a proven model for successful private/public partnership · 2016-06-14 · (bens) examples of...

1

April 12-14, 2010Sheraton New Orleans

A Proven Model for Successful Private/Public

Partnership

Barry CardozaChair, BARCfirstVP/Manager of Business Continuity,


Advantages of Partnership

Learn what other companies are doing toward “best practices.”

Discover external resources that you didn’t know were available.

Gain a level of control over things otherwise outside of your control.

If you don’t know where you’re going, no road will get you there.

No reason to have to “re-invent the wheel.”

The Public Sector, not you, may be calling the shots during a crisis.

Leverage the voice of a larger entity to make yourself heard.

Partnerships provide the influence that no one institution can have.


Case Study

A Successful Financial Sector Model That Can Be Applied to Any Sector

2

ChicagoFIRST FloridaFIRSTBARCfirst

California North Bay Area

SoCalfirstSouthern California

FloridaFIRSTTampa Bay Region

HoustonFIRST

ColoradoFIRST

Alabama Recovery Center for the Financial Sector

PhiladelphiaHawaii

Las Vegas

Columbus

Washington, DCDetroit

Seattle Regional Recovery Coalition

Alaska

Jackson

Minnesota Information Sharing and

Analysis Center (MN-ISAC)

Minnesota Security Board

Financial and Banking Information Infrastructure Committee (FBIIC)

BITS Financial Services Roundtable

Financial Services Sector Coordinating Council for Critical Infrastructure

Protection and Homeland Security (FSSCC)

Financial Services Information Sharing and

Analysis Center (FS/ISAC)

Regional Partnership Coalition

CenCalfirstCentral California

MOVING OUTSIDE OF THE BOX

Financial coalitions working with other organizations.For example….

BARCfirst

Regional Partnership Coalition (RPC)(All member financial institutions.)

California Emergency Management Agency

(CalEMA)

Business RecoveryManagers Association

and Association of Contingency Planners

Dept. of Homeland Security (DHS)

County Health Agencies

Federal Bureau of Investigation (FBI)

Business Executivesfor National

Security (BENS)


Business

Recovery

Managers

Association

www.BRMA.com

3

www.acp-international.com

42 Chapters in the U.S.

Association of Contingency Planners (ACP)

www.nyu.edu/intercep

International Center for Enterprise Preparedness (InterCEP)

4


Leveraging Partnerships to Your Immediate Advantage


TWO SIDES OF THE COIN

How can the Private Sector assist the Public Sector?

How can the Public Sector assist the Private Sector?

To be successful, a partnership must be win/win.

THE NEW DYNAMIC – FEWER POINTS OF CONTACT

ChicagoFIRST FloridaFIRSTBARCfirst

California North Bay Area

SoCalfirstSouthern California Region

FloridaFIRSTTampa Bay Region

HoustonFIRSTColoradoFIRST

Alabama Recovery Center for the Financial Sector

PhiladelphiaHawaii

Las Vegas

Columbus

Washington, DCDetroit

Seattle Regional Recovery Coalition

Alaska

Jackson

Minnesota Information Sharing andAnalysis Center (MN-ISAC)

Minnesota Security Board

Regional Partnership Coalition(Financial Sector)

5

13 |


92 local associations and 13 international affiliates representing 16,500-plus members who own or manage

more than 9 billion square feet of commercial properties.

Building Owners & Managers Association(BOMA)


Lockheed VerizonBlack & Decker

The Salvation Army Novak Biddle Venture Partners

KeySpan EnergySprint

Belco Oil & Gas

AccentureBoeing

Citigroup

Exponent

Lincoln GroupEquifax

Pioneer Financial Services

SunGard

Tupperware

United Retail Group, Inc.

Amazon.Com

Business Executives For National Security(BENS)

Examples of National & International Resources

Building Owners and Managers Association (BOMA)www.boma.org

Association of Contingency Planners (ACP)www.acp-international.com

Institute of Electrical and Electronics Engineers, Inc. (iEEE)www.ieee.org

National Fire Protection Association (NFPA)www.nfpa.org

International Association of Emergency Managers (IAEM)www.iaem.com

6

Using Private/Public Sector Events to Bring People Together

BARCfirst Pandemic Response Exercise May 2007

Joint BARCfirst-BENS-BRMAInfrastructure Symposium

June 25, 2009

7


June 25, 2009


June 25, 2009

BARCfirst

Cyber Forum

October 26, 2009

8

Event Goals and Objectives

• Raise cyber risk awareness among business continuity and disaster recovery executives and managers

• Review recent cyber risks and their potential impact to your organization’s IT systems and business operations

• Discuss how to effectively manage these events from an operational and business perspective

• Examine existing and necessary information sharing and incident response processes to address such an event

The Cyber Risk Landscape

23

Cyber incidents are increasing in frequency, scale, and sophistication

9

Critical infrastructure depends on the vitality of the interwoven cyber infrastructure

Cyber-linkages among sectors raise the risk of cascading failures throughout the Nation.

• The loss or degradation of certain critical infrastructure functions could negatively impact performance in other areas

• The private sector owns over 80% of the critical infrastructure; during an incident, the private sector is often first to detect a problem

– For example, a successful cyber attack on a power plant’s control system could impact several critical sectors, as detailed below:

Electric Power Sector

Communications Sector

Financial Sector

Emergency Response

Convergence

10

Threat vs. Risk

29

Several Attacker Profiles

• Script Kiddies

– Relatively untrained hackers that find exploit code/tools on the Internet and run them indiscriminately against targets

– While largely unskilled, they are numerous

Criminals

Cyber based attacks offer new means to commit traditional crimes, such as fraud and extortion

Organized cyber crime groups have adopted legitimate business practices, structure, and method of operation

Insiders

Insiders have a unique advantage due to access/trust

They can be motivated by revenge, organizational disputes, personal problems, boredom, curiosity, or to “prove a point”

Terrorists

Cyber attacks have the potential to cripple infrastructures which are not properly secured

In addition, cyber-linkages between sectors raise the risk of cascading failures throughout the Nation

Critical infrastructure is crucial to National Security

Estonia attacks, April 2007 :

A series of denial-of-service attacks which overwhelmed Estonian government, banking, and broadcaster websites in April 2007

Attacks occurred during a public dispute with Russian government. Russian sympathizers within Estonia eventually claimed responsibility for the attacks

Poland transit incident, January 2008 :

Using an Internet connection and a modified television remote, a 14 year old boy took control of the light-rail system in the city of Lodz

The attack on the systems command and control systems resulted in the derailment of four trains

Russian – Georgian War, August 2008:

Distributed denial-of-service attacks (DoS) crippled many Georgian Web Sites

Georgian officials alleged the coordinated cyber attacks against their Web Sites were conducted by Russian criminal gangs tipped off about Russia's intent to invade

Hackers appeared to have been prepped with target lists and details about Georgian web site vulnerabilities before the two countries engaged in a ground, sea, and air war

30

11

Cyber Crime and Theft

• E-crime “has become a major shadow economy ruled by business rules and logic that closely mimics the legitimate business world”

• Cyber criminals target commercial organizations for:

– Personal Data of Customers and Employees

– Finances (through theft or extortion)

– Proprietary Data/Industrial Espionage/Intellectual Property

• From January 1, 2008, through December 31, 2008, there were 275,284 complaints filed online with Internet Crime Compliant Center (IC3) – a 33.1% increase from the previous year

• The U.S. Department of Commerce estimates stolen Intellectual Property costs companies a collective $250 billion each year

31

Malware

Malware can be hosted on malicious websites, sent via email, or made to self-propagate across networks

It can be used to steal information, destroy data, annoy users, or allow attackers to remotely control hosts

Common types include:

Virus

Worm

Trojan

32

Scenario Introduction

33

12

BARCfirst Alert Email

• On October 26, BARCfirst members receive an alert email from the BARCfirst Steering Committee

• The email reports on an active shooter in the downtown area

• It also contains an attachment and an embedded link for access to the most up to date information

34

BARCfirst website defaced

35

Discussion Questions

• What are your primary concerns?

• Are you communicating internally within your organization?

• Are you willing to contact outside organizations to determine if it’s a common problem?

– If so, with whom? (other companies, information sharing bodies, law enforcement)

• What are the business implications…

– of being attacked?

– of sharing attack information internally/externally if it just affects your organization?

36

13


Leveraging Private/Public Resources to Your

Immediate Advantage

http://www.naccho.org/topics/infrastructure/profile/resources/2008reports/index.cfm

Public Health Agency Information



Source: National Association of County & City Health Officials (NACCHO)

14


Source: National Association of County & City Health Officials (NACCHO)


http://www.healthguideusa.org/local_health_departments.htm

Educate Your Employees

www.flu.gov

15


www.wsib.on.ca/wsib/wsibsite.nsf/Public/flu_resources


Educate Your EmployeesSample Public Sector Publications

www.operationhope.org/effak

www.fema.gov/pdf/library/children.pdf

www.FEMA.gov

www.fema.gov/pdf/areyouready/areyouready_full.pdf

www.fema.gov/pdf/library/f&web.pdf

16

www.fema.gov/pdf/library/pfd_all.pdf

Educate Your EmployeesSample Public Sector Publications

www.CDC.gov

National Communications System (NCS)

Government Emergency Communications Service (GETS)www.gets.ncs.gov

Wireless Priority Service (WPS)www.wps.ncs.gov

Telecommunications Service Priority (TSP)www.tsp.ncs.gov

Shared Resources (SHARES)High Frequency Radio Program

www.ncs.gov/shares

Not all companies qualify for these services, but it never hurts to ask. Companies may also qualify because of membership to an organization.

17

Communication is essential to response and recovery.


Emerging Threats

Natural

Man-made

Changing weather patterns; e.g., ARKSTORM

Terrorism; We can’t keep the terrorists out and many are already here.

Cyber Crime/Terrorism/Warfare

Private/Public Partnerships to help us through future challenges.


Barry [email protected](415) 765-3956

Questions?

a proven model for successful private/public partnership · 2016-06-14 · (bens) examples of...

Documents