Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cybersecurity & Technology

Published byTamsin Williamson Modified over 6 years ago

Similar presentations

Presentation on theme: "Cybersecurity & Technology"— Presentation transcript:

1 Cybersecurity & Technology
CWAG Cybersecurity & Technology Forum Cybersecurity Policy in 2017 February 2 Park City Chris Boyer Assistant VP - Global Public Policy

2 AT&T’s approach to network security
24/7/365 global situational awareness 8 Global Security Operations Centers 179 Security and Privacy Patents Near real-time analysis of security indicators Global network infrastructure ~ 126 Petabytes of data per day 30B vulnerability scans/ 400M spam messages daily 3198% increase - IoT vulnerability scans last 3 years Integrated management and response capability Embed security capabilities into the network Security enforcement nodes Enterprise protection and managed services Secure core network infrastructure Internal risk management program ISO27001 certified Wide variety of industry & standards activities

3 DDoS Activity Trend over 4 years – 10 day moving average
DDoS attacks are commercialized & allow for use in more scenarios. DDoS extortion is increasingly popular. Generally threats that come in but are not accompanied by an actual attack are not credible. Some threats come with a demo attack, but there may be no follow through if the ransom is not paid. Ransomware continues to evolve with aggressive spamming campaigns and more advanced encryption technology. Some doesn’t encrypt – it just deletes data. We had a phase of what appeared to be targeted ransomware extortion attacks against health care providers, but I haven’t heard of many cases lately. However, this sort of threat is still a concern. Business continuity planning in the face of destructive threats is increasingly a concern.

4 Count of Unique Sources Scanning on Popular IoT Ports 3 years (as of Oct 3, 2016)
Concern (not a threat) Virtual currency has fueled extortion and ransom attacks Poorly secured IoT devices have facilitated very large botnets that can be used in DDoS attacks (among other things). Pay attention to what you connect to the internet. We cover topics like this in more depth on ThreatTraq weekly Jason, what is your team seeing with our business customers?

5 Today’s threat landscape requires a multi-layered approach
Data/Application Securing workloads/applications Endpoint Mobile, IoT, Office/fixed Connectivity Securing the network Jason: [TELL THE LAYERED APPROACH STORY] Evolving technology trends, including cloud computing and virtualization, and the impact of these technologies on businesses, regularly come up in my conversations with customers. LOB is looking for feature rich applications with no regards for their technology integration implications Legacy Applications-big investment to invest in cloud Brian, what is happening in the Threat Intelligence front? Threat Management Detection & response

6 Communications Sector Partnership with Government
National Security Telecommunications Advisory Committee (NSTAC) IOT Paper ICT Mobilization ETSV Paper Big Data Analytics Paper Promoted NCCIC, NSTIC etc. Enduring Security Framework (DHS/WH) Policy Planning Operations Communications Sector Coordinating Council (CSCC) Executive Order Implementation NIST Framework National Sector Risk Assessment (NSRA) Communications Sector Specific Plan (CSSP)/Sector Annual Report (SAR) National Incident Response Plan National Security Information Exchange (NSIE) National Cybersecurity & Communications Integration Center (NCCIC) On call 24/7 center US CERT ICS CERT National Coordinating Center (NCC) CSCC Cyber Committee Initiatives Comms Sector Role in Cybersecurity Initiative Inventory Recent CSCC/Cyber Committee Engagements GAO Inquiries (Cyber Standards/Supply Chain) DHS Supply Chain Working Group Cross-Sector Cybersecurity Working Group DHS Cyber Blueprint Sector Risk Assessments DHS National Sector Risk Assessment (NCS) DHS Cyber Risk Assessment (OEC)

7 Federal Cybersecurity Policy Landscape
White House Commerce DOJ CI Executive Order 13636 Presidential Policy Directive 21 Info Sharing Executive Order Sanctions Executive Order NSTAC/ESF NIST Framework NTIA Internet Task Force NTIA Upgradeability/IoT Baldridge Award Program/NCCoE ECPA Guidance Anti-trust policy statement National Cybersecurity Incident Joint Task Force (NCIJTF) (FBI) DHS GSA Comms Sector Specific Agency National Communications Cybersecurity Integration Center (NCCIC) National Security Info Exchange (NSIE) National Cyber Incident Response Plan (NCIRP) Federal Procurement (Applying framework to Federal procurement) FEDERAL CYBER POLICY LANDSCAPE SEC FTC SEC reporting Board governance Data Breach Mobile Security Review “Reasonable” Security Standards IoT Devices FCC Congress Privacy NPRM Spectrum Frontiers Order Tech Transitions Order CSRIC (Working Groups 5-7) Technology Advisory Council (TAC) Information Sharing Legislation DHS Re-Organization ?? Cyber R&D Others 

8 NSTAC Highlights Funded in 1982 by President Reagan
Focus on National Security/Emergency Preparedness Original focus on physical disaster recovery issues Greater focus on cyber related matters in recent years Recent papers include the following: NSTAC Emerging Technologies Strategic Vision (ETSV) Letter to the President NSTAC Report to the President on Big Data Analytics NSTAC Information and Communications Technology Mobilization Report NSTAC Internet of Things Report NSTAC Report on the NS/EP Implications of Nationwide Public Safety Broadband Network Report to the President on Secure Government Communications

9 2017 Potential Cybersecurity Priorities
Executive Order (possibly today) Securing Federal Agencies – raising profile, requiring agencies to use NIST framework 60 day review potentially led by OMB Enhancing critical infrastructure cybersecurity DHS 60 day review Possible discussion of deterrence/international strategy Modernizing Federal IT Congress HR584 – Cybersecurity coordination with states Possibly DHS reorganization Continued discussion about active defense/offensive measures Information Sharing Implementation (CISA) Internet of Things (IoT) security Cyber R&D/Workforce Development

10 Considerations for State Governments
Partner and coordinate with private sector/Federal agencies to protect critical infrastructure Leverage various federal, regional, state and local venues (e.g., Fusion centers, MS-ISAC; State, Local and Tribal Coordinating Council; National Level Exercise) Use caution in establishing state level rules. Differing rules in each state increase the risk of fragmentation and force companies into a “least common denominator” approach that reduces rather than enhances security. There is no one-size fits all solution in the current dynamic environment. To the extent that any new rules are determined to be necessary they should be more process oriented than prescriptive. Enhance awareness and education/workforce development - support the National Cybersecurity Awareness Campaign, STOP THINK CONNECT, build computer security and digital citizenship into classroom curriculum, increase importance of secure software design at University level. Increase support for law enforcement in pursuing cyber criminals Lead by Example – deploy cyber security solutions across state government systems

11 Q&A

Download ppt "Cybersecurity & Technology"

Similar presentations

Homeland Security at the FCC July 10, 2003. FCCs Homeland Security Focus Interagency Partnerships Industry Partnerships Infrastructure Protection Communications.

Homeland Security at the FCC July 10, FCCs Homeland Security Focus Interagency Partnerships Industry Partnerships Infrastructure Protection Communications.
Private Sector Perspectives on Federal Financial Systems Modernization and Shared Services.

Private Sector Perspectives on Federal Financial Systems Modernization and Shared Services.
National Infrastructure Protection Plan

National Infrastructure Protection Plan
SECR 5140-FL Critical Infrastructure Protection Dr. Barry S. Hess Spring 2 Semester Week 3: 1 April 2006.

SECR 5140-FL Critical Infrastructure Protection Dr. Barry S. Hess Spring 2 Semester Week 3: 1 April 2006.
1 July 08, 2010 Information Security Officer Meeting.

1 July 08, 2010 Information Security Officer Meeting.
Security Issues on Campus: Government Initiatives Rodney J. Petersen University of Maryland Educause/Internet2 Security Task Force Copyright Rodney J.

Security Issues on Campus: Government Initiatives Rodney J. Petersen University of Maryland Educause/Internet2 Security Task Force Copyright Rodney J.
Standards for Shared ICT Jeju, 13 – 16 May 2013 Gale Lightfoot Senior Staff Program Manager, Office of the CTO, SPB Cisco ATIS Cybersecurity Standards.

Standards for Shared ICT Jeju, 13 – 16 May 2013 Gale Lightfoot Senior Staff Program Manager, Office of the CTO, SPB Cisco ATIS Cybersecurity Standards.
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.

Resiliency Rules: 7 Steps for Critical Infrastructure Protection.
The U. S. National Strategy for Global Supply Chain Security Neema Khatri Office of International Affairs U.S. Department of Homeland Security.

The U. S. National Strategy for Global Supply Chain Security Neema Khatri Office of International Affairs U.S. Department of Homeland Security.
Jeju, 13 – 16 May 2013Standards for Shared ICT CYBERSECURITY-RELATED STANDARDS ACTIVITY IN THE TELECOMMUNICATIONS INDUSTRY ASSOCIATION Eric Barnhart, Fellow.

Jeju, 13 – 16 May 2013Standards for Shared ICT CYBERSECURITY-RELATED STANDARDS ACTIVITY IN THE TELECOMMUNICATIONS INDUSTRY ASSOCIATION Eric Barnhart, Fellow.
Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 DRAFT.

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 DRAFT.
1 © 2003 Cisco Systems, Inc. All rights reserved. CIAG-HLS-10.24.03 Security For Infrastructure Protection: Public-Private Partnerships KEN WATSON 15 OCT.

1 © 2003 Cisco Systems, Inc. All rights reserved. CIAG-HLS Security For Infrastructure Protection: Public-Private Partnerships KEN WATSON 15 OCT.
Introduction to the National Cybersecurity & Communications Integration Center (NCCIC) “A Partnership for Strength” 1.

Introduction to the National Cybersecurity & Communications Integration Center (NCCIC) “A Partnership for Strength” 1.
The Nationwide SAR Initiative Briefing for the National Maritime Security Advisory Committee April 2, 2013.

The Nationwide SAR Initiative Briefing for the National Maritime Security Advisory Committee April 2, 2013.
Critical Infrastructure Protection Overview Building a safer, more secure, more resilient America The National Infrastructure Protection Plan, released.

Critical Infrastructure Protection Overview Building a safer, more secure, more resilient America The National Infrastructure Protection Plan, released.
Critical Infrastructure Protection: Program Overview

Critical Infrastructure Protection: Program Overview
Information Sharing Challenges, Trends and Opportunities

Information Sharing Challenges, Trends and Opportunities
Australia Cybercrime Capacity Building Conference 27-28 April 2010 Brunei Darussalam Ms Marcella Hawkes Director, Cyber Security Policy Australian Government.

Australia Cybercrime Capacity Building Conference April 2010 Brunei Darussalam Ms Marcella Hawkes Director, Cyber Security Policy Australian Government.
Presenter’s Name June 17, 2003 Nationwide Perspective: Building a Nationwide Network for Public Safety Dusty Rhoads Office of Emergency Communications.

Presenter’s Name June 17, 2003 Nationwide Perspective: Building a Nationwide Network for Public Safety Dusty Rhoads Office of Emergency Communications.
1 Jim Devlin Comptroller of the Currency November 5, 2009 Data Breaches in Payments Systems -- Roles and Best Practices for the Public and Private Sector.

1 Jim Devlin Comptroller of the Currency November 5, 2009 Data Breaches in Payments Systems -- Roles and Best Practices for the Public and Private Sector.

Similar presentations

Ads by Google