Cyber Security Research and Development a Homeland Security Perspective

Size: px
Start display at page:

Download "Cyber Security Research and Development a Homeland Security Perspective"

Transcription

1 FBI INFRAGARD National Conference Cyber Security Research and Development a Homeland Security Perspective Annabelle Lee Science and Technology Directorate Department of Homeland Security Session 1 - August 9,

2 Department of Homeland Security: Overview Secretary (Chertoff) Deputy Secretary (Jackson) Coast Guard United States Secret Service Citizenship & Immigration & Ombuds Civil Rights and Civil Liberties Legislative Affairs General Counsel Inspector General State & Local Coordination Private Sector Coordination International Affairs National Capital Region Coordination Counter-narcotics Small and Disadvantaged Business Privacy Officer Chief of Staff Information Analysis & Infrastructure Protection (Stephan) (acting) Science & Technology (McQueary) Border & Transportation Security (Beardsworth) (acting) Emergency Preparedness & Emergency Response (Brown) Management (Hale) 2

3 DHS Mission Prevent terrorist attacks within the US Reduce vulnerability Minimize damage, assist in recovery Enhance normal functions Ensure economic security is not diminished 3 You all know why DHS was formed-but you may not realize that the 144,000 feds that came into the department had day jobs - and that all of the security measures must be balanced with our national need for fresh fruit and new appliances and visiting friends and relatives and colleagues. 3

4 Science and Technology Directorate Science & Technology (McQueary, Under Secretary) Office of Programs, Plans, and Requirements (Kirk, Acting) Strategic, programmatic, budget planning Office of Research and Development (McCarthy) Stewardship of an enduring capability Homeland Security Advanced Research Projects Agency (Kubricky, Acting) Innovation, Adaptation, & Revolution Office of Systems Engineering & Development (Kubricky) Development Engineering, Production, & Deployment Planning Execution 4

5 S&T Directorate Responsibilities: Homeland Security Act of 2002 Advising the Secretary regarding... Identifying priorities for Establishing, conducting, and coordinating basic and applied research, development, testing and evaluation (RDT&E) activities that are relevant to any or all elements of the Department, through both intramural and extramural programs 5 5

6 Science and Technology Directorate - Mission Conduct, stimulate and enable research, development, test, evaluation, and timely transition of homeland security capabilities to federal, state, and local operational endusers Anticipate, prevent, respond to and recover from terrorist attacks Transfer technology and build capacity of federal, state, local operational end-users for all mission Provide the nation with a dedicated and enduring capability 6 Mission of S&T was mandated by statute in the Homeland Security Act of Develop, in consultation with the other elements, the national policy and strategy for coordinating USG efforts in HS. Also directed to coordinate and integrate all RDT&E within DHS, and to provide the systems engineering needed to support the missions. 6

7 Current Environment: Attackers Currently, there are significant advantages for an attacker: Increased dependence of our society on interconnected systems Required resources (funding, equipment, and training) are readily available Powerful attack tools are now available over the Internet to anyone who wants them Powerful, affordable computing platforms to launch sophisticated attacks are now available to the everyone Little skill or sophistication is required to initiate extremely harmful attacks 7 7

8 Current Environment: Attackers (concluded) Result: The sophistication of the attack is growing Also, the sophistication of the attackers is increasing The gap between an attackers' ability to attack and the defenders' ability to defend is widening 8 8

9 Current Environment: Threat and Vulnerability Trends The rate of development and deployment of malicious code has significantly increased. Underlying operating systems continue to contain undetected bugs. Because of the rate of technology change, development of new cyber security technology lags behind deployment of malicious code/technology Insiders continue to compromise sensitive information and information systems Because of the availability and pervasive use of the Internet Attack detection and response continues to play catch up Attribution of new attacks remains difficult 9 9

10 Current Environment: Threat and Vulnerability Trends (concluded) Ability to respond to cyber threats as they emerge Low cost of entry to information systems for adversaries Required resources (funding, equipment and training) are readily available Time to develop countermeasures is longer than time to attack Identifying "real" threats among the noise of traditional threats (high school hackers) is problematic 10 10

11 Current Environment: Technology Trends Economic pressures driving toward less robust/resilient infrastructure Redundancy and excess capacity that contributed to resiliency are decreasing with time Convergence in the telecommunications sector is eliminating the distinction between voice and data communications Critical communications become vulnerable to "Internet threats" Interconnectivity is increasing and will continue to increase over the next 10 years Outward facing networks becoming integrated with internal business networks, and even networks supporting critical functions/operations The need for cyber security underlies all security technologies that rely on information technology 11 11

12 Current Environment: Technology Trends (concluded) Economic pressures driving toward less robust/resilient infrastructure Redundancy and excess capacity that contributed to resiliency are decreasing with time Convergence in the telecommunications sector is eliminating the distinction between voice and data communications Critical communications become vulnerable to "Internet threats" Interconnectivity is increasing and will continue to increase over the next 10 years Outward facing networks becoming integrated with internal business networks, and even networks supporting critical functions/operations The need for cyber security underlies all security technologies that rely on information technology 12 12

13 Current Environment: DHS Cyber Security R&D Requirements Conduct R and D aimed at large-scale, highimpact cyber attacks Address cyber security R&D needs that are unique to critical infrastructure sectors, particularly those sectors that rely on the Internet Provide continuity of government to ensure safety of The government s cyber infrastructure and The assets required for supporting essential missions Support R and D that enables the private sector to better secure privately-owned portions of the Nation s critical infrastructure 13 13

14 Current Environment: DHS Cyber R&D Requirements (concluded) Provide a foundation for economicallyinformed, risk-based cyber security decision making Provide novel and next-generation secure information technology concepts and architectures Allocation of resources for R&D should not be driven only by imminent threat and known intent R&D planning must anticipate trends and expectations for the next 3 years, 5 years, 10 years 14 14

15 Portfolio Mission and Strategic Objectives Portfolio Mission Statement The Cyber Security R&D Portfolio will lead cyber security research, development, testing and evaluation endeavors to secure the Nation's critical information infrastructure, through coordinated efforts that will improve the security of the existing cyber infrastructure, and provide a foundation for a more secure infrastructure. Portfolio Strategic Objectives 1. Conduct research, development, testing, and evaluation of cyber security technology aimed at preventing, protecting against, detecting, responding to, and recovering from large-scale, high-impact cyber attacks. 2. Enable the creation of and migration to a more secure critical information infrastructure, through the development and use of more secure communication protocols

16 Portfolio Mission and Strategic Objectives (continued) Portfolio Strategic Objectives (cont.) 3. Address cyber security R&D needs in support of DHS mission component needs (primarily the National Cyber Security Division and National Communications System in IAIP Directorate). 4. Address cyber security R&D needs that are unique to critical infrastructure sectors, particularly those that rely on the Internet to a great extent (Information and Telecommunications and Banking and Finance. In coordination with the CIP Portfolio, address the cross-cutting issue of securing process control systems). 5. Provide a foundation for the long-term goal of economically-informed, risk-based cyber security decision making. 6. Provide novel and next-generation secure information technology concepts and architectures through long-term research efforts

17 Portfolio Mission and Strategic Objectives (concluded) Portfolio Strategic Objectives (concluded) 7. Actively pursue opportunities to serve as a catalyst for private sector activity, including public-private partnerships, as well as increased cooperation and communication among private sector companies and organizations.* 8. Actively pursue strategies for facilitating technology transfer and diffusion of Federally-funded R&D into commercial products and services, and private sector use.* 9. Coordinate research, development, testing, and evaluation activities with related ongoing activities at other Federal agencies.* * These objectives are not reflected in desired technical capabilities, but are firmly embedded in portfolio planning, execution, and outreach strategies

18 Requirement Development and Prioritization The primary criteria for inclusion are: Role of government in R&D, relevance to DHS mission, customer requirements and related mandates, need to bridge R&D gaps, and threats More specifically: Direct relevance to the DHS mission Foundational and infrastructural needs receive early priority because they are broad-based, cross-cutting, and have long lead times Priority is placed on needs identified in high-level policy documents (e.g., National Strategy to Secure Cyberspace). Requests for capability via requirements from DHS-internal customers are given increased priority 18 18

19 Requirement Development and Prioritization (concluded) Problems identified as fundamentally hard problems by recognized R&D agendas and R&D needs documents R&D areas where the government has a perceived role as a neutral broker to catalyze private sector cooperation R&D areas that are more aligned with missions of other agencies are given lower priority or not considered. Emphasis placed on R&D areas where there are Federal R&D investment gaps Threat intelligence information is factored into priorities R&D areas where the private sector is very active and making progress are given lower priority or not included 19 19

20 Cyber Security Portfolio: FY04 Forward Securing infrastructural protocols Securing the Domain Name System (DNSSEC) and Internet routing protocols Cyber security testbeds Large scale testbed network and software testing framework (DETER/EMIST Cyber DEfense Technology Experimental Research/Evaluation Methods for Internet Security Technology) Large-scale data sets for security testing Essential for supporting development of cyber security metrics (PREDICT A Protected REpository for Defense of Infrastructure against Cyber Threats) Economic assessment activities Provide a foundation for risk-based decisions 20 20

21 Cyber Security Portfolio: FY04 Forward Homeland Security Advanced Research Projects Agency (HSARPA) Cyber Security Broad Area Announcement (BAA 04-17) A critical area of focus for DHS is the development and deployment of technologies to protect the nation s cyber infrastructure including the Internet and other critical infrastructures. The goals are: To perform R&D aimed at improving the security of existing deployed technologies and to ensure the security of new emerging systems; To develop new and enhanced technologies for the detection of, prevention of, and response to cyber attacks on the nation s critical information infrastructure. To facilitate the transfer of these technologies into the national infrastructure as a matter of urgency

22 Cyber Security Portfolio: FY04 Forward BAA Technical Topic Areas (TTAs) System Security Engineering Vulnerability Prevention Tools and techniques for better software development Vulnerability Discovery and Remediation Tools and techniques for analyzing software to detect security vulnerabilities Cyber Security Assessment Develop methods and tools for assessing the cyber security of information systems Security of Operational Systems Security and Trustworthiness for Critical Infrastructure (CI) Protection 1) Automated security vulnerability assessments for CI systems 2) Improvements in system robustness of critical infrastructure systems 22 22

23 Cyber Security Portfolio: FY04 Forward BAA TTAs (concluded) Security of Operational Systems Wireless Security Security tools/products for today s networks Solutions and standards for next generation networks Investigative and Prevention Technologies Network Attack Forensics Tools and techniques for attack traceback Technologies to Defend against Identity Theft R&D of tools and techniques for defending against identity theft and other financial systems attacks, e.g., phishing 23 23

24 Cyber Security Portfolio: FY04 Forward BAA Project/Proposal Structure Type I (New Technologies) New technologies with an applied research phase, a development phase, and a deployment phase (optional) Funding not to exceed 36 months (including deployment phase) Type II (Prototype Technologies) More mature prototype technologies with a development phase and a deployment phase (optional) Funding not to exceed 24 months (including deployment phase) Type III (Mature Technologies) Mature technology with a deployment phase only. Funding not to exceed 12 months NOTE: Deployment Phase = Test, Evaluation, and Pilot deployment in DHS customer environments 24 24

25 Cyber Security Portfolio: FY04 Forward FY04 Small Business Innovative Research (SBIR) topics Cross-Domain Attack Correlation Technologies Real-time Malicious Code Detection Identification 25 25

26 Cyber Security R&D Portfolio Goals: FY06 Development of next-generation cyber security technologies Address functional cyber security needs in a variety of topic areas aimed at preventing, protecting against, detecting, and responding to cyber attacks Strategy: define technical areas of interest and allow university and private sector researchers to submit their best and most innovative ideas Experiments and Exercises Focus on cyber security technology experiments and pilot projects, and supports DHS S&T participation in cyber security exercises Objective: to support the use of next-generation cyber security technologies Assessments Conduct studies and holding workshops 26 26

27 Setting the Federal Government R&D Agenda Cyber Security and Information Assurance Interagency Working Group Responding to Homeland Security Presidential Directive 7 Membership includes over 20 organizations from 12 departments/agencies Developing a coordinated interagency Federal Plan for Cyber Security R&D InfoSec Research Council (IRC) Revisiting the IRC Hard Problems List: 5-10 year problems that require sustained R&D investments 27 27

28 Improving the Nation s Cyber Security More capable people Increased use of security technology in existing infrastructure Development of more inherently secure technology for new infrastructures Identification of migration paths from existing to next-generation infrastructures Better foundations for risk-based technology investments requires understanding of risk and economic issues 28 28

29 Tackling Cyber Security Challenges: Business Not as Usual Strong mission focus (avoid mission creep) Close coordination with other Federal agencies Outreach to communities outside of the Federal government International contacts State and local governments Building public/private partnerships Strong emphasis on technology diffusion and technology transfer Migration paths to a more secure infrastructure Awareness of economic realities 29 29

30 The Way Forward. Securing our cyber systems is critical not only to ensure a way of life to which we ve grown accustomed, but more importantly to protect the vast infrastructure these systems support and operate. Secretary Chertoff: July 28, 2005 Commonwealth Club of California 30 30

31 Questions? Annabelle Lee Acting Director, Cyber Security R&D (cell) 31

Cyber Security Research and Development: A Homeland Security Perspective

Cyber Security Research and Development: A Homeland Security Perspective Cyber Security Research and Development: A Homeland Security Perspective Simon Szykman, Ph.D. Director, Cyber Security R&D 202-772-9867 Outline! DHS Organizational Overview Cyber Security Stakeholders

More information

DHS, National Cyber Security Division Overview

DHS, National Cyber Security Division Overview DHS, National Cyber Security Division Overview Hun Kim, Deputy Director Strategic Initiatives Information Analysis and Infrastructure Protection Directorate www.us-cert.gov The strategy of DHS, as defined

More information

Preventing and Defending Against Cyber Attacks November 2010

Preventing and Defending Against Cyber Attacks November 2010 Preventing and Defending Against Cyber Attacks November 2010 The Nation s first ever Quadrennial Homeland Security Review (QHSR), delivered to Congress in February 2010, identified safeguarding and securing

More information

The Comprehensive National Cybersecurity Initiative

The Comprehensive National Cybersecurity Initiative The Comprehensive National Cybersecurity Initiative President Obama has identified cybersecurity as one of the most serious economic and national security challenges we face as a nation, but one that we

More information

TRUST Background. National Science Foundation Office of Integrative Activities (OIA) Core Funding (FY2005-2015)

TRUST Background. National Science Foundation Office of Integrative Activities (OIA) Core Funding (FY2005-2015) TRUST TRUST: : Team for Research in Ubiquitous Secure Technology A Collaborative Approach to Advancing Cyber Security Research and Development Larry Rohrbough Executive Director, TRUST University of California,

More information

Reliable, Repeatable, Measurable, Affordable

Reliable, Repeatable, Measurable, Affordable Reliable, Repeatable, Measurable, Affordable Defense-in-Depth Across Your Cyber Security Life-Cycle Faced with today s intensifying threat environment, where do you turn for cyber security answers you

More information

Preventing and Defending Against Cyber Attacks October 2011

Preventing and Defending Against Cyber Attacks October 2011 Preventing and Defending Against Cyber Attacks October 2011 The Department of Homeland Security (DHS) is responsible for helping Federal Executive Branch civilian departments and agencies secure their

More information

DHS S&T Cyber Security R&D Program

DHS S&T Cyber Security R&D Program Dept. of Homeland Security Science & Technology Directorate DHS S&T Cyber Security R&D Program PSU NSRC Industry Day State College, PA October 17, 2006 Douglas Maughan, Ph.D. Program Manager, HSARPA douglas.maughan@dhs.gov

More information

Preventing and Defending Against Cyber Attacks June 2011

Preventing and Defending Against Cyber Attacks June 2011 Preventing and Defending Against Cyber Attacks June 2011 The Department of Homeland Security (DHS) is responsible for helping Federal Executive Branch civilian departments and agencies secure their unclassified

More information

TUSKEGEE CYBER SECURITY PATH FORWARD

TUSKEGEE CYBER SECURITY PATH FORWARD TUSKEGEE CYBER SECURITY PATH FORWARD Preface Tuskegee University is very aware of the ever-escalating cybersecurity threat, which consumes continually more of our societies resources to counter these threats,

More information

DHS S&T Cyber Security Division (CSD) Overview

DHS S&T Cyber Security Division (CSD) Overview Dept. of Homeland Security Science & Technology Directorate DHS S&T Cyber Security Division (CSD) Overview TCIPG Industry Workshop UIUC November 8, 2011 Greg Wigton Program Manager Cyber Security Division

More information

Public-Private Cooperation in Cybersecurity Research Strategy Development across the Globe. A View from the U.S. Department of Homeland Security (DHS)

Public-Private Cooperation in Cybersecurity Research Strategy Development across the Globe. A View from the U.S. Department of Homeland Security (DHS) Public-Private Cooperation in Cybersecurity Research Strategy Development across the Globe A View from the U.S. Department of Homeland Security (DHS) Background Envision a future... in which universities

More information

Cyber Security: Defending Your Enterprise

Cyber Security: Defending Your Enterprise Cyber Security: Defending Your Enterprise www.gdit.com/cyber RELIABLE, REPEATABLE MEASURABLE, AFFORDABLE The Threat Spectrum Outsider Threats Terrorists, theft, spies, hackers, foreign governments, denial

More information

Agency for State Technology

Agency for State Technology Agency for State Technology 2015-2018 Statewide Information Technology Security Plan The Way Forward Rick Scott, Governor Jason M. Allison, State CIO Table of Contents From the Desk of the State Chief

More information

El Camino College Homeland Security Spring 2016 Courses

El Camino College Homeland Security Spring 2016 Courses El Camino College Homeland Security Spring 2016 Courses With over 250,000 federal positions in Homeland Security and associated divisions, students may find good career opportunities in this field. Explore

More information

Middle Class Economics: Cybersecurity Updated August 7, 2015

Middle Class Economics: Cybersecurity Updated August 7, 2015 Middle Class Economics: Cybersecurity Updated August 7, 2015 The President's 2016 Budget is designed to bring middle class economics into the 21st Century. This Budget shows what we can do if we invest

More information

(U) Appendix D: Evaluation of the Comprehensive National Cybersecurity Initiative

(U) Appendix D: Evaluation of the Comprehensive National Cybersecurity Initiative (U) Appendix D: Evaluation of the Comprehensive National Cybersecurity Initiative (U) Presidential Directive NSPD 54/HSPD 23, Cybersecurity Policy, established United States policy, strategy, guidelines,

More information

ROCKEFELLER SNOWE CYBERSECURITY ACT SUBSTITUTE AMENDMENT FOR S.773

ROCKEFELLER SNOWE CYBERSECURITY ACT SUBSTITUTE AMENDMENT FOR S.773 ROCKEFELLER SNOWE CYBERSECURITY ACT SUBSTITUTE AMENDMENT FOR S.773 March 17, 2010 BACKGROUND & WHY THIS LEGISLATION IS IMPORTANT: Our nation is at risk. The networks that American families and businesses

More information

S. ll IN THE SENATE OF THE UNITED STATES

S. ll IN THE SENATE OF THE UNITED STATES OLL0 TH CONGRESS ST SESSION S. ll To secure the United States against cyber attack, to improve communication and collaboration between the private sector and the Federal Government, to enhance American

More information

Cybersecurity Enhancement Account. FY 2017 President s Budget

Cybersecurity Enhancement Account. FY 2017 President s Budget Cybersecurity Enhancement Account FY 2017 President s Budget February 9, 2016 Table of Contents Section 1 Purpose... 3 1A Mission Statement... 3 1.1 Appropriations Detail Table... 3 1B Vision, Priorities

More information

Mary Ellen Seale National Protection and Programs Directorate May 16, 2012

Mary Ellen Seale National Protection and Programs Directorate May 16, 2012 Finding & Integrating CyberTech in the U.S. Government Mary Ellen Seale National Protection and Programs Directorate May 16, 2012 Obtaining Federal Funding Understanding the Landscape Contracting Small

More information

Commonwealth Approach to Cybergovernance and Cybersecurity. By the Commonwealth Telecommunications Organisation

Commonwealth Approach to Cybergovernance and Cybersecurity. By the Commonwealth Telecommunications Organisation Commonwealth Approach to Cybergovernance and Cybersecurity By the Commonwealth Telecommunications Organisation Trends in Cyberspace Cyberspace provides access to ICT Bridging the digital divide and influencing

More information

About the National Science and Technology Council

About the National Science and Technology Council About the National Science and Technology Council The National Science and Technology Council (NSTC) was established by Executive Order on November 23, 1993. This Cabinet-level Council is the principal

More information

UNCLASSIFIED. UNCLASSIFIED Office of Secretary Of Defense Page 1 of 8 R-1 Line #50

UNCLASSIFIED. UNCLASSIFIED Office of Secretary Of Defense Page 1 of 8 R-1 Line #50 Exhibit R-2, RDT&E Budget Item Justification: PB 2015 Office of Secretary Of Defense Date: March 2014 0400:,, Test & Evaluation, Defense-Wide / BA 3: Advanced Technology (ATD) COST ($ in Millions) Prior

More information

THE WHITE HOUSE Office of the Press Secretary

THE WHITE HOUSE Office of the Press Secretary FOR IMMEDIATE RELEASE February 13, 2015 THE WHITE HOUSE Office of the Press Secretary FACT SHEET: White House Summit on Cybersecurity and Consumer Protection As a nation, the United States has become highly

More information

September 4, 2003. appearing before you today. I am here to testify about issues and challenges in providing for

September 4, 2003. appearing before you today. I am here to testify about issues and challenges in providing for Testimony of John A. McCarthy, Director of the Critical Infrastructure Protection Project, George Mason School of Law Before a joint hearing of the House Subcommittee on Infrastructure Security and The

More information

Cybersecurity: What CFO s Need to Know

Cybersecurity: What CFO s Need to Know Cybersecurity: What CFO s Need to Know William J. Nowik, CISA, CISSP, QSA PCIP MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2014 Wolf & Company, P.C. Today s Agenda Introduction

More information

Department of Homeland Security Information Sharing Strategy

Department of Homeland Security Information Sharing Strategy Securing Homeland the Homeland Through Through Information Information Sharing Sharing and Collaboration and Collaboration Department of Homeland Security April 18, 2008 for the Department of Introduction

More information

SDN Security Challenges. Anita Nikolich National Science Foundation Program Director, Advanced Cyberinfrastructure July 2015

SDN Security Challenges. Anita Nikolich National Science Foundation Program Director, Advanced Cyberinfrastructure July 2015 SDN Security Challenges Anita Nikolich National Science Foundation Program Director, Advanced Cyberinfrastructure July 2015 Cybersecurity Enhancement Act 2014 Public-Private Collaboration on Security (NIST

More information

GAO DEPARTMENT OF HOMELAND SECURITY. Actions Taken Toward Management Integration, but a Comprehensive Strategy Is Still Needed

GAO DEPARTMENT OF HOMELAND SECURITY. Actions Taken Toward Management Integration, but a Comprehensive Strategy Is Still Needed GAO November 2009 United States Government Accountability Office Report to the Subcommittee on Oversight of Government Management, the Federal Workforce, and the District of Columbia, Committee on Homeland

More information

Release of the Draft Cybersecurity Procurement Language for Energy Delivery Systems

Release of the Draft Cybersecurity Procurement Language for Energy Delivery Systems Release of the Draft Cybersecurity Procurement Language for Energy Delivery Systems Energy Sector Control Systems Working Group Supporting the Electricity Sector Coordinating Council, Oil & Natural Gas

More information

Actions and Recommendations (A/R) Summary

Actions and Recommendations (A/R) Summary Actions and Recommendations (A/R) Summary Priority I: A National Cyberspace Security Response System A/R 1-1: DHS will create a single point-ofcontact for the federal government s interaction with industry

More information

Cyber Security and Privacy - Program 183

Cyber Security and Privacy - Program 183 Program Program Overview Cyber/physical security and data privacy have become critical priorities for electric utilities. The evolving electric sector is increasingly dependent on information technology

More information

Department of Homeland Security Management Directive System MD Number: 0590 Issue Date: 07/12/2004 MAIL MANAGEMENT PROGRAM

Department of Homeland Security Management Directive System MD Number: 0590 Issue Date: 07/12/2004 MAIL MANAGEMENT PROGRAM Department of Homeland Security Management Directive System MD Number: 0590 Issue Date: 07/12/2004 MAIL MANAGEMENT PROGRAM I. Purpose This management directive establishes the Department of Homeland Security

More information

Water Critical Infrastructure and Key Resources Sector-Specific Plan as input to the National Infrastructure Protection Plan Executive Summary

Water Critical Infrastructure and Key Resources Sector-Specific Plan as input to the National Infrastructure Protection Plan Executive Summary Water Critical Infrastructure and Key Resources Sector-Specific Plan as input to the National Infrastructure Protection Plan Executive Summary May 2007 Environmental Protection Agency Executive Summary

More information

OFFICE OF ENTERPRISE TECHNOLOGY SERVICES QUARTERLY REPORT ON

OFFICE OF ENTERPRISE TECHNOLOGY SERVICES QUARTERLY REPORT ON OFFICE OF ENTERPRISE TECHNOLOGY SERVICES QUARTERLY REPORT ON PERIODIC INFORMATION SECURITY AND PENETRATION AUDITS OF THE EXECUTIVE BRANCH INFORMATION TECHNOLOGY SYSTEMS JULY 2016 SUBMITTED TO THE TWENTY-EIGHTH

More information

STATEMENT OF MR. THOMAS ATKIN ACTING ASSISTANT SECRETARY OF DEFENSE FOR HOMELAND DEFENSE AND GLOBAL SECURITY OFFICE OF THE SECRETARY OF DEFENSE;

STATEMENT OF MR. THOMAS ATKIN ACTING ASSISTANT SECRETARY OF DEFENSE FOR HOMELAND DEFENSE AND GLOBAL SECURITY OFFICE OF THE SECRETARY OF DEFENSE; STATEMENT OF MR. THOMAS ATKIN ACTING ASSISTANT SECRETARY OF DEFENSE FOR HOMELAND DEFENSE AND GLOBAL SECURITY OFFICE OF THE SECRETARY OF DEFENSE; LIEUTENANT GENERAL JAMES K. MCLAUGHLIN DEPUTY COMMANDER,

More information

Cyber Side-Effects: How Secure is the Personal Information Entered into the Flawed Healthcare.gov? Statement for the Record

Cyber Side-Effects: How Secure is the Personal Information Entered into the Flawed Healthcare.gov? Statement for the Record Cyber Side-Effects: How Secure is the Personal Information Entered into the Flawed Healthcare.gov? Statement for the Record Roberta Stempfley Acting Assistant Secretary for Cybersecurity and Communications

More information

Lessons from Defending Cyberspace

Lessons from Defending Cyberspace Lessons from Defending Cyberspace The Challenge of Addressing National Cyber Risk Andy Purdy Workshop on Cyber Security Center for American Studies, Christopher Newport College 10 28-2009 Cyber Threat

More information

DEPARTMENT OF HOMELAND SECURITY Washington, DC 20528 Phone, 202 282 8000. Internet, www.dhs.gov.

DEPARTMENT OF HOMELAND SECURITY Washington, DC 20528 Phone, 202 282 8000. Internet, www.dhs.gov. Washington, DC 20528 Phone, 202 282 8000. Internet, www.dhs.gov. SECRETARY OF HOMELAND SECURITY Deputy Secretary Chief of Staff Directorates: Federal Emergency Management Director, Mitigation Division

More information

Privacy and Security in Healthcare

Privacy and Security in Healthcare 5 th 5 th th National HIPAA Summit National Strategy to Secure Cyberspace Privacy and Security in Healthcare October 31, 2002 Andy Purdy Senior Advisor, IT Security and Privacy The President s Critical

More information

Information Assurance. and Critical Infrastructure Protection

Information Assurance. and Critical Infrastructure Protection Information Assurance and Critical Infrastructure Protection A Federal Perspective Information Assurance Presented by the Government Electronics and Information Technology Association 2001 Executive Summary

More information

Cyber Incident Annex. Cooperating Agencies: Coordinating Agencies:

Cyber Incident Annex. Cooperating Agencies: Coordinating Agencies: Cyber Incident Annex Coordinating Agencies: Department of Defense Department of Homeland Security/Information Analysis and Infrastructure Protection/National Cyber Security Division Department of Justice

More information

EU Threat Landscape Threat Analysis in Research ENISA Workshop Brussels 24th February 2015

EU Threat Landscape Threat Analysis in Research ENISA Workshop Brussels 24th February 2015 EU Threat Landscape Threat Analysis in Research ENISA Workshop Brussels 24th February 2015 Aristotelis Tzafalias Trust and Security Unit H.4 DG Connect European Commission Trust and Security: One Mission

More information

CYBER SECURITY GUIDANCE

CYBER SECURITY GUIDANCE CYBER SECURITY GUIDANCE With the pervasiveness of information technology (IT) and cyber networks systems in nearly every aspect of society, effectively securing the Nation s critical infrastructure requires

More information

By: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015

By: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015 Community Bank Auditors Group Cybersecurity What you need to do now June 9, 2015 By: Gerald Gagne MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2015 Wolf & Company, P.C. Cybersecurity

More information

HSARPA Cyber Security Division

HSARPA Cyber Security Division HSARPA Cyber Security Division Internet Measurement and Attack Modeling Project Active Internet Measurement Systems Workshop (AIMS) February 6-8, 2013 Ann Cox, PhD. Program Manager Cyber Security Division

More information

Cyber Security Division Overview

Cyber Security Division Overview Homeland Security Advanced Research Projects Agency Cyber Security Division Overview Douglas Maughan, Ph.D. Director October 9, 2012 http://www.cyber.st.dhs.gov Environment: Greater Use of Technology,

More information

THE WHITE HOUSE. Office of the Press Secretary. For Immediate Release February 12, 2013. February 12, 2013

THE WHITE HOUSE. Office of the Press Secretary. For Immediate Release February 12, 2013. February 12, 2013 THE WHITE HOUSE Office of the Press Secretary For Immediate Release February 12, 2013 February 12, 2013 PRESIDENTIAL POLICY DIRECTIVE/PPD-21 SUBJECT: Critical Infrastructure Security and Resilience The

More information

JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015

JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015 JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015 The following consists of the joint explanatory statement to accompany the Cybersecurity Act of 2015. This joint explanatory statement

More information

RISK AND RESILIENCE $58,000,000 +$38,000,000 / 190.0%

RISK AND RESILIENCE $58,000,000 +$38,000,000 / 190.0% RISK AND RESILIENCE $58,000,000 +$38,000,000 / 190.0% Overview The economic competiveness and societal well-being of the United States depend on the affordability, availability, quality, and reliability

More information

Cyber Incident Annex. Federal Coordinating Agencies. Coordinating Agencies. ITS-Information Technology Systems

Cyber Incident Annex. Federal Coordinating Agencies. Coordinating Agencies. ITS-Information Technology Systems Cyber Incident Annex Coordinating Agencies ITS-Information Technology Systems Support Agencies Mississippi Department of Homeland Security Mississippi Emergency Management Agency Mississippi Department

More information

Homeland Security: Information Assurance Challenges and Opportunities. Building the National Cyber Security Division

Homeland Security: Information Assurance Challenges and Opportunities. Building the National Cyber Security Division Homeland Security: Information Assurance Challenges and Opportunities Building the National Cyber Security Division The Homeland Security Act and national strategies direct DHS to take the lead on cyber

More information

NGA Paper. Act and Adjust: A Call to Action for Governors. for cybersecurity;

NGA Paper. Act and Adjust: A Call to Action for Governors. for cybersecurity; NGA Paper Act and Adjust: A Call to Action for Governors for Cybersecurity challenges facing the nation. Although implementing policies and practices that will make state systems and data more secure will

More information

NASCIO 2014 State IT Recognition Awards

NASCIO 2014 State IT Recognition Awards NASCIO 2014 State IT Recognition Awards Project: California Cybersecurity Task Force Category: Cybersecurity Initiatives Project Initiation Date: September, 2012 Project Completion Date: May 2013 Carlos

More information

Commonwealth IT Threat Management: Keeping Out the Cyber Villains Category: Cyber Security Initiatives. Initiation date: January 2012

Commonwealth IT Threat Management: Keeping Out the Cyber Villains Category: Cyber Security Initiatives. Initiation date: January 2012 Commonwealth IT Threat Management: Keeping Out the Cyber Villains Category: Cyber Security Initiatives Initiation date: January 2012 Completion date: June 2012 Nomination submitted by: Samuel A. Nixon

More information

www.pwc.co.uk Cyber security Building confidence in your digital future

www.pwc.co.uk Cyber security Building confidence in your digital future www.pwc.co.uk Cyber security Building confidence in your digital future November 2013 Contents 1 Confidence in your digital future 2 Our point of view 3 Building confidence 4 Our services Confidence in

More information

Pennsylvania s Alignment & Implementation of the Call to Action

Pennsylvania s Alignment & Implementation of the Call to Action Pennsylvania s Alignment & Implementation of the Call to Action Erik Avakian, CISSP, CISA, CISM Chief Information Security Officer Commonwealth of Pennsylvania eavakian@pa.gov 1. Establish a Governance

More information

2015 Michigan NASCIO Award Nomination. Cyber Security Initiatives: Michigan Cyber Disruption Response Strategy

2015 Michigan NASCIO Award Nomination. Cyber Security Initiatives: Michigan Cyber Disruption Response Strategy 2015 Michigan NASCIO Award Nomination Cyber Security Initiatives: Michigan Cyber Disruption Response Strategy Sponsor: David Behen, DTMB Director and Chief Information Officer Program Manager: Rod Davenport,

More information

CONNECTING WITH CONFIDENCE: OPTIMISING AUSTRALIA S DIGITAL FUTURE. AIIA Response

CONNECTING WITH CONFIDENCE: OPTIMISING AUSTRALIA S DIGITAL FUTURE. AIIA Response CONNECTING WITH CONFIDENCE: OPTIMISING AUSTRALIA S DIGITAL FUTURE AIIA Response 14 November 2011 INTRODUCTION The Australian Information Industry Association (AIIA) is the peak national body representing

More information

CYBER SECURITY INFORMATION SHARING & COLLABORATION

CYBER SECURITY INFORMATION SHARING & COLLABORATION Corporate Information Security CYBER SECURITY INFORMATION SHARING & COLLABORATION David N. Saul Senior Vice President & Chief Scientist 28 June 2013 Discussion Flow The Evolving Threat Environment Drivers

More information

Enterprise Security Tactical Plan

Enterprise Security Tactical Plan Enterprise Security Tactical Plan Fiscal Years 2011 2012 (July 1, 2010 to June 30, 2012) Prepared By: State Chief Information Security Officer The Information Security Council State of Minnesota Enterprise

More information

Hearing before the House Permanent Select Committee on Intelligence. Homeland Security and Intelligence: Next Steps in Evolving the Mission

Hearing before the House Permanent Select Committee on Intelligence. Homeland Security and Intelligence: Next Steps in Evolving the Mission Hearing before the House Permanent Select Committee on Intelligence Homeland Security and Intelligence: Next Steps in Evolving the Mission 18 January 2012 American expectations of how their government

More information

Why Cybersecurity Matters in Government Contracting. Robert Nichols, Covington & Burling LLP

Why Cybersecurity Matters in Government Contracting. Robert Nichols, Covington & Burling LLP Why Cybersecurity Matters in Government Contracting Robert Nichols, Covington & Burling LLP Cybersecurity is the No. 1 Concern of General Counsel and Directors 2 Cybersecurity Concerns in the Government

More information

Cybersecurity Risk Information Sharing Program (CRISP): Bi-Directional Trust

Cybersecurity Risk Information Sharing Program (CRISP): Bi-Directional Trust Session ID: PNG-F01 Cybersecurity Risk Information Sharing Program (CRISP): Bi-Directional Trust Michael E. Smith Senior Cyber Policy Advisor to the Assistant Secretary, Office of Electricity Delivery

More information

Computer Network Security & Privacy Protection

Computer Network Security & Privacy Protection Overview Computer Network Security & Privacy Protection The Nation s electronic information infrastructure is vital to the functioning of the Government as well as maintaining the Nation s economy and

More information

US Federal Cyber Security Research Program November 15, 2012 New England Advanced Cyber Security Center Workshop Bill Newhouse (NIST)

US Federal Cyber Security Research Program November 15, 2012 New England Advanced Cyber Security Center Workshop Bill Newhouse (NIST) US Federal Cyber Security Research Program November 15, 2012 New England Advanced Cyber Security Center Workshop Bill Newhouse (NIST) william.newhouse@nist.gov NITRD Structure for US Federal Cybersecurity

More information

Appropr iated Accounts Department-wide Systems and Capital Investment Program

Appropr iated Accounts Department-wide Systems and Capital Investment Program Department-wide Systems and Capital Investment Program Mission: To modernize business processes and increase efficiencies throughout the Department of Treasury through technology investments. Program Summary

More information

CYBERINFRASTRUCTURE FRAMEWORK FOR 21 ST CENTURY SCIENCE, ENGINEERING, AND EDUCATION (CIF21) $100,070,000 -$32,350,000 / -24.43%

CYBERINFRASTRUCTURE FRAMEWORK FOR 21 ST CENTURY SCIENCE, ENGINEERING, AND EDUCATION (CIF21) $100,070,000 -$32,350,000 / -24.43% CYBERINFRASTRUCTURE FRAMEWORK FOR 21 ST CENTURY SCIENCE, ENGINEERING, AND EDUCATION (CIF21) $100,070,000 -$32,350,000 / -24.43% Overview The Cyberinfrastructure Framework for 21 st Century Science, Engineering,

More information

Government Perspectives on the Future of Advanced Networking Technologies

Government Perspectives on the Future of Advanced Networking Technologies Government Perspectives on the Future of Advanced Networking Technologies Combined briefings presented at: GLOBALCOMM GLOBALCOMM Government Summit and Innovations Summit June 5, 2006 June 7, 2006 Simon

More information

PREPUBLICATION COPY. More Intelligent, More Effective Cybersecurity Protection

PREPUBLICATION COPY. More Intelligent, More Effective Cybersecurity Protection More Intelligent, More Effective Cybersecurity Protection January 2013 Business Roundtable (BRT) is an association of chief executive officers of leading U.S. companies with more than $7.3 trillion in

More information

Anticipating the Breach

Anticipating the Breach Anticipating the Breach What to do before, during and after an attack. CONTENTS Before... 2 During... 3 After... 4 Conclusion... 5 Brought to you compliments of Security incidents may be inevitable, but

More information

FREQUENTLY ASKED QUESTIONS

FREQUENTLY ASKED QUESTIONS FREQUENTLY ASKED QUESTIONS Continuous Monitoring 1. What is continuous monitoring? Continuous monitoring is one of six steps in the Risk Management Framework (RMF) described in NIST Special Publication

More information

Brief Documentary History of the Department of Homeland Security

Brief Documentary History of the Department of Homeland Security Brief Documentary History of the Department of Homeland Security 2001 2008 History Office Table of Contents Introductory Note... 2 Homeland Security Before September 11... 3 The Office of Homeland Security...

More information

Update on U.S. Critical Infrastructure and Cybersecurity Initiatives

Update on U.S. Critical Infrastructure and Cybersecurity Initiatives Update on U.S. Critical Infrastructure and Cybersecurity Initiatives Presented to Information Security Now! Seminar Helsinki, Finland May 8, 2013 MARK E. SMITH Assistant Director International Security

More information

Det talte ord gælder

Det talte ord gælder Thank you for the invitation. I m pleased to be given this opportunity to speak to you about Homeland Security, seen from my point of view. Homeland Security is a concept we ve all grown very familiar

More information

JOB ANNOUNCEMENT. Chief Security Officer, Cheniere Energy, Inc.

JOB ANNOUNCEMENT. Chief Security Officer, Cheniere Energy, Inc. JOB ANNOUNCEMENT Chief Security Officer, Cheniere Energy, Inc. Position Overview The Vice President and Chief Security Risk Officer (CSRO) reports to the Chairman, Chief Executive Officer and President

More information

Experience the commitment. white paper. Information Security Continuous Monitoring. Charting the Right Course. cgi.com

Experience the commitment. white paper. Information Security Continuous Monitoring. Charting the Right Course. cgi.com Experience the commitment white paper Information Security Continuous Monitoring Charting the Right Course cgi.com Hacking, malware, distributed denial of service attacks, insider threats and other criminal

More information

Homeland Open Security Technology HOST Program

Homeland Open Security Technology HOST Program Homeland Open Security Technology HOST Program Informational Briefing August 2011 Sponsored by: U.S. Department of Homeland Security Science and Technology Directorate Implemented by: Open Technology Research

More information

Cyber Defense Operation Center (CDOC) Ensuring that Experts are allways watching

Cyber Defense Operation Center (CDOC) Ensuring that Experts are allways watching (CDOC) Ensuring that Experts are allways watching Data Sheet Introduction CyberHat CDOC is an intelligent security operation center; which combines cutting edge technologies and innovative processes ensuring

More information

future data and infrastructure

future data and infrastructure White Paper Smart Grid Security: Preparing for the Standards-Based Future without Neglecting the Needs of Today Are you prepared for future data and infrastructure security challenges? Steve Chasko Principal

More information

Panel on Emerging Cyber Security Technologies. Robert F. Brammer, Ph.D., VP and CTO. Northrop Grumman Information Systems.

Panel on Emerging Cyber Security Technologies. Robert F. Brammer, Ph.D., VP and CTO. Northrop Grumman Information Systems. Panel on Emerging Cyber Security Technologies Robert F. Brammer, Ph.D., VP and CTO Northrop Grumman Information Systems Panel Moderator 27 May 2010 Panel on Emerging Cyber Security Technologies Robert

More information

Cybersecurity on a Global Scale

Cybersecurity on a Global Scale Cybersecurity on a Global Scale Time-tested Leadership A global leader for more than a century with customers in 80 nations supported by offices in 19 countries worldwide, Raytheon recognizes that shared

More information

DEPARTMENT OF HOMELAND SECURITY

DEPARTMENT OF HOMELAND SECURITY DEPARTMENT OF HOMELAND SECURITY Funding Highlights: Provides $39.5 billion, a decrease of 0.5 percent or $191 million, below the 2012 enacted level. The Budget continues strong investments in core homeland

More information

How to use the National Cybersecurity Workforce Framework. Your Implementation Guide

How to use the National Cybersecurity Workforce Framework. Your Implementation Guide How to use the National Cybersecurity Workforce Framework Your Implementation Guide A NATIONAL PROBLEM The Nation needs greater cybersecurity awareness. The US workforce lacks cybersecurity experts. Many

More information

CyberSkills Management Support Initiative

CyberSkills Management Support Initiative CyberSkills Management Support Initiative GROWING THE PIPELINE FOR CYBERTALENT THROUGH VOLUNTEER OPPORTUNITIES November 6, 2014 November 6, 2014 Background In June 2012, Secretary Napolitano announced

More information

Outline. Who conducts research related to CIIP in the U.S.? Universities. What is Critical Information Infrastructure? Who sponsors this research?

Outline. Who conducts research related to CIIP in the U.S.? Universities. What is Critical Information Infrastructure? Who sponsors this research? Critical Information Infrastructure Research in the U.S. An informal status report The 2nd US-Japan Experts Workshop on Critical Information Infrastructure Protection (CIIP) Tokyo, Japan Outline Definitions,

More information

Table of Contents CYBER SECURITY STRATEGIC PLAN VERSION 1.0

Table of Contents CYBER SECURITY STRATEGIC PLAN VERSION 1.0 U.S DEPARTMENT OF ENERGY CYBER SECURITY PROGRAM CYBER SECURITY STRATEGIC PLAN FEBRUARY 12, 2007 Table of Contents INTRODUCTION... 4 CYBER SECURITY STRATEGY OVERVIEW... 5 CYBER SECURITY VISION AND MISSION...

More information

Domestic Nuclear Detection Office (DNDO) The Challenges of Using PRA for National Security Risk Assessments?

Domestic Nuclear Detection Office (DNDO) The Challenges of Using PRA for National Security Risk Assessments? Domestic Nuclear Detection Office (DNDO) The Challenges of Using PRA for National Security Risk Assessments? Michele DeCroix, Ph.D. Risk Analysis Branch Chief Domestic Nuclear Detection Office Department

More information

Mike Smart Cyber Strategist & Enterprise Security Solutions, EMEA. Cyber: The Catalyst to Transform the Security Program

Mike Smart Cyber Strategist & Enterprise Security Solutions, EMEA. Cyber: The Catalyst to Transform the Security Program Cyber: The Catalyst to Transform the Security Program Mike Smart Cyber Strategist & Enterprise Security Solutions, EMEA A Common Language? Hyper Connected World Rapid IT Evolution Agile Targeted Threat

More information

Cybersecurity The role of Internal Audit

Cybersecurity The role of Internal Audit Cybersecurity The role of Internal Audit Cyber risk High on the agenda Audit committees and board members are seeing cybersecurity as a top risk, underscored by recent headlines and increased government

More information

Action Plan 2010-2015 for Canada s Cyber Security Strategy

Action Plan 2010-2015 for Canada s Cyber Security Strategy Action Plan -2015 for Canada s Cyber Security Strategy Her Majesty the Queen in Right of Canada, 2013 Cat: PS9-1/2013E-PDF ISBN: 978-1-100-21895-3 ii Introduction Information technology is highly integrated

More information

EEI Business Continuity. Threat Scenario Project (TSP) April 4, 2012. EEI Threat Scenario Project

EEI Business Continuity. Threat Scenario Project (TSP) April 4, 2012. EEI Threat Scenario Project EEI Business Continuity Conference Threat Scenario (TSP) April 4, 2012 EEI Threat Scenario 1 Background EEI, working with a group of CIOs and Subject Matter Experts, conducted a survey with member companies

More information

NIST Cyber Security Activities

NIST Cyber Security Activities NIST Cyber Security Activities Dr. Alicia Clay Deputy Chief, Computer Security Division NIST Information Technology Laboratory U.S. Department of Commerce September 29, 2004 1 Computer Security Division

More information

Healthcare Cybersecurity Perspectives from the Michigan Healthcare Cybersecurity Council

Healthcare Cybersecurity Perspectives from the Michigan Healthcare Cybersecurity Council Healthcare Cybersecurity Perspectives from the Michigan Healthcare Cybersecurity Council Presented by Doug Copley, Chairman Michigan Healthcare Cybersecurity Council Mr. Chairman and Committee Members,

More information

Subject: Critical Infrastructure Identification, Prioritization, and Protection

Subject: Critical Infrastructure Identification, Prioritization, and Protection For Immediate Release Office of the Press Secretary The White House December 17, 2003 Homeland Security Presidential Directive / HSPD-7 Subject: Critical Infrastructure Identification, Prioritization,

More information

NCCIC CYBER INCIDENT SCORING SYSTEM OVERVIEW

NCCIC CYBER INCIDENT SCORING SYSTEM OVERVIEW NCCIC CYBER INCIDENT SCORING SYSTEM OVERVIEW Many incident taxonomies and classification schemes provide excellent guidance within the scope of a single enterprise s security operations center (SOC). However,

More information

Cybersecurity Audit Why are we still Vulnerable? November 30, 2015

Cybersecurity Audit Why are we still Vulnerable? November 30, 2015 Cybersecurity Audit Why are we still Vulnerable? November 30, 2015 John R. Robles, CISA, CISM, CRISC www.johnrrobles.com jrobles@coqui.net 787-647-3961 John R. Robles- 787-647-3961 1 9/11-2001 The event

More information

Department of Homeland Security DHS Directives System Directive Number: 066-01 Revision Number: 00 Issue Date: 07/25/2008 SAFETY AND HEALTH PROGRAMS

Department of Homeland Security DHS Directives System Directive Number: 066-01 Revision Number: 00 Issue Date: 07/25/2008 SAFETY AND HEALTH PROGRAMS Department of Homeland Security DHS Directives System Directive Number: 066-01 Revision Number: 00 Issue Date: 07/25/2008 SAFETY AND HEALTH PROGRAMS I. Purpose This Directive establishes the Department

More information

Small Business. Leveraging SBA IT resources to support America s small businesses

Small Business. Leveraging SBA IT resources to support America s small businesses Small Business Administration Information Technology Strategic Plan ( ITSP) 2012-2016 Leveraging SBA IT resources to support America s small businesses Message from the Chief Information Officer The Small

More information