Presentation is loading. Please wait.

Presentation is loading. Please wait.

Understanding Technology Stakeholders: Their Progress and Challenges John M. Gilligan www.gilligangroupinc.com Software Assurance Forum November 4, 2009.

Published byDaisy Cain Modified over 8 years ago

Similar presentations

Presentation on theme: "Understanding Technology Stakeholders: Their Progress and Challenges John M. Gilligan www.gilligangroupinc.com Software Assurance Forum November 4, 2009."— Presentation transcript:

1 Understanding Technology Stakeholders: Their Progress and Challenges John M. Gilligan www.gilligangroupinc.com Software Assurance Forum November 4, 2009

2 Topics Historical Perspectives Cyber Security Threats--A National Crisis Cyber Security Commission Recommendations Near Term Opportunities Longer-Term Game Changing Initiatives Closing Thoughts 2

3 Historical Perspectives Internet, software industry, (personal) computers—rooted in creativity not engineering Security in the Cold War Era –Security “Gurus”—Keepers of the Kingdom The World Wide Web changes the security landscape-- forever Post Cold War: The Age of Information Sharing 3 Legacy of the past is now our “Achilles Heel”

4 Cyber Security Threats Today— A New “Ball Game” Our way of life depends on a reliable cyberspace Intellectual property is being downloaded at an alarming rate Cyberspace is now a warfare domain Attacks increasing at an exponential rate Fundamental network and system vulnerabilities cannot be fixed quickly Entire industries exist to “Band Aid” over engineering and operational Cyber Security is a National Security Crisis! 4

5 Commission Cyber Security for the 44 th Presidency: Key Recommendations Create a comprehensive national security strategy for cyberspace Lead from the White House Reinvent public-private partnerships Regulate cyberspace Modernize authorities Leverage government procurement (Supply Chain Risk Management) Build on recent progress with CNCI (comprehensive national cyber-security initiative) 5

6 Use Government IT Procurement Cyber security needs to be reflected in our contractual requirements Many “locked down” configuration defined Use government-industry partnership to accelerate implementation of secure configurations Get started now, improve configuration guidelines over time and leverage SCAP! 6 Build on FDCC Successes and Lessons Learned

7 Longer-Term: IT Reliably Enabling Economy Change the dialogue: Reliable, resilient IT is fundamental to future National Security and Economic Growth New business model for software industry Redesign the Internet Get the “man out of the loop”—use automated tools (e.g., SCAP) Develop professional cyberspace workforce Foster new IT services models Need to Fundamentally “Change the Game” to Make Progress 7

8 Security Content Automation Protocol (SCAP) What is it: A set of open standards that allows for the monitoring, positive control, and reporting of security posture of every device in a network. How is it implemented: Commercial products implement SCAP protocols to exchange and enforce configuration, security policy, and vulnerability information. Where is it going: Extensions in development to address software design weaknesses, attack patterns, and malware attributes. 8 SCAP Enables Automated Tools To Implement And Enforce Secure Operations

9 Consensus Audit Guide (CAG) What is it: 20 key actions (called security “controls”) that organizations must take if they hope to block or mitigate top known attacks. How is it implemented: (Mostly) automated means used to implement and continuously enforce/monitor controls. Consensus Audit Guidelines permits organizations to prioritize security implementation and continuously enforce controls 9

10 Summary of Ideas for this Technology Working Group How do we make measurable progress in improving security? How do we assess the effectiveness of security tools? How do we change the software industry to produce reliable and secure products? It is time to get off the treadmill and start making measurable progress in securing our systems! 10

11 Closing Thoughts Government and Industry need to treat cyber security as an urgent priority Near-term actions important but need to fundamentally change the game to get ahead of threat IT community needs to reorient the dialogue on cyber security—the objective is reliable and resilient information Cyber Security in DoD is more mature—but still woefully inadequate 11 Cyber Security is Fundamentally a Leadership Issue!

12 Contact Information jgilligan@gilligangroupinc.com www.gilligangroupinc.com John M. Gilligan 12

Download ppt "Understanding Technology Stakeholders: Their Progress and Challenges John M. Gilligan www.gilligangroupinc.com Software Assurance Forum November 4, 2009."

Similar presentations

Stop. Think. Connect. National Cybersecurity Awareness Campaign October 2010.

Stop. Think. Connect. National Cybersecurity Awareness Campaign October 2010.
ICANN Plan for Enhancing Internet Security, Stability and Resiliency.

ICANN Plan for Enhancing Internet Security, Stability and Resiliency.
Cyber Defence Data Exchange and Collaboration Infrastructure (CDXI)

Cyber Defence Data Exchange and Collaboration Infrastructure (CDXI)
AFCEA DC Cyber Security Symposium Military Joint Cyber Command Panel Harry Raduege Lieutenant General, USAF (Ret) Chairman, Center for Network Innovation.

AFCEA DC Cyber Security Symposium Military Joint Cyber Command Panel Harry Raduege Lieutenant General, USAF (Ret) Chairman, Center for Network Innovation.
1 SANS Technology Institute - Candidate for Master of Science Degree 1 Automating Crosswalk between SP 800, 20 Critical Controls, and Australian Government.

1 SANS Technology Institute - Candidate for Master of Science Degree 1 Automating Crosswalk between SP 800, 20 Critical Controls, and Australian Government.
Federal Desktop Core Configuration and the Security Content Automation Protocol Peter Mell, National Vulnerability Database National Institute of Standards.

Federal Desktop Core Configuration and the Security Content Automation Protocol Peter Mell, National Vulnerability Database National Institute of Standards.
Private Sector Perspectives on Federal Financial Systems Modernization and Shared Services.

Private Sector Perspectives on Federal Financial Systems Modernization and Shared Services.
SAFE Blueprint and the Security Ecosystem. 2 Chapter Topics  SAFE Blueprint Overview  Achieving the Balance  Defining Customer Expectations  Design.

SAFE Blueprint and the Security Ecosystem. 2 Chapter Topics  SAFE Blueprint Overview  Achieving the Balance  Defining Customer Expectations  Design.
1 Moderated by Gordon Gillerman National Institute of Standards & Technology November 10, 2010 Ninth Annual ANSI-HSSP Plenary: U.S. European Collaboration.

1 Moderated by Gordon Gillerman National Institute of Standards & Technology November 10, 2010 Ninth Annual ANSI-HSSP Plenary: U.S. European Collaboration.
David A. Brown Chief Information Security Officer State of Ohio

David A. Brown Chief Information Security Officer State of Ohio
Cyber Security and the Smart Grid George W. Arnold, Eng.Sc.D. National Institute of Standards and Technology (NIST) U.S. Department of Commerce

Cyber Security and the Smart Grid George W. Arnold, Eng.Sc.D. National Institute of Standards and Technology (NIST) U.S. Department of Commerce
National Protection and Programs Directorate Department of Homeland Security The Office of Infrastructure Protection Cybersecurity Brief [Date of presentation]

National Protection and Programs Directorate Department of Homeland Security The Office of Infrastructure Protection Cybersecurity Brief [Date of presentation]
Cyber Security: Past and Future John M. Gilligan CERT’s 20 th Anniversary Technical Symposium Pittsburgh, PA www.gilligangroupinc.com March 10, 2009.

Cyber Security: Past and Future John M. Gilligan CERT’s 20 th Anniversary Technical Symposium Pittsburgh, PA March 10, 2009.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Interstate Natural Gas Association of America INGAA Action Plan to Build Confidence in Pipeline Safety INGAA Integrity Management Continuous Improvement.

Interstate Natural Gas Association of America INGAA Action Plan to Build Confidence in Pipeline Safety INGAA Integrity Management Continuous Improvement.
1 Federal Communications Commission Public Safety and Homeland Security Bureau NARUC Summer Committee Meetings Dallas, Texas July 13, 2014 Clete D. Johnson.

1 Federal Communications Commission Public Safety and Homeland Security Bureau NARUC Summer Committee Meetings Dallas, Texas July 13, 2014 Clete D. Johnson.
SECR 5140-FL Critical Infrastructure Protection Dr. Barry S. Hess Spring 2 Semester Week 3: 1 April 2006.

SECR 5140-FL Critical Infrastructure Protection Dr. Barry S. Hess Spring 2 Semester Week 3: 1 April 2006.
Cyber Security: Threats and Needed Actions John M. Gilligan www.gilligangroupinc.com Research Board September 17, 2009.

Cyber Security: Threats and Needed Actions John M. Gilligan Research Board September 17, 2009.
Solving the CIO’s Cybersecurity Dilemma: 20 Critical Controls for Effective Cyber Defense John M. Gilligan www.gilligangroupinc.com National Summit on.

Solving the CIO’s Cybersecurity Dilemma: 20 Critical Controls for Effective Cyber Defense John M. Gilligan National Summit on.
Higher Education Cybersecurity Strategy, Programs, and Initiatives Rodney Petersen Policy Analyst & Security Task Force Coordinator EDUCAUSE.

Higher Education Cybersecurity Strategy, Programs, and Initiatives Rodney Petersen Policy Analyst & Security Task Force Coordinator EDUCAUSE.

Similar presentations

Ads by Google