Implementing Executive Order and Presidential Policy Directive 21

Similar documents
Implementing the Administration's Critical Infrastructure and Cybersecurity Policy

Executive Order & Presidential Policy Directive 21. Ed Goff, Duke Energy Melanie Seader, EEI

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013

Critical Infrastructure Resilience

DHS Cybersecurity: Services for State and Local Officials. February 2017

Evaluating and Improving Cybersecurity Capabilities of the Electricity Critical Infrastructure

2014 Sector-Specific Plan Guidance. Guide for Developing a Sector-Specific Plan under NIPP 2013 August 2014

The Office of Infrastructure Protection

Testimony. Christopher Krebs Director Cybersecurity and Infrastructure Security Agency U.S. Department of Homeland Security FOR A HEARING ON

NATIONAL DEFENSE INDUSTRIAL ASSOCIATION Homeland Security Symposium

THE WHITE HOUSE. Office of the Press Secretary. EMBARGOED UNTIL DELIVERY OF THE PRESIDENT'S February 12, 2013 STATE OF THE UNION ADDRESS

Federal Civilian Executive branch State, Local, Tribal, Territorial government (SLTT) Private Sector (PS) Unclassified / Business Networks

Cybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com

Homeland Security Perspectives: Oregon Fire District Directors Association October 25, 2018

Overview of the Cybersecurity Framework

Executive Order on Coordinating National Resilience to Electromagnetic Pulses

Framework for Improving Critical Infrastructure Cybersecurity. and Risk Approach

G7 Bar Associations and Councils

Medical Device Cybersecurity: FDA Perspective

STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE

DOE s Roles and Responsibilities for Energy Sector Cybersecurity

Critical Infrastructure Protection (CIP) as example of a multi-stakeholder approach.

Office of Infrastructure Protection Overview

Cyber Security & Homeland Security:

Legal and Regulatory Developments for Privacy and Security

Election Infrastructure Security: The How and Why of It

The Office of Infrastructure Protection

National Policy and Guiding Principles

Challenges and Opportunities in Cyber Physical System Research

POSTMARKET MANAGEMENT OF CYBERSECURITY IN MEDICAL DEVICES FINAL GUIDANCE MARCH 29, TH ANNUAL MEDICAL DEVICE QUALITY CONGRESS

Presidential Documents

ISAO SO Product Outline

Statement for the Record

FDA & Medical Device Cybersecurity

December 10, Statement of the Securities Industry and Financial Markets Association. Senate Committee on Banking, Housing, and Urban Development

National Preparedness System (NPS) Kathleen Fox, Acting Assistant Administrator National Preparedness Directorate, FEMA April 27, 2015

The Office of Infrastructure Protection

The Impact of US Cybersecurity Policies on Submarine Cable Systems

HPH SCC CYBERSECURITY WORKING GROUP

UNCLASSIFIED. National and Cyber Security Branch. Presentation for Gridseccon. Quebec City, October 18-21

DHS Cybersecurity. Election Infrastructure as Critical Infrastructure. June 2017

The NIST Cybersecurity Framework

Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure

Presented by Ingrid Fredeen and Pamela Passman. Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0

Framework for Improving Critical Infrastructure Cybersecurity

2016 Nationwide Cyber Security Review: Summary Report. Nationwide Cyber Security Review: Summary Report

Cybersecurity Risk Management:

Pre-Decisional Draft Working Product Do Not Cite or Quote

Overview of the Federal Interagency Operational Plans

THE WHITE HOUSE. Office of the Press Secretary EXECUTIVE ORDER

Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure

THE WHITE HOUSE Office of the Press Secretary EXECUTIVE ORDER

U.S. Department of Homeland Security Office of Cybersecurity & Communications

Member of the County or municipal emergency management organization

CYBERSECURITY. Protecting Against the Financial, Regulatory and Reputational Impacts of Cyber Attack

SUMMARY DEPARTMENT OF DEFENSE CYBER STRATEGY

Advanced Cyber Risk Management Threat Modeling & Cyber Wargaming April 23, 2018

Dr. Emadeldin Helmy Cyber Risk & Resilience Bus. Continuity Exec. Director, NTRA. The African Internet Governance Forum - AfIGF Dec 2017, Egypt

The University of Queensland

Texas Reliability Entity, Inc. Strategic Plan for 2017 TEXAS RE STRATEGIC PLAN FOR 2017 PAGE 1 OF 13

April 21, Division of Dockets Management (HFA-305) Food and Drug Administration 5630 Fishers Lane, Room 1061 Rockville, Maryland 20852

The Office of Infrastructure Protection

Cybersecurity & Privacy Enhancements

The Australian Government s Approach to Critical Infrastructure Resilience

THE POWER OF TECH-SAVVY BOARDS:

NATIONAL ELECTRIC GRID SECURITY AND RESILIENCE ACTION PLAN

Department of Homeland Security Updates

South Dakota Utah Wyoming Needs and Challenges Funding assistance Training Federal program enhancements Exercises

FERC Reliability Technical Conference Panel III: ERO Performance and Initiatives ESCC and the ES-ISAC

CyberUSA Government Cyber Opportunities for your Region: The Federal Agenda - Federal, Grants & Resources Available to Support Community Cyber

Section One of the Order: The Cybersecurity of Federal Networks.

Building UAE s cyber security resilience through effective use of technology, processes and the local people.

DHS Cybersecurity Services and Resources

Outreach and Partnerships for Promoting and Facilitating Private Sector Emergency Preparedness

AAPA Smart Ports. Cyber Management for Ports Panel. Small Port Cyber Security Workshops. March 6, 2018

Cybersecurity. Securely enabling transformation and change

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

JOINT UNITED STATES-CANADA ELECTRIC GRID SECURITY AND RESILIENCE STRATEGY

Greg Garcia President, Garcia Cyber Partners Former Assistant Secretary for Cyber Security and Communications, U.S. Department of Homeland Security

United States Energy Association Energy Technology and Governance Program REQUEST FOR PROPOSALS

STRATEGY ATIONAL. National Strategy. for Critical Infrastructure. Government

National Infrastructure Protection Plan (NIPP) Transportation Sector Specific Plan (TSSP) and The TSSP R&D Working Group

Rocky Mountain Cyberspace Symposium 2018 DoD Cyber Resiliency

MEDICAL DEVICE CYBERSECURITY: FDA APPROACH

Cyber Resilience. Think18. Felicity March IBM Corporation

COUNCIL OF THE EUROPEAN UNION. Brussels, 28 January 2003 (OR. en) 15723/02 TELECOM 78 JAI 307 PESC 593

Brussels, 19 May 2011 COUNCIL THE EUROPEAN UNION 10299/11 TELECOM 71 DATAPROTECT 55 JAI 332 PROCIV 66. NOTE From : COREPER

Principles for a National Space Industry Policy

The Office of Infrastructure Protection

Information Collection Request: The Department of Homeland. Security, Stakeholder Engagement and Cyber Infrastructure

Private Sector Clearance Program (PSCP) Webinar

Her Majesty the Queen in Right of Canada, Cat. No.: PS4-66/2014E-PDF ISBN:

Smart Grid Standards and Certification

Why you should adopt the NIST Cybersecurity Framework

BEFORE THE U.S. HOUSE OF REPRESENTATIVES COMMITTEE ON ENERGY AND COMMERCE SUBCOMMITTEE ON ENERGY

Updates to the NIST Cybersecurity Framework

Electric Power Industry s Approach to Grid Security

ISRAEL NATIONAL CYBER SECURITY STRATEGY IN BRIEF

From Hyogo to Sendai. Anoja Seneviratne Disaster Management Centre

March 21, 2016 MEMORANDUM FOR THE HEADS OF EXECUTIVE DEPARTMENTS AND AGENCIES. Building National Capabilities for Long-Term Drought Resilience

Transcription:

March 26, 2013 Implementing Executive Order 13636 and Presidential Policy Directive 21 Mike Smith, Senior Cyber Policy Advisor, Office of Electricity Delivery and Energy Reliability, Department of Energy michael.smith2@hq.doe.gov

Agenda Executive Order 13636 and Presidential Policy Directive 21 o Enhancing Security and Resilience o Integrating Cyber-Physical Security o Stakeholder Engagement Model o Integrated Task Force and Working Groups o Principles of Engagement o Participation and Contact Information Electricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2) Program o Overview o Structure o Participation and Contact Information 2

Enhancing Security and Resilience America's national security and economic prosperity are dependent upon the operation of critical infrastructure that are increasingly at risk to the effects of cyber attacks The vast majority of U.S. critical infrastructure is owned and operated by private companies A strong partnership between government and industry is indispensible to reducing the risk to these vital systems We are building critical infrastructure resiliency by establishing and leveraging these partnerships 3

Integrating Cyber-Physical Security Executive Order 13636: Improving Critical Infrastructure Cybersecurity directs the Executive Branch to: Develop a technology-neutral voluntary cybersecurity framework Promote and incentivize the adoption of cybersecurity practices Increase the volume, timeliness and quality of cyber threat information sharing Incorporate strong privacy and civil liberties protections into every initiative to secure our critical infrastructure Explore the use of existing regulation to promote cyber security Presidential Policy Directive-21: Critical Infrastructure Security and Resilience replaces Homeland Security Presidential Directive-7 and directs the Executive Branch to: Develop a situational awareness capability that addresses both physical and cyber aspects of how infrastructure is functioning in near-real time Understand the cascading consequences of infrastructure failures Evaluate and mature the public-private partnership Update the National Infrastructure Protection Plan Develop comprehensive research and development plan 4

Stakeholder Engagement Model SLTT Entities SSAs and other Fed D/As CI owners and operators Guiding Principles Involve those responsible for critical infrastructure security and resilience. Academia Integrated Task Force Industry Consortia Regional Entities Reflect stakeholder views in program design and policy implementation. Use existing bodies and channels when possible, supplemented as needed to ensure a diversity of relevant viewpoints. 5

Integrated Task Force Establishes and manages working groups to accomplish the major deliverables and action items Integrates efforts for delivering EO and PPD requirements Develops and manages the governance process Engages relevant partners and stakeholders to develop products Request for Information, Federal Register Notices, social media, meetings, presentations, workshops, interviews, etc Regularly reports on progress made throughout the EO and PPD implementation to partners and stakeholders 6

Integrated Task Force Working Groups 1) Stakeholder Engagement 2) Planning and Evaluation 3) Situational Awareness and Information Exchange 4) Cyber-Dependent Infrastructure Identification 5) Incentives 6) Research and Development 7) Framework Collaboration 8) Assessments: Privacy and Civil Rights & Civil Liberties 7

Principles of Engagement Partnership and inclusivity Leverage existing and ongoing work, frameworks, and venues and identify opportunities to expand Strive towards broad support for EO and PPD products Communicate clearly Be transparent in product development Embed privacy and civil rights & civil liberties protections Innovate engagement opportunities 8

Participation and Contact Information The ITF working groups seek regular and substantive engagement from across the community, to include Federal, State, local, Tribal, Territorial, international, private sector and academic partners. ITF working group inquires can be sent to: EO-PPDTaskForce@hq.dhs.gov Energy-specific ITF working group inquiries can be sent to: EnergyEO-PPDTaskForce@hq.doe.gov 9

Sponsored by: Electricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2) Program Participating Organizations:

Overview Challenge: Develop capabilities to manage dynamic threats and understand cybersecurity posture of the grid Approach: Develop a maturity model and self-evaluation survey to develop and measure cybersecurity capabilities Results: A scalable, sectorspecific model created in partnership with industry ES-C2M2 Objectives Strengthen cybersecurity capabilities Enable consistent evaluation and benchmarking of cybersecurity capabilities Share knowledge and best practices Enable prioritized actions and cybersecurity investments 11

WORKFORCE CYBER SITUATION SHARING RESPONSE DEPENDENCIES RISK ASSET ACCESS THREAT Structure Risk Management Asset, Change, and Configuration Management Identity and Access Management Threat and Vulnerability Management Situational Awareness Information Sharing and Communications Event and Incident Response, Continuity of Operations Supply Chain and External Dependencies Management Workforce Management Cybersecurity Program Management Domains are logical groupings of cybersecurity practices Each domain has a short name for easy reference 12

Participation and Contact Information The ES-C2M2 is available for download at: http://energy.gov/oe/downloads/electricit y-subsector-cybersecurity-capabilitymaturity-model-may-2012 Requests for the ES-C2M2 Toolkit, program information, or facilitated self-evaluations can be sent to ES-C2M2@HQ.DOE.GOV 13

Questions 14

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback