Beruflich Dokumente
Kultur Dokumente
Pondera International
TABLE OF CONTENTS
Overview of Issues Current Status of Legislation Senate - detail House detail
OVERVIEW OF ISSUES
Information Sharing
Between private sector and government Whether bidirectional sharing Voluntary or mandatory Through DHS or independent cyber hubs
Critical Infrastructure
How to define, who to include How to protect mandatory vs. voluntary Certifications / audtis Types of incentives
FISMA Privacy Data Breach Liability Protection Supply Chain Workforce R&D
DHS having the main role, or dispersed among agencies The role of NSA Operational vs. budget vs. strategy ownership
SENATE
Key elements of compromise approach
COMPROMISE contd
III. Audits: conducted by private sector, as authorized by DHS
Definition is IV. Protections: only if cyber attack critical here! Liability Government contracts considerations Security clearance Exclusions: gross negligence, willful or reckless; fraudulent or willful misconduct
7
HOUSE
Individual summaries of 4 bills passed in April
Disseminate real-time information NOT after the fact DHS to become the hub for USG and information sharing; all information given to government will be copied to DHS Separate from government but perhaps partially funded, envision a number of private sector entities to have this role operate outside of government Complete transparency to all parties on how info shared and for what purpose Annual review by an independent Inspector General re: privacy DIB pilot to be a model; coordinate with other existing efforts Limited safe harbors for private sector for liability
9
FISMA REFORM
Sponsored by Chairman Issa (R-CA)
Provides for automated and continuous monitoring Requires regular threat assessment instead of periodic check the box reviews Does not mandate anything re: private networks Stresses the need for public-private partnerships
10
HR 2096 Cybersecurity Enhancement Act of 2011 Committee on Science, Space & Technology
Sponsored by McCaul (R-TX)
R&D
Coordinates R&D activities conducted across the federal agencies to better address evolving cyber threats Reauthorizes basic cybersecurity research programs at the National Science Foundation (NSF), and strengthens the efforts of the NSF and the National Institute of Standards and Technology (NIST) in the areas of cybersecurity technical standards and cybersecurity awareness, education, and talent development
11
HR 3834 Advancing Americas Networking and Information Technology Research and Development Act of 2012
NITRD
Reauthorizes the Networking and Information Technology Research and Development (NITRD) Act The NITRD program, now in its 20th year, represents the federal governments central R&D investment portfolio for unclassified networking, computing, software, cyber security, and related information technologies The NITRD program focuses on R&D to detect, prevent, resist, respond to, and recover from actions that threaten to compromise the availability, integrity, or 12 confidentiality of computer-and network-based systems.
Questions?
Pondera International