cyber after snowden (oa cyber summit)
DESCRIPTION
Matthew Rhoades with Truman National Security Project talk at the Open Analytics Cyber Summit.TRANSCRIPT
![Page 1: Cyber after Snowden (OA Cyber Summit)](https://reader034.vdocument.in/reader034/viewer/2022042700/5575c56bd8b42a312a8b4d4f/html5/thumbnails/1.jpg)
Cyber After Snowden
Matthew Rhoades, Director, Cyberspace & Security Program
Can DC Help Protect Your Networks?
![Page 2: Cyber after Snowden (OA Cyber Summit)](https://reader034.vdocument.in/reader034/viewer/2022042700/5575c56bd8b42a312a8b4d4f/html5/thumbnails/2.jpg)
Truman Project Members
![Page 3: Cyber after Snowden (OA Cyber Summit)](https://reader034.vdocument.in/reader034/viewer/2022042700/5575c56bd8b42a312a8b4d4f/html5/thumbnails/3.jpg)
Cyberspace & Security Program
![Page 4: Cyber after Snowden (OA Cyber Summit)](https://reader034.vdocument.in/reader034/viewer/2022042700/5575c56bd8b42a312a8b4d4f/html5/thumbnails/4.jpg)
Agenda
Looking Back – How we got here
Lame Duck
2015 and beyond
![Page 5: Cyber after Snowden (OA Cyber Summit)](https://reader034.vdocument.in/reader034/viewer/2022042700/5575c56bd8b42a312a8b4d4f/html5/thumbnails/5.jpg)
Cybersecurity & Congress 2012 - 2014
![Page 6: Cyber after Snowden (OA Cyber Summit)](https://reader034.vdocument.in/reader034/viewer/2022042700/5575c56bd8b42a312a8b4d4f/html5/thumbnails/6.jpg)
2012: The Debate on Capitol Hill
Key Pillars: 1. Critical Infrastructure
2. Information Sharing
3. DHS v. NSA
Low-Hanging Fruit: Education/Workforce
Research & Development
Cyber Awareness
FISMA Reform
![Page 7: Cyber after Snowden (OA Cyber Summit)](https://reader034.vdocument.in/reader034/viewer/2022042700/5575c56bd8b42a312a8b4d4f/html5/thumbnails/7.jpg)
Securing Critical Infrastructure
Mandatory Standards: Cybersecurity Act of 2012
v1.0 (Senate)
Voluntary Standards: Cybersecurity Act of 2012
v2.0 (Senate)
Market Solution: House of Representatives
![Page 8: Cyber after Snowden (OA Cyber Summit)](https://reader034.vdocument.in/reader034/viewer/2022042700/5575c56bd8b42a312a8b4d4f/html5/thumbnails/8.jpg)
Legislating Information Sharing
2. Who are you sharing it with? • Civilian Agency? Intelligence
Community? Department of Defense?
1. What are you sharing? • PII or Threat Signatures?
3. What can it be used for? • Limited to specific purposes?
4. What is the Standard of Liability? • Full Indemnity? Negligence?
![Page 9: Cyber after Snowden (OA Cyber Summit)](https://reader034.vdocument.in/reader034/viewer/2022042700/5575c56bd8b42a312a8b4d4f/html5/thumbnails/9.jpg)
The Interest Groups
Baseline Standards Improved Visibility
Anonymize Info Civilian Agency Clear Definitions Negligence Standard
No Mandates Legal Protection
National Security Leaders
Privacy & Civil Liberties
Business (Chamber of Commerce)
![Page 10: Cyber after Snowden (OA Cyber Summit)](https://reader034.vdocument.in/reader034/viewer/2022042700/5575c56bd8b42a312a8b4d4f/html5/thumbnails/10.jpg)
2013: Executive Order 13636
Policy Results:
“Industry-led, government facilitated” best practices (NIST)
Increase USG Industry Info Sharing
Privacy & Civil Liberties Oversight
![Page 11: Cyber after Snowden (OA Cyber Summit)](https://reader034.vdocument.in/reader034/viewer/2022042700/5575c56bd8b42a312a8b4d4f/html5/thumbnails/11.jpg)
A New Agenda for 2013
Political Result: A Smaller Congressional Agenda Critical Infrastructure Information Sharing Role of DHS
Education & Workforce Research & Development Awareness FISMA Reform
![Page 12: Cyber after Snowden (OA Cyber Summit)](https://reader034.vdocument.in/reader034/viewer/2022042700/5575c56bd8b42a312a8b4d4f/html5/thumbnails/12.jpg)
Cyber Bills
Committee United States Senate House of Representatives
Homeland Security
National Cybersecurity & Communications Integration Center Act DHS Cybersecurity Workforce Recruitment & Retention Act Federal Information Security Amendments Act
National Cybersecurity & Critical Infrastructure Protection Act Critical Infrastructure Research and Development Advancement Act Homeland Security Cybersecurity Boots-on-the-Ground Act
Commerce Cybersecurity Act of 2013
Intelligence Cyber Information Sharing Act of 2014
Cyber Intelligence Sharing and Protection Act
![Page 13: Cyber after Snowden (OA Cyber Summit)](https://reader034.vdocument.in/reader034/viewer/2022042700/5575c56bd8b42a312a8b4d4f/html5/thumbnails/13.jpg)
2014 Lame Duck (Senate)?
Other Issues?
Marketplace Fairness
Tax Extenders
Nominations
Other National Security Issues?
AUMF
Sec. 215/Sec. 702/FISA Reform
Iran
Must Do: • Continuing Resolution • Defense Authorization
![Page 14: Cyber after Snowden (OA Cyber Summit)](https://reader034.vdocument.in/reader034/viewer/2022042700/5575c56bd8b42a312a8b4d4f/html5/thumbnails/14.jpg)
Changing of the Guard
On their way out: Mike Rogers (R-MI)
House Intelligence
Buck McKeon (R-CA) House Armed Services
Carl Levin (D-MI) Senate Armed Services
Jay Rockefeller (D-WV) Senate Commerce, Science, & Transportation
Saxby Chambliss (R-GA) Senate Intelligence
Tom Coburn (R-OK) Senate Homeland Security
Next in line (?): Jeff Miller (R-FL)
House Intelligence
Mac Thornberry (R-TX) House Armed Services
Jack Reed (D-RI) Senate Armed Services
Bill Nelson (D-FL) Senate Commerce, Science, & Transportation
Richard Burr (R-NC) Senate Intelligence
John McCain (R-AZ) Senate Homeland Security
![Page 15: Cyber after Snowden (OA Cyber Summit)](https://reader034.vdocument.in/reader034/viewer/2022042700/5575c56bd8b42a312a8b4d4f/html5/thumbnails/15.jpg)
Truman Members
![Page 16: Cyber after Snowden (OA Cyber Summit)](https://reader034.vdocument.in/reader034/viewer/2022042700/5575c56bd8b42a312a8b4d4f/html5/thumbnails/16.jpg)
What happens after a crisis?
Truman National Conference Cyber Exercise 54 Teams • 34 Congressional offices • 7 Executive offices & Agencies • 9 Industry & Interest Groups • 4 Media Outlets
Day-of Crisis Exercise • National Security Council Debate • 7-9 Teams; 25 – 70 Participants • Define what happened & how to respond
![Page 17: Cyber after Snowden (OA Cyber Summit)](https://reader034.vdocument.in/reader034/viewer/2022042700/5575c56bd8b42a312a8b4d4f/html5/thumbnails/17.jpg)
What we learned…
1. Uncertainty in response to a crisis
2. In the wake of a crisis, the focus is almost entirely on protecting critical infrastructure
3. In the wake of a crisis, the second priority is developing human resources
![Page 18: Cyber after Snowden (OA Cyber Summit)](https://reader034.vdocument.in/reader034/viewer/2022042700/5575c56bd8b42a312a8b4d4f/html5/thumbnails/18.jpg)
Cyber After Snowden
Matthew Rhoades, Director, Cyberspace & Security Program
Can DC Help Protect Your Networks?