Secure Data Centers For America A SOLUTION TO

Size: px
Start display at page:

Download "Secure Data Centers For America A SOLUTION TO"

Transcription

1 Secure Data Centers For America A SOLUTION TO A HOMELAND & NATIONAL SECURITY THREAT AGAINST CRITICAL INFRASTRUCTURE AND KEY RESOURCES IN STATE AND LOCAL GOVERNMENTS By Ralph R. Zerbonia and Universe Central Corporation NOTE: This was part of a project planning document I wrote in December 2006 and began using to try and launch a project to attack the problem discussed. It is the text and notes from the selected items in the table of contents, essentially the definition of the problem, our suggested solution and project steps with early preliminary budget figures. I have removed certain portions relating to the partners (of the project) at the time and the letters of support we received in pursuing the concept. In short, due to what is referred to as local control I discovered that the project was untenable and it became defunct without my personal involvement. This document is available only as a warning for what may be. Times have changed since it was written and some very fine work has been done. I am no longer up to date on the subject, though I keep an eye out. I believe that in coming days we will find this threat to be actuated as it already has been, to an even greater Lex Luthor extent, by pirates, terrorists, crooks and countries. Ralph R. Zerbonia 12/30/08, 02/19/09

2 Contents The Problem Definition of the Solution Next steps Generic budget information This document was prepared by Ralph R. Zerbonia. Document and contents remain the property of Ralph R. Zerbonia, and may not be reproduced in any manner. Intellectual Property owned by Ralph R. Zerbonia and Universe Central Corporation. Secure Data Centers For America and SDC and Secure Data Centers For America and SDC stylized logos are trademarks of Universe Central Corporation in the United States and other countries. All other names are trademarks or registered trademarks of their respective holders. The information in this document is subject to change without notice. Printed in the U.S.A Universe Central Corporation The Problem Local government computer operations are under attack on a multiplicity of fronts populated by criminals, terrorists and nation/states. In 2006 the rate of attacks and probes on [business and] government networked computer systems grew at an alarming rate. 1 Equally alarming is the increase in probes and attacks not detected in a timely or effective manner. These incidences are measured only by after-the-fact discovery and reporting. Indicators for this type of activity rose throughout It is axiomatic that there are yet-to-be discovered occurrences of these silent attacks and that their numbers also increased, continuing to always accumulate and grow. Analysis shows an organized intent to these probes and attacks, with foreign nation/state 3 involvement and complicity. 4 There is ample evidence of foreign intelligence/defense agency s aimed at national security and homeland security assets. 5 One measure, detailed in a U.S. 1 Pentagon: Efforts to steal U.S. tech rising 1/03/07 Reuters 2 Brian Krebs, 12/27/2006 Cybercrooks Deliver Trouble Washington Post 3 Annual Report To Congress Military Power of the People s Republic of China 2006 Office of the Secretary of Defense, Department of Defense page Lisa Myers & the NBC Investigative Unit 11/20/06 U.S. worries about Chinese espionage MSNBC.com 5 Technology Collection Trends in the U.S. Defense Industry 2006 Report published by the U.S. Defense Security Service Counterintelligence Office

3 Pentagon report reveals that over 88% of the occurrences originated from five interconnected regions: East Asia, the Pacific, Near East, Eurasia and South Asia. The whole of Africa and the Western Hemisphere, (not including the United States) accounted for the remaining 11.5 percent. 6 A common and ever-increasing form of computer network/server attacks is the probe. As their name suggests, probe attacks covertly seek out vulnerabilities and weaknesses, points-for-attack in a hosted (networked) system. Automated for unlimited usability, yet designed to remain undetected while carrying out a reconnaissance mission, these probes will continue to report back weaknesses and potential vulnerabilities, cataloguing these points-for-attack, for use by the attacker when they choose. It is hard to overstate the ominous significance and potential-to-harm of such probe attacks. 7 With the virtually unlimited computing resources available to foreign powers, these probe attacks become not just a highly developed intelligence tool but also a military weapon. 8 With infinite automated pre-programmed patience, a probe secretly and silently catalogs critical and non-critical vulnerabilities for a day in the future, when the assembled catalog becomes a target list. This target list can be exploited in any number of ways, efficiently betraying any and all of the discovered vulnerabilities, individually and custom designed to wreak maximum havoc, even in timed conjunction with other (physical, economic, political, criminal, etc.) launched attacks Of the over 74,000 local government entities in the United States, very few have adequate equipment and personnel budgets to secure themselves in any adequate way. Even more important, almost none have the knowledge and expertise to defend their operations against the nation/state probe attacks. 6 Ibid 7 Ben Worthen, 10/1/05 The Sky Really Is Falling Interview with Ed Lazowska Co-chair of the President s Information Technology Advisory Committee published in CIO Magazine 8 David C. Gompert, Autumn 1998, National Security in the Information Age Naval War College Review 9 Ibid 10 Lt. General Kenneth Minihan, Director, National Security Agency, November 1998, Defending the Nation Against Cyber Attack USIA Electronic Journal

4 The U.S. Dept. of Homeland Security has designated these local government operations as Critical Infrastructure and Key Resources. These local government units run everything in daily life from water supply to emergency response to real property financial records to justice and penal systems. While there are many sensitive areas within the workflow of local government that are highly vulnerable, there are also greater risks when one considers the possibility of the disruption of that daily life within the context of other simultaneous attacks against the nation. Most of the solutions proposed for this area of homeland security have centered on the protection of data alone. We suggest that is not sufficient in an increasingly electronic society: there must be a more complete protection of the local government system, its applications, hardware and software as well as the data itself, in real time, and with no downtime. Consider that each and every computer that has Internet access, or phone line access, or comes in contact with another computer that has any such access is immediately vulnerable to manipulation of varying degrees by criminal and political nation/state enemies. This threat includes not just the data, but the operating systems, application software, and hardware. Because of low local funding availability/priority, lack of high-level cybersecurity expertise and lack of physical and operational security and expertise, local government critical infrastructure and key resources are vulnerable and are in clear and present danger. The source of the danger is such (nation/state 13 ), that the local government entities are inevitably unable to fashion any credible defense. Definition of the solution: Against nation/state level of attacks there must be a nation/state level of cyberdefense. The solution is to create a set of secure data centers, utilizing existing full security and information technology best practices from the IT industry, with federal level oversight and 11 As a Critical Infrastructure Sector, from a U.S. Department of Homeland Security publication: 2003, THE NATIONAL STRATEGY FOR PHYSICAL PROTECTION OF CRITICAL INFRSTARUCTURES AND KEY ASSETS. 12 National Infrastructure Protection Plan 2006 U.S. Dept. of Homeland Security 13 Annual Report To Congress Military Power of the People s Republic of China 2006 Office of the Secretary of Defense, Department of Defense

5 protection. This integrates well with Federal Homeland Security goals and objectives for local and state government. Secure Data Centers for America, a non-profit government services corporation, will develop secure data centers for local government entities and their computer operations providing high level secure hosting and the provision of security oversight. Federal and state involvement in cybersecurity protection and defense will be fully integrated, providing the economy of knowledge currently unavailable. This proposal seeks to consolidate local government server room operations into these centers, using the economies of scale and scope now available to provide the same/better information technology services and an increased security quality, at a lesser cost than local governments are currently paying. As this nation/state level of cyberdefense is primarily knowledge and best practices oriented and already is an existing process for many federal government information system defense systems, it is without a need for scale, and can be easily provided and used, to identified and enabled systems without additional effort or cost other than those incurred in its original creation. This means that if you consolidate the (74,000) local government units computer server room operations) into a much smaller order number (10) of service delivery centers, you can use the already available and superior federal knowledge to create and maintain cyberdefense for the whole. This plan would assist the U.S. Department of Homeland Security in the performance of several key goals of The National Strategy to Secure Cyberspace, especially those covered under Priority IV Section C State and Local Governments. 14 The Dept. of Homeland Security has been charged with providing a focal point for federal outreach to state, local, and nongovernmental organizations. 15 The mission of this program is consistent with and integrates into the five National Priorities of the Federal program. 16 Additionally this project assists in the achievement of goals and objectives stated in 2006 Homeland Security National Infrastructure Protection Plan The business model is to utilize existing federal/state grants to build the secure data centers and bring the operating plan to where a critical mass of local government communities then begin paying a consortium-like fee for service to cover all costs. It is expected that such fee for service 14 The National Strategy To Secure Cyberspace February 2003 U.S. Department of Homeland Security 15 Ibid Page x. Executive Summary 16 Ibid Page x. Executive Summary

6 will be less than what the local government is currently paying for similar service even without the added benefit of high level effective security. The initial steps would involve the creation of two secure data centers, the number of centers expanding with local government integration up to an including virtually all local government server room operations and server based operations. It is currently estimated that several thousand local technology jobs will be created at each location, with an annual pay range of $40- $50, annually, with benefits and ongoing skill training. Next steps: Phase 1 - Acquire funding to deliver a full project proposal document. The project requires funding to produce a project proposal document describing the plan and approach of the project as well as the detailed roles of the major partners and contractors to the project: Inclusive of merit evaluation, development of business models, project management plan to carry out the planning process and a description of phases and deliverable of the overall project and its ongoing operations as well as planning for development of process and procedure. Phase 2 - Acquire funding to deliver project specification and bid documents; Upon delivery of Phase 1, the project can proceed to the development of detailed engineering and specifications, operational processes and procedures, and necessary bid documentation. Inclusive of an Overall Project Plan, design specifications and bid process documentation for: Best Practices Management Plan, Service Levels Documentation, project management process, knowledge management plan and process, and Evaluation process plan, IT Operations documentation, Security, Physical Infrastructure, Staffing, Administration, Command and Control and integration with existing federal Homeland Security planning/operations. Phase 3 - Acquire funding to build initial two centers in two separated locations.

7 The initial proposal is to build two geographically separated secure data centers. The project headquarters and 1 st site is proposed to be located in northeast Ohio. The Ohio Supercomputer Center provides this northeast Ohio location with multiple 2 nd location possibilities as they have direct connections with other supercomputer centers. It is anticipated that each secure data center will be in partnership with a supercomputer center. Each facility will require large sites with adequate space for security provisioning. Additionally, sites with water and/or other non-traditional power generation potentials are favored. Generic budget information Phase 1 Development of project definition and planning documents, project proposal documents, overall project and operational plan, a clearer estimate of Phase 2 & 3 costs - $175,000 - $325,000. Phase 2.a Project Specifications & Bid Documents including full security and data center engineering - estimated - $1,500, $2,250,000. Engineering and documentation for multiple areas of secure data center construction. Phase 2.b Operations process and procedures specifications and budget estimates including staffing and organization parameters - estimated - $1,000, $2,000,000. Best Practices management, Operations management, process and procedure. Phase 3 Build initial two secure data centers in two separated geographical areas to delivered specifications - estimated - $400,000, $500,000,000. Land, bricks, security, equipment, construction and initial startup.

1 Cyberspace and Security

1 Cyberspace and Security 1 Cyberspace and Security 1 Paper by Deputy Secretary of Defense William J. Lynn, Defending a New Domain: The Pentagon s Cyber Strategy, Foreign Affairs (Sep Oct 2010). In addition, an annual report by

More information

Confrontation or Collaboration?

Confrontation or Collaboration? Confrontation or Collaboration? Congress and the Intelligence Community Cyber Security and the Intelligence Community Eric Rosenbach and Aki J. Peritz Cyber Security and the Intelligence Community The

More information

COUNTERINTELLIGENCE. Protecting Key Assets: A Corporate Counterintelligence Guide

COUNTERINTELLIGENCE. Protecting Key Assets: A Corporate Counterintelligence Guide COUNTERINTELLIGENCE O F F I C E O F T H E N A T I O N A L C O U N T E R I N T E L L I G E N C E Protecting Key Assets: A Corporate Counterintelligence Guide E X E C U T I V E Counterintelligence for the

More information

DHS, National Cyber Security Division Overview

DHS, National Cyber Security Division Overview DHS, National Cyber Security Division Overview Hun Kim, Deputy Director Strategic Initiatives Information Analysis and Infrastructure Protection Directorate www.us-cert.gov The strategy of DHS, as defined

More information

WRITTEN TESTIMONY OF

WRITTEN TESTIMONY OF WRITTEN TESTIMONY OF KEVIN MANDIA CHIEF EXECUTIVE OFFICER MANDIANT CORPORATION BEFORE THE SUBCOMMITTEE ON CRIME AND TERRORISM JUDICIARY COMMITTEE UNITED STATES SENATE May 8, 2013 Introduction Thank you

More information

Appendix A: Gap Analysis Spreadsheet. Competency and Skill List. Critical Thinking

Appendix A: Gap Analysis Spreadsheet. Competency and Skill List. Critical Thinking Appendix A: Gap Analysis Spreadsheet Competency and Skill List Competency Critical Thinking Data Collection & Examination Communication & Collaboration Technical Exploitation Information Security Computing

More information

The Senior Executive s Role in Cybersecurity. By: Andrew Serwin and Ron Plesco.

The Senior Executive s Role in Cybersecurity. By: Andrew Serwin and Ron Plesco. The Senior Executive s Role in Cybersecurity. By: Andrew Serwin and Ron Plesco. 1 Calling All CEOs Are You Ready to Defend the Battlefield of the 21st Century? It is not the norm for corporations to be

More information

Cyber Incident Annex. Cooperating Agencies: Coordinating Agencies:

Cyber Incident Annex. Cooperating Agencies: Coordinating Agencies: Cyber Incident Annex Coordinating Agencies: Department of Defense Department of Homeland Security/Information Analysis and Infrastructure Protection/National Cyber Security Division Department of Justice

More information

NATIONAL STRATEGY FOR GLOBAL SUPPLY CHAIN SECURITY

NATIONAL STRATEGY FOR GLOBAL SUPPLY CHAIN SECURITY NATIONAL STRATEGY FOR GLOBAL SUPPLY CHAIN SECURITY JANUARY 2012 Table of Contents Executive Summary 1 Introduction 2 Our Strategic Goals 2 Our Strategic Approach 3 The Path Forward 5 Conclusion 6 Executive

More information

Remarks by. Thomas J. Curry Comptroller of the Currency. Before a Meeting of CES Government. Washington, DC April 16, 2014

Remarks by. Thomas J. Curry Comptroller of the Currency. Before a Meeting of CES Government. Washington, DC April 16, 2014 Remarks by Thomas J. Curry Comptroller of the Currency Before a Meeting of CES Government Washington, DC April 16, 2014 Good afternoon. It s a pleasure to finally be here with you. I had very much hoped

More information

GAO CRITICAL INFRASTRUCTURE PROTECTION. Significant Challenges in Developing Analysis, Warning, and Response Capabilities.

GAO CRITICAL INFRASTRUCTURE PROTECTION. Significant Challenges in Developing Analysis, Warning, and Response Capabilities. GAO United States General Accounting Office Testimony Before the Subcommittee on Technology, Terrorism and Government Information, Committee on the Judiciary, U.S. Senate For Release on Delivery Expected

More information

A Detailed Strategy for Managing Corporation Cyber War Security

A Detailed Strategy for Managing Corporation Cyber War Security A Detailed Strategy for Managing Corporation Cyber War Security Walid Al-Ahmad Department of Computer Science, Gulf University for Science & Technology Kuwait alahmed.w@gust.edu.kw ABSTRACT Modern corporations

More information

Obama Sets Plan for 'Leaner' Military

Obama Sets Plan for 'Leaner' Military VOA Special English (voaspecialenglish.com) is our daily news and information service for English learners. Read the story and then do the activities at the end. Obama Sets Plan for 'Leaner' Military Reuters

More information

High Level Cyber Security Assessment 2/1/2012. Assessor: J. Doe

High Level Cyber Security Assessment 2/1/2012. Assessor: J. Doe 2/1/2012 Assessor: J. Doe Disclaimer This report is provided as is for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information

More information

ENISA s Study on the Evolving Threat Landscape. European Network and Information Security Agency

ENISA s Study on the Evolving Threat Landscape. European Network and Information Security Agency ENISA s Study on the Evolving Threat Landscape European Network and Information Security Agency Agenda Introduction to ENISA Preliminary remarks The ENISA report Major findings Conclusions 2 ENISA The

More information

Cyber Incident Annex. Federal Coordinating Agencies. Coordinating Agencies. ITS-Information Technology Systems

Cyber Incident Annex. Federal Coordinating Agencies. Coordinating Agencies. ITS-Information Technology Systems Cyber Incident Annex Coordinating Agencies ITS-Information Technology Systems Support Agencies Mississippi Department of Homeland Security Mississippi Emergency Management Agency Mississippi Department

More information

Legislative Language

Legislative Language Legislative Language SECTION 1. DEPARTMENT OF HOMELAND SECURITY CYBERSECURITY AUTHORITY. Title II of the Homeland Security Act of 2002 (6 U.S.C. 121 et seq.) is amended (a) in section 201(c) by striking

More information

Cybersecurity: Mission integration to protect your assets

Cybersecurity: Mission integration to protect your assets Cybersecurity: Mission integration to protect your assets C Y B E R S O L U T I O N S P O L I C Y O P E R AT I O N S P E O P L E T E C H N O L O G Y M A N A G E M E N T Ready for what s next Cyber solutions

More information

Keynote: FBI Wednesday, February 4 noon 1:10 p.m.

Keynote: FBI Wednesday, February 4 noon 1:10 p.m. Keynote: FBI Wednesday, February 4 noon 1:10 p.m. Speaker: Leo Taddeo Special Agent in Change, Cyber/Special Operations Division Federal Bureau of Investigation Biography: Leo Taddeo Leo Taddeo is the

More information

Dr. Starnes E. Walker Founding Director, Cybersecurity Initiative starnes@udel.edu (302) 831 1580

Dr. Starnes E. Walker Founding Director, Cybersecurity Initiative starnes@udel.edu (302) 831 1580 Dr. Starnes E. Walker Founding Director, Cybersecurity Initiative starnes@udel.edu (302) 831 1580 The Cybersecurity Initiative was established at the University of Delaware in 2014 as an integrated learning

More information

ROCKEFELLER SNOWE CYBERSECURITY ACT SUBSTITUTE AMENDMENT FOR S.773

ROCKEFELLER SNOWE CYBERSECURITY ACT SUBSTITUTE AMENDMENT FOR S.773 ROCKEFELLER SNOWE CYBERSECURITY ACT SUBSTITUTE AMENDMENT FOR S.773 March 17, 2010 BACKGROUND & WHY THIS LEGISLATION IS IMPORTANT: Our nation is at risk. The networks that American families and businesses

More information

Statement for the Record. Richard Bejtlich. Chief Security Strategist. FireEye, Inc. Before the. U.S. House of Representatives

Statement for the Record. Richard Bejtlich. Chief Security Strategist. FireEye, Inc. Before the. U.S. House of Representatives Statement for the Record Richard Bejtlich Chief Security Strategist FireEye, Inc. Before the U.S. House of Representatives Committee on Energy and Commerce Subcommittee on Oversight and Investigations

More information

STATEMENT BY DAVID DEVRIES PRINCIPAL DEPUTY DEPARTMENT OF DEFENSE CHIEF INFORMATION OFFICER BEFORE THE

STATEMENT BY DAVID DEVRIES PRINCIPAL DEPUTY DEPARTMENT OF DEFENSE CHIEF INFORMATION OFFICER BEFORE THE STATEMENT BY DAVID DEVRIES PRINCIPAL DEPUTY DEPARTMENT OF DEFENSE CHIEF INFORMATION OFFICER BEFORE THE HOUSE OVERSIGHT AND GOVERNMENT REFORM COMMITTEE S INFORMATION TECHNOLOGY SUBCOMMITTEE AND THE VETERANS

More information

GAO CYBERSECURITY. Progress Made but Challenges Remain in Defining and Coordinating the Comprehensive National Initiative

GAO CYBERSECURITY. Progress Made but Challenges Remain in Defining and Coordinating the Comprehensive National Initiative GAO United States Government Accountability Office Report to Congressional Requesters March 2010 CYBERSECURITY Progress Made but Challenges Remain in Defining and Coordinating the Comprehensive National

More information

CYBER SECURITY AND CYBER DEFENCE IN THE EUROPEAN UNION OPPORTUNITIES, SYNERGIES AND CHALLENGES

CYBER SECURITY AND CYBER DEFENCE IN THE EUROPEAN UNION OPPORTUNITIES, SYNERGIES AND CHALLENGES CYBER SECURITY AND CYBER DEFENCE IN THE EUROPEAN UNION OPPORTUNITIES, SYNERGIES AND CHALLENGES By Wolfgang Röhrig, Programme Manager Cyber Defence at EDA and Wg Cdr Rob Smeaton, Cyber Defence Staff Officer

More information

Issue Paper. Wargaming Homeland Security and Army Reserve Component Issues. By Professor Michael Pasquarett

Issue Paper. Wargaming Homeland Security and Army Reserve Component Issues. By Professor Michael Pasquarett Issue Paper Center for Strategic Leadership, U.S. Army War College May 2003 Volume 04-03 Wargaming Homeland Security and Army Reserve Component Issues By Professor Michael Pasquarett Background The President

More information

Homeland Security: Information Assurance Challenges and Opportunities. Building the National Cyber Security Division

Homeland Security: Information Assurance Challenges and Opportunities. Building the National Cyber Security Division Homeland Security: Information Assurance Challenges and Opportunities Building the National Cyber Security Division The Homeland Security Act and national strategies direct DHS to take the lead on cyber

More information

www.pwc.com Developing a robust cyber security governance framework 16 April 2015

www.pwc.com Developing a robust cyber security governance framework 16 April 2015 www.pwc.com Developing a robust cyber security governance framework 16 April 2015 Cyber attacks are ubiquitous Anonymous hacker group declares cyber war on Hong Kong government, police - SCMP, 2 October

More information

One Hundred Twelfth Congress of the United States of America

One Hundred Twelfth Congress of the United States of America S. 3454 One Hundred Twelfth Congress of the United States of America AT THE SECOND SESSION Begun and held at the City of Washington on Tuesday, the third day of January, two thousand and twelve An Act

More information

GAO. IT SUPPLY CHAIN Additional Efforts Needed by National Security- Related Agencies to Address Risks

GAO. IT SUPPLY CHAIN Additional Efforts Needed by National Security- Related Agencies to Address Risks GAO For Release on Delivery Expected at 10:00 a.m. EDT Tuesday, March 27, 2012 United States Government Accountability Office Testimony Before the Subcommittee on Oversight and Investigations, Committee

More information

C ETS C/ETS: CYBER INTELLIGENCE + ENTERPRISE SOLUTIONS CSCSS / ENTERPRISE TECHNOLOGY + SECURITY

C ETS C/ETS: CYBER INTELLIGENCE + ENTERPRISE SOLUTIONS CSCSS / ENTERPRISE TECHNOLOGY + SECURITY CSCSS / ENTERPRISE TECHNOLOGY + SECURITY C/ETS: CYBER INTELLIGENCE + ENTERPRISE SOLUTIONS CENTRE FOR STRATEGIC CSCSS CYBERSPACE + SECURITY SCIENCE CSCSS / ENTERPRISE TECHNOLOGY + SECURITY GROUP Information

More information

The Importance of Cybersecurity Monitoring for Utilities

The Importance of Cybersecurity Monitoring for Utilities The Importance of Cybersecurity Monitoring for Utilities www.n-dimension.com Cybersecurity threats against energy companies, including utilities, have been increasing at an alarming rate. A comprehensive

More information

Cyber Threat Intelligence and Incident Coordination Center (C 3 ) Protecting the Healthcare Industry from Cyber Attacks

Cyber Threat Intelligence and Incident Coordination Center (C 3 ) Protecting the Healthcare Industry from Cyber Attacks Cyber Threat Intelligence and Incident Coordination Center (C 3 ) Protecting the Healthcare Industry from Cyber Attacks July 2014 Cyber Threat Intelligence and Incident Coordination Center: Protecting

More information

Since creation of the first interconnected computer network in

Since creation of the first interconnected computer network in Lt Col August G. Roesener, PhD, USAF Maj Carl Bottolfson, USAF CDR Gerry Fernandez, USN Since creation of the first interconnected computer network in 1969 as an Advanced Research Projects Agency endeavor,

More information

CyberSecurity Solutions. Delivering

CyberSecurity Solutions. Delivering CyberSecurity Solutions Delivering Confidence Staying One Step Ahead Cyber attacks pose a real and growing threat to nations, corporations and individuals globally. As a trusted leader in cyber solutions

More information

Middle Class Economics: Cybersecurity Updated August 7, 2015

Middle Class Economics: Cybersecurity Updated August 7, 2015 Middle Class Economics: Cybersecurity Updated August 7, 2015 The President's 2016 Budget is designed to bring middle class economics into the 21st Century. This Budget shows what we can do if we invest

More information

Operationalizing Threat Intelligence.

Operationalizing Threat Intelligence. Operationalizing Threat Intelligence. Key Takeaways Time is becoming more and more compressed when it comes to protecting the enterprise Security teams must be able to rapidly and effectively translate

More information

NATIONAL CYBERSECURITY STRATEGIES: AUSTRALIA AND CANADA

NATIONAL CYBERSECURITY STRATEGIES: AUSTRALIA AND CANADA NATIONAL CYBERSECURITY STRATEGIES: AUSTRALIA AND CANADA JOÃO MANUEL ASSIS BARBAS Coronel de Artilharia. Assessor de Estudos do IDN INTRODUCTION Globalization and information and communication technologies

More information

Cyber Information-Sharing Models: An Overview

Cyber Information-Sharing Models: An Overview PARTNERSHIP Cyber Information-Sharing Models: An Overview October 2012. The MITRE Corporation. All rights reserved. Approved for Public Release. Case Number 11-4486. Distribution Unlimited. Table of Contents

More information

Office of Inspector General

Office of Inspector General Audit Report OIG-05-040 INFORMATION TECHNOLOGY: Mint s Computer Security Incident Response Capability Needs Improvement July 13, 2005 Office of Inspector General Department of the Treasury Contents Audit

More information

The FBI Cyber Program. Bauer Advising Symposium //UNCLASSIFIED

The FBI Cyber Program. Bauer Advising Symposium //UNCLASSIFIED The FBI Cyber Program Bauer Advising Symposium October 11, 2012 Today s Agenda What is the threat? Who are the adversaries? How are they attacking you? What can the FBI do to help? What can you do to stop

More information

Everything You Wanted to Know about DISA STIGs but were Afraid to Ask

Everything You Wanted to Know about DISA STIGs but were Afraid to Ask Everything You Wanted to Know about DISA STIGs but were Afraid to Ask An EiQ Networks White Paper 2015 EiQ Networks, Inc. All Rights Reserved. EiQ, the EiQ logo, the SOCVue logo, SecureVue, ThreatVue,

More information

JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015

JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015 JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015 The following consists of the joint explanatory statement to accompany the Cybersecurity Act of 2015. This joint explanatory statement

More information

DIVISION N CYBERSECURITY ACT OF 2015

DIVISION N CYBERSECURITY ACT OF 2015 H. R. 2029 694 DIVISION N CYBERSECURITY ACT OF 2015 SEC. 1. SHORT TITLE; TABLE OF CONTENTS. (a) SHORT TITLE. This division may be cited as the Cybersecurity Act of 2015. (b) TABLE OF CONTENTS. The table

More information

Testimony of Matthew Rhoades Director Cyberspace & Security Program Truman National Security Project & Center for National Policy

Testimony of Matthew Rhoades Director Cyberspace & Security Program Truman National Security Project & Center for National Policy Testimony of Matthew Rhoades Director Cyberspace & Security Program Truman National Security Project & Center for National Policy House Committee on Homeland Security Subcommittee on Cybersecurity, Infrastructure

More information

HOW DO YOU CREATE A WORLD FINANCIAL COMMUNITY THAT IS RESILIENT IN THE FACE OF CYBER-SECURITY, CYBER-ESPIONAGE, AND HACKING?

HOW DO YOU CREATE A WORLD FINANCIAL COMMUNITY THAT IS RESILIENT IN THE FACE OF CYBER-SECURITY, CYBER-ESPIONAGE, AND HACKING? HOW DO YOU CREATE A WORLD FINANCIAL COMMUNITY THAT IS RESILIENT IN THE FACE OF CYBER-SECURITY, CYBER-ESPIONAGE, AND HACKING? Biographies of Authors William Abbott Foster, PhD is a Senior Research Associate

More information

Preventing and Defending Against Cyber Attacks November 2010

Preventing and Defending Against Cyber Attacks November 2010 Preventing and Defending Against Cyber Attacks November 2010 The Nation s first ever Quadrennial Homeland Security Review (QHSR), delivered to Congress in February 2010, identified safeguarding and securing

More information

Chairman Johnson, Ranking Member Carper, and Members of the committee:

Chairman Johnson, Ranking Member Carper, and Members of the committee: UNITED STATES OFFICE OF PERSONNEL MANAGEMENT STATEMENT OF THE HONORABLE KATHERINE ARCHULETA DIRECTOR U.S. OFFICE OF PERSONNEL MANAGEMENT before the COMMITTEE ON HOMELAND SECURITY AND GOVERNMENTAL AFFAIRS

More information

Section by Section DEPARTMENT OF HOMELAND SECURITY CYBERSECURITY AUTHORITY AND INFORMATION SHARING

Section by Section DEPARTMENT OF HOMELAND SECURITY CYBERSECURITY AUTHORITY AND INFORMATION SHARING Section by Section DEPARTMENT OF HOMELAND SECURITY CYBERSECURITY AUTHORITY AND INFORMATION SHARING Sec. 1. Department of Homeland Security Cybersecurity Authority Section 1(a) amends Title II of the Homeland

More information

FBI AND CYBER SECURITY

FBI AND CYBER SECURITY FBI AND CYBER SECURITY SSA John Caruthers SSA Ken Schmutz SSA Tom Winterhalter Mission The FBI is the only U.S. agency charged with the authority to investigate both criminal and national security investigations.

More information

Statement of Gil Vega. Associate Chief Information Officer for Cybersecurity and Chief Information Security Officer. U.S. Department of Energy

Statement of Gil Vega. Associate Chief Information Officer for Cybersecurity and Chief Information Security Officer. U.S. Department of Energy Statement of Gil Vega Associate Chief Information Officer for Cybersecurity and Chief Information Security Officer U.S. Department of Energy Before the Subcommittee on Oversight and Investigations Committee

More information

U.S. Department of Energy Office of Inspector General Office of Audits & Inspections. Evaluation Report

U.S. Department of Energy Office of Inspector General Office of Audits & Inspections. Evaluation Report U.S. Department of Energy Office of Inspector General Office of Audits & Inspections Evaluation Report The Department's Unclassified Cyber Security Program - 2012 DOE/IG-0877 November 2012 MEMORANDUM FOR

More information

Subject: Critical Infrastructure Identification, Prioritization, and Protection

Subject: Critical Infrastructure Identification, Prioritization, and Protection For Immediate Release Office of the Press Secretary The White House December 17, 2003 Homeland Security Presidential Directive / HSPD-7 Subject: Critical Infrastructure Identification, Prioritization,

More information

Office of Emergency Communications (OEC) Mobile Applications for Public Safety (MAPS)

Office of Emergency Communications (OEC) Mobile Applications for Public Safety (MAPS) Office of Emergency Communications (OEC) Mobile Applications for Public Safety (MAPS) PSCR Public Safety Broadband Stakeholder Conference June 4 th, 2014 Alex Kreilein Technology Policy Strategist Office

More information

Actions and Recommendations (A/R) Summary

Actions and Recommendations (A/R) Summary Actions and Recommendations (A/R) Summary Priority I: A National Cyberspace Security Response System A/R 1-1: DHS will create a single point-ofcontact for the federal government s interaction with industry

More information

December 17, 2003 Homeland Security Presidential Directive/Hspd-7

December 17, 2003 Homeland Security Presidential Directive/Hspd-7 For Immediate Release Office of the Press Secretary December 17, 2003 December 17, 2003 Homeland Security Presidential Directive/Hspd-7 Subject: Critical Infrastructure Identification, Prioritization,

More information

Defense Security Service

Defense Security Service Defense Security Service Defense Security Service Cybersecurity Operations Division Counterintelligence UNCLASSIFIED Defense Security Service DSS Mission DSS Supports national security and the warfighter,

More information

DETECT. LEARN. ADAPT. DEFEND. WIN EVERY ATTACK.

DETECT. LEARN. ADAPT. DEFEND. WIN EVERY ATTACK. DETECT. LEARN. ADAPT. DEFEND. WIN EVERY ATTACK. A Brief History of IT Security Once upon a time, IT security was simple. Viruses were written to attack any system they came in contact with. As a result,

More information

Cybersecurity on a Global Scale

Cybersecurity on a Global Scale Cybersecurity on a Global Scale Time-tested Leadership A global leader for more than a century with customers in 80 nations supported by offices in 19 countries worldwide, Raytheon recognizes that shared

More information

2 Gabi Siboni, 1 Senior Research Fellow and Director,

2 Gabi Siboni, 1 Senior Research Fellow and Director, Cyber Security Build-up of India s National Force 2 Gabi Siboni, 1 Senior Research Fellow and Director, Military and Strategic Affairs and Cyber Security Programs, Institute for National Security Studies,

More information

Corporate Spying An Overview

Corporate Spying An Overview Corporate Spying An Overview With the boom in informational and technological advancements in recent years, there comes the good and the bad the bad being more susceptibility to the theft of confidential

More information

Federal Bureau of Investigation. Los Angeles Field Office Computer Crime Squad

Federal Bureau of Investigation. Los Angeles Field Office Computer Crime Squad Federal Bureau of Investigation Los Angeles Field Office Computer Crime Squad Overview FBI and Infrastructure Protection Cyber Crime Cases Cyber Law What to do Infrastructure Protection: Traditional Threat

More information

Industrial Cyber Security Risk Manager. Proactively Monitor, Measure and Manage Cyber Security Risk

Industrial Cyber Security Risk Manager. Proactively Monitor, Measure and Manage Cyber Security Risk Industrial Cyber Security Risk Manager Proactively Monitor, Measure and Manage Cyber Security Risk With Today s Cyber Threats, How Secure is Your Control System? Today, industrial organizations are faced

More information

CENTRE FOR STRATEGIC CYBERSPACE + SECURITY SCIENCE LEADERSHIP. RESEARCH. DEFENCE.

CENTRE FOR STRATEGIC CYBERSPACE + SECURITY SCIENCE LEADERSHIP. RESEARCH. DEFENCE. CSCSS CENTRE FOR STRATEGIC CYBERSPACE + SECURITY SCIENCE LEADERSHIP. RESEARCH. DEFENCE. CSCSS CENTRE FOR STRATEGIC CYBERSPACE + SECURITY SCIENCE The early 21st century has been defined by the Internet,

More information

Guy Ron Managing Director, Bayon Security guyron@bayoncon.com

Guy Ron Managing Director, Bayon Security guyron@bayoncon.com Guy Ron Managing Director, Bayon Security guyron@bayoncon.com About Me Started my career at the Israeli Defense Forces developing mission critical solutions for the Air Force and retiring as a Captain

More information

The rapid development of China presents challenges and opportunities for America.

The rapid development of China presents challenges and opportunities for America. Lesson Plan China Chad Flaig Purpose: Big Concept: The rapid development of China presents challenges and opportunities for America. Essential Questions What are the economic challenges that China presents

More information

DEPARTMENT OF DEFENSE 6000 DEFENSE PENTAGON WASHINGTON, D.C. 20301-6000

DEPARTMENT OF DEFENSE 6000 DEFENSE PENTAGON WASHINGTON, D.C. 20301-6000 DEPARTMENT OF DEFENSE 6000 DEFENSE PENTAGON WASHINGTON, D.C. 20301-6000 CHIEF INFORMATION OFFICER December 9, 2015 MEMORANDUM FOR SECRETARIES OF THE MILITARY DEPARTMENTS CHAIRMAN OF THE JOINT CHIEFS OF

More information

Advanced Threat Protection with Dell SecureWorks Security Services

Advanced Threat Protection with Dell SecureWorks Security Services Advanced Threat Protection with Dell SecureWorks Security Services Table of Contents Summary... 2 What are Advanced Threats?... 3 How do advanced threat actors operate?... 3 Addressing the Threat... 5

More information

Survey of Cyber Security Frameworks

Survey of Cyber Security Frameworks Survey of Cyber Security Frameworks Alice Nambiro Wechuli (Department of Computer Science, Masinde Muliro University of Science and Technology, Kenya alicenambiro@yahoo.com) Geoffrey Muchiri Muketha (Department

More information

Trends in Cybersecurity and Privacy

Trends in Cybersecurity and Privacy www.pwc.com/ca/security Trends in Cybersecurity and Privacy Insights from The Global State of Information Security Survey 2016 Ottawa, Ontario April 13, 2016 Your speakers today David Craig Anthony Dias

More information

A Community Position paper on. Law of CyberWar. Paul Shaw. 12 October 2013. Author note

A Community Position paper on. Law of CyberWar. Paul Shaw. 12 October 2013. Author note A Community Position paper on Law of CyberWar Paul Shaw 12 October 2013 Author note This law and cyberwar paper / quasi-treatise was originally written for a course in a CISO certification curriculum,

More information

DEPARMTMENT OF HOMELAND SECURITY AUTHORIZATION BILL FOR FY 2008 AND FY 2009 SECTION-BY-SECTION

DEPARMTMENT OF HOMELAND SECURITY AUTHORIZATION BILL FOR FY 2008 AND FY 2009 SECTION-BY-SECTION DEPARMTMENT OF HOMELAND SECURITY AUTHORIZATION BILL FOR FY 2008 AND FY 2009 SECTION-BY-SECTION TITLE I: AUTHORIZATION OF APPROPRIATIONS Sec. 101. Authorization of Appropriations. This section authorizes

More information

State of Security Survey GLOBAL FINDINGS

State of Security Survey GLOBAL FINDINGS 2011 State of Security Survey GLOBAL FINDINGS CONTENTS Introduction... 4 Methodology... 6 Finding 1: Cybersecurity is important to business... 8 Finding 2: The drivers of security are changing... 10 Finding

More information

Cyberterror. Cyberspace computer-mediated communication systems has become a battleground between states and terrorists, and among nation states.

Cyberterror. Cyberspace computer-mediated communication systems has become a battleground between states and terrorists, and among nation states. Cyberterror Cyberspace computer-mediated communication systems has become a battleground between states and terrorists, and among nation states. What are terrorists main uses of cyberspace? How does cyberterror

More information

Defending Against Data Beaches: Internal Controls for Cybersecurity

Defending Against Data Beaches: Internal Controls for Cybersecurity Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity

More information

Developing a Mature Security Operations Center

Developing a Mature Security Operations Center Developing a Mature Security Operations Center Introduction Cybersecurity in the federal government is at a crossroads. Each month, there are more than 1.8 billion attacks on federal agency networks, and

More information

U.S. Department of Energy Office of Inspector General Office of Audits and Inspections

U.S. Department of Energy Office of Inspector General Office of Audits and Inspections U.S. Department of Energy Office of Inspector General Office of Audits and Inspections Audit Report The Department's Configuration Management of Non-Financial Systems OAS-M-12-02 February 2012 Department

More information

2015 Michigan NASCIO Award Nomination. Cyber Security Initiatives: Michigan Cyber Disruption Response Strategy

2015 Michigan NASCIO Award Nomination. Cyber Security Initiatives: Michigan Cyber Disruption Response Strategy 2015 Michigan NASCIO Award Nomination Cyber Security Initiatives: Michigan Cyber Disruption Response Strategy Sponsor: David Behen, DTMB Director and Chief Information Officer Program Manager: Rod Davenport,

More information

Trends Concerning Cyberspace

Trends Concerning Cyberspace Section 2 Trends Concerning Cyberspace 1 Cyberspace and Security Owing to the information technology (IT) revolution in recent years, information and communication networks such as the Internet are becoming

More information

Department of Defense DIRECTIVE

Department of Defense DIRECTIVE Department of Defense DIRECTIVE NUMBER 3020.40 January 14, 2010 Incorporating Change 2, September 21, 2012 USD(P) SUBJECT: DoD Policy and Responsibilities for Critical Infrastructure References: See Enclosure

More information

Hanh Do, Director, Information System Audit Division, GAA. SUBJECT: Review of HUD s Information Technology Contingency Planning and Preparedness

Hanh Do, Director, Information System Audit Division, GAA. SUBJECT: Review of HUD s Information Technology Contingency Planning and Preparedness Issue Date: August 31, 2006 Audit Report Number 2006-DP-0005 TO: Lisa Schlosser, Chief Information Officer, A FROM: Hanh Do, Director, Information System Audit Division, GAA SUBJECT: Review of HUD s Information

More information

Cybersecurity, Foreign Policy, and Business

Cybersecurity, Foreign Policy, and Business Summary Report Cybersecurity, Foreign Policy, and Business Washington, DC Workshop January 11, 2011 8:00 a.m. 3:00 p.m. In early 2011, the Council on Foreign Relations held a workshop focused on the intersection

More information

Cyber threats are growing.

Cyber threats are growing. Cyber threats are growing. So are your career opportunities. Put the future of your cybersecurity career in the hands of a respected online education leader. Everything you need to succeed. Excelsior College

More information

Lessons from Defending Cyberspace

Lessons from Defending Cyberspace Lessons from Defending Cyberspace The Challenge of Addressing National Cyber Risk Andy Purdy Workshop on Cyber Security Center for American Studies, Christopher Newport College 10 28-2009 Cyber Threat

More information

The Computerworld Honors Program

The Computerworld Honors Program The Computerworld Honors Program Honoring those who use Information Technology to benefit society Status: Laureate Final Copy of Case Study Year: 2013 Organization Name: Cybersecurity and Infrastructure

More information

Accenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges

Accenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges Accenture Intelligent Security for the Digital Enterprise Archer s important role in solving today's pressing security challenges The opportunity to improve cyber security has never been greater 229 2,287

More information

SYMANTEC MANAGED SECURITY SERVICES. Superior information security delivered with exceptional value.

SYMANTEC MANAGED SECURITY SERVICES. Superior information security delivered with exceptional value. SYMANTEC MANAGED SECURITY SERVICES Superior information security delivered with exceptional value. A strong security posture starts with a smart business decision. In today s complex enterprise environments,

More information

The Comprehensive National Cybersecurity Initiative

The Comprehensive National Cybersecurity Initiative The Comprehensive National Cybersecurity Initiative President Obama has identified cybersecurity as one of the most serious economic and national security challenges we face as a nation, but one that we

More information

Espionage and Intelligence. Debra A. Miller, Book Editor

Espionage and Intelligence. Debra A. Miller, Book Editor Espionage and Intelligence Debra A. Miller, Book Editor Intelligence... has always been used by the United States to support U.S. military operations, but much of what forms today s intelligence system

More information

MARYLAND. Cyber Security White Paper. Defining the Role of State Government to Secure Maryland s Cyber Infrastructure.

MARYLAND. Cyber Security White Paper. Defining the Role of State Government to Secure Maryland s Cyber Infrastructure. MARYLAND Cyber Security White Paper Defining the Role of State Government to Secure Maryland s Cyber Infrastructure November 1, 2006 Robert L. Ehrlich, Jr., Governor Michael S. Steele, Lt. Governor Message

More information

Managing SSL Certificates with Ease

Managing SSL Certificates with Ease WHITE PAPER: MANAGING SSL CERTIFICATES WITH EASE White Paper Managing SSL Certificates with Ease Best Practices for Maintaining the Security of Sensitive Enterprise Transactions Managing SSL Certificates

More information

Some Thoughts on the Future of Cyber-security

Some Thoughts on the Future of Cyber-security Some Thoughts on the Future of Cyber-security Mike Thomas Information Assurance Directorate National Security Agency NSI IMPACT April 2015 1 Introduction, or Why are we here? National security missions

More information

Department of Defense DIRECTIVE

Department of Defense DIRECTIVE Department of Defense DIRECTIVE NUMBER 5505.13E March 1, 2010 ASD(NII)/DoD CIO SUBJECT: DoD Executive Agent (EA) for the DoD Cyber Crime Center (DC3) References: See Enclosure 1 1. PURPOSE. This Directive:

More information

HOMELAND SECURITY INTERNET SOURCES

HOMELAND SECURITY INTERNET SOURCES I&S Internet Sources I&S HOMELAND SECURITY INTERNET SOURCES USEFUL SITES, PORTALS AND FORUMS Homeland Security Home Page http://www.whitehouse.gov/homeland/ A federal agency whose primary mission is to

More information

Cyber Adversary Characterization. Know thy enemy!

Cyber Adversary Characterization. Know thy enemy! Cyber Adversary Characterization Know thy enemy! Brief History of Cyber Adversary Modeling Mostly Government Agencies. Some others internally. Workshops DARPA 2000 Other Adversaries, RAND 1999-2000 Insider

More information

STATEMENT OF MR. THOMAS ATKIN ACTING ASSISTANT SECRETARY OF DEFENSE FOR HOMELAND DEFENSE AND GLOBAL SECURITY OFFICE OF THE SECRETARY OF DEFENSE;

STATEMENT OF MR. THOMAS ATKIN ACTING ASSISTANT SECRETARY OF DEFENSE FOR HOMELAND DEFENSE AND GLOBAL SECURITY OFFICE OF THE SECRETARY OF DEFENSE; STATEMENT OF MR. THOMAS ATKIN ACTING ASSISTANT SECRETARY OF DEFENSE FOR HOMELAND DEFENSE AND GLOBAL SECURITY OFFICE OF THE SECRETARY OF DEFENSE; LIEUTENANT GENERAL JAMES K. MCLAUGHLIN DEPUTY COMMANDER,

More information

Cybersecurity Delivering Confidence in the Cyber Domain

Cybersecurity Delivering Confidence in the Cyber Domain Cybersecurity Delivering Confidence in the Cyber Domain With decades of intelligence and cyber expertise, Raytheon offers unmatched, full-spectrum, end-to-end cyber solutions that help you secure your

More information

The Geospatial Approach to Cybersecurity: An Executive Overview. An Esri White Paper January 2014

The Geospatial Approach to Cybersecurity: An Executive Overview. An Esri White Paper January 2014 The Geospatial Approach to Cybersecurity: An Executive Overview An Esri White Paper January 2014 Copyright 2014 Esri All rights reserved. Printed in the United States of America. The information contained

More information

Security Technology Vision 2016: Empowering Your Cyber Defenders to Enable Digital Trust Executive Summary

Security Technology Vision 2016: Empowering Your Cyber Defenders to Enable Digital Trust Executive Summary Security Technology Vision 2016: Empowering Your Cyber Defenders to Enable Digital Trust Executive Summary 2 Security Technology Vision 2016 Empowering Your Cyber Defenders to Enable Digital Trust Fighter

More information

Department of Defense INSTRUCTION. Reference: (a) DoD Directive 3020.26, Defense Continuity Programs (DCP), September 8, 2004January 9, 2009

Department of Defense INSTRUCTION. Reference: (a) DoD Directive 3020.26, Defense Continuity Programs (DCP), September 8, 2004January 9, 2009 Department of Defense INSTRUCTION SUBJECT: Defense Continuity Plan Development NUMBER 3020.42 February 17, 2006 Certified current as of April 27, 2011 Reference: (a) DoD Directive 3020.26, Defense Continuity

More information