Post on 19-Oct-2014
description
Cyber Resilience Institute - www.cyber-res.org 1
When Society Makes Cyber Capacity Demands Upon Government
Introduction
2
Cyber Risk Acceptance Indicators
3
• FireEye Report: 97% Compromise Rate
• LookingGlass Report: 100% Rate
Other Indicators
4
“there are only two types of companies: those that
have been hacked and those that will be.”
Robert S. Mueller, III
Director, FBI
RSA Cyber Security Conference March 1, 2012
“The ongoing cyber-thefts … represent the greatest
transfer of wealth in human history.”
General Keith Alexander
Director, NSA
American Enterprise Institute
July 9, 2012
Previous Risk Messages
Globally Destabilizing Risk
6
The Challenge of Western Society
7
“Are we at risk of having a prime feature of our society used against us (separation of industry and government)”
“If the Chinese, and others, can target the gap between industry and government, the gap must be closed.”
Other Catalysts
8
• Cybercrime• State Actor attacks, Economic Espionage• Cyberwar, critical infrastructure attacks• Cyberterrorism
Other Catalysts
9Source. Informationisbeautiful.net
Back to the Tipping Point
10
• What happens when government nudging is turned on its head and the public demands government action?
• How does government respond, in what ways?
• How are democratic and pro-market institutionsprotected?
In the US: Capacity Building
11
• White House directives and initiatives of 2013
• 2014 National Infrastructure Protection Plan (NIPP)
• “Call to Action”
• Multiple mechanisms to promote Partnerships
• Capacity “Promotion”
• “Ground Up” approaches
Role of Government
12
• A Framework to enable Government – IndustryCollaboration
• To identify capability gaps and resources across US geographic footprint
- training - incident response - compliance - forensics
• To provide a channel for federal programs
• To enable knowledge exchange and pooling across regional and community initiatives
Collective Risk Analogy
13
• Volunteer Fire Brigades
• Resource pooling• Trust-building, information sharing• Maturing to more robust capabilities
• Cyber Bucket Brigades across geography- WCX - ACSC - Cyber Huntsville
• But how do they scale and integrate?
Use Cases
14
• Insurance
• NIST Cybersecurity Framework• Small/Medium Business
adoption
• Education
• Threat exchange and preparedness
The Call to Action
15
• What does Federal Government want?
• How does society respond to a Call to Action?
• What does Cyber Resilience look like?
Leverage Regional Groups
16
The purpose of the RC3 is to understand, connect, enable and build partnerships to enhance the protection of the critical infrastructure of the United States and the resilience of our communities.
2013 RC3 Landscape Study
17
• Study the existing RC3 Membership
• Capabilities, structure, formation, governance, stakeholders, etc.
• Next steps: DHS to assess capabilities and needs, and improve regional capacity through partnerships
Mobilization for Cyber Resilience
18
• How does government promote resilience?
• What are the components of regional and community capacity?
• How does Public-Private Partnership work and fit in?
19
Cyber Resilience Institute
CRI Functions
Key Function: What is a Community Cyber Enterprise?
20
Getting Started in Communities
Cyber Torchbearer™
Cyber Exchange Meetups™
21
Adoption of NIST Framework
22
Community Model Framework
What is a Community Cyber Enterprise?
Other Capabilities & Research
• Definition for Community Cyber Enterprise
• Public-Private Partnership Definition
• NIST Cybersecurity Framework Adoption
• Cyberwar and Proactive Defense
• Law and Policy Gaps
• Frameworks for Readiness
• Market Forces and Economic Development
23
The Tipping Point is Coming
24
• It’s time to Mobilize for Cyber Resilience
• When Society places demands on governmentfor cyber capacity, will you be ready?
Cyber Resilience Institute - www.cyber-res.org25
26
• CRI President & Cyber Operations: Mr. Kris Beasley (Colonel, USAF Retired)• Cyber Ops SME: CIO & Director of Cyber Ops (Air Mobility Command), Director
of Cyber & Info Ops (HQ US Air Force)• Email: KrisB@cyber-res.org / Phone: (719) 425-5577
• Cyber Law & Policy: Mr. Doug DePeppe (US Army, Retired)• Cyber Law SME: LLM/JD (GW), National Security Cyber JAG, DHS & RC3 Cyber
experience• Email: DougD@cyber-res.org / Phone: (719) 357-8025
• Community & Government Outreach: Mr. Steve Haynes• Cyber Policy SME: White House NSTAC, Extensive Interagency experience• Email: SteveH@cyber-res.org / Phone: (727) 871-3777
• Business Outreach and CTO: Mr. Jeff Beauprez• Technical SME: IT & Cyber Engineering Company CEO, European market
manager• Email: JeffB@cyber-res.org / Phone: (719) 337-9889
CRI Torchbearers
DISCUSSION
27
Q & A
Contact:• Doug DePeppe• Email: dougd@cyber-res.org• Phone: +1 719.357.8025• Skype: doug.depeppe