Advanced search Help
Searching for terms: ALL (Cyber AND Infrastructure AND Protection) in: title or summary
Clear all search criteria
Only 2/3! You are seeing results from the Public Collection, not the complete Full Collection. Sign in to search everything (see eligibility).
-
Cybersecurity Insurance Workshop Readout Report
"Cybersecurity insurance is designed to mitigate losses from a variety of cyber incidents, including data breaches, network damage, and cyber extortion. The Department of Commerce Internet Policy Task Force has described cybersecurity insurance as a potentially 'effective, market-driven way of increasing cybersecurity' because it may help reduce the number of successful cyber attacks by promoting widespread adoption of preventative measures, encouraging the implementation of best practices by basing premiums on an insured's level of self-protection, and limiting the level of losses that companies face following a cyber attack. Given this hope, many carriers and companies would like the cybersecurity insurance market to expand into new cyber risk areas to cover currently uninsurable risks such as cyber-related critical infrastructure failures, reputational damage, and the value of lost intellectual property and other proprietary data."
United States. Department of Homeland Security
2012-11
-
DHS and Canada Public Safety Announce Plan to Strengthen Cybersecurity Cooperation [October 26, 2012]
On October 26, 2012, the Department of Homeland Security issued the following press release: "Secretary of Homeland Security Janet Napolitano and Canadian Minister of Public Safety Vic Toews today announced the Cybersecurity Action Plan, which aims to strengthen cybersecurity cooperation through enhanced integration and collaboration of joint cybersecurity activities between the Department of Homeland Security (DHS) and Public Safety Canada. This Action Plan represents just one of many important efforts between the US and Canada to deepen strong bilateral cybersecurity cooperation and advance the objectives articulated in the February 2011 declaration, 'Beyond the Border: A Vision for Perimeter Security and Economic Competiveness,' which is aimed at defending and protecting critical infrastructure, ensuring resiliency of our mutual assets, and securing a free and open cyberspace. 'The Cybersecurity Action Plan reinforces the robust relationship between DHS and Public Safety Canada,' said Secretary Napolitano. 'We look forward to continuing our work together to increase the resiliency of our networks, enhance public-private partnerships, and build a culture of shared responsibility.'"
United States. Department of Homeland Security. Press Office
2012-10-26
-
Proclamation 8875: National Cybersecurity Awareness Month, 2012, October 1, 2012
"Today, Americans are more connected to each other and to people around the world than ever before. Many of us depend on the Internet and digital tools in our daily lives--from shopping at home and banking on our mobile devices to sharing information with friends across the globe. And America far outpaces the rest of the world in adoption of cutting-edge wireless broadband technology. Our growing reliance on technology reminds us that our digital infrastructure is not just a convenience; it is a strategic national asset. During National Cybersecurity Awareness Month, we recommit to ensuring our information and infrastructure remain secure, reliable, and resilient. Though our Nation benefits immensely from the Internet, increased connectivity brings increased risk of theft, fraud, and abuse. That is why my Administration has made cybersecurity a national and economic security priority. By bringing together Federal, State, and local governments and private industry partners, we have made great progress in securing cyberspace for business, education, entertainment, and civic life. In November 2011, we released the Blueprint for a Secure Cyber Future--a strategic plan to protect government, the private sector, and the public against cyber threats today and tomorrow. As we continue to improve our cybersecurity under existing authorities, comprehensive legislation remains essential to securing our critical infrastructure, facilitating greater cyber information sharing between government and the private sector, and protecting the privacy and civil liberties of the American people. My Administration looks forward to working with the Congress to address these goals. Cybersecurity cannot be guaranteed by government, industry, and law enforcement alone. Each of us has an important role to play in reducing the cyber threat and increasing our resilience following cyber incidents. The Department of Homeland Security's ''Stop.Think.Connect.'' campaign continues to empower digital citizens with the information and tools they need to stay safe online. To learn more about how we can all contribute to the security of our shared cyber networks, visit www.DHS.gov/ StopThinkConnect."
United States. Office of the Federal Register
Obama, Barack
2012-10-01
-
Readout of Secretary Napolitano's Remarks at the ASIS International 58th Annual Seminar [September 10, 2012]
On September 10, 2012, the Department of Homeland Security issued the following press release: "Secretary of Homeland Security Janet Napolitano today traveled to Philadelphia to deliver remarks at the American Society of Industrial Security (ASIS) International 58th Annual Seminar highlighting the Department of Homeland Security's (DHS) collaboration with the private sector on cybersecurity and protecting our nation's critical cyber infrastructure. 'Protecting critical infrastructure and cyberspace -- including the systems and networks that support the financial services, energy and defense industries -- requires all of us working together,' said Secretary Napolitano. 'From government and law enforcement to the private sector and members of the public, everyone has a role to play in protecting against cyber threats.'"
United States. Department of Homeland Security. Press Office
2012-09-10
-
Office of Infrastructure Protection Strategic Plan: 2012-2016
"Our Nation's critical infrastructure is essential to the economy, security, and sustainment of the American way of life. From the provision of essential goods and services--including energy, communications, food, and water--to the facilitation of essential commerce such as our transportation networks and critical manufacturing base, the owners and operators of America's critical infrastructure enable the daily activities of our country. Securing our physical and cyber infrastructure, helping to modernize it, and making it more resilient is a crucial part of our homeland security effort. We must continue to prioritize a strategic approach to accomplishing that mission. A major element of accomplishing that mission is the Department of Homeland Security's National Protection and Programs Directorate (NPPD) Office of Infrastructure Protection (IP), which leads the coordinated national effort to manage risks to our Nation's critical infrastructure. IP acts on behalf of the Secretary of Homeland Security, helping execute the national critical infrastructure protection responsibilities set forth in Homeland Security Presidential Directive 7 (HSPD-7). The vast majority of our Nation's critical infrastructure is owned and operated by the private sector, and IP's strategy is based largely on building partnerships, planning for preparedness, and sharing information and tools to ensure the availability, security, and resilience of the Nation's critical infrastructure."
United States. Department of Homeland Security
2012-08
-
DHS Can Strengthen Its International Cybersecurity Programs (Redacted)
"The borderless nature of threats to, and emanating from, cyberspace requires robust engagement and strong partnerships with countries around the world. International engagement is a key element of the Department of Homeland Security's (DHS) cyber mission to safeguard and secure cyberspace. As such, the National Protection and Programs Directorate (NPPD) has established multiple functions to support its international affairs program, which promotes cybersecurity awareness and fosters collaboration with other countries and organizations. We determined whether NPPD has established effective programs and partnerships to collaborate and share cybersecurity information with the international community. We also evaluated whether NPPD is promoting the benefits of networked technology globally, and a secure, reliable, and interoperable cyberspace. Overall, NPPD and its subcomponents have undertaken actions to promote collaboration with the international community and develop partnerships with other nations to better protect cyberspace. For example, NPPD and its subcomponents participate in international cyber exercises, capacity building workshops, and multilateral and bilateral engagements. The Directorate also utilizes innovative technologies to share cyber data with its partner nations. While continuing to build upon existing partnerships, NPPD's Office of Cybersecurity and Communications needs to establish and implement a plan and goals to further its international affairs program with other countries, international industry, and the private sector to protect global cyberspace and critical infrastructure. For more efficient and effective operations, NPPD should streamline its international affairs functions to better coordinate foreign relations and consolidate resources. Finally, the United States Computer Emergency Readiness Team needs to strengthen its communications and information-sharing activities with and among its counterparts to promote international incident response and the sharing of best practices."
United States. Department of Homeland Security. Office of Inspector General
2012-08
-
Privacy Impact Assessment for the National Cybersecurity Protection System (NCPS)
"The National Cybersecurity Protection System (NCPS) is an integrated system for intrusion detection, analysis, intrusion prevention, and information sharing capabilities that are used to defend the federal civilian government's information technology infrastructure from cyber threats. The NCPS includes the hardware, software, suppo1ting processes, training, and services that are developed and acquired to support its mission. The Department of Homeland Security (DHS), National Protection and Programs Directorate (NPPD), National Cyber Security Division (NCSD) is conducting this Privacy Impact Assessment (PIA) because personally identifiable information (PII) may be collected by the NCPS, or through submissions of known or suspected cyber threats received by the United States-Computer Emergency Readiness Team (US-CERT) for analysis. This PIA will serve as a replacement for previously published PIAs submitted by NSCD for the 24/7 Incident Handling Center (March 29, 2007), and the Malware Lab Network (May 4, 2010), and is a program-focused PIA to better characterize the efforts of NCPS and US-CERT."
United States. Department of Homeland Security. National Cyber Security Division
2012-07-30
-
Federal Laws Relating to Cybersecurity: Discussion of Proposed Revisions [July 25, 2012]
"For more than a decade, various experts have expressed increasing concerns about cybersecurity, in light of the growing frequency, impact, and sophistication of attacks on information systems in the United States and abroad. Consensus has also been building that the current legislative framework for cybersecurity might need to be revised. The complex federal role in cybersecurity involves both securing federal systems and assisting in protecting nonfederal systems. Under current law, all federal agencies have cybersecurity responsibilities relating to their own systems, and many have sector-specific responsibilities for critical infrastructure. More than 50 statutes address various aspects of cybersecurity either directly or indirectly, but there is no overarching framework legislation in place. While revisions to most of those laws have been proposed over the past few years, no major cybersecurity legislation has been enacted since 2002. […] For most of those topics, at least some of the bills addressing them have proposed changes to current laws. Several of the bills specifically focused on cybersecurity have received committee or floor action, but none have become law. Comprehensive legislative proposals on cybersecurity that have received considerable attention in 2012 are The Cybersecurity Act of 2012 (CSA 2012, S. 2105, reintroduced in revised form as S. 3414), recommendations from a House Republican task force, and a proposal by the Obama Administration. They differ in approach, with S. 2105 proposing the most extensive regulatory framework and organizational changes, and the task force recommendations focusing more on incentives for improving private-sector cybersecurity. An alternative to S. 2105 and S. 3414, S."
Library of Congress. Congressional Research Service
Fischer, Eric A.
2012-07-25
-
Cybersecurity: CRS Experts [July 23, 2012]
"The following table provides names and contact information for CRS [Congressional Research Service] experts on policy issues related to cybersecurity bills currently being debated in the 112th Congress. Concerns about information-system security, often referred to as cybersecurity, are longstanding. The frequency, impact, and sophistication of cyberattacks and the growth of cybercrime and cyberespionage have added urgency to the concerns. Consensus has been growing that the policy framework for cybersecurity take into account the diversity and continuing evolution of the technology and threats--from spam to botnets to hacktivism, cyberterrorism, and cyberwar-- and the increasing role of the Internet in the U.S. economy and the lives of citizens. Among the issues Congress will likely confront are cybersecurity for critical infrastructure, most of which is owned by the private sector; information sharing, both of unclassified and classified information, along with protection of privacy and civil liberties; prevention of and response to domestic and international cybercrime and espionage; the relationship between cyberspace and national security; and how federal funding should be invested to protect information systems."
Library of Congress. Congressional Research Service
Fischer, Eric A.
2012-07-23
-
Cybersecurity: Selected Legal Issues [July 23, 2012]
"The federal government's role in protecting U.S. citizens and critical infrastructure from cyber attacks has been the subject of recent congressional interest. Critical infrastructure commonly refers to those entities that are so vital that their incapacitation or destruction would have a debilitating impact on national security, economic security, or the public health and safety. This report discusses selected legal issues that frequently arise in the context of recent legislation to address vulnerabilities of critical infrastructure to cyber threats, efforts to protect government networks from cyber threats, and proposals to facilitate and encourage sharing of cyber threat information among private sector and government entities. This report also discusses the degree to which federal law may preempt state law. […] Private entities that share information may also be concerned that sharing or receiving such information may lead to increased civil liability, or that shared information may contain proprietary or confidential business information that may be used by competitors or government regulators for unauthorized purposes. Recent legislative proposals would seek to improve the nation's cybersecurity, and may raise some or all of the legal issues mentioned above. Some would permit information sharing between the public and the private sectors, while others would require all federal agencies to continuously monitor their computer networks for malicious activity and would impose additional cybersecurity requirements on all federal agencies and critical infrastructure networks. This report provides a general discussion of the legal issues raised by these proposals; however, a detailed description and comparison of these legislative proposals is beyond the scope of this report."
Library of Congress. Congressional Research Service
Liu, Edward C.; Stevens, Gina Marie; Ruane, Kathleen Ann
2012-07-23
-
Section-By-Section Revised Cybersecurity Act of 2012, S. 3414 (Introduced on July 19, 2012)
This bill includes sections on public-private partnerships to protect critical infrastructure, voluntary cybersecurity practices and programs for critical infrastructure, and assessment and international cooperation. In addition, the bill discusses Federal information security management; national security systems and information technology management; research and development; education, outreach, and workforce; and information sharing.
United States. Congress. Senate. Committee on Homeland Security and Governmental Affairs
2012-07-19
-
Privacy Impact Assessment Update for the Joint Cybersecurity Services Program (JCSP), Defense Industrial Base (DIB) - Enhanced Cybersecurity Services (DECS)
"The Joint Cybersecurity Services Pilot (JCSP) is the Department of Homeland Security's (DHS) voluntary information sharing initiative with the Department of Defense (DOD) and participating commercial companies. The National Protection and Programs Directorate (NPPD) is updating the DHS/NPPD/PIA-021 National Cyber Security Division Joint Cybersecurity Services Pilot PIA published on January 13, 2012 to reflect the establishment of the JCSP as an ongoing permanent program (now known as the Joint Cybersecurity Services Program (JCSP)). The purpose of the program is to enhance the cybersecurity of participating critical infrastructure entities through information sharing partnerships with the critical infrastructure organization or their Commercial Service Provider (CSP). The first phase of the JCSP will focus on the cyber protection of the Defense Industrial Base (DIB) companies that are participating in the DoD's Cyber Security/Information Assurance (CSIIA) Program. This sub-program is known as the DIB Enhanced Cybersecurity Services (DECS). The JCSP may also be used to provide equivalent protection to participating Federal civilian agencies pending deployment of EINSTEIN intrusion prevention capabilities."
United States. Department of Homeland Security. Privacy Office
2012-07-18
-
Cybersecurity: Challenges in Securing the Electricity Grid: Statement of Gregory C. Wilshusen, Director, Information Security Issues, Testimony Before the Committee on Energy and Natural Resources, U.S. Senate
"The electric power industry is increasingly incorporating information technology (IT) systems and networks into its existing infrastructure (e.g., electricity networks, including power lines and customer meters). This use of IT can provide many benefits, such as greater efficiency and lower costs to consumers. However, this increased reliance on IT systems and networks also exposes the grid to cybersecurity vulnerabilities, which can be exploited by attackers. Moreover, GAO [Government Accountability Office] has identified protecting systems supporting our nation's critical infrastructure (which includes the electricity grid) as a governmentwide high-risk area. GAO was asked to testify on the status of actions to protect the electricity grid from cyber attacks. Accordingly, this statement discusses (1) cyber threats facing cyber-reliant critical infrastructures, which include the electricity grid, and (2) actions taken and challenges remaining to secure the grid against cyber attacks. In preparing this statement, GAO relied on previously published work in this area and reviewed reports from other federal agencies, media reports, and other publicly available sources. […] In a prior report, GAO has made recommendations related to electricity grid modernization efforts, including developing an approach to monitor compliance with voluntary standards. These recommendations have not yet been implemented."
United States. Government Accountability Office
2012-07-17
-
Information Security: Cyber Threats Facilitate Ability to Commit Economic Espionage, Statement of Gregory C. Wilshusen, Director, Information Security Issues, Testimony Before the Subcommittee on Counterterrorism and Intelligence, Committee on Homeland Security, House of Representatives
"The threat of economic espionage--the theft of U.S. proprietary information, intellectual property (IP), or technology by foreign companies, governments, or other actors--has grown. Moreover, dependence on networked information technology (IT) systems has increased the reach and potential impact of this threat by making it possible for hostile actors to quickly steal massive amounts of information while remaining anonymous and difficult to detect. To address this threat, federal agencies have a key role to play in law enforcement, deterrence, and information sharing. Consistent with this threat, GAO [Government Accountability Office] has designated federal information security as a governmentwide high-risk area since 1997 and in 2003 expanded it to include protecting systems and assets vital to the nation (referred to as critical infrastructures). GAO was asked to testify on the cyber aspects of economic espionage. Accordingly, this statement discusses (1) cyber threats facing the nation's systems, (2) reported cyber incidents and their impacts, (3) security controls and other techniques available for reducing risk, and (4) the responsibilities of key federal entities in support of protecting IP. To do this, GAO relied on previously published work in this area, as well as reviews of reports from other federal agencies, media reports, and other publicly available sources. […] In prior reports, GAO has made hundreds of recommendations to better protect federal systems, critical infrastructures, and intellectual property."
United States. Government Accountability Office
2012-06-28
-
Deterrence in Cyberspace
From the thesis abstract: "There are significant differences between nuclear attack and cyber attack, but the development of cyber deterrence policy is relevant to the total defense of the United States' critical infrastructure and networked cyber systems. The rapidity, ambiguity of origination, and inexpensiveness of a cyber attack creates a problem that is not easily addressed by the strategies used in the implementation of nuclear deterrence. Similar to the nuclear deterrence policy developed during the Cold War, a policy for deterrence to compliment the United States' defense of its interests in cyberspace is needed today. Influencing the mental calculus of a potential adversary is a critical aspect of defending the nation's interests in cyberspace. Having the capabilities to effectively respond to enemy aggression in cyberspace is critical to deterrence as a strategy to defend the nation's critical infrastructure. The cyber attacks conducted against Georgia and Estonia during their conflicts with Russia demonstrate the ability for widespread effects at very little cost. While the private sector must do more to ensure that critical infrastructure is adequately protected, the government similarly needs to develop better policies to deter cyber attacks. The aspects of nuclear deterrence considered relevant to cyber deterrence in this paper are attribution, penalty, credibility, definition of attack, dependency, counter-productivity, awareness, and futility."
Joint Forces Staff College (U.S.). Joint Advanced Warfighting School
Rivera, Matthew
2012-06-13
-
Federal Laws Relating to Cybersecurity: Discussion of Proposed Revisions [May 10, 2012]
"For more than a decade, various experts have expressed increasing concerns about cybersecurity, in light of the growing frequency, impact, and sophistication of attacks on information systems in the United States and abroad. Consensus has also been building that the current legislative framework for cybersecurity might need to be revised. The complex federal role in cybersecurity involves both securing federal systems and assisting in protecting nonfederal systems. Under current law, all federal agencies have cybersecurity responsibilities relating to their own systems, and many have sector-specific responsibilities for critical infrastructure."
Library of Congress. Congressional Research Service
Fischer, Eric A.
2012-05-10
-
Cybersecurity: Selected Legal Issues [May 3, 2012]
"For many, the Internet has become inextricably intertwined with daily life. Many rely on it to perform their jobs, pay their bills, send messages to loved ones, track their medical care, and voice political opinions, among a host of other activities. Likewise, government and business use the Internet to maintain defense systems, protect power plants and water supplies, and keep other types of critical infrastructure running. Consequently, the federal government's role in protecting U.S. citizens and critical infrastructure from cyber attacks has been the subject of recent congressional interest. This report discusses selected legal issues that frequently arise in the context of legislation to address vulnerabilities of private critical infrastructure to cyber threats, efforts to protect government networks from cyber threats, and proposals to facilitate and encourage sharing of cyber threat information amongst private sector and government entities. This report also provides an overview of the ways in which federal laws of these types may preempt or affect the applicability of state law."
Library of Congress. Congressional Research Service
Liu, Edward C.; Stevens, Gina Marie; Ruane, Kathleen Ann
2012-05-03
-
Cybersecurity: Threats Impacting the Nation, Statement of Gregory C. Wilshusen, Director, Information Security Issues, Testimony Before the Subcommittee on Oversight, Investigations, and Management, Committee on Homeland Security, House of Representatives
"Nearly every aspect of American society increasingly depends upon information technology systems and networks. This includes increasing computer interconnectivity, particularly through the widespread use of the Internet as a medium of communication and commerce. While providing significant benefits, this increased interconnectivity can also create vulnerabilities to cyber-based threats. Pervasive and sustained cyber attacks against the United States could have a potentially devastating impact on federal and nonfederal systems, disrupting the operations of governments and businesses and the lives of private individuals. Accordingly, GAO [Government Accountability Office] has designated federal information security as a governmentwide high-risk area since 1997, and in 2003 expanded it to include protecting systems and assets vital to the nation (referred to as critical infrastructures). GAO is providing a statement that describes (1) cyber threats facing the nation's systems, (2) vulnerabilities present in federal information systems and systems supporting critical infrastructure, and (3) reported cyber incidents and their impacts. In preparing this statement, GAO relied on previously published work in these areas and reviewed more recent GAO, agency, and inspectors general work, as well as reports on security incidents. [...] GAO has previously made recommendations to resolve identified significant control deficiencies."
United States. Government Accountability Office
2012-04-24
-
Cybersecurity: Selected Legal Issues [April 20, 2012]
"The federal government's role in protecting U.S. citizens and critical infrastructure from cyber attacks has been the subject of recent congressional interest. Critical infrastructure commonly refers to those entities that are so vital that their incapacitation or destruction would have a debilitating impact on national security, economic security, or the public health and safety. This report discusses selected legal issues that frequently arise in the context of recent legislation to address vulnerabilities of critical infrastructure to cyber threats, efforts to protect government networks from cyber threats, and proposals to facilitate and encourage sharing of cyber threat information among private sector and government entities. This report also discusses the degree to which federal law may preempt state law. It has been argued that, in order to ensure the continuity of critical infrastructure and the larger economy, a regulatory framework for selected critical infrastructure should be created to require a minimum level of security from cyber threats. On the other hand, others have argued that such regulatory schemes would not improve cybersecurity while increasing the costs to businesses, expose businesses to additional liability if they fail to meet the imposed cybersecurity standards, and increase the risk that proprietary or confidential business information may be inappropriately disclosed."
Library of Congress. Congressional Research Service
Ruane, Kathleen Ann; Stevens, Gina Marie; Liu, Edward C.
2012-04-20
-
EMR-ISAC: InfoGram 16-12 [April 18, 2012]
This document from the Emergency Management and Response Information Sharing and Analysis Center is "distributed weekly to provide members of the Emergency Services Sector with information concerning the protection of their critical infrastructures." Sections include: "Cyber Attacks on Critical Infrastructure and 9-1-1"; "Federal Excess Personal Property (FEPP) Program"; and "Carbon Monoxide Poisoning Prevention Toolkit".
Emergency Management and Response-Information Sharing and Analysis Center (U.S.)
2012-04-18
-
EMR-ISAC: InfoGram 15-12 [April 11, 2012]
This document from the Emergency Management and Response Information Sharing and Analysis Center is "distributed weekly to provide members of the Emergency Services Sector with information concerning the protection of their critical infrastructures." Sections include: "National Level Exercise (NLE) 2012: Simulated Cyber Incident"; "Suspicious Activity Reporting (SAR) Training"; "North American Plan for Animal and Pandemic Influenza Newly Revised"; and "CSB [Chemical Safety and Hazard Investigation Board] Releases Volume 2 of Its Safety Video DVDs".
Emergency Management and Response-Information Sharing and Analysis Center (U.S.)
2012-04-11
-
Emergency Services Sector Cyber Risk Assessment
"The Emergency Services Sector Cyber Risk Assessment (ESS-CRA) evaluates risk to the sector by focusing on the ESS disciplines. The ESS-CRA uses the Department of Homeland Security (DHS) National Cyber Security Division's (NCSD) Cybersecurity Assessment and Risk Management Approach (CARMA). The six ESS disciplines assessed in this document are Law Enforcement, Fire and Emergency Services, Emergency Medical Services, Emergency Management, Public Works, and Public Safety Communications, and Coordination/Fusion. The assessment approach is not intended to be guidance for individual entities' risk management activities. Instead, the ESSCRA is intended to provide an all-hazards risk profile that ESS partners can use to inform resource allocation for research and development and other protective program measures to enhance the security and resilience of the ESS disciplines. By increasing the awareness of risks across the public and private sector domains, the ESS-CRA serves as a foundation for ongoing national-level collaboration to enhance the security and resilience of the ESS disciplines. The ESS-CRA is an initial effort to assess ESS risks across all six disciplines and serves as a baseline of national-level risk. The assessment addresses those operational or strategic risks to the ESS infrastructure that are of national concern based on the knowledge and subject matter expertise of those participating in the sector's risk assessment activities. This assessment does not address all threat scenarios faced by ESS entities or their users and customers. As noted in the assessment, there are areas that require additional collaborative study and further review."
United States. Department of Homeland Security
2012-04
-
Cybersecurity: Selected Legal Issues [March 14, 2012]
"The federal government's role in protecting U.S. citizens and critical infrastructure from cyber attacks has been the subject of recent congressional interest. Critical infrastructure commonly refers to those entities that are so vital that their incapacitation or destruction would have a debilitating impact on national security, economic security, or the public health and safety. This report discusses selected legal issues that frequently arise in the context of recent legislation to address vulnerabilities of critical infrastructure to cyber threats, efforts to protect government networks from cyber threats, and proposals to facilitate and encourage sharing of cyber threat information amongst private sector and government entities. This report also discusses the degree to which federal law may preempt state law. It has been argued that, in order to ensure the continuity of critical infrastructure and the larger economy, a regulatory framework for selected critical infrastructure should be created to require a minimum level of security from cyber threats. On the other hand, others have argued that such regulatory schemes would not improve cybersecurity while increasing the costs to businesses, expose businesses to additional liability if they fail to meet the imposed cybersecurity standards, and increase the risk that proprietary or confidential business information may be inappropriately disclosed. […] Several bills in the 112th Congress would seek to improve the nation's cybersecurity, and may raise some or all of the legal issues mentioned above."
Library of Congress. Congressional Research Service
Liu, Edward C.; Stevens, Gina Marie; Ruane, Kathleen Ann
2012-03-14
-
Cybersecurity: Cyber Crime Protection Security Act (S. 2111)--A Legal Analysis [March 12, 2012]
"The Cyber Crime Protection Security Act (S. 2111) would enhance the criminal penalties for the cyber crimes outlawed in the Computer Fraud and Abuse Act (CFAA). Those offenses include espionage, hacking, fraud, destruction, password trafficking, and extortion committed against computers and computer networks. S. 2111 contains some of the enhancements approved by the Senate Judiciary Committee when it reported the Personal Data Privacy and Security Act (S. 1151), S.Rept. 112-91 (2011). The bill would (1) establish a three-year mandatory minimum term of imprisonment for aggravated damage to a critical infrastructure computer; (2) streamline and increase the maximum penalties for the cyber crimes proscribed in CFAA; (3) authorize the confiscation of real property used to facilitate the commission of such cyber offenses and permit forfeiture of real and personal property generated by, or used to facilitate the commission of, such an offense, under either civil or criminal forfeiture procedures; (4) add such cyber crimes to the racketeering (RICO) predicate offense list, permitting some victims to sue for treble damages and attorneys' fees; (5) increase the types of password equivalents covered by the trafficking offense and the scope of federal jurisdiction over the crime; (6) confirm that conspiracies to commit one of the CFAA offenses carry the same penalties as the underlying crimes; and (7) provide that a cyber crime prosecution under CFAA could not be grounded exclusively on the failure to comply with a term of service agreement or similar breach of contract or agreement, apparently in response to prosecution theory espoused in 'Drew'. With the exception of this last limitation on prosecutions, the Justice Department has endorsed the proposals found in S. 2111. The bill has been placed on the Senate calendar. As of this date, S. 2111 has no House counterpart."
Library of Congress. Congressional Research Service
Doyle, Charles
2012-03-12
-
Chemical Sector Training Resources Guide
From the Introduction: "Security professionals in the Chemical Sector need to routinely train employees on industry best practices, physical and cybersecurity awareness, and emergency management and response. Sector partners have indicated, however, that it is difficult to identify affordable, convenient training. In order to assist sector partners with their training needs, the Chemical Sector-Specific Agency (SSA) within the U.S. Department of Homeland Security's (DHS) Office of Infrastructure Protection has compiled a list of free or low-cost training, Web-based classes, and seminars that are routinely available through one of several component agencies within DHS. While this is not an exhaustive list, it can be a useful resource for security professionals who wish to provide basic training and education for their employees, but who are also constrained by tight budgets. This pamphlet provides a brief overview of key organizations within DHS that offer these resources followed by a list of selected courses arranged by category."
United States. Department of Homeland Security
2012-03
-
Cybersecurity: Challenges in Securing the Modernized Electricity Grid, Statement of Gregory C. Wilshusen, Director Information Security Issues; David C. Trimble, Director Natural Resources and Environment, Testimony Before the Subcommittee on Oversight and Investigations, Committee on Energy and Commerce, House of Representatives
"The electric power industry is increasingly incorporating information technology (IT) systems and networks into its existing infrastructure as part of nationwide efforts--commonly referred to as the 'smart grid'--aimed at improving reliability and efficiency and facilitating the use of alternative energy sources such as wind and solar. Smart grid technologies include metering infrastructure ('smart meters') that enable two-way communication between customers and electricity utilities, smart components that provide system operators with detailed data on the conditions of transmission and distribution systems, and advanced methods for controlling equipment. The use of these systems can bring a number of benefits, such as fewer and shorter outages, lower electricity rates, and an improved ability to respond to attacks on the electric grid. However, this increased reliance on IT systems and networks also exposes the grid to cybersecurity vulnerabilities, which can be exploited by attackers. Moreover, for nearly a decade, GAO [Government Accountability Office] has identified the protection of systems supporting our nation's critical infrastructure--which include the electric grid--as a governmentwide high-risk area. GAO is providing a statement describing (1) cyber threats facing cyber-reliant critical infrastructures and (2) key challenges to securing smart grid systems and networks. In preparing this statement, GAO relied on its previously published work in this area."
United States. Government Accountability Office
2012-02-28
-
Smart Meter Data: Privacy and Cybersecurity [February 3, 2012]
"Fueled by stimulus funding in the American Recovery and Reinvestment Act of 2009 (ARRA), electric utilities have accelerated their deployment of smart meters to millions of homes across the United States with help from the Department of Energy's Smart Grid Investment Grant program. As the meters multiply, so do issues concerning the privacy and security of the data collected by the new technology. This Advanced Metering Infrastructure (AMI) promises to increase energy efficiency, bolster electric power grid reliability, and facilitate demand response, among other benefits. However, to fulfill these ends, smart meters must record near-real time data on consumer electricity usage and transmit the data to utilities over great distances via communications networks that serve the smart grid. Detailed electricity usage data offers a window into the lives of people inside of a home by revealing what individual appliances they are using, and the transmission of the data potentially subjects this information to interception or theft by unauthorized third parties or hackers. Unforeseen consequences under federal law may result from the installation of smart meters and the communications technologies that accompany them. This report examines federal privacy and cybersecurity laws that may apply to consumer data collected by residential smart meters. It begins with an examination of the constitutional provisions in the Fourth Amendment that may apply to the data. As we progress into the 21st century, access to personal data, including information generated from smart meters, is a new frontier for police investigations. The Fourth Amendment generally requires police to have probable cause to search an area in which a person has a reasonable expectation of privacy. However, courts have used the third-party doctrine to deny protection to information a customer gives to a business as part of their commercial relationship. This rule is used by police to access bank records, telephone records, and traditional utility records. Nevertheless, there are several core differences between smart meters and the general third-party cases that may cause concerns about its application. These include concerns expressed by the courts and Congress about the ability of technology to potentially erode individuals' privacy."
Library of Congress. Congressional Research Service
Murrill, Brandon J.; Liu, Edward C.; Thompson, Richard M., II
2012-02-03
-
2012: The FBI Story
"For the FBI [Federal Bureau of Investigation] and its partners, 2012 was a year that reminded us once again of the seriousness of the security threats facing our nation. During the year, extremists plotted to attack--unsuccessfully, thanks to the work of our Joint Terrorism Task Forces--the U.S. Capitol, the New York Federal Reserve Bank, and other landmarks on U.S. soil. Tragically, on the 11th anniversary of 9/11, a hateful attack in Benghazi took the lives of the U.S. Ambassador to Libya and three other Americans. In the cyber realm, a rising tide of hackers took electronic aim at global cyber infrastructure, causing untold damages. High-dollar white-collar crimes of all kinds also continued to siphon significant sums from the pocketbooks of consumers. And in Newtown, Connecticut, 20 young children and six adults lost their lives in one of the worst mass shootings in American history, ending a year of violence that saw similar tragedies around the country. Working with its colleagues around the globe, the FBI is committed to taking a leadership role in protecting the nation. As you can see from this book--an annual compilation of stories from the FBI's public website that provides a snapshot of Bureau milestones, activities, and accomplishments--we used the full range of our intelligence, investigative, and operational skills to address major threats during the year. We helped avert terrorist attacks and derail terrorist supporters, put cyber criminals and fraudsters behind bars, and dismantled violent gangs and organized crime groups. Today, as these pages make clear, protecting our country and our communities is truly a team effort. National security and law enforcement organizations are working together more closely than ever. At the same time, Americans from all walks of life can and do make a difference in solving and preventing crime and terrorism."
United States. Federal Bureau of Investigation
2012-01-23
-
Privacy Impact Assessment for the National Cyber Security Division Joint Cybersecurity Services Pilot (JCSP)
"The Department of Homeland Security (DHS) and the Department of Defense (DoD) are jointly undertaking a proof of concept known as the Joint Cybersecurity Services Pilot (JCSP). The JCSP extends the existing operations of the Defense Industrial Base (DIB) Exploratory Cybersecurity Initiative (DIB Opt-In Pilot) and shifts the operational relationship with the CSPs in the pilot to DHS. The JCSP is part of overall efforts by DHS and DoD to enable the provision of cybersecurity capabilities enhanced by U.S. government information to protect critical infrastructure information systems and networks. The purpose of the JCSP is to enhance the cybersecurity of participating DIB critical infrastructure entities and to protect sensitive DoD information and DIB intellectual property that directly supports DoD missions or the development of DoD capabilities from unauthorized access, exfiltration, and exploitation. The National Protection and Programs Directorate (NPPD) is conducting this Privacy Impact Assessment (PIA) on behalf of DHS because some known or suspected cyber threat information shared under the JCSP may contain information that could be considered personally identifiable information (PII)."
United States. Department of Homeland Security. Privacy Office
2012-01-13
-
Cyber Security Division: FY 2011 Annual Report
"In Fiscal Year 2011 (FY 2011), the U.S. Department of Homeland Security (DHS) Science and Technology (S&T) Directorate established the Cyber Security Division (CSD), within the Directorate's Homeland Security Advanced Research Projects Agency (HSARPA), in response to the increasing importance of the cybersecurity mission. CSD's mission is to develop and transition new technologies, tools, and techniques to protect and secure systems, networks, infrastructure, and users, improving the foundational elements of our nation's critical infrastructure and the world's information infrastructure; and, to provide coordination and research and development leadership across federal, state, and municipal government; international partners; the private sector; and academia to improve cybersecurity research infrastructure."
United States. Department of Homeland Security. Science and Technology Directorate
2012?
