1. WEIS 2011 Workshop on the Economics of Information Security Chris Greer Assistant Director for Information Technology R&D White House Office of Science & Technology Policy June 14, 2011

2. America's economic prosperity in the 21st century will depend on cybersecurity - President Obama, May 2009

3. Invest in the Building Blocks of American Innovation Educate Americans with 21 st century skills and create a world-class workforce Build a leading physical infrastructure Strengthen and broaden American leadership in fundamental research Develop an advanced information technology ecosystem Catalyze Breakthroughs for National Priorities Unleash a clean energy revolution Accelerate biotechnology, nanotechnology, and advanced manufacturing Develop breakthroughs in space applications Drive breakthroughs in health care technology Create a quantum leap in educational technologies Promote Market-Based Innovation Accelerate business innovation with the R&E tax credit Promote investments in ingenuity through effective intellectual property policy Encourage high-growth and innovation-based entrepreneurship Promote innovative, open, and competitive markets Source: http://www.whitehouse.gov/innovation/; www.startupamericapartnership.prg; www.whitehouse.gov/openhttp://www.whitehouse.gov/innovation/www.startupamericapartnership.prg www.whitehouse.gov/open President’s Strategy for American Innovation

4. Invest in the Building Blocks of American Innovation Strengthen and broaden American leadership in fundamental research Develop an advanced information technology ecosystem Catalyze Breakthroughs for National Priorities Unleash a clean energy revolution Accelerate biotechnology, nanotechnology, and advanced manufacturing Develop breakthroughs in space applications Drive breakthroughs in health care technology Create a quantum leap in educational technologies Promote Market-Based Innovation Accelerate business innovation with the R&E tax credit Promote investments in ingenuity through effective intellectual property policy Encourage high-growth and innovation-based entrepreneurship Promote innovative, open, and competitive markets Source: http://www.whitehouse.gov/innovation/; www.startupamericapartnership.prg; www.whitehouse.gov/openhttp://www.whitehouse.gov/innovation/www.startupamericapartnership.prg www.whitehouse.gov/open President’s Strategy for American Innovation

5. Invest in the Building Blocks of American Innovation Strengthen and broaden American leadership in fundamental research Develop an advanced information technology ecosystem Source: http://www.whitehouse.gov/innovation/; www.startupamericapartnership.prg; www.whitehouse.gov/openhttp://www.whitehouse.gov/innovation/www.startupamericapartnership.prg www.whitehouse.gov/open President’s Strategy for American Innovation Comprehensive Cybersecurity Framework Trustworthy Cyberspace: Strategic Plan for Federal R&D Trustworthy Cyberspace: Strategic Plan for Federal R&D International Strategy for Cyberspace International Strategy for Cyberspace Administration Proposal for Cybersecurity Legislation National Strategy for Trusted Identities in Cyberspace National Initiative for Cybersecurity Education

6. President’s Cyberspace Policy Review May 2009 Themes:  Lead from the top  Build capacity for a digital nation  Share responsibility for cybersecurity  Create effective information sharing and incident response  Encourage Innovation

7. President’s Cyberspace Policy Review May 2009 Themes:  Lead from the top  Build capacity for a digital nation  Share responsibility for cybersecurity  Create effective information sharing and incident response  Encourage Innovation

8. International Strategy for Cyberspace

9. “Cyberspace, and the technologies that enable it, allow people of every nationality, race, faith, and point of view to communicate, cooperate, and prosper like never before.” President Obama May 2011 www.whitehouse.gov/cybersecurity

10. The United States will work internationally to promote an open, interoperable, secure, and reliable cyberspace that supports international trade and commerce, strengthens international security, and fosters free expression and innovation. Our Goal

11. The cyberspace environment that we seek:  rewards innovation and empowers entrepreneurs;  connects individuals and strengthens communities;  builds better governments and expands accountability;  safeguards fundamental freedoms and enhances personal privacy; and  builds understanding, clarifies norms of behavior, and enhances national and international security.

12.  Upholding Fundamental Freedoms  Respect for Property  Valuing Privacy  Protection from Crime  Right of Self-Defense  Global Interoperability  Network Stability  Reliable Access  Multi-stakeholder Governance  Cybersecurity Due Diligence Norms of Responsible Behavior

13.  Upholding Fundamental Freedoms  Respect for Property  Valuing Privacy  Protection from Crime  Right of Self-Defense  Global Interoperability  Network Stability  Reliable Access  Multi-stakeholder Governance  Cybersecurity Due Diligence Norms of Responsible Behavior

14. Administration Proposal for Cybersecurity Legislation

15. The Administration should partner appropriately with Congress to ensure adequate law, policies, and resources are available to support the U.S. cybersecurity-related missions. President’s Cyberspace Policy Review May 2009

16. President’s Cyberspace Policy Review May 2009 Themes:  Lead from the top  Build capacity for a digital nation  Share responsibility for cybersecurity  Create effective information sharing and incident response  Encourage Innovation

17.  the American people;  our Nation’s critical infrastructure;  federal government networks and systems; and The proposal helps protect: www.whitehouse.gov/cybersecurity  Privacy and civil liberties.

18. Protecting the American People  National Data Breach Reporting  Penalties for Cyber Criminals

19. Protecting our Nation’s Critical Infrastructure  Voluntary government assistance to industry, states, and local government  Voluntary information sharing with DHS  Critical infrastructure cybersecurity plans

20. Protecting Federal Computers & Networks  Management – FISMA update and roles  Personnel – Hiring authorities and exchange  Intrusion Prevention Systems – EINSTEIN  Data Centers – Promoting cloud innovation

21. Protecting Privacy and Civil Liberties  Privacy and civil liberties expert review and Attorney General (AG) approval  Limitation to cybersecurity threats and criminal law enforcement with AG review  Threat information shared without unrelated identifying information  Layered oversight programs and Congressional reporting

22. National Initiative for Cybersecurity Education NICE

23. President’s Cyberspace Policy Review May 2009 Themes:  Lead from the top  Build capacity for a digital nation  Share responsibility for cybersecurity  Create effective information sharing and incident response  Encourage Innovation

24. NICE Website: WWW.NIST.GOV/NICE

25. Building Capacity for a Digital Nation  Increase public awareness  Enhance formal cybersecurity education  Expand, define, and train a world-class cybersecurity workforce

26. Cybersecurity Pipeline

27. National Cybersecurity Awareness  Lead: Department of Homeland Security (DHS)  Public service campaigns and awareness activities year round Formal Cybersecurity Education  Leads: Department of Education (ED), National Science Foundation (NSF)  Co-Leads: Department of Labor (DOL), DHS  STEM and cybersecurity education programs in accredited settings NICE Components

28. Cybersecurity Workforce Structure  Overall Lead: Department of Homeland Security (DHS)  Federal Workforce – Office of Personnel Management  Government Workforce (non-Federal) – DHS  Private Sector Workforce – Dept. Labor, National Institute of Standards and Technology Cybersecurity Workforce Training and Professional Development  Tri-Leads: Department of Defense (DoD), Office of the Director of National Intelligence (ODNI), Department of Homeland Security (DHS) Tri-Leads:  General IT Use – Federal Chief Information Officer Council and DHSIT  Infrastructure, Operations, Maintenance & Information Assurance – DoD, DHS  Domestic Law Enforcement and Counterintelligence – Department of Defense Cyber Crime Center (DC3), National Counterintelligence Executive (NCIX), Department of Justice, and DHS  Specialized Cybersecurity Operations - NSA NICE Components

29. National Initiative for Trusted Identities in Cyberspace NSTIC

30. President’s Cyberspace Policy Review May 2009 Themes:  Lead from the top  Build capacity for a digital nation  Share responsibility for cybersecurity  Create effective information sharing and incident response  Encourage Innovation

31. NSTIC Website: WWW.NIST.GOV/NSTIC

32.  Passwords are inconvenient and insecure  Individuals are unable to prove their true identity online for significant transactions NSTIC Focus - Two Central Problems:

33.  Identity theft is costly, inconvenient and all-too common  Phishing continues to rise, with attacks becoming more sophisticated  Managing multiple passwords is expensive  Passwords are failing  Maintenance of multiple accounts is increasing as more services move online

34. Characteristics of the Identity Ecosystem  Led by the private sector  Allows consumers who want to participate to: o obtain a single digital credential for wide use o choose among a diverse market of credential providers o use their credential when needed and remain anonymous when desired  Enhances privacy through: o “need-to-know” restrictions o reduced identity theft o reduced instances of sensitive information sharing

35. Trustworthy Cyberspace: Strategic Plan for the Federal Cybersecurity Research and Development Program

36. President’s Cyberspace Policy Review May 2009 Themes:  Lead from the top  Build capacity for a digital nation  Share responsibility for cybersecurity  Create effective information sharing and incident response  Encourage Innovation

37. Encouraging Innovation Provide a framework for research and development strategies that focus on game-changing technologies that will help meet infrastructure objectives, building on the existing NITRD strategies …

38.  NITRD: Networking and Information Technology Research and Development Program o CSIA: Cyber Security and Information Assurance Working Group o SSG: Senior Steering Group for Cybersecurity  SCORE: Special Cyber Operations Research and Engineering Interagency Coordination

39.  Near Horizon o Moving Target Defense o Tailored Trustworthy Spaces o Cyber Economic Incentives o Designed-in Security  Over the Horizon o Science of Cybersecurity  Research for Results o Translation to practice Strategy Overview

40.  Near Horizon o Moving Target Defense o Tailored Trustworthy Spaces o Cyber Economic Incentives o Designed-in Security  Over the Horizon o Science of Cybersecurity  Research for Results o Translation to practice Strategy Overview

41. Cyber Economic Incentives - Examples  Economics of legislation and policy choices – Immunity, liability, safe harbor, incentives, material disclosure, audit and assessment  Cyber insurance – Actuarial analysis, quantitative risk assessment, moral hazard, catastrophic and interdependent risks, risk pooling  Market factors – Valuation, cost/benefit analyses, technology risk, standards and innovation, awareness, intellectual arbitrage, risk decision-making, criminal markets

42. Invest in the Building Blocks of American Innovation Strengthen and broaden American leadership in fundamental research Develop an advanced information technology ecosystem Source: http://www.whitehouse.gov/innovation/; www.startupamericapartnership.prg; www.whitehouse.gov/openhttp://www.whitehouse.gov/innovation/www.startupamericapartnership.prg www.whitehouse.gov/open President’s Strategy for American Innovation Comprehensive Cybersecurity Framework Trustworthy Cyberspace: Strategic Plan for Federal R&D Trustworthy Cyberspace: Strategic Plan for Federal R&D International Strategy for Cyberspace International Strategy for Cyberspace Administration Proposal for Cybersecurity Legislation National Strategy for Trusted Identities in Cyberspace National Initiative for Cybersecurity Education

43. Contact: CGreer@ostp.eop.gov Additional Information: www.whitehouse.gov/cybersecurity