Mais conteúdo relacionado
Semelhante a CYBERSECURITY LEGISLATION (20)
CYBERSECURITY LEGISLATION
- 1. Cyber Security briefing to Congress
PPD21 and PPD22
By
……………
From
CSCSS
1 (800) 6VISIBLE • www.visible.com
© 2004 Visible Systems Corporation. All rights reserved.
- 2. Agenda
Why are we here?
Is the legislation necessary or are the currently
available policy tools sufficient
Is new legislation is needed, what need should
be addressed and why
What authorities and protection should be
included? Why?
1 (800) 6VISIBLE • www.visible.com
© 2004 Visible Systems Corporation. All rights reserved.
- 3. Cyber security bills that have not been passed
Presidential Policy Directive-21 replaces
Homeland Security Presidential Directive-7 .
The Executive Order (EO) does not address all
the cyber crime issues and how they can be
resolved
NSA, FBI, and Department of Homeland Security
need legislation to proactively prevent cyber
attacks.
Both the military and civilians to have jurisdiction
over cyber attacks
1 (800) 6VISIBLE • www.visible.com
© 2004 Visible Systems Corporation. All rights reserved.
- 4. Continued…
A situational awareness capability that addresses
both physical and cyber aspects
the cascading consequences of infrastructure
failures
Need to update the National Infrastructure
Protection Plan
There is also a
1 (800) 6VISIBLE • www.visible.com
© 2004 Visible Systems Corporation. All rights reserved.
- 5. Is the legislation necessary?
The legislation is necessary
It need to adequately cover the gaps unforeseen and
unaddressed by current legislation - Homeland
Security Presidential Directive-7
There have been developments in cyber crime
nature, frequency and design
All the critical infrastructure are at risk from cyber
attacks.
Federal Information Security Management Act to
govern federal government IT security
Critical infrastructure companies to meet minimum
cyber security regulations.
Revise the minimum cyber security regulation so as
to meet the increasing cases of cyber crimes
1 (800) 6VISIBLE • www.visible.com
© 2004 Visible Systems Corporation. All rights reserved.
- 6. What should the legislation address? Why?
The legislation should address Transparency and
User Protections.
The reason is that:
The government has already been involved in cyber
surveillance against the current laws
Private companies survey their employees,
customers and competitors
The privacy of the government and the private
companies
1 (800) 6VISIBLE • www.visible.com
© 2004 Visible Systems Corporation. All rights reserved.
- 7. Industrial espionage has impact ‘hacktivism’ and longest-term affect on share price
.
1 (800) 6VISIBLE • www.visible.com
© 2004 Visible Systems Corporation. All rights reserved.
- 8. Projected growth of cyber-security spending in
billions
1 (800) 6VISIBLE • www.visible.com
© 2004 Visible Systems Corporation. All rights reserved.
- 9. Authorities and protection to be included?
Private networks- save banks, private companies
and individual users from cybercrime
Banks- to protect the financial sectors and the
country's economy
Transport and communication networks-smooth
operations and stabilization of the economy
Sharing of critical cyber security information
between the government and the private sectors.
The stock market- Protect it from collapse.
1 (800) 6VISIBLE • www.visible.com
© 2004 Visible Systems Corporation. All rights reserved.
- 10. The authorities
The Department of State, in coordination with DHS, SSAs,
and other Federal departments and agencies
The Department of Justice (DOJ), including the Federal
Bureau of Investigation (FBI)
The Department of the Interior, in collaboration with the
SSA for the Government Facilities Sector
The Department of Commerce (DOC), in collaboration
with DHS and other relevant Federal departments and
agencies
The IC, led by the Director of National Intelligence (DNI),
The General Services Administration, in consultation with
DOD, and DHS
The Nuclear Regulatory Commission (NRC)
The Federal Communications Commission, to the extent
permitted by law
1 (800) 6VISIBLE • www.visible.com
© 2004 Visible Systems Corporation. All rights reserved.
- 11. Authorities and protection to be included?
Protect and defend computer systems and
networks attack
Thwart computer security threats against rights
and property
Use Information to investigate crimes to the
underlying security threat to individuals, and
national security
Previously opposed legislation have important
segments that can be used today
1 (800) 6VISIBLE • www.visible.com
© 2004 Visible Systems Corporation. All rights reserved.
- 12. Recommendation
Using aggressive counter measures
Making the government collaborate with the private
sector
Protecting users ‘ privacy from the government and
private sector
The government and private companies do not
observe the democratic principles.
The government should extend their commitment to
openness in cyber security deals and issues
The banks are not sure about the liability concerns in
case they share the information
1 (800) 6VISIBLE • www.visible.com
© 2004 Visible Systems Corporation. All rights reserved.
- 13. References
National Security Council(May 2009), The Comprehensive
National Cybersecurity Initiative - (CNCI)
Fidelis, Richard. "Cyber Security - Freshfields Freshfields." Cyber Security - Freshfields - Freshfields. 31 Mar.
2013. 24 Nov. 2013
http://www.freshfields.com/en/insights/Cyber_security/
Menn, Joseph. "U.S. officials woo tech companies in new push
for cybersecurity law."Reuters. 07 Sept. 2013. Thomson
Reuters. 24 Nov. 2013
<http://www.reuters.com/article/2013/09/25/us-cybersecuritylaw-idUSBRE98O14S20130925>.
Sen. Rockefeller,, John D. "S.1353 - Cybersecurity Act of 2013
113th Congress (2013-2014) BILL." S.1353. 30 July 2013. 24
Nov. 2013 <http://beta.congress.gov/bill/113th/senate-bill/1353>.
1 (800) 6VISIBLE • www.visible.com
© 2004 Visible Systems Corporation. All rights reserved.