What Should We Do about Cyber Attacks?

•Download as PPTX, PDF•

2 likes•619 views

The document discusses options for addressing increasing cyber attacks, particularly against the US Federal government. It notes several existing information sharing programs between government and private sectors. While a new program called CISA is proposed, the document questions if another program is needed given existing overlap. Instead, it suggests prioritizing security over surveillance, responsibly disclosing vulnerabilities, enforcing two-factor authentication, limiting contractors, and allowing security research to strengthen defenses long-term through a strategic, systematic approach rather than an urgent "sprint".

Technology

The infosec landscape
• Era of mega-hacks
• Increasingly state-based attacks
• Espionage, not cyber-war
• U.S. Federal government particularly
vulnerable

The OPM hack
• Began on May 7, 2014
• Exfiltration in July/August and
December 2014
• 22 million current and former federal
employees’ data compromised
• Discovered on April 15, 2015
• Massive, but not isolated

What should we do?
• Spend more?
• A cybersecurity sprint?
• An information sharing program?
• Something else?

Information sharing
• CISPA introduced in 2011
• Concern from civil libertarians
• CISA introduced last year
• Civil libertarians still concerned
• Would information sharing work?

Information sharing
programs already exist
• DHS/IP National Infrastructure
Coordinating Center (NICC)
• “Dedicated 24/7 coordination and
information sharing operations center that
maintains situational awareness of the
nation’s critical infrastructure for the
federal government.”
• http://www.dhs.gov/national-
infrastructure-coordinating-center

Information sharing
programs already exist
• DHS/CS&C National Cyber Security and
Communications Integration Center (NCCIC)
• “Shares information among the public and
private sectors to provide greater understanding
of cybersecurity and communications situation
awareness of vulnerabilities, intrusions,
incidents, mitigation, and recovery actions.”
• http://www.dhs.gov/about-national-
cybersecurity-communications-integration-
center

Information sharing
programs already exist
• DNI Cyber Threat Intelligence Integration Center
(CTIIC)
• “Oversees the development and implementation
of intelligence sharing capabilities…to enhance
shared situational awareness of intelligence
related to foreign cyber threats or related to cyber
incidents affecting U.S. national interests.”
• https://www.whitehouse.gov/the-press-
office/2015/02/25/presidential-memorandum-
establishment-cyber-threat-intelligence-integrat

Would CISA work?
• Do we need 21 information sharing
programs instead of 20?
• Is CISA really about national
information security?

What should we do
instead?
• Prioritize security over
SIGINT
• Responsibly disclose
vulnerabilities
• Two-factor auth at all
agencies with penalties
for noncompliance
• Limit the use of
private contractors
• Reform the CFAA to
allow security research
• Reform the CFAA to
allow active defense
• Support strong
encryption
• Eliminate duplication
• Security audits of open
source software

The bottom line
• We need federal humility
• A marathon, not a sprint
• A priority, not an afterthought
• There is no silver bullet

“New technologies and approaches are merging physical, digital, and biological worlds in ways that will fundamentally transform humankind. The extent to which that transformation is positive will depend on how we navigate the risks and opportunities that arise along the way”. ~ Klaus Schwab “If you are committed to creating value and if you aren't afraid of hard times; obstacles become utterly unimportant. A nuisance perhaps; but with no real power. The world respects creation;people will get out of your way.” ~ Candice Carpenter

2021-02-10_CogSecCollab_UBerkeley

Sara-Jayne Terp

Homeland Security workshop

Candice Martinez

Securing your Data, Reporting Recommended Practices

John Martin

Information Sharing and Protection

Oxford Martin Centre, OII, and Computer Science at the University of Oxford

Tallinn manual 2.0 Prof. Michael Schmitt

JeffreyCarr7

SocialmediapublicsavetyFrank Smilda

Information Infrastructure is the term usually used to describe the totality of inter-connected computers and networks, and information flowing through them. Certain parts of this Information Infrastructure, could be dedicated for management / control etc of infrastructure providers’ e.g. Power generation, Gas/oil pipelines, or support our economy or national fabric e.g. Banking / Telecom etc. The contribution of the services supported by these infrastructures, and more importantly, the impact of any sudden failure or outage on our National well being or National Security marks them as being Critical. By extension, information infrastructure supporting the operations of Critical Infrastructure (CI) marks this as Critical Information infrastructure (CII). These Networks operate/monitor and control important Governmental and Societal functions and services including, but not limited to, Power (Generation/transmission/ distribution etc), Telecommunication (mobile/landline/internet etc), Transportation (Air/land/rail/sea etc), Defence etc. These CII are becoming increasingly dependent on their information infrastructure for information management, communication and control functions.

Data Breach In The Hospitality Industry

Clarknuber

ATHack! Inc. - Social Good Hackathons

Ehb Teng

ATHack! Inc. (pronounced “attack”) is a group of activists and technologists sourcing, funding, and launching new and innovative data-driven ideas to solve major social issues. Our inaugural hackathon is focused on developing tools and solutions that will support anti-human trafficking efforts. Viable projects that come out of our hackathons are invited to apply to our accelerator program in order to become sustainable operations that can help the community. We deeply encourage multi-cultural and multi-gendered diversity in attendance of our hackathons, seeking to grow entrepreneurship among women and people of color. Finding innovative solutions to community issues can only be done thoughtfully and holistically by engaging all aspects of our multi-cultural and multi-gendered community. Types of tech projects we look to catalyze include, but are not limited to: data centric models to fighting human trafficking, software/hardware tech solutions for poverty afflicted populations, resource solutions for the homeless, etc.

SEWERLOCK AND TELECOMLOCK INFRASTRUCTURE ASSETSS. F. (Sid) Nash

National Critical Information Infrastructure Protection Centre (NCIIPC): Role...

Cybersecurity Education and Research Centre

Understanding Technology Stakeholders: Their Progress and Challenges

John Gilligan

War Against Terrorism - CIO's Role

Ayodeji Rotibi

Cybersecurity Law and Policy II Slides for First Summit Meeting

David Opderbeck

CloudCamp Chicago - March 2nd 2015 - Cloud Security

CloudCamp Chicago

All presenter slides from the March 2nd CloudCamp "The Chicago Electronic Crimes Task Force" - Patrick Hogan, Assistant to the Special Agent in Charge at U.S. Secret Service "Information Security Breach Trends" - Michael Roytman, Data Scientist at Risk I/O @mroytman "Keeping hardware secure, even after its useful life" - Jim Tarantino, VP Global Sales at MarkITx @jimTarantino Hosted at TechNexus Sponsored by Risk I/O and Cohesive Networks for future events, visit: cloudcampchicago.eventbrite.com

ID IGF 2016 - Infrastruktur 3 - Security Governance Framework

IGF Indonesia

CyberSecurity: Protecting Law Firms - Vanderburg - JurInnov

Eric Vanderburg

Cyber Civil Defense - Risk Masters - Allan Cytryn

Boston Global Forum

What's Next in Cybersecurity Policy

Ely Kahn

2 Cloud chalengesDarius Spaicys

1a Aula - Slides Cri-Int

Icm Bela Vista

SANJOY DAS CV 1sanjoy das

What's hot

Government and Enterprise Collaboration in Cybersecurity

Charles Mok

Idc bif2018 praveen raman _v1.0

Praveen Raman

Sc po some-05Fabrice Epelboin

CHIME Lead Forum - Seattle 2015

Health IT Conference – iHT2

Introducing Globaleaks

Vittorio Pasteris

Kentucky's Cyber Enclave

Dawn Yankeelov

Protection of critical information infrastructure

Neha Agarwal

Data Breach In The Hospitality Industry

Clarknuber

ATHack! Inc. - Social Good Hackathons

Ehb Teng

SEWERLOCK AND TELECOMLOCK INFRASTRUCTURE ASSETSS. F. (Sid) Nash

National Critical Information Infrastructure Protection Centre (NCIIPC): Role...

Cybersecurity Education and Research Centre

Understanding Technology Stakeholders: Their Progress and Challenges

John Gilligan

War Against Terrorism - CIO's Role

Ayodeji Rotibi

Cybersecurity Law and Policy II Slides for First Summit Meeting

David Opderbeck

CloudCamp Chicago - March 2nd 2015 - Cloud Security

CloudCamp Chicago

ID IGF 2016 - Infrastruktur 3 - Security Governance Framework

IGF Indonesia

CyberSecurity: Protecting Law Firms - Vanderburg - JurInnov

Eric Vanderburg

Cyber Civil Defense - Risk Masters - Allan Cytryn

Boston Global Forum

What's Next in Cybersecurity Policy

Ely Kahn

2 Cloud chalengesDarius Spaicys

What's hot (20)

Government and Enterprise Collaboration in Cybersecurity

Idc bif2018 praveen raman _v1.0

Sc po some-05

CHIME Lead Forum - Seattle 2015

Introducing Globaleaks

Kentucky's Cyber Enclave

Protection of critical information infrastructure

Data Breach In The Hospitality Industry

ATHack! Inc. - Social Good Hackathons

SEWERLOCK AND TELECOMLOCK INFRASTRUCTURE ASSETS

National Critical Information Infrastructure Protection Centre (NCIIPC): Role...

Understanding Technology Stakeholders: Their Progress and Challenges

War Against Terrorism - CIO's Role

Cybersecurity Law and Policy II Slides for First Summit Meeting

CloudCamp Chicago - March 2nd 2015 - Cloud Security

ID IGF 2016 - Infrastruktur 3 - Security Governance Framework

CyberSecurity: Protecting Law Firms - Vanderburg - JurInnov

Cyber Civil Defense - Risk Masters - Allan Cytryn

What's Next in Cybersecurity Policy

2 Cloud chalenges

Viewers also liked

1a Aula - Slides Cri-Int

Icm Bela Vista

SANJOY DAS CV 1sanjoy das

Rèsumè 1.2015 currentSai Kalva

М.О.Сулима. Особливості вивчення окремих тем курсу «Фінансова грамотність»

Інститут післядипломної педагогічної освіти КУБГ

Ficha2 Power

suscalco

[SESG6043][Ben Williams][Delays in the European New Build Renaissance]Ben Williams

36 Pinterest Power Tips

Christian Karasiewicz

Sunu1

Mehmet Buyukkartal

Primer Parcial Filosdenisse

Erosion Profecarlospptcrif

TarunD resumeTarun Dhaka

CP Japanese Convenient Store Market Overview

Thucsaran Maksawat

Jonh Holland-Market for information. Economic function and the role of social...

Fundación Ramón Areces

Idean_LeanResearch_Jan2014_FINALLiya James

Presentación gira alianza pacifico para méxico, agroindustria y servicios, pe...ProColombia

Cinematography - Lesson 2 Development of CinematographySouth Sefton College

десят дроби

Гергель Ольга

Kashif CV PDFMOHAMMED KASHIF ALI

Viewers also liked (18)

1a Aula - Slides Cri-Int

SANJOY DAS CV 1

Rèsumè 1.2015 current

М.О.Сулима. Особливості вивчення окремих тем курсу «Фінансова грамотність»

Ficha2 Power

[SESG6043][Ben Williams][Delays in the European New Build Renaissance]

36 Pinterest Power Tips

Sunu1

Primer Parcial Filos

Erosion Profe

TarunD resume

CP Japanese Convenient Store Market Overview

Jonh Holland-Market for information. Economic function and the role of social...

Idean_LeanResearch_Jan2014_FINAL

Presentación gira alianza pacifico para méxico, agroindustria y servicios, pe...

Cinematography - Lesson 2 Development of Cinematography

десят дроби

Kashif CV PDF

Similar to What Should We Do about Cyber Attacks?

Achieving Caribbean Cybersecuirty

Shiva Bissessar

Event: George Washington University -- National Security Threat Convergence: ...

Chuck Brooks

Cyber Security: Threat and Prevention

fmi_igf

Security, Vulnerability & Redundancy in MN Broadband Infrastrcuture

Ann Treacy

CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]

APNIC

Introduction to National Critical Infrastructure Cyber Security: Background a...

Jack Whitsitt

Final presentation january iia cybersecurity securing your 2016 audit plan

Cameron Forbes Over

Final presentation january iia cybersecurity securing your 2016 audit plan

Cameron Forbes Over

S fahey

tri nguyen

TALK Public Policy 2022

Dawn Yankeelov

Cyber capability brochureCybersecurity Today A fresh l.docx

faithxdunce63732

Cyber capability brochure Cybersecurity Today: A fresh look at a changing paradigm for government agencies The cyber domain presents endless opportunities to Federal agencies looking for new ways to deliver on their mission and serve citizens, while reducing operational risk. Government is investing in new and innovative technologies that will empower our nation to achieve more. Next-generation identification systems will reduce terrorist and criminal activities by improving and expanding biometric identification and criminal history information services. “Smart” electric grids will make the country more energy independent and increase the use of renewable energies. Intelligent travel systems will make air travel quicker and safer. Electronic medical records are improving access to health care and reducing costs. These investments require up-front planning and preemptive cybersecurity practices to mitigate the inherit risks associated with the advance persistent threat. However, operating in the cyber domain is not without increased risk. Our cybersecurity efforts are matched — if not outpaced — by the sophistication on the part of nimble opponents from other nations, cyber terrorists, cyber criminal syndicates, malicious insiders, cyber espionage — not to mention the inadvertent breach. For better or worse, our cybersecurity efforts are increasingly interconnected with agency mission and programs, inextricably linking daily decisions on performance, workforce management, and information sharing with threat deterrence at every level of the organization. By adopting a proactive, performance- focused, and risk-intelligent approach to cyber initiatives, leaders can help shape their organizations into more proactive, agile, and resilient organizations to protect their people, programs, and mission. Cyber: The new normal Cyber is not just a new domain, it is the new normal. Agency leaders have a critical task ahead of them to take a fresh look at their personnel, policies, processes, and systems to synchronize their cyber initiatives and empower collaboration across departments to protect people, programs, and mission. To strengthen their cyber efforts, today’s leaders are helping drive coordination across functions, agencies, and the private sector toward a shared cyber competence that enables the mission while assigning accountability. Here are some actions agencies should consider: Treat data like a monetary asset. • Understand the value of all your agency’s assets and protect what matters most to the mission and preserve the public’s trust. Follow the flow of information• inside and outside of your agency to identify vulnerabilities; strengthen every link in the chain. Do more with identity management.• Identity, Credentialing, and Access Management (ICAM) offers new opportunities to expand partnerships and add services quickly and cost-efficiently. Make cyber a performance goal.• .

WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...WCIT 2014

Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...

itnewsafrica

A Smarter, More Secure Internet of Things

NetIQ

DHS Cybersecurity Webinar

businessforward

Working with Law Enforcement on Cyber Security Strategies

Meg Weber

Cyberattacks.pptx

SonakshiMundra

U.S. Approach to Cybersecurity Governance

Gwanhoo Lee

Practical approach to combating cyber crimes

Chinatu Uzuegbu

Market Intelligence Briefing: The Civilian FY16 Federal Budget

immixGroup

Similar to What Should We Do about Cyber Attacks? (20)

Achieving Caribbean Cybersecuirty

Event: George Washington University -- National Security Threat Convergence: ...

Cyber Security: Threat and Prevention

Security, Vulnerability & Redundancy in MN Broadband Infrastrcuture

CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]

Introduction to National Critical Infrastructure Cyber Security: Background a...

Final presentation january iia cybersecurity securing your 2016 audit plan

S fahey

TALK Public Policy 2022

Cyber capability brochureCybersecurity Today A fresh l.docx

WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...

Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...

A Smarter, More Secure Internet of Things

DHS Cybersecurity Webinar

Working with Law Enforcement on Cyber Security Strategies

Cyberattacks.pptx

U.S. Approach to Cybersecurity Governance

Practical approach to combating cyber crimes

Market Intelligence Briefing: The Civilian FY16 Federal Budget

More from Mercatus Center

ACA Has Worsened Medicaid's Structural Problems

Mercatus Center

Evaluating a Sluggish Economy with Bruce Yandle

Mercatus Center

Affordable Care Act's 6 Year Anniversary

Mercatus Center

Capitol Hill Campis March 2016

Mercatus Center

Nominal GDP Targeting

Mercatus Center

Understanding the U.S. Health Care System

Mercatus Center

Wireless Spectrum in 2016: A Policy Update

Mercatus Center

With nearly a trillion dollars at stake and draft legislation in development, now is the time for policymakers to free spectrum for innovative 21st century use. In order for 21st century technologies like the sharing economy and the Internet of Things to reach their full potential, and drive economic opportunity, more spectrum must be made available. Federal spectrum reallocation is a win-win-win scenario for the economy, social well-being, and the government.

Buchanan Speaker Series: Education, Inequality, and Incentives

Mercatus Center

Modernizing Freight Rail Regulation: Recommendations from the TRB Study

Mercatus Center

In June 2015, the National Academy of Sciences’ Transportation Research Board issued a report with recommendations to update and modernize economic regulation of rail freight transportation. Jerry Ellig served as a member of the committee that prepared the report. This presentation, given to the National Industrial Transportation League’s Railroad Transportation Committee in November 2015, summarizes the report’s main recommendations. For a short narrative that explains the recommendations, see Dr. Ellig’s commentary in Real Clear Policy.

Modernizing the SSDI Eligibility Criteria: Trends in Demographics and Labor M...

Mercatus Center

An Economic Situation Update with Bruce Yandle

Mercatus Center

How Can Policymakers and Regulators Better Engage the Internet of Things?

Mercatus Center

The world today is seemingly always plugged into the Internet and technologies are constantly sharing data about our personal and professional lives. Device connectivity is on an upward trend with Cisco estimating that 50 billion devices will be connected to the Internet by 2020. Collection and data sharing by these devices introduces a host of new vulnerabilities, raising concerns about safety, security, and privacy for policymakers and regulators.

Tools for Tracking the Economic Impact of Legislation

Mercatus Center

The Sharing Economy: Perspectives on Policies in the New Economy

Mercatus Center

The sharing economy’s rapid rise has transformed how many people work and live, from commuting, shopping, eating, vacationing, and even borrowing money. Firms like Uber, Lyft, and Airbnb seem to be grabbing headlines on a daily basis as they grow into billion-dollar ventures, disrupt local businesses, and create new policy questions for regulators. To help shed light on these issues, the Mercatus Center at George Mason University invites you to join Research Fellow Christopher Koopman for a Capitol Hill Campus presentation examining the economics and policy issues surrounding the sharing economy.

Sustaining Surface Transportation: Overview of the Highway Trust Fund and Ide...

Mercatus Center

Bootleggers and Baptists in the Garden of Good and Evil: Understanding Americ...

Mercatus Center

Stephen C. Goss Presentation for Mercatus Center SSDI Panel

Mercatus Center

The Social Security Disability Insurance (DI) trust fund’s projected 2016 depletion will require Congress to act soon to prevent large, sudden benefit cuts. Experts on both sides of the aisle have noted that a “quick fix” of simply shifting payroll taxes from Social Security’s much larger retirement trust fund (OASI) into DI, without further reform, could cost Congress its last chance to solve Social Security’s broader financing problems before it is too late. What more responsible reform options are available? The Mercatus Center and the Committee for a Responsible Federal Budget hosted a discussion on May 12 on how best to respond to SSDI’s financing crisis.

David Stapleton Presentation for Mercatus Center SSDI Panel

Mercatus Center

Jason J. Fichtner Presentation for Mercatus Center SSDI Panel

Mercatus Center

Stephen C. Goss Presentation for Mercatus Center SSDI Panel

Mercatus Center

More from Mercatus Center (20)

ACA Has Worsened Medicaid's Structural Problems

Evaluating a Sluggish Economy with Bruce Yandle

Affordable Care Act's 6 Year Anniversary

Capitol Hill Campis March 2016

Nominal GDP Targeting

Understanding the U.S. Health Care System

Wireless Spectrum in 2016: A Policy Update

Buchanan Speaker Series: Education, Inequality, and Incentives

Modernizing Freight Rail Regulation: Recommendations from the TRB Study

Modernizing the SSDI Eligibility Criteria: Trends in Demographics and Labor M...

An Economic Situation Update with Bruce Yandle

How Can Policymakers and Regulators Better Engage the Internet of Things?

Tools for Tracking the Economic Impact of Legislation

The Sharing Economy: Perspectives on Policies in the New Economy

Sustaining Surface Transportation: Overview of the Highway Trust Fund and Ide...

Bootleggers and Baptists in the Garden of Good and Evil: Understanding Americ...

Stephen C. Goss Presentation for Mercatus Center SSDI Panel

David Stapleton Presentation for Mercatus Center SSDI Panel

Jason J. Fichtner Presentation for Mercatus Center SSDI Panel

Stephen C. Goss Presentation for Mercatus Center SSDI Panel

Recently uploaded

From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...

Product School

Epistemic Interaction - tuning interfaces to provide information for AI support

Alan Dix

Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024 https://alandix.com/academic/papers/synergy2024-epistemic/ As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.

Assuring Contact Center Experiences for Your Customers With ThousandEyes

ThousandEyes

Encryption in Microsoft 365 - ExpertsLive Netherlands 2024

Albert Hoitingh

From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...

Product School

Leading Change strategies and insights for effective change management pdf 1.pdf

OnBoard

The Art of the Pitch: WordPress Relationships and Sales

Laura Byrne

Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes? All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.

State of ICS and IoT Cyber Threat Landscape Report 2024 preview

Prayukth K V

The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development. The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers: State of global ICS asset and network exposure Sectoral targets and attacks as well as the cost of ransom Global APT activity, AI usage, actor and tactic profiles, and implications Rise in volumes of AI-powered cyberattacks Major cyber events in 2024 Malware and malicious payload trends Cyberattack types and targets Vulnerability exploit attempts on CVEs Attacks on counties – USA Expansion of bot farms – how, where, and why In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East Why are attacks on smart factories rising? Cyber risk predictions Axis of attacks – Europe Systemic attacks in the Middle East Download the full report from here: https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/

GraphRAG is All You need? LLM & Knowledge Graph

Guy Korland

Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs. 1. Unifying Large Language Models and Knowledge Graphs: A Roadmap. https://arxiv.org/abs/2306.08302 2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs: https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/

LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...

DanBrown980551

Do you want to learn how to model and simulate an electrical network from scratch in under an hour? Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)! During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook. PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides: - A fully editable and extendable library for grid component modelling; - Visualization tools to display your network; - Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses; The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well. What you will learn during the webinar: - For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills; - For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.

Securing your Kubernetes cluster_ a step-by-step guide to success !

KatiaHIMEUR1

Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster. However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks. In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.

De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...

Product School

UiPath Test Automation using UiPath Test Suite series, part 3

DianaGray10

Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...

Ramesh Iyer

In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.

Mission to Decommission: Importance of Decommissioning Products to Increase E...

Product School

FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf

FIDO Alliance

FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf

FIDO Alliance

GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...

Sri Ambati

UiPath Test Automation using UiPath Test Suite series, part 4

DianaGray10

Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap. The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies. Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques What will you get from this session? 1. Insights into SAP testing best practices 2. Heatmap utilization for testing 3. Optimization of testing processes 4. Demo Topics covered: Execution from the test manager Orchestrator execution result Defect reporting SAP heatmap example with demo Speaker: Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP

Transcript: Selling digital books in 2024: Insights from industry leaders - T...

BookNet Canada

The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more. Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/ Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.

Recently uploaded (20)

From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...

Epistemic Interaction - tuning interfaces to provide information for AI support

Assuring Contact Center Experiences for Your Customers With ThousandEyes

Encryption in Microsoft 365 - ExpertsLive Netherlands 2024

From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...

Leading Change strategies and insights for effective change management pdf 1.pdf

The Art of the Pitch: WordPress Relationships and Sales

State of ICS and IoT Cyber Threat Landscape Report 2024 preview

GraphRAG is All You need? LLM & Knowledge Graph

LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...

Securing your Kubernetes cluster_ a step-by-step guide to success !

De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...

UiPath Test Automation using UiPath Test Suite series, part 3

Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...

Mission to Decommission: Importance of Decommissioning Products to Increase E...

FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf

FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf

GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...

UiPath Test Automation using UiPath Test Suite series, part 4

Transcript: Selling digital books in 2024: Insights from industry leaders - T...

What Should We Do about Cyber Attacks?

1. What should we do about cyber-attacks? Eli Dourado Research Fellow Director, Technology Policy Program

2. The infosec landscape • Era of mega-hacks • Increasingly state-based attacks • Espionage, not cyber-war • U.S. Federal government particularly vulnerable

3. The OPM hack • Began on May 7, 2014 • Exfiltration in July/August and December 2014 • 22 million current and former federal employees’ data compromised • Discovered on April 15, 2015 • Massive, but not isolated

6. What should we do? • Spend more? • A cybersecurity sprint? • An information sharing program? • Something else?

9. Information sharing • CISPA introduced in 2011 • Concern from civil libertarians • CISA introduced last year • Civil libertarians still concerned • Would information sharing work?

10. Information sharing programs already exist • DHS/IP National Infrastructure Coordinating Center (NICC) • “Dedicated 24/7 coordination and information sharing operations center that maintains situational awareness of the nation’s critical infrastructure for the federal government.” • http://www.dhs.gov/national- infrastructure-coordinating-center

11. Information sharing programs already exist • DHS/CS&C National Cyber Security and Communications Integration Center (NCCIC) • “Shares information among the public and private sectors to provide greater understanding of cybersecurity and communications situation awareness of vulnerabilities, intrusions, incidents, mitigation, and recovery actions.” • http://www.dhs.gov/about-national- cybersecurity-communications-integration- center

12. Information sharing programs already exist • DNI Cyber Threat Intelligence Integration Center (CTIIC) • “Oversees the development and implementation of intelligence sharing capabilities…to enhance shared situational awareness of intelligence related to foreign cyber threats or related to cyber incidents affecting U.S. national interests.” • https://www.whitehouse.gov/the-press- office/2015/02/25/presidential-memorandum- establishment-cyber-threat-intelligence-integrat

13.

14. Would CISA work? • Do we need 21 information sharing programs instead of 20? • Is CISA really about national information security?

15. What should we do instead? • Prioritize security over SIGINT • Responsibly disclose vulnerabilities • Two-factor auth at all agencies with penalties for noncompliance • Limit the use of private contractors • Reform the CFAA to allow security research • Reform the CFAA to allow active defense • Support strong encryption • Eliminate duplication • Security audits of open source software

16. The bottom line • We need federal humility • A marathon, not a sprint • A priority, not an afterthought • There is no silver bullet

17. Thank you.

What Should We Do about Cyber Attacks?

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (18)

Similar to What Should We Do about Cyber Attacks?

Similar to What Should We Do about Cyber Attacks? (20)

More from Mercatus Center

More from Mercatus Center (20)

Recently uploaded

Recently uploaded (20)

What Should We Do about Cyber Attacks?