Utilizing cyber intelligence to combat cyber adversaries (OA Cyber Summit)
Cyber after Snowden (OA Cyber Summit)
-
Upload
open-analytics -
Category
Technology
-
view
528 -
download
0
description
Transcript of Cyber after Snowden (OA Cyber Summit)
Cyber After Snowden
Matthew Rhoades, Director, Cyberspace & Security Program
Can DC Help Protect Your Networks?
Truman Project Members
Cyberspace & Security Program
Agenda
Looking Back – How we got here
Lame Duck
2015 and beyond
Cybersecurity & Congress 2012 - 2014
2012: The Debate on Capitol Hill
Key Pillars: 1. Critical Infrastructure
2. Information Sharing
3. DHS v. NSA
Low-Hanging Fruit: Education/Workforce
Research & Development
Cyber Awareness
FISMA Reform
Securing Critical Infrastructure
Mandatory Standards: Cybersecurity Act of 2012
v1.0 (Senate)
Voluntary Standards: Cybersecurity Act of 2012
v2.0 (Senate)
Market Solution: House of Representatives
Legislating Information Sharing
2. Who are you sharing it with? • Civilian Agency? Intelligence
Community? Department of Defense?
1. What are you sharing? • PII or Threat Signatures?
3. What can it be used for? • Limited to specific purposes?
4. What is the Standard of Liability? • Full Indemnity? Negligence?
The Interest Groups
Baseline Standards Improved Visibility
Anonymize Info Civilian Agency Clear Definitions Negligence Standard
No Mandates Legal Protection
National Security Leaders
Privacy & Civil Liberties
Business (Chamber of Commerce)
2013: Executive Order 13636
Policy Results:
“Industry-led, government facilitated” best practices (NIST)
Increase USG Industry Info Sharing
Privacy & Civil Liberties Oversight
A New Agenda for 2013
Political Result: A Smaller Congressional Agenda Critical Infrastructure Information Sharing Role of DHS
Education & Workforce Research & Development Awareness FISMA Reform
Cyber Bills
Committee United States Senate House of Representatives
Homeland Security
National Cybersecurity & Communications Integration Center Act DHS Cybersecurity Workforce Recruitment & Retention Act Federal Information Security Amendments Act
National Cybersecurity & Critical Infrastructure Protection Act Critical Infrastructure Research and Development Advancement Act Homeland Security Cybersecurity Boots-on-the-Ground Act
Commerce Cybersecurity Act of 2013
Intelligence Cyber Information Sharing Act of 2014
Cyber Intelligence Sharing and Protection Act
2014 Lame Duck (Senate)?
Other Issues?
Marketplace Fairness
Tax Extenders
Nominations
Other National Security Issues?
AUMF
Sec. 215/Sec. 702/FISA Reform
Iran
Must Do: • Continuing Resolution • Defense Authorization
Changing of the Guard
On their way out: Mike Rogers (R-MI)
House Intelligence
Buck McKeon (R-CA) House Armed Services
Carl Levin (D-MI) Senate Armed Services
Jay Rockefeller (D-WV) Senate Commerce, Science, & Transportation
Saxby Chambliss (R-GA) Senate Intelligence
Tom Coburn (R-OK) Senate Homeland Security
Next in line (?): Jeff Miller (R-FL)
House Intelligence
Mac Thornberry (R-TX) House Armed Services
Jack Reed (D-RI) Senate Armed Services
Bill Nelson (D-FL) Senate Commerce, Science, & Transportation
Richard Burr (R-NC) Senate Intelligence
John McCain (R-AZ) Senate Homeland Security
Truman Members
What happens after a crisis?
Truman National Conference Cyber Exercise 54 Teams • 34 Congressional offices • 7 Executive offices & Agencies • 9 Industry & Interest Groups • 4 Media Outlets
Day-of Crisis Exercise • National Security Council Debate • 7-9 Teams; 25 – 70 Participants • Define what happened & how to respond
What we learned…
1. Uncertainty in response to a crisis
2. In the wake of a crisis, the focus is almost entirely on protecting critical infrastructure
3. In the wake of a crisis, the second priority is developing human resources
Cyber After Snowden
Matthew Rhoades, Director, Cyberspace & Security Program
Can DC Help Protect Your Networks?