Advanced search Help
Searching for terms: ALL (Cyber AND Policy) in: title or summary
Clear all search criteria
Only 2/3! You are seeing results from the Public Collection, not the complete Full Collection. Sign in to search everything (see eligibility).
-
International Cybersecurity Strategy: Deterring Foreign Threats and Building Global Cyber Norms, Hearing Before the Subcommittee on East Asia, the Pacific, and International Cybersecurity Policy of the Committee on Foreign Relations, United States Senate, One Hundred Fourteenth Congress, Second Session, May 25, 2016
This is a testimony compilation of the May 25, 2016 hearing "International Cybersecurity Strategy: Deterring Foreign Threats and Building Global Cyber Norms" held before the Senate Committee on Foreign Relations. From the testimony of Christopher Painter: "As reflected in the Strategy we provided to Congress last month, the Department of State structures its cyberspace diplomacy in close cooperation with our interagency partners -- including the Departments of Justice, Commerce, Defense, Homeland Security, and Treasury, and the Intelligence Community -- around the following interrelated, dynamic, and cross-cutting policy pillars drawn from the President's International Strategy for Cyberspace: digital economy; international security; promoting cybersecurity due diligence; combating cybercrime; Internet governance; Internet freedom; and international development and capacity building, as well as cross-cutting issues such as countering the use of the Internet for terrorist purposes. In addition, as we noted, the Department actively is mainstreaming cyberspace issues into its foreign diplomatic engagements and building the necessary internal capacity." Statements, letters, and materials submitted for the record include those of the following: Christopher Painter.
United States. Congress. Senate. Committee on Foreign Relations
2016-05-25
-
Report of the Reserve Forces Policy Board on Department of Defense Cyber Approach: Use of the National Guard and Reserve in the Cyber Mission Force
From the Document: "On June 5, 2013, in response to the growing national dependence on computer network technologies and increasing threats to our national security emanating from the cyber domain, the Reserve Forces Policy Board [RFPB] established a Task Group to examine the Department's current path in developing its organizations, policies, doctrine and practices for conducting defensive and offensive cyber operations. The Task Group was further directed to comment on force mix between active, reserve, and civilian personnel and Reserve Component [RC] organizations needed to meet the DoD strategy. The RFPB met on June 4, 20 14 and voted to make four recommendations. The recommendations are listed below with each expanded upon in the attached report: Recommendation #1- Include Reserve Components in Cyber Mission Force requirements in order to leverage RC reduced cost, civilian/AC [Active Component] acquired skill/experience, continuity and longevity. Recommendation #2- As part of a Total Force solution, re-evaluate the composition, size and force mix of the planned Cyber Mission Force by FY 2017, and refine as needed based on changing threats, team effectiveness, capability, required capacity and cost. Recommendation #3 - The Department of Defense should study, and then assign executive responsibility to a single Service for the full range of joint cyber training. Recommendation #4- Recruit highly skilled members via a professional accessions and retention program to fill both AC and RC requirements within the Cyber Mission Force."
United States. Reserve Forces Policy Board
Punaro, Arnold L.
2014-08-19
-
Refining United States Policy On Offensive Cyber Operations
"This paper examines United States and international policy related to offensive cyber warfare, specifically cyber exploitation and cyber attack. Current domestic and international policies lack mechanisms to classify offensive cyber operations into any discernable categories other than 'hostile acts'. Recent cyber-attacks demonstrate how this policy void leads to stark differences in the ways nations perceive the role of the Internet and acceptable conduct in the cyber domain. Moreover, opaque national cyber policies increase the risk states will misinterpret each other's intentions and actions, leading to inadvertent conflict escalation. This current policy framework is insufficient to promote international norms or deter adversaries from conducting offensive cyber operations against U.S. networks. This paper advocates using a three variable approach to classify cyber operations based on the actor, the target, and the effect. Examining each variable in depth shows how this classification system would affect broader changes to U.S. and international cyber policy. This new approach could clarify guidance for the United States'own actions, encourage stability, and promote effective responses to a range of threats from a variety of actors."
Air University (U.S.). Air Command and Staff College
Johnson, Max C.
2014-12
-
Computer Attack and Cyber Terrorism: Vulnerabilities and Policy Issues for Congress [October 17, 2003]
This report discusses possible cyber capabilities of terrorists and sponsoring nations, describes how computer security vulnerabilities might be exploited through a cyber terror attack, and raises some potential issues for Congress. This report presents a working definition for the term "cyber terrorism," plus background information describing how current technology and management processes may leave computers exposed to cyber attack, and a discussion of possible effects of a cyber attack. Potential issues for Congress are presented in the second section, including: whether appropriate guidance exists for a DOD information warfare response to a cyber attack; whether the need to detect possible cyber terrorist activity interferes with individual privacy; whether the roles and responsibilities for protecting against a possible cyber terrorist attack need more clarity for government, industry, and home users; and, whether information sharing on cyber threats and vulnerabilities must be further increased between private industry and the federal government. The final section describes possible policy options for improving protection against threats from possible cyber terrorism. Appendices to this report explain technologies underlying computer viruses, worms, and spyware, how these malicious programs enable cyber crime and cyber espionage, and how tactics currently used by computer hackers might also be employed by terrorists while planning a possible cyber terror attack.
Library of Congress. Congressional Research Service
Wilson, Clay
2003-10-17
-
United States Cybersecurity Strategy, Policy, and Organization: Poorly Postured to Cope with a Post-9/11 Security Environment?
From the thesis abstract: "Is United States cybersecurity strategy, policy, and organization postured to cope with the post-9/11 security environment? Through an exhaustive review of recurring and stand-alone strategic cybersecurity strategy and policy documents and a detailed assessment of the United States cyber organization within the Department of Homeland Security, Department of Defense, and Department of Justice, the United States is indeed vulnerable to a cyber attack. Despite the recent emphasis on cyber attacks against private and governmental organizations, the genesis of American interest and awareness of cyber threats began during the Clinton Administration. Unfortunately, the quest for improved cybersecurity has experienced uneven progress. Cybersecurity strategy, policy and organization have undergone numerous changes, and each change has attempted to adapt to the dynamic nature of cyberspace. While progress has been made on many fronts, cybersecurity strategy, policy, and organization has not incorporated some of the lessons the Intelligence Community learned from the 9/11 experience. Because of this shortfall, the United States is potentially vulnerable to a devastating cyber attack."
U.S. Army Command and General Staff College
Tirrell, William K.
2012-12-14
-
H.A.S.C. No. 115-97: Hearing on National Defense Authorization Act for Fiscal Year 2019 and Oversight of Previously Authorized Programs, Before the Committee on Armed Services, House of Representatives, One Hundred Fifteenth Congress, Second Session, Subcommittee on Emerging Threats and Capabilities, Hearing on a Review and Assessment of the Department of Defense Budget, Strategy, Policy, and Programs for Cyber Operations and U.S. Cyber Command for Fiscal Year 2019, April 11, 2018
This is the April 11, 2018 hearing titled "A Review and Assessment of the Department of Defense Budget, Strategy, Policy, and Programs for Cyber Operations and U.S. Cyber Command for Fiscal Year 2019" held before the House Committee on Armed Services. From the opening statement of Elise M. Stefanik: "Welcome, everyone, to today's hearing of the Emerging Threats and Capabilities Subcommittee on the posture of cyber operations and U.S. Cyber Command [CYBERCOM] for fiscal year [FY] 2019." Statements, letters, and materials submitted for the record include those of the following: Kenneth P. Rapuano and Michael S. Rogers.
United States. Government Publishing Office
2019
-
Shadows of Stuxnet: Recommendations for U.S. Policy on Critical Infrastructure Cyber Defense Derived from the Stuxnet Attack
From the thesis abstract: "In June 2012, the worldwide cyber security landscape changed when the presence of a new and sophisticated malware, later dubbed 'Stuxnet,' was discovered in the computers of an Iranian nuclear facility. The malware was a cyber weapon, programmed to destroy the industrial machinery utilized for uranium enrichment. Stuxnet was soon dissected and diagnosed as a pioneering and politically motivated cyber attack that successfully infiltrated a high-security, government-run critical infrastructure and destroyed its physical property with computer code. The potential consequences of a similar attack on vulnerable U.S. critical infrastructures could be devastating. This thesis begins with a review of the evolution of U.S. policy related to the cyber defense of critical infrastructures. It then examines the critical infrastructure sectors within the United States, its dependency on computer technology, and the potential consequences of cyber attacks. A detailed case study of the Stuxnet attack follows, along with an analysis of the lessons learned from Stuxnet. The thesis concludes with specific policy improvement recommendations for the United States under three major themes: enhancing national unity of effort, expansion of cyber security coordination between the private and government sectors, and incentivizing private-sector compliance with best practices in cyber security."
Naval Postgraduate School (U.S.); Naval Postgraduate School (U.S.). Center for Homeland Defense and Security
Lendvay, Ronald L.
2016-03
-
Cyber Operations in DOD Policy and Plans: Issues for Congress [January 5, 2015]
"This report presents an overview of the threat landscape in cyberspace, including the types of offensive weapons available, the targets they are designed to attack, and the types of actors carrying out the attacks. It presents a picture of what kinds of offensive and defensive tools exist and a brief overview of recent attacks. The report then describes the current status of U.S. capabilities, and the national and international authorities under which the U.S. Department of Defense carries out cyber operations. Of particular interest for policy makers are questions raised by the tension between legal authorities codified at 10 U.S.C. [US Code], which authorizes U.S. Cyber Command to initiate computer network attacks, and those stated at 50 U.S.C., which enables the National Security Agency to manipulate and extrapolate intelligence data--a tension that Presidential Policy Directive 20 on U.S. Cyber Operations Policy manages by clarifying the Pentagon's rules of engagement for cyberspace. With the task of defending the nation from cyberattack, the lines of command, jurisdiction, and authorities may be blurred as they apply to offensive and defensive cyberspace operations. A closely related issue is whether U.S. Cyber Command should remain a sub-unified command under U.S. Strategic Command that shares assets and its commander with the NSA [National Security Agency]. Additionally, the unique nature of cyberspace raises new jurisdictional issues as U.S. Cyber Command organizes, trains, and equips its forces to protect the networks that undergird critical infrastructure. International law governing cyberspace operations is evolving, and may have gaps for determining the rules of cyberwarfare, what constitutes an 'armed attack' or 'use of force' in cyberspace, and what treaty obligations may be invoked."
Library of Congress. Congressional Research Service
Theohary, Catherine A.; Harrington, Anne I.
2015-01-05
-
U.S. Policy Response to Cyber Attack on SCADA Systems Supporting Critical National Infrastructure
"This paper discusses federal efforts to unify the public and private domestic sectors in the defense against cyber attack on the industrial control systems (ICS) and supervisory control and data acquisition (SCADA) systems that underpin US critical national infrastructure, to offer policy recommendations for synchronizing foreign and domestic cybersecurity efforts, and to realize a resilient and secure infrastructure. The paper intends to provide a policy-level rather than technically-focused discussion. The research was conducted using open-source methods with an intentional focus on US government and media perspectives found in the public record. That is where US international and domestic policies truly take shape. The discussion begins with an examination of what constitutes critical national infrastructure and the roles of ICS and SCADA systems within it. The paper then describes the panoply of actors, vulnerabilities, late-to-need cybersecurity, and threat trends. The examination also touches on the political and social challenges in achieving greater cybersecurity, and then shifts to a description of how the US government divides efforts among its lead cybersecurity agencies and what responses to a cyber attack on ICS or SCADA might look like. The discussion finishes with recommendations for strengthened international consensus on norms for state behavior, formalized public-private relationships, and interagency efforts to realize a more secure and resilient national infrastructure. Actions on many of these recommendations are under way now in dynamic virtual and policy environments, but their momentum should not diminish or the United States risks ceding its strategic power and security."
Air University (U.S.). Air Force Research Institute
Weed, Scott A.
2017-05
-
Cyberspace as a Complex Adaptive System and the Policy and Operational Implications for Cyber Warfare
"The overall implication of depicting cyberspace as a complex, adaptive ecosystem is that it provides an avenue for further insight and understanding of the complexities associated with operating in cyberspace. This renewed reality highlights a source of vulnerability, a potential threat to national security, due to the intermixing of public and private infrastructure and the reliance of the United States Government (USG) on infrastructure owned and operated by the private sector. The fact that most, if not all, of the underlying infrastructure for seamless cyber interactions are controlled and managed by non-state entities means that the USG most recognize the power of the private sector in cyberspace. This represents a disturber of the familiar international order because the major actor that constitutes and defines international relations (the state) is not able to control cyberspace or to insulate itself from the implications of the new cyber realities. This recognition suggests that adopting a policy position that is primarily offensive in nature better serves the US, especially in regards to the protection of the cyber ecosystems of the private sector. Specifically it proposes that offensive cyber attacks should not be limited to only the authorized entities of the United States military, but should be expanded to include authorized entities in the private sector. Central to this proposition is the introduction of a new element of operational art specific to the cyber realm to guard against unintended consequences--the operational art element of precision."
U.S. Army Command and General Staff College. School of Advanced Military Studies
Olagbemiro, Albert O.
2014-05-22
-
Cyberspace as a Complex Adaptive System and the Policy and Opertional Implications for Cyber Warfare
From the thesis abstract: "The overall implication of depicting cyberspace as a complex, adaptive ecosystem is that it provides an avenue for further insight and understanding of the complexities associated with operating in cyberspace. This renewed reality highlights a source of vulnerability, a potential threat to national security, due to the intermixing of public and private infrastructure and the reliance of the United States Government (USG) on infrastructure owned and operated by the private sector. The fact that most, if not all, of the underlying infrastructure for seamless cyber interactions are controlled and managed by non-state entities means that the USG most recognize the power of the private sector in cyberspace. This represents a disturber of the familiar international order because the major actor that constitutes and defines international relations (the state) is not able to control cyberspace or to insulate itself from the implications of the new cyber realities. This recognition suggests that adopting a policy position that is primarily offensive in nature better serves the US, especially in regards to the protection of the cyber ecosystems of the private sector. Specifically it proposes that offensive cyber attacks should not be limited to only the authorized entities of the United States military, but should be expanded to include authorized entities in the private sector. Central to this proposition is the introduction of a new element of operational art specific to the cyber realm to guard against unintended consequences--the operational art element of precision."
U.S. Army Command and General Staff College. School of Advanced Military Studies
Olagbemiro, Albert O.
-
S. Hrg. 115-181: Cyber Strategy, Policy and Organization, Hearings Before the Committee on Armed Services, United States Senate, One Hundred Fifteenth Congress, First Session, March 2 and May 11, 2017
This is the March 2 and May 11, 2017 hearings titled "Cyber Strategy, Policy and Organization" held before the Senate Committee on Armed Services. From the opening statement of John McCain: "As cyber threats have evolved rapidly, our legal frameworks have failed to catch up, and this is just one of a long list of basic cyber questions we as a nation have yet to answer. What is our theory of cyber deterrence, and what is our strategy to implement it? Is our government organized appropriately to handle this threat, or are we so stovepiped that we cannot deal with it effectively? Who is accountable for this problem, and do they have sufficient authorities to deliver results? Are we in the Congress just as stovepiped on cyber as the executive branch such that our oversight actually reinforces problems rather than helping to resolve them? Do we need to change how we are organized?" Statements, letters, and materials submitted for the record include those of the following: Keith B. Alexander, Craig I. Fields, James N. Miller, Matthew C. Waxman, James R. Clapper Jr., James G. Stavridis, and Michael V. Hayden.
United States. Government Publishing Office
2019
-
Next Steps on U.S. Policy Toward North Korea, Hearing Before the Subcommittee on East Asia, the Pacific, and International Cybersecurity Policy of the Committee on Foreign Relations, United States Senate, One Hundred Fifteenth Congress, Second Session, June 5, 2018
This is the June 5, 2018 hearing "Next Steps on U.S. Policy Toward North Korea" held before the Subcommittee on East Asia, the Pacific, and International Cybersecurity Policy of the Senate Committee on Foreign Relations. From the opening statement of Cory Gardner: "Over the last three decades, North Korea has built the world's largest illicit arsenal of mass destruction, including nuclear, ballistic missile, biological, chemical, and radiological weapons programs. According to intelligence assessments, North Korea is getting dangerously close to a viable intercontinental ballistic missile capability that can threaten the United States mainland. North Korea remains the world's most brutal violator of human rights, with up to 200,000 men, women, and children in gulag-style detention camps. A landmark 2014 United Nations Human Rights Report said that the regime is conducting genocide against its own people. Despite the grave threat the regime has posed, when I came to the Senate in 2015, few were focused on the North Korea problem set. [...] It was Congress that took the lead and recognized that, without an immediate change in U.S. policy and a robust global pressure campaign, we could never gain the necessary leverage to force the regime to change course and to denuclearize." Statements, letters, and materials submitted for the record include those of the following: Joseph Y. Yun and Victor Cha.
United States. Government Publishing Office
2020
-
Assessing the Maximum Pressure and Engagement Policy Toward North Korea, Hearing Before the Subcommittee on East Asia, the Pacific, and International Cybersecurity Policy of the Committee on Foreign Relations, United States Senate, One Hundred Fifteenth Congress, First Session, July 25, 2017
This is the July 25, 2017 hearing on "Assessing the Maximum Pressure and Engagement Policy Toward North Korea," held before the U.S. Senate Subcommittee on East Asia, the Pacific, and International Cybersecurity Policy of the Committee on Foreign Relations. From the opening statement of Cory Gardner: "North Korea has emerged as the most urgent national security challenge for the U.S. and our allies in East Asia. Secretary Mattis has said North Korea is the most urgent and dangerous threat to peace and security. Admiral Gortney, the former commander of U.S. Northern Command, stated that the Korean Peninsula is at its most unstable point since 1953, when the Armistice was signed." Statements, letters, and materials submitted for the record include those of the following: Susan A. Thornton, Bruce Klingner, and Leon V. Sigal.
United States. Government Publishing Office
2020
-
U.S. Policy Toward North Korea After the Second Summit, Hearing Before the Subcommittee on East Asia, the Pacific, and International Cybersecurity Policy of the Committee on Foreign Relations, United States Senate, One Hundred Sixteenth Congress, First Session, March 26, 2019
This is the March 26, 2019 hearing on "U.S. Policy Toward North Korea After the Second Summit," held before the U.S. Senate Subcommittee on East Asia, the Pacific, and International Cybersecurity Policy of the Committee on Foreign Relations. From the opening statement of Cory Gardner: "While there has been no missile or nuclear testing for 15 months--that is a very good thing--North Korea still remains a nuclear threat to the United States and our allies. This incontrovertible fact was most recently confirmed by the administration's own 2019 Worldwide Threat Assessment released by the Director of National Intelligence on January 29th. The summit pageantry has also not resulted in any significant changes in North Korea's atrocious human rights record. For the Kim regime, it's a time of choosing: continue the failed game plan of father and grandfather or open a new chapter of opportunity." Statements, letters, and materials submitted for the record include those of the following: Victor Cha and Kelly Magsamen.
United States. Government Publishing Office
2020
-
Offensive Cyber Operations: The Need for a Policy to Contend with the Future
"The United States is in a unique position in the world to capitalize on a globally interconnected information and communications infrastructure which is ingrained into every corner of society and provides a conduit for public safety, the economy, and national security. Technology drives change and the evolution of daily interactions and offers endless opportunities, but these are fraught with vulnerabilities. Make no mistake that cyberspace, while not new, is the battlefield for future conflict. [...] The United States requires offensive cyber capabilities, and the doctrine and the theory to guide their employment. [...] There are numerous policy documents and senior administration statements that relate to cyberspace defense, but there has been a deafening silence with regard to offensive cyber capabilities. The United States has been averse to discuss offensive cyber operations in the public domain and has rarely spoken about such operations for fear of leading to an escalation of cyberattacks. The time has come for the United States to declare that it will conduct offensive cyber operations."
Joint Forces Staff College (U.S.)
Sidari, Brian D.
2016-06-10
-
Serial No. 114-106: Cyber War: Definitions, Deterrence, and Foreign Policy, Hearing Before the Committee on Foreign Affairs, U.S. House of Representatives, One Hundred Fourteenth Congress, First Session, September 30, 2015
This is the September 30, 2015 hearing "Cyber War: Definitions, Deterrence, and Foreign Policy" held before the House Committee on Foreign Affairs. From the opening statement of presiding chair Matt Salmon: "This morning we will consider the growing threats to U.S. national security in cyberspace. It is no exaggeration to say that we are at the dawn of a new age of warfare. Computers and the Internet have connected people around the world. However, reliance on these technologies has also made us vulnerable to cyber attacks from other countries, terrorists, and criminals. So much so that the Pentagon now counts cyberspace as the fifth domain of warfare alongside land, air, sea, and space. Whether or not an all-out cyber war occurs, it is clear that we are in a state of ongoing cyber conflict. The White House, the State Department, and the Department of Defense have all been hacked, and, of course, the Office of Personnel Management had the sensitive information of more than 21 million Americans compromised. […] Our top intelligence officer told Congress earlier this month that the U.S. lacks both the substance and the mind-set to deterrence. Indeed, last spring the President issued an Executive order that would allow him to target individuals or organizations deemed responsible for computer attacks, but this new order, similar to the way in which terrorists of nuclear proliferators are targeted, has yet to be used. So the President's recent comment that offense is moving faster than defense is putting it mildly." Statements, letters, and materials submitted for the record include those of the following: James Andrew Lewis, Catherine Lotrionte, and Bob Butler.
United States. Government Publishing Office
2015
-
Fact Sheet: Executive Order on Cybersecurity / Presidential Policy Directive on Critical Infrastructure Security and Resilience
"Critical infrastructure -- both physical and cyber -- is the backbone of America's national security and economic prosperity. The Nation's critical infrastructure is diverse and complex. It includes distributed networks, varied organizational structures and operating models (including multi-national ownership), interdependent functions and systems in both physical space and cyberspace, and governance constructs that involve multi-level authorities, responsibilities, and regulations. Critical infrastructure faces a variety of risks to its security and ability to function, including manmade acts of terror, extreme weather events, other natural disasters and cyber attacks. Our country's reliance on cyber systems to run everything from power plants to pipelines and hospitals to highways has increased dramatically, and our infrastructure is more physically and digitally interconnected than ever. Yet for all the advantages interconnectivity offers, critical infrastructure is also increasingly vulnerable to attack from an array of cyber threats. It is imperative that we, as a country, take more action to strengthen our national policy on critical infrastructure security and resilience, and that includes measures to strengthen cybersecurity. Because the majority of our critical infrastructure is owned and operated by private companies, the public and private sectors have a shared responsibility to reduce the risks to critical infrastructure through a stronger partnership."
United States. Department of Homeland Security. Press Office
2013-02-13
-
S. Hrg. 114-725: U.S. Policy Options in the South China Sea, Hearing Before the Subcommittee on East Asia, the Pacific and International Cybersecurity Policy of the Committee on Foreign Relations, United States Senate, One Hundred Fourteenth Congress, Second Session, July 13, 2016
This is the July 13, 2016 hearing on "U.S. Policy Options in the South China Sea," held before the Subcommittee on East Asia, the Pacific, and International Cyber Security. From the statement of Cory Gardner: "In the last several years, China has significantly upped the ante and undertaken a massive effort to reclaim a number of disputed features in the South China Sea and to militarize these features. According to the Department of Defense, since Chinese land reclamation efforts began in December 2013, China has reclaimed more than 2,900 acres of land and has deployed artillery, aircraft, runways, and buildings, and positioned radars and other equipment. While the United States is not directly a party to this dispute and takes no position on the sovereignty claims among the various claimants, this ruling is important to our national security for several reasons. First, the South China Sea is one of the most strategically important commercial waterways in the world. Almost 30 percent of the world's maritime trade transits the South China Sea annually, including approximately $1.2 trillion in shipborne trade and shipborne trade bound for the United States. Second, the ruling reinforces the rights of our military to operate freely in the region, utilizing our longstanding international rights of innocent passage and transit on the high seas, the rights long established by international law. " Statements, letters, and materials submitted for the record include those of the following: Dennis C. Blair and Kurt M. Campbell.
United States. Government Publishing Office
2017
-
Department of Energy Policy 205.1: Departmental Cyber Security Management Policy
This Department of Energy (DOE) policy document discusses the objectives, guiding principles, and core functions "to be used to consistently implement cyber security management throughout the DOE/NNSA [National Nuclear Security Administration] complex. The mechanisms, responsibilities, and implementation components are established for all electronic systems and will vary based on specific risk assessments, which will include any specific threats, vulnerabilities, and criticality of the electronic information, electronic information systems, and missions they support."
United States. Department of Energy
2001-05-08
-
Critical Infrastructure Protection: Efforts of the Financial Services to Address Cyber Threats, Report to the Subcommittee on Domestic Monetary Policy, Technology, and Economic Growth, Committee on Financial Services, House of Representatives
"Since 1998, the federal government has taken steps to protect the nation's critical infrastructures, including developing partnerships between the public and private sectors. These cyber and physical public and private infrastructures, which include the financial services sector, are essential to national security, economic security, and/or public health and safety. GAO [Government Accountability Office] was asked to review (1) the general nature of the cyber threats faced by the financial services industry; (2) steps the financial services industry has taken to share information on and to address threats, vulnerabilities, and incidents; (3) the relationship between government and private sector efforts to protect the financial services industry's critical infrastructures; and (4) actions financial regulators have taken to address these cyber threats. GAO recommends that Treasury (1) coordinate with the industry in its efforts to update the sector's strategy and establish detailed plans for implementing it and (2) assess the need for public policy tools to assist the industry. In comments on a draft of this report, Treasury recognized the need to continue to work with the sector to increase its resiliency, including consideration of appropriate incentives. Other agencies and private sector entities provided technical comments, which were addressed as appropriate."
United States. General Accounting Office
2003-01
-
H.A.S.C. No. 113-87: Information Technology and Cyber Operations: Modernization and Policy Issues in a Changing National Security Environment, Hearing Before U.S. House of Representatives Committee on Armed Services, Subcommittee on Intelligence, Emerging Threats and Capabilities, One Hundred Thirteenth Congress, Second Session, March 12, 2014
This is from the March 12, 2014 hearing on "Information Technology [IT] and Cyber Operations" held before the U.S. House Subcommittee on Intelligence, Emerging Threats and Capabilities. This hearing discusses topics related to IT and cyber operations, including the work and accomplishments of United States Cyber Command (USCYBERCOM) and IT modernization and policy. Statements, letters, and materials submitted for the record include those of the following: James R. Langevin, Mac Thornberry, Keith Alexander and Teresa Takai.
United States. Government Printing Office
2014
-
Presidential Policy Directive 41: Directive on United States Cyber Incident Coordination
"This Presidential Policy Directive (PPD) sets forth principles governing the Federal Government's response to any cyber incident, whether involving government or private sector entities. For significant cyber incidents, this PPD also establishes lead Federal agencies and an architecture for coordinating the broader Federal Government response. This PPD also requires the Departments of Justice and Homeland Security to maintain updated contact information for public use to assist entities affected by cyber incidents in reporting those incidents to the proper authorities."
United States. White House Office
Obama, Barack
2016-07-26
-
China Challenge, Hearings Before the Subcommittee on East Asia, the Pacific, and International Cyber Security Policy of the Committee on Foreign Relations, United States Senate, One Hundred Fifteenth Congress, Second Session, July 24, September 5, and December 4, 2018
These are the July 24, September 5 and December 4, 2018 hearings titled "China Challenge," held before the Senate Subcommittee on East Asia, the Pacific, and International Cyber Security Policy of the Committee on Foreign Relations. From the opening statement of Cory Gardner: "Let me welcome you all to the eighth hearing for the Senate Foreign Relations Subcommittee on East Asia, The Pacific, and International Cybersecurity Policy in the 115th Congress. This hearing will be the first hearing in a three-part series of hearings titled 'The China Challenge,' and it will examine how the United States should respond to the challenge of a rising China that seeks to upend and supplant the U.S.-led liberal world order. The Trump administration has been clear on the scope of the problem and gravity of the challenge before us. According to the National Security Strategy, for decades U.S. policy was rooted in the belief that support for China's rise and for its integration into the post-war international order would liberalize China. Contrary to our hopes, China expanded its power at the expense of the sovereignty of others." Statements, letters, and materials submitted for the record include those of the following: Dan Blumenthal, Ely Ratner, Oriana Skylar Mastro, Abraham M. Denmark, Scott Busby, Laura Stone, and Gloria Steele.
United States. Government Publishing Office
2020
-
Cyber Strategy and Policy, Hearing Before the Committee on Armed Services, United States Senate, One Hundred Fifteenth Congress, First Session, March 2, 2017
This testimony compilation made by the HSDL staff is from the March 2, 2017 hearing, "Cyber Strategy and Policy," before the United States Senate Committee on Armed Services. The purpose of this hearing was to discuss U.S. cyber policy and strategy. Statements, letters, and materials submitted for the record include those of the following: Keith B. Alexander, Craig I. Fields, James N. Miller, and Matthew C. Waxman.
United States. Congress. Senate. Committee on Armed Services
2017-03-02
-
H.A.S.C. No. 113-17: Information Technology and Cyber Operations: Modernization and Policy Issues to Support the Future Force, Hearing Before the Subcommittee on Intelligence, Emerging Threats and Capabilities of the Committee on Armed Services, House of Representatives, One Hundred Thirteenth Congress, First Session, Hearing Held March 13, 2013
This is the March 13, 2013 hearing on "Information Technology and Cyber Operations: Modernization and Policy Issues to Support the Future Force," held before the U.S. House Committee on Armed Services, Subcommittee on Intelligence, Emerging Threats and Capabilities. From the opening statement of James R. Langevin: "I want to thank our witnesses for appearing before the subcommittee today. This is obviously an important hearing as our national security is dependent on our information systems, and those networks are critical to all aspects of our defense. Yet, one only needs to look at recent headlines, even of the day, to understand the unrelenting and sophisticated threats that we face in the cyber domain. Now we continue to see just how vulnerable such networks are in other sectors of our society, at a potential cost of billions lost to cybercrime, and we know our defense networks are at even greater risk. So obviously, though, they must be fail-proof and secure. Now we are still waiting for this year's budget, but I believe it is safe to say that IT [information technology] represents a large piece, $33 billion last year for that matter, and that is a significant figure. And we must be ever mindful of our responsibility to make the most effective use of taxpayer's investments in these capabilities. Now we are aware that the Department has experienced some challenges in acquiring certain IT systems and services in the past. So today, I would like to hear what steps we are taking to tackle those challenges in order to get the connectivity we need at a reasonable price." Statements, letters, and materials submitted for the record include those of the following: James R. Langevin, Mac Thornberry, Keith B. Alexander, Elizabeth A. McGrath, Teresa M. Takai, and Trent Franks.
United States. Government Printing Office
2013
-
S. Hrg. 114-714: Persistent Threat of North Korea and Developing an Effective U.S. Response, Hearing Before the Subcommittee on East Asia, the Pacific and International Cybersecurity Policy of the Committee on Foreign Relations, United States Senate, One Hundred Fourteenth Congress, Second Session, September 28, 2016
This is the September 28, 2016 hearing on "Persistent Threat of North Korea and Developing an Effective U.S. Response" held before the U.S. Senate Subcommittee on East Asia, the Pacific and International Cybersecurity Policy of the Committee on Foreign Relations. From the statement of Cory Gardner: "The rapid advancement of North Korea's nuclear and ballistic missile program represents a grave threat to global peace and stability and a direct threat to the United States homeland in the immediate future. [...] We are now witnessing the consequences of that failure. Nuclear experts have reported that North Korea may currently have as many as 20 nuclear warheads and has the potential to possess as many as 100 warheads within the next 5 years. [...] According to a recent report by the Center for Strategic International Studies, North Korea is emerging as a significant actor in cyberspace with both its military and clandestine organizations gaining the ability to conduct cyber operations. [...] The gravity of the North Korean threat necessitates these conversations, both to guide the actions of this administration, as well as to set parameters for the next administration." Statements, letters, and materials submitted for the record include those of the following: Daniel Fried and Daniel R. Russel.
United States. Government Publishing Office
2017
-
Annex to Presidential Policy Directive 41: Federal Government Coordination Architecture for Significant Cyber Incidents
"This annex to PPD--41, United States Cyber Incident Coordination Policy, provides further details concerning the Federal Government coordination architecture for significant cyber incidents and prescribes certain implementation tasks."
United States. White House Office
Obama, Barack
2016-07-26
-
S. Hrg. 114-398: United States Cybersecurity Policy and Threats, Hearing Before the Committee on Armed Services, United States Senate, One Hundred Fourteenth Congress, First Session, September 29, 2015
This is the September 29, 2015 hearing held before the Senate Committee on Armed Services entitled "United States Cybersecurity Policy and Threats." From the opening statement of committee chairman John McCain: "We meet at a critical time for the defense of our nation from cyberattacks. In just the past year, the United States has been attacked in cyberspace by Iran, North Korea, China, and Russia. Indeed, since our last cyber hearing in March, these attacks have only increased, crippling or severely disrupting networks across the government and private sector and compromising sensitive national security information. Recent attacks against the Joint Chiefs of Staff, the Pentagon, and the Office of Personnel Management are just the latest examples of the growing boldness of our adversaries and their desire to push the limits of acceptable behavior in cyberspace. New intrusions, breaches, and hacks are occurring daily." Statements, letters, and materials submitted for the record include those of the following: "James Clapper, Robert Work, and Michael Rogers.
United States. Government Publishing Office
2015-09-29
-
ARIA (Asia Reassurance Initiative Act) in Action, Part 1: Human Rights, Democracy, and the Rule of Law Part 2: The Benefits of Economic Diplomacy Part 3: Implementation and the Indo-Pacific Strategy, Hearings Before the Subcommittee on East Asia, the Pacific, and International Cyber Security Policy of the Committee on Foreign Relations, United States Senate, One Hundred Sixteenth Congress, First Session, April 9, May 23, and October 16, 2019
This is the April 9, May 23, and October 16, 2019 hearing on "ARIA (Asia Reassurance Initiative Act) in Action," held before the U.S. Senate Subcommittee on East Asia, the Pacific, and International Cyber Security Policy of the Committee on Foreign Relations. From the Opening Statement of Cory Gardner: "This hearing will be the first hearing in a three-part series to examine the implementation of the Asia Reassurance Initiative Act, or ARIA, which Senator Markey and I led in the 115th Congress and which was signed into law on December 31st, 2018. Today's hearing is focused on human rights, democracy, and the rule of law in the Indo-Pacific region, an essential component, building block component of ARIA and an urgent priority for U.S. policy in the region." Statements, letters, and materials submitted for the record include those of the following: Rushan Abbas, Bhuchung Tsering, Tun Khin, David Stilwell, Randall Schriver, Gloria Steele, Carlyle
Currier, Matthew Goodman, and Joanna Lewis.
United States. Government Publishing Office
2020
