SlideShare a Scribd company logo

Cyber Security: Threats and Needed Actions

Download as PPTX, PDF
J
John Gilligan

The document discusses cyber security threats and recommendations to address them. It outlines that cyber security is now a national crisis, with attacks increasing exponentially. It recommends near-term opportunities like using government IT procurement to change business models and enhance partnerships. Longer-term it recommends fundamentally changing the IT industry to improve reliability and resilience through approaches like redesigning the internet and developing a cybersecurity workforce.

Technology
1 of 17
Cyber Security: Threats and Needed Actions John M. Gilligan DoD National Security Studies Program George Washington University April 1, 2009
Topics • Historical Perspectives • Cyber Security Threats--A National Crisis • Cyber Security Commission Recommendations • Near Term Opportunities • Longer-Term Game Changing Initiatives • Closing Thoughts
Historical Perspectives • Internet, software industry, (personal) computers—rooted in creativity not engineering • Security in the Cold War Era – Security “Gurus”—Keepers of the Kingdom • The World Wide Web changes the security landscape-- forever • Post Cold War: The Age of Information Sharing Legacy of the past is now our “Achilles Heel”
Cyber Security Threats Today--A New “Ball Game” • Our way of life depends on a reliable cyberspace • Intellectual property is being downloaded at an alarming rate • Cyberspace is now a warfare domain • Attacks increasing at an exponential rate • Fundamental network and system vulnerabilities cannot be fixed quickly • Entire industries exist to “Band Aid” over engineering and operational weaknesses Cyber Security is a National Security Crisis!
DoD Perspectives • Any future military engagement will have cyber component • Cyberspace has interrelated military disciplines – Network defense – Network attack – Information exploitation • Cyberspace necessarily involves private sector and international communities • Fragmented management and inadequate discipline of cyberspace compounds effective threat deterence • DoD organization and career development issues – What organization structure is appropriate – Who are the cyber operators – What is the command, control and coordination “rules” – Unique role of NSA as an “operator” – How do you grow cyber warriors
Commission Cyber Security for the 44th Presidency: Key Recommendations • Create a comprehensive national security strategy for cyberspace • Lead from the White House • Reinvent public-private partnerships • Regulate cyberspace • Modernize authorities • Leverage government procurement • Build on recent progress with CNCI
Near-Term Opportunities • Use government IT acquisitions to change IT business model • Enhance public-private partnerships • Adopt the Consensus Audit Guidelines (CAG) • Update Federal Information Security Management Act (FISMA) • Implement more secure Internet protocols • Implement comprehensive, federated authentication strategy • Leverage Stimulus Package to improve cyber security
Longer-Term: IT Reliably Enabling Economy • Change the dialogue: Reliable, resilient IT is fundamental to future National Security and Economic Growth • New business model for software industry • Redesign the Internet • Get the “man out of the loop”—use automated tools (e.g., SCAP) • Develop professional cyberspace workforce • Foster new IT services models Need to Fundamentally “Change the Game” to Make Progress
President’s 60-Day Cyber Security Initiative • Broad outreach to government and private sector • Tie cyber security to economic and national security (w/ attention to privacy and civil liberties) – Digital maturity – Interconnection of related efforts • Identify priorities and options • Likely to recommend NSC office for cyber security • Answer question: What is role of government?
Closing Thoughts • Government and Industry need to treat cyber security as an urgent priority • Near-term actions important but need to fundamentally change the game to get ahead of threat • IT community needs to reorient the dialogue on cyber security—the objective is reliable and resilient information • Cyber Security in DoD is more mature—but still woefully inadequate Cyber Security is Fundamentally a Leadership Issue!
Contact Information jgilligan@gilligangroupinc.com www.gilligangroupinc.com John M. Gilligan
Use Government IT Procurement • Cyber security needs to be reflected in our contractual requirements • Many “locked down” configuration defined • Use government-industry partnership to accelerate implementation of secure configurations • Get started now, improve configuration guidelines over time and leverage SCAP! Build on FDCC Successes and Lessons Learned
Security Content Automation Protocol (SCAP) • What is it: A set of open standards that allows for the monitoring, positive control, and reporting of security posture of every device in a network. • How is it implemented: Commercial products implement SCAP protocols to exchange and enforce configuration, security policy, and vulnerability information. • Where is it going: Extensions in development to address software design weaknesses, attack patterns, and malware attributes. SCAP Enables Automated Tools To Implement And Enforce Secure Operations
Enhance Public-Private Partnerships • Our nation’s critical infrastructure is critical to National Security relevant • Much of our government-sponsored research intellectual property is “protected” by industry • Regulators need to guide/govern private sector efforts • Private and public sectors must act in cooperation – Defense Industrial Base (DIB): an excellent model Protecting Government and Military Systems Is Not Sufficient
Implement Consensus Audit Guidelines (CAG) • Underlying Rationale – Let “Offense drive Defense” – Focus on most critical areas • CAG: Twenty security controls based on attack patterns • Emphasis on auditable controls and automated implementation/enforcement • Public comment period through March 25th • Pilots and standards for tools later this year
Update FISMA • Emphasize evaluating effectiveness of controls vs. paper reviews • Enhance authority and accountability of CISO • Foster government leadership – Independent, expert reviews – Procurement standards – Dynamic sharing of lessons learned
Near-Term Opportunities • Use government IT acquisitions to change IT business model • Enhance public-private partnerships • Adopt Consensus Audit Guidelines (CAG) • Update FISMA • Implement more secure Internet protocols • Implement comprehensive, federated authentication strategy • Leverage Stimulus Package to improve cyber security

Recommended

Cyber Security: Past and Future
Cyber Security: Past and FutureCyber Security: Past and Future
Cyber Security: Past and FutureJohn Gilligan
 
Cyber Security: Past and Future
Cyber Security: Past and FutureCyber Security: Past and Future
Cyber Security: Past and FutureJohn Gilligan
 
Cybersecurity: Challenges, Initiatives, and Best Practices
Cybersecurity: Challenges, Initiatives, and Best PracticesCybersecurity: Challenges, Initiatives, and Best Practices
Cybersecurity: Challenges, Initiatives, and Best PracticesJohn Gilligan
 
Lessons learned from the SingHealth Data Breach COI Report
Lessons learned from the SingHealth Data Breach COI ReportLessons learned from the SingHealth Data Breach COI Report
Lessons learned from the SingHealth Data Breach COI ReportBenjamin Ang
 
Singapore Cybersecurity Strategy and Legislation (2018)
Singapore Cybersecurity Strategy and Legislation (2018)Singapore Cybersecurity Strategy and Legislation (2018)
Singapore Cybersecurity Strategy and Legislation (2018)Benjamin Ang
 
Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)
Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)
Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)Benjamin Ang
 
7 Habits of Highly Secure Organizations
7 Habits of Highly Secure Organizations7 Habits of Highly Secure Organizations
7 Habits of Highly Secure OrganizationsHelpSystems
 
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...WCIT 2014
 

Recommended

Cyber Security: Past and Future
Cyber Security: Past and FutureCyber Security: Past and Future
Cyber Security: Past and FutureJohn Gilligan
 
Cyber Security: Past and Future
Cyber Security: Past and FutureCyber Security: Past and Future
Cyber Security: Past and FutureJohn Gilligan
 
Cybersecurity: Challenges, Initiatives, and Best Practices
Cybersecurity: Challenges, Initiatives, and Best PracticesCybersecurity: Challenges, Initiatives, and Best Practices
Cybersecurity: Challenges, Initiatives, and Best PracticesJohn Gilligan
 
Lessons learned from the SingHealth Data Breach COI Report
Lessons learned from the SingHealth Data Breach COI ReportLessons learned from the SingHealth Data Breach COI Report
Lessons learned from the SingHealth Data Breach COI ReportBenjamin Ang
 
Singapore Cybersecurity Strategy and Legislation (2018)
Singapore Cybersecurity Strategy and Legislation (2018)Singapore Cybersecurity Strategy and Legislation (2018)
Singapore Cybersecurity Strategy and Legislation (2018)Benjamin Ang
 
Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)
Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)
Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)Benjamin Ang
 
7 Habits of Highly Secure Organizations
7 Habits of Highly Secure Organizations7 Habits of Highly Secure Organizations
7 Habits of Highly Secure OrganizationsHelpSystems
 
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...WCIT 2014
 
Singapore. industry 4.0 and cybersecurity
Singapore. industry 4.0 and cybersecurity Singapore. industry 4.0 and cybersecurity
Singapore. industry 4.0 and cybersecurity Yuri Anisimov
 
Overview of national cybercrime strategies
Overview of national cybercrime strategiesOverview of national cybercrime strategies
Overview of national cybercrime strategiesBenjamin Ang
 
Singapore's National Cyber Security Strategy
Singapore's National Cyber Security StrategySingapore's National Cyber Security Strategy
Singapore's National Cyber Security StrategyBenjamin Ang
 
How to Build a Successful Cybersecurity Program?
How to Build a Successful Cybersecurity Program?How to Build a Successful Cybersecurity Program?
How to Build a Successful Cybersecurity Program?PECB
 
Cybersecurity environment in malaysia and the function of internal auditor
Cybersecurity environment in malaysia and the function of internal auditorCybersecurity environment in malaysia and the function of internal auditor
Cybersecurity environment in malaysia and the function of internal auditorKhalizan Halid
 
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSA
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSAImproving Cybersecurity and Resilience Through Acquisition Emile Monette GSA
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSAGovCloud Network
 
Key Cyber Security Issues for Government Contractors
Key Cyber Security Issues for Government ContractorsKey Cyber Security Issues for Government Contractors
Key Cyber Security Issues for Government ContractorsGovernment Technology and Services Coalition
 
National policy and strategy
National policy and strategyNational policy and strategy
National policy and strategyBright Boateng
 
Emile Monette: How do we Strengthen the Public-Private Partnership to Mitigat...
Emile Monette: How do we Strengthen the Public-Private Partnership to Mitigat...Emile Monette: How do we Strengthen the Public-Private Partnership to Mitigat...
Emile Monette: How do we Strengthen the Public-Private Partnership to Mitigat...Government Technology and Services Coalition
 
Cybersecurity legislation in Singapore (2017)
Cybersecurity legislation in Singapore (2017)Cybersecurity legislation in Singapore (2017)
Cybersecurity legislation in Singapore (2017)Benjamin Ang
 
Cybercrime and Cybersecurity Differences
Cybercrime and Cybersecurity DifferencesCybercrime and Cybersecurity Differences
Cybercrime and Cybersecurity DifferencesArthit Suriyawongkul
 
New developments in cyber law - Singapore and beyond
New developments in cyber law - Singapore and beyondNew developments in cyber law - Singapore and beyond
New developments in cyber law - Singapore and beyondBenjamin Ang
 
Deeper Security, Broader Privacy - how firms use the latest Co3 features to a...
Deeper Security, Broader Privacy - how firms use the latest Co3 features to a...Deeper Security, Broader Privacy - how firms use the latest Co3 features to a...
Deeper Security, Broader Privacy - how firms use the latest Co3 features to a...Resilient Systems
 
Cyber Security in the time of COVID -19
Cyber Security in the time of COVID -19Cyber Security in the time of COVID -19
Cyber Security in the time of COVID -19fingerprint.sh
 
Internet safety and security strategies for building an internet safety wall
Internet safety and security strategies for building an internet safety wallInternet safety and security strategies for building an internet safety wall
Internet safety and security strategies for building an internet safety wallCommonwealth Telecommunications Organisation
 
INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)
INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)
INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)Santosh Khadsare
 
National Cyber Security Policy 2013 (NCSP)
National Cyber Security Policy 2013 (NCSP)National Cyber Security Policy 2013 (NCSP)
National Cyber Security Policy 2013 (NCSP)Gopal Choudhary
 
PhD and Post PhD Network Security Visualization Research
PhD and Post PhD Network Security Visualization ResearchPhD and Post PhD Network Security Visualization Research
PhD and Post PhD Network Security Visualization ResearchKulsoom Abdullah
 
National cyber security policy 2013
National cyber security policy 2013National cyber security policy 2013
National cyber security policy 2013M P Keshava
 
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea Almeida
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea AlmeidaNTXISSACSC1 Conference - Cybersecurity 2014 by Andrea Almeida
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea AlmeidaNorth Texas Chapter of the ISSA
 
Analysis of cyber security and threats
Analysis of cyber security and threatsAnalysis of cyber security and threats
Analysis of cyber security and threatsSudhanshu Maurya
 
Google apps for education
Google apps for educationGoogle apps for education
Google apps for educationohoud14
 

More Related Content

What's hot

Singapore. industry 4.0 and cybersecurity
Singapore. industry 4.0 and cybersecurity Singapore. industry 4.0 and cybersecurity
Singapore. industry 4.0 and cybersecurity Yuri Anisimov
 
Overview of national cybercrime strategies
Overview of national cybercrime strategiesOverview of national cybercrime strategies
Overview of national cybercrime strategiesBenjamin Ang
 
Singapore's National Cyber Security Strategy
Singapore's National Cyber Security StrategySingapore's National Cyber Security Strategy
Singapore's National Cyber Security StrategyBenjamin Ang
 
How to Build a Successful Cybersecurity Program?
How to Build a Successful Cybersecurity Program?How to Build a Successful Cybersecurity Program?
How to Build a Successful Cybersecurity Program?PECB
 
Cybersecurity environment in malaysia and the function of internal auditor
Cybersecurity environment in malaysia and the function of internal auditorCybersecurity environment in malaysia and the function of internal auditor
Cybersecurity environment in malaysia and the function of internal auditorKhalizan Halid
 
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSA
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSAImproving Cybersecurity and Resilience Through Acquisition Emile Monette GSA
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSAGovCloud Network
 
National policy and strategy
National policy and strategyNational policy and strategy
National policy and strategyBright Boateng
 
Cybersecurity legislation in Singapore (2017)
Cybersecurity legislation in Singapore (2017)Cybersecurity legislation in Singapore (2017)
Cybersecurity legislation in Singapore (2017)Benjamin Ang
 
Cybercrime and Cybersecurity Differences
Cybercrime and Cybersecurity DifferencesCybercrime and Cybersecurity Differences
Cybercrime and Cybersecurity DifferencesArthit Suriyawongkul
 
New developments in cyber law - Singapore and beyond
New developments in cyber law - Singapore and beyondNew developments in cyber law - Singapore and beyond
New developments in cyber law - Singapore and beyondBenjamin Ang
 
Deeper Security, Broader Privacy - how firms use the latest Co3 features to a...
Deeper Security, Broader Privacy - how firms use the latest Co3 features to a...Deeper Security, Broader Privacy - how firms use the latest Co3 features to a...
Deeper Security, Broader Privacy - how firms use the latest Co3 features to a...Resilient Systems
 
Cyber Security in the time of COVID -19
Cyber Security in the time of COVID -19Cyber Security in the time of COVID -19
Cyber Security in the time of COVID -19fingerprint.sh
 
INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)
INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)
INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)Santosh Khadsare
 
National Cyber Security Policy 2013 (NCSP)
National Cyber Security Policy 2013 (NCSP)National Cyber Security Policy 2013 (NCSP)
National Cyber Security Policy 2013 (NCSP)Gopal Choudhary
 
PhD and Post PhD Network Security Visualization Research
PhD and Post PhD Network Security Visualization ResearchPhD and Post PhD Network Security Visualization Research
PhD and Post PhD Network Security Visualization ResearchKulsoom Abdullah
 
National cyber security policy 2013
National cyber security policy 2013National cyber security policy 2013
National cyber security policy 2013M P Keshava
 
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea Almeida
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea AlmeidaNTXISSACSC1 Conference - Cybersecurity 2014 by Andrea Almeida
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea AlmeidaNorth Texas Chapter of the ISSA
 

What's hot (20)

Singapore. industry 4.0 and cybersecurity
Singapore. industry 4.0 and cybersecurity Singapore. industry 4.0 and cybersecurity
Singapore. industry 4.0 and cybersecurity
 
Overview of national cybercrime strategies
Overview of national cybercrime strategiesOverview of national cybercrime strategies
Overview of national cybercrime strategies
 
Singapore's National Cyber Security Strategy
Singapore's National Cyber Security StrategySingapore's National Cyber Security Strategy
Singapore's National Cyber Security Strategy
 
How to Build a Successful Cybersecurity Program?
How to Build a Successful Cybersecurity Program?How to Build a Successful Cybersecurity Program?
How to Build a Successful Cybersecurity Program?
 
Cybersecurity environment in malaysia and the function of internal auditor
Cybersecurity environment in malaysia and the function of internal auditorCybersecurity environment in malaysia and the function of internal auditor
Cybersecurity environment in malaysia and the function of internal auditor
 
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSA
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSAImproving Cybersecurity and Resilience Through Acquisition Emile Monette GSA
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSA
 
Key Cyber Security Issues for Government Contractors
Key Cyber Security Issues for Government ContractorsKey Cyber Security Issues for Government Contractors
Key Cyber Security Issues for Government Contractors
 
National policy and strategy
National policy and strategyNational policy and strategy
National policy and strategy
 
Emile Monette: How do we Strengthen the Public-Private Partnership to Mitigat...
Emile Monette: How do we Strengthen the Public-Private Partnership to Mitigat...Emile Monette: How do we Strengthen the Public-Private Partnership to Mitigat...
Emile Monette: How do we Strengthen the Public-Private Partnership to Mitigat...
 
Cybersecurity legislation in Singapore (2017)
Cybersecurity legislation in Singapore (2017)Cybersecurity legislation in Singapore (2017)
Cybersecurity legislation in Singapore (2017)
 
Cybercrime and Cybersecurity Differences
Cybercrime and Cybersecurity DifferencesCybercrime and Cybersecurity Differences
Cybercrime and Cybersecurity Differences
 
New developments in cyber law - Singapore and beyond
New developments in cyber law - Singapore and beyondNew developments in cyber law - Singapore and beyond
New developments in cyber law - Singapore and beyond
 
Deeper Security, Broader Privacy - how firms use the latest Co3 features to a...
Deeper Security, Broader Privacy - how firms use the latest Co3 features to a...Deeper Security, Broader Privacy - how firms use the latest Co3 features to a...
Deeper Security, Broader Privacy - how firms use the latest Co3 features to a...
 
Cyber Security in the time of COVID -19
Cyber Security in the time of COVID -19Cyber Security in the time of COVID -19
Cyber Security in the time of COVID -19
 
Internet safety and security strategies for building an internet safety wall
Internet safety and security strategies for building an internet safety wallInternet safety and security strategies for building an internet safety wall
Internet safety and security strategies for building an internet safety wall
 
INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)
INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)
INDIAN NATIONAL CYBER SECURITY POLICY (NCSP-2013)
 
National Cyber Security Policy 2013 (NCSP)
National Cyber Security Policy 2013 (NCSP)National Cyber Security Policy 2013 (NCSP)
National Cyber Security Policy 2013 (NCSP)
 
PhD and Post PhD Network Security Visualization Research
PhD and Post PhD Network Security Visualization ResearchPhD and Post PhD Network Security Visualization Research
PhD and Post PhD Network Security Visualization Research
 
National cyber security policy 2013
National cyber security policy 2013National cyber security policy 2013
National cyber security policy 2013
 
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea Almeida
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea AlmeidaNTXISSACSC1 Conference - Cybersecurity 2014 by Andrea Almeida
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea Almeida
 

Viewers also liked

Analysis of cyber security and threats
Analysis of cyber security and threatsAnalysis of cyber security and threats
Analysis of cyber security and threatsSudhanshu Maurya
 
Google apps for education
Google apps for educationGoogle apps for education
Google apps for educationohoud14
 
CYBER SECURITY THREATS - Polytechnic Ungku Omar
CYBER SECURITY THREATS - Polytechnic Ungku OmarCYBER SECURITY THREATS - Polytechnic Ungku Omar
CYBER SECURITY THREATS - Polytechnic Ungku Omarzakuan zolkefly
 
Cyber Security Threats and Data Breaches
Cyber Security Threats and Data BreachesCyber Security Threats and Data Breaches
Cyber Security Threats and Data BreachesBijay Senihang
 
100812 internet security2.0
100812 internet security2.0100812 internet security2.0
100812 internet security2.0dkp205
 
Training day
Training dayTraining day
Training dayEA_LCA
 
Tendensdagen 2010 ucb patients as a driver of knowledge and innovation
Tendensdagen 2010 ucb patients as a driver of knowledge and innovationTendensdagen 2010 ucb patients as a driver of knowledge and innovation
Tendensdagen 2010 ucb patients as a driver of knowledge and innovationSveriges Marknadsförbund
 
Practical approaches to address government contracting problems
Practical approaches to address government contracting problemsPractical approaches to address government contracting problems
Practical approaches to address government contracting problemsJohn Gilligan
 
Jeana Frost - Bringing new information into Healthcare
Jeana Frost - Bringing new information into HealthcareJeana Frost - Bringing new information into Healthcare
Jeana Frost - Bringing new information into HealthcareMobile Monday Amsterdam
 
Используйте силу презентаций!
Используйте силу презентаций!Используйте силу презентаций!
Используйте силу презентаций!esprezo
 
Как сделать редизайн презентации за 3 часа
Как сделать редизайн презентации за 3 часаКак сделать редизайн презентации за 3 часа
Как сделать редизайн презентации за 3 часаesprezo
 
Cyber Security 2017 Challenges
Cyber Security 2017 ChallengesCyber Security 2017 Challenges
Cyber Security 2017 ChallengesLeandro Bennaton
 
Best Practices in Recruiting Today - High-Impact Talent Acquisition
Best Practices in Recruiting Today - High-Impact Talent AcquisitionBest Practices in Recruiting Today - High-Impact Talent Acquisition
Best Practices in Recruiting Today - High-Impact Talent AcquisitionJosh Bersin
 
Cyber security threats for 2017
Cyber security threats for 2017Cyber security threats for 2017
Cyber security threats for 2017Ramiro Cid
 
Cyber security presentation
Cyber security presentationCyber security presentation
Cyber security presentationBijay Bhandari
 
Как работает Google
Как работает GoogleКак работает Google
Как работает GoogleArthur Arutyunyan
 

Viewers also liked (20)

Analysis of cyber security and threats
Analysis of cyber security and threatsAnalysis of cyber security and threats
Analysis of cyber security and threats
 
Google apps for education
Google apps for educationGoogle apps for education
Google apps for education
 
CYBER SECURITY THREATS - Polytechnic Ungku Omar
CYBER SECURITY THREATS - Polytechnic Ungku OmarCYBER SECURITY THREATS - Polytechnic Ungku Omar
CYBER SECURITY THREATS - Polytechnic Ungku Omar
 
Cyber Security Threats and Data Breaches
Cyber Security Threats and Data BreachesCyber Security Threats and Data Breaches
Cyber Security Threats and Data Breaches
 
100812 internet security2.0
100812 internet security2.0100812 internet security2.0
100812 internet security2.0
 
pp3.2
pp3.2pp3.2
pp3.2
 
Data
DataData
Data
 
Training day
Training dayTraining day
Training day
 
Tendensdagen 2010 ucb patients as a driver of knowledge and innovation
Tendensdagen 2010 ucb patients as a driver of knowledge and innovationTendensdagen 2010 ucb patients as a driver of knowledge and innovation
Tendensdagen 2010 ucb patients as a driver of knowledge and innovation
 
pp3.1
pp3.1pp3.1
pp3.1
 
Practical approaches to address government contracting problems
Practical approaches to address government contracting problemsPractical approaches to address government contracting problems
Practical approaches to address government contracting problems
 
Jeana Frost - Bringing new information into Healthcare
Jeana Frost - Bringing new information into HealthcareJeana Frost - Bringing new information into Healthcare
Jeana Frost - Bringing new information into Healthcare
 
Используйте силу презентаций!
Используйте силу презентаций!Используйте силу презентаций!
Используйте силу презентаций!
 
Как сделать редизайн презентации за 3 часа
Как сделать редизайн презентации за 3 часаКак сделать редизайн презентации за 3 часа
Как сделать редизайн презентации за 3 часа
 
Computer Security Threats
Computer Security ThreatsComputer Security Threats
Computer Security Threats
 
Cyber Security 2017 Challenges
Cyber Security 2017 ChallengesCyber Security 2017 Challenges
Cyber Security 2017 Challenges
 
Best Practices in Recruiting Today - High-Impact Talent Acquisition
Best Practices in Recruiting Today - High-Impact Talent AcquisitionBest Practices in Recruiting Today - High-Impact Talent Acquisition
Best Practices in Recruiting Today - High-Impact Talent Acquisition
 
Cyber security threats for 2017
Cyber security threats for 2017Cyber security threats for 2017
Cyber security threats for 2017
 
Cyber security presentation
Cyber security presentationCyber security presentation
Cyber security presentation
 
Как работает Google
Как работает GoogleКак работает Google
Как работает Google
 

Similar to Cyber Security: Threats and Needed Actions

Understanding Technology Stakeholders: Their Progress and Challenges
Understanding Technology Stakeholders: Their Progress and ChallengesUnderstanding Technology Stakeholders: Their Progress and Challenges
Understanding Technology Stakeholders: Their Progress and ChallengesJohn Gilligan
 
Understanding Technology Stakeholders
Understanding Technology StakeholdersUnderstanding Technology Stakeholders
Understanding Technology StakeholdersJohn Gilligan
 
Cyber Security: Threats and Needed Actions
Cyber Security: Threats and Needed ActionsCyber Security: Threats and Needed Actions
Cyber Security: Threats and Needed ActionsJohn Gilligan
 
Leveraging Purchase Power and Standards to Improve Security in the IT Supply ...
Leveraging Purchase Power and Standards to Improve Security in the IT Supply ...Leveraging Purchase Power and Standards to Improve Security in the IT Supply ...
Leveraging Purchase Power and Standards to Improve Security in the IT Supply ...John Gilligan
 
Securing and Modernizing Technology in the Commonwealth: Better Together
Securing and Modernizing Technology in the Commonwealth: Better TogetherSecuring and Modernizing Technology in the Commonwealth: Better Together
Securing and Modernizing Technology in the Commonwealth: Better TogetherEOTSS
 
Accelerating OT - A Case Study
Accelerating OT - A Case StudyAccelerating OT - A Case Study
Accelerating OT - A Case StudyDigital Bond
 
More practical insights on the 20 critical controls
More practical insights on the 20 critical controlsMore practical insights on the 20 critical controls
More practical insights on the 20 critical controlsEnclaveSecurity
 
Cyber Security in Manufacturing
Cyber Security in ManufacturingCyber Security in Manufacturing
Cyber Security in ManufacturingCentraComm
 
Leveraging Federal Procurement to Improve Cyber Security
Leveraging Federal Procurement to Improve Cyber SecurityLeveraging Federal Procurement to Improve Cyber Security
Leveraging Federal Procurement to Improve Cyber SecurityJohn Gilligan
 
Federal Cybersecurity: The latest challenges, initiatives and best practices
Federal Cybersecurity: The latest challenges, initiatives and best practicesFederal Cybersecurity: The latest challenges, initiatives and best practices
Federal Cybersecurity: The latest challenges, initiatives and best practicesJohn Gilligan
 
Cybersecurity and continuous intelligence
Cybersecurity and continuous intelligenceCybersecurity and continuous intelligence
Cybersecurity and continuous intelligenceNISIInstituut
 
Cybersecurity Course in Chandigarh Join Now
Cybersecurity Course in Chandigarh Join NowCybersecurity Course in Chandigarh Join Now
Cybersecurity Course in Chandigarh Join Nowasmeerana605
 
Application Security Done Right
Application Security Done RightApplication Security Done Right
Application Security Done Rightpvanwoud
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)Ahmad Haghighi
 
chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security elmuhammadmuhammad
 

Similar to Cyber Security: Threats and Needed Actions (20)

Understanding Technology Stakeholders: Their Progress and Challenges
Understanding Technology Stakeholders: Their Progress and ChallengesUnderstanding Technology Stakeholders: Their Progress and Challenges
Understanding Technology Stakeholders: Their Progress and Challenges
 
Understanding Technology Stakeholders
Understanding Technology StakeholdersUnderstanding Technology Stakeholders
Understanding Technology Stakeholders
 
Cyber Security: Threats and Needed Actions
Cyber Security: Threats and Needed ActionsCyber Security: Threats and Needed Actions
Cyber Security: Threats and Needed Actions
 
Leveraging Purchase Power and Standards to Improve Security in the IT Supply ...
Leveraging Purchase Power and Standards to Improve Security in the IT Supply ...Leveraging Purchase Power and Standards to Improve Security in the IT Supply ...
Leveraging Purchase Power and Standards to Improve Security in the IT Supply ...
 
Securing and Modernizing Technology in the Commonwealth: Better Together
Securing and Modernizing Technology in the Commonwealth: Better TogetherSecuring and Modernizing Technology in the Commonwealth: Better Together
Securing and Modernizing Technology in the Commonwealth: Better Together
 
Accelerating OT - A Case Study
Accelerating OT - A Case StudyAccelerating OT - A Case Study
Accelerating OT - A Case Study
 
More practical insights on the 20 critical controls
More practical insights on the 20 critical controlsMore practical insights on the 20 critical controls
More practical insights on the 20 critical controls
 
Mr John Taylor - The ICT Transformation Challenge for a Transformed MOD
Mr John Taylor - The ICT Transformation Challenge for a Transformed MODMr John Taylor - The ICT Transformation Challenge for a Transformed MOD
Mr John Taylor - The ICT Transformation Challenge for a Transformed MOD
 
Cyber Security in Manufacturing
Cyber Security in ManufacturingCyber Security in Manufacturing
Cyber Security in Manufacturing
 
Leveraging Federal Procurement to Improve Cyber Security
Leveraging Federal Procurement to Improve Cyber SecurityLeveraging Federal Procurement to Improve Cyber Security
Leveraging Federal Procurement to Improve Cyber Security
 
CSO CXO Series Breakfast
CSO CXO Series BreakfastCSO CXO Series Breakfast
CSO CXO Series Breakfast
 
T063500000200201 ppte
T063500000200201 ppteT063500000200201 ppte
T063500000200201 ppte
 
Federal Cybersecurity: The latest challenges, initiatives and best practices
Federal Cybersecurity: The latest challenges, initiatives and best practicesFederal Cybersecurity: The latest challenges, initiatives and best practices
Federal Cybersecurity: The latest challenges, initiatives and best practices
 
Cybersecurity and continuous intelligence
Cybersecurity and continuous intelligenceCybersecurity and continuous intelligence
Cybersecurity and continuous intelligence
 
Infosec russia cnemeth_v1.2.ppt
Infosec russia cnemeth_v1.2.pptInfosec russia cnemeth_v1.2.ppt
Infosec russia cnemeth_v1.2.ppt
 
Cybersecurity Course in Chandigarh Join Now
Cybersecurity Course in Chandigarh Join NowCybersecurity Course in Chandigarh Join Now
Cybersecurity Course in Chandigarh Join Now
 
DHS HQ Day 2018 - Barry West
DHS HQ Day 2018 - Barry WestDHS HQ Day 2018 - Barry West
DHS HQ Day 2018 - Barry West
 
Application Security Done Right
Application Security Done RightApplication Security Done Right
Application Security Done Right
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)
 
chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security
 

More from John Gilligan

The Economics of Cyber Security
The Economics of Cyber SecurityThe Economics of Cyber Security
The Economics of Cyber SecurityJohn Gilligan
 
Top Level Cyber Security Strategy
Top Level Cyber Security Strategy Top Level Cyber Security Strategy
Top Level Cyber Security Strategy John Gilligan
 
Automating Enterprise IT Management by Leveraging Security Content Automation...
Automating Enterprise IT Management by Leveraging Security Content Automation...Automating Enterprise IT Management by Leveraging Security Content Automation...
Automating Enterprise IT Management by Leveraging Security Content Automation...John Gilligan
 
Is Cyber Resilience Really That Difficult?
Is Cyber Resilience Really That Difficult?Is Cyber Resilience Really That Difficult?
Is Cyber Resilience Really That Difficult?John Gilligan
 
Implementing Continuous Monitoring
Implementing Continuous MonitoringImplementing Continuous Monitoring
Implementing Continuous MonitoringJohn Gilligan
 
Federal Risk and Authorization Management Program: Assessment and Recommendat...
Federal Risk and Authorization Management Program: Assessment and Recommendat...Federal Risk and Authorization Management Program: Assessment and Recommendat...
Federal Risk and Authorization Management Program: Assessment and Recommendat...John Gilligan
 
Cybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHSCybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHSJohn Gilligan
 

More from John Gilligan (7)

The Economics of Cyber Security
The Economics of Cyber SecurityThe Economics of Cyber Security
The Economics of Cyber Security
 
Top Level Cyber Security Strategy
Top Level Cyber Security Strategy Top Level Cyber Security Strategy
Top Level Cyber Security Strategy
 
Automating Enterprise IT Management by Leveraging Security Content Automation...
Automating Enterprise IT Management by Leveraging Security Content Automation...Automating Enterprise IT Management by Leveraging Security Content Automation...
Automating Enterprise IT Management by Leveraging Security Content Automation...
 
Is Cyber Resilience Really That Difficult?
Is Cyber Resilience Really That Difficult?Is Cyber Resilience Really That Difficult?
Is Cyber Resilience Really That Difficult?
 
Implementing Continuous Monitoring
Implementing Continuous MonitoringImplementing Continuous Monitoring
Implementing Continuous Monitoring
 
Federal Risk and Authorization Management Program: Assessment and Recommendat...
Federal Risk and Authorization Management Program: Assessment and Recommendat...Federal Risk and Authorization Management Program: Assessment and Recommendat...
Federal Risk and Authorization Management Program: Assessment and Recommendat...
 
Cybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHSCybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHS
 

Recently uploaded

Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsPrecisely
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfjimielynbastida
 

Recently uploaded (20)

Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power Systems
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdf
 

Cyber Security: Threats and Needed Actions

  • 1. Cyber Security: Threats and Needed Actions John M. Gilligan DoD National Security Studies Program George Washington University April 1, 2009
  • 2. Topics • Historical Perspectives • Cyber Security Threats--A National Crisis • Cyber Security Commission Recommendations • Near Term Opportunities • Longer-Term Game Changing Initiatives • Closing Thoughts
  • 3. Historical Perspectives • Internet, software industry, (personal) computers—rooted in creativity not engineering • Security in the Cold War Era – Security “Gurus”—Keepers of the Kingdom • The World Wide Web changes the security landscape-- forever • Post Cold War: The Age of Information Sharing Legacy of the past is now our “Achilles Heel”
  • 4. Cyber Security Threats Today--A New “Ball Game” • Our way of life depends on a reliable cyberspace • Intellectual property is being downloaded at an alarming rate • Cyberspace is now a warfare domain • Attacks increasing at an exponential rate • Fundamental network and system vulnerabilities cannot be fixed quickly • Entire industries exist to “Band Aid” over engineering and operational weaknesses Cyber Security is a National Security Crisis!
  • 5. DoD Perspectives • Any future military engagement will have cyber component • Cyberspace has interrelated military disciplines – Network defense – Network attack – Information exploitation • Cyberspace necessarily involves private sector and international communities • Fragmented management and inadequate discipline of cyberspace compounds effective threat deterence • DoD organization and career development issues – What organization structure is appropriate – Who are the cyber operators – What is the command, control and coordination “rules” – Unique role of NSA as an “operator” – How do you grow cyber warriors
  • 6. Commission Cyber Security for the 44th Presidency: Key Recommendations • Create a comprehensive national security strategy for cyberspace • Lead from the White House • Reinvent public-private partnerships • Regulate cyberspace • Modernize authorities • Leverage government procurement • Build on recent progress with CNCI
  • 7. Near-Term Opportunities • Use government IT acquisitions to change IT business model • Enhance public-private partnerships • Adopt the Consensus Audit Guidelines (CAG) • Update Federal Information Security Management Act (FISMA) • Implement more secure Internet protocols • Implement comprehensive, federated authentication strategy • Leverage Stimulus Package to improve cyber security
  • 8. Longer-Term: IT Reliably Enabling Economy • Change the dialogue: Reliable, resilient IT is fundamental to future National Security and Economic Growth • New business model for software industry • Redesign the Internet • Get the “man out of the loop”—use automated tools (e.g., SCAP) • Develop professional cyberspace workforce • Foster new IT services models Need to Fundamentally “Change the Game” to Make Progress
  • 9. President’s 60-Day Cyber Security Initiative • Broad outreach to government and private sector • Tie cyber security to economic and national security (w/ attention to privacy and civil liberties) – Digital maturity – Interconnection of related efforts • Identify priorities and options • Likely to recommend NSC office for cyber security • Answer question: What is role of government?
  • 10. Closing Thoughts • Government and Industry need to treat cyber security as an urgent priority • Near-term actions important but need to fundamentally change the game to get ahead of threat • IT community needs to reorient the dialogue on cyber security—the objective is reliable and resilient information • Cyber Security in DoD is more mature—but still woefully inadequate Cyber Security is Fundamentally a Leadership Issue!
  • 12. Use Government IT Procurement • Cyber security needs to be reflected in our contractual requirements • Many “locked down” configuration defined • Use government-industry partnership to accelerate implementation of secure configurations • Get started now, improve configuration guidelines over time and leverage SCAP! Build on FDCC Successes and Lessons Learned
  • 13. Security Content Automation Protocol (SCAP) • What is it: A set of open standards that allows for the monitoring, positive control, and reporting of security posture of every device in a network. • How is it implemented: Commercial products implement SCAP protocols to exchange and enforce configuration, security policy, and vulnerability information. • Where is it going: Extensions in development to address software design weaknesses, attack patterns, and malware attributes. SCAP Enables Automated Tools To Implement And Enforce Secure Operations
  • 14. Enhance Public-Private Partnerships • Our nation’s critical infrastructure is critical to National Security relevant • Much of our government-sponsored research intellectual property is “protected” by industry • Regulators need to guide/govern private sector efforts • Private and public sectors must act in cooperation – Defense Industrial Base (DIB): an excellent model Protecting Government and Military Systems Is Not Sufficient
  • 15. Implement Consensus Audit Guidelines (CAG) • Underlying Rationale – Let “Offense drive Defense” – Focus on most critical areas • CAG: Twenty security controls based on attack patterns • Emphasis on auditable controls and automated implementation/enforcement • Public comment period through March 25th • Pilots and standards for tools later this year
  • 16. Update FISMA • Emphasize evaluating effectiveness of controls vs. paper reviews • Enhance authority and accountability of CISO • Foster government leadership – Independent, expert reviews – Procurement standards – Dynamic sharing of lessons learned
  • 17. Near-Term Opportunities • Use government IT acquisitions to change IT business model • Enhance public-private partnerships • Adopt Consensus Audit Guidelines (CAG) • Update FISMA • Implement more secure Internet protocols • Implement comprehensive, federated authentication strategy • Leverage Stimulus Package to improve cyber security