DOE Cyber Security Policy Perspectives

Size: px
Start display at page:

Download "DOE Cyber Security Policy Perspectives"

Transcription

1 DOE Cyber Security Policy Perspectives Mike Smith Senior Cyber Policy Advisor to the Assistant Secretary Department of Energy

2 Overview of DOE Cybersecurity Priorities Protecting the DOE Enterprise from Cyber Threats Bolstering U.S. Government Capabilities to Address Cyber Threats Improving Cybersecurity in the Energy Sector 2

3 Improving Cybersecurity in the Energy Sector Build robust information sharing and situational awareness architecture Add additional energy sector entities to the Cybersecurity Risk Information Sharing Program (CRISP) Conduct threat briefings Provide tools and technology for owners and operators to strengthen security and resilience Expand implementation of the Cybersecurity Capability Maturity Model, which encourages adoption of best practices and informs cybersecurity investment decisions Develop and demonstrate cutting-edge cybersecurity solutions in the energy sector Develop a robust incident response capability in the energy sector Automate the workflow process for all stakeholders and responders to ensure faster, coordinated incident management Exercise incident response capabilities 3

4 CRISP Overview Description: The Cybersecurity Risk Information Sharing Program (CRISP) combines software tools, analytical hardware and software, and analytical expertise including private sector industry expertise - to understand and mitigate the threats focused on the nation s energy infrastructure. Vision: An enduring, trusted information sharing partnership between the Department of Energy and its private Energy Sector partners that significantly enhances the security of Energy Sector infrastructure systems while also improving the U.S. Government s critical infrastructure situational awareness 4

5 Cyber Fed Model (CFM) A near real-time exchange of cyber threat information focused on the reduction and mitigation of cyber security risk across our critical infrastructure Typically every 5-15 minutes Tactical (actionable info) Autonomic (machine-machine) Participant controls sharing Payload Agnostic 5

6 C2M2 Program ES-C2M2 Public-private collaborative effort Sector specific subject matter expertise Pilot evaluations ONG-C2M2 Tested and refined for ONG through ONG pilot evaluations across upstream, midstream, and downstream ONG companies. C2M2 Without sector-specific references or terms of art Refined through the ONG pilots, and also via crosssector outreach 6

7 ES-C2M2 Introduction Challenge: Develop capabilities to manage dynamic threats and understand cybersecurity posture of the grid Approach: Develop a maturity model and self-evaluation survey to develop and measure cybersecurity capabilities Results: A scalable, sector-specific model created in partnership with industry ES-C2M2 Objectives Strengthen cybersecurity capabilities Enable consistent evaluation and benchmarking of cybersecurity capabilities Share knowledge and best practices Enable prioritized actions and cybersecurity investments 7

8 Framework - Introduction GOALS Reduce cyber risks to critical infrastructure Voluntary and Technology-neutral Improve cyber threat information sharing Incorporate privacy & civil liberties protections Leverage existing regulation to promote cyber security Repeatable and cost-effective design Flexible cross-sector approach DEVELOPMENT PROCESS Collaborative cross-sector workshops and public comments 8

9 NIST Cybersecurity Framework Released February 12, 2014 Developed in partnership with asset owners and operators, academia, and US Government A risk-based cybersecurity approach composed of the following three parts: Core a set of cybersecurity activities,outcomes, and informative references that are common across critical infrastructure sectors Profile represents the outcomes based on business needs that an organization has selected from the Framework Categories and Subcategories in the core Tiers (1-4) provide a mechanism for organizations to view and understand the characteristics of their approach to managing cybersecurity risk 9

10 Guidance Development SUMMARY DOE is holding bi-weekly conference calls with the private sector stakeholders to engage them in the development of the Framework Implementation Guidance document. Draft Outline is being circulated for comments. DOE is collaborating with sector specific agencies and other interested government partners to seek their input on the Guidance document. It is anticipated that the Framework Implementation Guidance document for Energy sector will be released in October

11 Guidance Development APPROACH There are many potential tools for addressing Framework implementation. ES-C2M2 is one of many such tools. For organizations that prefer an implementation approach other than the C2M2, DOE is working with the Sector Coordinating Councils to develop and incorporate a general process addressing how alternative approaches may satisfy the goals of the framework. For organizations that use C2M2, the Implementation Guidance will highlight the interoperability between the NIST Cybersecurity Framework and DOE s C2M2 program. 11

12 Guidance Development FRAMEWORK AND C2M2 C2M2 Practices, which cover elements of both the Framework Core and Tier, address both sophistication of a cybersecurity program, as well as the culture supporting it. C2M2 Maturity Indicator Levels (MILs) tie with elements of the Framework Tiers. Each of the domain MIL scores in the C2M2 incorporate elements of the risk management characteristics from the Tiers. C2M2 Scorecards, which highlight the level of maturity across C2M2 domains, are almost identical to the concept of Framework Profiles, both current and target. 12

13 Framework Adoption The White House established a work plan for ten incentive working groups; one of which is the working group: Prudent Cybersecurity Investments and Opportunities for Utilities in the Electric, Natural Gas, Water and Telecom Sectors. The working group was tasked with incentivizing adoption of the Cybersecurity Framework The working group identified three target stakeholder groups: State and local regulators State policy makers Asset owners/operators 13

14 State and Local Regulators The CSF is a voluntary guideline that can be referenced when evaluating a utility s cybersecurity program Implementing the practices outlined in the CSF is one way to reduce the exposure to risks, which can have significant financial implications for utilities Adopting the CSF can assist both regulators and the entities they regulate as it may reduce risks to the private sector, their customers, and to society as a whole We want to work with you to create a common lexicon between regulators and regulated entities and the public and private sectors for managing cyber risk Using something other than CSF for a cybersecurity discussion with the regulated entities will create undue burden on these entities

15 State Policy Makers Cybersecurity, as outlined in the CSF, should be considered when developing policies for reducing risks and enhancing the resiliency of critical infrastructure We have identified and collaborated with several groups with existing relationships with regulators and policy makers who can assist in developing these policies (NASEO, NARUC, etc.)

16 Asset Owners/Operators The CSF can be used as a tool for evaluating cybersecurity programs Increased implementation of the activities in the CSF may lead to better informed documentation and consideration of the recovery of costs for cybersecurity related expenses There are several documents and guides which may be used to implement the activities in the CSF; for example, the American Water Works Association Cybersecurity Tool, the ES-C2M2 and the Draft Energy Sector Framework Guidance

17 Cybersecurity for Energy Delivery Systems R&D Structure Higher Risk, Longer Term Projects Core NSTB Program Frontier Research Academia Projects Minimum Cost Share Medium Risk, Mid Term Projects National Laboratory Led Projects Lower Cost Share Partnering Lower Risk, Shorter Term Projects Industry Led Projects Higher Cost Share Core & Frontier (NSTB) Argonne National Laboratory Idaho National Laboratory Oak Ridge National Laboratory Los Alamos National Laboratory Lawrence Berkeley National Laboratory Pacific Northwest National Laboratory Sandia National Laboratory Path to Commercialization Academia Led Trustworthy Cyber Infrastructure for the Power Grid (TCIPG) - Cornell University - Dartmouth College - UC-Davis - University of Illinois - Washington State University SEI at Carnegie Mellon Laboratory Led Idaho National Laboratory Oak Ridge National Laboratory Pacific Northwest National Laboratory Industry Led Applied Communication Services Grid Protection Alliance Honeywell Schweitzer Engineering Laboratories, Inc. Siemens Infrastructure & Cities, Energy Automation Sypris 17

18 Cybersecurity for Energy Delivery Systems R&D Structure The second phase of an expanded academic collaboration that Energy Sector s Roadmap Roadmap to Achieve Energy Delivery Systems Cybersecurity NITRD Networking Information Technology Research and Development Issue a competitive solicitation for an academic collaboration Continue high risk/high payoff Frontier and Core research at the National labs Issue a competitive solicitation for the Energy Sector University-led R&D National Labled R&D Energy Sectorled R&D Combines expertise in power system engineering and the computer science of cybersecurity to innovate and transition capabilities that reduce the risk of power disruption resulting from a cyber incident. Maintains an academic collaboration in CEDS R&D after The Trustworthy Cyber Infrastructure for the Power Grid (TCIPG) receives its final year of funding in FY14 National Lab research areas could include: Analyze the risk posed to the energy sector if energy delivery control systems were exploited by selected malware Tailored Trustworthy Spaces that tailor cybersecurity in all levels of the energy delivery system architecture Energy Sector research areas could include: Detect compromise of supply chain integrity for energy delivery system cyber assets Identify adversarial cyber activity that attempts to hide by misusing normally allowed operation of power grid components Survive a cyber incident while sustaining critical energy delivery functions. 18

19 Cybersecurity for Energy Delivery Systems Key Success: Lemnos Collaboration Transitions R&D to Practice Prototype Development Commercial prototype and open source configuration profile for interoperable secure routable energy sector communications EnerNex Corporation, Sandia National Laboratories, Schweitzer Engineering Laboratories, Tennessee Valley Authority, 7 Network Security Vendors Applied Research Open Process Control System (PCS) Security Architecture for Interoperable Design, known as OPSAID provides vendors of supervisory control and data acquisition/energy management systems (SCADA/EMS) with the capability to retrofit secure communications for legacy devices, and to design-in interoperable security for future energy delivery control systems Sandia National Laboratories CEDS projects engage national labs, vendors, asset owners, and academia throughout the project lifecycle to deliver relevant projects with clear commercialization paths. Field Demonstration Lemnos has become a broad industry partnership for secure, interoperable communications Increasing numbers of energy delivery system vendors have demonstrated Lemnos, today at least ten Open Source Solution Broad energy sector partnership uses Lemnos Interoperable, secure routable energy sector communications Commercial Product Schweitzer Engineering Laboratories Ethernet Security Gateway SEL-3620 implements Lemnos 19

20 Integrated National Response to a Cyber Incident In 2012, Deputy Secretary of Energy Daniel Poneman directed senior staff at DOE to develop a Cyber Incident Response Plan for integrated national response for the Energy Community. This kicked off a multi-year effort to organize internally and externally to develop a timely, coordinated, effective, and efficient Cyber Incident Management Capability for integrated national response. The capability will utilize governmental and non-governmental resources to prevent, protect, mitigate, respond, and recover from a high-impact cyber incident. 16

21 DOE s Goal Operational Energy and Resilience Steady State Understand & Communicate Threats Serve as a steady-state operations center that can monitor, receive, and analyze real-time energy threat and operations information and coordinate information sharing of that information with all Energy Sector Stakeholders Emergency Response Facilitate Return to Normal Provide Immediate Assistance During emergencies, the E-ROC facilitates the collaboration with governments, energy sector partners to include owners, operators, and associations thru the analysis and dissemination of actionable information Risk Management Engage with domestic and international partners to ensure reliability, survivability and resiliency of the Energy Sector Enhance Resilience Implement energy resilience policies and guidelines for facility owners and States (including territories and tribal) to mitigate, prepare, prevent, respond, and recover from disasters and threats that might impact energy infrastructure Provide Immediate Assistance During emergencies, deploy and coordinate with regional Federal, States (including territories and tribal) and energy infrastructure owners and operators and serve on the National I-MAT Teams Faster restoration and recovery of energy systems Cutting Edge Solutions Rapid identification of potential technical solutions, as appropriate, drive the innovation and introduction of new science and technology to the Energy Sector 21

22 DOE s PICERF Capability Segments Energy Sector-Cybersecurity Incident Management Capability Framework for People, Tools, and Processes Contain Lesson s Learned / Post-mortem / Follow-up Operations: e.g., Requirements, CONOPS, Roles, Playbook, MOUs, Areas, SLAs/Metrics, Exercises, Supply Chain, Reports Information: e.g., Data Standards, Adapters, Aggregation, Cross-domain, Variety, Velocity, Historical data Technology: e.g., Capabilities, Analytics, Lines of Communication, IM System, Portal, B2B 2014 goal: Finalize an Incident Management roadmap developed with federal partners and industry for incident response capabilities needed over the next five years

23 Energy Sector-Cybersecurity Incident Management Capability Gap Observations: Executive Summary Compliance Focus: Increased focus to response and recovery while sustaining appropriate levels of preparation and compliance Data Protection: Protection for any submitted data against regulatory or public use beyond narrowly-defined incident management Customer convenience: Mobility, ease of use, portal access, timely access to sensitive information, hours of operation Personalization of information: Based on DOE and stakeholder needs, in the desired form, and using the communications channel they d prefer Centralized reporting, wide dissemination: Elimination of redundant efforts and confusion about who and where to go for answers and resources Shared Situational Awareness: Integrated data exchange amongst stakeholders to enable effective decision-making Asset owners increase data production: Increased bi-direction data exchange with asset owners and access to their insights 23

24 Building Incident Management Capacity Playbooks & Capabilities Electricity Subsector Playbook to address a cyber attack: Part of a larger DHS-led effort to identify incident response processes in critical infrastructure sectors Collaboration between government and industry to identify responsibilities and activities Specific types of attack addressed Government and Industry Capabilities in the Electricity Subsector: Part of a larger DHS-led effort to identify incident response capabilities in critical infrastructure sectors Collaboration between government and industry to identify existing capabilities Executive-level Playbooks: ESCC directed a Senior Executive Industry Playbook that addresses all-hazards Government entities have similar playbooks for executive communications and alert levels 24 24

25 Questions? Mike Smith Senior Cyber Policy Advisor to the Assistant Secretary Department of Energy Phone:

NIST CYBERSECURITY FRAMEWORK IMPLEMENTATION: ENERGY SECTOR APPROACH

NIST CYBERSECURITY FRAMEWORK IMPLEMENTATION: ENERGY SECTOR APPROACH NIST CYBERSECURITY FRAMEWORK IMPLEMENTATION: ENERGY SECTOR APPROACH SANS ICS Security Summit March 18, 2014 Jason D. Christopher Nadya Bartol Ed Goff Agenda Background Use of Existing Tools: C2M2 Case

More information

Facilitated Self-Evaluation v1.0

Facilitated Self-Evaluation v1.0 Electricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2) Patricia Hoffman Facilitated Self-Evaluation v1.0 Assistant Secretary Office of Electricity Delivery and Energy Reliability U.S.

More information

Cybersecurity Framework. Executive Order 13636 Improving Critical Infrastructure Cybersecurity

Cybersecurity Framework. Executive Order 13636 Improving Critical Infrastructure Cybersecurity Cybersecurity Framework Executive Order 13636 Improving Critical Infrastructure Cybersecurity National Institute of Standards and Technology (NIST) Mission To promote U.S. innovation and industrial competitiveness

More information

NIST Cybersecurity Framework Overview

NIST Cybersecurity Framework Overview NIST Cybersecurity Framework Overview Executive Order 13636 Improving Critical Infrastructure Cybersecurity 2nd ENISA International Conference on Cyber Crisis Cooperation and Exercises Executive Order

More information

Release of the Draft Cybersecurity Procurement Language for Energy Delivery Systems

Release of the Draft Cybersecurity Procurement Language for Energy Delivery Systems Release of the Draft Cybersecurity Procurement Language for Energy Delivery Systems Energy Sector Control Systems Working Group Supporting the Electricity Sector Coordinating Council, Oil & Natural Gas

More information

Smart Grid Cybersecurity Lessons Learned

Smart Grid Cybersecurity Lessons Learned Smart Grid Cybersecurity Lessons Learned Hank Kenchington Deputy Assistant Secretary From More than 11 Million Smart Meters Deployed Office of Electricity Delivery and Energy Reliability Grid Modernization:

More information

ENERGY SECTOR CYBERSECURITY FRAMEWORK IMPLEMENTATION GUIDANCE

ENERGY SECTOR CYBERSECURITY FRAMEWORK IMPLEMENTATION GUIDANCE ENERGY SECTOR CYBERSECURITY FRAMEWORK IMPLEMENTATION GUIDANCE JANUARY 2015 U.S. DEPARTMENT OF ENERGY OFFICE OF ELECTRICITY DELIVERY AND ENERGY RELIABILITY Energy Sector Cybersecurity Framework Implementation

More information

RE: Experience with the Framework for Improving Critical Infrastructure Cybersecurity

RE: Experience with the Framework for Improving Critical Infrastructure Cybersecurity October 10, 2014 Ms. Diane Honeycutt National Institute of Standards and Technology 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899 RE: Experience with the Framework for Improving Critical Infrastructure

More information

Following the Energy Sector s Roadmap

Following the Energy Sector s Roadmap Cybersecurity for Energy Delivery Systems (CEDS) R&D Following the Energy Sector s Roadmap Carol Hawk CEDS R&D Program Manager Energy Sector Cybersecurity Different Priorities Energy Delivery Control Systems

More information

Voluntary Cybersecurity Initiatives in Critical Infrastructure. Nadya Bartol, CISSP, SGEIT, nadya.bartol@utc.org. 2014 Utilities Telecom Council

Voluntary Cybersecurity Initiatives in Critical Infrastructure. Nadya Bartol, CISSP, SGEIT, nadya.bartol@utc.org. 2014 Utilities Telecom Council Voluntary Cybersecurity Initiatives in Critical Infrastructure Nadya Bartol, CISSP, SGEIT, nadya.bartol@utc.org 2014 Utilities Telecom Council Utility cybersecurity environment is full of collaborations

More information

NIST Cybersecurity Framework What It Means for Energy Companies

NIST Cybersecurity Framework What It Means for Energy Companies Daniel E. Frank J.J. Herbert Mark Thibodeaux NIST Cybersecurity Framework What It Means for Energy Companies November 14, 2013 Your Panelists Dan Frank J.J. Herbert Mark Thibodeaux 2 Overview The Cyber

More information

Working to Achieve Cybersecurity in the Energy Sector

Working to Achieve Cybersecurity in the Energy Sector Working to Achieve Cybersecurity in the Energy Sector Cybersecurity for Energy Delivery Systems (CEDS) Rita Wells Idaho National Laboratory Roadmap Framework for Public-Private Collaboration Published

More information

NIST Cybersecurity Framework. ARC World Industry Forum 2014

NIST Cybersecurity Framework. ARC World Industry Forum 2014 NIST Cybersecurity Framework Vicky Yan Pillitteri NIST ARC World Industry Forum 2014 February 10-13, 2014 Orlando, FL Executive Order 13636 Improving Critical Infrastructure Cybersecurity It is the policy

More information

Cyber Security and Privacy - Program 183

Cyber Security and Privacy - Program 183 Program Program Overview Cyber/physical security and data privacy have become critical priorities for electric utilities. The evolving electric sector is increasingly dependent on information technology

More information

Panel Session: Lessons Learned in Smart Grid Cybersecurity

Panel Session: Lessons Learned in Smart Grid Cybersecurity PNNL-SA-91587 Panel Session: Lessons Learned in Smart Grid Cybersecurity TCIPG Industry Workshop Jeff Dagle, PE Chief Electrical Engineer Advanced Power and Energy Systems Pacific Northwest National Laboratory

More information

Electricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2) (Case Study) James Stevens Senior Member, Technical Staff - CERT Division

Electricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2) (Case Study) James Stevens Senior Member, Technical Staff - CERT Division Electricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2) (Case Study) James Stevens Senior Member, Technical Staff - CERT Division James Stevens is a senior member of the technical staff

More information

Critical Infrastructure Cybersecurity Framework. Overview and Status. Executive Order 13636 Improving Critical Infrastructure Cybersecurity

Critical Infrastructure Cybersecurity Framework. Overview and Status. Executive Order 13636 Improving Critical Infrastructure Cybersecurity Critical Infrastructure Cybersecurity Framework Overview and Status Executive Order 13636 Improving Critical Infrastructure Cybersecurity Executive Order: Improving Critical Infrastructure Cybersecurity

More information

Cybersecurity Risk Information Sharing Program (CRISP): Bi-Directional Trust

Cybersecurity Risk Information Sharing Program (CRISP): Bi-Directional Trust Session ID: PNG-F01 Cybersecurity Risk Information Sharing Program (CRISP): Bi-Directional Trust Michael E. Smith Senior Cyber Policy Advisor to the Assistant Secretary, Office of Electricity Delivery

More information

Cybersecurity in the Utilities Sector Best Practices and Implementation 2014 Canadian Utilities IT & Telecom Conference September 24, 2014

Cybersecurity in the Utilities Sector Best Practices and Implementation 2014 Canadian Utilities IT & Telecom Conference September 24, 2014 Cybersecurity in the Utilities Sector Best Practices and Implementation 2014 Canadian Utilities IT & Telecom Conference September 24, 2014 Victoria Yan Pillitteri Advisor for Information Systems Security

More information

U.S. DEPARTMENT OF ENERGY ENERGY SECTOR CYBERSECURITY OVERVIEW. November 12, 2012 NASEO

U.S. DEPARTMENT OF ENERGY ENERGY SECTOR CYBERSECURITY OVERVIEW. November 12, 2012 NASEO U.S. DEPARTMENT OF ENERGY ENERGY SECTOR CYBERSECURITY OVERVIEW November 12, 2012 NASEO ISER Response: from site focused to system focused Emergency Preparedness, Response, and Restoration Analysis and

More information

Help for the Developers of Control System Cyber Security Standards

Help for the Developers of Control System Cyber Security Standards INL/CON-07-13483 PREPRINT Help for the Developers of Control System Cyber Security Standards 54 th International Instrumentation Symposium Robert P. Evans May 2008 This is a preprint of a paper intended

More information

IEEE-Northwest Energy Systems Symposium (NWESS)

IEEE-Northwest Energy Systems Symposium (NWESS) IEEE-Northwest Energy Systems Symposium (NWESS) Paul Skare Energy & Environment Directorate Cybersecurity Program Manager Philip Craig Jr National Security Directorate Sr. Cyber Research Engineer The Pacific

More information

Cybersecurity Audit Why are we still Vulnerable? November 30, 2015

Cybersecurity Audit Why are we still Vulnerable? November 30, 2015 Cybersecurity Audit Why are we still Vulnerable? November 30, 2015 John R. Robles, CISA, CISM, CRISC www.johnrrobles.com jrobles@coqui.net 787-647-3961 John R. Robles- 787-647-3961 1 9/11-2001 The event

More information

Implementing Executive Order and Presidential Policy Directive 21

Implementing Executive Order and Presidential Policy Directive 21 Implementing Executive Order 13636 and Presidential Policy Directive 21 2013 2014 Winter Energy Conference November 1, 2013 Bob Kolasky Director, EO-PPD Integrated Task Force Announcement of the EO and

More information

THE WHITE HOUSE. Office of the Press Secretary. For Immediate Release February 12, 2013. February 12, 2013

THE WHITE HOUSE. Office of the Press Secretary. For Immediate Release February 12, 2013. February 12, 2013 THE WHITE HOUSE Office of the Press Secretary For Immediate Release February 12, 2013 February 12, 2013 PRESIDENTIAL POLICY DIRECTIVE/PPD-21 SUBJECT: Critical Infrastructure Security and Resilience The

More information

National Institute of Standards and Technology Smart Grid Cybersecurity

National Institute of Standards and Technology Smart Grid Cybersecurity National Institute of Standards and Technology Smart Grid Cybersecurity Vicky Yan Pillitteri Advisor for Information Systems Security SGIP SGCC Chair Victoria.yan@nist.gov 1 The National Institute of Standards

More information

Homeland Security Perspectives: Cyber Security Partnerships and Measurement Activities

Homeland Security Perspectives: Cyber Security Partnerships and Measurement Activities 16 Oct 2012 Homeland Security Perspectives: Cyber Security Partnerships and Measurement Activities Bradford Willke Cyber Security Advisor, Mid Atlantic Region National Cyber Security Division (NCSD) Office

More information

Why you should adopt the NIST Cybersecurity Framework

Why you should adopt the NIST Cybersecurity Framework www.pwc.com/cybersecurity Why you should adopt the NIST Cybersecurity Framework May 2014 The National Institute of Standards and Technology Cybersecurity Framework may be voluntary, but it offers potential

More information

ADVANCED DISTRIBUTION MANAGEMENT SYSTEMS OFFICE OF ELECTRICITY DELIVERY & ENERGY RELIABILITY SMART GRID R&D

ADVANCED DISTRIBUTION MANAGEMENT SYSTEMS OFFICE OF ELECTRICITY DELIVERY & ENERGY RELIABILITY SMART GRID R&D ADVANCED DISTRIBUTION MANAGEMENT SYSTEMS OFFICE OF ELECTRICITY DELIVERY & ENERGY RELIABILITY SMART GRID R&D Eric Lightner Director Federal Smart Grid Task Force July 2015 2 OE Mission The Office of Electricity

More information

Department of Homeland Security

Department of Homeland Security Department of Homeland Security Cybersecurity Awareness for Colleges and Universities EDUCAUSE Live! July 24, 2014 Overview Dramatic increase in cyber intrusions, data breaches, and attacks at institutions

More information

Cybersecurity Framework: Current Status and Next Steps

Cybersecurity Framework: Current Status and Next Steps Cybersecurity Framework: Current Status and Next Steps Federal Advisory Committee on Insurance November 6, 2014 Adam Sedgewick Senior IT Policy Advisor Adam.Sedgewick@nist.gov National Institute of Standards

More information

Department of Homeland Security Federal Government Offerings, Products, and Services

Department of Homeland Security Federal Government Offerings, Products, and Services Department of Homeland Security Federal Government Offerings, Products, and Services The Department of Homeland Security (DHS) partners with the public and private sectors to improve the cybersecurity

More information

Risk Management in Practice A Guide for the Electric Sector

Risk Management in Practice A Guide for the Electric Sector Risk Management in Practice A Guide for the Electric Sector Annabelle Lee Senior Technical Executive ICCS European Engagement Summit April 28, 2015 Before we continue let s get over our fears and myths

More information

Framework for Improving Critical Infrastructure Cybersecurity

Framework for Improving Critical Infrastructure Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity Implementation of Executive Order 13636 NARUC Winter Committee Meeting Committee & Staff Committee on Critical Infrastructure February 15,

More information

Docket No. DHS-2015-0017, Notice of Request for Public Comment Regarding Information Sharing and Analysis Organizations

Docket No. DHS-2015-0017, Notice of Request for Public Comment Regarding Information Sharing and Analysis Organizations Submitted via ISAO@hq.dhs.gov and www.regulations.gov July 10, 2015 Mr. Michael Echols Director, JPMO-ISAO Coordinator NPPD, Department of Homeland Security 245 Murray Lane, Mail Stop 0615 Arlington VA

More information

Refining Security: A Case Study of Public/Private Collaboration to Further PCS Security in the Energy Sector

Refining Security: A Case Study of Public/Private Collaboration to Further PCS Security in the Energy Sector Refining Security: A Case Study of Public/Private Collaboration to Further PCS Security in the Energy Sector Martha Austin, Executive Director The Institute for Information Infrastructure Protection (I3P)

More information

Framework for Improving Critical Infrastructure Cybersecurity

Framework for Improving Critical Infrastructure Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity 18 November 2015 grance@nist.gov cyberframework@nist.gov National Institute of Standards and Technology About NIST NIST s mission is to develop

More information

National Cybersecurity Challenges and NIST. Donna F. Dodson Chief Cybersecurity Advisor ITL Associate Director for Cybersecurity

National Cybersecurity Challenges and NIST. Donna F. Dodson Chief Cybersecurity Advisor ITL Associate Director for Cybersecurity National Cybersecurity Challenges and NIST Donna F. Dodson Chief Cybersecurity Advisor ITL Associate Director for Cybersecurity Though no-one knows for sure, corporate America is believed to lose anything

More information

NASCIO 2014 State IT Recognition Awards

NASCIO 2014 State IT Recognition Awards NASCIO 2014 State IT Recognition Awards Project: California Cybersecurity Task Force Category: Cybersecurity Initiatives Project Initiation Date: September, 2012 Project Completion Date: May 2013 Carlos

More information

Roadmap to Achieve Energy Delivery Systems Cybersecurity

Roadmap to Achieve Energy Delivery Systems Cybersecurity i Acknowledgements The Energy Sector Control Systems Working Group (ESCSWG) developed this roadmap in support of the Electricity Sub-sector Coordinating Council, Oil and Natural Gas Sector Coordinating

More information

Energy sector control centers across the nation, such as this one at Kansas City Power & Light, benefit from the system security assessments

Energy sector control centers across the nation, such as this one at Kansas City Power & Light, benefit from the system security assessments Energy sector control centers across the nation, such as this one at Kansas City Power & Light, benefit from the system security assessments performed through National SCADA Test Bed industry partnerships.

More information

CYBER SECURITY GUIDANCE

CYBER SECURITY GUIDANCE CYBER SECURITY GUIDANCE With the pervasiveness of information technology (IT) and cyber networks systems in nearly every aspect of society, effectively securing the Nation s critical infrastructure requires

More information

RESEARCH CALL TO DOE/FEDERAL LABORATORIES. Cybersecurity for Energy Delivery Systems Research Call RC-CEDS-2012-02

RESEARCH CALL TO DOE/FEDERAL LABORATORIES. Cybersecurity for Energy Delivery Systems Research Call RC-CEDS-2012-02 RESEARCH CALL TO DOE/FEDERAL LABORATORIES Cybersecurity for Energy Delivery Systems Research Call RC-CEDS-2012-02 CONTACT: Diane Hooie, Project Manager TELEPHONE NUMBER: (304) 285-4524 FAX NUMBER: (304)

More information

Mike Smart Cyber Strategist & Enterprise Security Solutions, EMEA. Cyber: The Catalyst to Transform the Security Program

Mike Smart Cyber Strategist & Enterprise Security Solutions, EMEA. Cyber: The Catalyst to Transform the Security Program Cyber: The Catalyst to Transform the Security Program Mike Smart Cyber Strategist & Enterprise Security Solutions, EMEA A Common Language? Hyper Connected World Rapid IT Evolution Agile Targeted Threat

More information

Integrating Cybersecurity with Emergency Operations Plans (EOPs) for K-12 Education

Integrating Cybersecurity with Emergency Operations Plans (EOPs) for K-12 Education Integrating Cybersecurity with Emergency Operations Plans (EOPs) for K-12 Education Amy Banks, U.S. Department of Education, Center for School Preparedness, Office of Safe and Healthy Students Hamed Negron-Perez,

More information

MESSAGE FROM THE SECRETARY... ii EXECUTIVE SUMMARY... iii INTRODUCTION... 1 THE FUTURE WE SEEK... 5

MESSAGE FROM THE SECRETARY... ii EXECUTIVE SUMMARY... iii INTRODUCTION... 1 THE FUTURE WE SEEK... 5 TABLE OF CONTENTS MESSAGE FROM THE SECRETARY... ii EXECUTIVE SUMMARY... iii INTRODUCTION... 1 SCOPE... 2 RELATIONSHIP TO OTHER KEY POLICIES AND STRATEGIES... 3 MOTIVATION... 3 STRATEGIC ASSUMPTIONS...

More information

Written Statement of Richard Dewey Executive Vice President New York Independent System Operator

Written Statement of Richard Dewey Executive Vice President New York Independent System Operator Written Statement of Richard Dewey Executive Vice President New York Independent System Operator Senate Standing Committee on Veterans, Homeland Security and Military Affairs Senator Thomas D. Croci, Chairman

More information

NGA Paper. Act and Adjust: A Call to Action for Governors. for cybersecurity;

NGA Paper. Act and Adjust: A Call to Action for Governors. for cybersecurity; NGA Paper Act and Adjust: A Call to Action for Governors for Cybersecurity challenges facing the nation. Although implementing policies and practices that will make state systems and data more secure will

More information

Enterprise Security Tactical Plan

Enterprise Security Tactical Plan Enterprise Security Tactical Plan Fiscal Years 2011 2012 (July 1, 2010 to June 30, 2012) Prepared By: State Chief Information Security Officer The Information Security Council State of Minnesota Enterprise

More information

A Framework to Gauge Cyber Defenses

A Framework to Gauge Cyber Defenses White Paper A Framework to Gauge Cyber Defenses NIST s Cybersecurity Framework Helps Critical Infrastructure Owners to Cost-Effectively Defend National & Economic Security of the U.S. Executive Summary

More information

Water Critical Infrastructure and Key Resources Sector-Specific Plan as input to the National Infrastructure Protection Plan Executive Summary

Water Critical Infrastructure and Key Resources Sector-Specific Plan as input to the National Infrastructure Protection Plan Executive Summary Water Critical Infrastructure and Key Resources Sector-Specific Plan as input to the National Infrastructure Protection Plan Executive Summary May 2007 Environmental Protection Agency Executive Summary

More information

Infrastructure Protection Gateway

Infrastructure Protection Gateway Infrastructure Protection Gateway Our Nation s critical infrastructure is essential to sustaining our security, the economy, and the American way of life. The Department of Homeland Security (DHS), National

More information

Framework for Improving Critical Infrastructure Cybersecurity

Framework for Improving Critical Infrastructure Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity Implementation of Executive Order 13636 8 April 2015 cyberframework@nist.gov Agenda Mission of NIST Cybersecurity at NIST Cybersecurity Framework

More information

Delving Into FCC's 'Damn Important' Cybersecurity Report

Delving Into FCC's 'Damn Important' Cybersecurity Report Portfolio Media. Inc. 860 Broadway, 6th Floor New York, NY 10003 www.law360.com Phone: +1 646 783 7100 Fax: +1 646 783 7161 customerservice@law360.com Delving Into FCC's 'Damn Important' Cybersecurity

More information

Cybersecurity for Medical Devices

Cybersecurity for Medical Devices Cybersecurity for Medical Devices Suzanne O Shea Kathleen Rice January 29, 2015 Why Is This Important? Security Risks in the Sensors of Implantable Medical Devices Over the last year, we ve seen an uptick

More information

IAPP Global Privacy Summit Protecting Privacy Under the Cybersecurity Microscope

IAPP Global Privacy Summit Protecting Privacy Under the Cybersecurity Microscope IAPP Global Privacy Summit Protecting Privacy Under the Cybersecurity Microscope March 6, 2014 Victoria King UPS (404) 828-6550 vking@ups.com Lisa J. Sotto Hunton & Williams LLP (212) 309-1223 lsotto@hunton.com

More information

TEXAS HOMELAND SECURITY STRATEGIC PLAN 2015-2020: PRIORITY ACTIONS

TEXAS HOMELAND SECURITY STRATEGIC PLAN 2015-2020: PRIORITY ACTIONS TEXAS HOMELAND SECURITY STRATEGIC PLAN 2015-2020: PRIORITY ACTIONS INTRODUCTION The purpose of this document is to list the aligned with each in the Texas Homeland Security Strategic Plan 2015-2020 (THSSP).

More information

April 8, 2013. Ms. Diane Honeycutt National Institute of Standards and Technology 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899

April 8, 2013. Ms. Diane Honeycutt National Institute of Standards and Technology 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899 Salt River Project P.O. Box 52025 Mail Stop: CUN204 Phoenix, AZ 85072 2025 Phone: (602) 236 6011 Fax: (602) 629 7988 James.Costello@srpnet.com James J. Costello Director, Enterprise IT Security April 8,

More information

NIST CYBERSECURITY FRAMEWORK COMPLIANCE WITH OBSERVEIT

NIST CYBERSECURITY FRAMEWORK COMPLIANCE WITH OBSERVEIT NIST CYBERSECURITY FRAMEWORK COMPLIANCE WITH OBSERVEIT OVERVIEW The National Institute of Standards of Technology Framework for Improving Critical Infrastructure Cybersecurity (The NIST Framework) is a

More information

Framework for Improving Critical Infrastructure Cybersecurity

Framework for Improving Critical Infrastructure Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity Executive Order 13636 Improving Critical Infrastructure Cybersecurity 2014 ISACA Pittsburgh Information Security Awareness Day Victoria Yan

More information

U.S. Department of Energy Office of Inspector General Office of Audits & Inspections

U.S. Department of Energy Office of Inspector General Office of Audits & Inspections U.S. Department of Energy Office of Inspector General Office of Audits & Inspections Audit Report Follow-up Audit of the Department's Cyber Security Incident Management Program DOE/IG-0878 December 2012

More information

future data and infrastructure

future data and infrastructure White Paper Smart Grid Security: Preparing for the Standards-Based Future without Neglecting the Needs of Today Are you prepared for future data and infrastructure security challenges? Steve Chasko Principal

More information

Business Continuity for Cyber Threat

Business Continuity for Cyber Threat Business Continuity for Cyber Threat April 1, 2014 Workshop Session #3 3:00 5:30 PM Susan Rogers, MBCP, MBCI Cyberwise CP S2 What happens when a computer program can activate physical machinery? Between

More information

Addressing Dynamic Threats to the Electric Power Grid Through Resilience

Addressing Dynamic Threats to the Electric Power Grid Through Resilience Addressing Dynamic Threats to the Electric Power Grid Through Resilience NOVEMBER 2014 INTRODUCTION The U.S. electric power grid is an interconnected system made up of power generation, transmission, and

More information

Big Data, Big Risk, Big Rewards. Hussein Syed

Big Data, Big Risk, Big Rewards. Hussein Syed Big Data, Big Risk, Big Rewards Hussein Syed Discussion Topics Information Security in healthcare Cyber Security Big Data Security Security and Privacy concerns Security and Privacy Governance Big Data

More information

C2M2 and the NIST Cyber Framework: Applying DOE's NIST Cyber Security Framework Guidance

C2M2 and the NIST Cyber Framework: Applying DOE's NIST Cyber Security Framework Guidance C2M2 and the NIST Cyber Framework: Applying DOE's NIST Cyber Security Framework Guidance June 18, 2015 Victoria Yan Pillitteri, National Institute of Standards & Technology (NIST) Smart Grid Cybersecurity

More information

Executive Order 13636: The Healthcare Sector and the Cybersecurity Framework. September 23, 2014

Executive Order 13636: The Healthcare Sector and the Cybersecurity Framework. September 23, 2014 Executive Order 13636: The Healthcare Sector and the Cybersecurity Framework September 23, 2014 Executive Order: Improving Critical Infrastructure Cybersecurity It is the policy of the United States to

More information

Working to Achieve Cybersecurity in the Energy Sector. Cybersecurity for Energy Delivery Systems (CEDS)

Working to Achieve Cybersecurity in the Energy Sector. Cybersecurity for Energy Delivery Systems (CEDS) Working to Achieve Cybersecurity in the Energy Sector Cybersecurity for Energy Delivery Systems (CEDS) Energy Sector Cybersecurity Challenges Open Protocols Open industry standard protocols are replacing

More information

Lessons from Defending Cyberspace

Lessons from Defending Cyberspace Lessons from Defending Cyberspace The Challenge of Addressing National Cyber Risk Andy Purdy Workshop on Cyber Security Center for American Studies, Christopher Newport College 10 28-2009 Cyber Threat

More information

NIST Cybersecurity Initiatives. ARC World Industry Forum 2014

NIST Cybersecurity Initiatives. ARC World Industry Forum 2014 NIST Cybersecurity Initiatives Keith Stouffer and Vicky Pillitteri NIST ARC World Industry Forum 2014 February 10-13, 2014 Orlando, FL National Institute of Standards and Technology (NIST) NIST s mission

More information

Microsoft s cybersecurity commitment

Microsoft s cybersecurity commitment Microsoft s cybersecurity commitment Published January 2015 At Microsoft, we take the security and privacy of our customers data seriously. This focus has been core to our culture for more than a decade

More information

Roadmaps to Securing Industrial Control Systems

Roadmaps to Securing Industrial Control Systems Roadmaps to Securing Industrial Control Systems Insert Photo Here Mark Heard Eastman Chemical Company Rockwell Automation Process Solutions User Group (PSUG) November 14-15, 2011 Chicago, IL McCormick

More information

Collaborative, Standards-Based Approaches to Improving Cybersecurity

Collaborative, Standards-Based Approaches to Improving Cybersecurity Collaborative, Standards-Based Approaches to Improving Cybersecurity ISACA-NCAC Annual Meeting May 24, 2016 Kevin Stine Kevin.Stine@nist.gov National Institute of Standards and Technology (NIST) About

More information

PROTIVITI FLASH REPORT

PROTIVITI FLASH REPORT PROTIVITI FLASH REPORT Cybersecurity Framework: Where Do We Go From Here? February 25, 2014 Just over a year ago, President Barack Obama signed an Executive Order (EO) calling for increased cybersecurity

More information

Obtaining Enterprise Cybersituational

Obtaining Enterprise Cybersituational SESSION ID: SPO-R06A Obtaining Enterprise Cybersituational Awareness Eric J. Eifert Sr. Vice President Managed Security Services DarkMatter Agenda My Background Key components of the Cyber Situational

More information

S. 2519 AN ACT. To codify an existing operations center for cybersecurity.

S. 2519 AN ACT. To codify an existing operations center for cybersecurity. TH CONGRESS D SESSION S. 1 AN ACT To codify an existing operations center for cybersecurity. 1 Be it enacted by the Senate and House of Representa- tives of the United States of America in Congress assembled,

More information

IG ISCM MATURITY MODEL FOR FY 2015 FISMA FOR OFFICIAL USE ONLY

IG ISCM MATURITY MODEL FOR FY 2015 FISMA FOR OFFICIAL USE ONLY IG MATURITY MODEL FOR FY 2015 FISMA 1 Ad-hoc 1.1 program is not formalized and activities are performed in a reactive manner resulting in an adhoc program that does not meet 2 requirements for a defined

More information

Department of Management Services. Request for Information

Department of Management Services. Request for Information Department of Management Services Request for Information Cyber-Security Assessment, Remediation, and Identity Protection, Monitoring, and Restoration Services September 3, 2015 Submitted By: Carlos Henley

More information

One Hundred Thirteenth Congress of the United States of America

One Hundred Thirteenth Congress of the United States of America S. 2519 One Hundred Thirteenth Congress of the United States of America AT THE SECOND SESSION Begun held at the City of Washington on Friday, the third day of January, two thous fourteen An Act To codify

More information

2. OVERVIEW OF THE PRIVATE INFRASTRUCTURE

2. OVERVIEW OF THE PRIVATE INFRASTRUCTURE A Functional Model for Critical Infrastructure Information Sharing and Analysis Maturing and Expanding Efforts ISAC Council White Paper January 31, 2004 1. PURPOSE/OBJECTIVES This paper is an effort to

More information

Cyber Side-Effects: How Secure is the Personal Information Entered into the Flawed Healthcare.gov? Statement for the Record

Cyber Side-Effects: How Secure is the Personal Information Entered into the Flawed Healthcare.gov? Statement for the Record Cyber Side-Effects: How Secure is the Personal Information Entered into the Flawed Healthcare.gov? Statement for the Record Roberta Stempfley Acting Assistant Secretary for Cybersecurity and Communications

More information

Accenture Cyber Security Transformation. October 2015

Accenture Cyber Security Transformation. October 2015 Accenture Cyber Security Transformation October 2015 Today s Presenter Antti Ropponen, Nordic Cyber Defense Domain Lead Accenture Nordics Antti is a leading consultant in Accenture's security consulting

More information

AUDIT REPORT. The Department of Energy's Implementation of Voice over Internet Protocol Telecommunications Networks

AUDIT REPORT. The Department of Energy's Implementation of Voice over Internet Protocol Telecommunications Networks U.S. Department of Energy Office of Inspector General Office of Audits and Inspections AUDIT REPORT The Department of Energy's Implementation of Voice over Internet Protocol Telecommunications Networks

More information

Supplemental Tool: Executing A Critical Infrastructure Risk Management Approach

Supplemental Tool: Executing A Critical Infrastructure Risk Management Approach Supplemental Tool: Executing A Critical Infrastructure Risk Management Approach Executing a Critical Infrastructure Risk Management Approach Risk is defined as the potential for an unwanted outcome resulting

More information

Rebecca Massello Energetics Incorporated

Rebecca Massello Energetics Incorporated Cybersecurity Procurement Language for Energy Delivery Systems Rebecca Massello Energetics Incorporated NRECA TechAdvantage February 25, 2015 Talking Points What is this document? Who can use this document

More information

Which cybersecurity standard is most relevant for a water utility?

Which cybersecurity standard is most relevant for a water utility? Which cybersecurity standard is most relevant for a water utility? Don Dickinson 1 * 1 Don Dickinson, Phoenix Contact USA, 586 Fulling Mill Road, Middletown, Pennsylvania, USA, 17057 (*correspondence:

More information

C ETS C/ETS: CYBER INTELLIGENCE + ENTERPRISE SOLUTIONS CSCSS / ENTERPRISE TECHNOLOGY + SECURITY

C ETS C/ETS: CYBER INTELLIGENCE + ENTERPRISE SOLUTIONS CSCSS / ENTERPRISE TECHNOLOGY + SECURITY CSCSS / ENTERPRISE TECHNOLOGY + SECURITY C/ETS: CYBER INTELLIGENCE + ENTERPRISE SOLUTIONS CENTRE FOR STRATEGIC CSCSS CYBERSPACE + SECURITY SCIENCE CSCSS / ENTERPRISE TECHNOLOGY + SECURITY GROUP Information

More information

Cybersecurity Enhancement Account. FY 2017 President s Budget

Cybersecurity Enhancement Account. FY 2017 President s Budget Cybersecurity Enhancement Account FY 2017 President s Budget February 9, 2016 Table of Contents Section 1 Purpose... 3 1A Mission Statement... 3 1.1 Appropriations Detail Table... 3 1B Vision, Priorities

More information

2008 Visualization and Controls Peer Review. NSTB Program. Sam Clements Pacific Northwest National Laboratory

2008 Visualization and Controls Peer Review. NSTB Program. Sam Clements Pacific Northwest National Laboratory 2008 Visualization and Controls Peer Review NSTB Program Washington, DC October 21-22, 2008 Sam Clements Pacific Northwest National Laboratory PNNL - NSTB Program Vision GRIDSTAT SECURITY EVALUATION Enterprise

More information

Foreword. Nuclear Sector Cybersecurity Framework Implementation Guidance for U.S. Nuclear Power Reactors

Foreword. Nuclear Sector Cybersecurity Framework Implementation Guidance for U.S. Nuclear Power Reactors Foreword The National Institute of Standards and Technology (NIST) released the 2014 Framework for Improving Critical Infrastructure Cybersecurity (Framework) as a voluntary, risk-based set of standards

More information

Industry involvement in education and research - TCIPG

Industry involvement in education and research - TCIPG 1 Industry involvement in education and research - TCIPG Peter W. Sauer and William H. Sanders (and the TCIPG team) IEEE/PES GM, Denver, CO July 29, 2015 Outline History and facts TCIPG Overview and Vision

More information

Portal Storm: A Cyber/Business Continuity Exercise. Cyber Security Initiatives

Portal Storm: A Cyber/Business Continuity Exercise. Cyber Security Initiatives Portal Storm: A Cyber/Business Continuity Exercise Cyber Security Initiatives Commonwealth of Pennsylvania Office of Administration Tony Encinias, Chief Information Officer Project Initiated: January 2013

More information

Cyber Information-Sharing Models: An Overview

Cyber Information-Sharing Models: An Overview PARTNERSHIP Cyber Information-Sharing Models: An Overview October 2012. The MITRE Corporation. All rights reserved. Approved for Public Release. Case Number 11-4486. Distribution Unlimited. Table of Contents

More information

October 9, 2014. Lyman Terni, Consultant Tim Villano, Chief Technology Officer. Current Awareness of the Cybersecurity Framework

October 9, 2014. Lyman Terni, Consultant Tim Villano, Chief Technology Officer. Current Awareness of the Cybersecurity Framework October 9, 2014 Ascendant Compliance Management is an independent consulting firm assisting Registered Investment Advisers and Broker-Dealers with regulatory compliance. Our firm has an IT Risk Assessment

More information

Cyber Security Research and Development a Homeland Security Perspective

Cyber Security Research and Development a Homeland Security Perspective FBI ----------------------------------------- INFRAGARD National Conference ----------------------------------------- 2005 Cyber Security Research and Development a Homeland Security Perspective Annabelle

More information

ICS-CERT Year in Review. Industrial Control Systems Cyber Emergency Response Team. National Cybersecurity and Communications Integration Center

ICS-CERT Year in Review. Industrial Control Systems Cyber Emergency Response Team. National Cybersecurity and Communications Integration Center ICS-CERT Year in Review Industrial Control Systems Cyber Emergency Response Team 2013 National Cybersecurity and Communications Integration Center What s Inside Welcome 1 National Preparedness 2 Prevention

More information

Industrial Cyber Security Risk Manager. Proactively Monitor, Measure and Manage Cyber Security Risk

Industrial Cyber Security Risk Manager. Proactively Monitor, Measure and Manage Cyber Security Risk Industrial Cyber Security Risk Manager Proactively Monitor, Measure and Manage Cyber Security Risk With Today s Cyber Threats, How Secure is Your Control System? Today, industrial organizations are faced

More information

Middle Class Economics: Cybersecurity Updated August 7, 2015

Middle Class Economics: Cybersecurity Updated August 7, 2015 Middle Class Economics: Cybersecurity Updated August 7, 2015 The President's 2016 Budget is designed to bring middle class economics into the 21st Century. This Budget shows what we can do if we invest

More information

Agency for State Technology

Agency for State Technology Agency for State Technology 2015-2018 Statewide Information Technology Security Plan The Way Forward Rick Scott, Governor Jason M. Allison, State CIO Table of Contents From the Desk of the State Chief

More information