cybersecurity legislation

© 2004 Visible Systems Corporation. All rights reserved.

1 (800) 6VISIBLE • www.visible.com

Cyber Security briefing to CongressPPD21 and PPD22

Cyber Security briefing to CongressPPD21 and PPD22

By

……………

By

……………

From

CSCSS



Agenda Agenda

Why are we here? Is the legislation necessary or are the currently

available policy tools sufficient Is new legislation is needed, what need should

be addressed and why What authorities and protection should be

included? Why?

Why are we here? Is the legislation necessary or are the currently

available policy tools sufficient Is new legislation is needed, what need should

be addressed and why What authorities and protection should be

included? Why?



Cyber security bills that have not been passedCyber security bills that have not been passed

Presidential Policy Directive-21 replaces Homeland Security Presidential Directive-7 .

The Executive Order (EO) does not address all the cyber crime issues and how they can be resolved

NSA, FBI, and Department of Homeland Security need legislation to proactively prevent cyber attacks.

Both the military and civilians to have jurisdiction over cyber attacks

Presidential Policy Directive-21 replaces Homeland Security Presidential Directive-7 .

The Executive Order (EO) does not address all the cyber crime issues and how they can be resolved

NSA, FBI, and Department of Homeland Security need legislation to proactively prevent cyber attacks.

Both the military and civilians to have jurisdiction over cyber attacks



Continued…Continued… A situational awareness capability that addresses

both physical and cyber aspects the cascading consequences of infrastructure

failures Need to update the National Infrastructure

Protection Plan There is also a

A situational awareness capability that addresses both physical and cyber aspects

the cascading consequences of infrastructure failures

Need to update the National Infrastructure Protection Plan

There is also a



Is the legislation necessary?Is the legislation necessary? The legislation is necessary It need to adequately cover the gaps unforeseen and

unaddressed by current legislation - Homeland Security Presidential Directive-7

There have been developments in cyber crime nature, frequency and design

All the critical infrastructure are at risk from cyber attacks. Federal Information Security Management Act to govern

federal government IT security Critical infrastructure companies to meet minimum cyber

security regulations. Revise the minimum cyber security regulation so as to

meet the increasing cases of cyber crimes

The legislation is necessary It need to adequately cover the gaps unforeseen and

unaddressed by current legislation - Homeland Security Presidential Directive-7

There have been developments in cyber crime nature, frequency and design

All the critical infrastructure are at risk from cyber attacks. Federal Information Security Management Act to govern

federal government IT security Critical infrastructure companies to meet minimum cyber

security regulations. Revise the minimum cyber security regulation so as to

meet the increasing cases of cyber crimes



What should the legislation address? Why?What should the legislation address? Why? The legislation should address Transparency and

User Protections. The reason is that: The government has already been involved in cyber

surveillance against the current laws Private companies survey their employees,

customers and competitors The privacy of the government and the private

companies

The legislation should address Transparency and User Protections.

The reason is that: The government has already been involved in cyber

surveillance against the current laws Private companies survey their employees,

customers and competitors The privacy of the government and the private

companies



Industrial espionage has impact ‘hacktivism’ and longest-term affect on share price.Industrial espionage has impact ‘hacktivism’ and longest-term affect on share price.



Projected growth of cyber-security spending in billions

Projected growth of cyber-security spending in billions



Authorities and protection to be included?

Authorities and protection to be included? Private networks- save banks, private companies

and individual users from cybercrime Banks- to protect the financial sectors and the

country's economy Transport and communication networks-smooth

operations and stabilization of the economy Sharing of critical cyber security information

between the government and the private sectors. The stock market- Protect it from collapse.

Private networks- save banks, private companies and individual users from cybercrime

Banks- to protect the financial sectors and the country's economy

Transport and communication networks-smooth operations and stabilization of the economy

Sharing of critical cyber security information between the government and the private sectors.

The stock market- Protect it from collapse.



The authorities The authorities The Department of State, in coordination with DHS, SSAs, and

other Federal departments and agencies The Department of Justice (DOJ), including the Federal Bureau

of Investigation (FBI) The Department of the Interior, in collaboration with the SSA for

the Government Facilities Sector The Department of Commerce (DOC), in collaboration with

DHS and other relevant Federal departments and agencies The IC, led by the Director of National Intelligence (DNI), The General Services Administration, in consultation with DOD,

and DHS The Nuclear Regulatory Commission (NRC) The Federal Communications Commission, to the extent

permitted by law

The Department of State, in coordination with DHS, SSAs, and other Federal departments and agencies

The Department of Justice (DOJ), including the Federal Bureau of Investigation (FBI)

The Department of the Interior, in collaboration with the SSA for the Government Facilities Sector

The Department of Commerce (DOC), in collaboration with DHS and other relevant Federal departments and agencies

The IC, led by the Director of National Intelligence (DNI), The General Services Administration, in consultation with DOD,

and DHS The Nuclear Regulatory Commission (NRC) The Federal Communications Commission, to the extent

permitted by law





Protect and defend computer systems and networks attack

Thwart computer security threats against rights and property

Use Information to investigate crimes to the underlying security threat to individuals, and national security

Previously opposed legislation have important segments that can be used today

Protect and defend computer systems and networks attack

Thwart computer security threats against rights and property

Use Information to investigate crimes to the underlying security threat to individuals, and national security

Previously opposed legislation have important segments that can be used today



Recommendation Recommendation

Using aggressive counter measures Making the government collaborate with the private

sector Protecting users ‘ privacy from the government and

private sector The government and private companies do not

observe the democratic principles. The government should extend their commitment to

openness in cyber security deals and issues The banks are not sure about the liability concerns

in case they share the information

Using aggressive counter measures Making the government collaborate with the private

sector Protecting users ‘ privacy from the government and

private sector The government and private companies do not

observe the democratic principles. The government should extend their commitment to

openness in cyber security deals and issues The banks are not sure about the liability concerns

in case they share the information



References References

National Security Council(May 2009), The Comprehensive National Cybersecurity Initiative - (CNCI)

Fidelis, Richard. "Cyber Security - Freshfields - Freshfields." Cyber Security - Freshfields - Freshfields. 31 Mar. 2013. 24 Nov. 2013 http://www.freshfields.com/en/insights/Cyber_security/

Menn, Joseph. "U.S. officials woo tech companies in new push for cybersecurity law."Reuters. 07 Sept. 2013. Thomson Reuters. 24 Nov. 2013 <http://www.reuters.com/article/2013/09/25/us-cybersecurity-law-idUSBRE98O14S20130925>.

Sen. Rockefeller,, John D. "S.1353 - Cybersecurity Act of 2013 113th Congress (2013-2014) BILL." S.1353. 30 July 2013. 24 Nov. 2013 <http://beta.congress.gov/bill/113th/senate-bill/1353>.

National Security Council(May 2009), The Comprehensive National Cybersecurity Initiative - (CNCI)

Fidelis, Richard. "Cyber Security - Freshfields - Freshfields." Cyber Security - Freshfields - Freshfields. 31 Mar. 2013. 24 Nov. 2013 http://www.freshfields.com/en/insights/Cyber_security/

Menn, Joseph. "U.S. officials woo tech companies in new push for cybersecurity law."Reuters. 07 Sept. 2013. Thomson Reuters. 24 Nov. 2013 <http://www.reuters.com/article/2013/09/25/us-cybersecurity-law-idUSBRE98O14S20130925>.

Sen. Rockefeller,, John D. "S.1353 - Cybersecurity Act of 2013 113th Congress (2013-2014) BILL." S.1353. 30 July 2013. 24 Nov. 2013 <http://beta.congress.gov/bill/113th/senate-bill/1353>.

http://www.freshfields.com/en/insights/Cyber_security/

http://www.freshfields.com/en/insights/Cyber_security/



THANK YOUTHANK YOU

Any Questions?

cybersecurity legislation

Business