So I’m in Philly this week at Management of Change Conference. I’ve been tweeting away #moc10 but also took some notes.
Here’s my notes from the speech by Chris Painter, Senior Director for Cybersecurity
Change in threat landscape
-Criminals in early 90s were mostly individuals for their gratifications
-Now – Transnational criminal groups – goal expressesly for money
-From nation states to criminals
-Depend on this infrastructure but
-Getting much more sophisticated hackers
-Can buy and sell the tools to cause problems – threat grown exponentially
Threat actors – Why Important for the president
-Obama campaign was affected by computer intrusion
-People have stolen company information and held it by random
5 chapter Cyber Security Policy and Action Plan – 10 steps for action
1 – Create effective information sharing and incident response
2 – Encouraging innovation
3 -Economic prosoperity in 21st century relies on cybersecurity – Obama
4 – Pose one of greatest economic and national security threats we face
5- Can’t fix issue in a day or month or one year
Create new office in White House housing federal details
-work closely with Vivek Kundra and Aneesh Chopra on cybersecurity
Cybersecurity dual appointment in national security staff and economic security
staff
Have embedded privacy officer
People think security is at odds w/ privacy and civil liberties. But if done well, complimentary and actual work best together
4 goals and guiding principles
-Deterrance – Increaes cost, lower benefits
-Resiliency – Ability to bounce back
-Privacy –
-International –
Working on Einstein 2 & 3 – Intrustion and Detection systems
Also includes HSPD-12 and FISMA. Gear FISMA towards continuous monitoring.
1 Protecting government networks
2 Protecting national networks
3 Strengthen military, law enforcement, and diplomatic actions
4 Building for the future –Nat’l Cybersecurity awareness track (how do we make part of culture), Formal cybersecurity education (K-12 +
), Federal cybersecurity jobs and career paths, Workforce training to have
trained group of professionals
Cybereconomics – good cyberhigene doesn’t pay, hacking does. Changing economic
basis. Iterative process
How do you convince people
to pay attention to cybersecurity?
Make it part of culture….Smokey the Bear…not scare tactics. Not just federal level…state, local,
and township
______________________________