National Cyber Security Strategies: United States

Transcription

1 National Cyber Security Strategies: United States Audrey L. Plonk Director, Cybersecurity and Internet Governance Intel Corporation 1 ICSS 2013

2 Trends: National Cybersecurity Strategies New strategies are proliferating and becoming integrated and comprehensive economic, social, educational, legal, law-enforcement, technical, diplomatic and military OECD study finds common elements among 10 countries strategies: Enhanced governmental co-ordination at policy and operational levels. Reinforced public-private co-operation. Improved international co-operation. Respect for fundamental values: all strategies place a strong emphasis on the need for cybersecurity policy to respect fundamental values, which generally include privacy, freedom of speech, and the free flow of information. 2 ICSS 2013

3 US Timeline 2003 National Strategy to Secure Cyberspace 2008 Comprehensive National Cyber Initiative 2010 Cyberspace Policy Review 2011 International strategy for Cyberspace 2013 Executive Order PPD 23 3 ICSS 2013

4 2003 National Strategy Priorities Priority I: A National Cyberspace Security Response System Priority II: A National Cyberspace Security Threat and Vulnerability Reduction Program Priority III: A National Cyberspace Security Awareness and Training Program Priority IV: Securing Governments Cyberspace Priority V: National Security and International Cyberspace Security Cooperation 4 ICSS 2013

5 Comprehensive National Cybersecurity Initiative Initiative #1 Manage the Federal Enterprise Network as a single network enterprise with trusted Internet Connections Initiative #2 - Deploy n intrusion detection system of sensors across the federal enterprise Initiative #3 Pursue deployment of intrusion prevention systems across the federal enterprise Initiative #4 - Coordinate and redirect research and development (R&D) efforts Initiative #5 Connect current cyber ops centers to enhance situational awareness. Initiative #6 Develop and implement a government-wide cyber counterintelligence (CI) plan Initiative #7 Increase the security of our classified networks. Initiative #8 Expand cyber education. Initiative #9 Define and develop enduring leap ahead technology, strategies, and program Initiative #10 Define and develop enduring deterrence strategies and programs Initiative #11 Develop a multi-pronged approach for global supply chain risk management. Initiative #12 Define the Federal role for extending cybersecurity into critical infrastructure domains 5 ICSS 2013

6 2011 Cyberspace Policy Review 1. Leading from the Top 2. Building Capacity for a Digital Nation 3. Sharing Responsibility for Cybersecurity 4. Creating Effective Information Sharing and Incident Response 5. Encouraging Innovation 6 ICSS 2013

7 International Cyberspace Strategy Economy: Promoting International Standards and Innovative, Open Markets Protecting Our Networks: Enhancing Security, Reliability, and Resiliency Law Enforcement: Extending Collaboration and the Rule of Law Military: Preparing for 21st Century Security Challenges Internet Governance: Promoting Effective and Inclusive Structures International Development: Building Capacity, Security, and Prosperity Internet Freedom: Supporting Fundamental Freedoms and Privacy 7 ICSS 2013

8 Key best practices Take a cross-cutting comprehensive approach Include societal, economic and sovereignty aspects Collaborate closely with global industry Develop implementing action plans Update policies regularly to account for advances in technology 8 ICSS 2013