Advanced search Help
Searching for terms: ALL (Cyber AND Infrastructure AND Protection) in: title or summary
Clear all search criteria
Only 2/3! You are seeing results from the Public Collection, not the complete Full Collection. Sign in to search everything (see eligibility).
-
S. Rept. 115-412: DHS Cyber Incident Response Teams Act of 2018, to Accompany S. 3309, December 4, 2018
"The purpose of S. 3309, the Department of Homeland Security Cyber Incident Response Teams Act of 2018, is to authorize the Department to maintain cyber hunt and incident response teams (teams), codify an existing program within the Department, and foster public-private cooperation. The legislation instructs the Department to ensure that the teams assist in protecting infrastructure from cyber threats and help restore the functionality of private or public infrastructure following a cyberattack. The teams must also identify cybersecurity risks, develop mitigation strategies, and provide guidance to infrastructure owners. The bill helps build public-private partnerships by authorizing the Department to include private cybersecurity specialists on the teams. To help inform the Congress about the extent to which the teams are effective in accomplishing their mission and whether the Department was effectively mitigating cybersecurity risk, the Department must maintain metrics and provide reports to the appropriate Congressional committees."
United States. Government Publishing Office
2018
-
Information Infrastructure Group Report (1998)
Since the last meeting of the President's National Security Telecommunications Advisory Committee (NSTAC), December 1997, the Information Infrastructure Group (IIG) has concentrated its efforts on issues related to information assurance, infrastructure protection,
electronic commerce, and cyber security. The IIG established two subgroups to investigate these topics, the Transportation Information Infrastructure Risk Assessment Subgroup and the Electronic Commerce (EC)/Cyber Security Subgroup. The Transportation Information Infrastructure Risk Assessment Subgroup report recommended that more information be gathered, particularly in the area of intermodal transportation, and concluded that broader participation from the transportation industry was desirable. The EC/Cyber Security Subgroup developed an issue paper that focused on one aspect of EC/cyber security training and forensics. That paper centers on the importance of industry and Government cooperation in addressing cyber security. This paper focuses on the analysis, conclusions and recommendations of these groups.
United States. President's National Security Telecommunications Advisory Committee
1998-09
-
Fiscal Year 2009 Homeland Security Grant Program: Supplemental Resource: Cyber Security Guidance
This Cyber Security Guidance document provides supplemental information to the United Stated Department of Homeland Securities Fiscal Year 2009 Homeland Security Grant Program. "With the pervasiveness of information technology (IT) and cyber networks systems in nearly every aspect of society, effectively securing the Nation's critical infrastructure requires investments in network resiliency as well as cyber infrastructure protection. As all levels of government now rely on cyber networks and assets to provide national security, public safety, and economic prosperity, their operations depend on information systems that are maintained, protected, and secured from exploitation and attack. The increasing frequency and sophistication of cyber attacks on critical infrastructure and key resources (CIKR) requires planning across all State, local, Tribal, and Territorial (SLTT) homeland security components to develop robust strategies to prepare for and respond to events that can degrade or destroy SLTT governments' abilities to deliver essential services to citizens and prepare for the impact of terrorist activity or natural disaster."
United States. Department of Homeland Security
2008-11
-
Cybersecurity: Challenges in Securing the Electricity Grid: Statement of Gregory C. Wilshusen, Director, Information Security Issues, Testimony Before the Committee on Energy and Natural Resources, U.S. Senate
"The electric power industry is increasingly incorporating information technology (IT) systems and networks into its existing infrastructure (e.g., electricity networks, including power lines and customer meters). This use of IT can provide many benefits, such as greater efficiency and lower costs to consumers. However, this increased reliance on IT systems and networks also exposes the grid to cybersecurity vulnerabilities, which can be exploited by attackers. Moreover, GAO [Government Accountability Office] has identified protecting systems supporting our nation's critical infrastructure (which includes the electricity grid) as a governmentwide high-risk area. GAO was asked to testify on the status of actions to protect the electricity grid from cyber attacks. Accordingly, this statement discusses (1) cyber threats facing cyber-reliant critical infrastructures, which include the electricity grid, and (2) actions taken and challenges remaining to secure the grid against cyber attacks. In preparing this statement, GAO relied on previously published work in this area and reviewed reports from other federal agencies, media reports, and other publicly available sources. […] In a prior report, GAO has made recommendations related to electricity grid modernization efforts, including developing an approach to monitor compliance with voluntary standards. These recommendations have not yet been implemented."
United States. Government Accountability Office
2012-07-17
-
U.S. Computer Emergency Readiness Team Makes Progress in Securing Cyberspace, but Challenges Remain
"US-CERT [U.S. Computer Emergency Readiness Team] has made progress in implementing a cybersecurity program to assist federal agencies in protecting their information technology systems against cyber threats. Specifically, it has facilitated cybersecurity information sharing with the public and private sectors through various working groups, issuing notices, bulletins, and reports, and web postings. Further, the Office of Cybersecurity and Communications has established a unified operations center that includes US-CERT to address threats and incidents affecting the nation's critical information technology and cyber infrastructure. To increase the skills and expertise of its staff, US-CERT has developed a technical mentoring program to offer cybersecurity and specialized training. Still, US-CERT can further improve its analysis and warning program. For example, US-CERT must improve its management oversight by developing a strategic plan, establishing performance measures, and approving policies and procedures to ensure that its analysis and warning program is effective. It must also ensure that it has sufficient staff to perform its mission. Additionally, it should improve its information sharing and communications coordination efforts with the public. Finally, US-CERT needs to improve its situational awareness and identification capability by monitoring the federal cyber infrastructure for network anomalies in real-time."
United States. Department of Homeland Security. Office of Inspector General
2010-06
-
H. Rept. 115-794: Cyber Sense Act of 2018, Report to Accompany H.R. 5239, Including Cost Estimate of the Congressional Budget Office, June 28, 2018
From the Purpose and Summary: "H.R. 5239, Cyber Sense Act of 2018, was introduced by Rep. Robert Latta (R-OH) and Rep. Jerry McNerney (D-CA) on March 9, 2018. H.R. 5239 would establish a voluntary Department of Energy (DOE) program that tests the cybersecurity of products and technologies intended for use in the bulk-power system, including products related to industrial control systems. The legislation instructs DOE to provide technical assistance to electric utilities, product manufacturers, and other electricity sector stakeholders to help mitigate cybersecurity vulnerabilities. In addition, the bill requires the Secretary of Energy to establish cybersecurity vulnerability re-porting processes and maintain a related database. [...] H.R. 5239 directs the Secretary to provide reasonable notice and solicit comments from the public prior to establishing or revising the Cyber Sense testing process. The legislation provides that any cybersecurity vulnerability reported pursuant to this program, the disclosure of which the Secretary of Energy reasonably foresees would cause harm to critical electric infrastructure, shall be deemed 'critical electric infrastructure information' as defined by section 215A(d) of the Federal Power Act. The legislation also includes Federal government liability protections by noting that nothing shall be construed to authorize the commencement of an action against the United States government with respect to the testing of a product or technology under the Cyber Sense program."
United States. Government Publishing Office
2018-06-28
-
US-CERT [website]
"The United States Computer Emergency Readiness Team (US-CERT) is a partnership between the Department of Homeland Security and the public and private sectors. Established in 2003 to protect the nation's Internet infrastructure, US-CERT coordinates defense against and responses to cyber attacks across the nation. US-CERT is charged with protecting our nation's Internet infrastructure by coordinating defense against and response to cyber attacks. US-CERT is responsible for: analyzing and reducing cyber threats and vulnerabilities; disseminating cyber threat warning information; and coordinating incident response activities. US-CERT interacts with federal agencies, industry, the research community, state and local governments, and others to disseminate reasoned and actionable cyber security information to the public. US-CERT also provides a way for citizens, businesses, and other institutions to communicate and coordinate directly with the United States government about cyber security."
United States. Department of Homeland Security
-
Audit Report: Federal Energy Regulatory Commission's Monitoring of Power Grid Cyber Security
"Congress passed the Energy Policy Act of 2005 (Energy Policy Act), giving the Federal Energy Regulatory Commission (Commission) jurisdiction to conduct oversight of the bulk power system, commonly referred to as the bulk electric system or power grid, including the approval of mandatory cyber security reliability standards. The bulk electric system consists of approximately 1,600 entities operating at 100 kilovolts or higher. The system does not, however, include distribution to end-users, as that function remains under the jurisdiction of state public utility commissions. In July 2006, the Commission, as authorized in the Energy Policy Act, designated the North American Electric Reliability Corporation (NERC) as the Electric Reliability Organization (ERO). As the ERO, NERC has the sole authority to propose reliability standards for the power grid to the Commission for approval. […] Security over the Nation's power grid remains a critical area of concern. Recent testimony before Congress disclosed various issues, including the existence of significant vulnerabilities in the power grid's infrastructure and many utilities that were not in compliance with the standards. Because of the importance of its efforts to secure the bulk electric system, we initiated this audit to determine whether the Commission adequately monitored cyber security over the Nation's power grid. […] Although the Commission had taken steps to ensure CIP [Critical Infrastructure Protection] cyber security standards were developed and approved, our testing revealed that such standards did not always include controls commonly recommended for protecting critical information systems. In addition, the CIP standards implementation approach and schedule approved by the Commission were not adequate to ensure that systems-related risks to the Nation's power grid were mitigated or addressed in a timely manner."
United States. Department of Energy. Office of Inspector General
2011-01
-
Securing Cyberspace: Efforts to Protect National Information Infrastructures Continue to Face Challenges, Hearing Before the Federal Financial Management, Government Information, and International Security Subcommittee of the Committee on Homeland Security and Governmental Affairs, United States Senate, One Hundred Ninth Congress, First Session, July 19, 2005
From the opening statement of subcommittee chairman Tom Coburn, "This is the first of probably many hearings on cyber security within the Federal Government and I am going to have a very limited opening statement. [...] First of all, the United States does not currently have a robust ability to detect a coordinated cyber attack on our critical infrastructure, or does it have a measurable recovery and reconstitution plan for key mechanisms of the Internet and telecommunications system. Second, the Department of Homeland Security has not completed the National Infrastructure Protection Plan. Third, cyber attacks on control systems can be targeted from remote locations around the globe. We know that. Fourth, DHS is responsible for protecting the Nation's critical infrastructures. However, 85 percent of all the critical infrastructures are controlled by the private sector. And then, finally, there is a lack of stable leadership at the National Cyber Security Division, which has hurt its ability to maintain trusted relationships with the private sector and has hindered its ability to adequately plan and execute activities." Statements, letters, and materials submitted for the record include those of the following: Tom Coburn, Thomas R. Carper, Daniel K. Akaka, Susan M. Collins, Donald (Andy) Purdy, Jr., David A. Powner, Paul M. Skare and Thomas M. Jarrett.
United States. Government Printing Office
2006
-
Continuous Diagnostics and Mitigation Program Data Protection Management - How is Data Protected?
From the Document: "The Cybersecurity and Infrastructure Security Agency's Continuous Diagnostics and Mitigation (CDM) Program is a dynamic approach to fortifying the cybersecurity of government networks and systems. The CDM Program provides cybersecurity tools, integration services, and dashboards to participating agencies to help them improve their respective security postures. The CDM Program ultimately reduces the threat surface and improves federal cybersecurity response through four capability areas: Asset Management, Identity and Access Management, Network Security Management, and Data Protection Management (DPM). The DPM capability is intended to provide additional protections to the most critical mission data and systems on federal civilian networks. While the other CDM capabilities provide broader protections across federal networks, the DPM capability is focused on protecting sensitive (especially private) data within the agency. Protecting sensitive data requires security and privacy protections at rest, in use, and in transit to ensure the integrity, availability, and confidentiality of data and data assets. The CDM Program employs the DPM capability to help agencies and industry partners strengthen data protections to include identifying sensitive data, classifying data assets based on severity and impact, supporting timely response procedures to notify stakeholders of data breaches or spillage, and more. DPM helps agencies protect sensitive data through five capabilities: data discovery/classification (DATA_DISCOV), data protection (DATA_PROT), data loss prevention (DATA_DLP), data breach/spillage mitigation (DATA_SPIL), and information rights management (DATA _IRM)."
United States. Cybersecurity & Infrastructure Security Agency
2021-05-26?
-
Future of Smart Cities: Cyber-Physical Infrastructure Risk
"The Department of Homeland Security's Office of Cyber and Infrastructure Analysis (DHS/OCIA) produces Infrastructure Risk Assessments to provide an assessment of emerging risks to critical infrastructure. This report addresses how the adoption of and increased reliance on smart technologies may create or increase risks for Smart Cities. This report focuses on the Transportation Systems Sector, the Electricity Subsector within the Energy Sector, and the Water and Wastewater Systems Sector. [...] However, with the introduction of Smart Cities and cyber-physical innovations the vulnerabilities, resulting mitigating factors, and potential consequences for these new technologies are still unclear. As these new cyber-physical devices are introduced to the World the vulnerabilities, risks, threats, and consequences will be better understood. This report summarizes the insights from a technology-informed futures analysis-including a critical look at potential future vulnerabilities as a result of these cyber-physical infrastructure systems become pervasive in Smart Cities. The goal is to help Federal, State and local analysts and planners incorporate anticipatory thinking into Smart City design and continued critical
infrastructure protection efforts relating to this new technology."
United States. Department of Homeland Security
2015-08
-
Proclamation 8573: National Cybersecurity Awareness Month, 2010, October 1, 2010
"America's digital infrastructure is critical to laying the foundation for our economic prosperity, government efficiency, and national security. We stand at a transformational moment in history, when our technologically interconnected world presents both immense promise and potential risks. The same technology that provides new opportunities for economic growth and the free exchange of information around the world also makes possible new threats. During National Cybersecurity Awareness Month, we recognize the risk of cyber attacks and the important steps we can take to strengthen our digital literacy and cybersecurity. America relies on our digital infrastructure daily, and protecting this strategic asset is a national security priority. My Administration is committed to advancing both the security of our informational infrastructure and the cutting- edge research and development necessary to meet the digital challenges of our time. Earlier this year, we marked the one-year anniversary of my Administration's thorough review of Federal efforts to defend our Nation's information technology and communications infrastructure. We must continue to work closely with a broad array of partners--from Federal, State, local, and tribal governments to foreign governments, academia, law enforcement, and the private sector--to reduce risk and build resilience in our shared critical information and communications infrastructure. […] NOW, THEREFORE, I, BARACK OBAMA, President of the United States of America, by virtue of the authority vested in me by the Constitution and the laws of the United States, do hereby proclaim October 2010 as National Cybersecurity Awareness Month. I call upon the people of the United States to recognize the importance of cybersecurity and to observe this month with activities, events, and trainings that will enhance our national security and resilience."
United States. Office of the Federal Register
Obama, Barack
2010-10-01
-
FY 2002 Annual Report to Congress on Combating Terrorism
"This is the fourth annual Report on Combating Terrorism. It provides funding and programmatic information on the Federal government's efforts to combat terrorist activity both domestically and overseas, including defense against terrorist incidents involving weapons of mass destruction (WMD). Unless otherwise noted, funding for both domestic and overseas activities are included in the totals when discussing combating terrorism activities throughout the Report. The Report also provides basic information on efforts to protect critical infrastructure and continuity of operations related to the combating terrorism mission. Critical infrastructures are those physical and cyber-based systems essential to national security, national economic security, and public health and safety. Continuity of operations are those agency activities that ensure the mission essential functions of each agency continue no matter the cause of the disruption, even in the face of a catastrophic event. Because critical infrastructure protection (CIP) and continuity of operations (COOP) encompass the potential threat from equipment failure, human error, weather and natural disasters, and criminal or terrorist attacks, CIP and COOP are considered separate but related missions to combating terrorism. You can find more detail on the government's efforts to protect the nation's critical infrastructures in the Administration's 'National Plan for Information Systems Protection', as well as the forthcoming National Strategies for Homeland Security and Cyber Security."
United States. Office of Management and Budget
2003-06-24
-
Critical Infrastructures: Background, Policy, and Implementation [Updated August 7, 2003]
"The nation's health, wealth, and security rely on the production and distribution of certain goods and services. The array of physical assets, processes and organizations across which these goods and services move are called critical infrastructures (e.g. electricity, the power plants that generate it, and the electric grid upon which it is distributed). Computers and communications, themselves critical infrastructures, are increasingly tying these infrastructures together. There has been growing concern that this reliance on computers and computer networks raises the vulnerability of the nation's critical infrastructures to 'cyber' attacks. On November 22, 2002, Congress passed legislation creating a Department of Homeland Security. The Department consolidates into a single department a number of offices and agencies responsible for implementing various aspects of homeland security. One of the directorates created by the legislation is responsible for Information Analysis and Infrastructure Protection. Issues include whether to segregate cyber protection from physical protection organizationally, mechanisms for sharing information shared between the government and the private sector, costs, the need to set priorities, and whether or not the federal government will need to employ more direct incentives to achieve an adequate level of protection by the private sector and states, and privacy versus protection. This report will be updated as warranted."
Library of Congress. Congressional Research Service
Moteff, John D.
2003-08-07
-
Information Technology: Critical Infrastructure and Key Resources Sector-Specific Plan as input to the National Infrastructure Protection Plan
"Information technology (IT) is central to our Nation's security, economy, and public health and safety. Businesses, governments, academia, and private citizens are increasingly dependent on IT Sector functions and services as are all other critical infrastructure sectors' products and services. The Sector has diverse global operations that are interdependent and interconnected with those of other infrastructure sectors. These operations face numerous, multifaceted, global threats every day. Individual IT Sector entities proactively manage risk to their own operations and those of their customers, through constant monitoring and mitigation activities designed to prevent daily incidents from becoming significant disruptions to national security, the economy, and public health and safety. Although the IT infrastructure has a certain level of inherent resilience, its interdependent and interconnected structure presents challenges and opportunities for coordinating public and private sector preparedness activities. Various efforts championed by the public and private sectors have been undertaken to address infrastructure protection and cyber security. The Homeland Security Act of 2002 required the first-ever all-encompassing coordinated national critical infrastructure and key resources (CI/KR) protection effort. Homeland Security Presidential Directive 7 (HSPD-7) identifies 17 CI/KR sectors, including the IT Sector, and requires Federal agencies, coordinated by the Department of Homeland Security (DHS), to identify, prioritize, and coordinate the protection of the Nation's critical infrastructure. The National Infrastructure Protection Plan (NIPP) and its complementary Sector-Specific Plans (SSP) provide a consistent, unifying structure for integrating existing and future CI/KR protection efforts. They also provide the core processes and mechanisms to enable government and private sector security partners to work together to implement CI/KR protection initiatives."
United States. Department of Homeland Security
2007-05
-
Cybersecurity: Selected Legal Issues [April 17, 2013]
"For many, the Internet has become inextricably intertwined with daily life. Many rely on it to perform their jobs, pay their bills, send messages to loved ones, track their medical care, and voice political opinions, among a host of other activities. Likewise, government and business use the Internet to maintain defense systems, protect power plants and water supplies, and keep other types of critical infrastructure running. Consequently, the federal government's role in protecting U.S. citizens and critical infrastructure from cyber attacks has been the subject of recent congressional interest. This report discusses selected legal issues that frequently arise in the context of legislation to address vulnerabilities of private critical infrastructure to cyber threats, efforts to protect government networks from cyber threats, and proposals to facilitate and encourage sharing of cyber threat information amongst private sector and government entities. This report also provides an overview of the ways in which federal laws of these types may preempt or affect the applicability of state law."
Library of Congress. Congressional Research Service
Liu, Edward C.; Stevens, Gina Marie; Ruane, Kathleen Ann . . .
2013-04-17
-
Cybersecurity: Federal Actions Urgently Needed to Better Protect the Nation's Critical Infrastructure, Statement of Nick Marinos, Director, Information Technology and Cybersecurity, Testimony Before the Committee on Transportation and Infrastructure, House of Representatives
From the Highlights: "Federal agencies and the nation's critical infrastructure--such as transportation systems, energy, communications, and financial services--are dependent on information technology systems to carry out operations. The security of these systems and the data they use is vital to public confidence and national security, prosperity, and wellbeing. GAO [Government Accountability Office] first designated information security as a government-wide high-risk area in 1997. This was expanded to include protecting (1) cyber critical infrastructure in 2003 and (2) the privacy of personally identifiable information in 2015. In 2018, GAO reported that the federal government needed to address four major cybersecurity challenges: (1) establishing a comprehensive cybersecurity strategy and performing effective oversight, (2) securing federal systems and information, (3) protecting cyber critical infrastructure, and (4) protecting privacy and sensitive data."
United States. Government Accountability Office
Marinos, Nick
2021-12-02
-
Cybersecurity: Selected Legal Issues [May 3, 2012]
"For many, the Internet has become inextricably intertwined with daily life. Many rely on it to perform their jobs, pay their bills, send messages to loved ones, track their medical care, and voice political opinions, among a host of other activities. Likewise, government and business use the Internet to maintain defense systems, protect power plants and water supplies, and keep other types of critical infrastructure running. Consequently, the federal government's role in protecting U.S. citizens and critical infrastructure from cyber attacks has been the subject of recent congressional interest. This report discusses selected legal issues that frequently arise in the context of legislation to address vulnerabilities of private critical infrastructure to cyber threats, efforts to protect government networks from cyber threats, and proposals to facilitate and encourage sharing of cyber threat information amongst private sector and government entities. This report also provides an overview of the ways in which federal laws of these types may preempt or affect the applicability of state law."
Library of Congress. Congressional Research Service
Liu, Edward C.; Stevens, Gina Marie; Ruane, Kathleen Ann
2012-05-03
-
Cybersecurity: Clarity of Leadership Urgently Needed to Fully Implement the National Strategy, Report to Congressional Requesters
From the Highlights: "Increasingly sophisticated cyber threats have underscored the need to manage and bolster the cybersecurity of key government systems and the nation's cybersecurity. The risks to these systems are increasing as security threats evolve and become more sophisticated. GAO [Government Accountability Office] first designated information security as a government-wide high-risk area in 1997. This was expanded to include protecting cyber critical infrastructure in 2003 and protecting the privacy of personally identifiable information in 2015. In 2018, GAO noted that the need to establish a national cybersecurity strategy with effective oversight was a major challenge facing the federal government. GAO was requested to review efforts to protect the nation's cyber critical infrastructure. The objectives of this report were to (1) describe roles and responsibilities of federal entities tasked with supporting national cybersecurity, and (2) determine the extent to which the executive branch has developed a national strategy and a plan to manage its implementation."
United States. Government Accountability Office
2020-09
-
Privacy Impact Assessment for the National Cyber Security Division Joint Cybersecurity Services Pilot (JCSP)
"The Department of Homeland Security (DHS) and the Department of Defense (DoD) are jointly undertaking a proof of concept known as the Joint Cybersecurity Services Pilot (JCSP). The JCSP extends the existing operations of the Defense Industrial Base (DIB) Exploratory Cybersecurity Initiative (DIB Opt-In Pilot) and shifts the operational relationship with the CSPs in the pilot to DHS. The JCSP is part of overall efforts by DHS and DoD to enable the provision of cybersecurity capabilities enhanced by U.S. government information to protect critical infrastructure information systems and networks. The purpose of the JCSP is to enhance the cybersecurity of participating DIB critical infrastructure entities and to protect sensitive DoD information and DIB intellectual property that directly supports DoD missions or the development of DoD capabilities from unauthorized access, exfiltration, and exploitation. The National Protection and Programs Directorate (NPPD) is conducting this Privacy Impact Assessment (PIA) on behalf of DHS because some known or suspected cyber threat information shared under the JCSP may contain information that could be considered personally identifiable information (PII)."
United States. Department of Homeland Security. Privacy Office
2012-01-13
-
Review of the Federal Agencies' Implementation of Presidential Decision Directive (PDD) 63 Related to Critical Infrastructure Protection as Submitted to The Honorable Mitchell E. Daniels, Jr., Director, Office of Management and Budget, March 2001
"When signed on May 22, 1998, PDD 63 called for a national effort to assure the security of the nation's critical infrastructures. Under the Directive, the President intends that the United States take all necessary measures to swiftly eliminate any significant vulnerability to both physical and cyber attacks on the nation's critical infrastructures, especially its cyber systems. By May 22, 2003, the United States shall have achieved and shall maintain the ability to protect its critical infrastructures from intentional acts that would significantly diminish the abilities of: The Federal Government to perform essential national security missions and to ensure the general public health and safety; state and local governments to maintain order and to deliver minimum essential public services; and the private sector to ensure the orderly functioning of the economy and the delivery of essential telecommunications, energy, financial, and transportation services. Various laws and regulations have addressed the need to secure our nation's key cyber systems including the Government Information Security Reform Act; the Clinger-Cohen Act; the Computer Security Act; and Appendix III to Office of Management and Budget (OMB) Circular A-130, "Security of Federal Automated Information Resources." PDD 63 complements and expands on those laws and regulations by requiring an independent review of security plans for protecting the nation's critical systems; the identification of minimum essential infrastructure (MEI) critical to the operations of the economy and government, including infrastructure interdependencies; and the assessment of MEI vulnerabilities."
President's Council on Integrity and Efficiency (U.S.); Executive Council on Integrity and Efficiency (U.S.)
2001-03-21
-
NIPP News: February 2011
This edition of the NIPP [National Infrastructure Protection Plan] News contains the following articles: "Critical Infrastructure Activities and Events: "IP's [Infrastructure Protection] Behind-the-Scenes Support for Super Bowl XLV"; "NIAC [National Infrastructure Advisory Council] Releases Two Influential Reports on Resilience"; "IP and George Mason University Launch Joint Initiative on Critical Infrastructure Higher Education Programs"; "Efforts Underway to Develop International Levee Handbook"; "USCG [United States Coast Guard] Cyber Command Addresses Cyber Issues in the Maritime Domain"; "Save the Date for the 2011 Defense Industrial Base Critical Infrastructure Protection Conference"; and "Dams Sector Develops Enhanced Capabilities in Blast Damage Assessment".
United States. Department of Homeland Security. Office of Infrastructure Protection
2011-02
-
Secretary Napolitano Announces New Hiring Authority for Cybersecurity Experts [October 1, 2009]
"Department of Homeland Security (DHS) Secretary Janet Napolitano today kicked off National Cybersecurity Awareness Month by announcing the Department's new authority to recruit and hire cybersecurity professionals across DHS over the next three years-- established to help fulfill the Department's broad mission to protect the nation's cyber infrastructure, systems and networks. 'Effective cybersecurity requires all partners--individuals, communities, government entities and the private sector--to work together to protect our networks and strengthen our cyber resiliency,' said Secretary Napolitano. 'This new hiring authority will enable DHS to recruit the best cyber analysts, developers and engineers in the world to serve their country by leading the nation's defenses against cyber threats.'"
United States. Department of Homeland Security. Press Office
2009-10-01
-
Clarifying Cybersecurity Responsibilities
"This memorandum outlines and clarifies the respective responsibilities and activities of the Office of Management and Budget (OMB), the Cybersecurity Coordinator, and DHS [Department of Homeland Security], in particular with respect to the Federal Government's implementation of the Federal Information Security Management Act of 2002 (FISMA; 44 U.S.C. §§ 3541-3549). Under various national security and homeland security Presidential directives, and pursuant to its statutory authorities, DHS oversees critical infrastructure protection, operates the United States Computer Emergency Readiness Team (US-CERT), oversees implementation of the Trusted Internet Connection initiative, and takes other actions to help secure both the Federal civilian government systems and the private sector. At the same time, OMB has a number of cybersecurity responsibilities, principally in connection with FISMA. The Cybersecurity Coordinator leads the interagency process for cybersecurity strategy and policy development. To clarify and avoid confusion, effective immediately, OMB will be responsible for the submission of the annual FISMA report to Congress, for the development and approval of the cybersecurity portions of the President's Budget, for the traditional OMB budgetary and fiscal oversight of the agencies' use of funds, and for coordination with the Cybersecurity Coordinator on all policy issues related to the prior three responsibilities. The Cybersecurity Coordinator will have visibility into DHS efforts to ensure Federal agency compliance with FISMA and will serve as the principal White House official to coordinate interagency cooperation with DHS cybersecurity efforts."
United States. Office of Management and Budget
Schmidt, Howard A.
2010-07-06
-
Cybersecurity Insurance Workshop Readout Report
"Cybersecurity insurance is designed to mitigate losses from a variety of cyber incidents, including data breaches, network damage, and cyber extortion. The Department of Commerce Internet Policy Task Force has described cybersecurity insurance as a potentially 'effective, market-driven way of increasing cybersecurity' because it may help reduce the number of successful cyber attacks by promoting widespread adoption of preventative measures, encouraging the implementation of best practices by basing premiums on an insured's level of self-protection, and limiting the level of losses that companies face following a cyber attack. Given this hope, many carriers and companies would like the cybersecurity insurance market to expand into new cyber risk areas to cover currently uninsurable risks such as cyber-related critical infrastructure failures, reputational damage, and the value of lost intellectual property and other proprietary data."
United States. Department of Homeland Security
2012-11
-
Federal Laws Relating to Cybersecurity: Discussion of Proposed Revisions [July 25, 2012]
"For more than a decade, various experts have expressed increasing concerns about cybersecurity, in light of the growing frequency, impact, and sophistication of attacks on information systems in the United States and abroad. Consensus has also been building that the current legislative framework for cybersecurity might need to be revised. The complex federal role in cybersecurity involves both securing federal systems and assisting in protecting nonfederal systems. Under current law, all federal agencies have cybersecurity responsibilities relating to their own systems, and many have sector-specific responsibilities for critical infrastructure. More than 50 statutes address various aspects of cybersecurity either directly or indirectly, but there is no overarching framework legislation in place. While revisions to most of those laws have been proposed over the past few years, no major cybersecurity legislation has been enacted since 2002. […] For most of those topics, at least some of the bills addressing them have proposed changes to current laws. Several of the bills specifically focused on cybersecurity have received committee or floor action, but none have become law. Comprehensive legislative proposals on cybersecurity that have received considerable attention in 2012 are The Cybersecurity Act of 2012 (CSA 2012, S. 2105, reintroduced in revised form as S. 3414), recommendations from a House Republican task force, and a proposal by the Obama Administration. They differ in approach, with S. 2105 proposing the most extensive regulatory framework and organizational changes, and the task force recommendations focusing more on incentives for improving private-sector cybersecurity. An alternative to S. 2105 and S. 3414, S."
Library of Congress. Congressional Research Service
Fischer, Eric A.
2012-07-25
-
National Infrastructure Advisory Council (NIAC): Meeting Agenda, November 26, 2002
The following are the Meeting notes for the National Infrastructure Advisory Council (NIAC) on Tuesday, November 26, 2002. The formal opening of the meeting was followed by welcoming remarks, and then by a discussion of NIAC comments on the Draft of the National Strategy to Secure Cyberspace. "Mr. Tritak explained that the objectives of regulation are to ensure the security of cyber systems related to primary matters, and to secure cyber systems to assure the functioning and protection of the critical infrastructures. To protect these cyber systems, one must first determine where the markets will fail and, where there is the potential for failure, regulation should be examined and considered. Another cautionary note raised by the members was that we must be careful to avoid over-regulation, and also must compare how state and local governments interact, including how information to protect vital infrastructures is exchanged throughout the country. In response to a question regarding a member's previous comment on 'deputizing' IT professionals, it was explained that since there are not enough IT professionals in the government, perhaps the government could leverage the private sector to help pursue these issues, help with enforcement, and fill the current void. Mr. Schmidt replied that the Secret Service's new Crime Enforcement program is doing just that."
National Infrastructure Advisory Council (U.S.)
Clarke, Richard A.; Juster, Kenneth I.; Tritak, John S.
2002-11-26
-
Major Federal Legislation: A 'Legal Foundations' Study: Report 6 of 12: Report to the President's Commission on Critical Infrastructure Protection
"Some of the most sweeping Federal legislation relevant to efforts to protect the critical infrastructures was originally conceived, passed into law and implemented long before the proliferation of computer and computer networks, and before the emergence of serious threats to the infrastructures. While the long-standing divisions of authority created by such legislation and the mechanisms that flourished thereunder still appear to be fundamentally sound, some of this legislation may now require modernization so that it may continue to serve its originally intended purpose. Several pieces of legislation that appear relevant to infrastructure assurance objectives were written before the emergence of a recognizable cyber threat. It is not clear whether such authorities would apply, and should apply, to a cyber-related event. Until the dynamics of such a cyber event are better understood, including the necessary response vehicles, sweeping legislative changes would be premature. However, it is nonetheless possible to identify key issues and to make general recommendations to begin the process of incorporating the full range of infrastructure assurance issues within the legislative framework. It is also possible to identify the additional pieces of legislation relevant to achieving infrastructure assurance objectives and consider whether those acts should be amended or revised, or should act as models to guide the implementation of other specific infrastructure assurance objectives."
United States. President's Commission on Critical Infrastructure Protection
1997
-
H. Rept. 108-33: Wastewater Treatment Works Security Act of 2003, Report to Accompany H.R. 866, March 11, 2003
"The Committee on Transportation and Infrastructure, to whom was referred the bill (H.R. 866) to amend the Federal Water Pollution Control Act to enhance the security of wastewater treatment works, having considered the same, report favorably thereon without amendment and recommend that the bill do pass. H.R. 866, the 'Wastewater Treatment Works Security Act of 2003,' amends Title II of the Federal Water Pollution Control Act to authorize grants for enhancing the security of wastewater treatment works. Following the terrorist attacks of September 11, 2001, identification and protection of critical infrastructure have become national priorities. On October 10, 2001, the Subcommittee on Water Resources and Environment held a hearing on the security of infrastructure within the Subcommittee's jurisdiction. At that hearing, the Subcommittee learned that a great deal of planning and protection of critical infrastructure was already underway. In part, this was due to activities under Presidential Decision Directive No. 63, issued in 1998, which established a goal of protection of the nation's critical infrastructure from intentional attacks (both physical attacks and cyber attacks). For example, Sandia National Laboratories has been developing, under a contract with the U.S. Environmental Protection Agency (EPA), a vulnerability assessment tool for drinking water systems. The Federal Bureau of Investigation (FBI) has been developing Information Sharing and Analysis Centers, which have been incorporated into the National Infrastructure Protection Center at FBI Headquarters, to share information on terrorist threats with operators of critical infrastructure."
United States. Government Printing Office
2003-03-11
-
Private Intrusion Response: A 'Legal Foundations' Special Study: Report to the President's Commission on Critical Infrastructure Protection
Private Intrusion Response originated among the studies conducted to prepare reports in the Legal Foundations series to inform the deliberations and recommendations of the President's Commission on Critical Infrastructure Protection (PCCIP). Executive Order 13010 established the President's Commission on Critical Infrastructure Protection (PCCIP) and tasked it with assessing the vulnerabilities or, and threats to, eight ranked critical infrastructures and developing a national strategy for protecting those infrastructures from physical and cyber threats. The Executive Order also required that the PCClP consider the legal and policy issues raised by efforts to protect the critical infrastructures and propose statutory and regulatory changes necessary to effect any subsequent PCCIP recommendations. To respond to the legal challenges posed by efforts to protect critical infrastructures, the PCCIP undertook a variety of activities to formulate options and to facilitate eventual implementation of PCCIP recommendations by the Federal government and the private sector. The PCCIP recognized that the process of infrastructure assurance would require cultural and legal change over time. Thus, these activities were undertaken with the expectation that many would continue past the life of the PCCIP itself.
United States. President's Commission on Critical Infrastructure Protection
1997
