Presented

by the Internet Security Alliance

Whos in Charge

Howard Schmidt

Problems and Solu9ons

True and False

Potpourri

100 202 303 406 509

100 202 303 406 509

100 202 303 406 509

100 202 303 406 509

100 202 303 406 509

In 2004, Congress established the na@onal Cyber Security Division in this federal department
Department of Homeland Security

In 2000, the US. Government established this en@ty focused on na@onal cyber defense, locate at Ft. Meade, MD.
Cyber Command

Presiden@al Direc@ve 63, promulgated in 1998, created these sector-specic private sector en@@es to increase coordina@on about cyber threats and vulnerabili@es
Informa9on Sharing and Analysis Centers (ISACs)

At the conclusion of the 111th Congress this was the number of Congressional CommiOees claiming jurisdic@on over cyber security.
4 8 12

In his White House mee@ng with public and private partners on cyber security in July 2010, President Obama cited this fact as the reason that regula@ng to achieve cyber security was unlikely to be eec@ve.
Lack of Congressional awareness of the problem The interconnected nature of the Internet Lack of Technical solu@ons

Prior to working in the Obama White House, he held a similar rd President. posi@on for this 43

George W. Bush

Prior to taking his current posi@on at the White House he was CISO and Chief Security Strategist for this major on-line shopping site---whats your bid?
ebay

Contrary to press reports his ocial @tle is Cyber Coordinator. He has never held this @tle---and he doesnt have a daughter named Anastasia.
Cyber Czar

One of his rst acts as President Obamas cyber advisor was to declassify much of the content included in this major cyber program launched at the end of President Bushs second term.
Comprehensive Na9onal Cyber Security Ini9a9ve (CNCI)

As a member of the Execu@ve branch of government, this cons@tu@onal doctrine prevents Congress from requiring him to appear before it.
Separa9on of Powers

According to research from PricewaterhouseCoopers, this method of aOack---not hacking from the outside---is the most frequent form of cyber aOack--- just like WikiLeaks.
Insider Threats

According to Symantec, we have now moved into the post era of this Phorm of Phrequent cyber aOacks
Phishing

According to research by the U.S. Secret Service and Verizon, this percentage of cyber aOacks could be successfully prevented or mi@gated simply by using exis@ng standards and prac@ces.
50 65 94

According to a 2009 study by CSIS, this is the number one reason companies are not deploying more cyber security solu@ons.
Lack of awareness of the problem Lack of eec@ve solu@ons Cost

The only the market incen@ve listed here that was NOT specically recommended by President Obamas Cyberspace Policy Review for deployment to the private sector to improve cyber security
Procurement incen@ves Insurance incen@ves Tax incen@ves Liability incen@ves

In 2006 and 2007 the Russian military launched cyber aOacks against the governments of Estonia and Georgia
FALSE

According to PWC and CSIS, between 2008 and 2010, approximately 50% to 66% of American companies deferred or reduced their investments in informa@on security
TRUE

Virtually every electronic informa@on system used by our federal government has, at some point, been manufactured or assembled outside the US
TRUE

According to Mandiant Secret Services, The most revealing dierence when you combat the APT is your preven@on eorts will eventually fail.
TRUE

User-friendly cyber aOack tools can be purchased easily over the Internet for less that the average Congressional staers bi-monthly paycheck.
TRUE

According to Symantec, the percentage of new cyber threats increased by this percentage between 2007 and 2009.
100% 500% 1000%

According to Carnegie Mellon University, this percentage of private sector enterprises had a cross-organiza@onal privacy security team as of 2010.
17% 65% 95%

The DHS approved slogan for their na@onal educa@on and awareness campaign to increase individual cyber responsibility.
Look before you leap into cyber space Stop, think connect Only you can prevent your cyber ID from being stolen

The percentage of cri@cal infrastructure currently covered by private insurance in case of a Katrina-level cyber incident.
Less than 1% 25% 50%

According to PricewaterhouseCoopers, nearly half of all enterprises are now deploying some form of cloud compu@ng. However, this is the percentage that expresses liOle or no condence in the ability to secure their assets in the cloud.
20% 62% 90%

FINAL JEOPARDY

Future Federal IT

On Feb. 8, 2011, the Chief US IO required each federal agency to evaluate deploying this before making any new investments.

CLOUD COMPUTING

Presented by the Internet Security Alliance