Transatlantic Cybersecurity: The Need for Regulatory Coordination

Similar documents
The U.S. Government s Role in Standards and Conformity Assessment

Fundamentals of Cybersecurity/CIIP. Building Capacity: Using a National Strategy & Self-Assessment

PARTNERING WITH THE REGULATORS: The Role for 3rd Party Accreditation in Food Safety

Use of Standards and Conformity Assessment in U.S. Regulation: Perspective of the Private Sector

HPH SCC CYBERSECURITY WORKING GROUP

Cybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com

December 10, Statement of the Securities Industry and Financial Markets Association. Senate Committee on Banking, Housing, and Urban Development

STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE

Erik Puskar Standards Coordination Office 30 May, 2013 World Trade Center Moscow

U.S. Japan Internet Economy Industry Forum Joint Statement October 2013 Keidanren The American Chamber of Commerce in Japan

How to implement NIST Cybersecurity Framework using ISO WHITE PAPER. Copyright 2017 Advisera Expert Solutions Ltd. All rights reserved.

National Strategy for CBRNE Standards

Conference for Food Protection. Standards for Accreditation of Food Protection Manager Certification Programs. Frequently Asked Questions

ACCAB. Accreditation Commission For Conformity Assessment Bodies

CEN and CENELEC Position Paper on the draft regulation ''Cybersecurity Act''

Legal and Regulatory Developments for Privacy and Security

THE WHITE HOUSE. Office of the Press Secretary EXECUTIVE ORDER

ITU Asia-Pacific Centres of Excellence Training on Conformity and Interoperability. Session 2: Conformity Assessment Principles

COMMISSION STAFF WORKING DOCUMENT EXECUTIVE SUMMARY OF THE IMPACT ASSESSMENT. Accompanying the document

Some keynote messages on standardization and trade between US and EU

THE WHITE HOUSE Office of the Press Secretary EXECUTIVE ORDER

Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure

Cybersecurity & Privacy Enhancements

UAE National Space Policy Agenda Item 11; LSC April By: Space Policy and Regulations Directory

Cybersecurity Policy in the EU: Security Directive - Security for the data in the cloud

Mapping to the National Broadband Plan

National Policy and Guiding Principles

Finding an Independent Third Party Battery Test Lab

KISH REMARKS APEC CBPR NOV 1 CYBER CONFERENCE KEIO Page 1 of 5 Revised 11/10/2016

TIPS FOR FORGING A BETTER WORKING RELATIONSHIP BETWEEN COUNSEL AND IT TO IMPROVE CYBER-RESPONSE

UNITED STATES OFFICE OF PERSONNEL MANAGEMENT

ACCAB. Accreditation Commission For Conformity Assessment Bodies

E-guide CISSP Prep: 4 Steps to Achieve Your Certification

UAE Space Policy Efforts Towards Long Term Sustainability of Space Activities Agenda Item 4; COPUOS June 2017 By: Space Policy and

Conformity Assessment Schemes and Interoperability Testing (1) Keith Mainwaring ITU Telecommunication Standardization Bureau (TSB) Consultant

Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure

CONCLUSIONS OF THE WESTERN BALKANS DIGITAL SUMMIT APRIL, SKOPJE

The NIST Cybersecurity Framework

ETNO Reflection Document on the EC Proposal for a Directive on Network and Information Security (NIS Directive)

Updates to the NIST Cybersecurity Framework

Why is the CUI Program necessary?

NERC Staff Organization Chart Budget 2019

Data Security and Breach Notification Legislative Update: What You Need to Know (SESSION CODE CRM001)

SAC PA Security Frameworks - FISMA and NIST

NERC Staff Organization Chart Budget 2019

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines

Critical Infrastructure Resilience

Cyber Security in Europe and CEER s new PEER initiative

Streamlined FISMA Compliance For Hosted Information Systems

General Data Protection Regulation April 3, Sarah Ackerman, Managing Director Ross Patz, Consultant

NERC Staff Organization Chart Budget 2018

SECURITY CODE. Responsible Care. American Chemistry Council. 7 April 2011

ISAO SO Product Outline

SOC for cybersecurity

USE CASE STUDY. Connecting Data Through Mission. Department of Transportation (DOT) A Product of the Federal CIO Council Innovation Committee

GUIDING PRINCIPLES I. BACKGROUND. 1 P a g e

VdTÜV Statement on the Communication from the EU Commission A Digital Single Market Strategy for Europe

Seagate Supply Chain Standards and Operational Systems

WELCOME. October 19, 2017 The Mandarin Oriental Washington, DC

Cybersecurity Overview

Homologation of telecommunication equipment experience in India Vineet Verma Director, Department of Telecom India

The Value of Bipartisanship

Impact of Infrastructure Modernization and Selection of Appropriate Technical Solutions to Enhance IPO Business Services

PD 7: Homeland Security Presidential Directive 7: Critical Infrastructure Identification, Prioritization, and Protection

Consideration of Issues and Directives Federal Energy Regulatory Commission Order No. 791 June 2, 2014

Mutual Recognition Agreement/Arrangement: General Introduction, Framework and Benefits

Apr. 10, Vulnerability disclosure and handling processes strengthen security programs

How To Establish A Compliance Program. Richard E. Mackey, Jr. SystemExperts Corporation

IMPROVING CYBERSECURITY AND RESILIENCE THROUGH ACQUISITION

The National Medical Device Information Sharing & Analysis Organization (MD-ISAO) Initiative Session 2, February 19, 2017 Moderator: Suzanne

Does a SAS 70 Audit Leave you at Risk of a Security Exposure or Failure to Comply with FISMA?

Commission for Environmental Cooperation (CEC) Sponsored Workshop on Environmental Assistance Programs and Resources for Automotive OEMs and Suppliers

Data Breach Preparation and Response. April 21, 2017

Greg Garcia President, Garcia Cyber Partners Former Assistant Secretary for Cyber Security and Communications, U.S. Department of Homeland Security

International Conference on Automation, Mechanical Control and Computational Engineering (AMCCE 2015)

PROTERRA CERTIFICATION PROTOCOL V2.2

ACCREDITATION COMMISSION FOR CONFORMITY ASSESSMENT BODIES

Cybersecurity Risk Management:

Security and Privacy Governance Program Guidelines

The Role of Standards in Ensuring Toy Safety

CYBERSECURITY TRAINING EXERCISE KMU TRAINING CENTER NOVEMBER 7, 2017

PRODUCT SAFETY PROFESSIONAL CERTIFICATION PROGRAM DETAILS. Overview

DHS Cybersecurity. Election Infrastructure as Critical Infrastructure. June 2017

Brussels, 19 May 2011 COUNCIL THE EUROPEAN UNION 10299/11 TELECOM 71 DATAPROTECT 55 JAI 332 PROCIV 66. NOTE From : COREPER

DIGITAL AGENDA FOR EUROPE

Commonwealth Telecommunications Organisation Proposal for IGF Open Forum 2017

Financial Regulations, Enforcement & Cybersecurity

Electronic signature framework

POSITION DESCRIPTION

Cyber and Supply Chain Policy Issues

ICB Industry Consultation Body

Cyber Risks in the Boardroom Conference

Comprehensive Study on Cybercrime

ENISA s Position on the NIS Directive

79th OREGON LEGISLATIVE ASSEMBLY Regular Session. Senate Bill 90

Introduction to ISO/IEC 27001:2005

Member of the County or municipal emergency management organization

The fast track to top skills and top jobs in cyber. Guaranteed.

Mitigation Framework Leadership Group (MitFLG) Charter DRAFT

The Role of the American National Standards Institute (ANSI) Irwin Silverstein, Ph.D. IPEA

Transcription:

Transatlantic Cybersecurity: The Need for Regulatory Coordination EU-US High Level Regulatory Cooperation Forum April 11, 2013 Bruce Levinson Levinson@TheCRE.com The

Cybersecurity regulation will take its place alongside environmental regulation, health and safety regulation and financial regulation as a major federal activity. -- CircleID 10/27/11

Cybersecurity Regulation includes Quasi-Regulatory Programs and Guidance Documents Examples of US Cybersecurity Regulatory Programs which Need to be Coordinated with European Partners include: The Cybersecurity Framework for critical infrastructure companies being developed pursuant to Executive Order 13636 The US Security and Exchange Commission s Cybersecurity Disclosure Guidance Critical Infrastructure Companies Operate Internationally -- Uncoordinated National Regulation of Cybersecurity Wastes Resources and Harms Security

The Cybersecurity Framework Should be Included in Regulatory Harmonization Discussions EU-US High Level Regulatory Cooperation Forum Transatlantic Trade and Investment Partnership (TTIP)

Established by former senior career officials from the White House Office of Management and Budget (OMB). Intervenes in Executive Branch proceedings to enforce the Good Government laws that Regulate the Regulators. Acts only in its own name, not that of its sponsors.

: Cyber Policy Interventions Examples include: The National Telecommunications and Information Administration's (NTIA's) supervision of ICANN (2004) Creating a National Cybersecurity Framework (2005) Creating a Cybersecurity Framework (2013)

Industry Leadership Should Drive Transatlantic Cybersecurity Coordination President Obama s Cybersecurity Executive Order 13636 emphasizes use of Industry Best Practices The international standards system is fundamentally a voluntary, industry-driven process Administration officials have emphasized the need for the Cybersecurity Framework to Scale Globally Pro-Active European Participation in American * Cybersecurity Requirements is Essential * When implemented, the Framework will impact globally-minded companies around the world.

Cost-Effectiveness: The Prerequisite for Cybersecurity Regulation Cost effectiveness needs to be designed into all critical infrastructure cyber defenses for two reasons: 1. Regulations must be cost-effective or they will not be viable and will not boost industrial security irrespective of legal requirements. 2. Cost effectiveness discussions must encompasses a review of several issues that are fundamental to any rational regulatory scheme starting which, what is meant by effective cybersecurity? -- CircleID (9/10/12)

What is an Industry Best Practice? NIST is directed to ensure maximum possible use of industry best practices in the Framework without possessing either: A definition of Industry Best Practices; or A federal compilation of industry best practices. The Cybersecurity Framework Needs to Include a Process for the Federal Determination of Industry Best Practices European-Based Industry Needs to Participate in Developing the Best Practice Determination Process

Determining Industry Best Practices: Guiding Principles Global Diversity. The process should recognize the diversity of consensus and non-consensus cybersecurity Best Practices. Affordability. The process to obtain federal acceptance of use of a Best Practice should be minimally burdensome. Reciprocity. Cyber-defense measures undertaken at the behest of any EU or US agency should be accepted as an Industry Best Practice for purposes of the Framework. Clarity. The best practices acceptance process needs to clearly define the operational boundaries to which the practice applies. Recognition. The process should culminate, within a specified timeframe, in recognition of a company s Framework compliance.

Conformity Assessment: Self-Certification The Conformity Assessment Process: Needs to take into account that companies may use varying combinations of a diverse Best Practices. Companies need to be able to obtain recognition for their entire package of compliance procedures. If companies have to hire expensive 3 rd party auditing/ assessment organizations, the program won t work. Self-Certification Backed by Appropriate Recordkeeping is the Only Economically Feasible Conformity Assessment Process

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback