AT&T Cybersecurity Policy Overview

Transcription

1 AT&T Cybersecurity Policy Overview Chris Boyer AVP Public Policy July 24, AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies.

2 The cyber security challenge What are we seeing everyday? Ever-expanding power of the global network and reliance on Information and Communications Technology increases the vulnerability to attacks Business trends impacting security needs Globalization Wide variety of threats growing more sophisticated Dynamics and complexity of technology/applications adding to threat Global in scope Increasingly difficult for systems administrators and users to manage complex security solutions Virtualization Mobility Cloud Driving increased complexity (including security challenges)

3 Addressing cybersecurity is a shared responsibility 3

4 Communications sector is part of the solution HOLISTIC: Premise & Network Internet & Intranet Fixed & Mobile CENTRALIZED: Integrated Management and Monitoring CURRENT: Updated and Timely Protection PROACTIVE: See Trouble and Stop It Before It Happens Headquarters Data Center Remote Worker VPN Remote Access Manage d FW Prem Based FW Portal Remote US Branch Security GNOC Global, and Regional IP Networks Reports Network Based FW Internet Int l Branch Site to Site VPN Mobile Worker VPN Remote Access Comprehensive, integrated, and resilient security frameworks designed and operated for highly competitive markets 4

5 AT&T Global Network Operations Center (GNOC) 5

6 Public private partnerships are the foundation for pubic policy addressing for cybersecurity Public-private partnerships have fostered information sharing and served as a foundation for U.S. critical infrastructure protection and cybersecurity policy for over a decade. During that time, the Federal government and the private sector have engaged in a number of forums on cybersecurity and information and communications infrastructure issues. - The White House Cyberspace Policy Review 6

7 Communications sector partnership NSTAC National Security Telecommunications Advisory Committee White House 60 Day Review National Strategic on Secure Online Transactions Promoted NCCIC Private Sector Info-Sharing Pilot CSCWG Cross Sector Cybersecurity Working Group CSCC Comms Sector Coordinating Council Project 12 (CNCI) National Cyber Incident Response Plan 7 DHS-NCCIC National Cybersecurity and Communications Integrated Center On call 24/7 Physical/Cyber Members of Cyber Unified coordination Group DOD Defense Industrial Base (DIB) Pilot CERT/CC (DARPA) Computer Emergency Response Team (Coordination Center)

8 Federal agency/public private partnership activity White House DHS Commerce FCC White House legislative proposal (2011) National Strategy for Trusted Identities in Cyberspace (NSTIC) White House cybersecurity coordinator (2009) Cyberspace Policy Review 60 Day (2009) 2012 National Sector Risk Assessment (NSRA) Comms Sector Coordinating Council (C- SCC) 2012 National Level Exercise (MS-ISAC, State, Local and Tribal Territorial Government Coordinating Council) National Cyber Incident Response Plan (NCIRP) National Cybersecurity Integration Command Center (NCICC) National Security Telecommunications Advisory Committee (NSTAC) National Coordinating Center (C-ISAC) National Security Information Exchange (NSIE) DIB Pilot NTIA Internet Task Force Botnet RFI Industry Botnet Group (IBG) NTIA Cybersecurity RFI NTIA Green Paper RFI NIST National Initiative for Cybersecurity Education (NICE) Smart Grid Cybersecurity Working Group NSTIC Program Office Communications Security Reliability and Interoperability Council (CSRIC) FCC Cybersecurity Roadmap FCC Cybersecurity Certification NOI Network Reliability and Interoperability Council (NRIC) (Predecessor to CSRIC) 8

9 Sample Partnership and Collaborative Organizations 9

10 Policy Considerations for State Governments Engage Federal and state organizations in public/private partnership framework Leverage existing initiatives; e.g., MS-ISAC; State, Local Territorial and Tribal Coordinating Council; FEMA, National Level Exercise etc.) Organize state resources/coordinate response in the event of a major cyber incident; e.g., FEMA National Level Exercise, State EMOs, State CIOs, State Departments of Homeland Security etc.) Preserve private sector incentives for investment, innovation; and flexibility to respond to threats. There is no one-sized fits all solution to cybersecurity. Enhance and create awareness and education programs support National Cybersecurity Awareness Month, STOP THINK CONNECT, work to build computer security and digital citizenship into classroom curriculum at K-12 and university level. Increase support for law enforcement in pursuing cyber criminals Lead by example deploy cyber security solutions across state government systems

11 Thank You!