slide1 l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Speaker Agency and Firms: PowerPoint Presentation
Download Presentation
Speaker Agency and Firms:

Loading in 2 Seconds...

play fullscreen
1 / 57

Speaker Agency and Firms: - PowerPoint PPT Presentation


  • 547 Views
  • Uploaded on

Speaker Agency and Firms: Presented By: US-CERT - Department of Homeland Security Marita Fowler Section Chief, Surface Analysis Group Cybersecurity Division Solutionary , Inc. Pamela Fusco, CISSP, CISM, CHS-III VP of Industry Solutions

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Speaker Agency and Firms:' - albert


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
slide1

Speaker Agency and Firms:

Presented By:

US-CERT - Department of Homeland SecurityMarita Fowler Section Chief, Surface Analysis Group Cybersecurity Division

Solutionary, Inc.Pamela Fusco, CISSP, CISM, CHS-III VP of Industry Solutions

Deloitte & Touche LLPRich Baich CISSP,CISM Principal – Global Leader Cyber Threat and Vulnerability Management

Wiley Rein LLPNova J. Daly Public Policy Consultant

PricewaterhouseCoopers LLPEdward P Gibson, CISSP, FBCS Director, US Forensics Technology Solutions Practice

Thank you for logging into today’s event. Please note we are in standby mode. All Microphones will be muted until the event starts. We will be back with speaker instructions @ 11:55am. Any Questions? Please email: Info@knowledgecongress.org

Group Registration Policy

Please note ALL participants must be registered or they will not be able to access the event.

If you have more than one person from your company attending, you must fill out the group registration form.

We reserve the right to disconnect any unauthorized users from this event and to deny violators admission to future events.

To obtain a group registration please send a note to info@knowledgecongress.org or call 646.202.9344.

August 12, 2010

slide2

Sponsored by:

Media Partner:

Solutionary is an information security company that delivers a wide range of managed security solutions and professional services to reduce risk, increase security and ensure compliance.

Solutionary is positioned by Gartner as a "visionary" in the MSSP Magic Quadrant, and Forrester as a “strong performer” in the MSSP Wave. The company provides 24/7 services to clients through two security operations centers (SOCs) in the Americas, and eight SOCs in EMEA and AsiaPac with strategic partners. For more information, visit http://www.solutionary.com/

Information Security Today, www.infosectoday.com, is for information security managers and other technical managers and staff who are the first-line support responsible for the daily, efficient operation of security policies, procedures, standards, and practices. Information Security Today informs its readers of best practices, as well as of research into current and upcoming issues in information security. Articles take a how-to approach to their topics to help readers solve problems and be applicable to on-the-job situations faced everyday by IT, information security, and networking and system administration professionals. management practices; and law, investigations, and ethics.

www.auerbach-publications.com

August 12, 2010

slide3

If you experience any technical difficulties during today’s WebEx session, please contact our Technical Support @ 866-779-3239.

  • You may ask a question at anytime throughout the presentation today via the chat window on the lower right hand side of your
  • screen. Questions will be aggregated and addressed during the Q&A segment.
  • Please note, this call is being recorded for playback purposes.
  • If anyone was unable to log in to the online webcast and needs to download a copy of the PowerPoint presentation for today’s
  • event, please send an email to: info@knowledgecongress.org. If you’re already logged in to the online webcast, we will post a link
  • to download the files shortly.
  • “If you are listening on a laptop, you may need to use headphones as some laptops speakers are not sufficiently amplified enough to
  • hear the presentations. If you do not have headphones and cannot hear the webcast send an email to info@knowledgcongress.org
  • and we will send you the dial in phone number.“

August 12, 2010

slide4

About an hour or so after the event, you'll be sent a survey via email asking you for your feedback on your experience with this event

  • today - it's designed to take less than two minutes to complete, and it helps us to understand how to wisely invest your time in future
  • events. Your feedback is greatly appreciated. If you are applying for continuing education credit, completions of the surveys are
  • mandatory as per your state boards and bars. 6 secret words (3 for each credit hour) will be give through out the presentation. We
  • will ask you to fill these words into the survey as proof of your attendance. Please stay tuned for the secret word.
  • Speakers, I will be giving out the secret words at randomly selected times. I may have to break into your presentation briefly to read
  • the secret word. Pardon the interruption.

August 12, 2010

slide5

Unlimited Plan Features:

  • Unlimited access to all live webcasts for your employees.
    • You and your employees will be able to attend all of our webcasts on the schedule for the quarter.
    • There is no limit on how many webcasts you can attend and how many people from your firm join the webcasts.
  • Unlimited access to all of our recorded webcasts and archived material with a license to use for internal training and/or case preparation.
    • Your employees will have access to a wealth of archived material.
    • All material includes the recorded webcasts as well as the course material.
  • Access to all Opt-in attendee registration lists.
    • You will have access to the list of attendees who agree to receive information from event partners. (50% of the list.)
    • Why not turn the webcast into a business opportunity? This feature will connect you with a substantial portion of the audience.
  • Guaranteed admittance:
    • Your attorneys/employees will be guaranteed admittance to all webcasts.
    • Including those that are sold out and/or closed for registration.

August 12, 2010

slide6

Unlimited Plan Features:

  • Priority customer service line:
    • You will receive a priority customer service account manager.
    • You will bypass the main customer service department.
  • Priority CLE/CPE processing.
    • Attendees from your firm will receive expedited processing of Certificate of Attendance Forms.
    • Please note, your State Bar or Accounting Board will make the final determination with respect to continuing education credit. If you are applying for CLE credit in Texas you must register 20 days before the event date.)
  • Discounted Guest passes:
    • You can Purchase guest passes for your clients and guests at a discounted rate of $99 each.
    • Invite anyone you wish: colleagues, clients, potential clients.
    • Download the Brochure & Our Forward Schedule:
    • http://www.mediafire.com/file/unjqbnwyymu/Unlimited_Attendee_Plan_2010.pdf

August 12, 2010

slide7

Brief Speaker Bios:

Marita Fowler

Marita Fowler is the Section Chief for the Surface Analysis Group (SAG). Her team is responsible for the analysis and dissemination of information related to financially/ideologically motivated cyber activity and emerging threats. She has diverse background in intelligence, security engineering, space program security and cyber threat analysis.

Pamela Fusco, CISSP, CISM, CHS-III

Pamela Fusco is a name known to many of you; she has been in the security industry for nearly 25 years, including roles as chief security strategist and CSO for Merck, MCI and Citigroup; and a member of the White House special ops staff. She is closely affiliated with key industry organizations including ISSA and the Cloud Security Alliance. Managed security services provider Solutionary is home to Pamela where she serves as vice president of industry solutions.

August 12, 2010

slide8

Brief Speaker Bios:

Rich Baich CISSP,CISM

Rich Baich is a Principal in Deloitte & Touche LLP’s Security & Privacy Service, where he champions the Global Cyber Threat and Vulnerability Management practice. Rich has over 15 years experience leading multi-national teams designing, implementing, measuring and advising organizations to effectively and efficiently balance risk, technology and data management decisions with data protection risks, regulatory compliance issues, privacy and security controls. Rich is former Chief Information Security Officer (CISO) at ChoicePoint Inc. where he held enterprise-wide responsibility for information and technology security. Previously, he held leadership positions within NSA, McAfee, and the FBI. In 2005, Rich authored “Winning as a CISO”, a security executive leadership guidebook and advisor to the President’s Commission for Cyber Security.

Nova J. Daly

Mr. Daly is an international investment, trade and cybersecurity policy expert and has held senior leadership positions at the White House, the U.S. Departments of the Treasury and Commerce and the U.S. Senate. As the former Treasury Deputy Assistant Secretary for Investment Security and Policy from 2006-2009, Mr. Daly was responsible for managing Treasury's work as the chair of the Committee on Foreign Investment in the United States. In that capacity, he also served as the Treasury representative on cybersecurity policy formulation within the Administration. He holds an undergraduate degree in political science from the University of California, Irvine and a graduate degree in international law and organizations from American University.

August 12, 2010

slide9

Brief Speaker Bio:

Edward P Gibson, CISSP, FBCS

Ed Gibson is a Director at PricewaterhouseCoopers (PwC) in the Forensics Technology Practice in Washington DC and global. He is responsible for helping companies build capabilities and preventative mechanisms relative to anti-money laundering, FCPA, corporate intelligence, cyber compromise, data protection and privacy, economic espionage, supply chain technology, and social media. He recently returned to the US after 10 years in the UK - from 2000-2005 he was an Assistant Legal Attache for the FBI, assigned to the US Embassy in London in charge of the FBI's cyber investigations in the UK and Ireland. Following his retirement from the FBI in June 2005 he took up a new role as the Chief cyber Security Advisor for Microsoft Ltd in the UK until December 2009 where he was a sought after speaker on cyber risk issues due to his ability to make it personal and real. Prior to London, Ed was a career FBI agent in the Washington DC metro are specializing in investigations of complex frauds, asset identification, and economic espionage. He is a qualified Solicitor in England and Wales, a CISSP (Certified Information Systems Security Professional), a Fellow of the British Computer Society (FBCS), holds a current Top Secret/SCI clearance, and served in the military in the early '70s. Today Ed will be talking about the practical difficulties Corporate executives, the c-Suite, and law firms face in determining 'who to call' when the cyber catastrophe happens and the threat comes from off-shore.

► For more information about the speakers, you can visit: http://www.knowledgecongress.org/event_2010_cyber.html

August 12, 2010

slide10

Cybercrime has evolved from a mere exercise in intellectual one-upmanship among programmers to highly organized and sophisticated global criminal operations whose collective common objectives are as old as crime itself: to steal your company’s money! As a result, Cyber-attacks on companies are rising at meteoric rates & finance executives around the globe are being drafted into the front lines to help combat it. Combating Cybercrime for Finance Professionals LIVE webcast aims to arm you with the latest know-how to help you spot and stop cybercrime dead in its tracks.

While you are reading this, thousands of companies world-wide are being robbed by cybercriminals. Is your company one of the victims or will it be one of the victors? Join Combating Cybercrime for Finance Professionals LIVE webcast and arm yourself with the latest knowledge to stop cyber criminals before they stop you.

August 12, 2010

slide11

Featured Speakers:

SEGMENT 1:

SEGMENT 2:

Marita FowlerSection Chief, Surface Analysis Group Cybersecurity DivisionUS-CERT - Department of Homeland Security

Pamela Fusco, CISSP, CISM, CHS-III VP of Industry Solutions Solutionary, Inc.

SEGMENT 3:

SEGMENT 4:

Nova J. DalyPublic Policy ConsultantWiley Rein LLP

Rich Baich CISSP,CISMPrincipal – Global Leader Cyber Threat and Vulnerability ManagementDeloitte & Touche LLP

SEGMENT 5:

Edward P Gibson, CISSP, FBCSDirector, US Forensics Technology Solutions PracticePricewaterhouseCoopers LLP

August 12, 2010

slide12

Introduction

SEGMENT 1:

Marita FowlerSection Chief, Surface Analysis Group Cybersecurity DivisionUS-CERT - Department of Homeland Security

Marita Fowler is the Section Chief for the Surface Analysis Group (SAG). Her team is responsible for the analysis and dissemination of information related to financially/ideologically motivated cyber activity and emerging threats. She has diverse background in intelligence, security engineering, space program security and cyber threat analysis.

August 12, 2010

slide13

Image from StuckINa.com

Image from Technoslum.com

A Threat to National Security?

SEGMENT 1:

Marita FowlerSection Chief, Surface Analysis Group Cybersecurity DivisionUS-CERT - Department of Homeland Security

Espionage Motivated Malware Financially Motivated Malware

August 12, 2010

slide14

Government Malware Trends

SEGMENT 1:

Marita FowlerSection Chief, Surface Analysis Group Cybersecurity DivisionUS-CERT - Department of Homeland Security

August 12, 2010

slide15

How Can You Help?

Information Sharing

SEGMENT 1:

Marita FowlerSection Chief, Surface Analysis Group Cybersecurity DivisionUS-CERT - Department of Homeland Security

August 12, 2010

slide16

Introduction

SEGMENT 2:

Pamela Fusco, CISSP, CISM, CHS-III VP of Industry Solutions Solutionary, Inc.

Pamela Fusco is a name known to many of you; she has been in the security industry for nearly 25 years, including roles as chief security strategist and CSO for Merck, MCI and Citigroup; and a member of the White House special ops staff. She is closely affiliated with key industry organizations including ISSA and the Cloud Security Alliance. Managed security services provider Solutionary is home to Pamela where she serves as vice president of industry solutions.

August 12, 2010

slide17

SEGMENT 2:

Pamela Fusco, CISSP, CISM, CHS-III VP of Industry Solutions Solutionary, Inc.

Go Home, The Internet Is Closed

August 12, 2010

slide18

SEGMENT 2:

Pamela Fusco, CISSP, CISM, CHS-III VP of Industry Solutions Solutionary, Inc.

August 12, 2010

slide19

In a Virtual Battle Field

SEGMENT 2:

Pamela Fusco, CISSP, CISM, CHS-III VP of Industry Solutions Solutionary, Inc.

  • Security usually implies a confrontation, good vs. evil
  • Most battles, civil unrest and/or conflicts, organized or not, one side either surrenders or is
  • forced into retreat and the victor rises
  • Cyber issues have no retreat, no surrender, no empty trenches
  • Cyber Crime is low risk with high rewards
    • Cyber Crime prosecution is minimal

August 12, 2010

slide20

Virtual Trenches

SEGMENT 2:

Pamela Fusco, CISSP, CISM, CHS-III VP of Industry Solutions Solutionary, Inc.

  • On line extortion
    • Utilities
    • Government
    • Business
  • Cyber tool kits (w/ 12 mos. of support and services)
  • Opting in, no participation required
    • Pretexting
    • Target does not have to be engaged or aware
  • Combat zone is non fiction
    • Zombie Armies
    • BOT Nets

August 12, 2010

slide21

ROVER

(Remotely Operated Video Enhanced Receiver)

SEGMENT 2:

Pamela Fusco, CISSP, CISM, CHS-III VP of Industry Solutions Solutionary, Inc.

  • Units were "fielded so fast that it was done with an unencrypted signal. It could be intercepted, hacked into and jammed,“ stated an Air Force officer with knowledge of the program
    • Intended for line-of sight communications (tactical, real time)
    • Military drones are “particularly susceptible” to video taps
    • “It’s like criminals using radio scanners to pick up police communications,” the senior officer says.

August 12, 2010

slide22

The World’s Information

SEGMENT 2:

Pamela Fusco, CISSP, CISM, CHS-III VP of Industry Solutions Solutionary, Inc.

August 12, 2010

slide23

Virtualization and Information Cyberflow

SEGMENT 2:

Pamela Fusco, CISSP, CISM, CHS-III VP of Industry Solutions Solutionary, Inc.

  • Automated queries and data correlation
    • Location, real time searches, “near me now”
    • Retail inventory
    • Common consumer queries amass the cyber vaults
    • Billions of images and relational data
    • Ask and you shall receive
  • Connected to the Cloud (“fielded so fast”)
    • Resource rich devices connected to the cloud
    • Adoption significantly on the rise
    • Understanding and knowledge mid grade
    • Exploitation vectors and analysis TBD
      • CSA, Trusted Cloud

August 12, 2010

slide24

Verify

SEGMENT 2:

Pamela Fusco, CISSP, CISM, CHS-III VP of Industry Solutions Solutionary, Inc.

August 12, 2010

slide25

An act of generosity may become too generous

SEGMENT 2:

Pamela Fusco, CISSP, CISM, CHS-III VP of Industry Solutions Solutionary, Inc.

  • Technology only does what humans, design it to do
  • Consumers offer more pii when they believe they are getting something
  • Hold back a bit, don’t be so precise
    • Goggles for Google
    • Information relevance and data flux
    • Websites, specifically for golfers, etc
    • Social medians
      • Booz Allen’s social networking hello. Bah.com (P2P)
      • Targets employees with 5-15 yrs experience

August 12, 2010

slide26

Elements, Trends and Analysis

SEGMENT 2:

Pamela Fusco, CISSP, CISM, CHS-III VP of Industry Solutions Solutionary, Inc.

  • Sensible metrics and business intelligence
  • Realistic reporting and analysis
    • Compliance and auditing, business and personal
    • Investments in innovation and R&D
    • Strategy and preparation
    • Collaboration, affiliations and standards
      • Vas coalescence
      • Enable rapid acquisition by leveraging collaborative and participating partners

August 12, 2010

slide27

Get the VIEW!

SEGMENT 2:

Pamela Fusco, CISSP, CISM, CHS-III VP of Industry Solutions Solutionary, Inc.

  • Point in time
    • Too late
  • Social “Median” (can’t fight the trends)
  • Economies of scale

Portal

SIEM (and/or like)

  • Know the business of hacking
  • Know the solutions for defense and offense
    • Leverage trusted partners
    • MSSPs, Telco’s
    • Cloud solutions and purpose built methodologies and technologies

August 12, 2010

slide28

Think like they do and consider the outcome

Identify the Source

SEGMENT 2:

Pamela Fusco, CISSP, CISM, CHS-III VP of Industry Solutions Solutionary, Inc.

August 12, 2010

slide29

Introduction

Rich Baich is a Principal in Deloitte & Touche LLP’s Security & Privacy Service, where he champions the Global Cyber Threat and Vulnerability Management practice. Rich has over 15 years experience leading multi-national teams designing, implementing, measuring and advising organizations to effectively and efficiently balance risk, technology and data management decisions with data protection risks, regulatory compliance issues, privacy and security controls. Rich is former Chief Information Security Officer (CISO) at ChoicePoint Inc. where he held enterprise-wide responsibility for information and technology security. Previously, he held leadership positions within NSA, McAfee, and the FBI. In 2005, Rich authored “Winning as a CISO”, a security executive leadership guidebook and advisor to the President’s Commission for Cyber Security.

SEGMENT 3:

Rich Baich CISSP,CISMPrincipal – Global Leader Cyber Threat and Vulnerability ManagementDeloitte & Touche LLP

August 12, 2010

slide30

Cyber Threat Intelligence

SEGMENT 3:

Rich Baich CISSP,CISMPrincipal – Global Leader Cyber Threat and Vulnerability ManagementDeloitte & Touche LLP

August 12, 2010

slide31

The Changing Threat Landscape

The cybercrime landscape has evolved into a set of highly specialized criminal products and services that are able to target specific organizations, regions, and customer profiles by using a sophisticated set of malware exploits and anonymization systems which routinely evade present-day security controls.

August 12, 2010

slide32

The Underground Economy

Monetize

Enrich and Validate

Sell

Compromise

Acquire

Stolen Data

Drop Sites

Payment

Gateways

eCommerceSites

On-Line

Gambling

eMoney

Phishing

Keyloggers

InstantMessaging

Wire

Transfer

Bank

Data

Validation

Service

Botnet

Service

Carding

Forums

Drop Service

Retailers

Spammer

Botnet

Owners

Malware

Distribution

Service

Data

Acquisition

Service

Data Mining & Enrichment

Data Sales

Cashing

Credit Card

Cashers

Cyber

Criminals

Identity Collectors

Malware Authors

Malicious

Code Related

CriminalRoles

Underground

Criminal Services

3rd Party & Corporate

Enablers

Criminal Forums & Communication

Key:

August 12, 2010

slide33

Making Cyber Threat Intelligence Actionable

Our approach is based on real life deployment experience. It has been proven to work in large production environments and is differentiated by the use of aggregated open source intelligence with is transformed into normalized, context aware, actionable cyber threat intelligence data.

Recovered PII & Company Confidential Data

Near-Real TimeCriminal Surveillance

Integrated

Business

Processes

Actionable

Intelligence

  • Commercial Feeds
  • Law Enforcement
  • Industry Associations
  • Underground Forums
  • Hash databases
  • GEOIP data

Risk Assessment

Process

Risk Acceptance Process

External Cyber Threat Intelligence Feeds

Cyber Threat Intelligence Collection Research, and Analysis Process

“All Source Fusion”

Risk

Mitigation & Remediation

  • Fraud investigations
  • Security event data
  • Abuse mailbox info
  • Vulnerability data
  • Sandboxes
  • Human intelligence

Internal Threat Intelligence Feeds

Urgent security control updates

IP reputation data for authentication

  • Honeynets
  • Malware Forensics
  • Brand monitoring
  • P2P monitoring
  • DNS monitoring
  • Watchlist monitoring

Proactive Surveillance

Line of Business Teams

Threat Intelligence Reporting

Security, Fraud and Operational Risk Teams

Infrastructure & Application

Logs

Technology

Configuration

Data

3rd Parties, Subsidiaries

August 12, 2010

slide34

The Value of A Cyber Threat Intelligence Capability

  • Actionable, risk-based cyber intelligence data
  • Enhanced, industry specific brand monitoring and protection
  • Upgraded information security controls that meet or exceed regulatory obligations
  • Limit or reduce the scope and impact of security breaches
  • Reduce operational loss caused by cyber criminals
  • Reduce the frequency and scope of security incidents
  • Identify customers, partners, and suppliers that are compromised
  • Reduce the amount of time necessary to detect and locate advanced persistent threats
  • Improve the return on investment for previously purchased security controls, management platforms, and intelligence feeds

SEGMENT 3:

Rich Baich CISSP,CISMPrincipal – Global Leader Cyber Threat and Vulnerability ManagementDeloitte & Touche LLP

August 12, 2010

slide35

Introduction

Mr. Daly is an international investment, trade and cybersecurity policy expert and has held senior leadership positions at the White House, the U.S. Departments of the Treasury and Commerce and the U.S. Senate. As the former Treasury Deputy Assistant Secretary for Investment Security and Policy from 2006-2009, Mr. Daly was responsible for managing Treasury's work as the chair of the Committee on Foreign Investment in the United States. In that capacity, he also served as the Treasury representative on cybersecurity policy formulation within the Administration. He holds an undergraduate degree in political science from the University of California, Irvine and a graduate degree in international law and organizations from American University.

SEGMENT 4:

Nova J. DalyPublic Policy ConsultantWiley Rein LLP

August 12, 2010

slide36

The Facts

  • Cyber criminals operate undetected within systems. Their technologies include devices plugged into corporate networks, malware, and key stroke loggers that capture credentials and provide criminals with privileged access while they evade detection.
    • In 2009, more than 11.1 million U.S. adults were victims of identity theft.
    • One in every ten U.S. consumers has already been victimized by identity theft.
    • On average, victims lose between $851 and $1,378 out-of-pocket and spend 330 hours repairing the damage.
    • Incidents of fraud translated into losses of more than $54 billion by consumers and businesses.

SEGMENT 4:

Nova J. DalyPublic Policy ConsultantWiley Rein LLP

August 12, 2010

slide37

What Does it Mean for the Evolution of Cyber Security

Vulnerability Management?

  • Future legislative and federal initiatives that will seek to standardize technologies; possibly
  • with penalties for those businesses that do not meet certain standards
  • New guidelines on cybersecurity protocols
  • New international initiatives
  • Increased funding for R&D and technology procurement

SEGMENT 4:

Nova J. DalyPublic Policy ConsultantWiley Rein LLP

August 12, 2010

slide38

Are You Ready for Big Brother?

  • Some form of federal cyber security legislation is sure to pass the U.S. Congress, and it will change
  • the way you do business.

SEGMENT 4:

Nova J. DalyPublic Policy ConsultantWiley Rein LLP

August 12, 2010

slide39

Congress is Very Engaged

  • In 2009-10, Congress held over 75 hearings on cybersecurity.
  • Members stressed the need to partner with private sector entities.
  • However, barring a “Pearl Harbor” attack, legislation will not pass this year.

SEGMENT 4:

Nova J. DalyPublic Policy ConsultantWiley Rein LLP

August 12, 2010

slide40

Key Congressional Committees

  • Senate
    • Committee on Homeland Security an Governmental Affairs
      • Joseph Lieberman (I-CT); Susan Collins (R-ME)
    • Committee on Commerce, Science and Transportation
      • Jay Rockefeller (D-WV); Olympia Snowe (R-ME)
  • House
    • Committee on Science & Technology
      • Bart Gordon (D-TN); James Sensenbrenner (R-WI)
    • Committee on Energy and Commerce
      • Henry A. Waxman (D-CA); Joe Barton (R-TX)
    • Committee on Homeland Security
      • Bennie Thompson (D-MS); Peter T. King (R-NY)

SEGMENT 4:

Nova J. DalyPublic Policy ConsultantWiley Rein LLP

August 12, 2010

slide41

Key Congressional Legislation

  • Cybersecurity Enhancement Act, H.R. 4061: Passed the House and could pass in the Senate. Funds $396 million in R&D over 4 years; promotes a federal cybersecurity workforce and transfer of cyber technologies into the marketplace.
  • International Cybercrime Reporting and Cooperation Act, S. 3155 & H.R. 4692: Requires the President to produce annual reports on international efforts and identify countries posing a cyber threat.
  • Appropriations for Department of Homeland Security, H.R. 4842: Includes $150 million in funding for cybersecurity R&D to prevent, detect and respond to cyber attacks.
  • House Energy and Commerce and/Homeland Security Proposals: Both of these Committees have jurisdiction on cybersecurity and will likely have an important say in anything that is signed into law or considered in the House.

SEGMENT 4:

Nova J. DalyPublic Policy ConsultantWiley Rein LLP

August 12, 2010

slide42

Key Congressional Legislation

  • Cybersecurity Act of 2010, S.773: Passed Senate Commerce Committee. Estimated to cost $1.8 billion. This bill contains provisions for private sector collaboration, but there are concerns that it creates a “cyber bureaucracy” that would inhibit innovation. Provisions in the bill could levy fines for non-compliance with certain technology and procurement standards.
  • Protecting Cyberspace as a National Asset Act, S. 3480: The bill from Senators Lieberman and Collins places a top cybersecurity official in the White House, but gives DHS broad powers. Authorizes the President to issue a declaration of a national cyber emergency to covered critical infrastructure.
  • Senate Leader Harry Reid committed to developing comprehensive cyber security legislation in a June 2010, letter to President Obama, and told Senators to meld the competing cybersecurity bills together by September, if not earlier.

SEGMENT 4:

Nova J. DalyPublic Policy ConsultantWiley Rein LLP

August 12, 2010

slide43

Changes in the Cyber Security Policy Vacuum

  • Federal initiatives from agencies like the Department of Homeland Security and the Federal Communication Commission are driving changes in the absence of cyber security leadership.

SEGMENT 4:

Nova J. DalyPublic Policy ConsultantWiley Rein LLP

August 12, 2010

slide44

Moves from the Administration

  • 2008: Development of the Comprehensive National Cybersecurity Initiative (CNCI)
  • 2009: Performance of a 60-day review and publication of the Cyberspace Policy Review Report. The Report leads to:
    • Creation of a Cybersecurity Coordinator at the White House.
    • Work between federal, state and local partners with industry to identify procurement strategies that will incentivize the market.
      • Including through adjustments to liability considerations, tax incentives, and new regulatory requirements and compliance mechanisms.

SEGMENT 4:

Nova J. DalyPublic Policy ConsultantWiley Rein LLP

August 12, 2010

slide45

Key Administration Agencies and Actions

  • The White House. The National Security Counsel and National Economic Council are the nexus of cyber policy for the federal government.
  • The Department of Homeland Security (DHS). This agency is cyber central and responsible for: implementing the deployment of an intrusion detection system; coordinating R&D efforts; developing a cyber counterintelligence plan; expanding cyber education; and developing an approach for global supply chain risk management.
  • The Department of Defense (DOD) and the National Security Agency (NSA). Key agencies on cybersecurity spending and policy with immense budgets and huge policy weight.

SEGMENT 4:

Nova J. DalyPublic Policy ConsultantWiley Rein LLP

August 12, 2010

slide46

Key Administration Agencies and Actions

  • The U.S. Department of Commerce (Commerce). Commerce’s National Telecommunications and Information Administration (NTIA) plays an important role in cyber security policy.
  • The U.S. Department of State (State). Plays a significant international role, including on negotiations with other governments.
  • The Federal Communications Commission (FCC). The FCC recently released its National Broadband Plan. A key part of that plan is to give the FCC a greatly enhanced role in developing and promoting cyber security measures. It is also seeking support for a certification system for providers.

SEGMENT 4:

Nova J. DalyPublic Policy ConsultantWiley Rein LLP

August 12, 2010

slide47

International Treaty?

  • New international initiatives are creating industry and national coalitions.

SEGMENT 4:

Nova J. DalyPublic Policy ConsultantWiley Rein LLP

August 12, 2010

slide48

International Cybersecurity Moves

  • International Consensus
    • The world is moving toward developing a consensus around five pillars of cybersecurity action, with each country building:
      • a national security response team,
      • informed legislation,
      • public-private sector engagement and public awareness,
      • stronger enforcement, and
      • capacity building.

SEGMENT 4:

Nova J. DalyPublic Policy ConsultantWiley Rein LLP

August 12, 2010

slide49

Cyber Money

  • The tap on spending for cyber security R&D and technology has just begun to open.

SEGMENT 4:

Nova J. DalyPublic Policy ConsultantWiley Rein LLP

August 12, 2010

slide50

Money and Resources

  • The cumulative U.S. federal cybersecurity market is valued to be $55 billion from 2010-2015 and
  • will grow steadily – at about 6.2 percent annually over the next six years.
  • Congress is planning on providing massive funding to agencies and cybersecurity R&D.
  • The DHS alone plans to invest $900 million in technology in fiscal 2011, and is hiring thousands
  • of cybersecurity experts.
  • Funds related to these initiatives will find their way to the state and local coffers.

SEGMENT 4:

Nova J. DalyPublic Policy ConsultantWiley Rein LLP

August 12, 2010

slide51

Questions?

SEGMENT 4:

Nova J. DalyPublic Policy ConsultantWiley Rein LLP

August 12, 2010

slide52

Introduction

Ed Gibson is a Director at PricewaterhouseCoopers (PwC) in the Forensics Technology Practice in Washington DC and global. He is responsible for helping companies build capabilities and preventative mechanisms relative to anti-money laundering, FCPA, corporate intelligence, cyber compromise, data protection and privacy, economic espionage, supply chain technology, and social media. He recently returned to the US after 10 years in the UK - from 2000-2005 he was an Assistant Legal Attache for the FBI, assigned to the US Embassy in London in charge of the FBI's cyber investigations in the UK and Ireland. Following his retirement from the FBI in June 2005 he took up a new role as the Chief cyber Security Advisor for Microsoft Ltd in the UK until December 2009 where he was a sought after speaker on cyber risk issues due to his ability to make it personal and real. Prior to London, Ed was a career FBI agent in the Washington DC metro are specializing in investigations of complex frauds, asset identification, and economic espionage. He is a qualified Solicitor in England and Wales, a CISSP (Certified Information Systems Security Professional), a Fellow of the British Computer Society (FBCS), holds a current Top Secret/SCI clearance, and served in the military in the early '70s. Today Ed will be talking about the practical difficulties Corporate executives, the c-Suite, and law firms face in determining 'who to call' when the cyber catastrophe happens and the threat comes from off-shore.

SEGMENT 5:

Edward P Gibson, CISSP, FBCSDirector, US Forensics Technology Solutions PracticePricewaterhouseCoopers LLP

August 12, 2010

slide53

Talking Points

  • " It's never going to happen to me" - What you need to know now!
  • Who are you going to call when the extortion email arrives in your inbox: in-house counsel? External counsel? Police? FBI / US Secret Service? Your neighbor?
  • Data Breach reporting - publication and notification - or hide?
  • Insider threat greater than external threats - economic espionage is real
  • WabiSabiLabi.com e-bay of software vulnerabilities
  • Cryptome.org // Sealandgov.org // Wikileaks.com - Do you know where your data is?

SEGMENT 5:

Edward P Gibson, CISSP, FBCSDirector, US Forensics Technology Solutions PracticePricewaterhouseCoopers LLP

(Edward P Gibson, CISSP, FBCS, Director-Forensic Technology Solutions, PricewaterhouseCoopers, Washington DC metro and global, Ed.Gibson@us.pwc.com, +1 703 789 5281)

August 12, 2010

slide54

Talking Points

  • Cloud computing - What is it and why you should care
  • International discovery issues: MLAT / Letters Rogatory / or Just forget about it?
  • Data privacy / public policy issues are constantly changing in Europe
  • Sometimes you just can't do anything about it after it happens - so don't let it happen in the first place.
  • Network printers / copy machines; mobile devices; hardware: yes they all store data
  • Social Media - 17 steps to privacy (what is good is bad - does anyone care?)

SEGMENT 5:

Edward P Gibson, CISSP, FBCSDirector, US Forensics Technology Solutions PracticePricewaterhouseCoopers LLP

(Edward P Gibson, CISSP, FBCS, Director-Forensic Technology Solutions, PricewaterhouseCoopers, Washington DC metro and global, Ed.Gibson@us.pwc.com, +1 703 789 5281)

August 12, 2010

slide55

SEGMENT 1:

SEGMENT 2:

Marita FowlerSection Chief, Surface Analysis Group Cybersecurity DivisionUS-CERT - Department of Homeland Security

Pamela Fusco, CISSP, CISM, CHS-III VP of Industry Solutions Solutionary, Inc.

SEGMENT 3:

SEGMENT 4:

Nova J. DalyPublic Policy ConsultantWiley Rein LLP

Rich Baich CISSP,CISMPrincipal – Global Leader Cyber Threat and Vulnerability ManagementDeloitte & Touche LLP

SEGMENT 5:

Edward P Gibson, CISSP, FBCSDirector, US Forensics Technology Solutions PracticePricewaterhouseCoopers LLP

►You may ask a question at anytime throughout the presentation today. Simply click on the question mark icon located on the floating tool bar on the bottom right side of your screen. Type your question in the box that appears and click send. ►Questions will be answered in the order they are received.

August 12, 2010

slide56

Notes:

August 12, 2010

slide57

ABOUT THE KNOWLEDGE CONGRESS:

The Knowledge Group, LLCis an organization that produces live webcasts which examine regulatory changes and their impacts across a variety of industries. “We bring together the world's leading authorities and industry participants through informative two-hour webcasts to study the impact of changing regulations.”

If you would like to be informed of other upcoming events, please click here.

Disclaimer:

The Knowledge Group, LLC is producing this event for information purposes only. We do not intend to provide or offer business advice.

The contents of this event are based upon the opinions of our speakers. The Knowledge Congress does not warrant their accuracy and completeness. The statements made by them are based on their independent opinions and does not necessarily reflect that of The Knowledge Congress' views.

In no event shall The Knowledge Congress be liable to any person or business entity for any special, direct, indirect, punitive, incidental or consequential damages as a result of any information gathered from this webcast.

August 12, 2010