Homeland Security UNCLASSIFIED Executive Order 13636 Presidential Policy Directive (PPD) - 21 Implementing the Presidential Executive Order (EO) on cybersecurity.

Slides:



Advertisements
Similar presentations
AFCEA DC Cyber Security Symposium Military Joint Cyber Command Panel Harry Raduege Lieutenant General, USAF (Ret) Chairman, Center for Network Innovation.
Advertisements

Minnesota Port and Waterway Security Working Group Meeting April 12, 2012.
Department of Homeland Security Site Assistance Visit (SAV)
KEITH CANTANDO, CBCP CORPORATE SECURITY - PROGRAMS PROGRESS ENERGY PS-Prep (DHS – Voluntary Private Sector Preparedness Accreditation.
NOTE: To change the image on this slide, select the picture and delete it. Then click the Pictures icon in the placeholde r to insert your own image. Cybersecurity.
1 Pipeline Security Presented to: Pipeline Safety Trust New Orleans, Louisiana November 5, 2010.
GEORGE MASON UNIVERSITY Center for Infrastructure Protection and Homeland Security Integrating Critical Infrastructure into Emergency Management Programs.
Wade E. Kline, AICP Community Development Planner.
U.S. General Services Administration Presentation to: Software and Supply Chain Assurance Forum Improving Cybersecurity through Acquisition December 17,
David A. Brown Chief Information Security Officer State of Ohio
National Infrastructure Protection Plan
The U.S. Coast Guard’s Role in Cybersecurity
DHS, National Cyber Security Division Overview
Partnership for Critical Infrastructure Security PCIS Mission: The mission of the Partnership for Critical Infrastructure Security (PCIS) is to coordinate.
National Space-Based Positioning, Navigation, and Timing (PNT) Federal Advisory Board DHS Challenges & Opportunities Captain Curtis Dubay, P.E. Department.
EMI Higher Education Symposium 5 June 2014
Federal Transit Administration Office of Safety and Security FTA BUS SAFETY & SECURITY PROGRAM 18 th NATIONAL CONFERENCE ON RURAL PUBLIC AND INTERCITY.
Session 121 National Incident Management Systems Session 12 Slide Deck.
Office of Science & Technology Policy Executive Office of the President The National Climate Assessment Version 3.0 Kathy Jacobs Assistant Director for.
Framework for Improving Critical Infrastructure Cybersecurity Overview and Status Executive Order “Improving Critical Infrastructure Cybersecurity”
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.
North Carolina Healthcare Preparedness Response and Recovery Program Healthcare System Preparedness Capabilities Mary Beth Skarote Healthcare Preparedness.
National Incident Management System. Homeland Security Presidential Directive – 5 Directed the development of the National Incident Management System.
Food and Agriculture Sector Coordinating Councils John L. Williams, DVM U.S. Department of Agriculture AFDO Annual Conference Kansas City, MO June 7, 2005.
Part of a Broader Strategy
A Combat Support Agency Defense Information Systems Agency Expanding Non-DOD Partnerships 17 August 2011.
The U. S. National Strategy for Global Supply Chain Security Neema Khatri Office of International Affairs U.S. Department of Homeland Security.
Jeju, 13 – 16 May 2013Standards for Shared ICT CYBERSECURITY-RELATED STANDARDS ACTIVITY IN THE TELECOMMUNICATIONS INDUSTRY ASSOCIATION Eric Barnhart, Fellow.
Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 DRAFT.
Seán Paul McGurk National Cybersecurity and Communications
Network Security Resources from the Department of Homeland Security National Cyber Security Division.
National Preparedness All Hazards Consortium Corey Gruber Assistant Deputy Administrator, National Preparedness National Preparedness.
Presentation to Contra Costa County Climate Leaders October 3, 2013.
SOCIAL DEVELOPMENT CANADA 1 The Government of Canada and the Non-Profit and Voluntary Sector: Moving Forward Together Presentation to Civil Society Excellence:
BOTSWANA NATIONAL CYBER SECURITY STRATEGY PROJECT
The Office of Infrastructure Protection
Introduction to the National Cybersecurity & Communications Integration Center (NCCIC) “A Partnership for Strength” 1.
Association of Defense Communities June 23, 2015
Critical Infrastructure Protection Overview Building a safer, more secure, more resilient America The National Infrastructure Protection Plan, released.
Critical Infrastructure Protection: Program Overview
Information Sharing Challenges, Trends and Opportunities
Homeland Security UNCLASSIFIED United States Coast Guard Office of Port and Facility Compliance (CG-FAC) Cyber Security and the Marine Transportation System.
Federal Acquisition Service U.S. General Services Administration June 3, 2013 Joint Working Group on Improving Cybersecurity and Resilience through Acquisition.
Texas Emergency Management Conference San Antonio April 3, 2012.
Jerry Cochran Principal Security Strategist Trustworthy Computing Group Microsoft Corporation.
Disaster Recover Planning & Federal Information Systems Management Act Requirements December 2007 Central Maryland ISACA Chapter.
Smart Grid Interoperability Panel & ISO / RTO Council Smart Grid Projects David Forfia SGIP Governing Board Member – Stakeholder Category 21 ISO/RTO Sponsor.
MATOC Trial Phase Dec 2008 to Jun 2009 Presentation to the Transportation Planning Board Richard W. Steeg, PE Chair MATOC Steering Committee VDOT Regional.
The Challenging Landscape of Critical Information Infrastructure: Are We Ready? Leonard Bailey Senior Counsel Computer Crime & Intellectual Property Section.
Cartographic Users Advisory Council The National Spatial Data Infrastructure and the Geospatial One Stop E-Gov Initiative May 3, 2002 John Moeller Staff.
UNCLASSIFIED Homeland Security Introduction to the National Cybersecurity & Communications Integration Center (NCCIC) “A Partnership for Strength” 1.
Business Crisis and Continuity Management (BCCM) Class Session
NIST HIPAA Security Rule Toolkit Kevin Stine Computer Security Division Information Technology Laboratory National Institute of Standards and Technology.
Role of Technical Agencies Responsible for Hazard Assessment, Monitoring, Observations, Data and Analysis Dr. David Green National Oceanic and Atmospheric.
USACE Flood Risk Management and Silver Jackets Workshop Sandra K. Knight, PhD, PE, D.WRE Deputy Associate Administrator for Mitigation, FEMA August.
Law Seminars International Spectrum Management Conference NTIA: SPECTRUM POLICY FOR THE 21 st CENTURY The Federal Government Spectrum Management Perspective.
Technology Services – National Institute of Standards and Technology Implementing the National Technology Transfer and Advancement Act in the Federal Government.
Presented by Eliot Christian, USGS Accessibility, usability, and preservation of government information (Section 207 of the E-Government Act) April 28,
Homeland Security UNCLASSIFIED Coast Guard Cyber Strategy Awareness Training.
NATIONAL INCIDENT MANAGEMENT SYSTEM Department of Homeland Security Executive Office of Public Safety.
UNCLASSIFIED Homeland Security 2016 TRB Annual Meeting Cyber Risk Management CAPT Verne Gifford (CG-5PC) 1.
Defense industry Adjustment and Economic Development U. S
United States Coast Guard Office of Port and Facility Compliance (CG-FAC) Cybersecurity and the Marine Transportation System.
Unit 2: Recovery Pre-Disaster Planning Guidance for Local Governments
The National Initiative for Cybersecurity Education (NICE)  AFCEA International Cyber Education, Research, and Training Symposium January 17, 2018 Bill.
1Georgia Institute of Technology 2Chicago Booth School of Business
Cybersecurity ATD technical
Voluntary Private Sector Preparedness Certification Program
Executive Order No. 23 Update Air & Waste Management Association Conference November 16, 2018 Presentation will focus on the latest policy development.
Panelists ASIS International – Dr. Marc Siegel, Security Management System Consultant, ASIS International Disaster Recovery Institute International (DRII)
Presentation transcript:

Homeland Security UNCLASSIFIED Executive Order Presidential Policy Directive (PPD) - 21 Implementing the Presidential Executive Order (EO) on cybersecurity and Critical Infrastructure Presidential Policy Directive (PPD) with public and private stakeholders Eric Chapman - Office of Maritime Security Response Policy Brett Rouzer - CG Cyber Command LCDR Ulysses Mullins – Office of Port & Facility Compliance

UNCLASSIFIED Homeland Security Cyber EO/PPD-21: Background __________________________________________________ 2  Cyber EO and PPD 21 signed on February 12, 2013  Sector Specific Agencies to collaborate with industry to identify critical infrastructure where a cybersecurity incident could result in catastrophic regional or national effects on public health or safety, economic security, or national security  National Institute of Standards & Technology develop a voluntary framework for cybersecurity resilience  PPD-21 cancels PPD-7 & establishes an All-Hazards approach to ensuring security & resilience  Multiple deliverables derived from the PPD/EO with varying deadlines over the next year

UNCLASSIFIED Homeland Security Cyber EO/PPD-21: Integrated Cyber-Physical Security –Executive Order 13636: Improving Critical Infrastructure Cybersecurity directs the Executive Branch to: –Develop a technology-neutral voluntary cybersecurity framework –Promote and incentivize the adoption of cybersecurity practices –Increase the volume, timeliness and quality of cyber threat information sharing –Incorporate strong privacy and civil liberties protections into every initiative to secure our critical infrastructure –Explore the use of existing regulation to promote cyber security –Presidential Policy Directive-21: Critical Infrastructure Security and Resilience replaces Homeland Security Presidential Directive-7 and directs the Executive Branch to: –Develop a situational awareness capability that addresses both physical and cyber aspects of how infrastructure is functioning in near- real time –Understand the cascading consequences of infrastructure failures –Evaluate and mature the public-private partnership –Update the National Infrastructure Protection Plan –Develop comprehensive research and development plan 3

UNCLASSIFIED Homeland Security Cyber EO/PPD-21: Deliverables 4 DeliverableSourceDue Date Lead Coordination DHS Lead Consultative process for engaging CI partners EO – 6UnspecifiedDHSSSAsITF (Stakeholder Engagement) Cybersecurity voluntary program incentive reports EO – 8 (d)120 Days 6/12/2013 DHS, Treasury, Commerce DHSITF (Incentives) Feasibility of cyber security standards in acquisition planning and contract administration EO – 8 (e)120 Days 6/12/2013 DOD, GSADHS, Federal Acquisition Regulatory Council USM Instructions on timely production of unclassified cyber threat info EO – 4(a)120 Days 6/12/2013 DHS and DNI NPPD/I&A Process for rapidly disseminating unclassified threat info EO – 4(b)UnspecifiedDHS and DOJ DNINPPD/I&A Description of CISR Functional Relationships PPD – 1120 Days 6/12/2013 DHSSSAs, Relevant Ds and As ITF (Planning and Evaluation) Expand Enhanced Cybersecurity Services to all CI sectors EO – 4(c)120 Days 6/12/2013 DHSNPPD

UNCLASSIFIED Homeland Security Cyber EO/PPD-21: Deliverables 5 DeliverableSourceDue DateLeadCoordinationDHS Lead Identification of CI at Greatest RiskEO – 9150 Days 7/12/2013 DHSSSAsITF (Risk Identification) Evaluation of the Public-Private Partnership Model PPD – 2150 Days 7/12/2013 DHSSSAs, Relevant Ds and As ITF (Planning and Evaluation) Process of notifying CI owners of status on the list EO – 9Unspecified (150 Days +) 7/12/2013 DHSSSAsITF (Risk Identification) Baseline System and Data for information exchange PPD – 3180 Days 8/11/2013 DHSSSAs, Relevant Ds and As ITF (Situational Awareness and Info Exchange) Provision of technical assistance to regulatory Ds and As for cybersecurity EO – 10UnspecifiedDHSDs and As with regulatory ability NPPD Expedite processing of security clearancesEO – 4(d)UnspecifiedDHSNPPD/USM Private sector SMEs/ Federal service program EO – 4(e)UnspecifiedDHSPSO

UNCLASSIFIED Homeland Security Cyber EO/PPD-21: Deliverables 6 DeliverableSourceDue DateLeadCoordinationDHS Lead Situational awareness capability for critical infrastructure PPD – 4240 Days 10/10/2013 DHSITF (Situational Awareness and Info Exchange) Update to the NIPPPPD – 5240 Days 10/10/2013 DHSSSAs, Relevant Ds and As; SLTT; O/Os ITF (Planning and Evaluation) Cybersecurity Framework (Draft)EO – 7240 Days 10/10/2013 NISTDHS, NSA, SSAs, OMB ITF (Framework Collaboration) Report on applicability of Cybersecurity Framework to regulations EO – 10 (a)240 Days + 90 Days 10/10/ /8/2014 Ds and As with regulatory ability DHS, OMB, NSSTBD Cybersecurity Framework (Final)EO – 7365 Days 2/12/2014 NISTDHS, NSA, SSAs, OMB ITF (Framework Collaboration) Report on privacy and civil rights and civil liberties risks associated with cybersecurity enhancements EO – 5 (b)365 days 2/12/2014 DHSOther Ds and As/ Privacy and Civil Liberties Oversight Board/ OMB Privacy and CR/CL

UNCLASSIFIED Homeland Security Cyber EO/PPD-21: Integrated Task Force (ITF) DHS Established the ITF to Lead Implementation of E.O & PPD-21  Coordinate interagency, public & private sector efforts to ensure effective integration & synchronization of EO & PPD requirements across the homeland security enterprise  Establish & manage 9 Working Groups to accomplish specific deliverables  ITF Director & Deputy Director report to Deputy Secretary Executive Steering Committee  Expected to work for est. nine months to meet E.O. & PPD implementation timeline  Long-term EO and PPD work then stays with responsible DHS program offices  Engages partners and stakeholders to develop products 7

UNCLASSIFIED Homeland Security Cyber EO/PPD-21: Working Groups ITF Working GroupsTaskDeliverable Stakeholder Engagement Coordinate outreach to stakeholders (including critical infrastructure owner- operator communities and SLTTs) throughout implementation. Consultative process for engaging stakeholders Cyber-Dependent Infrastructure Identification Identify critical infrastructure where a cybersecurity incident could result in catastrophic regional or national effects on public health or safety, economic security, or national security & evaluate how best to enhance the ongoing prioritization process for all critical infrastructure. Identification of CI at Greatest Risk Process of notifying CI owners of status on the list Planning and Evaluation Lead effort to evaluate existing public-private critical infrastructure partnership model & its functionality for physical & cyber security. Update the National Infrastructure Protection Plan (NIPP), in coordination with Sector Specific Agencies & other CI partners. Evaluation of the Public-Private Partnership Model Update the NIPP Situational Awareness and Information Exchange Identify & map existing CI security & resilience functional relationships across the Federal Government. Identify baseline data & systems requirements for the Federal Government. Develop a situational awareness capability for CI. Identify mechanisms to improve effective information sharing. Description of CISR Functional Relationships Baseline System & Data for information exchange Situational awareness capability for critical infrastructure 8

UNCLASSIFIED Homeland Security Cyber EO/PPD-21: Working Groups ITF Working GroupsTaskDeliverable Incentives Lead study of incentives for voluntary participation CI cybersecurity program. Contribute to developing recommendations feasibility, security benefits & relative merits of incorporating security standards into acquisition planning & contract administration. Cybersecurity voluntary program incentive reports Framework Collaboration along with NIST Work with National Institute of Standards & Technology to develop, evaluate & disseminate cybersecurity framework. Encourage adoption by CI owners & operators, to include adoption of cybersecurity performance goals. Cybersecurity Framework Report on applicability of Cybersecurity Framework to regulations Performance Goals Assessments: Privacy and Civil Rights and Civil Liberties Coordinate w/Privacy & Civil Rights & Civil Liberties representatives across agencies & assessing privacy & CRCL impacts to EO/PPD deliverables. Report on privacy and civil rights and civil liberties risks associated with cybersecurity enhancements Research and Development Lead all research & development-related tasks in EO/PPD. CISR R&D Plan Cyber Threat Information Sharing Develop instructions to ensure timely production of unclas reports of cyber threats to specific targets. Establish a process that rapidly disseminates unclas cybersecurity information reports to targeted CIKR & disseminates classified cybersecurity reports to authorized CIKR. Unclas Cyber Threat Report Production Instruction Unclas/Classified Cybersecurity Information Dissemination Process 9

UNCLASSIFIED Homeland Security Transportation Sector Specific Agencies __________________________________________________ Collaboration MARITIMEAVIATIONHIGHWAYFREIGHT/ RAIL MASS TRANSIT PIPELINE GCCs CIPAC, SCCs Transportation Sector All-Hazards Risk Management 10

UNCLASSIFIED Homeland Security CYBER EO/PPD-21: TSSCWG Transportation Systems Sector Cyber Working Group  Transportation SSA (DOT/TSA/USCG)  Meet with ITF and WG leads to address Sector Specific Issues  Participate/Contribute in 9 WGs  Through CIPAC Engage & Collaborate with Stakeholders  Needs Maritime Sector Industry Representation 11

UNCLASSIFIED Homeland Security CYBER EO/PPD-21: Maritime Industry How Does Industry Contribute to the Process?  Feedback to Working Groups  Participation in TSSCWG via CIPAC  Proactive engagement through review current Cyber practices and governance DHS Cybersecurity Evaluation Tool (CSET) DHS On-Site Assessment by Control Systems Security Program ICS-CERT (  Visit USCG Maritime Security-Cybersecurity page on Homeport Register to receive page update notifications  Voluntary adoption of framework when developed  Continuous Feedback 12

UNCLASSIFIED Homeland Security CYBER EO/PPD-21: Maritime Industry NIST REQUEST FOR INFORMATION – APRIL 2013  Current Risk Management Process  Use of Frameworks, Standards, Guidelines and Best Practices  Specific Industry Practices  Public Workshop on April 3, 2013  Submit comments by April 8,

UNCLASSIFIED Homeland Security CYBER EO/PPD-21: Maritime Industry CRITICAL INFRASTRUCTURE IDENTIFICATION – APRIL 2013 SESSION 1:  Determine Critical Functions that encompass the full set of processes that produce, provide, and maintain a sector’s products and services  Examine Supporting Value Chain(s) that include the general sequence of events for providing a sector’s critical function  Identify Cyber Critical Infrastructure that support value chain activities, including business systems, control systems, and specialty systems, to support identification of sector cyber-dependent critical infrastructure SESSION 2:  Discuss and confirm identification criteria that will be used to determine the sector’s cyber-dependent cyber infrastructure 14

UNCLASSIFIED Homeland Security CYBER EO/PPD-21: What Now? What Do We Need From Industry?  Participation in the EO/PPD implementation  Participants who can respond to supply chain impacts from a cyber incident Decision Makers Understand the interface between operations & information technology  Rapidly respond to short-fused tasks & reviews of working group products  Initial participation will be informing the identification of Cyber-dependent Critical Infrastructure (CI) & Framework Development 15

UNCLASSIFIED Homeland Security CYBER EO/PPD-21 QUESTIONS? 16 Eric Chapman – Brett Rouzer – LCDR Ulysses Mullins –

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.