1 / 43

WEIS 2011 Workshop on the Economics of Information Security

WEIS 2011 Workshop on the Economics of Information Security. Chris Greer Assistant Director for Information Technology R&D White House Office of Science & Technology Policy. June 14, 2011. America's economic prosperity in the 21st century will depend on cybersecurity

zizi
Download Presentation

WEIS 2011 Workshop on the Economics of Information Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. WEIS 2011Workshop on the Economics of Information Security Chris Greer Assistant Director for Information Technology R&D White House Office of Science & Technology Policy June 14, 2011

  2. America's economic prosperity in the 21st century will depend on cybersecurity - President Obama, May 2009

  3. President’s Strategy for American Innovation Catalyze Breakthroughs for National Priorities • Unleash a clean energy revolution • Accelerate biotechnology, • nanotechnology, and advanced manufacturing • Develop breakthroughs in space applications • Drive breakthroughs in health care technology • Create a quantum leap in educational technologies • Accelerate business innovation with the R&E tax credit • Promote investments in ingenuity through effective intellectual property policy • Encourage high-growth and innovation-based entrepreneurship • Promote innovative, open, and competitive markets Promote Market-Based Innovation Invest in the Building Blocks of American Innovation • Educate Americans with 21st century skills and create a world-class workforce • Build a leading physical infrastructure • Strengthen and broaden American leadership in fundamental research • Develop an advanced information technology ecosystem Source: http://www.whitehouse.gov/innovation/; www.startupamericapartnership.prg; www.whitehouse.gov/open

  4. President’s Strategy for American Innovation Catalyze Breakthroughs for National Priorities • Unleash a clean energy revolution • Accelerate biotechnology, • nanotechnology, and advanced manufacturing • Develop breakthroughs in space applications • Drive breakthroughs in health care technology • Create a quantum leap in educational technologies • Accelerate business innovation with the R&E tax credit • Promote investments in ingenuity through effective intellectual property policy • Encourage high-growth and innovation-based entrepreneurship • Promote innovative, open, and competitive markets Promote Market-Based Innovation Invest in the Building Blocks of American Innovation • Strengthen and broaden American leadership in fundamental research • Develop an advanced information technology ecosystem Source: http://www.whitehouse.gov/innovation/; www.startupamericapartnership.prg; www.whitehouse.gov/open

  5. President’s Strategy for American Innovation Comprehensive Cybersecurity Framework National Strategy for Trusted Identities in Cyberspace National Initiative for Cybersecurity Education Trustworthy Cyberspace: Strategic Plan for Federal R&D Invest in the Building Blocks of American Innovation • Strengthen and broaden American leadership in fundamental research • Develop an advanced information technology ecosystem Administration Proposal for Cybersecurity Legislation International Strategy for Cyberspace Source: http://www.whitehouse.gov/innovation/; www.startupamericapartnership.prg; www.whitehouse.gov/open

  6. President’s Cyberspace Policy Review • May 2009 • Themes: • Lead from the top • Build capacity for a digital nation • Share responsibility for cybersecurity • Create effective information sharing and incident response • Encourage Innovation

  7. President’s Cyberspace Policy Review • May 2009 • Themes: • Lead from the top • Build capacity for a digital nation • Share responsibility for cybersecurity • Create effective information sharing and incident response • Encourage Innovation

  8. International Strategy for Cyberspace

  9. “Cyberspace, and the technologies that enable it, allow people of every nationality, race, faith, and point of view to communicate, cooperate, and prosper like never before.” President Obama May 2011 www.whitehouse.gov/cybersecurity

  10. Our Goal The United States will work internationally to promote an open, interoperable, secure, and reliable cyberspace that supports international trade and commerce, strengthens international security, and fosters free expression and innovation.

  11. The cyberspace environment that we seek: • rewards innovation and empowers entrepreneurs; • connects individuals and strengthens communities; • builds better governments and expands accountability; • safeguards fundamental freedoms and enhances personal privacy; and • builds understanding, clarifies norms of behavior, and enhances national and international security.

  12. Norms of Responsible Behavior • Upholding Fundamental Freedoms • Respect for Property • Valuing Privacy • Protection from Crime • Right of Self-Defense • Global Interoperability • Network Stability • Reliable Access • Multi-stakeholder Governance • Cybersecurity Due Diligence

  13. Norms of Responsible Behavior • Upholding Fundamental Freedoms • Respect for Property • Valuing Privacy • Protection from Crime • Right of Self-Defense • Global Interoperability • Network Stability • Reliable Access • Multi-stakeholder Governance • Cybersecurity Due Diligence

  14. Administration Proposal for Cybersecurity Legislation

  15. The Administration should partner appropriately with Congress to ensure adequate law, policies, and resources are available to support the U.S. cybersecurity-related missions. President’s Cyberspace Policy Review May 2009

  16. President’s Cyberspace Policy Review • May 2009 • Themes: • Lead from the top • Build capacity for a digital nation • Share responsibility for cybersecurity • Create effective information sharing and incident response • Encourage Innovation

  17. The proposal helps protect: • the American people; • our Nation’s critical infrastructure; • federal government networks and systems; and • Privacy and civil liberties. www.whitehouse.gov/cybersecurity

  18. Protecting the American People • National Data Breach Reporting • Penalties for Cyber Criminals

  19. Protecting our Nation’s Critical Infrastructure • Voluntary government assistance to industry, states, and local government • Voluntary information sharing with DHS • Critical infrastructure cybersecurity plans

  20. Protecting Federal Computers & Networks • Management – FISMA update and roles • Personnel – Hiring authorities and exchange • Intrusion Prevention Systems – EINSTEIN • Data Centers – Promoting cloud innovation

  21. Protecting Privacy and Civil Liberties • Privacy and civil liberties expert review and Attorney General (AG) approval • Limitation to cybersecurity threats and criminal law enforcement with AG review • Threat information shared without unrelated identifying information • Layered oversight programs and Congressional reporting

  22. National Initiative for Cybersecurity Education NICE

  23. President’s Cyberspace Policy Review • May 2009 • Themes: • Lead from the top • Build capacity for a digital nation • Share responsibility for cybersecurity • Create effective information sharing and incident response • Encourage Innovation

  24. NICE Website: WWW.NIST.GOV/NICE

  25. Building Capacity for a Digital Nation • Increase public awareness • Enhance formal cybersecurity education • Expand, define, and train a world-class cybersecurity workforce

  26. Cybersecurity Pipeline

  27. NICE Components National Cybersecurity Awareness • Lead: Department of Homeland Security (DHS) • Public service campaigns and awareness activities year round Formal Cybersecurity Education • Leads: Department of Education (ED), National Science Foundation (NSF) • Co-Leads: Department of Labor (DOL), DHS • STEM and cybersecurity education programs in accredited settings

  28. NICE Components Cybersecurity Workforce Structure • Overall Lead: Department of Homeland Security (DHS) • Federal Workforce – Office of Personnel Management • Government Workforce (non-Federal) – DHS • Private Sector Workforce – Dept. Labor, National Institute of Standards and Technology Cybersecurity Workforce Training and Professional Development • Tri-Leads: Department of Defense (DoD), Office of the Director of National Intelligence (ODNI) , Department of Homeland Security (DHS) Tri-Leads: • General IT Use – Federal Chief Information Officer Council and DHSIT • Infrastructure, Operations, Maintenance & Information Assurance – DoD, DHS • Domestic Law Enforcement and Counterintelligence – Department of Defense Cyber Crime Center (DC3), National Counterintelligence Executive (NCIX), Department of Justice, and DHS • Specialized Cybersecurity Operations - NSA

  29. National Initiative for Trusted Identities in Cyberspace NSTIC

  30. President’s Cyberspace Policy Review • May 2009 • Themes: • Lead from the top • Build capacity for a digital nation • Share responsibility for cybersecurity • Create effective information sharing and incident response • Encourage Innovation

  31. NSTIC Website: WWW.NIST.GOV/NSTIC

  32. NSTIC Focus - Two Central Problems: • Passwords are inconvenient and insecure • Individuals are unable to prove their true identity online for significant transactions

  33. Identity theft is costly, inconvenient and all-too common • Phishing continues to rise, with attacks becoming more sophisticated • Managing multiple passwords is expensive • Passwords are failing • Maintenance of multiple accounts is increasing as more services move online

  34. Characteristics of the Identity Ecosystem • Led by the private sector • Allows consumers who want to participate to: • obtain a single digital credential for wide use • choose among a diverse market of credential providers • use their credential when needed and remain anonymous when desired • Enhances privacy through: • “need-to-know” restrictions • reduced identity theft • reduced instances of sensitive information sharing

  35. Trustworthy Cyberspace: Strategic Plan for the Federal Cybersecurity Research and Development Program

  36. President’s Cyberspace Policy Review • May 2009 • Themes: • Lead from the top • Build capacity for a digital nation • Share responsibility for cybersecurity • Create effective information sharing and incident response • Encourage Innovation

  37. Encouraging Innovation Provide a framework for research and development strategies that focus on game-changing technologies that will help meet infrastructure objectives, building on the existing NITRD strategies …

  38. Interagency Coordination • NITRD:Networking and Information Technology Research and Development Program • CSIA:Cyber Security and Information Assurance Working Group • SSG: Senior Steering Group for Cybersecurity • SCORE:Special Cyber Operations Research and Engineering

  39. Strategy Overview • Near Horizon • Moving Target Defense • Tailored Trustworthy Spaces • Cyber Economic Incentives • Designed-in Security • Over the Horizon • Science of Cybersecurity • Research for Results • Translation to practice

  40. Strategy Overview • Near Horizon • Moving Target Defense • Tailored Trustworthy Spaces • Cyber Economic Incentives • Designed-in Security • Over the Horizon • Science of Cybersecurity • Research for Results • Translation to practice

  41. Cyber Economic Incentives - Examples • Economics of legislation and policy choices • Immunity, liability, safe harbor, incentives, material disclosure, audit and assessment • Market factors • Valuation, cost/benefit analyses, technology risk, standards and innovation, awareness, intellectual arbitrage, risk decision-making, criminal markets • Cyber insurance • Actuarial analysis, quantitative risk assessment, moral hazard, catastrophic and interdependent risks, risk pooling

  42. President’s Strategy for American Innovation Comprehensive Cybersecurity Framework National Initiative for Cybersecurity Education National Strategy for Trusted Identities in Cyberspace Trustworthy Cyberspace: Strategic Plan for Federal R&D Invest in the Building Blocks of American Innovation • Strengthen and broaden American leadership in fundamental research • Develop an advanced information technology ecosystem Administration Proposal for Cybersecurity Legislation International Strategy for Cyberspace Source: http://www.whitehouse.gov/innovation/; www.startupamericapartnership.prg; www.whitehouse.gov/open

  43. Additional Information: www.whitehouse.gov/cybersecurity Contact: CGreer@ostp.eop.gov

More Related