NATIONAL DEFENSE INDUSTRIAL ASSOCIATION Homeland Security Symposium

Similar documents
Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013

Legal and Regulatory Developments for Privacy and Security

Implementing the Administration's Critical Infrastructure and Cybersecurity Policy

GAO CYBERSPACE POLICY. Executive Branch Is Making Progress Implementing 2009 Policy Review Recommendations, but Sustained Leadership Is Needed

Greg Garcia President, Garcia Cyber Partners Former Assistant Secretary for Cyber Security and Communications, U.S. Department of Homeland Security

Critical Infrastructure Partnership

The Office of Infrastructure Protection

Cybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com

Implementing Executive Order and Presidential Policy Directive 21

December 10, Statement of the Securities Industry and Financial Markets Association. Senate Committee on Banking, Housing, and Urban Development

National Policy and Guiding Principles

STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE

DHS Cybersecurity: Services for State and Local Officials. February 2017

Mitigation Framework Leadership Group (MitFLG) Charter DRAFT

Cybersecurity & Privacy Enhancements

National Preparedness System (NPS) Kathleen Fox, Acting Assistant Administrator National Preparedness Directorate, FEMA April 27, 2015

THE WHITE HOUSE. Office of the Press Secretary. EMBARGOED UNTIL DELIVERY OF THE PRESIDENT'S February 12, 2013 STATE OF THE UNION ADDRESS

HPH SCC CYBERSECURITY WORKING GROUP

The Office of Infrastructure Protection

ISAO SO Product Outline

Awareness as a Cyber Security Vulnerability. Jack Whitsitt Team Lead, Cyber Security Awareness and Outreach TSA Office of Information Technology

DHS Supply Chain Activity: Cross-Sector Supply Chain Working Group and Strategy on Global Supply Chain Security

Testimony. Christopher Krebs Director Cybersecurity and Infrastructure Security Agency U.S. Department of Homeland Security FOR A HEARING ON

THE WHITE HOUSE. Office of the Press Secretary EXECUTIVE ORDER

THE WHITE HOUSE Office of the Press Secretary EXECUTIVE ORDER

Statement for the Record

National Strategy for CBRNE Standards

How Cybersecurity Initiatives May Impact Operators. Ross A. Buntrock, Partner

Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure

STRATEGY ATIONAL. National Strategy. for Critical Infrastructure. Government

Section One of the Order: The Cybersecurity of Federal Networks.

The US National Near-Earth Object Preparedness Strategy and Action Plan

G7 Bar Associations and Councils

THE WHITE HOUSE. Office of the Press Secretary. For Immediate Release September 23, 2014 EXECUTIVE ORDER

Overview of the Federal Interagency Operational Plans

2014 Sector-Specific Plan Guidance. Guide for Developing a Sector-Specific Plan under NIPP 2013 August 2014

PIPELINE SECURITY An Overview of TSA Programs

Executive Order on Coordinating National Resilience to Electromagnetic Pulses

Technical Conference on Critical Infrastructure Protection Supply Chain Risk Management

The J100 RAMCAP Method

Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure

The NIST Cybersecurity Framework

All-Hazards Approach to Water Sector Security & Preparedness ANSI-HSSP Arlington, VA November 9, 2011

DHS Cybersecurity. Election Infrastructure as Critical Infrastructure. June 2017

ARRA State & Local Energy Assurance Planning & Implementation

Advanced Cyber Risk Management Threat Modeling & Cyber Wargaming April 23, 2018

Government-Industry Collaboration: 7 Steps for Resiliency in Critical Infrastructure Protection

Pre-Decisional Draft Working Product Do Not Cite or Quote

The Office of Infrastructure Protection

Emergency Management Response and Recovery. Mark Merritt, President September 2011

Department of Homeland Security Updates

Cyber Security Summit 2014 USCENTCOM Cybersecurity Cooperation

Introduction to the National Response Plan and National Incident Management System

Member of the County or municipal emergency management organization

Department of Defense. Installation Energy Resilience

Election Infrastructure Security: The How and Why of It

CYBERSECURITY. Protecting Against the Financial, Regulatory and Reputational Impacts of Cyber Attack

Cybersecurity Overview

Office of Infrastructure Protection Overview

Bad Idea: Creating a U.S. Department of Cybersecurity

Security and resilience in Information Society: the European approach

Energy Assurance State Examples and Regional Markets Jeffrey R. Pillon, Director of Energy Assurance National Association of State Energy Officials

Information Technology Information Sharing and Analysis Center. First Symposium Barcelona, Spain Feb. 2, 2011

Executive Order & Presidential Policy Directive 21. Ed Goff, Duke Energy Melanie Seader, EEI

Cybersecurity governance in Europe. Sokratis K. Katsikas Systems Security Laboratory Dept. of Digital Systems University of Piraeus

Electricity Sub-Sector Coordinating Council Charter FINAL DISCUSSION DRAFT 7/9/2013

Framework for Improving Critical Infrastructure Cybersecurity. and Risk Approach

United States Space Weather Strategy and Action Plan. Terry Onsager Physicist, NOAA Space Weather Prediction Center

STATEMENT GEORGE FORESMAN UNDERSECRETARY FOR PREPAREDNESS U.S. DEPARTMENT OF HOMELAND SECURITY

EU policy on Network and Information Security & Critical Information Infrastructures Protection

The Office of Infrastructure Protection

21ST OSCE ECONOMIC AND ENVIRONMENTAL FORUM

PD 7: Homeland Security Presidential Directive 7: Critical Infrastructure Identification, Prioritization, and Protection

March 21, 2016 MEMORANDUM FOR THE HEADS OF EXECUTIVE DEPARTMENTS AND AGENCIES. Building National Capabilities for Long-Term Drought Resilience

Information Collection Request: The Department of Homeland. Security, Stakeholder Engagement and Cyber Infrastructure

STATE ENERGY RISK ASSESSMENT INITIATIVE ENERGY INFRASTRUCTURE MODELING AND ANALYSIS. National Association of State Energy Of ficials

Presidential Documents

Industry role moving forward

Critical Infrastructure Resilience

DOE s Roles and Responsibilities for Energy Sector Cybersecurity

Cyber Security & Homeland Security:

Emergency Support Function #2 Communications Annex INTRODUCTION. Purpose. Scope. ESF Coordinator: Support Agencies: Primary Agencies:

About Issues in Building the National Strategy for Cybersecurity in Vietnam

NGA Governor s Energy Advisors Energy Policy Institute Resiliency Panel

Stephanie Zierten Associate Counsel Federal Reserve Bank of Boston

Cyber and Supply Chain Policy Issues

Emergency Support Function #12 Energy Annex. ESF Coordinator: Support Agencies:

Mississippi Emergency Management Agency. Shawn Wise. Office Of Preparedness

American Association of Port Authorities. Navigating the Cyber Domain. Homeland Security UNCLASSIFIED

Evaluating and Improving Cybersecurity Capabilities of the Electricity Critical Infrastructure

2016 Nationwide Cyber Security Review: Summary Report. Nationwide Cyber Security Review: Summary Report

300 Riverview Plaza Odysseus Marcopolus, Chief Operating Officer Trenton, NJ POLICY NO: SUPERSEDES: N/A VERSION: 1.0

CALIFORNIA CYBERSECURITY TASK FORCE

NATIONAL STRATEGY FOR GLOBAL SUPPLY CHAIN SECURITY

Brussels, 19 May 2011 COUNCIL THE EUROPEAN UNION 10299/11 TELECOM 71 DATAPROTECT 55 JAI 332 PROCIV 66. NOTE From : COREPER

Building Privacy into Cyber Threat Information Sharing Cyber Security Symposium Securing the Public Trust

South Dakota Utah Wyoming Needs and Challenges Funding assistance Training Federal program enhancements Exercises

The National Medical Device Information Sharing & Analysis Organization (MD-ISAO) Initiative Session 2, February 19, 2017 Moderator: Suzanne

The Office of Infrastructure Protection

CSD Project Overview DHS SCIENCE AND TECHNOLOGY. Dr. Ann Cox. March 13, 2018

Transcription:

NATIONAL DEFENSE INDUSTRIAL ASSOCIATION Homeland Security Symposium Securing Cyber Space & America s Cyber Assets: Threats, Strategies & Opportunities September 10, 2009, Crystal Gateway Marriott, Arlington, Virginia 1

Securing Cyber Space & America s Cyber Assets: Threats, Strategies & Opportunities IT SCC- IT Sector Baseline Sector Risk Assessment Comprehensive National Cybersecurity Initiative- Project 12 National Security Telecommunications Advisory Committee: Cybersecurity Collaboration Task Force President s 60-Day Cybersecurity Policy Review National Cyber Incident Response Plan / Framework Cyber Storm III 2

The IT Sector Baseline Risk Assessment (ITSRA) Public Sector ITSRA Private Sector The IT Sector Baseline Risk Assessment (ITSRA) is the result of unprecedented partnership among government and industry entities who engaged in a collaborative and iterative process to assess risk to critical IT Sector functions Conducted in support of the National Infrastructure Protection Plan (NIPP) Sharing expertise allows for the accurate execution and refinement of the risk assessment methodology Sharing information enhances the prevention, protection, response, and recovery from events that impact the Sector The IT Sector established a working group the Risk Assessment Committee (formerly the Critical Functions and Information Sharing Working Group) to coordinate and lead the IT Sector s risk assessment efforts Co-chaired by representatives of the Department of Homeland Security s National Cyber Security Division and IT Sector Coordinating Council Participation was conducted under the auspices of the Critical Infrastructure Protection Advisory Council (CIPAC) framework 3

ITSRA Scope: Analyze risks to critical IT Sector functions Focuses on Critical IT Sector Functions that are essential for national security, economic security, public health and safety, government services and the operation of other critical infrastructures DOES NOT focus on attacks against individual networks, systems, or information theft All-hazards risk assessment that provides an evaluation of IT Sector threats, vulnerabilities, and consequences and informs the development of strategies to mitigate sector-wide risks An initial baseline that provides the foundation for future enhancements The critical IT Sector functions are: Produce and provide IT products and services Provide incident management capabilities Provide domain name resolution services Provide identity management and associated trust support services; Provide Internet-based content, information, and communications services Provide Internet routing, access, and connection services 4

ITSRA: A major accomplishment of the NIPP Partnership Model Validated the IT Sector s functions-based risk assessment approach Affirmed the resilience and redundancy of the infrastructure Identified significant interdependencies within functions As an example: Incident management depends on the availability of the Internet Content function Although several risks were identified throughout the critical functions, it is unlikely that any of these risks would lead to the complete failure of that function 5

National Cyber Security Initiative will have a dozen parts Trusted Internet Connection Intrusion detection Intrusion prevention Research and development Situational awareness, specifically through the National Cyber Security Center, which will coordinate information from all agencies to help secure cyber networks and systems and foster collaboration Cyber counter intelligence Classified network security Cyber education and training Implementation of information security technologies Deterrence strategies Global supply chain security Public/private collaboration 6

The President s National Security Telecommunications Advisory Committee (NSTAC) Cybersecurity Collaboration Report Strengthening Government and Private Sector Collaboration Through a Cyber Incident Detection, Prevention, Mitigation, and Response Capability May 2009 7

The White House Releases the 60-Day Cyber Security Review CYBERSPACE POLICY REVIEW Assuring a Trusted and Resilient Information and Communications Infrastructure 8

Cyber Security Review: Near-term action plan 1. Appoint a cybersecurity policy official responsible for coordinating the Nation s cybersecurity policies and activities; establish a strong NSC directorate, under the direction of the cybersecurity policy official dual-hatted to the NSC and the NEC, to coordinate interagency development of cybersecurity-related strategy and policy. 9 2. Prepare for the President s approval an updated national strategy to secure the information and communications infrastructure. This strategy should include continued evaluation of CNCI activities and, where appropriate, build on its successes. 3. Designate cybersecurity as one of the President s key management priorities and establish performance metrics. 4. Designate a privacy and civil liberties official to the NSC cybersecurity directorate. 5. Convene appropriate interagency mechanisms to conduct interagency-cleared legal analyses of priority cybersecurity-related issues identified during the policy-development process and formulate coherent unified policy guidance that clarifies roles, responsibilities, and the application of agency authorities for cybersecurityrelated activities across the Federal government. 6. Initiate a national public awareness and education campaign to promote cybersecurity. 7. Develop U.S. Government positions for an international cybersecurity policy framework and strengthen our international partnerships to create initiatives that address the full range of activities, policies, and opportunities associated with cybersecurity. 8. Prepare a cybersecurity incident response plan; initiate a dialog to enhance public-private partnerships with an eye toward streamlining, aligning, and providing resources to optimize their contribution and engagement 9. In collaboration with other EOP entities, develop a framework for research and development strategies that focus on game-changing technologies that have the potential to enhance the security, reliability, resilience, and trustworthiness of digital infrastructure; provide the research community access to event data to facilitate developing tools, testing theories, and identifying workable solutions. 10. Build a cybersecurity-based identity management vision and strategy that addresses privacy and civil liberties interests, leveraging privacy-enhancing technologies for the Nation.

Creating effective information sharing and incident response 8. Prepare a cybersecurity incident response plan; initiate a dialog to enhance public-private partnerships with an eye toward streamlining, aligning, and providing resources to optimize their contribution and engagement Build a Framework for Incident Response Enhance Information Sharing To Improve Incident Response Capabilities 10

DHS' Cyber Storm III to test Obama's national cyber response plan National Cyber Storm III Exercise September, 2010 11

Securing Cyber Space & America s Cyber Assets: Threats, Strategies & Opportunities Robert B. Dix, Jr. Vice President Government Affairs & Critical Infrastructure Protection Juniper Networks 571-203-2687 rdix@juniper.net 12

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback