Why Cybersecurity Matters in Government Contracting. Robert Nichols, Covington & Burling LLP

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Why Cybersecurity Matters in Government Contracting. Robert Nichols, Covington & Burling LLP"

Transcription

1 Why Cybersecurity Matters in Government Contracting Robert Nichols, Covington & Burling LLP

2 Cybersecurity is the No. 1 Concern of General Counsel and Directors 2

3 Cybersecurity Concerns in the Government The American people deserve to know that companies running our critical infrastructure meet basic, commonsense cybersecurity standards, just as they already meet other security requirements. It would be the height of irresponsibility to leave a digital backdoor wide open to our cyber adversaries. President Obama Rarely has something been so important and so talked about with less clarity and less apparent understanding than this phenomenon. General Michael Hayden 3

4 Cybersecurity Concerns in Contracting Our internal IT security team recently identified an apparent external cyber-attack on USIS corporate network. We immediately informed federal law enforcement, the Office of Personnel Management (OPM) and other relevant federal agencies. We are working closely with federal law enforcement authorities and have retained an independent computer forensics investigations firm to determine the precise nature and extent of any unlawful entry into our network. Experts who have reviewed the facts gathered to-date believe it has all the markings of a state-sponsored attack. Cybercrime and attacks of this nature have become an epidemic that impacts businesses, government agencies, and financial and educational institutions alike. The protection and safeguarding of our networks, our data and the data of our customers is always of the utmost importance, and we have invested heavily in security measures. Our systems and people identified this attack, and, in response, we are working alongside OPM, the Department of Homeland Security (DHS) and federal law enforcement authorities in redoubling our cybersecurity efforts. We are working collaboratively with OPM and DHS to resolve this matter quickly and look forward to resuming service on all our contracts with them as soon as possible. We will support the authorities in the investigation and any prosecution of those determined to be responsible for this criminal attack. - Statement by USIS 4

5 Defining the Concerns Why cyber attacks occur Criminal seeking financial gain through theft of proprietary information Advance social and political agendas Employees to cause harm and embarrass employers Terrorists to harm US national security Economic espionage Foreign intelligence What is cybersecurity? Measures intended to protect information systems including technology Devices, networks and software, information, and associated personnel from various forms of attack 5

6 The U.S. Government s Approach to Cybersecurity and Framework Each government entity has responsibility for governing the infrastructure and people that make up the portion of cyberspace within its jurisdiction. The U.S. government s approach to cybersecurity has developed through a series of laws and policies over the last 30 years, with particular attention over the past decade. Congress has passed numerous statutes addressing different aspects of information security. 6

7 The Federal Information Security Management Act ( FISMA ) FISMA sets forth a comprehensive framework for ensuring the effectiveness of information security controls over information resources that support federal operations and assets, including those operated by contractors on behalf of the agency. FISMA requires each agency to develop, document, and implement an information security program that includes the following components: policies and procedures that are based on (1) risk assessments, (2) cost-effectively reducing security risks to an acceptable level, (3) ensuring that information security is addressed throughout the lifecycle of each system, and (4) ensuring compliance with applicable requirements. subordinate plans security awareness training periodic testing and evaluation a process for planning, implementing, evaluating, and documenting remedial action to address any deficiencies procedures for detecting, reporting, and responding to security incidents plans and procedures to ensure continuity of operations for information systems 7

8 FISMA Under FISMA, each agency Chief Information Officer has the responsibility to ensure that agency information systems, including those operated by contractors, are being protected under the agency s information security program. FISMA charged the Director of the Office of Management and Budget ( OMB ) with the oversight of agency information security policies and practices. In addition, the OMB annual FISMA reporting instructions require agencies to develop policies and procedures for agency officials to follow when performing oversight of the implementation of security and privacy controls by contractors. OMB guidance specifically requires each agency inspector general, or other independent auditor, to perform the evaluation, including the effectiveness of the agency s contractor oversight. The passing of FISMA in 2002 was the beginning of the creation of a broad framework for federal cybersecurity in the United States. 8

9 The Federal Information Security Modernization Act of 2014 ( FISMA 2014 ) The Federal Information Security Modernization Act of 2014 charges the Department of Homeland Security (DHS) with assisting OMB with FISMA implementation by coordinating government-wide efforts for information security. FISMA 2014 also authorizes DHS to develop and oversee the implementation of binding operational directives that direct agencies efforts to safeguard Federal information and information systems from information security threat, vulnerability or risk. The law clarifies and amplifies the notification requirements for major incidents and other breaches. As with the original FISMA, FISMA 2014 requires agencies to apply certain standards to contractors. 9

10 The Role of Federal Agencies DHS is the operational lead for Federal civilian cybersecurity; DOD plays a similar role for the military. both departments execute a number of protection programs on behalf of the Government. NIST issues and updates security standards and guidelines for information systems utilized by Federal agencies. OMB, in partnership with DHS and the National Security Counsel, oversees the successful implementation of agency-specific and government-wide cybersecurity programs. While no single Federal Agency has purview over cybersecurity issues, certain agencies do have defined functions and operate important programs. 10

11 The White House/Office of Management and Budget OMB appointed a Federal Chief Information Officer (Federal CIO) who administers the Office of Electronic Government (OMB E-Gov), which has oversight responsibilities for Federal cybersecurity policy and implementation. In 2009, President Obama named the first Cybersecurity Coordinator to lead the interagency efforts to implement the CNCI goals and initiatives. The Administration has also established an Information and Communications Infrastructure Interagency Policy Committee (ICI-IPC) as the primary policy coordination body for issues related to achieving an assured, reliable, secure, and survivable global information and communications infrastructure and related capabilities. OMB recently created a dedicated unit within OMB E-Gov called the Cyber and National Security Unit (E-Gov Cyber) that will focus on strengthening Federal cybersecurity through targeted oversight and policy issuance. 11

12 The White House/Office of Management and Budget The Federal CIO formally established the Federal Risk and Authorization Management Program ( FedRAMP ) to accelerate the adoption of cloud computing solutions across the Federal Government. In 2011, the Administration released the National Strategy for Trusted Identities in Cyberspace ( NSTIC ), which calls for publicprivate collaboration to create an Identity Ecosystem a marketplace of more secure, convenient, interoperable, and privacy-enhancing solutions for online authentication and identification. OMB has begun to focus on the role of government contractors in the federal government s Cybersecurity landscape. 12

13 The U.S. Department of Defense (DOD) and Intelligence Community The DOD aggressively defends its networks, secures its data, and mitigates risk to DOD missions. In 2010, DOD launched the U.S. Cyber Command ( USCYBERCOM ) USCYBERCOM is a centralized command for assuring the security of military information systems tasked with centralizing command of cyberspace operations, strengthening DOD cyberspace capabilities, and integrating and bolstering DOD s cyber expertise. In 2015, DOD released a new cyber strategy The strategy made clear that DOD s first mission is to defend its own networks, systems, and information. Its second mission is to defend the United States and its interests against cyberattacks of significant consequence. 13

14 DOD s 2015 Cyber Strategy The United States government has a limited and specific role to play in defending the nation against cyberattacks of significant consequence. The private sector owns and operates over ninety percent of all of the networks and infrastructure of cyberspace and is thus the first line of defense. One of the most important steps for improving the United States overall cybersecurity posture is for companies to prioritize the networks and data that they must protect and to invest in improving their own cybersecurity. While the U.S. government must prepare to defend the country against the most dangerous attacks, the majority of intrusions can be stopped through relatively basic cybersecurity investments that companies can and must make themselves. 14

15 The U.S. Department of Homeland Security (DHS) The DHS is responsible for creating and maintaining a common operational picture for cyberspace across the government. Coordinated response to significant cyber incidents is carried out by the National Cybersecurity Division (NCSD) of the DHS. DHS National Protection and Programs Directorate (NPPD) works with partners at all levels of government and form the private and non-profit sectors, to share information and build greater trust to make the cyber and physical infrastructure more secure. The Office of Cyber and Infrastructure Analysis (OCIA) supports efforts to protect the Nation s critical infrastructure through an integrated analytical approach evaluating the potential consequences of disruption from physical or cyber threats and incidents. OCIA identifies critical infrastructure where cyber incidents could have catastrophic impacts to public health and safety, the economy, and national security. OCIA builds on the work of the Department s Homeland Infrastructure Threat and Risk Analysis Center (HITRAC) and manages the National Infrastructure Simulation and Analysis Center (NISAC). 15

16 DHS and Contractors DHS Office of the Assistant Secretary for Cybersecurity and Communications (CS&C) within NPPD is responsible for enhancing the security, resilience, and reliability of the Nation s cyber and communications infrastructure. CS&C houses the National Cybersecurity and Communications Integration Center (NCCIC), a 24x7 cyber situational awareness, incident response, and management center. The CS&C Stakeholder Engagement and Cyber Infrastructure Resilience (SECIR) division is the DHS primary point of engagement and coordination for national security/emergency preparedness (NS/EP) communications and cybersecurity initiatives for both government and industry partners. Relevant to contractors, the SECIR s include the following: works with government and industry to promote and enhance the security and resilience of NS/EP communications and cyber infrastructure. maintains meaningful lines of communication and engagement. leads the development of strategic risk assessments and the delivery of key mitigation capabilities to owners and operators. leads the development and implementation of education, outreach, and awareness, and cyber workforce and NS/EP communications development initiatives. 16

17 The U.S. Department of Homeland Security (DHS) The Department s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) response to significant privatesector incidents and deploys teams for site assistance visits. It also has established close working relationships with industry through partnerships like the Protected Critical Infrastructure Information (PCII) Program, which enhances voluntary information sharing between infrastructure owners and operators in the government. Perhaps the two most important DHS cybersecurity programs are Continuous Diagnostics & Mitigation ( CDM ) and the National Cybersecurity Protection System ( EINSTEIN ). Under CDM, DHS works with the General Services Administration ( GSA ) to establish and fund government-wide Blanket Purchase Agreements used to provide Federal agencies a basic set of tools to support the continuous monitoring of information systems. The goal of EINSTEIN is to provide the Federal government with an early warning system, improved situational awareness of intrusion threats to Federal Executive Branch civilian networks, near real-time identification of malicious cyber activity, and prevention of that malicious cyber activity. 17

18 The National Institute of Standards and Technology (NIST) National Institute of Standards and Technology (NIST), a technical, nonregulatory agency that provides a unique interface with industry for the development of technical standards. Its Computer Security Division's (CSD) Computer Security Resource Center (CSRC) facilitates broad sharing of information security tools and practices, provides a resource for information security standards and guidelines, and identifies key security web resources to support users in industry, government, and academia. NIST s National Cybersecurity Center of Excellence (NCCoE) works with members of industry to identify broad cybersecurity challenges. NIST s National Strategy for Trusted Identities in Cyberspace (NSTIC) individuals and organizations utilize secure, efficient, easy-to-use and interoperable identity credentials to access online services in a manner that promotes confidence, privacy, choice and innovation. President Obama s E.O directed NIST to establish a technology-neutral, voluntary cybersecurity framework. 18

19 Law Enforcement The U.S. Department of Justice (DOJ) and the Federal Bureau of investigation (FBI) are the principal agencies responsible for investigating and prosecuting cyber crimes. Several agencies have combined efforts to create the Internet Crime Complaint Center (IC3) as a single destination for collecting data on Internet related crimes and referring them to the proper authorities. DOD operates the Defense Cyber Crime Center (DC3) as the operational focal point for the DIB Cyber Security/Information Assurance (CS/IA) Program. DHS operates its Cyber Cop Portal to facilitate information sharing for investigators anywhere in the world working on cybercrime cases. The National Computer Forensic Institute trains local law enforcement officers to conduct network intrusion electronic crimes investigations and friends functions. 19

20 Joint Report, Improving Cybersecurity and Resilience Through Acquisition GSA and DOD released a joint report in 2014 entitled Improving Cybersecurity and Resilience Through Acquisition. The report contained six recommendations aimed at strengthening the cyber resilience of the federal government by improving management of the people, processes, and technology affected by the federal Acquisition System. Specifically, the report recommended the following government actions: instituting baseline cybersecurity requirements as a condition for certain contract awards; training the relevant government workforce in new cybersecurity acquisition practices; developing common cybersecurity definitions and increased clarity of key cybersecurity terms; creating a government-wide cybersecurity risk management strategy that identifies a hierarchy of cyber risk criticality for acquisitions to permit the government to identify acquisitions that present the greatest cyber risk; requiring the government to procure certain items solely from original equipment manufacturers ( OEM ), authorized resellers, or other trusted sources; increasing government accountability by holding key decisionmakers accountable for decisions regarding the threats, vulnerabilities, likelihood, and consequences of cybersecurity risks. 20

21 The Relationship Between the Federal Government and Its Contractors The past few years have seen a dramatic increase in the amount that the Federal government is exercising its regulatory and contracting powers to govern the cyber activities of contractors. E.O recognized the need to integrate cybersecurity into the federal acquisition process. It directed the GSA and DOD to prepare recommendations for the President on the feasibility, security benefits, and relative merits of incorporating security standards into acquisition planning and contract administration. 21

22 Key Areas of Legal Issues Government Contracts Cybersecurity Compliance and Policy Insurance Labor & Employment Trade Secrets Privacy 22

23 Overview of the Federal Cybersecurity Landscape for Contractors No comprehensive federal data security law to date Numerous federal statutes, executive orders, regulations, and policies Hundreds of NIST standards NIST Framework Continuing gaps and vagueness regarding expectations of contractors Yet USG increasingly allocating risks to contractors State laws protecting 23

24 Federal Legal and Policy Framework Governing Contractors The Federal Information Security Management Act ( FISMA ) NDAA FY 2013 Reporting Requirements Executive Order Controlled Unclassified Information E.O Improving Critical Infrastructure Cybersecurity and Presidential Policy Directive NIST Information Security Documents NIST Cybersecurity Framework Industrial Security Requirements NISPOM DOD s Defense Industrial Base Cyber Security/Information Assurance Program GSA and DOD Working Group Report, Improving Cybersecurity and Resilience through Acquisition 24

25 What is the NIST Cybersecurity Framework? E.O mandated NIST establish a voluntary, risk-based framework to guide organizations in critical infrastructure sectors in the creation, assessment, and improvement of their cybersecurity programs. Framework is not directed at all organizations, mandatory, or prescriptive. Framework is a useful methodology for organizing a program to identify, assess and respond to cyber threats, and for referencing other standards from NIST. 25

26 Compliance Requirements Proposed FAR Rule on Basic Safeguarding of Contractor Information Systems DFARS Rule on Safeguarding DOD Unclassified Controlled Technical Information DOD s Counterfeit Prevention Policy and DOD s Proposed Rule for Electronic Parts Inconsistent Agency Cybersecurity Guidance Flowing Down Cybersecurity Requirements Safeguarding the Supply Chain Uneven and Unrecoverable Costs of Compliance 26

27 Legal Risks to Government Contractors Federal contractors that fail to implement adequate cybersecurity measures face greater legal risk than their commercial counterparts. These risks include a lack of and inconsistent Government rules, regulations, and standards. Although agencies such as the DOD, the GSA, and NIST have been particularly engaged on the topic, the Government lacks even a unified set of cybersecurity-related definitions. Furthermore, while some agencies address cybersecurity by assigning risks to contractors through regulations and guidance, others do so through individually negotiated contract terms. No comprehensive, considered balance of risk allocation that applies across the Government. 27

28 Impact of Cybersecurity Requirements On Traditional Government Contractor Risk Noncompliance with the terms of a Government contract may result in the Government s termination of that contract for default. Federal agencies also use contractor performance to make both responsibility determinations yes/no assessments on a contractor s capabilities, systems, and resources to perform a solicited contract. Past performance evaluations, which consider a contractor s prior performance as an indicator of results on future contracts. Companies that fail to comply with applicable cybersecurity rules or that otherwise do not take a responsible approach to cyber threats, also may face administrative suspension and debarment. Suspension and debarment also have collateral impacts on business with state and local governments and in some commercial areas. 28

29 False Claims Act (FCA) The False Claims Act (FCA)196 imposes civil liability on any person who knowingly presents, or causes to be presented, a false or fraudulent claim for payment or approval or knowingly makes, uses, or causes to be made or used, a false record or statement material to a false or fraudulent claim. 29

30 The Cyber Risk Paradigm Cyber risks present real and present danger to business operations, costs and, for some, continued viability. Cyber risks are a legal problem, an operational problem, and a governance problem not simply a technological one. Corporate leaders have a fiduciary responsibility to understand and manage cyber risks. Leaders must bring together key components of the organization to develop joint ownership of risks and a comprehensive approach to cybersecurity. 30

Middle Class Economics: Cybersecurity Updated August 7, 2015

Middle Class Economics: Cybersecurity Updated August 7, 2015 Middle Class Economics: Cybersecurity Updated August 7, 2015 The President's 2016 Budget is designed to bring middle class economics into the 21st Century. This Budget shows what we can do if we invest

More information

Preventing and Defending Against Cyber Attacks November 2010

Preventing and Defending Against Cyber Attacks November 2010 Preventing and Defending Against Cyber Attacks November 2010 The Nation s first ever Quadrennial Homeland Security Review (QHSR), delivered to Congress in February 2010, identified safeguarding and securing

More information

Preventing and Defending Against Cyber Attacks June 2011

Preventing and Defending Against Cyber Attacks June 2011 Preventing and Defending Against Cyber Attacks June 2011 The Department of Homeland Security (DHS) is responsible for helping Federal Executive Branch civilian departments and agencies secure their unclassified

More information

Preventing and Defending Against Cyber Attacks October 2011

Preventing and Defending Against Cyber Attacks October 2011 Preventing and Defending Against Cyber Attacks October 2011 The Department of Homeland Security (DHS) is responsible for helping Federal Executive Branch civilian departments and agencies secure their

More information

Written Testimony. Dr. Andy Ozment. Assistant Secretary for Cybersecurity and Communications. U.S. Department of Homeland Security.

Written Testimony. Dr. Andy Ozment. Assistant Secretary for Cybersecurity and Communications. U.S. Department of Homeland Security. Written Testimony of Dr. Andy Ozment Assistant Secretary for Cybersecurity and Communications U.S. Department of Homeland Security Before the U.S. House of Representatives Committee on Oversight and Government

More information

Cyber Side-Effects: How Secure is the Personal Information Entered into the Flawed Healthcare.gov? Statement for the Record

Cyber Side-Effects: How Secure is the Personal Information Entered into the Flawed Healthcare.gov? Statement for the Record Cyber Side-Effects: How Secure is the Personal Information Entered into the Flawed Healthcare.gov? Statement for the Record Roberta Stempfley Acting Assistant Secretary for Cybersecurity and Communications

More information

SECTION-BY-SECTION. Section 1. Short Title. The short title of the bill is the Cybersecurity Act of 2012.

SECTION-BY-SECTION. Section 1. Short Title. The short title of the bill is the Cybersecurity Act of 2012. SECTION-BY-SECTION Section 1. Short Title. The short title of the bill is the Cybersecurity Act of 2012. Section 2. Definitions. Section 2 defines terms including commercial information technology product,

More information

Actions and Recommendations (A/R) Summary

Actions and Recommendations (A/R) Summary Actions and Recommendations (A/R) Summary Priority I: A National Cyberspace Security Response System A/R 1-1: DHS will create a single point-ofcontact for the federal government s interaction with industry

More information

JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015

JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015 JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015 The following consists of the joint explanatory statement to accompany the Cybersecurity Act of 2015. This joint explanatory statement

More information

December 8, 2011. Security Authorization of Information Systems in Cloud Computing Environments

December 8, 2011. Security Authorization of Information Systems in Cloud Computing Environments December 8, 2011 MEMORANDUM FOR CHIEF INFORMATION OFFICERS FROM: SUBJECT: Steven VanRoekel Federal Chief Information Officer Security Authorization of Information Systems in Cloud Computing Environments

More information

Recent Data Security Developments for Government Contractors

Recent Data Security Developments for Government Contractors Recent Data Security Developments for Government Contractors November 4, 2015 Attorney Advertising Speakers Jonathan Cedarbaum Partner WilmerHale Barry Hurewitz Partner WilmerHale Ben Powell Partner WilmerHale

More information

THE WHITE HOUSE Office of the Press Secretary. FACT SHEET: Administration Cybersecurity Efforts 2015

THE WHITE HOUSE Office of the Press Secretary. FACT SHEET: Administration Cybersecurity Efforts 2015 FOR IMMEDIATE RELEASE July 9, 2015 THE WHITE HOUSE Office of the Press Secretary FACT SHEET: Administration Cybersecurity Efforts 2015 From the beginning of his Administration, the President has made it

More information

The Comprehensive National Cybersecurity Initiative

The Comprehensive National Cybersecurity Initiative The Comprehensive National Cybersecurity Initiative President Obama has identified cybersecurity as one of the most serious economic and national security challenges we face as a nation, but one that we

More information

CRISIS MANAGEMENT AND FIRST AID: WHEN GOVERNMENT CONTRACTORS ARE THE HEADLINERS WELCOME

CRISIS MANAGEMENT AND FIRST AID: WHEN GOVERNMENT CONTRACTORS ARE THE HEADLINERS WELCOME CRISIS MANAGEMENT AND FIRST AID: WHEN GOVERNMENT CONTRACTORS ARE THE HEADLINERS WELCOME CYBER CRISIS MANAGEMENT: ARE YOU PREPARED? Evan Wolff David Bodenheimer Kelly Currie Kate Growley Overview Cybersecurity

More information

An Overview of Large US Military Cybersecurity Organizations

An Overview of Large US Military Cybersecurity Organizations An Overview of Large US Military Cybersecurity Organizations Colonel Bruce D. Caulkins, Ph.D. Chief, Cyber Strategy, Plans, Policy, and Exercises Division United States Pacific Command 2 Agenda United

More information

U.S. Office of Personnel Management. Actions to Strengthen Cybersecurity and Protect Critical IT Systems

U.S. Office of Personnel Management. Actions to Strengthen Cybersecurity and Protect Critical IT Systems U.S. Office of Personnel Management Actions to Strengthen Cybersecurity and Protect Critical IT Systems June 2015 1 I. Introduction The recent intrusions into U.S. Office of Personnel Management (OPM)

More information

Department of Homeland Security Federal Network Security

Department of Homeland Security Federal Network Security Department of Federal Network Trusted Internet Connections (TIC) Update for the Information and Privacy Advisory Board July 29, 2009 Federal Network (FNS) Federal Network Branch Branch Vision: To be the

More information

Cyber Incident Annex. Cooperating Agencies: Coordinating Agencies:

Cyber Incident Annex. Cooperating Agencies: Coordinating Agencies: Cyber Incident Annex Coordinating Agencies: Department of Defense Department of Homeland Security/Information Analysis and Infrastructure Protection/National Cyber Security Division Department of Justice

More information

Legislative Language

Legislative Language Legislative Language SEC. 1. COORDINATION OF FEDERAL INFORMATION SECURITY POLICY. (a) IN GENERAL. Chapter 35 of title 44, United States Code, is amended by striking subchapters II and III and inserting

More information

EXECUTIVE OFFICE OF THE PRESIDENT OFFICE OF MANAGEMENT AND BUDGET WASHINGTON, D.C. 20503. October 30, 2015

EXECUTIVE OFFICE OF THE PRESIDENT OFFICE OF MANAGEMENT AND BUDGET WASHINGTON, D.C. 20503. October 30, 2015 EXECUTIVE OFFICE OF THE PRESIDENT OFFICE OF MANAGEMENT AND BUDGET WASHINGTON, D.C. 20503 October 30, 2015 Executive Summary Strengthening the cybersecurity of Federal networks, systems, and data is one

More information

Cybersecurity and Corporate America: Finding Opportunities in the New Executive Order

Cybersecurity and Corporate America: Finding Opportunities in the New Executive Order Executive Order: In the President s State of the Union Address on February 12, 2013, he announced an Executive Order Improving Critical Infrastructure Cybersecurity (EO) to strengthen US cyber defenses

More information

THE WHITE HOUSE. Office of the Press Secretary. For Immediate Release February 12, 2013. February 12, 2013

THE WHITE HOUSE. Office of the Press Secretary. For Immediate Release February 12, 2013. February 12, 2013 THE WHITE HOUSE Office of the Press Secretary For Immediate Release February 12, 2013 February 12, 2013 PRESIDENTIAL POLICY DIRECTIVE/PPD-21 SUBJECT: Critical Infrastructure Security and Resilience The

More information

Cyber Incident Annex. Federal Coordinating Agencies. Coordinating Agencies. ITS-Information Technology Systems

Cyber Incident Annex. Federal Coordinating Agencies. Coordinating Agencies. ITS-Information Technology Systems Cyber Incident Annex Coordinating Agencies ITS-Information Technology Systems Support Agencies Mississippi Department of Homeland Security Mississippi Emergency Management Agency Mississippi Department

More information

Computer Network Security & Privacy Protection

Computer Network Security & Privacy Protection Overview Computer Network Security & Privacy Protection The Nation s electronic information infrastructure is vital to the functioning of the Government as well as maintaining the Nation s economy and

More information

Integrating Cybersecurity with Emergency Operations Plans (EOPs) for Institutions of Higher Education (IHEs)

Integrating Cybersecurity with Emergency Operations Plans (EOPs) for Institutions of Higher Education (IHEs) Integrating Cybersecurity with Emergency Operations Plans (EOPs) for Institutions of Higher Education (IHEs) Amy Banks, U.S. Department of Education, Center for School Preparedness, Office of Safe and

More information

Integrating Cybersecurity with Emergency Operations Plans (EOPs) for K-12 Education

Integrating Cybersecurity with Emergency Operations Plans (EOPs) for K-12 Education Integrating Cybersecurity with Emergency Operations Plans (EOPs) for K-12 Education Amy Banks, U.S. Department of Education, Center for School Preparedness, Office of Safe and Healthy Students Hamed Negron-Perez,

More information

STATEMENT BY DAVID DEVRIES PRINCIPAL DEPUTY DEPARTMENT OF DEFENSE CHIEF INFORMATION OFFICER BEFORE THE

STATEMENT BY DAVID DEVRIES PRINCIPAL DEPUTY DEPARTMENT OF DEFENSE CHIEF INFORMATION OFFICER BEFORE THE STATEMENT BY DAVID DEVRIES PRINCIPAL DEPUTY DEPARTMENT OF DEFENSE CHIEF INFORMATION OFFICER BEFORE THE HOUSE OVERSIGHT AND GOVERNMENT REFORM COMMITTEE S INFORMATION TECHNOLOGY SUBCOMMITTEE AND THE VETERANS

More information

GAO CYBERSECURITY. Progress Made but Challenges Remain in Defining and Coordinating the Comprehensive National Initiative

GAO CYBERSECURITY. Progress Made but Challenges Remain in Defining and Coordinating the Comprehensive National Initiative GAO United States Government Accountability Office Report to Congressional Requesters March 2010 CYBERSECURITY Progress Made but Challenges Remain in Defining and Coordinating the Comprehensive National

More information

Cybersecurity and Data Breach: Mitigating Risk and How Government Policymakers Approach These Critical Issues

Cybersecurity and Data Breach: Mitigating Risk and How Government Policymakers Approach These Critical Issues Cybersecurity and Data Breach: Mitigating Risk and How Government Policymakers Approach These Critical Issues Todd Bertoson Daniel Gibb Erin Sheppard Principal Senior Managing Associate Counsel todd.bertoson@dentons.com

More information

Update on U.S. Critical Infrastructure and Cybersecurity Initiatives

Update on U.S. Critical Infrastructure and Cybersecurity Initiatives Update on U.S. Critical Infrastructure and Cybersecurity Initiatives Presented to Information Security Now! Seminar Helsinki, Finland May 8, 2013 MARK E. SMITH Assistant Director International Security

More information

THE 411 ON CYBERSECURITY, INFORMATION SHARING AND PRIVACY

THE 411 ON CYBERSECURITY, INFORMATION SHARING AND PRIVACY THE 411 ON CYBERSECURITY, INFORMATION SHARING AND PRIVACY DISCLAIMER Views expressed in this presentation are not necessarily those of our respective Departments Any answers to questions are our own opinions

More information

GAO. INFORMATION SECURITY Persistent Weaknesses Highlight Need for Further Improvement

GAO. INFORMATION SECURITY Persistent Weaknesses Highlight Need for Further Improvement GAO For Release on Delivery Expected at time 1:00 p.m. EDT Thursday, April 19, 2007 United States Government Accountability Office Testimony Before the Subcommittee on Emerging Threats, Cybersecurity,

More information

Cyber Security for the Advanced Manufacturing Enterprise

Cyber Security for the Advanced Manufacturing Enterprise Cyber Division & Manufacturing Division Joint Working Group Cyber Security for the Advanced Manufacturing Enterprise Manufacturing Division Meeting June 4, 2014 Michael McGrath, ANSER michael.mcgrath@anser.org

More information

Network Security Deployment Obligation and Expenditure Report

Network Security Deployment Obligation and Expenditure Report Network Security Deployment Obligation and Expenditure Report First and Second Quarters, Fiscal Year 2015 June 16, 2015 Fiscal Year 2015 Report to Congress National Protection and Programs Directorate

More information

Cybersecurity Enhancement Account. FY 2017 President s Budget

Cybersecurity Enhancement Account. FY 2017 President s Budget Cybersecurity Enhancement Account FY 2017 President s Budget February 9, 2016 Table of Contents Section 1 Purpose... 3 1A Mission Statement... 3 1.1 Appropriations Detail Table... 3 1B Vision, Priorities

More information

TITLE III INFORMATION SECURITY

TITLE III INFORMATION SECURITY H. R. 2458 48 (1) maximize the degree to which unclassified geographic information from various sources can be made electronically compatible and accessible; and (2) promote the development of interoperable

More information

CYBER SECURITY GUIDANCE

CYBER SECURITY GUIDANCE CYBER SECURITY GUIDANCE With the pervasiveness of information technology (IT) and cyber networks systems in nearly every aspect of society, effectively securing the Nation s critical infrastructure requires

More information

Department of Homeland Security

Department of Homeland Security Department of Homeland Security Cybersecurity Awareness for Colleges and Universities EDUCAUSE Live! July 24, 2014 Overview Dramatic increase in cyber intrusions, data breaches, and attacks at institutions

More information

What The OMB Cybersecurity Proposal Does And Doesn't Do

What The OMB Cybersecurity Proposal Does And Doesn't Do Portfolio Media. Inc. 860 Broadway, 6th Floor New York, NY 10003 www.law360.com Phone: +1 646 783 7100 Fax: +1 646 783 7161 customerservice@law360.com What The OMB Cybersecurity Proposal Does And Doesn't

More information

Statement of Danny Harris, Ph.D. Chief Information Officer U.S. Department of Education

Statement of Danny Harris, Ph.D. Chief Information Officer U.S. Department of Education Statement of Danny Harris, Ph.D. Chief Information Officer U.S. Department of Education Before the U.S. House Oversight and Government Reform Committee Hearing on Agency Compliance with the Federal Information

More information

Statement for the Record. Dr. Andy Ozment Assistant Secretary, Cybersecurity and Communications U.S. Department of Homeland Security

Statement for the Record. Dr. Andy Ozment Assistant Secretary, Cybersecurity and Communications U.S. Department of Homeland Security Statement for the Record Dr. Andy Ozment Assistant Secretary, Cybersecurity and Communications U.S. Department of Homeland Security Before the United States House of Representatives Committee on Homeland

More information

Legislative Language

Legislative Language Legislative Language SECTION 1. DEPARTMENT OF HOMELAND SECURITY CYBERSECURITY AUTHORITY. Title II of the Homeland Security Act of 2002 (6 U.S.C. 121 et seq.) is amended (a) in section 201(c) by striking

More information

(U) Appendix D: Evaluation of the Comprehensive National Cybersecurity Initiative

(U) Appendix D: Evaluation of the Comprehensive National Cybersecurity Initiative (U) Appendix D: Evaluation of the Comprehensive National Cybersecurity Initiative (U) Presidential Directive NSPD 54/HSPD 23, Cybersecurity Policy, established United States policy, strategy, guidelines,

More information

No. 33 February 19, 2013. The President

No. 33 February 19, 2013. The President Vol. 78 Tuesday, No. 33 February 19, 2013 Part III The President Executive Order 13636 Improving Critical Infrastructure Cybersecurity VerDate Mar2010 17:57 Feb 15, 2013 Jkt 229001 PO 00000 Frm 00001

More information

Section by Section DEPARTMENT OF HOMELAND SECURITY CYBERSECURITY AUTHORITY AND INFORMATION SHARING

Section by Section DEPARTMENT OF HOMELAND SECURITY CYBERSECURITY AUTHORITY AND INFORMATION SHARING Section by Section DEPARTMENT OF HOMELAND SECURITY CYBERSECURITY AUTHORITY AND INFORMATION SHARING Sec. 1. Department of Homeland Security Cybersecurity Authority Section 1(a) amends Title II of the Homeland

More information

ANNUAL REPORT TO CONGRESS: FEDERAL INFORMATION SECURITY MANAGEMENT ACT

ANNUAL REPORT TO CONGRESS: FEDERAL INFORMATION SECURITY MANAGEMENT ACT ANNUAL REPORT TO CONGRESS: FEDERAL INFORMATION SECURITY MANAGEMENT ACT OFFICE OF MANAGEMENT AND BUDGET February 27, 2015 TABLE OF CONTENTS INTRODUCTION: FEDERAL CYBERSECURITY YEAR IN REVIEW... 6 SECTION

More information

September 10, 2015. Dear Administrator Scott:

September 10, 2015. Dear Administrator Scott: September 10, 2015 Tony Scott United States Chief Information Officer Administrator, Office of Electronic Government and Information Technology Office of Management and Budget 725 17th Street, NW Washington,

More information

DHS. CMSI Webinar Series

DHS. CMSI Webinar Series DHS CMSI Webinar Series Renee Forney Executive Director As the Executive Director for the Cyberskills Management Support Initiative (CMSI), Ms. Forney supports the Undersecretary for Management (USM) for

More information

Public Law 113 283 113th Congress An Act

Public Law 113 283 113th Congress An Act PUBLIC LAW 113 283 DEC. 18, 2014 128 STAT. 3073 Public Law 113 283 113th Congress An Act To amend chapter 35 of title 44, United States Code, to provide for reform to Federal information security. Be it

More information

Delaware Cyber Security Workshop September 29, 2015. William R. Denny, Esquire Potter Anderson & Corroon LLP

Delaware Cyber Security Workshop September 29, 2015. William R. Denny, Esquire Potter Anderson & Corroon LLP Changing Legal Landscape in Cybersecurity: Implications for Business Delaware Cyber Security Workshop September 29, 2015 William R. Denny, Esquire Potter Anderson & Corroon LLP Agenda Growing Cyber Threats

More information

DHS, National Cyber Security Division Overview

DHS, National Cyber Security Division Overview DHS, National Cyber Security Division Overview Hun Kim, Deputy Director Strategic Initiatives Information Analysis and Infrastructure Protection Directorate www.us-cert.gov The strategy of DHS, as defined

More information

Technological Evolution

Technological Evolution Technological Evolution The Impact of Social Media, Big Data and Privacy on Business Government Regulation, Enforcement and Legislation on Privacy, Cyber Security and Social Media Jeff Brueggeman Vice

More information

Cyberprivacy and Cybersecurity for Health Data

Cyberprivacy and Cybersecurity for Health Data Experience the commitment Cyberprivacy and Cybersecurity for Health Data Building confidence in health systems Providing better health care quality at lower cost will be the key aim of all health economies

More information

I. U.S. Government Privacy Laws

I. U.S. Government Privacy Laws I. U.S. Government Privacy Laws A. Privacy Definitions and Principles a. Privacy Definitions i. Privacy and personally identifiable information (PII) b. Privacy Basics Definition of PII 1. Office of Management

More information

STATEMENT OF. Dr. David McClure Associate Administrator Office of Citizen Services and Innovative Technologies General Services Administration

STATEMENT OF. Dr. David McClure Associate Administrator Office of Citizen Services and Innovative Technologies General Services Administration STATEMENT OF Dr. David McClure Associate Administrator Office of Citizen Services and Innovative Technologies General Services Administration BEFORE THE HOUSE COMMITTEE ON HOMELAND SECURITY SUBCOMMITTEE

More information

Testimony of Dan Nutkis CEO of HITRUST Alliance. Before the Oversight and Government Reform Committee, Subcommittee on Information Technology

Testimony of Dan Nutkis CEO of HITRUST Alliance. Before the Oversight and Government Reform Committee, Subcommittee on Information Technology Testimony of Dan Nutkis CEO of HITRUST Alliance Before the Oversight and Government Reform Committee, Subcommittee on Information Technology Hearing entitled: Cybersecurity: The Evolving Nature of Cyber

More information

CLIENT UPDATE CRITICAL INFRASTRUCTURE CYBERSECURITY: U.S. GOVERNMENT RESPONSE AND IMPLICATIONS

CLIENT UPDATE CRITICAL INFRASTRUCTURE CYBERSECURITY: U.S. GOVERNMENT RESPONSE AND IMPLICATIONS CLIENT UPDATE CRITICAL INFRASTRUCTURE CYBERSECURITY: U.S. GOVERNMENT RESPONSE AND IMPLICATIONS NEW YORK Jeremy Feigelson jfeigelson@debevoise.com WASHINGTON, D.C. Satish M. Kini smkini@debevoise.com Renee

More information

GAO CRITICAL INFRASTRUCTURE PROTECTION. Comments on the National Plan for Information Systems Protection. Testimony

GAO CRITICAL INFRASTRUCTURE PROTECTION. Comments on the National Plan for Information Systems Protection. Testimony GAO United States General Accounting Office Testimony Before the Subcommittee on Technology, Terrorism and Government Information, Committee on the Judiciary, U.S. Senate For Release at 10 a.m. Tuesday,

More information

The U.S. Department of Homeland Security s Response to Senator Franken s July 1, 2015 letter

The U.S. Department of Homeland Security s Response to Senator Franken s July 1, 2015 letter The U.S. Department of Homeland Security s Response to Senator Franken s July 1, 2015 letter 1. In what ways do private entities currently share with, and receive from, the government cyber threat information?

More information

STATEMENT OF MARK A.S. HOUSE OF REPRESENTATIVES

STATEMENT OF MARK A.S. HOUSE OF REPRESENTATIVES STATEMENT OF MARK A. FORMAN ASSOCIATE DIRECTOR FOR INFORMATION TECHNOLOGY AND ELECTRONIC GOVERNMENT OFFICE OF MANAGEMENT AND BUDGET BEFORE THE COMMITTEE ON GOVERNMENT REFORM SUBCOMMITTEE ON GOVERNMENT

More information

NASA OFFICE OF INSPECTOR GENERAL

NASA OFFICE OF INSPECTOR GENERAL NASA OFFICE OF INSPECTOR GENERAL OFFICE OF AUDITS SUITE 8U71, 300 E ST SW WASHINGTON, D.C. 20546-0001 April 14, 2016 TO: SUBJECT: Renee P. Wynn Chief Information Officer Final Memorandum, Review of NASA

More information

US Cyber Marathon. David Ambrose, Chief Security Officer and Chief Privacy Officer Bureau of the Fiscal Service U.S. Department of the Treasury

US Cyber Marathon. David Ambrose, Chief Security Officer and Chief Privacy Officer Bureau of the Fiscal Service U.S. Department of the Treasury US Cyber Marathon David Ambrose, Chief Security Officer and Chief Privacy Officer Bureau of the Fiscal Service U.S. Department of the Treasury Context: US Government Scope/Scale 320M US citizens 4.1M Government

More information

How Cybersecurity Initiatives May Impact Operators. Ross A. Buntrock, Partner ross.buntrock@agg.com 202.669.0495

How Cybersecurity Initiatives May Impact Operators. Ross A. Buntrock, Partner ross.buntrock@agg.com 202.669.0495 How Cybersecurity Initiatives May Impact Operators Ross A. Buntrock, Partner ross.buntrock@agg.com 202.669.0495 Agenda! Rise in Data Breaches! Effects of Increase in Cybersecurity Threats! Cybersecurity

More information

STATEMENT OF SYLVIA BURNS CHIEF INFORMATION OFFICER U.S. DEPARTMENT OF THE INTERIOR BEFORE THE

STATEMENT OF SYLVIA BURNS CHIEF INFORMATION OFFICER U.S. DEPARTMENT OF THE INTERIOR BEFORE THE STATEMENT OF SYLVIA BURNS CHIEF INFORMATION OFFICER U.S. DEPARTMENT OF THE INTERIOR BEFORE THE HOUSE COMMITTEE ON OVERSIGHT AND GOVERNMENT REFORM SUBCOMMITTEE ON INFORMATION TECHNOLOGY AND SUBCOMMITTE

More information

The Council of the Inspectors General on Integrity and Efficiency s Cloud Computing Initiative

The Council of the Inspectors General on Integrity and Efficiency s Cloud Computing Initiative The Council of the Inspectors General on Integrity and Efficiency s Cloud Computing Initiative September 2014 Council of the Inspectors General on Integrity and Efficiency Cloud Computing Initiative Executive

More information

E X E C U T I V E O F F I CE O F T H E P R E S I D EN T

E X E C U T I V E O F F I CE O F T H E P R E S I D EN T EXECUTIVE OFFICE OF THE PRESIDENT OFFICE OF MANAGEMENT AND BUDGET WASHINGTON, D.C. 20503 THE DIRECTOR M-05-24 August 5, 2005 MEMORANDUM FOR THE HEADS OF ALL DEPARTMENTS AND AGENCIES FROM: SUBJECT: Joshua

More information

April 28, 2014. Ms. Hada Flowers Regulatory Secretariat Division General Services Administration 1800 F Street, NW, 2 nd Floor Washington, DC

April 28, 2014. Ms. Hada Flowers Regulatory Secretariat Division General Services Administration 1800 F Street, NW, 2 nd Floor Washington, DC April 28, 2014 Ms. Hada Flowers Regulatory Secretariat Division General Services Administration 1800 F Street, NW, 2 nd Floor Washington, DC RE: Information Technology Sector Coordinating Council (IT SCC)

More information

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL WHAT IS CDM? The continuous stream of high profile cybersecurity breaches demonstrates the need to move beyond purely periodic, compliance-based approaches to

More information

CYBERSECURITY RISK MANAGEMENT

CYBERSECURITY RISK MANAGEMENT CYBERSECURITY RISK MANAGEMENT Evan Wolff Maida Lerner Peter Miller Kate Growley 233 Roadmap Cybersecurity Risk Overview Cybersecurity Trends Selected Cybersecurity Topics Critical Infrastructure DFARS

More information

One Hundred Thirteenth Congress of the United States of America

One Hundred Thirteenth Congress of the United States of America S. 2519 One Hundred Thirteenth Congress of the United States of America AT THE SECOND SESSION Begun held at the City of Washington on Friday, the third day of January, two thous fourteen An Act To codify

More information

NATIONAL CREDIT UNION ADMINISTRATION OFFICE OF INSPECTOR GENERAL

NATIONAL CREDIT UNION ADMINISTRATION OFFICE OF INSPECTOR GENERAL NATIONAL CREDIT UNION ADMINISTRATION OFFICE OF INSPECTOR GENERAL FY 2015 INDEPENDENT EVALUATION OF THE EFFECTIVENESS OF NCUA S INFORMATION SECURITY PROGRAM UNDER THE FEDERAL INFORMATION SECURITY MODERNIZATION

More information

NATIONAL CREDIT UNION ADMINISTRATION OFFICE OF INSPECTOR GENERAL

NATIONAL CREDIT UNION ADMINISTRATION OFFICE OF INSPECTOR GENERAL NATIONAL CREDIT UNION ADMINISTRATION OFFICE OF INSPECTOR GENERAL INDEPENDENT EVALUATION OF THE NATIONAL CREDIT UNION ADMINISTRATION S COMPLIANCE WITH THE FEDERAL INFORMATION SECURITY MANAGEMENT ACT (FISMA)

More information

FEDERAL INFORMATION SECURITY. Mixed Progress in Implementing Program Components; Improved Metrics Needed to Measure Effectiveness

FEDERAL INFORMATION SECURITY. Mixed Progress in Implementing Program Components; Improved Metrics Needed to Measure Effectiveness United States Government Accountability Office Report to Congressional Committees September 2013 FEDERAL INFORMATION SECURITY Mixed Progress in Implementing Program Components; Improved Metrics Needed

More information

Department of Defense DIRECTIVE

Department of Defense DIRECTIVE Department of Defense DIRECTIVE NUMBER 5205.16 September 30, 2014 USD(I) SUBJECT: The DoD Insider Threat Program References: See Enclosure 1 1. PURPOSE. In accordance with sections 113 and 131 through

More information

Information Systems Security Line of Business (ISS LoB)

Information Systems Security Line of Business (ISS LoB) Information Systems Security Line of Business (ISS LoB) Information Security and Privacy Advisory Board George Washington University Washington, DC March 22, 2007 Agenda Background Status Next Steps Background

More information

S. 2519 AN ACT. To codify an existing operations center for cybersecurity.

S. 2519 AN ACT. To codify an existing operations center for cybersecurity. TH CONGRESS D SESSION S. 1 AN ACT To codify an existing operations center for cybersecurity. 1 Be it enacted by the Senate and House of Representa- tives of the United States of America in Congress assembled,

More information

IT-CNP, Inc. Capability Statement

IT-CNP, Inc. Capability Statement Securing America s Infrastructure Security Compliant IT Operations Hosting Cyber Security Information FISMA Cloud Management Hosting Security Compliant IT Logistics Hosting 1 IT-CNP, Inc. is a Government

More information

Subject: Critical Infrastructure Identification, Prioritization, and Protection

Subject: Critical Infrastructure Identification, Prioritization, and Protection For Immediate Release Office of the Press Secretary The White House December 17, 2003 Homeland Security Presidential Directive / HSPD-7 Subject: Critical Infrastructure Identification, Prioritization,

More information

GAO Information Security Issues

GAO Information Security Issues GAO Information Security Issues Presented to: Federal Audit Executive Council April 18, 2012 1 Agenda Snapshots of Federal Information Security Highlights of Selected GAO Reports GAO Focus Areas List of

More information

Diane Honeycutt National Institute of Standards and Technology (NIST) 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899

Diane Honeycutt National Institute of Standards and Technology (NIST) 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899 Submitted via email: cyberframework@nist.gov April 8, 2013 Diane Honeycutt National Institute of Standards and Technology (NIST) 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899 Re: Developing a Framework

More information

Presidential Summit Reveals Cybersecurity Concerns, Trends

Presidential Summit Reveals Cybersecurity Concerns, Trends Portfolio Media. Inc. 860 Broadway, 6th Floor New York, NY 10003 www.law360.com Phone: +1 646 783 7100 Fax: +1 646 783 7161 customerservice@law360.com Presidential Summit Reveals Cybersecurity Concerns,

More information

2 Gabi Siboni, 1 Senior Research Fellow and Director,

2 Gabi Siboni, 1 Senior Research Fellow and Director, Cyber Security Build-up of India s National Force 2 Gabi Siboni, 1 Senior Research Fellow and Director, Military and Strategic Affairs and Cyber Security Programs, Institute for National Security Studies,

More information

Cybersecurity: Mission integration to protect your assets

Cybersecurity: Mission integration to protect your assets Cybersecurity: Mission integration to protect your assets C Y B E R S O L U T I O N S P O L I C Y O P E R AT I O N S P E O P L E T E C H N O L O G Y M A N A G E M E N T Ready for what s next Cyber solutions

More information

December 17, 2003 Homeland Security Presidential Directive/Hspd-7

December 17, 2003 Homeland Security Presidential Directive/Hspd-7 For Immediate Release Office of the Press Secretary December 17, 2003 December 17, 2003 Homeland Security Presidential Directive/Hspd-7 Subject: Critical Infrastructure Identification, Prioritization,

More information

Compliance Risk Management IT Governance Assurance

Compliance Risk Management IT Governance Assurance Compliance Risk Management IT Governance Assurance Solutions That Matter Introduction to Federal Information Security Management Act (FISMA) Without proper safeguards, federal agencies computer systems

More information

Five-Year Strategic Plan

Five-Year Strategic Plan U.S. Department of Education Office of Inspector General Five-Year Strategic Plan Fiscal Years 2014 2018 Promoting the efficiency, effectiveness, and integrity of the Department s programs and operations

More information

Department of Defense DIRECTIVE

Department of Defense DIRECTIVE Department of Defense DIRECTIVE NUMBER 5505.13E March 1, 2010 ASD(NII)/DoD CIO SUBJECT: DoD Executive Agent (EA) for the DoD Cyber Crime Center (DC3) References: See Enclosure 1 1. PURPOSE. This Directive:

More information

Mission Assurance and Security Services

Mission Assurance and Security Services Mission Assurance and Security Services Dan Galik, Chief Federation of Tax Administrators Computer Security Officer Conference March 2007 Security, privacy and emergency preparedness issues are front page

More information

U.S. Department of Energy Office of Inspector General Office of Audits & Inspections. Evaluation Report

U.S. Department of Energy Office of Inspector General Office of Audits & Inspections. Evaluation Report U.S. Department of Energy Office of Inspector General Office of Audits & Inspections Evaluation Report The Department's Unclassified Cyber Security Program - 2012 DOE/IG-0877 November 2012 MEMORANDUM FOR

More information

Fiscal Year 2009 Report to Congress on the Implementation of The Federal Information Security Management Act of 2002

Fiscal Year 2009 Report to Congress on the Implementation of The Federal Information Security Management Act of 2002 Fiscal Year 2009 Report to Congress on the Implementation of The Federal Information Security Management Act of 2002 2 Table of Contents Introduction: Current State of Cybersecurity... 4 I. 2009 Progress

More information

COUNTERINTELLIGENCE. Protecting Key Assets: A Corporate Counterintelligence Guide

COUNTERINTELLIGENCE. Protecting Key Assets: A Corporate Counterintelligence Guide COUNTERINTELLIGENCE O F F I C E O F T H E N A T I O N A L C O U N T E R I N T E L L I G E N C E Protecting Key Assets: A Corporate Counterintelligence Guide E X E C U T I V E Counterintelligence for the

More information

Federal Cybersecurity Programs

Federal Cybersecurity Programs Federal Cybersecurity Programs A Resource Guide October 2014 THE NATIONAL GOVERNORS ASSOCIATION (NGA), founded in 1908, is the collective voice of the nation s governors and one of Washington, D.C. s,

More information

STATEMENT OF JOSEPH DEMAREST ASSISTANT DIRECTOR CYBER DIVISION FEDERAL BUREAU OF INVESTIGATION BEFORE THE

STATEMENT OF JOSEPH DEMAREST ASSISTANT DIRECTOR CYBER DIVISION FEDERAL BUREAU OF INVESTIGATION BEFORE THE STATEMENT OF JOSEPH DEMAREST ASSISTANT DIRECTOR CYBER DIVISION FEDERAL BUREAU OF INVESTIGATION BEFORE THE HOMELAND SECURITY COMMITTEE SUBCOMMITTEE ON COUNTERTERRORISM AND INTELLIGENCE AND SUBCOMITTEE ON

More information

Cybersecurity & the Department of Homeland Security

Cybersecurity & the Department of Homeland Security Cybersecurity & the Department of Homeland Security Recommendations of the Aspen Homeland Security Group s Cyber Working Group for the Department of Homeland Security The Aspen Institute Homeland Security

More information

Cybersecurity for Nonprofits: How to Protect Your Organization's Data While Still Fulfilling Your Mission. June 25, 2015

Cybersecurity for Nonprofits: How to Protect Your Organization's Data While Still Fulfilling Your Mission. June 25, 2015 Cybersecurity for Nonprofits: How to Protect Your Organization's Data While Still Fulfilling Your Mission June 25, 2015 1 Your Panelists Kenneth L. Chernof Partner, Litigation, Arnold & Porter LLP Nicholas

More information

GAO CYBERSECURITY HUMAN CAPITAL. Initiatives Need Better Planning and Coordination

GAO CYBERSECURITY HUMAN CAPITAL. Initiatives Need Better Planning and Coordination GAO November 2011 United States Government Accountability Office Report to the Chairman, Subcommittee on Immigration, Refugees, and Border Security, Committee on the Judiciary U.S. Senate CYBERSECURITY

More information

Department of Homeland Security

Department of Homeland Security Implementation Status of EINSTEIN 3 Accelerated OIG-14-52 March 2014 Washington, DC 20528 / www.oig.dhs.gov March 24, 2014 MEMORANDUM FOR: FROM: SUBJECT: Bobbie Stempfley Acting Assistant Secretary Office

More information

Department of Defense DIRECTIVE

Department of Defense DIRECTIVE Department of Defense DIRECTIVE NUMBER 5400.11 October 29, 2014 DCMO SUBJECT: DoD Privacy Program References: See Enclosure 1 1. PURPOSE. This directive: a. Reissues DoD Directive (DoDD) 5400.11 (Reference

More information

Cyber Risk Management for Government Contractors Its Not Just Ones and Zeros Anymore. How Changes to HSAR, FAR and DFARS will Impact Your Business

Cyber Risk Management for Government Contractors Its Not Just Ones and Zeros Anymore. How Changes to HSAR, FAR and DFARS will Impact Your Business Cyber Risk Management for Government Contractors Its Not Just Ones and Zeros Anymore How Changes to HSAR, FAR and DFARS will Impact Your Business Today s Participants Emile Monette - Moderator General

More information