120 likes | 277 Views
Security For Infrastructure Protection: Public-Private Partnerships. KEN WATSON 15 OCT 2004 kwatson@cisco.com. Many Infrastructures Exist – All Different. Transportation. Government Services. Electric Power. Infrastructure Examples. Telecommunications. Emergency Services. Water.
E N D
Security For Infrastructure Protection: Public-Private Partnerships KEN WATSON15 OCT 2004kwatson@cisco.com
Many Infrastructures Exist – All Different Transportation Government Services Electric Power Infrastructure Examples Telecommunications Emergency Services Water Oil & Gas Banking & Finance
Why Public-Private Partnerships are Needed Infrastructures… • Benefit the “informatization” of society • Depend on commercial networks • Are interdependent • Are largely owned and operated by private companies • Obtain most innovative approaches from the private sector Government needs industry in a true public-private partnership
Effective Security Requires Technology, Process and People – Both IT Users and Producers Life-Cycle 7942_04_2003_c1 4 © 2003, Cisco Systems, Inc. All rights reserved.
Current Industry Actions • Deploy existing security products and services • Develop new security products and services • Integrate security technology and functionality into all applications and devices • Develop technical and operational security best practices and voluntary standards • Continue to improve secure design, implementation, testing, certification, and deployment methodology • Exchange information with government on voluntary best practices
Cross-Sector Collaboration • Voluntary participation by leaders from government, industry and academia • Coordinates cross-sector initiatives and compliments public-private efforts • Board of Directors composed of critical infrastructure “sector coordinators” http://www.pcis.org
National Cybersecurity Partnership • Organized to implement public-private National Cybersecurity Strategy • Five task forces, following Strategy • Home/Small Business Awareness • Early Warning • Software Development Life Cycle • Corporate Governance • Technical Standards and Common Criteria www.cyberpartnership.org
National Cyber Security Alliance • Public service site for home/small business users • “Top ten” tips, tutorials, self-test, links • DHS choice for cyber security awareness messaging to homes/small businesses • Board: • AOL • BellSouth • Cisco Systems • Microsoft • Network Associates • RSA Security • Symantec www.staysafeonline.info
“The mission of the Information Sharing and Analysis Centers Council (ISAC Council) is to advance the physical and cyber security of the critical infrastructures of North America by establishing and maintaining a framework for valuable interaction between and among the ISACs and with government.” Chemical Industry ISAC Electricity Sector ISAC Energy ISAC Financial Services ISAC Health Care ISAC Information Technology – ISAC National Coordinating Center for Telecommunications ISAC Public Transit ISAC Surface Transportation ISAC Trucking ISAC Water ISAC ISAC Council www.isaccouncil.org
Information Sharing Convene meetings of experts Sponsor information sharing workshops Promote higher education improvements University “Center of Excellence” program Computer forensics Increase public and corporate awareness Talk about benefits Sponsor meetings Interviews, articles Voluntary global industry-developed standards, metrics, and best practices Sponsor public-private research into long-term computer science issues Local law enforcement Law enforcement cooperation International information sharing, like this exchange Government Actions
Summary • Network-based management increases productivity and benefits society • Private sector working on security, innovation, and forward-looking solutions • Government helps by education, awareness, voluntary best practices research, use of voluntary best practices in own systems, and law enforcement • The Internet is Global, and exchanges like this are important and helpful
12 12 12