SlideShare a Scribd company logo

8 Questions for 2016 Federal Cybersecurity National Action Plan (CNAP)

Download as PPTX, PDF
Evolver Inc.
Evolver Inc.

The President announced the Cybersecurity National Action Plan (CNAP) on February 9, 2016 that called for a significant increase in funding and major reorganization of cyber activities within the Government. This cybersecurity mandate has spawned conferences and meetings on both coasts discussing technologies and policy issues related to the CNAP initiative. As cybersecurity experts begin to plan reorganizations and cyber protocols to meet the CNAP guidelines, we realize there are several “elephant in the room” topics that are hard questions for the Government and contractors who make up the ecosystem of the Federal marketplace. These are eight questions for Federal cybersecurity that will need to be addressed in the upcoming year.

Technology
1 of 15
HARD QUESTIONS FEDERAL “Elephant in the room” topics for the Government and contractors Who make up the information technology ecosystem of the Federal marketplace. CYBERSECURITY IN 2016 FOR
These are eight questions regarding the Federal Cybersecurity National Action Plan (CNAP) that will need to be addressed in the 2016. 2
• The Federal Government has data on every citizen in the U.S. This personal data is spread across hundreds of agencies. Which agency has primary ownership of that data? • Is the most critical information (health records and security background data) protected better than general information such as the seating chart for the upcoming holiday party? Who owns the data…. and where is it located? 3
• Government contractors create, manage and process billions of critical records in support of the Federal government. If a contractor is hacked, who pays for the system recovery, data monitoring services, public relations, etc.? • If the breach bankrupts the company, is the Government responsible for this cost? • Should the Government require insurance to share this risk? Should the Government require contractors to have cyber insurance? 4
• Government contractors create, manage and process billions of critical records in support of the Federal government. If a contractor is hacked, who pays for the system recovery, data monitoring services, public relations, etc.? • If the breach bankrupts the company, is the Government responsible for this cost? • Should the Government require insurance to share this risk? Can the Government use past cyber breaches in the source selection of contractors? 5
• From automated buildings to medical devices, the Federal government has an enormous supply chain for products and services. Recent events surrounding medical devices have shown that certain devices are not only threats to patients but to the networks they are connected to. Should each item in the chain have a cyber rating or evaluation? • Is it time for a UL-like rating to be applied to all devices purchased by the Government? Should products have a cyber rating as part of the Government supply chain evaluation? 6
• Unlike many commercial entities, a basic construct of Federal contracting is that competition is open and fair to qualified vendors. Given that most cyber products are only a few years old and that the threat is changing daily, is trying to provide fair opportunity to service and product providers (and therefore slower) putting the Federal systems at risk? • Would the faster purchase of a “good enough” solution be better than using a slower path to buy the best solution? Is the process of fair bidding more important than acquisition and implementation speed? 7
• Anybody that attended the recent RSA Conference in San Francisco saw booth upon booth of new cybersecurity products. Exactly how does the Government determine if one product is worth more than another? • Is spending a million dollars on a new technology going to get ten times more protection than a solution that costs ten thousand? What is the value of a cyber solution? 8
• In the end, there is always a legal component to major issues that confront the nation. Cyber is no different. A key element of the Government’s approach is greater sharing of incidents and threats to shorten the time of response and protection. • How do you get greater cyber breach information sharing and legal protection at the same time? How does Government deal with cyber breach information sharing and the inherent conflict with outside legal counsel? 9
• In the commercial world, there is a rapid growth of outside cyber breach response teams who work with companies that have been hacked to get them quickly back up and running. A key component of this strategy is the breach response team is an outside entity. • Who is this entity for a Federal agency? • Should this responsibility rest with on-call contractors or with an on-call Federal group? Who cleans up the mess of a cybersecurity breach? 10
Has approaches to many of the questions surrounding cybersecurity for Federal agencies. 11 volver
Evolver's cybersecurity teams currently protect tens of thousands of Government and commercial clients. Our specialization is in protecting highly critical, large data and transactional enterprises. Our experience spans more than 15 years 12 YBERSECURITY TEAMS
Includes tools to – Identify – Measure – Track – Reduce cybersecurity risks 13 ybersecurity Approach
Click here for a downloadable PDF of the 8 Hard Questions for Federal Cybersecurity (CNAP) 14
Chip Block Vice President 1943 Isaac Newton Square Reston, VA 20190 703-889-9353 cblock@evolverinc.com www.evolverinc.com 15

Recommended

What is the Internet of Things?
What is the Internet of Things?What is the Internet of Things?
What is the Internet of Things?CIT Group
 
Cybersecurity Whistleblower Protection Guide
Cybersecurity Whistleblower Protection GuideCybersecurity Whistleblower Protection Guide
Cybersecurity Whistleblower Protection GuideBenjamin Tugendstein
 
Information technology
Information technologyInformation technology
Information technologyAcademic Research Paper Writing Services
 
Legal issues of domain names & trademarks
Legal issues of domain names & trademarksLegal issues of domain names & trademarks
Legal issues of domain names & trademarksMatt Siltala
 
Data Privacy Introduction
Data Privacy IntroductionData Privacy Introduction
Data Privacy IntroductionG Prachi
 
White House IP Enforcement Coordinator Requests Comments on Development of St...
White House IP Enforcement Coordinator Requests Comments on Development of St...White House IP Enforcement Coordinator Requests Comments on Development of St...
White House IP Enforcement Coordinator Requests Comments on Development of St...Patton Boggs LLP
 
Advanced PII / PI data discovery and data protection
Advanced PII / PI data discovery and data protectionAdvanced PII / PI data discovery and data protection
Advanced PII / PI data discovery and data protectionUlf Mattsson
 
Data and software privacy
Data and software privacyData and software privacy
Data and software privacyIntegral university, India
 

Recommended

What is the Internet of Things?
What is the Internet of Things?What is the Internet of Things?
What is the Internet of Things?CIT Group
 
Cybersecurity Whistleblower Protection Guide
Cybersecurity Whistleblower Protection GuideCybersecurity Whistleblower Protection Guide
Cybersecurity Whistleblower Protection GuideBenjamin Tugendstein
 
Information technology
Information technologyInformation technology
Information technologyAcademic Research Paper Writing Services
 
Legal issues of domain names & trademarks
Legal issues of domain names & trademarksLegal issues of domain names & trademarks
Legal issues of domain names & trademarksMatt Siltala
 
Data Privacy Introduction
Data Privacy IntroductionData Privacy Introduction
Data Privacy IntroductionG Prachi
 
White House IP Enforcement Coordinator Requests Comments on Development of St...
White House IP Enforcement Coordinator Requests Comments on Development of St...White House IP Enforcement Coordinator Requests Comments on Development of St...
White House IP Enforcement Coordinator Requests Comments on Development of St...Patton Boggs LLP
 
Advanced PII / PI data discovery and data protection
Advanced PII / PI data discovery and data protectionAdvanced PII / PI data discovery and data protection
Advanced PII / PI data discovery and data protectionUlf Mattsson
 
Data and software privacy
Data and software privacyData and software privacy
Data and software privacyIntegral university, India
 
Forecast cybersecurity regulation v3
Forecast cybersecurity regulation v3Forecast cybersecurity regulation v3
Forecast cybersecurity regulation v3Joe Orlando
 
Anonos FTC Comment Letter Big Data: A Tool for Inclusion or Exclusion
Anonos FTC Comment Letter Big Data: A Tool for Inclusion or ExclusionAnonos FTC Comment Letter Big Data: A Tool for Inclusion or Exclusion
Anonos FTC Comment Letter Big Data: A Tool for Inclusion or ExclusionTed Myerson
 
Don't Let Cybersecurity Trip You Up
Don't Let Cybersecurity Trip You UpDon't Let Cybersecurity Trip You Up
Don't Let Cybersecurity Trip You UpEAI Information Systems
 
Enforcement and Litigation Trends and Developments in Privacy and Data Security
Enforcement and Litigation Trends and Developments in Privacy and Data Security Enforcement and Litigation Trends and Developments in Privacy and Data Security
Enforcement and Litigation Trends and Developments in Privacy and Data Security Richik Sarkar
 
Internetregulationjapan
InternetregulationjapanInternetregulationjapan
Internetregulationjapanrmackinnon
 
Behavioraltargeting
BehavioraltargetingBehavioraltargeting
Behavioraltargetingjegayer
 
Encuentro Datos Abiertos e IA - Ricardo Baeza-Yates (Mayo 2021)
Encuentro Datos Abiertos e IA - Ricardo Baeza-Yates (Mayo 2021)Encuentro Datos Abiertos e IA - Ricardo Baeza-Yates (Mayo 2021)
Encuentro Datos Abiertos e IA - Ricardo Baeza-Yates (Mayo 2021)Alejandro Barros
 
Regulation and the Internet of Things
Regulation and the Internet of ThingsRegulation and the Internet of Things
Regulation and the Internet of Thingsblogzilla
 
Beyond Privacy: Learning Data Ethics - European Big Data Community Forum 2019...
Beyond Privacy: Learning Data Ethics - European Big Data Community Forum 2019...Beyond Privacy: Learning Data Ethics - European Big Data Community Forum 2019...
Beyond Privacy: Learning Data Ethics - European Big Data Community Forum 2019...IDC4EU
 
Cyber Insurance, A Novel of 2017, Q1. By Statewide Insurance
Cyber Insurance, A Novel of 2017, Q1. By Statewide InsuranceCyber Insurance, A Novel of 2017, Q1. By Statewide Insurance
Cyber Insurance, A Novel of 2017, Q1. By Statewide InsuranceStatewide Insurance Brokers
 
Cyber Security Agenda for 45th President
Cyber Security Agenda for 45th PresidentCyber Security Agenda for 45th President
Cyber Security Agenda for 45th PresidentInternet Law Center
 
It Security Overview
It Security OverviewIt Security Overview
It Security Overviewjoegleinser
 
Karen Cook: Technology Outspacing Constitution
Karen Cook: Technology Outspacing ConstitutionKaren Cook: Technology Outspacing Constitution
Karen Cook: Technology Outspacing Constitutionmerlyna
 
Computer and network surveillance
Computer and network surveillanceComputer and network surveillance
Computer and network surveillancemarianavigato0
 
Best Practices to Protect Cardholder Data Environment and Achieve PCI Compliance
Best Practices to Protect Cardholder Data Environment and Achieve PCI ComplianceBest Practices to Protect Cardholder Data Environment and Achieve PCI Compliance
Best Practices to Protect Cardholder Data Environment and Achieve PCI ComplianceRapid7
 
Chapter 10, part 3
Chapter 10, part 3Chapter 10, part 3
Chapter 10, part 3misecho
 
Maeve mis presentation
Maeve mis presentationMaeve mis presentation
Maeve mis presentationmisecho
 
Senate homeland security and commerce
Senate homeland security and commerceSenate homeland security and commerce
Senate homeland security and commerceAbegail Roberts
 
Freedom on the net 2018
Freedom on the net 2018Freedom on the net 2018
Freedom on the net 2018Mauro Marigliano
 
Cybersecurity Rubicon: Emerging Threats
Cybersecurity Rubicon: Emerging ThreatsCybersecurity Rubicon: Emerging Threats
Cybersecurity Rubicon: Emerging ThreatsKagrati3972
 
Corporate & Regulatory Compliance Boot Camp - Data Privacy Compliance
Corporate & Regulatory Compliance Boot Camp - Data Privacy ComplianceCorporate & Regulatory Compliance Boot Camp - Data Privacy Compliance
Corporate & Regulatory Compliance Boot Camp - Data Privacy ComplianceFinancial Poise
 
National Consumers League's 2015 Cybersecurity Policy Agenda
National Consumers League's 2015 Cybersecurity Policy AgendaNational Consumers League's 2015 Cybersecurity Policy Agenda
National Consumers League's 2015 Cybersecurity Policy Agendanationalconsumersleague
 

More Related Content

What's hot

Forecast cybersecurity regulation v3
Forecast cybersecurity regulation v3Forecast cybersecurity regulation v3
Forecast cybersecurity regulation v3Joe Orlando
 
Anonos FTC Comment Letter Big Data: A Tool for Inclusion or Exclusion
Anonos FTC Comment Letter Big Data: A Tool for Inclusion or ExclusionAnonos FTC Comment Letter Big Data: A Tool for Inclusion or Exclusion
Anonos FTC Comment Letter Big Data: A Tool for Inclusion or ExclusionTed Myerson
 
Enforcement and Litigation Trends and Developments in Privacy and Data Security
Enforcement and Litigation Trends and Developments in Privacy and Data Security Enforcement and Litigation Trends and Developments in Privacy and Data Security
Enforcement and Litigation Trends and Developments in Privacy and Data Security Richik Sarkar
 
Internetregulationjapan
InternetregulationjapanInternetregulationjapan
Internetregulationjapanrmackinnon
 
Behavioraltargeting
BehavioraltargetingBehavioraltargeting
Behavioraltargetingjegayer
 
Encuentro Datos Abiertos e IA - Ricardo Baeza-Yates (Mayo 2021)
Encuentro Datos Abiertos e IA - Ricardo Baeza-Yates (Mayo 2021)Encuentro Datos Abiertos e IA - Ricardo Baeza-Yates (Mayo 2021)
Encuentro Datos Abiertos e IA - Ricardo Baeza-Yates (Mayo 2021)Alejandro Barros
 
Regulation and the Internet of Things
Regulation and the Internet of ThingsRegulation and the Internet of Things
Regulation and the Internet of Thingsblogzilla
 
Beyond Privacy: Learning Data Ethics - European Big Data Community Forum 2019...
Beyond Privacy: Learning Data Ethics - European Big Data Community Forum 2019...Beyond Privacy: Learning Data Ethics - European Big Data Community Forum 2019...
Beyond Privacy: Learning Data Ethics - European Big Data Community Forum 2019...IDC4EU
 
Cyber Insurance, A Novel of 2017, Q1. By Statewide Insurance
Cyber Insurance, A Novel of 2017, Q1. By Statewide InsuranceCyber Insurance, A Novel of 2017, Q1. By Statewide Insurance
Cyber Insurance, A Novel of 2017, Q1. By Statewide InsuranceStatewide Insurance Brokers
 
Cyber Security Agenda for 45th President
Cyber Security Agenda for 45th PresidentCyber Security Agenda for 45th President
Cyber Security Agenda for 45th PresidentInternet Law Center
 
It Security Overview
It Security OverviewIt Security Overview
It Security Overviewjoegleinser
 
Karen Cook: Technology Outspacing Constitution
Karen Cook: Technology Outspacing ConstitutionKaren Cook: Technology Outspacing Constitution
Karen Cook: Technology Outspacing Constitutionmerlyna
 
Computer and network surveillance
Computer and network surveillanceComputer and network surveillance
Computer and network surveillancemarianavigato0
 
Best Practices to Protect Cardholder Data Environment and Achieve PCI Compliance
Best Practices to Protect Cardholder Data Environment and Achieve PCI ComplianceBest Practices to Protect Cardholder Data Environment and Achieve PCI Compliance
Best Practices to Protect Cardholder Data Environment and Achieve PCI ComplianceRapid7
 
Chapter 10, part 3
Chapter 10, part 3Chapter 10, part 3
Chapter 10, part 3misecho
 
Maeve mis presentation
Maeve mis presentationMaeve mis presentation
Maeve mis presentationmisecho
 
Senate homeland security and commerce
Senate homeland security and commerceSenate homeland security and commerce
Senate homeland security and commerceAbegail Roberts
 
Cybersecurity Rubicon: Emerging Threats
Cybersecurity Rubicon: Emerging ThreatsCybersecurity Rubicon: Emerging Threats
Cybersecurity Rubicon: Emerging ThreatsKagrati3972
 

What's hot (20)

Forecast cybersecurity regulation v3
Forecast cybersecurity regulation v3Forecast cybersecurity regulation v3
Forecast cybersecurity regulation v3
 
Anonos FTC Comment Letter Big Data: A Tool for Inclusion or Exclusion
Anonos FTC Comment Letter Big Data: A Tool for Inclusion or ExclusionAnonos FTC Comment Letter Big Data: A Tool for Inclusion or Exclusion
Anonos FTC Comment Letter Big Data: A Tool for Inclusion or Exclusion
 
Don't Let Cybersecurity Trip You Up
Don't Let Cybersecurity Trip You UpDon't Let Cybersecurity Trip You Up
Don't Let Cybersecurity Trip You Up
 
Enforcement and Litigation Trends and Developments in Privacy and Data Security
Enforcement and Litigation Trends and Developments in Privacy and Data Security Enforcement and Litigation Trends and Developments in Privacy and Data Security
Enforcement and Litigation Trends and Developments in Privacy and Data Security
 
Internetregulationjapan
InternetregulationjapanInternetregulationjapan
Internetregulationjapan
 
Behavioraltargeting
BehavioraltargetingBehavioraltargeting
Behavioraltargeting
 
Encuentro Datos Abiertos e IA - Ricardo Baeza-Yates (Mayo 2021)
Encuentro Datos Abiertos e IA - Ricardo Baeza-Yates (Mayo 2021)Encuentro Datos Abiertos e IA - Ricardo Baeza-Yates (Mayo 2021)
Encuentro Datos Abiertos e IA - Ricardo Baeza-Yates (Mayo 2021)
 
Regulation and the Internet of Things
Regulation and the Internet of ThingsRegulation and the Internet of Things
Regulation and the Internet of Things
 
Beyond Privacy: Learning Data Ethics - European Big Data Community Forum 2019...
Beyond Privacy: Learning Data Ethics - European Big Data Community Forum 2019...Beyond Privacy: Learning Data Ethics - European Big Data Community Forum 2019...
Beyond Privacy: Learning Data Ethics - European Big Data Community Forum 2019...
 
Cyber Insurance, A Novel of 2017, Q1. By Statewide Insurance
Cyber Insurance, A Novel of 2017, Q1. By Statewide InsuranceCyber Insurance, A Novel of 2017, Q1. By Statewide Insurance
Cyber Insurance, A Novel of 2017, Q1. By Statewide Insurance
 
Cyber Security Agenda for 45th President
Cyber Security Agenda for 45th PresidentCyber Security Agenda for 45th President
Cyber Security Agenda for 45th President
 
It Security Overview
It Security OverviewIt Security Overview
It Security Overview
 
Karen Cook: Technology Outspacing Constitution
Karen Cook: Technology Outspacing ConstitutionKaren Cook: Technology Outspacing Constitution
Karen Cook: Technology Outspacing Constitution
 
Computer and network surveillance
Computer and network surveillanceComputer and network surveillance
Computer and network surveillance
 
Best Practices to Protect Cardholder Data Environment and Achieve PCI Compliance
Best Practices to Protect Cardholder Data Environment and Achieve PCI ComplianceBest Practices to Protect Cardholder Data Environment and Achieve PCI Compliance
Best Practices to Protect Cardholder Data Environment and Achieve PCI Compliance
 
Chapter 10, part 3
Chapter 10, part 3Chapter 10, part 3
Chapter 10, part 3
 
Maeve mis presentation
Maeve mis presentationMaeve mis presentation
Maeve mis presentation
 
Senate homeland security and commerce
Senate homeland security and commerceSenate homeland security and commerce
Senate homeland security and commerce
 
Freedom on the net 2018
Freedom on the net 2018Freedom on the net 2018
Freedom on the net 2018
 
Cybersecurity Rubicon: Emerging Threats
Cybersecurity Rubicon: Emerging ThreatsCybersecurity Rubicon: Emerging Threats
Cybersecurity Rubicon: Emerging Threats
 

Similar to 8 Questions for 2016 Federal Cybersecurity National Action Plan (CNAP)

Corporate & Regulatory Compliance Boot Camp - Data Privacy Compliance
Corporate & Regulatory Compliance Boot Camp - Data Privacy ComplianceCorporate & Regulatory Compliance Boot Camp - Data Privacy Compliance
Corporate & Regulatory Compliance Boot Camp - Data Privacy ComplianceFinancial Poise
 
National Consumers League's 2015 Cybersecurity Policy Agenda
National Consumers League's 2015 Cybersecurity Policy AgendaNational Consumers League's 2015 Cybersecurity Policy Agenda
National Consumers League's 2015 Cybersecurity Policy Agendanationalconsumersleague
 
Cyber for Counties Guidebook
Cyber for Counties Guidebook Cyber for Counties Guidebook
Cyber for Counties Guidebook Kristin Judge
 
The top trends changing the landscape of Information Management
The top trends changing the landscape of Information ManagementThe top trends changing the landscape of Information Management
The top trends changing the landscape of Information ManagementVelrada
 
wp-us-cities-exposed-industries-and-ics
wp-us-cities-exposed-industries-and-icswp-us-cities-exposed-industries-and-ics
wp-us-cities-exposed-industries-and-icsNumaan Huq
 
wp-us-cities-exposed-industries-and-ics
wp-us-cities-exposed-industries-and-icswp-us-cities-exposed-industries-and-ics
wp-us-cities-exposed-industries-and-icsThomas Hughes
 
wp-follow-the-data
wp-follow-the-datawp-follow-the-data
wp-follow-the-dataNumaan Huq
 
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)Financial Poise
 
Digital Transformation and Data Protection
Digital Transformation and Data ProtectionDigital Transformation and Data Protection
Digital Transformation and Data ProtectionSerter Ozturk
 
A Look at Cyber Insurance -- A Corporate Perspective
A Look at Cyber Insurance -- A Corporate PerspectiveA Look at Cyber Insurance -- A Corporate Perspective
A Look at Cyber Insurance -- A Corporate PerspectiveDawn Yankeelov
 
Global Partnership Key to Cyber Security
Global Partnership Key to Cyber SecurityGlobal Partnership Key to Cyber Security
Global Partnership Key to Cyber SecurityDominic Karunesudas
 
Cyber Security Conference - Msps cybersecurity whitepaper
Cyber Security Conference - Msps cybersecurity whitepaperCyber Security Conference - Msps cybersecurity whitepaper
Cyber Security Conference - Msps cybersecurity whitepaperMicrosoft
 
Digital Transformation and Data Protection in Automotive Industry
Digital Transformation and Data Protection in Automotive IndustryDigital Transformation and Data Protection in Automotive Industry
Digital Transformation and Data Protection in Automotive IndustryÇukur & Yılmaz Law Firm
 
Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...
Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...
Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...Shawn Tuma
 
Cyber Security - Things you need to know
Cyber Security - Things you need to knowCyber Security - Things you need to know
Cyber Security - Things you need to knowNathan Desfontaines
 
CYBER SECURITY FOR PRIVATE AND DOMESTIC USE -VIKASH SINGH BAGHEL.pdf
CYBER SECURITY FOR PRIVATE AND DOMESTIC USE -VIKASH SINGH BAGHEL.pdfCYBER SECURITY FOR PRIVATE AND DOMESTIC USE -VIKASH SINGH BAGHEL.pdf
CYBER SECURITY FOR PRIVATE AND DOMESTIC USE -VIKASH SINGH BAGHEL.pdfVikashSinghBaghel1
 
Cyber Security: Threat and Prevention
Cyber Security: Threat and PreventionCyber Security: Threat and Prevention
Cyber Security: Threat and Preventionfmi_igf
 
Global Cyber Market Overview June 2017
Global Cyber Market Overview June 2017Global Cyber Market Overview June 2017
Global Cyber Market Overview June 2017Graeme Cross
 

Similar to 8 Questions for 2016 Federal Cybersecurity National Action Plan (CNAP) (20)

Corporate & Regulatory Compliance Boot Camp - Data Privacy Compliance
Corporate & Regulatory Compliance Boot Camp - Data Privacy ComplianceCorporate & Regulatory Compliance Boot Camp - Data Privacy Compliance
Corporate & Regulatory Compliance Boot Camp - Data Privacy Compliance
 
National Consumers League's 2015 Cybersecurity Policy Agenda
National Consumers League's 2015 Cybersecurity Policy AgendaNational Consumers League's 2015 Cybersecurity Policy Agenda
National Consumers League's 2015 Cybersecurity Policy Agenda
 
Cyber for Counties Guidebook
Cyber for Counties Guidebook Cyber for Counties Guidebook
Cyber for Counties Guidebook
 
The top trends changing the landscape of Information Management
The top trends changing the landscape of Information ManagementThe top trends changing the landscape of Information Management
The top trends changing the landscape of Information Management
 
wp-us-cities-exposed-industries-and-ics
wp-us-cities-exposed-industries-and-icswp-us-cities-exposed-industries-and-ics
wp-us-cities-exposed-industries-and-ics
 
wp-us-cities-exposed-industries-and-ics
wp-us-cities-exposed-industries-and-icswp-us-cities-exposed-industries-and-ics
wp-us-cities-exposed-industries-and-ics
 
Technologies that will change The Future of Healthcare
Technologies that will change The Future of Healthcare Technologies that will change The Future of Healthcare
Technologies that will change The Future of Healthcare
 
wp-follow-the-data
wp-follow-the-datawp-follow-the-data
wp-follow-the-data
 
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
 
Data Privacy Compliance
Data Privacy ComplianceData Privacy Compliance
Data Privacy Compliance
 
Digital Transformation and Data Protection
Digital Transformation and Data ProtectionDigital Transformation and Data Protection
Digital Transformation and Data Protection
 
A Look at Cyber Insurance -- A Corporate Perspective
A Look at Cyber Insurance -- A Corporate PerspectiveA Look at Cyber Insurance -- A Corporate Perspective
A Look at Cyber Insurance -- A Corporate Perspective
 
Global Partnership Key to Cyber Security
Global Partnership Key to Cyber SecurityGlobal Partnership Key to Cyber Security
Global Partnership Key to Cyber Security
 
Cyber Security Conference - Msps cybersecurity whitepaper
Cyber Security Conference - Msps cybersecurity whitepaperCyber Security Conference - Msps cybersecurity whitepaper
Cyber Security Conference - Msps cybersecurity whitepaper
 
Digital Transformation and Data Protection in Automotive Industry
Digital Transformation and Data Protection in Automotive IndustryDigital Transformation and Data Protection in Automotive Industry
Digital Transformation and Data Protection in Automotive Industry
 
Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...
Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...
Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...
 
Cyber Security - Things you need to know
Cyber Security - Things you need to knowCyber Security - Things you need to know
Cyber Security - Things you need to know
 
CYBER SECURITY FOR PRIVATE AND DOMESTIC USE -VIKASH SINGH BAGHEL.pdf
CYBER SECURITY FOR PRIVATE AND DOMESTIC USE -VIKASH SINGH BAGHEL.pdfCYBER SECURITY FOR PRIVATE AND DOMESTIC USE -VIKASH SINGH BAGHEL.pdf
CYBER SECURITY FOR PRIVATE AND DOMESTIC USE -VIKASH SINGH BAGHEL.pdf
 
Cyber Security: Threat and Prevention
Cyber Security: Threat and PreventionCyber Security: Threat and Prevention
Cyber Security: Threat and Prevention
 
Global Cyber Market Overview June 2017
Global Cyber Market Overview June 2017Global Cyber Market Overview June 2017
Global Cyber Market Overview June 2017
 

Recently uploaded

Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 

Recently uploaded (20)

Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 

8 Questions for 2016 Federal Cybersecurity National Action Plan (CNAP)

  • 1. HARD QUESTIONS FEDERAL “Elephant in the room” topics for the Government and contractors Who make up the information technology ecosystem of the Federal marketplace. CYBERSECURITY IN 2016 FOR
  • 2. These are eight questions regarding the Federal Cybersecurity National Action Plan (CNAP) that will need to be addressed in the 2016. 2
  • 3. • The Federal Government has data on every citizen in the U.S. This personal data is spread across hundreds of agencies. Which agency has primary ownership of that data? • Is the most critical information (health records and security background data) protected better than general information such as the seating chart for the upcoming holiday party? Who owns the data…. and where is it located? 3
  • 4. • Government contractors create, manage and process billions of critical records in support of the Federal government. If a contractor is hacked, who pays for the system recovery, data monitoring services, public relations, etc.? • If the breach bankrupts the company, is the Government responsible for this cost? • Should the Government require insurance to share this risk? Should the Government require contractors to have cyber insurance? 4
  • 5. • Government contractors create, manage and process billions of critical records in support of the Federal government. If a contractor is hacked, who pays for the system recovery, data monitoring services, public relations, etc.? • If the breach bankrupts the company, is the Government responsible for this cost? • Should the Government require insurance to share this risk? Can the Government use past cyber breaches in the source selection of contractors? 5
  • 6. • From automated buildings to medical devices, the Federal government has an enormous supply chain for products and services. Recent events surrounding medical devices have shown that certain devices are not only threats to patients but to the networks they are connected to. Should each item in the chain have a cyber rating or evaluation? • Is it time for a UL-like rating to be applied to all devices purchased by the Government? Should products have a cyber rating as part of the Government supply chain evaluation? 6
  • 7. • Unlike many commercial entities, a basic construct of Federal contracting is that competition is open and fair to qualified vendors. Given that most cyber products are only a few years old and that the threat is changing daily, is trying to provide fair opportunity to service and product providers (and therefore slower) putting the Federal systems at risk? • Would the faster purchase of a “good enough” solution be better than using a slower path to buy the best solution? Is the process of fair bidding more important than acquisition and implementation speed? 7
  • 8. • Anybody that attended the recent RSA Conference in San Francisco saw booth upon booth of new cybersecurity products. Exactly how does the Government determine if one product is worth more than another? • Is spending a million dollars on a new technology going to get ten times more protection than a solution that costs ten thousand? What is the value of a cyber solution? 8
  • 9. • In the end, there is always a legal component to major issues that confront the nation. Cyber is no different. A key element of the Government’s approach is greater sharing of incidents and threats to shorten the time of response and protection. • How do you get greater cyber breach information sharing and legal protection at the same time? How does Government deal with cyber breach information sharing and the inherent conflict with outside legal counsel? 9
  • 10. • In the commercial world, there is a rapid growth of outside cyber breach response teams who work with companies that have been hacked to get them quickly back up and running. A key component of this strategy is the breach response team is an outside entity. • Who is this entity for a Federal agency? • Should this responsibility rest with on-call contractors or with an on-call Federal group? Who cleans up the mess of a cybersecurity breach? 10
  • 11. Has approaches to many of the questions surrounding cybersecurity for Federal agencies. 11 volver
  • 12. Evolver's cybersecurity teams currently protect tens of thousands of Government and commercial clients. Our specialization is in protecting highly critical, large data and transactional enterprises. Our experience spans more than 15 years 12 YBERSECURITY TEAMS
  • 13. Includes tools to – Identify – Measure – Track – Reduce cybersecurity risks 13 ybersecurity Approach
  • 14. Click here for a downloadable PDF of the 8 Hard Questions for Federal Cybersecurity (CNAP) 14
  • 15. Chip Block Vice President 1943 Isaac Newton Square Reston, VA 20190 703-889-9353 cblock@evolverinc.com www.evolverinc.com 15