The Cybersecurity Executive Order

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "The Cybersecurity Executive Order"

Transcription

1 The Cybersecurity Executive Order Exploiting Emerging Cyber Technologies and Practices for Collaborative Success by Mike McConnell Sedar Labarre David Sulek Marcia McGowan

2

3 The Cybersecurity Executive Order Exploiting Emerging Cyber Technologies and Practices for Collaborative Success Executive Order (EO) 13636, Improving Critical Infrastructure Cybersecurity, calls for government to collaborate more closely with critical infrastructure owners and operators to strengthen cybersecurity, particularly by sharing information about cyber threats and jointly developing a framework of cybersecurity standards and best practices. Elements of the framework may later be incorporated into government regulations or voluntarily adopted by industry. Many owners and operators recognize the value of these efforts but worry that the EO will result in burdensome regulation rather than strengthened security. They are cautiously supportive, waiting to see how the EO will differ from previous efforts to improve governmentindustry collaboration. Others question if the EO goes far enough, suggesting cybersecurity legislation is required to make a difference. At Booz Allen Hamilton, we believe the EO offers reason for optimism. While it is true that the general concepts and goals of the EO are similar to earlier initiatives, such as the 1998 Presidential Decision Directive 63 and the 2003 Homeland Security Presidential Directive 7, cyber technologies and practices have evolved in significant ways since those directives were issued. For example, new continuous monitoring capabilities ensure that government and industry collect enormous amounts of data that enhance the value of information sharing. The development of powerful analytics makes that data even more valuable because of the potential insights that can be gleaned by sharing intelligence and data. In addition, cyber professionals have developed stronger cybersecurity skills and better understand how to exploit the accumulating threat and network data. And cyber experts have used their experience to identify cybersecurity best practices and create standards and maturity models that can be applied across critical infrastructure sectors. These changes offer government and industry opportunities to strengthen cybersecurity. We have identified five key steps for exploiting these new technologies and practices to achieve collaborative success: Establish flexible, risk-based cybersecurity standards of practice (such as a Cybersecurity Framework) that provide a foundation for measuring the growing maturity of an organization s security program Accelerate the adoption of continuous monitoring and data analytics Create an information sharing broker (or brokers) to help government and industry share threat information efficiently and effectively Revitalize the public-private partnership based on shared interests Explore and develop norms guiding the use of active cyber defense We don t discount the challenges of bringing together a diverse group of critical infrastructure stakeholders; however, we believe that emerging cyber technologies and capabilities have created opportunities for collaborative success that did not exist 15 years ago when government first initiated "whole-of-government" efforts similar to the EO. By building on their common interests, government and industry can build a partnership that grows and matures to counter cyber threats today and into the future. 1

4 Introduction Executive Order (EO) 13636, Improving Critical Infrastructure Cybersecurity, is designed to provide critical infrastructure owners and operators with assistance to address cyber threats and manage risks, but owners and operators are wary. Among its major goals, the EO calls for government to collaborate more closely with industry by sharing information about cyber threats and jointly developing a framework of cybersecurity standards and best practices. Elements of the framework may later be incorporated into government regulations or voluntarily adopted by industry. Owners and operators recognize the value of public-private partnership, information sharing, and security practices, but many worry that the EO will result in burdensome regulation rather than strengthened security. Others regard the EO as offering little new over existing processes for governmentindustry collaboration, saying the order has raised but not resolved previous controversies surrounding how best to implement cybersecurity protections. Even supporters view the order as a modest first step that will require cybersecurity legislation and additional guidance to make progress. As a result, many are taking a wait-and-see approach before fully committing to the new EO. At Booz Allen, we believe there is much greater reason for optimism. While it is true that the general concepts and goals of the EO are similar to earlier initiatives, such as the 1998 Presidential Decision Directive 63 and the 2003 Homeland Security Presidential Directive 7 (HSPD-7), the cyber environment has evolved in significant ways since those directives were issued. For example, the rise and maturing of continuous monitoring and automated threat-detection capabilities mean that government and industry are now collecting enormous amounts of data that enhance the value of information sharing. The simultaneous development of powerful analytics makes that data even more valuable, because of the potential insights that government and industry can glean by sharing intelligence and data. At the same time, cyber professionals have developed stronger cybersecurity skills over the past decade and better understand how to exploit the accumulating threat and network data. They have also used their experience and skills to identify cybersecurity best practices and create standards and maturity models with many already in use by some critical infrastructure owners and operators that can now be used across the critical infrastructure sectors. Although many of the issues that previously hindered collaboration still remain, government and industry now have much greater incentive to find solutions because the potential value of collaboration is so much greater. We believe the EO can, in fact, provide a strong foundation for improving critical infrastructure cybersecurity. Finding the right balance in the proposed partnership and reaching agreement on new processes for information sharing, the cybersecurity framework, and other EO provisions will not be easy. The issues are admittedly complex, and disagreement persists among stakeholders. Nevertheless, we believe the EO can, in fact, provide a strong foundation for improving critical infrastructure cybersecurity if government and industry take advantage of new cyber technologies and practices that create opportunities for collaborative success. This viewpoint will examine how government and industry can use the EO to achieve their cybersecurity goals. The Cybersecurity Executive Order The White House issued the EO to counter growing threats to the nation s 16 critical infrastructure sectors from state and non-state actors, hacktivists, organized crime, extremists, and others. Repeated cyber intrusions into critical infrastructure demonstrate 2

5 the need for improved cybersecurity, the February 12 order states. The cyber threat to critical infrastructure continues to grow and represents one of the most serious national security challenges we must confront. The national and economic security of the United States depends on the reliable functioning of the Nation's critical infrastructure in the face of such threats. 1 One of the EO s main goals is to improve government information sharing with critical infrastructure owners and operators regarding cyber threats, including attack signatures and other technical data. The EO directs the US Department of Homeland Security (DHS), the Department of Justice, and the Office of the Director of National Intelligence to produce and share unclassified and classified cyber threat reports that identify specific targeted and victim entities. DHS will expand the Enhanced Cyber Security Initiative to all critical infrastructure sectors, thereby making classified cyber threat data and technical information available to eligible critical infrastructure owners and operators. DHS will also expand programs that provide security clearances to private sector employees of critical infrastructure and bring private sector subject matter experts into the US federal government. Another major goal is to develop a Cybersecurity Framework of standards and best practices for reducing risk to critical infrastructure. Under the EO, the National Institute of Standards and Technology (NIST) will work with the Sector-Specific Agencies (SSAs), Sector Coordinating Councils (SCCs), and other stakeholders to develop the Cybersecurity Framework. NIST officials want owners and operators to actively participate in this process. The EO also calls for DHS to establish a voluntary program for framework adoption by owners and operators. As part of this program, the SSAs will work with their respective SCCs to review the Cybersecurity Framework and develop implementation guidance to support its voluntary adoption. DHS will use a similar consultative process to identify the high-priority critical infrastructure using a risk-based approach. Finally, DHS and the US Departments of Treasury and Commerce will recommend incentives to promote industry s participation in these efforts. Overall, the EO emphasizes the importance of government-industry collaboration in protecting critical assets, systems, networks, and functions from cyber attacks, stating, We can achieve these goals through a partnership with the owners and operators of critical infrastructure to improve cybersecurity information sharing and collaboratively develop and implement riskbased standards. 2 In tandem with the EO, the White House issued the complementary Presidential Policy Directive 21 (PPD- 21) on Critical Infrastructure Security and Resilience, which replaces HSPD-7. The EO and PPD-21 contain ambitious milestones for implementing the planned cybersecurity initiatives. For example, within 120 days, DHS and other named agencies must recommend 1 Executive Order 13636, Improving Critical Infrastructure Cybersecurity, February 12, 2013, Section 1, Policy. 2 Executive Order 13636, Section 1, Policy. 3

6 incentives for obtaining the private sector s voluntary participation in the Critical Infrastructure Cybersecurity Program and adoption of cybersecurity practices. Within 180 days, agencies must develop the baseline data and system requirements for a framework to facilitate information exchange among government agencies and critical infrastructure owners and operators. NIST must develop a preliminary Cybersecurity Framework within 240 days, and a final framework within a year. The chief challenge facing government and industry is finding common ground to achieve meaningful results in such short timeframes. On the industry side, owners and operators are concerned that the government will create and then impose a one-size-fits-all Cybersecurity Framework. Many prefer instead that each sector develop for itself the strategy and techniques best suited to its unique business model and requirements. Moreover, some sectors have already put in place rigorous controls and they worry about getting locked into a framework that complicates rather than enhances security. But while industry wants to proceed with caution, government is pressed to move quickly to meet established deadlines. Consequently, given the complexity of the issues and the many differing voices regarding how best to proceed, the danger is that government and industry will settle on solutions that do little to change the status quo or substantially improve cybersecurity in order to keep activities progressing toward fast-approaching deadlines. The Changing Cyber Landscape Many of industry s questions and concerns are the same as those that hindered previous efforts to forge a stronger government-industry partnership. Although the essential issues have not changed, the cyber environment in which government and industry operate has changed in important ways. These changes create new opportunities for meaningful collaboration: Continuous Monitoring. Continuous monitoring uses powerful algorithms to constantly scan for anomalies, analyze them, and then communicate them through automatic, immediate warnings and alerts. By removing the human element, the automatic warnings significantly improve the 4

7 speed and effectiveness of responses and provide decision-makers with information on the current health of their networks, effectiveness of certain controls, and areas of risk. In addition, near real-time monitoring of the threat environment is enabling organizations to predict and prevent attacks. Such processes are generating enormous amounts of data about threats, vulnerabilities, and other network activities that could provide significant value if it were shared and then combined and analyzed with other data within sectors, across sectors, and across government. Data Analytics. Powerful analytical tools not only enable organizations to conduct continuous monitoring of their own activities, but they also enable them to sift through volumes of open source data to uncover timely insights. For example, intelligence tools can quickly analyze global news sources, social media feeds, malicious databases, etc., to enhance situational awareness and identify rising threats, attack vectors, trends, and other valuable information. In addition, sophisticated text analytics, sentiment analysis, and language processing technologies can provide insight into an organization s own unique environment and help prioritize response activities before threats escalate. And using modern computational capabilities, organizations can scale their analytic processes beyond their own network data to include nearly limitless amounts of threat data gathered by partner organizations in government and industry. The data generated through continuous monitoring and data analytics provide a powerful incentive for information sharing and collaboration. Cybersecurity Human Capital Skills. Data and data analytics are much more valuable today because the cyber professionals who work with the data are so much smarter. Cyber experts have greater knowledge and expertise in analyzing network data, spotting trends, and developing analytic programs and tools than they did a decade ago. And, this trend is predicted to continue. A recent study found that information security is a stable and growing profession [and] the number of professionals is projected to continuously grow more than 11 percent annually over the next five years. 3 Cyber professionals develop skills across multiple systems and environments, and work together in cybersecurity communities and associations to identify needed skills, share best practices, and promote the highest standards of training and certification. Their skills enhance the value of collaboration. Cybersecurity Maturity Models. Just as cybersecurity human capital skills have improved, so too have the models and approaches that organizations use to protect their networks and systems and manage risk. Organizations and sectors are beginning to embrace cyber risk management approaches that allow organizations to ascertain the maturity of an enterprise's security posture within the context of the business and, in some cases, across the dimensions of people, process, and technology. New risk-based models in both government and industry provide proven frameworks for measuring, managing, and systematically maturing cybersecurity, helping organizations to allocate cyber resources efficiently while continuously improving security. Proven maturity models now exist to inform the planned Cybersecurity Framework. Keys to Success These four changes, along with related developments within the cyber environment, have important implications for strengthening critical infrastructure cybersecurity. They not only enhance the potential benefits of industry-government collaboration in sharing information, creating a Cybersecurity Framework, and other EO activities, but they also make 3 Frost & Sullivan and Booz Allen Hamilton, The 2013 (ISC)2 Global Information Security Workforce Study, p. 3. 5

8 those benefits easier to obtain. Equally important, an understanding of these changes provides insight into how government and industry can work together to implement the EO and improve cybersecurity. These actions are key to collaborative success: 1. Establish flexible, risk-based cybersecurity standards of practice (e.g., Cybersecurity Framework) that provide a foundation for measuring the growing maturity of an organization s security program. The standards of practice should be flexible to guide strategy and approach rather than prescribing specific technologies and solutions. This will give owners and operators the flexibility to adopt measures that best suit their sectors and business imperatives, as well as the agility to adjust quickly to evolving threats, vulnerabilities, and risks. The standards of practice should be risk-based to guide the effective allocation of resources. It is impossible for organizations to protect all assets, systems, and functions, particularly when the threat landscape is constantly evolving. Consequently, rather than relying solely on checklists of required technologies or references to national and international standards, a risk-based approach will be informed by business priorities and tied to overall enterprise risk. And, they will use quantitative measures and controls to assess risk and allocate resources proactively to mitigate that risk. A risk-based approach also supports a maturitybased framework that defines the expected security practices for a given maturity level. This enables managers to readily ascertain the maturity of an enterprise s cybersecurity posture across the dimensions of people, processes, and technology, and then to develop custom-tailored solutions to improve maturity and mitigate risk. Additionally, a risk-based approach lends itself to repeatable measures, thus enabling the organizations to assess the effectiveness of current security controls against identified threats (again, across multiple dimensions) as they relate to business goals, objectives, and risk tolerance. In addition to being flexible and adaptive to the individual requirements of each sector, the new standards of practice should also be broad enough to incorporate the entire cyber ecosystem, thus recognizing the wider connections among the public-, private-, and civil communities within the ecosystem. In this way, the risk-based approach will include enterprise-wide, sector-wide, and ecosystem risks, as opposed to traditional models that focus narrowly on system risks. Finally, the standards of practice can provide a foundation for developing agreed-upon international cybersecurity standards, which would eliminate duplicative and conflicting requirements across multiple countries. Overall, the standards of practice embody a common understanding of risk from the perspective of multiple stakeholders and provide a basis for determining how effectively a cybersecurity program is protecting the business, as opposed to merely protecting information technology systems. The standards of practice can provide a foundation for developing agreed-upon international cybersecurity standards, which would eliminate duplicative and conflicting requirements across multiple countries. A focus on risk will also help organizations visualize and prepare for the full spectrum of cyber threats. It enables organizations to respond with agility to changing threats and incorporate new strategies, technologies, and approaches into the framework. Moreover, a framework of standards of practice will have the ability to learn and adapt to an evolving cyber landscape. In this way, the 6

9 community avoids both a one-size-fits-all approach and a strict regulatory regime, which tends to create a focus on checklists and compliance rather than genuine security. 2. Accelerate the adoption of continuous monitoring and data analytics. Government and industry already have access to enormous amounts of data related to the protection of critical infrastructure, but they currently lack the capability to fully process and analyze this data to address complex cybersecurity challenges. Organizations can improve their analytic capabilities by tapping into emerging cloud-based analytics. Such capabilities would enhance significantly the value of information sharing among stakeholders because they would be able to quickly analyze data and respond to threats. Similarly, continuous monitoring capabilities would generate even more data regarding the health of networks within a sector and rapid responses based on data, as opposed to fear or premonitions about potential threats. While it is true that an individual sector could create these capabilities on its own, sharing capabilities and information across sectors, as well as across government agencies, provides much greater value. This is the goal that government and industry should be striving for, and federal initiatives such as the Big Data Research and Development Initiative, Digital Government Strategy, and the Cloud First Strategy directly support a movement in this direction. Agencies that have embraced these efforts are building the capacity to more effectively monitor their networks and exploit cybersecurity data. 3. Create an information-sharing broker (or brokers). Both government and industry need help sharing information efficiently and effectively. The owners and operators want data that can help them address their cybersecurity challenges, but they do not have the resources to sift through mountains of information unrelated to the threats they face. They need information that is delivered in a way that helps them understand why the information is relevant to businesses within their sector and how they can use it. However, the government agencies that collect this information do not have the resources to create this context that is, address these questions for each stakeholder. An information broker could provide these services for both government and industry. An information broker could take many forms and serve a number of essential functions. For example, the broker could serve as a trusted aggregator of threat data with the expertise to address privacy, security, and other issues that often hinder data sharing. It could also provide risk ratings, evaluating the level of risk that a reported threat posed to the company (or sector) receiving the report. Such a broker would refine and sharpen data to reduce substantially the friction in data sharing processes, thus making the data easier for government to share and more valuable for industry to receive. And because the information-sharing 7

10 government and industry have a shared interest in ensuring that networks are up and running at all times. All agree on the value of continuous monitoring in protecting networks and on the value of sharing threat data derived from continuous monitoring and other sources. Most would probably agree on the value of creating a robust framework that could be applied consistently across all sectors. These and other shared interests provide opportunities for collaboration and leadership. broker is focused on providing this service, it would continuously improve its own capabilities and the value of the data as it flows between government and industry. 4. Revitalize the public-private partnership based on shared interests. When issuing the EO, the White House said, The Executive Order strengthens the US Government s partnership with critical infrastructure owners and operators to address cyber threats. 4 However, many in industry are skeptical of the term partnership, uncertain of its precise meaning and wary of its implications for moving forward. Consequently, government and industry should use the EO and PPD-21 as an opportunity to clearly define roles, responsibilities, and processes for collaboration among major stakeholders. The starting place is finding common ground. Too often, discussions focus on the unique requirements or issues separating stakeholders, and they lose sight of the overlapping vital interests that have brought them together. For example, both An approach that focuses on common interests also helps to shape the adoption of key components of the EO. For example, in developing a Cybersecurity Framework, government and industry will want to create a framework at a high enough conceptual level to address the requirements of all sectors. Moreover, the framework must be flexible to adapt to both a changing cyber environment and a more mature understanding of common interests. This approach also suggests that the current partnership model should be expanded to include the civil sector that is, cyber and risk management experts from academia, think tanks, and others among the general public because government and industry also have shared interests with the civil sector. The civil society has always played an important role in developing and shaping the Internet, and its members can contribute many useful ideas, as well as valuable data and intelligence necessary to predict, prevent, and respond to cyber threats. By viewing the cyber ecosystem as a collection of communities, rather than a limited number of sectors, the EO can strengthen both the partnership among stakeholders and the security of critical infrastructure. In fact, this is how cyber adversaries come together and operate: As communities with similar interests that share tactics and resources. A strong publicprivate-civil sector partnership can build an effective network to defeat the adversary's network. 4 Office of the Press Secretary, Executive Order on Improving Critical Infrastructure Cybersecurity, February 12,

11 Each partner, through data analytics and continuous monitoring, has richer data to inform collaborative efforts and determine what needs to be done to address systemic risks, which have the potential to adversely impact all. A new type of leadership is needed to galvanize strategic connectivity and unity of effort among these diverse partners. The National Preparedness Leadership Initiative (NPLI) at Harvard developed a framework and practice around "metaleadership," which offers insight into the leadership skills required to foster collaboration among interdependent entities in the pursuit of shared goals. NPLI characterizes meta-leaders as those who lead advances down into their own group, but who also lead up to gain their leaders support. Although team players, meta-leaders are not afraid to speak truth to power, if necessary, to those more senior. They also lead across agencies, extending their influence among stakeholder organizations, and they develop situational awareness to create a path forward, often in the face of incomplete information. Meta-leaders think beyond personal, bureaucratic, or business interests to achieve a higher purpose. They recognize that optimizing effectiveness and achieving high performance demand a spirit of collaboration, combined with tangible mechanisms that activate collaboration and partnership. Meta-leaders think beyond personal, bureaucratic, or business interests to achieve a higher purpose. infrastructure cybersecurity. And these efforts will, in turn, strengthen the partnership. 5. Explore and develop norms guiding the use of active cyber defense. Private sector organizations are developing the capability to identify more precisely the source of cyber attacks using honey pots to attract and study threats and advanced forensics to track down attackers. The ability to identify attackers provides an opportunity for organizations to go beyond simply preventing or deterring attacks to actually striking back at an attacker s networks and systems. An organization might engage in active cyber defense through collective action with other sector members or by turning to other communities of interest to address the threat. Such action might be especially tempting if the government were seen as unable or unwilling to protect the organization. The concept and potential use of active cyber defense is another area of compelling shared interest between government and industry. Employing active cyber defenses against attackers is already being widely discussed among cybersecurity professionals as an option, given the severity of the threats and the risks they pose. However, such activities could create a Wild West environment of vigilantism, attacks on innocent parties, and escalating attacks that draw the US government into conflict, potentially beyond cyberspace. Consequently, as government and industry collaborate on sharing information and building security frameworks, they also should address this emerging area of cyber policy and strategy. A partnership forged on shared interests and guided by meta-leadership will create a stronger Cybersecurity Framework, develop more effective information sharing processes, and implement more meaningful changes to strengthen critical 9

12 Conclusion We are optimistic that the United States can strengthen critical infrastructure cybersecurity through a government-industry partnership that builds a robust Cybersecurity Framework, shares threat data, and collaborates on achieving national cyber goals. Although we don t discount the challenges of bringing together such large and diverse groups of stakeholders, we believe that emerging cyber technologies and capabilities have created opportunities for success that did not exist 15 years ago when government first initiated "whole of government" efforts similar to the EO. In particular, continuous monitoring, data analytics, a more expert cybersecurity workforce, and a maturing of cybersecurity standards and models provide a much stronger foundation for collaboration. The potential gains resulting from partnership are significantly greater; and, if efforts fail, the potential damage to the nation s economy and security is significantly greater as well. These two facts provide compelling incentive for stakeholders to work together to improve critical infrastructure cybersecurity. By building on their common interests, government and industry can create a partnership that grows and matures to counter cyber threats today and into the future. 10

13 11

14 Contact Information Mike McConnell Vice Chairman Sedar Labarre Principal David Sulek Principal Marcia McGowan Senior Associate

15 About Booz Allen Booz Allen Hamilton has been at the forefront of strategy and technology consulting for nearly a century. Today, Booz Allen is a leading provider of management and technology consulting services to the US government in defense, intelligence, and civil markets, and to major corporations, institutions, and not-for-profit organizations. In the commercial sector, the firm focuses on leveraging its existing expertise for clients in the financial services, healthcare, and energy markets, and to international clients in the Middle East. Booz Allen offers clients deep functional knowledge spanning strategy and organization, engineering and operations, technology, and analytics which it combines with specialized expertise in clients mission and domain areas to help solve their toughest problems. The firm s management consulting heritage is the basis for its unique collaborative culture and operating model, enabling Booz Allen to anticipate needs and opportunities, rapidly deploy talent and resources, and deliver enduring results. By combining a consultant s problem-solving orientation with deep technical knowledge and strong execution, Booz Allen helps clients achieve success in their most critical missions as evidenced by the firm s many client relationships that span decades. Booz Allen helps shape thinking and prepare for future developments in areas of national importance, including cybersecurity, homeland security, healthcare, and information technology. Booz Allen is headquartered in McLean, Virginia, employs approximately 25,000 people, and had revenue of $5.86 billion for the 12 months ended March 31, For over a decade, Booz Allen s high standing as a business and an employer has been recognized by dozens of organizations and publications, including Fortune, Working Mother, G.I. Jobs, and DiversityInc. More information is available at (NYSE: BAH) To learn more about the firm and to download digital versions of this article and other Booz Allen Hamilton publications, visit 13

16 Principal Offices Huntsville, Alabama Montgomery, Alabama Sierra Vista, Arizona Los Angeles, California San Diego, California San Francisco, California Colorado Springs, Colorado Denver, Colorado District of Columbia Pensacola, Florida Sarasota, Florida Tampa, Florida Atlanta, Georgia Honolulu, Hawaii O Fallon, Illinois Indianapolis, Indiana Leavenworth, Kansas Radcliff, Kentucky Aberdeen, Maryland Annapolis Junction, Maryland Lexington Park, Maryland Linthicum, Maryland Rockville, Maryland Troy, Michigan Kansas City, Missouri Omaha, Nebraska Red Bank, New Jersey New York, New York Rome, New York Fayetteville, North Carolina Cleveland, Ohio Dayton, Ohio Philadelphia, Pennsylvania Charleston, South Carolina Houston, Texas San Antonio, Texas Abu Dhabi, United Arab Emirates Alexandria, Virginia Arlington, Virginia Chantilly, Virginia Charlottesville, Virginia Falls Church, Virginia Herndon, Virginia McLean, Virginia Norfolk, Virginia Stafford, Virginia Seattle, Washington The most complete, recent list of offices and their addresses and telephone numbers can be found on Booz Allen Hamilton Inc. BA13-051

Utilizing and Visualizing Geolocation Data for Powerful Analysis

Utilizing and Visualizing Geolocation Data for Powerful Analysis Utilizing and Visualizing Geolocation Data for Powerful Analysis by Walton Smith smith_walton@bah.com Timothy Ferro ferro_timothy@bah.com Table of Contents Introduction... 1 Delivering Geolocation Data

More information

Analytical Program Management

Analytical Program Management Analytical Program Management Integrating Cost, Schedule, and Risk MISSION Analytical Program Management Integrating Cost, Schedule, and Risk Analytical Program Management 1 One of the greatest challenges

More information

Supply Chain Data Standards in Healthcare

Supply Chain Data Standards in Healthcare Supply Chain Data Standards in Healthcare by Michael Zirkle zirkle_michael@bah.com Ryan Gallagher gallagher_ryan_b@bah.com Seth Rogier rogier_seth@bah.com Table of Contents Making Healthcare Safer and

More information

Ascent to the Cloud. Four Focus Areas for a Successful Enterprise Migration. by Michael Farber farber_michael@bah.com

Ascent to the Cloud. Four Focus Areas for a Successful Enterprise Migration. by Michael Farber farber_michael@bah.com Ascent to the Cloud Four Focus Areas for a Successful Enterprise Migration by Michael Farber farber_michael@bah.com Kevin Winter winter_kevin@bah.com Munjeet Singh singh_munjeet@bah.com Ascent to the

More information

Engaging Mobility in the Oil and Gas Sector

Engaging Mobility in the Oil and Gas Sector Engaging Mobility in the Oil and Gas Sector Engaging Mobility in the Oil and Gas Sector To open a dialogue about the impact of rapid mobile adoption in the energy industry, Booz Allen Hamilton, Bitzer

More information

The Social Financial Advisor: A Path Forward

The Social Financial Advisor: A Path Forward The Social Financial Advisor: A Path Forward Take the Right Route to Using Social Media by Chris Estes estes_chris@bah.com Todd Inskeep inskeep_todd@bah.com Getting Social Is It Time for Advisors to Face

More information

by Christopher P. Bell bell_christopher_p@bah.com Elizabeth Conjar conjar_elizabeth@bah.com

by Christopher P. Bell bell_christopher_p@bah.com Elizabeth Conjar conjar_elizabeth@bah.com Organizational Network Analysis Improving Intelligence and Information Sharing Capability among Homeland Security and Emergency Management Stakeholders by Christopher P. Bell bell_christopher_p@bah.com

More information

Realizing the Promise of Health Information Exchange

Realizing the Promise of Health Information Exchange Realizing the Promise of Health Information Exchange by Timathie Leslie Leslie_Timathie@bah.com Realizing the Promise of Health Information Exchange Health information exchange (HIE) the electronic movement

More information

Meeting the Challenges of the Modern CIO

Meeting the Challenges of the Modern CIO Meeting the Challenges of the Modern CIO by Darrin London, PMP london_darrin@bah.com Daniel E. Williams, PMP williams_daniel_2@bah.com Table of Contents Introduction...1 Challenges Faced by the Modern

More information

Managing Risk in Global ICT Supply Chains

Managing Risk in Global ICT Supply Chains Managing Risk in Global ICT Supply Chains Best Practices and Standards for Acquiring ICT Ready for what s next. Managing Risk in Global ICT Supply Chains Emerging best practices and standards can significantly

More information

Cyber ROI. A practical approach to quantifying the financial benefits of cybersecurity

Cyber ROI. A practical approach to quantifying the financial benefits of cybersecurity Cyber ROI A practical approach to quantifying the financial benefits of cybersecurity Cyber Investment Challenges In 2015, global cybersecurity spending is expected to reach an all-time high of $76.9

More information

Realizing the Promise of Health Information Exchange

Realizing the Promise of Health Information Exchange Realizing the Promise of Health Information Exchange Realizing the Promise of Health Information Exchange Health information exchange (HIE) the electronic movement of health-related information among organizations

More information

Harness the Power ooz Allen Cyber. Booz Allen Cyber Solutions Network

Harness the Power ooz Allen Cyber. Booz Allen Cyber Solutions Network Harness the Power ooz Allen Cyber Booz Allen Cyber Solutions Network Introduction The Client Challenge Backed by the power of the Internet, organizations are more intelligent, more efficient, and more

More information

Enabling Cloud Analytics with Data-Level Security

Enabling Cloud Analytics with Data-Level Security Enabling Cloud Analytics with Data-Level Security Tapping the Full Value of Big Data and the Cloud by Jason Escaravage escaravage_jason@bah.com Peter Guerra guerra_peter@bah.com Table of Contents Introduction...

More information

Cyber Solutions Handbook

Cyber Solutions Handbook Cyber Solutions Handbook Making Sense of Standards and Frameworks by Matthew Doan doan_matthew@bah.com Ian Bramson bramson_ian@bah.com Laura Eise eise_laura@bah.com Cyber Solutions Handbook Making Sense

More information

Developing a Business Case for Cloud

Developing a Business Case for Cloud Developing a Business Case for Cloud Analyzing Return on Investment for Cloud Alternatives May Yield Surprising Results by Paul Ingholt ingholt_paul@bah.com Cynthia O Brien o brien_cynthia@bah.com John

More information

CYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS

CYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS CYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS PREPARING FOR ADVANCED CYBER THREATS Cyber attacks are evolving faster than organizations

More information

Effectiveness and Efficiency

Effectiveness and Efficiency Effectiveness and Efficiency Lessons for Building and Managing a Culture of Performance by Dave Mader mader_dave@bah.com Jay Dodd dodd_ joseph@bah.com Tom Miller miller_tom@bah.com Douglas Schlemmer schlemmer_douglas@bah.com

More information

Turning Big Data into Opportunity

Turning Big Data into Opportunity Turning Big Data into Opportunity The Data Lake by Mark Herman herman_mark@bah.com Michael Delurey delurey_mike@bah.com Table of Contents Introduction... 1 A New Mindset... 1 Ingesting Data into the Data

More information

Data Lake-based Approaches to Regulatory- Driven Technology Challenges

Data Lake-based Approaches to Regulatory- Driven Technology Challenges Data Lake-based Approaches to Regulatory- Driven Technology Challenges How a Data Lake Approach Improves Accuracy and Cost Effectiveness in the Extract, Transform, and Load Process for Business and Regulatory

More information

Cybersecurity: Mission integration to protect your assets

Cybersecurity: Mission integration to protect your assets Cybersecurity: Mission integration to protect your assets C Y B E R S O L U T I O N S P O L I C Y O P E R AT I O N S P E O P L E T E C H N O L O G Y M A N A G E M E N T Ready for what s next Cyber solutions

More information

Miles to Go Before They're Green

Miles to Go Before They're Green Miles to Go Before They're Green Reducing Surface Transportation Greenhouse Gas Emissions Through a Regional Performance-Based Framework by Gary Rahl Rahl_Gary@bah.com David Erne Erne_David@bah.com Victoria

More information

Strategic Information Management Through Data Classification Reducing Corporate Risk and Cost by Gaining Control of Business Information Assets

Strategic Information Management Through Data Classification Reducing Corporate Risk and Cost by Gaining Control of Business Information Assets Strategic Information Management Through Data Classification Reducing Corporate Risk and Cost by Gaining Control of Business Information Assets by Glen Day day_glen@bah.com Strategic Information Management

More information

Booz Allen Cloud Solutions. Our Capability-Based Approach

Booz Allen Cloud Solutions. Our Capability-Based Approach Booz Allen Cloud Solutions Our Capability-Based Approach Booz Allen Cloud Solutions Our Capability-Based Approach Booz Allen Cloud Solutions Our Capability-Based Approach In today s budget-conscious environment,

More information

Integrating IT Service Management Practices into the Defense Acquisition Lifecycle

Integrating IT Service Management Practices into the Defense Acquisition Lifecycle Integrating IT Service Management Practices into the Defense Acquisition Lifecycle by Francis Arambulo arambulo_francis@bah.com Michael Thompson thompson_michael_p@bah.com Table of Contents Introduction...1

More information

Overcoming Deployment Challenges for Financial Crimes Platforms

Overcoming Deployment Challenges for Financial Crimes Platforms Overcoming Deployment Challenges for Financial Crimes Platforms by Brian Stoeckert stoeckert_brian@bah.com James Flowe flowe_james@bah.com Contents Introduction...1 Fragmented Approach to Fraud Prevention...1

More information

Security Authorization

Security Authorization Security Authorization An Approach for Community Cloud Computing Environments by Perry Bryden bryden_perry@bah.com Daniel C. Kirkpatrick kirkpatrick_daniel@bah.com Farideh Moghadami moghadami_farideh@bah.com

More information

Cultural Analytics: Assessing Readiness for Shared Services. By Kathryn Kienast and Robin Rudy

Cultural Analytics: Assessing Readiness for Shared Services. By Kathryn Kienast and Robin Rudy Cultural Analytics: Assessing Readiness for Shared Services By Kathryn Kienast and Robin Rudy Table of Contents The Challenge.... 2 Measuring Organizational Culture and Readiness for Change.... 5 The

More information

Developing the Acquisition Workforce of Tomorrow. Data-Driven Talent Management

Developing the Acquisition Workforce of Tomorrow. Data-Driven Talent Management Developing the Acquisition Workforce of Tomorrow Data-Driven Talent Management The Changing Federal Acquisition Environment A Demand for Effectiveness and Efficiency in an Increasingly Complex World Federal

More information

by Keith Catanzano catanzano_keith@bah.com

by Keith Catanzano catanzano_keith@bah.com Enhanced Training for a 21st-Century Military A convergence of new technologies and advanced learning techniques will help the military meet its growing training requirements, despite budget constraints

More information

Cyber4sight TM Threat. Anticipatory and Actionable Intelligence to Fight Advanced Cyber Threats

Cyber4sight TM Threat. Anticipatory and Actionable Intelligence to Fight Advanced Cyber Threats Cyber4sight TM Threat Intelligence Services Anticipatory and Actionable Intelligence to Fight Advanced Cyber Threats Preparing for Advanced Cyber Threats Cyber attacks are evolving faster than organizations

More information

Overcoming Deployment Challenges for Financial Crimes Platforms

Overcoming Deployment Challenges for Financial Crimes Platforms Overcoming Deployment Challenges for Financial Crimes Platforms Convergent Risk Management for Financial Institutions Ready for what s next. Contents Introduction 1 Fragmented Approach to Fraud Prevention

More information

The Comprehensive National Cybersecurity Initiative

The Comprehensive National Cybersecurity Initiative The Comprehensive National Cybersecurity Initiative President Obama has identified cybersecurity as one of the most serious economic and national security challenges we face as a nation, but one that we

More information

Information Security Governance

Information Security Governance Information Governance Government Considerations for the Cloud Computing Environment by Jamie Miller miller_jamie@bah.com Larry Candler candler_larry@bah.com Hannah Wald wald_hannah@bah.com Table of Contents

More information

Confronting Complexity in Managing a Cyber Crisis Lessons Learned for Responding at Network Speed

Confronting Complexity in Managing a Cyber Crisis Lessons Learned for Responding at Network Speed Confronting Complexity in Managing a Cyber Crisis Lessons Learned for Responding at Network Speed by Admiral Mike McConnell, USN, Retired Senior Executive Advisor, Former Vice Chairman Former Director

More information

SOCIAL MEDIA LISTENING AND ANALYSIS Spring 2014

SOCIAL MEDIA LISTENING AND ANALYSIS Spring 2014 SOCIAL MEDIA LISTENING AND ANALYSIS Spring 2014 EXECUTIVE SUMMARY In this digital age, social media has quickly become one of the most important communication channels. The shift to online conversation

More information

Cyber Training. Developing the Next Generation of Cyber Analysts. Ready for what s next.

Cyber Training. Developing the Next Generation of Cyber Analysts. Ready for what s next. Cyber Training Developing the Next Generation of Cyber Analysts Ready for what s next. Table of Contents The Crisis Moment...1 The Cyber Skills Gap...1 Developing a World-Class Cyber Workforce...2 Emulating

More information

Middle Class Economics: Cybersecurity Updated August 7, 2015

Middle Class Economics: Cybersecurity Updated August 7, 2015 Middle Class Economics: Cybersecurity Updated August 7, 2015 The President's 2016 Budget is designed to bring middle class economics into the 21st Century. This Budget shows what we can do if we invest

More information

Fast Facts About The Cyber Security Job Market

Fast Facts About The Cyber Security Job Market Cybersecurity Cybersecurity is the measures taken to protect a computer or computer system (as on the Internet) against unauthorized access or attack. Cybersecurity is the faster growing IT job, growing

More information

Marshaling Data for Enterprise Insights A 10-Year Vision for the US Department of Homeland Security

Marshaling Data for Enterprise Insights A 10-Year Vision for the US Department of Homeland Security Marshaling Data for Enterprise Insights A 10-Year Vision for the US Department of Homeland Security Marshaling Data for Enterprise Insights A 10-Year Vision for the US Department of Homeland Security As

More information

Cybersecurity Enhancement Account. FY 2017 President s Budget

Cybersecurity Enhancement Account. FY 2017 President s Budget Cybersecurity Enhancement Account FY 2017 President s Budget February 9, 2016 Table of Contents Section 1 Purpose... 3 1A Mission Statement... 3 1.1 Appropriations Detail Table... 3 1B Vision, Priorities

More information

No. 33 February 19, 2013. The President

No. 33 February 19, 2013. The President Vol. 78 Tuesday, No. 33 February 19, 2013 Part III The President Executive Order 13636 Improving Critical Infrastructure Cybersecurity VerDate Mar2010 17:57 Feb 15, 2013 Jkt 229001 PO 00000 Frm 00001

More information

Integrating Cybersecurity with Emergency Operations Plans (EOPs) for K-12 Education

Integrating Cybersecurity with Emergency Operations Plans (EOPs) for K-12 Education Integrating Cybersecurity with Emergency Operations Plans (EOPs) for K-12 Education Amy Banks, U.S. Department of Education, Center for School Preparedness, Office of Safe and Healthy Students Hamed Negron-Perez,

More information

Mobile Application Security. Helping Organizations Develop a Secure and Effective Mobile Application Security Program

Mobile Application Security. Helping Organizations Develop a Secure and Effective Mobile Application Security Program Mobile Application Security Helping Organizations Develop a Secure and Effective Mobile Application Security Program by James Fox fox_james@bah.com Shahzad Zafar zafar_shahzad@bah.com Mobile applications

More information

The Dow Chemical Company. statement for the record. David E. Kepler. before

The Dow Chemical Company. statement for the record. David E. Kepler. before The Dow Chemical Company statement for the record of David E. Kepler Chief Sustainability Officer, Chief Information Officer, Business Services and Executive Vice President before The Senate Committee

More information

Cybersecurity and Corporate America: Finding Opportunities in the New Executive Order

Cybersecurity and Corporate America: Finding Opportunities in the New Executive Order Executive Order: In the President s State of the Union Address on February 12, 2013, he announced an Executive Order Improving Critical Infrastructure Cybersecurity (EO) to strengthen US cyber defenses

More information

NGA Paper. Act and Adjust: A Call to Action for Governors. for cybersecurity;

NGA Paper. Act and Adjust: A Call to Action for Governors. for cybersecurity; NGA Paper Act and Adjust: A Call to Action for Governors for Cybersecurity challenges facing the nation. Although implementing policies and practices that will make state systems and data more secure will

More information

SOCIAL MEDIA LISTENING AND ANALYSIS Spring 2014

SOCIAL MEDIA LISTENING AND ANALYSIS Spring 2014 SOCIAL MEDIA LISTENING AND ANALYSIS Spring 2014 Our Understanding The rise of social media has transformed the way citizens engage with their government. Each day, nearly 2 billion people talk about and

More information

Job Market Intelligence:

Job Market Intelligence: March 2014 Job Market Intelligence: Report on the Growth of Cybersecurity Jobs Matching People & Jobs Reemployment & Education Pathways Resume Parsing & Management Real-Time Jobs Intelligence Average #

More information

Testimony of Dan Nutkis CEO of HITRUST Alliance. Before the Oversight and Government Reform Committee, Subcommittee on Information Technology

Testimony of Dan Nutkis CEO of HITRUST Alliance. Before the Oversight and Government Reform Committee, Subcommittee on Information Technology Testimony of Dan Nutkis CEO of HITRUST Alliance Before the Oversight and Government Reform Committee, Subcommittee on Information Technology Hearing entitled: Cybersecurity: The Evolving Nature of Cyber

More information

C ETS C/ETS: CYBER INTELLIGENCE + ENTERPRISE SOLUTIONS CSCSS / ENTERPRISE TECHNOLOGY + SECURITY

C ETS C/ETS: CYBER INTELLIGENCE + ENTERPRISE SOLUTIONS CSCSS / ENTERPRISE TECHNOLOGY + SECURITY CSCSS / ENTERPRISE TECHNOLOGY + SECURITY C/ETS: CYBER INTELLIGENCE + ENTERPRISE SOLUTIONS CENTRE FOR STRATEGIC CSCSS CYBERSPACE + SECURITY SCIENCE CSCSS / ENTERPRISE TECHNOLOGY + SECURITY GROUP Information

More information

Booz Allen Engineering Services. Global Integrated Solutions Based on Technical Excellence and Mission Insight. Ready for what s next.

Booz Allen Engineering Services. Global Integrated Solutions Based on Technical Excellence and Mission Insight. Ready for what s next. Booz Allen Engineering Services Global Integrated Solutions Based on Technical Excellence and Mission Insight Ready for what s next. Engineering Services delivers to our defense and civilian government

More information

Exceptional Careers for Extraordinary People

Exceptional Careers for Extraordinary People Exceptional Careers for Extraordinary People Ready for what s next. Creating the Future At Booz Allen Hamilton, a leading strategy and technology consulting fi rm, we provide our talented professionals

More information

Report: An Analysis of US Government Proposed Cyber Incentives. Author: Joe Stuntz, MBA EP 14, McDonough School of Business

Report: An Analysis of US Government Proposed Cyber Incentives. Author: Joe Stuntz, MBA EP 14, McDonough School of Business S 2 ERC Project: Cyber Threat Intelligence Exchange Ecosystem: Economic Analysis Report: An Analysis of US Government Proposed Cyber Incentives Author: Joe Stuntz, MBA EP 14, McDonough School of Business

More information

CYBER SECURITY INFORMATION SHARING & COLLABORATION

CYBER SECURITY INFORMATION SHARING & COLLABORATION Corporate Information Security CYBER SECURITY INFORMATION SHARING & COLLABORATION David N. Saul Senior Vice President & Chief Scientist 28 June 2013 Discussion Flow The Evolving Threat Environment Drivers

More information

Manned Information Security

Manned Information Security Manned Information Security Adversary Pursuit and Active Network Defense root9b Technologies (RTNB) Presented By: John Harbaugh, COO CONFIDENTIALITY NOTICE This briefing, including any attachments, is

More information

Integrated Risk Management. Balancing Risk and Budget

Integrated Risk Management. Balancing Risk and Budget Integrated Risk Management The Current Risk Landscape Organizations which depend upon information systems are challenged by serious threats that can exploit both known and unknown vulnerabilities in systems.

More information

Written Statement of Richard Dewey Executive Vice President New York Independent System Operator

Written Statement of Richard Dewey Executive Vice President New York Independent System Operator Written Statement of Richard Dewey Executive Vice President New York Independent System Operator Senate Standing Committee on Veterans, Homeland Security and Military Affairs Senator Thomas D. Croci, Chairman

More information

Booz Allen Hamilton Systems Delivery Group

Booz Allen Hamilton Systems Delivery Group Booz Allen Hamilton Systems Delivery Group Booz Allen Hamilton Systems Delivery Group Systems Delivery at Booz Allen In today s environment, large software projects routinely run significantly over budget

More information

Management Spans and Layers. Streamlining the Out-of-Shape Organization

Management Spans and Layers. Streamlining the Out-of-Shape Organization Management Spans and Layers Streamlining the Out-of-Shape Organization Originally published as: Management Spans and Layers: Streamlining the Out-of-Shape Organization, by Ian Buchanan, Jong Hyun Chang,

More information

Harnessing Big Data to Solve Complex Problems: The Cloud Analytics Reference Architecture

Harnessing Big Data to Solve Complex Problems: The Cloud Analytics Reference Architecture Harnessing Big Data to Solve Complex Problems: The Cloud Analytics Reference Architecture Table of Contents Introduction... 1 Cloud Analytics Reference Architecture... 1 Using All the Data... 3 Better

More information

THE WHITE HOUSE. Office of the Press Secretary. For Immediate Release February 12, 2013. February 12, 2013

THE WHITE HOUSE. Office of the Press Secretary. For Immediate Release February 12, 2013. February 12, 2013 THE WHITE HOUSE Office of the Press Secretary For Immediate Release February 12, 2013 February 12, 2013 PRESIDENTIAL POLICY DIRECTIVE/PPD-21 SUBJECT: Critical Infrastructure Security and Resilience The

More information

Sempra Energy Utilities response Department of Commerce Inquiry on Cyber Security Incentives APR 29 2013

Sempra Energy Utilities response Department of Commerce Inquiry on Cyber Security Incentives APR 29 2013 Sempra Energy Utilities response Department of Commerce Inquiry on Cyber Security Incentives APR 29 2013 Sempra Energy s gas and electric utilities collaborate with industry leaders and a wide range of

More information

Impacts of Sequestration on the States

Impacts of Sequestration on the States Impacts of Sequestration on the States Alabama Alabama will lose about $230,000 in Justice Assistance Grants that support law STOP Violence Against Women Program: Alabama could lose up to $102,000 in funds

More information

CLIENT UPDATE CRITICAL INFRASTRUCTURE CYBERSECURITY: U.S. GOVERNMENT RESPONSE AND IMPLICATIONS

CLIENT UPDATE CRITICAL INFRASTRUCTURE CYBERSECURITY: U.S. GOVERNMENT RESPONSE AND IMPLICATIONS CLIENT UPDATE CRITICAL INFRASTRUCTURE CYBERSECURITY: U.S. GOVERNMENT RESPONSE AND IMPLICATIONS NEW YORK Jeremy Feigelson jfeigelson@debevoise.com WASHINGTON, D.C. Satish M. Kini smkini@debevoise.com Renee

More information

Enabling Agility in Law Enforcement Leveraging Collective Intelligence, Analytics, and Operational Capabilities to Optimize Mission Performance

Enabling Agility in Law Enforcement Leveraging Collective Intelligence, Analytics, and Operational Capabilities to Optimize Mission Performance Enabling Agility in Law Enforcement Leveraging Collective Intelligence, Analytics, and Operational Capabilities to Optimize Mission Performance Enabling Agility in Law Enforcement Leveraging Collective

More information

Tackling the BRAC Mission Continuity Challenge Workforce

Tackling the BRAC Mission Continuity Challenge Workforce Tackling the BRAC Mission Continuity Challenge Workforce by Joseph W. Mahaffee mahaffee_ joe@bah.com Dr. William Rowe, Jr. rowe_william_ jr@bah.com Elizabeth Miller miller_elizabeth@bah.com Tackling the

More information

Testimony of. Doug Johnson. New York Bankers Association. New York State Senate Joint Public Hearing:

Testimony of. Doug Johnson. New York Bankers Association. New York State Senate Joint Public Hearing: Testimony of Doug Johnson On behalf of the New York Bankers Association before the New York State Senate Joint Public Hearing: Cybersecurity: Defending New York from Cyber Attacks November 18, 2013 Testimony

More information

A BUSINESS CASE FOR BEHAVIORAL ANALYTICS. White Paper

A BUSINESS CASE FOR BEHAVIORAL ANALYTICS. White Paper A BUSINESS CASE FOR BEHAVIORAL ANALYTICS White Paper Introduction What is Behavioral 1 In a world in which web applications and websites are becoming ever more diverse and complicated, running them effectively

More information

Statement of Edward Amoroso, Ph.D. Senior Vice President & Chief Security Officer AT&T. United States House of Representatives

Statement of Edward Amoroso, Ph.D. Senior Vice President & Chief Security Officer AT&T. United States House of Representatives Statement of Edward Amoroso, Ph.D. Senior Vice President & Chief Security Officer AT&T Hearing: DHS s Cybersecurity Mission: Promoting Innovation and Securing Critical Infrastructure United States House

More information

Cyber threat intelligence and the lessons from law enforcement. kpmg.com/cybersecurity

Cyber threat intelligence and the lessons from law enforcement. kpmg.com/cybersecurity Cyber threat intelligence and the lessons from law enforcement kpmg.com/cybersecurity Introduction Cyber security breaches are rarely out of the media s eye. As adversary sophistication increases, many

More information

Update on U.S. Critical Infrastructure and Cybersecurity Initiatives

Update on U.S. Critical Infrastructure and Cybersecurity Initiatives Update on U.S. Critical Infrastructure and Cybersecurity Initiatives Presented to Information Security Now! Seminar Helsinki, Finland May 8, 2013 MARK E. SMITH Assistant Director International Security

More information

Written Testimony. Dr. Andy Ozment. Assistant Secretary for Cybersecurity and Communications. U.S. Department of Homeland Security.

Written Testimony. Dr. Andy Ozment. Assistant Secretary for Cybersecurity and Communications. U.S. Department of Homeland Security. Written Testimony of Dr. Andy Ozment Assistant Secretary for Cybersecurity and Communications U.S. Department of Homeland Security Before the U.S. House of Representatives Committee on Oversight and Government

More information

Statement of Gil Vega. Associate Chief Information Officer for Cybersecurity and Chief Information Security Officer. U.S. Department of Energy

Statement of Gil Vega. Associate Chief Information Officer for Cybersecurity and Chief Information Security Officer. U.S. Department of Energy Statement of Gil Vega Associate Chief Information Officer for Cybersecurity and Chief Information Security Officer U.S. Department of Energy Before the Subcommittee on Oversight and Investigations Committee

More information

Integrating Cybersecurity with Emergency Operations Plans (EOPs) for Institutions of Higher Education (IHEs)

Integrating Cybersecurity with Emergency Operations Plans (EOPs) for Institutions of Higher Education (IHEs) Integrating Cybersecurity with Emergency Operations Plans (EOPs) for Institutions of Higher Education (IHEs) Amy Banks, U.S. Department of Education, Center for School Preparedness, Office of Safe and

More information

Enterprise Security Tactical Plan

Enterprise Security Tactical Plan Enterprise Security Tactical Plan Fiscal Years 2011 2012 (July 1, 2010 to June 30, 2012) Prepared By: State Chief Information Security Officer The Information Security Council State of Minnesota Enterprise

More information

Corporate Perspectives On Cybersecurity: A Survey Of Execs

Corporate Perspectives On Cybersecurity: A Survey Of Execs Portfolio Media. Inc. 860 Broadway, 6th Floor New York, NY 10003 www.law360.com Phone: +1 646 783 7100 Fax: +1 646 783 7161 customerservice@law360.com Corporate Perspectives On Cybersecurity: A Survey

More information

Healthcare Cybersecurity Perspectives from the Michigan Healthcare Cybersecurity Council

Healthcare Cybersecurity Perspectives from the Michigan Healthcare Cybersecurity Council Healthcare Cybersecurity Perspectives from the Michigan Healthcare Cybersecurity Council Presented by Doug Copley, Chairman Michigan Healthcare Cybersecurity Council Mr. Chairman and Committee Members,

More information

Getting in Front of the Cybersecurity Talent Crisis

Getting in Front of the Cybersecurity Talent Crisis CYBERSECURITY WORKFORCE Getting in Front of the Cybersecurity Talent Crisis http://boozallen.tumblr.com/post/120784624298/ how-to-build-a-cyber-dream-team-when-it-comes-to CONTENTS INTRODUCTION Introduction...

More information

IACP BRIEF CYBER SECURITY ADDRESSING THE NEEDS OF LAW ENFORCEMENT. Serving the Leaders of Today, Developing the Leaders of Tomorrow

IACP BRIEF CYBER SECURITY ADDRESSING THE NEEDS OF LAW ENFORCEMENT. Serving the Leaders of Today, Developing the Leaders of Tomorrow IACP BRIEF Serving the Leaders of Today, Developing the Leaders of Tomorrow CYBER SECURITY: CYBER SECURITY ADDRESSING THE NEEDS OF LAW ENFORCEMENT 1 P age OVERVIEW The International Association of Chiefs

More information

From Stovepipes to Secure Exchanges

From Stovepipes to Secure Exchanges From Stovepipes to Secure Exchanges An Integrated Approach to Protecting Shared Federal Data by Greg Brill brill_gregory@bah.com Khurram Chaudry chaudry_khurram@bah.com From Stovepipes to Secure Exchanges

More information

2 Gabi Siboni, 1 Senior Research Fellow and Director,

2 Gabi Siboni, 1 Senior Research Fellow and Director, Cyber Security Build-up of India s National Force 2 Gabi Siboni, 1 Senior Research Fellow and Director, Military and Strategic Affairs and Cyber Security Programs, Institute for National Security Studies,

More information

PATRIOTWATCHTM PATRIOTSHIELDTM PATRIOTSWORDTM

PATRIOTWATCHTM PATRIOTSHIELDTM PATRIOTSWORDTM Overlook Systems Technologies, Inc. 1950 Old Gallows Road, Suite 400 Vienna, VA 22182 (703)-893-1411 PATRIOTWATCHTM PATRIOTSHIELDTM PATRIOTSWORDTM A PROPOSED SOLUTION TO ADDRESS RISK TO U.S. CRITICAL INFRASTRUCTURE

More information

Next-Generation Governance Enhanced Decisionmaking Through a Mission-Focused, Data-Driven Approach

Next-Generation Governance Enhanced Decisionmaking Through a Mission-Focused, Data-Driven Approach Next-Generation Governance Enhanced Decisionmaking Through a Mission-Focused, Data-Driven Approach April 2011 A white paper prepared by Booz Allen Hamilton: Center of Excellence for Strategic Technology

More information

FFIEC Cybersecurity Assessment Tool

FFIEC Cybersecurity Assessment Tool Overview In light of the increasing volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council 1 (FFIEC) developed the Cybersecurity Tool (), on behalf of its members,

More information

RE: Experience with the Framework for Improving Critical Infrastructure Cybersecurity

RE: Experience with the Framework for Improving Critical Infrastructure Cybersecurity October 10, 2014 Ms. Diane Honeycutt National Institute of Standards and Technology 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899 RE: Experience with the Framework for Improving Critical Infrastructure

More information

Pulling Up Your SOX. Companies Can Gain from Compliance with U.S. Governance Act. Lisa Fabish fabish_lisa@bah.com. Stuart Groves groves_stuart@bah.

Pulling Up Your SOX. Companies Can Gain from Compliance with U.S. Governance Act. Lisa Fabish fabish_lisa@bah.com. Stuart Groves groves_stuart@bah. by Lisa Fabish fabish_lisa@bah.com Stuart Groves groves_stuart@bah.com Robert Oushoorn oushoorn_robert@bah.com Otto Waterlander waterlander_otto@bah.com Pulling Up Your SOX Companies Can Gain from Compliance

More information

GETTING REAL ABOUT SECURITY MANAGEMENT AND "BIG DATA"

GETTING REAL ABOUT SECURITY MANAGEMENT AND BIG DATA GETTING REAL ABOUT SECURITY MANAGEMENT AND "BIG DATA" A Roadmap for "Big Data" in Security Analytics ESSENTIALS This paper examines: Escalating complexity of the security management environment, from threats

More information

(U) Appendix D: Evaluation of the Comprehensive National Cybersecurity Initiative

(U) Appendix D: Evaluation of the Comprehensive National Cybersecurity Initiative (U) Appendix D: Evaluation of the Comprehensive National Cybersecurity Initiative (U) Presidential Directive NSPD 54/HSPD 23, Cybersecurity Policy, established United States policy, strategy, guidelines,

More information

2015 CYBERSECURITY CAMPAIGN. Improving Today. Protecting Tomorrow. Page 1

2015 CYBERSECURITY CAMPAIGN. Improving Today. Protecting Tomorrow. Page 1 2015 CYBERSECURITY CAMPAIGN Improving Today. Protecting Tomorrow Page 1 2015 CYBERSECURITY CAMPAIGN Improving Today. Protecting Tomorrow JOIN THE CYBERSECURITY EDUCATION AND FRAMEWORK AWARENESS CAMPAIGN

More information

The Economics of Cloud Computing

The Economics of Cloud Computing The Economics of Cloud Computing Addressing the Benefits of Infrastructure in the Cloud by Ted Alford alford_theodore@bah.com Gwen Morton morton_gwen@bah.com The Economics of Cloud Computing Addressing

More information

CyberSecurity Solutions. Delivering

CyberSecurity Solutions. Delivering CyberSecurity Solutions Delivering Confidence Staying One Step Ahead Cyber attacks pose a real and growing threat to nations, corporations and individuals globally. As a trusted leader in cyber solutions

More information

Why you should adopt the NIST Cybersecurity Framework

Why you should adopt the NIST Cybersecurity Framework www.pwc.com/cybersecurity Why you should adopt the NIST Cybersecurity Framework May 2014 The National Institute of Standards and Technology Cybersecurity Framework may be voluntary, but it offers potential

More information

MEMO. To: Department of Homeland Security Officials

MEMO. To: Department of Homeland Security Officials MEMO To: Department of Homeland Security Officials From: Erica Chenoweth, Harvard University (Erica_Chenoweth@ksg.harvard.edu) and Susan E. Clarke, University of Colorado (Susan.Clarke@colorado.edu) Issue:

More information

Cyber Information-Sharing Models: An Overview

Cyber Information-Sharing Models: An Overview PARTNERSHIP Cyber Information-Sharing Models: An Overview October 2012. The MITRE Corporation. All rights reserved. Approved for Public Release. Case Number 11-4486. Distribution Unlimited. Table of Contents

More information

Rapid Prototyping. The Agile Creation of Solutions for Modern Defense & Intelligence. by Lee Wilbur wilbur_lee@bah.com

Rapid Prototyping. The Agile Creation of Solutions for Modern Defense & Intelligence. by Lee Wilbur wilbur_lee@bah.com Rapid Prototyping The Agile Creation of Solutions for Modern Defense & Intelligence by Lee Wilbur wilbur_lee@bah.com Allan Steinhardt steinhardt_allan@bah.com Rapid Prototyping The Agile Creation of Solutions

More information

Information About Filing a Case in the United States Tax Court. Attached are the forms to use in filing your case in the United States Tax Court.

Information About Filing a Case in the United States Tax Court. Attached are the forms to use in filing your case in the United States Tax Court. Information About Filing a Case in the United States Tax Court Attached are the forms to use in filing your case in the United States Tax Court. It is very important that you take time to carefully read

More information

September 28, 2 012 MEMORANDUM FOR. MR. ANTONY BLINKEN Deputy Assistant to the President and National Security Advisor to the Vice President

September 28, 2 012 MEMORANDUM FOR. MR. ANTONY BLINKEN Deputy Assistant to the President and National Security Advisor to the Vice President 004216 THE WHITE HOUSE WASHINGTON MEMORANDUM FOR September 28, 2 012 MR. ANTONY BLINKEN Deputy Assistant to the President and National Security Advisor to the Vice President MR. STEPHEN D. MULL Executive

More information

Cyber Side-Effects: How Secure is the Personal Information Entered into the Flawed Healthcare.gov? Statement for the Record

Cyber Side-Effects: How Secure is the Personal Information Entered into the Flawed Healthcare.gov? Statement for the Record Cyber Side-Effects: How Secure is the Personal Information Entered into the Flawed Healthcare.gov? Statement for the Record Roberta Stempfley Acting Assistant Secretary for Cybersecurity and Communications

More information