The document discusses the history and current state of U.S. cybersecurity policy and the National Strategy to Secure Cyberspace. It outlines the key government actors involved in cybersecurity, recent relevant legislation, and critiques the national cybersecurity plan. The national plan prioritizes building a security response system, reducing threats and vulnerabilities, increasing security awareness and training, securing government cyberspace, and enhancing international cooperation. It advocates a public-private partnership approach with limited regulation.
ID IGF 2016 - Hukum 3 - Kedaulatan dan Ketahanan Cyber NasionalIGF Indonesia
Presented by Edmon Makarim (Fakultas Hukum, UI)
ID IGF 2016
Sesi Hukum 3 - Mewujudkan Kedaulatan dan Ketahanan Siber Indonesia
Jakarta, 15 November 2016
National Strategy to Secure 5G of the United States of AmericaNeil McDonnell
Neil McDonnell and the GovCon Chamber of Commerce bring this strategic plan to the public as part of our mashup effort to inform small business federal contractors.
ID IGF 2016 - Hukum 3 - Kedaulatan dan Ketahanan Cyber NasionalIGF Indonesia
Presented by Edmon Makarim (Fakultas Hukum, UI)
ID IGF 2016
Sesi Hukum 3 - Mewujudkan Kedaulatan dan Ketahanan Siber Indonesia
Jakarta, 15 November 2016
National Strategy to Secure 5G of the United States of AmericaNeil McDonnell
Neil McDonnell and the GovCon Chamber of Commerce bring this strategic plan to the public as part of our mashup effort to inform small business federal contractors.
Protection of critical information infrastructureNeha Agarwal
Information Infrastructure is the term usually used to describe the totality of inter-connected computers and networks, and information flowing through them. Certain parts of this Information Infrastructure, could be dedicated for management / control etc of infrastructure providers’ e.g. Power generation, Gas/oil pipelines, or support our economy or national
fabric e.g. Banking / Telecom etc. The contribution of the services supported
by these infrastructures, and more importantly, the impact of any sudden
failure or outage on our National well being or National Security marks them as being Critical.
By extension, information infrastructure supporting the operations of Critical Infrastructure (CI) marks this as Critical Information infrastructure (CII). These Networks operate/monitor and control important Governmental and Societal functions and services including, but not limited to, Power (Generation/transmission/ distribution etc), Telecommunication (mobile/landline/internet etc), Transportation (Air/land/rail/sea etc), Defence etc. These CII are becoming increasingly dependent on their information infrastructure for information management, communication and control functions.
Talk given to the Vanguards on 2022-02-25. Covers cognitive security definitions, ecoystem, main activities (disinformation risk assessment, detection/response coordination), and scaling.
Supporting the global efforts in strengthening the safety, security and resilience of Cyberspace, the Commonwealth Cybersecurity Forum 2013, organised by the Commonwealth Telecommunications Organisation. The ceremonial opening examined how Cyberspace could be governed and utilised in a manner to foster freedom and entrepreneurship, while protecting individuals, property and the state, leading to socio-economic development. Speakers of this session, Mr Mario Maniewicz, Chief, Department of Infrastructure, Enabling Environment and E-Applications, ITU; Mr David Pollington, Director, International Security Relations, Microsoft; Mr Alexander Seger, Secretary, Cybercrime Convention Committee, Council of Europe; Mr Nigel Hickson, Vice President, Europe, ICANN and Mr Pierre Dandjinou, Vice President, Africa, ICANN, added their perspectives on various approaches to Cybergovernance, with general agreement on the role Cyberspace could play to facilitate development equitably and fairly across the world.
Hosted by the Ministry of Posts and Telecommunications of Cameroon together with the Telecommunications Regulatory Board of Cameroon and backed by partners and industry supporters including ICANN, Council of Europe, Microsoft, MTN Cameroon, AFRINIC and Internet Watch Foundation, the Commonwealth Cybersecurity Forum 2013 seeks to broaden stakeholder dialogue to facilitate practical action in Cybergovernance and Cybersecurity, some of which will be reflected in the CTO’s own work programmes under its Cybersecurity agenda.
The National Cyber Security Strategy 2016 to 2021 sets out the government's p...at MicroFocus Italy ❖✔
The UK is one of the world’s leading
digital nations. Much of our prosperity
now depends on our ability to secure our
technology, data and networks from the
many threats we face.
Yet cyber attacks are growing more
frequent, sophisticated and damaging when
they succeed. So we are taking decisive
action to protect both our economy and the
privacy of UK citizens.
Our National Cyber Security Strategy sets out
our plan to make Britain confident, capable
and resilient in a fast-moving digital world.
Over the lifetime of this five-year strategy,
we will invest £1.9 billion in defending
our systems and infrastructure, deterring
our adversaries, and developing a wholesociety
capability – from the biggest
companies to the individual citizen.
From the most basic cyber hygiene, to the
most sophisticated deterrence, we need a
comprehensive response.
We will focus on raising the cost of
mounting an attack against anyone in the
UK, both through stronger defences and
better cyber skills. This is no longer just
an issue for the IT department but for the
whole workforce. Cyber skills need to reach
into every profession.
The new National Cyber Security Centre will
provide a hub of world-class, user-friendly
expertise for businesses and individuals, as
well as rapid response to major incidents.
Government has a clear leadership role,
but we will also foster a wider commercial
ecosystem, recognising where industry
can innovate faster than us. This includes
a drive to get the best young minds into
cyber security.
The cyber threat impacts the whole of our
society, so we want to make very clear
that everyone has a part to play in our
national response. It’s why this strategy is
an unprecedented exercise in transparency.
We can no longer afford to have this
discussion behind closed doors.
Ultimately, this is a threat that cannot be
completely eliminated. Digital technology
works because it is open, and that
openness brings with it risk. What we
can do is reduce the threat to a level that
ensures we remain at the vanguard of the
digital revolution. This strategy sets out how.
ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...Cyber Security Alliance
This presentation will analyze the Information Warfare scenarios, technical and legal backgrounds, highlighting as well the importance of the terminologies and bringing to the audience real-life examples and known incidents. The last part of the talk will focus on two theorical case studies and on one, very special, theorical case study.
DRAFT of NEW White House Cybersecurity Executive Order leakedDavid Sweigert
Posted as a courtesy by:
Dave Sweigert
CEH, CISA, CISSP, HCISPP, PCIP, PMP, SEC+
The latest draft of a cybersecurity executive order to be signed by President Trump has become an unusually precise, report-ordering extravaganza.
Executive orders – even those signed by Trump – tend to be relatively short and quite vague, with general policy goals listed and expected to be interpreted by others.
The new cybersecurity order is none of those. At over 2,200 words it is very long. It is also very precise, listing individuals and giving them specific tasks. Rather than focus on a particular goal – the creation of a new taskforce or the development of a singular report – the order calls for the production of no fewer than 10 reports, six of which will go direct to the President, on a range of aspects of cybersecurity.
(By comparison, even though President Obama put out a very lengthy executive order on cybersecurity, running to 3,000 words, it only asked for three reports to be created.)
To understand how what was originally a restatement of US policy toward cybersecurity with a call for a single report has evolved into an extensive work plan, you need to look at the unusual events of nine days ago.
Trump was expected to sign the cybersecurity order on January 31. To that end, a series of meetings were held at the White House during the day and it was supposed to end with the signing in the Oval Office in the late afternoon. But at the last minute, without explanation, the decision to sign was pulled.
It is widely believed that homeland security agencies infringe on innocent citizens' privacy in order to carry out the war on terror. Advanced cryptographic techniques can enable complex data mining tasks, while preserving citizens' privacy by revealing the minimum information necessary. Understand the social and tecnhological battle between national security and Constitutional rights.
Comprehensive U.S. Cyber Framework Final ReportLandon Harrell
This project is a product of the Class of 2019 Bush School of Government and Public Service, Texas A&M University Capstone Program. The project lasted one academic year and involved eight second-year master students. It intends to synthesize and provide clarity in the realm of issues pertaining to U.S. Internet Protocol Space by demonstrating natural partnerships and recommendations for existing cyber incident response. The project was produced at the request of PointStream Inc., a private cybersecurity contractor.
There's a Crippling Cyber Attack Coming Your Way! Are we prepared to stop it?Brian K. Dickard
How many of you think that the US power grid can be taken out for an extended time period by a cyberattack? The threat is real and sophisticated, and our ability to mount a coordinated response at both the government and private industry level is limited. This presentation explores the critical issues involved in making meaningful progress to detect and defend against this threat.
Protection of critical information infrastructureNeha Agarwal
Information Infrastructure is the term usually used to describe the totality of inter-connected computers and networks, and information flowing through them. Certain parts of this Information Infrastructure, could be dedicated for management / control etc of infrastructure providers’ e.g. Power generation, Gas/oil pipelines, or support our economy or national
fabric e.g. Banking / Telecom etc. The contribution of the services supported
by these infrastructures, and more importantly, the impact of any sudden
failure or outage on our National well being or National Security marks them as being Critical.
By extension, information infrastructure supporting the operations of Critical Infrastructure (CI) marks this as Critical Information infrastructure (CII). These Networks operate/monitor and control important Governmental and Societal functions and services including, but not limited to, Power (Generation/transmission/ distribution etc), Telecommunication (mobile/landline/internet etc), Transportation (Air/land/rail/sea etc), Defence etc. These CII are becoming increasingly dependent on their information infrastructure for information management, communication and control functions.
Talk given to the Vanguards on 2022-02-25. Covers cognitive security definitions, ecoystem, main activities (disinformation risk assessment, detection/response coordination), and scaling.
Supporting the global efforts in strengthening the safety, security and resilience of Cyberspace, the Commonwealth Cybersecurity Forum 2013, organised by the Commonwealth Telecommunications Organisation. The ceremonial opening examined how Cyberspace could be governed and utilised in a manner to foster freedom and entrepreneurship, while protecting individuals, property and the state, leading to socio-economic development. Speakers of this session, Mr Mario Maniewicz, Chief, Department of Infrastructure, Enabling Environment and E-Applications, ITU; Mr David Pollington, Director, International Security Relations, Microsoft; Mr Alexander Seger, Secretary, Cybercrime Convention Committee, Council of Europe; Mr Nigel Hickson, Vice President, Europe, ICANN and Mr Pierre Dandjinou, Vice President, Africa, ICANN, added their perspectives on various approaches to Cybergovernance, with general agreement on the role Cyberspace could play to facilitate development equitably and fairly across the world.
Hosted by the Ministry of Posts and Telecommunications of Cameroon together with the Telecommunications Regulatory Board of Cameroon and backed by partners and industry supporters including ICANN, Council of Europe, Microsoft, MTN Cameroon, AFRINIC and Internet Watch Foundation, the Commonwealth Cybersecurity Forum 2013 seeks to broaden stakeholder dialogue to facilitate practical action in Cybergovernance and Cybersecurity, some of which will be reflected in the CTO’s own work programmes under its Cybersecurity agenda.
The National Cyber Security Strategy 2016 to 2021 sets out the government's p...at MicroFocus Italy ❖✔
The UK is one of the world’s leading
digital nations. Much of our prosperity
now depends on our ability to secure our
technology, data and networks from the
many threats we face.
Yet cyber attacks are growing more
frequent, sophisticated and damaging when
they succeed. So we are taking decisive
action to protect both our economy and the
privacy of UK citizens.
Our National Cyber Security Strategy sets out
our plan to make Britain confident, capable
and resilient in a fast-moving digital world.
Over the lifetime of this five-year strategy,
we will invest £1.9 billion in defending
our systems and infrastructure, deterring
our adversaries, and developing a wholesociety
capability – from the biggest
companies to the individual citizen.
From the most basic cyber hygiene, to the
most sophisticated deterrence, we need a
comprehensive response.
We will focus on raising the cost of
mounting an attack against anyone in the
UK, both through stronger defences and
better cyber skills. This is no longer just
an issue for the IT department but for the
whole workforce. Cyber skills need to reach
into every profession.
The new National Cyber Security Centre will
provide a hub of world-class, user-friendly
expertise for businesses and individuals, as
well as rapid response to major incidents.
Government has a clear leadership role,
but we will also foster a wider commercial
ecosystem, recognising where industry
can innovate faster than us. This includes
a drive to get the best young minds into
cyber security.
The cyber threat impacts the whole of our
society, so we want to make very clear
that everyone has a part to play in our
national response. It’s why this strategy is
an unprecedented exercise in transparency.
We can no longer afford to have this
discussion behind closed doors.
Ultimately, this is a threat that cannot be
completely eliminated. Digital technology
works because it is open, and that
openness brings with it risk. What we
can do is reduce the threat to a level that
ensures we remain at the vanguard of the
digital revolution. This strategy sets out how.
ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...Cyber Security Alliance
This presentation will analyze the Information Warfare scenarios, technical and legal backgrounds, highlighting as well the importance of the terminologies and bringing to the audience real-life examples and known incidents. The last part of the talk will focus on two theorical case studies and on one, very special, theorical case study.
DRAFT of NEW White House Cybersecurity Executive Order leakedDavid Sweigert
Posted as a courtesy by:
Dave Sweigert
CEH, CISA, CISSP, HCISPP, PCIP, PMP, SEC+
The latest draft of a cybersecurity executive order to be signed by President Trump has become an unusually precise, report-ordering extravaganza.
Executive orders – even those signed by Trump – tend to be relatively short and quite vague, with general policy goals listed and expected to be interpreted by others.
The new cybersecurity order is none of those. At over 2,200 words it is very long. It is also very precise, listing individuals and giving them specific tasks. Rather than focus on a particular goal – the creation of a new taskforce or the development of a singular report – the order calls for the production of no fewer than 10 reports, six of which will go direct to the President, on a range of aspects of cybersecurity.
(By comparison, even though President Obama put out a very lengthy executive order on cybersecurity, running to 3,000 words, it only asked for three reports to be created.)
To understand how what was originally a restatement of US policy toward cybersecurity with a call for a single report has evolved into an extensive work plan, you need to look at the unusual events of nine days ago.
Trump was expected to sign the cybersecurity order on January 31. To that end, a series of meetings were held at the White House during the day and it was supposed to end with the signing in the Oval Office in the late afternoon. But at the last minute, without explanation, the decision to sign was pulled.
It is widely believed that homeland security agencies infringe on innocent citizens' privacy in order to carry out the war on terror. Advanced cryptographic techniques can enable complex data mining tasks, while preserving citizens' privacy by revealing the minimum information necessary. Understand the social and tecnhological battle between national security and Constitutional rights.
Comprehensive U.S. Cyber Framework Final ReportLandon Harrell
This project is a product of the Class of 2019 Bush School of Government and Public Service, Texas A&M University Capstone Program. The project lasted one academic year and involved eight second-year master students. It intends to synthesize and provide clarity in the realm of issues pertaining to U.S. Internet Protocol Space by demonstrating natural partnerships and recommendations for existing cyber incident response. The project was produced at the request of PointStream Inc., a private cybersecurity contractor.
There's a Crippling Cyber Attack Coming Your Way! Are we prepared to stop it?Brian K. Dickard
How many of you think that the US power grid can be taken out for an extended time period by a cyberattack? The threat is real and sophisticated, and our ability to mount a coordinated response at both the government and private industry level is limited. This presentation explores the critical issues involved in making meaningful progress to detect and defend against this threat.
The Federal Government's Track Record on Cybersecurity and Critical Infrastru...- Mark - Fullbright
All product and company names mentioned herein are for identification and educational purposes only and are the property of, and may be trademarks of, their respective owners.
talks about the present status of the cyber security in India. The policy of cyber security is also discussed. the general principles of the cyber security is highlighted.
Legal position of cyber security and instances of breach of information technology code is also discussed.
Government Technology & Services Coalition & InfraGard NCR's Program: Cyber Security: Securing the Federal Cyber Domain by Strengthening Public-Private Partnership
Presentation: How do we Strengthen the Public-Private Partnership to Mitigate and Minimize the Damage: Improving Cybersecurity and Resilience Through Acquisition
Presenter: Emile Monette, Senior Advisor for Cybersecurity, GSA, Office of Mission Assurance
Description: How do we approach deliberate attacks against Federal contractors who handle and have access to massive amounts of sensitive and confidential data and information? From the increasing Insider threat to state-sponsored attacks, how can the Federal government partner more effectively with the private sector to detect and mitigate these attacks?
Oil and Gas iQ’s Cyber Security for Oil and Gas event will bring together relevant stakeholders to discuss the most pressing cyber security issues facing the oil and gas sector. Presentations will examine threat trends, identify immediate and long-term needs, and reveal up-and-coming technologies for use in evolving threat environments. Security managers, IT strategy implementers, and industry partners will gather in Houston, TX to network, share best practices and explore potential paths to mitigate the threat of energy-focused attacks from cyber adversaries. For more information visit http://bit.ly/1cwasCO
Cybersecurity Strategies - time for the next generationHinne Hettema
In this talk, presented in June 2016 at KAIST, I argue that it is time for the next generation of cybersecurity strategies. These must have a governance focus, and be based on international laws, declarations and agreements, basic internet rights and public good provisions.
Rutkowski OASIS CTI F2F Cybersecurity Act Preso 20160115James Bryce Clark
Shared with permission from author. Analysis from individual members of OASIS, presented at a recent meeting of the OASIS Cyber Threat Intelligence TC (the development platform for STIX/TAXII). Extracted from a broader set posted to: https://lists.oasis-open.org/archives/cti/201601/msg00000/_cybersecurity_act_reference-model_1.1.pptx
This information is provided for information, but does not represent the output or official views of OASIS or its technical committees..
Brian Wrote There is a wide range of cybersecurity initiatives .docxhartrobert670
Brian Wrote :
There is a wide range of cybersecurity initiatives that exist on the international level through collaborative efforts between the Department of Homeland Security (DHS) and numerous organizational units (UMUC, 2012). According to UMUC (2012), some examples of these initiatives are:
· Federal Law Enforcement Training Center
· National Cyber Security Division
· National Communications System
· Office of Infrastructure Protection
· Office of Operations Coordination
· Privacy Office
· U.S. Secret Service
· U.S. Immigration and Customs Enforcement
· Organization of American States Assistance
“The National Cyber Security Division works to secure cyberspace and America’s cyber assets in cooperation with public, private, and international entities” (UMUC, 2012). This is done using several strategic plans and directives, such as the Presidential Decision Directive 7, the Information Technology Sector Specific Plan, the National Strategy to Secure Cyber Space, National Infrastructure Preparedness Plan, and the National Response Plan (UMUC, 2012). A challenge that the National Cyber Security Division faces in providing an effective deterrent to cybersecurity threats are the constant evolving technologies. These include for both good and bad. Cyber attacks are constantly evolving and so are the technologies use to protect from them. In order for the National Cyber Security Division to effectively deter them not only do they have to stay up-to-date but also so do all of the strategic plans and directives that they use.
Another initiative is the Federal Law Enforcement Training Center (FLETC) that emerged in the 1980s. This initiative puts forth “efforts to counter international hijackings and financial crimes” (UMUC, 2012). It now also extends law enforcement abroad to help against terrorist activity, international crime, and drug-trafficking (UMUC, 2012). It does those with the partner of Department of State. A challenge that the FLETC faces in providing an effective deterrent to cybersecurity threats are their international limitations. All though they have partnered abroad with select foreign nations they still have restrictions and limitations as to what exactly they can do.
Justin Wrote:
Mutual Legal Assistance Treaties (MLATs) are established between two or more nations and provide a formal means of exchanging evidence and information pertaining to criminal acts or cases that occur outside of a nation’s legal jurisdiction. The primary issue associated with MLATs and cybercrime is the inconsistency of host nation laws. Many nations feel that the idea of a global anti-crime initiative may contradict a nation’s fundamental principles (Finklea & Theohary, 2012, p.24). There is no standardized definition for cybercrime which means that one nation may view a virtual act as a crime and the other, with which the MLAT exists, may not. If the two nations agree on the legality of the act then the requesting nation may sub ...
Pick out your favorite image and describe some tools and techniques that could be used to create the image.
Source: https://www.cteonline.org/lesson-plans/x1tvut/using-selection-tools-and-layers-in-photoshop
Database Development Process: A core aspect of software engineering is the subdivision of the development process into a series of phases, or steps, each of which focuses on one part of the development.
Normalization is the branch of the relational theory that provides design insights. It is the process of determining how much redundancy exists in a table.
Ethnobotany and Ethnopharmacology:
Ethnobotany in herbal drug evaluation,
Impact of Ethnobotany in traditional medicine,
New development in herbals,
Bio-prospecting tools for drug discovery,
Role of Ethnopharmacology in drug evaluation,
Reverse Pharmacology.
The Art Pastor's Guide to Sabbath | Steve ThomasonSteve Thomason
What is the purpose of the Sabbath Law in the Torah. It is interesting to compare how the context of the law shifts from Exodus to Deuteronomy. Who gets to rest, and why?
This is a presentation by Dada Robert in a Your Skill Boost masterclass organised by the Excellence Foundation for South Sudan (EFSS) on Saturday, the 25th and Sunday, the 26th of May 2024.
He discussed the concept of quality improvement, emphasizing its applicability to various aspects of life, including personal, project, and program improvements. He defined quality as doing the right thing at the right time in the right way to achieve the best possible results and discussed the concept of the "gap" between what we know and what we do, and how this gap represents the areas we need to improve. He explained the scientific approach to quality improvement, which involves systematic performance analysis, testing and learning, and implementing change ideas. He also highlighted the importance of client focus and a team approach to quality improvement.
The French Revolution, which began in 1789, was a period of radical social and political upheaval in France. It marked the decline of absolute monarchies, the rise of secular and democratic republics, and the eventual rise of Napoleon Bonaparte. This revolutionary period is crucial in understanding the transition from feudalism to modernity in Europe.
For more information, visit-www.vavaclasses.com
Palestine last event orientationfvgnh .pptxRaedMohamed3
An EFL lesson about the current events in Palestine. It is intended to be for intermediate students who wish to increase their listening skills through a short lesson in power point.
Synthetic Fiber Construction in lab .pptxPavel ( NSTU)
Synthetic fiber production is a fascinating and complex field that blends chemistry, engineering, and environmental science. By understanding these aspects, students can gain a comprehensive view of synthetic fiber production, its impact on society and the environment, and the potential for future innovations. Synthetic fibers play a crucial role in modern society, impacting various aspects of daily life, industry, and the environment. ynthetic fibers are integral to modern life, offering a range of benefits from cost-effectiveness and versatility to innovative applications and performance characteristics. While they pose environmental challenges, ongoing research and development aim to create more sustainable and eco-friendly alternatives. Understanding the importance of synthetic fibers helps in appreciating their role in the economy, industry, and daily life, while also emphasizing the need for sustainable practices and innovation.
2024.06.01 Introducing a competency framework for languag learning materials ...Sandy Millin
http://sandymillin.wordpress.com/iateflwebinar2024
Published classroom materials form the basis of syllabuses, drive teacher professional development, and have a potentially huge influence on learners, teachers and education systems. All teachers also create their own materials, whether a few sentences on a blackboard, a highly-structured fully-realised online course, or anything in between. Despite this, the knowledge and skills needed to create effective language learning materials are rarely part of teacher training, and are mostly learnt by trial and error.
Knowledge and skills frameworks, generally called competency frameworks, for ELT teachers, trainers and managers have existed for a few years now. However, until I created one for my MA dissertation, there wasn’t one drawing together what we need to know and do to be able to effectively produce language learning materials.
This webinar will introduce you to my framework, highlighting the key competencies I identified from my research. It will also show how anybody involved in language teaching (any language, not just English!), teacher training, managing schools or developing language learning materials can benefit from using the framework.
2. October 21, 2004
U.S. National Cybersecurity
I. Cybersecurity Policy Then & Now
A. Brief History
B. Current Gov’t Actors
C. Recent Legislation (SOX, HIPPA)
II. National Strategy to Secure Cyberspace
A. Intro to the Plan
B. Critical Priorities
1. Response System
2. Threat & Vulnerability Reduction
3. Awareness & Training Program
4. Securing Gov’t. Cyberspace
5. National Security and International
Cooperation.
III. Critiques of the National Plan
IV. Discussion Activity
4. October 21, 2004
Gov’t Cybersecurity:
Then
1996:
President Clinton established the President’s Commission
on Critical Infrastructure Protection (PCCIP). “Critical
Foundations” Report.
1998:
Clinton administration issued Presidential Decision Directive
63 (PDD63). Creates :
- National Infrastructure Protection Center (NIPC) in FBI
– Critical Infrastructure Assurance Office (CIAO) in
Dept. of Commerce
2001:
After 9/11 Bush creates:
- Office of Cyberspace Security (Richard Clarke)
- President’s Critical Infrastructure Protection Board (PCIPB)
U.S. National Cybersecurity
5. October 21, 2004
Gov’t
Cybersecurity:
Now
• Nov. 2002:
• Cybersecurity duties consolidated under
DHS -> Information Analysis and Infrastructure
Protection Division (IAIP) . Exact role of
cybersecurity unclear?
• June 2003:
• National Cyber Security Division (NCSD)
created under IAIP. Headed by Amit Yoran from
Symantec, the role of the NCSD is to conducting
cyberspace analysis, issue alerts and warning,
improve information sharing, respond to major
incidents, and aid in national-level recovery efforts .
U.S. National Cybersecurity
6. October 21, 2004
Gov’t
Cybersecurity:
Now
• Sept. 2003:
• The United States-Computer Emergency
Readiness Team (US-CERT) is the United States
government coordination point for bridging public
and private sector institutions.
• Oct. 2004:
• Yoran steps down citing frustration with a
perceived lack of attention and funding given to
cybersecurity issues. He is replace by deputy Andy
Purdy and the debate over the position of
cybersecurity within DHS Continues.
U.S. National Cybersecurity
7. October 21, 2004
U.S. National Cybersecurity
Other Gov’t Actors
House:
- Select Committee on Homeland Security -> Subcommittee on
Cybersecurity, Science, Research & Development (Adam
Putnam, R-FL)
- Science Committee (Sherwood Boehlert, R-NY)
Senate:
- Committee on Government Affairs (Susan Collins, R-ME )
In Congress:
Funding is major issue.
Support is often bi-partisan
8. October 21, 2004
U.S. National Cybersecurity
Other Gov’t Actors
FBI
Dept. of Defense NSA
Secret Service
The usual suspects:
and don’t forget:
Dept. Commerce / NIST
Office of Management
And Budget (OMB)
Dept. of Treasury
SEC
and more...
DOE
FCC
9. October 21, 2004
U.S. National Cybersecurity
The Big Picture
What’s the Point?
Complex web of interactions. There are many
different government actors with their own interests
and specialties
No complete top-down organization
10. October 21, 2004
Recent Legislation:
HIPAA
Health Insurance Portability and
Accountability Act (HIPAA)
Goal:
Secure protected health information (PHI),
What it is:
- Not specific to computer security at all, but set forth
standards governing much of which is on computers.
- Insure confidentiality, integrity and availability of all
electronic protected health care information
- Comprehensive: ALL employees must be trained.
- Does not mandate specific technologies, but makes all
“covered entities” potentially subject to litigation.
U.S. National Cybersecurity
11. October 21, 2004
Recent
Legislation:
SOX
• Sarbanes-Oxley Act (SOX)
• Goal:
• Verify the integrity of financial
statements and information of
publicly traded companies.
• What it is:
• - Since information systems
support most corporate finance
systems, this translates to
requirements for maintaining
sufficient info security.
• - Threat of jail time for
executives has spurred a significant
investment in corporate info security. U.S. National Cybersecurity
12. October 21, 2004
The National
Strategy to
Secure
Cyberspace
U.S. National Cybersecurity
13. October 21, 2004
U.S. National Cybersecurity
What are critical infrastructures?
Critical Infrastructures are public and private institutions in
the following sectors:
Agriculture, food, water, public health, emergency
services, government, defense industrial base, information
and telecommunications, energy, transportation, banking
and finance, chemicals and hazardous materials, and
postal and shipping.
Essentially: What makes America tick.
14. October 21, 2004
Why
Cyberspace?
“Cyberspace is composed of hundreds of
thousands of interconnected computers,
servers, routers, switches and fiber optic
cables that allow our critical
infrastructure to work”
[ NSSC: p. vii ]
U.S. National Cybersecurity
15. October 21, 2004
What is the
Threat?
“Our primary concern is
the threat of organized
cyber attacks capable of
causing debilitating
disruption to our Nation’s
critical infrastructures,
economy, or national
security”
[ NSSC: p. viii ]
U.S. National Cybersecurity
16. October 21, 2004
What is the
Threat?
Peacetime:
- gov’t and corporate
espionage
- mapping to prepare for an
attack
Wartime:
- intimidate leaders by
attacking critical infrastructures
or eroding public confidence in
our information systems.
Is this the right threat model?
What about:
- impairing our ability to
respond
- economic war of attrition U.S. National Cybersecurity
17. October 21, 2004
Government’s Role
(part I)
“In general, the private sector is best equipped and
structured to respond to an evolving cyber-threat” [NSSC p
ix]
“federal regulation will not become a primary means of
securing cyberspace … the market itself is expected to
provide the major impetus to improve cybersecurity” [NSSC
p 15 ]
“with greater awareness of the issues, companies can
benefit from increasing their levels of cybersecurity. Greater
awareness and voluntary efforts are critical components of
the NSSC.” [NSSC p 10]
U.S. National Cybersecurity
18. October 21, 2004
Government’s
Role (part I)
Public-private partnership is the centerpiece of plan to protect
largely privately own infrastructure.
In practice:
Look at use of “encourage”, “voluntary” and “public-private” in
text of document.
19. October 21, 2004
Government’s
Role (part II)
However, Government does have a role
when:
• high costs or legal barriers cause
problems for private industry
• securing its own cyberspace
• interacting with other governments on
cybersecurity
• incentive problems leading to under
provisioning of shared resources
• raising awareness
U.S. National Cybersecurity
20. October 21, 2004
Critical Priorities for
Cyberspace Security:
I. Security Response
System
II. Threat & Vulnerability
Reduction Program
III. Awareness &
Training Program
IV. Securing
Government’s
Cyberspace
V. National Security &
International
Cooperation
U.S. National Cybersecurity
21. October 21, 2004
Priority I: Security
Response System
Goals:
1) Create an architecture for
responding to national- level
cyber incidents
a) Vulnerability analysis
b) Warning System
c) Incident Management
d) Response & Recovery
2) Encourage Cybersecurity
Information Sharing using
ISACS and other mechanisms
U.S. National Cybersecurity
22. October 21, 2004
U.S. National Cybersecurity
Priority I Initiative: US-CERT (2003)
Goal:
Coordinate defense against and response to
cyber attacks and promote information sharing.
What is does:
- CERT = Computer Emergency Readiness Team
- Contact point for industry and ISACs into the
DHS and other gov’t cybersecurity offices.
- National Cyber Alert System
- Still new, role not clearly defined
23. October 21, 2004
U.S. National Cybersecurity
Priority I Initiative: Critical
Infrastructure Info. Act of 2002
Goal:
Reduce vulnerability of current critical
infrastructure systems
What is does:
Allows the DHS to receive and protect voluntarily
submitted information about vulnerabilities or
security attacks involving privately owned critical
infrastructure. The Act protects qualifying
information from disclosure under the Freedom of
Information Act.
24. October 21, 2004
Priority II: Threat &
Vulnerability
Reduction Program
Goals:
1) Reduce Threat & Deter Malicious Actors
a) enhanced law enforcement
b) National Threat Assessment
2) Identify & Remediate Existing Vuln’s
a) Secure Mechanisms of the Internet
b) Improve SCADA systems
c) Reduce software vulnerabilities
d) Improve reliability & security of
physical infrastructure
3) Develop new, more secure technologies
U.S. National Cybersecurity
25. October 21, 2004
U.S. National Cybersecurity
Priority II Initiative :
sDNS & sBGP
Goal:
To develop and deploy new protocols that improve the
security of the Internet infrastructure.
What is does:
DHS is providing funding and working with Internet
standards bodies to help design and implement these new
protocols, which have been stalled for some time.
Adoption strategy remains a largely untackled hurdle.
26. October 21, 2004
U.S. National Cybersecurity
Priority II Initiative : Cyber Security
R&D Act (2002)
Goal:
Promote research and innovation for technologies relating
to cybersecurity and increase the number of experts in the
field.
What is does:
Dedicated more than $900 million over five years to
security research programs and creates fellowships for the
study of cybersecurity related topics.
Recent release of BAA from SRI shows technical priorities
for developing systems to reduce overall vulnerabilities.
27. October 21, 2004
Priority III: Security
Awareness and
Training Program
Goals:
1) Awareness* for home/small business,
enterprises, universities, industrial
sectors and government
2) Developing more training &
certification
program to combat a perceived
workforce deficiency.
* this means vastly different things for
different audiences
U.S. National Cybersecurity
28. October 21, 2004
Priority IV: Securing
Government’s
Cyberspace
Goals:
1) Protect the many information
systems supporting critical
services provided by the
government at the federal, state
and local levels.
2) Lead by example in federal
agencies and use procurement
power to encourage the
development of more secure
produces.
U.S. National Cybersecurity
29. October 21, 2004
Priority IV
Initiative: FISMA
• Federal Information Security
Management Act (FISMA):
• Goal:
• Strengthen federal agencies resistance to
cybersecurity attacks and lead by example.
• What is it:
• Mandates that CIO of each federal agency
develop and maintain an agency-wide information
security program that includes:
• periodic risk assessments
• security policies/plans/procedures
• security training for personnel
• periodic testing and evaluation
• incident detection, reporting & response
• plan to ensure continuity of operation (during an
attack)
U.S. National Cybersecurity
30. October 21, 2004
Priority V: National
Security & International
Cooperation
Goals:
1) Improve National Security by:
a) improving counter-intelligence and
response efforts in cyberspace within
the national security community
b) improving attribution and prevention
capabilities
c) being able to respond in an
“appropriate” manner
2) Enhance International Cooperation by:
a) reaching cybersecurity agreements with
members of existing world organizations
b) promote the adoption of cyber-crime
laws and mutual assistance provisions
across the globe.
U.S. National Cybersecurity
32. October 21, 2004
Criticisms of the National Plan
Frequently stated arguments:
1) By avoiding regulation, the plan has “no teeth” and can freely be ignored by
companies.
2) Government claims of an “information deficit” at the enterprise level are
misinformed and awareness efforts are a waste.
3) Not enough consideration has been given to the role economic incentives play
in creating cybersecurity vulnerabilities.
U.S. National Cybersecurity