Weis 2011 workshop on the economics of information security
Download
1 / 43

WEIS 2011 Workshop on the Economics of Information Security - PowerPoint PPT Presentation


  • 112 Views
  • Uploaded on

WEIS 2011 Workshop on the Economics of Information Security. Chris Greer Assistant Director for Information Technology R&D White House Office of Science & Technology Policy. June 14, 2011. America's economic prosperity in the 21st century will depend on cybersecurity

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'WEIS 2011 Workshop on the Economics of Information Security' - zizi


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Weis 2011 workshop on the economics of information security l.jpg

WEIS 2011Workshop on the Economics of Information Security

Chris Greer

Assistant Director for Information Technology R&D

White House Office of Science & Technology Policy

June 14, 2011


Slide2 l.jpg

America's economic prosperity in the 21st century will depend on cybersecurity

- President Obama, May 2009


President s strategy for american innovation l.jpg
President’s Strategy for American Innovation depend on cybersecurity

Catalyze Breakthroughs for National Priorities

  • Unleash a clean energy revolution

  • Accelerate biotechnology,

  • nanotechnology, and advanced manufacturing

  • Develop breakthroughs in space applications

  • Drive breakthroughs in health care technology

  • Create a quantum leap in educational technologies

  • Accelerate business innovation with the R&E tax credit

  • Promote investments in ingenuity through effective intellectual property policy

  • Encourage high-growth and innovation-based entrepreneurship

  • Promote innovative, open, and competitive markets

Promote Market-Based Innovation

Invest in the Building Blocks of American Innovation

  • Educate Americans with 21st century skills and create a world-class workforce

  • Build a leading physical infrastructure

  • Strengthen and broaden American leadership in fundamental research

  • Develop an advanced information technology ecosystem

Source: http://www.whitehouse.gov/innovation/; www.startupamericapartnership.prg; www.whitehouse.gov/open


President s strategy for american innovation4 l.jpg
President’s Strategy for American Innovation depend on cybersecurity

Catalyze Breakthroughs for National Priorities

  • Unleash a clean energy revolution

  • Accelerate biotechnology,

  • nanotechnology, and advanced manufacturing

  • Develop breakthroughs in space applications

  • Drive breakthroughs in health care technology

  • Create a quantum leap in educational technologies

  • Accelerate business innovation with the R&E tax credit

  • Promote investments in ingenuity through effective intellectual property policy

  • Encourage high-growth and innovation-based entrepreneurship

  • Promote innovative, open, and competitive markets

Promote Market-Based Innovation

Invest in the Building Blocks of American Innovation

  • Strengthen and broaden American leadership in fundamental research

  • Develop an advanced information technology ecosystem

Source: http://www.whitehouse.gov/innovation/; www.startupamericapartnership.prg; www.whitehouse.gov/open


President s strategy for american innovation5 l.jpg
President’s Strategy for American Innovation depend on cybersecurity

Comprehensive Cybersecurity Framework

National Strategy for Trusted Identities in Cyberspace

National Initiative for Cybersecurity Education

Trustworthy Cyberspace:

Strategic Plan for

Federal R&D

Invest in the Building Blocks of American Innovation

  • Strengthen and broaden American leadership in fundamental research

  • Develop an advanced information technology ecosystem

Administration Proposal for Cybersecurity Legislation

International Strategy

for Cyberspace

Source: http://www.whitehouse.gov/innovation/; www.startupamericapartnership.prg; www.whitehouse.gov/open


Slide6 l.jpg

President’s Cyberspace Policy Review depend on cybersecurity

  • May 2009

  • Themes:

    • Lead from the top

    • Build capacity for a digital nation

    • Share responsibility for cybersecurity

    • Create effective information sharing and incident response

    • Encourage Innovation


Slide7 l.jpg

President’s Cyberspace Policy Review depend on cybersecurity

  • May 2009

  • Themes:

    • Lead from the top

    • Build capacity for a digital nation

    • Share responsibility for cybersecurity

    • Create effective information sharing and incident response

    • Encourage Innovation


Slide8 l.jpg

International Strategy for Cyberspace depend on cybersecurity


Slide9 l.jpg

“Cyberspace, and the technologies that enable it, allow people of every nationality, race, faith, and point of view to communicate, cooperate, and prosper like never before.”

President Obama

May 2011

www.whitehouse.gov/cybersecurity


Slide10 l.jpg

Our Goal people of every nationality, race, faith, and point of view to communicate, cooperate, and prosper like never before.”

The United States will work internationally to promote an open, interoperable, secure, and reliable cyberspace that supports international trade and commerce, strengthens international security, and fosters free expression and innovation.


Slide11 l.jpg

  • The cyberspace environment that we seek: people of every nationality, race, faith, and point of view to communicate, cooperate, and prosper like never before.”

  • rewards innovation and empowers entrepreneurs;

  • connects individuals and strengthens communities;

  • builds better governments and expands accountability;

  • safeguards fundamental freedoms and enhances personal privacy; and

  • builds understanding, clarifies norms of behavior, and enhances national and international security.


Slide12 l.jpg

Norms of Responsible Behavior people of every nationality, race, faith, and point of view to communicate, cooperate, and prosper like never before.”

  • Upholding Fundamental Freedoms

  • Respect for Property

  • Valuing Privacy

  • Protection from Crime

  • Right of Self-Defense

  • Global Interoperability

  • Network Stability

  • Reliable Access

  • Multi-stakeholder Governance

  • Cybersecurity Due Diligence


Slide13 l.jpg

Norms of Responsible Behavior people of every nationality, race, faith, and point of view to communicate, cooperate, and prosper like never before.”

  • Upholding Fundamental Freedoms

  • Respect for Property

  • Valuing Privacy

  • Protection from Crime

  • Right of Self-Defense

  • Global Interoperability

  • Network Stability

  • Reliable Access

  • Multi-stakeholder Governance

  • Cybersecurity Due Diligence


Slide14 l.jpg

Administration Proposal for people of every nationality, race, faith, and point of view to communicate, cooperate, and prosper like never before.”Cybersecurity Legislation


Slide15 l.jpg

The Administration should partner appropriately with Congress to ensure adequate law, policies, and resources are available to support the U.S. cybersecurity-related missions.

President’s Cyberspace Policy Review

May 2009


Slide16 l.jpg

President’s Cyberspace Policy Review Congress to ensure adequate law, policies, and resources are available to support the U.S. cybersecurity-related missions.

  • May 2009

  • Themes:

    • Lead from the top

    • Build capacity for a digital nation

    • Share responsibility for cybersecurity

    • Create effective information sharing and incident response

    • Encourage Innovation


Slide17 l.jpg

The proposal helps protect: Congress to ensure adequate law, policies, and resources are available to support the U.S. cybersecurity-related missions.

  • the American people;

  • our Nation’s critical infrastructure;

  • federal government networks and systems; and

  • Privacy and civil liberties.

www.whitehouse.gov/cybersecurity


Slide18 l.jpg

Protecting the American People Congress to ensure adequate law, policies, and resources are available to support the U.S. cybersecurity-related missions.

  • National Data Breach Reporting

  • Penalties for Cyber Criminals


Slide19 l.jpg

Protecting our Nation’s Critical Infrastructure Congress to ensure adequate law, policies, and resources are available to support the U.S. cybersecurity-related missions.

  • Voluntary government assistance to industry, states, and local government

  • Voluntary information sharing with DHS

  • Critical infrastructure cybersecurity plans


Slide20 l.jpg

Protecting Federal Computers & Networks Congress to ensure adequate law, policies, and resources are available to support the U.S. cybersecurity-related missions.

  • Management – FISMA update and roles

  • Personnel – Hiring authorities and exchange

  • Intrusion Prevention Systems – EINSTEIN

  • Data Centers – Promoting cloud innovation


Slide21 l.jpg

Protecting Privacy and Civil Liberties Congress to ensure adequate law, policies, and resources are available to support the U.S. cybersecurity-related missions.

  • Privacy and civil liberties expert review and Attorney General (AG) approval

  • Limitation to cybersecurity threats and criminal law enforcement with AG review

  • Threat information shared without unrelated identifying information

  • Layered oversight programs and Congressional reporting


Slide22 l.jpg

National Initiative for Congress to ensure adequate law, policies, and resources are available to support the U.S. cybersecurity-related missions. Cybersecurity Education

NICE


Slide23 l.jpg

President’s Cyberspace Policy Review Congress to ensure adequate law, policies, and resources are available to support the U.S. cybersecurity-related missions.

  • May 2009

  • Themes:

    • Lead from the top

    • Build capacity for a digital nation

    • Share responsibility for cybersecurity

    • Create effective information sharing and incident response

    • Encourage Innovation


Slide24 l.jpg

NICE Website: WWW.NIST.GOV/NICE Congress to ensure adequate law, policies, and resources are available to support the U.S. cybersecurity-related missions.


Slide25 l.jpg

Building Capacity for a Digital Nation Congress to ensure adequate law, policies, and resources are available to support the U.S. cybersecurity-related missions.

  • Increase public awareness

  • Enhance formal cybersecurity education

  • Expand, define, and train a world-class cybersecurity workforce


Slide26 l.jpg

Cybersecurity Pipeline Congress to ensure adequate law, policies, and resources are available to support the U.S. cybersecurity-related missions.


Slide27 l.jpg

NICE Components Congress to ensure adequate law, policies, and resources are available to support the U.S. cybersecurity-related missions.

National Cybersecurity Awareness

  • Lead: Department of Homeland Security (DHS)

  • Public service campaigns and awareness activities year round

Formal Cybersecurity Education

  • Leads: Department of Education (ED), National Science Foundation (NSF)

  • Co-Leads: Department of Labor (DOL), DHS

  • STEM and cybersecurity education programs in accredited settings


Slide28 l.jpg

NICE Components Congress to ensure adequate law, policies, and resources are available to support the U.S. cybersecurity-related missions.

Cybersecurity Workforce Structure

  • Overall Lead: Department of Homeland Security (DHS)

  • Federal Workforce – Office of Personnel Management

  • Government Workforce (non-Federal) – DHS

  • Private Sector Workforce – Dept. Labor, National Institute of Standards and Technology

  • Cybersecurity Workforce Training and Professional Development

    • Tri-Leads: Department of Defense (DoD), Office of the Director of National Intelligence (ODNI) , Department of Homeland Security (DHS) Tri-Leads:

  • General IT Use – Federal Chief Information Officer Council and DHSIT

  • Infrastructure, Operations, Maintenance & Information Assurance – DoD, DHS

  • Domestic Law Enforcement and Counterintelligence – Department of Defense Cyber Crime Center (DC3), National Counterintelligence Executive (NCIX), Department of Justice, and DHS

  • Specialized Cybersecurity Operations - NSA


  • Slide29 l.jpg

    National Initiative for Trusted Identities in Cyberspace Congress to ensure adequate law, policies, and resources are available to support the U.S. cybersecurity-related missions.

    NSTIC


    Slide30 l.jpg

    President’s Cyberspace Policy Review Congress to ensure adequate law, policies, and resources are available to support the U.S. cybersecurity-related missions.

    • May 2009

    • Themes:

      • Lead from the top

      • Build capacity for a digital nation

      • Share responsibility for cybersecurity

      • Create effective information sharing and incident response

      • Encourage Innovation


    Slide31 l.jpg

    NSTIC Website: WWW.NIST.GOV/NSTIC Congress to ensure adequate law, policies, and resources are available to support the U.S. cybersecurity-related missions.


    Slide32 l.jpg

    NSTIC Focus - Two Central Problems: Congress to ensure adequate law, policies, and resources are available to support the U.S. cybersecurity-related missions.

    • Passwords are inconvenient and insecure

    • Individuals are unable to prove their true identity online for significant transactions


    Slide33 l.jpg

    • Phishing continues to rise, with attacks becoming more sophisticated

    • Managing multiple passwords is expensive

    • Passwords are failing

    • Maintenance of multiple accounts is increasing as more services move online


    Slide34 l.jpg

    Characteristics of the Identity Ecosystem Congress to ensure adequate law, policies, and resources are available to support the U.S. cybersecurity-related missions.

    • Led by the private sector

    • Allows consumers who want to participate to:

      • obtain a single digital credential for wide use

      • choose among a diverse market of credential providers

      • use their credential when needed and remain anonymous when desired

    • Enhances privacy through:

      • “need-to-know” restrictions

      • reduced identity theft

      • reduced instances of sensitive information sharing


    Slide35 l.jpg

    Trustworthy Cyberspace: Congress to ensure adequate law, policies, and resources are available to support the U.S. cybersecurity-related missions.

    Strategic Plan for the Federal Cybersecurity Research and Development Program


    Slide36 l.jpg

    President’s Cyberspace Policy Review Congress to ensure adequate law, policies, and resources are available to support the U.S. cybersecurity-related missions.

    • May 2009

    • Themes:

      • Lead from the top

      • Build capacity for a digital nation

      • Share responsibility for cybersecurity

      • Create effective information sharing and incident response

      • Encourage Innovation


    Slide37 l.jpg

    Encouraging Innovation Congress to ensure adequate law, policies, and resources are available to support the U.S. cybersecurity-related missions.

    Provide a framework for research and development strategies that focus on game-changing technologies that will help meet infrastructure objectives, building on the existing NITRD strategies …


    Slide38 l.jpg

    Interagency Coordination Congress to ensure adequate law, policies, and resources are available to support the U.S. cybersecurity-related missions.

    • NITRD:Networking and Information Technology Research and Development Program

      • CSIA:Cyber Security and Information Assurance Working Group

      • SSG: Senior Steering Group for Cybersecurity

    • SCORE:Special Cyber Operations Research and Engineering


    Slide39 l.jpg

    Strategy Overview Congress to ensure adequate law, policies, and resources are available to support the U.S. cybersecurity-related missions.

    • Near Horizon

      • Moving Target Defense

      • Tailored Trustworthy Spaces

      • Cyber Economic Incentives

      • Designed-in Security

    • Over the Horizon

      • Science of Cybersecurity

    • Research for Results

      • Translation to practice


    Slide40 l.jpg

    Strategy Overview Congress to ensure adequate law, policies, and resources are available to support the U.S. cybersecurity-related missions.

    • Near Horizon

      • Moving Target Defense

      • Tailored Trustworthy Spaces

      • Cyber Economic Incentives

      • Designed-in Security

    • Over the Horizon

      • Science of Cybersecurity

    • Research for Results

      • Translation to practice


    Slide41 l.jpg

    Cyber Economic Incentives - Examples Congress to ensure adequate law, policies, and resources are available to support the U.S. cybersecurity-related missions.

    • Economics of legislation and policy choices

      • Immunity, liability, safe harbor, incentives, material disclosure, audit and assessment

    • Market factors

      • Valuation, cost/benefit analyses, technology risk, standards and innovation, awareness, intellectual arbitrage, risk decision-making, criminal markets

    • Cyber insurance

      • Actuarial analysis, quantitative risk assessment, moral hazard, catastrophic and interdependent risks, risk pooling


    President s strategy for american innovation42 l.jpg
    President’s Strategy for American Innovation Congress to ensure adequate law, policies, and resources are available to support the U.S. cybersecurity-related missions.

    Comprehensive Cybersecurity Framework

    National Initiative for Cybersecurity Education

    National Strategy for Trusted Identities in Cyberspace

    Trustworthy Cyberspace:

    Strategic Plan for

    Federal R&D

    Invest in the Building Blocks of American Innovation

    • Strengthen and broaden American leadership in fundamental research

    • Develop an advanced information technology ecosystem

    Administration Proposal for Cybersecurity Legislation

    International Strategy

    for Cyberspace

    Source: http://www.whitehouse.gov/innovation/; www.startupamericapartnership.prg; www.whitehouse.gov/open


    Slide43 l.jpg

    Additional Information: Congress to ensure adequate law, policies, and resources are available to support the U.S. cybersecurity-related missions.

    www.whitehouse.gov/cybersecurity

    Contact:

    [email protected]


    ad