TITLE HERE Subtitle here. Cloud Standards Customer Council Cloud Industry Symposium June 18, 2014 Boston, MA



Similar documents
The Advanced Cyber Security Center (ACSC): A Cyber Threat Information Sharing Consortium. Bruce J. Bakis, The MITRE Corporation

Bill Guenther, Chairman, CEO and Founder Mass Insight Global Partnerships. Robert F. Brammer, Ph.D., President and CEO Brammer Technology, LLC

CYBER SECURITY INFORMATION SHARING & COLLABORATION

Middle Class Economics: Cybersecurity Updated August 7, 2015

The New England Cybersecurity Consortium

How To Write A National Cybersecurity Act

How Cybersecurity Initiatives May Impact Operators. Ross A. Buntrock, Partner

Cybersecurity in the States 2012: Priorities, Issues and Trends

Written Testimony. Dr. Andy Ozment. Assistant Secretary for Cybersecurity and Communications. U.S. Department of Homeland Security.

Northrop Grumman Cybersecurity Research Consortium

Presidential Summit Reveals Cybersecurity Concerns, Trends

CYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS

NIST Cybersecurity Framework Impacting Your Company? April 24, 2014 Presented By Sheila FitzPatrick, NetApp Jeff Greene, Symantec Andy Serwin, MoFo

Cybersecurity: Authoritative Reports and Resources

Microsoft s cybersecurity commitment

Developing and Enhancing Cyber Security Capabilities in the Region. Khaled Gamo Technology Advisor Ministry of communication and informatics

NASCIO 2014 State IT Recognition Awards

Developing a Mature Security Operations Center

Cyber4sight TM Threat. Anticipatory and Actionable Intelligence to Fight Advanced Cyber Threats

Symantec Managed Security Services The Power To Protect

Cybersecurity: Authoritative Reports and Resources

WRITTEN TESTIMONY OF

RETHINKING CYBER SECURITY Changing the Business Conversation

ICIT - Institute for Critical Infrastructure Technology

Cybersecurity: Authoritative Reports and Resources

Security & privacy in the cloud; an easy road?

Cybersecurity: Mission integration to protect your assets

Cybersecurity Report on Small Business: Study Shows Gap between Needs and Actions

Cybersecurity: Authoritative Reports and Resources

PREPUBLICATION COPY. More Intelligent, More Effective Cybersecurity Protection

Mike Smart Cyber Strategist & Enterprise Security Solutions, EMEA. Cyber: The Catalyst to Transform the Security Program

How To Protect Yourself From Cyber Crime

Cybersecurity Strategic Talent Management. March, 2012

JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015

National Initiative for Cybersecurity Education

2015 CEO & Board University Cybersecurity on the Rise. Matthew J. Putvinski, CPA, CISA, CISSP

Cybersecurity. Are you prepared?

Cybersecurity: Authoritative Reports and Resources

Supplier Vigilance: A Critical Layer of Defense

Dr. Starnes E. Walker Founding Director, Cybersecurity Initiative (302)

Testimony of. Mr. Anish Bhimani. On behalf of the. Financial Services Information Sharing and Analysis Center (FS-ISAC) before the

Australian Government Cyber Security Review

Security for Financial Services: Addressing the Perception Gaps in a Dynamic Landscape

POLICIES TO MITIGATE CYBER RISK

Panel on Emerging Cyber Security Technologies. Robert F. Brammer, Ph.D., VP and CTO. Northrop Grumman Information Systems.

Cybersecurity: Legislation, Hearings, and Executive Branch Documents

For More Information

Healthcare Cybersecurity Perspectives from the Michigan Healthcare Cybersecurity Council

Testimony of Dan Nutkis CEO of HITRUST Alliance. Before the Oversight and Government Reform Committee, Subcommittee on Information Technology

EY Cyber Security Hacktics Center of Excellence

BlacKnight. Cyber Security international A BUSINESS / MARKETING PRESENTATION

Cybersecurity: Authoritative Reports and Resources

The Comprehensive National Cybersecurity Initiative

Government + Enterprise + Innovation + Strategy

The U.S. Department of Homeland Security s Response to Senator Franken s July 1, 2015 letter

Cyber Information-Sharing Models: An Overview

Combating a new generation of cybercriminal with in-depth security monitoring. 1 st Advanced Data Analysis Security Operation Center

Managing the Unpredictable Human Element of Cybersecurity

Testimony of Matthew Rhoades Director Cyberspace & Security Program Truman National Security Project & Center for National Policy

State of Security Survey GLOBAL FINDINGS

Cybersecurity: Considerations for Internal Audit. IIA Atlanta Chapter Meeting January 9, 2015

NIST Cybersecurity Framework What It Means for Energy Companies

Machine-to-Machine Exchange of Cyber Threat Information: a Key to Mature Cyber Defense

PwC Cybersecurity Briefing

Commonwealth Approach to Cybergovernance and Cybersecurity. By the Commonwealth Telecommunications Organisation

Services. Cybersecurity. Capgemini & Sogeti. Guiding enterprises and government through digital transformation while keeping them secure

Cybersecurity: Legislation, Hearings, and Executive Branch Documents

Fast Facts About The Cyber Security Job Market

CyberSkills Management Support Initiative

Accenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges

Manned Information Security

PUBLIC SAFETY CYBER SECURITY

Transcription:

TITLE HERE Subtitle here Cloud Standards Customer Council Cloud Industry Symposium June 18, 2014 Boston, MA

The New England goal and opportunity The Goal: The New England region is committed to be a global leader in confronting current and future cyber security challenges and to reinvigorate Route 128 to be the national cyber security beltway. ACSC and MGHPP White Paper Executive Summary The Opportunity: New England has the right balance of technology firms with security expertise, along with colleges and universities that focus on critical thinking skills and computer science to be a key player in the space Other parts of the country have pieces of the puzzle, but not the whole mix Together we can leverage this opportunity as a key contributor to collectively improve our Cyber security posture Technology alone will not solve security problems 2

The snowballing problem According to information provided by the state Office of Consumer Affairs and Business Regulation, there were 1,555 reported data breaches in Massachusetts in 2013, a 30 percent spike over the 1,143 recorded a year earlier. Prior to 2012, the state had never recorded more than 613 reported breaches in a calendar year. Source: Massachusetts data breaches, large and small, hit record level in 2013, Craig Douglas, Boston Business Journal, January 29, 2014 Source: Symantec. Internet Security Threat Report. Vol. 18. Symantec Corporation, April 2013. Web. 5 July 2013. 3

Who wants in? 4

Cyber attacks should be a top concern to all industries Intellectual Property theft Source: Symantec. Internet Security Threat Report. Vol. 18. Symantec Corporation, April 2013. Web. 5 July 2013. These industries may be attacked less frequently, but the attacks on these industries would cause massive problems. 5

The costs of a cyber attack are significant and hard to estimate Estimated global cost $300 billion- $1 trillion Estimated cost to the USA $24 billion- $120 billion Estimated cost of one breach/attack $92,000- $8.9 million Average Cost of a Breach or Targeted Attack $92,000 $2.4 million $3.7 million $8 million $8.9 million Small/ medium company Large company direct financial losses NetDiligence 2012 study CEO of Akami at Xconomy summit on innovation, technology and entrepreneurship in June 2013 with high of $1 billion Average cost of cyber crime in 2012 Cost of Cyber Study US by Ponemon Institute with range of $1.4 million- $46 million $100 billion annual loss from cyber espionage = 508,000 lost jobs 6

Perimeter defense is dead: Solving the problem Collaboration Information Sharing Whole Picture The more people and industries that share information the clearer the picture becomes and everyone is better positioned to defend against cyber attacks Sharing information is key to increasing the knowledge and sophistication of your security staff and solutions No one firm is able to see the entire cyber attack puzzle Joint Capability No one industry is positioned to fully defend against all types of attacks 7

Enter the Advanced Cyber Security Center UNIVERSITY ASSETS ACSC FEDERAL PRIORITIES INDUSTRY NEEDS The Advanced Cyber Security Center is a trusted cross-sector collaboration organized to help protect the New England region s organizations from the rapidly evolving advanced and persistent cyber threats and to support New England s role as a center for cyber security R+D, education, talent and jobs. 8

Members by sector Technology Akamai Bit9 Confer Courion Facebook RSA/EMC Corporation Veracode Financial Services Eastern Bank Federal Reserve Bank of Boston John Hancock Financial Services Liberty Mutual Group State Street Corporation Defense Draper Laboratory MIT Lincoln Laboratory The MITRE Corporation Biotech/Pharmaceuticals Biogen Idec Boston Scientific Corporation Pfizer Inc. Health Care Blue Cross Blue Shield of Massachusetts Harvard Pilgrim Health Care Government Commonwealth of Massachusetts Legal Foley Hoag University Boston University Harvard University MIT Northeastern University University of Massachusetts Worcester Polytechnic Institute 9

Three key initiatives Information Sharing R&D and Education Policy Development Identify new threat indicators Share best practices Build cross-sector network in NE Development of Cyber Workforce Address hardest R+D challenges Government, Industry & Higher Ed Funded ACSC as best practice laboratory Research on information sharing Federal legislation 10

Threat evaluation and information sharing model Face-to-Face Tactical: cyber defenders meet bi-weekly - Cyber Tuesday; (MA NG included beginning in 2014) Strategic: senior leaders meet quarterly - Cyber Exchange Forum; (MA NG and USAF included beginning in 2014) MITRE hosts incubation space in Bedford Virtual Cyber threat information sharing portal: wiki and forum Email list server Structured threat information database and analysis platform: Collaborative Research Into Threats (CRITs) Ahead: standards-based automated sharing of cyber threat information via CRITs enabled by STIX and TAXII 11

It s the results that count getting actionable intelligence? participation driven changes or enhancements in defense posture? your enterprise more secure? developed security skill as a result of participation? 12

Facilitating secure cloud computing debate 13

University-Industry partnerships Cybersecurity research Consortia Explore, evaluate and implement successful university-industry collaboration models Coordinating a small forum of university and industry decision makers to discuss and agree on a plan and process for the Forum with two principal goals in mind: 1) establishing an ongoing forum to identify those over the horizon technology challenges/opportunities that are priorities for industry and the federal government; and 2) identifying those mechanisms and models that will satisfy industry and academic requirements and provide the incentives for both sides to come to the table Advance R&D projects Cybersecurity Risk Analysis for Enterprise Security A Platform for Data-Intensive Cybersecurity Monitoring Develop a virtual industry data warehouse to support the next phase of research projects Data Sharing Agreement between the Federal Reserve, Liberty Mutual, UMASS and BU 14

Pursuit of policy initiatives Policy Working Group Consists of partners from major Boston and DC law firms Identify common cybersecurity policy concerns at the state and federal levels Legislation and policy subject matter expertise Education and advocacy for state and federal cybersecurity strategies and programs Examples include Open Letter supporting regional threat sharing capabilities in the national framework, DoD Secure Cloud Computing Act, MA Cybersecurity talent pipeline development Bond Bill Focus issues include threat sharing liability protection and privacy and data breach regulation consistency Explore the opportunity for a small cluster of Boston law firms to work together, and establish themselves as leaders in protecting client data 15

Recognizing the value of the model - White House Blog, Getting Serious about Information Sharing for Cybersecurity : Calls ACSC one of the premier non-profit information sharing organizations that has shown value in building smaller trust networks across sectors in metropolitan areas. - On a recent trade mission to Israel, MA Governor Deval Patrick outlined the value of the Commonwealth s participation in ACSC and the importance of our mission during a Cyber Security Panel with members of the Massachusetts-Israel Innovation Partnership Mission 2014. - Congressman Bill Keating (D-MA), Homeland Security Committee, Cybersecurity Subcommittee: ACSC, in particular, has developed the unique ability to establish real-time, peer-to-peer threat sharing that is moving the nation to a better understanding of the root causes of cyber attacks and from where threats are derived. - Christian Science Monitor, How Obama should work with business to combat China cyberspying : The US Department of Homeland Security needs to use its authority to incentivize and enable the creation of trusted federations of companies, like the Advanced Cyber Security Center in Massachusetts, that share cyberthreat information and best practices for cyberprotection. 16

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information