How To Protect Your Data From Being Hacked



Similar documents
Cyber Security for Advanced Manufacturing Next Steps

Implementing Program Protection and Cybersecurity

CYBERSECURITY FOR ADVANCED MANUFACTURING

How To Write A Cybersecurity Framework

Why Cybersecurity Matters in Government Contracting. Robert Nichols, Covington & Burling LLP

CYBERSECURITY RISK MANAGEMENT

Supplier Vigilance: A Critical Layer of Defense

System Security Engineering and Comprehensive Program Protection

Cybersecurity Framework. Executive Order Improving Critical Infrastructure Cybersecurity

Middle Class Economics: Cybersecurity Updated August 7, 2015

System Security Engineering and Program Protection Integration into SE

CLIENT UPDATE CRITICAL INFRASTRUCTURE CYBERSECURITY: U.S. GOVERNMENT RESPONSE AND IMPLICATIONS

An Overview of Large US Military Cybersecurity Organizations

DoD Software Assurance (SwA) Overview

Department of Defense INSTRUCTION

Cybersecurity and Corporate America: Finding Opportunities in the New Executive Order

SECTION-BY-SECTION. Section 1. Short Title. The short title of the bill is the Cybersecurity Act of 2012.

The Comprehensive National Cybersecurity Initiative

System Security Engineering

Why you should adopt the NIST Cybersecurity Framework

DoD CIO UNCLASSIFIED. DIB CS Program Value-Added

Critical Infrastructure Cybersecurity Framework. Overview and Status. Executive Order Improving Critical Infrastructure Cybersecurity

Department of Homeland Security

Compliance Risk Management IT Governance Assurance

cyberr by e-management The Leader in Cybersecurity Risk Intelligence (RI) Cybersecurity Risk: What You Don t Know CAN Hurt You!

DoD Software Assurance Initiative. Mitchell Komaroff, OASD (NII)/DCIO

April 28, Ms. Hada Flowers Regulatory Secretariat Division General Services Administration 1800 F Street, NW, 2 nd Floor Washington, DC

Department of Defense DIRECTIVE

ENSURING SECURITY IN AND FACILITATING INTERNATIONAL TRADE. Measures toward enhancing maritime cybersecurity. Submitted by Canada SUMMARY

Adding a Security Assurance Dimension to Supply Chain Practices

Policy on Information Assurance Risk Management for National Security Systems

Cybersecurity Framework: Current Status and Next Steps

No. 33 February 19, The President

Working with the FBI

Business Continuity & Disaster Recovery

Cybersecurity and Data Breach: Mitigating Risk and How Government Policymakers Approach These Critical Issues

ICBA Summary of FFIEC Cybersecurity Assessment Tool

FREQUENTLY ASKED QUESTIONS

Business Continuity for Cyber Threat

Update on U.S. Critical Infrastructure and Cybersecurity Initiatives

National Initiative for Cyber Security Education

The National Cybersecurity Workforce Framework Delaware Cyber Security Workshop September 29, 2015

Department of Defense INSTRUCTION

Water Critical Infrastructure and Key Resources Sector-Specific Plan as input to the National Infrastructure Protection Plan Executive Summary

High Level Cyber Security Assessment 2/1/2012. Assessor: J. Doe

Cyber Security Education: My Personal Thoughts. Bharat Doshi

Why you should adopt the NIST Cybersecurity Framework

Actions and Recommendations (A/R) Summary

Preventing and Defending Against Cyber Attacks June 2011

Liability Management Evolving Cyber and Physical Security Standards and the SAFETY Act

Department of Defense DIRECTIVE

Combating Cyber Risk in the Supply Chain

Diane Honeycutt National Institute of Standards and Technology (NIST) 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899

DoD Strategy for Defending Networks, Systems, and Data

Cybersecurity Enhancement Account. FY 2017 President s Budget

Cybersecurity: What CFO s Need to Know

PREPUBLICATION COPY. More Intelligent, More Effective Cybersecurity Protection

THE WHITE HOUSE. Office of the Press Secretary. For Immediate Release February 12, February 12, 2013

Executive Summary. Cybersecurity cannot be completely solved, and will remain a risk we must actively manage.

Presentation of April 22, 2015

CYBER SECURITY INFORMATION SHARING & COLLABORATION

Roadmaps to Securing Industrial Control Systems

State Agency Cyber Security Survey v October State Agency Cybersecurity Survey v 3.4

Sempra Energy Utilities response Department of Commerce Inquiry on Cyber Security Incentives APR

What The OMB Cybersecurity Proposal Does And Doesn't Do

The Cybersecurity Framework and the SAFETY Act a Primer for Temple Business School

Modeling and Simulation (M&S) for Homeland Security

Statement of Gil Vega. Associate Chief Information Officer for Cybersecurity and Chief Information Security Officer. U.S. Department of Energy

BlacKnight. Cyber Security international A BUSINESS / MARKETING PRESENTATION

New FAR/DFARS Compliance Challenges for Small Businesses in Frank S. Murray

Executive Order 13636: The Healthcare Sector and the Cybersecurity Framework. September 23, 2014

PROTECTING CRITICAL CONTROL AND SCADA SYSTEMS WITH A CYBER SECURITY MANAGEMENT SYSTEM

Cyber Incident Annex. Federal Coordinating Agencies. Coordinating Agencies. ITS-Information Technology Systems

NIST Cybersecurity Framework What It Means for Energy Companies

Cyber Incident Annex. Cooperating Agencies: Coordinating Agencies:

U. S. Attorney Office Northern District of Texas March 2013

Cyber Security Risk Management: A New and Holistic Approach

2014 NETWORK SECURITY & CYBER RISK MANAGEMENT: A SURVEY OF ENTERPRISE-WIDE CYBER RISK MANAGEMENT PRACTICES IN THE ASIA-PACIFIC REGION

Which cybersecurity standard is most relevant for a water utility?

Transcription:

Cyber Division & Manufacturing Division Joint Working Group Cyber Security for the Advanced Manufacturing Enterprise Manufacturing Division Meeting June 4, 2014 Michael McGrath, ANSER michael.mcgrath@anser.org

Today s Objectives Recap Recommendations Determine Manufacturing Division role for each Recruit volunteers 2

Scope: Protect the Digital Thread Technical Data in the Advanced Manufacturing Enterprise Targeted by nation states, terrorists, criminals and hacktivists.... Digital Interchange and Online Access Customer Data Systems Enterprise IT System Product & Process Data Suppliers Prime Product Support System Concerns: Engineering Data System Manufacturing Operations Systems Theft of technical info -- can compromise national security Increasing Vulnerability? Alteration of technical data -- can alter the part or the process, with physical consequences to mission and safety Disruption or denial of process control -- can shut down production 3

NDIA White Paper Recommendations for USD(AT&L) 1. Designate a focal point to work with industry on risk-based, voluntary standards and practices for factory floor cybersecurity. Evaluate NIST framework as starting point. 2. Conduct forums with industry to help understand and implement DFARS clause, including factory floor implications. 3. Update DoD guidance on the Program Protection Plan (PPP). Let industry make appropriate risk/cost tradeoffs. 4. Use red teams to expose vulnerabilities and R&D to fill gaps 5. Assist SME suppliers with training and investments NIST Manufacturing Extension Partnership to deliver training Defense Prod Act Title III and Manufacturing Technology investments Training for DoD contracting officers 4

White Paper Recommendations 1. Designate a focal point to work with industry on risk-based, voluntary standards and practices to strengthen factory floor cybersecurity in defense supply chains. NDIA is willing to take an active role in addressing factory floor issues and to facilitate DoD and industry interaction to: Evaluate the core standards, practices and concepts of the NIST Framework as a starting point for improving Industrial Control System (ICS) security in manufacturing applications, with DIB sectorspecific extensions as needed. Use a common vocabulary and aim for compatibility with commercial solutions wherever possible, while meeting national security needs. Collaboration with the DHS established and DoD managed DIB Sector Critical Infrastructure Protection Program may prove fruitful for this effort. Create common business interface expectations among DoD, prime contractors and suppliers for cybersecurity controls in manufacturing systems 5

White Paper Recommendations 2. Conduct a series of forums with defense prime contractors and suppliers (with special emphasis on small business participation) to improve broad understanding and implementation planning for the new DFAR clause on safeguarding unclassified technical information (including factory floor implications). NDIA would be willing to organize and host such a series. 3. Update DoD guidance on the Program Protection Plan (PPP) to address critical information that resides in or transits manufacturing systems and networks. Let industry make appropriate risk/cost tradeoffs in developing PPPs for DoD review. 4. Expand the use of red teams to identify manufacturing system cybersecurity vulnerabilities, and identify specific capabilities that need strengthening. Sponsor R&D (including S&T and SBIR programs) to develop better data protection capabilities in industrial control systems and networks used in manufacturing, with the goal of dynamic mitigation of cyber threats in high availability, safety-critical, real-time manufacturing operations. 6

White Paper Recommendations 5. Develop programs to facilitate manufacturing system cybersecurity in defense supply chains Work with the NIST Manufacturing Extension Partnership network and other delivery channels to develop and deliver training to small and mid-size manufacturers and assist them in implementing cybersecurity principles, standards and practices to meet the needs of DoD and DIB trading partners. Provide incentives and, where justified, investment assistance for capital investments to upgrade and strengthen ICS systems and networks. Investigate applicability of the Manufacturing Technology program and Defense Production Act Title III authorities for use in improving cybersecurity for assured domestic sources of supply. Develop Defense Acquisition University training modules to familiarize the DoD acquisition workforce with cost-effective cybersecurity risk management practices and to provide training in appropriate application of contract requirements for safeguarding unclassified controlled technical information, including in manufacturing systems. 7

Next Steps Discussion 8

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information