http://www.nytimes.com/2010/01/26/world/26cyber.html?emc=eta1
Wednesday, January 27, 2010
Sunday, January 24, 2010
Thursday, January 21, 2010
"
MESSAGE FROM THE GENERAL CHAIR
This Conference and Stevens Institute of Technology take a holistic and whole-of-society view of the implications of working with and controlling for the betterment of society what has become the Cyberspace Domain. We recognize the economic, privacy, and security concerns from law enforcement to diplomacy, and look for this conference to extend the great work that NIST, DHS, DOJ, Commercial enterprise, and Defense, as well as many state and local leaders have contributed to the body of knowledge, under the leadership of the White House over several administrations and congresses. We hope that you will join us in this collegial dialogue as our society explores this future.
– The Honorable Michael W. Wynne
PROMOTING THE PUBLIC DIALOG
Senate Bill 773, the draft Cybersecurity Act of 2009 in the US Congress, proposes to “ensure the continued free flow of commerce within the United States and with its global trading partners through secure cyber communications, to provide for the continued development and exploitation of the Internet and intranet communications for such purposes, to provide for the development of a cadre of information technology specialists to improve and maintain effective cybersecurity defenses against disruption ….” S.773 is only one of the dozen legislative actions on cybersecurity now being deliberated by the US Congress that strategically rebalance public-private equities for the CEO.
MESSAGE FROM THE TECHNICAL CHAIR
The conference program will focus on national and global cybersecurity policy. It will integrate across government, commercial and corporate perspectives to inform the dialog from which will emerge a mapping of tradeoffs among government mandates, public-private partnerships, and private actions in commercial Internet and critical infrastructure systems. Three major segments of Government must collaborate in a way that the public can understand and support in order to (a) preserve the best aspects of the Internet and (b) to overcome burgeoning threats to our privacy, critical infrastructure, and potentially to our very way of life. Of government agencies, the DoD has the best technical grasp on the threats, the DHS and DoJ have the mandate and resources to protect us from some such threats, and the Department of Commerce has the responsibility to promote commerce in spite of those threats and to mitigate those threats to commerce, e.g. by setting public technical standards via its National Institute for Standards and Technology (NIST) as they have for the security of our encrypted interstate banking systems. This conference report will provide a roadmap of interrelationships across US DoD, DHS, DOJ, NIST, commerce and global perspectives to inform cybersecurity policy. Conference participants will adopt a CEO perspective on cybersecurity issues. This unique conference will provide policy decision makers in both government and industry with greater clarity in evaluating tradeoffs among cyber security mandates and other objectives of their respective missions. Please join us in the neutral academic setting of Stevens Institute of Technology where all points of view from panelists and participants alike will be thoughtfully considered and fully reflected in our resulting plain talk report to the Congress and the American People: The 2010 Cybersecurity Policy Guidebook.
Dr. Joseph Mitola III, Vice President for the Research Enterprise, Stevens Institute of Technology
Framework
This section provides additional discussion of the conference objectives and outcomes.
- The Threat: From cyber punks to criminal gangs, to state sponsors of intrusion and attack, the Internet is the great equalizer, the ultimate level playing field. Identity theft, banking and economics manipulation, and destruction of physical property by virtual means are not very expensive and do not require huge investments in people or facilities, resulting in myriad threats of all shapes and sizes.
- Objective: This unique conference addresses cyber policy across academic, industrial, government and media estates for in-depth understanding of policy implications.
- Key Issues: How does Government defend against the loss of critical national infrastructure connected to an Internet that is global in scope and occupied by criminals, violent factions, and honest citizens alike? What are the rules of engagement for US forces engaged in cyberwar to work cooperatively with owners of US critical infrastructure? How can we balance privacy, constitutional rights and protection of critical infrastructure from threats posed by a determined and technically competent adversary?
- Products: Global Cybersecurity Policy Guidebook 0.1 for registered participants.
- What this is Not: There are many cybersecurity conferences for the security specialist and CIO, but few that address the perspective of corporate CEO, vice president and general manager, small business owner; military commander, police chief, or legislator. This is not a forum for industry experts to debate optimal technology implementation strategies or best practices in organizational structure, but rather a forum to discuss and debate CEO-level policy alternatives.
- Academic Contributions: Stevens Institute of Technology offers a neutral academic setting with no funding from the Government or corporations to prejudice the moderation or outcomes so that the many voices can come together in the first comprehensive dialog on cybersecurity policy foundations and implications. This conference will contribute to the much needed public debate on cybersecurity policies that reach across commerce, education, defense, intelligence, and public media policy. It will also provide the first comprehensive guidebook on policy issues in cybersecurity. This conference therefore will be the premiere cybersecurity event shaping informed evolution of public cyber security policy for decades to come.
- Charge to the Panelists: Each panel identifies the social contracts for which the CEO is responsible (e.g. shareholder value, public trust), how cyberspace impacts these responsibilities, policy imperatives and practical constraints for the near, mid, and far term.
Policy Guidebook
THE GLOBAL CYBERSECURITY POLICY GUIDEBOOK 0.1
The conference materials will include a draft outline for a Global Cybersecurity Policy Guidebook. The Policy Guidebook will include a taxonomy and thesaurus of current cybersecurity policy issues, a thorough description of each issue, and a corresponding list of pros and cons with respect to identified stances on the issues. It will document policy alternatives for the sake of clarity with respect to policy alone, and will not dive deeply into technical or organizational implementation issues. The intent is to explain the impact of cybersecurity policy decisions across sectors of the economy from DoD and DHS to medicine, transportation, finance, electric power, law enforcement, and Internet commerce. The perspective is that of the non-expert corporate executive, legislator, jurist, and military commander.
The draft Policy Guidebook is being generated from existing studies and analyses translated from technical jargon to the CEO perspective as well as by the commentary of our well informed and distinguished panelists. In addition, suggestions for inclusion in the guidebook from registered participants may take the form of position papers, corporate capabilities statements, commentary, and critique, subject to a five page limit per registrant. The guidebook therefore will include cyberpolicy issues of concern to governments and industry stakeholders in global markets with diverse legislative, operational, and regulatory contexts.
See the conference home page Framework and Key Questions to better understand how the conference Panels contribute to the guidebook.
Your contributions to the Conference Record are crucial. Each registrant will be provided with a copy of the complete Conference Record as well as the Policy Guidebook draft outline with the opportunity to contribute to the Policy Guidebook and to critique the final draft. The final draft will also be critiqued and reviewed by selected cybersecurity experts. The completed Global Cybersecurity Policy Guidebook will be distributed to all conference participants. The Policy Guidebook has been proposed to be published after the conference.
'Pending Legislation
Senate Bills 773, the draft Cybersecurity Act of 2009 in the US Congress, and S.778 illustrate the current policy directions under consideration and of concern to stakeholders. S.773 proposes to “ensure the continued free flow of commerce within the United States and with its global trading partners through secure cyber communications, to provide for the continued development and exploitation of the Internet and intranet communications for such purposes, to provide for the development of a cadre of information technology specialists to improve and maintain effective cybersecurity defenses against disruption ….”
In addition, S.773 proposes to “ensure the continued free flow of commerce in part by providing a “cadre of information technology specialists” to improve and maintain effective cybersecurity defenses via standards to be developed by the US National Institutes of Standards and Technology (NIST) and to “enforce compliance” by “software manufacturers, distributors, and vendors” with “a national licensing, certification, and periodic recertification program for cybersecurity professionals” making it “unlawful to provide cybersecurity” to critical US infrastructure without such certification and without yet indicating which infrastructures are to be designated as critical.
S.773 and 778 are two of the dozen legislative actions directly or indirectly shaping cybersecurity policy that currently are being deliberated by the US Congress in some sense to strategically rebalance public-private partnerships and related equities for the CEO. The Conference Record to be provided to the participants will include the text of the related legislation as well as the Congressional Research Service analysis of these policies and related Government actions under consideration. There is no intent to lobby or advocate for or against any such legislation or Government actions, but rather to provide authoritative material in a convenient form to promote the public dialog.
Critical Questions
Current legislation includes mandates for CIOs to enhance corporate infrastructure to future NIST standards for networks and certified administrators. The CEO and shareholders may prefer that the funds to meet these mandates be employed instead to improve productivity, return on investment or research. This conference will help policy makers understand the full range of issues as expert speakers and panelists in panels organized by segment of the economy address the following key questions:
- Of the many known cyber security threats from credit card fraud and identity theft to unauthorized access to infrastructure control networks, which are being addressed effectively in your segment of the economy by the private sector today?
- Which threats and challenges may require public-private partnership?
- Which threats and other cybersecurity issues may require Government mandates?
- Should cybersecurity mandates by differentiated by segment of the economy?
- Which sectors of our economy are most in need of continuing and increased protection?
- Energy: electric power, smart grids; oil and natural gas?
- Transportation: airspace; ports; roads, tunnels, and bridges?
- National defense and globalization?
- Finance, banking, commerce, or Internet Service Providers, or something else?
- What privacy or other constitutional guarantees are at risk in alternatives to cybersecurity?
- From the CEO/ General Officer (GO) perspective, what innovations are needed from network hardware, software, and services providers?
- From the CEO/GO perspective, what innovations are needed from the cybersecurity community?
Sunday, January 10, 2010
Subscribe to:
Posts (Atom)
