Legal and Regulatory Developments for Privacy and Security

Similar documents
NATIONAL DEFENSE INDUSTRIAL ASSOCIATION Homeland Security Symposium

Implementing the Administration's Critical Infrastructure and Cybersecurity Policy

Implementing Executive Order and Presidential Policy Directive 21

Executive Order on Coordinating National Resilience to Electromagnetic Pulses

ISRAEL NATIONAL CYBER SECURITY STRATEGY IN BRIEF

December 10, Statement of the Securities Industry and Financial Markets Association. Senate Committee on Banking, Housing, and Urban Development

G7 Bar Associations and Councils

GAO CYBERSPACE POLICY. Executive Branch Is Making Progress Implementing 2009 Policy Review Recommendations, but Sustained Leadership Is Needed

Greg Garcia President, Garcia Cyber Partners Former Assistant Secretary for Cyber Security and Communications, U.S. Department of Homeland Security

STRATEGIC PLAN. USF Emergency Management

National Policy and Guiding Principles

The NIST Cybersecurity Framework

National Preparedness System (NPS) Kathleen Fox, Acting Assistant Administrator National Preparedness Directorate, FEMA April 27, 2015

COMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN

U.S. Japan Internet Economy Industry Forum Joint Statement October 2013 Keidanren The American Chamber of Commerce in Japan

Cybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com

About Issues in Building the National Strategy for Cybersecurity in Vietnam

Cybersecurity in Higher Ed

Presidential Documents

Cyber Security Strategy

THE WHITE HOUSE. Office of the Press Secretary EXECUTIVE ORDER

Mitigation Framework Leadership Group (MitFLG) Charter DRAFT

THE WHITE HOUSE Office of the Press Secretary EXECUTIVE ORDER

Cybersecurity Policy in the EU: Security Directive - Security for the data in the cloud

Private sector s engagement in the implementation of the Sendai Framework

OUTCOME DOCUMENT OF THE INTERNATIONAL CONFERENCE ON CYBERLAW, CYBERCRIME & CYBERSECURITY

Department of Homeland Security Updates

Implementation Strategy for Cybersecurity Workshop ITU 2016

79th OREGON LEGISLATIVE ASSEMBLY Regular Session. Senate Bill 90

THE WHITE HOUSE. Office of the Press Secretary. EMBARGOED UNTIL DELIVERY OF THE PRESIDENT'S February 12, 2013 STATE OF THE UNION ADDRESS

Promoting Global Cybersecurity

Statement for the Record

The National Medical Device Information Sharing & Analysis Organization (MD-ISAO) Initiative Session 2, February 19, 2017 Moderator: Suzanne

HPH SCC CYBERSECURITY WORKING GROUP

Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure

Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure

MANUAL OF UNIVERSITY POLICIES PROCEDURES AND GUIDELINES. Applies to: faculty staff students student employees visitors contractors

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013

U.S. Department of Homeland Security Office of Cybersecurity & Communications

Emergency Management Response and Recovery. Mark Merritt, President September 2011

SAINT PETERSBURG DECLARATION Building Confidence and Security in the Use of ICT to Promote Economic Growth and Prosperity

PIPELINE SECURITY An Overview of TSA Programs

STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE

NIS-Directive and Smart Grids

Executive Order & Presidential Policy Directive 21. Ed Goff, Duke Energy Melanie Seader, EEI

NATIONAL CYBER SECURITY STRATEGY. - Version 2.0 -

Liberia ICT Policy

Putting It All Together:

ISAO SO Product Outline

Directive on security of network and information systems (NIS): State of Play

Cyber Security in Europe

Critical Information Infrastructure Protection Law

FDA & Medical Device Cybersecurity

Global Security Advisor

Netherlands Cyber Security Strategy. Michel van Leeuwen Head of Cyber Security Policy Ministry of Security and Justice

The UNISDR Private Sector Alliance for Disaster Resilient Societies

ENISA EU Threat Landscape

Member of the County or municipal emergency management organization

Directive on Security of Network and Information Systems

FEMA Update. Tim Greten Technological Hazards Division Deputy Director. NREP April 2017

Cybersecurity Risk Management Guide for Voluntary Use of the NIST Cybersecurity Framework

Number: USF System Emergency Management Responsible Office: Administrative Services

CCISO Blueprint v1. EC-Council

National Strategy for CBRNE Standards

Cybersecurity. Securely enabling transformation and change

National Open Source Strategy

METHODOLOGY AND CRITERIA FOR THE CYBERSECURITY REPORTS

PROTECTING ARIZONA AGAINST CYBER THREATS THE ARIZONA CYBERSECURITY TEAM

NATIONAL STRATEGY:- MALAYSIAN EXPERIENCE

Commonwealth Cyber Declaration

COUNCIL OF THE EUROPEAN UNION. Brussels, 24 May /13. Interinstitutional File: 2013/0027 (COD)

DHS Cybersecurity. Election Infrastructure as Critical Infrastructure. June 2017

EPRI Research Overview IT/Security Focus. Power Delivery & Energy Utilization Sector From Generator Bus Bar to End Use

Red Flags/Identity Theft Prevention Policy: Purpose

Mapping to the National Broadband Plan

How Cybersecurity Initiatives May Impact Operators. Ross A. Buntrock, Partner

DHS Cybersecurity: Services for State and Local Officials. February 2017

ASSEMBLY, No STATE OF NEW JERSEY. 217th LEGISLATURE INTRODUCED FEBRUARY 4, 2016

EU policy on Network and Information Security & Critical Information Infrastructures Protection

Principles for a National Space Industry Policy

300 Riverview Plaza Odysseus Marcopolus, Chief Operating Officer Trenton, NJ POLICY NO: SUPERSEDES: N/A VERSION: 1.0

European Union Agency for Network and Information Security

UNCLASSIFIED. National and Cyber Security Branch. Presentation for Gridseccon. Quebec City, October 18-21

Testimony. Christopher Krebs Director Cybersecurity and Infrastructure Security Agency U.S. Department of Homeland Security FOR A HEARING ON

ENISA s Position on the NIS Directive

Bradford J. Willke. 19 September 2007

CONCLUSIONS OF THE WESTERN BALKANS DIGITAL SUMMIT APRIL, SKOPJE

Forum. Ningbo, China 25 February

Cybersecurity in Asia-Pacific State of play, key issues for trade and e-commerce

Hazard Management Cayman Islands

Ministerial Meeting 19 th June 2015 Nuku alofa, Tonga

Being Strategic about Cybersecurity

Recommendations for Small and Medium Enterprises. Event Date Location

UAE National Space Policy Agenda Item 11; LSC April By: Space Policy and Regulations Directory

Data Compromise Notice Procedure Summary and Guide

National Cyber Security Strategy - Qatar. Michael Lewis, Deputy Director

CALIFORNIA CYBERSECURITY TASK FORCE

STRATEGY ATIONAL. National Strategy. for Critical Infrastructure. Government

Cybersecurity Risk Management:

The Role of Standards in Ensuring Toy Safety

Transcription:

Legal and Regulatory Developments for Privacy and Security Rodney Petersen Government Relations Officer and Director of EDUCAUSE Cybersecurity Initiative

Overview Context for Federal Policy Policy Directions Executive Branch Legislative Branch Regulatory Agencies Implementation of Higher Ed Opportunities Act Higher Education Information Security Council Campus Safety & Security Discussion

Priorities in Washington Economy Economy Economy Swine Flu Healthcare Reform

Higher Education Policy Student Aid Economic Stimulus Research Funding Access Affordability Accountability

Presidential Pronouncements on Cybersecurity 1998: PDD-63 Critical Infrastructure Protection 2003: National Strategy to Secure Cyberspace 2004: HSPD-7 Critical Infrastructure Identification, Prioritization, and Protection 2007: Comprehensive National Cybersecurity Initiative (CNCI) 2009: Cybersecurity Policy Review

Cyberspace Policy Review Summary of the Problem: Cybersecurity risks pose some of the most serious economic and national security challenges of the 21 st century. Goal: Maintaining a information and communications infrastructure that promotes efficiency, innovation, economic prosperity, and free trade while also promoting safety, security, civil liberties, and privacy rights.

Components of Report Leading from the Top Building Capacity for a Digital Nation Sharing Responsibility for Cybersecurity Creating Effective Information Sharing and Response Encouraging Innovation

White House Leadership Finding: no single individual or entity has the responsibility to coordinate Federal government cybersecurity-related activities. Solution: anchoring and elevating leadership for cybersecurity-related policies at the White House signals to the United States and the international community that we are serious about cybersecurity. Approach: appoint a cybersecurity policy official with ties to the National Security Council & the National Economic Council

Building Capacity Findings: the general public needs to be well informed to use technology safely; the U.S. needs a technologically advanced workforce. Solution: cybersecurity education program for digital safety, ethics, and security; expand and train the cyber workforce Approach: increase cybersecurity education; expand Federal IT workforce; promote cybersecurity as an enterprise leadership responsibility

Shared Responsibility Findings: the public and private sectors interests are intertwined; government and industry leaders both nationally and internationally need to develop holistic solutions Solution: government efficiency; private sector engagement; public-private partnerships and information sharing; shape the international environment Approach: government aligning of resources; evaluate barriers to partnerships; integrated approach to policy formulation; coordinate and expand international partnerships

Incident Response Findings: need for a comprehensive framework to facilitate coordinated responses by government, private sector, and allies to a significant cyber incident. Solution: build a framework for incident response Approach: define roles, responsibilities, and resources for Federal departments and agencies; develop thresholds for incident reporting; develop a set of threat scenarios and metrics; implement a National Cybersecurity Center (NCSC); pilot intrusion detection and prevent systems for Federal networks; develop options for information sharing; define private sector roles and responsibilities

Innovation Findings: we have a converged platform where data, voice, and video applications share a common infrastructure Solution: harness the full benefits of innovation to address cybersecurity concerns Approach: develop a coherent and well-conceived architectural concept; create an integrated vision for policies, standards, research, market development, and procurement; provide a framework for research and development strategies that focus on gamechanging technologies; establish identity management; maintain national security/emergency preparedness capabilities

Near-Term Actions Appoint a cybersecurity policy official Prepare an updated national strategy Designate cybersecurity as key management priority Designate a privacy official to NSC directorate Conduct legal analyses and formulate policy guidance Initiate public awareness and education campaign Develop an international cybersecurity policy framework Prepare a cybersecurity incident response plan Develop a framework for research and development strategies that focus on game-changing technologies Build a cybersecurity-based identity management vision and strategy

Mid-Term Actions Expand support for education programs and research and development Develop a strategy to expand and train the workforce Obtain strategic warning and inform incident response capabilities Develop a set of threat scenarios and metrics Develop an information sharing process between government and private sector Encourage collaboration between academic and industrial labs Use the research and development framework to inform standards bodies

Assessment of White House Strategy Effort: A Research: A Style: A- Balance: B+ Substance: B Original Thought: C Timeliness: D Detail: Incomplete

Themes of Legislative Proposals Cybersecurity of Federal Government Leadership for Cybersecurity Protection of Critical Infrastructures Identity Theft Use of Social Security Numbers Regulation of Business Security Breach Notifications Information Privacy Peer-to-Peer Networks

Regulatory Actions Department of Education Final Rules for Family Educational Rights and Privacy Act Federal Trade Commission Finals Rules for Notice of Address Discrepancies & Red Flags Federal Communications Commission NOI for National Broadband Plan Federal Trade Commission NPR for Health Breach Notification Rule Department of Education NPR for Higher Education Opportunities Act

Higher Ed Opportunities Act Peer-to-Peer Filesharing An annual disclosure to students describing copyright law and campus policies related to violating copyright law. A plan to "effectively combat" copyright abuse on the campus network using "a variety of technology-based deterrents". Agreement to "offer alternatives to illegal downloading". Verification of Distance Education Students Processes to verify that student who registers in a distance education course is the same student who participates in and complete the program and receives academic credit Proposed Regulation: verify identity with a secure login and password or proctored exams; and consider new identification technologies and practices

Higher Education Information Security Council formerly EDUCAUSE/Internet2 Security Task Force Goals: Obtain Executive Commitment and Action Maintain Data to Enhance Privacy & Security Protections Develop and Promote Effective Practices & Solutions Explore New Tools and Technologies Establish and Promote Information-Sharing Mechanisms Initiatives: Student Poster and Video Contest National Cyber Security Awareness Month IT Security Practices Guide

Campus Safety & Security Project All-hazards approach to emergency preparedness Sponsoring Organizations: NACUBO, EDUCAUSE, IACLEA, CSHEMA, ACPA, AGB, APPA, NACUA, and URMIA Phases: Literature Review Survey Campus Site Visits National Conference Final Publication

Discussion

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback