1© 2003 Cisco Systems, Inc. All rights reserved.CIAG-HLS-10.24.03

Security For Infrastructure Protection: Public-Private Partnerships

KEN WATSON15 OCT 2004kwatson@cisco.com

222© 2003 Cisco Systems, Inc. All rights reserved.CIAG-HLS-10.24.03

InfrastructureExamples

InfrastructureExamples

WaterWater

TransportationTransportation

Oil & GasOil & GasBanking & FinanceBanking & Finance

Electric PowerElectric Power

Emergency ServicesEmergency Services

Government ServicesGovernment Services

TelecommunicationsTelecommunications

Many Infrastructures Exist – All Different

333© 2003 Cisco Systems, Inc. All rights reserved.CIAG-HLS-10.24.03

Why Public-Private Partnerships are Needed

Infrastructures…• Benefit the “informatization” of society

• Depend on commercial networks

• Are interdependent

• Are largely owned and operated by private companies

• Obtain most innovative approaches from the private sector

Government needs industry in a true public-private partnership

444© 2003 Cisco Systems, Inc. All rights reserved.CIAG-HLS-10.24.03

Effective Security Requires Technology, Process and People – Both IT Users and Producers

Life-Cycle

© 2003, Cisco Systems, Inc. All rights reserved. 47942_04_2003_c1

555© 2003 Cisco Systems, Inc. All rights reserved.CIAG-HLS-10.24.03

Current Industry Actions

• Deploy existing security products and services

• Develop new security products and services

• Integrate security technology and functionality into all applications and devices

• Develop technical and operational security best practices and voluntary standards

• Continue to improve secure design, implementation, testing, certification, and deployment methodology

• Exchange information with government on voluntary best practices

666© 2003 Cisco Systems, Inc. All rights reserved.CIAG-HLS-10.24.03

Cross-Sector Collaboration

• Voluntary participation by leaders from government, industry and academia

• Coordinates cross-sector initiatives and compliments public-private efforts

• Board of Directors composed of critical infrastructure “sector coordinators” http://www.pcis.org

777© 2003 Cisco Systems, Inc. All rights reserved.CIAG-HLS-10.24.03

National Cybersecurity Partnership

• Organized to implement public-private National Cybersecurity Strategy

• Five task forces, following Strategy

Home/Small Business Awareness

Early Warning

Software Development Life Cycle

Corporate Governance

Technical Standards and Common Criteria

www.cyberpartnership.org

888© 2003 Cisco Systems, Inc. All rights reserved.CIAG-HLS-10.24.03

National Cyber Security Alliance

• Public service site for home/small business users

• “Top ten” tips, tutorials, self-test, links

• DHS choice for cyber security awareness messaging to homes/small businesses

• Board:AOL

BellSouth

Cisco Systems

Microsoft

Network Associates

RSA Security

Symantec

www.staysafeonline.info

999© 2003 Cisco Systems, Inc. All rights reserved.CIAG-HLS-10.24.03

ISAC Council

• “The mission of the Information Sharing and Analysis Centers Council (ISAC Council) is to advance the physical and cyber security of the critical infrastructures of North America by establishing and maintaining a framework for valuable interaction between and among the ISACs and with government.”

• Chemical Industry ISAC

• Electricity Sector ISAC

• Energy ISAC

• Financial Services ISAC

• Health Care ISAC

• Information Technology – ISAC

• National Coordinating Center for Telecommunications ISAC

• Public Transit ISAC

• Surface Transportation ISAC

• Trucking ISAC

• Water ISAC

www.isaccouncil.org

101010© 2003 Cisco Systems, Inc. All rights reserved.CIAG-HLS-10.24.03

Government Actions

• Information SharingConvene meetings of experts

Sponsor information sharing workshops

• Promote higher education improvements

University “Center of Excellence” program

Computer forensics

• Increase public and corporate awareness

Talk about benefits

Sponsor meetings

Interviews, articles

• Voluntary global industry-developed standards, metrics, and best practices

• Sponsor public-private research into long-term computer science issues

• Local law enforcement

• Law enforcement cooperation

• International information sharing, like this exchange

111111© 2003 Cisco Systems, Inc. All rights reserved.CIAG-HLS-10.24.03

Summary

• Network-based management increases productivity and benefits society

• Private sector working on security, innovation, and forward-looking solutions

• Government helps by education, awareness, voluntary best practices research, use of voluntary best practices in own systems, and law enforcement

• The Internet is Global, and exchanges like this are important and helpful

121212© 2003 Cisco Systems, Inc. All rights reserved.CIAG-HLS-10.24.03 121212