2. OVERVIEW OF THE PRIVATE INFRASTRUCTURE

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "2. OVERVIEW OF THE PRIVATE INFRASTRUCTURE"

Transcription

1 A Functional Model for Critical Infrastructure Information Sharing and Analysis Maturing and Expanding Efforts ISAC Council White Paper January 31, PURPOSE/OBJECTIVES This paper is an effort to establish a path forward and future vision for information sharing and analysis and to provide a functional model for Critical Infrastructure Information Sharing and Analysis. Based on various government and critical infrastructure meetings during the fall of 2003 the following objectives were established. A. Increase Information Sharing and Analysis Security efforts to support the broadest possible reach both within and outside critical infrastructures so that no entity is excluded. B. Efforts must have long-term viability. C. Realize cost efficiencies and reduce redundancy, where possible. 2. OVERVIEW OF THE PRIVATE INFRASTRUCTURE Our critical infrastructures are composed of a vast number of varied private and public entities. Classifying these entities will enable us to determine the appropriate security and information sharing and analysis support required to achieve a national system. For private entities, the first step is to classify organizations within the specific critical infrastructures to which they belong. Currently, there are fourteen critical infrastructures that have been identified by the government. Secondly, within those infrastructures, a private entity can be considered by size, complexity, and the significance of its function, technology, and operation to the nation. Based on these factors, the required top-level security support can be established. Each critical infrastructure possesses large or significant entities that require focused and intense physical, cyber, and all threats security support. This is the first tier. A second tier, in each critical infrastructure, consists of the companies and organizations or companies with less than critical significance which nevertheless require specific support, but not to the degree or intensity of the Tier 1 companies. As a third tier within each critical infrastructure, there may be a very large number of businesses with limited potential impact, which nevertheless must be supported. Finally, and of great importance, is the general business community that does not fall into the identified fourteen critical infrastructures. This is the fourth tier. 1

2 Based on these factors and approach/model there are then four categories of private and public entities. All of these private and public entities require security support however their requirements vary widely as do their resources, both financial and in terms of expertise, which in turn limit their ability to contribute actively and pay for the security support they need. For example, the Electricity Sector is one interconnected infrastructure and instantaneous with critical loads served by large and small entities. The entire electricity sector requires support due to its extremely interdependent nature. See attached Illustration 1, titled Private and Public Infrastructure and Information Sharing and Analysis Requirements 3. UNIQUE INFORMATION SHARING AND ANALYSIS SUPPORT REQUIREMENTS FOR PRIVATE AND PUBLIC INFRASTRUCTURE How can information sharing and analysis support be best tailored and provided to the tiered, private sector and public organizations described above? The following provides the characteristics of the information sharing and analysis structures required to support private and public industry. A. TRUSTED INFORMATION SHARING AND ANALYSIS STRUCTURE. The structure that is providing the information sharing and analysis support must be trusted to ensure safeguarding of sensitive and proprietary information. There must be tiered levels of reporting that permits TRUSTED reporting that can be safeguarded and, if so required by the reporting member, reported with total anonymity. B. TRUSTED SECTOR-TO-SECTOR RELATIONSHIPS. The information sharing and analysis structure must have the TRUST of not just the individual sector it supports but with the interdependent sectors with which that information is shared. C. PRIVATE SECTOR SUBJECT MATTER EXPERTS. The structure must consist of both private sector expertise and current industry knowledge in order to understand the industry and determine the impact/relevance of any given piece of information. This subject matter expertise must be relevant and broad based, within a sector, in order to immediately bring to bear the specific expertise required. This is a key discriminator and critical capability that is required to secure the nation. D. SPECIFICALLY FOCUSED CYBER/PHYSICAL/ALL THREATS ANALYSIS MUST BE THE CORE MISSION BASED ON PRIVATE INDUSTRIES INFORMATION/INTELLIGENCE REQUIREMENTS. 2

3 Current subject matter expert analysts that can determine the relevance of information to each sector must be used to conduct analysis. Based on the recent North American electrical blackout and Hurricane Isabel, our view of security must be broad, encompassing, and consider All Threats. E. MANAGEMENT OF THE SECTOR AND MEMBERSHIP. Support must be provided to vet private entities and then managed. The security structure must understand and continually be in dialogue with its vetted members and manage this trusted relationship. F. MANAGEMENT OF INDUSTRY ALERT PLANS AND ACTIONS. Specific industries/entities rely upon their security providers to support and provide a basis for their unique alert plans and actions. Industry specific intelligence drives the alert level and countermeasure implementation of many industries. G. INTERNATIONAL REACH. Many of the industries that comprise our nation s critical infrastructures are international in scope. Political borders very often do not define private industry and company holdings. What happens in one country to a private infrastructure has direct consequence in the U.S and vice versa. This is also evident in public sector organizations. Reporting and information must be available to the information sharing and analysis mechanism and therefore TRUSTED by international companies and organizations. 4. AN APPROACH TO SATISFY THE STATED OBJECTIVES Certainly an approach to information sharing and analysis can be created from whole cloth without respect to current in-place security structures. However, such an approach would ignore the considerable effort and resources that have been applied by the sectors at the specific request of government, require a considerable amount of time to establish, and in the final analysis would most probably mirror the current security structures. Given the level of industry investment and private sector cooperation, it would simply be counter-productive to ignore current structures and not determine whether the objectives stated in this paper can be satisfied by the current capabilities or by these capabilities once they have been matured and expanded. In fact, for many years industry sector information sharing and analysis capabilities have been maturing. These capabilities are viable, providing significant security support to the nation, and satisfying most of the unique information sharing and analysis requirements of the sectors. 3

4 The most cost effective and viable approach is to evolve the current structures that satisfy the unique industry requirements stated above and can be matured/expanded to fulfill the objectives stated in paragraph STATUS OF INFORMATION SHARING AND ANALYSIS STRUCTURES United States cultural, constitutional, and legal requirements create an environment where the primary responsibility for safeguarding private and public domestic infrastructure lies with the owners of the assets. The cornerstone of information sharing and analysis efforts has been the private industry specific Information Sharing and Analysis Centers (ISACs), which have existed in many forms, beginning in 1984 with the National Coordinating Center for Telecommunications (NCC), through the formation of the Financial Services ISAC in October 1999, to the fourteen sector specific ISACs in existence today. These ISACs are at different levels of maturity. Nevertheless, that so many sectors have invested time, energy, millions of dollars, and in-kind resources in establishing ISACs demonstrates that these sectors see value in establishing formal information sharing and analysis mechanisms that reflect their unique operational and governance characteristics. Also of importance is that the ISACs have voluntarily come together and established an ISAC Council to mature their individual and collective processes, integrate their individual efforts, and address common issues. Through the ISAC Council the ISACs have reached out to the Sector Coordinators and are integrating the coordinators into the council processes. The vision is to continue to coordinate and integrate the private sector security processes through the joint ISAC Council and Sector Coordinator mechanism. All of the ISACs are actively reaching out to their entire sector and integrating the small businesses and organizations to ensure they are supported. For example, the Transit ISAC is open to all transit entities regardless of size. An FTA government grant supported the establishment and operations of this ISAC and its broad outreach. Similarly, the Trucking ISAC provides for open access to all in the industry, regardless of size, based on a multi-tiered need to know criteria. Congress has appropriated funding to enable this approach to be fully implemented over the next several years. The following captures the significant reach of the eleven ISACs represented on the ISAC Council. When viewed in total, the ISACs represent a broad reach for industry and government and a TRUSTED node for information sharing and analysis. Chemical 90% of the sector Electricity nearly 100% Energy 85% and increasing Financial 90% and adding full sector Healthcare Developing Information Technology - ~ 70% of IT globally and ~ 85% of cross sector IT 4

5 Public Transit reaching all major transit systems and developing outreach to connect all agencies Surface Transportation 95% of the Freight Railroad Industry and Amtrak Telecom 95% of infrastructure Trucking - 60% of economic with over 50% of long haul Water 85% of sector receiving alerts In order to take the ISAC from concept to implementation/operation a definition is required. An ISAC is a trusted, sector specific, entity which provides to its constituency a 24/7 Secure Operating Capability that establishes the sector's specific information/intelligence requirements for incidences, threats and vulnerabilities. Based on its sector focused subject matter analytical expertise, the ISAC then collects, analyzes, and disseminates alerts and incident reports to its membership and helps the government understand impacts for their sector. It provides an electronic, trusted ability for the membership to exchange and share information on cyber, physical, and all threats in order to defend the critical infrastructure. This includes analytical support to the Government and other ISACs regarding technical sector details and in mutual information sharing and assistance during actual or potential sector disruptions whether caused by intentional or natural events. TRUSTED information sharing is one of the most vital and sensitive functions of an ISAC. Information sharing requires a trusted relationship between the ISAC and its constituency. Private companies and organizations must know that their private data is protected from all who might use it to the detriment of private industry. This includes competitors as well as regulatory agencies. ISACs provide the required balanced, TRUSTED, information sharing and analysis mechanism for private industry. Private industry TRUST of its ISAC is the critical operational foundation for the ISAC to accomplish its mission. An ISAC manages, vets, establishes, and authenticates the identity of its membership. The ISAC ensures the security of the ISAC s membership, and its data and processes. Sector-Specific Subject Matter Expert Analysis is a critical capability for the ISACs. The purpose of sector specific, subject matter expert, analysis is to identify and categorize threats and vulnerabilities and then identify emerging trends before they can affect critical infrastructures. This is especially true for cyber, physical, and all threats. ISAC provided, sector specific analysis adds critical value to the information being disseminated. The products of this analysis are: 24/7 immediate, sector specific, physical, cyber, all threat and incident report warning Sector specific information and intelligence requirements Forecasts and mitigation strategies to emerging threats Tested mitigations Sector-specific impact assessments 5

6 Cross sector interdependencies, vulnerabilities, and threats. Sector vulnerabilities are extremely sensitive information that must be highly protected. 6. A VISION FOR MATURING AND EXPANDING THE CURRENT INFORMATION SHARING AND ANALYSIS STUCTURES Once fully mature, the ISAC community will be able to enhance the protection of each critical infrastructure through formally recognized partnerships that link ISAC sectors with one another. Analysis provides trending and cross-sector information and identifies interdependencies and effects. ISACs integrate their individual sector analysis and responses across all critical infrastructures. All enterprises participate in infrastructure protection as a routine business operation. The ISACs perform rapid analysis by using a central repository of threat and vulnerability data. The sector specific, subject matter expert, analysis enables enterprises to respond to emerging threats and permits the infrastructure to anticipate potential harm and establish suitable safeguards. Full maturity of the ISAC community leads to interoperability and the ability to forecast emerging threat trends. The desired outcome of a successful ISAC community is the operation of self healing and resilient critical infrastructures that can anticipate and respond to emerging threats in ways that limit disruption. The government is an integrated partner and supports private industry information sharing and analysis efforts with analytical expertise, connectivity, and resources. The only way to ensure sustainability of the information-sharing model is through a viable and robust private sector and government partnership. 7. A PATH FORWARD - MATURING INFORMATION SHARING AND ANALYSIS AND THE ISAC COMMUNITY. Since 1998, the nation s critical infrastructures have been maturing their ISACs. An ISAC community has been established through the ISAC Council and the council s further outreach to the sector coordinators. The ISACs individually have been reaching out to their entire sector to include the small businesses and organizations within their sector. Per the outreach statistics captured in Section 5, the ISACs currently represent and reach a significant portion of the critical domestic infrastructures. To achieve the vision for the ISAC Community and for information sharing and analysis processes, all businesses - including the small business community - must be included. Where possible duplication of effort must be reduced and cost efficiencies achieved. The following recommendations will provide great support to the maturation and vision of the information sharing and analysis effort. 6

7 Each of the current operational ISACs must be open to and reach the Tier 1, Tier 2 and the small business community/tier 3 within each sector. o The government should support the ISACs core functionalities, its small business sector outreach, and analytical effort within each sector through baseline funding. (See attached diagram 1) A specific cost estimate for this effort can be developed by the ISAC Council in conjunction with member ISACs and provided to DHS. Beyond core functionalities, Tier 1 and Tier 2 companies that require enhanced support may continue to pay a membership fee. o A General Business ISAC should be established to reach those general businesses not currently supported by an ISAC. This General Business ISAC would provide baseline security information to vetted small businesses. This ISAC would primarily host a secure website as its means of outreach to its membership. As one approach, associations such as the National Federation of Independent Business and others represent the general business community and have very broad memberships. These entities consist of general businesses and understand the general business community. These entities that focus and serve general business can best create a General Business ISAC and determine what information sharing and analysis/isac support is required. They can vet their membership and manage their members relationship with the ISAC and the broader information sharing and analysis community. The NFIB and other small business associations should be approached regarding interest in establishing an ISAC. The government should procure a bulk license for the ISACs to receive data directly from some of the most viable vulnerability and threat sources and possibly access to analytical or modeling tools. This would provide an overall cost savings to the individual ISACs. The government should establish a standing and formal TRUSTED information sharing and analysis process. The ISACs and sector coordinators are the TRUSTED nodes for this dissemination. This body should be brought in at the beginning of any effort. DHS products should be released to this group for primary and priority dissemination to their respective sectors. A government provided communications network must be established for secure information sharing and analysis. The CWIN capability should be considered as an interim, first phase communications capability. Some of the ISACs are conducting routine communications checks at the analytical level in anticipation of expanded use of CWIN. Functionality needs to be added to CWIN. 7

8 Integrated ISAC and government analytical efforts must continue, and an analytical community that focuses on private industries and public organizations Priority Intelligence and Information Requirements must be established and matured. Industry, working through the ISAC and government analytical working groups, should be integrated into the full government intelligence cycle requirements, tasking, analysis, reporting, and dissemination. The governmentfunding baseline will also resource an ISAC analyst working at DHS to support analysis of sector specific information/intelligence requirements. 8. RECOMMENDATIONS/CONCLUSION This paper has been developed as a resource tool and position paper, with the full input of the ISAC Council, to guide the development of an effective working relationship between the ISACs, ISAC Council, Sector Coordinators, and the Department of Homeland Security. Our intent is to continue to develop these concepts and establish a definitive implementation plan. References: The following are ISAC Council papers in process or released that have relevance to what has been discussed in this paper. They can provide further details on a number of the issues we have raised.. Information Sharing Process and Types of Data ISAC and Government Analytical Efforts Liability and Legal Anti-Trust Interdependencies Policy Framework for the ISAC Community Next Steps Vetting/TRUST for Communication among ISACs and Government Entities Integration of ISACs into Government and Homeland Defense Exercises PDD 63 Review and Recommendations Reach of the ISACs Information Sharing and Analysis Centers, or ISACS, are private sector operational organizations which today are collecting, distributing, analyzing and sharing sensitive information regarding threats, vulnerabilities, alerts and best practices in order to protect our national critical infrastructures. Eleven ISACs -- Chemical, Electricity, Energy, Financial Services, Healthcare, Information Technology, Public Transit, Surface Transportation, Telecommunications, Truck, and Water -- have joined together as an ISAC Council, partnering with their sectors, with one another, and with government to advance the physical and cyber security of the critical infrastructures of North America. Please note that this paper was written by the ISAC Council as a consensus document, with input and review by member ISACs. However, its views and findings do not necessarily represent the official position of each ISAC. For more information on the ISAC Council and the ISACs which form its membership, please visit 8

9 Private Infrastructure and Information Sharing and Analysis Requirements Tier 3 Small businesses & organizations within the fourteen identified critical infrastructures Tier 1 & 2 Medium to large and international companies / organizations / entities of significance Information Sharing and Analysis Requirements 24/7 threat alerts, incident reports, and continuous specific sector & focused interdependencies situational awareness Relies on top tier companies & organizations and sector efforts, mechanisms, and relationships for information/intelligence sharing and analysis Tier 4 All small and general businesses & organizations NOT included in the 14 critical infrastructures Broad Range of Small and General Businesses & Organizations Concerns must be well understood and managed. TRUSTED and secure support structure TRUST and sector expertise required TRUST and overall general business expertise required Analysis must be based on Timeliness less critical Timeliness less critical current sector-specific subject matter expertise Best practices Best practices Best practices Sector specific intelligence/information requirements Contact information if further support is required Contact information if further support is required Sector specific threats and alerts Support to management of industry alert plans and actions Cyber, physical, and all threat information/intelligence Info Sharing and Analysis Structure must manage, understand, and vet membership/sector Interdependencies information/intelligence and threat impacts to the General situational awareness Push approach for threats Pull approach for best practices and general security information Info Sharing and Analysis Structure must manage, understand, and vet membership/sector General situational awareness Push approach for threats Pull approach for best practices and general security information Info Sharing and Analysis Structure must manage, understand, and vet membership/sector 9

10 primary sector Short, mid, and long term sector specific analysis Push, pull, and redundant mechanisms Access to Government classified information 10

THE WHITE HOUSE. Office of the Press Secretary. For Immediate Release February 12, 2013. February 12, 2013

THE WHITE HOUSE. Office of the Press Secretary. For Immediate Release February 12, 2013. February 12, 2013 THE WHITE HOUSE Office of the Press Secretary For Immediate Release February 12, 2013 February 12, 2013 PRESIDENTIAL POLICY DIRECTIVE/PPD-21 SUBJECT: Critical Infrastructure Security and Resilience The

More information

aecert Roadmap Eng. Mohammed Gheyath Director, Technical Affairs TRA

aecert Roadmap Eng. Mohammed Gheyath Director, Technical Affairs TRA aecert Roadmap Eng. Mohammed Gheyath Director, Technical Affairs TRA Agenda Introduction aecert Vision & Mission The need to establish a UAE National CERT Constituent Framework & Service Catalog National

More information

Testimony of. Mr. Anish Bhimani. On behalf of the. Financial Services Information Sharing and Analysis Center (FS-ISAC) before the

Testimony of. Mr. Anish Bhimani. On behalf of the. Financial Services Information Sharing and Analysis Center (FS-ISAC) before the Testimony of Mr. Anish Bhimani On behalf of the Financial Services Information Sharing and Analysis Center (FS-ISAC) before the Committee on Homeland Security United States House of Representatives DHS

More information

Docket No. DHS-2015-0017, Notice of Request for Public Comment Regarding Information Sharing and Analysis Organizations

Docket No. DHS-2015-0017, Notice of Request for Public Comment Regarding Information Sharing and Analysis Organizations Submitted via ISAO@hq.dhs.gov and www.regulations.gov July 10, 2015 Mr. Michael Echols Director, JPMO-ISAO Coordinator NPPD, Department of Homeland Security 245 Murray Lane, Mail Stop 0615 Arlington VA

More information

Network Security Deployment Obligation and Expenditure Report

Network Security Deployment Obligation and Expenditure Report Network Security Deployment Obligation and Expenditure Report First and Second Quarters, Fiscal Year 2015 June 16, 2015 Fiscal Year 2015 Report to Congress National Protection and Programs Directorate

More information

Legislative Language

Legislative Language Legislative Language SECTION 1. DEPARTMENT OF HOMELAND SECURITY CYBERSECURITY AUTHORITY. Title II of the Homeland Security Act of 2002 (6 U.S.C. 121 et seq.) is amended (a) in section 201(c) by striking

More information

TEXAS HOMELAND SECURITY STRATEGIC PLAN 2015-2020: PRIORITY ACTIONS

TEXAS HOMELAND SECURITY STRATEGIC PLAN 2015-2020: PRIORITY ACTIONS TEXAS HOMELAND SECURITY STRATEGIC PLAN 2015-2020: PRIORITY ACTIONS INTRODUCTION The purpose of this document is to list the aligned with each in the Texas Homeland Security Strategic Plan 2015-2020 (THSSP).

More information

NATIONAL STRATEGY FOR GLOBAL SUPPLY CHAIN SECURITY

NATIONAL STRATEGY FOR GLOBAL SUPPLY CHAIN SECURITY NATIONAL STRATEGY FOR GLOBAL SUPPLY CHAIN SECURITY JANUARY 2012 Table of Contents Executive Summary 1 Introduction 2 Our Strategic Goals 2 Our Strategic Approach 3 The Path Forward 5 Conclusion 6 Executive

More information

US-CERT Year in Review. United States Computer Emergency Readiness Team

US-CERT Year in Review. United States Computer Emergency Readiness Team US-CERT Year in Review United States Computer Emergency Readiness Team CY 2012 US-CERT Year in Review United States Computer Emergency Readiness Team CY 2012 What s Inside Welcome 1 Vison, Mission, Goals

More information

April 8, 2013. Ms. Diane Honeycutt National Institute of Standards and Technology 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899

April 8, 2013. Ms. Diane Honeycutt National Institute of Standards and Technology 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899 Salt River Project P.O. Box 52025 Mail Stop: CUN204 Phoenix, AZ 85072 2025 Phone: (602) 236 6011 Fax: (602) 629 7988 James.Costello@srpnet.com James J. Costello Director, Enterprise IT Security April 8,

More information

H. R. 5005 11 SEC. 201. DIRECTORATE FOR INFORMATION ANALYSIS AND INFRA STRUCTURE PROTECTION.

H. R. 5005 11 SEC. 201. DIRECTORATE FOR INFORMATION ANALYSIS AND INFRA STRUCTURE PROTECTION. H. R. 5005 11 (d) OTHER OFFICERS. To assist the Secretary in the performance of the Secretary s functions, there are the following officers, appointed by the President: (1) A Director of the Secret Service.

More information

Water Critical Infrastructure and Key Resources Sector-Specific Plan as input to the National Infrastructure Protection Plan Executive Summary

Water Critical Infrastructure and Key Resources Sector-Specific Plan as input to the National Infrastructure Protection Plan Executive Summary Water Critical Infrastructure and Key Resources Sector-Specific Plan as input to the National Infrastructure Protection Plan Executive Summary May 2007 Environmental Protection Agency Executive Summary

More information

One Hundred Thirteenth Congress of the United States of America

One Hundred Thirteenth Congress of the United States of America S. 2519 One Hundred Thirteenth Congress of the United States of America AT THE SECOND SESSION Begun held at the City of Washington on Friday, the third day of January, two thous fourteen An Act To codify

More information

All. Presidential Directive (HSPD) 7, Critical Infrastructure Identification, Prioritization, and Protection, and as they relate to the NRF.

All. Presidential Directive (HSPD) 7, Critical Infrastructure Identification, Prioritization, and Protection, and as they relate to the NRF. Coordinating Agency: Department of Homeland Security Cooperating Agencies: All INTRODUCTION Purpose Scope This annex describes the policies, responsibilities, and concept of operations for Federal incident

More information

RE: Experience with the Framework for Improving Critical Infrastructure Cybersecurity

RE: Experience with the Framework for Improving Critical Infrastructure Cybersecurity October 10, 2014 Ms. Diane Honeycutt National Institute of Standards and Technology 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899 RE: Experience with the Framework for Improving Critical Infrastructure

More information

Preventing and Defending Against Cyber Attacks June 2011

Preventing and Defending Against Cyber Attacks June 2011 Preventing and Defending Against Cyber Attacks June 2011 The Department of Homeland Security (DHS) is responsible for helping Federal Executive Branch civilian departments and agencies secure their unclassified

More information

No. 33 February 19, 2013. The President

No. 33 February 19, 2013. The President Vol. 78 Tuesday, No. 33 February 19, 2013 Part III The President Executive Order 13636 Improving Critical Infrastructure Cybersecurity VerDate Mar2010 17:57 Feb 15, 2013 Jkt 229001 PO 00000 Frm 00001

More information

Preventing and Defending Against Cyber Attacks October 2011

Preventing and Defending Against Cyber Attacks October 2011 Preventing and Defending Against Cyber Attacks October 2011 The Department of Homeland Security (DHS) is responsible for helping Federal Executive Branch civilian departments and agencies secure their

More information

S. 2519 AN ACT. To codify an existing operations center for cybersecurity.

S. 2519 AN ACT. To codify an existing operations center for cybersecurity. TH CONGRESS D SESSION S. 1 AN ACT To codify an existing operations center for cybersecurity. 1 Be it enacted by the Senate and House of Representa- tives of the United States of America in Congress assembled,

More information

Infrastructure Protection Gateway

Infrastructure Protection Gateway Infrastructure Protection Gateway Our Nation s critical infrastructure is essential to sustaining our security, the economy, and the American way of life. The Department of Homeland Security (DHS), National

More information

Update on U.S. Critical Infrastructure and Cybersecurity Initiatives

Update on U.S. Critical Infrastructure and Cybersecurity Initiatives Update on U.S. Critical Infrastructure and Cybersecurity Initiatives Presented to Information Security Now! Seminar Helsinki, Finland May 8, 2013 MARK E. SMITH Assistant Director International Security

More information

GLOBAL BUSINESS DIALOGUE ON ELECTRONIC COMMERCE CYBER SECURITY AND CYBER CRIME SEPTEMBER 26, 2000. CEO EDS Corporation

GLOBAL BUSINESS DIALOGUE ON ELECTRONIC COMMERCE CYBER SECURITY AND CYBER CRIME SEPTEMBER 26, 2000. CEO EDS Corporation GLOBAL BUSINESS DIALOGUE ON ELECTRONIC COMMERCE CYBER SECURITY AND CYBER CRIME SEPTEMBER 26, 2000 Issue Chair: Issue Sherpa: Dick Brown CEO EDS Corporation Bill Poulos EDS Corporation Tel: (202) 637-6708

More information

National Security & Homeland Security Councils Review of National Cyber Security Policy. Submission of the Business Software Alliance March 19, 2009

National Security & Homeland Security Councils Review of National Cyber Security Policy. Submission of the Business Software Alliance March 19, 2009 National Security & Homeland Security Councils Review of National Cyber Security Policy Submission of the Business Software Alliance March 19, 2009 Question # 1: What is the federal government s role in

More information

Why you should adopt the NIST Cybersecurity Framework

Why you should adopt the NIST Cybersecurity Framework www.pwc.com/cybersecurity Why you should adopt the NIST Cybersecurity Framework May 2014 The National Institute of Standards and Technology Cybersecurity Framework may be voluntary, but it offers potential

More information

The Comprehensive National Cybersecurity Initiative

The Comprehensive National Cybersecurity Initiative The Comprehensive National Cybersecurity Initiative President Obama has identified cybersecurity as one of the most serious economic and national security challenges we face as a nation, but one that we

More information

GAO CRITICAL INFRASTRUCTURE PROTECTION. Significant Challenges in Developing Analysis, Warning, and Response Capabilities.

GAO CRITICAL INFRASTRUCTURE PROTECTION. Significant Challenges in Developing Analysis, Warning, and Response Capabilities. GAO United States General Accounting Office Testimony Before the Subcommittee on Technology, Terrorism and Government Information, Committee on the Judiciary, U.S. Senate For Release on Delivery Expected

More information

Preventing and Defending Against Cyber Attacks November 2010

Preventing and Defending Against Cyber Attacks November 2010 Preventing and Defending Against Cyber Attacks November 2010 The Nation s first ever Quadrennial Homeland Security Review (QHSR), delivered to Congress in February 2010, identified safeguarding and securing

More information

Washington State Fusion Center. The Pacific Northwest Economic Region

Washington State Fusion Center. The Pacific Northwest Economic Region FUSION CENTER SPOTLIGHT Washington State Fusion Center and the Pacific Northwest Economic Region: Building a Critical Infrastructure/ Key resource Information Sharing Capability Washington State Fusion

More information

CYBER SECURITY GUIDANCE

CYBER SECURITY GUIDANCE CYBER SECURITY GUIDANCE With the pervasiveness of information technology (IT) and cyber networks systems in nearly every aspect of society, effectively securing the Nation s critical infrastructure requires

More information

Cyber Information-Sharing Models: An Overview

Cyber Information-Sharing Models: An Overview PARTNERSHIP Cyber Information-Sharing Models: An Overview October 2012. The MITRE Corporation. All rights reserved. Approved for Public Release. Case Number 11-4486. Distribution Unlimited. Table of Contents

More information

INFRAGARD.ORG. Portland FBI. Unclassified 1

INFRAGARD.ORG. Portland FBI. Unclassified 1 INFRAGARD.ORG Portland FBI 1 INFRAGARD Thousands of Members One Mission Securing Infrastructure The subject matter experts include: 2 INFRAGARD Provides a trusted environment for the exchange of Intelligence

More information

Machine-to-Machine Exchange of Cyber Threat Information: a Key to Mature Cyber Defense

Machine-to-Machine Exchange of Cyber Threat Information: a Key to Mature Cyber Defense Machine-to-Machine Exchange of Cyber Threat Information: a Key to Mature Cyber Defense By: Daniel Harkness, Chris Strasburg, and Scott Pinkerton The Challenge The Internet is an integral part of daily

More information

Actions and Recommendations (A/R) Summary

Actions and Recommendations (A/R) Summary Actions and Recommendations (A/R) Summary Priority I: A National Cyberspace Security Response System A/R 1-1: DHS will create a single point-ofcontact for the federal government s interaction with industry

More information

NATIONAL CYBERSECURITY PROTECTION ACT OF 2014

NATIONAL CYBERSECURITY PROTECTION ACT OF 2014 PUBLIC LAW 113 282 DEC. 18, 2014 NATIONAL CYBERSECURITY PROTECTION ACT OF 2014 VerDate Mar 15 2010 21:01 Feb 12, 2015 Jkt 049139 PO 00282 Frm 00001 Fmt 6579 Sfmt 6579 E:\PUBLAW\PUBL282.113 PUBL282 128

More information

Testimony of. Wm. Douglas Johnson. American Bankers Association. Subcommittee on Information Technology

Testimony of. Wm. Douglas Johnson. American Bankers Association. Subcommittee on Information Technology Testimony of Wm. Douglas Johnson On behalf of the American Bankers Association before the Subcommittee on Information Technology of the Committee on Oversight and Government Reform United States House

More information

JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015

JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015 JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015 The following consists of the joint explanatory statement to accompany the Cybersecurity Act of 2015. This joint explanatory statement

More information

Cyber Side-Effects: How Secure is the Personal Information Entered into the Flawed Healthcare.gov? Statement for the Record

Cyber Side-Effects: How Secure is the Personal Information Entered into the Flawed Healthcare.gov? Statement for the Record Cyber Side-Effects: How Secure is the Personal Information Entered into the Flawed Healthcare.gov? Statement for the Record Roberta Stempfley Acting Assistant Secretary for Cybersecurity and Communications

More information

NICE and Framework Overview

NICE and Framework Overview NICE and Framework Overview Bill Newhouse NIST NICE Leadership Team Computer Security Division Information Technology Lab National Institute of Standards and Technology TABLE OF CONTENTS Introduction to

More information

THE 411 ON CYBERSECURITY, INFORMATION SHARING AND PRIVACY

THE 411 ON CYBERSECURITY, INFORMATION SHARING AND PRIVACY THE 411 ON CYBERSECURITY, INFORMATION SHARING AND PRIVACY DISCLAIMER Views expressed in this presentation are not necessarily those of our respective Departments Any answers to questions are our own opinions

More information

Cyber Security Recommendations October 29, 2002

Cyber Security Recommendations October 29, 2002 Cyber Security Recommendations October 29, 2002 Leading Co-Chair (Asia/Oceania) Co-Chair (Americas) Co-Chair (Europe/Africa) Dr. Hiroki Arakawa Executive Vice President NTT Data Corporation Richard Brown

More information

Written Statement of Richard Dewey Executive Vice President New York Independent System Operator

Written Statement of Richard Dewey Executive Vice President New York Independent System Operator Written Statement of Richard Dewey Executive Vice President New York Independent System Operator Senate Standing Committee on Veterans, Homeland Security and Military Affairs Senator Thomas D. Croci, Chairman

More information

Cybersecurity: Mission integration to protect your assets

Cybersecurity: Mission integration to protect your assets Cybersecurity: Mission integration to protect your assets C Y B E R S O L U T I O N S P O L I C Y O P E R AT I O N S P E O P L E T E C H N O L O G Y M A N A G E M E N T Ready for what s next Cyber solutions

More information

Delving Into FCC's 'Damn Important' Cybersecurity Report

Delving Into FCC's 'Damn Important' Cybersecurity Report Portfolio Media. Inc. 860 Broadway, 6th Floor New York, NY 10003 www.law360.com Phone: +1 646 783 7100 Fax: +1 646 783 7161 customerservice@law360.com Delving Into FCC's 'Damn Important' Cybersecurity

More information

Overview TECHIS60241. Carry out risk assessment and management activities

Overview TECHIS60241. Carry out risk assessment and management activities Overview Information in all its forms is a vital component of the digital environment in which we live and work. The protection of information in its physical form is well understood but the protection

More information

DHS, National Cyber Security Division Overview

DHS, National Cyber Security Division Overview DHS, National Cyber Security Division Overview Hun Kim, Deputy Director Strategic Initiatives Information Analysis and Infrastructure Protection Directorate www.us-cert.gov The strategy of DHS, as defined

More information

Cyber security in an organization-transcending way

Cyber security in an organization-transcending way Cyber security in an organization-transcending way EASEE-gas meeting March 19, 2015 Paul Bloemen ICT Security Manager Gasunie Chair Dutch Energy ISAC March 19, 2015 2 What to talk about Why is cyber security

More information

Cyber Incident Annex. Cooperating Agencies: Coordinating Agencies:

Cyber Incident Annex. Cooperating Agencies: Coordinating Agencies: Cyber Incident Annex Coordinating Agencies: Department of Defense Department of Homeland Security/Information Analysis and Infrastructure Protection/National Cyber Security Division Department of Justice

More information

Risk & Vulnerability Assessment Training

Risk & Vulnerability Assessment Training Critical Infrastructure Protection Homeland security assistance should be based strictly on an assessment of risks and vulnerabilities......it [Homeland Security] should supplement state and local resources

More information

An Overview of Large US Military Cybersecurity Organizations

An Overview of Large US Military Cybersecurity Organizations An Overview of Large US Military Cybersecurity Organizations Colonel Bruce D. Caulkins, Ph.D. Chief, Cyber Strategy, Plans, Policy, and Exercises Division United States Pacific Command 2 Agenda United

More information

Subject: Critical Infrastructure Identification, Prioritization, and Protection

Subject: Critical Infrastructure Identification, Prioritization, and Protection For Immediate Release Office of the Press Secretary The White House December 17, 2003 Homeland Security Presidential Directive / HSPD-7 Subject: Critical Infrastructure Identification, Prioritization,

More information

State Engagement with the Energy Sector to Improve Cyber Security

State Engagement with the Energy Sector to Improve Cyber Security Contact: Allison Cullin Homeland Security and Technology Division 202/624-5311 April 20, 2010 State Engagement with the Energy Sector to Improve Cyber Security Executive Summary The state-owned computer

More information

December 17, 2003 Homeland Security Presidential Directive/Hspd-7

December 17, 2003 Homeland Security Presidential Directive/Hspd-7 For Immediate Release Office of the Press Secretary December 17, 2003 December 17, 2003 Homeland Security Presidential Directive/Hspd-7 Subject: Critical Infrastructure Identification, Prioritization,

More information

State Homeland Security Strategy (2012)

State Homeland Security Strategy (2012) Section 1 > Introduction Purpose The purpose of the State Homeland Security Strategy (SHSS) is to identify statewide whole community priorities to achieve and sustain a strengthened ability to prevent,

More information

Legislative Language

Legislative Language Legislative Language SEC. 1. COORDINATION OF FEDERAL INFORMATION SECURITY POLICY. (a) IN GENERAL. Chapter 35 of title 44, United States Code, is amended by striking subchapters II and III and inserting

More information

Bringing Data to Life

Bringing Data to Life Bringing Data to Life Presented by Michael Echols REGIONAL INTELLIGENCE SEMINAR AND NATIONAL SECURITY FORUM DHS Responsibilities Emergency Communications Capabilities Secure dot-gov Assist in Protecting

More information

National Cyber Security Framework and Protocol. for securing digital information in networked critical infrastructures and communications

National Cyber Security Framework and Protocol. for securing digital information in networked critical infrastructures and communications OPERATIONAL REQUIREMENTS DOCUMENT National Cyber Security Framework and Protocol Contents for securing digital information in networked critical infrastructures and communications 1. General Description

More information

Homeland Security: Information Assurance Challenges and Opportunities. Building the National Cyber Security Division

Homeland Security: Information Assurance Challenges and Opportunities. Building the National Cyber Security Division Homeland Security: Information Assurance Challenges and Opportunities Building the National Cyber Security Division The Homeland Security Act and national strategies direct DHS to take the lead on cyber

More information

Cybersecurity and Corporate America: Finding Opportunities in the New Executive Order

Cybersecurity and Corporate America: Finding Opportunities in the New Executive Order Executive Order: In the President s State of the Union Address on February 12, 2013, he announced an Executive Order Improving Critical Infrastructure Cybersecurity (EO) to strengthen US cyber defenses

More information

Continuity of Operations Plan Template

Continuity of Operations Plan Template Continuity of Operations Plan Template Office of Water (4608-T) EPA 817-B-14-007 November 2014 Please note: The golden key sticky notes located throughout the template provide additional information and

More information

Business Plan 2012/13

Business Plan 2012/13 Business Plan 2012/13 Contents Introduction 3 About the NFA..4 Priorities for 2012/13 4 Resources.6 Reporting Arrangements.6 Objective 1 7 To raise the profile and awareness of fraud among individuals,

More information

GAO CRITICAL INFRASTRUCTURE PROTECTION. Comments on the Proposed Cyber Security Information Act of 2000. Testimony

GAO CRITICAL INFRASTRUCTURE PROTECTION. Comments on the Proposed Cyber Security Information Act of 2000. Testimony GAO United States General Accounting Office Testimony Before the Subcommittee on Government Management, Information and Technology, Committee on Government Reform, House of Representatives For Release

More information

National Cyber Threat Information Sharing. System Strengthening Study

National Cyber Threat Information Sharing. System Strengthening Study Contemporary Engineering Sciences, Vol. 7, 2014, no. 32, 1755-1761 HIKARI Ltd, www.m-hikari.com http://dx.doi.org/10.12988/ces.2014.411235 National Cyber Threat Information Sharing System Strengthening

More information

ENERGY SECTOR CYBERSECURITY FRAMEWORK IMPLEMENTATION GUIDANCE

ENERGY SECTOR CYBERSECURITY FRAMEWORK IMPLEMENTATION GUIDANCE ENERGY SECTOR CYBERSECURITY FRAMEWORK IMPLEMENTATION GUIDANCE JANUARY 2015 U.S. DEPARTMENT OF ENERGY OFFICE OF ELECTRICITY DELIVERY AND ENERGY RELIABILITY Energy Sector Cybersecurity Framework Implementation

More information

NASCIO 2014 State IT Recognition Awards

NASCIO 2014 State IT Recognition Awards NASCIO 2014 State IT Recognition Awards Project: California Cybersecurity Task Force Category: Cybersecurity Initiatives Project Initiation Date: September, 2012 Project Completion Date: May 2013 Carlos

More information

The Aviation Information Sharing and Analysis Center (A-ISAC)

The Aviation Information Sharing and Analysis Center (A-ISAC) The Aviation Information Sharing and Analysis Center (A-ISAC) Faye Francy Aviation ISAC March 2015 The Threat A National Security Issue Rapidly escalating cyber threats Executive action Executive Order

More information

National Communications System. December 6, 2007

National Communications System. December 6, 2007 1 National Communications System December 6, 2007 2 National Communications System (NCS) Established in 1963 in response to communications failures associated with the Cuban Missile Crisis The mandate

More information

Testimony of. Doug Johnson. New York Bankers Association. New York State Senate Joint Public Hearing:

Testimony of. Doug Johnson. New York Bankers Association. New York State Senate Joint Public Hearing: Testimony of Doug Johnson On behalf of the New York Bankers Association before the New York State Senate Joint Public Hearing: Cybersecurity: Defending New York from Cyber Attacks November 18, 2013 Testimony

More information

Michigan State Police Emergency Management & Homeland Security. Infrastructure Analysis & Response Section. Sgt. Bruce E. Payne

Michigan State Police Emergency Management & Homeland Security. Infrastructure Analysis & Response Section. Sgt. Bruce E. Payne Michigan State Police Emergency Management & Homeland Security Infrastructure Analysis & Response Section Sgt. Bruce E. Payne Presidential Directive On December 17, 2003, President Bush issued Homeland

More information

Hearing before the House Permanent Select Committee on Intelligence. Homeland Security and Intelligence: Next Steps in Evolving the Mission

Hearing before the House Permanent Select Committee on Intelligence. Homeland Security and Intelligence: Next Steps in Evolving the Mission Hearing before the House Permanent Select Committee on Intelligence Homeland Security and Intelligence: Next Steps in Evolving the Mission 18 January 2012 American expectations of how their government

More information

Information Assurance. and Critical Infrastructure Protection

Information Assurance. and Critical Infrastructure Protection Information Assurance and Critical Infrastructure Protection A Federal Perspective Information Assurance Presented by the Government Electronics and Information Technology Association 2001 Executive Summary

More information

TESTIMONY OF DANIEL DUFF VICE PRESIDENT - GOVERNMENT AFFAIRS AMERICAN PUBLIC TRANSPORTATION ASSOCIATION BEFORE THE

TESTIMONY OF DANIEL DUFF VICE PRESIDENT - GOVERNMENT AFFAIRS AMERICAN PUBLIC TRANSPORTATION ASSOCIATION BEFORE THE TESTIMONY OF DANIEL DUFF VICE PRESIDENT - GOVERNMENT AFFAIRS AMERICAN PUBLIC TRANSPORTATION ASSOCIATION BEFORE THE HOUSE COMMITTEE ON GOVERNMENT REFORM ON THE 9/11 COMMISSION RECOMMENDATIONS ******* August

More information

THREATS AND VULNERABILITIES FOR C 4 I IN COMMERCIAL TELECOMMUNICATIONS: A PARADIGM FOR MITIGATION

THREATS AND VULNERABILITIES FOR C 4 I IN COMMERCIAL TELECOMMUNICATIONS: A PARADIGM FOR MITIGATION THREATS AND VULNERABILITIES FOR C 4 I IN COMMERCIAL TELECOMMUNICATIONS: A PARADIGM FOR MITIGATION Joan Fowler and Robert C. Seate III Data Systems Analysts, Inc. 10400 Eaton Place, Suite 400 Fairfax, VA

More information

Governance, Risk, and Compliance (GRC) White Paper

Governance, Risk, and Compliance (GRC) White Paper Governance, Risk, and Compliance (GRC) White Paper Table of Contents: Purpose page 2 Introduction _ page 3 What is GRC _ page 3 GRC Concepts _ page 4 Integrated Approach and Methodology page 4 Diagram:

More information

Partnership for Cyber Resilience

Partnership for Cyber Resilience Partnership for Cyber Resilience Principles for Cyber Resilience 1. Recognition of interdependence: All parties have a role in fostering a resilient shared digital space 2. Role of leadership: Encourage

More information

Why is Enterprise Risk Management Important for Preparedness? by Carol A. Fox, ARM & Michael S. Epstein

Why is Enterprise Risk Management Important for Preparedness? by Carol A. Fox, ARM & Michael S. Epstein Why is Enterprise Risk Management Important for Preparedness? by Carol A. Fox, ARM & Michael S. Epstein In his book, The Upside, Adrian J. Slywotzky presents a profound case for ERM and preparedness: Unmanaged

More information

INTEGRATED SAFEGUARDS AND SECURITY MANAGEMENT PLAN (ISSM)

INTEGRATED SAFEGUARDS AND SECURITY MANAGEMENT PLAN (ISSM) LBNL/PUB-3151 INTEGRATED SAFEGUARDS AND SECURITY MANAGEMENT PLAN (ISSM) Environment, Health and Safety Division Ernest Orlando Lawrence Berkeley National Laboratory University of California Berkeley, CA

More information

CLIENT UPDATE CRITICAL INFRASTRUCTURE CYBERSECURITY: U.S. GOVERNMENT RESPONSE AND IMPLICATIONS

CLIENT UPDATE CRITICAL INFRASTRUCTURE CYBERSECURITY: U.S. GOVERNMENT RESPONSE AND IMPLICATIONS CLIENT UPDATE CRITICAL INFRASTRUCTURE CYBERSECURITY: U.S. GOVERNMENT RESPONSE AND IMPLICATIONS NEW YORK Jeremy Feigelson jfeigelson@debevoise.com WASHINGTON, D.C. Satish M. Kini smkini@debevoise.com Renee

More information

National Infrastructure Protection Plan Partnering to enhance protection and resiliency

National Infrastructure Protection Plan Partnering to enhance protection and resiliency National Infrastructure Protection Plan Partnering to enhance protection and resiliency 2009 Preface Risk in the 21st century results from a complex mix of manmade and naturally occurring threats and

More information

INFORMATION SECURITY STRATEGIC PLAN

INFORMATION SECURITY STRATEGIC PLAN INFORMATION SECURITY STRATEGIC PLAN UNIVERSITY OF CONNECTICUT INFORMATION SECURITY OFFICE 4/20/10 University of Connecticut / Jason Pufahl, CISSP, CISM 1 1 MISSION STATEMENT The mission of the Information

More information

Middle Class Economics: Cybersecurity Updated August 7, 2015

Middle Class Economics: Cybersecurity Updated August 7, 2015 Middle Class Economics: Cybersecurity Updated August 7, 2015 The President's 2016 Budget is designed to bring middle class economics into the 21st Century. This Budget shows what we can do if we invest

More information

Section A: Introduction, Definitions and Principles of Infrastructure Resilience

Section A: Introduction, Definitions and Principles of Infrastructure Resilience Section A: Introduction, Definitions and Principles of Infrastructure Resilience A1. This section introduces infrastructure resilience, sets out the background and provides definitions. Introduction Purpose

More information

PREPUBLICATION COPY. More Intelligent, More Effective Cybersecurity Protection

PREPUBLICATION COPY. More Intelligent, More Effective Cybersecurity Protection More Intelligent, More Effective Cybersecurity Protection January 2013 Business Roundtable (BRT) is an association of chief executive officers of leading U.S. companies with more than $7.3 trillion in

More information

Voluntary Cybersecurity Initiatives in Critical Infrastructure. Nadya Bartol, CISSP, SGEIT, nadya.bartol@utc.org. 2014 Utilities Telecom Council

Voluntary Cybersecurity Initiatives in Critical Infrastructure. Nadya Bartol, CISSP, SGEIT, nadya.bartol@utc.org. 2014 Utilities Telecom Council Voluntary Cybersecurity Initiatives in Critical Infrastructure Nadya Bartol, CISSP, SGEIT, nadya.bartol@utc.org 2014 Utilities Telecom Council Utility cybersecurity environment is full of collaborations

More information

Boeing is working with industry to establish a unified cyber strategy and deliver cyber security solutions to airlines worldwide.

Boeing is working with industry to establish a unified cyber strategy and deliver cyber security solutions to airlines worldwide. Boeing is working with industry to establish a unified cyber strategy and deliver cyber security solutions to airlines worldwide. 24 Securing Airline Information on the Ground and in the Air The ability

More information

Supplemental Tool: Executing A Critical Infrastructure Risk Management Approach

Supplemental Tool: Executing A Critical Infrastructure Risk Management Approach Supplemental Tool: Executing A Critical Infrastructure Risk Management Approach Executing a Critical Infrastructure Risk Management Approach Risk is defined as the potential for an unwanted outcome resulting

More information

Fusion Center Guidelines

Fusion Center Guidelines Fusion Center Guidelines Developing and Sharing Information and Intelligence in a New Era Guidelines for Establishing and Operating Fusion Centers at the Local, State, and Federal Levels Law Enforcement

More information

EEI Business Continuity. Threat Scenario Project (TSP) April 4, 2012. EEI Threat Scenario Project

EEI Business Continuity. Threat Scenario Project (TSP) April 4, 2012. EEI Threat Scenario Project EEI Business Continuity Conference Threat Scenario (TSP) April 4, 2012 EEI Threat Scenario 1 Background EEI, working with a group of CIOs and Subject Matter Experts, conducted a survey with member companies

More information

Threat Intelligence. Benefits for the enterprise

Threat Intelligence. Benefits for the enterprise Benefits for the enterprise Contents Introduction Threat intelligence: a maturing defence differentiator Understanding the types of threat intelligence: from the generic to the specific Deriving value

More information

NIPP 2013. Partnering for Critical Infrastructure Security and Resilience

NIPP 2013. Partnering for Critical Infrastructure Security and Resilience NIPP 2013 Partnering for Critical Infrastructure Security and Resilience Acknowledgments NIPP 2013: Partnering for Critical Infrastructure Security and Resilience was developed through a collaborative

More information

2015 Michigan NASCIO Award Nomination. Cyber Security Initiatives: Michigan Cyber Disruption Response Strategy

2015 Michigan NASCIO Award Nomination. Cyber Security Initiatives: Michigan Cyber Disruption Response Strategy 2015 Michigan NASCIO Award Nomination Cyber Security Initiatives: Michigan Cyber Disruption Response Strategy Sponsor: David Behen, DTMB Director and Chief Information Officer Program Manager: Rod Davenport,

More information

Managing Cyber Risks to Transportation Systems. Mike Slawski Cyber Security Awareness & Outreach

Managing Cyber Risks to Transportation Systems. Mike Slawski Cyber Security Awareness & Outreach Managing Cyber Risks to Transportation Systems Mike Slawski Cyber Security Awareness & Outreach The CIA Triad 2 SABSA Model 3 TSA Mission in Cyber Space Mission - Facilitate the measured improvement of

More information

Executive Summary - North Carolina Statewide Technical Architecture

Executive Summary - North Carolina Statewide Technical Architecture State of North Carolina NASCIO Nomination Enterprise Architecture Executive Summary - North Carolina Statewide Technical Architecture In 1994, North Carolina recognized a the need for a comprehensive enterprise

More information

Report: An Analysis of US Government Proposed Cyber Incentives. Author: Joe Stuntz, MBA EP 14, McDonough School of Business

Report: An Analysis of US Government Proposed Cyber Incentives. Author: Joe Stuntz, MBA EP 14, McDonough School of Business S 2 ERC Project: Cyber Threat Intelligence Exchange Ecosystem: Economic Analysis Report: An Analysis of US Government Proposed Cyber Incentives Author: Joe Stuntz, MBA EP 14, McDonough School of Business

More information

Cybersecurity Framework. Executive Order 13636 Improving Critical Infrastructure Cybersecurity

Cybersecurity Framework. Executive Order 13636 Improving Critical Infrastructure Cybersecurity Cybersecurity Framework Executive Order 13636 Improving Critical Infrastructure Cybersecurity National Institute of Standards and Technology (NIST) Mission To promote U.S. innovation and industrial competitiveness

More information

National Surface Transport Security Strategy. September 2013. Transport and Infrastructure Senior Officials Committee. Transport Security Committee

National Surface Transport Security Strategy. September 2013. Transport and Infrastructure Senior Officials Committee. Transport Security Committee National Surface Transport Security Strategy September 2013 Transport and Infrastructure Senior Officials Committee Transport Security Committee 1 National Surface Transport Security Strategy (NSTSS) Foreword

More information

TESTIMONY OF VALERIE ABEND SENIOR CRITICAL INFRASTRUCTURE OFFICER OFFICE OF THE COMPTROLLER OF THE CURRENCY. Before the

TESTIMONY OF VALERIE ABEND SENIOR CRITICAL INFRASTRUCTURE OFFICER OFFICE OF THE COMPTROLLER OF THE CURRENCY. Before the For Release Upon Delivery 10:00 a.m., December 10, 2014 TESTIMONY OF VALERIE ABEND SENIOR CRITICAL INFRASTRUCTURE OFFICER OFFICE OF THE COMPTROLLER OF THE CURRENCY Before the COMMITTEE ON BANKING, HOUSING,

More information

PHILADELPHIA POLICE DEPARTMENT DIRECTIVE 7.17

PHILADELPHIA POLICE DEPARTMENT DIRECTIVE 7.17 PHILADELPHIA POLICE DEPARTMENT DIRECTIVE 7.17 Issued Date:01-29-15 Effective Date:01-29-15 Updated Date: SUBJECT: DELAWARE VALLEY INTELLIGENCE CENTER UNIT 1. BACKGROUND A. The Delaware Valley Intelligence

More information

Statement of Gil Vega. Associate Chief Information Officer for Cybersecurity and Chief Information Security Officer. U.S. Department of Energy

Statement of Gil Vega. Associate Chief Information Officer for Cybersecurity and Chief Information Security Officer. U.S. Department of Energy Statement of Gil Vega Associate Chief Information Officer for Cybersecurity and Chief Information Security Officer U.S. Department of Energy Before the Subcommittee on Oversight and Investigations Committee

More information

TITLE III INFORMATION SECURITY

TITLE III INFORMATION SECURITY H. R. 2458 48 (1) maximize the degree to which unclassified geographic information from various sources can be made electronically compatible and accessible; and (2) promote the development of interoperable

More information