130 likes | 275 Views
THE PRESIDENT’S CRITICAL INFRASTRUCTURE PROTECTION BOARD. Who we Are What we do. Howard A. Schmidt Special Assistant to the President Vice Chair, President’s Critical Infrastructure Protection Board May 2002.
E N D
THE PRESIDENT’S CRITICAL INFRASTRUCTURE PROTECTION BOARD Who we Are What we do Howard A. Schmidt Special Assistant to the President Vice Chair, President’s Critical Infrastructure Protection Board May 2002
THE PRESIDENT’S CRITICAL INFRASTRUCTURE PROTECTION BOARD Created by President Bush in October 2001 in his Executive Order 13231 What is the Board’s Purpose and Scope? to coordinate all Federal activities related to the protection of information systems and networks supporting critical infrastructures, including: --Federal departments and agencies --Private Sector companies which operate critical infrastructures --state and local government’s critical infrastructures --related national security programs
THE PRESIDENT’S CRITICAL INFRASTRUCTURE PROTECTION BOARD What are critical infrastructures? --telecommunications --transportation --energy --health care --financial services --emergency services --manufacturing --water systems from Executive Order 13231
THE PRESIDENT’S CRITICAL INFRASTRUCTURE PROTECTION BOARD Who is on the Board? Senior Officials of Executive Branch departments (typically Deputy or Under Secretary) And the White House offices of the Vice President, Chief of Staff, National Security Advisor, Homeland Security Director, Management & Budget Director, Science Advisor
THE PRESIDENT’S CRITICAL INFRASTRUCTURE PROTECTION BOARD Who runs the Board? The Chairman and Vice-Chair are appointed by the President. They report to the President thru Governor Ridge or National Security Advisor Condi Rice. The Chair also serves as Cyberspace Security Advisor to the President.
THE PRESIDENT’S CRITICAL INFRASTRUCTURE PROTECTION BOARD Is the Board a new Bureaucracy? No, the Board coordinates existing agencies. The Board’s Staff is ~20 people, many dual-hatted with OMB and NSC staffs. The Board has a policy, not operational role, but its 10 committees do have operational responsibility. Each committee has a Lead Agency as its Chair.
THE PRESIDENT’S CRITICAL INFRASTRUCTURE PROTECTION BOARD What are the committees and who chairs them? Private Sector/State & Local Outreach Commerce Executive Branch Info Systems Security OMB National Security Systems DOD Incident Response Coordination FBI Research & Development OSTP Infrastructure Interdependencies DOE/DOT Finance and Banking Treasury Education NSA International Affairs State Physical Security of Information Systems DOJ/DOD National Security Emergency Preparedness Communications DOD
THE PRESIDENT’S CRITICAL INFRASTRUCTURE PROTECTION BOARD How does this relate to Homeland Security? The Board, its Committees, and its Staff are the single Executive Branch system for CyberSecurity. They perform that function for both Homeland Security and National Security. The Board can refer issues to the Cabinet level Homeland Security Council or to the NSC Cabinet level. The Board Staff coordinates closely with both the Homeland and NSC staffs.
THE PRESIDENT’S CRITICAL INFRASTRUCTURE PROTECTION BOARD What is the Board doing? The Board has been tasked to create a National Strategy to Secure Cyberspace --by Summer 2002 --prepared with the private sector critical infrastructure companies --a policy and programmatic road map for government and industry --a modular strategy, on-line, adaptable to new threats and new technology
THE PRESIDENT’S CRITICAL INFRASTRUCTURE PROTECTION BOARD What are the guiding principles of the Board? --make market forces work to create security, rather than using a regulatory approach --share information among and between companies, departments and agencies, and state/local governments --create public/private partnership solution to IT security --clean up the Federal Government’s own IT security problems as a model, test bed, and indicator of our bona fides --create public and corporate awareness of importance of IT security
THE PRESIDENT’S CRITICAL INFRASTRUCTURE PROTECTION BOARD Is the Board limited by its lack of budget authority? The President authorized the Board to make recommendation on the Federal IT security budget. The Board Staff works closely with OMB throughout the year. The FY03 Budget submitted by President Bush in February, 2002 included a record 64% increase in funding for IT security programs to protect Federal departments’ computer systems. (IT security is now $4b out of overall Federal IT spending of $52b.)
THE PRESIDENT’S CRITICAL INFRASTRUCTURE PROTECTION BOARD What are some of the Board’s Priorities? • Awareness: The National Cyber Security Alliance and its StaySafeonLine campaign • Education: The CyberCorps Scholarship for Service program • Info Sharing: The Cyber Warning & Info Network (CWIN) between Govt and Industry; limited FOIA exemption • Research: The CyberSecurity Research Consortium and a national research agenda • Protecting Internet Infrastructure: projects to secure Domain Name Servers and Border Gateway Protocols, blunt Distributed Denial of Service attacks • Physical Security of Key Nodes • Standard & Best Practices: including relating to Federal procurement • Digital Control Systems: securing utilities and manufacturing control systems • Securing Future Systems: beginning with new Wireless web enabled devices