1 © 2003 cisco systems, inc. all rights reserved. ciag-hls-10.24.03 security for infrastructure...
TRANSCRIPT
1© 2003 Cisco Systems, Inc. All rights reserved.CIAG-HLS-10.24.03
Security For Infrastructure Protection: Public-Private Partnerships
KEN WATSON15 OCT [email protected]
222© 2003 Cisco Systems, Inc. All rights reserved.CIAG-HLS-10.24.03
InfrastructureExamples
InfrastructureExamples
WaterWater
TransportationTransportation
Oil & GasOil & GasBanking & FinanceBanking & Finance
Electric PowerElectric Power
Emergency ServicesEmergency Services
Government ServicesGovernment Services
TelecommunicationsTelecommunications
Many Infrastructures Exist – All Different
333© 2003 Cisco Systems, Inc. All rights reserved.CIAG-HLS-10.24.03
Why Public-Private Partnerships are Needed
Infrastructures…• Benefit the “informatization” of society
• Depend on commercial networks
• Are interdependent
• Are largely owned and operated by private companies
• Obtain most innovative approaches from the private sector
Government needs industry in a true public-private partnership
444© 2003 Cisco Systems, Inc. All rights reserved.CIAG-HLS-10.24.03
Effective Security Requires Technology, Process and People – Both IT Users and Producers
Life-Cycle
© 2003, Cisco Systems, Inc. All rights reserved. 47942_04_2003_c1
555© 2003 Cisco Systems, Inc. All rights reserved.CIAG-HLS-10.24.03
Current Industry Actions
• Deploy existing security products and services
• Develop new security products and services
• Integrate security technology and functionality into all applications and devices
• Develop technical and operational security best practices and voluntary standards
• Continue to improve secure design, implementation, testing, certification, and deployment methodology
• Exchange information with government on voluntary best practices
666© 2003 Cisco Systems, Inc. All rights reserved.CIAG-HLS-10.24.03
Cross-Sector Collaboration
• Voluntary participation by leaders from government, industry and academia
• Coordinates cross-sector initiatives and compliments public-private efforts
• Board of Directors composed of critical infrastructure “sector coordinators” http://www.pcis.org
777© 2003 Cisco Systems, Inc. All rights reserved.CIAG-HLS-10.24.03
National Cybersecurity Partnership
• Organized to implement public-private National Cybersecurity Strategy
• Five task forces, following Strategy
Home/Small Business Awareness
Early Warning
Software Development Life Cycle
Corporate Governance
Technical Standards and Common Criteria
www.cyberpartnership.org
888© 2003 Cisco Systems, Inc. All rights reserved.CIAG-HLS-10.24.03
National Cyber Security Alliance
• Public service site for home/small business users
• “Top ten” tips, tutorials, self-test, links
• DHS choice for cyber security awareness messaging to homes/small businesses
• Board:AOL
BellSouth
Cisco Systems
Microsoft
Network Associates
RSA Security
Symantec
www.staysafeonline.info
999© 2003 Cisco Systems, Inc. All rights reserved.CIAG-HLS-10.24.03
ISAC Council
• “The mission of the Information Sharing and Analysis Centers Council (ISAC Council) is to advance the physical and cyber security of the critical infrastructures of North America by establishing and maintaining a framework for valuable interaction between and among the ISACs and with government.”
• Chemical Industry ISAC
• Electricity Sector ISAC
• Energy ISAC
• Financial Services ISAC
• Health Care ISAC
• Information Technology – ISAC
• National Coordinating Center for Telecommunications ISAC
• Public Transit ISAC
• Surface Transportation ISAC
• Trucking ISAC
• Water ISAC
www.isaccouncil.org
101010© 2003 Cisco Systems, Inc. All rights reserved.CIAG-HLS-10.24.03
Government Actions
• Information SharingConvene meetings of experts
Sponsor information sharing workshops
• Promote higher education improvements
University “Center of Excellence” program
Computer forensics
• Increase public and corporate awareness
Talk about benefits
Sponsor meetings
Interviews, articles
• Voluntary global industry-developed standards, metrics, and best practices
• Sponsor public-private research into long-term computer science issues
• Local law enforcement
• Law enforcement cooperation
• International information sharing, like this exchange
111111© 2003 Cisco Systems, Inc. All rights reserved.CIAG-HLS-10.24.03
Summary
• Network-based management increases productivity and benefits society
• Private sector working on security, innovation, and forward-looking solutions
• Government helps by education, awareness, voluntary best practices research, use of voluntary best practices in own systems, and law enforcement
• The Internet is Global, and exchanges like this are important and helpful
121212© 2003 Cisco Systems, Inc. All rights reserved.CIAG-HLS-10.24.03 121212