Cyber Resilience Institute - www.cyber-res.org 1
When Society Makes Cyber Capacity Demands Upon Government
Introduction
2
Cyber Risk Acceptance Indicators
3
• FireEye Report: 97% Compromise Rate
• LookingGlass Report: 100% Rate
Other Indicators
4
“there are only two types
of companies: those that
have been hacked and
those that will be.”
Robert S. Mueller, III
Direct...
Globally Destabilizing Risk
6
The Challenge of Western Society
7
“Are we at risk of having a prime feature of
our society used against us (separation of...
Other Catalysts
8
• Cybercrime
• State Actor attacks, Economic Espionage
• Cyberwar, critical infrastructure attacks
• Cyb...
Other Catalysts
9Source. Informationisbeautiful.net
Back to the Tipping Point
10
• What happens when government nudging is
turned on its head and the public demands
governmen...
In the US: Capacity Building
11
• White House directives and initiatives of 2013
• 2014 National Infrastructure Protection...
Role of Government
12
• A Framework to enable Government – Industry
Collaboration
• To identify capability gaps and resour...
Collective Risk Analogy
13
• Volunteer Fire Brigades
• Resource pooling
• Trust-building, information sharing
• Maturing t...
Use Cases
14
• Insurance
• NIST Cybersecurity Framework
• Small/Medium Business
adoption
• Education
• Threat exchange and...
The Call to Action
15
• What does Federal Government want?
• How does society respond to a Call to
Action?
• What does Cyb...
Leverage Regional Groups
16
The purpose of the RC3 is
to understand, connect, enable
and build partnerships to
enhance the...
2013 RC3 Landscape Study
17
• Study the existing RC3 Membership
• Capabilities, structure, formation,
governance, stakehol...
Mobilization for Cyber Resilience
18
• How does government
promote resilience?
• What are the
components of regional
and c...
19
Cyber Resilience Institute
CRI Functions
Key Function: What is a
Community Cyber Enterprise?
20
Getting Started in Communities
Cyber Torchbearer™
Cyber Exchange Meetups™
21
Adoption of NIST Framework
22
Community Model Framework
What is a Community Cyber Enterprise?
Other Capabilities & Research
• Definition for Community Cyber Enterprise
• Public-Private Partnership Definition
• NIST C...
The Tipping Point is Coming
24
• It’s time to Mobilize for Cyber Resilience
• When Society places demands on government
fo...
Cyber Resilience Institute - www.cyber-res.org 25
26
• CRI President & Cyber Operations: Mr. Kris Beasley (Colonel, USAF Retired)
• Cyber Ops SME: CIO & Director of Cyber O...
DISCUSSION
27
Q & A
Contact:
• Doug DePeppe
• Email: dougd@cyber-res.org
• Phone: +1 719.357.8025
• Skype: doug.depeppe
Upcoming SlideShare
Loading in …5
×

Douglas DePeppe - Cyber Resillience Institute - International Keynote: The global destabilization challenge of the modern era - whose job is it to prepare society?

599 views
446 views

Published on

Douglas DePeppe delivered the presentation at the 2014 ADM Cyber Security Summit.

The 2014 ADM Cyber Security Summit focused on “Combatting Emerging and increasingly sophisticated cyber threats” both domestically and internationally, and showcased relevant organisational case studies and supporting research from academia.

For more information about the event, please visit: http://www.informa.com.au/cybersecuritysummit14

0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
599
On SlideShare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
20
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Douglas DePeppe - Cyber Resillience Institute - International Keynote: The global destabilization challenge of the modern era - whose job is it to prepare society?

  1. 1. Cyber Resilience Institute - www.cyber-res.org 1 When Society Makes Cyber Capacity Demands Upon Government
  2. 2. Introduction 2
  3. 3. Cyber Risk Acceptance Indicators 3 • FireEye Report: 97% Compromise Rate • LookingGlass Report: 100% Rate
  4. 4. Other Indicators 4
  5. 5. “there are only two types of companies: those that have been hacked and those that will be.” Robert S. Mueller, III Director, FBI RSA Cyber Security Conference March 1, 2012 “The ongoing cyber-thefts … represent the greatest transfer of wealth in human history.” General Keith Alexander Director, NSA American Enterprise Institute July 9, 2012 Previous Risk Messages
  6. 6. Globally Destabilizing Risk 6
  7. 7. The Challenge of Western Society 7 “Are we at risk of having a prime feature of our society used against us (separation of industry and government)” “If the Chinese, and others, can target the gap between industry and government, the gap must be closed.”
  8. 8. Other Catalysts 8 • Cybercrime • State Actor attacks, Economic Espionage • Cyberwar, critical infrastructure attacks • Cyberterrorism
  9. 9. Other Catalysts 9Source. Informationisbeautiful.net
  10. 10. Back to the Tipping Point 10 • What happens when government nudging is turned on its head and the public demands government action? • How does government respond, in what ways? • How are democratic and pro-market institutions protected?
  11. 11. In the US: Capacity Building 11 • White House directives and initiatives of 2013 • 2014 National Infrastructure Protection Plan (NIPP) • “Call to Action” • Multiple mechanisms to promote Partnerships • Capacity “Promotion” • “Ground Up” approaches
  12. 12. Role of Government 12 • A Framework to enable Government – Industry Collaboration • To identify capability gaps and resources across US geographic footprint - training - incident response - compliance - forensics • To provide a channel for federal programs • To enable knowledge exchange and pooling across regional and community initiatives
  13. 13. Collective Risk Analogy 13 • Volunteer Fire Brigades • Resource pooling • Trust-building, information sharing • Maturing to more robust capabilities • Cyber Bucket Brigades across geography - WCX - ACSC - Cyber Huntsville • But how do they scale and integrate?
  14. 14. Use Cases 14 • Insurance • NIST Cybersecurity Framework • Small/Medium Business adoption • Education • Threat exchange and preparedness
  15. 15. The Call to Action 15 • What does Federal Government want? • How does society respond to a Call to Action? • What does Cyber Resilience look like?
  16. 16. Leverage Regional Groups 16 The purpose of the RC3 is to understand, connect, enable and build partnerships to enhance the protection of the critical infrastructure of the United States and the resilience of our communities.
  17. 17. 2013 RC3 Landscape Study 17 • Study the existing RC3 Membership • Capabilities, structure, formation, governance, stakeholders, etc. • Next steps: DHS to assess capabilities and needs, and improve regional capacity through partnerships
  18. 18. Mobilization for Cyber Resilience 18 • How does government promote resilience? • What are the components of regional and community capacity? • How does Public-Private Partnership work and fit in?
  19. 19. 19 Cyber Resilience Institute CRI Functions Key Function: What is a Community Cyber Enterprise?
  20. 20. 20 Getting Started in Communities Cyber Torchbearer™ Cyber Exchange Meetups™
  21. 21. 21 Adoption of NIST Framework
  22. 22. 22 Community Model Framework What is a Community Cyber Enterprise?
  23. 23. Other Capabilities & Research • Definition for Community Cyber Enterprise • Public-Private Partnership Definition • NIST Cybersecurity Framework Adoption • Cyberwar and Proactive Defense • Law and Policy Gaps • Frameworks for Readiness • Market Forces and Economic Development 23
  24. 24. The Tipping Point is Coming 24 • It’s time to Mobilize for Cyber Resilience • When Society places demands on government for cyber capacity, will you be ready?
  25. 25. Cyber Resilience Institute - www.cyber-res.org 25
  26. 26. 26 • CRI President & Cyber Operations: Mr. Kris Beasley (Colonel, USAF Retired) • Cyber Ops SME: CIO & Director of Cyber Ops (Air Mobility Command), Director of Cyber & Info Ops (HQ US Air Force) • Email: KrisB@cyber-res.org / Phone: (719) 425-5577 • Cyber Law & Policy: Mr. Doug DePeppe (US Army, Retired) • Cyber Law SME: LLM/JD (GW), National Security Cyber JAG, DHS & RC3 Cyber experience • Email: DougD@cyber-res.org / Phone: (719) 357-8025 • Community & Government Outreach: Mr. Steve Haynes • Cyber Policy SME: White House NSTAC, Extensive Interagency experience • Email: SteveH@cyber-res.org / Phone: (727) 871-3777 • Business Outreach and CTO: Mr. Jeff Beauprez • Technical SME: IT & Cyber Engineering Company CEO, European market manager • Email: JeffB@cyber-res.org / Phone: (719) 337-9889 CRI Torchbearers
  27. 27. DISCUSSION 27 Q & A Contact: • Doug DePeppe • Email: dougd@cyber-res.org • Phone: +1 719.357.8025 • Skype: doug.depeppe

×