Transcript Critical Infrastructure Assurance: Interdependence Efforts

Critical Infrastructure
Assurance: Business Case
for Public-Private
Partnership
Ken Watson
9 Sep 2003
[email protected]
Keynote
SE DDSI
Europe
Cybersecurity conf
www.pcis.org
PCIS document voluntarily shared with the
government for a limited purpose.
1
The World is a Network of Networks…
Any Geographical Area, Any Network, Any Functional Area
Is a Place of Vulnerability
Oil and Gas
Electric
Banking and
Finance
Water
Internet
Core
Government
Services
Transportation
Telecommunications
Emergency
Services
Keynote
SE DDSI
Europe
Cybersecurity conf
www.pcis.org
2
Critical Infrastructures –
Dependent on networks…and on each other
Transportation
Government Services
Electric Power
PDD-63 Critical
Infrastructures
Telecommunications
Water
Keynote
SE DDSI
Europe
Cybersecurity conf
Emergency Services
Banking and Finance
www.pcis.org
Oil and Gas
3
Critical Infrastructures
Agriculture
Food
Key National Assets*
Added Critical
Infrastructures
Defense Industrial Base
Postal and Shipping
Chemical Industry
and Hazardous
Materials
Keynote
SE DDSI
Europe
Cybersecurity conf
Public Health
www.pcis.org
4
National Security Interest
Infrastructures…
• Are critical to safety, security, our way of life
• Depend on commercial networks
• Are interdependent
• Are largely owned and operated by private
companies
• Cannot entirely depend on the Federal government
for defense against cyber attacks
Government Needs Industry in a True
Public-Private Partnership
Keynote
SE DDSI
Europe
Cybersecurity conf
www.pcis.org
5
The Business Case
• Businesses dependent for their survival on
the Internet
• Vulnerabilities threaten economic survivability
and competitiveness
• Interdependency
Supply chain
Partners
Customers
Infrastructure industries
• Companies are on the front lines of defense
Industry Needs Government in a True
Public-Private Partnership
Keynote
SE DDSI
Europe
Cybersecurity conf
www.pcis.org
6
Cross-sector Collaboration
Partnership for Critical
Infrastructure Security
(PCIS)
http://www.pcis.org
• Participation by leaders from government,
industry & academia
• Coordinates cross-sector initiatives and
compliments public-private efforts
• Board of Directors majority always critical
infrastructure “sector coordinators”
Keynote
SE DDSI
Europe
Cybersecurity conf
www.pcis.org
7
Keynote
SE DDSI
Europe
Cybersecurity conf
www.pcis.org
PCIS
State and Local Governments
Food Safety
Sector Coordinators
Manufacturing
Chemicals
Emergency Medical
Firefighters
Law Enforcement
Information Technology
Federal Departments and
Agencies
Air Transportation
Surface Transportation
Oil and Natural Gas
Water
Telecommunications
Electric Power
Financial Services
US Public-Private Relationships for CIP
President of the
United States
Advisory Committees
DHS
8
National Strategy to Secure Cyberspace
• Five National Priorities
National Cyberspace Response System
National Cyberspace Threat and
Vulnerability Reduction Program
National Cyberspace
Awareness & Education
Securing Government Cyber Systems
National Security and International
Cooperation
• Public-private partnership
• Primarily market-based approach
• Multi-level risk assessments
Keynote
SE DDSI
Europe
Cybersecurity conf
www.pcis.org
9
Stay Safe Online Campaign
• Security education for
homes, small
businesses
www.staysafeonline.info
• “Top Ten” tips, Tech
Talks, security guides,
links
• 105 companies; 15
Federal agencies
• National Cyber Security
Alliance (NCSA)—
educational foundation
of PCIS
Keynote
SE DDSI
Europe
Cybersecurity conf
Poster contest winners meet Tom Ridge in
West Wing Apr 18, 2002
www.pcis.org
10
Information Sharing and
Analysis Centers (ISACs)
• Vital part of Critical Infrastructure Protection
(CIP)
• Gather, analyze, and disseminate
information on security threats,
vulnerabilities,
incidents, countermeasures,
and best practices
• Early and trusted advance
notification of member
threats and attacks
• Organized by industry:
cross-sector awareness,
outreach, response and
recovery
• ISAC Council: Leadership of ten ISACs
Keynote
SE DDSI
Europe
Cybersecurity conf
www.pcis.org
11
One Company’s Response: Cisco’s Critical
Infrastructure Assurance Group
Mission
Provide for secure and reliable
critical infrastructure networks
through Cisco’s leadership.
Program Areas
• Research
• Education
• Training
• Incident Response
• Communication
www.cisco.com/go/ciag
Keynote
SE DDSI
Europe
Cybersecurity conf
www.pcis.org
12
Critical Infrastructure Protection Challenges
• New sectors
• Implementing strategy
Information sharing
Interdependency research
Contingency plans
• War on terrorism
• Balancing budgets/priorities
• Global issues
Cyber alerts and warning
Harmonization of national laws
Keynote
SE DDSI
Europe
Cybersecurity conf
www.pcis.org
13
Summary
• National security and economic security
forever intertwined
• Infrastructures are interdependent
• Companies, governments, and academia
must work together
• Research, training and education,
information sharing, and incident
response are key areas for collaboration
Keynote
SE DDSI
Europe
Cybersecurity conf
www.pcis.org
14
Going Forward
• Critical infrastructure assurance is a
public-private issue
• Internet is borderless—security planning
must be international
• Build on strengths—core competencies
• DHS is providing focus—ongoing publicprivate cooperation will be key to success
Keynote
SE DDSI
Europe
Cybersecurity conf
www.pcis.org
15
Contact Information
Ken Watson
12515 Research Blvd
Austin, Texas 78759
USA
+1 512 378 1112
+1 512 750 7574 (mobile)
[email protected]
www.pcis.org
www.cisco.com/go/ciag
Keynote
SE DDSI
Europe
Cybersecurity conf
www.pcis.org
16