Working with the Federal Government on Cybersecurity

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Working with the Federal Government on Cybersecurity"

Transcription

1 O B S I D I A N C Y B E R S E C U R I T Y O C C A S I O N A L P A P E R Working with the Federal Government on Cybersecurity Preparation is Key to Success December 5, 2013

2 Table of Contents CONSIDER THIS... 2 INTRODUCTION... 2 COMMON TYPES OF FEDERAL GOVERNMENT DEALINGS REGARDING CYBER... 3 WHY PLAN FOR GOVERNMENT DEALINGS?... 3 Reaping the Benefits of Government Interaction... 4 Avoiding Criminal and Civil Liability... 4 Minimizing Disruptions to Operations... 5 Maintaining Public Image... 5 WHAT CAN HAPPEN IF YOU FAIL TO PLAN APPROPRIATELY?... 6 Common Risks: Responding to Legal Requests... 6 Common Risks: Information Sharing... 7 Common Risks: Notifying Cybersecurity Victims... 7 POLICY AND PROCEDURE DEVELOPMENT... 7 Clear Definitions... 8 Roles and Responsibilities... 8 CONSIDER ANOTHER SCENARIO... 9 FOR MORE INFORMATION... 9 WORKING WITH THE FEDERAL GOVERNMENT ON CYBERSECURITY 1

3 Consider This Imagine taking a vacation outside of the country and leaving a subordinate in charge of your firm. A few days into the trip, you get an urgent message to call the office because the Federal Bureau of Investigation (FBI) arrived at your firm with a search warrant for one of your client s electronic files. Not knowing how to respond and unable to reach you immediately, your team decided the best course of action was to give the FBI agents the entire server that contained the suspect data. Unfortunately, that server also contained files for clients that were not covered under the warrant, and was essential for certain day-to-day operations. The rumor mill has started churning, and agitated clients have been calling the office with questions. Some are threatening to sue for what they consider a violation of their confidentiality. To make matters worse, one of your employees was unaware that the warrant was sealed by a judge and told the client who is the subject of the investigation about the warrant. After getting in touch, your firm s attorney informs you that you need to return immediately; the firm and its employees may face civil and possibly even criminal penalties. Your attorney also informs you that, with a little planning and training, this disaster could have been avoided. Introduction The purpose of this paper is to help executives and leadership teams recognize and understand the need to plan for cybersecurity-related interactions with the federal government that are thoughtful, productive, and minimize risk for all involved parties. A number of government agencies have national security and law enforcement responsibilities and play a significant role in securing and investigating cyberspace. Your contact with these agencies may be part of a voluntary partnership; but, occasionally, the contact may be unexpected. You and your employees need to understand your rights and responsibilities as well as the risks and potential rewards associated with working with a government agency on a variety of cyber matters. This paper will explore some common types of federal government dealings, discuss why planning for interaction with government is important, describe what could happen if a firm fails to plan appropriately, and provide suggestions on establishing policies and procedures for your firm. This document does not provide legal advice. Rather, it is a guide for discussions between management, legal advisors, and information technology (IT) professionals on how to plan in advance for potential federal government cybersecurity dealings. WORKING WITH THE FEDERAL GOVERNMENT ON CYBERSECURITY 2

4 Common Types of Federal Government Dealings Regarding Cyber The ways that your firm could find itself interacting with federal government agencies vary widely. Your interaction may be quick or long-term. It may be initiated by the government or you may call on the government for their assistance. Some common types of government dealings are briefly described below: Government-Initiated Dealings Servicing a legal process Notifying your firm of a data breach Requesting voluntary disclosure Investigating a crime Firm-Initiated Dealings Reporting an incident/crime Notifying of a data breach Seeking intelligence related to an incident Mutual Dealings Participating in publicprivate information sharing alliances (e.g., Infragard, the Defense Industrial Base, the Cybersecurity Pilot, etc.) Participating in policyshaping partnerships The following are some key federal government agencies that routinely interact with private firms on cybersecurity: U.S. Department of Homeland Security (DHS): DHS Cyber Security and Communications (CS&C) is responsible for enhancing the security, resilience, and reliability of the nation s cyber and communications infrastructure. FBI: The FBI has a mission to investigate high-tech crimes, including cyber-based terrorism, espionage, computer intrusions, and major cyber fraud. U.S. Secret Service (USSS): The USSS has both a protective mission to safeguard the President and certain dignitaries, and a mission to protect the integrity of the nation s financial systems. U.S. Department of Energy (DOE): The Office of Electricity Delivery and Energy Reliability (OE) within DOE works with DHS and other federal agencies to reduce the risk of disruptions to the nation s electric grid caused by cyber incidents. U.S. Securities and Exchange Commission (SEC): The mission of the SEC is to protect investors; maintain fair, orderly, and efficient markets; and facilitate capital formation. Why Plan for Government Dealings? Smart policy planning will help you and your firm maximize the upside of government interactions while minimizing the downside. WORKING WITH THE FEDERAL GOVERNMENT ON CYBERSECURITY 3

5 Reaping the Benefits of Government Interaction In some cases, your firm may find that the government is literally here to help. The federal government has access to information sources that are more detailed, diverse, and interconnected than even the biggest IT providers. The government has many formal partnership programs, such as Infragard, that allow them to share their wealth of information freely. The government can also share information through a specific non-disclosure agreement with your firm. Partnerships like these can provide important threat information that is vital to protecting a firm and its employees. In simple cases, the government can provide unclassified information on cyber threats. In more advanced partnerships, the government can clear company personnel to receive extremely sensitive and classified threat information. Some of that information can highlight breaches in your firm s systems, enabling you to take corrective action. Other government partnerships, such as the recent National Institute of Standards and Technology cybersecurity framework workshops, allow a firm to influence government policy development, which gives you the power to protect your business interests from unwanted regulation. Avoiding Criminal and Civil Liability Failing to comply with proper legal processes, such as a search warrant for files on a server, creates a criminal liability for firms. Search warrants, in particular, are no small matter. The concept of a search warrant is established in the fourth amendment of the Constitution. If the government can demonstrate to a federal magistrate judge that there is probable cause that evidence of a crime is located in a particular place, the judge may issue a warrant permitting the government to enter that location and seize such evidence, including any container (digital or otherwise) that could contain the evidence. It is important for a firm served with a warrant to be able to tell the government exactly where the required data resides, and to cooperate with the government in finding it. Yet, a firm should not simply show everything to the government. Take the scenario described at the beginning of this report as an example. Providing client information to the government without a proper legal basis would most likely result in a civil liability. Even when provided with a warrant, firms have been sued over providing information to officials. In 2011, a convicted sex offender sued MySpace for complying with a warrant signed by a Georgia state magistrate. The offender argued that My Space, as a California-based company, should not have responded to an out-of-state warrant. Although MySpace successfully defended their actions, they still had to defend themselves. In that case, the MySpace employees acted lawfully and in compliance with the company s stated policy; however, had that policy been less precise or if the employees had applied it inconsistently, the results might have been different. In many criminal cases, employees naturally want to help law enforcement, but the law requires due process. These competing pressures are hard enough to navigate with a plan in place; without a plan, employee actions can severely financially damage and harm a firm s reputation. WORKING WITH THE FEDERAL GOVERNMENT ON CYBERSECURITY 4

6 Minimizing Disruptions to Operations Understanding the rules of collecting evidence will help you create processes that can mitigate disruptions to your business. In the scenario described at the beginning of this report, untrained employees simply handed over an entire server to FBI agents without any idea of how long that server would be gone. For some firms, this alone could be enough to shutter the business, and it was unnecessary. Digital forensic tools have advanced to the point that, with a little help from a trained IT staff, the FBI agents could have copied only the items to which they were entitled. Had the untrained employees taken it upon themselves to copy the files they thought were relevant, the employees would then be involved in hearings and potentially even a trial that, at best, would waste employee time and resources. At its worst, a trial would expose the firm to bad publicity and lawsuits. Well-trained employees operating under a solid plan can effectively minimize these disruptions. Maintaining Public Image Regardless of your business, the way your firm handles interactions with the government is going to influence the way your clients and the public view your firm. For instance, companies that work closely with the federal government to combat child sexual exploitation on the Internet are understandably proud of that fact. However, when a recent reporting on the National Security Agency (NSA) leaks erroneously indicated that certain major providers voluntarily gave the NSA a backdoor into their servers, those firms were quick to set the record straight. Understanding this balance in public perception is important. No legitimate firm wants to be perceived as actively helping criminals commit their crimes, but neither do they want clients to believe they spy on them for the government. Knowing what the middle ground is for your firm and staying on it is a lot easier when you think through the problem before you encounter it. WORKING WITH THE FEDERAL GOVERNMENT ON CYBERSECURITY 5

7 What Can Happen if You Fail to Plan Appropriately? Failing to properly plan for government interaction can be dangerous for firms. Many pitfalls exist in unplanned government interactions as a firm tries to balance the government s needs with their needs. The table and subsections below outline some of the potential issues: Government Needs Firm Needs Risks To gather data according to a court order or other legal process To voluntarily share intelligence across public and private sectors To notify cybersecurity breach victims To protect the privacy interests of the firm and its clients To minimize disruptions to business To receive intel from the government in order to assist in cyber defense To avoid the loss of reputation To comply with applicable data breach laws The firm s technical staff have little or no legal training The legal department does not understand technology and does not know how to assist government forensic experts The types of data maintained are not well inventoried or defined The firm must share data only within the confines of their privacy policy and applicable laws The proper employees must understand the limits of using classified government briefings The data breach notification must be handled properly to avoid damaging the firm s reputation The failure to disclose may result in significant legal trouble Common Risks: Responding to Legal Requests Responding to a legal request can be stressful for unprepared employees and can result in significant legal troubles. For example: Your IT staff understands the types of data contained on the firm s systems, but they have little, if any, legal training. Your attorneys are probably not computer experts and do not understand what types of data your firm keeps. Neither group has a good handle on what types of data you own, so no one understands what to do with incoming legal requests. If your firm does not understand what client data you possess and cannot put it into a legal framework, major mistakes are inevitable. WORKING WITH THE FEDERAL GOVERNMENT ON CYBERSECURITY 6

8 Common Risks: Information Sharing Information sharing partnerships with the government can help you secure not only your firm s IT systems, but the critical infrastructure on which the firm depends. However, there are limits to how a firm can engage in these partnerships. For example: Your privacy policy is not clear or fully understood. For example, if your privacy policy has a statement such as, We will not share your information with any third party outside of our organization, other than as necessary to sharing things like server log files with the government may constitute a violation of your own policy. If a client gets investigated because your firm violated its own policy for sharing with the government, they might want to sue you. Your employees are not trained to handle classified information. If the government clears certain employees to receive a classified cyber threat briefing with classified indicators of a hacking attack, simply asking an employee who is not cleared to check the network for those indicators might be a crime. Your employees are not trained to properly disclose information to the government. If the government informs you that your firm has been the victim of a data breach, you may have additional disclosure requirements and employees may feel the need to disclose as quickly as possible. Disclosing prematurely before the full scope of a breach is known can cause confusion and lead to a situation where your firm has to continually revise its public assessment of the scope of the breach. Common Risks: Notifying Cybersecurity Victims Your firm does not have a procedure for notifying clients about a breach. If you delay notifying the client about a breach, it increases the risk that clients will find out about the breach from another source, giving the client the impression that your firm was attempting to cover up the intrusion. Policy and Procedure Development The risks detailed above are common, clear, and profound. Yet there are certain measures you and your firm can take today to minimize the impact of these risks. You should engage legal representation and subject matter experts early so that you have policies in place prior to engaging with government agencies. If you lack the expertise internally, you should engage outside assistance to help with your planning efforts. You should also convene a joint legal and technical team to revise your policies and procedures with clear definitions of the types of data you maintain and a concise listing of the roles and responsibilities of your team members. WORKING WITH THE FEDERAL GOVERNMENT ON CYBERSECURITY 7

9 Clear Definitions Legal and IT professionals often have difficulty agreeing on the definitions of certain key terms, but it is critical that they work together to define the types of data you possess and the legal process required to release it to the government. Your firm should establish a combined legaltechnical team to define each of the following: Business records and transactional data: When clients sign up for an online service, or transact business on your web site, many records of those transactions are kept automatically. The legal requirements for obtaining transactional data and business records are generally lower than what is required for the content of a client s files. It is critical that your policies address these types of records and distinguish them from the personal communications of a client. Contents of Communications: Clients have a high expectation of privacy in terms of the contents of electronic items they entrust to you. When clients use your service to communicate with you or others or if they store personal electronic items with you they may have a higher expectation of privacy for that data. Generally, communications will require a court order, such as a warrant. Your legal and technical teams must work together to understand what data falls into this category, and prepare employees to handle this information appropriately. Metadata: Strictly speaking, metadata is data about data and is often captured automatically by systems. Defining metadata legally is tricky. Your clients may have a low privacy interest in some metadata (e.g., date and time stamps), but a high interest in others (e.g., global positioning system coordinates embedded in digital camera images). There is not a clear legal standard for the government to obtain all types of metadata, so your team should define what types of metadata you possess and what types of legal process you expect from the government for that metadata. Your published privacy policy should clearly state how you will handle metadata. Your combined legal-technical team definitions may get challenged in court by clients or the government, and you may be forced to adapt them. They should be reviewed periodically to make certain they are consistent with your current systems and new case law. By establishing a thoughtful starting point, your firm will be better able to defend its actions. Roles and Responsibilities During any government interaction, it is critical that each employee knows what they are responsible for and the limitations of their role. Your policy and procedures documents should be developed with the input of multiple stakeholders, and at minimum, the following items should be covered: Management: Management has the ultimate responsibility for ensuring plans are executed correctly and that the firm continues to run smoothly. The policies and procedures you develop must set guidelines that empower management to make the WORKING WITH THE FEDERAL GOVERNMENT ON CYBERSECURITY 8

10 appropriate decisions when dealing with the government, but also keep them focused on the overall needs of the firm. Legal: The legal team s primary responsibility is to protect the firm from legal liability during any interaction with the government. Your policy must make it clear which functions and actions require approval from your legal department. The policy should identify points of contact for legal support, including emergency numbers. Technical: The IT team has a responsibility for preserving data, maintaining the operation of the firm s systems, and providing only authorized access to client data. The technical team will require a clear set of procedures for protecting and preserving firm and client data. Those procedures must also clearly specify what actions require management/legal department approval and which functions may be undertaken independently. When your entire team has established policies and procedures for government interaction, and employees are well trained in them, your firm will be in a much better position to proactively engage the government or to handle the unexpected visit from government officials. Consider Another Scenario You are on vacation when your attorney calls you. There is nothing to worry about, she says. She informs you that the FBI showed up with a search warrant yesterday for a client s files. The staff precisely followed the procedure you put in place for this possibility. They sought legal advice and were able to assist the agents in making forensic copies of the exact data they needed, nothing more. The agents passed along their appreciation. The rights of the clients were maintained, so there should be no blowback. You can relax and enjoy your vacation knowing that your staff are well trained and prepared. For More Information If you would like to receive additional information on this topic or on other cybersecurity issues, contact: Ria M. Thomas Principal / Senior Director for Cybersecurity Obsidian Analysis, Inc Eye St NW 4 th Floor Washington, DC WORKING WITH THE FEDERAL GOVERNMENT ON CYBERSECURITY 9

Corporate Perspectives On Cybersecurity: A Survey Of Execs

Corporate Perspectives On Cybersecurity: A Survey Of Execs Portfolio Media. Inc. 860 Broadway, 6th Floor New York, NY 10003 www.law360.com Phone: +1 646 783 7100 Fax: +1 646 783 7161 customerservice@law360.com Corporate Perspectives On Cybersecurity: A Survey

More information

CYBERSECURITY BEST PRACTICES FOR SMALL AND MEDIUM PENNSYLVANIA UTILITIES

CYBERSECURITY BEST PRACTICES FOR SMALL AND MEDIUM PENNSYLVANIA UTILITIES CYBERSECURITY BEST PRACTICES FOR SMALL AND MEDIUM PENNSYLVANIA UTILITIES The information provided in this document is presented as a courtesy to be used for informational purposes only. This information

More information

Section by Section DEPARTMENT OF HOMELAND SECURITY CYBERSECURITY AUTHORITY AND INFORMATION SHARING

Section by Section DEPARTMENT OF HOMELAND SECURITY CYBERSECURITY AUTHORITY AND INFORMATION SHARING Section by Section DEPARTMENT OF HOMELAND SECURITY CYBERSECURITY AUTHORITY AND INFORMATION SHARING Sec. 1. Department of Homeland Security Cybersecurity Authority Section 1(a) amends Title II of the Homeland

More information

Ten Questions Your Board Should be asking about Cyber Security. Eric M. Wright, Shareholder

Ten Questions Your Board Should be asking about Cyber Security. Eric M. Wright, Shareholder Ten Questions Your Board Should be asking about Cyber Security Eric M. Wright, Shareholder Eric Wright, CPA, CITP Started my career with Schneider Downs in 1983. Responsible for all IT audit and system

More information

Legislative Language

Legislative Language Legislative Language SECTION 1. DEPARTMENT OF HOMELAND SECURITY CYBERSECURITY AUTHORITY. Title II of the Homeland Security Act of 2002 (6 U.S.C. 121 et seq.) is amended (a) in section 201(c) by striking

More information

WHITE PAPER KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST PROTECTING THE PROTECTOR

WHITE PAPER KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST PROTECTING THE PROTECTOR KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST Protecting Identities. Enhancing Reputations. IDT911 1 DATA BREACHES AND SUBSEQUENT IDENTITY THEFT AND FRAUD THREATEN YOUR ORGANIZATION

More information

Cybersecurity and Hospitals. What Hospital Trustees Need to Know About Managing Cybersecurity Risk and Response

Cybersecurity and Hospitals. What Hospital Trustees Need to Know About Managing Cybersecurity Risk and Response Cybersecurity and Hospitals What Hospital Trustees Need to Know About Managing Cybersecurity Risk and Response This resources was prepared exclusively for American Hospital Association members by Mary

More information

Middle Class Economics: Cybersecurity Updated August 7, 2015

Middle Class Economics: Cybersecurity Updated August 7, 2015 Middle Class Economics: Cybersecurity Updated August 7, 2015 The President's 2016 Budget is designed to bring middle class economics into the 21st Century. This Budget shows what we can do if we invest

More information

Myths and Facts about the Cyber Intelligence Sharing and Protection Act (CISPA)

Myths and Facts about the Cyber Intelligence Sharing and Protection Act (CISPA) Myths and Facts about the Cyber Intelligence Sharing and Protection Act (CISPA) MYTH: The cyber threat is being exaggerated. FACT: Cyber attacks are a huge threat to American lives, national security,

More information

No. 33 February 19, 2013. The President

No. 33 February 19, 2013. The President Vol. 78 Tuesday, No. 33 February 19, 2013 Part III The President Executive Order 13636 Improving Critical Infrastructure Cybersecurity VerDate Mar2010 17:57 Feb 15, 2013 Jkt 229001 PO 00000 Frm 00001

More information

An Overview of Large US Military Cybersecurity Organizations

An Overview of Large US Military Cybersecurity Organizations An Overview of Large US Military Cybersecurity Organizations Colonel Bruce D. Caulkins, Ph.D. Chief, Cyber Strategy, Plans, Policy, and Exercises Division United States Pacific Command 2 Agenda United

More information

United States House of Representatives United States House of Representatives. Washington, DC 20515 Washington, DC 20515

United States House of Representatives United States House of Representatives. Washington, DC 20515 Washington, DC 20515 April 17, 2015 The Honorable John Boehner The Honorable Nancy Pelosi Speaker of the House Democratic Leader United States House of Representatives United States House of Representatives H-232, U.S. Capitol

More information

Working with the FBI

Working with the FBI Working with the FBI WMACCA Data Privacy & Security Conference September 17, 2014 Individuals Organized Crime Syndicates Hacktivist Groups Nation States Nation-States Individuals Industry Law Enforcement

More information

INFORMATION SHARING What Companies Can Learn from Cybersecurity Resources in Pittsburgh

INFORMATION SHARING What Companies Can Learn from Cybersecurity Resources in Pittsburgh INFORMATION SHARING What Companies Can Learn from Cybersecurity Resources in Pittsburgh By Mark Rush and Joe Valenti K&L Gates Cyber crime is a serious threat it cripples companies, damages economies,

More information

JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015

JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015 JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015 The following consists of the joint explanatory statement to accompany the Cybersecurity Act of 2015. This joint explanatory statement

More information

The FBI Cyber Program. Bauer Advising Symposium //UNCLASSIFIED

The FBI Cyber Program. Bauer Advising Symposium //UNCLASSIFIED The FBI Cyber Program Bauer Advising Symposium October 11, 2012 Today s Agenda What is the threat? Who are the adversaries? How are they attacking you? What can the FBI do to help? What can you do to stop

More information

Lessons from Defending Cyberspace

Lessons from Defending Cyberspace Lessons from Defending Cyberspace The Challenge of Addressing National Cyber Risk Andy Purdy Workshop on Cyber Security Center for American Studies, Christopher Newport College 10 28-2009 Cyber Threat

More information

WRITTEN TESTIMONY OF

WRITTEN TESTIMONY OF WRITTEN TESTIMONY OF KEVIN MANDIA CHIEF EXECUTIVE OFFICER MANDIANT CORPORATION BEFORE THE SUBCOMMITTEE ON CRIME AND TERRORISM JUDICIARY COMMITTEE UNITED STATES SENATE May 8, 2013 Introduction Thank you

More information

How Cybersecurity Initiatives May Impact Operators. Ross A. Buntrock, Partner ross.buntrock@agg.com 202.669.0495

How Cybersecurity Initiatives May Impact Operators. Ross A. Buntrock, Partner ross.buntrock@agg.com 202.669.0495 How Cybersecurity Initiatives May Impact Operators Ross A. Buntrock, Partner ross.buntrock@agg.com 202.669.0495 Agenda! Rise in Data Breaches! Effects of Increase in Cybersecurity Threats! Cybersecurity

More information

How to Respond When Sensitive Customer and Employee Data is Breached, Stolen or Compromised

How to Respond When Sensitive Customer and Employee Data is Breached, Stolen or Compromised ACE USA Podcast Released June 24, 2010 How to Respond When Sensitive Customer and Employee Data is Breached, Stolen or Compromised Moderator: Richard Tallo Senior Vice President, ACE North America Marketing

More information

$194 per record lost* 3/15/2013. Global Economic Crime Survey. Data Breach Costs. David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP

$194 per record lost* 3/15/2013. Global Economic Crime Survey. Data Breach Costs. David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP Global Economic Crime Survey Global Cyber Crime is the fastest growing economic crime Cyber Crime is more lucrative than trafficking drugs!

More information

DIVISION N CYBERSECURITY ACT OF 2015

DIVISION N CYBERSECURITY ACT OF 2015 H. R. 2029 694 DIVISION N CYBERSECURITY ACT OF 2015 SEC. 1. SHORT TITLE; TABLE OF CONTENTS. (a) SHORT TITLE. This division may be cited as the Cybersecurity Act of 2015. (b) TABLE OF CONTENTS. The table

More information

AND RESPONSE. Continuity Insights Conference Chicago June 18-19, 2013. Unclassified

AND RESPONSE. Continuity Insights Conference Chicago June 18-19, 2013. Unclassified CYBER THREATS AND RESPONSE Continuity Insights Conference Chicago June 18-19, 2013 Unclassified OBJECTIVES Why it is important Threats, players, and response FBI s Next Generation Cyber Government and

More information

Report on CAP Cybersecurity November 5, 2015

Report on CAP Cybersecurity November 5, 2015 Agenda Number 7. Report on CAP Cybersecurity November 5, 2015 Phil Cook CISSP, CISM Manager, Information Technologies Risk #1 External Attacks PR 81 Protect and secure CAP's Information Technology assets

More information

COMMENTS OF THE ELECTRONIC PRIVACY INFORMATION CENTER THE DEPARTMENT OF DEFENSE [DOD-2009-OS-0183/RIN 0790-AI60]

COMMENTS OF THE ELECTRONIC PRIVACY INFORMATION CENTER THE DEPARTMENT OF DEFENSE [DOD-2009-OS-0183/RIN 0790-AI60] COMMENTS OF THE ELECTRONIC PRIVACY INFORMATION CENTER to THE DEPARTMENT OF DEFENSE Defense Industrial Base (DIB) Voluntary Cyber Security and Information Assurance (CS/IA) Activities By notice published

More information

The Senior Executive s Role in Cybersecurity. By: Andrew Serwin and Ron Plesco.

The Senior Executive s Role in Cybersecurity. By: Andrew Serwin and Ron Plesco. The Senior Executive s Role in Cybersecurity. By: Andrew Serwin and Ron Plesco. 1 Calling All CEOs Are You Ready to Defend the Battlefield of the 21st Century? It is not the norm for corporations to be

More information

THE WHITE HOUSE. Office of the Press Secretary. For Immediate Release February 12, 2013. February 12, 2013

THE WHITE HOUSE. Office of the Press Secretary. For Immediate Release February 12, 2013. February 12, 2013 THE WHITE HOUSE Office of the Press Secretary For Immediate Release February 12, 2013 February 12, 2013 PRESIDENTIAL POLICY DIRECTIVE/PPD-21 SUBJECT: Critical Infrastructure Security and Resilience The

More information

www.pwc.co.uk Cyber security Building confidence in your digital future

www.pwc.co.uk Cyber security Building confidence in your digital future www.pwc.co.uk Cyber security Building confidence in your digital future November 2013 Contents 1 Confidence in your digital future 2 Our point of view 3 Building confidence 4 Our services Confidence in

More information

S. ll IN THE SENATE OF THE UNITED STATES A BILL

S. ll IN THE SENATE OF THE UNITED STATES A BILL TH CONGRESS ST SESSION S. ll To codify mechanisms for enabling cybersecurity threat indicator sharing between private and government entities, as well as among private entities, to better protect information

More information

Cybersecurity y Managing g the Risks

Cybersecurity y Managing g the Risks Cybersecurity y Managing g the Risks Presented by: Steven L. Caponi Jennifer Daniels Gregory F. Linsin 99 Cybersecurity The Risks Are Real Perpetrators are as varied as their goals Organized Crime: seeking

More information

TESTIMONY OF TIM PAWLENTY. Chief Executive Officer, The Financial Services Roundtable. Committee on Homeland Security and Government Affairs

TESTIMONY OF TIM PAWLENTY. Chief Executive Officer, The Financial Services Roundtable. Committee on Homeland Security and Government Affairs TESTIMONY OF TIM PAWLENTY Chief Executive Officer, The Financial Services Roundtable Committee on Homeland Security and Government Affairs Hearing entitled Data Breach on the Rise: Protecting Personal

More information

In an age where so many businesses and systems are reliant on computer systems,

In an age where so many businesses and systems are reliant on computer systems, Cyber Security Laws and Policy Implications of these Laws In an age where so many businesses and systems are reliant on computer systems, there is a large incentive for maintaining the security of their

More information

Introducing Tumblr s Calendar Year 2013 Law Enforcement Transparency Report

Introducing Tumblr s Calendar Year 2013 Law Enforcement Transparency Report Introducing Tumblr s Calendar Year Law Enforcement Transparency Report At Tumblr, we believe it s important to provide everyone from occasional visitors to our most active community members with an open,

More information

STATEMENT OF JOSEPH M. DEMAREST, JR. ASSISTANT DIRECTOR CYBER DIVISION FEDERAL BUREAU OF INVESTIGATION

STATEMENT OF JOSEPH M. DEMAREST, JR. ASSISTANT DIRECTOR CYBER DIVISION FEDERAL BUREAU OF INVESTIGATION STATEMENT OF JOSEPH M. DEMAREST, JR. ASSISTANT DIRECTOR CYBER DIVISION FEDERAL BUREAU OF INVESTIGATION BEFORE THE SUBCOMMITTEE ON CRIME AND TERRORISM COMMITTEE ON JUDICIARY UNITED STATES SENATE ENTITLED:

More information

Keynote: FBI Wednesday, February 4 noon 1:10 p.m.

Keynote: FBI Wednesday, February 4 noon 1:10 p.m. Keynote: FBI Wednesday, February 4 noon 1:10 p.m. Speaker: Leo Taddeo Special Agent in Change, Cyber/Special Operations Division Federal Bureau of Investigation Biography: Leo Taddeo Leo Taddeo is the

More information

Delaware Cyber Security Workshop September 29, 2015. William R. Denny, Esquire Potter Anderson & Corroon LLP

Delaware Cyber Security Workshop September 29, 2015. William R. Denny, Esquire Potter Anderson & Corroon LLP Changing Legal Landscape in Cybersecurity: Implications for Business Delaware Cyber Security Workshop September 29, 2015 William R. Denny, Esquire Potter Anderson & Corroon LLP Agenda Growing Cyber Threats

More information

Sharing Cybersecurity Threat Info With the Government -- Should You Be Afraid To Do So?

Sharing Cybersecurity Threat Info With the Government -- Should You Be Afraid To Do So? Sharing Cybersecurity Threat Info With the Government -- Should You Be Afraid To Do So? Bruce Heiman K&L Gates September 10, 2015 Bruce.Heiman@klgates.com (202) 661-3935 Why share information? Prevention

More information

CYBERSECURITY BEST PRACTICES FOR SMALL AND MEDIUM PENNSYLVANIA UTILITIES. second edition

CYBERSECURITY BEST PRACTICES FOR SMALL AND MEDIUM PENNSYLVANIA UTILITIES. second edition CYBERSECURITY BEST PRACTICES FOR SMALL AND MEDIUM PENNSYLVANIA UTILITIES second edition The information provided in this document is presented as a courtesy to be used for informational purposes only.

More information

Cyber Risks in the Boardroom

Cyber Risks in the Boardroom Cyber Risks in the Boardroom Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing Your Company to Identify, Mitigate and Respond to Risks in a Changing

More information

Data Breach Readiness

Data Breach Readiness Data Breach Readiness 877.983.9850 Partner@Intersections.com www.intersections.com Introduction Few events can damage a company s reputation more than losing the personal confidential information entrusted

More information

Strategic Priorities for the Cooperation against Cybercrime in the Eastern Partnership Region

Strategic Priorities for the Cooperation against Cybercrime in the Eastern Partnership Region CyberCrime@EAP EU/COE Eastern Partnership Council of Europe Facility: Cooperation against Cybercrime Strategic Priorities for the Cooperation against Cybercrime in the Eastern Partnership Region Adopted

More information

Cyber Side-Effects: How Secure is the Personal Information Entered into the Flawed Healthcare.gov? Statement for the Record

Cyber Side-Effects: How Secure is the Personal Information Entered into the Flawed Healthcare.gov? Statement for the Record Cyber Side-Effects: How Secure is the Personal Information Entered into the Flawed Healthcare.gov? Statement for the Record Roberta Stempfley Acting Assistant Secretary for Cybersecurity and Communications

More information

Cyber-Crime, Cyber-Espionage, Cyber-War, & Cyber-Threats: An Exploration of Illegal Conduct & Warfare in the Cyber-World

Cyber-Crime, Cyber-Espionage, Cyber-War, & Cyber-Threats: An Exploration of Illegal Conduct & Warfare in the Cyber-World Cyber-Crime, Cyber-Espionage, Cyber-War, & Cyber-Threats: An Exploration of Illegal Conduct & Warfare in the Cyber-World Moderator: Panelists: Honorable Preet Bharara, United States Attorney, Southern

More information

Cyber security is a shared responsibility and each of us has a role to play in making it safer, more secure and resilient.

Cyber security is a shared responsibility and each of us has a role to play in making it safer, more secure and resilient. Overview of Cyber Security: Our daily life, economic vitality, and national security depend on a stable, safe, and resilient cyberspace. We rely on this vast array of networks to communicate and travel,

More information

Belmont Savings Bank. Are there Hackers at the gate? 2013 Wolf & Company, P.C.

Belmont Savings Bank. Are there Hackers at the gate? 2013 Wolf & Company, P.C. Belmont Savings Bank Are there Hackers at the gate? 2013 Wolf & Company, P.C. MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2013 Wolf & Company, P.C. About Wolf & Company, P.C.

More information

H. R. 5005 11 SEC. 201. DIRECTORATE FOR INFORMATION ANALYSIS AND INFRA STRUCTURE PROTECTION.

H. R. 5005 11 SEC. 201. DIRECTORATE FOR INFORMATION ANALYSIS AND INFRA STRUCTURE PROTECTION. H. R. 5005 11 (d) OTHER OFFICERS. To assist the Secretary in the performance of the Secretary s functions, there are the following officers, appointed by the President: (1) A Director of the Secret Service.

More information

Public Law 113 283 113th Congress An Act

Public Law 113 283 113th Congress An Act PUBLIC LAW 113 283 DEC. 18, 2014 128 STAT. 3073 Public Law 113 283 113th Congress An Act To amend chapter 35 of title 44, United States Code, to provide for reform to Federal information security. Be it

More information

SECTION-BY-SECTION. Section 1. Short Title. The short title of the bill is the Cybersecurity Act of 2012.

SECTION-BY-SECTION. Section 1. Short Title. The short title of the bill is the Cybersecurity Act of 2012. SECTION-BY-SECTION Section 1. Short Title. The short title of the bill is the Cybersecurity Act of 2012. Section 2. Definitions. Section 2 defines terms including commercial information technology product,

More information

Cybersecurity for Nonprofits: How to Protect Your Organization's Data While Still Fulfilling Your Mission. June 25, 2015

Cybersecurity for Nonprofits: How to Protect Your Organization's Data While Still Fulfilling Your Mission. June 25, 2015 Cybersecurity for Nonprofits: How to Protect Your Organization's Data While Still Fulfilling Your Mission June 25, 2015 1 Your Panelists Kenneth L. Chernof Partner, Litigation, Arnold & Porter LLP Nicholas

More information

Cyber Warfare. Global Economic Crime Survey. Causes of Cyber Attacks. David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP. Why Cybercrime?

Cyber Warfare. Global Economic Crime Survey. Causes of Cyber Attacks. David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP. Why Cybercrime? Cyber Warfare David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP Global Economic Crime Survey Cyber crime is the fastest growing economic crime up more than 2300% since 2009 1 in 10 companies

More information

Cybersecurity Information Sharing Legislation Protecting Cyber Networks Act (PCNA) National Cybersecurity Protection Advancement (NCPA) Act

Cybersecurity Information Sharing Legislation Protecting Cyber Networks Act (PCNA) National Cybersecurity Protection Advancement (NCPA) Act In a flurry of activity, the U.S. House of Representatives last week passed two cybersecurity information sharing bills. Both the House Intelligence Committee and the House Homeland Security Committee

More information

U. S. Attorney Office Northern District of Texas March 2013

U. S. Attorney Office Northern District of Texas March 2013 U. S. Attorney Office Northern District of Texas March 2013 What Is Cybercrime? Hacking DDOS attacks Domain name hijacking Malware Other computer related offenses, i.e. computer and internet used to facilitate

More information

S. 2519 AN ACT. To codify an existing operations center for cybersecurity.

S. 2519 AN ACT. To codify an existing operations center for cybersecurity. TH CONGRESS D SESSION S. 1 AN ACT To codify an existing operations center for cybersecurity. 1 Be it enacted by the Senate and House of Representa- tives of the United States of America in Congress assembled,

More information

Testimony of. Mr. Anish Bhimani. On behalf of the. Financial Services Information Sharing and Analysis Center (FS-ISAC) before the

Testimony of. Mr. Anish Bhimani. On behalf of the. Financial Services Information Sharing and Analysis Center (FS-ISAC) before the Testimony of Mr. Anish Bhimani On behalf of the Financial Services Information Sharing and Analysis Center (FS-ISAC) before the Committee on Homeland Security United States House of Representatives DHS

More information

INFRAGARD.ORG. Portland FBI. Unclassified 1

INFRAGARD.ORG. Portland FBI. Unclassified 1 INFRAGARD.ORG Portland FBI 1 INFRAGARD Thousands of Members One Mission Securing Infrastructure The subject matter experts include: 2 INFRAGARD Provides a trusted environment for the exchange of Intelligence

More information

Federal Bureau of Investigation s Integrity and Compliance Program

Federal Bureau of Investigation s Integrity and Compliance Program Evaluation and Inspection Division Federal Bureau of Investigation s Integrity and Compliance Program November 2011 I-2012-001 EXECUTIVE DIGEST In June 2007, the Federal Bureau of Investigation (FBI) established

More information

2 Gabi Siboni, 1 Senior Research Fellow and Director,

2 Gabi Siboni, 1 Senior Research Fellow and Director, Cyber Security Build-up of India s National Force 2 Gabi Siboni, 1 Senior Research Fellow and Director, Military and Strategic Affairs and Cyber Security Programs, Institute for National Security Studies,

More information

Legislative Language

Legislative Language Legislative Language SEC. 1. COORDINATION OF FEDERAL INFORMATION SECURITY POLICY. (a) IN GENERAL. Chapter 35 of title 44, United States Code, is amended by striking subchapters II and III and inserting

More information

DIVISION N CYBERSECURITY ACT OF 2015

DIVISION N CYBERSECURITY ACT OF 2015 U:\0REPT\OMNI\FinalOmni\CPRT--HPRT-RU00-SAHR0-AMNT.xml DIVISION N CYBERSECURITY ACT OF 0 SEC.. SHORT TITLE; TABLE OF CONTENTS. (a) SHORT TITLE. This division may be cited as the Cybersecurity Act of 0.

More information

Law & Ethics, Policies & Guidelines, and Security Awareness

Law & Ethics, Policies & Guidelines, and Security Awareness Law & Ethics, Policies & Guidelines, and Security Awareness Modifications by Prof. Dong Xuan and Adam C. Champion Principles of Information Security, 5th Edition 1 Learning Objectives Upon completion of

More information

One Hundred Thirteenth Congress of the United States of America

One Hundred Thirteenth Congress of the United States of America S. 2519 One Hundred Thirteenth Congress of the United States of America AT THE SECOND SESSION Begun held at the City of Washington on Friday, the third day of January, two thous fourteen An Act To codify

More information

FINAL // FOR OFFICIAL USE ONLY. William Noonan

FINAL // FOR OFFICIAL USE ONLY. William Noonan FINAL // FOR OFFICIAL USE ONLY William Noonan Deputy Special Agent in Charge United States Secret Service Criminal Investigative Division Cyber Operations Branch Prepared Testimony Before the United States

More information

Preservation of longstanding, roles and missions of civilian and intelligence agencies

Preservation of longstanding, roles and missions of civilian and intelligence agencies Safeguards for privacy and civil liberties Preservation of longstanding, respective roles and missions of civilian and sharing with targeted liability Why it matters The White House has pledged to veto

More information

CLIENT UPDATE CRITICAL INFRASTRUCTURE CYBERSECURITY: U.S. GOVERNMENT RESPONSE AND IMPLICATIONS

CLIENT UPDATE CRITICAL INFRASTRUCTURE CYBERSECURITY: U.S. GOVERNMENT RESPONSE AND IMPLICATIONS CLIENT UPDATE CRITICAL INFRASTRUCTURE CYBERSECURITY: U.S. GOVERNMENT RESPONSE AND IMPLICATIONS NEW YORK Jeremy Feigelson jfeigelson@debevoise.com WASHINGTON, D.C. Satish M. Kini smkini@debevoise.com Renee

More information

Retaliatory Hacking: Risky Business or Legitimate Corporate Security?

Retaliatory Hacking: Risky Business or Legitimate Corporate Security? Retaliatory Hacking: Risky Business or Legitimate Corporate Security? 1 Presenter: Sean L. Harrington Cybersecurity Partnership Manager and information security risk assessor in the banking industry; Digital

More information

United States Attorney s Office for the District of Oregon. Criminal Discovery Policy

United States Attorney s Office for the District of Oregon. Criminal Discovery Policy United States Attorney s Office for the District of Oregon Criminal Discovery Policy The discovery obligations of federal prosecutors are generally established by Federal Rules of Criminal Procedure 16

More information

THE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS

THE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS THE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS Download the entire guide and follow the conversation at SecurityRoundtable.org Investment in cyber insurance Lockton Companies

More information

2009 HIMSS Analytics Report: Evaluating HITECH s Impact on Healthcare Privacy and Security

2009 HIMSS Analytics Report: Evaluating HITECH s Impact on Healthcare Privacy and Security 2009 HIMSS Analytics Report: Evaluating HITECH s Impact on Healthcare Privacy and Security Commissioned by ID Experts November 2009 INTRODUCTION Healthcare breaches are on the rise; according to the 2009

More information

Federal Bureau of Investigation

Federal Bureau of Investigation Federal Bureau of Investigation SSA John Caruthers Cyber Criminal Section SSA Kenneth Schmutz Cyber National Security Section April 11, 2012 FBI Mission Cyber Threats FBI Response 1. Protect the United

More information

Written Testimony. Dr. Andy Ozment. Assistant Secretary for Cybersecurity and Communications. U.S. Department of Homeland Security.

Written Testimony. Dr. Andy Ozment. Assistant Secretary for Cybersecurity and Communications. U.S. Department of Homeland Security. Written Testimony of Dr. Andy Ozment Assistant Secretary for Cybersecurity and Communications U.S. Department of Homeland Security Before the U.S. House of Representatives Committee on Oversight and Government

More information

Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015

Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015 Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence AIBA Quarterly Meeting September 10, 2015 The Answer 2 Everyone The relationship between the board, C-suite, IT, and compliance leaders

More information

Cyber Incident Annex. Cooperating Agencies: Coordinating Agencies:

Cyber Incident Annex. Cooperating Agencies: Coordinating Agencies: Cyber Incident Annex Coordinating Agencies: Department of Defense Department of Homeland Security/Information Analysis and Infrastructure Protection/National Cyber Security Division Department of Justice

More information

THE 411 ON CYBERSECURITY, INFORMATION SHARING AND PRIVACY

THE 411 ON CYBERSECURITY, INFORMATION SHARING AND PRIVACY THE 411 ON CYBERSECURITY, INFORMATION SHARING AND PRIVACY DISCLAIMER Views expressed in this presentation are not necessarily those of our respective Departments Any answers to questions are our own opinions

More information

Priority III: A National Cyberspace Security Awareness and Training Program

Priority III: A National Cyberspace Security Awareness and Training Program Priority III: A National Cyberspace Security Awareness and Training Program Everyone who relies on part of cyberspace is encouraged to help secure the part of cyberspace that they can influence or control.

More information

SEC update: Cybersecurity initiatives. SEC update: Cybersecurity initiatives. Intelligize // 02

SEC update: Cybersecurity initiatives. SEC update: Cybersecurity initiatives. Intelligize // 02 Intelligize // 02 As is tradition, at the beginning of the year, the U.S. Securities and Exchange Commission outlined both its current state of affairs and annual goals for maintaining proper compliance

More information

The European Response to the rising Cyber Threat

The European Response to the rising Cyber Threat SPEECH/12/315 Cecilia Malmström European Commissioner responsible for Home Affairs The European Response to the rising Cyber Threat Transatlantic Cyber Conference organised by the Center for Strategic

More information

DERMATOLOGY ASSOCIATES, LLC 50 Sewall Street Portland, Maine 04102 (207) 775-3526 NOTICE OF PRIVACY PRACTICES

DERMATOLOGY ASSOCIATES, LLC 50 Sewall Street Portland, Maine 04102 (207) 775-3526 NOTICE OF PRIVACY PRACTICES DERMATOLOGY ASSOCIATES, LLC 50 Sewall Street Portland, Maine 04102 (207) 775-3526 NOTICE OF PRIVACY PRACTICES THIS NOTICE OF PRIVACY PRACTICES DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND

More information

www.pwc.com The data breach lifecycle: From prevention to response IAPP global privacy summit March 6, 2014 (4:30-5:30) Draft v8 2-25-14

www.pwc.com The data breach lifecycle: From prevention to response IAPP global privacy summit March 6, 2014 (4:30-5:30) Draft v8 2-25-14 www.pwc.com The data breach lifecycle: From prevention to response IAPP global privacy summit (4:30-5:30) Draft v8 2-25-14 Common Myths 1. You have not been hacked. 2. Cyber security is about keeping the

More information

Legal Issues of Forensics in the Cloud

Legal Issues of Forensics in the Cloud Legal Issues of Forensics in the Cloud About Me Owner, Titan Info Security Group, LLC A Risk Management and Cyber Security Law Firm Partner, OnlineIntell, LLC Protecting online brands and reputation while

More information

cyberr by e-management The Leader in Cybersecurity Risk Intelligence (RI) Cybersecurity Risk: What You Don t Know CAN Hurt You!

cyberr by e-management The Leader in Cybersecurity Risk Intelligence (RI) Cybersecurity Risk: What You Don t Know CAN Hurt You! cyberr by e-management The Leader in Cybersecurity Risk Intelligence (RI) Cybersecurity Risk: What You Don t Know CAN Hurt You! Cybersecurity is all over the news. Target, University of Maryland, Neiman

More information

Criminal appeals. Page 1 of 19 Criminal appeals version 3.0 Published for Home Office staff on 08 July 2015

Criminal appeals. Page 1 of 19 Criminal appeals version 3.0 Published for Home Office staff on 08 July 2015 Page 1 of 19 Criminal appeals version 3.0 Published for Home Office staff on 08 July 2015 About this guidance An overview of appeals Appeals relating to immigration enforcement investigation cases The

More information

State of the States Cyber Crime Consortium 2015 Meeting Recap

State of the States Cyber Crime Consortium 2015 Meeting Recap State of the States Cyber Crime Consortium By Justin Fitzsimmons Program Manager, High-Tech Crime Training Services SEARCH On April 30, 2015, the Office of the Massachusetts Attorney General, along with

More information

CYBERTERRORISM THE USE OF THE INTERNET FOR TERRORIST PURPOSES

CYBERTERRORISM THE USE OF THE INTERNET FOR TERRORIST PURPOSES COMMITTEE OF EXPERTS ON TERRORISM (CODEXTER) CYBERTERRORISM THE USE OF THE INTERNET FOR TERRORIST PURPOSES UNITED STATES OF AMERICA September 2007 Kapitel 1 www.coe.int/gmt The responses provided below

More information

To improve cybersecurity in the United States through enhanced sharing of information about cybersecurity threats, and for other purposes.

To improve cybersecurity in the United States through enhanced sharing of information about cybersecurity threats, and for other purposes. BAG15121 Discussion Draft S.L.C. 114TH CONGRESS 1ST SESSION S. XXXX To improve cybersecurity in the United States through enhanced sharing of information about cybersecurity threats, and for other purposes.

More information

Anatomy of a Hotel Breach

Anatomy of a Hotel Breach Page 1 of 6 Anatomy of a Hotel Breach Written by Sandy B. Garfinkel Monday, 09 June 2014 15:22 Like 0 Tweet 0 0 Data breach incidents have dominated the news in 2014, and they are only becoming more frequent

More information

David Crum, Esq. Managing Partner New Mexico Legal Group, P.C.

David Crum, Esq. Managing Partner New Mexico Legal Group, P.C. David Crum, Esq. Managing Partner New Mexico Legal Group, P.C. ABOUT THE AUTHOR David Crum, Esq. David Crum is the Managing Partner of New Mexico Legal Group, P.C., an Albuquerque-based criminal defense

More information

STATE OF NEW HAMPSHIRE STRATEGIC PLAN TO ADDRESS CYBER CRIME

STATE OF NEW HAMPSHIRE STRATEGIC PLAN TO ADDRESS CYBER CRIME STATE OF NEW HAMPSHIRE STRATEGIC PLAN TO ADDRESS CYBER CRIME MAY 2004 Page 1 of 7 State of New Hampshire Strategic Plan to Address Cyber Crime May 2004 Introduction Cyber crime, or more broadly, electronic

More information

Cyber Security Recommendations October 29, 2002

Cyber Security Recommendations October 29, 2002 Cyber Security Recommendations October 29, 2002 Leading Co-Chair (Asia/Oceania) Co-Chair (Americas) Co-Chair (Europe/Africa) Dr. Hiroki Arakawa Executive Vice President NTT Data Corporation Richard Brown

More information

BSA GLOBAL CYBERSECURITY FRAMEWORK

BSA GLOBAL CYBERSECURITY FRAMEWORK 2010 BSA GLOBAL CYBERSECURITY FRAMEWORK BSA GLOBAL CYBERSECURITY FRAMEWORK Over the last 20 years, consumers, businesses and governments 1 around the world have moved online to conduct business, and access

More information

The Future of Data Breach Risk Management Response and Recovery. The Cybersecurity Forum April 14, 2016

The Future of Data Breach Risk Management Response and Recovery. The Cybersecurity Forum April 14, 2016 The Future of Data Breach Risk Management Response and Recovery Increasing electronic product life and reliability The Cybersecurity Forum April 14, 2016 Today s Topics About Merchants Information Solutions,

More information

Brief. The BakerHostetler Data Security Incident Response Report 2015

Brief. The BakerHostetler Data Security Incident Response Report 2015 Brief The BakerHostetler Data Security Incident Response Report 2015 The rate of disclosures of security incidents in 2015 continues at a pace that caused many to call 2013 and then 2014 the year of the

More information

Facing Information Security Challenges

Facing Information Security Challenges AKTINA Event Information Security & Cloud Challenges March 17, 2016 Facing Information Security Challenges ISACA Cyprus Chapter Paschalis Pissarides CRISC, CISM, CISA Immediate Past President (2010-2014)

More information

National Cybersecurity Awareness Campaign

National Cybersecurity Awareness Campaign National Cybersecurity Awareness Campaign About Stop.Think.Connect. In 2009, President Obama issued the Cyberspace Policy Review, which tasked the Department of Homeland Security with creating an ongoing

More information

Testimony of Matthew Rhoades Director Cyberspace & Security Program Truman National Security Project & Center for National Policy

Testimony of Matthew Rhoades Director Cyberspace & Security Program Truman National Security Project & Center for National Policy Testimony of Matthew Rhoades Director Cyberspace & Security Program Truman National Security Project & Center for National Policy House Committee on Homeland Security Subcommittee on Cybersecurity, Infrastructure

More information

Business Continuity for Cyber Threat

Business Continuity for Cyber Threat Business Continuity for Cyber Threat April 1, 2014 Workshop Session #3 3:00 5:30 PM Susan Rogers, MBCP, MBCI Cyberwise CP S2 What happens when a computer program can activate physical machinery? Between

More information

Trends and Tactics in Cyber- Terrorism

Trends and Tactics in Cyber- Terrorism Trends and Tactics in Cyber- Terrorism Presented by Li Jingjing Information Security Supervision Bureau (ISSB) Ministry of Public Security (MPS) China Outline What s Cyber-Terrorism? Crime Types and Trends

More information

Cybercrime: A Sketch of 18 U.S.C. 1030 and Related Federal Criminal Laws

Cybercrime: A Sketch of 18 U.S.C. 1030 and Related Federal Criminal Laws Order Code RS20830 Updated February 25, 2008 Cybercrime: A Sketch of 18 U.S.C. 1030 and Related Federal Criminal Laws Summary Charles Doyle Senior Specialist American Law Division The federal computer

More information

114 th Congress March, 2015. Cybersecurity Legislation and Executive Branch Activity I. ADMINSTRATION S CYBERSECURITY PROPOSALS

114 th Congress March, 2015. Cybersecurity Legislation and Executive Branch Activity I. ADMINSTRATION S CYBERSECURITY PROPOSALS 114 th Congress March, 2015 Cybersecurity Legislation and Executive Branch Activity I. ADMINSTRATION S CYBERSECURITY PROPOSALS On January 13, 2015, the Administration wrote a letter to Congress urging

More information

Summary of Privacy and Data Security Bills- 112 th Congress. Prepared for September 15, 2011 CT Privacy Forum

Summary of Privacy and Data Security Bills- 112 th Congress. Prepared for September 15, 2011 CT Privacy Forum Summary of Privacy and Data Security Bills- 112 th Congress Prepared for September 15, 2011 CT Privacy Forum GEOLOCATION TRACKING The Location Privacy Protection Act of 2011 (S. 1223)- introduced by s

More information