JOIN THE 2015 CYBERSECURITY CAMPAIGN

Transcription

1 JOIN THE 2015 CYBERSECURITY CAMPAIGN Improving Today. Protecting Tomorrow

2 Cybersecurity has emerged as a top priority for the U.S. Chamber. In an interconnected world, economic security and national security are linked. Attacks in cyberspace are being carried out by nation-states, hacktivists, and criminal organizations. Bad actors can compromise public safety, classified information, intellectual property, sensitive personal data, and business networks, putting America s security at risk. This year, cybercrime topped the intelligence community s global threat assessment, and former FBI Director Robert Mueller declared that cyberattacks will eventually pose as great a threat to our national security as al-qaeda and could even surpass it. The Chamber has been leading on cybersecurity for years. In 2014, it launched a new comprehensive campaign under the banner Improving Today. Protecting Tomorrow to advance cybersecurity policies and legislation while educating businesses of all sizes about cyber threats and how to protect against them. For a second year in a row, the Chamber is continuing the cybersecurity campaign with four regional roundtables planned in advance of its Fourth Annual Cybersecurity Summit on October 6. The Chamber s work would not be possible without your support. Please review the information in this brochure to learn about the campaign and sponsorship opportunities. For more information, please contact me (abeauchsene@uschamber.com, ); Matthew Eggers (meggers@uschamber.com, ); or Vincent Voci (vvoci@uschamber.com, ). Sincerely, Ann Beauchesne Senior Vice President National Security and Emergency Preparedness Department U.S. Chamber of Commerce 2

3 U.S. Chamber s National Security & Emergency Preparedness Department Established in 2003 to develop and implement the Chamber s homeland and national security policies. The department works through the National Security Task Force, a policy committee composed of roughly 200 Chamber members representing a broad spectrum of the nation s economy. The task force s Cybersecurity Working Group identifies current and emerging issues, crafts policies and positions, and provides analysis and direct advocacy to government and business leaders. The need to address increasingly sophisticated threats against American and global businesses has gone from an IT issue to a top priority for the C-suite and the boardroom. In an interconnected world, economic security and national security are linked. To maintain a strong and resilient economy, we must protect against the threat of cyberattacks. - Chamber President and CEO Thomas J. Donohue Many cybersecurity experts say that there are two types of businesses those that have been hacked and know it, and those that have been hacked and don t know it yet. As large businesses strengthen their cyber protections, small and medium-size ones are increasingly the victims of malicious actors. However, many hurdles stand in the way of meaningful change: Congressional gridlock. Appropriate roles of government entities in private-public partnerships. Lack of information sharing regarding threats between government and industry. Cyberattacks against U.S. businesses owing to a lack of credible deterrence. Misalignment of international cyber regimes. Demand for cybersecurity personnel outstripping supply. 3

4 Background: Cybersecurity framework is an important riskmanagement tool The White House released on February 12, 2014, the first version of the Framework for Improving Critical Infrastructure Cybersecurity (the framework). It was capably developed over the past 12 months by the U.S. Department of Commerce s National Institute of Standards and Technology (NIST) in close collaboration with the U.S. Chamber s National Security Task Force/Cybersecurity Working Group and other private sector organizations. NIST officials led a public-private effort coordinating an environment where standards and security specialists identify existing cybersecurity best practices and guidance throughout industry sectors and promote their implementation. The Chamber has valued NIST s involvement with the framework. NIST has treated the business community as a genuine partner and tackled a tough assignment in ways that should serve as a model for other agencies and departments. What the framework does The framework is largely a process it s designed to help organizations start a cybersecurity program or improve an existing one. The framework features a number of industry-vetted actions that businesses can take to assess and strengthen their state of security over time. It is not meant to be regulatory, which would be troublesome to industry. Additionally, the framework provides organizations including their customers, partners, and suppliers with common language for the following: Understanding their current cybersecurity posture. Setting goals for cybersecurity improvements. Monitoring progress toward their goals. Fostering communications with their internal and external stakeholders. There s a rough consensus among cybersecurity experts that a high percentage of unsophisticated or untargeted malicious activity can be stopped by implementing elements of the framework. Using the framework is tantamount to improving one s cyber fitness. There are built-in assumptions that an organization s cyber capabilities will degrade if it becomes passive, and that continual improvement is necessary for a business to keep pace with threats. 4

5 The framework is a good start, but more work ahead No single strategy can prevent advanced and persistent threats, known as APTs in cybersecurity jargon, from breaching an organization s cyber defenses. APTs typically refer to cyberattacks originating from foreign powers or their surrogates. The framework is a good start, but more work is needed. Most small and midsize businesses, after all, don t have the money or human talent required to take on highly sophisticated and nefarious actors, such as organized criminal gangs and groups carrying out state-sponsored attacks. The following are some key activities: Increasing awareness and use of the framework and growing market solutions: The Chamber is planning more cyber roundtables. In 2014, the Chamber organized four roundtable events with state and local chambers across the country prior to the Chamber s Third Annual Cybersecurity Summit on October 28. Leading member sponsors of the cybersecurity campaign were American Express, Dell, and Splunk. Additional roundtable and summit sponsors were the American Gas Association, Boeing, Edison Electric Institute, Exelon, HID Global, Microsoft, Oracle, Pepco Holdings, Inc., and The Wall Street Journal. The Chamber will continue involving NIST, the Department of Homeland Security (DHS), and law enforcement to help early users of the framework and to grow market solutions for curbing cyber threats. Passing information-sharing legislation: Passing information-sharing legislation is the Chamber s No. 1 cyber legislative priority. The framework will be incomplete without the enactment of information-sharing legislation that removes legal and regulatory penalties to quickly exchange data about evolving threats to industry. Engaging law enforcement: The Chamber is in close contact with the FBI and the Secret Service, which are often the first entities to learn of criminals access to company networks. The Chamber engages law enforcement to build trusted public-private relationships, which are essential to confirming a crime and beginning a criminal investigation. FBI and Secret Service officials participated in each of the Chamber s 2014 roundtables. Monitoring independent agencies: The independent agencies ranging from the Federal Communications Commission (FCC) to the Securities and Exchange Commission (SEC) can use the framework to regulate the business community. For example, some policymakers are pushing the SEC to compel businesses to report incidents with increasing specificity, which many in industry find troubling. 5

6 Modernizing cybersecurity regulations: Information-security requirements should not be cumulative. The Chamber believes it is valuable that agencies and departments are urged under the 2013 cybersecurity presidential order to report to the Office of Management and Budget (OMB) any critical infrastructure subject to ineffective, conflicting, or excessively burdensome cybersecurity requirements. Aligning international cybersecurity regimes: Many Chamber members operate globally. We anticipate working with NIST and the Chamber s International Division (Center for Global Regulatory Cooperation) to urge foreign governments to embrace the framework. Efforts to improve the cybersecurity of the public and private sectors should reflect the borderless and interconnected nature of our digital environment. Raising adversaries costs through deterrence: The Chamber is reviewing actions that can be taken by businesses to deter nefarious actors that threaten to empty bank accounts, steal trade secrets, or damage vital infrastructures. The United States needs to thoughtfully shift the costs associated with advanced cyberattacks in ways that are timely, legal, and proportionate relative to the threats. 6

7 2014 Cybersecurity Campaign Summary The Chamber s new cybersecurity campaign Improving Today. Protecting Tomorrow had a very good first year attracting nearly 1,000 government and industry attendees at six events: four regional roundtables, a cyber panel at Americas Small Business Summit, and the Chambers Third Annual Cybersecurity Summit. These events generated significant media coverage. Core strengths of the campaign include promoting members desire to be branded with a positive cyber effort, as well as advancing their commercial cybersecurity solutions to industry and government. The campaign complements the Chamber s efforts to affect meaningful change in policy. In just a few years, the Chamber has become an influential voice on cyber policy and politics. The campaigns 2015 message urges businesses of all sizes to have a cybersecurity risk management plan and update it regularly. Regional Roundtable Events: The Chamber hosted four half-day regional roundtable events in Austin, Chicago, Everett, and Phoenix. Roundtables featured more than 45 government and industry speakers, cybersecurity principals from the White House, DHS, NIST, and local FBI and Secret Service officials. The Chamber and its partners urged businesses to adopt fundamental Internet security practices to reduce network and system weaknesses and make the price of successful hacking increasingly steep. Third Annual Cybersecurity Summit: Washington, D.C. 27 speakers including 9 government speakers One-day event featuring two keynote sessions by White House Cybersecurity Coordinator Michael Daniel and Admiral Michael Rogers, Commander, U.S. Cyber Command and three panel discussions including a Q&A session with Sens. Diane Feinstein (D-CA) and Saxby Chambliss (R-GA). 7

8 Media Coverage: Thirty print publications and television affiliates covered the Chamber s 2014 Cybersecurity Campaign. The 2014 Cybersecurity Summit generated the most media coverage in its history. In a keynote speech at the U.S. Chamber of Commerce s third annual Cybersecurity Summit, White House Cybersecurity Coordinator Michael Daniel discussed the myriad of technological, economic, political and psychological challenges that have made cybersecurity such a hard problem. He pointed to a number of initiatives that the White House has launched in recent years to help address security risks posed to data held by both public- and private-sector entities, including the National Strategy for Trusted Identities in Cyberspace. Allison Grande. White House Wants To 'Kill' Online Passwords, Adviser Says. Law360. October 28, At an Austin cybersecurity conference Thursday, experts cited the Target example as they encouraged Austin businesses large and small to use newly issued guidelines to protect themselves and their customers. Laylan Copelin. Experts: Businesses can't ignore cyber threats. Austin American Statesman. July 10, At Tuesday's event, [Admiral Mike] Rogers said Defense Department officials are continuing to work to update military rules of engagement in cyberspace. Too many foreign nations and individuals apparently think that attacking U.S. networks is a low-risk proposition, Rogers said. That is not in our best interests in the long term as a nation for others to have that perception, Rogers said. We need to change that. Brendan Sasso. NSA Chief Warns Companies Against Revenge Hackings. National Journal. October 28, Almost all Fortune 500 companies have been hacked at some point, Mr. [John] Carlin told the U.S. Chamber of Commerce s annual Cybersecurity Summit. Have you thought ahead to the day when you will have to face your customers, your employees, your board, and your shareholders? he said. If that day was today, could you tell them that you ve done everything in your power to protect your company s future? Phillip Swarts. In cybersecurity battle, government-business cooperation necessary: Justice Official. The Washington Times. October 28,

9 2014 CYBERSECURITY CAMPAIGN SPONSORS SILVER GOLD SILVER 9

10 Sponsorship Options The Chamber s National Security & Emergency Preparedness Department must raise funds to carry out the cybersecurity campaign. Four roundtables, an international event, and the summit are being planned. The Chamber offers organizations several sponsorship opportunities. Value Proposition 10

11 I. Platinum ($100K) Incentive: At this level, only one company may represent a single sector (e.g., communications, energy, financial services, or IT). Sponsorship of the U.S. Chamber s Fourth Annual Cybersecurity Summit, October 6, 2015 Logo on promotional materials, website, press releases, invitations, and blog VIP reserved seating Six complimentary invitations for company representatives Display table at event Opportunity to present content during an introduction or to serve on a panel Logo and corporate description in program One time use of attendee list postevent Sponsorship of four regional events in conjunction with local chambers of commerce Logo on promotional materials, website, press releases, invitations, and blog VIP reserved seating Six complimentary invitations for company representatives Display table at event Opportunity to present content during an introduction or to serve on a panel Logo and corporate description in program One time use of attendee list postevent 11

12 II. Enterprise Partnership Two Large Companies Sponsor Jointly ($150K) Incentive: By jointly sponsoring the campaign, each company pays $75K instead of $100K. Sponsorship of the U.S. Chamber s Fourth Annual Cybersecurity Summit, October 6, 2015 Logo on promotional materials, website, press releases, invitations, and blog VIP reserved seating Four complimentary invitations for company representatives Display table at event Opportunity to present content during an introduction or to serve on a panel Logo and corporate description in program One time use of attendee list postevent Sponsorship of two regional events in conjunction with local chambers of commerce Logo on promotional materials, website, press releases, invitations, and blog VIP reserved seating Four complimentary invitations for company representatives Display table at event Opportunity to present content during an introduction or to serve on a panel Logo and corporate description in program One time use of attendee list postevent 12

13 III. Gold ($75K) This is an ideal level for a large company that wants to raise its cybersecurity profile. Sponsorship of the U.S. Chamber s Fourth Annual Cybersecurity Summit, October 6, 2015 Logo on promotional materials, website, press releases, invitations, and blog VIP reserved seating Four complimentary invitations for company representatives Display table at event Opportunity to present content during an introduction or to serve on a panel Logo and corporate description in program One time use of attendee list postevent Sponsorship of two regional events in conjunction with local chambers of commerce Logo on promotional materials, website, press releases, invitations, and blog VIP reserved seating Four complimentary invitations for company representatives Display table at event Opportunity to present content during an introduction or to serve on a panel Logo and corporate description in program One time use of attendee list postevent 13

14 IV. Silver ($50K) The Silver-level was popular in This level is perfect for a midsize business that wants to brand itself with a positive effort or market its cybersecurity solutions. Sponsorship of the U.S. Chamber s Fourth Annual Cybersecurity Summit, October 6, 2015 Logo on promotional materials, website, press releases, invitations, and blog VIP reserved seating Two complimentary invitations for company representatives Display table at event Opportunity to present content during an introduction or to serve on a panel Logo and corporate description in program One time use of attendee list postevent Sponsorship of one regional event in conjunction with local chambers of commerce Logo on promotional materials, website, press releases, invitations, and blog VIP reserved seating Two complimentary invitations for company representatives Display table at event Opportunity to present content during an introduction or to serve on a panel Logo and corporate description in program One time use of attendee list postevent 14

15 V. Cyber Mentorship One Large Company Plus One Small or Midsize Business ($40K) Incentive: Mentor a business in your supply chain and save $10K. Sponsorship of the U.S. Chamber s Fourth Annual Cybersecurity Summit, October 6, 2015 Logo on promotional materials, website, press releases, invitations, and blog VIP reserved seating Two complimentary invitations for company representatives Display table at event Opportunity to present content during an introduction or to serve on a panel Logo and corporate description in program One time use of attendee list postevent Sponsorship of one regional event in conjunction with local chambers of commerce Logo on promotional materials, website, press releases, invitations, and blog VIP reserved seating Two complimentary invitations for company representatives Display table at event Opportunity to present content during an introduction or to serve on a panel Logo and corporate description in program One time use of attendee list postevent 15

16 VI. Association Sponsorship ($20K) Incentive: Association pays $20K total for the four roundtables and the summit. What s not to like! Sponsorship of the U.S. Chamber s Fourth Annual Cybersecurity Summit, October 6, 2015 Logo on promotional materials, website, press releases, invitations, and blog VIP reserved seating Six complimentary invitations for company representatives Display table at event Opportunity to present content during an introduction or to serve on a panel Logo and corporate description in program One time use of attendee list postevent Sponsorship of four regional events in conjunction with local chambers of commerce Logo on promotional materials, website, press releases, invitations, and blog VIP reserved seating Six complimentary invitations for company representatives Display table at event Opportunity to present content during an introduction or to serve on a panel Logo and corporate description in program One time use of attendee list postevent 16

17 VII. Association Partnership Two Associations Sponsor Jointly ($30K) Incentive: Each association pays $15K total for the four roundtables and the summit, instead of $20K. Sponsorship of the U.S. Chamber s Fourth Annual Cybersecurity Summit, October 6, 2015 Logo on promotional materials, website, press releases, invitations, and blog VIP reserved seating Six complimentary invitations for company representatives Display table at event Opportunity to present content during an introduction or to serve on a panel Logo and corporate description in program One time use of attendee list postevent Sponsorship of four regional events in conjunction with local chambers of commerce Logo on promotional materials, website, press releases, invitations, and blog VIP reserved seating Six complimentary invitations for company representatives Display table at event Opportunity to present content during an introduction or to serve on a panel Logo and corporate description in program One time use of attendee list post event *** U.S. Chamber Contacts Ann Beauchesne (abeauchesne@uschamber.com), Senior Vice President Matthew Eggers (meggers@uschamber.com), Senior Director Vincent Voci (vvoci@uschamber.com), Policy Manager Call