CYBER SECURITY POLICIES

America National Strategy to Secure Cyberspace:

National Cyberspace Security Priorities Priority I: A National Cyberspace Security Response System
The National Strategy to Secure Cyberspace identifies eight major actions and initiatives for cyberspace security response: 1. Establish public-private architecture for responding to national-level cyber incidents; 2. Provide for the development of tactical and strategic analysis of cyber attacks and vulnerability assessments; 3. Encourage the development of a private sector capability to share a synoptic view of the health of cyberspace; 4. Expand the Cyber Warning and Information Network to support the role of DHS in coordinating crisis management for cyberspace security; 5. Improve national incident management; 6. Coordinate processes for voluntary participation in the development of national publicprivate continuity and contingency plans; 7. Exercise cyber security continuity plans for federal systems; and 8. Improve and enhance public-private information sharing involving cyber attacks, threats, and vulnerabilities.

Priority II: A National Cyberspace Security Threat and Vulnerability Reduction Program
The National Strategy to Secure Cyberspace identifies eight major actions and initiatives to reduce threats and related vulnerabilities: 1. Enhance law enforcements capabilities for preventing and prosecuting cyberspace attacks; 2. Create a process for national vulnerability assessments to better understand the potential consequences of threats and vulnerabilities; 3. Secure the mechanisms of the Internet by improving protocols and routing;

4. Foster the use of trusted digital control systems/supervisory control and data acquisition systems; 5. Reduce and remediate software vulnerabilities; 6. Understand infrastructure interdependencies and improve the physical security of cyber systems and telecommunications; 7. Prioritize federal cyber security research and development agendas; and 8. Assess and secure emerging systems.

Priority III: A National Cyberspace Security Awareness and Training Program

The National Strategy to Secure Cyberspace identifies four major actions and initiatives for awareness, education, and training: 1. Promote a comprehensive national awareness program to empower all Americans businesses, the general workforce, and the general populationto secure their own parts of cyberspace; 2. Foster adequate training and education programs to support the Nations cyber security needs; 3. Increase the efficiency of existing federal cyber security training programs; and 4. Promote private-sector support for well-coordinated, widely recognized professional cyber security certifications.

Priority IV: Securing Governments Cyberspace

The National Strategy to Secure Cyberspace identifies five major actions and initiatives for the securing of governments cyberspace: 1. Continuously assess threats and vulnerabilities to federal cyber systems; 2. Authenticate and maintain authorized users of federal cyber systems; 3. Secure federal wireless local area networks; 4. Improve security in government outsourcing and procurement; and 5. Encourage state and local governments to consider establishing information technology security programs and participate in information sharing and analysis centers with similar governments.

Priority V: National Security and International Cyberspace Security Cooperation

The National Strategy to Secure Cyberspace identifies six major actions and initiatives to strengthen U.S. national security and international cooperation: 1. Strengthen cyber-related counterintelligence efforts; 2. Improve capabilities for attack attribution and response; 3. Improve coordination for responding to cyber attacks within the U.S. national security community; 4. Work with industry and through international organizations to facilitate dialogue and partnerships among international public and private sectors focused on protecting information infrastructures and promoting a global culture of security; 5. Foster the establishment of national and international watch-and-warning networks to detect and prevent cyber attacks as they emerge; and 6. Encourage other nations to accede to the Council of Europe Convention on Cybercrime, or to ensure that their laws and procedures are at least as comprehensive.

DODs Strategic Initiatives:

Strategic Initiative 1: DOD will treat cyberspace as an operational domain to organize, train, and equip so that DOD can take full advantage of cyberspaces potential. The establishment of USCYBERCOM reflects DODs need to: Manage cyberspace risk through efforts such as increased training, information assurance, greater situational awareness, and creating secure and resilient network environments; Assure integrity and availability by engaging in smart partnerships, building collective self defenses, and maintaining a common operating picture; and Ensure the development of integrated capabilities by working closely with Combatant Commands, Services, Agencies, and the acquisition community to rapidly deliver and deploy innovative capabilities where they are needed the most. Strategic Initiative 2: DOD will employ new defense operating concepts to protect DOD networks and systems. The implementation of constantly evolving defense operating concepts is required to achieve DODs cyberspace mission today and in the future.

As a first step, DOD is enhancing its cyber hygiene best practices to improve its cyber security. Second, to deter and mitigate insider threats, DOD will strengthen its workforce communications, workforce accountability, internal monitoring, and information management capabilities. Third, DOD will employ an active cyber defense capability to prevent intrusions onto DOD networks and systems. Fourth, DOD is developing new defense operating concepts and computing architectures. All of these components combine to form an adaptive and dynamic defense of DOD networks and systems. Strategic Initiative 3: DOD will partner with other U.S. government departments and agencies and the private sector to enable a whole-of-government cyber security strategy. In order to enable a whole-of-government approach, DOD will continue to work closely with its interagency partners on new and innovative ways to increase national cyber security. First, the formalized structure reaffirms the limits that current law and policy set on DOD and DHS collaboration. Second, joint participation in program planning will increase each departments mission effectiveness; specifically, it will improve a shared understanding of cyber security needs and ensure the protection of privacy and civil liberties. Third, the arrangement will conserve limited budgetary resources. This agreement will help DHS to best protect the Executive Branch .gov domain, work in partnership with state, local, and tribal governments, partner with the private sector, and coordinate the defense of U.S. critical infrastructure. Strategic Initiative 4: DOD will build robust relationships with U.S. allies and international partners to strengthen collective cyber security. As international cyberspace cooperation continues to develop, DOD will advance its close cyberspace cooperation with its allies to defend U.S. and allied interests in cyberspace. DOD will work closely with its allies and international partners to develop shared warning capabilities, engage in capacity building, and conduct joint training activities. Engagement will create opportunities to initiate dialogues for sharing best practices in areas such as forensics, capability development, exercise participation, and public-private partnerships.

Further, the development of burden sharing arrangements can play to each nations core strengths and capabilities; this will bolster areas where partners are less proficient, increase capacity, and strengthen collective cyber security. Strategic Initiative 5: DOD will leverage the nations ingenuity through an exceptional cyber workforce and rapid technological innovation. To replicate the dynamism of the private sector and harness the power of emerging computing concepts, DODs acquisition processes for information technology will adopt five principles. First, speed is a critical priority. DODs acquisition processes and regulations must match the technology development life cycle. With information technology, this means cycles of 12 to 36 months, not seven or eight years. Second, DOD will employ incremental development and testing rather than a single deployment of large, complex systems. Third, DOD will be willing to sacrifice or defer some customization to achieve speedy incremental improvements. Fourth, DODs information technology needsfrom modernizing nuclear command and control systems to updating word-processing softwarewill adopt differing levels of oversight based on the Departments prioritization of critical systems. Fifth, improved security measures will be taken with all of the systems that DOD buys, including software and hardware. No backdoor can be left open to infiltration; no test module can be left active.

Canada
Three types of threats are discussed below. 1. State Sponsored Cyber Espionage and Military Activities 2. Terrorist Use of the Internet 3. Cybercrime The Strategy is built on three pillars:
1. Securing Government systems

Establishing Clear Federal Roles and Responsibilities Strengthening the Security of Federal Cyber Systems Enhancing Cyber Security Awareness throughout Government
2. Partnering to secure vital cyber systems outside the federal Government

Partnering with the Provinces and Territories Partnering with the Private Sector and Critical Infrastructure Sectors
3. Helping Canadians to be secure online

Combating Cybercrime Protecting Canadians Online