NH!ISAC"ADVISORY"201.13" NATIONAL"CRITICAL"INFRASTRUCTURE"RESILIENCE"ANALYSIS"REPORT""

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "NH!ISAC"ADVISORY"201.13" NATIONAL"CRITICAL"INFRASTRUCTURE"RESILIENCE"ANALYSIS"REPORT"""

Transcription

1 National(Health#ISAC#(NH!ISAC) GlobalInstituteforCybersecurity+Research7GlobalSituationalAwarenessCenter NASA SpaceLifeSciencesLaboratory KennedySpaceCenter,FL NH!ISACADVISORY NATIONALCRITICALINFRASTRUCTURERESILIENCEANALYSISREPORT FederalCybersecurityAction2009toPresent NationalCriticalInfrastructureInformationSharing&AnalysisCenters(ISACs) NationalHealthcare&PublicHealthCybersecurityResilience Date: February23,2013 To: NH7ISACMembers NationalHealthSectorCoordinatingCouncil(SCC) NationalHealthcare&PublicHealthCriticalInfrastructureOwners+Operators Title: NationalCriticalInfrastructureResilience Introduction* Thefederalgovernment scybersecurityroleincludesbothsecuringfederalsystemsandassistingin protectingnon7federalsystems.identifiedfederalagencies,knownassector7specificagencies,have responsibilities for protection of their respective national critical infrastructure by writing a protectionplan(annexestothenationalinfrastructureprotectionplan). Theover7arching consultativeprocess referencedinthefebruary12,2013presidentialexecutive Order13636andPresidentialPolicyDirectivePPD721encompasses: Federal Sector7Specific Agencies (SSAs) working in concert with the Critical Infrastructure Partnership Advisory Council; Sector Coordinating Councils (Government Coordinating Councils andprivatesectorcoordinatingcouncils);criticalinfrastructureownersandoperators(private7 sector CIleadershipand eachcriticalinfrastructure srecognized privatesector7led Information Sharing & Analysis Center ISAC); other relevant agencies; State, local, territorial and tribal governments,universitiesandoutsideexperts; Withcloseto90%ofthenation scriticalinfrastructuresownedandoperatedbytheprivatesector, critical infrastructure owners and operators and their respective private sector7led ISAC as the operationalandtacticalarm,havealeadershipresponsibilityandleading definingvoice toenable nationalcybersecuritycriticalinfrastructureprotection,workingincollaborationwithgovernment. NationalHealthISAC(NH7ISAC) February2013.AllRightsReserved.! 1

2 National(Health#ISAC#(NH!ISAC) GlobalInstituteforCybersecurity+Research7GlobalSituationalAwarenessCenter NASA SpaceLifeSciencesLaboratory KennedySpaceCenter,FL Thereare50+statutescurrentlyaddressingcybersecurityeitherdirectlyorindirectly,butthereisno comprehensivecybersecurityframework legislationthat encompasseshowthegovernmentassists the private sector with national cybersecurity critical infrastructure protection efforts including informationsharingwiththerequiredprivacyandcivillibertiesprotections. The following report provides an overview of cybersecurity Presidential and Congressional Actions frommarch2009topresent,thenation sprivate7sectorledinformationsharing&analysiscenters (ISACs)infrastructure,NationalHealthcare&PublicHealthCybersecurityResilience(aninitiativeled bythehealthcareandpublichealthsectorincollaborationwithgovernment seebelow),andan analysisofpresidentialexecutiveorder13636andpresidentialpolicydirective(ppd721). NationalHealthcareandPublicHealthCybersecurityResponseSystem(HPH!CRS) National Healthcare and Public Health Cybersecurity First Responder (HPH!CFR) Program (AnnualTraining/Certification) NationalHealthcareandPublicHealthCybersecurityEducationFramework(HPH!CEF) * * NationalHealthISAC(NH7ISAC) February2013.AllRightsReserved.! 2

3 National(Health#ISAC#(NH!ISAC) GlobalInstituteforCybersecurity+Research7GlobalSituationalAwarenessCenter NASA SpaceLifeSciencesLaboratory KennedySpaceCenter,FL FEDERAL*CYBERSECURITY*ACTION*2009*TO*PRESENT* Overview:**2009*A*2012* March* 20097PresidentObamareleasedtheCyberspacePolicyReviewdeclaringtheNation s digital infrastructures (cyberspace) as a key strategic national asset and national security priority.( ThePresident scyberspacepolicyreviewidentifiedten(10)near7termactionstosupportthe cybersecuritystrategy: 1. Appoint a cybersecurity policy official responsible for coordinating the Nation s cybersecuritypoliciesandactivities. 2. PrepareforthePresident sapprovalanupdatedstrategytosecuretheinformationand communicationsinfrastructure. 3. Designate cybersecurity as one of the President s key management priorities and establishperformancemetrics. 4. DesignateprivacyandcivillibertiesofficialtotheNSCCybersecurityDirectorate. 5. Conductinteragency7clearedlegalanalysesofprioritycybersecurity7relatedissues. 6. Initiateanationalawarenessandeducationcampaigntopromotecybersecurity 7. Develop an international cybersecurity policy framework and strengthen our internationalpartnerships. 8. Prepareacybersecurityincidentresponseplanandinitiateadialogtoenhancepublic7 privatepartnerships. 9. Develop a framework for research and development strategies that focus on game7 changing technologies that have the potential to enhance the security, reliability, resilienceandtrustworthinessofdigitalinfrastructure. 10. Build a cybersecurity7based identity management vision and strategy, leveraging privacy7enhancingtechnologiesforthenation. KeyDocuments Someofthekeydocumentsguidingeffortsinclude: NationalHealthISAC(NH7ISAC) February2013.AllRightsReserved.! 3

4 National(Health#ISAC#(NH!ISAC) GlobalInstituteforCybersecurity+Research7GlobalSituationalAwarenessCenter NASA SpaceLifeSciencesLaboratory KennedySpaceCenter,FL to strengthen the security and resilience of the United States by implementing a national preparedness system identifying and supporting core preparedness capabilities Prevention, May* 12,* to Capitol Hill in response to Congress call for assistance on how best to address national 2011*and*2012 Unsuccessfullegislationincludes,butisnotlimitedto: Improve public/private cybersecurity sector risk assessments, infrastructure identification, private sector leading practice adoption, incentive7basedvoluntarycybersecurityprogramforciownersandoperators Direct specified federal agencies to developandupdatethefederalcybersecurityr&dandtechnicalstandardsstrategicplan. American R&Dinnetworkingandinformationtechnology,includingbut FISMAreform. coordination,includingsharingofclassifiedinformation.passedbythehouse,butstalledin thesenateunderthreatofpresidentialvetoandfromgrass7rootsprotestscitingthebillasa threattointernetprivacyandcivilliberties. NationalHealthISAC(NH7ISAC) February2013.AllRightsReserved.! 4

5 National(Health#ISAC#(NH!ISAC) GlobalInstituteforCybersecurity+Research7GlobalSituationalAwarenessCenter NASA SpaceLifeSciencesLaboratory KennedySpaceCenter,FL Amendthefederalcriminalcodeto providecriminalpenaltiesforintentionalfailurestoproviderequirednoticesofasecurity breachinvolvingsensitivepersonallyidentifiableinformation(specifiedelectronicordigital information). Amendthefederalcriminalcodetomake fraudinconnectionwiththeunauthorizedaccessofpersonallyidentifiableinformation(in electronicordigitalform)apredicateforinstitutingaprosecutionforracketeering. IT Authorize private entities to employ countermeasures and use cybersecurity systems to obtain, identify or possess cyber threat information on its own networksorthenetworksofanotherentitywithsuchentity authorization Promote and Enhance Cybersecurity and Information Sharing Effectiveness and addressing DHS role in CI protection (risk assessments, technologydevelopment,mitigation,awareness/outreach). Overview:**2013** * PresidentialPolicyDirectivePPD!21andExecutiveOrder With legislative failure to successfully pass any effective cybersecurity legislation to support national critical infrastructure protection in 2011 or 2012, on February 12, 2013, the President Presidential* The113 th Congress The 113 th Congress was sworn in on January 3, Provided below is an overview of the Legislative Congressional Cybersecurity Caucus, Committees and current pending cybersecurity legislation. US*House*of*Representatives*Congressional*Cybersecurity*Caucus Co7Chairs:CongressmanJimLangevin(RI7D)andCongressmanMikeT.McCaul(TX7R) Congressman Langevin and Congressman McCaul founded the first7ever Congressional Cybersecurity Caucus in September As Co7Chairs of the CSIS Commission on Cybersecurityforthe44 th Presidency,theyareactivelyengagedinidentifyingchallengesand NationalHealthISAC(NH7ISAC) February2013.AllRightsReserved.! 5

6 National(Health#ISAC#(NH!ISAC) GlobalInstituteforCybersecurity+Research7GlobalSituationalAwarenessCenter NASA SpaceLifeSciencesLaboratory KennedySpaceCenter,FL making recommendations for the Administration and providing opportunities for more membersofcongresstoengageinthediscussions.whilecongressplaysakeyroleinthe future of cybersecurity policy, the overlap of committee jurisdictions can divide the attentionandfocusofcongressontheseissues.congressmanlangevinandmccaulhope thatthiscaucuswillhelpraiseawarenessandprovideaforumformembersrepresenting differentcommitteesofjurisdictiontodiscussthechallengesinsecuringcyberspace. House*Oversight*and*Government*Reform*Committee* Chair:RepresentativeDarrellE.Issa(RCA749) RankingMember:RepresentativeElijahCummings(DMD77) RepublicanSite: TheHouseOversightandGovernmentReformCommitteeexiststosecuretwofundamental principles.first,americanshavearighttoknowthatthemoneywashingtontakesfrom themiswellspent.andsecond,americansdeserveanefficient,effectivegovernmentthat works for them. The duty on the Oversight and Government Reform Committee is to protecttheserights. The Committee s solemn responsibility is to hold government accountable to taxpayers. They work in partnership with citizen7watchdogs, to deliver the facts to the American peopleandbringgenuinereformtothefederalbureaucracy. The Committee has legislative jurisdiction over the District of Columbia, the government procurementprocess,federalpersonnelsystems,thepostalserviceandothermatters.its primaryresponsibilityisoversightofvirtuallyeverythingthegovernmentdoesfromnational securitytohomelandsecuritygrants,fromfederalworkforcepoliciestoregulatoryreform andreorganizationauthority,andfrominformationtechnologyprocurementsatindividual agenciestogovernment7widesecuritystandards. Subcommittees: Federal Workforce; Government Organization; Health Care & D.C.; NationalSecurity;RegulatoryAffairs;T.A.R.P,&FinancialResources DemocraticSite: CommitteeJurisdiction:TheCommitteeonOversightandGovernmentReformisthemain investigative committee in the U.S. House of Representatives. It has the authority to investigate the subjects within the Committee s legislative jurisdiction as well as any matter withinthejurisdictionoftheotherstandinghousecommittee. NationalHealthISAC(NH7ISAC) February2013.AllRightsReserved.! 6

7 National(Health#ISAC#(NH!ISAC) GlobalInstituteforCybersecurity+Research7GlobalSituationalAwarenessCenter NASA SpaceLifeSciencesLaboratory KennedySpaceCenter,FL Subcommittees: Federal Workforce / US Postal Service and Labor Policy, Government Organization, Efficiency and Financial Management; Health Care, District of Columbia, Census and the National Archives; National Security, Homeland Defense and Foreign Operations; Regulatory Affairs, Stimulus Oversight and Government Spending; T.A.R.P, Financial Services and Bailouts of Public and Private Programs; Technology, Information Policy,IntergovernmentalRelationsandProcurementReform. Committee*on*Homeland*Security* RepublicanSite: Chair RepresentativeMichaelMcCaul(R7TX) CommitteeDescription:Republican Establishedin2002toprovideCongressionaloversightforUSDHSandbetterprotect Americansagainstapossibleterroristattack. Subcommittees: Border and Maritime Security; Counterterrorism and Intelligence; Cybersecurity, Infrastructure Protection and Security Technologies; Emergency Preparedness, Response and Communications; Oversight and Management Efficiency; TransportationSecurity Issues:9/11Trials/GuantanamoDetainees;BorderSecurity;ChemicalFacilitySecurity Counterterrorism;Cybersecurity;FirstResponderCommunications InformationSharing andstateandlocalfusioncenters;maritimesecurity;oversightofdhsmanagement; Passenger and Cargo Aviation Security; Preparedness for and Response to Terrorist Attacks and Natural Disasters; Risk7Based Grant Funding; Surface Transportation Security;WeaponsofMassDestruction RankingMember:Rep.BennieG.Thompson(D7MS) CommitteeDescription Democratic CreatedbytheUSHouseofRepresentativesin2002intheaftermathofSeptember11, 2001 to provide Congressional oversight to US DHS and better protect the American peopleagainstapossibleterroristattack. Subcommittees: Border and Maritime Security; Counterterrorism and Intelligence; Cybersecurity, Infrastructure Protection and Security Technologies; Emergency Preparedness, Response and Communications; Oversight and Management Efficiency; TransportationSecurity Issues: Transportation Security; Border and Port Security; Critical Infrastructure Protection Cybersecurity and Science and Technology; Emergency Preparedness NationalHealthISAC(NH7ISAC) February2013.AllRightsReserved.! 7

8 National(Health#ISAC#(NH!ISAC) GlobalInstituteforCybersecurity+Research7GlobalSituationalAwarenessCenter NASA SpaceLifeSciencesLaboratory KennedySpaceCenter,FL Emerging Threats; Intelligence and Information Sharing; Investigations; Management andprocurement;privacy,civilrightsandcivilliberties Homeland*Security*&*Governmental*Affairs*(GSGA)* Chairman:SenatorThomasR.Carper RankingMember:SenatorTomCoburn Committee Description: Chief oversight committee of the U.S. Senate. The Committee has 5 subcommittees that examine issues ranging from the federal Civil Service,tothegovernment sfinancialmanagementtohowgovernmenthelpscommunities recoverfromcatastrophes. Subcommittees: Permanent Subcommittee on Investigations; Oversight of Government Management; Federal Financial Management; Disaster Recovery and Intergovernmental Affairs;ContractingOversight. Permanent*Select*Committee*on*Intelligence Chairman:CongressmanMikeRogers RankingMember:CongressmanDutchRuppersberger Committee Description: The Committee is the House s primary panel responsible for authorizingthefundingforandoverseeingtheexecutionoftheintelligenceactivitiesofthe USgovernment. Subcommittees:Oversight;TechnicalandTacticalIntelligence;Terrorism,HUMINT,Analysis andcounterintelligence 2013CurrentPendingBills Withover1,381billsintroducedasofFebruary20,2013(the113 th LegislativeSession),the billsbelowrepresentintroducedcybersecuritylegislationtodate. (H.R.624)*Cyber*Intelligence*Sharing*and*Protection*Act*(CISPA)7HouseIntelligencePanel Leaders reintroduced and referred to the House Committee the identical bill (H.R. 3523) from2012onfebruary13,2013.asoffebruary20,2013,thesummaryforh.r.624hasnot beenreceived. (H.R.756)*To*Advance*Cybersecurity*Research,*Development*and*Technical*Standards,*and* for* Other* Purposes Bipartisan legislation to improve communication and collaboration between the private sector and the federal government. Introduced to the House and referredtothehousecommitteeonscience,spaceandtechnologyonfebruary15,2013. NationalHealthISAC(NH7ISAC) February2013.AllRightsReserved.! 8

9 National(Health#ISAC#(NH!ISAC) GlobalInstituteforCybersecurity+Research7GlobalSituationalAwarenessCenter NASA SpaceLifeSciencesLaboratory KennedySpaceCenter,FL (S.21)*Cybersecurity*and*American*Cyber*Competitiveness*Act*of*2013 IntroducedJanuary 22,2013,readtwiceandreferredtotheCommitteeonHomelandSecurityandGovernment Affairs. Calls for enactment of bipartisan legislation to improve communication and collaboration between the private sector and the federal government to secure the US against cyber attack and enhance the competitiveness of the US and create jobs in the informationtechnologyindustry,andprotectandidentitiesandsensitiveinformationofus citizensandbusinesses. (H.Res.57) ThesummaryforHouseResolution577ExpressingthesenseoftheHouseof Representatives that in order to continue aggressive growth in the Nation s telecommunicationsandtechnologyindustries,theunitedstatesgovernmentshould Get OutoftheWayandStayoutoftheWay hasnotbeenreceivedasoffebruary20,2013. (H.R.86)*Cybersecurity*Education*Enhancement*Act*of*20137ReferredtotheSubcommittee oncybersecurity,infrastructureprotectionandsecuritytechnologiesonfebruary12,2013. Directs the Secretary of Homeland Security to establish, in conjunction with the National Science Foundation, a program to award grants to institutions of higher education for cybersecurity professional development programs, associate cybersecurity degree programs, and the purchase of equipment to provide training in cybersecurity for professionaldevelopmentofdegreeprograms. MovingForward Implementationofcapabilitiestomovefromareactivetoanationalproactivecybersecuritystance requiresnotonlyeffectivelegislationsupportingprivate7sectordefinedimplementationofsecurity standardsandprotectionpolicies,butalsorequirescontinuallyassessingourcurrentenvironments acrossallcriticalinfrastructuresfromsectorandcross7sectorthreatandvulnerabilityimpacts.this includes two7way security intelligence information sharing, countermeasure solutions, incident response,leadingpracticeandeducation. Beingevervigilant7lookingandmovingforward,workingtogetherinatrustedpublicandprivate sectorcollaborativepartnershipisparamount. NationalHealthISAC(NH7ISAC) February2013.AllRightsReserved.! 9

10 National(Health#ISAC#(NH!ISAC) GlobalInstituteforCybersecurity+Research7GlobalSituationalAwarenessCenter NASA SpaceLifeSciencesLaboratory KennedySpaceCenter,FL NATIONAL*HEALTHCARE*&*PUBLIC*HEALTH*CYBERSECURITY*RESILIENCE* NationalHealthcareandPublicHealthCybersecurityResponseSystem(HPH7CRS) NationalHealthcareandPublicHealthCybersecurityFirstResponderProgram(HPH7CFR) NationalHealthcareandPublicHealthCybersecurityEducationFramework(HPH7CEF) The nation s healthcare and public health critical infrastructure (CI) has moved forward to build a trustedcollaborativepartnershipunitinghealthsectorciownersandoperatorswithothernational criticalinfrastructuresandorganizationssupportingthehealthsector.ledbythehealthsector,this isaccomplishedincollaborationandcooperationwiththenationalcouncilofisacs,representingall nationalcriticalinfrastructures,thehealthsectorcoordinatingcouncil(scc),andgovernment(hhs, DHS,NIST,andstate,local,tribalandterritorialgovernments. EnablingNationalHealthcareandPublicHealthCriticalInfrastructureResilience ToenableNationalHealthcareandPublicHealthCriticalInfrastructureresilience,ledbythenation s healthcareandpublichealthsectorincooperationwithgovernment,thenationalhealthisac(nh7 ISAC)leadsdevelopmentandimplementationof: TheNationalHealthcareandPublicHealthCybersecurityResponseSystem(HPH!CRS) HPH!CRS represents a nationwide all7hazards cybersecurity incident response system supporting prevention,protection,mitigation,responseandrecovery.itiscoordinatedwithinthenation shealth sector, across other critical infrastructures and aligned to state, local, tribal and territorial (SLTT) emergencyoperationsandfederalemergencysupportfunctions(esfs). HPH!CRS is supported via a public/private partnership from NH7ISAC headquarters at the Global Institute for Cybersecurity + Research, Global Situational Awareness Center, NASA/Kennedy Space Center. National healthcare and public health cybersecurity response incorporates NH7ISAC 24/7 physical and cyber (all7hazards) security situational awareness intelligence, two7way information sharing, countermeasure solutions, incident response, leading practice and education in a collaborativepartnershipwiththenationalcouncilofisacs,usdepartmentofhomelandsecurity, IntelligenceAgencies,NIST,HHS,andsupportingtechnologyandsecurityorganizations. HPH!CRSincludesimplementationoftheNationalHealthcare&PublicHealthCyberFirstResponder (HPH7CFR)Program.HealthsectorCIownersandoperatorsandorganizationssupportingthehealth sectoraredesignatingindividualstobeannuallytrainedandcertifiedas NationalHPHCybersecurity FirstResponders(HPH7CRF). The National Healthcare and Public Health Cybersecurity Council has been established. It is comprisedofnationwidehealthcareandpublichealthstakeholderstoleadhph7crsimplementation. State7levelbriefingworkshopsarebeingheldacrossthenation. NationalHealthISAC(NH7ISAC) February2013.AllRightsReserved.! 10

11 National(Health#ISAC#(NH!ISAC) GlobalInstituteforCybersecurity+Research7GlobalSituationalAwarenessCenter NASA SpaceLifeSciencesLaboratory KennedySpaceCenter,FL NationalHPHCybersecurityEducationProgram(HPH!CEF) ApillarofthesystemisimplementationoftheNationalHealthcareandPublicHealthCybersecurity Education Program. Leveraging the NIST National Initiative for Cybersecurity Education (NICE) Frameworkasthefoundationalbaseline,healthsector7specific role7based cybersecurityfunctions, responsibilities, tasks, competencies and job descriptions are being defined and supported by education,trainingandcertificationprograms. GlobalInstituteforCybersecurity+Research(GICSR)andNASA/KennedySpaceCenter Centerfor LifeCycleDesign(CfLCD) HeadquarteredattheGICSRGlobalSituationalAwarenessCenteratKennedySpaceCenter,NH7ISAC works in partnership with GICSR to address security issues and challenges via their collaborative partnership with NASA s Center for Lifecycle Design (CflCD). NASA s Center for Lifecycle Design (CflCD)advancesexpandingandstrengtheningsecuredesignanddevelopmentconcepts/tools,and leverages modeling and simulation of critical infrastructure high7risk, safety7critical, cybersecurity systems,andsupportseducationandexperientiallearninginitiatives. TheNationalHealthISAC(NH!ISAC) TheNH7ISACisthenation shealthcareandpublichealthcriticalinfrastructureinformationsharing& AnalysisCenter.NH7ISAC,privatesector7ledandanon7profitorganizationisrecognized,asallcritical infrastructures ISACs, by their respective Federal Sector7Specific Agency (SSA), Sector Coordinating Council(SCC),IntelligenceAgencies,NationalCouncilofISACs,andCriticalInfrastructureOwnersand Operators. TheNationalCouncilofISACs(NCIDirectorate) The NCI Directorate is comprised of member representatives of all national critical infrastructure ISACs.NCI smissionistoadvancethephysicalandcybersecurityofthecriticalinfrastructuresof North America by establishing and maintaining a forum and framework for valuable interaction between and among the ISACs, supporting sector and cross7sector intelligence, and working in collaboration with governments, representing national critical infrastructure operational components. NationalCriticalInfrastructureISACsInfrastructure NationalCouncilofISACs CommunicationsISAC,DefenseIndustrialBase(DIB),ElectricSectorISAC, EmergencyManagementResponseISAC(EMR7ISAC),FinancialServicesISAC(FS7ISAC) NationalHealthISAC(NH7ISAC),InformationTechnology(IT7ISAC), MaritimeISAC,Multi7StateISAC,EI(NuclearEnergyInstitute), PublicTransportationISAC(PT7ISAC),RealEstateISAC(RE7ISAC), Research&EducationNetworkingISAC(REN7ISAC),SupplyChainISAC(SC7ISAC), SurfaceTransportationISAC(ST7ISAC),MotorCoachISAC,WaterISAC,AviationISAC(Forming) NationalHealthISAC(NH7ISAC) February2013.AllRightsReserved.! 11

12 National(Health#ISAC#(NH!ISAC) GlobalInstituteforCybersecurity+Research7GlobalSituationalAwarenessCenter NASA SpaceLifeSciencesLaboratory KennedySpaceCenter,FL ANALYSIS PRESIDENTIALEXECUTIVEORDER13636ANDPRESIDENTIALPOLICYDIRECTIVEPPD!21 The issuance of Presidential Directive PPD721 and Executive Order to increase and improve national critical infrastructure cybersecurity resilience is a tremendous step forward. It serves to raise awareness and brings together the public and private sectors to proactively address cybersecurityissuesandchallenges. Both orders are inter7related. The Presidential Directive provides the framework for addressing a public/privatepartnership.theexecutiveorderfocusesonfederalagencyoperations, settingout specific programs, roles, responsibilities and activities for federal agencies to improve support of criticalinfrastructureprotection. To provide insight and defining voice opportunities for the health sector to support cybersecurity critical infrastructure resilience, the National Health ISAC (NH7ISAC) has conducted an analysis of boththeexecutiveorderandpresidentialdirectiveandtheirimpacttothenation shealthcareand PublicHealthCriticalInfrastructure. AsCEO/ExecutiveDirectoroftheNationalHealthISACforthenation shealthcareandpublichealth critical infrastructure, and as Chair of the Health Sector Coordinating Council (SCC) Cybersecurity LegislationCommittee,Iampleasedtoprovidethefollowingreport. NationalHealthISAC(NH7ISAC) February2013.AllRightsReserved.! 12

13 National(Health#ISAC#(NH!ISAC) GlobalInstituteforCybersecurity+Research7GlobalSituationalAwarenessCenter NASA SpaceLifeSciencesLaboratory KennedySpaceCenter,FL Section1.Policy EXECUTIVEORDER13636 FEBRUARY13,2013 IMPROVINGCRITICALINFRASTRUCTURECYBERSECURITY Repeated cyber intrusions into critical infrastructure demonstrate the need for improved cybersecurity.thecyberthreattocriticalinfrastructurecontinuestogrowandrepresentsoneofthe mostseriousnationalsecuritychallengeswemustconfront.thenationalandeconomicsecurityof theunitedstatesdependsonthereliablefunctioningofthenation'scriticalinfrastructureintheface of such threats. It is the policy of the United States to enhance the security and resilience of the Nation's critical infrastructure and to maintain a cyber environment that encourages efficiency, innovation, and economic prosperity while promoting safety, security, business confidentiality, privacy,andcivilliberties.wecanachievethesegoalsthroughapartnershipwiththeownersand operatorsofcriticalinfrastructuretoimprovecybersecurityinformationsharingandcollaboratively developandimplementrisk7basedstandards. Section2.CriticalInfrastructure Asusedinthisorder,thetermcriticalinfrastructuremeanssystemsandassets,whetherphysicalor virtual, so vital to the United States that the incapacity or destruction of such systems and assets wouldhaveadebilitatingimpactonsecurity,nationaleconomicsecurity,nationalpublichealthor safety,oranycombinationofthosematters @ NationalHealthISAC(NH7ISAC) February2013.AllRightsReserved.! 13

14 National(Health#ISAC#(NH!ISAC) GlobalInstituteforCybersecurity+Research7GlobalSituationalAwarenessCenter NASA SpaceLifeSciencesLaboratory KennedySpaceCenter,FL The*cyber*threat*to*our*Nation s*critical*infrastructures*must*be*approached*from*an* AllAHazards * (Physical* and* Cyber)* Security* perspective.**these* are* no* longer* two* separate* environments,* as* AllHHazards @ NationalHealthISAC(NH7ISAC) February2013.AllRightsReserved.! 14

15 National(Health#ISAC#(NH!ISAC) GlobalInstituteforCybersecurity+Research7GlobalSituationalAwarenessCenter NASA SpaceLifeSciencesLaboratory KennedySpaceCenter,FL @ @ @ NationalHealthISAC(NH7ISAC) February2013.AllRightsReserved.! 15

16 National(Health#ISAC#(NH!ISAC) GlobalInstituteforCybersecurity+Research7GlobalSituationalAwarenessCenter NASA SpaceLifeSciencesLaboratory KennedySpaceCenter,FL Section3.PolicyCoordination Policycoordination,guidance,disputeresolution,andperiodicin7progressreviewsforthefunctions and programs described and assigned herein shall be provided through the interagency process established in Presidential Policy Directive71* of February 13, 2009 (Organization of the National SecurityCouncilSystem),oranysuccessor. * *Presidential*Policy*Directive*A1,*February*13,*2009* President @ @ Secretary. For international @ NationalHealthISAC(NH7ISAC) February2013.AllRightsReserved.! 16

17 National(Health#ISAC#(NH!ISAC) GlobalInstituteforCybersecurity+Research7GlobalSituationalAwarenessCenter NASA SpaceLifeSciencesLaboratory KennedySpaceCenter,FL @ Administration Interagency*Policy*Committees*(NSC/IPCs) @ Section4.CybersecurityInformationSharing (a)itisthepolicyoftheunitedstatesgovernmenttoincreasethevolume,timeliness,andqualityof cyber threat information shared with U.S. private sector entities so that these entities may better protectanddefendthemselvesagainstcyberthreats.within120daysofthedateofthisorder,the AttorneyGeneral,theSecretaryofHomelandSecurity(theSecretary),andtheDirectorofNational Intelligenceshalleachissueinstructionsconsistentwiththeirauthoritiesandwiththerequirements ofsection12(c)ofthisordertoensurethetimelyproductionofunclassifiedreportsofcyberthreats totheu.s.homelandthatidentifyaspecifictargetedentity.theinstructionsshalladdresstheneed toprotectintelligenceandlawenforcementsources,methods,operations,andinvestigations. (b)thesecretaryandtheattorneygeneral,incoordinationwiththedirectorofnationalintelligence, shallestablishaprocessthatrapidlydisseminatesthereportsproducedpursuanttosection4(a)of thisordertothetargetedentity.suchprocessshallalso,consistentwiththeneedtoprotectnational securityinformation,includethedisseminationofclassifiedreportstocriticalinfrastructureentities authorized to receive them. The Secretary and the Attorney General, in coordination with the DirectorofNationalIntelligence,shallestablishasystemfortrackingtheproduction,dissemination, anddispositionofthesereports. (c) To assist the owners and operators of critical infrastructure in protecting their systems from unauthorized access, exploitation, or harm, the Secretary, consistent with 6 U.S.C. 143 and in collaborationwiththesecretaryofdefense,shall,within120daysofthedateofthisorder,establish procedures to expand the Enhanced Cybersecurity Services program to all critical infrastructure sectors.thisvoluntaryinformation7sharingprogramwillprovideclassifiedcyberthreatandtechnical informationfromthegovernmenttoeligiblecriticalinfrastructurecompaniesorcommercialservice providersthatoffersecurityservicestocriticalinfrastructure. (d) The Secretary, as the Executive Agent for the Classified National Security Information Program created under Executive Order of August 18, 2010 (Classified National Security Information ProgramforState,Local,Tribal,andPrivateSectorEntities),shallexpeditetheprocessingofsecurity clearances to appropriate personnel employed by critical infrastructure owners and operators, prioritizingthecriticalinfrastructureidentifiedinsection9ofthisorder. (e)inordertomaximizetheutilityofcyberthreatinformationsharingwiththeprivatesector,the Secretary shall expand the use of programs that bring private sector subject7matter experts into Federalserviceonatemporarybasis.Thesesubjectmatterexpertsshouldprovideadviceregarding NationalHealthISAC(NH7ISAC) February2013.AllRightsReserved.! 17

18 National(Health#ISAC#(NH!ISAC) GlobalInstituteforCybersecurity+Research7GlobalSituationalAwarenessCenter NASA SpaceLifeSciencesLaboratory KennedySpaceCenter,FL the content, structure, and types of information most useful to critical infrastructure owners and operatorsinreducingandmitigatingcyberrisks @ USH NationalHealthISAC(NH7ISAC) February2013.AllRightsReserved.! 18

19 National(Health#ISAC#(NH!ISAC) GlobalInstituteforCybersecurity+Research7GlobalSituationalAwarenessCenter NASA SpaceLifeSciencesLaboratory nation @ Publication*800A61,*Revision*2* NIST*800A61,*Revision*2* *Table*4.1*Coordination*Relationships* Category:**TeamAtoATeam* Information* Category:*TeamAtoACoordinating*Team* Information* NationalHealthISAC(NH7ISAC) February2013.AllRightsReserved.! 19

20 National(Health#ISAC#(NH!ISAC) GlobalInstituteforCybersecurity+Research7GlobalSituationalAwarenessCenter NASA SpaceLifeSciencesLaboratory KennedySpaceCenter,FL @ Category:**Coordinating*TeamAtoACoordinating*Team* @ @ Section5.PrivacyandCivilLibertiesProtections (a) Agencies shall coordinate their activities under this order with their senior agency officials for privacyandcivillibertiesandensurethatprivacyandcivillibertiesprotectionsareincorporatedinto suchactivities.suchprotectionsshallbebaseduponthefairinformationpracticeprinciplesandother privacyandcivillibertiespolicies,principles,andframeworksastheyapplytoeachagency'sactivities. (b)thechiefprivacyofficerandtheofficerforcivilrightsandcivillibertiesofthedepartmentof HomelandSecurity(DHS)shallassesstheprivacyandcivillibertiesrisksofthefunctionsandprograms undertakenbydhsascalledforinthisorderandshallrecommendtothesecretarywaystominimize ormitigatesuchrisks,inapubliclyavailablereport,tobereleasedwithin1yearofthedateofthis order.senioragencyprivacyandcivillibertiesofficialsforotheragenciesengagedinactivitiesunder thisordershallconductassessmentsoftheiragencyactivitiesandprovidethoseassessmentstodhs for consideration and inclusion in the report. The report shall be reviewed on an annual basis and revisedasnecessary.thereportmaycontainaclassifiedannexifnecessary.assessmentsshallinclude evaluation of activities against the Fair Information Practice Principles and other applicable privacy andcivillibertiespolicies,principles,andframeworks.agenciesshallconsiderreportassessmentsand recommendationsinimplementingprivacyandcivillibertiesprotectionsforagencyactivities. (c)inproducingthereportrequiredundersubsection(b)ofthissection,thechiefprivacyofficerand theofficerforcivilrightsandcivillibertiesofdhsshallconsultwiththeprivacyandcivilliberties OversightBoardandcoordinatewiththeOfficeofManagementandBudget(OMB). (d)informationsubmittedvoluntarilyinaccordancewith6u.s.c.133byprivateentitiesunderthis ordershallbeprotectedfromdisclosuretothefullestextentpermittedbylaw. NationalHealthISAC(NH7ISAC) February2013.AllRightsReserved.! 20

No. 33 February 19, 2013. The President

No. 33 February 19, 2013. The President Vol. 78 Tuesday, No. 33 February 19, 2013 Part III The President Executive Order 13636 Improving Critical Infrastructure Cybersecurity VerDate Mar2010 17:57 Feb 15, 2013 Jkt 229001 PO 00000 Frm 00001

More information

THE WHITE HOUSE. Office of the Press Secretary. For Immediate Release February 12, 2013. February 12, 2013

THE WHITE HOUSE. Office of the Press Secretary. For Immediate Release February 12, 2013. February 12, 2013 THE WHITE HOUSE Office of the Press Secretary For Immediate Release February 12, 2013 February 12, 2013 PRESIDENTIAL POLICY DIRECTIVE/PPD-21 SUBJECT: Critical Infrastructure Security and Resilience The

More information

National Health Information Sharing & Analysis Center. The National Health ISAC (NH-ISAC) NH-ISAC

National Health Information Sharing & Analysis Center. The National Health ISAC (NH-ISAC) NH-ISAC National Health Information Sharing & Analysis Center The National Health ISAC (NH-ISAC) NH-ISAC Physical Threats Cyber Impacts 2 (NH-ISAC) National Healthcare & Public Health Cybersecurity Protection

More information

CLIENT UPDATE CRITICAL INFRASTRUCTURE CYBERSECURITY: U.S. GOVERNMENT RESPONSE AND IMPLICATIONS

CLIENT UPDATE CRITICAL INFRASTRUCTURE CYBERSECURITY: U.S. GOVERNMENT RESPONSE AND IMPLICATIONS CLIENT UPDATE CRITICAL INFRASTRUCTURE CYBERSECURITY: U.S. GOVERNMENT RESPONSE AND IMPLICATIONS NEW YORK Jeremy Feigelson jfeigelson@debevoise.com WASHINGTON, D.C. Satish M. Kini smkini@debevoise.com Renee

More information

September 28, 2 012 MEMORANDUM FOR. MR. ANTONY BLINKEN Deputy Assistant to the President and National Security Advisor to the Vice President

September 28, 2 012 MEMORANDUM FOR. MR. ANTONY BLINKEN Deputy Assistant to the President and National Security Advisor to the Vice President 004216 THE WHITE HOUSE WASHINGTON MEMORANDUM FOR September 28, 2 012 MR. ANTONY BLINKEN Deputy Assistant to the President and National Security Advisor to the Vice President MR. STEPHEN D. MULL Executive

More information

Cyber Side-Effects: How Secure is the Personal Information Entered into the Flawed Healthcare.gov? Statement for the Record

Cyber Side-Effects: How Secure is the Personal Information Entered into the Flawed Healthcare.gov? Statement for the Record Cyber Side-Effects: How Secure is the Personal Information Entered into the Flawed Healthcare.gov? Statement for the Record Roberta Stempfley Acting Assistant Secretary for Cybersecurity and Communications

More information

JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015

JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015 JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015 The following consists of the joint explanatory statement to accompany the Cybersecurity Act of 2015. This joint explanatory statement

More information

NH-ISAC. Cybersecurity Resilience Securing the Infrastructures that Secure Healthcare & Public Health. The National Health ISAC

NH-ISAC. Cybersecurity Resilience Securing the Infrastructures that Secure Healthcare & Public Health. The National Health ISAC Cybersecurity Resilience Securing the Infrastructures that Secure Healthcare & Public Health NH-ISAC National Health Information Sharing & Analysis Center The National Health ISAC Update Briefing Agenda

More information

Preventing and Defending Against Cyber Attacks November 2010

Preventing and Defending Against Cyber Attacks November 2010 Preventing and Defending Against Cyber Attacks November 2010 The Nation s first ever Quadrennial Homeland Security Review (QHSR), delivered to Congress in February 2010, identified safeguarding and securing

More information

CYBER SECURITY GUIDANCE

CYBER SECURITY GUIDANCE CYBER SECURITY GUIDANCE With the pervasiveness of information technology (IT) and cyber networks systems in nearly every aspect of society, effectively securing the Nation s critical infrastructure requires

More information

NIPP 2013. Partnering for Critical Infrastructure Security and Resilience

NIPP 2013. Partnering for Critical Infrastructure Security and Resilience NIPP 2013 Partnering for Critical Infrastructure Security and Resilience Acknowledgments NIPP 2013: Partnering for Critical Infrastructure Security and Resilience was developed through a collaborative

More information

All. Presidential Directive (HSPD) 7, Critical Infrastructure Identification, Prioritization, and Protection, and as they relate to the NRF.

All. Presidential Directive (HSPD) 7, Critical Infrastructure Identification, Prioritization, and Protection, and as they relate to the NRF. Coordinating Agency: Department of Homeland Security Cooperating Agencies: All INTRODUCTION Purpose Scope This annex describes the policies, responsibilities, and concept of operations for Federal incident

More information

H. R. 5005 11 SEC. 201. DIRECTORATE FOR INFORMATION ANALYSIS AND INFRA STRUCTURE PROTECTION.

H. R. 5005 11 SEC. 201. DIRECTORATE FOR INFORMATION ANALYSIS AND INFRA STRUCTURE PROTECTION. H. R. 5005 11 (d) OTHER OFFICERS. To assist the Secretary in the performance of the Secretary s functions, there are the following officers, appointed by the President: (1) A Director of the Secret Service.

More information

NATIONAL STRATEGY FOR GLOBAL SUPPLY CHAIN SECURITY

NATIONAL STRATEGY FOR GLOBAL SUPPLY CHAIN SECURITY NATIONAL STRATEGY FOR GLOBAL SUPPLY CHAIN SECURITY JANUARY 2012 Table of Contents Executive Summary 1 Introduction 2 Our Strategic Goals 2 Our Strategic Approach 3 The Path Forward 5 Conclusion 6 Executive

More information

Subject: Critical Infrastructure Identification, Prioritization, and Protection

Subject: Critical Infrastructure Identification, Prioritization, and Protection For Immediate Release Office of the Press Secretary The White House December 17, 2003 Homeland Security Presidential Directive / HSPD-7 Subject: Critical Infrastructure Identification, Prioritization,

More information

Billing Code: 3510-EA

Billing Code: 3510-EA Billing Code: 3510-EA DEPARTMENT OF COMMERCE Office of the Secretary National Institute of Standards and Technology National Telecommunications and Information Administration [Docket Number: 130206115-3115-01]

More information

December 17, 2003 Homeland Security Presidential Directive/Hspd-7

December 17, 2003 Homeland Security Presidential Directive/Hspd-7 For Immediate Release Office of the Press Secretary December 17, 2003 December 17, 2003 Homeland Security Presidential Directive/Hspd-7 Subject: Critical Infrastructure Identification, Prioritization,

More information

Cybersecurity and Corporate America: Finding Opportunities in the New Executive Order

Cybersecurity and Corporate America: Finding Opportunities in the New Executive Order Executive Order: In the President s State of the Union Address on February 12, 2013, he announced an Executive Order Improving Critical Infrastructure Cybersecurity (EO) to strengthen US cyber defenses

More information

Cybersecurity and Information Sharing: Comparison of H.R. 1560 and H.R. 1731

Cybersecurity and Information Sharing: Comparison of H.R. 1560 and H.R. 1731 Cybersecurity and Information Sharing: Comparison of H.R. 1560 and H.R. 1731 Eric A. Fischer Senior Specialist in Science and Technology April 20, 2015 Congressional Research Service 7-5700 www.crs.gov

More information

Legislative Language

Legislative Language Legislative Language SECTION 1. DEPARTMENT OF HOMELAND SECURITY CYBERSECURITY AUTHORITY. Title II of the Homeland Security Act of 2002 (6 U.S.C. 121 et seq.) is amended (a) in section 201(c) by striking

More information

Update on U.S. Critical Infrastructure and Cybersecurity Initiatives

Update on U.S. Critical Infrastructure and Cybersecurity Initiatives Update on U.S. Critical Infrastructure and Cybersecurity Initiatives Presented to Information Security Now! Seminar Helsinki, Finland May 8, 2013 MARK E. SMITH Assistant Director International Security

More information

Cybersecurity for Medical Devices

Cybersecurity for Medical Devices Cybersecurity for Medical Devices Suzanne O Shea Kathleen Rice January 29, 2015 Why Is This Important? Security Risks in the Sensors of Implantable Medical Devices Over the last year, we ve seen an uptick

More information

Integrating Cybersecurity with Emergency Operations Plans (EOPs) for Institutions of Higher Education (IHEs)

Integrating Cybersecurity with Emergency Operations Plans (EOPs) for Institutions of Higher Education (IHEs) Integrating Cybersecurity with Emergency Operations Plans (EOPs) for Institutions of Higher Education (IHEs) Amy Banks, U.S. Department of Education, Center for School Preparedness, Office of Safe and

More information

GAO COMBATING TERRORISM. Observations on Options to Improve the Federal Response. Testimony

GAO COMBATING TERRORISM. Observations on Options to Improve the Federal Response. Testimony GAO For Release on Delivery Expected at 3:00 p.m. Tuesday, April 24, 2001 United States General Accounting Office Testimony Before the Subcommittee on Economic Development, Public Buildings, and Emergency

More information

Cybersecurity: Authoritative Reports and Resources

Cybersecurity: Authoritative Reports and Resources Cybersecurity: Authoritative Reports and Resources Rita Tehan Information Research Specialist October 25, 2013 Congressional Research Service 7-5700 www.crs.gov R42507 c11173008 Cybersecurity: Authoritative

More information

United States Coast Guard Cyber Command. Achieving Cyber Security Together. Homeland Security

United States Coast Guard Cyber Command. Achieving Cyber Security Together. Homeland Security United States Coast Guard Cyber Command Achieving Cyber Together Brett Rouzer Chief of MCIKR Protection U.S. Coast Guard Cyber Command DHS NCCIC Liaison Officer (202) 372-3113 Brett.R.Rouzer@uscg.mil Vision

More information

Cyber Legislation & Policy Developments 2014

Cyber Legislation & Policy Developments 2014 Cyber Legislation & Policy Developments 2014 SESSION ID: LAW-Fo2 Michael A. Aisenberg, Esq. Chair, ABA Information Security Committee Policy Task Force ABA Section on Science & Technology Law Principal

More information

Testimony of. Mr. Anish Bhimani. On behalf of the. Financial Services Information Sharing and Analysis Center (FS-ISAC) before the

Testimony of. Mr. Anish Bhimani. On behalf of the. Financial Services Information Sharing and Analysis Center (FS-ISAC) before the Testimony of Mr. Anish Bhimani On behalf of the Financial Services Information Sharing and Analysis Center (FS-ISAC) before the Committee on Homeland Security United States House of Representatives DHS

More information

Integrating Cybersecurity with Emergency Operations Plans (EOPs) for K-12 Education

Integrating Cybersecurity with Emergency Operations Plans (EOPs) for K-12 Education Integrating Cybersecurity with Emergency Operations Plans (EOPs) for K-12 Education Amy Banks, U.S. Department of Education, Center for School Preparedness, Office of Safe and Healthy Students Hamed Negron-Perez,

More information

Cybersecurity: Authoritative Reports and Resources

Cybersecurity: Authoritative Reports and Resources Cybersecurity: Authoritative Reports and Resources Rita Tehan Information Research Specialist July 18, 2013 CRS Report for Congress Prepared for Members and Committees of Congress Congressional Research

More information

Michigan State Police Emergency Management & Homeland Security. Infrastructure Analysis & Response Section. Sgt. Bruce E. Payne

Michigan State Police Emergency Management & Homeland Security. Infrastructure Analysis & Response Section. Sgt. Bruce E. Payne Michigan State Police Emergency Management & Homeland Security Infrastructure Analysis & Response Section Sgt. Bruce E. Payne Presidential Directive On December 17, 2003, President Bush issued Homeland

More information

Testimony of. Before the United States House of Representatives Committee on Oversight and Government Reform And the Committee on Homeland Security

Testimony of. Before the United States House of Representatives Committee on Oversight and Government Reform And the Committee on Homeland Security Testimony of Dr. Phyllis Schneck Deputy Under Secretary for Cybersecurity and Communications National Protection and Programs Directorate United States Department of Homeland Security Before the United

More information

GAO CYBERSECURITY. Progress Made but Challenges Remain in Defining and Coordinating the Comprehensive National Initiative

GAO CYBERSECURITY. Progress Made but Challenges Remain in Defining and Coordinating the Comprehensive National Initiative GAO United States Government Accountability Office Report to Congressional Requesters March 2010 CYBERSECURITY Progress Made but Challenges Remain in Defining and Coordinating the Comprehensive National

More information

Preventing and Defending Against Cyber Attacks October 2011

Preventing and Defending Against Cyber Attacks October 2011 Preventing and Defending Against Cyber Attacks October 2011 The Department of Homeland Security (DHS) is responsible for helping Federal Executive Branch civilian departments and agencies secure their

More information

Preventing and Defending Against Cyber Attacks June 2011

Preventing and Defending Against Cyber Attacks June 2011 Preventing and Defending Against Cyber Attacks June 2011 The Department of Homeland Security (DHS) is responsible for helping Federal Executive Branch civilian departments and agencies secure their unclassified

More information

Cyber Incident Annex. Cooperating Agencies: Coordinating Agencies:

Cyber Incident Annex. Cooperating Agencies: Coordinating Agencies: Cyber Incident Annex Coordinating Agencies: Department of Defense Department of Homeland Security/Information Analysis and Infrastructure Protection/National Cyber Security Division Department of Justice

More information

Cybersecurity: Authoritative Reports and Resources

Cybersecurity: Authoritative Reports and Resources Cybersecurity: Authoritative Reports and Resources Rita Tehan Information Research Specialist October 25, 2013 Congressional Research Service 7-5700 www.crs.gov R42507 Report Documentation Page Form Approved

More information

Cybersecurity Audit Why are we still Vulnerable? November 30, 2015

Cybersecurity Audit Why are we still Vulnerable? November 30, 2015 Cybersecurity Audit Why are we still Vulnerable? November 30, 2015 John R. Robles, CISA, CISM, CRISC www.johnrrobles.com jrobles@coqui.net 787-647-3961 John R. Robles- 787-647-3961 1 9/11-2001 The event

More information

Written Statement of Richard Dewey Executive Vice President New York Independent System Operator

Written Statement of Richard Dewey Executive Vice President New York Independent System Operator Written Statement of Richard Dewey Executive Vice President New York Independent System Operator Senate Standing Committee on Veterans, Homeland Security and Military Affairs Senator Thomas D. Croci, Chairman

More information

Water Critical Infrastructure and Key Resources Sector-Specific Plan as input to the National Infrastructure Protection Plan Executive Summary

Water Critical Infrastructure and Key Resources Sector-Specific Plan as input to the National Infrastructure Protection Plan Executive Summary Water Critical Infrastructure and Key Resources Sector-Specific Plan as input to the National Infrastructure Protection Plan Executive Summary May 2007 Environmental Protection Agency Executive Summary

More information

THE 411 ON CYBERSECURITY, INFORMATION SHARING AND PRIVACY

THE 411 ON CYBERSECURITY, INFORMATION SHARING AND PRIVACY THE 411 ON CYBERSECURITY, INFORMATION SHARING AND PRIVACY DISCLAIMER Views expressed in this presentation are not necessarily those of our respective Departments Any answers to questions are our own opinions

More information

Written Testimony. Dr. Andy Ozment. Assistant Secretary for Cybersecurity and Communications. U.S. Department of Homeland Security.

Written Testimony. Dr. Andy Ozment. Assistant Secretary for Cybersecurity and Communications. U.S. Department of Homeland Security. Written Testimony of Dr. Andy Ozment Assistant Secretary for Cybersecurity and Communications U.S. Department of Homeland Security Before the U.S. House of Representatives Committee on Oversight and Government

More information

Cybersecurity: Authoritative Reports and Resources

Cybersecurity: Authoritative Reports and Resources Cybersecurity: Authoritative Reports and Resources Rita Tehan Information Research Specialist July 11, 2013 CRS Report for Congress Prepared for Members and Committees of Congress Congressional Research

More information

DIVISION N CYBERSECURITY ACT OF 2015

DIVISION N CYBERSECURITY ACT OF 2015 H. R. 2029 694 DIVISION N CYBERSECURITY ACT OF 2015 SEC. 1. SHORT TITLE; TABLE OF CONTENTS. (a) SHORT TITLE. This division may be cited as the Cybersecurity Act of 2015. (b) TABLE OF CONTENTS. The table

More information

Homeland Security Presidential Directive/HSPD-5 1

Homeland Security Presidential Directive/HSPD-5 1 For Immediate Release Office of the Press Secretary February 28, 2003 Homeland Security Presidential Directive/HSPD-5 1 Subject: Management of Domestic Incidents Purpose (1) To enhance the ability of the

More information

[STAFF WORKING DRAFT]

[STAFF WORKING DRAFT] S:\LEGCNSL\LEXA\DOR\OI\PARTIAL\CyberWD..xml [STAFF WORKING DRAFT] JULY, 0 SECTION. TABLE OF CONTENTS. The table of contents of this Act is as follows: Sec.. Table of contents. Sec.. Definitions. TITLE

More information

DEFINING CYBERSECURITY GROWTH CATALYSTS & LEGISLATION

DEFINING CYBERSECURITY GROWTH CATALYSTS & LEGISLATION DEFINING CYBERSECURITY GROWTH CATALYSTS & LEGISLATION GROWTH CATALYSTS & LEGISLATION The current policy funding and policy landscape surrounding cybersecurity initiatives and funding is convoluted with

More information

National Cybersecurity & Communications Integration Center (NCCIC)

National Cybersecurity & Communications Integration Center (NCCIC) National Cybersecurity & Communications Integration Center (NCCIC) FOR OFFICIAL USE ONLY NCCIC Overview NCCIC Overview The National Cybersecurity and Communications Integration Center (NCCIC), a division

More information

Legislative Language

Legislative Language Legislative Language SEC. 1. COORDINATION OF FEDERAL INFORMATION SECURITY POLICY. (a) IN GENERAL. Chapter 35 of title 44, United States Code, is amended by striking subchapters II and III and inserting

More information

Section by Section DEPARTMENT OF HOMELAND SECURITY CYBERSECURITY AUTHORITY AND INFORMATION SHARING

Section by Section DEPARTMENT OF HOMELAND SECURITY CYBERSECURITY AUTHORITY AND INFORMATION SHARING Section by Section DEPARTMENT OF HOMELAND SECURITY CYBERSECURITY AUTHORITY AND INFORMATION SHARING Sec. 1. Department of Homeland Security Cybersecurity Authority Section 1(a) amends Title II of the Homeland

More information

National Infrastructure Protection Plan Partnering to enhance protection and resiliency

National Infrastructure Protection Plan Partnering to enhance protection and resiliency National Infrastructure Protection Plan Partnering to enhance protection and resiliency 2009 Preface Risk in the 21st century results from a complex mix of manmade and naturally occurring threats and

More information

Critical Infrastructure Security and Resilience

Critical Infrastructure Security and Resilience U.S. Department of Homeland Security in partnership with the National Coordination Office for Space-Based Positioning, Navigation and Timing Critical Infrastructure Security and Resilience International

More information

NASCIO 2014 State IT Recognition Awards

NASCIO 2014 State IT Recognition Awards NASCIO 2014 State IT Recognition Awards Project: California Cybersecurity Task Force Category: Cybersecurity Initiatives Project Initiation Date: September, 2012 Project Completion Date: May 2013 Carlos

More information

The Comprehensive National Cybersecurity Initiative

The Comprehensive National Cybersecurity Initiative The Comprehensive National Cybersecurity Initiative President Obama has identified cybersecurity as one of the most serious economic and national security challenges we face as a nation, but one that we

More information

Testimony of. Wm. Douglas Johnson. American Bankers Association. Subcommittee on Information Technology

Testimony of. Wm. Douglas Johnson. American Bankers Association. Subcommittee on Information Technology Testimony of Wm. Douglas Johnson On behalf of the American Bankers Association before the Subcommittee on Information Technology of the Committee on Oversight and Government Reform United States House

More information

Statement for the Record. Dr. Andy Ozment Assistant Secretary, Cybersecurity and Communications U.S. Department of Homeland Security

Statement for the Record. Dr. Andy Ozment Assistant Secretary, Cybersecurity and Communications U.S. Department of Homeland Security Statement for the Record Dr. Andy Ozment Assistant Secretary, Cybersecurity and Communications U.S. Department of Homeland Security Before the United States House of Representatives Committee on Homeland

More information

CRITICAL INFRASTRUCTURE PROTECTION. DHS Action Needed to Enhance Integration and Coordination of Vulnerability Assessment Efforts

CRITICAL INFRASTRUCTURE PROTECTION. DHS Action Needed to Enhance Integration and Coordination of Vulnerability Assessment Efforts United States Government Accountability Office Report to Congressional Requesters September 2014 CRITICAL INFRASTRUCTURE PROTECTION DHS Action Needed to Enhance Integration and Coordination of Vulnerability

More information

Cybersecurity: Legislation, Hearings, and Executive Branch Documents

Cybersecurity: Legislation, Hearings, and Executive Branch Documents Cybersecurity: Legislation, Hearings, and Executive Branch Documents Rita Tehan Information Research Specialist November 17, 2015 Congressional Research Service 7-5700 www.crs.gov R43317 Cybersecurity:

More information

NATIONAL CYBERSECURITY PROTECTION ACT OF 2014

NATIONAL CYBERSECURITY PROTECTION ACT OF 2014 PUBLIC LAW 113 282 DEC. 18, 2014 NATIONAL CYBERSECURITY PROTECTION ACT OF 2014 VerDate Mar 15 2010 21:01 Feb 12, 2015 Jkt 049139 PO 00282 Frm 00001 Fmt 6579 Sfmt 6579 E:\PUBLAW\PUBL282.113 PUBL282 128

More information

PREPUBLICATION COPY. More Intelligent, More Effective Cybersecurity Protection

PREPUBLICATION COPY. More Intelligent, More Effective Cybersecurity Protection More Intelligent, More Effective Cybersecurity Protection January 2013 Business Roundtable (BRT) is an association of chief executive officers of leading U.S. companies with more than $7.3 trillion in

More information

Cybersecurity Information Sharing Legislation Protecting Cyber Networks Act (PCNA) National Cybersecurity Protection Advancement (NCPA) Act

Cybersecurity Information Sharing Legislation Protecting Cyber Networks Act (PCNA) National Cybersecurity Protection Advancement (NCPA) Act In a flurry of activity, the U.S. House of Representatives last week passed two cybersecurity information sharing bills. Both the House Intelligence Committee and the House Homeland Security Committee

More information

GAO CRITICAL INFRASTRUCTURE PROTECTION. Significant Challenges in Developing Analysis, Warning, and Response Capabilities.

GAO CRITICAL INFRASTRUCTURE PROTECTION. Significant Challenges in Developing Analysis, Warning, and Response Capabilities. GAO United States General Accounting Office Testimony Before the Subcommittee on Technology, Terrorism and Government Information, Committee on the Judiciary, U.S. Senate For Release on Delivery Expected

More information

THE WHITE HOUSE Office of the Press Secretary. FACT SHEET: Administration Cybersecurity Efforts 2015

THE WHITE HOUSE Office of the Press Secretary. FACT SHEET: Administration Cybersecurity Efforts 2015 FOR IMMEDIATE RELEASE July 9, 2015 THE WHITE HOUSE Office of the Press Secretary FACT SHEET: Administration Cybersecurity Efforts 2015 From the beginning of his Administration, the President has made it

More information

S. 2519 AN ACT. To codify an existing operations center for cybersecurity.

S. 2519 AN ACT. To codify an existing operations center for cybersecurity. TH CONGRESS D SESSION S. 1 AN ACT To codify an existing operations center for cybersecurity. 1 Be it enacted by the Senate and House of Representa- tives of the United States of America in Congress assembled,

More information

MESSAGE FROM THE SECRETARY... ii EXECUTIVE SUMMARY... iii INTRODUCTION... 1 THE FUTURE WE SEEK... 5

MESSAGE FROM THE SECRETARY... ii EXECUTIVE SUMMARY... iii INTRODUCTION... 1 THE FUTURE WE SEEK... 5 TABLE OF CONTENTS MESSAGE FROM THE SECRETARY... ii EXECUTIVE SUMMARY... iii INTRODUCTION... 1 SCOPE... 2 RELATIONSHIP TO OTHER KEY POLICIES AND STRATEGIES... 3 MOTIVATION... 3 STRATEGIC ASSUMPTIONS...

More information

Cybersecurity & the Department of Homeland Security

Cybersecurity & the Department of Homeland Security Cybersecurity & the Department of Homeland Security Recommendations of the Aspen Homeland Security Group s Cyber Working Group for the Department of Homeland Security The Aspen Institute Homeland Security

More information

Statement of. Mike Sena. President, National Fusion Center Association. Director, Northern California Regional Intelligence Center (NCRIC)

Statement of. Mike Sena. President, National Fusion Center Association. Director, Northern California Regional Intelligence Center (NCRIC) Statement of Mike Sena President, National Fusion Center Association Director, Northern California Regional Intelligence Center (NCRIC) Joint Hearing of the Subcommittee on Emergency Preparedness, Response,

More information

DIVISION N CYBERSECURITY ACT OF 2015

DIVISION N CYBERSECURITY ACT OF 2015 U:\0REPT\OMNI\FinalOmni\CPRT--HPRT-RU00-SAHR0-AMNT.xml DIVISION N CYBERSECURITY ACT OF 0 SEC.. SHORT TITLE; TABLE OF CONTENTS. (a) SHORT TITLE. This division may be cited as the Cybersecurity Act of 0.

More information

State Homeland Security Strategy (2012)

State Homeland Security Strategy (2012) Section 1 > Introduction Purpose The purpose of the State Homeland Security Strategy (SHSS) is to identify statewide whole community priorities to achieve and sustain a strengthened ability to prevent,

More information

Final Draft/Pre-Decisional/Do Not Cite. Forging a Common Understanding for Critical Infrastructure. Shared Narrative

Final Draft/Pre-Decisional/Do Not Cite. Forging a Common Understanding for Critical Infrastructure. Shared Narrative Final Draft/Pre-Decisional/Do Not Cite Forging a Common Understanding for Critical Infrastructure Shared Narrative March 2014 1 Forging a Common Understanding for Critical Infrastructure The following

More information

Department of Homeland Security

Department of Homeland Security Department of Homeland Security Cybersecurity Awareness for Colleges and Universities EDUCAUSE Live! July 24, 2014 Overview Dramatic increase in cyber intrusions, data breaches, and attacks at institutions

More information

Performs the Federal coordination role for supporting the energy requirements associated with National Special Security Events.

Performs the Federal coordination role for supporting the energy requirements associated with National Special Security Events. ESF Coordinator: Energy Primary Agency: Energy Support Agencies: Agriculture Commerce Defense Homeland Security the Interior Labor State Transportation Environmental Protection Agency Nuclear Regulatory

More information

An Overview of Large US Military Cybersecurity Organizations

An Overview of Large US Military Cybersecurity Organizations An Overview of Large US Military Cybersecurity Organizations Colonel Bruce D. Caulkins, Ph.D. Chief, Cyber Strategy, Plans, Policy, and Exercises Division United States Pacific Command 2 Agenda United

More information

Testimony of Dan Nutkis CEO of HITRUST Alliance. Before the Oversight and Government Reform Committee, Subcommittee on Information Technology

Testimony of Dan Nutkis CEO of HITRUST Alliance. Before the Oversight and Government Reform Committee, Subcommittee on Information Technology Testimony of Dan Nutkis CEO of HITRUST Alliance Before the Oversight and Government Reform Committee, Subcommittee on Information Technology Hearing entitled: Cybersecurity: The Evolving Nature of Cyber

More information

Brief Documentary History of the Department of Homeland Security

Brief Documentary History of the Department of Homeland Security Brief Documentary History of the Department of Homeland Security 2001 2008 History Office Table of Contents Introductory Note... 2 Homeland Security Before September 11... 3 The Office of Homeland Security...

More information

El Camino College Homeland Security Spring 2016 Courses

El Camino College Homeland Security Spring 2016 Courses El Camino College Homeland Security Spring 2016 Courses With over 250,000 federal positions in Homeland Security and associated divisions, students may find good career opportunities in this field. Explore

More information

FY2010 CONFERENCE SUMMARY: HOMELAND SECURITY APPROPRIATIONS

FY2010 CONFERENCE SUMMARY: HOMELAND SECURITY APPROPRIATIONS Wednesday,October7,2009 Contact:RobBlumenthal/JohnBray,w/Inouye(202)224-7363 EllisBrachman/JenileeKeefeSinger,w/Obey(202)225-2771 FY2010CONFERENCESUMMARY: HOMELANDSECURITYAPPROPRIATIONS TheHomelandSecurityAppropriaOonsBillisfocusedonsecuringournaOon

More information

One Hundred Thirteenth Congress of the United States of America

One Hundred Thirteenth Congress of the United States of America S. 2519 One Hundred Thirteenth Congress of the United States of America AT THE SECOND SESSION Begun held at the City of Washington on Friday, the third day of January, two thous fourteen An Act To codify

More information

Department of Homeland Security Information Sharing Strategy

Department of Homeland Security Information Sharing Strategy Securing Homeland the Homeland Through Through Information Information Sharing Sharing and Collaboration and Collaboration Department of Homeland Security April 18, 2008 for the Department of Introduction

More information

The Aviation Information Sharing and Analysis Center (A-ISAC)

The Aviation Information Sharing and Analysis Center (A-ISAC) The Aviation Information Sharing and Analysis Center (A-ISAC) Faye Francy Aviation ISAC March 2015 The Threat A National Security Issue Rapidly escalating cyber threats Executive action Executive Order

More information

GAO DEPARTMENT OF HOMELAND SECURITY. Actions Taken Toward Management Integration, but a Comprehensive Strategy Is Still Needed

GAO DEPARTMENT OF HOMELAND SECURITY. Actions Taken Toward Management Integration, but a Comprehensive Strategy Is Still Needed GAO November 2009 United States Government Accountability Office Report to the Subcommittee on Oversight of Government Management, the Federal Workforce, and the District of Columbia, Committee on Homeland

More information

Cybersecurity: Authoritative Reports and Resources

Cybersecurity: Authoritative Reports and Resources Cybersecurity: Authoritative Reports and Resources Rita Tehan Information Research Specialist September 20, 2013 Congressional Research Service 7-5700 www.crs.gov R42507 Cybersecurity: Authoritative Reports

More information

Cybersecurity: Authoritative Reports and Resources

Cybersecurity: Authoritative Reports and Resources Cybersecurity: Authoritative Reports and Resources Rita Tehan Information Research Specialist April 17, 2013 CRS Report for Congress Prepared for Members and Committees of Congress Congressional Research

More information

Computer Network Security & Privacy Protection

Computer Network Security & Privacy Protection Overview Computer Network Security & Privacy Protection The Nation s electronic information infrastructure is vital to the functioning of the Government as well as maintaining the Nation s economy and

More information

Establishes a concept of operations for incident-related CIKR preparedness, protection, response, recovery, and restoration. 1

Establishes a concept of operations for incident-related CIKR preparedness, protection, response, recovery, and restoration. 1 Coordinating Agency: Department of Homeland Security Cooperating Agencies/Organizations: Department of Agriculture Department of Commerce Department of Defense Department of Education Department of Energy

More information

ROCKEFELLER SNOWE CYBERSECURITY ACT SUBSTITUTE AMENDMENT FOR S.773

ROCKEFELLER SNOWE CYBERSECURITY ACT SUBSTITUTE AMENDMENT FOR S.773 ROCKEFELLER SNOWE CYBERSECURITY ACT SUBSTITUTE AMENDMENT FOR S.773 March 17, 2010 BACKGROUND & WHY THIS LEGISLATION IS IMPORTANT: Our nation is at risk. The networks that American families and businesses

More information

[This page intentionally left blank]

[This page intentionally left blank] TH [This page intentionally left blank] PREFACE [This page intentionally left blank.] [Undergoing internal DHS preface coordination.] For more information please contact NCCIC@dhs.gov SEPTEMBER 2010 i

More information

Cybersecurity: Authoritative Reports and Resources

Cybersecurity: Authoritative Reports and Resources Cybersecurity: Authoritative Reports and Resources Rita Tehan Information Research Specialist August 16, 2013 Congressional Research Service 7-5700 www.crs.gov R42507 Cybersecurity: Authoritative Reports

More information

1851 (d) RULE OF CONSTRUCTION. Nothing in this section shall be construed to (1) require a State to report data under subsection

1851 (d) RULE OF CONSTRUCTION. Nothing in this section shall be construed to (1) require a State to report data under subsection U:\REPT\OMNI\FinalOmni\CPRT--HPRT-RU00-SAHR-AMNT.xml 0 (d) RULE OF CONSTRUCTION. Nothing in this section shall be construed to () require a State to report data under subsection (a); or () require a non-federal

More information

SECTION-BY-SECTION. Section 1. Short Title. The short title of the bill is the Cybersecurity Act of 2012.

SECTION-BY-SECTION. Section 1. Short Title. The short title of the bill is the Cybersecurity Act of 2012. SECTION-BY-SECTION Section 1. Short Title. The short title of the bill is the Cybersecurity Act of 2012. Section 2. Definitions. Section 2 defines terms including commercial information technology product,

More information

Cybersecurity: Authoritative Reports and Resources

Cybersecurity: Authoritative Reports and Resources Cybersecurity: Authoritative Reports and Resources Rita Tehan Information Research Specialist March 20, 2013 CRS Report for Congress Prepared for Members and Committees of Congress Congressional Research

More information

Cybersecurity: Authoritative Reports and Resources

Cybersecurity: Authoritative Reports and Resources Cybersecurity: Authoritative Reports and Resources Rita Tehan Information Research Specialist September 20, 2013 Congressional Research Service 7-5700 www.crs.gov R42507 We Teach What You NEED TO KNOW

More information

FFIEC Cybersecurity Assessment Tool Overview for Chief Executive Officers and Boards of Directors

FFIEC Cybersecurity Assessment Tool Overview for Chief Executive Officers and Boards of Directors Overview for Chief Executive Officers and Boards of Directors In light of the increasing volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council 1 (FFIEC) developed

More information

Water Security in New Jersey: Partnership and Services

Water Security in New Jersey: Partnership and Services GOV. CHRIS CHRISTIE LT. GOV. KIM GUADAGNO DIR. CHRIS RODRIGUEZ NJOHSP OFFICE OF HOMELAND SECURITY AND PREPAREDNESS Preparedness Act Water Security in New Jersey: Partnership and Services Created by the

More information

DHS, National Cyber Security Division Overview

DHS, National Cyber Security Division Overview DHS, National Cyber Security Division Overview Hun Kim, Deputy Director Strategic Initiatives Information Analysis and Infrastructure Protection Directorate www.us-cert.gov The strategy of DHS, as defined

More information

Implementing Executive Order and Presidential Policy Directive 21

Implementing Executive Order and Presidential Policy Directive 21 Implementing Executive Order 13636 and Presidential Policy Directive 21 2013 2014 Winter Energy Conference November 1, 2013 Bob Kolasky Director, EO-PPD Integrated Task Force Announcement of the EO and

More information

Cyber Incident Annex. Federal Coordinating Agencies. Coordinating Agencies. ITS-Information Technology Systems

Cyber Incident Annex. Federal Coordinating Agencies. Coordinating Agencies. ITS-Information Technology Systems Cyber Incident Annex Coordinating Agencies ITS-Information Technology Systems Support Agencies Mississippi Department of Homeland Security Mississippi Emergency Management Agency Mississippi Department

More information

Virginia Joint Commission on Technology and Science. Cybersecurity Legislation

Virginia Joint Commission on Technology and Science. Cybersecurity Legislation Virginia Joint Commission on Technology and Science Cybersecurity Legislation Pending Legislation Widespread agreement of need for legislation Three approaches CISPA Cybersecurity Act of 2012 SECURE IT

More information

Cybersecurity: Legislation, Hearings, and Executive Branch Documents

Cybersecurity: Legislation, Hearings, and Executive Branch Documents CRS Reports & Analysis Print Cybersecurity: Legislation, Hearings, and Executive Branch Documents Rita Tehan, Information Research Specialist (rtehan@crs.loc.gov, 7-6739) View Key CRS Policy Staff May

More information