Advanced search Help
Searching for terms: ALL (Cyber AND Infrastructure AND Protection) in: title or summary
Clear all search criteria
Only 2/3! You are seeing results from the Public Collection, not the complete Full Collection. Sign in to search everything (see eligibility).
-
Public Safety Communications: Ten Keys to Improving Emergency Alerts, Warnings & Notifications
From the Document: "Emergency alert, warning, and notification (AWN) systems help protect lives and property by identifying information about an impending threat, communicating that information to those who need it, and facilitating the timely taking of protective actions. SAFECOM, the National Council of Statewide Interoperability Coordinators (NCSWIC), and the Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) developed these best practices, known as the 'Ten Keys,' in conjunction with the AWN community as recommendations to help organizations enhance critical information sharing."
United States. Department Of Homeland Security. Office Of Cyber and Infrastructure Analysis
2019-04
-
Cybersecurity: Homeland Security Issues for the 116th Congress [March 29, 2019]
From the Document: "For policymaking purposes, 'cybersecurity' can be considered the security of 'cyberspace'. Taking this broad view allows policymakers to examine discrete elements of cybersecurity and determine which parts to address through the legislative process. Cyberspace, itself, includes the infrastructure necessary for the internet to work (e.g., wires, modems, and servers), the services used via the Internet (e.g., web applications and websites), the devices on the network (e.g., computers and Internet-of-Things devices), and the users of those devices. Cybersecurity involves many interrelated issues, such as education; workforce management; research and development; intelligence; law enforcement; and defense. Recent congressional activity and Member statements suggest that five specific cybersecurity topics with an intersection to homeland security may arise during the 116th Congress. This Insight first discusses the importance of risk management for cybersecurity, then introduces each of those topics: Information Sharing, Critical Infrastructure Protection and Cybersecurity, Cyber Supply Chain Risk Management, Federal Agency Oversight, and Data Protection and Privacy."
Library of Congress. Congressional Research Service
Jaikaran, Chris
2019-03-29
-
EMR-ISAC: InfoGram, Volume 19 Issue 9, March 28, 2019
The Emergency Management and Response Information Sharing and Analysis Center's (EMR-ISAC) InfoGram is a weekly publication of information concerning the protection of critical infrastructures relevant to members of the Emergency Services Sector. This issue includes the following articles: "Social Media Officer Safety Video Training Series"; "Fire as a Weapon"; "HHS [Department of Health and Human Services] Stands Up New Healthcare/Public Health Cybersecurity Center"; and "Webinar: Educate and Train Your Cybersecurity Workforce."
Emergency Management and Response-Information Sharing and Analysis Center (U.S.)
2019-03-28
-
Department of Homeland Security Cybersecurity Support to Nonfederal Levels of Government: State, Local, Tribal, and Territorial Government Entities (Fiscal Year 2018 Report to Congress)
From the Background: "This report is a response to P.L. 115-141, which compels CISA [Cybersecurity and Infrastructure Security Agency] and the Federal Emergency Management Agency (FEMA) to provide the House and Senate Appropriations Subcommittees on Homeland Security information about the types of grant assistance, technical assistance, and formal ongoing engagements available to state, local, tribal, and territorial (SLTT) government entities for the purpose of protecting their cyber networks."
United States. Department of Homeland Security
2019-03-26
-
S. Rept. 116-17: Activities of the Committee on Homeland Security and Governmental Affairs During the 115th Congress, March 25, 2019
From Highlights of Activities: "To improve our Nation's national security, the Committee identified emerging threats facing our Nation and proactively addressed them, whether to help secure our borders, strengthen our cybersecurity and protect critical infrastructure, combat terrorism, or improve the efficiency of the Department of Homeland Security (DHS, or the Department). The Committee helped enact legislation to protect Americans from the threats posed by drones in the hands of malicious actors, shield Federal networks from foreign adversaries, and improve our ability to combat human trafficking. To improve our Nation's economic security, the Committee has continued its job overseeing the Federal Government to help it work better for all Americans. The Committee examined political bias in the Federal bureaucracy, the President's steel and aluminum tariffs, and how the government can get out of the way of patients with terminal illnesses who are looking for new and promising treatments to try. The Committee worked together to approve bipartisan legislation to protect Federal whistleblowers from retaliation, improve the regulatory process, and make the government more efficient. The Committee also approved dozens of bills that protect taxpayer dollars by reducing wasteful government spending and addressing inefficient, duplicative, or nontransparent government programs."
United States. Government Publishing Office
2019-03-25
-
H. Rept. 115-1127: Legislative and Oversight Activities of the Committee on Homeland Security, Report Together with Additional Views, January 2, 2019
"The Committee on Homeland Security met on February 1, 2017, for an organizational meeting for the 115th Congress under the direction of Chairman Michael T. McCaul of Texas. The Committee Membership, was set at 32 Members with 18 Republicans and 14 Democrats. The Committee established six Subcommittees: The Subcommittee on Counterterrorism and Intelligence; the Subcommittee on Border and Maritime Security; the Subcommittee on Cybersecurity and Infrastructure Protection; the Subcommittee on Oversight and Management Efficiency; the Subcommittee on Transportation and Protective Security; and the Subcommittee on Emergency Preparedness, Response, and Communications."
United States. Government Publishing Office
2019-01-02
-
H. Rept. 115-1127: Legislative and Oversight Activities of the Committee on Homeland Security, 115th Congress, Together with Additional Views, January 2, 2019
From the Overview: "The Committee on Homeland Security met on February 1, 2017, for an organizational meeting for the 115th Congress under the direction of Chairman Michael T. McCaul of Texas. The Committee Membership, was set at 32 Members with 18 Republicans and 14 Democrats. The Committee established six Subcommittees: The Subcommittee on Counterterrorism and Intelligence; the Subcommittee on Border and Maritime Security; the Subcommittee on Cybersecurity and Infrastructure Protection; the Subcommittee on Oversight and Management Efficiency; the Subcommittee on Transportation and Protective Security; and the Subcommittee on Emergency Preparedness, Response, and Communications."
United States. Government Publishing Office
2019-01-02
-
Private Sector and Government Challenges and Opportunities to Promote the Cybersecurity and Resiliency of Our Nation's Critical Energy Infrastructure, Hearing Before the Committee on Energy and Natural Resources, United States Senate, One Hundred Fifteenth Congress, Second Session, March 1, 2018
This is the March 1, 2018 hearing on "Private Sector and Government Challenges and Opportunities to Promote the Cybersecurity and Resiliency of Our Nation's Critical Energy Infrastructure" held before the U.S. Senate Committee on Energy and Natural Resources. From the opening statement of Lisa Murkowski:"Cyberattacks are a well-documented and continuing threat. Every day we seem to hear of yet another incident. Increasingly, it appears that the bad actors are nation-states and sophisticated entities, such as organized crime or terror groups. These attacks are across-the-board and not limited, of course, to energy infrastructure. [...] What should the Federal Government do, or refrain from doing, to meet this dynamic and evolving threat? And how can the government help improve the cyber resiliency of critical energy infrastructure if a threat becomes a reality? [...] Protecting our nation's energy infrastructure, we all agree, is critical to maintaining so much of the American way of life. We must determine what the next appropriate steps will be to further identify and prevent cyber intrusions and increase resiliency in the event of an attack. Those solutions may not require more regulation, but rather more common sense and cooperation." Statements, letters, and materials submitted for the record include those of the following: Bruce J. Walker, Jim Matheson, Barbara Endicott-Popovsky, William H. Sanders, and Robert M. Lee.
United States. Government Publishing Office
2019
-
Interagency Cyber Cooperation: Roles, Responsibilities and Authorities of the Department of Defense and the Department of Homeland Security, Joint Hearing Before the Subcommittee on Emerging Threats and Capabilities of the Committee on Armed Services, Meeting Jointly with Subcommittee on Cybersecurity and Infrastructure Protection of the Committee on Homeland Security, House of Representatives, One Hundred Fifteenth Congress, Second Session, November 14, 2018
This is the November 14, 2018 hearing on "Interagency Cyber Cooperation: Roles, Responsibilities and Authorities of the Department of Defense and the Department of Homeland Security" held before the U.S. House Subcommittee on Emerging Threats and Capabilities of the Committee on Armed Services, Meeting Jointly with Subcommittee on Cybersecurity and Infrastructure Protection of the Committee on Homeland Security. From the opening statement of Elise M. Stefanik: "Today, we will examine interagency cyber cooperation and the roles, responsibilities, and authorities of the Department of Homeland Security [DHS] and the Department of Defense [DOD]. Holding this joint hearing has been a priority for this subcommittee for the past few months, and we are pleased that it has come together today. This is a timely opportunity to hear about recent interagency coordination efforts, and the status of related FY [fiscal year] 2019 NDAA [National Defense Authorization Act] provisions. This is a critically important topic that will shape our oversight going forward as we consider the long-term policy frameworks needed for the United States cyber enterprise." Statements, letters, and materials submitted for the record include those of the following: Jeanette Manfra, Kenneth Rapuano, and Bradford Shwedo.
United States. Government Publishing Office
2019
-
Resourcing DHS's Cybersecurity and Innovation Missions: A Review of the Fiscal Year 2020 Budget Request for the Cybersecurity and Infrastructure Security Agency and the Science and Technology Directorate, Hearing Before the subcommittee on Cybersecurity, Hearing Before the Subcommittee on Cybersecurity, Infrastructure Protection, and Innovation of the Committee on Homeland Security, House of Representatives, One Hundred Sixteenth Congress, First Session, April 30, 2019
This is the April 30, 2019 hearing on "Resourcing DHS's Cybersecurity and Innovation Missions: A Review of the Fiscal Year 2020 Budget Request for the Cybersecurity and Infrastructure Security Agency and the Science and Technology Directorate" held before the House Subcommittee on Cybersecurity, Infrastructure Protection, and Innovation of the Committee on Homeland Security. From the opening statement of Cedric L. Richmond: "From election security to supply chain security, we ask more of DHS's cybersecurity arm every year. Despite CISA's [Cybersecurity and Infrastructure Security Agency] growing mission, its budget has remained stagnant. Since taking office, the President and those around him have paid a lot of lip-service to the issues related to cybersecurity and innovation. But there hasn't been much follow-through." Statements, letters, and materials submitted for the record include those of the following: Christopher C. Krebs, and William Bryan.
United States. Government Publishing Office
2019
-
Advanced Cyber Technologies That Could Be Used to Help Protect Electric Grids and Other Energy Infrastructure from Cyberattacks, Hearing Before the Committee on Energy and Natural Resources, United States Senate, One Hundred Fifteenth Congress, First Session, October 26, 2017
This is the October 26, 2017 hearing on "Advanced Cyber Technologies That Could Be Used to Help Protect Electric Grids and Other Energy Infrastructure from Cyberattacks," held before the U.S. Senate Committee on Energy and Natural Resources. From the Opening Statement of Lisa Murkowski: "In this Congress, we have held a series of hearings focused on cybersecurity, electromagnetic pulse, and grid security issues at both the full and the subcommittee levels. During today's hearing, we will add to that, by looking at advanced and emerging cyber technologies and processes that are being developed in our national labs and in the private sector. These are technological improvements and sometimes breakthroughs, that could be used to protect the grid, as well as other critical energy infrastructure, from future cyberattacks." Statements, letters, and materials submitted for the record include those of the following: Carl Imhoff, Richard Raines, Zachary Tudor, Duncan Earl, and Daniel Riedel.
United States. Government Publishing Office
2019
-
Serial No. 115-75: Understanding the Cybersecurity of America's Aviation Sector, Joint Hearing Before the Subcommittee on Cybersecurity and Infrastructure Protection and the Subcommittee on Transportation and Protective Security of the Committee on Homeland Security, House of Representatives, One Hundred Fifteenth Congress, Second Session, September 6, 2018
This is the September 6, 2018 hearing on "Understanding the Cybersecurity of America's Aviation Sector" held before Subcommittees of the House Committee on Homeland Security. From the opening statement of John Ratcliffe: "I have always said that cybersecurity is National security. There is no better example of that than in the aviation industry. When we think of threats to the industry, traditional avenues of attack are what first come to mind. These threats, like hijackings and bombings, will continue to pose a major security concern moving forward. However, as devices, aircraft, and systems become more interconnected, cybersecurity will increasingly play a larger role in aviation security. That is because nation-states, cyber criminals, and hacktivists all possess an incentive to manipulate systems within this sector. Whether it be looking to gain a competitive advantage, or financially motivated actions, or simply a political statement, the space will always be crowded by malicious actors seeking to do us harm. That is why we need to understand all avenues of attack, to prioritize their severity and to mitigate those vulnerabilities as quickly as we can." Statements, letters, and materials submitted for the record include those of the following: Christopher Porter, Jeffrey L. Troy, and Michael A. Stephens.
United States. Government Publishing Office
2019
-
S. Rept. 116-27: DHS Cyber Hunt and Incident Response Teams Act of 2019, Report of the Committee on Homeland Security and Governmental Affairs, United States Senate, to Accompany S. 315 to Authorize Cyber Hunt and Incident Response Teams at the Department of Homeland Security, and for Other Purposes, April 8, 2019
From the Document: "The purpose of S. 315, the Department of Homeland Security Cyber Hunt and Incident Response Teams Act of 2019, is to authorize the Department of Homeland Security (DHS, or the Department) to maintain cyber hunt and incident response teams (teams), codify an existing program within the Department, and foster public-private cooperation. The legislation instructs the Department to ensure that the teams assist in protecting infrastructure from cyber threats and help restore the functionality of private or public infrastructure following a cyberattack. The teams must also identify cybersecurity risks, develop mitigation strategies, and provide guidance to infrastructure owners."
United States. Government Publishing Office
2019
-
Serial No. 116-2: Securing U.S. Surface Transportation from Cyber Attacks, Joint Hearing Before the Subcommittee on Transportation and Maritime Security and the Subcommittee on Cybersecurity, Infrastructure Protection, and Innovation, House of Representatives, One Hundred Sixteenth Congress, First Session, February 26, 2019
This is the February 26, 2019 hearing on "Securing U.S. Surface Transportation from Cyber Attacks," held before the U.S. House Subcommittee on Transportation and Maritime Security and the Subcommittee on Cybersecurity, Infrastructure Protection, and Innovation. From the opening statement of J. Luis Correa: "We are here today to discuss a very important topic: Cybersecurity in our Nation's mass transit, rail, pipeline, and other surface transportation systems. Cyber threats are a growing concern for security experts across many sectors and the surface transportation sector is no different. Millions of Americans, we rely on surface transportation every day and an attack against a large subway system or pipeline could have hugely negative effects on all of us." Statements, letters, and materials submitted for the record include those of the following: Robert Kolasky, Sonya T. Proctor, James A. Lewis, and Rebecca Gagliostro.
United States. Government Publishing Office
2019
-
Federal Protective Service: Ensuring the Mission is Not Lost in Transition, Hearing Before the Subcommittee on Oversight, Management, and Accountability of the Committee on Homeland Security, House of Representatives, One Hundred Sixteenth Congress, First Session, June 11, 2019
This is the June 11, 2019 hearing on "Federal Protective Service: Ensuring the Mission is Not Lost in Transition," held before the House Subcommittee on Oversight, Management, and Accountability of the Committee on Homeland Security. From the Opening Statement of Torres Small: "We are here today to discuss the plans to transition the Federal Protective Service, or FPS, from Cybersecurity and Infrastructure Security Agency to the Management Directorate of the Department of Homeland Security. [...] In 2002, when DHS was formed, it became the primary Federal department responsible for the protection of all buildings, grounds, and property owned, occupied, or structured or secured by the Federal Government. Consequently, DHS has become the new home for FPS. However, since then, FPS has struggled to find the right placement within DHS's structure. [...] Nearly 6 years ago, and less than 2 miles away from here, 12 people lost their lives during the Washington Navy Yard shooting. In 2015, in my home State in New Mexico, a Social Security office in Albuquerque was the target of a gunman. FPS officers were amongst the first responders to both incidents, and to the tens of thousands of calls for service at Federal facilities annually. In order to ensure that we don't have repeats of these unfortunate circumstances, we must fully equip and resource FPS. That means ensuring that this latest transition, the third transition, is successful, that it endeavors to make FPS more self-sustaining." Statements, letters, and materials submitted for the record include those of the following: L. Eric Patterson and Lori Rectanus.
United States. Government Publishing Office
2019
-
Cyber Defense Review Special Edition (2019)
This Special Edition of the Cyber Defense Review is based on the International Conference on Cyber Conflict (CYCON U.S.) held November 14 -15, 2018. The following articles are included: "Combining Recurrence Quantification Analysis and Adaptive Clustering to Detect DDoS [Distributed Denial of Service] Attacks" by Marcelo Antonio Righi and Raul Ceretta Nunes; "The Calculus of Protecting Interstate Competition from Cyberattack" by Vaughn H. Standley and Roxanne B. Everetts; "Critical Infrastructure Protection at the Local Level" by Colin Brooks; "Applied computational social choice theory as a framework for new cyber threats" by David M. Perlman; "Predicting enterprise cyber incidents using social network analysis on dark web hacker forums" by Soumajyoti Sarkar, Jana Shakarian, Mohammad Almukaynizi, and Paulo Shakarian; "Cyber Acquisition" by Thomas Klemas, Rebecca K. Lively, and Nazli Choucri; "United by Necessity: Conditions for Institutional Cooperation against Cybercrime" by Jobel Kyle P. Vecino; "Feed the Bears, Starve the Trolls" by Nina A. Kollars and Michael B. Petersen; "Beyond the United Nations Group of Governmental Experts" by John A. Davis and Charlie Lewis; "A Model for Evaluating Fake News" by Char Sample, Connie Justice, and Emily Darraj; "Strategic Cyber: Responding to Russian Online Information Warfare" by Matthew J. Flynn; "Fake News, (Dis)information, and the Principle of Nonintervention" by Annachiara Rotondo and Pierluigi Salvati; "Defense Support to the Private Sector" by Jason Healey and Erik B. Korn; "Borders in Cyberspace" by Michael Warner; and "Persistent Engagement, Agreed Competition, and Cyberspace Interaction Dynamics and Escalation" by Michael P. Fischerkeller and Richard J. Harknett.
Army Cyber Institute, West Point
2019
-
Authorities and Resources Needed to Protect and Secure the United States, Hearing Before the Committee on Homeland Security and Governmental Affairs, United States Senate, One Hundred Fifteenth Congress, Second Session, May 15, 2018
This is the May 15, 2018 hearing titled "Authorities and Resources Needed to Protect and Secure the United States" held before the Senate Committee on Homeland Security and Governmental Affairs. From the opening statement of Ron Johnson: "This hearing will come to order. I want to welcome Secretary Kirstjen Nielsen. [...] I know in the omnibus, Section 72, the flexibility of reorganizing parts of your Department was actually taken away, which is important when we take a look at National Protection and Programs Division (NPPD), turning that into the Cybersecurity and Infrastructure Security Act (CISA). These are the things that you need to do to do your job to keep this Nation safe. In cooperation with your Department we are working with a number of Members. I see two of them that are cosponsors right now, to the Preventing Emerging Threats Act of 2018, which a big part of that is really addressing countering unmanned aircraft systems (UAS), which is a growing threat." Statements, letters, and materials submitted for the record include those of the following: Kirstjen M. Nielsen.
United States. Government Publishing Office
2019
-
CISA Insights: Enhance Email & Web Security
From the Document: "Phishing emails and the use of unencrypted Hypertext Transfer Protocol (HTTP) remain persistent channels through which malicious actors can exploit vulnerabilities in an organization's cybersecurity posture. Attackers may spoof a domain to send a phishing email that looks like a legitimate email. At the same time, users transmitting data via unencrypted HTTP protocol, which does not protect data from interception or alteration, are vulnerable to eavesdropping, tracking, and the modification of the data itself. The Cybersecurity and Infrastructure Security Agency (CISA) encourages its State, Local, Tribal and Territorial (SLTT) government partners, as well as private entities, to use this guide to learn more about this threat and associated mitigation activities."
United States. Cybersecurity & Infrastructure Security Agency
2019?
-
Supply Chain Risk Management [presentation]
From the Presentation: "[1] A renewed focus on supply chain risk management (SCRM) in the context of national security, its importance to the prosperity of the larger U.S. economy, and its entwined cyber threats, make SCRM a new and critical aspect of CISA [Cybersecurity and Infrastructure Security Agency] concern; [2] Increasing CISA is talking about SCRM as 'National Industrial Base Security' to allow for a precise conversation both on the nature of the evolving threat and how CISA means to adapt to protect the U.S.; [3] SCRM has historically been seen as the purview of the Department of Defense under The Defense Production Act and derived from that laws Title 3 authority; [4] This historic lens has focused much of the discussion about supply chain security around those industries and applications that held intrinsic defense applications and largely ignored the greater uses to society."
United States. Cybersecurity & Infrastructure Security Agency
2019?
-
H. Rept. 115-1099: Summary on the Activities of the Committee on Transportation and Infrastructure for the 115th Congress, Report, December 21, 2018
"This bill amends the Homeland Security Act of 2002 to redesignate the Department of Homeland Security's (DHS's) National Protection and Programs Directorate as the Cybersecurity and Infrastructure Security Agency (CISA) to be headed by a Director of National Cybersecurity and Infrastructure Security to lead national efforts to protect and enhance the security and resilience of U.S. cybersecurity, emergency communications, and critical infrastructure. CISA shall be composed of DHS components reorganized as: (1) the Cybersecurity Division; (2) the Infrastructure Security Division; and (3) the Emergency Communications Division, which was previously the Office for Emergency Communications. The agency will also have a privacy officer to ensure compliance with relevant federal laws. CISA must carry out DHS's responsibilities concerning chemical facilities antiterrorism standards."
United States. Government Publishing Office
2018-12-21
-
Cybersecurity: Federal Agencies Met Legislative Requirements for Protecting Privacy When Sharing Threat Information
"Federal agencies and our nation's critical infrastructures, such as communications and financial services, are dependent on information technology systems and electronic data to carry out operations and to process, maintain, and report essential information. The security of these systems and data is vital to public confidence and national security, prosperity, and well-being. Yet, cyber-based intrusions and attacks on federal and nonfederal systems have become not only more numerous and diverse, but also more damaging and disruptive. For example, a data breach reported in July 2015 at the Office of Personnel Management affected at least 21.5 million individuals and compromised federal employees' personal information, including Social Security numbers, residency and education history, employment history, financial history, and the fingerprints of approximately 5.6 million individuals. Due to cyber-based threats to federal systems and critical infrastructure, the persistent nature of information security vulnerabilities, and associated risks, we have continued to designate information security as a government-wide high-risk area in our most recent biennial report to Congress--a designation we have made in each high-risk report since 1997. We expanded this area beyond federal information systems to include the protection of cyber critical infrastructure in 2003 and protecting the privacy of personally identifiable information in 2015."
United States. Government Accountability Office
2018-12-06
-
Surviving a Catastrophic Power Outage: How to Strengthen the Capabilities of the Nation
"The nation has steadily improved its ability to respond to major disasters and the power outages that often result. But increasing threats--whether severe natural disasters, cyber-physical attacks, electromagnetic events, or some combination--present new challenges for protecting the national power grid and recovering quickly from a catastrophic power outage. The President's National Infrastructure Advisory Council (NIAC) was tasked to examine the nation's ability to respond to and recover from a catastrophic power outage of a magnitude beyond modern experience, exceeding prior events in severity, scale, duration, and consequence. Simply put, how can the nation best prepare for and recover from a catastrophic power outage, regardless of the cause?"
National Infrastructure Advisory Council (U.S.)
2018-12
-
EMR-ISAC: InfoGram, Volume 18 Issue 47, November 29, 2018
The Emergency Management and Response Information Sharing and Analysis Center's (EMR-ISAC) InfoGram is a weekly publication of information concerning the protection of critical infrastructures relevant to members of the Emergency Services Sector. This issue includes the following articles: "After-action review of fire response to Pulse nightclub shooting"; "DHS Regional Resiliency Assessment Program"; "New Cybersecurity and Infrastructure Security Agency"; and "Webinar: A Culture of Preparedness".
Emergency Management and Response-Information Sharing and Analysis Center (U.S.)
2018-11-29
-
Critical Infrastructure Protection at the Local Level: Water and Wastewater Treatement Facilities
"The increasing number of Industrial Control System (ICS) vulnerabilities, coupled with continuing revelations about ICS compromises, emphasizes the importance of securing critical infrastructure (CI) against cyber threats. The ability to adversely affect the operation of an ICS through cyberspace is exacerbated by increasing use of automations and implementation of common routing protocols to communicate with control devices. Local water treatment facilities are particularly vulnerable to this attack vector due to the need to manage key functions with minimal staff. Reacting to specific cyber risks without developing a holistic method to manage risk provides only a modicum of protection. This monograph demonstrates how focusing on risk management as a mitigation strategy-not individual risks-maximizes the security efforts at the local level. Some basic IT [information technology] security practices such as access control, physical security, and operations security can be applied to ICS security. However, determining which security controls to select and evaluating their effectiveness requires a process or framework that holistically considers risk across the enterprise. A risk management framework (RMF) allows an organization to assess risk in terms of impact to overall business operation: instead of assessing risks isolated to particular divisions within the organization. The National Institute of Standards and Technology (NIST) RMF, National Infrastructure Protection Plan (NIPP) RMF, and the NIST Cybersecurity for Critical Infrastruture are three complementary frameworks water facilities can employ to facilitate risk mitigation in a cost effective way."
Army Cyber Institute, West Point
Brooks, Colin
2018-11-14
-
Federal Information Security Modernization Act of 2014: Annual Report to Congress, Fiscal Year 2018
From the Executive Summary: "The cybersecurity threats facing the Federal Government, and our Nation as a whole, clearly demonstrate the need for vigilance to protect the country's data and digital infrastructure. America's networks, both public and private, remain top targets of malicious actors the world over. This environment demonstrates that effective cybersecurity requires any organization -- whether a Federal agency or a public or private company -- to identify, prioritize, and manage cyber risks across its enterprise. [...] The Federal Government must continue to act to reduce the impact that cybersecurity incidents have on the Federal enterprise. Accordingly, this annual report to Congress on the implementation of the Federal Information Security Modernization Act of 2014 highlights government-wide programs and initiatives as well as agencies' progress to enhance Federal cybersecurity over the past year and into the future."
United States. Executive Office of the President; United States. Office of Management and Budget
2018-10-31
-
EMR-ISAC: InfoGram, Volume 18 Issue 41, October 11, 2018
The Emergency Management and Response Information Sharing and Analysis Center's (EMR-ISAC) InfoGram is a weekly publication of information concerning the protection of critical infrastructures relevant to members of the Emergency Services Sector. This issue includes the following articles: "Long-term health effects of major hurricanes"; "Resources for a cyber-safe Emergency Services Sector workforce"; and "Scholarships for fire, emergency medicine and hazmat training".
Emergency Management and Response-Information Sharing and Analysis Center (U.S.)
2018-10-11
-
Congressional Budget Office Cost Estimate: H.R. 6620: The Protecting Critical Infrastructure Against Drones and Emerging Threats Act; H.R. 6735, The Public-Private Cybersecurity Cooperation Act; H.R. 6740, The Border Tunnel Task Force Act
"On September 25, the House of Representatives passed the following three pieces of legislation: [1] H.R. 6620, the Protecting Critical Infrastructure Against Drones and Emerging Threats Act, which would require the Department of Homeland Security (DHS) to prepare assessments of the threats presented by unmanned aircraft systems (often called drones) and other emerging threats associated with such new technologies; [2] H.R. 6735, the Public-Private Cybersecurity Cooperation Act, which would require DHS to establish procedures for people or organizations to report vulnerabilities in the department's information systems; and [3] H.R. 6740, the Border Tunnel Task Force Act, which would direct DHS to establish task forces to combat threats from cross-border tunnels; the task forces could include personnel from federal, state, local, and tribal agencies. CBO [Congressional Budget Office] estimates that enacting the legislation would not significantly affect spending by DHS in any fiscal year because the department could largely implement each act with existing personnel."
United States. Congressional Budget Office
2018-09-27
-
High-Risk Series: Urgent Actions Are Needed to Address Cybersecurity Challenges Facing the Nation, Statement of Gene L. Dodaro, Comptroller General of the United States, Testimony Before the Subcommittees on Government Operations and Information Technology, Committee on Oversight and Government Reform, House of Representatives
"Federal agencies and the nation's critical infrastructures--such as energy, transportation systems, communications, and financial services--are dependent on information technology systems to carry out operations. The security of these systems and the data they use is vital to public confidence and national security, prosperity, and well-being. The risks to these systems are increasing as security threats evolve and become more sophisticated. GAO [Government Accountability Office] first designated information security as a government-wide high-risk area in 1997. This was expanded to include protecting cyber critical infrastructure in 2003 and protecting the privacy of personally identifiable information in 2015."
United States. Government Accountability Office
2018-07-25
-
Serial No. 115-73: Assessing the State of Federal Cybersecurity Risk Determination, Hearing Before the Subcommittee on Cybersecurity and Infrastructure Protection of the Committee on Homeland Security, House of Representatives, One Hundred Fifteenth Congress, Second Session, July 25, 2018
This is the July 25, 2018 hearing on "Assessing the State of Federal Cybersecurity Risk Determination," held before the U.S. House Subcommittee on Cybersecurity and Infrastructure Protection of the Committee on Homeland Security. From the opening statement of Hon. John Ratcliffe: "The subcommittee is meeting this morning to receive testimony regarding how the Federal Government understands and manages enterprise-wide cybersecurity risks. I now recognize myself for an opening statement. As we convene today, this subcommittee is concerned that the Federal Government is not yet equipped to determine how threat actors seek to gain access to our private information." Statements, letters, and materials submitted for the record include those of the following: Ken Durbin, Summer Fowler, and Ari Schwartz.
United States. Government Publishing Office
2018-07-25
-
Cooperative, Trusted Software Repair for Cyber Physical System Resiliency
"Cyber physical systems (CPS) form a ubiquitous, networked computing substrate, which is increasingly essential to our nation's civilian and military infrastructure. These systems must be highly resilient to adversaries, perform mission critical functions despite known and unknown vulnerabilities, and protect and repair themselves during or after operational failures and cyber-attacks. We believe that an automated CPS repair approach that can prevent failures of related, mission-critical systems is a necessary component to support the resiliency and survivability of our nation's infrastructure. We developed and evaluated techniques to cooperatively repair certain general classes of cyber physical systems, and to increase the confidence of human operators in the trustworthiness of the repairs and the subsequent system behavior. We used embedded systems platforms, including quadrotor autonomous vehicles, to demonstrate and validate our approach."
Air Force Research Laboratory (Wright-Patterson Air Force Base, Ohio). Information Directorate
Weimer, Westley; Forrest, Stephanie; Le Goues, Claire . . .
2018-07
