology/Processes Mitigate threats by keeping technology current and practices innovative

Summary: Government-Industry Collaboration Opportunity Areas 2/18/2008 15

Questions?

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback