Transatlantic Cybersecurity: The Need for Regulatory Coordination EU-US High Level Regulatory Cooperation Forum April 11, 2013 Bruce Levinson

Slides:

Advertisements

Similar presentations

Objectives Terminal Objective

Advertisements

Administration, Management, and Coordination of Supportive Housing: Guidelines from CSH’s Dimensions of Quality MHSA TA Operations Call September 1, 2010.

Navigating Compliance Requirements DCM 6.2 Regs and Codes linford & co llp.

« The voice of the European Service Industries for International Trade Negotiations in Services » SESSION THREE: Issues related to services, investment.

APEC Regulatory Harmonization Steering Committee (RHSC) Institute of Medicine Workshop International Regulatory Harmonization Amid Globalization of Biomedical.

6-1 Full and Fair Reporting Electronic Presentation by Douglas Cloud Pepperdine University Chapter F6.

1 Webinar on: Establishing a Fully Integrated National Food Safety System with Strengthened Inspection, Laboratory and Response Capacity Sponsored by Partnership.

Legal Aspects of Starting a Business Business Management.

The Role of Risk Management and Assurance in Effective Organizational Governance Urton Anderson The University of Texas at Austin.

Framework for Improving Critical Infrastructure Cybersecurity Overview and Status Executive Order “Improving Critical Infrastructure Cybersecurity”

1 CHCOHS312A Follow safety procedures for direct care work.

LIBERIA BETTER BUSINESS FORUM (LBBF) Presented by W. Bako Freeman Program Coordinator - LBBF.

European Innovation Partnership on Raw Materials Conference on Initiatives related to the EIP on Raw Materials, 19 April 2013 Work Package 3 Improving.

DEFENSE PRIVACY & CIVIL LIBERTIES OFFICE Privacy Foundations Samuel P. Jenkins Director for Privacy Defense Privacy and Civil Liberties Office Identity.

Essentials Of Business Law Chapter 5 Administrative Law McGraw-Hill/Irwin Copyright © 2007 The McGraw-Hill Companies, Inc. All rights reserved.

5BUS0253 FS 2 week 1 Financial Statements 2 Lecture 1.

21 September 2010Social Dialogue European level1 Situation and current problems of Social Dialogue in the Private Security Sector from the European point.

ISO 9000 and Public Awareness and Information Session 22 February 2006 Owen Glave, MBA-TQM.

1 Improving Federal Rights-of-Way Management to Spur Broadband Deployment Meredith Attwell Senior Advisor to the Assistant Secretary National Telecommunications.

Code of Conduct for Electricity Trading: Improving confidence and liquidity in electricity markets EURELECTRIC WG Trading Athens Forum, 3-4 June 2004.

Technical Regulations – U.S. Procedures and Practices U.S.-Brazil Commercial Dialogue Digital Video Conference Series August 22, 2006 Mary Saunders Chief,

Self-Assessment and Formulation of a National Cyber security/ciip Strategy: culture of security.

3rd Party Audits and Regulatory Inspections Food Industry Perspective

GRC - Governance, Risk MANAGEMENT, and Compliance

Generally Accepted Recordkeeping Principles Generally Accepted Recordkeeping Principles ® Registered Trademark of ARMA International.

Health and Safety Executive Health and Safety Executive Competent Authority & Data Reporting HSE/DECC Consultation Events - Spring 2014 EU Offshore Directive.

The Use of Public Procurement to Effect Economic Recovery: The Case of the United States Christopher Yukins George Washington University Law School Washington,

Model For Effective Self-Regulation November 2002 Daniel M. Sibears Senior Vice President & Deputy Member Regulation, NASD.

Compliance with IOSCO requirements AMEDA Leadership Forum Alexandria Egypt Monday 27 th April 2009 by Dr. Ashraf EL Sharkawy Senior Advisor to the CMA.

Federal Acquisition Service U.S. General Services Administration June 3, 2013 Joint Working Group on Improving Cybersecurity and Resilience through Acquisition.

“Commercialization and enforcement of intellectual property rights” - Skopje, April 2009 UNECE ‘Recommendation M’ on the Use of Market Surveillance.

Environmental Management System Definitions

1 National Audioconference Sponsored by the HIPAA Summit June 6, 2002 Chris Apgar, CISSP Data Security & HIPAA Compliance Officer Providence Health Plan.

UMBC POLICY ON ESH MANAGEMENT & ENFORCEMENT UMBC Policy #VI

4. Regulatory Measures and Procedures 1. General measures Include regulations or administrative rules of general applicability aimed at implementing or.

IAEA International Atomic Energy Agency School of Drafting Regulations – November 2014 Government and Regulatory Body Functions and Responsibilities IAEA.

Enforceable Codes of Conduct: Accredited Third-Party Certification for Food U.S. Federal Trade Commission November 29, 2012 Charlotte A. Christin U.S.

Eurostat/UNSD Conference on International Outreach and Coordination in National Accounts for Sustainable Development and Growth 6-8 May, Luxembourg These.

The New EU Legislative Framework for Harmonisation Legislation for products Richard Lawson Deputy Director, Technical Regulations Sustainable Development.

International Security Management Standards. BS ISO/IEC 17799:2005 BS ISO/IEC 27001:2005 First edition – ISO/IEC 17799:2000 Second edition ISO/IEC 17799:2005.

 Section 808(d) of the Fair Housing Act, as amended, provides:  All executive departments and agencies shall administer their programs and activities.

Generally Accepted Recordkeeping Principles Generally Accepted Recordkeeping Principles ® Registered Trademark of ARMA International.

The Executive Branch: The Chief Executive Unit 6: The Executive Branch and Bureaucracy.

Government functions in the Economy  Stabilize the economy  Provide Public Goods  Regulation of Business, Labor, Agriculture  Redistribute Income…Entitlements.

Pilot Project on implementation of SEA for regional planning in Ukraine Prof. Dr. Michael Schmidt Dmitry Palekhov Brandenburg University of Technology.

The United States Trade Representative  Is an agency within the Executive Office of the President  Approximately 200 people work at USTR  Negotiate.

Special Meeting on Procedures for Information Exchange November 7, 2007 Geneva Session 1 Anne Meininger United States USA WTO TBT Enquiry Point.

Overview of Good Regulatory Practice Kent Shigetomi Office of the U.S. Trade Representative.

Deputy Head of Federal Accreditation Service Sergey V. Migin Approximation of accreditation systems of European Union and Russia.

Federal Information Security Management Act (F.I.S.M.A.) [ Justin Killian ]

Harmonised use of accreditation for assessing the competence of various Conformity Assessment Bodies Dr Andreas Steinhorst, EA ERA workshop 13 April 2016,

© 2011 Underwriters Laboratories Inc. Conformity Assessment Best Practices and Advancing GRP in EAC: The Value of Public-Private Partnerships EAC Workshop.

Standards Coordination Office NIST presentation to the FGDC September 25, 2014.

ASSESSING POSSIBLE INCENTIVES TO ENCOURAGE THE PRIVATE SECTOR TO INVEST IN ENVIRONMENTALLY SOUND MANAGEMENT Dr. Leila Devia, BCRC Argentina Ross Bartley,

Presentation on Mechanisms for Reducing Corruption through Private Sector Monitoring and Enforcement by Essa Faal / Thomas F. McInerney General Counsel.

The American Experience in Regulatory Review and Reform Dominic J. Mancini, PhD. Office of Information and Regulatory Affairs U.S. Office of Management.

Overview of Tampa Electric’s Compliance Program APPA Reliability Standards and Compliance Program January 10, 2007.

Information Security Program

Introduction to Business (MRK 151)

REPARIS Workshop Vienna

Office of Information and Regulatory Affairs

Communication and Consultation with Interested Parties by the RB

Lockheed Martin Canada’s SMB Mentoring Program

Standards Comparison: USA and Europe

Jennifer Stradtman, Director, Technical Barriers to Trade

EU-RUSSIA Cooperation in Energy Efficiency

ISO management systems

About EverydayComply A Solution designed to:

Overview of Good Regulatory Practice

THE EU LEGAL FRAMEWORK ON EMPLOYEE INVOLVEMENT

Presentation transcript:

Transatlantic Cybersecurity: The Need for Regulatory Coordination EU-US High Level Regulatory Cooperation Forum April 11, 2013 Bruce Levinson The Center for Regulatory Effectiveness

“Cybersecurity regulation will take its place alongside environmental regulation, health and safety regulation and financial regulation as a major federal activity.” -- CircleID 10/27/11CircleID 10/27/11 Center for Regulatory Effectiveness

Cybersecurity Regulation includes Quasi-Regulatory Programs and Guidance Documents Examples of US Cybersecurity Regulatory Programs which Need to be Coordinated with European Partners include:  The Cybersecurity Framework for critical infrastructure companies being developed pursuant to Executive Order 13636Cybersecurity Framework  The US Security and Exchange Commission’s Cybersecurity Disclosure GuidanceCybersecurity Disclosure Guidance Critical Infrastructure Companies Operate Internationally -- Uncoordinated National Regulation of Cybersecurity Wastes Resources and Harms Security Center for Regulatory Effectiveness

The Cybersecurity Framework Should be Included in Regulatory Harmonization Discussions  EU-US High Level Regulatory Cooperation Forum  Transatlantic Trade and Investment Partnership (TTIP) Center for Regulatory Effectiveness

 Established by former senior career officials from the White House Office of Management and Budget (OMB).senior career  Intervenes in Executive Branch proceedings to enforce the “Good Government” laws that “Regulate the Regulators.”Good Government  Acts only in its own name, not that of its sponsors. Acts Center for Regulatory Effectiveness

Center for Regulatory Effectiveness: Cyber Policy Interventions Examples include:  The National Telecommunications and Information Administration's (NTIA's) supervision of ICANN (2004)2004  Creating a National Cybersecurity Framework (2005)2005  Creating a Cybersecurity Framework (2013) Center for Regulatory Effectiveness

Industry Leadership Should Drive Transatlantic Cybersecurity Coordination  President Obama’s Cybersecurity Executive Order emphasizes use of Industry Best Practices  The international standards system is fundamentally a voluntary, industry-driven process  Administration officials have emphasized the need for the Cybersecurity Framework to “Scale Globally” Pro-Active European Participation in American * Cybersecurity Requirements is Essential * When implemented, the Framework will impact globally-minded companies around the world. Center for Regulatory Effectiveness

Cost-Effectiveness: The Prerequisite for Cybersecurity Regulation Cost effectiveness needs to be designed into all critical infrastructure cyber defenses for two reasons: 1.Regulations must be cost-effective or they will not be viable and will not boost industrial security irrespective of legal requirements. 2.Cost effectiveness discussions must encompasses a review of several issues that are fundamental to any rational regulatory scheme starting which, what is meant by effective cybersecurity? -- CircleID (9/10/12) Center for Regulatory Effectiveness

What is an Industry Best Practice? NIST is directed to ensure maximum possible use of industry best practices in the Framework without possessing either:  A definition of Industry Best Practices; or  A federal compilation of industry best practices. The Cybersecurity Framework Needs to Include a Process for the Federal Determination of Industry Best Practices European-Based Industry Needs to Participate in Developing the Best Practice Determination Process Center for Regulatory Effectiveness

Determining Industry Best Practices: Guiding Principles Global Diversity. The process should recognize the diversity of consensus and non-consensus cybersecurity Best Practices. Affordability. The process to obtain federal acceptance of use of a Best Practice should be minimally burdensome. Reciprocity. Cyber-defense measures undertaken at the behest of any EU or US agency should be accepted as an Industry Best Practice for purposes of the Framework. Clarity. The best practices acceptance process needs to clearly define the operational boundaries to which the practice applies. Recognition. The process should culminate, within a specified timeframe, in recognition of a company’s Framework compliance. Center for Regulatory Effectiveness

Conformity Assessment: Self-Certification The Conformity Assessment Process:  Needs to take into account that companies may use varying combinations of a diverse Best Practices.  Companies need to be able to obtain recognition for their entire package of compliance procedures.  If companies have to hire expensive 3 rd party auditing/ assessment organizations, the program won’t work. Self-Certification Backed by Appropriate Recordkeeping is the Only Economically Feasible Conformity Assessment Process Center for Regulatory Effectiveness