This document summarizes a strategy paper on resourcing the US 2030 Cyber Strategy. It discusses:
1) The strategy proposes building defensive cyber capabilities, deterrence capabilities, and promoting international cooperation to establish cyber norms by 2030. However, funding these initiatives will be challenging.
2) Fifty percent of the strategy relies on acquiring new cyber technologies, which requires navigating the lengthy defense acquisition system and gaining approval through processes like JCIDS.
3) Coordinating support across the executive branch, Congress, and private industry will be difficult due to competing interests but is crucial for successful implementation.
DRAFT of NEW White House Cybersecurity Executive Order leakedDavid Sweigert
Posted as a courtesy by:
Dave Sweigert
CEH, CISA, CISSP, HCISPP, PCIP, PMP, SEC+
The latest draft of a cybersecurity executive order to be signed by President Trump has become an unusually precise, report-ordering extravaganza.
Executive orders – even those signed by Trump – tend to be relatively short and quite vague, with general policy goals listed and expected to be interpreted by others.
The new cybersecurity order is none of those. At over 2,200 words it is very long. It is also very precise, listing individuals and giving them specific tasks. Rather than focus on a particular goal – the creation of a new taskforce or the development of a singular report – the order calls for the production of no fewer than 10 reports, six of which will go direct to the President, on a range of aspects of cybersecurity.
(By comparison, even though President Obama put out a very lengthy executive order on cybersecurity, running to 3,000 words, it only asked for three reports to be created.)
To understand how what was originally a restatement of US policy toward cybersecurity with a call for a single report has evolved into an extensive work plan, you need to look at the unusual events of nine days ago.
Trump was expected to sign the cybersecurity order on January 31. To that end, a series of meetings were held at the White House during the day and it was supposed to end with the signing in the Oval Office in the late afternoon. But at the last minute, without explanation, the decision to sign was pulled.
Final national cyber security strategy november 2014vikawotar
This document outlines Mauritius' National Cyber Security Strategy for 2014-2019. It establishes the vision, mission and goals for cyber security, which include securing cyberspace against cybercrime, enhancing resilience to cyber attacks, developing efficient collaboration models between authorities and businesses, and improving cyber expertise and awareness. The strategy proposes a governance structure and defines the roles of key stakeholders like the Ministry of ICT, National Cyber Security Committee, National CERT, law enforcement, regulatory bodies, critical sectors, and academia. It presents strategic guidelines to achieve the goals, focusing on defense, resilience, collaboration, and capacity building. The importance of the strategy is to effectively manage cyber threats and risks through a coordinated national approach.
Marriage of Cyber Security with Emergency Management -- Action PlanDavid Sweigert
The document is an action plan from the State of Missouri Cybersecurity Task Force that identifies gaps in Missouri's cybersecurity posture and provides recommendations. It finds that Missouri lacks adequate cybersecurity workforce development and resources at many organizations. It recommends establishing a Cybersecurity Institute to coordinate cybersecurity education and research, and to facilitate information sharing between industry and education. It also recommends strengthening K-12 cybersecurity curriculum and engaging students in competitions to develop interest and talent in cybersecurity fields from an early age.
This document discusses different approaches to regulating cybersecurity in critical infrastructure providers like electricity transmission companies. It compares "rules-based" regulations, where the policymaker dictates specific security requirements, to "risk-based" regulations, where companies assess their own risks and determine security measures. The document presents an economic model analyzing the tradeoffs of these approaches. It finds that the optimal approach depends on incentives - rules may be better in some contexts, while risk-based approaches work better in others. A balanced, nuanced policy is needed that considers different industry conditions.
The document outlines 8 elements of an effective cybersecurity strategy for the financial sector: 1) Establishing a cybersecurity strategy and framework tailored to risks and standards, 2) Defining governance roles and responsibilities, 3) Conducting risk and control assessments of functions and third parties, 4) Establishing monitoring processes to detect incidents, 5) Having response plans to contain and mitigate incidents, 6) Resuming operations while continuing remediation, 7) Sharing cybersecurity information with stakeholders, and 8) Regularly reviewing and updating the strategy as risks and best practices evolve. The elements are designed to help private and public financial entities strengthen overall cybersecurity and resilience against growing cyber threats.
Unprepared for Cybersecurity in Saudi Arabia: Argument for a Shift Towards Cy...Maurice Dawson
In this paper, the researcher briefly discusses the attacks that have occurred recently within Saudi Arabia to entities such as Saudi Aramco to the Ministry of Health. These attacks are aggressions against government institutions that can render a sector vulnerable. Observing the ongoing attacks on critical infrastructure in Ukraine one can see a replication of similar attacks that could occur and spread over the Middle East. As this nation is a politically turbulent region, there is no small number of external threats. To combat these evolving threat, a shift towards cyber readiness must occur. This includes new laws, security hardened technologies, and education for people living in the kingdom.
Institutional Cybersecurity from Military PerspectiveGovernment
1. The document discusses institutional cybersecurity from a military perspective, analyzing challenges, organizational structure, the military decision-making process (MDMP), and cybersecurity workforce.
2. It outlines key dilemmas institutions face regarding cybersecurity, such as security vs privacy and technical vs administrative approaches.
3. Military organizations are especially vulnerable due to their use of advanced technologies and need to ensure robust cybersecurity policies and preparedness for threats like malware and cyber espionage.
Defending Your Base of Operations: How Industrial Control Systems are Being T...AFCEA International
Mike Assante
Lead for Training for ICS and SCADA
SANS Industrial Control
We are used to taking the fight to the enemy, but we are entering into an age where it is expected that the enemy will be doing the same.
DRAFT of NEW White House Cybersecurity Executive Order leakedDavid Sweigert
Posted as a courtesy by:
Dave Sweigert
CEH, CISA, CISSP, HCISPP, PCIP, PMP, SEC+
The latest draft of a cybersecurity executive order to be signed by President Trump has become an unusually precise, report-ordering extravaganza.
Executive orders – even those signed by Trump – tend to be relatively short and quite vague, with general policy goals listed and expected to be interpreted by others.
The new cybersecurity order is none of those. At over 2,200 words it is very long. It is also very precise, listing individuals and giving them specific tasks. Rather than focus on a particular goal – the creation of a new taskforce or the development of a singular report – the order calls for the production of no fewer than 10 reports, six of which will go direct to the President, on a range of aspects of cybersecurity.
(By comparison, even though President Obama put out a very lengthy executive order on cybersecurity, running to 3,000 words, it only asked for three reports to be created.)
To understand how what was originally a restatement of US policy toward cybersecurity with a call for a single report has evolved into an extensive work plan, you need to look at the unusual events of nine days ago.
Trump was expected to sign the cybersecurity order on January 31. To that end, a series of meetings were held at the White House during the day and it was supposed to end with the signing in the Oval Office in the late afternoon. But at the last minute, without explanation, the decision to sign was pulled.
Final national cyber security strategy november 2014vikawotar
This document outlines Mauritius' National Cyber Security Strategy for 2014-2019. It establishes the vision, mission and goals for cyber security, which include securing cyberspace against cybercrime, enhancing resilience to cyber attacks, developing efficient collaboration models between authorities and businesses, and improving cyber expertise and awareness. The strategy proposes a governance structure and defines the roles of key stakeholders like the Ministry of ICT, National Cyber Security Committee, National CERT, law enforcement, regulatory bodies, critical sectors, and academia. It presents strategic guidelines to achieve the goals, focusing on defense, resilience, collaboration, and capacity building. The importance of the strategy is to effectively manage cyber threats and risks through a coordinated national approach.
Marriage of Cyber Security with Emergency Management -- Action PlanDavid Sweigert
The document is an action plan from the State of Missouri Cybersecurity Task Force that identifies gaps in Missouri's cybersecurity posture and provides recommendations. It finds that Missouri lacks adequate cybersecurity workforce development and resources at many organizations. It recommends establishing a Cybersecurity Institute to coordinate cybersecurity education and research, and to facilitate information sharing between industry and education. It also recommends strengthening K-12 cybersecurity curriculum and engaging students in competitions to develop interest and talent in cybersecurity fields from an early age.
This document discusses different approaches to regulating cybersecurity in critical infrastructure providers like electricity transmission companies. It compares "rules-based" regulations, where the policymaker dictates specific security requirements, to "risk-based" regulations, where companies assess their own risks and determine security measures. The document presents an economic model analyzing the tradeoffs of these approaches. It finds that the optimal approach depends on incentives - rules may be better in some contexts, while risk-based approaches work better in others. A balanced, nuanced policy is needed that considers different industry conditions.
The document outlines 8 elements of an effective cybersecurity strategy for the financial sector: 1) Establishing a cybersecurity strategy and framework tailored to risks and standards, 2) Defining governance roles and responsibilities, 3) Conducting risk and control assessments of functions and third parties, 4) Establishing monitoring processes to detect incidents, 5) Having response plans to contain and mitigate incidents, 6) Resuming operations while continuing remediation, 7) Sharing cybersecurity information with stakeholders, and 8) Regularly reviewing and updating the strategy as risks and best practices evolve. The elements are designed to help private and public financial entities strengthen overall cybersecurity and resilience against growing cyber threats.
Unprepared for Cybersecurity in Saudi Arabia: Argument for a Shift Towards Cy...Maurice Dawson
In this paper, the researcher briefly discusses the attacks that have occurred recently within Saudi Arabia to entities such as Saudi Aramco to the Ministry of Health. These attacks are aggressions against government institutions that can render a sector vulnerable. Observing the ongoing attacks on critical infrastructure in Ukraine one can see a replication of similar attacks that could occur and spread over the Middle East. As this nation is a politically turbulent region, there is no small number of external threats. To combat these evolving threat, a shift towards cyber readiness must occur. This includes new laws, security hardened technologies, and education for people living in the kingdom.
Institutional Cybersecurity from Military PerspectiveGovernment
1. The document discusses institutional cybersecurity from a military perspective, analyzing challenges, organizational structure, the military decision-making process (MDMP), and cybersecurity workforce.
2. It outlines key dilemmas institutions face regarding cybersecurity, such as security vs privacy and technical vs administrative approaches.
3. Military organizations are especially vulnerable due to their use of advanced technologies and need to ensure robust cybersecurity policies and preparedness for threats like malware and cyber espionage.
Defending Your Base of Operations: How Industrial Control Systems are Being T...AFCEA International
Mike Assante
Lead for Training for ICS and SCADA
SANS Industrial Control
We are used to taking the fight to the enemy, but we are entering into an age where it is expected that the enemy will be doing the same.
Finland s cyber security strategy background dossierYury Chemerkin
This document provides background information on Finland's Cyber Security Strategy. It discusses the cyber domain and threats, principles of cyber security management, securing vital functions against cyber threats, cyber security regulation, and implementation of the strategy. The cyber domain is increasingly interconnected but also introduces new risks. Cyber attacks can disrupt critical infrastructure and society. Finland aims to increase cyber situation awareness, guarantee cybersecurity of businesses, prevent cybercrime, improve cyber defense capabilities, and foster international cooperation and research.
Supporting an Effective Cyber Insurance Market (OECD Report for the G7 Presid...Δρ. Γιώργος K. Κασάπης
The increasing use of and dependence on information technology in economic activities - while creating significant benefits in terms of productivity and efficiency - is also leading to significant risks. Among them are "digital security risks" which, when they materialise, can disrupt the achievement of economic and social objectives by compromising the confidentiality, integrity and availability of information and information systems. It is widely assumed that most companies have been, will be, or don't know they have been, affected by such "cyber" incidents.
Although quantitative measurement is still emerging and raises significant challenges, the frequency and scope of cyber incidents is growing significantly and cyber risk is viewed as one of the main concerns to doing business.
Prepared at the request of the G7 Presidency, this report provides an overview of the market for cyber insurance, including the available coverage and potential gaps as well as the current challenges in terms of data availability, quantification of cyber risks, awareness and misunderstanding about coverage. It identifies potential policy measures to address some of the main challenges to the development of an effective cyber insurance market.
Is 2014 the year for Cyber Militias ?
Examination of the Congressional mandate for the Pentagon to address the use of cyber militias in responding to cyber warfare. Is a network breach and act of war?
Cybersecurity
Description: Protecting against damage to, unauthorized use of, and/or malicious exploitation of (and, if needed, the restoration of) electronic communications systems and services (and the information contained therein).
Cybersecurity activities ensure the security, reliability, integrity, and availability of critical information, records, and communications systems and services through collaborative cybersecurity initiatives and efforts. These activities also include procedures to detect malicious activity and to conduct technical and investigative-based countermeasures, mitigation activities, and operations against malicious actors to counter existing and emerging cyber-based threats, consistent with established protocols.
The document summarizes challenges facing the Department of Homeland Security (DHS) in acquiring and applying national intelligence. It notes that while DHS has made progress, it still struggles with issues like properly classifying critical infrastructure and prioritizing security efforts. The literature suggests DHS should adopt a risk-based approach to identify the most critical facilities and assess potential threats, rather than treating all infrastructure as equally important. This would help DHS focus its resources on the most significant security risks facing the United States.
The impacts of cyberattacks on intangibles of firms and critical sectors, ahm...Cyber Watching
This document discusses research on measuring the impacts of cyberattacks on firms and critical sectors' intangible assets. The research aims to estimate the micro and macroeconomic effects of cyberattacks and characterize the business models of different cyberattack perpetrators. At the micro level, the research uses event study analysis and natural language processing to estimate intangible asset losses for individual attacked firms. At the macro level, an input-output model is used to estimate direct economic losses from cyberattacks on different sectors. Preliminary results suggest cyberattacks can cause stock price declines of 0.6% and significant intangible asset losses for firms. Attacks on critical infrastructure sectors like ICT and finance were also found to potentially cause hundreds of billions in
Game theory can help optimize disaster response by modeling strategic interactions between stakeholders. It can provide guidelines for emergency managers to balance investments in disaster preparedness, response, and recovery while considering other players' likely actions and trade-offs with limited budgets. Game theory applications include modeling cooperation between governments, organizations, and citizens responding to events like the massive Buffalo snowstorm to coordinate relief efforts. It can also balance counterterrorism and natural disaster spending from limited government budgets.
Terör sınır tanımıyor. Taktik, teknik ve hedef seçimleri sıklıkla değişiyor. Ulaşım geçmişte olduğu gibi günümüzde de yüksek risk seviyesini muhafaza ediyor. Okunmasında yarar var.
This document discusses the cyber threats facing the US national security supply chain. It notes that cyber threats present an unprecedented asymmetric threat. The global supply chain has become highly dependent on information technology and cyber networks, making it vulnerable to cyber attacks. Several sections discuss assessing the threat and securing the supply chain against cyber risks. It recommends a partnership between government and private industry to address these challenges through policy, technology, education and international cooperation.
The document discusses the history and current state of U.S. cybersecurity policy and the National Strategy to Secure Cyberspace. It outlines the key government actors involved in cybersecurity, recent relevant legislation, and critiques the national cybersecurity plan. The national plan prioritizes building a security response system, reducing threats and vulnerabilities, increasing security awareness and training, securing government cyberspace, and enhancing international cooperation. It advocates a public-private partnership approach with limited regulation.
The document is the Department of Defense's 2015 Cyber Strategy. It outlines 5 strategic goals for the DoD's cyber activities over the next 5 years: 1) Build ready cyber forces and capabilities, 2) Defend the DoD information network and secure data, 3) Be prepared to defend the US from disruptive cyberattacks, 4) Develop cyber options to control conflict escalation, and 5) Build international partnerships to deter shared cyber threats. The strategy focuses on improving cyber defenses, responding to cyberattacks, and using cyber capabilities to support military plans and contingencies in line with US and international law.
Active shooter incidents have now emerged as a threat that cannot be ignored or minimized. Although it’s a difficult subject, it is important for businesses to consider active shooter/workplace violence insurance to cover gaps and grey areas that exist in standard coverage insurance. Here’s why.
Satori Whitepaper: Threat Intelligence - a path to taming digital threatsDean Evans
Threat management continues to be a hot topic within cybersecurity, and rightfully so.
Understanding the evolving technical and behavioral threat landscape and adapting
mitigation controls is the key to proactive risk management. Actionable threat intelligence is critical to enabling effective threat management. It provides visibility into the temperature within the threat actor community, what they are doing and how they are doing it (tactics techniques and procedures (TTPs)). The challenge is sorting through the volumes of threat data to identify what’s relevant and actionable.
This document is intended to communicate how threat intelligence can be used to reduce business risk. The audience is security, compliance and IT professionals interested in
proactive risk management.
This document discusses the use of threat and hazard identification and risk assessment (THIRA) for homeland security and emergency management preparedness grants. It outlines the THIRA process established in Comprehensive Preparedness Guide 201. Grantees will develop THIRAs to understand their risks and inform capability targets. THIRAs must be submitted by December 31, 2012 and will be reviewed regionally to ensure alignment with the THIRA guide. Regions will also develop THIRAs using the same process to incorporate regional variation in threats.
This document summarizes a study that analyzed how hazard mitigation principles are addressed in comprehensive plans and hazard mitigation plans across 16 jurisdictions in coastal Mississippi. Key findings include:
- Comprehensive plans and hazard mitigation plans are usually separate and address different requirements.
- A matrix was developed to identify connections and gaps between the plans based on 31 hazard mitigation principles.
- Analysis found that fewer than 50% of communities addressed over half of the principles in their comprehensive plans.
- Recommendations and templates were created to help integrate hazard mitigation planning into comprehensive planning and make communities more resilient.
This document discusses the evolution of terrorism risk modeling from qualitative approaches relying on expert judgment to more quantitative analytical methods. It covers:
1) The development of terrorism risk modeling from a qualitative approach based on underwriter experience to more formal analytical models needed to assess risks like Al Qaeda.
2) Deterministic scenario modeling to estimate probable maximum losses from terrorist attacks. This reduces uncertainty but does not address probability of extreme losses.
3) The use of expert judgment in terrorism risk assessment and efforts to minimize subjectivity through quantitative modeling of underlying processes.
4) Quantitative tools for terrorism risk modeling including controlled Markov chain models of terrorist attack occurrence, adaptive learning models of attack mode selection, and game theory approaches to
The document outlines a proposed 2030 US Cybersecurity Strategy. It discusses current cyber threats and concerns, including from terrorist groups and state actors. Four potential future scenarios are presented based on the uncertainty of terrorist groups and global polarity in 2030. The document recommends shaping actions like international cooperation and hedging actions such as developing resilient infrastructure to protect critical systems and data under the potential scenarios.
El documento describe la historia de Marcelino Champagnat y los Hermanos de las Escuelas Cristianas. Marcelino llegó a la cruz de Yabule en agosto de 1816 y decidió acelerar sus esfuerzos para enseñar sobre Dios tres meses después para ayudar a un joven que estaba muriendo sin conocimiento de Dios. El 2 de enero de 1817, Marcelino Champagnat fundó el Instituto de los Hermanos de las Escuelas Cristianas.
Este documento introduce conceptos fundamentales de informática. Explica la evolución de los ordenadores a través del tiempo y cómo representan y almacenan datos. También clasifica los ordenadores según su tamaño y capacidad, e introduce sistemas de numeración como binario y decimal para representar datos.
El documento resume las políticas educativas internacionales y las leyes colombianas relacionadas con la educación infantil. En 1990 se realizó la Declaración Mundial sobre Educación para Todos en Jomtien, Tailandia, que estableció el derecho a la educación básica para todos y los objetivos de satisfacer las necesidades básicas de aprendizaje, universalizar el acceso a la educación y fomentar la equidad, concentrarse en el aprendizaje, y ampliar los medios y alcance de la educación básica. La
Finland s cyber security strategy background dossierYury Chemerkin
This document provides background information on Finland's Cyber Security Strategy. It discusses the cyber domain and threats, principles of cyber security management, securing vital functions against cyber threats, cyber security regulation, and implementation of the strategy. The cyber domain is increasingly interconnected but also introduces new risks. Cyber attacks can disrupt critical infrastructure and society. Finland aims to increase cyber situation awareness, guarantee cybersecurity of businesses, prevent cybercrime, improve cyber defense capabilities, and foster international cooperation and research.
Supporting an Effective Cyber Insurance Market (OECD Report for the G7 Presid...Δρ. Γιώργος K. Κασάπης
The increasing use of and dependence on information technology in economic activities - while creating significant benefits in terms of productivity and efficiency - is also leading to significant risks. Among them are "digital security risks" which, when they materialise, can disrupt the achievement of economic and social objectives by compromising the confidentiality, integrity and availability of information and information systems. It is widely assumed that most companies have been, will be, or don't know they have been, affected by such "cyber" incidents.
Although quantitative measurement is still emerging and raises significant challenges, the frequency and scope of cyber incidents is growing significantly and cyber risk is viewed as one of the main concerns to doing business.
Prepared at the request of the G7 Presidency, this report provides an overview of the market for cyber insurance, including the available coverage and potential gaps as well as the current challenges in terms of data availability, quantification of cyber risks, awareness and misunderstanding about coverage. It identifies potential policy measures to address some of the main challenges to the development of an effective cyber insurance market.
Is 2014 the year for Cyber Militias ?
Examination of the Congressional mandate for the Pentagon to address the use of cyber militias in responding to cyber warfare. Is a network breach and act of war?
Cybersecurity
Description: Protecting against damage to, unauthorized use of, and/or malicious exploitation of (and, if needed, the restoration of) electronic communications systems and services (and the information contained therein).
Cybersecurity activities ensure the security, reliability, integrity, and availability of critical information, records, and communications systems and services through collaborative cybersecurity initiatives and efforts. These activities also include procedures to detect malicious activity and to conduct technical and investigative-based countermeasures, mitigation activities, and operations against malicious actors to counter existing and emerging cyber-based threats, consistent with established protocols.
The document summarizes challenges facing the Department of Homeland Security (DHS) in acquiring and applying national intelligence. It notes that while DHS has made progress, it still struggles with issues like properly classifying critical infrastructure and prioritizing security efforts. The literature suggests DHS should adopt a risk-based approach to identify the most critical facilities and assess potential threats, rather than treating all infrastructure as equally important. This would help DHS focus its resources on the most significant security risks facing the United States.
The impacts of cyberattacks on intangibles of firms and critical sectors, ahm...Cyber Watching
This document discusses research on measuring the impacts of cyberattacks on firms and critical sectors' intangible assets. The research aims to estimate the micro and macroeconomic effects of cyberattacks and characterize the business models of different cyberattack perpetrators. At the micro level, the research uses event study analysis and natural language processing to estimate intangible asset losses for individual attacked firms. At the macro level, an input-output model is used to estimate direct economic losses from cyberattacks on different sectors. Preliminary results suggest cyberattacks can cause stock price declines of 0.6% and significant intangible asset losses for firms. Attacks on critical infrastructure sectors like ICT and finance were also found to potentially cause hundreds of billions in
Game theory can help optimize disaster response by modeling strategic interactions between stakeholders. It can provide guidelines for emergency managers to balance investments in disaster preparedness, response, and recovery while considering other players' likely actions and trade-offs with limited budgets. Game theory applications include modeling cooperation between governments, organizations, and citizens responding to events like the massive Buffalo snowstorm to coordinate relief efforts. It can also balance counterterrorism and natural disaster spending from limited government budgets.
Terör sınır tanımıyor. Taktik, teknik ve hedef seçimleri sıklıkla değişiyor. Ulaşım geçmişte olduğu gibi günümüzde de yüksek risk seviyesini muhafaza ediyor. Okunmasında yarar var.
This document discusses the cyber threats facing the US national security supply chain. It notes that cyber threats present an unprecedented asymmetric threat. The global supply chain has become highly dependent on information technology and cyber networks, making it vulnerable to cyber attacks. Several sections discuss assessing the threat and securing the supply chain against cyber risks. It recommends a partnership between government and private industry to address these challenges through policy, technology, education and international cooperation.
The document discusses the history and current state of U.S. cybersecurity policy and the National Strategy to Secure Cyberspace. It outlines the key government actors involved in cybersecurity, recent relevant legislation, and critiques the national cybersecurity plan. The national plan prioritizes building a security response system, reducing threats and vulnerabilities, increasing security awareness and training, securing government cyberspace, and enhancing international cooperation. It advocates a public-private partnership approach with limited regulation.
The document is the Department of Defense's 2015 Cyber Strategy. It outlines 5 strategic goals for the DoD's cyber activities over the next 5 years: 1) Build ready cyber forces and capabilities, 2) Defend the DoD information network and secure data, 3) Be prepared to defend the US from disruptive cyberattacks, 4) Develop cyber options to control conflict escalation, and 5) Build international partnerships to deter shared cyber threats. The strategy focuses on improving cyber defenses, responding to cyberattacks, and using cyber capabilities to support military plans and contingencies in line with US and international law.
Active shooter incidents have now emerged as a threat that cannot be ignored or minimized. Although it’s a difficult subject, it is important for businesses to consider active shooter/workplace violence insurance to cover gaps and grey areas that exist in standard coverage insurance. Here’s why.
Satori Whitepaper: Threat Intelligence - a path to taming digital threatsDean Evans
Threat management continues to be a hot topic within cybersecurity, and rightfully so.
Understanding the evolving technical and behavioral threat landscape and adapting
mitigation controls is the key to proactive risk management. Actionable threat intelligence is critical to enabling effective threat management. It provides visibility into the temperature within the threat actor community, what they are doing and how they are doing it (tactics techniques and procedures (TTPs)). The challenge is sorting through the volumes of threat data to identify what’s relevant and actionable.
This document is intended to communicate how threat intelligence can be used to reduce business risk. The audience is security, compliance and IT professionals interested in
proactive risk management.
This document discusses the use of threat and hazard identification and risk assessment (THIRA) for homeland security and emergency management preparedness grants. It outlines the THIRA process established in Comprehensive Preparedness Guide 201. Grantees will develop THIRAs to understand their risks and inform capability targets. THIRAs must be submitted by December 31, 2012 and will be reviewed regionally to ensure alignment with the THIRA guide. Regions will also develop THIRAs using the same process to incorporate regional variation in threats.
This document summarizes a study that analyzed how hazard mitigation principles are addressed in comprehensive plans and hazard mitigation plans across 16 jurisdictions in coastal Mississippi. Key findings include:
- Comprehensive plans and hazard mitigation plans are usually separate and address different requirements.
- A matrix was developed to identify connections and gaps between the plans based on 31 hazard mitigation principles.
- Analysis found that fewer than 50% of communities addressed over half of the principles in their comprehensive plans.
- Recommendations and templates were created to help integrate hazard mitigation planning into comprehensive planning and make communities more resilient.
This document discusses the evolution of terrorism risk modeling from qualitative approaches relying on expert judgment to more quantitative analytical methods. It covers:
1) The development of terrorism risk modeling from a qualitative approach based on underwriter experience to more formal analytical models needed to assess risks like Al Qaeda.
2) Deterministic scenario modeling to estimate probable maximum losses from terrorist attacks. This reduces uncertainty but does not address probability of extreme losses.
3) The use of expert judgment in terrorism risk assessment and efforts to minimize subjectivity through quantitative modeling of underlying processes.
4) Quantitative tools for terrorism risk modeling including controlled Markov chain models of terrorist attack occurrence, adaptive learning models of attack mode selection, and game theory approaches to
The document outlines a proposed 2030 US Cybersecurity Strategy. It discusses current cyber threats and concerns, including from terrorist groups and state actors. Four potential future scenarios are presented based on the uncertainty of terrorist groups and global polarity in 2030. The document recommends shaping actions like international cooperation and hedging actions such as developing resilient infrastructure to protect critical systems and data under the potential scenarios.
El documento describe la historia de Marcelino Champagnat y los Hermanos de las Escuelas Cristianas. Marcelino llegó a la cruz de Yabule en agosto de 1816 y decidió acelerar sus esfuerzos para enseñar sobre Dios tres meses después para ayudar a un joven que estaba muriendo sin conocimiento de Dios. El 2 de enero de 1817, Marcelino Champagnat fundó el Instituto de los Hermanos de las Escuelas Cristianas.
Este documento introduce conceptos fundamentales de informática. Explica la evolución de los ordenadores a través del tiempo y cómo representan y almacenan datos. También clasifica los ordenadores según su tamaño y capacidad, e introduce sistemas de numeración como binario y decimal para representar datos.
El documento resume las políticas educativas internacionales y las leyes colombianas relacionadas con la educación infantil. En 1990 se realizó la Declaración Mundial sobre Educación para Todos en Jomtien, Tailandia, que estableció el derecho a la educación básica para todos y los objetivos de satisfacer las necesidades básicas de aprendizaje, universalizar el acceso a la educación y fomentar la equidad, concentrarse en el aprendizaje, y ampliar los medios y alcance de la educación básica. La
Slideshare es un sitio web que permite a los usuarios subir y compartir presentaciones de diapositivas, documentos y PDF. Los usuarios pueden crear una cuenta para obtener un espacio donde almacenar archivos de hasta 100MB, añadirles narración o música, e incrustarlos o compartirlos a través de enlaces. Slideshare ofrece características como almacenamiento, etiquetado y compartición de presentaciones.
Analisis propuesta Robótica I y II CiclosLuis Pérez
La propuesta educativa de robótica se fundamenta en los esfuerzos iniciales en Costa Rica desde 1998 para implementar la robótica educativa. La nueva propuesta busca ampliar el número de estudiantes beneficiados y su comprensión de los elementos robóticos. La propuesta es constructivista y construccionista al promover que los estudiantes construyan su conocimiento a través de la acción de construir robots. La propuesta busca desarrollar habilidades como la observación, experimentación, diseño, innovación y comunicación a través de la robótica.
The document summarizes several topics related to operations at the Chicago Service Unit:
1) The Wisconsin Signal Maintenance team celebrated 8 years without a reportable injury by focusing on risk assessment and rules compliance.
2) A cross-departmental effort is underway to standardize recording of foreign End of Train devices to prevent unnecessary overcharging.
3) Experienced nurse Jillian O'Connor recently began working in the Transportation administration building to perform certifications and promote wellness while assisting in emergencies.
The document summarizes a study on acquiring a replacement for the US Air Force's aging KC-135 tanker fleet. It discusses the history of the KC-X program, including the termination of the KC-767 tanker lease program. An analysis of alternatives was conducted in 2004 to identify the most cost-effective option. The study concluded that a newly purchased commercial derivative aircraft in the 300,000-1,000,000 pound range provided the most cost-effective solution, and that acquiring the lowest price for the base commercial aircraft was important. The KC-46 program, led by Generals Bogdan and Thompson from 2006-2014, was established based on these findings and aimed to minimize total lifecycle
El curso integral de computación e informática del Colegio Peruano-Alemán "Beata Imelda" tiene como objetivo capacitar a los participantes en el manejo de una computadora personal y programas de productividad como Word, Excel, PowerPoint y Publisher a través de 80 horas de entrenamiento. El temario cubre Windows, herramientas de Internet y las aplicaciones de Microsoft. La introducción a la informática explica conceptos básicos como hardware, software, sistemas operativos y las partes principales de una computadora.
Este documento discute la integración de tecnologías en la educación. Propone el enfoque TPACK para planificar actividades que combinen tecnología, contenido y pedagogía. Algunas estrategias tecnológicas mencionadas son las webquest, caza del tesoro y proyectos colaborativos. Concluye que el diseño de actividades según TPACK ayuda a ampliar y emocionar a los estudiantes en sus tareas.
El fenómeno de El Niño y La Niña son parte de un ciclo climático natural conocido como El Niño-Oscilación del Sur. El Niño implica un calentamiento de las aguas del Pacífico que causa lluvias e inundaciones en América del Sur, mientras que La Niña trae temperaturas más frías y sequías. Ambos fenómenos afectan los patrones de viento y lluvia a nivel global y tienen consecuencias económicas y de salud.
El modelo TPACK identifica los tipos de conocimiento que los docentes necesitan para integrar efectivamente las tecnologías en la enseñanza. Fue desarrollado entre 2006-2009 e identifica tres decisiones clave en la planificación: decisiones curriculares, pedagógicas y tecnológicas. La planificación docente debe estar basada en actividades y adaptada al contexto.
O documento discute a juventude e movimentos sociais no Brasil, definindo esquerda e direita políticas, listando movimentos sociais brasileiros como o feminismo, movimento negro, LGBT e MST, e movimentos durante a ditadura militar como Diretas Já e Caras Pintadas, além de manifestações de 2013 e atuais sobre a PEC 241.
1. Vaccination involves exposing the immune system to a weakened or killed form of a pathogen to stimulate the immune system to develop protective antibodies against that pathogen.
2. Vaccines work by teaching the immune system to recognize and attack pathogens like viruses and bacteria without causing illness if exposed to the live pathogen later.
3. There are two main types of vaccines - live attenuated vaccines which use a weakened live pathogen, and inactivated vaccines which use a killed pathogen. Both aim to elicit a protective immune response.
Guernica é uma pintura de 1937 do artista espanhol Pablo Picasso que retrata o bombardeio da cidade basca de Guernica durante a Guerra Civil Espanhola. A pintura em preto e branco mostra pessoas, animais e objetos quebrados em meio ao caos e destruição da guerra. Picasso usou a pintura para protestar contra a violência e sofrimento causados pela guerra.
Este documento resume varias declaraciones y convenciones internacionales sobre la educación y los derechos de los niños. La Declaración de Jomtien establece el objetivo de satisfacer las necesidades básicas de aprendizaje de todas las personas. La Convención sobre los Derechos del Niño promulga una serie de derechos para proteger a los niños. La Constitución Política de Colombia y la Ley General de Educación también garantizan los derechos fundamentales de los niños a la educación y protección.
HM502
Unit 5 DQ
Topic 1: Infrastructure Protection
A detailed discussion of threats to and the process of protecting critical infrastructure and key resources (CI/KR) sectors from man-made and natural disasters are essential for understanding one of the main missions of the U.S. Department of Homeland Security (DHS). In detailed analysis of threats and protection challenges, several CI/KR sectors have emerged that require the attention of DHS professionals. These sectors include:
· Agriculture and Food
· Banking and Finance
· Communications
· Defense Industrial Base
· Energy
· Information Technology
· National Monuments and Icons
· Transportation Systems
· Water
What are some of the major threats to the CI/KR sectors identified above? Discuss some of the critical vulnerabilities of these CI/KR sectors. What are some of the prime consequences if these CI/KR sectors are damaged or destroyed? Describe DHS plans to deter threats, mitigate vulnerabilities, and minimize consequences.
Topic 1 Student Response #1 (Respond to Jeffery)
Jeffery Bailey
Hello classmates/Professor
The Homeland Security Act of 2002 provides the basis for Department of Homeland Security (DHS) responsibilities in the protection of the Nation’s CIKR. The act assigns DHS the responsibility for developing a comprehensive national plan for securing CIKR and for recommending the “measures necessary to protect the key resources and critical infrastructure of the United States coordination with other agencies of the Federal Government and in cooperation with State and
local government agencies and authorities, the private sector, and other entities. (Chertoff, 2009) The NIPP defines the organizational structures that provide
the framework for coordination of CIKR protection efforts at all levels of government, their framework includes the action of setting goals and objectives, Identify Assets, Systems and Networks, Assess Risk, consequences, vulnerabilities, and threats. Prioritize, Implement Programs and Measure effectiveness.
The NIPP Conducts research and development and using technology to improve CIKR protection-related capabilities to ensure refined risk assessments for many years into the future. The NIPP assistance programs offers Federal grant assistance to State, local, tribal, and territorial entities; and complement relevant private sector activities. Part of their mission is to make America safer and more secure from cyber attacks and also both man made and natural disasters. Together, the NIPP and SSPs provide the mechanisms for identifying critical assets, systems, and networks, and their associated sectors. In dealing with risk and emergencies the NIPP has Sector Specific Agencies that are assigned certain areas of responsibilities such as Agriculture, Food, Energy and Water. Banking and Finance Communications, in dealing with the potential risk that may befall any of these entities the NIPP takes critical steps to assess, mitigate, protect, and plan for futur ...
talks about the present status of the cyber security in India. The policy of cyber security is also discussed. the general principles of the cyber security is highlighted.
Legal position of cyber security and instances of breach of information technology code is also discussed.
The document discusses proposals for strengthening cybersecurity of US government and critical infrastructure. It recommends developing a robust cyber policy, securing federal networks, and engaging internationally. The government needs to work with critical infrastructure owners to assess threats, develop protective measures, and integrate intelligence sharing. Research should promote secure infrastructure design and modeling of incident impacts. Communication systems must enable real-time information access across government levels using accurate data.
The document discusses cyber security cooperation between India and the United States. It outlines how the two countries signed an MOU to promote closer cooperation on cyber security issues and the timely exchange of cyber threat information. This agreement establishes best practices for cooperation between the two governments on technical and operational cyber security issues. The document also examines some of the challenges to achieving global cooperation on cyber security, such as the lack of common terminology, legal frameworks, and dismantling the perception of cyber security as a domestic issue only.
The document discusses the United States' current cyber strategy and whether it supports offensive cyber operations. It analyzes several scholarly articles on cyber warfare doctrine and strategy. While the articles provide examples of states conducting offensive cyber attacks, the document's hypothesis is that the US cyber strategy focuses on defense and does not explicitly support offensive computer network attacks to achieve national security objectives. The purpose is to examine US cyber strategy and determine if it should incorporate offensive operations to help achieve national goals.
INITIATIVES TO ENHANCE CRITICAL INFRASTRUCTURE PROTECTION 2 .docxmaoanderton
INITIATIVES TO ENHANCE CRITICAL INFRASTRUCTURE PROTECTION 2
INITIATIVES TO ENHANCE CRITICAL INFRASTRUCTURE PROTECTION 2
Running head: INITIATIVES TO ENHANCE CRITICAL INFRASTRUCTURE
PROTECTION 1
Initiatives to Enhance Critical Infrastructure Protection
January 26, 2020
Abstract
Critical Infrastructure Security is so critical to U.S. economic and social security along with public well-being and protection that disorder or disruption of any of the varied critical sectors will have a devastating outcome on the country. As reported by GAO, until the administrative agencies who are managing the Critical Infrastructure Security make attempts to have a complete understanding of the application of cyber security framework by the entities within these sectors, they would be restricted in their capacity to recognize the success of security efforts. This paper is intended to review the GAO (Government Accountability Office) report and describe the initiatives taken to enhance critical infrastructure protection followed by an appropriate conclusion.
Introduction
U.S. CIP (Critical Infrastructure Protection) necessitates the provision of protection from external and internal threats and restoration of physically ruined Critical Infrastructure that may disrupt services. This has been a major cause of concern due to the deteriorating U.S.
infrastructure causing enough destruction and loss of life. On 22nd May 1998, President Bill Clinton has signed Presidential Decision Directive (PDD-63) which emphasized on critical infrastructure as a growing potential vulnerability and acknowledged that U.S. must view the U.S. national infrastructure from perspective of security due to its significance to national and financial security. CIP has to be tackled in a preventive manner. The 16 critical infrastructure sectors comprise of communication, chemical, defense industrial base, energy, emergency services, food and agriculture, financial, health, transportation, nuclear reactors and material waste, water and waste-water sector. Each of these sectors has its own security plan and exclusive manmade and natural threats, risks and deteriorations. Any attack or disaster on any of this vital infrastructure may cause severe damage to the security of the nation and probably may lead to the disintegration of the complete infrastructure (Hemme, 2015). National Infrastructure Protection Plan
NIPP-2013 provides the basis for a collaborative and an integrated approach to attain a vision of a country where physical as well as cyber critical infrastructure stays secure and resilient. This policy has permitted CIP to be flexible and self sufficient to address threats by means of regular quadrennial assessments of CIP policies. However researches involving critical infrastructure have indicated that DHS and every Sector Specific Agency (SSA) have not paid attention to prior warnings concerning the potential results of depr.
The document outlines the Department of Defense's strategy for operating in cyberspace. It discusses 5 strategic initiatives: 1) treating cyberspace as an operational domain; 2) employing new defense operating concepts like active cyber defense and network resilience; 3) partnering with other government agencies and the private sector; 4) building international partnerships; and 5) leveraging innovation through cyber workforce development. The strategy aims to organize, train, and equip DoD to operate effectively in cyberspace while addressing growing cyber threats from state and non-state actors.
The document outlines the Department of Defense's strategy for operating in cyberspace. It discusses 5 strategic initiatives: 1) treating cyberspace as an operational domain; 2) employing new defense operating concepts like active cyber defense and network resilience; 3) partnering with other government agencies and the private sector; 4) building international partnerships; and 5) leveraging innovation through cyber workforce development. The strategy aims to organize, train, and equip DoD to operate effectively in cyberspace while addressing growing cyber threats from state and non-state actors.
The document outlines the Department of Defense's strategy for operating in cyberspace. It discusses 5 strategic initiatives: 1) treating cyberspace as an operational domain; 2) employing new defense operating concepts like active cyber defense and network resilience; 3) partnering with other government agencies and the private sector; 4) building international partnerships; and 5) developing an exceptional cyber workforce through training and innovation. The strategy aims to help the DoD organize for, defend, and leverage opportunities in cyberspace while managing threats from state and non-state actors.
This document proposes guidelines for developing a national cybersecurity strategy. It discusses the importance of cybersecurity given increasing internet usage and mobile broadband adoption. Nations need strategic cybersecurity frameworks to protect digital economies, national security, and citizens from growing cyber threats. The paper reviews existing strategies and highlights challenges. It conducted expert interviews across technical, economic, legal and policy areas to inform proposed guidelines. The goal is to educate on cybersecurity and provide a collaborative framework to mitigate risks in the digital era.
Project 4 Threat Analysis and ExploitationTranscript (backgroun.docxstilliegeorgiana
Project 4: Threat Analysis and Exploitation
Transcript (background):
You are part of a collaborative team that was created to address cyber threats and exploitation of US financial systems critical infrastructure. Your team has been assembled by the White House Cyber National security staff to provide situational awareness about a current network breach and cyber attack against several financial service institutions. Your team consists of four roles, a representative from the financial services sector who has discovered the network breach and the cyber attacks. These attacks include distributed denial of service attacks, DDOS, web defacements, sensitive data exfiltration, and other attack vectors typical of this nation state actor. A representative from law enforcement who has provided additional evidence of network attacks found using network defense tools. A representative from the intelligence agency who has identified the nation state actor from numerous public and government provided threat intelligence reports. This representative will provide threat intelligence on the tools, techniques, and procedures of this nation state actor. A representative from the Department of Homeland Security who will provide the risk, response, and recovery actions taken as a result of this cyber threat. Your team will have to provide education and security awareness to the financial services sector about the threats, vulnerabilities, risks, and risk mitigation and remediation procedures to be implemented to maintain a robust security posture. Finally, your team will take the lessons learned from this cyber incident and share that knowledge with the rest of the cyber threat analysis community. At the end of the response to this cyber incident, your team will provide two deliverables, a situational analysis report, or SAR, to the White House Cyber National security staff and an After Action Report and lesson learned to the cyber threat analyst community.
Step 2: Assessing Suspicious Activity
Your team is assembled and you have a plan. It's time to get to work. You have a suite of tools at your disposal from your work in Project 1, Project 2, and Project 3, which can be used together to create a full common operating picture of the cyber threats and vulnerabilities that are facing the US critical infrastructure.
To be completed by all team members: Leverage the network security skills of using port scans, network scanning tools, and analyzing Wireshark files, to assess any suspicious network activity and network vulnerabilities.
Step 3: The Financial Sector
To be completed by the Financial Services Representative: Provide a description of the impact the threat would have on the financial services sector. These impact statements can include the loss of control of the systems, the loss of data integrity or confidentiality, exfiltration of data, or something else. Also provide impact assessments as a result of this security incident to the financial ...
F e B r U A r y 2 0 1 0 v O l . 5 3 n O . 2 .docxssuser454af01
F e B r U A r y 2 0 1 0 | v O l . 5 3 | n O . 2 | c o m m u n i c At i o n s o f t h e A c m 29
V
viewpoints
o
F
F
i
c
i
a
L
W
h
i
t
E
h
o
U
S
E
P
h
o
t
o
b
y
L
a
W
r
E
N
c
E
J
a
c
k
S
o
N
Communications’ Inside Risks col-
umns over the past two decades have
frequently been concerned with trust-
worthiness of computer-communica-
tion systems and the applications built
upon them. This column considers what
is needed to attain new progress toward
avoiding the risks that have prevailed
in the past as a U.S. national cybersecu-
rity R&D agenda is being developed. Al-
though the author writes from the per-
spective of someone deeply involved in
research and development of trustwor-
thy systems in the U.S. Department of
Homeland Security, what is described
here is applicable much more univer-
sally. The risks of not doing what is de-
scribed here are very significant.
—Peter G. Neumann
C
Y B E r S pA C E I S T H E complex,
dynamic, globally intercon-
nected digital and infor-
mation infrastructure that
underpins every facet of so-
ciety and provides critical support for
our personal communication, econo-
my, civil infrastructure, public safety,
and national security. Just as our de-
pendence on cyberspace is deep, so
too must be our trust in cyberspace,
and we must provide technical and
policy solutions that enable four
critical aspects of trustworthy cyber-
space: security, reliability, privacy,
and usability.
The U.S. and the world at large are
currently at a significant decision
point. We must continue to defend
our existing systems and networks. At
the same time, we must attempt to be
ahead of our adversaries, and ensure
future generations of technology will
position us to better protect critical
infrastructures and respond to at-
tacks from adversaries. Government-
funded research and development
must play an increasing role toward
achieving this goal of national and
economic security.
Background
On January 8, 2008, National Security
Presidential Directive 54/Homeland Se-
curity Presidential Directive 23 formal-
ized the Comprehensive National Cyber-
security Initiative (CNCI) and a series of
continuous efforts designed to establish
a frontline defense (reducing current
vulnerabilities and preventing intru-
sions), which will protect against the
full spectrum of threats by using intel-
ligence and strengthening supply chain
security, and shaping the future environ-
ment by enhancing our research, devel-
Inside risks
The need for a national
Cybersecurity research and
Development Agenda
Government-funded initiatives, in cooperation with private-sector partners in
key technology areas, are fundamental to cybersecurity technical transformation.
DOI:10.1145/1646353.1646365 Douglas Maughan
President Barack obama greets White house cyber security chief howard A. schmidt, who
was appointed in December 2009.
ARt in
DeVeLoPment
30 c o m m u n i ...
This document discusses the need for a national cybersecurity research and development agenda in the United States. It makes the following key points:
1) Current cybersecurity systems are not sufficiently secure, reliable, private, or usable. Government-funded R&D initiatives in cooperation with the private sector are needed to transform cybersecurity technologies.
2) Partnerships between government, academia, and the private sector need to be strengthened. Not enough students are pursuing degrees in computer science and related STEM fields to meet future workforce needs. Public-private partnerships are also inadequate for transitioning R&D results into practical technologies.
3) A top priority R&D agenda should focus on 10 areas: software assurance,
This document discusses ways to improve cybersecurity cooperation between the governments of the United States and Japan. It examines how the two governments are currently organized for cybersecurity issues and how they coordinate. There are gaps in how policies and plans are implemented in practice for information sharing, law enforcement, and incident response. The document provides recommendations in four areas: 1) Establishing exchange positions between cybersecurity teams in the US and Japan and increasing videoconferences and meetings. 2) Improving cooperation between US and Japanese militaries on network security. 3) Leveraging existing frameworks for disaster response to improve public-private cooperation on cyber incidents. 4) Surveying private sector collaboration to share best practices.
The document summarizes a cyber security challenge scenario involving cyber attacks on Philippine and US networks following a confrontation between Chinese and Philippine vessels in the South China Sea. It then analyzes four policy approaches: 1) A joint US-Philippines cyber security initiative, 2) Attributing attacks to China under international law, 3) Creating UN cyber norms and committees, and 4) Defining attacks as "armed attacks". The analysis chooses approach 1 due to attribution issues with approaches 2 and 4, and approach 3's long-term focus. It argues approach 1 restores networks while flexing US cyber capabilities and involving allies.
This document discusses cybersecurity risks facing institutions and proposes countermeasures. It begins by explaining how the expansion of cyber space has increased cyber risks and how most countries have developed national cybersecurity strategies in response. However, it notes that institutions also need their own robust cybersecurity strategies to protect against modern cyber threats targeting both infrastructure and personnel.
The document then presents a case study analyzing how open source intelligence (OSINT) techniques using social media and other online sources can expose sensitive personal and institutional data. It demonstrates how cyber criminals could potentially gather usernames, email addresses, location data and other metadata about employees and systems.
Finally, it recommends several countermeasures institutions should take. These include educating employees about metadata risks, implementing
Why Great Powers Launch Destructive Cyber Operations and What to Do About It ...Snarky Security
Here we have the German Council on Foreign Relations (DGAP), those paragons of geopolitical insight, serving up a dish of the obvious with a side of "tell me something I don't know" in their publication. It's a riveting tale of how big, bad countries flex their digital muscles to wreak havoc on the less fortunate. The whole DGAP article looks like a story about a midlife crisis: with the cybersecurity aspects of smart cities and the existential fear of technological addiction. To enhance the effect, they link cyberwarfare and the proliferation of weapons of mass destruction and here we learn that great powers launch cyberattacks for the same reasons they do anything else: power, money, other things everyone loves. And of course, the author decided to hype and remind about the role of machine learning in cyber operations.
Integration of cyber security incident response with IMS -- an approach for E...David Sweigert
Response and recovery methods for severe cyber security incidents need traceable integration within incident management systems, which should be offered as a tool-set within the Executive Order 13636 Cybersecurity Framework.
NERC FERC CIP CIP-009 IMS NFPA 1600 CYBER SECURITY CISA CISSP PMP
Response and recovery methods for severe cyber security incidents need traceable integration within incident management systems, which should be offered as a tool-set within the Executive Order 13636 Cybersecurity Framework.
NERC FERC CIP CIP-009 IMS NFPA 1600 CYBER SECURITY CISA CISSP PMP
This letter calls on the US government to formally integrate and support regional and local cybersecurity initiatives into the national cybersecurity plan. It describes how various community partnerships across 10 states have emerged to address cyber threats through public-private collaboration, information sharing, training, and building cyber capacity. Integrating these local efforts could help build a framework for national cyber resilience against growing threats while also supporting economic growth. The letter urges collaboration between government agencies and these regional cybersecurity groups.
Similar to Resourcing the US 2030 Cyber Strategy (20)
1. AY 2014-2015
Resourcing the US 2030 Cyber Strategy
LT COL SCOTT A. DICKSON
USAF
SEMINAR 19
The Dwight D. Eisenhower School
for National Security and Resource Strategy
National Defense University
Fort McNair, Washington, D.C. 20319-5062
The views expressed in this paper are those of the author and do not reflect
the official policy or position of the National Defense University,
the Department of Defense or the U.S. Government.
2. “The end cannot justify the means, for the simple and obvious reason that the means employed
determine the nature of the ends produced.” - Aldous Huxley
Strategists must caution themselves against using any and all means necessary to accomplish an
end simply due to the importance of the goal. Pursuers should consider the context of the chase, less
more damage and cost result than saved from capturing the conquest. President Obama’s Executive
Order 13636 left no doubt on the Executive Branch’s commitment to a US cyber strategy. However,
Congress’s four failed attempts to pass a Cybersecurity Act indicate unclear direction on the context: how
and whether to fund a strategy. With America’s national security dependence on cyber and contracting
defense budgets, a positive review of the cyber strategy’s means, i.e “what will likely happen”, will
highlight potential resourcing challenges and risks in the strategy and help justify the expense of the
means against the pursuit of the ends.
Strategy Summarized
Cyber threats vary; from state actors using cyber as an asymmetric attack, organized networks
conducting cyber crime, or non-state actors threatening cyber Armageddon, all exploit the highly
connected, easily accessible, predictable, layered, and digitized nature of the internet. For the first time,
the Chinese People’s Liberation Army (PLA) published a document in the summer of 2014 detailing their
cyber and network warfare forces and their division of labor across formal operational attack and defense
units, PLA authorized forces, and external non-governmental forces.1
While not revealing a cyber
strategy, this document highlighted China’s dedicated cyber manpower resources and their intent to
develop a cyber capability to achieve their strategy. In May 2014, the US publicly indicted five People’s
Liberation Army officers serving in a cyber unit responsible for stealing trade secrets in the shipping,
aeronautics, arms, energy, manufacturing, engineering, electronics, financial, and software sectors over
the past seven years. Despite denying the claim, the incident cements China’s credibility in using cyber
as a means to pursue its desired ends while also publicly signaling the US’s inability to deter its use.
3. The proposed US cyber strategy represents a multi-layered strategy to build defensive cyber
infrastructure capabilities and deterrence-producing offensive capabilities to promote a future globally-
collaborative cyber environment within the FY2030 timeframe (see Table 1). Effective deterrence
depends on credible capability, reliable signaling, and perception of intent. In this strategy, credible
capability is displayed through adequate monitoring technology and development of robust cyber attack
capabilities. Reliable signaling is available through the creation of a cyber coalition, enforcement options
detailed within the cyber standards agreement, and step-wise implementation of an emergency isolation
plan. Perception of intent rests on shaping enemies opinions in regards to leaderships’ future actions in
actual cyber incidents. Enemies must believe their interests are equally at risk if they implement a cyber
attack on the US or its allies. All cyber attacks should be dealt with proportionally and not in an escalated
manner. Like current US missile defense and nuclear response exercises, visible exercises, such as Cyber
Flag 15-1, will demonstrate US resolve. Also, demonstrating future capability to manually isolate
networks involving critical national assets demonstrates our ability to operate in a degraded cyber
environment and will weaken a state actor’s perception of a cyber attack’s influence.
Primarily, the proposed actions leverage the possibility of non-state actors and cyber criminals to
disrupt the cyber domain as a crystallizing agent to solidify a multi-polar coalition of state actors to
enforce appropriate cyber behavior. Mutual economic dependence on cyber acts as an incentive for
coalition members to not attack each other. The incentive’s effectiveness will depend on how competitive
or collaborative the future is and the depth of economic interdependence, i.e. sanctions against one may
cause harm to others. The coalition will focus these deterrence actions on all actors outside the coalition.
To achieve the strategy, the US must resource the ways and means in Table 1; the list is not
exhaustive, representing only the primary means. While industry has begun initial cyber protection
efforts and should be leveraged, funding will be challenging, particularly considering the specified
impacts to the military-industrial complex (MIC). These simplified impacts, either additive, neutral, or
substractive, indicate the likely MIC assessment to their economic bottom line of instituting each mean.
Despite the scope of this paper preventing a full analysis explanation, some broad generalities do apply.
4. The extent of the subtractive means will depend on the US government’s willingness to subsidize the
effort. While the neutral means are not intended to overly constrain industries’ freedom of action, actual
implementation may drive a more subtractive assessment. From a priority perspective, the coalition,
Ways Means
Budget
Category
MIC
Impact
Establish a Cybersecurity
Enforcement Coalition focused on
securing Cyber for global prosperity
- Create “Cyber Partners for Prosperity” (CPfP)
like NATO’s Partnership for Peace prgm
- Encourage NATO/ITU mbrs to join CPfP
Force
Structure
Additive
Partner w/DoS to develop a
Strategic Partnership Agreement to
Define Acceptable Cyber Behavior
and Enforcement Responsibilities
- Use NATO allies and ITU mbrs who signed
agreement to enforce acceptable cyber behavior Force
Structure
Neutral
Continue to Minimize Anti-US
Terrorist Groups
- Continued Funding for War on Terror
- Congressional Approval of AUMF
Readiness Additive
Implement Persistent Cyber
Situational Awareness/Monitoring
Technology to support Attribution
- Funding for Cyber Monitoring program
- Funding for Cyber Awareness program Modernize Additive
Leverage w/ Industry to Develop
Layered Cyber Defense Strategy to
Defend Critical US Data and Assets
- Data Security Standards
- Certified Data Protection Algorithms
- ID of Critical Nat’l Security Data/Assets
Modernize Subtractive
Implement Public Policy
Restricting Use of Anonymity
Software within United States
- Create OSD Cybersecurity Division to
coordinate all policy and strategy efforts
Force
Structure
Additive
Implement Public Policy Requiring
Minimum Cyber Protection
Mechanisms for US Businesses
- Create OSD Cybersecurity Division to
coordinate all policy and strategy efforts
Force
Structure
Subtractive
Continue Cyber Protection
Education Efforts with the Public,
National Security Professionals and
US Companies
- Create OSD Cybersecurity Division to
coordinate all policy and strategy efforts
- Cyberprotection Curriculum
Force
Structure,
Readiness
Neutral
Maintain Resilient and Redundant
Storage of Critical National
Security Data
- Data Security Standards
- Certified Data Protection Algorithms Modernize Subtractive
Develop Robust Cyber Attack
Capabilities
- Funding for Cyber Attack development &
education to DoD (national) & DoJ (domestic)
Modernize Additive
Develop and Maintain Capability to
Operate in a Degraded Cyber
Environment
- Update to cyber acquisition standards
- Funding to modernize req’d & unprotected
assets
Modernize Additive
Implement Public Policy requiring
Manual or Isolated Networked
Capability of Critical National
Assets
- Funding/strategy to modify critical energy
assets (energy, financial, space, water, etc.)
- Map of critical assets and their network
Modernize Subtractive
Create Emergency Isolation Plan
and Develop Necessary Capabilities
- Map energy assets to req’d nat’l security assets
- Funding of pgrm to modify req’d assets
Modernize Neutral
Partner w/ DoS, DoJ, & DHS to
Build Positive US Public Opinion
Behind Required US Privacy and
Monitoring Policies
- US Privacy Policies
- US Monitoring Policies
N/A Neutral
Table 1: US 2030 Cyber Strategy: Ways, Means, Categories and Military-Industrial Complex (MIC) Impact
5. monitoring and encryption technology, monitoring and data security policies, and identification of critical
national assets represent the strategy’s lifeblood.
Resourcing of each mean draws from an associated major budget category (Modernize, Force
Structure, and Readiness) as listed in Table 1 and should be accurately reflected in any Programming,
Planning, Budget, and Execution activities. As a new and emerging national security concern, the
strategy relies heavily on Modernization efforts, i.e. acquisition dollars, rather than Force Structure, i.e.
personnel, or Readiness, i.e. operations and maintenance dollars. More importantly, each mean requires a
certain level of acquiring products and services, coordinating support from the military-industrial
complex, and/or partnering with national and global allies. A survey of each resourcing method to fulfill
these means and their impact on the associated budget category will highlight inherent challenges facing
the implementation of the strategy.
Acquiring and Sustaining
For fifty percent of the strategy’s ways, the US must modernize by acquiring new cyber products
or services, running the gamut from developing DoD cyber attack capabilities to providing relevant
government agencies with cyber awareness and cyber monitoring tools to improving cyber robustness in
existing government infrastructure technology. To ensure expeditious resourcing of the strategy’s means,
the DoD needs to carefully consider whether to source a product or service, lead-turn needed cyber
documentation in the JCIDS process, and/or enlist combatant commander assistance to shorten the long
lead times of the Defense Acquisition System. Predicting each choice’s likely outcome will allow US
policy makers to use a positive approach to mitigate strategy obstacles and reduce enactment delay.
Initially, policy makers need to determine whether a product or service best fulfills the purpose,
responsiveness, and persistence of each mean. Product solutions deliver permanent government-owned
capabilities to the warfighter’s specification, yet require longer requirement definition and development
timelines and an associated long-term sustainment costs. For service solutions, the government relies on
industry to develop, own, and manage the capability and sustainment while preserving the ability to
6. terminate the capability rapidly. With the US’ national dependence on cyber, an investment in permanent
product solutions for cyber attack, cyber awareness, cyber monitoring, and critical infrastructure
protection seems appropriate. On the other hand, for standards’ creation, enforcement, and cyber
protection certification, a service solution allows the government to rapidly generate initial capability and
quickly disband the capability as needed.
Procuring product solutions will require strategic navigation of the JCIDS process and the Joint
Requirements Oversight Council, since CJCSI 5123F charges the JROC, among other duties, with
reviewing “the estimated level of resources required in the fulfillment of each joint military requirement
and ensuring the total cost of such resources is consistent with the level of priority”2
Unfortunately,
except for Information Assurance considerations and requirements established by the Clinger-Cohen
Compliance Act, the JCIDS process does not yet include cyber requirements to provide the JROC
sufficient information to weigh the benefit of the product against its total costs. The lack of this relevant
information will ultimately slow down the approval of cyber products. To weigh the current cyber
strategy products and any future products against priorities, the JCIDS process will need to eventually
consider cyber requirements similar to those listed in Table 2. For example, the creation of cyber metrics
JCIDS Improvement
Implement a “Cyber” KPP, raising the importance of Cyber to the appropriate level
Require a Cyber Defense Strategy as a 5000.2 requirement to be submitted at the MS A decision and
updated at each recurring MS decision
Require a program’s System Engineering Plan explain how the design process verifies Cyber Defense
Require each program’s Life Cycle Sustainment Plan to explain how Cyber Defense will be
maintained and certified through the program’s sustainment phase
Institute a IOT&E requirement, similar to Live Fire Testing, which requires Cyber Penetration Red-
Teaming on all software and hardware programs.
Define the extent of a program’s planned Cyber Penetration Red-Teaming approved in the TEMP
Institute a set of cyber metrics which will be defined as part of each Cyber program’s Cyber Defense
Strategy and updated annually in DAMIR
Table 2: JCIDS Process Improvements for Cyber
7. as part of each product’s Cyber Defense Strategy will allow policy makers to assess the DoD’s overall
cyber readiness. Possible metrics include: Cyber Resiliency (the probability of continued mission
operation after a cyber attack), Cyber Sustainability (the number of identified cyber vulnerabilities in the
Software Supply Chain), Cyber Vulnerability (the number of “questionable” suppliers in the hardware
supply chain), and Cyber Detection (the probability of detecting a cyber attack against a system).
Consideration will need to be given to metrics duplicated in the Clinger-Cohen Compliance Act. By
choosing to address these requirements upfront in initial cyber product documentation, the JROC and its
associated staffs should expedite approval of cyber product acquisition and challenge DoD acquisition
professionals to add these requirements to future versions of DODI 5000.2 to ensure all future cyber
products conform to the DoD’s cyber strategy.
Additionally, the Defense Acquisition System (DAS) has historically delivered products late,
over-cost, and at decreased performance. In 2008, the Government Accountability Office reviewed 96
DoD programs against original estimates and concluded 42 percent cost growth in research and
development, 25% growth in Total Acquisition Cost, and a 22-month average schedule delay.3
The
milestone-driven schedule of the DAS conflicts with the calendar-driven schedule of the Programming,
Planning, Budgeting, and Execution (PPB&E) process yielding some of these delays. Other delays result
from a focus on “procedures dominating production, equity ruling over efficiency, and top executives as
short timers”4
With a pressing national need for a cyber strategy, cyber strategists will enlist combatant
commanders to designate cyber products as Urgent Operational Needs (UON), routing these products’
approval through the Warfighter Senior Integration Group (SIG) for eventual fielding within a 2-year
timeline.5
Since UONs are intended only for products requiring minimal development to meet the short
2-yr timeline, some products will need to utilize the more robust JCIDS process. Further, with the US’
enduring dependence on cyber in the digital age, the DoD should consider the historical sustainability of
products developed via the UON process vice the JCIDS, i.e. the abandonment of Mine-Resistant
Ambush Vehicles due to a lack of sustainment capabilities. By strategically considering the best path
8. through the DAS, adequate cyber documentation for the JCIDS process, and the right balance of products
and services, DoD policy makers will adopt a more positive approach to acquiring cyber means.
Coordinating
To resource the cyber strategy, DoD policy makers will need to coordinate through all elements
of the iron triangle: the interagency executive bureaucracy, industry and its associated interest groups, and
the legislative Congress. Efforts for coordinating acquisition products and services will differ from other
policy measures, such as developing cyber standards of behavior with the DoS, building public opinion
on privacy and monitoring, or establishing minimum protection mechanisms with industry. However,
each coordination effort shares similar challenges in solidifying the iron triangle support around the cyber
strategy. Specifically, DoD policymakers must overcome rent seeking industrialists, “bootlegger and
baptist” congressional members, and the principal-agent problem inherent in the Executive branch to
realize the cyber strategy.
In the zero-sum nature of the interagency environment, a new strategy must contend with impacts
from the fundamental principal-agent problem where the agent, due to competing internal interests, may
not accurately represent the principal’s interests. Initially, even if no conflicts exist, the perception from
the principal-agent problem casts doubt on the true motivation of the strategy, potentially hindering
coordination. Eventually, once the strategy gains leadership acceptance and process momentum, ulterior
interests may develop, perpetuating the principal-agent problem anew. While the President’s EO 13636
solidified importance and ownership of different cyber aspects across the interagency, each agency will
interpret the President’s interests differently for its own benefit, potentially creating conflicting interests
and priorities. For example, DoJ and DHS may seek tighter cyber standards and enforcement authority
for their mission accomplishment while the DoS may desire lighter standards and enforcement to ease
diplomacy. Across the Executive branch, DoD strategic leaders will need to combat these principal-
agent dynamics, leveraging each internal agency’s self interests, as appropriate, to enact the strategy.
9. To tighten the triangle with the Legislative branch, DoD strategic leaders will need to identify
supporting “bootleggers and baptists” within Congress, primarily to secure funding from congressional
appropriators and enact policy support from authorizers. Failed attempts at a Cybersecurity Act
demonstrate a lack of congressional majority on cyber issues, which heightens the importance of this
coordination on successful implementation of the strategy. Despite the intent of the selfish bootleggers
or the righteous baptists, the national importance of cyber defense may form common ground between
camps and draw others to the bandwagon. With cyber attacks on Sony Pictures Entertainment over the
film “The Interview” and multiple versions of ransomware rampant over the past six months6
, US public
awareness of cyber attacks has never been higher. Voter awareness and concern should resonate
positively with congressional members.
Energizing industry to support the cyber strategy could prove to be the most challenging of iron
triangle hurdles as most of the means require industry investment. The development of cyber products or
services will appeal to the rent seeking nature of industry, providing another revenue stream to the MIC.
At the same time, with the perception of cyber governance as a public good, industry may resist providing
internal investment to meet nationally-mandated cyber protection standards or upgrade critical
infrastructure. Hopefully, “whereas genuine free riding temptations pose only modest risks to cyber
security governance, weak cyber defences create significant externalities and can therefore be understood
as a global public bad. What may be required to improve this state of affairs is a future regime that
combines ‘sticks’ and ‘carrots’ and, thus, changes state incentives.”7
Cyber policies requiring companies
to conform to the new standards to maintain eligibility for government contracts may incentivize
industries which rely on large government market revenues. Ultimately, with a strategy cornerstone of
monitoring and cyber accountability, DoD leaders should expect privacy interest groups to strongly
counter any attempts to strengthen the iron triangle around the strategy. DoD policy makers will need to
ensure proper messaging and maintain constant coordination with this corner of the triangle for success.
10. Partnering
With the global connectedness of cyber, DoD strategic leaders must develop partners…nationally
and internationally, institutionally and individually…to succeed. To create the proposed Cyber
Enforcement Coalition, the DoD, with the DoS, must enlist help from NATO, anti-terrorism allies, and
like-minded friends within the International Telecommunication Union (ITU). Ideally, a strong coalition
contains both industrial and international partners, providing economic and geopolitical benefits through
dialogue to its members. For nations without obvious reasons for partnership, the US could provide
access to cyber security assistance programs, offering cyber protection capability in exchange for support.
If implemented, US policy makers must set proper export control boundaries to incentivize international
and industrial support while protecting the technological advantages on which the strategy rests.
Besides traditional institutions like the ITU, DoD strategic leaders need to partner with cyber
institutions with national and international presence, such as Twitter and Facebook, whose transactions
benefit from a stable and secure cyber domain. DoD leaders must emphasize accountability over
attribution less the institutions steer clear from assisting. Facebook’s recent policy regarding community
standards and terrorism demonstrates the partnerships’ possibilities. “The community standards now state
that any ‘expressions of support’ for groups involved in ‘terrorist activity’ — or even for those groups’
leaders — are prohibited. Facebook does not name the groups, though it and Twitter have been under
pressure from EU leaders and others to censor the propaganda and recruiting tools of the Islamic State in
Iraq and the Levant (ISIL).”8
Like the terrorism campaign, an aggressive and comprehensive cyber
campaign will build global unity of effort and ultimately empower institutions to directly and indirectly
influence the global cyber culture in ways the DoD could not accomplish alone.
To further resource the means, DoD strategic leaders must develop partners at the individual
level, countering micro-politics by continuing cyber protection education efforts with the public. For
example, the Air Force Association and Northrop Grumman sponsored this year’s CyberPatriot
competition, for the seventh season, where more than 2,100 student teams from across the United States,
Canada, and Defense Department dependent schools in Europe and the Pacific compete in finding and
11. defending cyber vulnerabilities for scholarships.9
Besides raising cyber awareness within the students,
parents, and their communities, this activity inspires youth into pursuing cyber and STEM-related degrees
and professions, improving the US cyber industry’s future innovative capability.
Conclusion
Throughout the resourcing process, active awareness of the iron triangle by DoD strategic leaders
on managing strategy coherence within the executive bureaucracy, micro-politics across US public and
interest groups, and competing interests within the Congress will eventually instill a cyber national
culture and ease resourcing of the strategy. Leading globally requires partnering widely and the
connectedness of cyber demands the US foster a global awareness. This awareness will justify the
means to the ends and ensure the means don’t change the ends in the process. While experts argue
whether the digital age began in the 1950s with transistors or the Internet in the 1990s, the inclusion of a
realistic and effective cyber strategy into the national security portfolio is years late. With sufficient
resourcing, a generation of US DoD strategic leaders, born at the digital dawn and raised by the Google
network, will innovatively and rapidly develop, acquire, and produce the means to close the gap.
1
Marc V. Schanz. “PLA Strategy Now Openly Touts Cyber Forces.” Air Force Magazine Daily Report, March 13,
2015.
2
Mary Redshaw. “Choosing Strategic Capabilities.” National Defense University, Course DSR 2-5. Slide 9.
3
GAO. “Charting a Course for Lasting Reform.” 2008. Accessed on March 18, 2015. Available at
http:www.gao.govnew.itemsd09663t.pdf.
4
Mary Redshaw. “Defense Acquisition System.” National Defense University, Course 2-10. Slide 21.
5
DoD. “Rapid Fulfillment of Combatant Commander Urgent Operational Needs.” DoD Directive 5000.71. August
24, 2012. Accessed on March 18, 2015. Available at http:www.dtic.milwhsdirectivescorrespdf500071p.pdf
6
Lucian Constantin. “Ransomware authors streamline attacks, infections rise”. February 10, 2015. Accessed on
March 19, 2015. Available at http://www.pcworld.com/article/2882532/ransomware-authors-streamline-attacks-
infections-rise.html.
7
Mischa Hansel. “Cyber Security Governance and the Theory of Public Goods”. June 27, 2013. Accessed on March
21, 2015. Available at http://www.e-ir.info/2013/06/27/cyber-security-governance-and-the-theory-of-public-
goods/.
8
Michael Pizzi. “Facebook clarifies, confuses with new content rules”. March 16, 2015. Accessed on March 19,
2015. Available at http://america.aljazeera.com/articles/2015/3/16/facebook-clarifies-confuses-with-new-content-
rules.html
12. 9
Air Force Magazine Daily Report. “CyberPatriot VII Winners Announced.” March 17, 2015.