Managing Cyber Attacks

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Managing Cyber Attacks"

Transcription

1 Managing Cyber Attacks Regulators and Industry Participants Discuss Ways to Strengthen Defenses By Joanne Morrison June 25, 2015 Cybersecurity risks and testing are a major concern of regulators and market participants. Experts at a Commodity Futures Trading Commission roundtable discuss the testing underway as well as practices to recover from cyber attacks. CFTC staff spend the day hearing experts discuss cybersecurity challenges THE RISK OF cybersecurity attacks is the single highest concern among financial regulators and top global exchange and clearinghouse leaders. They all agree it is not just a risk, but inevitable that there will be an attack. What lies ahead are challenges in how to best protect key market infrastructure from attacks and recover operations and data after attacks. While the listed and cleared derivatives industry has taken steps for many years to test and prepare for disaster recovery and business continuity, such as after the Sept. 11 attacks, cybersecurity poses new challenges. cyber attacks 1/8

2 First and foremost, those involved in the attacks are sophisticated and hard to detect. A system can be penetrated unnoticed through simple software updates, attachments and simple downloads. In addition, the risk is greater as markets and participants become more linked electronically. Finally, what is most concerning to industry leaders is that cyber attacks are increasingly seen as a new form of terror attack, where critical systems are penetrated for the purpose of severely disrupting or destroying them rather than just stealing information. Five, ten years ago this conversation was largely about the digital equivalent of graffiti, the defacement of websites and other things like that. But now clearly you have actors that are not only willing to steal and commit fraud, but who are actually willing to carry out destructive attacks, like what we saw with the attack on Sony Pictures Entertainment, said Michael Daniel, special assistant to the president and White House security coordinator, at a March 18 staff roundtable of the Commodity Futures Trading Commission. CFTC Chairman Tim Massad agrees. At nearly every public speaking engagement over the past several months, including appearances before Congress, Massad has identified cybersecurity as the biggest threat facing markets. These threats, as we now know today, don t just come from people motivated by profit. They come from people looking to disrupt the system, Massad warned Senate lawmakers at an appropriations hearing in May. Global exchange leaders all have put cybersecurity at the top of their list of concerns. It is not an issue that their technology departments handle alone, they said, but rather a matter for boards and top executives. Exchange leaders identified cybersecurity as a bigger concern than other issues. For example, Jeff Sprecher, the chief executive of Intercontinental Exchange, said ICE s risk committee spends more time on cybersecurity threats than it does on clearinghouse risk and market risk. It has really changed the dynamics of my company. My board has reorganized now so that our info tech team reports into the board through a dotted line, Sprecher said in March during FIA s annual International Futures Industry Conference in Boca Raton, Fla. Sprecher went on to explain that ICE has begun testing its own employees, noting that often times cyber attacks start with breakdowns within the organization. The keys to your company walk out the door every night, he said, adding that enforcing a strict use of passwords, rather than a single password, is one good approach. Information Sharing Key cyber attacks 2/8

3 What is clear in a market system that is all about competition is that combating cybersecurity risks is about sharing and cooperation. It is an issue on which exchanges, clearinghouses, regulators and industry participants are working together and exchanging information to better prepare against attacks and devise systems to recover data and operations after an attack. This is an area where the exchange community has no competitive area among themselves, said Andreas Preuss, CEO of Eurex. If we are not collectively getting this under control, we collectively can cause big systemic risks. Cooperation Network In 1999 the U.S. Treasury Department spearheaded the formation of the Financial Services Information Sharing and Analysis Center. This private sector organization has become the financial industry s go to resource for cyber threats. FS ISAC is unique because it was created by and for members and operates as a member owned nonprofit entity. Membership is comprised of global banks, dealers, finance companies, hedge funds and others. It has been a critical tool in protecting banks and financial institutions. In the central repository at FS ISAC, details about attacks are shared among participants alerting them to potential system weaknesses and potential computer viruses and malware designed to attack systems. All information provided to FS ISAC is cleansed of identifying features to protect the companies that share attack details. Greg Gist, a director in CitiGroup's office of emergency management, discusses the many facets of testing. This network of cooperation is even more critical as financial systems become more and more linked. We see a lot of firms being more interested in doing this, because protecting the system as a whole is now much more important than just protecting my system by itself because of the way risk can be transferred through, said Brian Peretti, director of the Office of Critical Infrastructure Protection and cyber attacks 3/8

4 Compliance Policy at the Treasury Department. He also heads the Financial and Banking Information Infrastructure Committee, a group comprised of 18 financial regulators including the CFTC, the Securities and Exchange Commission, and the Federal Reserve, that meets monthly to discuss cyber attacks. In addition, the race for speed and access has also added to cybersecurity risks. We went as an industry from analog to digital and there was an arms race of speed going to computers and all of us here were trying to have the fastest processor and the lowest latency network, explained ICE s Sprecher in March. ORGANIZATIONS WORKING ON CYBERSECURITY We as exchanges opened our doors and let a thousand flowers bloom so that everybody could connect to us. That attitude is going to change, said Sprecher, adding that the exchange is going to have to be more restrictive about what comes in on the network and how access is enabled. He suggested broader use of encryption for example. OCIP Office of Critical Infrastructure Protection and Compliance Policy. The U.S. Treasury Department established this office after the September 11 attacks. Its role is to coordinate the department s development and implementation of polices related to protecting critical infrastructure of the financial services sector. FBIIC Financial and Banking Information Infrastructure Committee. This group is made of 18 U.S. financial regulators including the Commodity Futures Trading Commission, the Top Concern of Regulators The CFTC has responded in a number of ways to the growing threat of cybersecurity. For example, the CFTC s core principles include provisions requiring clearinghouses and exchanges to maintain system safeguards and risk management programs, systems to notify regulators of incidents, and formal recovery procedures in place. And while the CFTC has made this a priority in its examinations, the agency is not adequately funded to test systems itself, Massad has warned lawmakers. Repeatedly, Massad has said the responsibility for cybersecurity safety rests primarily with private institutions. As a government agency, the CFTC can set standards, he said, but it is the private institutions that run critical financial infrastructure that just carry out all of the comprehensive analysis and system work that is required. What the CFTC has done, however, is made sure that exchanges and clearinghouses themselves have adequate testing and have followed best practices with independent testers, where appropriate, to do things like controls, testing, penetration testing and vulnerability testing, Massad said. cyber attacks 4/8

5 Securities and Exchange Commission, the Treasury Department, federal banking regulators and others. This group holds monthly principal level meetings in the wake of a growing number of cyber attacks. FSSCC Financial Services Sector Coordinating Council. This group was formed at the encouragement of the U.S. Treasury Department to strengthen the resiliency of the financial services sector against attacks and other threats to critical infrastructure. It is a private sector group representing financial services providers such as banks, exchanges, insurance companies, clearinghouses and electronic payment systems as well as industry associations such as FIA. FS ISAC Financial Services Information Sharing and Analysis Center. This private sector group was formed in 1999 and is the financial services industry s go to We have incorporated cyber concerns into our examinations. Typically in our examinations what we re looking for is the board of directors and top management setting the right tone with respect to these issues, Massad told a Senate panel at an appropriations hearing in May, adding that not only must policies be in place, but also top management must ensure policy is being enforced. CFTC officials have also indicated they are working on a release directed at critical market infrastructure entities that will build on the existing core principles. There are currently business continuity management best practices in the core principles in the Commodity Exchange Act and the Dodd Frank Act that govern CFTC regulated exchanges, trading systems and clearinghouses. At the March roundtable, staff discussed with participants whether expanding on the principles ordrafting new rules involving cybersecurity testing should be proposed. Staff also were focused on how the CFTC might audit for compliance and whether participants could estimate the costs associated with any new requirements. A Global Concern Massad also highlighted that combating cybersecurity must continue to be a joint effort not only with the industry but also among regulators, both in the U.S. and globally. We're never going to be able to do all this by ourselves. It's important that we work with other regulators, he said. We simply cannot address this risk with the budget that we have and these threats. In that vein, in 2013, the Bank of England began taking an active interest in state driven terror cyber attacks, moving away from cybercrime, e fraud and other long established patterns in the online cyber crime world. After consulting with the financial services industry and others, the central bank established a framework for testing called CBEST. It differs from other security testing undertaken by the financial services sector because it is threat intelligence based, meaning that it is based on actual cyber threat intelligence in addition to simulated scenarios. cyber attacks 5/8

6 resource for cyber and A CBEST test involves three parties: a regulated entity, a private physical threat intelligence sector penetration testing company and the Bank of England. In analysis and sharing. It addition, the penetration testing company must be qualified as a was created by and for member of the CBEST scheme. members and operates as a member owned nonprofit entity. support at the Bank of England, warned that CBEST is not a David Evans, senior manager for sector and supervisory cyber panacea to cyber threats. You can t expect to do one of these CBEST tests and you will suddenly become cyber secure or cyberresilient. It s a component, he told panelists at the CFTC The cyber intelligence network and testing roundtables. framework launched in 2014 by the Bank of The regulator will have a view of what s critical that that England. The framework organization does. The organization will have a view of what s gathers information and critical. And perhaps the Bank of England, independently, is sort of threat intelligence from looking at a financial stability angle, and the system as a whole various sources and then might also have a slightly different perspective, said Evans. uses the information for CBEST provides a holistic assessment of a financial service or testing scenarios in the infrastructure provider s cyber capabilities by testing people, financial services sector processes and technology in a single test. through qualified testing firms. We wanted to come up with a repeatable testing framework that incorporated all of the sort of better practices in terms of a penetration test, but we wanted to also include threat intelligence as a key component of that part, Evans said. Much of the financial services industry led testing that was established for business continuity and disaster recovery is now focusing on cybersecurity and considering what additional tests could be beneficial. FIA s Annual Test These threats, as we now know today, don t just come from people motivated by profit. They come from people looking to disrupt the system. Every fall for the past 11 years, FIA has worked with a broad cross section of market participants, exchanges and clearinghouses to test and prepare for potential market disruptions.over the years, the group s work has served as a significant tool to help exchanges, clearinghouses and clearing and non clearing firms prepare and operate during market disruptions. cyber attacks 6/8

7 Tim Massad For example, Superstorm Sandy, which shut down markets on the East Coast, was a true test of the work of this committee. CFTC The 2014 test organized by FIA s Information Technology Division s Business Continuity Committee was conducted last October and focused on disaster recovery back up connectivity and functionality between exchanges, clearinghouses and member firms. The test was successfully conducted among 24 domestic and international futures exchanges, clearinghouses and swap execution facilities as well as 62 clearing/non clearing firms. The test, which will include more of a focus on cybersecurity risks, will take place again in the fall of 2015 and again it will be coordinated with the Securities Industry and Financial Markets Association, as there are member firms that are joint FIA/SIFMA members. David Evans discusses the work the Bank of England has done with financial firms to test for cyber threats. excercises with management teams. John Rapa, president and chief executive officer of Tellefsen CFTC Commissioner and Co, helped managed the Christopher Giancarlo and testing for FIA and spoke at the Chairman Tim Massad listen CFTC roundtable. He to expert advice on how to highlighted the importance of manage cyber threats. having a direct line to top executives and others within an organization when it comes to managing and protecting against cyber threats. He and others warned that tests have to change, as threats change, and talked about the need for tabletop war room scenario planning You can t keep doing the same thing over and over again. You ve got to mix it up, he said. When you start to plan these things, you ve got to think deviously. We are at war here. Panel participants were asked whether comprehensive end to end enterprise resilience testing is needed. Participants stressed the focus should be on resilience and the ability to resume business. They were concerned about the operational impact of end to end testing, which most participants felt could be difficult. Greg Gist, director of industry relations at Citigroup in its office of emergency management, explained there are many different levels of requirements for testing: the threat environment, which might be tested with internal auditors; testing with a firm s cyber attacks 7/8

8 We wanted to come up with a repeatable testing framework that incorporated all of the sort of better practices in terms of a penetration test, but we wanted to also include threat intelligence as a key component of that part. partners; and testing with third party suppliers. He noted that the number of tests firms now experience is eating up the green zone of time and firms have very scarce resources. David Garland, director of business continuity management at CME, suggested there should be smaller disaster recovery unit testing, which are more ongoing and could ultimately reduce spending on larger industry wide testing. He too stressed the importance of tabletop tests in addition to actual fail over tests. David Evans Bank of England cyber attacks 8/8

Cybersecurity: Recent CFTC and NFA Activity

Cybersecurity: Recent CFTC and NFA Activity Cybersecurity: Recent CFTC and NFA Activity September 11, 2015 Futures and Derivatives Commodity Futures Trading Commission (CFTC) Chairman Timothy Massad recently announced that cybersecurity in the futures

More information

Testimony of. Doug Johnson. New York Bankers Association. New York State Senate Joint Public Hearing:

Testimony of. Doug Johnson. New York Bankers Association. New York State Senate Joint Public Hearing: Testimony of Doug Johnson On behalf of the New York Bankers Association before the New York State Senate Joint Public Hearing: Cybersecurity: Defending New York from Cyber Attacks November 18, 2013 Testimony

More information

CFTC BRIEFING 2 JUNE 2015 CYBERSECURITY CONSIDERING BANK OF ENGLAND S CBEST PROGRAM

CFTC BRIEFING 2 JUNE 2015 CYBERSECURITY CONSIDERING BANK OF ENGLAND S CBEST PROGRAM CFTC BRIEFING 2 JUNE 2015 CYBERSECURITY CONSIDERING BANK OF ENGLAND S CBEST PROGRAM Objectives Provide an overview of the CBEST program Overview will include answers to the following questions: What types

More information

White Paper on Financial Industry Regulatory Climate

White Paper on Financial Industry Regulatory Climate White Paper on Financial Industry Regulatory Climate According to a 2014 report on threats to the financial services sector, 45% of financial services organizations polled had suffered economic crime during

More information

Cyber Security. CYBER SECURITY presents a major challenge for businesses of all shapes and sizes. Leaders ignore it at their peril.

Cyber Security. CYBER SECURITY presents a major challenge for businesses of all shapes and sizes. Leaders ignore it at their peril. Cyber Security Personal and commercial information is the new commodity of choice for the virtual thief, argues Adrian Leppard, Commissioner for City of London Police, as he sets out the challenges facing

More information

UNITED STATES OF AMERICA COMMODITY FUTURES TRADING COMMISSION

UNITED STATES OF AMERICA COMMODITY FUTURES TRADING COMMISSION UNITED STATES OF AMERICA COMMODITY FUTURES TRADING COMMISSION STAFF ROUNDTABLE ON CYBERSECURITY AND SYSTEM SAFEGUARDS TESTING Washington, D.C. Tuesday, March 18, 2015 2 1 PARTICIPANTS: 2 VINCENT McGONAGLE

More information

TESTIMONY OF TIM PAWLENTY. Chief Executive Officer, The Financial Services Roundtable. Committee on Homeland Security and Government Affairs

TESTIMONY OF TIM PAWLENTY. Chief Executive Officer, The Financial Services Roundtable. Committee on Homeland Security and Government Affairs TESTIMONY OF TIM PAWLENTY Chief Executive Officer, The Financial Services Roundtable Committee on Homeland Security and Government Affairs Hearing entitled Data Breach on the Rise: Protecting Personal

More information

Contingency Planning in ICSA Member Countries

Contingency Planning in ICSA Member Countries Contingency Planning in ICSA Member Countries Australia In an effort to review and upgrade Australia s capacity to deal with threats to critical infrastructure, the government has formed a Trusted Information

More information

Testimony of. Mr. Anish Bhimani. On behalf of the. Financial Services Information Sharing and Analysis Center (FS-ISAC) before the

Testimony of. Mr. Anish Bhimani. On behalf of the. Financial Services Information Sharing and Analysis Center (FS-ISAC) before the Testimony of Mr. Anish Bhimani On behalf of the Financial Services Information Sharing and Analysis Center (FS-ISAC) before the Committee on Homeland Security United States House of Representatives DHS

More information

Anthony J. Albanese, Acting Superintendent of Financial Services. Financial and Banking Information Infrastructure Committee (FBIIC) Members:

Anthony J. Albanese, Acting Superintendent of Financial Services. Financial and Banking Information Infrastructure Committee (FBIIC) Members: Andrew M. Cuomo Governor Anthony J. Albanese Acting Superintendent FROM: TO: Anthony J. Albanese, Acting Superintendent of Financial Services Financial and Banking Information Infrastructure Committee

More information

Client Update NFA Adopts Interpretive Notice Regarding Information Systems Security Programs

Client Update NFA Adopts Interpretive Notice Regarding Information Systems Security Programs 1 Client Update NFA Adopts Interpretive Notice Regarding Information Systems Security Programs NEW YORK Byungkwon Lim blim@debevoise.com Gary E. Murphy gemurphy@debevoise.com Michael J. Decker mdecker@debevoise.com

More information

Network Security Landscape

Network Security Landscape Cole p01.tex V3-07/28/2009 3:46pm Page 1 Network Security Landscape COPYRIGHTED MATERIAL IN THIS PART Chapter 1 State of Network Security Chapter 2 New Approaches to Cyber Security Chapter 3 Interfacing

More information

PROPOSED INTERPRETIVE NOTICE

PROPOSED INTERPRETIVE NOTICE August 28, 2015 Via Federal Express Mr. Christopher J. Kirkpatrick Secretary Office of the Secretariat Commodity Futures Trading Commission Three Lafayette Centre 1155 21st Street, N.W. Washington, DC

More information

The Policy Approaches to Strengthen Cyber Security in the Financial Sector (Summary) July 2, 2015 Financial Services Agency

The Policy Approaches to Strengthen Cyber Security in the Financial Sector (Summary) July 2, 2015 Financial Services Agency The Policy Approaches to Strengthen Cyber Security in the Financial Sector (Summary) July 2, 2015 Financial Services Agency 1 Challenge for Cyber Security in Financial Sector (1) Necessity to Strengthen

More information

A Crisis Response, Information Sharing View of FFIEC Appendix J?

A Crisis Response, Information Sharing View of FFIEC Appendix J? A Crisis Response, Information Sharing View of FFIEC Appendix J? Susan Rogers (MBCP, MBCI) Financial Services Information Sharing and Analysis Center FS-ISAC, Business Resiliency Director srogers@fsisac.us;

More information

SEC update: Cybersecurity initiatives. SEC update: Cybersecurity initiatives. Intelligize // 02

SEC update: Cybersecurity initiatives. SEC update: Cybersecurity initiatives. Intelligize // 02 Intelligize // 02 As is tradition, at the beginning of the year, the U.S. Securities and Exchange Commission outlined both its current state of affairs and annual goals for maintaining proper compliance

More information

Testimony of PETER J. BESHAR. Executive Vice President and General Counsel. Marsh & McLennan Companies

Testimony of PETER J. BESHAR. Executive Vice President and General Counsel. Marsh & McLennan Companies Marsh & McLennan Companies, Inc. 1166 Avenue of the Americas New York, NY 10036 +1 212 345 5000 Fax +1 212 345 4808 Testimony of PETER J. BESHAR Executive Vice President and General Counsel Marsh & McLennan

More information

MEDIA RELEASE. IOSCO reports on business continuity plans for trading venues and intermediaries

MEDIA RELEASE. IOSCO reports on business continuity plans for trading venues and intermediaries IOSCO/MR/54/2015 Madrid, 22 December 2015 IOSCO reports on business continuity plans for trading venues and intermediaries The Board of the (IOSCO) today published two reports that seek to enhance the

More information

Remarks by Thomas J. Curry Comptroller of the Currency Before the New England Council Boston, Massachusetts May 16, 2014

Remarks by Thomas J. Curry Comptroller of the Currency Before the New England Council Boston, Massachusetts May 16, 2014 Remarks by Thomas J. Curry Comptroller of the Currency Before the New England Council Boston, Massachusetts May 16, 2014 It s a pleasure to be with you back home in Boston. I was here just six weeks ago

More information

WRITTEN TESTIMONY OF

WRITTEN TESTIMONY OF WRITTEN TESTIMONY OF KEVIN MANDIA CHIEF EXECUTIVE OFFICER MANDIANT CORPORATION BEFORE THE SUBCOMMITTEE ON CRIME AND TERRORISM JUDICIARY COMMITTEE UNITED STATES SENATE May 8, 2013 Introduction Thank you

More information

Diana L. Taylor New York State Banking Superintendent Financial Services O&I Subcommittee 10/20/03

Diana L. Taylor New York State Banking Superintendent Financial Services O&I Subcommittee 10/20/03 Diana L. Taylor New York State Banking Superintendent Financial Services O&I Subcommittee 10/20/03 Thank you Members of the Committee. I welcome the opportunity to submit this testimony on how the New

More information

Business Plan 2012/13

Business Plan 2012/13 Business Plan 2012/13 Contents Introduction 3 About the NFA..4 Priorities for 2012/13 4 Resources.6 Reporting Arrangements.6 Objective 1 7 To raise the profile and awareness of fraud among individuals,

More information

Managing cyber risk the global banking perspective

Managing cyber risk the global banking perspective 1 Managing cyber risk the global banking perspective Speech given by Andrew Gracie, Executive Director, Resolution, Bank of England British Bankers Association Cyber Conference, London 10 June 2014 2 I

More information

FFIEC Cybersecurity Assessment Tool

FFIEC Cybersecurity Assessment Tool Overview In light of the increasing volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council 1 (FFIEC) developed the Cybersecurity Tool (), on behalf of its members,

More information

Cyber security in an organization-transcending way

Cyber security in an organization-transcending way Cyber security in an organization-transcending way EASEE-gas meeting March 19, 2015 Paul Bloemen ICT Security Manager Gasunie Chair Dutch Energy ISAC March 19, 2015 2 What to talk about Why is cyber security

More information

Cyber threats are growing.

Cyber threats are growing. Cyber threats are growing. So are your career opportunities. Put the future of your cybersecurity career in the hands of a respected online education leader. Everything you need to succeed. Excelsior College

More information

Business Continuity for Cyber Threat

Business Continuity for Cyber Threat Business Continuity for Cyber Threat April 1, 2014 Workshop Session #3 3:00 5:30 PM Susan Rogers, MBCP, MBCI Cyberwise CP S2 What happens when a computer program can activate physical machinery? Between

More information

Cybersecurity and the Threat to Your Company

Cybersecurity and the Threat to Your Company Why is BIG Data Important? March 2012 1 Cybersecurity and the Threat to Your Company A Navint Partners White Paper September 2014 www.navint.com Cyber Security and the threat to your company September

More information

Cyber- Attacks: The New Frontier for Fraudsters. Daniel Wanjohi, Technology Security Specialist

Cyber- Attacks: The New Frontier for Fraudsters. Daniel Wanjohi, Technology Security Specialist Cyber- Attacks: The New Frontier for Fraudsters Daniel Wanjohi, Technology Security Specialist What is it All about The Cyber Security Agenda ; Protecting computers, networks, programs and data from unintended

More information

Report on CAP Cybersecurity November 5, 2015

Report on CAP Cybersecurity November 5, 2015 Agenda Number 7. Report on CAP Cybersecurity November 5, 2015 Phil Cook CISSP, CISM Manager, Information Technologies Risk #1 External Attacks PR 81 Protect and secure CAP's Information Technology assets

More information

2015 Michigan NASCIO Award Nomination. Cyber Security Initiatives: Michigan Cyber Disruption Response Strategy

2015 Michigan NASCIO Award Nomination. Cyber Security Initiatives: Michigan Cyber Disruption Response Strategy 2015 Michigan NASCIO Award Nomination Cyber Security Initiatives: Michigan Cyber Disruption Response Strategy Sponsor: David Behen, DTMB Director and Chief Information Officer Program Manager: Rod Davenport,

More information

FS-ISAC CHARLES BRETZ

FS-ISAC CHARLES BRETZ FS-ISAC CHARLES BRETZ Information Sharing To be forewarned is to be fore-armed MISSION: Sharing Timely, Relevant, Actionable Cyber and Physical Security Information & Analysis A nonprofit private sector

More information

Address C-level Cybersecurity issues to enable and secure Digital transformation

Address C-level Cybersecurity issues to enable and secure Digital transformation Home Overview Challenges Global Resource Growth Impacting Industries Address C-level Cybersecurity issues to enable and secure Digital transformation We support cybersecurity transformations with assessments,

More information

EEI Business Continuity. Threat Scenario Project (TSP) April 4, 2012. EEI Threat Scenario Project

EEI Business Continuity. Threat Scenario Project (TSP) April 4, 2012. EEI Threat Scenario Project EEI Business Continuity Conference Threat Scenario (TSP) April 4, 2012 EEI Threat Scenario 1 Background EEI, working with a group of CIOs and Subject Matter Experts, conducted a survey with member companies

More information

Written Statement of Richard Dewey Executive Vice President New York Independent System Operator

Written Statement of Richard Dewey Executive Vice President New York Independent System Operator Written Statement of Richard Dewey Executive Vice President New York Independent System Operator Senate Standing Committee on Veterans, Homeland Security and Military Affairs Senator Thomas D. Croci, Chairman

More information

FFIEC Cybersecurity Assessment Tool Overview for Chief Executive Officers and Boards of Directors

FFIEC Cybersecurity Assessment Tool Overview for Chief Executive Officers and Boards of Directors Overview for Chief Executive Officers and Boards of Directors In light of the increasing volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council 1 (FFIEC) developed

More information

BSA-ISSA Information Security Study Online Survey of ISSA Members

BSA-ISSA Information Security Study Online Survey of ISSA Members BSA-ISSA Information Security Study Online Survey of ISSA Members December 3, 2003 Research Conducted Between October 13 and October 29, 2003 Key Findings I. A majority of security professionals believe

More information

Microsoft s cybersecurity commitment

Microsoft s cybersecurity commitment Microsoft s cybersecurity commitment Published January 2015 At Microsoft, we take the security and privacy of our customers data seriously. This focus has been core to our culture for more than a decade

More information

Keynote. Professor Russ Davis Chairperson IC4MF & Work Shop Coordinator for Coordinator for Technology, Innovation and Exploitation.

Keynote. Professor Russ Davis Chairperson IC4MF & Work Shop Coordinator for Coordinator for Technology, Innovation and Exploitation. Keynote Professor Russ Davis Chairperson IC4MF & Work Shop Coordinator for Coordinator for Technology, Innovation and Exploitation 6 & 7 Nov 2013 So many of us now don t just work online but live part

More information

Combatting the Biggest Cyber Threats to the Financial Services Industry. A White Paper Presented by: Lockheed Martin Corporation

Combatting the Biggest Cyber Threats to the Financial Services Industry. A White Paper Presented by: Lockheed Martin Corporation Combatting the Biggest Cyber Threats to the Financial Services Industry A White Paper Presented by: Lockheed Martin Corporation Combatting the Biggest Cyber Threats to the Financial Services Industry Combatting

More information

WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY

WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY SMALL BUSINESSES WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY ONE CLICK CAN CHANGE EVERYTHING SMALL BUSINESSES My reputation was ruined by malicious emails ONE CLICK CAN CHANGE EVERYTHING Cybercrime comes

More information

Business Continuity at CME Group

Business Continuity at CME Group 1 Business Continuity at CME Group CME Group is proud of its solid Business Continuity Management program, which is central to helping mitigate potential impacts to our markets and customers. It defines

More information

Top 5 Global Bank Selects Resolution1 for Cyber Incident Response.

Top 5 Global Bank Selects Resolution1 for Cyber Incident Response. MAJOR FINANCIAL SERVICES LEADER Top 5 Global Bank Selects Resolution1 for Cyber Incident Response. Automation and remote endpoint remediation reduce incident response (IR) times from 10 days to 5 hours.

More information

Is your Organization SAFE?

Is your Organization SAFE? Is your Organization SAFE? About Enterprise Risk Management (ERM) About The Presenter Mike Sanchez, Senior Vice President at ERM Captain, USMC (Ret.) COBIT 5 Certified Possesses over 20 years of experience

More information

CYBER SECURITY GUIDANCE

CYBER SECURITY GUIDANCE CYBER SECURITY GUIDANCE With the pervasiveness of information technology (IT) and cyber networks systems in nearly every aspect of society, effectively securing the Nation s critical infrastructure requires

More information

THE WHITE HOUSE Office of the Press Secretary

THE WHITE HOUSE Office of the Press Secretary FOR IMMEDIATE RELEASE February 13, 2015 THE WHITE HOUSE Office of the Press Secretary FACT SHEET: White House Summit on Cybersecurity and Consumer Protection As a nation, the United States has become highly

More information

CHAPTER 2016-138. Committee Substitute for Committee Substitute for Committee Substitute for House Bill No. 1033

CHAPTER 2016-138. Committee Substitute for Committee Substitute for Committee Substitute for House Bill No. 1033 CHAPTER 2016-138 Committee Substitute for Committee Substitute for Committee Substitute for House Bill No. 1033 An act relating to information technology security; amending s. 20.61, F.S.; revising the

More information

JOB ANNOUNCEMENT. Chief Security Officer, Cheniere Energy, Inc.

JOB ANNOUNCEMENT. Chief Security Officer, Cheniere Energy, Inc. JOB ANNOUNCEMENT Chief Security Officer, Cheniere Energy, Inc. Position Overview The Vice President and Chief Security Risk Officer (CSRO) reports to the Chairman, Chief Executive Officer and President

More information

CYBER SECURITY INFORMATION SHARING & COLLABORATION

CYBER SECURITY INFORMATION SHARING & COLLABORATION Corporate Information Security CYBER SECURITY INFORMATION SHARING & COLLABORATION David N. Saul Senior Vice President & Chief Scientist 28 June 2013 Discussion Flow The Evolving Threat Environment Drivers

More information

Crisis Management. IT Governance Summit 2015 Golden Tulip-Kumasi 08-09 October 2015

Crisis Management. IT Governance Summit 2015 Golden Tulip-Kumasi 08-09 October 2015 Crisis Management IT Governance Summit 2015 Golden Tulip-Kumasi 08-09 October 2015 Daniel Gyampo (EMBA,CRISC,CISA, CGEIT pass) Group Manager, Information Systems Audit, Ecobank Contents Disaster / Crisis

More information

CYBER SECURITY. ADVISORY SERVICES Governance Risk & Compliance. Shemrick Rodney IT Specialist Consultant Antigua & St. Kitts

CYBER SECURITY. ADVISORY SERVICES Governance Risk & Compliance. Shemrick Rodney IT Specialist Consultant Antigua & St. Kitts CYBER SECURITY ADVISORY SERVICES Governance Risk & Compliance Shemrick Rodney IT Specialist Consultant Antigua & St. Kitts The Financial Services Industry at Crossroads: Where to From Here? WELCOME What

More information

TESTIMONY OF DANIEL DUFF VICE PRESIDENT - GOVERNMENT AFFAIRS AMERICAN PUBLIC TRANSPORTATION ASSOCIATION BEFORE THE

TESTIMONY OF DANIEL DUFF VICE PRESIDENT - GOVERNMENT AFFAIRS AMERICAN PUBLIC TRANSPORTATION ASSOCIATION BEFORE THE TESTIMONY OF DANIEL DUFF VICE PRESIDENT - GOVERNMENT AFFAIRS AMERICAN PUBLIC TRANSPORTATION ASSOCIATION BEFORE THE HOUSE COMMITTEE ON GOVERNMENT REFORM ON THE 9/11 COMMISSION RECOMMENDATIONS ******* August

More information

Chairman Johnson, Ranking Member Carper, and Members of the committee:

Chairman Johnson, Ranking Member Carper, and Members of the committee: UNITED STATES OFFICE OF PERSONNEL MANAGEMENT STATEMENT OF THE HONORABLE KATHERINE ARCHULETA DIRECTOR U.S. OFFICE OF PERSONNEL MANAGEMENT before the COMMITTEE ON HOMELAND SECURITY AND GOVERNMENTAL AFFAIRS

More information

OECD PROJECT ON CYBER RISK INSURANCE

OECD PROJECT ON CYBER RISK INSURANCE OECD PROJECT ON CYBER RISK INSURANCE Introduction 1. Cyber risks pose a real threat to society and the economy, the recognition of which has been given increasingly wide media coverage in recent years.

More information

FFIEC Cybersecurity Assessment Tool

FFIEC Cybersecurity Assessment Tool 6/9/2016 Tim Segerson, Deputy Director Office of Examination & Insurance FFIEC Cybersecurity Assessment Tool LSCU Cyber Breakout June 17, 2016 Continuing saga of lost sensitive data Every event enhances

More information

The SEC s Initial Involvement: Encouraging Disclosures. From Comment Letters to Enforcement

The SEC s Initial Involvement: Encouraging Disclosures. From Comment Letters to Enforcement SEC ENFORCEMENT The SEC s Two Primary Theories in Cybersecurity Enforcement Actions By Daniel F. Schubert, Jonathan G. Cedarbaum and Leah Schloss WilmerHale Cyber attacks are increasingly common and affect

More information

Testimony of. Wm. Douglas Johnson. American Bankers Association. Subcommittee on Information Technology

Testimony of. Wm. Douglas Johnson. American Bankers Association. Subcommittee on Information Technology Testimony of Wm. Douglas Johnson On behalf of the American Bankers Association before the Subcommittee on Information Technology of the Committee on Oversight and Government Reform United States House

More information

Cyber Security Risk Management

Cyber Security Risk Management Our Ref.: B1/15C B9/29C 15 September 2015 The Chief Executive All Authorized Institutions Dear Sir/Madam, Cyber Security Risk Management I am writing to draw your attention to the growing importance of

More information

Risk Management in Global Operating Industry

Risk Management in Global Operating Industry Risk Management in Global Operating Industry World Financial Symposium 2015 Here is the News Saleema Brohi Aviation Legal Expert Session Sponsor World Financial Symposium 2015 Cyber Attack! - Beyond Firewalls

More information

On the European experience in critical infrastructure protection

On the European experience in critical infrastructure protection DCAF a centre for security, development and the rule of law On the European experience in critical infrastructure protection Valeri R. RATCHEV ratchevv@yahoo.com @ratchevv DCAF/CSDM 1 This presentation

More information

Hacks, apps and espionage - how protected are you against cyber crime? Top 10 Legal Need-to-Knows

Hacks, apps and espionage - how protected are you against cyber crime? Top 10 Legal Need-to-Knows Hacks, apps and espionage - how protected are you against cyber crime? Top 10 Legal Need-to-Knows 24 February 2015 Callum Sinclair Faith Jayne Agenda Top 10 legal need-to-knows, including: What is cyber

More information

Cybersecurity and the Romanian business environment in the regional and European context

Cybersecurity and the Romanian business environment in the regional and European context KPMG Legal Cybersecurity and the Romanian business environment in the regional and European context Developing a cybersecurity culture for the users of digital and communications systems has become a mandatory

More information

State Agency Cyber Security Survey v 3.4 2 October 2014. State Agency Cybersecurity Survey v 3.4

State Agency Cyber Security Survey v 3.4 2 October 2014. State Agency Cybersecurity Survey v 3.4 State Agency Cybersecurity Survey v 3.4 The purpose of this survey is to identify your agencies current capabilities with respect to information systems/cyber security and any challenges and/or successes

More information

Keynote Speech. Beth Dugan Deputy Comptroller for Operational Risk. The Clearing House s First Operational Risk Colloquium

Keynote Speech. Beth Dugan Deputy Comptroller for Operational Risk. The Clearing House s First Operational Risk Colloquium Keynote Speech by Beth Dugan Deputy Comptroller for Operational Risk at The Clearing House s First Operational Risk Colloquium February 11, 2015 Washington, D.C. Thank you. It s an honor to be invited

More information

Strategies for Countering Cyber Threats

Strategies for Countering Cyber Threats UNDERWRITTEN BY Strategies for Countering Cyber Threats By Aliya Sternstein The federal government is out to stop cybercrooks by reaching potential victims before they do. Public outreach is one of the

More information

Cyber Warfare. Global Economic Crime Survey. Causes of Cyber Attacks. David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP. Why Cybercrime?

Cyber Warfare. Global Economic Crime Survey. Causes of Cyber Attacks. David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP. Why Cybercrime? Cyber Warfare David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP Global Economic Crime Survey Cyber crime is the fastest growing economic crime up more than 2300% since 2009 1 in 10 companies

More information

Machine-to-Machine Exchange of Cyber Threat Information: a Key to Mature Cyber Defense

Machine-to-Machine Exchange of Cyber Threat Information: a Key to Mature Cyber Defense Machine-to-Machine Exchange of Cyber Threat Information: a Key to Mature Cyber Defense By: Daniel Harkness, Chris Strasburg, and Scott Pinkerton The Challenge The Internet is an integral part of daily

More information

Remarks by. Thomas J. Curry. Comptroller of the Currency. Before the. Chicago. November 7, 2014

Remarks by. Thomas J. Curry. Comptroller of the Currency. Before the. Chicago. November 7, 2014 Remarks by Thomas J. Curry Comptroller of the Currency Before the 10 th Annual Community Bankers Symposium Chicago November 7, 2014 Good morning, it s a pleasure to be here today and to have this opportunity

More information

Defending Against Data Beaches: Internal Controls for Cybersecurity

Defending Against Data Beaches: Internal Controls for Cybersecurity Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity

More information

Accountability for a data breach

Accountability for a data breach Accountability for a data breach /operational-risk-and-regulation/feature/2275384/accountability-for-a-data-breach 17 Jun 2013, Jessica Meek, Operational Risk & Regulation In March 2013 the US Senate Select

More information

TESTIMONY OF VALERIE ABEND SENIOR CRITICAL INFRASTRUCTURE OFFICER OFFICE OF THE COMPTROLLER OF THE CURRENCY. Before the

TESTIMONY OF VALERIE ABEND SENIOR CRITICAL INFRASTRUCTURE OFFICER OFFICE OF THE COMPTROLLER OF THE CURRENCY. Before the For Release Upon Delivery 10:00 a.m., December 10, 2014 TESTIMONY OF VALERIE ABEND SENIOR CRITICAL INFRASTRUCTURE OFFICER OFFICE OF THE COMPTROLLER OF THE CURRENCY Before the COMMITTEE ON BANKING, HOUSING,

More information

Cybersecurity Awareness. Part 2

Cybersecurity Awareness. Part 2 Part 2 Objectives Discuss the Evolution of Data Security Define and Discuss Cybersecurity Review Threat Environment Part 1 Discuss Information Security Programs s Enhancements for Cybersecurity Risks Threat

More information

New York State Department of Financial Services. Report on Cyber Security in the Insurance Sector

New York State Department of Financial Services. Report on Cyber Security in the Insurance Sector New York State Department of Financial Services Report on Cyber Security in the Insurance Sector February 2015 Report on Cyber Security in the Insurance Sector I. Introduction Cyber attacks against financial

More information

The Senior Executive s Role in Cybersecurity. By: Andrew Serwin and Ron Plesco.

The Senior Executive s Role in Cybersecurity. By: Andrew Serwin and Ron Plesco. The Senior Executive s Role in Cybersecurity. By: Andrew Serwin and Ron Plesco. 1 Calling All CEOs Are You Ready to Defend the Battlefield of the 21st Century? It is not the norm for corporations to be

More information

Cyber-Crime, Cyber-Espionage, Cyber-War, & Cyber-Threats: An Exploration of Illegal Conduct & Warfare in the Cyber-World

Cyber-Crime, Cyber-Espionage, Cyber-War, & Cyber-Threats: An Exploration of Illegal Conduct & Warfare in the Cyber-World Cyber-Crime, Cyber-Espionage, Cyber-War, & Cyber-Threats: An Exploration of Illegal Conduct & Warfare in the Cyber-World Moderator: Panelists: Honorable Preet Bharara, United States Attorney, Southern

More information

Committees Date: Subject: Public Report of: For Information Summary

Committees Date: Subject: Public Report of: For Information Summary Committees Audit & Risk Management Committee Finance Committee Subject: Cyber Security Risks Report of: Chamberlain Date: 17 September 2015 22 September 2015 Public For Information Summary Cyber security

More information

Five keys to a more secure data environment

Five keys to a more secure data environment Five keys to a more secure data environment A holistic approach to data infrastructure security Compliance professionals know better than anyone how compromised data can lead to financial and reputational

More information

ROCKEFELLER SNOWE CYBERSECURITY ACT SUBSTITUTE AMENDMENT FOR S.773

ROCKEFELLER SNOWE CYBERSECURITY ACT SUBSTITUTE AMENDMENT FOR S.773 ROCKEFELLER SNOWE CYBERSECURITY ACT SUBSTITUTE AMENDMENT FOR S.773 March 17, 2010 BACKGROUND & WHY THIS LEGISLATION IS IMPORTANT: Our nation is at risk. The networks that American families and businesses

More information

Examining the Evolving Cyber Insurance Marketplace

Examining the Evolving Cyber Insurance Marketplace Prepared Testimony and Statement for the Record of Ola Sage Founder and CEO e-management Hearing on Examining the Evolving Cyber Insurance Marketplace Before the Senate Committee on Commerce, Science,

More information

Into the cybersecurity breach

Into the cybersecurity breach Into the cybersecurity breach Tim Sanouvong State Sector Cyber Risk Services Deloitte & Touche LLP April 3, 2015 Agenda Setting the stage Cyber risks in state governments Cyber attack vectors Preparing

More information

Critical Infrastructure & Supervisory Control and Data Acquisition (SCADA) CYBER PROTECTION

Critical Infrastructure & Supervisory Control and Data Acquisition (SCADA) CYBER PROTECTION Critical Infrastructure & Supervisory Control and Data Acquisition (SCADA) CYBER PROTECTION ALBERTO AL HERNANDEZ, ARMY RESERVE OFFICER, SOFTWARE ENGINEER PH.D. CANDIDATE, SYSTEMS ENGINEERING PRESENTATION

More information

CYBERSECURITY BEST PRACTICES FOR SMALL AND MEDIUM PENNSYLVANIA UTILITIES

CYBERSECURITY BEST PRACTICES FOR SMALL AND MEDIUM PENNSYLVANIA UTILITIES CYBERSECURITY BEST PRACTICES FOR SMALL AND MEDIUM PENNSYLVANIA UTILITIES The information provided in this document is presented as a courtesy to be used for informational purposes only. This information

More information

GAO CRITICAL INFRASTRUCTURE PROTECTION. Significant Challenges in Developing Analysis, Warning, and Response Capabilities.

GAO CRITICAL INFRASTRUCTURE PROTECTION. Significant Challenges in Developing Analysis, Warning, and Response Capabilities. GAO United States General Accounting Office Testimony Before the Subcommittee on Technology, Terrorism and Government Information, Committee on the Judiciary, U.S. Senate For Release on Delivery Expected

More information

GAO. INFORMATION SECURITY Persistent Weaknesses Highlight Need for Further Improvement

GAO. INFORMATION SECURITY Persistent Weaknesses Highlight Need for Further Improvement GAO For Release on Delivery Expected at time 1:00 p.m. EDT Thursday, April 19, 2007 United States Government Accountability Office Testimony Before the Subcommittee on Emerging Threats, Cybersecurity,

More information

Cybercrime: risks, penalties and prevention

Cybercrime: risks, penalties and prevention Cybercrime: risks, penalties and prevention Cyber attacks have been appearing in the news with increased frequency and recent victims of cybercrime have included well-known companies such as Sony, LinkedIn,

More information

2015 A CyberSecurity Year. Robert Annett @robert_annett

2015 A CyberSecurity Year. Robert Annett @robert_annett 2015 A CyberSecurity Year Robert Annett @robert_annett Why was 2015 special? http://www.informationisbeautiful.net/ visualizations/worlds-biggest-data-breaches-hacks/ Source: http://www.bloomberg.com/graphics/2014-data-breaches/

More information

Written Testimony of. Dean C. Garfield President & CEO, Information Technology Industry Council (ITI) Before the

Written Testimony of. Dean C. Garfield President & CEO, Information Technology Industry Council (ITI) Before the Written Testimony of Dean C. Garfield President & CEO, Information Technology Industry Council (ITI) Before the Subcommittee on Research and Technology Committee on Science, Space, and Technology U.S.

More information

CYBERSECURITY: Is Your Business Ready?

CYBERSECURITY: Is Your Business Ready? CYBERSECURITY: Is Your Business Ready? Cybersecurity: Is your business ready? Cyber risk is just like any other corporate risk and it must be managed from the top. An organization will spend time monitoring

More information

CyberSecurity Solutions. Delivering

CyberSecurity Solutions. Delivering CyberSecurity Solutions Delivering Confidence Staying One Step Ahead Cyber attacks pose a real and growing threat to nations, corporations and individuals globally. As a trusted leader in cyber solutions

More information

ICBA Summary of FFIEC Cybersecurity Assessment Tool

ICBA Summary of FFIEC Cybersecurity Assessment Tool ICBA Summary of FFIEC Cybersecurity Assessment Tool July 2015 Contact: Jeremy Dalpiaz Assistant Vice President Cyber Security and Data Security Policy Jeremy.Dalpiaz@icba.org www.icba.org ICBA Summary

More information

Guidance on data security breach management

Guidance on data security breach management Guidance on data security breach management Organisations which process personal data must take appropriate measures against unauthorised or unlawful processing and against accidental loss, destruction

More information

Executive Cyber Security Training. One Day Training Course

Executive Cyber Security Training. One Day Training Course Executive Cyber Security Training One Day Training Course INTRODUCING EXECUTIVE CYBER SECURITY TRAINING So what is all this we hear in the media about cyber threats? How can an organization understand

More information

RLI PROFESSIONAL SERVICES GROUP PROFESSIONAL LEARNING EVENT PSGLE 123. Cybersecurity: A Growing Concern for Small Businesses

RLI PROFESSIONAL SERVICES GROUP PROFESSIONAL LEARNING EVENT PSGLE 123. Cybersecurity: A Growing Concern for Small Businesses RLI PROFESSIONAL SERVICES GROUP PROFESSIONAL LEARNING EVENT PSGLE 123 Cybersecurity: A Growing Concern for Small Businesses Copyright Materials This presentation is protected by US and International Copyright

More information

CYBERSECURITY INDEX OF INDICES

CYBERSECURITY INDEX OF INDICES Published July 2, 2015 CYBERSECURITY INDEX OF INDICES Cybersecurity development is a complex matter. Whether at the nation state level, or in an enterprise, various factors need to be taken into consideration

More information

Small businesses: What you need to know about cyber security

Small businesses: What you need to know about cyber security Small businesses: What you need to know about cyber security March 2015 Contents page What you need to know about cyber security... 3 Why you need to know about cyber security... 4 Getting the basics right...

More information

JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015

JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015 JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015 The following consists of the joint explanatory statement to accompany the Cybersecurity Act of 2015. This joint explanatory statement

More information

Cyber Security. Moderator: Marla J. Kreindler, Partner, Morgan, Lewis & Bockius LLP

Cyber Security. Moderator: Marla J. Kreindler, Partner, Morgan, Lewis & Bockius LLP Cyber Security Moderator: Marla J. Kreindler, Partner, Morgan, Lewis & Bockius LLP Speakers: Keith Overly, Executive Director, Ohio Deferred Compensation Program Raj Patel, Partner, Plante & Moran, PLLC

More information

Cybersecurity Strategic Consulting

Cybersecurity Strategic Consulting Home Overview Challenges Global Resource Growth Impacting Industries Why Capgemini Capgemini & Sogeti Cybersecurity Strategic Consulting Enabling business ambitions, resilience and cost efficiency with

More information

$194 per record lost* 3/15/2013. Global Economic Crime Survey. Data Breach Costs. David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP

$194 per record lost* 3/15/2013. Global Economic Crime Survey. Data Breach Costs. David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP Global Economic Crime Survey Global Cyber Crime is the fastest growing economic crime Cyber Crime is more lucrative than trafficking drugs!

More information