1 / 57

Speaker Agency and Firms:

Speaker Agency and Firms: Presented By: US-CERT - Department of Homeland Security Marita Fowler Section Chief, Surface Analysis Group Cybersecurity Division Solutionary , Inc. Pamela Fusco, CISSP, CISM, CHS-III VP of Industry Solutions

albert
Download Presentation

Speaker Agency and Firms:

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Speaker Agency and Firms: Presented By: US-CERT - Department of Homeland SecurityMarita Fowler Section Chief, Surface Analysis Group Cybersecurity Division Solutionary, Inc.Pamela Fusco, CISSP, CISM, CHS-III VP of Industry Solutions Deloitte & Touche LLPRich Baich CISSP,CISM Principal – Global Leader Cyber Threat and Vulnerability Management Wiley Rein LLPNova J. Daly Public Policy Consultant PricewaterhouseCoopers LLPEdward P Gibson, CISSP, FBCS Director, US Forensics Technology Solutions Practice Thank you for logging into today’s event. Please note we are in standby mode. All Microphones will be muted until the event starts. We will be back with speaker instructions @ 11:55am. Any Questions? Please email: Info@knowledgecongress.org Group Registration Policy Please note ALL participants must be registered or they will not be able to access the event. If you have more than one person from your company attending, you must fill out the group registration form. We reserve the right to disconnect any unauthorized users from this event and to deny violators admission to future events. To obtain a group registration please send a note to info@knowledgecongress.org or call 646.202.9344. August 12, 2010

  2. Sponsored by: Media Partner: Solutionary is an information security company that delivers a wide range of managed security solutions and professional services to reduce risk, increase security and ensure compliance. Solutionary is positioned by Gartner as a "visionary" in the MSSP Magic Quadrant, and Forrester as a “strong performer” in the MSSP Wave. The company provides 24/7 services to clients through two security operations centers (SOCs) in the Americas, and eight SOCs in EMEA and AsiaPac with strategic partners. For more information, visit http://www.solutionary.com/ Information Security Today, www.infosectoday.com, is for information security managers and other technical managers and staff who are the first-line support responsible for the daily, efficient operation of security policies, procedures, standards, and practices. Information Security Today informs its readers of best practices, as well as of research into current and upcoming issues in information security. Articles take a how-to approach to their topics to help readers solve problems and be applicable to on-the-job situations faced everyday by IT, information security, and networking and system administration professionals. management practices; and law, investigations, and ethics. www.auerbach-publications.com August 12, 2010

  3. If you experience any technical difficulties during today’s WebEx session, please contact our Technical Support @ 866-779-3239. • You may ask a question at anytime throughout the presentation today via the chat window on the lower right hand side of your • screen. Questions will be aggregated and addressed during the Q&A segment. • Please note, this call is being recorded for playback purposes. • If anyone was unable to log in to the online webcast and needs to download a copy of the PowerPoint presentation for today’s • event, please send an email to: info@knowledgecongress.org. If you’re already logged in to the online webcast, we will post a link • to download the files shortly. • “If you are listening on a laptop, you may need to use headphones as some laptops speakers are not sufficiently amplified enough to • hear the presentations. If you do not have headphones and cannot hear the webcast send an email to info@knowledgcongress.org • and we will send you the dial in phone number.“ August 12, 2010

  4. About an hour or so after the event, you'll be sent a survey via email asking you for your feedback on your experience with this event • today - it's designed to take less than two minutes to complete, and it helps us to understand how to wisely invest your time in future • events. Your feedback is greatly appreciated. If you are applying for continuing education credit, completions of the surveys are • mandatory as per your state boards and bars. 6 secret words (3 for each credit hour) will be give through out the presentation. We • will ask you to fill these words into the survey as proof of your attendance. Please stay tuned for the secret word. • Speakers, I will be giving out the secret words at randomly selected times. I may have to break into your presentation briefly to read • the secret word. Pardon the interruption. August 12, 2010

  5. Unlimited Plan Features: • Unlimited access to all live webcasts for your employees. • You and your employees will be able to attend all of our webcasts on the schedule for the quarter. • There is no limit on how many webcasts you can attend and how many people from your firm join the webcasts. • Unlimited access to all of our recorded webcasts and archived material with a license to use for internal training and/or case preparation. • Your employees will have access to a wealth of archived material. • All material includes the recorded webcasts as well as the course material. • Access to all Opt-in attendee registration lists. • You will have access to the list of attendees who agree to receive information from event partners. (50% of the list.) • Why not turn the webcast into a business opportunity? This feature will connect you with a substantial portion of the audience. • Guaranteed admittance: • Your attorneys/employees will be guaranteed admittance to all webcasts. • Including those that are sold out and/or closed for registration. August 12, 2010

  6. Unlimited Plan Features: • Priority customer service line: • You will receive a priority customer service account manager. • You will bypass the main customer service department. • Priority CLE/CPE processing. • Attendees from your firm will receive expedited processing of Certificate of Attendance Forms. • Please note, your State Bar or Accounting Board will make the final determination with respect to continuing education credit. If you are applying for CLE credit in Texas you must register 20 days before the event date.) • Discounted Guest passes: • You can Purchase guest passes for your clients and guests at a discounted rate of $99 each. • Invite anyone you wish: colleagues, clients, potential clients. • Download the Brochure & Our Forward Schedule: • http://www.mediafire.com/file/unjqbnwyymu/Unlimited_Attendee_Plan_2010.pdf August 12, 2010

  7. Brief Speaker Bios: Marita Fowler Marita Fowler is the Section Chief for the Surface Analysis Group (SAG). Her team is responsible for the analysis and dissemination of information related to financially/ideologically motivated cyber activity and emerging threats. She has diverse background in intelligence, security engineering, space program security and cyber threat analysis. Pamela Fusco, CISSP, CISM, CHS-III Pamela Fusco is a name known to many of you; she has been in the security industry for nearly 25 years, including roles as chief security strategist and CSO for Merck, MCI and Citigroup; and a member of the White House special ops staff. She is closely affiliated with key industry organizations including ISSA and the Cloud Security Alliance. Managed security services provider Solutionary is home to Pamela where she serves as vice president of industry solutions. August 12, 2010

  8. Brief Speaker Bios: Rich Baich CISSP,CISM Rich Baich is a Principal in Deloitte & Touche LLP’s Security & Privacy Service, where he champions the Global Cyber Threat and Vulnerability Management practice. Rich has over 15 years experience leading multi-national teams designing, implementing, measuring and advising organizations to effectively and efficiently balance risk, technology and data management decisions with data protection risks, regulatory compliance issues, privacy and security controls. Rich is former Chief Information Security Officer (CISO) at ChoicePoint Inc. where he held enterprise-wide responsibility for information and technology security. Previously, he held leadership positions within NSA, McAfee, and the FBI. In 2005, Rich authored “Winning as a CISO”, a security executive leadership guidebook and advisor to the President’s Commission for Cyber Security. Nova J. Daly Mr. Daly is an international investment, trade and cybersecurity policy expert and has held senior leadership positions at the White House, the U.S. Departments of the Treasury and Commerce and the U.S. Senate. As the former Treasury Deputy Assistant Secretary for Investment Security and Policy from 2006-2009, Mr. Daly was responsible for managing Treasury's work as the chair of the Committee on Foreign Investment in the United States. In that capacity, he also served as the Treasury representative on cybersecurity policy formulation within the Administration. He holds an undergraduate degree in political science from the University of California, Irvine and a graduate degree in international law and organizations from American University. August 12, 2010

  9. Brief Speaker Bio: Edward P Gibson, CISSP, FBCS Ed Gibson is a Director at PricewaterhouseCoopers (PwC) in the Forensics Technology Practice in Washington DC and global. He is responsible for helping companies build capabilities and preventative mechanisms relative to anti-money laundering, FCPA, corporate intelligence, cyber compromise, data protection and privacy, economic espionage, supply chain technology, and social media. He recently returned to the US after 10 years in the UK - from 2000-2005 he was an Assistant Legal Attache for the FBI, assigned to the US Embassy in London in charge of the FBI's cyber investigations in the UK and Ireland. Following his retirement from the FBI in June 2005 he took up a new role as the Chief cyber Security Advisor for Microsoft Ltd in the UK until December 2009 where he was a sought after speaker on cyber risk issues due to his ability to make it personal and real. Prior to London, Ed was a career FBI agent in the Washington DC metro are specializing in investigations of complex frauds, asset identification, and economic espionage. He is a qualified Solicitor in England and Wales, a CISSP (Certified Information Systems Security Professional), a Fellow of the British Computer Society (FBCS), holds a current Top Secret/SCI clearance, and served in the military in the early '70s. Today Ed will be talking about the practical difficulties Corporate executives, the c-Suite, and law firms face in determining 'who to call' when the cyber catastrophe happens and the threat comes from off-shore. ► For more information about the speakers, you can visit: http://www.knowledgecongress.org/event_2010_cyber.html August 12, 2010

  10. Cybercrime has evolved from a mere exercise in intellectual one-upmanship among programmers to highly organized and sophisticated global criminal operations whose collective common objectives are as old as crime itself: to steal your company’s money! As a result, Cyber-attacks on companies are rising at meteoric rates & finance executives around the globe are being drafted into the front lines to help combat it. Combating Cybercrime for Finance Professionals LIVE webcast aims to arm you with the latest know-how to help you spot and stop cybercrime dead in its tracks. While you are reading this, thousands of companies world-wide are being robbed by cybercriminals. Is your company one of the victims or will it be one of the victors? Join Combating Cybercrime for Finance Professionals LIVE webcast and arm yourself with the latest knowledge to stop cyber criminals before they stop you. August 12, 2010

  11. Featured Speakers: SEGMENT 1: SEGMENT 2: Marita FowlerSection Chief, Surface Analysis Group Cybersecurity DivisionUS-CERT - Department of Homeland Security Pamela Fusco, CISSP, CISM, CHS-III VP of Industry Solutions Solutionary, Inc. SEGMENT 3: SEGMENT 4: Nova J. DalyPublic Policy ConsultantWiley Rein LLP Rich Baich CISSP,CISMPrincipal – Global Leader Cyber Threat and Vulnerability ManagementDeloitte & Touche LLP SEGMENT 5: Edward P Gibson, CISSP, FBCSDirector, US Forensics Technology Solutions PracticePricewaterhouseCoopers LLP August 12, 2010

  12. Introduction SEGMENT 1: Marita FowlerSection Chief, Surface Analysis Group Cybersecurity DivisionUS-CERT - Department of Homeland Security Marita Fowler is the Section Chief for the Surface Analysis Group (SAG). Her team is responsible for the analysis and dissemination of information related to financially/ideologically motivated cyber activity and emerging threats. She has diverse background in intelligence, security engineering, space program security and cyber threat analysis. August 12, 2010

  13. Image from StuckINa.com Image from Technoslum.com A Threat to National Security? SEGMENT 1: Marita FowlerSection Chief, Surface Analysis Group Cybersecurity DivisionUS-CERT - Department of Homeland Security Espionage Motivated Malware Financially Motivated Malware August 12, 2010

  14. Government Malware Trends SEGMENT 1: Marita FowlerSection Chief, Surface Analysis Group Cybersecurity DivisionUS-CERT - Department of Homeland Security August 12, 2010

  15. How Can You Help? Information Sharing SEGMENT 1: Marita FowlerSection Chief, Surface Analysis Group Cybersecurity DivisionUS-CERT - Department of Homeland Security August 12, 2010

  16. Introduction SEGMENT 2: Pamela Fusco, CISSP, CISM, CHS-III VP of Industry Solutions Solutionary, Inc. Pamela Fusco is a name known to many of you; she has been in the security industry for nearly 25 years, including roles as chief security strategist and CSO for Merck, MCI and Citigroup; and a member of the White House special ops staff. She is closely affiliated with key industry organizations including ISSA and the Cloud Security Alliance. Managed security services provider Solutionary is home to Pamela where she serves as vice president of industry solutions. August 12, 2010

  17. SEGMENT 2: Pamela Fusco, CISSP, CISM, CHS-III VP of Industry Solutions Solutionary, Inc. Go Home, The Internet Is Closed August 12, 2010

  18. SEGMENT 2: Pamela Fusco, CISSP, CISM, CHS-III VP of Industry Solutions Solutionary, Inc. August 12, 2010

  19. In a Virtual Battle Field SEGMENT 2: Pamela Fusco, CISSP, CISM, CHS-III VP of Industry Solutions Solutionary, Inc. • Security usually implies a confrontation, good vs. evil • Most battles, civil unrest and/or conflicts, organized or not, one side either surrenders or is • forced into retreat and the victor rises • Cyber issues have no retreat, no surrender, no empty trenches • Cyber Crime is low risk with high rewards • Cyber Crime prosecution is minimal August 12, 2010

  20. Virtual Trenches SEGMENT 2: Pamela Fusco, CISSP, CISM, CHS-III VP of Industry Solutions Solutionary, Inc. • On line extortion • Utilities • Government • Business • Cyber tool kits (w/ 12 mos. of support and services) • Opting in, no participation required • Pretexting • Target does not have to be engaged or aware • Combat zone is non fiction • Zombie Armies • BOT Nets August 12, 2010

  21. ROVER (Remotely Operated Video Enhanced Receiver) SEGMENT 2: Pamela Fusco, CISSP, CISM, CHS-III VP of Industry Solutions Solutionary, Inc. • Units were "fielded so fast that it was done with an unencrypted signal. It could be intercepted, hacked into and jammed,“ stated an Air Force officer with knowledge of the program • Intended for line-of sight communications (tactical, real time) • Military drones are “particularly susceptible” to video taps • “It’s like criminals using radio scanners to pick up police communications,” the senior officer says. August 12, 2010

  22. The World’s Information SEGMENT 2: Pamela Fusco, CISSP, CISM, CHS-III VP of Industry Solutions Solutionary, Inc. August 12, 2010

  23. Virtualization and Information Cyberflow SEGMENT 2: Pamela Fusco, CISSP, CISM, CHS-III VP of Industry Solutions Solutionary, Inc. • Automated queries and data correlation • Location, real time searches, “near me now” • Retail inventory • Common consumer queries amass the cyber vaults • Billions of images and relational data • Ask and you shall receive • Connected to the Cloud (“fielded so fast”) • Resource rich devices connected to the cloud • Adoption significantly on the rise • Understanding and knowledge mid grade • Exploitation vectors and analysis TBD • CSA, Trusted Cloud August 12, 2010

  24. Verify SEGMENT 2: Pamela Fusco, CISSP, CISM, CHS-III VP of Industry Solutions Solutionary, Inc. August 12, 2010

  25. An act of generosity may become too generous SEGMENT 2: Pamela Fusco, CISSP, CISM, CHS-III VP of Industry Solutions Solutionary, Inc. • Technology only does what humans, design it to do • Consumers offer more pii when they believe they are getting something • Hold back a bit, don’t be so precise • Goggles for Google • Information relevance and data flux • Websites, specifically for golfers, etc • Social medians • Booz Allen’s social networking hello. Bah.com (P2P) • Targets employees with 5-15 yrs experience August 12, 2010

  26. Elements, Trends and Analysis SEGMENT 2: Pamela Fusco, CISSP, CISM, CHS-III VP of Industry Solutions Solutionary, Inc. • Sensible metrics and business intelligence • Realistic reporting and analysis • Compliance and auditing, business and personal • Investments in innovation and R&D • Strategy and preparation • Collaboration, affiliations and standards • Vas coalescence • Enable rapid acquisition by leveraging collaborative and participating partners August 12, 2010

  27. Get the VIEW! SEGMENT 2: Pamela Fusco, CISSP, CISM, CHS-III VP of Industry Solutions Solutionary, Inc. • Point in time • Too late • Social “Median” (can’t fight the trends) • Economies of scale Portal SIEM (and/or like) • Know the business of hacking • Know the solutions for defense and offense • Leverage trusted partners • MSSPs, Telco’s • Cloud solutions and purpose built methodologies and technologies August 12, 2010

  28. Think like they do and consider the outcome Identify the Source SEGMENT 2: Pamela Fusco, CISSP, CISM, CHS-III VP of Industry Solutions Solutionary, Inc. August 12, 2010

  29. Introduction Rich Baich is a Principal in Deloitte & Touche LLP’s Security & Privacy Service, where he champions the Global Cyber Threat and Vulnerability Management practice. Rich has over 15 years experience leading multi-national teams designing, implementing, measuring and advising organizations to effectively and efficiently balance risk, technology and data management decisions with data protection risks, regulatory compliance issues, privacy and security controls. Rich is former Chief Information Security Officer (CISO) at ChoicePoint Inc. where he held enterprise-wide responsibility for information and technology security. Previously, he held leadership positions within NSA, McAfee, and the FBI. In 2005, Rich authored “Winning as a CISO”, a security executive leadership guidebook and advisor to the President’s Commission for Cyber Security. SEGMENT 3: Rich Baich CISSP,CISMPrincipal – Global Leader Cyber Threat and Vulnerability ManagementDeloitte & Touche LLP August 12, 2010

  30. Cyber Threat Intelligence SEGMENT 3: Rich Baich CISSP,CISMPrincipal – Global Leader Cyber Threat and Vulnerability ManagementDeloitte & Touche LLP August 12, 2010

  31. The Changing Threat Landscape The cybercrime landscape has evolved into a set of highly specialized criminal products and services that are able to target specific organizations, regions, and customer profiles by using a sophisticated set of malware exploits and anonymization systems which routinely evade present-day security controls. August 12, 2010

  32. The Underground Economy Monetize Enrich and Validate Sell Compromise Acquire Stolen Data Drop Sites Payment Gateways eCommerceSites On-Line Gambling eMoney Phishing Keyloggers InstantMessaging Wire Transfer Bank Data Validation Service Botnet Service Carding Forums Drop Service Retailers Spammer Botnet Owners Malware Distribution Service Data Acquisition Service Data Mining & Enrichment Data Sales Cashing Credit Card Cashers Cyber Criminals Identity Collectors Malware Authors Malicious Code Related CriminalRoles Underground Criminal Services 3rd Party & Corporate Enablers Criminal Forums & Communication Key: August 12, 2010

  33. Making Cyber Threat Intelligence Actionable Our approach is based on real life deployment experience. It has been proven to work in large production environments and is differentiated by the use of aggregated open source intelligence with is transformed into normalized, context aware, actionable cyber threat intelligence data. Recovered PII & Company Confidential Data Near-Real TimeCriminal Surveillance Integrated Business Processes Actionable Intelligence • Commercial Feeds • Law Enforcement • Industry Associations • Underground Forums • Hash databases • GEOIP data Risk Assessment Process Risk Acceptance Process External Cyber Threat Intelligence Feeds Cyber Threat Intelligence Collection Research, and Analysis Process “All Source Fusion” Risk Mitigation & Remediation • Fraud investigations • Security event data • Abuse mailbox info • Vulnerability data • Sandboxes • Human intelligence Internal Threat Intelligence Feeds Urgent security control updates IP reputation data for authentication • Honeynets • Malware Forensics • Brand monitoring • P2P monitoring • DNS monitoring • Watchlist monitoring Proactive Surveillance Line of Business Teams Threat Intelligence Reporting Security, Fraud and Operational Risk Teams Infrastructure & Application Logs Technology Configuration Data 3rd Parties, Subsidiaries August 12, 2010

  34. The Value of A Cyber Threat Intelligence Capability • Actionable, risk-based cyber intelligence data • Enhanced, industry specific brand monitoring and protection • Upgraded information security controls that meet or exceed regulatory obligations • Limit or reduce the scope and impact of security breaches • Reduce operational loss caused by cyber criminals • Reduce the frequency and scope of security incidents • Identify customers, partners, and suppliers that are compromised • Reduce the amount of time necessary to detect and locate advanced persistent threats • Improve the return on investment for previously purchased security controls, management platforms, and intelligence feeds SEGMENT 3: Rich Baich CISSP,CISMPrincipal – Global Leader Cyber Threat and Vulnerability ManagementDeloitte & Touche LLP August 12, 2010

  35. Introduction Mr. Daly is an international investment, trade and cybersecurity policy expert and has held senior leadership positions at the White House, the U.S. Departments of the Treasury and Commerce and the U.S. Senate. As the former Treasury Deputy Assistant Secretary for Investment Security and Policy from 2006-2009, Mr. Daly was responsible for managing Treasury's work as the chair of the Committee on Foreign Investment in the United States. In that capacity, he also served as the Treasury representative on cybersecurity policy formulation within the Administration. He holds an undergraduate degree in political science from the University of California, Irvine and a graduate degree in international law and organizations from American University. SEGMENT 4: Nova J. DalyPublic Policy ConsultantWiley Rein LLP August 12, 2010

  36. The Facts • Cyber criminals operate undetected within systems. Their technologies include devices plugged into corporate networks, malware, and key stroke loggers that capture credentials and provide criminals with privileged access while they evade detection. • In 2009, more than 11.1 million U.S. adults were victims of identity theft. • One in every ten U.S. consumers has already been victimized by identity theft. • On average, victims lose between $851 and $1,378 out-of-pocket and spend 330 hours repairing the damage. • Incidents of fraud translated into losses of more than $54 billion by consumers and businesses. SEGMENT 4: Nova J. DalyPublic Policy ConsultantWiley Rein LLP August 12, 2010

  37. What Does it Mean for the Evolution of Cyber Security Vulnerability Management? • Future legislative and federal initiatives that will seek to standardize technologies; possibly • with penalties for those businesses that do not meet certain standards • New guidelines on cybersecurity protocols • New international initiatives • Increased funding for R&D and technology procurement SEGMENT 4: Nova J. DalyPublic Policy ConsultantWiley Rein LLP August 12, 2010

  38. Are You Ready for Big Brother? • Some form of federal cyber security legislation is sure to pass the U.S. Congress, and it will change • the way you do business. SEGMENT 4: Nova J. DalyPublic Policy ConsultantWiley Rein LLP August 12, 2010

  39. Congress is Very Engaged • In 2009-10, Congress held over 75 hearings on cybersecurity. • Members stressed the need to partner with private sector entities. • However, barring a “Pearl Harbor” attack, legislation will not pass this year. SEGMENT 4: Nova J. DalyPublic Policy ConsultantWiley Rein LLP August 12, 2010

  40. Key Congressional Committees • Senate • Committee on Homeland Security an Governmental Affairs • Joseph Lieberman (I-CT); Susan Collins (R-ME) • Committee on Commerce, Science and Transportation • Jay Rockefeller (D-WV); Olympia Snowe (R-ME) • House • Committee on Science & Technology • Bart Gordon (D-TN); James Sensenbrenner (R-WI) • Committee on Energy and Commerce • Henry A. Waxman (D-CA); Joe Barton (R-TX) • Committee on Homeland Security • Bennie Thompson (D-MS); Peter T. King (R-NY) SEGMENT 4: Nova J. DalyPublic Policy ConsultantWiley Rein LLP August 12, 2010

  41. Key Congressional Legislation • Cybersecurity Enhancement Act, H.R. 4061: Passed the House and could pass in the Senate. Funds $396 million in R&D over 4 years; promotes a federal cybersecurity workforce and transfer of cyber technologies into the marketplace. • International Cybercrime Reporting and Cooperation Act, S. 3155 & H.R. 4692: Requires the President to produce annual reports on international efforts and identify countries posing a cyber threat. • Appropriations for Department of Homeland Security, H.R. 4842: Includes $150 million in funding for cybersecurity R&D to prevent, detect and respond to cyber attacks. • House Energy and Commerce and/Homeland Security Proposals: Both of these Committees have jurisdiction on cybersecurity and will likely have an important say in anything that is signed into law or considered in the House. SEGMENT 4: Nova J. DalyPublic Policy ConsultantWiley Rein LLP August 12, 2010

  42. Key Congressional Legislation • Cybersecurity Act of 2010, S.773: Passed Senate Commerce Committee. Estimated to cost $1.8 billion. This bill contains provisions for private sector collaboration, but there are concerns that it creates a “cyber bureaucracy” that would inhibit innovation. Provisions in the bill could levy fines for non-compliance with certain technology and procurement standards. • Protecting Cyberspace as a National Asset Act, S. 3480: The bill from Senators Lieberman and Collins places a top cybersecurity official in the White House, but gives DHS broad powers. Authorizes the President to issue a declaration of a national cyber emergency to covered critical infrastructure. • Senate Leader Harry Reid committed to developing comprehensive cyber security legislation in a June 2010, letter to President Obama, and told Senators to meld the competing cybersecurity bills together by September, if not earlier. SEGMENT 4: Nova J. DalyPublic Policy ConsultantWiley Rein LLP August 12, 2010

  43. Changes in the Cyber Security Policy Vacuum • Federal initiatives from agencies like the Department of Homeland Security and the Federal Communication Commission are driving changes in the absence of cyber security leadership. SEGMENT 4: Nova J. DalyPublic Policy ConsultantWiley Rein LLP August 12, 2010

  44. Moves from the Administration • 2008: Development of the Comprehensive National Cybersecurity Initiative (CNCI) • 2009: Performance of a 60-day review and publication of the Cyberspace Policy Review Report. The Report leads to: • Creation of a Cybersecurity Coordinator at the White House. • Work between federal, state and local partners with industry to identify procurement strategies that will incentivize the market. • Including through adjustments to liability considerations, tax incentives, and new regulatory requirements and compliance mechanisms. SEGMENT 4: Nova J. DalyPublic Policy ConsultantWiley Rein LLP August 12, 2010

  45. Key Administration Agencies and Actions • The White House. The National Security Counsel and National Economic Council are the nexus of cyber policy for the federal government. • The Department of Homeland Security (DHS). This agency is cyber central and responsible for: implementing the deployment of an intrusion detection system; coordinating R&D efforts; developing a cyber counterintelligence plan; expanding cyber education; and developing an approach for global supply chain risk management. • The Department of Defense (DOD) and the National Security Agency (NSA). Key agencies on cybersecurity spending and policy with immense budgets and huge policy weight. SEGMENT 4: Nova J. DalyPublic Policy ConsultantWiley Rein LLP August 12, 2010

  46. Key Administration Agencies and Actions • The U.S. Department of Commerce (Commerce). Commerce’s National Telecommunications and Information Administration (NTIA) plays an important role in cyber security policy. • The U.S. Department of State (State). Plays a significant international role, including on negotiations with other governments. • The Federal Communications Commission (FCC). The FCC recently released its National Broadband Plan. A key part of that plan is to give the FCC a greatly enhanced role in developing and promoting cyber security measures. It is also seeking support for a certification system for providers. SEGMENT 4: Nova J. DalyPublic Policy ConsultantWiley Rein LLP August 12, 2010

  47. International Treaty? • New international initiatives are creating industry and national coalitions. SEGMENT 4: Nova J. DalyPublic Policy ConsultantWiley Rein LLP August 12, 2010

  48. International Cybersecurity Moves • International Consensus • The world is moving toward developing a consensus around five pillars of cybersecurity action, with each country building: • a national security response team, • informed legislation, • public-private sector engagement and public awareness, • stronger enforcement, and • capacity building. SEGMENT 4: Nova J. DalyPublic Policy ConsultantWiley Rein LLP August 12, 2010

  49. Cyber Money • The tap on spending for cyber security R&D and technology has just begun to open. SEGMENT 4: Nova J. DalyPublic Policy ConsultantWiley Rein LLP August 12, 2010

  50. Money and Resources • The cumulative U.S. federal cybersecurity market is valued to be $55 billion from 2010-2015 and • will grow steadily – at about 6.2 percent annually over the next six years. • Congress is planning on providing massive funding to agencies and cybersecurity R&D. • The DHS alone plans to invest $900 million in technology in fiscal 2011, and is hiring thousands • of cybersecurity experts. • Funds related to these initiatives will find their way to the state and local coffers. SEGMENT 4: Nova J. DalyPublic Policy ConsultantWiley Rein LLP August 12, 2010

More Related