Working Group 11: Consensus Cyber Security Controls March 14, 2013 Alan Paller, SANS Institute Marcus Sachs, Verizon Communications WG 11 Co-Chairs.

Slides:



Advertisements
Similar presentations
Homeland Security at the FCC July 10, FCCs Homeland Security Focus Interagency Partnerships Industry Partnerships Infrastructure Protection Communications.
Advertisements

Working Group #1: NG9-1-1 September 23, 2011 Laurie Flaherty, Co-Chair Brian Fontes, Co-Chair Patrick Donovan, FCC Liaison.
David A. Brown Chief Information Security Officer State of Ohio
ESW 7 - FCC Jeff Cohen Senior Legal Counsel Public Safety Bureau FCC Interests & Policy Around Geolocation.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Working Group 2: Next Generation Alerting December 16, 2011 Co-Chairs: Damon Penn, Asst. Administrator, Nat’l Continuity Programs, DHS-FEMA Scott Tollefsen,
Working Group 2: Next Generation Alerting September 23, 2011 Co-Chairs: Damon Penn, Asst. Administrator, National Continuity Programs, DHS-FEMA Scott Tollefsen,
Alabama GIS Executive Council November 17, Alabama GIS Executive Council Governor Bob Riley signs Executive Order No. 38 on November 27 th, 2007.
Working Group 2: Next Generation Alerting September 12, 2012 Co-Chairs: Damon Penn, Assistant Administrator, National Continuity Programs, DHS-FEMA Scott.
Standards for Shared ICT Jeju, 13 – 16 May 2013 Gale Lightfoot Senior Staff Program Manager, Office of the CTO, SPB Cisco ATIS Cybersecurity Standards.
Framework for Improving Critical Infrastructure Cybersecurity Overview and Status Executive Order “Improving Critical Infrastructure Cybersecurity”
Experiences from establishing a national Centre for Information Security in Norway TERENA Networking Conference 2003 Maria Bartnes Dahl &
Federal Communications Commission Communications Security, Reliability and Interoperability Council Working Group 6 – Best Practice Implementation Stacy.
Network Reliability Steering Committee (NRSC) Overview and NRSC CAMA Trunk Throughput Optimization Analysis Stacy Hartman – CenturyLink Robin Howard.
BYOD Charter Purpose and Scope
BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.
1 FCC’s Homeland Security Partnerships Executive Office of the PresidentState and Local Governments Sister Agencies Industry and Trade Organizations Federal.
NSTC Smart Grid Subcommittee Overview and Goals for Ongoing Federal/State Collaboration By George Arnold, NIST & Jessica Zufolo, RUS NARUC Annual Convention,
CSRIC Working Group 7 Mike O’Reirdan. Mission Statement Working Group 7 – Botnet Remediation Chair – Michael O’Reirdan, Chairman, Messaging Anti-Abuse.
BOTSWANA NATIONAL CYBER SECURITY STRATEGY PROJECT
Industry Collaboration to Achieve Network Security The Network Reliability and Interoperability Council Jeffery M. Goldthorp Chief – Network Technology.
Working Group 6: Secure BGP Deployment December 16, 2011 Andy Ogielski, Renesys Jennifer Rexford, Princeton U. WG 6 Co-Chairs.
Information Sharing Challenges, Trends and Opportunities
Steering Committee Working Group 6 Best Practice Implementation October 7, 2010 Stacy Hartman Steve Malphrus Co-Chairs.
About ITCND Founded in 2000 by N.D. business, education and government leaders Membership includes IT businesses, educational institutions and state agencies.
Working Group 2: Next Generation Alerting March 22, 2012 Co-Chairs: Damon Penn, Asst. Administrator, Nat’l Continuity Programs, DHS-FEMA Scott Tollefsen,
National Institute of Standards and Technology Information Technology Laboratory 1 USG Cloud Computing Technology Roadmap Next Steps NIST Mission: To promote.
OBF Report to the NANC July Report of Local Number Portability Efforts Presented to the NANC by the Alliance for Telecommunications Industry Solutions’
Homeland Security UNCLASSIFIED Executive Order Presidential Policy Directive (PPD) - 21 Implementing the Presidential Executive Order (EO) on cybersecurity.
EECS 710: Information Security and Assurance Assignment #3 Brent Frye 10/13/
Working Group 8 – E9-1-1 Best Practices March 6, 2013 Robin Howard Chair WG 8 – E9-1-1 Best Practices.
Working Group #4: Network Security Best Practices March 22, 2012 Presenter: Tony Tauber, Comcast WG #4 Member Via teleconference: Rod Rasmussen, Internet.
Smart Grid Interoperability Panel & ISO / RTO Council Smart Grid Projects David Forfia SGIP Governing Board Member – Stakeholder Category 21 ISO/RTO Sponsor.
New River Valley Emergency Communications Regional Authority
DOE Integrated Safety Management (ISM) Conference Knoxville, TN August 24-27, 2009 Colette Broussard, DOE-HQ Office of Quality Assurance Policy.
Working Group #4: Network Security Best Practices September 12, 2012 Presenter: Rod Rasmussen, Internet Identity WG #4 Co-Chair.
WG #3 E9-1-1 Location Accuracy September 23, 2011 Craig Frost, Verizon Wireless, Co-Chair Stephen J. Wisely, APCO International, Co-Chair.
Infrastructure – From Planning to Implementation General Scope of Work Partner with City of Hampton regarding the potential for their provision of municipal.
The Challenging Landscape of Critical Information Infrastructure: Are We Ready? Leonard Bailey Senior Counsel Computer Crime & Intellectual Property Section.
Working Group 8 – E9-1-1 Best Practices June 6, 2012 Robin Howard Chair WG 8 – E9-1-1 Best Practices.
Focus Group 4 Interoperability NRIC V Council Meeting February 27, 2001 Ross Callon Juniper Networks Scott Bradner Harvard University Co-chairs, Focus.
Cybersecurity : Optimal Approach for PSAPs
Timothy Putprush Baltimore, MD September 30, 2009 Federal Emergency Management Agency (FEMA) Integrated Public Alert and Warning System Presentation to.
PAMELA J. STEGORA AXBERG Chair, NRIC VI Steering Committee Qwest Senior Vice President Network Reliability Office:(763) Fax:(763)
Working Group 4A: Submarine Cable Resiliency Status Update
Working Group 3: Emergency Alert Systems Status Update December 3, 2015 Kelly Williams, Co-Chair National Association of Broadcasters Steve Johnson, Co-Chair.
© 2010 AT&T Intellectual Property. All rights reserved. AT&T, AT&T logo and all other marks contained herein are trademarks of AT&T Intellectual Property.
Working Group 5: Cybersecurity Information Sharing Status Update December 3, 2015 Christopher Boyer, Co-Chair (AT&T) Rod Rasmussen, Co-Chair (IID) Brian.
Working Group 1: Evolving 911 Services Status Update September 21, 2015 Jeff Cohen, Co-Chair (APCO International) Susan Sherwood, Co-Chair (Verizon)
Working Group 1: Evolving 911 Services Status Update December 3, 2015 Jeff Cohen, Co-Chair (APCO International) Susan Sherwood, Co-Chair (Verizon)
Working Group 7: Cybersecurity Workforce Status Update December 03, 2015 Bill Boni, Co-Chair T-Mobile Drew Morin, Co-Chair FCC Liaison: Erika Olsen.
Working Group 3: Emergency Alert Systems Status Update September 21, 2015 Steve Johnson, Co-Chair National Cable & Telecommunications Association Kelly.
Working Group 8 – E9-1-1 Best Practices December 16, 2011 Robin Howard Chair WG 8 – E911 Best Practices.
Working Group 6: Secure Hardware and Software – Security by Design Status Update September 21, 2015 Joel Molinoff, Co-Chair (CBS) Brian Scarpelli, Co-Chair.
Working Group 6: Secure Hardware and Software – Security by Design Status Update December 3, 2015 Joel Molinoff, Co-Chair (CBS) Brian Scarpelli, Co-Chair.
2 Gordon Barber March 14, 2003 Focus Group Committee Chairs F Cable: John Thrower (Cox Communications) F CLECs: Robert Smith (McLeod USA) F Equipment.
Working Group 7: Cybersecurity Workforce Status Update September 21, 2015 Bill Boni, Co-Chair T-Mobile Drew Morin, Co-Chair TeleCommunication Systems FCC.
Working Group 6: Secure BGP Deployment September 23, 2011 Andy Ogielski, Renesys Jennifer Rexford, Princeton U. WG 6 Co-Chairs.
Resources for Meeting Internet Safety Requirements Cheryl Elliott James Madison University Bill Johnsen Virginia Beach City Public Schools Educational.
Homeland Security, First Edition © 2012 Pearson Education, Inc. All rights reserved. Overview of National Infrastructure Protection CHAPTER 3.
Working Group 3: Emergency Alert Systems Status Update March 16, 2016 Kelly Williams, Co-Chair National Association of Broadcasters Steve Johnson, Co-Chair.
Working Group 8: Priority Services CSRIC V Meeting March 16, 2016 Thomas Anderson, Co-Chair (Cisco) Bill Reidway, Co-Chair (Neustar)
Working Group 1: Evolving 911 Services Status Update March 16, 2016 Jeff Cohen, Co-Chair (APCO International) Susan Sherwood, Co-Chair (Verizon)
Financial Services Sector Coordinating Council (FSSCC) 2011 KEY FSSCC INITIATIVES 2011 Key FSSCC Initiatives Project Name: Project Description: All-Hazards.
The member organizations of the National Public Safety Telecommunications Council are grateful to the Department of Homeland Security’s Science and Technology.
IV&V Facility 7/28/20041 IV&V in NASA Pre-Solicitation Conference/ Industry Day NASA IV&V FACILITY July 28, 2004.
Working Group 6: Secure Hardware and Software – Security by Design Deliverable 2 Status Update June 22, 2016 Joel Molinoff, Co-Chair (CBS) Brian Scarpelli,
Cook Children’s 1 Theresa Meadows, RN, MS, CHCIO Senior Vice President and CIO Co-Chair HHS Health Care Cyber Security Task Force July 2016 Cybersecurity:
National Cybersecurity Strategies: Global Trends in Cyberspace Online Paper Presentation 2016 AU Graduate Student Conference September 17 Regner Sabillon,
STI-GA Update to the NANC
Presentation transcript:

Working Group 11: Consensus Cyber Security Controls March 14, 2013 Alan Paller, SANS Institute Marcus Sachs, Verizon Communications WG 11 Co-Chairs

2 Working Group 11: Consensus Cyber Security Controls  Description: This Working Group will examine and make recommendations to the Council regarding technical cyber security controls that can provide the most effective possible mitigation of known cyber risks to the business systems and networks maintained by communications providers and to the data maintained on and processed by those systems. In carrying out its work, the working group will evaluate and contrast the “critical cyber security controls” adopted by the National Security Agency, the Department of Homeland Security in the United States, and the UK Centre for the Protection of National Infrastructure and the Australian Defense Signals Directorate, with the existing set of CSRIC cyber security best practices. The working group will assess the degree to which the consensus lists of critical controls are applicable to the communications industry, identify gaps between the critical controls and the existing CSRIC best practices, and recommend a superset of the most critical controls for application in the communications industry. The Working Group will recommend updates to the best practices list compiled by CSRIC II with a prioritized list of critical cyber security controls that are applicable to the communications industry.  Duration: Revised, prioritized list of critical cyber security controls - March 6,

Working Group 11 – Participants Martin Dolly, AT&T Chris Boyer, AT&T Michael Glenn, Century Link John Kelly, Comcast Russell Eubanks, Cox Communications Phil Agcaoili, Cox Communications Allen Sautter, Cox Communications Beau Monday, Hawaiian Telcom Frank Durda IV, Hypercube *Doug Davis, Hypercube Chris Richardson, Internet Identity Bill McInnis, Internet Identity Min Hyun, Microsoft Andy Scott, National Cable & Telecommunications Association Kevin Stine, NIST Tony Sager, NSA - Division Director, VAO, recently retired 3 Co-chairs *Alan Paller, SANS Institute Marc Sachs, Verizon Communications Active members, sorted by employer name *Members of the FCC’s Communications Security, Reliability, and Interoperability Council

Working Group 11 – Participants *Craig Spiezle, Online Trust Alliance Sue Plantz, Public Safety Communications Office, State of California Patrick McGuire, Public Safety Communications Office, State of California Office of Information Security Micah H. Maciejewski, Sprint Kevin Frank, Sprint Ezra Berkenwald, Sprint *Jack Doane, State of Alabama and the National Association of State CIOs Jeffery Barker, Syniverse Technologies Rodney Buie, TeleCommunication Systems *Dan Traynor, Tennessee Valley Authority Robert Mayer, U.S. Telecom *Brett Kilbourne, Utilities Telecom Council Nadya Bartol, Utilities Telecom Council David Dumas, Verizon Communications *Dorothy Spears-Dean, Virginia Information Technologies Agency 4 *Members of the FCC’s Communications Security, Reliability, and Interoperability Council Active members, sorted by employer name (continued)

Working Group 11 - Current Work Activity  Group formed on September 5, 2012 with a deadline of March 6, 2013 (six month project)  Approach:  Analyze the 20 Critical Security Controls for applicability to the Communications Sector  Analyze the CSRIC II WG 2A cyber security best practices  Correlate all 397 best practices with the 20 Critical Security Controls  Determine uniqueness and applicability to the comms sector, and challenges of implementation  Determine which of the 397 best practices should be classified as essential for stopping or mitigating the impact of known attack vectors  Consolidate inputs and write report  Calls held every Monday afternoon during the six month period 5

Working Group 11 - Work Completed  Working Group 11 accomplished four tasks:  Task 1: Assessed the degree to which the 20 Controls are applicable to the communications industry  Tasks 2: Identified gaps between the 20 Controls and the existing CSRIC best practices  Task 3: Recommended a superset of the most critical controls for application in the communications industry  Task 4: Recommended updates to the best practices list compiled by CSRIC II with a prioritized list of critical cyber security controls that are applicable to the communications industry 6

Working Group 11 - Next Steps  Working Group 11 finished its work on March 6, 2013  We expect our findings and recommendations will be transferred to the Communications Sector Coordinating Council (or similar industry group) for further refinement  Conclusions need to be independently vetted  The 397 best practices need to be further updated and prioritized  Some of the 397 best practices could be recommended as essential due to their ability to stop or mitigate the impact of known attack methods  Integrate these findings into the cyber security framework called for in the President’s Cyber Security Executive Order 7

Working Group 11 - Project Timeline  Working Group 11 began its work on September 5, 2012  Working Group 11 concluded its work on March 6,

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.