Advanced search Help
Searching for terms: ALL (Cyber AND Infrastructure AND Protection) in: title or summary
Clear all search criteria
Only 2/3! You are seeing results from the Public Collection, not the complete Full Collection. Sign in to search everything (see eligibility).
-
Maximizing the Value of Cyber Threat Information Sharing, Hearing Before the Subcommittee on Cybersecurity and Infrastructure Protection of the Committee on Homeland Security, House of Representatives, One Hundred Fifteenth Congress, First Session, November 15, 2017
This is the November 15, 2017 hearing on "Maximizing the Value of Cyber Threat Information Sharing," held before the Subcommittee on Cybersecurity and Infrastructure Protection of the Committee on Homeland Security. From the opening statement of John Ratcliffe: "The severity of the threats we face in cyber space can't be over-stated. Seemingly, every week there's a new headline about a new breach, a new hack, or a new trove of sensitive information that's been compromised. Or there's a new report highlighting the vulnerabilities of our Government, the private sector, and the American people face from malicious actors. Those on the operational front of cybersecurity know the threat landscape is evolving at every second. In cyber space, it's nearly impossible to concisely declare who the threat actor is, what they're going to do next, and what the cascading effects may be. The industry method is to prioritize, assess the risks that net-works face and prioritize actions to address those risks, and then keep moving down the list. We in the Government must learn from the private sector, assess risks, prioritize mitigation, and keep moving." Statements, letters, and materials submitted for the record include those of the following: Robert K. Knake, Ann Barron-Dicamillo, Patricia Cagliostro, and Robert H. Mayer.
United States. Government Publishing Office
2018
-
Examining DHS's Efforts to Strengthen Its Cybersecurity Workforce, Joint Hearing Before the Subcommittee on Cybersecurity and Infrastructure Protection and the Subcommittee on Oversight and Management Efficiency of the Committee on Homeland Security, House of Representatives, One Hundred Fifteenth Congress, Second Session, March 7, 2018
This document is the March 7, 2018 hearing titled "Examining DHS's Efforts to Strengthen Its Cybersecurity Workforce" before the House Subcommittee on Cybersecurity and Infrastructure Protection and the Subcommittee on Oversight and Management Efficiency of the Committee on Homeland Security. From the opening statement of John Ratcliffe: "Last month, the Government Accountability Office released a report entitled, ''Urgent need for DHS to take actions to identify its position and critical skill requirements.'' The findings are pretty troubling. While DHS has taken actions to idetify, categorize, and assign employment codes to its cybersecurity positions, its efforts have been neither timely, nor complete. Identifying DHS work force capability gaps and recruiting to fill them, is a problem that this committee has long examined. However, GAO found that DHS has not identified its Department-wide security or cybersecurity critical needs. Ensuring that DHS collects complete and accurate data on all filled and vacant cybersecurity positions for identification and coding efforts is a task that DHS must not ignore, nor fail to complete." Statements, letters, and materials submitted for the record include those of the following: John Ratcliffe, Scott Perry, J. Luis Correa, Michael T. McCaul, Bennie G. Thompson, Sheila Jackson Lee, Cedric L. Richmond, Gregory Wilshusen, Angela Bailey, and Rita Moss.
United States. Government Printing Office
2018
-
CDM: Government Perspectives on Security and Modernization, Joint Hearing Before the Subcommittee on Cybersecurity and Infrastructure Protection of the Committee on Homeland Security House of Representatives and the Subcommittee on Information Technology of the Committee on Oversight and Government Reform, House of Representatives, One Hundred Fifteenth Congress, Second Session, March 20, 2018
This is the March 20, 2018 joint hearing on "CDM: Government Perspectives on Security and Modernization," held before the Subcommittee on Cybersecurity and Infrastructure Protection of the Committee on Homeland Security House of Representatives and the Subcommittee on Information Technology of the Committee on Oversight and Government Reform. From the opening statement of John Ratcliffe: "This is the second hearing this year that the Subcommittee on Cybersecurity and Infrastructure Protection has held on the Continuous Diagnostics and Mitigation, or CDM, Program. That is because I see real value in the goals of CDM, not only for cybersecurity but also for improving the efficiency of the information technology across the board. To that end, I am pleased to be holding this hearing today jointly with my good friend from Texas, Congressman Will Hurd, who will be joining us shortly and who has been a leader on IT modernization issues as the Chairman of the Subcommittee on Information Technology. I welcome our friends from the Oversight Committee to the CDM conversation today. I believe that DHS's CDM Program has great potential to drive progress on a number of cybersecurity issues, from network visibility to data-centric security and from the role of increased automation of security tasks to the role of artificial intelligence. So the question that I have for this panel today is what can Congress do to make sure CDM capabilities are being rolled out to keep pace with the evolving threat landscape?" Statements, letters, and materials submitted for the record include those of the following: Max Everett, Scott Blackburn, David Garcia, and Kevin Cox.
United States. Government Publishing Office
2018
-
CDM, the Future of Federal Cybersecurity, Hearing Before the Subcommittee on Cybersecurity and Infrastructure Protection of the Committee on Homeland Security, House of Representatives, One Hundred Fifteenth Congress, Second Session, January 17, 2018
This document is the January 17, 2018 hearing titled "CDM [Continuous Diagnostics and Mitigation], the Future of Federal Cybersecurity" before the House Subcommittee on Cybersecurity and Infrastructure Protection of the Committee on Homeland Security. From the opening statement of John Ratcliffe: "The subcommittee is meeting today to receive testimony regarding the implementation and future of DHS's Continuous Diagnostics and Mitigation, or CDM, program. I now recognize myself for an opening statement. In providing effective cybersecurity, the ability of the Federal enterprise to monitor and assess the vulnerabilities and threats to its networks and systems in real time or as near real time as possible is paramount. This is what the Continuous Diagnostics and Mitigation, or CDM, program at DHS is all about, understanding what and who is on Federal networks so that we can achieve true visibility into the Federal Government's digital ecosystem. Phase 1 of CDM is to provide visibility into Federal networks and information systems by working to identify what was on Federal networks. It was a simple question, really. What hardware and software was on the systems an agency or department was running? This was about taking stock of those internet-connected assets. As DHS has moved through Phase 1, they found an incredible amount of devices connected to our networks that agencies were not previously aware of. How can you protect what you cannot see? How can you modernize your technology if you do not even know what technology you have?" Statements, letters, and materials submitted for the record include those of the following: Frank Dimina, Dan Carayiannis, Gregg T. Mossburg, and A.R. ''Trey'' Hodgkins.
United States. Government Publishing Office
2018
-
GAO High Risk Focus: Cybersecurity, Joint Hearing Before the Subcommittee on Information Technology and the Subcommittee on Government Operations of the Committee on Oversight and Government Reform, House of Representatives, One Hundred Fifteenth Congress, Second Session, July 25, 2018
This is the July 25, 2018 joint hearing on "GAO [Government Accountability Office] High Risk Focus: Cybersecurity," held before the United States House of Representatives Subcommittee on Information Technology and the Subcommittee on Government Operations of the Committee. From the opening statement of Will Hurd: "GAO's newly issued report raises serious concerns about our Nation's ability to confront cybersecurity risk. GAO found key deficiencies that could hinder the government's progress in strengthening the Nation's cyber defenses. For example, GAO found that the Trump administration's plans failed to include basic components needed to carry out a national strategy for protecting critical cyber infrastructure. Among the missing components were details about performance measurements and milestones for determining whether the country's cyber objectives are being met and the resources that would be needed to carry out those objectives. GAO's report highlights the need for the administration to develop and execute a more comprehensive Federal strategy for national cybersecurity and global cyberspace. It underscores the importance of having a cybersecurity coordinator in the White House to develop a more robust cybersecurity strategy for the country." Statements, letters, and materials submitted for the record include those of the following: Gene L. Dodaro and Suzette Kent.
United States. Government Publishing Office
2018
-
Challenges of Recruiting and Retaining a Cybersecurity Work Force, Hearing Before the Subcommittee on Cybersecurity and Infrastructure Protection of the Committee on Homeland Security, House of Representatives, One Hundred Fifteenth Congress, First Session, September 7, 2017
This is the September 7, 2017 hearing on "Challenges of Recruiting and Retaining a Cybersecurity Work Force," held before the Subcommittee on Cybersecurity and Infrastructure Protection of the Committee on Homeland Security. From the opening statement of John Ratcliffe: "Cybersecurity is one of the most daunting National security and economic security challenges of our generation. As our adversaries grow in sophistication, so, too, will the challenges associated with preventing their attacks. [...] Some industry estimates are that 53 percent of organizations now experience delays of 6 months or longer to find qualified cyber-security candidates. We know that the entire industry is facing an unprecedented shortage of cybersecurity workers at all levels of competency, from front-line defenders to CIOs [Chief Information Officer]. It is against this backdrop that the Department of Homeland Security must compete with the private sector to recruit and retain the best talent possible in order to carry out its cybersecurity mission and to protect our critical infrastructure. Unfortunately, DHS's issues are compounded by the additional hiring challenges often felt by the Federal Government. DHS must work to overcome slow hiring processes and work force supply and pipeline issues in order to build the essential work force required to meet its cyber mission. DHS must strategically plan for the training, recruitment, and the retention of its cybersecurity work force." Statements, letters, and materials submitted for the record include those of the following: Frederick R. Chang, Scott Montgomery, Michael Papay, and Juliet 'Jules' Okafor.
United States. Government Publishing Office
2018
-
EMR-ISAC: InfoGram, Volume 17 Issue 51, December 21, 2017
The Emergency Management and Response Information Sharing and Analysis Center's (EMR-ISAC) InfoGram is a weekly publication of information concerning the protection of critical infrastructures relevant to members of the Emergency Services Sector. This issue includes the following articles: "Hepatitis concerns for first responders"; "DEA releases 2017 National Drug Threat Assessment Report"; "New Blue Alerts warn of threats to law enforcement"; and "Testing reveals cybersecurity issues in 32 out of 33 public safety apps."
Emergency Management and Response-Information Sharing and Analysis Center (U.S.)
2017-12-21
-
Cyber Federalism: Defining Cyber's Jurisdictional Boundaries
From the thesis abstract: "Cybersecurity was once a federal government responsibility because cyber had limited impact on state and local entities, but today's cyber risks to critical infrastructure and public services affect all levels of government. This thesis explores the current state of cybersecurity in the United States and examines what role each level of government--federal, state, and local--should play in protecting against and responding to a significant cyber incident. It evaluates current state and local cyber capabilities and outlines the capabilities these governments must develop to play a larger role in this growing homeland security mission. The research concludes that state and local governments should have an important role in cyber preparedness and cyber incident response, but many of these entities lack the capabilities necessary to play a meaningful role. Furthermore, current policies fail to provide clear jurisdictional boundaries between levels of government. Therefore, this thesis recommends that the nation develop a legal framework to improve jurisdictional boundaries, prioritize cyber investments at the state and local level, and improve cyber education. These steps will strengthen state sovereignty and improve the nation's cyber posture."
Naval Postgraduate School (U.S.); Naval Postgraduate School (U.S.). Center for Homeland Defense and Security
Rosner, Eric
2017-12
-
Vulnerabilities Equities Policy and Process for the United States Government
From the Purpose: "This document describes the Vulnerabilities Equities Policy and Process for departments and agencies of the United States Government (USG) to balance equities and make determinations regarding disclosure or restriction when the USG obtains knowledge of newly discovered and not publicly known vulnerabilities in information systems and technologies. The primary focus of this policy is to prioritize the public's interest in cybersecurity and to protect core Internet infrastructure, information systems, critical infrastructure systems, and the U.S. economy through the disclosure of vulnerabilities discovered by the USG, absent a demonstrable, overriding interest in the use of the vulnerability for lawful intelligence, law enforcement, or national security purposes."
United States. White House Office
2017-11-15
-
EMR-ISAC: InfoGram, Volume 17 Issue 44, November 2, 2017
The Emergency Management and Response Information Sharing and Analysis Center's (EMR-ISAC) InfoGram is a weekly publication of information concerning the protection of critical infrastructures relevant to members of the Emergency Services Sector. This issue includes the following articles:"Truck ramming attacks appeal in their simplicity and success"; "SOP guidance and a new final standard for sUAS operations"; "Training and resources for cybersecurity professionals"; and "Assisting victims of violent crime".
Emergency Management and Response-Information Sharing and Analysis Center (U.S.)
2017-11-02
-
H. Rept. 115-376: NIST Cybersecurity Framework, Assessment, and Auditing Act of 2017, Report Together with Minority Views to Accompany H.R. 1224, Including Cost Estimate of the Congressional Budget Office, October 31, 2017
From Purpose and Summary: "H.R. 1224, the NIST Cybersecurity Framework, Assessment, and Auditing Act of 2017, implements key ideas to help strengthen Federal government cybersecurity. The bill promotes the federal use of the National Institute of Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity, and establishes a federal working group to develop quantifiable metrics to compile information about the effectiveness of the NIST Cybersecurity Framework in protecting federal information and information systems. H.R. 1224 also directs NIST to complete an initial assessment of the cybersecurity preparedness of priority federal agencies and prepare a needs-based audit plan in advance of carrying out individual cybersecurity audits of each federal agency to determine the extent to which each agency is meeting the information security standards developed by NIST. H.R. 1224 further directs NIST to establish a schedule such that agencies are either audited annually or biennially depending on their information security risk. H.R. 1224 requires a report of each audit to be submitted to the Office of Management and Budget (OMB), the Office of Science and Technology Policy (OSTP), the U.S. Government Accountability Office (GAO), the agency being audited, the agency's Office of Inspector General if it has one, and Congress, including the House Science, Space, and Technology Committee and the Senate Committee on Commerce, Science, and Transportation."
United States. Government Publishing Office
2017-10-31
-
Critical Infrastructure Protection: DHS Risk Assessments Inform Owner and Operator Protection Efforts and Departmental Strategic Planning, Report to Congressional Requesters
"The nation's critical infrastructure includes cyber and physical assets and systems across 16 different sectors whose security and resilience are vital to the nation. The majority of critical infrastructure is owned and operated by the private sector. Multiple federal entities, including DHS, work with infrastructure owners and operators to assess their risks. GAO [Government Accountability Office] was asked to review DHS's risk assessment practices for critical infrastructure. This report describes:(1) DHS's risk assessment practices in 3 of 16 critical infrastructure sectors and private sector representatives' views on the utility of this risk information, and (2) how this risk information influences DHS's strategic planning and private sector outreach. GAO selected 3 of 16 sectors-Critical Manufacturing; Nuclear Reactors, Materials, and Waste; and Transportation Systems-to examine based on their varied regulatory structures and industries. GAO reviewed DHS guidance related to infrastructure protection, the QHSR [Quadrennial Homeland Security Review] and DHS Strategic Plan, and plans for the selected critical infrastructure sectors. GAO interviewed DHS officials responsible for critical infrastructure risk assessments, and the owner and operator representatives who serve as chairs and vice-chairs of coordinating councils for the 3 selected sectors. Information from the 3 sectors is not generalizable to all 16 sectors but provides insight into DHS's risk management practices. GAO provided a draft of this report to DHS and relevant excerpts to the council representatives interviewed during this review. Technical comments provided were incorporated as appropriate."
United States. Government Accountability Office
2017-10-30
-
Department of Homeland Security: Strategic Plan on Infrastructure Protection Assessments (Fiscal Year 2016 Report to Congress)
"DHS NPPD [National Protection and Programs Directorate] conducts voluntary security assessments and analyses of the Nation's critical infrastructure. Within NPPD, IP [Infrastructure Protection] carries out assessments, supported by Office of Cyber and Infrastructure Analysis (OCIA) analyses, both of which support risk-informed decision-making by critical infrastructure owners and operators, as well as federal, state, local, tribal, and territorial partners. These initiatives address objectives in homeland security legislation, policy, and doctrine, including the National Infrastructure Protection Plan. To develop the 3-year strategic plan for assessments, NPPD assessed the current or 'as-is' state of the assessment program by evaluating maturity across five program domains, defined a desired 'to-be' state for program maturity, and identified goals and objectives for closing gaps between the current and desired states. This work was informed by extensive engagement with key stakeholders, including interviews with nearly 100 partners, as well as three planning workshops. The resulting 3-year strategic plan enables NPPD to transition the assessment program into a more mature phase that operates with a clearly defined vision or strategic intent, and that better supports data needs for analyses. [...] The strategic intent and approach for the assessment program over the next 3 years will increase the comprehensiveness of the national approach to infrastructure risk management, building beyond the identification and securing of critical assets. This strategic plan serves as the foundation for identifying and prioritizing further steps toward achieving national infrastructure risk management goals through adjustments to the assessment program."
United States. Department of Homeland Security
2017-10-25
-
H. Rept. 115-356, Part 1: Strengthening Cybersecurity Information Sharing and Coordination in Our Ports Act of 2017, Report to Accompany H.R. 3101, Including Cost Estimate of the Congressional Budget Office, October 19, 2017
From Purpose and Summary: "H.R. 3101 requires the Secretary of Homeland Security to develop and implement a maritime risk assessment model that focuses on cybersecurity vulnerabilities at our Nation's ports. This bill also requires the Secretary to seek participation of information sharing and analysis organizations and the National and Area Maritime Security Advisory Committees in analyzing the cybersecurity risks in the maritime domain and addressing the cyber vulnerabilities at each port. The United States Coast Guard is the government agency responsible for the physical security of our Nation's port infrastructure, but their authority for cyber security is less clear. Under the Maritime Transportation Security Act (MTSA) of 2002 (Public Law 107-295), the U.S. Coast Guard was granted responsibility for the protection of 'communication systems,' including information that flows through the Marine Transportation System, but does not clearly spell out the Coast Guard's responsibility for cybersecurity at ports. This bill removes this ambiguity by including cybersecurity as an enumerated responsibility under MTSA. While this bill clarifies that the Coast Guard is the appropriate agency for reviewing cybersecurity in the maritime domain, the Committee believes the Coast Guard should coordinate with other DHS entities as appropriate."
United States. Government Publishing Office
2017-10-19
-
EMR-ISAC: InfoGram, Volume 17 Issue 41, October 12, 2017
The Emergency Management and Response Information Sharing and Analysis Center's (EMR-ISAC) InfoGram is a weekly publication of information concerning the protection of critical infrastructures relevant to members of the Emergency Services Sector.This issue includes the following articles: "The Looming Flu Pandemic"; "Fatality Management After a Disaster"; "Nationwide Cyber Security Review Tool for SLTT Governments"; and "Webinar: Law Enforcement Operations on the Fireground".
Emergency Management and Response-Information Sharing and Analysis Center (U.S.)
2017-10-12
-
EMR-ISAC: InfoGram, Volume 17 Issue 40, October 05, 2017
The Emergency Management and Response Information Sharing and Analysis Center's (EMR-ISAC) InfoGram is a weekly publication of information concerning the protection of critical infrastructures relevant to members of the Emergency Services Sector.This issue includes the following articles: "Review of active shooter resources and training"; "TRACIE resources page for mass violence incidents"; "MS-ISAC provides cybersecurity help to SLTT governments"; and "National Fire Prevention Week: focus on escape planning."
Emergency Management and Response-Information Sharing and Analysis Center (U.S.)
2017-10-05
-
Congressional Budget Office Cost Estimate: H.R. 3359: Cybersecurity and Infrastructure Security Agency Act of 2017
"H.R. 3359 would rename the National Protection and Programs Directorate (NPPD) of the Department of Homeland Security (DHS) as the Cybersecurity and Infrastructure Security Agency. The bill also would consolidate certain missions of NPPD under two divisions: the Cybersecurity Division and the Infrastructure Security Division. Based on information from DHS, CBO [Congressional Budget Office] has concluded that the requirements in the bill would not impose any new operating requirements on the agency. On that basis, CBO estimates that implementing H.R. 3359 would have a negligible effect on the federal budget."
United States. Congressional Budget Office
2017-09-05
-
Cybersecurity for Energy Delivery Systems: DOE Programs [August 28, 2017]
"The Department of Energy (DOE) is the lead agency for the protection of electric power, oil, and natural gas infrastructure--cooperating with the Department of Homeland Security, the lead agency for pipelines. DOE's cybersecurity activities are led by its Office of Electricity Delivery and Energy Reliability (OE) and structured around three areas: (1) cybersecurity preparedness, (2) cyber incident response and recovery, and (3) research, development, and demonstration. Although nominally applicable to energy delivery systems across the electric power, oil and natural gas, and pipeline sectors, OE's cybersecurity activities to date appear to have been focused primarily on the grid. Publicly available examples of DOE-supported activities specifically focused on pipeline cybersecurity are limited. Rather, pipeline cybersecurity efforts appear to be included as part of broader national cybersecurity efforts."
Library of Congress. Congressional Research Service
Parfomak, Paul W.; Jaikaran, Chris; Campbell, Richard J.
2017-08-28
-
Report to the Commission to Assess the Threat to the United States from Electromagnetic Pulse (EMP) Attack: Chairman's Report
"The United States critical national infrastructure faces a present and continuing existential threat from combined-arms warfare, including cyber and manmade electromagnetic pulse (EMP) attack, and natural EMP from a solar superstorm. [...] Protecting and defending the national electric grid and other critical infrastructures from EMP can be accomplished at reasonable cost and minimal disruption to the present systems that comprise our critical infrastructure; all commensurate with Trump Administration plans to repair and improve U.S. infrastructures, increase their reliability, and strengthen our homeland defense and military capability."
Commission to Assess the Threat to the United States from Electromagnetic Pulse (EMP) Attack
Graham, William Robert, 1937-
2017-07
-
Assessing the Threat from Electromagnetic Pulse (EMP): Executive Report
"The critical national infrastructure in the United States faces a present and continuing existential threat from combined-arms warfare, including cyber and manmade electromagnetic pulse (EMP) attack, as well as from natural EMP from a solar superstorm. [...] Protecting and defending the national electric grid and other critical infrastructures from cyber and EMP could be accomplished at reasonable cost and minimal disruption to the present systems that comprise U.S. critical infrastructure."
Commission to Assess the Threat to the United States from Electromagnetic Pulse (EMP) Attack
2017-07
-
Cyber Infrastructure Protection, Volume III
"We have achieved great advancement in computing systems in both hardware and software and their security. On the other hand, we still see massive cyberattacks that result in enormous data losses. Recent attacks have included sophisticated cyberattacks targeting many institutions, including those who provide management and host the core parts of Internet infrastructure. The number and types of attacks, the duration of attacks, and their complexity are all on the rise. The Cyber Infrastructure Protection (CIP) colloquium for the academic year 2015-16 was focused on strategy and policy directions relating to cyberspace; and how those directions should deal with the fastpaced, technological evolution of that domain. [...] This book is a follow-on to our earlier two books published in 2011 and 2013 respectively; and offers a detailed look at various aspects of cybersecurity. The chapters in this book are the result of invited presentations in a 1-day conference on cybersecurity that was held at the City University of New York (CUNY), City College, on October 15, 2015. A key contribution of this book is that it provides an integrated framework and a comprehensive view of the various cyber infrastructure protection (CIP) approaches. The book is divided into three main parts: Part I addresses policy and strategy for cybersecurity and cybercrime; Part II focuses on the cybersecurity of smart cities; and, Part III discusses cyber infrastructure security and technical issues. We strongly recommend this book for policymakers and researchers."
Army War College (U.S.). Strategic Studies Institute
Saadawi, Tarek Nazir, 1951-; Colwell, John D., Jr.
2017-06
-
EMR-ISAC: InfoGram, Volume 17 Issue 21 [May 25, 2017]
The Emergency Management and Response Information Sharing and Analysis Center's (EMR-ISAC) InfoGram is a weekly publication of information concerning the protection of critical infrastructures relevant to members of the Emergency Services Sector. This issue includes the following articles: "Using Secure Incident Response Data in the Field," "EMS Week Recognizes Those Always in Service," "Healthcare Public Health Cybersecurity Resources," and "Webinar: Scene Safety in EMS Operations."
Emergency Management and Response-Information Sharing and Analysis Center (U.S.)
2017-05-25
-
Department of Homeland Security Appropriations for Fiscal Year 2018, Subcommittee of the Committee on Appropriations, U.S. Senate, May 25, 2017
This is the May 25, 2017 hearing titled "Department of Homeland Security Appropriations for Fiscal Year 2018" before the Senate Subcommittee of the Committee on Appropriations. From the opening statement of John Boozman: "The Department of Homeland Security plays a pivotal role in keeping Americans safe by working to combat terrorism, manage our air, land, and sea borders, administer our immigration laws, secure critical cyber assets, and prepare for and respond to disasters. The tragic events in Manchester, England earlier this week remind us of why we must focus on the serious challenge of securing our homeland. [...] Your budget proposes increased funding for Customs and Border Protection and Immigration and Customers Enforcement, for both manpower and infrastructure, to continue to reduce illegal border crossings. [...] Another key component to securing our borders is the United States Coast Guard, which this budget generally supports. [...] I am pleased to see that the request has prioritized funding for all four phases of the Continuous Diagnostics and Mitigation program. Other Federal agencies must move past the initial CDM [Continuous Diagnostics and Mitigation] kick-start provided by the Department and begin properly budgeting for their own investment and utilization of this system in order to realize its full benefit." Statements, letters, and materials submitted for the record include those of the following: John Kelly.
United States. Government Publishing Office
2017-05-25
-
Cybersecurity: Critical Infrastructure Authoritative Reports and Resources [April 21, 2017]
"Presidential Decision Directive 63, or PDD-63, identified activities whose critical infrastructures should be protected: information and communications; banking and finance; water supply; aviation, highways, mass transit, pipelines, rail, and waterborne commerce; emergency and law enforcement services; emergency, fire, and continuity of government services; public health services; electric power, oil and gas production; and storage. In addition, the PDD identified four activities in which the federal government controls the critical infrastructure: (1) internal security and federal law enforcement; (2) foreign intelligence; (3) foreign affairs; and (4) national defense. In February 2013, the Obama Administration issued PPD-21, Critical Infrastructure Security and Resilience, which superseded HSPD-7 issued during the George W. Bush Administration. PPD-21 made no major changes in policy, roles and responsibilities, or programs, but did order an evaluation of the existing public-private partnership model, the identification of baseline data and system requirements for efficient information exchange, and the development of a situational awareness capability. PPD-21 also called for an update of the National Infrastructure Protection Plan, and a new Research and Development Plan for Critical Infrastructure, to be updated every four years.This report serves as a starting point for congressional staff assigned to cover cybersecurity issues as they relate to critical infrastructure. Much is written about protecting U.S. critical infrastructure, and this CRS report directs the reader to authoritative sources that address many of the most prominent issues."
Library of Congress. Congressional Research Service
Tehan, Rita
2017-04-21
-
Survivability Through Optimizing Resilient Mechanisms (Storm)
"Game theory provides a rich mathematical tool to analyze conflict within strategic interactions and thereby gain a deeper understanding of cyber security issues. Theoretical constructs or mathematical abstractions provide a rigorous scientific basis for cyber security because they allow for reasoning quantitatively about cyber-attacks. Game theory is the branch of applied mathematics that formalizes strategic interaction among intelligent rational agents. The level of sophistication of recent cyber-attacks justifies our assumption of attacker rationality and thus the need of an intelligent defence mechanism based on game theory. This work has applied game theory to numerous cyber security problems: cloud security, cyber threat information sharing, survivability, hardware Trojans, critical infrastructure protection, Online Social Network (OSN), and cyber security monitoring. When appropriate, we have expanded game theoretic frameworks to apply contract theory, prospect theory and evolutionary game theory (to account for limited rationality), and machine learning when there is little information about attackers' strategies and payoffs"
Air Force Research Laboratory (Wright-Patterson Air Force Base, Ohio)
Kamhoua, Charles
2017-04
-
Information Security: DHS Needs to Continue to Advance Initiatives to Protect Federal Systems, Statement of Gregory C. Wilshusen, Director, Information Security Issues, Testimony Before the Subcommittee on Cybersecurity and Infrastructure Protection, Committee on Homeland Security, House of Representatives
From the Highlights: "Cyber-based intrusions and attacks on federal systems are evolving and becoming more sophisticated. GAO [Government Accountability Office] first designated information security as a government-wide high-risk area in 1997. This was expanded to include the protection of cyber critical infrastructure in 2003 and protecting the privacy of personally identifiable information in 2015. DHS plays a key role in strengthening the cybersecurity posture of the federal government. Among other things, DHS has initiatives for (1) detecting and preventing malicious cyber intrusions into agencies' networks and (2) deploying technology to assist agencies to continuously diagnose and mitigate cyber threats and vulnerabilities. This statement provides an overview of GAO's work related to DHS's efforts to improve the cybersecurity posture of the federal government. In preparing this statement, GAO relied on previously published work, as well as information provided by DHS on its actions in response to GAO's previous recommendations. In a January 2016 report, GAO made nine recommendations related to expanding NCPS's [National Cybersecurity Protection System] capability to detect cyber intrusions; notifying customers of potential incidents; providing analytic services; and sharing cyber-related information, among other things. DHS concurred with the recommendations and is taking actions to implement them."
United States. Government Accountability Office
Wilshusen, Gregory C.
2017-03-28
-
EMR-ISAC: InfoGram, Volume 17 Issue 12 [March 23, 2017]
The Emergency Management and Response Information Sharing and Analysis Center's (EMR-ISAC) InfoGram is a weekly publication of information concerning the protection of critical infrastructures relevant to members of the Emergency Services Sector. This issue includes the following articles: "Diesel Exhaust and Firefighter Health," "New Patient Movement and Tracking Resources," "VALOR for Blue's Casualty Care Training Module," and "National Cyber Incident Response Plan Webinars."
Emergency Management and Response-Information Sharing and Analysis Center (U.S.)
2017-03-23
-
EMR-ISAC: InfoGram, Volume 17 Issue 11 [March 16, 2017]
The Emergency Management and Response Information Sharing and Analysis Center's (EMR-ISAC) InfoGram is a weekly publication of information concerning the protection of critical infrastructures relevant to members of the Emergency Services Sector. This issue includes the following articles: "Cyber Best Practices for Emergency Services," "The Balance Between Building Security & Safety," "Attack Overseas Concerning for Hospital Security," and "Stop the Bleed Program and Webinar."
Emergency Management and Response-Information Sharing and Analysis Center (U.S.)
2017-03-16
-
Cybersecurity White Paper [March 10, 2017]
From the Introduction: "Cyber security is a very serious and ubiquitous issue affecting public safety and infrastructure protection. Some potential vulnerability areas will be flagged here without detailed articulation of threat surfaces, assessment of capability of adversaries, detection and mitigation techniques and gaps in protection tools and techniques. An adequate treatment will need discussions and expositions at the classified level. For the DHS mission it is clear that any adequate safeguards will need the collaboration of industry and especially partner agencies both in the technologies they have and will develop/ed and also their in-place capabilities in the field. DHS only has been and will be able to work on a small subset of these security technologies and deploy limited infrastructures."
United States. Department of Homeland Security. Science and Technology Directorate
Chan, Vincent W.; Collie, Byron; Crowell, William P. . . .
2017-03-10
-
States of Cybersecurity: Electricity Distribution System Discussions
From the Executive Summary: "State and local entities that oversee the reliable, affordable provision of electricity are faced with growing and evolving threats from cybersecurity risks to our nation's electricity distribution system. All-hazards system resilience is a shared responsibility among electric utilities and their regulators or policy-setting boards of directors. Cybersecurity presents new challenges and should be a focus for states, local governments, and Native American tribes that are developing energy-assurance plans to protect critical infrastructure. This research sought to investigate the implementation of governance and policy at the distribution utility level that facilitates cybersecurity preparedness to inform the U.S. Department of Energy (DOE), Office of Energy Policy and Systems Analysis; states; local governments; and other stakeholders on the challenges, gaps, and opportunities that may exist for future analysis."
National Renewable Energy Laboratory (U.S.)
Pena, Ivonne; Ingram, Michael; Martin, Maurice
2017-03