cybersecurity legislation
DESCRIPTION
TRANSCRIPT
© 2004 Visible Systems Corporation. All rights reserved.
1 (800) 6VISIBLE • www.visible.com
Cyber Security briefing to CongressPPD21 and PPD22
Cyber Security briefing to CongressPPD21 and PPD22
By
……………
By
……………
From
CSCSS
© 2004 Visible Systems Corporation. All rights reserved.
1 (800) 6VISIBLE • www.visible.com
Agenda Agenda
Why are we here? Is the legislation necessary or are the currently
available policy tools sufficient Is new legislation is needed, what need should
be addressed and why What authorities and protection should be
included? Why?
Why are we here? Is the legislation necessary or are the currently
available policy tools sufficient Is new legislation is needed, what need should
be addressed and why What authorities and protection should be
included? Why?
© 2004 Visible Systems Corporation. All rights reserved.
1 (800) 6VISIBLE • www.visible.com
Cyber security bills that have not been passedCyber security bills that have not been passed
Presidential Policy Directive-21 replaces Homeland Security Presidential Directive-7 .
The Executive Order (EO) does not address all the cyber crime issues and how they can be resolved
NSA, FBI, and Department of Homeland Security need legislation to proactively prevent cyber attacks.
Both the military and civilians to have jurisdiction over cyber attacks
Presidential Policy Directive-21 replaces Homeland Security Presidential Directive-7 .
The Executive Order (EO) does not address all the cyber crime issues and how they can be resolved
NSA, FBI, and Department of Homeland Security need legislation to proactively prevent cyber attacks.
Both the military and civilians to have jurisdiction over cyber attacks
© 2004 Visible Systems Corporation. All rights reserved.
1 (800) 6VISIBLE • www.visible.com
Continued…Continued… A situational awareness capability that addresses
both physical and cyber aspects the cascading consequences of infrastructure
failures Need to update the National Infrastructure
Protection Plan There is also a
A situational awareness capability that addresses both physical and cyber aspects
the cascading consequences of infrastructure failures
Need to update the National Infrastructure Protection Plan
There is also a
© 2004 Visible Systems Corporation. All rights reserved.
1 (800) 6VISIBLE • www.visible.com
Is the legislation necessary?Is the legislation necessary? The legislation is necessary It need to adequately cover the gaps unforeseen and
unaddressed by current legislation - Homeland Security Presidential Directive-7
There have been developments in cyber crime nature, frequency and design
All the critical infrastructure are at risk from cyber attacks. Federal Information Security Management Act to govern
federal government IT security Critical infrastructure companies to meet minimum cyber
security regulations. Revise the minimum cyber security regulation so as to
meet the increasing cases of cyber crimes
The legislation is necessary It need to adequately cover the gaps unforeseen and
unaddressed by current legislation - Homeland Security Presidential Directive-7
There have been developments in cyber crime nature, frequency and design
All the critical infrastructure are at risk from cyber attacks. Federal Information Security Management Act to govern
federal government IT security Critical infrastructure companies to meet minimum cyber
security regulations. Revise the minimum cyber security regulation so as to
meet the increasing cases of cyber crimes
© 2004 Visible Systems Corporation. All rights reserved.
1 (800) 6VISIBLE • www.visible.com
What should the legislation address? Why?What should the legislation address? Why? The legislation should address Transparency and
User Protections. The reason is that: The government has already been involved in cyber
surveillance against the current laws Private companies survey their employees,
customers and competitors The privacy of the government and the private
companies
The legislation should address Transparency and User Protections.
The reason is that: The government has already been involved in cyber
surveillance against the current laws Private companies survey their employees,
customers and competitors The privacy of the government and the private
companies
© 2004 Visible Systems Corporation. All rights reserved.
1 (800) 6VISIBLE • www.visible.com
Industrial espionage has impact ‘hacktivism’ and longest-term affect on share price.Industrial espionage has impact ‘hacktivism’ and longest-term affect on share price.
© 2004 Visible Systems Corporation. All rights reserved.
1 (800) 6VISIBLE • www.visible.com
Projected growth of cyber-security spending in billions
Projected growth of cyber-security spending in billions
© 2004 Visible Systems Corporation. All rights reserved.
1 (800) 6VISIBLE • www.visible.com
Authorities and protection to be included?
Authorities and protection to be included? Private networks- save banks, private companies
and individual users from cybercrime Banks- to protect the financial sectors and the
country's economy Transport and communication networks-smooth
operations and stabilization of the economy Sharing of critical cyber security information
between the government and the private sectors. The stock market- Protect it from collapse.
Private networks- save banks, private companies and individual users from cybercrime
Banks- to protect the financial sectors and the country's economy
Transport and communication networks-smooth operations and stabilization of the economy
Sharing of critical cyber security information between the government and the private sectors.
The stock market- Protect it from collapse.
© 2004 Visible Systems Corporation. All rights reserved.
1 (800) 6VISIBLE • www.visible.com
The authorities The authorities The Department of State, in coordination with DHS, SSAs, and
other Federal departments and agencies The Department of Justice (DOJ), including the Federal Bureau
of Investigation (FBI) The Department of the Interior, in collaboration with the SSA for
the Government Facilities Sector The Department of Commerce (DOC), in collaboration with
DHS and other relevant Federal departments and agencies The IC, led by the Director of National Intelligence (DNI), The General Services Administration, in consultation with DOD,
and DHS The Nuclear Regulatory Commission (NRC) The Federal Communications Commission, to the extent
permitted by law
The Department of State, in coordination with DHS, SSAs, and other Federal departments and agencies
The Department of Justice (DOJ), including the Federal Bureau of Investigation (FBI)
The Department of the Interior, in collaboration with the SSA for the Government Facilities Sector
The Department of Commerce (DOC), in collaboration with DHS and other relevant Federal departments and agencies
The IC, led by the Director of National Intelligence (DNI), The General Services Administration, in consultation with DOD,
and DHS The Nuclear Regulatory Commission (NRC) The Federal Communications Commission, to the extent
permitted by law
© 2004 Visible Systems Corporation. All rights reserved.
1 (800) 6VISIBLE • www.visible.com
Authorities and protection to be included?
Authorities and protection to be included?
Protect and defend computer systems and networks attack
Thwart computer security threats against rights and property
Use Information to investigate crimes to the underlying security threat to individuals, and national security
Previously opposed legislation have important segments that can be used today
Protect and defend computer systems and networks attack
Thwart computer security threats against rights and property
Use Information to investigate crimes to the underlying security threat to individuals, and national security
Previously opposed legislation have important segments that can be used today
© 2004 Visible Systems Corporation. All rights reserved.
1 (800) 6VISIBLE • www.visible.com
Recommendation Recommendation
Using aggressive counter measures Making the government collaborate with the private
sector Protecting users ‘ privacy from the government and
private sector The government and private companies do not
observe the democratic principles. The government should extend their commitment to
openness in cyber security deals and issues The banks are not sure about the liability concerns
in case they share the information
Using aggressive counter measures Making the government collaborate with the private
sector Protecting users ‘ privacy from the government and
private sector The government and private companies do not
observe the democratic principles. The government should extend their commitment to
openness in cyber security deals and issues The banks are not sure about the liability concerns
in case they share the information
© 2004 Visible Systems Corporation. All rights reserved.
1 (800) 6VISIBLE • www.visible.com
References References
National Security Council(May 2009), The Comprehensive National Cybersecurity Initiative - (CNCI)
Fidelis, Richard. "Cyber Security - Freshfields - Freshfields." Cyber Security - Freshfields - Freshfields. 31 Mar. 2013. 24 Nov. 2013 http://www.freshfields.com/en/insights/Cyber_security/
Menn, Joseph. "U.S. officials woo tech companies in new push for cybersecurity law."Reuters. 07 Sept. 2013. Thomson Reuters. 24 Nov. 2013 <http://www.reuters.com/article/2013/09/25/us-cybersecurity-law-idUSBRE98O14S20130925>.
Sen. Rockefeller,, John D. "S.1353 - Cybersecurity Act of 2013 113th Congress (2013-2014) BILL." S.1353. 30 July 2013. 24 Nov. 2013 <http://beta.congress.gov/bill/113th/senate-bill/1353>.
National Security Council(May 2009), The Comprehensive National Cybersecurity Initiative - (CNCI)
Fidelis, Richard. "Cyber Security - Freshfields - Freshfields." Cyber Security - Freshfields - Freshfields. 31 Mar. 2013. 24 Nov. 2013 http://www.freshfields.com/en/insights/Cyber_security/
Menn, Joseph. "U.S. officials woo tech companies in new push for cybersecurity law."Reuters. 07 Sept. 2013. Thomson Reuters. 24 Nov. 2013 <http://www.reuters.com/article/2013/09/25/us-cybersecurity-law-idUSBRE98O14S20130925>.
Sen. Rockefeller,, John D. "S.1353 - Cybersecurity Act of 2013 113th Congress (2013-2014) BILL." S.1353. 30 July 2013. 24 Nov. 2013 <http://beta.congress.gov/bill/113th/senate-bill/1353>.
© 2004 Visible Systems Corporation. All rights reserved.
1 (800) 6VISIBLE • www.visible.com
THANK YOUTHANK YOU
Any Questions?