CSRIC IV - Working Group 4: Cybersecurity Best Practices Status Update



Similar documents
CYBERSECURITY RISK MANAGEMENT AND BEST PRACTICES WORKING GROUP 4: Final Report March 2015

CYBERSECURITY RISK MANAGEMENT AND BEST PRACTICES WORKING GROUP 4: Final Report March 2015

Working Group 5: Remediation of Server-Based DDoS Attacks. Status Update. March 20, 2014

Working Group 5: Remediation of Server-Based DDoS Attacks. Status Update

Working Group 5: Remediation of Server Based DDoS Attacks. Status Update

CSRIC V Working Group Descriptions and Leadership

Delving Into FCC's 'Damn Important' Cybersecurity Report

Remarks for Admiral David Simpson WTA Advocates for Rural Broadband Spring Meeting Cybersecurity Panel

September 28, MEMORANDUM FOR. MR. ANTONY BLINKEN Deputy Assistant to the President and National Security Advisor to the Vice President

September, WORKING GROUP 5 Remediation of Server-Based DDoS Attacks Final Report

National Cybersecurity Challenges and NIST. Donna F. Dodson Chief Cybersecurity Advisor ITL Associate Director for Cybersecurity

How To Protect The Internet From Natural Disasters

( 4EC C11392)

FFIEC Cybersecurity Assessment Tool Overview for Chief Executive Officers and Boards of Directors

TELECOMMUNICATIONS INDUSTRY ASSOCIATION

Release of the Draft Cybersecurity Procurement Language for Energy Delivery Systems

Billing Code: 3510-EA

Docket No. DHS , Notice of Request for Public Comment Regarding Information Sharing and Analysis Organizations

Working Group 6: Best Practice Implementation

Which cybersecurity standard is most relevant for a water utility?

Disaster Emergency Communications Division

PROTECTING CRITICAL CONTROL AND SCADA SYSTEMS WITH A CYBER SECURITY MANAGEMENT SYSTEM

NASCIO 2014 State IT Recognition Awards

NIST Cybersecurity Framework What It Means for Energy Companies

THE EVOLUTION OF CYBERSECURITY

Cybersecurity and Corporate America: Finding Opportunities in the New Executive Order

Cybersecurity for Medical Devices

Top of the World Broadband Summit July 13-14, 2016 Barrow, Alaska

NIST Cybersecurity Framework. ARC World Industry Forum 2014

CForum: A Community Driven Solution to Cybersecurity Challenges

Cybersecurity Audit Why are we still Vulnerable? November 30, 2015

Before the Federal Communications Commission Washington, D.C ) ) ) ) ) COMMENTS OF AMERICAN CABLE ASSOCIATION CONTENTS

The State of 911 Webinar Series. National 911 Program January 24, :00 PM

THE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS

AT&T Cybersecurity Policy Overview

COMMENTS OF THE TELECOMMUNICATIONS INDUSTRY ASSOCIATION

Report on CAP Cybersecurity November 5, 2015

Industrial Control Security

Cybersecurity Framework. Executive Order Improving Critical Infrastructure Cybersecurity

Cybersecurity Risk Information Sharing Program (CRISP): Bi-Directional Trust

Cloud Cyber Incident Sharing Center (CISC) Jim Reavis CEO, Cloud Security Alliance

FFIEC Cybersecurity Assessment Tool

Federal Facilities Council Workshop: Cyber Resilience of Building Control Systems-----Nov 17-19, Washington, DC

How To Write A Cybersecurity Framework

Business and Economics Forum Cyber Security Research and Policy Review. List of Participants

Executive Order 13636: The Healthcare Sector and the Cybersecurity Framework. September 23, 2014

IEEE-Northwest Energy Systems Symposium (NWESS)

National Communications System. December 6, 2007

New Sessions Added Daily

ISA99 Working Group 5 ISA99 Working Group 5

Cybersecurity: Mission integration to protect your assets

Written Statement of Richard Dewey Executive Vice President New York Independent System Operator

Click to edit Master title style

Testimony of Dan Nutkis CEO of HITRUST Alliance. Before the Oversight and Government Reform Committee, Subcommittee on Information Technology

By: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015

Information Security Seminar 2013

IoT & SCADA Cyber Security Services

Why you should adopt the NIST Cybersecurity Framework

Water Security in New Jersey: Partnership and Services

Before the Federal Communications Commission Washington, DC 20554

DHS, National Cyber Security Division Overview

Examining the Evolving Cyber Insurance Marketplace

Transcription:

CSRIC IV - Working Group 4: Cybersecurity Best Practices Status Update March 20, 2014 Co-Chair: Robert Mayer, US Telecom Co-Chair: TBD

Agenda Background and Perspectives Objectives Planned Approach Working Group 4 Leadership and Members Status Next Steps 2

Background and Perspectives In March 2011, CSRIC II, Working Group 2A, Cyber Security Best Practices, delivered their final report 1 containing 397 Best Practices across 9 focus areas including: Wireless, IP Service, Network, People, Legacy Services, Identity Management, Encryption, Vulnerability Management, and Incident Management. In February 2014, NIST delivered their Cybersecurity Framework v1.0 2, in response to the President s Executive Order 13636, Improving Critical Infrastructure Cybersecurity 3. This CSRIC Working Group effort was timed to coincide with the release of the February 2014 Cybersecurity Framework which is focused on five core areas of risk management: Identify, Protect, Detect, Respond, and Recover. 1 http://transition.fcc.gov/pshs/docs/csric/wg2a-cyber-security-best-practices-final-report.pdf 2 http://www.nist.gov/cyberframework/upload/cybersecurity-framework-021214.pdf 3 http://www.gpo.gov/fdsys/pkg/fr-2013-02-19/pdf/2013-03915.pdf 3

Background and Perspectives (cont.) I commend NIST and the many stakeholders who helped develop the Cybersecurity Framework, a significant first step that lays the groundwork to further secure America s critical infrastructure. The FCC was pleased to participate in this process. Now the next phase of hard work begins. It is time to operationalize the framework within the communications sector to keep America s information economy strong. FCC Chairman, Tom Wheeler, February 12, 2014 The Framework allows organizations regardless of size, degree of cyber risk or cybersecurity sophistication to apply the principles and best practices of risk management to improve the security and resilience of critical infrastructure The development of this Framework has jump-started a vital conversation between critical infrastructure sectors and their stakeholders. They can work to understand the cybersecurity issues they have in common and how those issues can be addressed in a cost-effective way without reinventing the wheel. NIST Director, Patrick D. Gallagher, February 12, 2014 4

WG4 Objectives Evaluate CSRIC s most critical existing cybersecurity best practices and determine how best to improve them to account for changes in cybersecurity practice and the threat landscape. Harmonize and update these best practices with the recently released NIST Cybersecurity Framework. Identify aspects of a business environment in which cybersecurityspecific practices will be effective, efficient, and sustainable. Identify barriers to implementing cybersecurity best practices and recommend actions the Commission can take to mitigate those barriers. Produce a final report in March 2015 for communications providers of all size and scope who may use the material to evaluate and improve their cybersecurity posture and communicate needs and expectations internally and with external stakeholders throughout the broader ecosystem. 5

WG4 Planned Approach We organized WG4 around five communications sector segments: Broadcast Cable Wireless Wireline Satellite Each subgroup segment has strong industry representation including representation from small and mid-sized entities. The industry segments will review existing CSRIC cybersecurity BPs and produce a streamlined set of technical and operational BPs that align with the Cybersecurity Framework s five core functions. 6

WG4 Planned Approach (Cont.) The Framework recognized the critical need for executive level engagement to ensure that critical elements of the entire organization are aligned around security best practices. The WG4 Cyber Risk Management subgroup will explore the different organization elements that must work together to achieve a desired security state and the critical factors that lead to a successful and sustainable risk management process. Previous work in CSRIC III Working Group 7 developed an analytical framework to identify barriers to implementing a set of recommendations associated with the U.S. Anti-Bot Code. WG4 will refine that effort to understand how specific practices may be impacted by various considerations (e.g., technology, process, people) and what incentives may be required to address economic hurdles. 7

WG4 Planned Approach (Cont.) It has become increasingly evident that the challenges associated with managing cyber risk are global in nature and involve a diverse set of stakeholders with varying degrees of accountability, capabilities, resources, and motives. In the communications and IT sectors in particular, convergence has created a multitude of shared infrastructures, platforms, and services, which fundamentally alters the balance of responsibilities among service providers, content providers, e-commerce providers, equipment vendors, software and application developers and end-users. WG4 will look at the dynamics in the ecosystem from a carrier/isp perspective to understand how different communities can work together to support common interests and to consider the appropriate venues for such activity to occur. WG4 will recommend that the FCC adopt a revised and updated set of best practices based on the outcome of the analyses across the subgroups and any other recommendations associated with future activities. 8

Leadership Team We have assembled a highly-regarded team of advisors, thought-leaders, and senior cybersecurity practitioners to lead this effort. WG4 Stakeholder Leads NIST/CSRIC Alignment - Segment Leads Broadcast, Kelly Williams, NAB Cable, Matt Tooley, NCTA Wireless, John Marino, CTIA Wireline, Chris Boyer, AT&T Satellite, Donna Bethea Murphy, Iridium Cyber Risk Management, Jack Whitsitt, EnergySec Ecosystem Shared Responsibilities, Co-Leads, Tom Soroka, USTelecom, Brian Scarpelli, TIA WG4 Senior Advisors Donna Dodson, WG4 Senior Technical Advisor, NIST, Deputy Chief Cybersecurity Advisor & Division Chief for Computer Security Division Samara Moore, WG4 Senior Policy Advisor, White House Director of Critical Infrastructure Emily Talaga, WG4 Senior Economic Advisor, Economist, FCC International Bureau Mids/Smalls Co-Leads, Susan Joseph, Cable Labs, Jesse Ward, NTCA 9

WG4 Membership Team 65 members representing the communications sector, and representatives from the energy, financial and IT sectors, standards bodies, vendors, as well as federal and state departments and agencies. Robert Mayer (Chair) Kate Dean Susan Joseph Michael Mosher Danna Valsecchi Samara Moore (Sr. Policy Advisor) Martin Dolly Merike Kaeo Donna Bethea Murphy S. Rao Vasireddy Donna Dodson (Sr. Technical Advisor) Russell Eubanks Kevin Kastor Paul Nguyen Phil Venables Emily Talaga (Sr. Economic Advisor) Paul Ferguson John Kelly Jorge Nieves Joe Viens Vern Mosley (FCC Liaison) Kevin Frank Scot Kight Mike O'Hare Jessie Ward Adrienne Abbott Craig Froelich Kate Kingberger Ron Roman Errol Weiss Brian Allen Chris Garner Rick Krock Chris Roosenraad Jack Whitsitt Chris Boyer Michael Geller Jeremy Larson Harold Salters Kelly Williams Lois Burns Jessica Gulick Greg Lucak Brian Scarpelli Pamela A. Witmer Ingrid Caples Stacy Hartman Ethan Lucarelli Karl Schimmeck Joel Capps Chris Homer John Madden Tom Soroka William Check Charles Hudson, Jr Daniel Madsen Myrna Soto Nneka Chiazor Wink Infinger John Marinho Matt Tooley Edward Czarnecki Chris Jeppson Beau Monday Bill Trelease 10

WG4 Status WG4 has held a kick-off conference call with the Leadership team as well as its working group members to discuss the updated working group description, a preliminary approach reflected in this presentation, and expectations of members participating in this effort. WG4 has established various administrative capabilities (e.g., list-serve, membership contact information), and is working to confirm scheduled conference calls to discuss progress on sub-group tasks and inter-sub-group coordination. 11

Next Steps Firm up WG4 leadership and membership. Reach WG4 consensus on approach, work plan, and make adjustments as necessary. Schedule first face-to-face meeting. Schedule Leadership, Sub-group and Working Group conference calls. Provide periodic status updates to Steering Committee and Council. 12

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information