partnership for secure national infrastructures n.
Download
Skip this Video
Download Presentation
Partnership for Secure National Infrastructures

Loading in 2 Seconds...

play fullscreen
1 / 12

Partnership for Secure National Infrastructures - PowerPoint PPT Presentation


  • 117 Views
  • Uploaded on

Partnership for Secure National Infrastructures. Jerry Cochran Principal Security Strategist Trustworthy Computing Group Microsoft Corporation. Differentiating CIP, CII, and Cybersecurity. Critical Infrastructures. Non-essential IT systems. Cybersecurity.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Partnership for Secure National Infrastructures' - lorimer


Download Now An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
partnership for secure national infrastructures

Partnership for Secure National Infrastructures

Jerry Cochran

Principal Security Strategist

Trustworthy Computing Group

Microsoft Corporation

slide2

Differentiating CIP, CII, and Cybersecurity

Critical Infrastructures

Non-essential IT systems

Cybersecurity

Those practices and procedures that enable the secure use and operation of cyber tools and technologies

Critical Information Infrastructure

Cross-cutting ICT interdependencies among all sectors

Energy

Transportation

IT/Telecom

Enterprises

Consumers

Govt Services

Banking/Finance

cip policy drivers and influences
CIP Policy Drivers and Influences

War

Terrorism

Cyber Attacks

Convergence

Globalization

Natural Disasters

Laws and Regulations

Directives/Policies

Emergency Response Plans

National Strategies

keys to resilient infrastructures
Keys to Resilient Infrastructures
  • Define Goals and Roles
  • Identify and Prioritize Critical Functions
  • Continuously Assess and Manage Risks
  • Build Operational Response Frameworks
  • Create Public-Private Partnerships
  • Build Security/Resiliency into Operations
  • Government and infrastructure owners/operators:
  • Collaboratively pursue these core enablers of resiliency and infrastructure security
roles for cip engagement
Roles for CIP Engagement

Incidences, emerging issues, & changing conditions :

constantly update risk assessment

identify and prioritize critical functions
Identify and Prioritize Critical Functions
  • Establish an Open Dialog
    • Understand the critical functions, infrastructure elements, and key resources necessary for:
      • delivering essential services,
      • maintaining the orderly operations of the economy, and
      • helping to ensure public safety.

Critical Function

Infrastructure Element

Key Resource

Supply Chain

Supply Chain

Supply Chain

Critical Function

Infrastructure Element

Key Resource

Critical Function

Supply Chain

Supply Chain

Supply Chain

Infrastructure Element

Key Resource

Understand Interdependencies

Supply Chain

Supply Chain

Supply Chain

Supply Chain

continuous risk management
Continuous Risk Management

Protection is the Continuous Application of Risk Management

  • Evaluate Program Effectiveness
  • Leverage Findings to Improve Risk Management
  • Identify Key Functions
  • Assess Risks
  • Evaluate Consequences

Incidences, emerging issues, & changing conditions :

constantly update risk assessment

  • Define Functional Requirements
  • Evaluate Proposed Controls
  • Estimate Risk Reduction/Cost Benefit
  • Select Mitigation Strategy
  • Seek Holistic Approach.
  • Organize by Control Effectiveness
  • Implement Defense-in-Depth
build operational response frameworks
Build Operational Response Frameworks
  • Goal: Improve Operational Coordination
  • Public- and private-sector organizations alike can benefit from developing joint plans for managing emergencies, including recovering critical functions in the event of significant incidents
  • Unified Concept of Operations for Public and Private Sector CERTs
  • Emergency response plans can mitigate damage and promote resiliency.
  • Effective emergency response plans are generally short and highly actionable so they can be readily tested, evaluated, and implemented.
  • Testing and exercising emergency response plans promotes trust, understanding, and greater operational coordination among public- and private-sector organizations.
  • Exercises also provide an important opportunity to identify new risk factors that can be addressed in response plans or controlled through regular risk management functions.
create public private partnerships
Create Public/Private Partnerships
  • Voluntary public-private partnerships
    • Promote trusted relationships needed for information sharing and collaborating on difficult problems
    • Leverage the unique skills of government and private sector organizations
    • Provide the flexibility needed to collaboratively address today’s dynamic threat environment
    • Provide a Value Proposition to the private sector

Collaboration is key to protecting critical infrastructure

continuous improvement build resiliency security into infrastructures
Continuous Improvement: Build Resiliency/Security into Infrastructures

Critical Functions

(Global, National, Local)

Security is a continuous process

Building security and resiliency into infrastructure operations

Infrastructure

Operations

Security

Controls

Management

Technical

Operational

Fosters increased security and resiliency for the critical functions that support safety, security, and commerce at all levels