Cybersecurity Primer
|
|
- Edwin Bond
- 8 years ago
- Views:
Transcription
1 Cybersecurity Primer August 15, 2014 National Journal Presentation Credits Producer: David Stauffer Director: Jessica Guzik
2 Cybersecurity: Key Terms Cybersecurity Information security applied to computers and networks Cyber incident Cyber attack Cyber threat intelligence National Security System Critical infrastructure A violation of an organization s security policy as a means to access networks or spread malicious codes An attack targeting an enterprise s use of cyberspace to disrupt, disable, destroy, or control a computing infrastructure and its data; types of attacks include, but are not limited to denials-of-service, viruses, malware, and phishing schemes Information about vulnerability of or threat to a government or private sector entity s network; includes information about a network s protection from attackers Any information system that involves intelligence activities, cryptologic activities related to national security, command and control of military forces, or direct fulfillment of military or intelligence missions Physical or virtual assets and systems vital to society; destruction or damage to such assets could debilitate national security, the economy, public health or safety, or the environment Source: Government Accountability Office, 2013; U.S. Department of Commerce, 2003; Center for Strategic and International Studies, 2013, NIST
3 Number of Cyber Incidents Reported Among Federal Agencies Has Increased Nearly Ninefold Since 2006 Number of Incidents Reported to U.S. Computer Emergency Readiness Team (US-CERT), FY Number of reported cyber incidents has lead to a growing concern about cybersecurity and the destructive impact cyber attacks could have on the government, military, private sector, and even personal operations Number of reported cyber incidents has prompted many to urge the U.S. government to provide a greater level of protection from such attacks Rise in reported incidents may also be partially attributed to better reporting; a growing awareness of cyber attacks has led agencies and companies that are part of critical infrastructure to be more forthcoming about threats and incidents Source: Government Accountability Office, 2013; Ellen Nakashima and Danielle Douglas, More Companies Reporting Cybersecurity Incidents, The Washington Post, March 1,
4 Federal Agencies are Vulnerable to a Variety of Cyber Incidents Types of Incidents Reported to US-CERT, FY Scans, probes, attempted access Unauthorized access Unknown or under investigation Malicious code Improper usage Spreading malicious codes, unauthorized access, and improper usage are the most common types of cyber incidents, accounting for 55% of total incidents reported According to the Government Accountability Office, many of these incidents resulted in data loss, data theft, computer intrusions, privacy breaches, and economic loss Source: Government Accountability Office,
5 Threats to Cybersecurity are Decentralized and Diverse Actors Threatening Private and Public Cybersecurity Spyware or Malware Authors Individuals or organizations producing and distributing malware/spyware Business Competitors Companies obtaining sensitive information from rival or target companies to improve their competitive edge Criminal Groups Groups attacking systems for monetary gain Spammers Individuals or organizations distributing unsolicited s with hidden or false information Threats to Cybersecurity Insiders Organization insiders gaining network access to damage or steal system data (e.g. NSA s Edward Snowden) Bot-net Operators Networks of remotely controlled systems coordinating cyber attacks Hackers Individuals or groups gaining unauthorized access into networks for various reasons Nations Foreign governments seeking information to develop information warfare doctrine, programs, and capabilities Phishers Individuals or groups stealing identities or information for monetary gain International Corporate Spies Spies conducting economic and industrial espionage Terrorists Individuals or groups seeking to destroy, incapacitate, or exploit critical infrastructure Cyber threats are caused by individuals and organizations motivated by financial gain, political advantage, and ideological causes Many cyber attacks fall under multiple categories, e.g. a terrorist and a phisher can be one in the same Source: Government Accountability Office, 2013; Congressional Research Service, 2013; 5
6 Government Agencies and Organizations Protect Federal, Private Organizations Against Cyber Threats Agencies Tasked with Protecting Nation s Cybersecurity Department of Homeland Security Responds quickly to cyber vulnerabilities Partners with owners and operators of critical infrastructure, to release actionable cyber alerts Investigates and arrests criminals Educates public on cyber safety Within DHS, United States Computer Emergency Readiness Team (US-CERT) provides cyber threat warning information and coordinates responses Office of Management and Budget Develops and oversees implementation of policies, principles, standards, and guidelines on information security in federal agencies Annually reviews and approves agency information security programs Department of Commerce Oversees Internet Policy Task Force Researches and reviews cybersecurity standards in the commercial sector Within the Department of Commerce, the National Institute of Standards and Technology (NIST) develops minimum security standards for agencies and guidelines for identifying information systems critical to national security Source: Government Accountability Office, 2013; Department of Homeland Security, 2013; Department of Commerce,
7 Cybersecurity Became a Legislative Priority in Past Decade Timeline of Enacted Cybersecurity Legislation Federal Information Security Management Act (FISMA) Establishes a comprehensive, riskbased framework to ensure information security controls over information resources supporting federal operations and assets Comprehensive National Cybersecurity Plan Establishes frontline of defense against network intrusion, enhances U.S. counterintelligence capabilities and expands cyber education National Infrastructure Protection Plan Provides framework integrating a range of efforts and partnerships designed to make the nation s critical infrastructure more safe Executive Order Improving Critical Infrastructure of Cybersecurity, Failure of CISPA EO requires government to share cybersecurity threats with private sector and directs NIST to create best practices for cybersecurity in the private sector; House passes, but Senate does not take action on, major cybersecurity bill CISPA Source: National Journal Research; White House, 2000; Government Accountability Office, 2013; Department of Homeland Security, 2009; Central Intelligence Agency, 2008; Gerry Smith, Senate Won t Vote on CISPA, Deals Blow to Controversial Cyber Bill, HuffPost Tech, April 25,
8 In Executive Order, Private Sector Cooperation Encouraged But Voluntary Cybersecurity Executive Order (EO) Flow of Information Mandated Course of Action Recommendations and detected threats U.S. Executive Branch Ordered National Institute of Standards and Technology (NIST) to create a cybersecurity framework to identify threats and establish guidelines for protection; a first draft was released in February of 2014 Ordered NIST to assess its own performance on privacy Directs all government agencies to provide alerts to the private sector in the event of a threat Private Sector May help NIST develop framework May volunteer to comply with cybersecurity framework May help to protect critical infrastructure, e.g., electrical grids, banking systems, and water treatment plants Voluntary Course of Action Obama s 2013 executive order aimed to enhance cybersecurity by establishing a synergetic framework between the private sector and government agencies Government agencies must share information about alerts, threats, and vulnerabilities with private sector In return, private sector entities are advised, though not required, to help NIST develop a stronger cybersecurity framework Source: Brian Fung, Why Some Privacy Advocates Are Grinning Over Obama s Cybersecurity Order, National Journal, Feb. 13, 2013; Michael S. Schmidt and Nicole Perlroth, Obama Order Gives Firms Cyberthreat Information, New York Times, Feb. 12, 2013; Chenxi Wang, Obama s Cybersecurity Executive Order: Heart in the Right Place But There Is Little Teeth, Forbes, Feb. 14, National Institute of Standards and Technology, Framework for Improving Critical Infrastructure Cybersecurity, Version 1.0, Feb. 12,
9 Executive Order Struggles with Implementation Process of Implementing Cybersecurity Information Sharing EO DHS Communications Service Providers Critical Infrastructure Sectors Participating Not Participating Defense Telecomm Energy Chemical Certifies To provide sharing services and utilities to Critical Manufacturing Dams Emergency Services Food and Agriculture Financial Services Health Care Nuclear Water IT Transportation Government Facilities Commercial Facilities The information sharing program outlined in the 2013 EO has only reached three of 16 critical infrastructure industries DHS does not directly advertise or maintain the program, instead relying on private service providers for those functions; government information provided through the program is free, but companies must purchase the data sharing services and utilities from private providers Currently, only two service providers, CenturyLink and AT&T, have applied and been approved for the program Source: Aliya Sternstein, Who Receives Hacker Threat Info From DHS? NextGov, August 11, 2014; Department of Homeland Security, Critical Infrastructure Sectors. 9
10 Program Has a Chicken-and-Egg Problem of Low Participation Barriers to Participation in Information Sharing Program Limited number of communications service providers participating Because critical infrastructure sectors aren t participating, because The executive order currently has a chicken-and-egg problem; the program needs more service providers to expand the service to all 16 critical infrastructure sectors, but because so few sectors are currently involved, few service providers are interested in expanding into the program Moreover, there are barriers for service providers: the current accreditation process for service providers takes eight months, and the investment that companies need to make to get clearance for employees to view the information and build secure communications networks to protect the information is formidable Source: Aliya Sternstein, Who Receives Hacker Threat Info From DHS?, NextGov, August 11, 2014; Department of Homeland Security, Critical Infrastructure Sectors. 10
11 In 2014, Congress Advanced Legislation to Increase Cybersecurity Sharing Participation Timeline of Recent Legislative Action on Cybersecurity June 2014 July July 28, 2014 July 31, 2014 The Cyber Information Sharing Act (CISA) is introduced in the Senate, removing legal barriers for companies to share information about cybersecurity threats and providing liability protection for companies who share such information The Senate Select Committee on Intelligence approves CISA and sends it to the Senate floor for debate Liability protection would allow protection from civil action, regardless of prior contracts that may prevent sharing information without a customer s consent The House passes three bills: The National Cybersecurity and Critical Infrastructure Protection Act, which creates a civilian agency under DHS to handle cyber information sharing between the government and private industries and organizations for security purposes; The Critical Infrastructure Research and Development Advancement Act, which directs DHS to develop a strategic plan for cybersecurity protection; and The Homeland Security Boots-On-The-Ground Act, which requires DHS to develop occupation classifications for individuals performing cybersecurity functions The Cyber Information Sharing Tax Credit Act is introduced in the Senate, providing tax credits to private companies who share information regarding cybersecurity threats with security research organizations Sources: Gregory S. McNeal, Controversial Cybersecurity Bill Known As CISA Advances Out Of Senate Committee, Forbes, July 9, 2014; Steve Augustino, Jameson Dempsy and Dawn Damschen, Could 2014 Be The Year for Cybersecurity Sharing Legislation? Above The Law, July 14, 2014; Mary-Louise Hoffman, Sen. Kirsten Gillibrand Proposes Tax Incentves To Spur Cyber Intel Sharing, ExecutiveGov, August 4, 2014; Eric Chabrow, How House Passed 3 Cybersecurity Bills, Bank Info Security, July 29,
12 NIST Framework s Tiers Rate Organizational Preparedness Against Cyber Threats NIST Tiers Risk Management Process Integrated Risk Management Program External Participation Tier I Partial No formalized process, ad hoc and reactive to threats, not informed by organizational needs or current trends Limited awareness of cybersecurity risk and no organization-wide approach to risk management No processes in place to participate in coordination with other entities on cybersecurity Tier II Risk Informed Risk management practices are approved by management but may not be organization-wide policy; risk management may be informed by organizational needs or current trends Awareness of cybersecurity risk at the organizational level, no organizational approach The organization understands it is part of a larger ecosystem but has no formal system for external interaction Tier III Repeatable The organization s risk management practices are formally approved and expressed as policy, and the organization changes those practices based on updated organizational needs and current trends A consistent organization-wide approach to risk management The organization understands its partners and dependencies and receives information from those entities that allows for collaboration and informed responses to threats Tier IV Adaptive A formalized and continuously updating system of cybersecurity practices based on information from previous and current cybersecurity activities An organization-wide approach to managing cybersecurity risk using risk-informed policies and procedures, with cybersecurity risk management as a part of organizational culture Actively shares information with partners to ensure systemic security and defense against a cybersecurity breach Source: National Institute of Standards and Technology, Framework for Improving Critical Infrastructure Cybersecurity, Version 1.0, Feb. 12, 2014.
13 Cyber Attacks Cost Private Sector Millions Average Annual Cost of Cyber Attack Damages Per Sector in FY 2012 In millions of dollars Cyber attacks were most costly to defense, utilities and energy, and financial services sectors in FY 2012; these sectors spent an average of $19.4 million on cyber attack damages, while all other sectors shown spent an average of $5.7 million Cyber attacks are mostly likely to target defense, utilities, and financial services sectors because they contribute to the nation s critical infrastructure Consumer products, hospitality, and retail sectors spend the least on cyber attack damages because they rarely possess information pertinent to the nation s critical infrastructure * Data is based on survey of 56 companies; cost refers to cost of addressing cyber attack damages Source: 2012 Cost of Cyber Crime Study: United States, Ponemon Institute, October
14 Cyber Attacks Prompt Private Sector to Take Precautions Proactive vs. Reactive Corporate Spending Against Cyber Threats, 2010 Annual Gross Written Premiums for Cybersecurity Private Liability Insurance In millions of dollars Companies spent more on proactive measures labor, capital, or services that assist in avoiding cyber incidents and data breaches in 2010 than on reactive measures expenditures made in response to cyber incidents and data breaches Aligning with this trend is the growth of the cybserinsurance market, which commanded $1 billion in annual premiums in 2012, a 40% increase compared to 2010 Source: Adam Mazmanian, The Cyber Premium, National Journal, June 15, 2012; NIST,
CLIENT UPDATE CRITICAL INFRASTRUCTURE CYBERSECURITY: U.S. GOVERNMENT RESPONSE AND IMPLICATIONS
CLIENT UPDATE CRITICAL INFRASTRUCTURE CYBERSECURITY: U.S. GOVERNMENT RESPONSE AND IMPLICATIONS NEW YORK Jeremy Feigelson jfeigelson@debevoise.com WASHINGTON, D.C. Satish M. Kini smkini@debevoise.com Renee
More informationMyths and Facts about the Cyber Intelligence Sharing and Protection Act (CISPA)
Myths and Facts about the Cyber Intelligence Sharing and Protection Act (CISPA) MYTH: The cyber threat is being exaggerated. FACT: Cyber attacks are a huge threat to American lives, national security,
More informationJOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015
JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015 The following consists of the joint explanatory statement to accompany the Cybersecurity Act of 2015. This joint explanatory statement
More informationNational Cyber Threat Information Sharing. System Strengthening Study
Contemporary Engineering Sciences, Vol. 7, 2014, no. 32, 1755-1761 HIKARI Ltd, www.m-hikari.com http://dx.doi.org/10.12988/ces.2014.411235 National Cyber Threat Information Sharing System Strengthening
More informationCybersecurity and Corporate America: Finding Opportunities in the New Executive Order
Executive Order: In the President s State of the Union Address on February 12, 2013, he announced an Executive Order Improving Critical Infrastructure Cybersecurity (EO) to strengthen US cyber defenses
More informationNIST Cybersecurity Framework What It Means for Energy Companies
Daniel E. Frank J.J. Herbert Mark Thibodeaux NIST Cybersecurity Framework What It Means for Energy Companies November 14, 2013 Your Panelists Dan Frank J.J. Herbert Mark Thibodeaux 2 Overview The Cyber
More informationTHE 411 ON CYBERSECURITY, INFORMATION SHARING AND PRIVACY
THE 411 ON CYBERSECURITY, INFORMATION SHARING AND PRIVACY DISCLAIMER Views expressed in this presentation are not necessarily those of our respective Departments Any answers to questions are our own opinions
More informationHow To Write A National Cybersecurity Act
ROCKEFELLER SNOWE CYBERSECURITY ACT SUBSTITUTE AMENDMENT FOR S.773 March 17, 2010 BACKGROUND & WHY THIS LEGISLATION IS IMPORTANT: Our nation is at risk. The networks that American families and businesses
More informationGAO. INFORMATION SECURITY Persistent Weaknesses Highlight Need for Further Improvement
GAO For Release on Delivery Expected at time 1:00 p.m. EDT Thursday, April 19, 2007 United States Government Accountability Office Testimony Before the Subcommittee on Emerging Threats, Cybersecurity,
More informationCybersecurity: Legislation, Hearings, and Executive Branch Documents
CRS Reports & Analysis Print Cybersecurity: Legislation, Hearings, and Executive Branch Documents Rita Tehan, Information Research Specialist (rtehan@crs.loc.gov, 7-6739) View Key CRS Policy Staff May
More informationCybersecurity Information Sharing Legislation Protecting Cyber Networks Act (PCNA) National Cybersecurity Protection Advancement (NCPA) Act
In a flurry of activity, the U.S. House of Representatives last week passed two cybersecurity information sharing bills. Both the House Intelligence Committee and the House Homeland Security Committee
More informationCybersecurity: Legislation, Hearings, and Executive Branch Documents
Cybersecurity: Legislation, Hearings, and Executive Branch Documents Rita Tehan Information Research Specialist November 17, 2015 Congressional Research Service 7-5700 www.crs.gov R43317 Cybersecurity:
More informationPreservation of longstanding, roles and missions of civilian and intelligence agencies
Safeguards for privacy and civil liberties Preservation of longstanding, respective roles and missions of civilian and sharing with targeted liability Why it matters The White House has pledged to veto
More informationWestlaw Journal. What is the Cybersecurity Framework? Risk Management Process And Pathway to Corporate Liability? Expert Analysis
Westlaw Journal Computer & Internet Litigation News and Analysis Legislation Regulation Expert Commentary VOLUME 31, ISSUE 14 / DECEMBER 12, 2013 Expert Analysis The Cybersecurity Framework: Risk Management
More informationBusiness Continuity for Cyber Threat
Business Continuity for Cyber Threat April 1, 2014 Workshop Session #3 3:00 5:30 PM Susan Rogers, MBCP, MBCI Cyberwise CP S2 What happens when a computer program can activate physical machinery? Between
More informationCybersecurity: Legislation, Hearings, and Executive Branch Documents
Cybersecurity: Legislation, Hearings, and Executive Branch Documents Rita Tehan, Information Research Specialist (rtehan@crs.loc.gov, 7-6739) April 17, (R43317) Summary Cybersecurity vulnerabilities challenge
More informationCyber Security and the White House
West Texas Cyber Security Consortium GOVERNMENT IT REPORT White House Tilts Toward Public-Private Cybersecurity Cooperation By John K. Higgins E-Commerce Times Part of the ECT News Network 06/23/14 5:00
More informationCyber Legislation & Policy Developments 2014
Cyber Legislation & Policy Developments 2014 SESSION ID: LAW-Fo2 Michael A. Aisenberg, Esq. Chair, ABA Information Security Committee Policy Task Force ABA Section on Science & Technology Law Principal
More informationLegislative Language
Legislative Language SEC. 1. COORDINATION OF FEDERAL INFORMATION SECURITY POLICY. (a) IN GENERAL. Chapter 35 of title 44, United States Code, is amended by striking subchapters II and III and inserting
More informationHealthcare Cybersecurity Perspectives from the Michigan Healthcare Cybersecurity Council
Healthcare Cybersecurity Perspectives from the Michigan Healthcare Cybersecurity Council Presented by Doug Copley, Chairman Michigan Healthcare Cybersecurity Council Mr. Chairman and Committee Members,
More informationUpdate on U.S. Critical Infrastructure and Cybersecurity Initiatives
Update on U.S. Critical Infrastructure and Cybersecurity Initiatives Presented to Information Security Now! Seminar Helsinki, Finland May 8, 2013 MARK E. SMITH Assistant Director International Security
More informationHow to get from laws to technical requirements
How to get from laws to technical requirements And how the OPM hack relates technology, policy, and law June 30, 2015 Isaac Potoczny-Jones ijones@galois.com www.galois.com Galois, Inc. Overview Outline!
More informationTHE HUMAN FACTOR AT THE CORE OF FEDERAL CYBERSECURITY
THE HUMAN FACTOR AT THE CORE OF FEDERAL CYBERSECURITY CYBER HYGIENE AND ORGANIZATIONAL PLANNING ARE AT LEAST AS INTEGRAL TO SECURING INFORMATION NETWORKS AS FIREWALLS AND ANTIVIRUS SOFTWARE Cybersecurity
More informationCYBER SECURITY GUIDANCE
CYBER SECURITY GUIDANCE With the pervasiveness of information technology (IT) and cyber networks systems in nearly every aspect of society, effectively securing the Nation s critical infrastructure requires
More informationHow To Protect Yourself From Cyber Crime
Cybersecurity: Authoritative Reports and Resources Rita Tehan Information Research Specialist October 25, 2013 Congressional Research Service 7-5700 www.crs.gov R42507 c11173008 Cybersecurity: Authoritative
More informationWhat are you trying to secure against Cyber Attack?
Cybersecurity Legal Landscape Bonnie Harrington Executive Counsel EHS and Product Safety & Cybersecurity GE Energy Management Imagination at work. What are you trying to secure against Cyber Attack? Personally
More informationGAO. CYBERSECURITY Threats Impacting the Nation
GAO For Release on Delivery Expected at 2:00 p.m. EDT Tuesday, April 24, 2012 United States Government Accountability Office Testimony Before the Subcommittee on Oversight, Investigations, and Management,
More information114 th Congress March, 2015. Cybersecurity Legislation and Executive Branch Activity I. ADMINSTRATION S CYBERSECURITY PROPOSALS
114 th Congress March, 2015 Cybersecurity Legislation and Executive Branch Activity I. ADMINSTRATION S CYBERSECURITY PROPOSALS On January 13, 2015, the Administration wrote a letter to Congress urging
More informationS. ll IN THE SENATE OF THE UNITED STATES
OLL0 TH CONGRESS ST SESSION S. ll To secure the United States against cyber attack, to improve communication and collaboration between the private sector and the Federal Government, to enhance American
More informationMiddle Class Economics: Cybersecurity Updated August 7, 2015
Middle Class Economics: Cybersecurity Updated August 7, 2015 The President's 2016 Budget is designed to bring middle class economics into the 21st Century. This Budget shows what we can do if we invest
More informationFEDERAL INFORMATION SECURITY. Mixed Progress in Implementing Program Components; Improved Metrics Needed to Measure Effectiveness
United States Government Accountability Office Report to Congressional Committees September 2013 FEDERAL INFORMATION SECURITY Mixed Progress in Implementing Program Components; Improved Metrics Needed
More informationConfrontation or Collaboration?
Confrontation or Collaboration? Congress and the Intelligence Community Cyber Security and the Intelligence Community Eric Rosenbach and Aki J. Peritz Cyber Security and the Intelligence Community The
More informationCybersecurity Audit Why are we still Vulnerable? November 30, 2015
Cybersecurity Audit Why are we still Vulnerable? November 30, 2015 John R. Robles, CISA, CISM, CRISC www.johnrrobles.com jrobles@coqui.net 787-647-3961 John R. Robles- 787-647-3961 1 9/11-2001 The event
More informationImplementation of the Cybersecurity Executive Order
Implementation of the Cybersecurity Executive Order November 13 th, 2013 Ben Beeson, Partner, Lockton Companies Gerald J. Ferguson, Partner, BakerHostetler Mark Weatherford, Principal, The Chertoff Group
More informationCybersecurity: Authoritative Reports and Resources
Cybersecurity: Authoritative Reports and Resources Rita Tehan Information Research Specialist September 20, 2013 Congressional Research Service 7-5700 www.crs.gov R42507 Cybersecurity: Authoritative Reports
More informationResearch Note The Fight to Define U.S. Cybersecurity and Information Sharing Policy
Research Note The Fight to Define U.S. Cybersecurity and Information Sharing Policy By: Dan Arnaudo Copyright 2013, ASA Institute for Risk & Innovation Keywords: Congress, CISPA, Critical Infrastructure,
More informationData Breaches in the Government Sector. A Rapid7 Research Report
Data Breaches in the Government Sector A Rapid7 Research Report Summary of Report Across all industries, data breaches and the protection of business-critical data remain a top concern. While the government
More informationCybersecurity and United States Policy Issues
Global Security Studies, Summer 2014, Volume 5, Issue 3 Cybersecurity and United States Policy Issues Cristina Berriz Peace, War and Defense Program University of North Carolina at Chapel Hill Chapel Hill,
More informationSharing Cybersecurity Threat Info With the Government -- Should You Be Afraid To Do So?
Sharing Cybersecurity Threat Info With the Government -- Should You Be Afraid To Do So? Bruce Heiman K&L Gates September 10, 2015 Bruce.Heiman@klgates.com (202) 661-3935 Why share information? Prevention
More informationStatement for the Record. Dr. Andy Ozment Assistant Secretary, Cybersecurity and Communications U.S. Department of Homeland Security
Statement for the Record Dr. Andy Ozment Assistant Secretary, Cybersecurity and Communications U.S. Department of Homeland Security Before the United States House of Representatives Committee on Homeland
More informationNew York State Energy Planning Board. Cyber Security and the Energy Infrastructure
New York State Energy Planning Board Cyber Security and the Energy Infrastructure New York State Division of Homeland Security and Emergency Services Office of Cyber Security Office of Cyber Security Overview
More informationCybersecurity: Authoritative Reports and Resources
Cybersecurity: Authoritative Reports and Resources Rita Tehan Information Research Specialist July 11, 2013 CRS Report for Congress Prepared for Members and Committees of Congress Congressional Research
More informationCybersecurity: Authoritative Reports and Resources
Cybersecurity: Authoritative Reports and Resources Rita Tehan Information Research Specialist August 16, 2013 Congressional Research Service 7-5700 www.crs.gov R42507 Cybersecurity: Authoritative Reports
More informationSECTION-BY-SECTION. Section 1. Short Title. The short title of the bill is the Cybersecurity Act of 2012.
SECTION-BY-SECTION Section 1. Short Title. The short title of the bill is the Cybersecurity Act of 2012. Section 2. Definitions. Section 2 defines terms including commercial information technology product,
More informationTHE WHITE HOUSE Office of the Press Secretary
FOR IMMEDIATE RELEASE February 13, 2015 THE WHITE HOUSE Office of the Press Secretary FACT SHEET: White House Summit on Cybersecurity and Consumer Protection As a nation, the United States has become highly
More informationCybersecurity: Authoritative Reports and Resources
Cybersecurity: Authoritative Reports and Resources Rita Tehan Information Research Specialist October 25, 2013 Congressional Research Service 7-5700 www.crs.gov R42507 Report Documentation Page Form Approved
More informationNATIONAL CYBER SECURITY AWARENESS MONTH
NATIONAL CYBER SECURITY AWARENESS MONTH Tip 1: Security is everyone s responsibility. Develop an awareness framework that challenges, educates and empowers your customers and employees to be part of the
More informationComparison of Information Sharing, Monitoring and Countermeasures Provisions in the Cybersecurity Bills
April 4, 2012 Comparison of Information Sharing, Monitoring and Countermeasures Provisions in the Cybersecurity Bills The chart below compares on civil liberties grounds four bills that seek to promote
More informationCYBERSECURITY INFORMATION SHARING BILLS FALL SHORT ON PRIVACY PROTECTIONS
CYBERSECURITY INFORMATION SHARING BILLS FALL SHORT ON PRIVACY PROTECTIONS April 22, 2015 The Center for Democracy and Technology opposes the two cybersecurity information sharing bills that are coming
More informationFBI AND CYBER SECURITY
FBI AND CYBER SECURITY SSA John Caruthers SSA Ken Schmutz SSA Tom Winterhalter Mission The FBI is the only U.S. agency charged with the authority to investigate both criminal and national security investigations.
More informationCYBER-SURVEILLANCE BILL SET TO MOVE TO SENATE FLOOR
CYBER-SURVEILLANCE BILL SET TO MOVE TO SENATE FLOOR July 28, 2015 The Senate is expected to consider the Cybersecurity Information Sharing Act (CISA, S. 754 1 ) on the Senate floor soon. The bill was marked
More informationPRESENTATION TO THE UNIVERSITY SYSTEM OF MARYLAND S BOARD OF REGENTS
CYBERSECURITY PRESENTATION TO THE UNIVERSITY SYSTEM OF MARYLAND S BOARD OF REGENTS by Dr. Lawrence A. Gordon (Lgordon@rhsmith.umd.edu) EY Professor of Managerial Accounting and Information Assurance Affiliate
More informationNH!ISAC"ADVISORY"201.13" NATIONAL"CRITICAL"INFRASTRUCTURE"RESILIENCE"ANALYSIS"REPORT""
National(Health#ISAC#(NH!ISAC) GlobalInstituteforCybersecurity+Research7GlobalSituationalAwarenessCenter NASA SpaceLifeSciencesLaboratory KennedySpaceCenter,FL NH!ISACADVISORY201.13 NATIONALCRITICALINFRASTRUCTURERESILIENCEANALYSISREPORT
More informationCybersecurity: Authoritative Reports and Resources
Cybersecurity: Authoritative Reports and Resources Rita Tehan Information Research Specialist July 18, 2013 CRS Report for Congress Prepared for Members and Committees of Congress Congressional Research
More informationHow Cybersecurity Initiatives May Impact Operators. Ross A. Buntrock, Partner ross.buntrock@agg.com 202.669.0495
How Cybersecurity Initiatives May Impact Operators Ross A. Buntrock, Partner ross.buntrock@agg.com 202.669.0495 Agenda! Rise in Data Breaches! Effects of Increase in Cybersecurity Threats! Cybersecurity
More informationITL BULLETIN FOR SEPTEMBER 2012 REVISED GUIDE HELPS ORGANIZATIONS HANDLE SECURITY-RELATED INCIDENTS
ITL BULLETIN FOR SEPTEMBER 2012 REVISED GUIDE HELPS ORGANIZATIONS HANDLE SECURITY-RELATED INCIDENTS Shirley Radack, Editor Computer Security Division Information Technology Laboratory National Institute
More informationTestimony of Matthew Rhoades Director Cyberspace & Security Program Truman National Security Project & Center for National Policy
Testimony of Matthew Rhoades Director Cyberspace & Security Program Truman National Security Project & Center for National Policy House Committee on Homeland Security Subcommittee on Cybersecurity, Infrastructure
More informationPREPUBLICATION COPY. More Intelligent, More Effective Cybersecurity Protection
More Intelligent, More Effective Cybersecurity Protection January 2013 Business Roundtable (BRT) is an association of chief executive officers of leading U.S. companies with more than $7.3 trillion in
More informationThe Department of Homeland Security The Department of Justice
The Department of Homeland Security The Department of Justice to Assist Non-Federal Entities to Share Cyber Threat Indicators and Defensive Measures with Federal Entities under the Cybersecurity Information
More informationS. 21 IN THE SENATE OF THE UNITED STATES
II 11TH CONGRESS 1ST SESSION S. 1 To secure the United States against cyber attack, to enhance American competitiveness and create jobs in the information technology industry, and to protect the identities
More informationPresidential Summit Reveals Cybersecurity Concerns, Trends
Portfolio Media. Inc. 860 Broadway, 6th Floor New York, NY 10003 www.law360.com Phone: +1 646 783 7100 Fax: +1 646 783 7161 customerservice@law360.com Presidential Summit Reveals Cybersecurity Concerns,
More informationNIST Cybersecurity Framework Impacting Your Company? April 24, 2014 Presented By Sheila FitzPatrick, NetApp Jeff Greene, Symantec Andy Serwin, MoFo
2014 Morrison & Foerster LLP All Rights Reserved mofo.com NIST Cybersecurity Framework Impacting Your Company? April 24, 2014 Presented By Sheila FitzPatrick, NetApp Jeff Greene, Symantec Andy Serwin,
More informationDEFINING CYBERSECURITY GROWTH CATALYSTS & LEGISLATION
DEFINING CYBERSECURITY GROWTH CATALYSTS & LEGISLATION GROWTH CATALYSTS & LEGISLATION The current policy funding and policy landscape surrounding cybersecurity initiatives and funding is convoluted with
More informationCybersecurity: Authoritative Reports and Resources
Cybersecurity: Authoritative Reports and Resources Rita Tehan Information Research Specialist April 17, 2013 CRS Report for Congress Prepared for Members and Committees of Congress Congressional Research
More informationCyber After Snowden. Can DC Help Protect Your Networks? Matthew Rhoades, Director, Cyberspace & Security Program
Cyber After Snowden Can DC Help Protect Your Networks? Matthew Rhoades, Director, Cyberspace & Security Program Truman Project Members Cyberspace & Security Program Agenda Looking Back How we got here
More informationLegislative Proposals for the Maryland Commission on Cyber Security Innovation and Excellence
Legislative Proposals for the Maryland Commission on Cyber Security Innovation and Excellence December 6, 2012 Michael Greenberger Professor of Law Founder and Director, CHHS Legislative Proposals Maryland
More informationCyber Side-Effects: How Secure is the Personal Information Entered into the Flawed Healthcare.gov? Statement for the Record
Cyber Side-Effects: How Secure is the Personal Information Entered into the Flawed Healthcare.gov? Statement for the Record Roberta Stempfley Acting Assistant Secretary for Cybersecurity and Communications
More informationLegislative Language
Legislative Language SECTION 1. DEPARTMENT OF HOMELAND SECURITY CYBERSECURITY AUTHORITY. Title II of the Homeland Security Act of 2002 (6 U.S.C. 121 et seq.) is amended (a) in section 201(c) by striking
More informationBy: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015
Community Bank Auditors Group Cybersecurity What you need to do now June 9, 2015 By: Gerald Gagne MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2015 Wolf & Company, P.C. Cybersecurity
More informationworking group on foreign policy and grand strategy
A GRAND STRATEGY ESSAY Managing the Cyber Security Threat by Abraham Sofaer Working Group on Foreign Policy and Grand Strategy www.hoover.org/taskforces/foreign-policy Cyber insecurity is now well established
More informationPOLICIES TO MITIGATE CYBER RISK
POLICIES TO MITIGATE CYBER RISK http://www.tutorialspoint.com/information_security_cyber_law/policies_to_mitigate_cyber_risk.htm Copyright tutorialspoint.com This chapter takes you through the various
More informationGAO CYBERSECURITY. National Strategy, Roles, and Responsibilities Need to Be Better Defined and More Effectively Implemented
GAO United States Government Accountability Office Report to Congressional Addressees February 2013 CYBERSECURITY National Strategy, Roles, and Responsibilities Need to Be Better Defined and More Effectively
More informationGAO CYBERSECURITY HUMAN CAPITAL. Initiatives Need Better Planning and Coordination
GAO November 2011 United States Government Accountability Office Report to the Chairman, Subcommittee on Immigration, Refugees, and Border Security, Committee on the Judiciary U.S. Senate CYBERSECURITY
More informationThe Comprehensive National Cybersecurity Initiative
The Comprehensive National Cybersecurity Initiative President Obama has identified cybersecurity as one of the most serious economic and national security challenges we face as a nation, but one that we
More information1851 (d) RULE OF CONSTRUCTION. Nothing in this section shall be construed to (1) require a State to report data under subsection
U:\REPT\OMNI\FinalOmni\CPRT--HPRT-RU00-SAHR-AMNT.xml 0 (d) RULE OF CONSTRUCTION. Nothing in this section shall be construed to () require a State to report data under subsection (a); or () require a non-federal
More informationCyber Threat Intelligence and Incident Coordination Center (C 3 ) Protecting the Healthcare Industry from Cyber Attacks
Cyber Threat Intelligence and Incident Coordination Center (C 3 ) Protecting the Healthcare Industry from Cyber Attacks July 2014 Cyber Threat Intelligence and Incident Coordination Center: Protecting
More informationLessons from Defending Cyberspace
Lessons from Defending Cyberspace The Challenge of Addressing National Cyber Risk Andy Purdy Workshop on Cyber Security Center for American Studies, Christopher Newport College 10 28-2009 Cyber Threat
More informationThe Dow Chemical Company. statement for the record. David E. Kepler. before
The Dow Chemical Company statement for the record of David E. Kepler Chief Sustainability Officer, Chief Information Officer, Business Services and Executive Vice President before The Senate Committee
More informationThe 2009 State of Cybersecurity from the Federal CISO s Perspective An (ISC) 2 Report. April 2009
The 2009 State of Cybersecurity from the Federal CISO s Perspective An (ISC) 2 Report April 2009 The State of Cybersecurity from the Federal CISO s Perspective An (ISC) 2 Report Executive summary Governments
More informationWhy you should adopt the NIST Cybersecurity Framework
www.pwc.com/cybersecurity Why you should adopt the NIST Cybersecurity Framework May 2014 The National Institute of Standards and Technology Cybersecurity Framework may be voluntary, but it offers potential
More informationBilling Code: 3510-EA
Billing Code: 3510-EA DEPARTMENT OF COMMERCE Office of the Secretary National Institute of Standards and Technology National Telecommunications and Information Administration [Docket Number: 130206115-3115-01]
More informationWhite Paper on Financial Industry Regulatory Climate
White Paper on Financial Industry Regulatory Climate According to a 2014 report on threats to the financial services sector, 45% of financial services organizations polled had suffered economic crime during
More informationDIVISION N CYBERSECURITY ACT OF 2015
H. R. 2029 694 DIVISION N CYBERSECURITY ACT OF 2015 SEC. 1. SHORT TITLE; TABLE OF CONTENTS. (a) SHORT TITLE. This division may be cited as the Cybersecurity Act of 2015. (b) TABLE OF CONTENTS. The table
More informationCybersecurity Awareness. Part 1
Part 1 Objectives Discuss the Evolution of Data Security Define and Discuss Cybersecurity Review Threat Environment Part 1 Discuss Information Security Programs s Enhancements for Cybersecurity Risks Threat
More informationComputer Network Security & Privacy Protection
Overview Computer Network Security & Privacy Protection The Nation s electronic information infrastructure is vital to the functioning of the Government as well as maintaining the Nation s economy and
More informationDefending Against Data Beaches: Internal Controls for Cybersecurity
Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity
More informationThe FBI Cyber Program. Bauer Advising Symposium //UNCLASSIFIED
The FBI Cyber Program Bauer Advising Symposium October 11, 2012 Today s Agenda What is the threat? Who are the adversaries? How are they attacking you? What can the FBI do to help? What can you do to stop
More information2 Gabi Siboni, 1 Senior Research Fellow and Director,
Cyber Security Build-up of India s National Force 2 Gabi Siboni, 1 Senior Research Fellow and Director, Military and Strategic Affairs and Cyber Security Programs, Institute for National Security Studies,
More informationOne Hundred Twelfth Congress of the United States of America
S. 3454 One Hundred Twelfth Congress of the United States of America AT THE SECOND SESSION Begun and held at the City of Washington on Tuesday, the third day of January, two thousand and twelve An Act
More informationREVIEW OF MEDICARE CONTRACTOR INFORMATION SECURITY PROGRAM EVALUATIONS FOR FISCAL YEAR 2013
Department of Health and Human Services OFFICE OF INSPECTOR GENERAL REVIEW OF MEDICARE CONTRACTOR INFORMATION SECURITY PROGRAM EVALUATIONS FOR FISCAL YEAR 2013 Inquiries about this report may be addressed
More informationH. R. 5005 11 SEC. 201. DIRECTORATE FOR INFORMATION ANALYSIS AND INFRA STRUCTURE PROTECTION.
H. R. 5005 11 (d) OTHER OFFICERS. To assist the Secretary in the performance of the Secretary s functions, there are the following officers, appointed by the President: (1) A Director of the Secret Service.
More informationInternet Safety and Security: Strategies for Building an Internet Safety Wall
Internet Safety and Security: Strategies for Building an Internet Safety Wall Sylvanus A. EHIKIOYA, PhD Director, New Media & Information Security Nigerian Communications Commission Abuja, NIGERIA Internet
More informationCybersecurity Executive Order
Cybersecurity Executive Order February 14, 2013 Michael DuBose, Kroll Advisory Solutions Gerald J. Ferguson, BakerHostetler Jason Straight, Kroll Advisory Solutions Theodore J. Kobus III, BakerHostetler
More informationSTATEMENT OF JOSEPH M. DEMAREST, JR. ASSISTANT DIRECTOR CYBER DIVISION FEDERAL BUREAU OF INVESTIGATION
STATEMENT OF JOSEPH M. DEMAREST, JR. ASSISTANT DIRECTOR CYBER DIVISION FEDERAL BUREAU OF INVESTIGATION BEFORE THE SUBCOMMITTEE ON CRIME AND TERRORISM COMMITTEE ON JUDICIARY UNITED STATES SENATE ENTITLED:
More informationStatement for the Record. Richard Bejtlich. Chief Security Strategist. FireEye, Inc. Before the. U.S. House of Representatives
Statement for the Record Richard Bejtlich Chief Security Strategist FireEye, Inc. Before the U.S. House of Representatives Committee on Energy and Commerce Subcommittee on Oversight and Investigations
More informationThe NIST Cybersecurity Framework
View the online version at http://us.practicallaw.com/5-599-6825 The NIST Cybersecurity Framework RICHARD RAYSMAN, HOLLAND & KNIGHT LLP AND JOHN ROGERS, BOOZ ALLEN HAMILTON A Practice Note discussing the
More informationCybersecurity and Information Sharing: Comparison of H.R. 1560 and H.R. 1731
Cybersecurity and Information Sharing: Comparison of H.R. 1560 and H.R. 1731 Eric A. Fischer Senior Specialist in Science and Technology April 20, 2015 Congressional Research Service 7-5700 www.crs.gov
More informationCyber security Time for a new paradigm. Stéphane Hurtaud Partner Information & Technology Risk Deloitte
Cyber security Time for a new paradigm Stéphane Hurtaud Partner Information & Technology Risk Deloitte 90 More than ever, cyberspace is a land of opportunity but also a dangerous world. As public and private
More information