Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Southern Risk Council - Cybersecurity Update 10-9-13


Published on

Published in: Technology, Economy & Finance
  • Be the first to comment

Southern Risk Council - Cybersecurity Update 10-9-13

  1. 1. CYBERSECURITY UPDATE October 9, 2013 Southern Risk Council
  2. 2. The Cybersecurity Activity in Washington • Cybersecurity Framework • DHS Integrated Task Force • Regulators (e.g. FCC CSRIC) • Possible Legislation
  3. 3. DHS Critical Infrastructure Sectors Communications Sub-sectors: • Cable • Wireless • Wireline • Satellite • Broadcast
  4. 4. Executive Order on Cybersecurity • President signed an Executive Order and Presidential Policy Directive on February 12, 2013 to Improve Critical Infrastructure Cybersecurity • “Critical Infrastructure” is defined as “systems and assets, whether physical or virtual, so vital to the US” that their incapacity or destruction would have debilitating impact on: • Security, • National economic security, • Public health or safety • Key Parts • Cybersecurity Information Sharing (AG, DHS, and DNI, section 4) • Privacy and Civil Liberties Protections (DHS, section 5) • Develop Baseline Framework to Reduce Cyber Risk to Critical Infrastructure (NIST, section 7) • Voluntary program to support adoption (DHS, section 8) • “Procurement requirements related to cybersecurity” • Identification of Critical Infrastructure at Greatest Risk (DHS, section 9) • Agency review and report on existing regulatory requirements and authority to establish new framework-based requirements (section 10)
  5. 5. How the Framework has been Developed 5th Framework Workshop – November 14-15 EO 13,636 and PPD-21 – February 12, 2013
  6. 6. The Cybersecurity Framework Cybersecurity Risk Management Identify Protect DetectRespond Recover Prioritized Flexible Repeatable Performance based Cost Effective Basic Cyber Hygiene
  7. 7. DHS Voluntary Cybersecurity Program Voluntary Adoption ProgramIncentives Implementation Guidance Promote Participation Adopters
  8. 8. White House on Cybersecurity Incentives The departments of Homeland Security, Commerce and Treasury identified 8 incentives the federal government could use to encourage the nation's critical infrastructure owners to adopt voluntarily the cybersecurity framework being developed under the auspices of the National Institute of Standards and Technology. The eight incentives are: 1. Cybersecurity insurance, 2. Grants, 3. Process preferences, 4. Liability limitation, 5. Streamlined regulations, 6. Public recognition, 7. Rate recovery for price-regulated industries and 8. Cybersecurity research. Incentives would help nation's critical infrastructure operators adopt voluntary framework.
  9. 9. Cybersecurity Timeline Publication of Preliminary Framework 5th NIST Workshop End of 45 Day Comment Period on Preliminary Framework Publication of Final Framework FCC CSRIC IV Commences Regulatory Requirements Sufficiency Analysis Framework Effectiveness Assessment
  10. 10. Thanks Phil Agcaoili Chief Information Security Officer, Cox Communications, Inc. Co-Chair, Communications Sector Coordinating Council (CSCC), Cybersecurity Committee – Technical Sub-Committee Member, Communications Information Sharing and Analysis Center (ISAC) Co-Chair, FCC CSRIC IV, WG 4 (Cybersecurity Best Practices) Co-Founder & Board Member, Southern CISO Security Council Distinguished Fellow and Fellows Chairman, Ponemon Institute Founding Member, Cloud Security Alliance (CSA) Inventor & Co-Author, CSA Cloud Controls Matrix, GRC Stack, Security, Trust and Assurance Registry (STAR), and CSA Open Certification Framework (OCF) @hacksec
  11. 11. CYBER INSURANCE Section 2