Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure

Similar documents
THE WHITE HOUSE. Office of the Press Secretary EXECUTIVE ORDER

THE WHITE HOUSE Office of the Press Secretary EXECUTIVE ORDER

Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure

STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE

Section One of the Order: The Cybersecurity of Federal Networks.

National Policy and Guiding Principles

Department of Homeland Security Updates

Greg Garcia President, Garcia Cyber Partners Former Assistant Secretary for Cyber Security and Communications, U.S. Department of Homeland Security

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013

PIPELINE SECURITY An Overview of TSA Programs

Cyber Security Summit 2014 USCENTCOM Cybersecurity Cooperation

Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure:

DHS Cybersecurity: Services for State and Local Officials. February 2017

79th OREGON LEGISLATIVE ASSEMBLY Regular Session. Senate Bill 90

PD 7: Homeland Security Presidential Directive 7: Critical Infrastructure Identification, Prioritization, and Protection

Executive Order on Coordinating National Resilience to Electromagnetic Pulses

IMPROVING CYBERSECURITY AND RESILIENCE THROUGH ACQUISITION

NATIONAL DEFENSE INDUSTRIAL ASSOCIATION Homeland Security Symposium

Control Systems Cyber Security Awareness

December 10, Statement of the Securities Industry and Financial Markets Association. Senate Committee on Banking, Housing, and Urban Development

Statement for the Record

Election Infrastructure Security: The How and Why of It

Cybersecurity Risk Management:

Information Collection Request: The Department of Homeland. Security, Stakeholder Engagement and Cyber Infrastructure

Department of Defense. Installation Energy Resilience

Cybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com

GAO CYBERSPACE POLICY. Executive Branch Is Making Progress Implementing 2009 Policy Review Recommendations, but Sustained Leadership Is Needed

NATIONAL STRATEGY FOR GLOBAL SUPPLY CHAIN SECURITY

Today s cyber threat landscape is evolving at a rate that is extremely aggressive,

DHS Cybersecurity. Election Infrastructure as Critical Infrastructure. June 2017

Views on the Framework for Improving Critical Infrastructure Cybersecurity

THE WHITE HOUSE. Office of the Press Secretary. EMBARGOED UNTIL DELIVERY OF THE PRESIDENT'S February 12, 2013 STATE OF THE UNION ADDRESS

Evaluating and Improving Cybersecurity Capabilities of the Electricity Critical Infrastructure

ISAO SO Product Outline

CALIFORNIA CYBERSECURITY TASK FORCE

Implementing Executive Order and Presidential Policy Directive 21

Critical Infrastructure Partnership

UNCLASSIFIED. FY 2016 Base FY 2016 OCO

ISRAEL NATIONAL CYBER SECURITY STRATEGY IN BRIEF

Testimony. Christopher Krebs Director Cybersecurity and Infrastructure Security Agency U.S. Department of Homeland Security FOR A HEARING ON

Technical Conference on Critical Infrastructure Protection Supply Chain Risk Management

Mitigation Framework Leadership Group (MitFLG) Charter DRAFT

Cybersecurity Overview

Cybersecurity & Privacy Enhancements

Member of the County or municipal emergency management organization

DHS Supply Chain Activity: Cross-Sector Supply Chain Working Group and Strategy on Global Supply Chain Security

UNCLASSIFIED. FY 2016 Base FY 2016 OCO

Presidential Documents

COUNTERING IMPROVISED EXPLOSIVE DEVICES

COUNCIL OF THE EUROPEAN UNION. Brussels, 24 May /13. Interinstitutional File: 2013/0027 (COD)

CYBERSECURITY. Protecting Against the Financial, Regulatory and Reputational Impacts of Cyber Attack

Implementing the Administration's Critical Infrastructure and Cybersecurity Policy

Brussels, 19 May 2011 COUNCIL THE EUROPEAN UNION 10299/11 TELECOM 71 DATAPROTECT 55 JAI 332 PROCIV 66. NOTE From : COREPER

THE WHITE HOUSE. Office of the Press Secretary. For Immediate Release September 23, 2014 EXECUTIVE ORDER

The Office of Infrastructure Protection

Critical Infrastructure Sectors and DHS ICS CERT Overview

13.f Toronto Catholic District School Board's IT Strategic Review - Draft Executive Summary (Refer 8b)

Medical Device Cybersecurity: FDA Perspective

National Strategy for CBRNE Standards

Draft Resolution for Committee Consideration and Recommendation

Emergency Support Function #2 Communications Annex INTRODUCTION. Purpose. Scope. ESF Coordinator: Support Agencies: Primary Agencies:

NATIONAL ELECTRIC GRID SECURITY AND RESILIENCE ACTION PLAN

The US National Near-Earth Object Preparedness Strategy and Action Plan

SUMMARY DEPARTMENT OF DEFENSE CYBER STRATEGY

Resolution: Advancing the National Preparedness for Cyber Security

FISMA Cybersecurity Performance Metrics and Scoring

Developing a National Emergency Telecommunications Plan. The Samoan Experience November 2012

The Center of Innovation: Creating an Innovation

About Issues in Building the National Strategy for Cybersecurity in Vietnam

COMMENTARY. Federal Banking Agencies Propose Enhanced Cyber Risk Management Standards

Cybersecurity and Hospitals: A Board Perspective

Rocky Mountain Cyberspace Symposium 2018 DoD Cyber Resiliency

Before the DEPARTMENT OF COMMERCE NATIONAL TELECOMMUNICATIONS AND INFORMATION ADMINISTRATION Washington, DC 20230

Actions to Improve Chemical Facility Safety and Security A Shared Commitment Report of the Federal Working Group on Executive Order 13650

Updates to the NIST Cybersecurity Framework

The U.S. Manufacturing Extension Partnership - MEP

STRATEGY ATIONAL. National Strategy. for Critical Infrastructure. Government

DHS Election Task Force Updates. Geoff Hale, Elections Task Force

Defense Security Service. Strategic Plan Addendum, April Our Agency, Our Mission, Our Responsibility

Click to edit Master title style

Does a SAS 70 Audit Leave you at Risk of a Security Exposure or Failure to Comply with FISMA?

RESOLUTION 130 (Rev. Antalya, 2006)

CYBERSECURITY FEDERAL UPDATE. NCSL Cybersecurity Task Force

HPH SCC CYBERSECURITY WORKING GROUP

THE POWER OF TECH-SAVVY BOARDS:

FEMA Region III Cyber Security Program

Texas Reliability Entity, Inc. Strategic Plan for 2017 TEXAS RE STRATEGIC PLAN FOR 2017 PAGE 1 OF 13

Introduction brief to the ISCe Satellite and Communications Conference

Software & Supply Chain Assurance: Enabling Enterprise Resilience through Security Automation, Software Assurance and Supply Chain Risk Management

GAO INFORMATION SHARING ENVIRONMENT

Federal Data Center Consolidation Initiative (FDCCI) Workshop I: Initial Data Center Consolidation Plan

Cyber Security & Homeland Security:

Advanced Cyber Risk Management Threat Modeling & Cyber Wargaming April 23, 2018

ICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update)

The next generation of knowledge and expertise

Dr. Emadeldin Helmy Cyber Risk & Resilience Bus. Continuity Exec. Director, NTRA. The African Internet Governance Forum - AfIGF Dec 2017, Egypt

Commonwealth Telecommunications Organisation Proposal for IGF Open Forum 2017

Request for Information Strategies to Improve Maritime Supply Chain Security and Achieve 100% Overseas Scanning

Provisional Translation

Framework for Improving Critical Infrastructure Cybersecurity

Transcription:

Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure Executive Order 13800 Update July 2017 In Brief On May 11, 2017, President Trump issued Executive Order 13800, Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure, (EO 13800 or EO), to improve the Nation s cyber posture and capabilities in the face of intensifying cybersecurity threats to its digital and physical security. EO 13800 initiates action on four fronts: 1. It secures the Federal networks that operate on behalf of the American people. 2. It encourages collaboration with industry to protect critical infrastructure that maintains the American way of life. 3. It strengthens the deterrence posture of the United States and builds international coalitions. 4. It places much needed focus on building a stronger cybersecurity workforce, which is critical for the Nation s long term ability to strengthen its cyber protections and capabilities. The EO consists of three sections: Cybersecurity of Federal Networks, Cybersecurity of Critical Infrastructure, and Cybersecurity for the Nation. A Working Group of representatives from across the U.S. Government has been formed to implement EO work. This bulletin is the inaugural snapshot of work underway to implement EO 13800. It will be issued monthly to mark specific implementation milestones and will include selected, substantive highlights and updates on deliverables due within six months among the 16 tasks of the three EO sections. In addition, a central web site is being established on the website of the United States Computer Emergency Readiness Team (US-CERT) at www.us-cert.gov/eo13800 to provide a central location for implementation information and updates.

Section Update EO Section 1. Cybersecurity of Federal Networks The Executive Order recognizes the increasing interconnectedness of Federal information and information systems and requires agency heads to ensure appropriate risk management for the agency s enterprise, and for the Executive Branch as a whole. In particular, agency heads are required to manage risk commensurate with the magnitude of harm that would result from unauthorized access, use, disclosure, disruption, modification, or destruction of a Federal information system or Federal information. The Executive Order directs agency heads to produce a risk management report to the Director of Office of Management and Budget (OMB) and the Secretary of the Department of Homeland Security (DHS) within 90 days of its publication. Managing agency and government-wide cybersecurity risks and reducing that risk is the primary focus of Section 1 s six tasks, which focus on assessing and reducing risk and taking steps to improve cybersecurity by using best practices and tools and services that are cloud-based. Agencies are developing implementation plans for using the Framework for Improving Critical Infrastructure Cybersecurity. DHS established a mechanism to collect these metrics via the DHS CyberScope System. DHS coordinated and provided training sessions with OMB, federal agencies, and other stakeholders, including all CFO Act (Chief Financial Officers Act) and non-cfo Act agencies. Agency heads are also reviewing internal needs and procurement plans to determine how best to show preference in procurement for shared information technology (IT) services to the extent permitted by law, including email, cloud and cybersecurity services. In support of this work, agency heads are gathering information on their IT architectures and plans to help determine the technical feasibility and cost effectiveness of transitioning all agencies to one or more consolidated network architectures and applying shared IT services (including email, cloud, and cybersecurity services). DoD and the Office of the Director of National Intelligence (ODNI) are working on a report describing their efforts to modernize IT and assess the effects of transitioning to consolidated network architectures and shared IT services. 2

EO Section 2. Cybersecurity of Critical Infrastructure The Executive Order recognizes the criticality of defending the Nation s critical infrastructure from malicious cyber activity by supporting the cybersecurity risk management efforts of owners and operators of critical infrastructure. DHS conducted an overview briefing of the critical infrastructure work items on June 20 and held a second webinar with stakeholders on June 27. Section 2 has five tasks focused on how the Federal Government can best support cybersecurity of critical infrastructure through policies and stakeholder engagement. DHS, Sector Specific Agencies, and other interagency partners are identifying current and prospective authorities and capabilities that agencies can use to support cybersecurity efforts of critical infrastructure entities and with stakeholders will discuss collaboration and how federal capabilities and authorities can best support specially designated critical infrastructure entities. On the policy front, DHS, in coordination with Commerce, is working on a market transparency report examining whether existing federal policies and practices are sufficient in promoting appropriate market transparency of cybersecurity risk management practices by critical infrastructure entities. On the risk reduction front, Commerce and DHS are identifying and will promote actions to reduce the risks from distributed, automated attacks (i.e., botnets). Two lines of effort are underway to support this work. First, on June 13, Commerce s National Telecommunications and Information Administration (NTIA) published a Request for Comment (RFC) in the Federal Register, soliciting broad input from all interested stakeholders on actions that can be taken to address the threat of botnets to the digital ecosystem. The RFC may be reviewed and responded to on NTIA s website: https://www.ntia.doc.gov/federal-registernotice/2017/rfc-promoting-stakeholder-action-against-botnets-and-other-automated-threats. The deadline for comments is July 28, 2017. Second, separate from the Executive Order, the President s National Security Telecommunications Advisory Committee (NSTAC) has been asked to provide recommendations on ways to reduce the threat of botnet attacks. Commerce will host a workshop at the National Institute of Standards and Technology (NIST) July 11-12, 2017, on Enhancing Resilience of the Internet and Communications Ecosystem. This event will discuss a range of current and emerging solutions to improve the resiliency of the Internet against botnet attacks. More event information is available at: https://www.nist.gov/news-events/events/2017/07/enhancing-resilience-internet-andcommunications-ecosystem The Department of Energy (DOE) and DHS are working on an assessment of the potential scope and duration of a prolonged power outage associated with a significant cyber incident against the U.S. electricity subsector. DoD, DHS, and the FBI, in coordination with ODNI, are working on a report on cybersecurity risks facing the defense industrial base (DIB) and its supply chain, and U.S. military platforms, systems, networks, and capabilities. 3

Stakeholder engagement is imperative to the assessment. In addition to the two webinars noted above, specific engagement efforts underway include: DOE has engaged with its industry partners across the energy sector, including the Electricity Subsector Coordinating Council and the Oil and Natural Gas Sector Coordinating Council, and DHS has sent a data call to the broader stakeholder community. Data call responses were due to DHS June 23. Two draft reports consisting of information identified during a literature review have undergone an initial interagency review. A draft of the assessment was sent to stakeholders for review on June 30, with comments due July 12, 2017. EO Section 3. Cybersecurity for the Nation The Executive Order recognizes the importance of cooperation of international partners, as well as the growth and sustainability of the cybersecurity workforce as the foundation for achieving U.S. Government objectives in cyberspace. Section 3 focuses on three main tasks. Specifically, it recognizes the importance of international engagement with allies and other partners to achieve U.S. government international cybersecurity priorities to span investigation, attribution, cyber threat information sharing, response, capacity building, and cooperation. In addition, Section 3 emphasizes the importance of ensuring the Nation has strategic options to deter adversaries and better protect the American people from cyber threats as well as working more strategically with international partners on these issues. This section further prioritizes workforce development to sustain and grow our Nation s cybersecurity workforce, and to maintain the country s advantage in national security-related cyber capabilities. On the international front, State, Treasury, DoD, DOJ, Commerce, DHS and the U.S. Trade Representative, in coordination with ODNI, are working on a joint report on deterrence. In preparation for an international engagement strategy on cybersecurity, State, DoD, Commerce, DHS, Treasury, and DOJ and FBI, have prepared a report on the international priorities of that department. The State Department will now begin work on the new strategy. On the cyber workforce front, Federal Workforce Development subject matter experts from DHS, Commerce, DoD, the Department of Labor, the Department of Education, and the Office of Personnel Management are working on a joint assessment on how to support the growth and sustainment of the Nation s cybersecurity workforce. Stakeholder engagement plays a crucial role in the interagency work. Specific stakeholder engagement efforts to support the growth and sustainment of the Nation s cybersecurity workforce include: NIST has written a Request for Information (RFI) for public comment on developing a report on the cybersecurity workforce. Once the RFI is released, the public will have an opportunity to contribute information for the benefit of the final report. To gather input for the report, NIST is planning the first public workshop to discuss EO 13800 on August 2, 2017 in Chicago, Ill. A second workshop in August may be held. 4

Additionally, work is underway by ODNI, in consultation with other agencies, to review and report on workforce development efforts of potential foreign cyber peers to identify foreign workforce development practices likely to affect U.S. cybersecurity competitiveness. 5

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback