Presentation is loading. Please wait.

Presentation is loading. Please wait.

Transatlantic Cybersecurity: The Need for Regulatory Coordination EU-US High Level Regulatory Cooperation Forum April 11, 2013 Bruce Levinson

Published bySarah Goodman Modified over 8 years ago

Similar presentations

Presentation on theme: "Transatlantic Cybersecurity: The Need for Regulatory Coordination EU-US High Level Regulatory Cooperation Forum April 11, 2013 Bruce Levinson"— Presentation transcript:

1 Transatlantic Cybersecurity: The Need for Regulatory Coordination EU-US High Level Regulatory Cooperation Forum April 11, 2013 Bruce Levinson Levinson@TheCRE.com The Center for Regulatory Effectiveness

2 “Cybersecurity regulation will take its place alongside environmental regulation, health and safety regulation and financial regulation as a major federal activity.” -- CircleID 10/27/11CircleID 10/27/11 Center for Regulatory Effectiveness

3 Cybersecurity Regulation includes Quasi-Regulatory Programs and Guidance Documents Examples of US Cybersecurity Regulatory Programs which Need to be Coordinated with European Partners include:  The Cybersecurity Framework for critical infrastructure companies being developed pursuant to Executive Order 13636Cybersecurity Framework  The US Security and Exchange Commission’s Cybersecurity Disclosure GuidanceCybersecurity Disclosure Guidance Critical Infrastructure Companies Operate Internationally -- Uncoordinated National Regulation of Cybersecurity Wastes Resources and Harms Security Center for Regulatory Effectiveness

4 The Cybersecurity Framework Should be Included in Regulatory Harmonization Discussions  EU-US High Level Regulatory Cooperation Forum  Transatlantic Trade and Investment Partnership (TTIP) Center for Regulatory Effectiveness

5  Established by former senior career officials from the White House Office of Management and Budget (OMB).senior career  Intervenes in Executive Branch proceedings to enforce the “Good Government” laws that “Regulate the Regulators.”Good Government  Acts only in its own name, not that of its sponsors. Acts Center for Regulatory Effectiveness

6 Center for Regulatory Effectiveness: Cyber Policy Interventions Examples include:  The National Telecommunications and Information Administration's (NTIA's) supervision of ICANN (2004)2004  Creating a National Cybersecurity Framework (2005)2005  Creating a Cybersecurity Framework (2013) Center for Regulatory Effectiveness

7 Industry Leadership Should Drive Transatlantic Cybersecurity Coordination  President Obama’s Cybersecurity Executive Order 13636 emphasizes use of Industry Best Practices  The international standards system is fundamentally a voluntary, industry-driven process  Administration officials have emphasized the need for the Cybersecurity Framework to “Scale Globally” Pro-Active European Participation in American * Cybersecurity Requirements is Essential * When implemented, the Framework will impact globally-minded companies around the world. Center for Regulatory Effectiveness

8 Cost-Effectiveness: The Prerequisite for Cybersecurity Regulation Cost effectiveness needs to be designed into all critical infrastructure cyber defenses for two reasons: 1.Regulations must be cost-effective or they will not be viable and will not boost industrial security irrespective of legal requirements. 2.Cost effectiveness discussions must encompasses a review of several issues that are fundamental to any rational regulatory scheme starting which, what is meant by effective cybersecurity? -- CircleID (9/10/12) Center for Regulatory Effectiveness

9 What is an Industry Best Practice? NIST is directed to ensure maximum possible use of industry best practices in the Framework without possessing either:  A definition of Industry Best Practices; or  A federal compilation of industry best practices. The Cybersecurity Framework Needs to Include a Process for the Federal Determination of Industry Best Practices European-Based Industry Needs to Participate in Developing the Best Practice Determination Process Center for Regulatory Effectiveness

10 Determining Industry Best Practices: Guiding Principles Global Diversity. The process should recognize the diversity of consensus and non-consensus cybersecurity Best Practices. Affordability. The process to obtain federal acceptance of use of a Best Practice should be minimally burdensome. Reciprocity. Cyber-defense measures undertaken at the behest of any EU or US agency should be accepted as an Industry Best Practice for purposes of the Framework. Clarity. The best practices acceptance process needs to clearly define the operational boundaries to which the practice applies. Recognition. The process should culminate, within a specified timeframe, in recognition of a company’s Framework compliance. Center for Regulatory Effectiveness

11 Conformity Assessment: Self-Certification The Conformity Assessment Process:  Needs to take into account that companies may use varying combinations of a diverse Best Practices.  Companies need to be able to obtain recognition for their entire package of compliance procedures.  If companies have to hire expensive 3 rd party auditing/ assessment organizations, the program won’t work. Self-Certification Backed by Appropriate Recordkeeping is the Only Economically Feasible Conformity Assessment Process Center for Regulatory Effectiveness

Download ppt "Transatlantic Cybersecurity: The Need for Regulatory Coordination EU-US High Level Regulatory Cooperation Forum April 11, 2013 Bruce Levinson"

Similar presentations

Objectives Terminal Objective

Objectives Terminal Objective
Administration, Management, and Coordination of Supportive Housing: Guidelines from CSH’s Dimensions of Quality MHSA TA Operations Call September 1, 2010.

Administration, Management, and Coordination of Supportive Housing: Guidelines from CSH’s Dimensions of Quality MHSA TA Operations Call September 1, 2010.
Navigating Compliance Requirements DCM 6.2 Regs and Codes linford & co llp.

Navigating Compliance Requirements DCM 6.2 Regs and Codes linford & co llp.
« The voice of the European Service Industries for International Trade Negotiations in Services » SESSION THREE: Issues related to services, investment.

« The voice of the European Service Industries for International Trade Negotiations in Services » SESSION THREE: Issues related to services, investment.
APEC Regulatory Harmonization Steering Committee (RHSC) Institute of Medicine Workshop International Regulatory Harmonization Amid Globalization of Biomedical.

APEC Regulatory Harmonization Steering Committee (RHSC) Institute of Medicine Workshop International Regulatory Harmonization Amid Globalization of Biomedical.
6-1 Full and Fair Reporting Electronic Presentation by Douglas Cloud Pepperdine University Chapter F6.

6-1 Full and Fair Reporting Electronic Presentation by Douglas Cloud Pepperdine University Chapter F6.
1 Webinar on: Establishing a Fully Integrated National Food Safety System with Strengthened Inspection, Laboratory and Response Capacity Sponsored by Partnership.

1 Webinar on: Establishing a Fully Integrated National Food Safety System with Strengthened Inspection, Laboratory and Response Capacity Sponsored by Partnership.
Legal Aspects of Starting a Business Business Management.

Legal Aspects of Starting a Business Business Management.
The Role of Risk Management and Assurance in Effective Organizational Governance Urton Anderson The University of Texas at Austin.

The Role of Risk Management and Assurance in Effective Organizational Governance Urton Anderson The University of Texas at Austin.
Framework for Improving Critical Infrastructure Cybersecurity Overview and Status Executive Order 13636 “Improving Critical Infrastructure Cybersecurity”

Framework for Improving Critical Infrastructure Cybersecurity Overview and Status Executive Order “Improving Critical Infrastructure Cybersecurity”
1 CHCOHS312A Follow safety procedures for direct care work.

1 CHCOHS312A Follow safety procedures for direct care work.
LIBERIA BETTER BUSINESS FORUM (LBBF) Presented by W. Bako Freeman Program Coordinator - LBBF.

LIBERIA BETTER BUSINESS FORUM (LBBF) Presented by W. Bako Freeman Program Coordinator - LBBF.
European Innovation Partnership on Raw Materials Conference on Initiatives related to the EIP on Raw Materials, 19 April 2013 Work Package 3 Improving.

European Innovation Partnership on Raw Materials Conference on Initiatives related to the EIP on Raw Materials, 19 April 2013 Work Package 3 Improving.
DEFENSE PRIVACY & CIVIL LIBERTIES OFFICE Privacy Foundations Samuel P. Jenkins Director for Privacy Defense Privacy and Civil Liberties Office Identity.

DEFENSE PRIVACY & CIVIL LIBERTIES OFFICE Privacy Foundations Samuel P. Jenkins Director for Privacy Defense Privacy and Civil Liberties Office Identity.
Essentials Of Business Law Chapter 5 Administrative Law McGraw-Hill/Irwin Copyright © 2007 The McGraw-Hill Companies, Inc. All rights reserved.

Essentials Of Business Law Chapter 5 Administrative Law McGraw-Hill/Irwin Copyright © 2007 The McGraw-Hill Companies, Inc. All rights reserved.
5BUS0253 FS 2 week 1 Financial Statements 2 Lecture 1.

5BUS0253 FS 2 week 1 Financial Statements 2 Lecture 1.
21 September 2010Social Dialogue European level1 Situation and current problems of Social Dialogue in the Private Security Sector from the European point.

21 September 2010Social Dialogue European level1 Situation and current problems of Social Dialogue in the Private Security Sector from the European point.
ISO 9000 and 14000 Public Awareness and Information Session 22 February 2006 Owen Glave, MBA-TQM.

ISO 9000 and Public Awareness and Information Session 22 February 2006 Owen Glave, MBA-TQM.
1 Improving Federal Rights-of-Way Management to Spur Broadband Deployment Meredith Attwell Senior Advisor to the Assistant Secretary National Telecommunications.

1 Improving Federal Rights-of-Way Management to Spur Broadband Deployment Meredith Attwell Senior Advisor to the Assistant Secretary National Telecommunications.
Code of Conduct for Electricity Trading: Improving confidence and liquidity in electricity markets EURELECTRIC WG Trading Athens Forum, 3-4 June 2004.

Code of Conduct for Electricity Trading: Improving confidence and liquidity in electricity markets EURELECTRIC WG Trading Athens Forum, 3-4 June 2004.

Similar presentations

Ads by Google