Cybersecurity and Corporate America: Finding Opportunities in the New Executive Order
|
|
- Barnard Mason
- 8 years ago
- Views:
Transcription
1 Executive Order: In the President s State of the Union Address on February 12, 2013, he announced an Executive Order Improving Critical Infrastructure Cybersecurity (EO) to strengthen US cyber defenses by increasing information sharing, and developing standards to protect national security, our jobs and our privacy. Cybersecurity and Corporate America: Finding Opportunities in the New Executive Order The Obama Administration is taking steps to address/focus on cyber attacks on critical US infrastructure the cyber identity theft, economic espionage, and sabotage activities that President Obama has called real threats to our security and our economy. 1 These measures represent the Administration s next steps in attempting to organize an in-depth defense of key assets, and the Federal Government is inviting the private sector to help shape and support this effort. Businesses with a proactive approach to cybersecurity may find opportunities in recent measures the Administration has announced. US CEOs anticipating cyberattacks more than global counterparts How likely is a cyberattack or major disruption of the internet? Unlikely to occur 32% US CEOs 31% Likely to occur 44% Global CEOs 20% 37% Not sure 35% Base: US: 167; Global: 1,330. Source:, 16th Annual Global CEO Survey, Quote from the State of the Union speech
2 In the President s State of the Union Address on February 12, 2013, he announced an Executive Order (EO), Improving Critical Infrastructure Cybersecurity to strengthen US cyber defenses by increasing information sharing, and developing standards to protect national security, our jobs and our privacy. President Obama also called on Congress to act on cybersecurity by passing cybersecurity legislation to give the US Government a greater capacity to secure its networks and deter attacks. The following day, Rep. Mike Rogers (R-MI) and Rep. Dutch Ruppersberger (D-MD), the chairman and ranking minority member of the House Permanent Select Committee on Intelligence, reintroduced the Cyber Intelligence Sharing and Protection Act (CISPA), which last year passed the House but stalled in the Senate. The proposed legislation would enable the US Government to share classified information with the private sector, encourage American businesses to share cyber threat information within the private sector, and provide liability protection for companies that act to protect their own networks or share threat information with others. These steps aim to increase the sharing of threat information among US companies and government agencies. Effective information sharing would impact more than the US economy, given the global nature of many US corporations. It may also raise challenging questions for multinational companies such as whether all global operating units would receive the same access as US-based entities. The initial heavy lifting of defining and fleshing out the EO guidelines falls to federal agencies, working on a deadline that must be met before any effects are felt in the private sector. In particular, a great deal of work is assigned to the Department of Homeland Security (DHS), the Department of Commerce s National Institute of Standards and Technology (NIST), and the Office of the Director of National Intelligence (ODNI). The EO also creates several areas where the government will consult with the private sector. This gives companies an opportunity to shape their future cybersecurity environment in the three critical areas that follow. Step One: Expanding public-private information sharing by mid-june The EO directs DHS and the Department of Justice (DOJ), in consultation with the ODNI, to step up the 'volume, timeliness, and quality' of cybersecurity threat information, both unclassified and classified, that is given the private sector. The EO also calls on DHS to make better use of private sector experts temporarily assigned to US government roles, as a means of better understanding what kind of information would be most useful to critical infrastructure owners and operators in mitigating cyber threats. This initiative might give the private sector a chance to guide the effective use of government information on cyber threats. Questions you should be asking now: Do you have a threat-based, asset-focused cybersecurity plan? Companies that know what they should be protecting will likely have the edge in seeking threat information from the Federal Government. Intelligence like this is a key element in a cybersecurity strategy. Knowing what questions to ask is the first step in getting the information you need to protect yourself. Page 2
3 Do you know how an adversary looks at your organization? Companies that actively participate in public-private information sharing will likely have a sharper understanding of the current threat environment and better insights into what the threats are, what their adversaries are after, and what techniques they use. Do you have a public-private partnership (PPP) strategy? As the Government s information sharing strategy evolves, companies that already have a solid understanding of the benefits of teaming with the right public sector partners will have the edge in protecting themselves in cyberspace. A comprehensive PPP strategy will help address the two-way flow of information sharing what companies receive and what they share. Step Two: Identifying and prioritizing US Critical Infrastructure by mid-july According to the EO, by mid-july 2013, DHS is required to identify the critical infrastructure that is 'at great risk'. While the specifics of this process have not been spelled out, the goal is to identify critical infrastructure where a cybersecurity incident might reasonably result in catastrophic regional or national effects on public health or safety, economic security, or national security. Once DHS has prioritized these critical infrastructure entities, it will confidentially notify the owners/operators. Entities will have an opportunity to appeal the designation. The EO does not identify specific sectors, but it explicitly exempts commercial information technology (IT) products or consumer IT services. Companies can help shape DHS s voluntary critical infrastructure security program and contribute ideas on what incentives DHS will offer to promote the voluntary program. The EO tasks DHS with outlining these incentives by mid-june 2013, but it is not yet known how DHS will develop these. Companies that do business with the Federal Government should note that the EO directs the DOD and the General Services Administration (GSA) to recommend ways to incorporate cybersecurity requirements in federal procurements and contracting by mid-july. This might have a significant impact on both supply-chain security and contracting costs. Questions you should be asking now: Do you know what your cybersecurity strategy is protecting? You should already have a solid understanding of whether your company s assets and activities are considered critical to the US Government. An effective risk-based cybersecurity strategy that focuses on resilience can give you the insights you need to explain why your company should or should not be identified as part of the critical infrastructure. It can prepare you to consider the reason, risk, and potential regulatory implications of being designated as critical infrastructure, and what that means for your strategy. It can also leave you better positioned to compete for federal contracts that have more explicit cybersecurity requirements. Everyone in your company should have a shared view of what the cybersecurity strategy is protecting and what their role in it is. Can you explain your corporate cybersecurity strategy to others? Corporate leaders with a clear vision of how cybersecurity protects both their company s value and US security can be much more effective in outlining their cybersecurity expectations and limitations to government agencies and industry counterparts. This is particularly true for those that may face increased costs to secure their supply chains in response to DOD or GSA regulatory requirements. Page 3
4 Are you prepared to have a dialogue with DHS on incentives that can help you further strengthen your cybersecurity strategy? Now is the time for corporate leaders to make note of what barriers exist to further investing in their cybersecurity strategy. Identifying what incentives the government can provide to remove those barriers may greatly accelerate your security posture and help further mitigate risks to your organization. Step Three: Building a Cybersecurity Framework by mid-august The Department of Commerce s NIST is tasked with developing a 'Cybersecurity Framework' that is to include standards, procedures, and guidelines to align business, policy, and technological approaches to cyber risk. The framework will be voluntary and consensus-driven. According to Michael Daniel, the White House cybersecurity coordinator, NIST will work with industry to identify existing voluntary consensus standards and industry best practices to incorporate into the framework. 2 So the framework is likely to be built around practices that already work well in the private sector. Consistent cybersecurity standards across critical infrastructure industries should give owners and operators a roadmap to follow in defending their networks. It is also expected to be an open process that will include public review. While federal agencies such as the Office of Management and Budget (OMB) and the National Security Agency (NSA) will contribute, the private sector should have an opportunity to assess, respond to, and plan for the proposed standards before they take effect. Questions you should be asking now: Is an integrated security strategy a pivotal part of your business model? Forward-leaning companies have a strategy that integrates the full scope of security, including technical, physical, process, and human capital, to protect the business. These companies are in a strong position to advise the government on what works well in a cybersecurity framework. Do you have a secure business ecosystem? Business are now interconnected, integrated and interdependent creating dynamic and evolving business ecosystems. Trusted business relationships and interactions with customers, service providers, suppliers, partners and employees rely on securely sharing information assets and critical data. Companies with a proactive strategy that provides visibility into the scope of the security strategies and practices of the various entities within their ecosystem will likely exceed the baseline standards that will emerge from the NIST process. As cybersecurity standard-bearers, they can also facilitate the sharing of ecosystem best practices within and across industries. Looking beyond the EO: The need to anticipate and evolve If the closer partnership between the private sector and federal agencies called for by the EO takes shape, there are likely to be tangible cybersecurity benefits for all concerned. But the cyber environment will continue to swarm with malicious actors seeking to penetrate organizations to steal sensitive data or disrupt operations. 2 Page 4
5 Successful, resilient enterprises will recognize this fact, which is unlikely to change. These companies will be as smart and adaptive as their adversaries, and constantly developing additional, proactive measures to protect their IT environment. These companies will likely see the EO as an opportunity to strengthen cybersecurity ultimately boosting profits from a cybersecurity strategy that drives value and enhances return on security investments. Other regulatory and legislative changes on the horizon On January 30, the Senate Commerce Committee chaired by Senator Rockefeller released some of the results of the Senator s September 2012 cybersecurity survey of the US Fortune 500 CEOs. Some 60% of those who received the Senator s letter requesting cybersecurity information, or approximately 300 Fortune 500 companies, responded to his survey. According to the committee staff, companies generally were supportive of cybersecurity legislation, with many supporting provisions that increased information sharing between the private sector and the federal government. However, staff also said that many companies raised concerns about any new federal program that would set mandatory cybersecurity requirements, create obligations that would impact their ability to address cybersecurity in a flexible manner, or duplicate efforts already underway, 3 according to a committee press release and report. This year, Congress appears set to take up cybersecurity in multiple bills, just as it did in 2012, focusing on such issues as Federal Information Security Management Act (FISMA) reform, education and workforce incentives, and research and development. The House of Representatives has already taken up the issue of two-way information sharing with the reintroduction of CISPA. That bill appears to reinforce the EO s steps for improving information sharing between business and government, and it also contains language addressing a significant concern of businesses: liability limitation for companies sharing information and acting on threat intelligence provided by the government. The EO itself provides a number of other potential hooks for legislative action, in addition to information sharing. Legislation might refer to the voluntary standards established by the EO s framework, as well as the designations of critical infrastructure owner/operators. Furthermore, regulatory needs identified by sector-specific agencies will highlight many areas ripe for legislative action. Companies should examine bills presented in the Congress for references to processes and products mandated by the EO, and understand how this might change companies regulatory obligations. Which sectors will be designated critical infrastructure? A presidential directive that designated critical infrastructure for protection from terrorism, issued in 2003, may offer clues as to which sectors and companies may receive similar designation from a cybersecurity perspective. Under the directive and subsequent DHS actions, 18 critical infrastructure sectors were identified for protection from terrorist attacks: Agriculture and food Banking and finance Chemical Commercial facilities Communications 3 Earlier in January, Senator John D. Rockefeller (D-WV) and several other Democratic senators introduced the Cybersecurity and American Competitiveness Act. Page 5
6 Critical manufacturing Dams Defense industrial base Emergency services Energy Government facilities Healthcare and public health Information technology National monuments and icons Nuclear reactors, materials, and waste Postal and shipping Transportation (aviation, as well as surface, sub-surface, and water transportation) Water It is likely that several of these sectors will not be covered by the cybersecurity EO. The commercial facilities, government facilities, and national monuments and icons sectors represent high-profile potential terrorist targets, but are less critical from a cyber perspective. The exceptions made for commercial IT products and consumer IT services will exclude much of the IT sector. Page 6
7 An acknowledgement to our authors: Laurie Schive, William Stallsmith, Neal Pollard, Jack Johnson Jr., and Amandeep Lamba For a deeper discussion please contact: David Burg (703) david.b.burg@us.pwc.com Michael Compton (313) michael.d.compton@us.pwc.com Peter Harries (213) peter.harries@us.pwc.com John Hunt (703) john.d.hunt@us.pwc.com Gary Loveland (949) gary.loveland@us.pwc.com Joe Nocera (312) joseph.nocera@us.pwc.com David Roath (646) david.roath@us.pwc.com 2013 PricewaterhouseCoopers LLP, a Delaware limited liability partnership. All rights reserved. refers to the US member firm, and may sometimes refer to the network. Each member firm is a separate legal entity. Please see for further details. This content is for general information purposes only, and should not be used as a substitute for consultation with professional advisors.
Why you should adopt the NIST Cybersecurity Framework
www.pwc.com/cybersecurity Why you should adopt the NIST Cybersecurity Framework May 2014 The National Institute of Standards and Technology Cybersecurity Framework may be voluntary, but it offers potential
More informationCLIENT UPDATE CRITICAL INFRASTRUCTURE CYBERSECURITY: U.S. GOVERNMENT RESPONSE AND IMPLICATIONS
CLIENT UPDATE CRITICAL INFRASTRUCTURE CYBERSECURITY: U.S. GOVERNMENT RESPONSE AND IMPLICATIONS NEW YORK Jeremy Feigelson jfeigelson@debevoise.com WASHINGTON, D.C. Satish M. Kini smkini@debevoise.com Renee
More informationTHE WHITE HOUSE. Office of the Press Secretary. For Immediate Release February 12, 2013. February 12, 2013
THE WHITE HOUSE Office of the Press Secretary For Immediate Release February 12, 2013 February 12, 2013 PRESIDENTIAL POLICY DIRECTIVE/PPD-21 SUBJECT: Critical Infrastructure Security and Resilience The
More informationUpdate on U.S. Critical Infrastructure and Cybersecurity Initiatives
Update on U.S. Critical Infrastructure and Cybersecurity Initiatives Presented to Information Security Now! Seminar Helsinki, Finland May 8, 2013 MARK E. SMITH Assistant Director International Security
More informationIn This Issue: Finance & Legal Edition. Voice. Cybersecurity Developments Raise Growing Regulatory Concerns For Undersea Cable Industry
Voice of the Industry 69 m a r 2013 ISSN 1948-3031 Finance & Legal Edition In This Issue: Cybersecurity Developments Raise Growing Regulatory Concerns For Undersea Cable Industry Current Legal Trends And
More informationAnswering your cybersecurity questions The need for continued action
www.pwc.com/cybersecurity Answering your cybersecurity questions The need for continued action January 2014 Boards and executives keeping a sustained focus on cybersecurity do more than protect the business:
More informationRE: Experience with the Framework for Improving Critical Infrastructure Cybersecurity
October 10, 2014 Ms. Diane Honeycutt National Institute of Standards and Technology 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899 RE: Experience with the Framework for Improving Critical Infrastructure
More informationChanging Legal Landscape in Cybersecurity: Implications for Business
Changing Legal Landscape in Cybersecurity: Implications for Business Presented to Greater Wilmington Cyber Security Group Presented by William R. Denny, Potter Anderson & Corroon LLP May 8, 2014 Topics
More informationReport: An Analysis of US Government Proposed Cyber Incentives. Author: Joe Stuntz, MBA EP 14, McDonough School of Business
S 2 ERC Project: Cyber Threat Intelligence Exchange Ecosystem: Economic Analysis Report: An Analysis of US Government Proposed Cyber Incentives Author: Joe Stuntz, MBA EP 14, McDonough School of Business
More informationWhy Cybersecurity Matters in Government Contracting. Robert Nichols, Covington & Burling LLP
Why Cybersecurity Matters in Government Contracting Robert Nichols, Covington & Burling LLP Cybersecurity is the No. 1 Concern of General Counsel and Directors 2 Cybersecurity Concerns in the Government
More informationWhy you should adopt the NIST Cybersecurity Framework
Why you should adopt the NIST Cybersecurity Framework It s important to note that the Framework casts the discussion of cybersecurity in the vocabulary of risk management Stating it in terms Executive
More informationPREPUBLICATION COPY. More Intelligent, More Effective Cybersecurity Protection
More Intelligent, More Effective Cybersecurity Protection January 2013 Business Roundtable (BRT) is an association of chief executive officers of leading U.S. companies with more than $7.3 trillion in
More informationTHE 411 ON CYBERSECURITY, INFORMATION SHARING AND PRIVACY
THE 411 ON CYBERSECURITY, INFORMATION SHARING AND PRIVACY DISCLAIMER Views expressed in this presentation are not necessarily those of our respective Departments Any answers to questions are our own opinions
More informationNH!ISAC"ADVISORY"201.13" NATIONAL"CRITICAL"INFRASTRUCTURE"RESILIENCE"ANALYSIS"REPORT""
National(Health#ISAC#(NH!ISAC) GlobalInstituteforCybersecurity+Research7GlobalSituationalAwarenessCenter NASA SpaceLifeSciencesLaboratory KennedySpaceCenter,FL NH!ISACADVISORY201.13 NATIONALCRITICALINFRASTRUCTURERESILIENCEANALYSISREPORT
More informationThe Dow Chemical Company. statement for the record. David E. Kepler. before
The Dow Chemical Company statement for the record of David E. Kepler Chief Sustainability Officer, Chief Information Officer, Business Services and Executive Vice President before The Senate Committee
More informationNo. 33 February 19, 2013. The President
Vol. 78 Tuesday, No. 33 February 19, 2013 Part III The President Executive Order 13636 Improving Critical Infrastructure Cybersecurity VerDate Mar2010 17:57 Feb 15, 2013 Jkt 229001 PO 00000 Frm 00001
More informationSeptember 28, 2 012 MEMORANDUM FOR. MR. ANTONY BLINKEN Deputy Assistant to the President and National Security Advisor to the Vice President
004216 THE WHITE HOUSE WASHINGTON MEMORANDUM FOR September 28, 2 012 MR. ANTONY BLINKEN Deputy Assistant to the President and National Security Advisor to the Vice President MR. STEPHEN D. MULL Executive
More informationManaging cyber risks with insurance
www.pwc.com.tr/cybersecurity Managing cyber risks with insurance Key factors to consider when evaluating how cyber insurance can enhance your security program June 2014 Managing cyber risks to sensitive
More informationCybersecurity Primer
Cybersecurity Primer August 15, 2014 National Journal Presentation Credits Producer: David Stauffer Director: Jessica Guzik Cybersecurity: Key Terms Cybersecurity Information security applied to computers
More informationThe NIST Cybersecurity Framework
View the online version at http://us.practicallaw.com/5-599-6825 The NIST Cybersecurity Framework RICHARD RAYSMAN, HOLLAND & KNIGHT LLP AND JOHN ROGERS, BOOZ ALLEN HAMILTON A Practice Note discussing the
More informationDelaware Cyber Security Workshop September 29, 2015. William R. Denny, Esquire Potter Anderson & Corroon LLP
Changing Legal Landscape in Cybersecurity: Implications for Business Delaware Cyber Security Workshop September 29, 2015 William R. Denny, Esquire Potter Anderson & Corroon LLP Agenda Growing Cyber Threats
More informationCybersecurity and Data Breach: Mitigating Risk and How Government Policymakers Approach These Critical Issues
Cybersecurity and Data Breach: Mitigating Risk and How Government Policymakers Approach These Critical Issues Todd Bertoson Daniel Gibb Erin Sheppard Principal Senior Managing Associate Counsel todd.bertoson@dentons.com
More informationSubject: Critical Infrastructure Identification, Prioritization, and Protection
For Immediate Release Office of the Press Secretary The White House December 17, 2003 Homeland Security Presidential Directive / HSPD-7 Subject: Critical Infrastructure Identification, Prioritization,
More informationDecember 17, 2003 Homeland Security Presidential Directive/Hspd-7
For Immediate Release Office of the Press Secretary December 17, 2003 December 17, 2003 Homeland Security Presidential Directive/Hspd-7 Subject: Critical Infrastructure Identification, Prioritization,
More informationWhat are you trying to secure against Cyber Attack?
Cybersecurity Legal Landscape Bonnie Harrington Executive Counsel EHS and Product Safety & Cybersecurity GE Energy Management Imagination at work. What are you trying to secure against Cyber Attack? Personally
More informationVirginia Joint Commission on Technology and Science. Cybersecurity Legislation
Virginia Joint Commission on Technology and Science Cybersecurity Legislation Pending Legislation Widespread agreement of need for legislation Three approaches CISPA Cybersecurity Act of 2012 SECURE IT
More informationWILLIS SPECIAL REPORT: 10K DISCLOSURES HOW RETAIL COMPANIES DESCRIBE THEIR CYBER LIABILITY EXPOSURES
WILLIS SPECIAL REPORT: 10K DISCLOSURES HOW RETAIL COMPANIES DESCRIBE THEIR CYBER LIABILITY EXPOSURES This special report examines the cyber risk disclosures made by the retail sector of the Fortune 1000.
More informationCyber Security and the White House
West Texas Cyber Security Consortium GOVERNMENT IT REPORT White House Tilts Toward Public-Private Cybersecurity Cooperation By John K. Higgins E-Commerce Times Part of the ECT News Network 06/23/14 5:00
More informationCyber After Snowden. Can DC Help Protect Your Networks? Matthew Rhoades, Director, Cyberspace & Security Program
Cyber After Snowden Can DC Help Protect Your Networks? Matthew Rhoades, Director, Cyberspace & Security Program Truman Project Members Cyberspace & Security Program Agenda Looking Back How we got here
More informationMiddle Class Economics: Cybersecurity Updated August 7, 2015
Middle Class Economics: Cybersecurity Updated August 7, 2015 The President's 2016 Budget is designed to bring middle class economics into the 21st Century. This Budget shows what we can do if we invest
More informationThe Comprehensive National Cybersecurity Initiative
The Comprehensive National Cybersecurity Initiative President Obama has identified cybersecurity as one of the most serious economic and national security challenges we face as a nation, but one that we
More informationHow To Write A National Cybersecurity Act
ROCKEFELLER SNOWE CYBERSECURITY ACT SUBSTITUTE AMENDMENT FOR S.773 March 17, 2010 BACKGROUND & WHY THIS LEGISLATION IS IMPORTANT: Our nation is at risk. The networks that American families and businesses
More informationImplementation of the Cybersecurity Executive Order
Implementation of the Cybersecurity Executive Order November 13 th, 2013 Ben Beeson, Partner, Lockton Companies Gerald J. Ferguson, Partner, BakerHostetler Mark Weatherford, Principal, The Chertoff Group
More information10Minutes. on the stark realities of cybersecurity. Cybersecurity is more than an IT challenge it s a business imperative. Menu
10Minutes on the stark realities of cybersecurity April 2013 Cybersecurity is more than an IT challenge it s a business imperative Highlights Business leaders must recognize the exposure and business impact
More informationCybersecurity Enhancement Account. FY 2017 President s Budget
Cybersecurity Enhancement Account FY 2017 President s Budget February 9, 2016 Table of Contents Section 1 Purpose... 3 1A Mission Statement... 3 1.1 Appropriations Detail Table... 3 1B Vision, Priorities
More informationCybersecurity: Legislation, Hearings, and Executive Branch Documents
CRS Reports & Analysis Print Cybersecurity: Legislation, Hearings, and Executive Branch Documents Rita Tehan, Information Research Specialist (rtehan@crs.loc.gov, 7-6739) View Key CRS Policy Staff May
More informationTestimony of. Doug Johnson. New York Bankers Association. New York State Senate Joint Public Hearing:
Testimony of Doug Johnson On behalf of the New York Bankers Association before the New York State Senate Joint Public Hearing: Cybersecurity: Defending New York from Cyber Attacks November 18, 2013 Testimony
More informationAn Overview of Large US Military Cybersecurity Organizations
An Overview of Large US Military Cybersecurity Organizations Colonel Bruce D. Caulkins, Ph.D. Chief, Cyber Strategy, Plans, Policy, and Exercises Division United States Pacific Command 2 Agenda United
More informationResearch Note The Fight to Define U.S. Cybersecurity and Information Sharing Policy
Research Note The Fight to Define U.S. Cybersecurity and Information Sharing Policy By: Dan Arnaudo Copyright 2013, ASA Institute for Risk & Innovation Keywords: Congress, CISPA, Critical Infrastructure,
More informationPROTECTING CRITICAL CONTROL AND SCADA SYSTEMS WITH A CYBER SECURITY MANAGEMENT SYSTEM
PROTECTING CRITICAL CONTROL AND SCADA SYSTEMS WITH A CYBER SECURITY MANAGEMENT SYSTEM Don Dickinson Phoenix Contact USA P.O. Box 4100 Harrisburg, PA 17111 ABSTRACT Presidential Executive Order 13636 Improving
More informationWestlaw Journal. What is the Cybersecurity Framework? Risk Management Process And Pathway to Corporate Liability? Expert Analysis
Westlaw Journal Computer & Internet Litigation News and Analysis Legislation Regulation Expert Commentary VOLUME 31, ISSUE 14 / DECEMBER 12, 2013 Expert Analysis The Cybersecurity Framework: Risk Management
More informationHow Cybersecurity Initiatives May Impact Operators. Ross A. Buntrock, Partner ross.buntrock@agg.com 202.669.0495
How Cybersecurity Initiatives May Impact Operators Ross A. Buntrock, Partner ross.buntrock@agg.com 202.669.0495 Agenda! Rise in Data Breaches! Effects of Increase in Cybersecurity Threats! Cybersecurity
More informationTestimony of. Wm. Douglas Johnson. American Bankers Association. Subcommittee on Information Technology
Testimony of Wm. Douglas Johnson On behalf of the American Bankers Association before the Subcommittee on Information Technology of the Committee on Oversight and Government Reform United States House
More informationCybersecurity Audit Why are we still Vulnerable? November 30, 2015
Cybersecurity Audit Why are we still Vulnerable? November 30, 2015 John R. Robles, CISA, CISM, CRISC www.johnrrobles.com jrobles@coqui.net 787-647-3961 John R. Robles- 787-647-3961 1 9/11-2001 The event
More informationCyber Legislation & Policy Developments 2014
Cyber Legislation & Policy Developments 2014 SESSION ID: LAW-Fo2 Michael A. Aisenberg, Esq. Chair, ABA Information Security Committee Policy Task Force ABA Section on Science & Technology Law Principal
More informationCIP Supply Chain Risk Management (RM15 14 000) Statement of Jacob S. Olcott Vice President, BitSight Technologies January 28, 2016
CIP Supply Chain Risk Management (RM15 14 000) Statement of Jacob S. Olcott Vice President, BitSight Technologies January 28, 2016 My name is Jacob Olcott and I am pleased to share some observations on
More informationSECTION-BY-SECTION. Section 1. Short Title. The short title of the bill is the Cybersecurity Act of 2012.
SECTION-BY-SECTION Section 1. Short Title. The short title of the bill is the Cybersecurity Act of 2012. Section 2. Definitions. Section 2 defines terms including commercial information technology product,
More informationLessons from Defending Cyberspace
Lessons from Defending Cyberspace The Challenge of Addressing National Cyber Risk Andy Purdy Workshop on Cyber Security Center for American Studies, Christopher Newport College 10 28-2009 Cyber Threat
More informationCybersecurity: Legislation, Hearings, and Executive Branch Documents
Cybersecurity: Legislation, Hearings, and Executive Branch Documents Rita Tehan, Information Research Specialist (rtehan@crs.loc.gov, 7-6739) April 17, (R43317) Summary Cybersecurity vulnerabilities challenge
More informationCYBERSECURITY RISK MANAGEMENT
CYBERSECURITY RISK MANAGEMENT Evan Wolff Maida Lerner Peter Miller Kate Growley 233 Roadmap Cybersecurity Risk Overview Cybersecurity Trends Selected Cybersecurity Topics Critical Infrastructure DFARS
More informationJOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015
JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015 The following consists of the joint explanatory statement to accompany the Cybersecurity Act of 2015. This joint explanatory statement
More informationCyber Side-Effects: How Secure is the Personal Information Entered into the Flawed Healthcare.gov? Statement for the Record
Cyber Side-Effects: How Secure is the Personal Information Entered into the Flawed Healthcare.gov? Statement for the Record Roberta Stempfley Acting Assistant Secretary for Cybersecurity and Communications
More information"Cybersecurity: Threats to Communications Networks and Private Sector Responses"
"Cybersecurity: Threats to Communications Networks and Private Sector Responses" Statement of Robert B. Dix, Jr. Vice President, Government Affairs and Critical Infrastructure Protection Juniper Networks
More informationWritten Testimony. Dr. Andy Ozment. Assistant Secretary for Cybersecurity and Communications. U.S. Department of Homeland Security.
Written Testimony of Dr. Andy Ozment Assistant Secretary for Cybersecurity and Communications U.S. Department of Homeland Security Before the U.S. House of Representatives Committee on Oversight and Government
More informationPresidential Summit Reveals Cybersecurity Concerns, Trends
Portfolio Media. Inc. 860 Broadway, 6th Floor New York, NY 10003 www.law360.com Phone: +1 646 783 7100 Fax: +1 646 783 7161 customerservice@law360.com Presidential Summit Reveals Cybersecurity Concerns,
More informationPartnership for Cyber Resilience
Partnership for Cyber Resilience Principles for Cyber Resilience 1. Recognition of interdependence: All parties have a role in fostering a resilient shared digital space 2. Role of leadership: Encourage
More informationHow To Protect Your Data From Being Hacked
Cyber Division & Manufacturing Division Joint Working Group Cyber Security for the Advanced Manufacturing Enterprise Manufacturing Division Meeting June 4, 2014 Michael McGrath, ANSER michael.mcgrath@anser.org
More informationNH-ISAC. Cybersecurity Resilience Securing the Infrastructures that Secure Healthcare & Public Health. The National Health ISAC
Cybersecurity Resilience Securing the Infrastructures that Secure Healthcare & Public Health NH-ISAC National Health Information Sharing & Analysis Center The National Health ISAC Update Briefing Agenda
More informationCyber Security for Advanced Manufacturing Next Steps
Status Update Cyber Security for Advanced Manufacturing Next Steps NDIA Manufacturing Division February 19, 2015 Michael McGrath Consultant, Analytic Services Inc. michael.mcgrath@anser.org NDIA White
More informationActions and Recommendations (A/R) Summary
Actions and Recommendations (A/R) Summary Priority I: A National Cyberspace Security Response System A/R 1-1: DHS will create a single point-ofcontact for the federal government s interaction with industry
More informationGAO CRITICAL INFRASTRUCTURE PROTECTION. Comments on the National Plan for Information Systems Protection. Testimony
GAO United States General Accounting Office Testimony Before the Subcommittee on Technology, Terrorism and Government Information, Committee on the Judiciary, U.S. Senate For Release at 10 a.m. Tuesday,
More informationSempra Energy Utilities response Department of Commerce Inquiry on Cyber Security Incentives APR 29 2013
Sempra Energy Utilities response Department of Commerce Inquiry on Cyber Security Incentives APR 29 2013 Sempra Energy s gas and electric utilities collaborate with industry leaders and a wide range of
More informationGAO CYBERSECURITY. Progress Made but Challenges Remain in Defining and Coordinating the Comprehensive National Initiative
GAO United States Government Accountability Office Report to Congressional Requesters March 2010 CYBERSECURITY Progress Made but Challenges Remain in Defining and Coordinating the Comprehensive National
More informationHow To Understand And Manage Cybersecurity Risk
White Paper A Framework to Gauge Cyber Defenses NIST s Cybersecurity Framework Helps Critical Infrastructure Owners to Cost-Effectively Defend National & Economic Security of the U.S. Executive Summary
More informationCybersecurity: Legislation, Hearings, and Executive Branch Documents
Cybersecurity: Legislation, Hearings, and Executive Branch Documents Rita Tehan Information Research Specialist November 17, 2015 Congressional Research Service 7-5700 www.crs.gov R43317 Cybersecurity:
More informationDefending yesterday. Financial Services. Key findings from The Global State of Information Security Survey 2014
www.pwc.com/security Defending yesterday While organizations have made significant security improvements, they have not kept pace with today s determined adversaries. As a result, many rely on yesterday
More informationCybersecurity: Authoritative Reports and Resources
Cybersecurity: Authoritative Reports and Resources Rita Tehan Information Research Specialist October 25, 2013 Congressional Research Service 7-5700 www.crs.gov R42507 Report Documentation Page Form Approved
More information114 th Congress March, 2015. Cybersecurity Legislation and Executive Branch Activity I. ADMINSTRATION S CYBERSECURITY PROPOSALS
114 th Congress March, 2015 Cybersecurity Legislation and Executive Branch Activity I. ADMINSTRATION S CYBERSECURITY PROPOSALS On January 13, 2015, the Administration wrote a letter to Congress urging
More informationNIST Cybersecurity Framework What It Means for Energy Companies
Daniel E. Frank J.J. Herbert Mark Thibodeaux NIST Cybersecurity Framework What It Means for Energy Companies November 14, 2013 Your Panelists Dan Frank J.J. Herbert Mark Thibodeaux 2 Overview The Cyber
More informationCybersecurity: The Legal, Legislative and Regulatory Outlook
Cybersecurity: The Legal, Legislative and Regulatory Outlook Jamie Barnett Rear Admiral USN (Retired) Co-Chair, Telecommunications Partner in Cybersecurity Practice Cybersecurity Impact and Costs Direct
More informationNational Cyber Security Policy -2013
National Cyber Security Policy -2013 Preamble 1. Cyberspace 1 is a complex environment consisting of interactions between people, software and services, supported by worldwide distribution of information
More informationSupplemental Tool: Executing A Critical Infrastructure Risk Management Approach
Supplemental Tool: Executing A Critical Infrastructure Risk Management Approach Executing a Critical Infrastructure Risk Management Approach Risk is defined as the potential for an unwanted outcome resulting
More informationRemarks for Admiral David Simpson WTA Advocates for Rural Broadband Spring Meeting Cybersecurity Panel
Remarks for Admiral David Simpson WTA Advocates for Rural Broadband Spring Meeting Cybersecurity Panel May 5th, 2015 10:00-11:30 a.m. Hyatt Regency, Indian Wells, CA Thank you all for welcoming me. It
More informationBilling Code: 3510-EA
Billing Code: 3510-EA DEPARTMENT OF COMMERCE Office of the Secretary National Institute of Standards and Technology National Telecommunications and Information Administration [Docket Number: 130206115-3115-01]
More informationistockphoto/ljupco 36 June 2015 practicallaw.com 2015 Thomson Reuters. All rights reserved.
istockphoto/ljupco 36 June 2015 practicallaw.com The NIST Cybersecurity Framework Data breaches in organizations have rapidly increased in recent years. In 2014, the National Institute of Standards and
More informationNational Health Information Sharing & Analysis Center. The National Health ISAC (NH-ISAC) NH-ISAC
National Health Information Sharing & Analysis Center The National Health ISAC (NH-ISAC) NH-ISAC Physical Threats Cyber Impacts 2 (NH-ISAC) National Healthcare & Public Health Cybersecurity Protection
More informationNational Institute of Standards and Technology Smart Grid Cybersecurity
National Institute of Standards and Technology Smart Grid Cybersecurity Vicky Yan Pillitteri Advisor for Information Systems Security SGIP SGCC Chair Victoria.yan@nist.gov 1 The National Institute of Standards
More informationNIPP 2013. Partnering for Critical Infrastructure Security and Resilience
NIPP 2013 Partnering for Critical Infrastructure Security and Resilience Acknowledgments NIPP 2013: Partnering for Critical Infrastructure Security and Resilience was developed through a collaborative
More informationPreventing and Defending Against Cyber Attacks June 2011
Preventing and Defending Against Cyber Attacks June 2011 The Department of Homeland Security (DHS) is responsible for helping Federal Executive Branch civilian departments and agencies secure their unclassified
More informationwww.pwc.com Cybersecurity and Privacy Hot Topics 2015
www.pwc.com Cybersecurity and Privacy Hot Topics 2015 Table of Contents Cybersecurity and Privacy Incidents are on the rise Executives and Boards are focused on Emerging Risks Banking & Capital Markets
More informationWater Sector Initiatives on Cyber Security. Water Sector Cyber Security Symposium Dallas, TX August 15, 2013
Water Sector Initiatives on Cyber Security Water Sector Cyber Security Symposium Dallas, TX August 15, 2013 Presentation Outline The water sector Interdependencies with other critical infrastructure sectors
More informationHow To Protect Yourself From Cyber Crime
Cybersecurity: Authoritative Reports and Resources Rita Tehan Information Research Specialist October 25, 2013 Congressional Research Service 7-5700 www.crs.gov R42507 c11173008 Cybersecurity: Authoritative
More informationCritical Infrastructure Security and Resilience
U.S. Department of Homeland Security in partnership with the National Coordination Office for Space-Based Positioning, Navigation and Timing Critical Infrastructure Security and Resilience International
More informationFEDERAL INFORMATION SECURITY. Mixed Progress in Implementing Program Components; Improved Metrics Needed to Measure Effectiveness
United States Government Accountability Office Report to Congressional Committees September 2013 FEDERAL INFORMATION SECURITY Mixed Progress in Implementing Program Components; Improved Metrics Needed
More informationS. ll IN THE SENATE OF THE UNITED STATES
OLL0 TH CONGRESS ST SESSION S. ll To secure the United States against cyber attack, to improve communication and collaboration between the private sector and the Federal Government, to enhance American
More informationTestimony of Dan Nutkis CEO of HITRUST Alliance. Before the Oversight and Government Reform Committee, Subcommittee on Information Technology
Testimony of Dan Nutkis CEO of HITRUST Alliance Before the Oversight and Government Reform Committee, Subcommittee on Information Technology Hearing entitled: Cybersecurity: The Evolving Nature of Cyber
More informationRESPONSIBLE CARE SECURITY CODE OF MANAGEMENT PRACTICES
RESPONSIBLE CARE SECURITY CODE OF MANAGEMENT PRACTICES Purpose and Scope The purpose of the Security Code of Management Practices is to help protect people, property, products, processes, information and
More informationMyths and Facts about the Cyber Intelligence Sharing and Protection Act (CISPA)
Myths and Facts about the Cyber Intelligence Sharing and Protection Act (CISPA) MYTH: The cyber threat is being exaggerated. FACT: Cyber attacks are a huge threat to American lives, national security,
More informationSTATEMENT OF. Dr. David McClure Associate Administrator Office of Citizen Services and Innovative Technologies General Services Administration
STATEMENT OF Dr. David McClure Associate Administrator Office of Citizen Services and Innovative Technologies General Services Administration BEFORE THE HOUSE COMMITTEE ON HOMELAND SECURITY SUBCOMMITTEE
More informationCybersecurity: Mission integration to protect your assets
Cybersecurity: Mission integration to protect your assets C Y B E R S O L U T I O N S P O L I C Y O P E R AT I O N S P E O P L E T E C H N O L O G Y M A N A G E M E N T Ready for what s next Cyber solutions
More informationCybersecurity Framework: Current Status and Next Steps
Cybersecurity Framework: Current Status and Next Steps Federal Advisory Committee on Insurance November 6, 2014 Adam Sedgewick Senior IT Policy Advisor Adam.Sedgewick@nist.gov National Institute of Standards
More informationWater Critical Infrastructure and Key Resources Sector-Specific Plan as input to the National Infrastructure Protection Plan Executive Summary
Water Critical Infrastructure and Key Resources Sector-Specific Plan as input to the National Infrastructure Protection Plan Executive Summary May 2007 Environmental Protection Agency Executive Summary
More informationStatement of Edward Amoroso, Ph.D. Senior Vice President & Chief Security Officer AT&T. United States House of Representatives
Statement of Edward Amoroso, Ph.D. Senior Vice President & Chief Security Officer AT&T Hearing: DHS s Cybersecurity Mission: Promoting Innovation and Securing Critical Infrastructure United States House
More informationDocket No. DHS-2015-0017, Notice of Request for Public Comment Regarding Information Sharing and Analysis Organizations
Submitted via ISAO@hq.dhs.gov and www.regulations.gov July 10, 2015 Mr. Michael Echols Director, JPMO-ISAO Coordinator NPPD, Department of Homeland Security 245 Murray Lane, Mail Stop 0615 Arlington VA
More informationwww.pwc.com The data breach lifecycle: From prevention to response IAPP global privacy summit March 6, 2014 (4:30-5:30) Draft v8 2-25-14
www.pwc.com The data breach lifecycle: From prevention to response IAPP global privacy summit (4:30-5:30) Draft v8 2-25-14 Common Myths 1. You have not been hacked. 2. Cyber security is about keeping the
More informationLegislative Proposals for the Maryland Commission on Cyber Security Innovation and Excellence
Legislative Proposals for the Maryland Commission on Cyber Security Innovation and Excellence December 6, 2012 Michael Greenberger Professor of Law Founder and Director, CHHS Legislative Proposals Maryland
More informationConfrontation or Collaboration?
Confrontation or Collaboration? Congress and the Intelligence Community Cyber Security and the Intelligence Community Eric Rosenbach and Aki J. Peritz Cyber Security and the Intelligence Community The
More informationDelving Into FCC's 'Damn Important' Cybersecurity Report
Portfolio Media. Inc. 860 Broadway, 6th Floor New York, NY 10003 www.law360.com Phone: +1 646 783 7100 Fax: +1 646 783 7161 customerservice@law360.com Delving Into FCC's 'Damn Important' Cybersecurity
More informationComputer Network Security & Privacy Protection
Overview Computer Network Security & Privacy Protection The Nation s electronic information infrastructure is vital to the functioning of the Government as well as maintaining the Nation s economy and
More information