draft report on strategic usg engagement in international
play

Draft Report on Strategic USG Engagement in International - PowerPoint PPT Presentation

Jul 22, 2023 •217 likes •359 views

Draft Report on Strategic USG Engagement in International Standardization to Achieve U.S. Objectives for Cybersecurity (DRAFT NISTIR 8074) Presentation to the Software and Supply Chain Assurance Forum Fall 2015 Jeff Weiss Senior

  1. ¡ Draft Report on Strategic USG Engagement in International Standardization to Achieve U.S. Objectives for Cybersecurity (DRAFT NISTIR 8074) ¡ ¡ Presentation to the Software and Supply Chain Assurance Forum – Fall 2015 Jeff Weiss Senior Advisor for Standards and Global Regulatory Policy Office of Policy & Strategic Planning, Office of the Secretary United States Department of Commerce September 1, 2015 1 ¡

  2. Items we’ll cover in the presentation • Statutory basis for the draft report • Importance of the report • Process for developing the report • Main elements of the draft report • Challenges and opportunities • Key questions to consider 2 ¡

  3. Relevant provisions of the Cybersecurity Enhancement Act of 2014 TITLE V – Advancement of cybersecurity technical standards SEC. 502. International cybersecurity technical standards. (a) In general.—The Director [of NIST], in coordination with appropriate Federal authorities, shall— (1) as appropriate, ensure coordination of Federal agencies engaged in the development of international technical standards related to information system security; and (2) not later than 1 year after the date of enactment of this Act, develop and transmit to Congress a plan for ensuring such Federal agency coordination . (b) Consultation with the private sector.—In carrying out the activities specified in subsection (a)(1), the Director shall ensure consultation with appropriate 3 ¡ private sector stakeholders.

  4. Importance of the report • In an area that is critical to U.S. economic and national security, we are not creating a top-down approach to standardization • Rather, the approach we’ve put together is consistent with existing USG law and policy on standards and, in fact, is an application of existing law and policy to cybersecurity standardization • We have a set of higher level objectives in developing this approach, along with meeting the statutory requirements: – Improving awareness, information-sharing, and coordination among federal agencies on cybersecurity standardization – Laying out for the private sector a clear articulation of USG objectives and approaches in standardization in this area – Developing a document that can be used as a basis for the USG and U.S. stakeholders to engage with foreign governments – Further strengthening the existing U.S. public-private partnership on standards 4 ¡

  5. Process for developing the report • The Cyber Interagency Policy Committee (IPC) established the International Cybersecurity Standardization Working Group, which is led by Commerce/NIST and reports to the IPC • The WG developed this draft report, which will serve as the basis for the report to Congress by the NIST Director called for in the Act • Numerous agencies are participating in the WG, including: CFTC, Commerce (NIST, ITA, and NTIA), DHS, DOD, DOE, DOJ, GSA, State, Treasury, and USTR • Participants include experts in: cybersecurity, standards, law enforcement, trade, information technology, supply chain, internet governance, international organizations, regulation, procurement, and specific types of products and services 5 ¡

  6. Process for developing the report (continued) • We requested public comment on the draft report on August 10 th , with comments due by September 24 th • As of August 30 th , the draft report has been downloaded more than 1,100 times, the supporting analysis more than 500 times – Approximately 25 percent of the downloads have been from outside the United States – Most of the downloads outside the United States have come from: Europe (at least 63), Canada (51), China (47), Japan (29), India (25), and Israel (16) 6 ¡

  7. Process for developing the report (continued) • The WG will review comments and revise the draft report • WG representatives have been briefing individual agency advisory committees and coordinating councils • The WG remains open to holding additional meetings with stakeholders and will consider other avenues for soliciting feedback depending on the comments • The WG will report periodically to the IPC on progress • NISTIR 8074 will serve as the basis for the NIST Director’s Report to Congress – due December 18, 2015 7 ¡

  8. Proposed strategic objectives • To ensure cybersecurity and resiliency of U.S. information and communications systems and supporting infrastructures, we must develop and use robust cybersecurity standards and assessment schemes • Four key (and interrelated) objectives for standards and assessment: – Enhancing national and economic security and public safety – Ensuring standards and assessment tools are technically sound – Facilitating international trade – Promoting innovation and competitiveness • The Act focuses on interagency coordination on international standards – Standards developing bodies that develop standards through open, transparent, impartial, and consensus-based processes and are globally relevant are strongly preferred 8 ¡

  9. Proposed elements of the report 1) Establishing a process for internal USG coordination 2) Incentivizing USG participation in cybersecurity standards development in core areas 3) Developing timely and technically sound standards and assessment schemes 4) Better leveraging the U.S. public-private sector partnership in standards development 5) Coordinating and sharing information with trusted international partners 6) Supporting and expanding standards education for agency officials 7) Minimizing privacy risk/building confidence and trust 8) Using relevant international cybersecurity standards to achieve mission and policy objectives 9 ¡

  10. Challenges and opportunities • CHALLENGE: Wide breadth of ongoing work streams and dozens of venues of all different types – No single agency can follow everything or has all of the expertise – There may be linkages/trends among various work streams that are not necessarily obvious if you are not monitoring the entire ecosystem • OPPORTUNITY: The WG’s focus on collaboration and information- sharing among agencies will enable it to: – Implement a comprehensive USG strategy; – Assist individual agencies in achieving their cybersecurity-related mission and policy objectives through standardization and assessment, where appropriate; and – Help formulate USG cybersecurity and cybersecurity-related policy 10 ¡

  11. Examples ¡of ¡ Some ¡Key ¡IT ¡Applica4ons Core ¡Areas ¡of ¡ ¡ ¡ ¡ ¡ Cybersecurity ¡ Examples ¡of ¡Relevant ¡ ¡ ¡ ¡ ¡ Emergency ¡ Industrial ¡Control ¡ Standardiza4on Standards ¡Developers Cloud ¡Compu3ng ¡ Health ¡IT ¡ Smart ¡Grid ¡ Vo3ng ¡ Management ¡ Systems ¡ ¡ ¡ ¡ IEEE ¡ Standards ¡ Standards ¡ Standards ¡ Standards ¡ Standards ¡ Standards ¡ ISO ¡TC ¡68 ¡ Mostly ¡ Being ¡ Being ¡ Being ¡ Being ¡ Being ¡ Cryptographic ¡Techniques ISO/IEC ¡JTC ¡1 ¡ Available Developed Developed Developed Developed Developed W3C ISO/IEC ¡JTC ¡1 ¡ Standards ¡ New ¡ Standards ¡ Standards ¡ Standards ¡ New ¡ ITU-­‑T ¡ Being ¡ Standards ¡ Being ¡ Being ¡ Being ¡ Standards ¡ Cyber ¡Incident ¡Management PCI Developed ¡ ¡ Needed Developed Developed Developed Needed FIDO ¡Alliance ¡ IETF; ¡OASIS ¡ ¡ Standards ¡ Standards ¡ New ¡ Standards ¡ New ¡ New ¡ OIDF ¡ Mostly ¡ Being ¡ Standards ¡ Being ¡ Standards ¡ Standards ¡ Iden4ty ¡Management ISO/IEC ¡JTC ¡1 ¡ Available ¡ Developed Needed Developed Needed Needed ITU-­‑T; ¡W3C ATIS ¡ IEC ¡ ISA ¡ Standards ¡ New ¡ Standards ¡ Standards ¡ New ¡ New ¡ Informa4on ¡Security ¡ ISO/IEC ¡JTC ¡1 ¡ Being ¡ Standards ¡ Being ¡ Being ¡ Standards ¡ Standards ¡ Management ¡Systems OASIS ¡ Developed Needed ¡ ¡ Developed Developed Needed ¡ ¡ Needed ¡ ¡ PCI ¡SSC ¡ ISO ¡TC ¡223 IT ¡System ¡ ¡ Standards ¡ Standards ¡ Standards ¡ Standards ¡ Standards ¡ Standards ¡ Security ¡ ¡ Being ¡ Mostly ¡ Being ¡ Being ¡ Being ¡ Mostly ¡ ISO/IEC ¡JTC ¡1 Evalua4on Developed ¡ Available Developed Developed Developed Available 3GPP; ¡IEC ¡ IETF; ¡IEEE ¡ New ¡ Standards ¡ Standards ¡ Standards ¡ Standards ¡ Standards ¡ Network ¡ ¡ ISO/IEC ¡JTC ¡1 ¡ Standards ¡ Being ¡ Being ¡ Being ¡ Being ¡ Mostly ¡ Security ¡ ITU-­‑R; ¡ITU-­‑T ¡ Needed ¡ ¡ Developed Developed Developed ¡ Developed Available WiMAX ¡Forum ¡ Security ¡ ¡ Standards ¡ Standards ¡ New ¡ Standards ¡ New ¡ New ¡ IETF ¡ ¡ Being ¡ Being ¡ Standards ¡ Being ¡ Standards ¡ Standards ¡ Automa4on ¡& ¡Con4nuous ¡ ISO/IEC ¡JTC ¡1 Monitoring ¡ Developed Developed Needed Developed Needed Needed IEEE ¡ New ¡ Standards ¡ Standards ¡ Standards ¡ Standards ¡ Standards ¡ SoHware ¡ ¡ ISO/IEC ¡JTC ¡1 ¡ Standards ¡ Being ¡ Being ¡ Being ¡ Being ¡ Being ¡ Assurance TCG Needed ¡ ¡ Developed Developed Developed Developed Developed Supply ¡Chain ¡ ISO/IEC ¡JTC ¡1 ¡ Standards ¡ New ¡ Standards ¡ New ¡ New ¡ New ¡ Risk ¡ The ¡Open ¡Group ¡ Being ¡ Standards ¡ Being ¡ Standards ¡ Standards ¡ Standards ¡ Management IEC ¡TC ¡65 Developed ¡ Needed Developed ¡ ¡ Needed Needed Needed IEC ¡ ¡ New ¡ Standards ¡ Standards ¡ Standards ¡ New ¡ Standards ¡ ISA ¡ Standards ¡ Mostly ¡ Being ¡ Being ¡ Standards ¡ Being ¡ System ¡Security ¡Engineering ISO/IEC ¡JTC ¡1 Needed ¡ ¡ Available Developed Developed Needed ¡ ¡ Developed 11 ¡

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Draft Community Draft Community Engagement Strategy Engagement Strategy Developed by The

Draft Community Draft Community Engagement Strategy Engagement Strategy Developed by The

Draft Community Draft Community Engagement Strategy Engagement Strategy Developed by The Community Advisory Committee Presented by Cynthia Silva Parker Interaction Institute for Social Change Why do we need a community engagement strategy?

638 views • 18 slides
STRATEGIC PLAN 2018-21 DRAFT: To be Presented to the ISAAC Council JULY 22, 2018 Strategic

STRATEGIC PLAN 2018-21 DRAFT: To be Presented to the ISAAC Council JULY 22, 2018 Strategic

STRATEGIC PLAN 2018-21 DRAFT: To be Presented to the ISAAC Council JULY 22, 2018 Strategic Objectives To promote ISAAC as a strong international organization by: 1. Increasing awareness and knowledge of the use of augmentative and

549 views • 53 slides
Report Date January 29, 2020 File: To Council From Megan Jordan, Manager, Communications

Report Date January 29, 2020 File: To Council From Megan Jordan, Manager, Communications

Report Date January 29, 2020 File: To Council From Megan Jordan, Manager, Communications & Public Endorsed: Engagement Subject Presentation of the Draft Engagement Plan for Community Engagement on the Future of the Municipal Forest

346 views • 24 slides
Strategic Communications for Community Engagement Fostering Community Engagement and Welcoming

Strategic Communications for Community Engagement Fostering Community Engagement and Welcoming

Strategic Communications for Community Engagement Fostering Community Engagement and Welcoming Communities is supported by the Office of Refugee Resettlement (ORR/ACF/DHHS) Outcomes for Todays Webinar Develop a basic understanding of

501 views • 37 slides
Draft Engagement Plan 2020 Martin Collison Engagement & Partnership Adviser, Water Resources

Draft Engagement Plan 2020 Martin Collison Engagement & Partnership Adviser, Water Resources

Draft Engagement Plan 2020 Martin Collison Engagement & Partnership Adviser, Water Resources East Find out more at waterresourceseast.com Context After 10+ years of slow growth economic downturn & Brexit - new majority government

505 views • 11 slides
Engagement: An Update Julia McNally, Director, Strategic Engagement & Innovation June 25,

Engagement: An Update Julia McNally, Director, Strategic Engagement & Innovation June 25,

Regional Planning and Community Engagement: An Update Julia McNally, Director, Strategic Engagement & Innovation June 25, 2015 AGENDA Regional Planning & Engagement Refresher Update on IRRP process Discussion 2 Power System

410 views • 17 slides
Commission of Ontario OFFICE OF STRATEGIC ENGAGEMENT AGCO: OFFICE OF STRATEGIC ENGAGEMENT The

Commission of Ontario OFFICE OF STRATEGIC ENGAGEMENT AGCO: OFFICE OF STRATEGIC ENGAGEMENT The

Alcohol and Gaming Commission of Ontario OFFICE OF STRATEGIC ENGAGEMENT AGCO: OFFICE OF STRATEGIC ENGAGEMENT The Alcohol and Gaming Commission of Ontario Established in 1998, the AGCO is an Ontario provincial regulatory agency reporting

365 views • 18 slides
Te Waiiti Marae Draft Strategic Plan December 2011 Notes to the Draft Plan Purpose of the

Te Waiiti Marae Draft Strategic Plan December 2011 Notes to the Draft Plan Purpose of the

Te Waiiti Marae Draft Strategic Plan December 2011 Notes to the Draft Plan Purpose of the strategic plan is to provide focus and direction for the marae trustees over the next 5 years It attempts to build on the great mahi that you have

146 views • 14 slides
International Engagement April 14, 2016 Privileged and confidential; staff level discussion

International Engagement April 14, 2016 Privileged and confidential; staff level discussion

International Engagement April 14, 2016 Privileged and confidential; staff level discussion draft; not for further distribution. The information contained herein does not reflect, and cannot be relied upon as evidence of any agency or

192 views • 5 slides
2017 STRATEGIC PLAN THE MISSISSIPPI FLOWS THROUGH US DRAFT CAPITAL PROJECTS DRAFT CAPITAL

2017 STRATEGIC PLAN THE MISSISSIPPI FLOWS THROUGH US DRAFT CAPITAL PROJECTS DRAFT CAPITAL

2017 STRATEGIC PLAN THE MISSISSIPPI FLOWS THROUGH US DRAFT CAPITAL PROJECTS DRAFT CAPITAL PROJECTS DRAFT CAPITAL PROJECTS ENVIRONMENTAL LEARNING CENTER WATERGATE MARINA DRAFT CAPITAL PROJECTS DOWNTOWN ST. PAUL RIVER BALCONY

171 views • 13 slides
NDIS and psychosocial disability Strategic Adviser Mental Health Gerry Naughtin DRAFT FOR

NDIS and psychosocial disability Strategic Adviser Mental Health Gerry Naughtin DRAFT FOR

Progress Report to WAAMH: NDIS and psychosocial disability Strategic Adviser Mental Health Gerry Naughtin DRAFT FOR DISCUSSION ONLY Where we are up to? Numbers: 31,000 participants (9.1% with a primary psychosocial disability0. Half way

593 views • 10 slides
Giving Flight to Imagination Board of Trustees Chancellors Report July 20, 2018 1 STRATEGIC

Giving Flight to Imagination Board of Trustees Chancellors Report July 20, 2018 1 STRATEGIC

Giving Flight to Imagination Board of Trustees Chancellors Report July 20, 2018 1 STRATEGIC PLAN VISION UNCW will be recognized for excellence in everything it does, for its global mindset, and for its community engagement. MISSION The

555 views • 28 slides
DRAFT EXECUTIVE SUMMARY AND HIGHLIGHTS REPORT ILO-EU STRENGTHEN (Trade and Employment) Project

DRAFT EXECUTIVE SUMMARY AND HIGHLIGHTS REPORT ILO-EU STRENGTHEN (Trade and Employment) Project

DRAFT EXECUTIVE SUMMARY AND HIGHLIGHTS REPORT ILO-EU STRENGTHEN (Trade and Employment) Project Inception Workshop Group Discussions from 6 to 7 October 2016, Century Park Hotel, Manila Overview The International Labour Organization (ILO)

684 views • 11 slides
DRAFT 20192023 TxDOT STRATEGIC PLAN Discussion Item April 26, 2018 Draft 20192023 TxDOT

DRAFT 20192023 TxDOT STRATEGIC PLAN Discussion Item April 26, 2018 Draft 20192023 TxDOT

DRAFT 20192023 TxDOT STRATEGIC PLAN Discussion Item April 26, 2018 Draft 20192023 TxDOT Strategic Plan April 26, 2018 Topics of Discussion 1 Required Plan Components and Schedule 2 Agency Strategic Action Plan 3 Budget Structure

95 views • 8 slides
Report Presented By Why The Forum? THE FIVE THEMES 1. Improve face-to-face engagement 2.

Report Presented By Why The Forum? THE FIVE THEMES 1. Improve face-to-face engagement 2.

Engagement Report Presented By Why The Forum? THE FIVE THEMES 1. Improve face-to-face engagement 2. Deepen online engagement 3. Increase young citizen representation on advisory committees 4. Young-citizen led informal engagement projects

503 views • 9 slides
City of Grand Rapids Office of Oversight & Public Accountability Draft Strategic Plan and

City of Grand Rapids Office of Oversight & Public Accountability Draft Strategic Plan and

City of Grand Rapids Office of Oversight & Public Accountability Draft Strategic Plan and Comprehensive Report Update August 25, 2020 Phase 1 Research and Analysis Aug. 2019 Nov. 2019 Phase 2 Collaborative Design Phase Dec. 2019

456 views • 43 slides
For South Africa Alison Hughes, Bruno Merven Energy Research Centre University of Cape Town 1

For South Africa Alison Hughes, Bruno Merven Energy Research Centre University of Cape Town 1

Long Term Mitigation Scenarios For South Africa Alison Hughes, Bruno Merven Energy Research Centre University of Cape Town 1 ERC South African Energy System Source: Energy Digest Department of Energy, 2009 2 ERC Primary Energy Supply

460 views • 23 slides
City of Smithville State of the City Update Chamber of Commerce Quarterly Luncheon Wednesday,

City of Smithville State of the City Update Chamber of Commerce Quarterly Luncheon Wednesday,

City of Smithville State of the City Update Chamber of Commerce Quarterly Luncheon Wednesday, October 28, 2020 Virtual Meeting (12:00 pm -1:00 pm) City of Smithville State of the City Update Wednesday, October 28, 2020 Agenda:

707 views • 38 slides
Java Primitive Types, Operators, and Strings (Java: An Eventful Approach, Ch 5), 30 October

Java Primitive Types, Operators, and Strings (Java: An Eventful Approach, Ch 5), 30 October

10/30/2012 CSCI 120 Lecture 15 Java Primitive Types, Operators, and Strings (Java: An Eventful Approach, Ch 5), 30 October 2012 Slides Credit: Bruce, Danyluk and Murtagh Primitive Data Type Can write value as a literal Ex: int a=1732

254 views • 6 slides
Introduction to L A T EX Writing papers the right way Cheng XU September 26, 2019 cb Contents

Introduction to L A T EX Writing papers the right way Cheng XU September 26, 2019 cb Contents

This work is licensed under a Creative Commons Attribution 4.0 International license. Get source of this slides and example document from https://github.com/xu-cheng/latex-tutorial . Introduction to L A T EX Writing papers the right way

995 views • 61 slides
Further abstraction techniques Abstract classes and interfaces 2.0 Main concepts to be covered

Further abstraction techniques Abstract classes and interfaces 2.0 Main concepts to be covered

Objects First With Java A Practical Introduction Using BlueJ Further abstraction techniques Abstract classes and interfaces 2.0 Main concepts to be covered Abstract classes Interfaces Multiple inheritance Idea: Enhance class

616 views • 37 slides
c p e c Writing Message-Passing Parallel Programs with MPI 1 Edinburgh Parallel Computing

c p e c Writing Message-Passing Parallel Programs with MPI 1 Edinburgh Parallel Computing

Writing Message- Passing Parallel Programs with MPI c p e c Writing Message-Passing Parallel Programs with MPI 1 Edinburgh Parallel Computing Centre Getting Started c p e c Sequential Programming Paradigm M Memory P Processor c p e

1.08k views • 64 slides
Modelling and Designing a Database Bela Tiwari btiwari@ceh.ac.uk Environmental Genomics

Modelling and Designing a Database Bela Tiwari btiwari@ceh.ac.uk Environmental Genomics

Modelling and Designing a Database Bela Tiwari btiwari@ceh.ac.uk Environmental Genomics Thematic Programme Data Centre http://envgen.nox.ac.uk Modelling and designing a database A well thought out database will consist of a co-ordinated set

1k views • 65 slides
Lecture #24: Programming Languages and Programs Metalinguistic Abstraction A programming

Lecture #24: Programming Languages and Programs Metalinguistic Abstraction A programming

Lecture #24: Programming Languages and Programs Metalinguistic Abstraction A programming language is a notation for describing computations Weve created abstractions of actionsfunctionsand of things or processes. classes.

169 views • 4 slides

More recommend