SlideShare a Scribd company logo

Outbrief by INSA on CyberSecurity

GovLoop
GovLoop

Outbrief by INSA on CyberSecurity to former head of CyberSecurity Melissa Hathaway

TechnologyBusiness
1 of 17
Download to read offline
60 Day Cyber Study INSA Response Presented to Melissa Hathaway Lou Von Thaer - Chair March 26, 2009
Agenda Overview Lou Von Thaer Government s Government’s Role John Russack Multiple Root Structure Rob Pate Public/Private Partnership Steve Cambone Closing Thoughts Ellen McCarthy 2 March 26, 2009
INSA Industry Task Force Seneca Technology Group, LLC Crucial Point LLC 3 March 26, 2009
Approach ƒ Guidance: focus on prioritized recommendations and implementation ƒ Formed blended industry teams ƒ Worked questions with teams of experts ƒ Combined inputs and reviewed ƒ Presented high-level findings Paper reflects personal rather than company opinions of the experts involved 4 March 26, 2009
Three Questions to INSA ƒ Government’s role in securing the critical Government s infrastructure and private networks ƒ Impact of moving to a multiple root structure for domain name service ƒ Define and create the public/private partnership for cyber security 5 March 26, 2009
Key Insights and Summary ƒ Continue to work technical solutions ƒ Define who is in charge and why ƒ Single root but prepare for contingencies ƒ Public/private partnership: ƒ Industries need timely information ƒ Protect industry when it cooperates y p ƒ Government is educator, standard-setter, compliance auditor, and law enforcer ƒ Government needs public and industry support 6 March 26, 2009
Government’s Role in Securing the Critical Infrastructure and Private Private Networks QUESTION 1 What is (or should be) the government’s role in securing/protecting the critical infrastructures and private sector networks from attack, damage, etc. (from nation states)? ƒ What are the minimum standards that must be established? ƒ How will these standards affect procurement / acqu t o po c es? acquisition policies 7 March 26, 2009
Government’s Role in Securing the Critical Infrastructure and Private Private Networks RECOMMENDATIONS ƒ Create and empower a U.S. Government leadership position ƒ Establish White House-level position to lead cyber ƒ Codify roles: authorities, responsibilities, and resources ƒ Develop and set minimum cyber defense requirements for critical infrastructure ƒ Develop a National Cyber Recovery Plan ƒ Promote, suppo t and coordinate information sharing o ote, upport d oo d ate o a o a g ƒ Enhance attribution and take action ƒ Establish communities of interest for improved analytics for attribution 8 March 26, 2009
Government’s Role in Securing the Critical Infrastructure and Private Private Networks RECOMMENDATIONS Promote, support, and coordinate information sharing ƒ Key to multiple INSA cyber security recommendations ƒ Government-wide FOIA exemption for cyber ƒ Establish executive branch guidance on cyber CIP information sharing (executive order?) ƒ Review all applicable law, policy, and procedures dealing with cyber CIP information sharing between government and private sector owners and operators with the goal of better enabling real time information sharing o a o a g ƒ Improve the context, timeliness, and value (information should be better tailored to the recipient) of what information the U.S. Government shares with the private sector 9 March 26, 2009
Government’s Role in Securing the Critical Infrastructure and Private Private Networks RECOMMENDATIONS What are the minimum standards: ƒ Consensus Audit Guidelines (CAG) are a good start ƒ Government-led consortium must own these standards and guidelines ƒ In addition to CAG, standards need to include: ƒ Policies and guidance for Supply Chain Protection ƒ Vulnerability analysis of COTS and GOTS software ƒ Leverage DHS initiative: “Build Security In” 10 March 26, 2009
Multiple Root Structure QUESTION 2 How would the security and stability of the Internet be affected if the single, authoritative root were to be replaced by a multiple root structure? ƒ What would be the economic and technical consequences of a multiple root structure? ƒ What, if any, influences do you see that may: ƒ Move the Internet in the direction of greater fragmentation? ƒ Help to preserve and maintain a single, interoperable Internet? ƒ What are the implications of these forces? 11 March 26, 2009
Multiple Root Structure RECOMMENDATIONS ƒ Field DNSSEC and continue with single root ƒ Direct National Communications System and US- CERT to monitor 13 recognized root servers ƒ Develop, test, and be prepared to implement contingency plans ƒ Address multilingual/multi cultural environment of multilingual/multi- the Internet ƒ More effectively engage international communities to preserve the current Internet governance system 12 March 26, 2009
Public/Private Partnership QUESTION 3 Our lifestyle is based upon a digital infrastructure that is privately owned and globally operated. ƒ How do we get to a public/private partnership and action plan that will build protection and security in – and enable information sharing to better understand when it is under a local or global attack (warning)? ƒ What is the model public/private relationship? ƒ Who and how will oversight be conducted in the IC and national security community? ƒ How would you provide common situational awareness? 13 March 26, 2009
Public/Private Partnership RECOMMENDATIONS ƒ Private sector increasingly recognizes need for security of the Internet ƒ Growing willingness to accept government leadership ƒ Build on existing public/private partnership models to create “regulatory environment” ƒ Purpose is to identify anomalous behavior ƒ Result is a more secure operating environment ƒ Agreed-upon set of standards ƒ An acceptance of government authoritytto sanction A f t th it ti anomalous behavior and to enforce agreed-upon standards 14 t March 26, 2009
Public/Private Partnership RECOMMENDATIONS ƒ Government increase transparency in the regulatory environment h d for ƒ Methods f managi ing environment and defined role i d d fi d l of citizens ƒ Similar public-private examples in international communities ƒ Aggressively fund private sector R&D in key cyber assurance areas 15 March 26, 2009
Closing Thoughts ƒ The team is ready to explain all of the recommendations further, if needed ƒ Paper includes some additional questions that we think ought to be studied ƒ INSA and its members are ready to assist 16 March 26, 2009
INSA Report Volunteers Chairman: Lou Von Thaer Bob Giesler Marilyn Quagliotti Tom Goodman J.R. Reagan Question Leads Cristin Goodwin Flynn Dave Rose Rob Pate Bob Gourley Mark Schiller Steve Cambone Dan Hall Andy Singer John Russack Vince Jarvie Mary Sturtevant Contributors Jose Jimenez Almaz Tekle Nadia Short Kevin Kelly Mel Tuckfield Scott Dratch Michael Kushin Ann Ward Scott Aken Bob Landgraf Jennifer Warren Greg Astfalk Joe Mazzafro Zal Azmi Gary McAlum INSA Fred Brott David McCue Ellen McCarthy Lorraine Castro Marcus McInnis Frank Blanco Jim Crowley Brian McKenney Jared Gruber Bob Farrell Linda Meeks Jarrod Chlapowski Barbara Fast Billy O'Brien Dennis Gilbert Marie O'Neill Sciarrone 17 March 26, 2009

Recommended

120112 socmed-whitehall-for-blog-slides
120112 socmed-whitehall-for-blog-slides120112 socmed-whitehall-for-blog-slides
120112 socmed-whitehall-for-blog-slidesCraig Thomler
 
How to write your company's it security policy it-toolkits
How to write your company's it security policy it-toolkitsHow to write your company's it security policy it-toolkits
How to write your company's it security policy it-toolkitsIT-Toolkits.org
 
Children Services Network roundtable September 2009
Children Services Network roundtable September 2009Children Services Network roundtable September 2009
Children Services Network roundtable September 2009guest921f6ad8
 
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSA
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSAImproving Cybersecurity and Resilience Through Acquisition Emile Monette GSA
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSAGovCloud Network
 
Space to think | Cloud research using Logica futurescope
Space to think | Cloud research using Logica futurescope Space to think | Cloud research using Logica futurescope
Space to think | Cloud research using Logica futurescope CGI
 
Open Source and Cyber Security: Open Source Software's Role in Government Cyb...
Open Source and Cyber Security: Open Source Software's Role in Government Cyb...Open Source and Cyber Security: Open Source Software's Role in Government Cyb...
Open Source and Cyber Security: Open Source Software's Role in Government Cyb...Great Wide Open
 
What is the role of cloud computing, web 2.0, and web 3.0 semantic technologi...
What is the role of cloud computing, web 2.0, and web 3.0 semantic technologi...What is the role of cloud computing, web 2.0, and web 3.0 semantic technologi...
What is the role of cloud computing, web 2.0, and web 3.0 semantic technologi...Mills Davis
 
Presentation For IAC Federal Acquisition
Presentation For IAC Federal AcquisitionPresentation For IAC Federal Acquisition
Presentation For IAC Federal AcquisitionKim Kobza
 

Recommended

120112 socmed-whitehall-for-blog-slides
120112 socmed-whitehall-for-blog-slides120112 socmed-whitehall-for-blog-slides
120112 socmed-whitehall-for-blog-slidesCraig Thomler
 
How to write your company's it security policy it-toolkits
How to write your company's it security policy it-toolkitsHow to write your company's it security policy it-toolkits
How to write your company's it security policy it-toolkitsIT-Toolkits.org
 
Children Services Network roundtable September 2009
Children Services Network roundtable September 2009Children Services Network roundtable September 2009
Children Services Network roundtable September 2009guest921f6ad8
 
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSA
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSAImproving Cybersecurity and Resilience Through Acquisition Emile Monette GSA
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSAGovCloud Network
 
Space to think | Cloud research using Logica futurescope
Space to think | Cloud research using Logica futurescope Space to think | Cloud research using Logica futurescope
Space to think | Cloud research using Logica futurescope CGI
 
Open Source and Cyber Security: Open Source Software's Role in Government Cyb...
Open Source and Cyber Security: Open Source Software's Role in Government Cyb...Open Source and Cyber Security: Open Source Software's Role in Government Cyb...
Open Source and Cyber Security: Open Source Software's Role in Government Cyb...Great Wide Open
 
What is the role of cloud computing, web 2.0, and web 3.0 semantic technologi...
What is the role of cloud computing, web 2.0, and web 3.0 semantic technologi...What is the role of cloud computing, web 2.0, and web 3.0 semantic technologi...
What is the role of cloud computing, web 2.0, and web 3.0 semantic technologi...Mills Davis
 
Presentation For IAC Federal Acquisition
Presentation For IAC Federal AcquisitionPresentation For IAC Federal Acquisition
Presentation For IAC Federal AcquisitionKim Kobza
 
IANS-2008
IANS-2008IANS-2008
IANS-2008Bob Radvanovsky
 
Defense Acquisition Enterprise 2.0 Article
Defense Acquisition Enterprise 2.0 ArticleDefense Acquisition Enterprise 2.0 Article
Defense Acquisition Enterprise 2.0 ArticlePete Modigliani
 
What Is The Role Of Cloud Computing, Web 2 0, And Web 3 0 Semantic Technologi...
What Is The Role Of Cloud Computing, Web 2 0, And Web 3 0 Semantic Technologi...What Is The Role Of Cloud Computing, Web 2 0, And Web 3 0 Semantic Technologi...
What Is The Role Of Cloud Computing, Web 2 0, And Web 3 0 Semantic Technologi...ajmalik
 
Federal Cloud Computing: From Business Use Cases to Pilots to Implementations
Federal Cloud Computing: From Business Use Cases to Pilots to ImplementationsFederal Cloud Computing: From Business Use Cases to Pilots to Implementations
Federal Cloud Computing: From Business Use Cases to Pilots to ImplementationsGovCloud Network
 
“Security” In a Digital Interconnected World
“Security” In a Digital Interconnected World “Security” In a Digital Interconnected World
“Security” In a Digital Interconnected World Internet Society
 
Using the power of data by David Wollman
Using the power of data by David WollmanUsing the power of data by David Wollman
Using the power of data by David WollmanMaRS Discovery District
 
Protecting Utilities through Business Continuity - Scott Roe, Corporate Risk ...
Protecting Utilities through Business Continuity - Scott Roe, Corporate Risk ...Protecting Utilities through Business Continuity - Scott Roe, Corporate Risk ...
Protecting Utilities through Business Continuity - Scott Roe, Corporate Risk ...Energy Network marcus evans
 
Sookman law society_6_min_business_law
Sookman law society_6_min_business_lawSookman law society_6_min_business_law
Sookman law society_6_min_business_lawbsookman
 
Rolly cloud policymakingprocess
Rolly cloud policymakingprocessRolly cloud policymakingprocess
Rolly cloud policymakingprocessrolly purnomo
 
Australian Convergence Review 2012
Australian Convergence Review 2012Australian Convergence Review 2012
Australian Convergence Review 2012Martyn Taylor
 
Cloud Computing IT Lexicon's Latest Hot Spot
Cloud Computing IT Lexicon's Latest Hot SpotCloud Computing IT Lexicon's Latest Hot Spot
Cloud Computing IT Lexicon's Latest Hot SpotTech Mahindra
 
Draft Framework sep 26
Draft Framework sep 26Draft Framework sep 26
Draft Framework sep 26chefhja
 
Nat'l Defense Univ: Lessons Learned in CLoud Computing
Nat'l Defense Univ: Lessons Learned in CLoud ComputingNat'l Defense Univ: Lessons Learned in CLoud Computing
Nat'l Defense Univ: Lessons Learned in CLoud ComputingGovCloud Network
 
GCC Operational Technology Security Forum & Exhibition, 21-23 March 2017, Doha
GCC Operational Technology Security Forum & Exhibition, 21-23 March 2017, DohaGCC Operational Technology Security Forum & Exhibition, 21-23 March 2017, Doha
GCC Operational Technology Security Forum & Exhibition, 21-23 March 2017, DohaSyed Peer
 
White Paper Aaci Data Center Physical Security Mc Donald
White Paper Aaci Data Center Physical Security Mc DonaldWhite Paper Aaci Data Center Physical Security Mc Donald
White Paper Aaci Data Center Physical Security Mc DonaldJames McDonald
 
Ac breaking cyber-sharinglogjam_web
Ac breaking cyber-sharinglogjam_webAc breaking cyber-sharinglogjam_web
Ac breaking cyber-sharinglogjam_webatlanticcouncil
 
Barriers to government cloud adoption
Barriers to government cloud adoptionBarriers to government cloud adoption
Barriers to government cloud adoptionIJMIT JOURNAL
 
Session B: Handout 3
Session B: Handout 3Session B: Handout 3
Session B: Handout 3feitwincities
 
2014 Managing Cloud: A New Multidisciplinary Paradigm for Policymakers
2014 Managing Cloud: A New Multidisciplinary Paradigm for Policymakers2014 Managing Cloud: A New Multidisciplinary Paradigm for Policymakers
2014 Managing Cloud: A New Multidisciplinary Paradigm for Policymakersaccacloud
 
Brochure - Jan 14
Brochure - Jan 14Brochure - Jan 14
Brochure - Jan 14Dominic Vogel
 
How is GovLoop Transforming Learning for Government?
How is GovLoop Transforming Learning for Government?How is GovLoop Transforming Learning for Government?
How is GovLoop Transforming Learning for Government?GovLoop
 
Teaching vs learning
Teaching vs learningTeaching vs learning
Teaching vs learningGovLoop
 

More Related Content

Similar to Outbrief by INSA on CyberSecurity

Defense Acquisition Enterprise 2.0 Article
Defense Acquisition Enterprise 2.0 ArticleDefense Acquisition Enterprise 2.0 Article
Defense Acquisition Enterprise 2.0 ArticlePete Modigliani
 
What Is The Role Of Cloud Computing, Web 2 0, And Web 3 0 Semantic Technologi...
What Is The Role Of Cloud Computing, Web 2 0, And Web 3 0 Semantic Technologi...What Is The Role Of Cloud Computing, Web 2 0, And Web 3 0 Semantic Technologi...
What Is The Role Of Cloud Computing, Web 2 0, And Web 3 0 Semantic Technologi...ajmalik
 
Federal Cloud Computing: From Business Use Cases to Pilots to Implementations
Federal Cloud Computing: From Business Use Cases to Pilots to ImplementationsFederal Cloud Computing: From Business Use Cases to Pilots to Implementations
Federal Cloud Computing: From Business Use Cases to Pilots to ImplementationsGovCloud Network
 
“Security” In a Digital Interconnected World
“Security” In a Digital Interconnected World “Security” In a Digital Interconnected World
“Security” In a Digital Interconnected World Internet Society
 
Using the power of data by David Wollman
Using the power of data by David WollmanUsing the power of data by David Wollman
Using the power of data by David WollmanMaRS Discovery District
 
Protecting Utilities through Business Continuity - Scott Roe, Corporate Risk ...
Protecting Utilities through Business Continuity - Scott Roe, Corporate Risk ...Protecting Utilities through Business Continuity - Scott Roe, Corporate Risk ...
Protecting Utilities through Business Continuity - Scott Roe, Corporate Risk ...Energy Network marcus evans
 
Sookman law society_6_min_business_law
Sookman law society_6_min_business_lawSookman law society_6_min_business_law
Sookman law society_6_min_business_lawbsookman
 
Rolly cloud policymakingprocess
Rolly cloud policymakingprocessRolly cloud policymakingprocess
Rolly cloud policymakingprocessrolly purnomo
 
Australian Convergence Review 2012
Australian Convergence Review 2012Australian Convergence Review 2012
Australian Convergence Review 2012Martyn Taylor
 
Cloud Computing IT Lexicon's Latest Hot Spot
Cloud Computing IT Lexicon's Latest Hot SpotCloud Computing IT Lexicon's Latest Hot Spot
Cloud Computing IT Lexicon's Latest Hot SpotTech Mahindra
 
Draft Framework sep 26
Draft Framework sep 26Draft Framework sep 26
Draft Framework sep 26chefhja
 
Nat'l Defense Univ: Lessons Learned in CLoud Computing
Nat'l Defense Univ: Lessons Learned in CLoud ComputingNat'l Defense Univ: Lessons Learned in CLoud Computing
Nat'l Defense Univ: Lessons Learned in CLoud ComputingGovCloud Network
 
GCC Operational Technology Security Forum & Exhibition, 21-23 March 2017, Doha
GCC Operational Technology Security Forum & Exhibition, 21-23 March 2017, DohaGCC Operational Technology Security Forum & Exhibition, 21-23 March 2017, Doha
GCC Operational Technology Security Forum & Exhibition, 21-23 March 2017, DohaSyed Peer
 
White Paper Aaci Data Center Physical Security Mc Donald
White Paper Aaci Data Center Physical Security Mc DonaldWhite Paper Aaci Data Center Physical Security Mc Donald
White Paper Aaci Data Center Physical Security Mc DonaldJames McDonald
 
Ac breaking cyber-sharinglogjam_web
Ac breaking cyber-sharinglogjam_webAc breaking cyber-sharinglogjam_web
Ac breaking cyber-sharinglogjam_webatlanticcouncil
 
Barriers to government cloud adoption
Barriers to government cloud adoptionBarriers to government cloud adoption
Barriers to government cloud adoptionIJMIT JOURNAL
 
Session B: Handout 3
Session B: Handout 3Session B: Handout 3
Session B: Handout 3feitwincities
 
2014 Managing Cloud: A New Multidisciplinary Paradigm for Policymakers
2014 Managing Cloud: A New Multidisciplinary Paradigm for Policymakers2014 Managing Cloud: A New Multidisciplinary Paradigm for Policymakers
2014 Managing Cloud: A New Multidisciplinary Paradigm for Policymakersaccacloud
 

Similar to Outbrief by INSA on CyberSecurity (20)

IANS-2008
IANS-2008IANS-2008
IANS-2008
 
Defense Acquisition Enterprise 2.0 Article
Defense Acquisition Enterprise 2.0 ArticleDefense Acquisition Enterprise 2.0 Article
Defense Acquisition Enterprise 2.0 Article
 
What Is The Role Of Cloud Computing, Web 2 0, And Web 3 0 Semantic Technologi...
What Is The Role Of Cloud Computing, Web 2 0, And Web 3 0 Semantic Technologi...What Is The Role Of Cloud Computing, Web 2 0, And Web 3 0 Semantic Technologi...
What Is The Role Of Cloud Computing, Web 2 0, And Web 3 0 Semantic Technologi...
 
Federal Cloud Computing: From Business Use Cases to Pilots to Implementations
Federal Cloud Computing: From Business Use Cases to Pilots to ImplementationsFederal Cloud Computing: From Business Use Cases to Pilots to Implementations
Federal Cloud Computing: From Business Use Cases to Pilots to Implementations
 
“Security” In a Digital Interconnected World
“Security” In a Digital Interconnected World “Security” In a Digital Interconnected World
“Security” In a Digital Interconnected World
 
Using the power of data by David Wollman
Using the power of data by David WollmanUsing the power of data by David Wollman
Using the power of data by David Wollman
 
Protecting Utilities through Business Continuity - Scott Roe, Corporate Risk ...
Protecting Utilities through Business Continuity - Scott Roe, Corporate Risk ...Protecting Utilities through Business Continuity - Scott Roe, Corporate Risk ...
Protecting Utilities through Business Continuity - Scott Roe, Corporate Risk ...
 
Sookman law society_6_min_business_law
Sookman law society_6_min_business_lawSookman law society_6_min_business_law
Sookman law society_6_min_business_law
 
Rolly cloud policymakingprocess
Rolly cloud policymakingprocessRolly cloud policymakingprocess
Rolly cloud policymakingprocess
 
Australian Convergence Review 2012
Australian Convergence Review 2012Australian Convergence Review 2012
Australian Convergence Review 2012
 
Cloud Computing IT Lexicon's Latest Hot Spot
Cloud Computing IT Lexicon's Latest Hot SpotCloud Computing IT Lexicon's Latest Hot Spot
Cloud Computing IT Lexicon's Latest Hot Spot
 
Draft Framework sep 26
Draft Framework sep 26Draft Framework sep 26
Draft Framework sep 26
 
Nat'l Defense Univ: Lessons Learned in CLoud Computing
Nat'l Defense Univ: Lessons Learned in CLoud ComputingNat'l Defense Univ: Lessons Learned in CLoud Computing
Nat'l Defense Univ: Lessons Learned in CLoud Computing
 
GCC Operational Technology Security Forum & Exhibition, 21-23 March 2017, Doha
GCC Operational Technology Security Forum & Exhibition, 21-23 March 2017, DohaGCC Operational Technology Security Forum & Exhibition, 21-23 March 2017, Doha
GCC Operational Technology Security Forum & Exhibition, 21-23 March 2017, Doha
 
White Paper Aaci Data Center Physical Security Mc Donald
White Paper Aaci Data Center Physical Security Mc DonaldWhite Paper Aaci Data Center Physical Security Mc Donald
White Paper Aaci Data Center Physical Security Mc Donald
 
Ac breaking cyber-sharinglogjam_web
Ac breaking cyber-sharinglogjam_webAc breaking cyber-sharinglogjam_web
Ac breaking cyber-sharinglogjam_web
 
Barriers to government cloud adoption
Barriers to government cloud adoptionBarriers to government cloud adoption
Barriers to government cloud adoption
 
Session B: Handout 3
Session B: Handout 3Session B: Handout 3
Session B: Handout 3
 
2014 Managing Cloud: A New Multidisciplinary Paradigm for Policymakers
2014 Managing Cloud: A New Multidisciplinary Paradigm for Policymakers2014 Managing Cloud: A New Multidisciplinary Paradigm for Policymakers
2014 Managing Cloud: A New Multidisciplinary Paradigm for Policymakers
 
Brochure - Jan 14
Brochure - Jan 14Brochure - Jan 14
Brochure - Jan 14
 

More from GovLoop

How is GovLoop Transforming Learning for Government?
How is GovLoop Transforming Learning for Government?How is GovLoop Transforming Learning for Government?
How is GovLoop Transforming Learning for Government?GovLoop
 
Teaching vs learning
Teaching vs learningTeaching vs learning
Teaching vs learningGovLoop
 
Next Gen: Critical Conversations Slide Deck
Next Gen: Critical Conversations Slide DeckNext Gen: Critical Conversations Slide Deck
Next Gen: Critical Conversations Slide DeckGovLoop
 
Internet of Things: Lightning Round, Sargent
Internet of Things: Lightning Round, SargentInternet of Things: Lightning Round, Sargent
Internet of Things: Lightning Round, SargentGovLoop
 
Internet of Things: Lightning Round, Ronzio
Internet of Things: Lightning Round, RonzioInternet of Things: Lightning Round, Ronzio
Internet of Things: Lightning Round, RonzioGovLoop
 
Internet of Things: Lightning Round, Hite
Internet of Things: Lightning Round, HiteInternet of Things: Lightning Round, Hite
Internet of Things: Lightning Round, HiteGovLoop
 
Internet of Things: Lightning Round, Fritzinger
Internet of Things: Lightning Round, FritzingerInternet of Things: Lightning Round, Fritzinger
Internet of Things: Lightning Round, FritzingerGovLoop
 
Internet of Things: Lightning Round, McKinney
Internet of Things: Lightning Round, McKinneyInternet of Things: Lightning Round, McKinney
Internet of Things: Lightning Round, McKinneyGovLoop
 
Internet of Things: Government Keynote, Randy Garrett
Internet of Things: Government Keynote, Randy GarrettInternet of Things: Government Keynote, Randy Garrett
Internet of Things: Government Keynote, Randy GarrettGovLoop
 
Leap Not Creep Participant Guide Pre-Course Through Week 3 - 20140722
Leap Not Creep Participant Guide Pre-Course Through Week 3 - 20140722Leap Not Creep Participant Guide Pre-Course Through Week 3 - 20140722
Leap Not Creep Participant Guide Pre-Course Through Week 3 - 20140722GovLoop
 
Week Three
Week ThreeWeek Three
Week ThreeGovLoop
 
FHWA Week Two
FHWA Week TwoFHWA Week Two
FHWA Week TwoGovLoop
 
Building Powerful Outreach - Executive Research Brief
Building Powerful Outreach - Executive Research BriefBuilding Powerful Outreach - Executive Research Brief
Building Powerful Outreach - Executive Research BriefGovLoop
 
Turning Big Data into Big Decisions
Turning Big Data into Big DecisionsTurning Big Data into Big Decisions
Turning Big Data into Big DecisionsGovLoop
 
Examining the Big Data Frontier
Examining the Big Data FrontierExamining the Big Data Frontier
Examining the Big Data FrontierGovLoop
 
The Need for NoSQL - MarkLogic
The Need for NoSQL - MarkLogicThe Need for NoSQL - MarkLogic
The Need for NoSQL - MarkLogicGovLoop
 
Capitalizing on the Cloud
Capitalizing on the CloudCapitalizing on the Cloud
Capitalizing on the CloudGovLoop
 
Build Better Virtual Events & Training for your Agency
Build Better Virtual Events & Training for your AgencyBuild Better Virtual Events & Training for your Agency
Build Better Virtual Events & Training for your AgencyGovLoop
 
Social Media Presentation for The Center for Organizational Effectiveness
Social Media Presentation for The Center for Organizational EffectivenessSocial Media Presentation for The Center for Organizational Effectiveness
Social Media Presentation for The Center for Organizational EffectivenessGovLoop
 
Guide to Managing the Presidential Management Fellows (PMF) Application Proce...
Guide to Managing the Presidential Management Fellows (PMF) Application Proce...Guide to Managing the Presidential Management Fellows (PMF) Application Proce...
Guide to Managing the Presidential Management Fellows (PMF) Application Proce...GovLoop
 

More from GovLoop (20)

How is GovLoop Transforming Learning for Government?
How is GovLoop Transforming Learning for Government?How is GovLoop Transforming Learning for Government?
How is GovLoop Transforming Learning for Government?
 
Teaching vs learning
Teaching vs learningTeaching vs learning
Teaching vs learning
 
Next Gen: Critical Conversations Slide Deck
Next Gen: Critical Conversations Slide DeckNext Gen: Critical Conversations Slide Deck
Next Gen: Critical Conversations Slide Deck
 
Internet of Things: Lightning Round, Sargent
Internet of Things: Lightning Round, SargentInternet of Things: Lightning Round, Sargent
Internet of Things: Lightning Round, Sargent
 
Internet of Things: Lightning Round, Ronzio
Internet of Things: Lightning Round, RonzioInternet of Things: Lightning Round, Ronzio
Internet of Things: Lightning Round, Ronzio
 
Internet of Things: Lightning Round, Hite
Internet of Things: Lightning Round, HiteInternet of Things: Lightning Round, Hite
Internet of Things: Lightning Round, Hite
 
Internet of Things: Lightning Round, Fritzinger
Internet of Things: Lightning Round, FritzingerInternet of Things: Lightning Round, Fritzinger
Internet of Things: Lightning Round, Fritzinger
 
Internet of Things: Lightning Round, McKinney
Internet of Things: Lightning Round, McKinneyInternet of Things: Lightning Round, McKinney
Internet of Things: Lightning Round, McKinney
 
Internet of Things: Government Keynote, Randy Garrett
Internet of Things: Government Keynote, Randy GarrettInternet of Things: Government Keynote, Randy Garrett
Internet of Things: Government Keynote, Randy Garrett
 
Leap Not Creep Participant Guide Pre-Course Through Week 3 - 20140722
Leap Not Creep Participant Guide Pre-Course Through Week 3 - 20140722Leap Not Creep Participant Guide Pre-Course Through Week 3 - 20140722
Leap Not Creep Participant Guide Pre-Course Through Week 3 - 20140722
 
Week Three
Week ThreeWeek Three
Week Three
 
FHWA Week Two
FHWA Week TwoFHWA Week Two
FHWA Week Two
 
Building Powerful Outreach - Executive Research Brief
Building Powerful Outreach - Executive Research BriefBuilding Powerful Outreach - Executive Research Brief
Building Powerful Outreach - Executive Research Brief
 
Turning Big Data into Big Decisions
Turning Big Data into Big DecisionsTurning Big Data into Big Decisions
Turning Big Data into Big Decisions
 
Examining the Big Data Frontier
Examining the Big Data FrontierExamining the Big Data Frontier
Examining the Big Data Frontier
 
The Need for NoSQL - MarkLogic
The Need for NoSQL - MarkLogicThe Need for NoSQL - MarkLogic
The Need for NoSQL - MarkLogic
 
Capitalizing on the Cloud
Capitalizing on the CloudCapitalizing on the Cloud
Capitalizing on the Cloud
 
Build Better Virtual Events & Training for your Agency
Build Better Virtual Events & Training for your AgencyBuild Better Virtual Events & Training for your Agency
Build Better Virtual Events & Training for your Agency
 
Social Media Presentation for The Center for Organizational Effectiveness
Social Media Presentation for The Center for Organizational EffectivenessSocial Media Presentation for The Center for Organizational Effectiveness
Social Media Presentation for The Center for Organizational Effectiveness
 
Guide to Managing the Presidential Management Fellows (PMF) Application Proce...
Guide to Managing the Presidential Management Fellows (PMF) Application Proce...Guide to Managing the Presidential Management Fellows (PMF) Application Proce...
Guide to Managing the Presidential Management Fellows (PMF) Application Proce...
 

Recently uploaded

What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 

Recently uploaded (20)

What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 

Outbrief by INSA on CyberSecurity

  • 1. 60 Day Cyber Study INSA Response Presented to Melissa Hathaway Lou Von Thaer - Chair March 26, 2009
  • 2. Agenda Overview Lou Von Thaer Government s Government’s Role John Russack Multiple Root Structure Rob Pate Public/Private Partnership Steve Cambone Closing Thoughts Ellen McCarthy 2 March 26, 2009
  • 3. INSA Industry Task Force Seneca Technology Group, LLC Crucial Point LLC 3 March 26, 2009
  • 4. Approach ƒ Guidance: focus on prioritized recommendations and implementation ƒ Formed blended industry teams ƒ Worked questions with teams of experts ƒ Combined inputs and reviewed ƒ Presented high-level findings Paper reflects personal rather than company opinions of the experts involved 4 March 26, 2009
  • 5. Three Questions to INSA ƒ Government’s role in securing the critical Government s infrastructure and private networks ƒ Impact of moving to a multiple root structure for domain name service ƒ Define and create the public/private partnership for cyber security 5 March 26, 2009
  • 6. Key Insights and Summary ƒ Continue to work technical solutions ƒ Define who is in charge and why ƒ Single root but prepare for contingencies ƒ Public/private partnership: ƒ Industries need timely information ƒ Protect industry when it cooperates y p ƒ Government is educator, standard-setter, compliance auditor, and law enforcer ƒ Government needs public and industry support 6 March 26, 2009
  • 7. Government’s Role in Securing the Critical Infrastructure and Private Private Networks QUESTION 1 What is (or should be) the government’s role in securing/protecting the critical infrastructures and private sector networks from attack, damage, etc. (from nation states)? ƒ What are the minimum standards that must be established? ƒ How will these standards affect procurement / acqu t o po c es? acquisition policies 7 March 26, 2009
  • 8. Government’s Role in Securing the Critical Infrastructure and Private Private Networks RECOMMENDATIONS ƒ Create and empower a U.S. Government leadership position ƒ Establish White House-level position to lead cyber ƒ Codify roles: authorities, responsibilities, and resources ƒ Develop and set minimum cyber defense requirements for critical infrastructure ƒ Develop a National Cyber Recovery Plan ƒ Promote, suppo t and coordinate information sharing o ote, upport d oo d ate o a o a g ƒ Enhance attribution and take action ƒ Establish communities of interest for improved analytics for attribution 8 March 26, 2009
  • 9. Government’s Role in Securing the Critical Infrastructure and Private Private Networks RECOMMENDATIONS Promote, support, and coordinate information sharing ƒ Key to multiple INSA cyber security recommendations ƒ Government-wide FOIA exemption for cyber ƒ Establish executive branch guidance on cyber CIP information sharing (executive order?) ƒ Review all applicable law, policy, and procedures dealing with cyber CIP information sharing between government and private sector owners and operators with the goal of better enabling real time information sharing o a o a g ƒ Improve the context, timeliness, and value (information should be better tailored to the recipient) of what information the U.S. Government shares with the private sector 9 March 26, 2009
  • 10. Government’s Role in Securing the Critical Infrastructure and Private Private Networks RECOMMENDATIONS What are the minimum standards: ƒ Consensus Audit Guidelines (CAG) are a good start ƒ Government-led consortium must own these standards and guidelines ƒ In addition to CAG, standards need to include: ƒ Policies and guidance for Supply Chain Protection ƒ Vulnerability analysis of COTS and GOTS software ƒ Leverage DHS initiative: “Build Security In” 10 March 26, 2009
  • 11. Multiple Root Structure QUESTION 2 How would the security and stability of the Internet be affected if the single, authoritative root were to be replaced by a multiple root structure? ƒ What would be the economic and technical consequences of a multiple root structure? ƒ What, if any, influences do you see that may: ƒ Move the Internet in the direction of greater fragmentation? ƒ Help to preserve and maintain a single, interoperable Internet? ƒ What are the implications of these forces? 11 March 26, 2009
  • 12. Multiple Root Structure RECOMMENDATIONS ƒ Field DNSSEC and continue with single root ƒ Direct National Communications System and US- CERT to monitor 13 recognized root servers ƒ Develop, test, and be prepared to implement contingency plans ƒ Address multilingual/multi cultural environment of multilingual/multi- the Internet ƒ More effectively engage international communities to preserve the current Internet governance system 12 March 26, 2009
  • 13. Public/Private Partnership QUESTION 3 Our lifestyle is based upon a digital infrastructure that is privately owned and globally operated. ƒ How do we get to a public/private partnership and action plan that will build protection and security in – and enable information sharing to better understand when it is under a local or global attack (warning)? ƒ What is the model public/private relationship? ƒ Who and how will oversight be conducted in the IC and national security community? ƒ How would you provide common situational awareness? 13 March 26, 2009
  • 14. Public/Private Partnership RECOMMENDATIONS ƒ Private sector increasingly recognizes need for security of the Internet ƒ Growing willingness to accept government leadership ƒ Build on existing public/private partnership models to create “regulatory environment” ƒ Purpose is to identify anomalous behavior ƒ Result is a more secure operating environment ƒ Agreed-upon set of standards ƒ An acceptance of government authoritytto sanction A f t th it ti anomalous behavior and to enforce agreed-upon standards 14 t March 26, 2009
  • 15. Public/Private Partnership RECOMMENDATIONS ƒ Government increase transparency in the regulatory environment h d for ƒ Methods f managi ing environment and defined role i d d fi d l of citizens ƒ Similar public-private examples in international communities ƒ Aggressively fund private sector R&D in key cyber assurance areas 15 March 26, 2009
  • 16. Closing Thoughts ƒ The team is ready to explain all of the recommendations further, if needed ƒ Paper includes some additional questions that we think ought to be studied ƒ INSA and its members are ready to assist 16 March 26, 2009
  • 17. INSA Report Volunteers Chairman: Lou Von Thaer Bob Giesler Marilyn Quagliotti Tom Goodman J.R. Reagan Question Leads Cristin Goodwin Flynn Dave Rose Rob Pate Bob Gourley Mark Schiller Steve Cambone Dan Hall Andy Singer John Russack Vince Jarvie Mary Sturtevant Contributors Jose Jimenez Almaz Tekle Nadia Short Kevin Kelly Mel Tuckfield Scott Dratch Michael Kushin Ann Ward Scott Aken Bob Landgraf Jennifer Warren Greg Astfalk Joe Mazzafro Zal Azmi Gary McAlum INSA Fred Brott David McCue Ellen McCarthy Lorraine Castro Marcus McInnis Frank Blanco Jim Crowley Brian McKenney Jared Gruber Bob Farrell Linda Meeks Jarrod Chlapowski Barbara Fast Billy O'Brien Dennis Gilbert Marie O'Neill Sciarrone 17 March 26, 2009