Cyber and Supply Chain Policy Issues

Similar documents
Implementing the Administration's Critical Infrastructure and Cybersecurity Policy

Executive Order & Presidential Policy Directive 21. Ed Goff, Duke Energy Melanie Seader, EEI

How Cybersecurity Initiatives May Impact Operators. Ross A. Buntrock, Partner

NATIONAL DEFENSE INDUSTRIAL ASSOCIATION Homeland Security Symposium

The Impact of US Cybersecurity Policies on Submarine Cable Systems

Cybersecurity & Privacy Enhancements

MYTH vs. REALITY The Revised Cybersecurity Act of 2012, S. 3414

Greg Garcia President, Garcia Cyber Partners Former Assistant Secretary for Cyber Security and Communications, U.S. Department of Homeland Security

Cybersecurity Risk Management Guide for Voluntary Use of the NIST Cybersecurity Framework

Section One of the Order: The Cybersecurity of Federal Networks.

Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure

Testimony. Christopher Krebs Director Cybersecurity and Infrastructure Security Agency U.S. Department of Homeland Security FOR A HEARING ON

CYBERSECURITY FEDERAL UPDATE. NCSL Cybersecurity Task Force

THE WHITE HOUSE. Office of the Press Secretary. EMBARGOED UNTIL DELIVERY OF THE PRESIDENT'S February 12, 2013 STATE OF THE UNION ADDRESS

STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE

Implementing Executive Order and Presidential Policy Directive 21

Rocky Mountain Cyberspace Symposium 2018 DoD Cyber Resiliency

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013

THE WHITE HOUSE. Office of the Press Secretary EXECUTIVE ORDER

THE WHITE HOUSE Office of the Press Secretary EXECUTIVE ORDER

CYBERSECURITY LEGISLATION IT OUT!

UNITED STATES OFFICE OF PERSONNEL MANAGEMENT

Cybersecurity Risk Management:

Legal and Regulatory Developments for Privacy and Security

ISAO SO Product Outline

Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure

National Policy and Guiding Principles

Investigating Insider Threats

HPH SCC CYBERSECURITY WORKING GROUP

DHS Supply Chain Activity: Cross-Sector Supply Chain Working Group and Strategy on Global Supply Chain Security

TIPS FOR FORGING A BETTER WORKING RELATIONSHIP BETWEEN COUNSEL AND IT TO IMPROVE CYBER-RESPONSE

UNITED STATES OF AMERICA BEFORE THE FEDERAL COMMUNICATIONS COMMISSION WASHINGTON, DC 20554

Department of Homeland Security Updates

Mitigation Framework Leadership Group (MitFLG) Charter DRAFT

Statement for the Record

G7 Bar Associations and Councils

ANSI Homeland Security Standards Panel (ANSI-HSSP) Open Forum for Standards Developers

Cybersecurity and Data Privacy

Cybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com

Resolution adopted by the General Assembly on 21 December [on the report of the Second Committee (A/64/422/Add.3)]

Electricity Sub-Sector Coordinating Council Charter FINAL DISCUSSION DRAFT 7/9/2013

Building Privacy into Cyber Threat Information Sharing Cyber Security Symposium Securing the Public Trust

Senate Committee on Homeland Security and Governmental Affairs Full Committee Hearing

CYBERSECURITY. Protecting Against the Financial, Regulatory and Reputational Impacts of Cyber Attack

Risk-Based Cyber Security for the 21 st Century

National Strategy for CBRNE Standards

December 10, Statement of the Securities Industry and Financial Markets Association. Senate Committee on Banking, Housing, and Urban Development

GAO CYBERSPACE POLICY. Executive Branch Is Making Progress Implementing 2009 Policy Review Recommendations, but Sustained Leadership Is Needed

Vice President and Chief Information Security Officer FINRA Technology, Cyber & Information Security

Cybersecurity: Federalism as Defense-in-Depth

Framework for Improving Critical Infrastructure Cybersecurity

The NIST Cybersecurity Framework

Cybersecurity for ALL

Framework for Improving Critical Infrastructure Cybersecurity. and Risk Approach

Information Collection Request: The Department of Homeland. Security, Stakeholder Engagement and Cyber Infrastructure

Technical Conference on Critical Infrastructure Protection Supply Chain Risk Management

Executive Order on Coordinating National Resilience to Electromagnetic Pulses

Achieving Cyber-Readiness through Information Sharing Analysis Organizations (ISAOs)

Resolution: Advancing the National Preparedness for Cyber Security

Overview of the Cybersecurity Framework

Emergency Management Response and Recovery. Mark Merritt, President September 2011

Why you should adopt the NIST Cybersecurity Framework

The National Medical Device Information Sharing & Analysis Organization (MD-ISAO) Initiative Session 2, February 19, 2017 Moderator: Suzanne

IMPLEMENTING A RISK-BASE CYBER SECURITY FRAMEWORK FOR HEALTHCARE

GENERIC CONTROL SYSTEM ARCHITECTURE FOR CRITICAL INFRASTRUCTURE PROTECTION

Views on the Framework for Improving Critical Infrastructure Cybersecurity

The Office of Infrastructure Protection

National Strategy for Trusted Identities in Cyberspace

Our Comments. February 12, VIA

GAO INFORMATION SHARING ENVIRONMENT

Robert Holleyman, President and CEO, BSA The Software Alliance

National Initiative for Cyber Education (NICE) and the Cybersecurity Workforce Framework: Attract and Retain the Best in InfoSec.

NATIONAL INFORMATION SHARING STRATEGY

Transatlantic Cybersecurity: The Need for Regulatory Coordination

Regional Cyber security Forum for Africa and Arab States, Tunis, Tunisia 4 th -5 th June 2009

Before the House Committee on Homeland Security, Subcommittee on Cybersecurity, Infrastructure Protection, and Security Technologies

Advanced Technology Academic Research Council Federal CISO Summit. Ms. Thérèse Firmin

300 Riverview Plaza Odysseus Marcopolus, Chief Operating Officer Trenton, NJ POLICY NO: SUPERSEDES: N/A VERSION: 1.0

ENISA EU Threat Landscape

Government Resolution No of February 15, Resolution: Advancing National Regulation and Governmental Leadership in Cyber Security

SECURITY CODE. Responsible Care. American Chemistry Council. 7 April 2011

Cybersecurity: CRS Experts

Directive on security of network and information systems (NIS): State of Play

Presidential Documents

Quadrennial Homeland Security Review (QHSR) Ensuring Resilience to Disasters

CYBERSECURITY. The Intersection of Policy and Technology YOU RE HERE TO MAKE A DIFFERENCE ṢM

Homeland Security Institute. Annual Report. pursuant to. Homeland Security Act of 2002

Today s cyber threat landscape is evolving at a rate that is extremely aggressive,

Cybersecurity Overview

Cybersecurity in Higher Ed

PRC Cyber Security Law --- How does it affect a UK business? Xun Yang Of Counsel, Commercial IP and Technology

Defense Security Service. Strategic Plan Addendum, April Our Agency, Our Mission, Our Responsibility

Data Privacy & Protection

National Preparedness System (NPS) Kathleen Fox, Acting Assistant Administrator National Preparedness Directorate, FEMA April 27, 2015

How to implement NIST Cybersecurity Framework using ISO WHITE PAPER. Copyright 2017 Advisera Expert Solutions Ltd. All rights reserved.

DHS Cybersecurity: Services for State and Local Officials. February 2017

GPS Vulnerability and DHS Mitigation Efforts. David Wulf Acting Deputy Assistant Secretary Infrastructure Protection Department of Homeland Security

DHS Cybersecurity. Election Infrastructure as Critical Infrastructure. June 2017

Presented by Ingrid Fredeen and Pamela Passman. Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0

Smart Grid Update. Christopher J. Eisenbrey. Director, Business Information Edison Electric Institute (EEI)

Transcription:

Manufacturing Division Meeting Cyber and Supply Chain Policy Issues Eisenhower School for National Security and Resource Strategy National Defense University Fort McNair, Washington, DC February 21, 2013 Jamie Barnett Rear Admiral, USN (Retired) Attorney at Law Partner, Venable LLP Co-Chair, Telecom

Federal Communications Commission Communications Security, Reliability & Interoperability Council (CSRIC III) Glen Post, CEO of CenturyLink, Chair of CSRIC III Cybersecurity Reports Fighting Botnets, Securing the Domain Name System, & Securing Internet Routing

FCC Communications Security, Reliability & Interoperability Council The FCC recruited top leaders in cybersecurity to serve on CSRIC III and its working groups, for example: Mike O Rierdan Chairman, MAAWG Rodney Joffe CTO - Neustar Dr. Steve Crocker CEO Shikuro & Chair of ICANN Danny McPherson CSO - Verisign Ed Amoroso CISO AT&T Prof. Jen Rexford Princeton University Alan Paller Research Director SANS Institute Rod Rasmussen CTO Internet Identity Barry Greene President Internet Systems Consortium 3

Executive Order 13636: Cyber Information Sharing: streamline the government s sharing of crucial information (volume, quality, speed) - 120 days Privacy: Agencies must use Fair Information Practice Principles, DHS assesses and consults with the Privacy and Civil Liberties Oversight Board (PCOB) Michael Daniel White House Cyber Coordinator Standards: NIST shall lead development of voluntary Cybersecurity Framework of standards, methods, procedures for critical infrastructure owners and operators Three Pillars of EO 13636 4

Cybersecurity Framework & Process Not performance standards per se: methods, best practices Consultative and participatory: NIST convenes, stakeholders decide Sector Coordinating Councils play big role 240 days to draft framework 1 year to publish final Cyber Framework 120 days DHS/DoC/Treasury recommend incentives to adopt framework 120 days DoD/GSA recommend incorporating security standards into acquisition/contracts Dr. Pat Gallagher Under Secretary of Commerce Director of NIST 150 days DHS identifies critical infrastructure at greatest risk (where cyber incident could have catastrophic regional or national effects) 5

Cyber Framework Implications Presidential Policy Directive 21 replaces HSPD-7 Government relies on the private sector for the input Voluntary, self-governed process and consensus-based Government will then set performance goals Companies will participate to certify that they are compliant So, voluntary, but incentives and comparisons may apply Lesson: participate in the process, monitor what is happening Consult your lawyer (you knew I would say it) If you don t have a seat at the table, you may be on the menu 6

Supply Chain Threats As significant as cybersecurity All critical infrastructures, but esp. communications & energy Cannot be transactional or foreign versus domestic approach Recommended: Tiered system of supply chain risk management Incentives and best practices for industry Legal authorities for effective approach may not exist Addressing the Supply Chain Threat Symposium, September 26, 2012 Potomac Institute for Policy Studies Dennis Bartko, Director's Special Assistant for Cyber, National Security Agency; Melissa Hathaway, former Senior Director for Cyberspace, National Security Council; Brett Lambert, Deputy Assistant Secretary of Defense for Manufacturing and the Industrial Base. Jamie Barnett, Moderator http://www.potomacinstitute.org/index.php?option=com_content&view=article&id=12 82:special-event-addressing-the-supply-chain-threat-&catid=65:past-events&Itemid=94 7

Cyber Policy Needs Legislation: Incentives, limitation of liability for information-sharing New organs of government Reconciliation of existing authorities and targeted expansion of new authorities (recognizing that the first line of cyber defense is in the commercial sector) National Critical Infrastructure Cyber Exercise Capability National Cyber Doctrine Doctrine: (n.) a body of principles that is advocated and taught 8

Questions Backup slides follow Jamie Barnett jbarnett@venable.com (202) 344-4695 9

Cybersecurity Act of 2012/S. 3414 Establish the National Cybersecurity Council: an interagency chaired by DHS to conduct risk assessments Create a Public Private Partnership to Combat Cyber Threats: industry-led groups will develop voluntary outcome based cybersecurity practices Incentivize the Adoption of Voluntary Cybersecurity Practices Improve Information Sharing While Protecting Privacy and Civil Liberties Improve the Security of the Federal Government s Networks: federal government must develop a comprehensive acquisition risk management strategy Move from culture of compliance to culture of security Continuous monitoring of systems Red team exercises and operational testing Strengthen the Cybersecurity Workforce Coordinate Cybersecurity Research and Development 52 voted for, 46 against taking up S.3414 10

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback