1 / 12

Partnership for Secure National Infrastructures

Partnership for Secure National Infrastructures. Jerry Cochran Principal Security Strategist Trustworthy Computing Group Microsoft Corporation. Differentiating CIP, CII, and Cybersecurity. Critical Infrastructures. Non-essential IT systems. Cybersecurity.

lorimer
Download Presentation

Partnership for Secure National Infrastructures

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Partnership for Secure National Infrastructures Jerry Cochran Principal Security Strategist Trustworthy Computing Group Microsoft Corporation

  2. Differentiating CIP, CII, and Cybersecurity Critical Infrastructures Non-essential IT systems Cybersecurity Those practices and procedures that enable the secure use and operation of cyber tools and technologies Critical Information Infrastructure Cross-cutting ICT interdependencies among all sectors Energy Transportation IT/Telecom Enterprises Consumers Govt Services Banking/Finance

  3. CIP Policy Drivers and Influences War Terrorism Cyber Attacks Convergence Globalization Natural Disasters Laws and Regulations Directives/Policies Emergency Response Plans National Strategies

  4. Keys to Resilient Infrastructures • Define Goals and Roles • Identify and Prioritize Critical Functions • Continuously Assess and Manage Risks • Build Operational Response Frameworks • Create Public-Private Partnerships • Build Security/Resiliency into Operations • Government and infrastructure owners/operators: • Collaboratively pursue these core enablers of resiliency and infrastructure security

  5. Establishing CIP Goals

  6. Roles for CIP Engagement Incidences, emerging issues, & changing conditions : constantly update risk assessment

  7. Identify and Prioritize Critical Functions • Establish an Open Dialog • Understand the critical functions, infrastructure elements, and key resources necessary for: • delivering essential services, • maintaining the orderly operations of the economy, and • helping to ensure public safety. Critical Function Infrastructure Element Key Resource Supply Chain Supply Chain Supply Chain Critical Function Infrastructure Element Key Resource Critical Function Supply Chain Supply Chain Supply Chain Infrastructure Element Key Resource Understand Interdependencies Supply Chain Supply Chain Supply Chain Supply Chain

  8. Continuous Risk Management Protection is the Continuous Application of Risk Management • Evaluate Program Effectiveness • Leverage Findings to Improve Risk Management • Identify Key Functions • Assess Risks • Evaluate Consequences Incidences, emerging issues, & changing conditions : constantly update risk assessment • Define Functional Requirements • Evaluate Proposed Controls • Estimate Risk Reduction/Cost Benefit • Select Mitigation Strategy • Seek Holistic Approach. • Organize by Control Effectiveness • Implement Defense-in-Depth

  9. Build Operational Response Frameworks • Goal: Improve Operational Coordination • Public- and private-sector organizations alike can benefit from developing joint plans for managing emergencies, including recovering critical functions in the event of significant incidents • Unified Concept of Operations for Public and Private Sector CERTs • Emergency response plans can mitigate damage and promote resiliency. • Effective emergency response plans are generally short and highly actionable so they can be readily tested, evaluated, and implemented. • Testing and exercising emergency response plans promotes trust, understanding, and greater operational coordination among public- and private-sector organizations. • Exercises also provide an important opportunity to identify new risk factors that can be addressed in response plans or controlled through regular risk management functions.

  10. Create Public/Private Partnerships • Voluntary public-private partnerships • Promote trusted relationships needed for information sharing and collaborating on difficult problems • Leverage the unique skills of government and private sector organizations • Provide the flexibility needed to collaboratively address today’s dynamic threat environment • Provide a Value Proposition to the private sector Collaboration is key to protecting critical infrastructure

  11. Continuous Improvement: Build Resiliency/Security into Infrastructures Critical Functions (Global, National, Local) Security is a continuous process Building security and resiliency into infrastructure operations Infrastructure Operations Security Controls Management Technical Operational Fosters increased security and resiliency for the critical functions that support safety, security, and commerce at all levels

More Related