SlideShare a Scribd company logo

Outbrief by INSA on CyberSecurity

GovLoop
GovLoop

Outbrief by INSA on CyberSecurity to former head of CyberSecurity Melissa Hathaway

TechnologyBusiness
1 of 17
Download to read offline
60 Day Cyber Study INSA Response Presented to Melissa Hathaway Lou Von Thaer - Chair March 26, 2009
Agenda Overview Lou Von Thaer Government s Government’s Role John Russack Multiple Root Structure Rob Pate Public/Private Partnership Steve Cambone Closing Thoughts Ellen McCarthy 2 March 26, 2009
INSA Industry Task Force Seneca Technology Group, LLC Crucial Point LLC 3 March 26, 2009
Approach ƒ Guidance: focus on prioritized recommendations and implementation ƒ Formed blended industry teams ƒ Worked questions with teams of experts ƒ Combined inputs and reviewed ƒ Presented high-level findings Paper reflects personal rather than company opinions of the experts involved 4 March 26, 2009
Three Questions to INSA ƒ Government’s role in securing the critical Government s infrastructure and private networks ƒ Impact of moving to a multiple root structure for domain name service ƒ Define and create the public/private partnership for cyber security 5 March 26, 2009
Key Insights and Summary ƒ Continue to work technical solutions ƒ Define who is in charge and why ƒ Single root but prepare for contingencies ƒ Public/private partnership: ƒ Industries need timely information ƒ Protect industry when it cooperates y p ƒ Government is educator, standard-setter, compliance auditor, and law enforcer ƒ Government needs public and industry support 6 March 26, 2009
Government’s Role in Securing the Critical Infrastructure and Private Private Networks QUESTION 1 What is (or should be) the government’s role in securing/protecting the critical infrastructures and private sector networks from attack, damage, etc. (from nation states)? ƒ What are the minimum standards that must be established? ƒ How will these standards affect procurement / acqu t o po c es? acquisition policies 7 March 26, 2009
Government’s Role in Securing the Critical Infrastructure and Private Private Networks RECOMMENDATIONS ƒ Create and empower a U.S. Government leadership position ƒ Establish White House-level position to lead cyber ƒ Codify roles: authorities, responsibilities, and resources ƒ Develop and set minimum cyber defense requirements for critical infrastructure ƒ Develop a National Cyber Recovery Plan ƒ Promote, suppo t and coordinate information sharing o ote, upport d oo d ate o a o a g ƒ Enhance attribution and take action ƒ Establish communities of interest for improved analytics for attribution 8 March 26, 2009
Government’s Role in Securing the Critical Infrastructure and Private Private Networks RECOMMENDATIONS Promote, support, and coordinate information sharing ƒ Key to multiple INSA cyber security recommendations ƒ Government-wide FOIA exemption for cyber ƒ Establish executive branch guidance on cyber CIP information sharing (executive order?) ƒ Review all applicable law, policy, and procedures dealing with cyber CIP information sharing between government and private sector owners and operators with the goal of better enabling real time information sharing o a o a g ƒ Improve the context, timeliness, and value (information should be better tailored to the recipient) of what information the U.S. Government shares with the private sector 9 March 26, 2009
Government’s Role in Securing the Critical Infrastructure and Private Private Networks RECOMMENDATIONS What are the minimum standards: ƒ Consensus Audit Guidelines (CAG) are a good start ƒ Government-led consortium must own these standards and guidelines ƒ In addition to CAG, standards need to include: ƒ Policies and guidance for Supply Chain Protection ƒ Vulnerability analysis of COTS and GOTS software ƒ Leverage DHS initiative: “Build Security In” 10 March 26, 2009
Multiple Root Structure QUESTION 2 How would the security and stability of the Internet be affected if the single, authoritative root were to be replaced by a multiple root structure? ƒ What would be the economic and technical consequences of a multiple root structure? ƒ What, if any, influences do you see that may: ƒ Move the Internet in the direction of greater fragmentation? ƒ Help to preserve and maintain a single, interoperable Internet? ƒ What are the implications of these forces? 11 March 26, 2009
Multiple Root Structure RECOMMENDATIONS ƒ Field DNSSEC and continue with single root ƒ Direct National Communications System and US- CERT to monitor 13 recognized root servers ƒ Develop, test, and be prepared to implement contingency plans ƒ Address multilingual/multi cultural environment of multilingual/multi- the Internet ƒ More effectively engage international communities to preserve the current Internet governance system 12 March 26, 2009
Public/Private Partnership QUESTION 3 Our lifestyle is based upon a digital infrastructure that is privately owned and globally operated. ƒ How do we get to a public/private partnership and action plan that will build protection and security in – and enable information sharing to better understand when it is under a local or global attack (warning)? ƒ What is the model public/private relationship? ƒ Who and how will oversight be conducted in the IC and national security community? ƒ How would you provide common situational awareness? 13 March 26, 2009
Public/Private Partnership RECOMMENDATIONS ƒ Private sector increasingly recognizes need for security of the Internet ƒ Growing willingness to accept government leadership ƒ Build on existing public/private partnership models to create “regulatory environment” ƒ Purpose is to identify anomalous behavior ƒ Result is a more secure operating environment ƒ Agreed-upon set of standards ƒ An acceptance of government authoritytto sanction A f t th it ti anomalous behavior and to enforce agreed-upon standards 14 t March 26, 2009
Public/Private Partnership RECOMMENDATIONS ƒ Government increase transparency in the regulatory environment h d for ƒ Methods f managi ing environment and defined role i d d fi d l of citizens ƒ Similar public-private examples in international communities ƒ Aggressively fund private sector R&D in key cyber assurance areas 15 March 26, 2009
Closing Thoughts ƒ The team is ready to explain all of the recommendations further, if needed ƒ Paper includes some additional questions that we think ought to be studied ƒ INSA and its members are ready to assist 16 March 26, 2009
INSA Report Volunteers Chairman: Lou Von Thaer Bob Giesler Marilyn Quagliotti Tom Goodman J.R. Reagan Question Leads Cristin Goodwin Flynn Dave Rose Rob Pate Bob Gourley Mark Schiller Steve Cambone Dan Hall Andy Singer John Russack Vince Jarvie Mary Sturtevant Contributors Jose Jimenez Almaz Tekle Nadia Short Kevin Kelly Mel Tuckfield Scott Dratch Michael Kushin Ann Ward Scott Aken Bob Landgraf Jennifer Warren Greg Astfalk Joe Mazzafro Zal Azmi Gary McAlum INSA Fred Brott David McCue Ellen McCarthy Lorraine Castro Marcus McInnis Frank Blanco Jim Crowley Brian McKenney Jared Gruber Bob Farrell Linda Meeks Jarrod Chlapowski Barbara Fast Billy O'Brien Dennis Gilbert Marie O'Neill Sciarrone 17 March 26, 2009

Recommended

120112 socmed-whitehall-for-blog-slides
120112 socmed-whitehall-for-blog-slides120112 socmed-whitehall-for-blog-slides
120112 socmed-whitehall-for-blog-slidesCraig Thomler
 
How to write your company's it security policy it-toolkits
How to write your company's it security policy it-toolkitsHow to write your company's it security policy it-toolkits
How to write your company's it security policy it-toolkitsIT-Toolkits.org
 
Children Services Network roundtable September 2009
Children Services Network roundtable September 2009Children Services Network roundtable September 2009
Children Services Network roundtable September 2009guest921f6ad8
 
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSA
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSAImproving Cybersecurity and Resilience Through Acquisition Emile Monette GSA
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSAGovCloud Network
 
Space to think | Cloud research using Logica futurescope
Space to think | Cloud research using Logica futurescope Space to think | Cloud research using Logica futurescope
Space to think | Cloud research using Logica futurescope CGI
 
Open Source and Cyber Security: Open Source Software's Role in Government Cyb...
Open Source and Cyber Security: Open Source Software's Role in Government Cyb...Open Source and Cyber Security: Open Source Software's Role in Government Cyb...
Open Source and Cyber Security: Open Source Software's Role in Government Cyb...Great Wide Open
 
What is the role of cloud computing, web 2.0, and web 3.0 semantic technologi...
What is the role of cloud computing, web 2.0, and web 3.0 semantic technologi...What is the role of cloud computing, web 2.0, and web 3.0 semantic technologi...
What is the role of cloud computing, web 2.0, and web 3.0 semantic technologi...Mills Davis
 
Presentation For IAC Federal Acquisition
Presentation For IAC Federal AcquisitionPresentation For IAC Federal Acquisition
Presentation For IAC Federal AcquisitionKim Kobza
 

Recommended

120112 socmed-whitehall-for-blog-slides
120112 socmed-whitehall-for-blog-slides120112 socmed-whitehall-for-blog-slides
120112 socmed-whitehall-for-blog-slidesCraig Thomler
 
How to write your company's it security policy it-toolkits
How to write your company's it security policy it-toolkitsHow to write your company's it security policy it-toolkits
How to write your company's it security policy it-toolkitsIT-Toolkits.org
 
Children Services Network roundtable September 2009
Children Services Network roundtable September 2009Children Services Network roundtable September 2009
Children Services Network roundtable September 2009guest921f6ad8
 
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSA
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSAImproving Cybersecurity and Resilience Through Acquisition Emile Monette GSA
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSAGovCloud Network
 
Space to think | Cloud research using Logica futurescope
Space to think | Cloud research using Logica futurescope Space to think | Cloud research using Logica futurescope
Space to think | Cloud research using Logica futurescope CGI
 
Open Source and Cyber Security: Open Source Software's Role in Government Cyb...
Open Source and Cyber Security: Open Source Software's Role in Government Cyb...Open Source and Cyber Security: Open Source Software's Role in Government Cyb...
Open Source and Cyber Security: Open Source Software's Role in Government Cyb...Great Wide Open
 
What is the role of cloud computing, web 2.0, and web 3.0 semantic technologi...
What is the role of cloud computing, web 2.0, and web 3.0 semantic technologi...What is the role of cloud computing, web 2.0, and web 3.0 semantic technologi...
What is the role of cloud computing, web 2.0, and web 3.0 semantic technologi...Mills Davis
 
Presentation For IAC Federal Acquisition
Presentation For IAC Federal AcquisitionPresentation For IAC Federal Acquisition
Presentation For IAC Federal AcquisitionKim Kobza
 
IANS-2008
IANS-2008IANS-2008
IANS-2008Bob Radvanovsky
 
Defense Acquisition Enterprise 2.0 Article
Defense Acquisition Enterprise 2.0 ArticleDefense Acquisition Enterprise 2.0 Article
Defense Acquisition Enterprise 2.0 ArticlePete Modigliani
 
What Is The Role Of Cloud Computing, Web 2 0, And Web 3 0 Semantic Technologi...
What Is The Role Of Cloud Computing, Web 2 0, And Web 3 0 Semantic Technologi...What Is The Role Of Cloud Computing, Web 2 0, And Web 3 0 Semantic Technologi...
What Is The Role Of Cloud Computing, Web 2 0, And Web 3 0 Semantic Technologi...ajmalik
 
Federal Cloud Computing: From Business Use Cases to Pilots to Implementations
Federal Cloud Computing: From Business Use Cases to Pilots to ImplementationsFederal Cloud Computing: From Business Use Cases to Pilots to Implementations
Federal Cloud Computing: From Business Use Cases to Pilots to ImplementationsGovCloud Network
 
“Security” In a Digital Interconnected World
“Security” In a Digital Interconnected World “Security” In a Digital Interconnected World
“Security” In a Digital Interconnected World Internet Society
 
Using the power of data by David Wollman
Using the power of data by David WollmanUsing the power of data by David Wollman
Using the power of data by David WollmanMaRS Discovery District
 
Protecting Utilities through Business Continuity - Scott Roe, Corporate Risk ...
Protecting Utilities through Business Continuity - Scott Roe, Corporate Risk ...Protecting Utilities through Business Continuity - Scott Roe, Corporate Risk ...
Protecting Utilities through Business Continuity - Scott Roe, Corporate Risk ...Energy Network marcus evans
 
Sookman law society_6_min_business_law
Sookman law society_6_min_business_lawSookman law society_6_min_business_law
Sookman law society_6_min_business_lawbsookman
 
Rolly cloud policymakingprocess
Rolly cloud policymakingprocessRolly cloud policymakingprocess
Rolly cloud policymakingprocessrolly purnomo
 
Australian Convergence Review 2012
Australian Convergence Review 2012Australian Convergence Review 2012
Australian Convergence Review 2012Martyn Taylor
 
Cloud Computing IT Lexicon's Latest Hot Spot
Cloud Computing IT Lexicon's Latest Hot SpotCloud Computing IT Lexicon's Latest Hot Spot
Cloud Computing IT Lexicon's Latest Hot SpotTech Mahindra
 
Draft Framework sep 26
Draft Framework sep 26Draft Framework sep 26
Draft Framework sep 26chefhja
 
Nat'l Defense Univ: Lessons Learned in CLoud Computing
Nat'l Defense Univ: Lessons Learned in CLoud ComputingNat'l Defense Univ: Lessons Learned in CLoud Computing
Nat'l Defense Univ: Lessons Learned in CLoud ComputingGovCloud Network
 
GCC Operational Technology Security Forum & Exhibition, 21-23 March 2017, Doha
GCC Operational Technology Security Forum & Exhibition, 21-23 March 2017, DohaGCC Operational Technology Security Forum & Exhibition, 21-23 March 2017, Doha
GCC Operational Technology Security Forum & Exhibition, 21-23 March 2017, DohaSyed Peer
 
White Paper Aaci Data Center Physical Security Mc Donald
White Paper Aaci Data Center Physical Security Mc DonaldWhite Paper Aaci Data Center Physical Security Mc Donald
White Paper Aaci Data Center Physical Security Mc DonaldJames McDonald
 
Ac breaking cyber-sharinglogjam_web
Ac breaking cyber-sharinglogjam_webAc breaking cyber-sharinglogjam_web
Ac breaking cyber-sharinglogjam_webatlanticcouncil
 
Barriers to government cloud adoption
Barriers to government cloud adoptionBarriers to government cloud adoption
Barriers to government cloud adoptionIJMIT JOURNAL
 
Session B: Handout 3
Session B: Handout 3Session B: Handout 3
Session B: Handout 3feitwincities
 
2014 Managing Cloud: A New Multidisciplinary Paradigm for Policymakers
2014 Managing Cloud: A New Multidisciplinary Paradigm for Policymakers2014 Managing Cloud: A New Multidisciplinary Paradigm for Policymakers
2014 Managing Cloud: A New Multidisciplinary Paradigm for Policymakersaccacloud
 
Brochure - Jan 14
Brochure - Jan 14Brochure - Jan 14
Brochure - Jan 14Dominic Vogel
 
How is GovLoop Transforming Learning for Government?
How is GovLoop Transforming Learning for Government?How is GovLoop Transforming Learning for Government?
How is GovLoop Transforming Learning for Government?GovLoop
 
Teaching vs learning
Teaching vs learningTeaching vs learning
Teaching vs learningGovLoop
 

More Related Content

Similar to Outbrief by INSA on CyberSecurity

Defense Acquisition Enterprise 2.0 Article
Defense Acquisition Enterprise 2.0 ArticleDefense Acquisition Enterprise 2.0 Article
Defense Acquisition Enterprise 2.0 ArticlePete Modigliani
 
What Is The Role Of Cloud Computing, Web 2 0, And Web 3 0 Semantic Technologi...
What Is The Role Of Cloud Computing, Web 2 0, And Web 3 0 Semantic Technologi...What Is The Role Of Cloud Computing, Web 2 0, And Web 3 0 Semantic Technologi...
What Is The Role Of Cloud Computing, Web 2 0, And Web 3 0 Semantic Technologi...ajmalik
 
Federal Cloud Computing: From Business Use Cases to Pilots to Implementations
Federal Cloud Computing: From Business Use Cases to Pilots to ImplementationsFederal Cloud Computing: From Business Use Cases to Pilots to Implementations
Federal Cloud Computing: From Business Use Cases to Pilots to ImplementationsGovCloud Network
 
“Security” In a Digital Interconnected World
“Security” In a Digital Interconnected World “Security” In a Digital Interconnected World
“Security” In a Digital Interconnected World Internet Society
 
Using the power of data by David Wollman
Using the power of data by David WollmanUsing the power of data by David Wollman
Using the power of data by David WollmanMaRS Discovery District
 
Protecting Utilities through Business Continuity - Scott Roe, Corporate Risk ...
Protecting Utilities through Business Continuity - Scott Roe, Corporate Risk ...Protecting Utilities through Business Continuity - Scott Roe, Corporate Risk ...
Protecting Utilities through Business Continuity - Scott Roe, Corporate Risk ...Energy Network marcus evans
 
Sookman law society_6_min_business_law
Sookman law society_6_min_business_lawSookman law society_6_min_business_law
Sookman law society_6_min_business_lawbsookman
 
Rolly cloud policymakingprocess
Rolly cloud policymakingprocessRolly cloud policymakingprocess
Rolly cloud policymakingprocessrolly purnomo
 
Australian Convergence Review 2012
Australian Convergence Review 2012Australian Convergence Review 2012
Australian Convergence Review 2012Martyn Taylor
 
Cloud Computing IT Lexicon's Latest Hot Spot
Cloud Computing IT Lexicon's Latest Hot SpotCloud Computing IT Lexicon's Latest Hot Spot
Cloud Computing IT Lexicon's Latest Hot SpotTech Mahindra
 
Draft Framework sep 26
Draft Framework sep 26Draft Framework sep 26
Draft Framework sep 26chefhja
 
Nat'l Defense Univ: Lessons Learned in CLoud Computing
Nat'l Defense Univ: Lessons Learned in CLoud ComputingNat'l Defense Univ: Lessons Learned in CLoud Computing
Nat'l Defense Univ: Lessons Learned in CLoud ComputingGovCloud Network
 
GCC Operational Technology Security Forum & Exhibition, 21-23 March 2017, Doha
GCC Operational Technology Security Forum & Exhibition, 21-23 March 2017, DohaGCC Operational Technology Security Forum & Exhibition, 21-23 March 2017, Doha
GCC Operational Technology Security Forum & Exhibition, 21-23 March 2017, DohaSyed Peer
 
White Paper Aaci Data Center Physical Security Mc Donald
White Paper Aaci Data Center Physical Security Mc DonaldWhite Paper Aaci Data Center Physical Security Mc Donald
White Paper Aaci Data Center Physical Security Mc DonaldJames McDonald
 
Ac breaking cyber-sharinglogjam_web
Ac breaking cyber-sharinglogjam_webAc breaking cyber-sharinglogjam_web
Ac breaking cyber-sharinglogjam_webatlanticcouncil
 
Barriers to government cloud adoption
Barriers to government cloud adoptionBarriers to government cloud adoption
Barriers to government cloud adoptionIJMIT JOURNAL
 
Session B: Handout 3
Session B: Handout 3Session B: Handout 3
Session B: Handout 3feitwincities
 
2014 Managing Cloud: A New Multidisciplinary Paradigm for Policymakers
2014 Managing Cloud: A New Multidisciplinary Paradigm for Policymakers2014 Managing Cloud: A New Multidisciplinary Paradigm for Policymakers
2014 Managing Cloud: A New Multidisciplinary Paradigm for Policymakersaccacloud
 

Similar to Outbrief by INSA on CyberSecurity (20)

IANS-2008
IANS-2008IANS-2008
IANS-2008
 
Defense Acquisition Enterprise 2.0 Article
Defense Acquisition Enterprise 2.0 ArticleDefense Acquisition Enterprise 2.0 Article
Defense Acquisition Enterprise 2.0 Article
 
What Is The Role Of Cloud Computing, Web 2 0, And Web 3 0 Semantic Technologi...
What Is The Role Of Cloud Computing, Web 2 0, And Web 3 0 Semantic Technologi...What Is The Role Of Cloud Computing, Web 2 0, And Web 3 0 Semantic Technologi...
What Is The Role Of Cloud Computing, Web 2 0, And Web 3 0 Semantic Technologi...
 
Federal Cloud Computing: From Business Use Cases to Pilots to Implementations
Federal Cloud Computing: From Business Use Cases to Pilots to ImplementationsFederal Cloud Computing: From Business Use Cases to Pilots to Implementations
Federal Cloud Computing: From Business Use Cases to Pilots to Implementations
 
“Security” In a Digital Interconnected World
“Security” In a Digital Interconnected World “Security” In a Digital Interconnected World
“Security” In a Digital Interconnected World
 
Using the power of data by David Wollman
Using the power of data by David WollmanUsing the power of data by David Wollman
Using the power of data by David Wollman
 
Protecting Utilities through Business Continuity - Scott Roe, Corporate Risk ...
Protecting Utilities through Business Continuity - Scott Roe, Corporate Risk ...Protecting Utilities through Business Continuity - Scott Roe, Corporate Risk ...
Protecting Utilities through Business Continuity - Scott Roe, Corporate Risk ...
 
Sookman law society_6_min_business_law
Sookman law society_6_min_business_lawSookman law society_6_min_business_law
Sookman law society_6_min_business_law
 
Rolly cloud policymakingprocess
Rolly cloud policymakingprocessRolly cloud policymakingprocess
Rolly cloud policymakingprocess
 
Australian Convergence Review 2012
Australian Convergence Review 2012Australian Convergence Review 2012
Australian Convergence Review 2012
 
Cloud Computing IT Lexicon's Latest Hot Spot
Cloud Computing IT Lexicon's Latest Hot SpotCloud Computing IT Lexicon's Latest Hot Spot
Cloud Computing IT Lexicon's Latest Hot Spot
 
Draft Framework sep 26
Draft Framework sep 26Draft Framework sep 26
Draft Framework sep 26
 
Nat'l Defense Univ: Lessons Learned in CLoud Computing
Nat'l Defense Univ: Lessons Learned in CLoud ComputingNat'l Defense Univ: Lessons Learned in CLoud Computing
Nat'l Defense Univ: Lessons Learned in CLoud Computing
 
GCC Operational Technology Security Forum & Exhibition, 21-23 March 2017, Doha
GCC Operational Technology Security Forum & Exhibition, 21-23 March 2017, DohaGCC Operational Technology Security Forum & Exhibition, 21-23 March 2017, Doha
GCC Operational Technology Security Forum & Exhibition, 21-23 March 2017, Doha
 
White Paper Aaci Data Center Physical Security Mc Donald
White Paper Aaci Data Center Physical Security Mc DonaldWhite Paper Aaci Data Center Physical Security Mc Donald
White Paper Aaci Data Center Physical Security Mc Donald
 
Ac breaking cyber-sharinglogjam_web
Ac breaking cyber-sharinglogjam_webAc breaking cyber-sharinglogjam_web
Ac breaking cyber-sharinglogjam_web
 
Barriers to government cloud adoption
Barriers to government cloud adoptionBarriers to government cloud adoption
Barriers to government cloud adoption
 
Session B: Handout 3
Session B: Handout 3Session B: Handout 3
Session B: Handout 3
 
2014 Managing Cloud: A New Multidisciplinary Paradigm for Policymakers
2014 Managing Cloud: A New Multidisciplinary Paradigm for Policymakers2014 Managing Cloud: A New Multidisciplinary Paradigm for Policymakers
2014 Managing Cloud: A New Multidisciplinary Paradigm for Policymakers
 
Brochure - Jan 14
Brochure - Jan 14Brochure - Jan 14
Brochure - Jan 14
 

More from GovLoop

How is GovLoop Transforming Learning for Government?
How is GovLoop Transforming Learning for Government?How is GovLoop Transforming Learning for Government?
How is GovLoop Transforming Learning for Government?GovLoop
 
Teaching vs learning
Teaching vs learningTeaching vs learning
Teaching vs learningGovLoop
 
Next Gen: Critical Conversations Slide Deck
Next Gen: Critical Conversations Slide DeckNext Gen: Critical Conversations Slide Deck
Next Gen: Critical Conversations Slide DeckGovLoop
 
Internet of Things: Lightning Round, Sargent
Internet of Things: Lightning Round, SargentInternet of Things: Lightning Round, Sargent
Internet of Things: Lightning Round, SargentGovLoop
 
Internet of Things: Lightning Round, Ronzio
Internet of Things: Lightning Round, RonzioInternet of Things: Lightning Round, Ronzio
Internet of Things: Lightning Round, RonzioGovLoop
 
Internet of Things: Lightning Round, Hite
Internet of Things: Lightning Round, HiteInternet of Things: Lightning Round, Hite
Internet of Things: Lightning Round, HiteGovLoop
 
Internet of Things: Lightning Round, Fritzinger
Internet of Things: Lightning Round, FritzingerInternet of Things: Lightning Round, Fritzinger
Internet of Things: Lightning Round, FritzingerGovLoop
 
Internet of Things: Lightning Round, McKinney
Internet of Things: Lightning Round, McKinneyInternet of Things: Lightning Round, McKinney
Internet of Things: Lightning Round, McKinneyGovLoop
 
Internet of Things: Government Keynote, Randy Garrett
Internet of Things: Government Keynote, Randy GarrettInternet of Things: Government Keynote, Randy Garrett
Internet of Things: Government Keynote, Randy GarrettGovLoop
 
Leap Not Creep Participant Guide Pre-Course Through Week 3 - 20140722
Leap Not Creep Participant Guide Pre-Course Through Week 3 - 20140722Leap Not Creep Participant Guide Pre-Course Through Week 3 - 20140722
Leap Not Creep Participant Guide Pre-Course Through Week 3 - 20140722GovLoop
 
Week Three
Week ThreeWeek Three
Week ThreeGovLoop
 
FHWA Week Two
FHWA Week TwoFHWA Week Two
FHWA Week TwoGovLoop
 
Building Powerful Outreach - Executive Research Brief
Building Powerful Outreach - Executive Research BriefBuilding Powerful Outreach - Executive Research Brief
Building Powerful Outreach - Executive Research BriefGovLoop
 
Turning Big Data into Big Decisions
Turning Big Data into Big DecisionsTurning Big Data into Big Decisions
Turning Big Data into Big DecisionsGovLoop
 
Examining the Big Data Frontier
Examining the Big Data FrontierExamining the Big Data Frontier
Examining the Big Data FrontierGovLoop
 
The Need for NoSQL - MarkLogic
The Need for NoSQL - MarkLogicThe Need for NoSQL - MarkLogic
The Need for NoSQL - MarkLogicGovLoop
 
Capitalizing on the Cloud
Capitalizing on the CloudCapitalizing on the Cloud
Capitalizing on the CloudGovLoop
 
Build Better Virtual Events & Training for your Agency
Build Better Virtual Events & Training for your AgencyBuild Better Virtual Events & Training for your Agency
Build Better Virtual Events & Training for your AgencyGovLoop
 
Social Media Presentation for The Center for Organizational Effectiveness
Social Media Presentation for The Center for Organizational EffectivenessSocial Media Presentation for The Center for Organizational Effectiveness
Social Media Presentation for The Center for Organizational EffectivenessGovLoop
 
Guide to Managing the Presidential Management Fellows (PMF) Application Proce...
Guide to Managing the Presidential Management Fellows (PMF) Application Proce...Guide to Managing the Presidential Management Fellows (PMF) Application Proce...
Guide to Managing the Presidential Management Fellows (PMF) Application Proce...GovLoop
 

More from GovLoop (20)

How is GovLoop Transforming Learning for Government?
How is GovLoop Transforming Learning for Government?How is GovLoop Transforming Learning for Government?
How is GovLoop Transforming Learning for Government?
 
Teaching vs learning
Teaching vs learningTeaching vs learning
Teaching vs learning
 
Next Gen: Critical Conversations Slide Deck
Next Gen: Critical Conversations Slide DeckNext Gen: Critical Conversations Slide Deck
Next Gen: Critical Conversations Slide Deck
 
Internet of Things: Lightning Round, Sargent
Internet of Things: Lightning Round, SargentInternet of Things: Lightning Round, Sargent
Internet of Things: Lightning Round, Sargent
 
Internet of Things: Lightning Round, Ronzio
Internet of Things: Lightning Round, RonzioInternet of Things: Lightning Round, Ronzio
Internet of Things: Lightning Round, Ronzio
 
Internet of Things: Lightning Round, Hite
Internet of Things: Lightning Round, HiteInternet of Things: Lightning Round, Hite
Internet of Things: Lightning Round, Hite
 
Internet of Things: Lightning Round, Fritzinger
Internet of Things: Lightning Round, FritzingerInternet of Things: Lightning Round, Fritzinger
Internet of Things: Lightning Round, Fritzinger
 
Internet of Things: Lightning Round, McKinney
Internet of Things: Lightning Round, McKinneyInternet of Things: Lightning Round, McKinney
Internet of Things: Lightning Round, McKinney
 
Internet of Things: Government Keynote, Randy Garrett
Internet of Things: Government Keynote, Randy GarrettInternet of Things: Government Keynote, Randy Garrett
Internet of Things: Government Keynote, Randy Garrett
 
Leap Not Creep Participant Guide Pre-Course Through Week 3 - 20140722
Leap Not Creep Participant Guide Pre-Course Through Week 3 - 20140722Leap Not Creep Participant Guide Pre-Course Through Week 3 - 20140722
Leap Not Creep Participant Guide Pre-Course Through Week 3 - 20140722
 
Week Three
Week ThreeWeek Three
Week Three
 
FHWA Week Two
FHWA Week TwoFHWA Week Two
FHWA Week Two
 
Building Powerful Outreach - Executive Research Brief
Building Powerful Outreach - Executive Research BriefBuilding Powerful Outreach - Executive Research Brief
Building Powerful Outreach - Executive Research Brief
 
Turning Big Data into Big Decisions
Turning Big Data into Big DecisionsTurning Big Data into Big Decisions
Turning Big Data into Big Decisions
 
Examining the Big Data Frontier
Examining the Big Data FrontierExamining the Big Data Frontier
Examining the Big Data Frontier
 
The Need for NoSQL - MarkLogic
The Need for NoSQL - MarkLogicThe Need for NoSQL - MarkLogic
The Need for NoSQL - MarkLogic
 
Capitalizing on the Cloud
Capitalizing on the CloudCapitalizing on the Cloud
Capitalizing on the Cloud
 
Build Better Virtual Events & Training for your Agency
Build Better Virtual Events & Training for your AgencyBuild Better Virtual Events & Training for your Agency
Build Better Virtual Events & Training for your Agency
 
Social Media Presentation for The Center for Organizational Effectiveness
Social Media Presentation for The Center for Organizational EffectivenessSocial Media Presentation for The Center for Organizational Effectiveness
Social Media Presentation for The Center for Organizational Effectiveness
 
Guide to Managing the Presidential Management Fellows (PMF) Application Proce...
Guide to Managing the Presidential Management Fellows (PMF) Application Proce...Guide to Managing the Presidential Management Fellows (PMF) Application Proce...
Guide to Managing the Presidential Management Fellows (PMF) Application Proce...
 

Recently uploaded

Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfngoud9212
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsAndrey Dotsenko
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 

Recently uploaded (20)

Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdf
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 

Outbrief by INSA on CyberSecurity

  • 1. 60 Day Cyber Study INSA Response Presented to Melissa Hathaway Lou Von Thaer - Chair March 26, 2009
  • 2. Agenda Overview Lou Von Thaer Government s Government’s Role John Russack Multiple Root Structure Rob Pate Public/Private Partnership Steve Cambone Closing Thoughts Ellen McCarthy 2 March 26, 2009
  • 3. INSA Industry Task Force Seneca Technology Group, LLC Crucial Point LLC 3 March 26, 2009
  • 4. Approach ƒ Guidance: focus on prioritized recommendations and implementation ƒ Formed blended industry teams ƒ Worked questions with teams of experts ƒ Combined inputs and reviewed ƒ Presented high-level findings Paper reflects personal rather than company opinions of the experts involved 4 March 26, 2009
  • 5. Three Questions to INSA ƒ Government’s role in securing the critical Government s infrastructure and private networks ƒ Impact of moving to a multiple root structure for domain name service ƒ Define and create the public/private partnership for cyber security 5 March 26, 2009
  • 6. Key Insights and Summary ƒ Continue to work technical solutions ƒ Define who is in charge and why ƒ Single root but prepare for contingencies ƒ Public/private partnership: ƒ Industries need timely information ƒ Protect industry when it cooperates y p ƒ Government is educator, standard-setter, compliance auditor, and law enforcer ƒ Government needs public and industry support 6 March 26, 2009
  • 7. Government’s Role in Securing the Critical Infrastructure and Private Private Networks QUESTION 1 What is (or should be) the government’s role in securing/protecting the critical infrastructures and private sector networks from attack, damage, etc. (from nation states)? ƒ What are the minimum standards that must be established? ƒ How will these standards affect procurement / acqu t o po c es? acquisition policies 7 March 26, 2009
  • 8. Government’s Role in Securing the Critical Infrastructure and Private Private Networks RECOMMENDATIONS ƒ Create and empower a U.S. Government leadership position ƒ Establish White House-level position to lead cyber ƒ Codify roles: authorities, responsibilities, and resources ƒ Develop and set minimum cyber defense requirements for critical infrastructure ƒ Develop a National Cyber Recovery Plan ƒ Promote, suppo t and coordinate information sharing o ote, upport d oo d ate o a o a g ƒ Enhance attribution and take action ƒ Establish communities of interest for improved analytics for attribution 8 March 26, 2009
  • 9. Government’s Role in Securing the Critical Infrastructure and Private Private Networks RECOMMENDATIONS Promote, support, and coordinate information sharing ƒ Key to multiple INSA cyber security recommendations ƒ Government-wide FOIA exemption for cyber ƒ Establish executive branch guidance on cyber CIP information sharing (executive order?) ƒ Review all applicable law, policy, and procedures dealing with cyber CIP information sharing between government and private sector owners and operators with the goal of better enabling real time information sharing o a o a g ƒ Improve the context, timeliness, and value (information should be better tailored to the recipient) of what information the U.S. Government shares with the private sector 9 March 26, 2009
  • 10. Government’s Role in Securing the Critical Infrastructure and Private Private Networks RECOMMENDATIONS What are the minimum standards: ƒ Consensus Audit Guidelines (CAG) are a good start ƒ Government-led consortium must own these standards and guidelines ƒ In addition to CAG, standards need to include: ƒ Policies and guidance for Supply Chain Protection ƒ Vulnerability analysis of COTS and GOTS software ƒ Leverage DHS initiative: “Build Security In” 10 March 26, 2009
  • 11. Multiple Root Structure QUESTION 2 How would the security and stability of the Internet be affected if the single, authoritative root were to be replaced by a multiple root structure? ƒ What would be the economic and technical consequences of a multiple root structure? ƒ What, if any, influences do you see that may: ƒ Move the Internet in the direction of greater fragmentation? ƒ Help to preserve and maintain a single, interoperable Internet? ƒ What are the implications of these forces? 11 March 26, 2009
  • 12. Multiple Root Structure RECOMMENDATIONS ƒ Field DNSSEC and continue with single root ƒ Direct National Communications System and US- CERT to monitor 13 recognized root servers ƒ Develop, test, and be prepared to implement contingency plans ƒ Address multilingual/multi cultural environment of multilingual/multi- the Internet ƒ More effectively engage international communities to preserve the current Internet governance system 12 March 26, 2009
  • 13. Public/Private Partnership QUESTION 3 Our lifestyle is based upon a digital infrastructure that is privately owned and globally operated. ƒ How do we get to a public/private partnership and action plan that will build protection and security in – and enable information sharing to better understand when it is under a local or global attack (warning)? ƒ What is the model public/private relationship? ƒ Who and how will oversight be conducted in the IC and national security community? ƒ How would you provide common situational awareness? 13 March 26, 2009
  • 14. Public/Private Partnership RECOMMENDATIONS ƒ Private sector increasingly recognizes need for security of the Internet ƒ Growing willingness to accept government leadership ƒ Build on existing public/private partnership models to create “regulatory environment” ƒ Purpose is to identify anomalous behavior ƒ Result is a more secure operating environment ƒ Agreed-upon set of standards ƒ An acceptance of government authoritytto sanction A f t th it ti anomalous behavior and to enforce agreed-upon standards 14 t March 26, 2009
  • 15. Public/Private Partnership RECOMMENDATIONS ƒ Government increase transparency in the regulatory environment h d for ƒ Methods f managi ing environment and defined role i d d fi d l of citizens ƒ Similar public-private examples in international communities ƒ Aggressively fund private sector R&D in key cyber assurance areas 15 March 26, 2009
  • 16. Closing Thoughts ƒ The team is ready to explain all of the recommendations further, if needed ƒ Paper includes some additional questions that we think ought to be studied ƒ INSA and its members are ready to assist 16 March 26, 2009
  • 17. INSA Report Volunteers Chairman: Lou Von Thaer Bob Giesler Marilyn Quagliotti Tom Goodman J.R. Reagan Question Leads Cristin Goodwin Flynn Dave Rose Rob Pate Bob Gourley Mark Schiller Steve Cambone Dan Hall Andy Singer John Russack Vince Jarvie Mary Sturtevant Contributors Jose Jimenez Almaz Tekle Nadia Short Kevin Kelly Mel Tuckfield Scott Dratch Michael Kushin Ann Ward Scott Aken Bob Landgraf Jennifer Warren Greg Astfalk Joe Mazzafro Zal Azmi Gary McAlum INSA Fred Brott David McCue Ellen McCarthy Lorraine Castro Marcus McInnis Frank Blanco Jim Crowley Brian McKenney Jared Gruber Bob Farrell Linda Meeks Jarrod Chlapowski Barbara Fast Billy O'Brien Dennis Gilbert Marie O'Neill Sciarrone 17 March 26, 2009