2009 09 24 Larry Clinton CIONet Belgium

7/31/2019 2009 09 24 Larry Clinton CIONet Belgium

1/19

Larry Clinton

President

Internet Security [email protected]

703-907-7028 (O) 202-236-0001 (C)


2/19

ISA Board of Directors

Ty Sagalow, Esq. ChairPresident Innovation Division, ZurichTim McKnightSecond V Chair,

CSO, Northrop Grumman

Ken Silva, Immediate Past Chair. CSO VeriSignGen. Charlie Croom (Ret.) VP Cyber Security, Lockheed MartinJeff Brown, CISO/Director IT Infrastructure, RaytheonEric Guerrino, SVP/CIO, bank of New York/Mellon FinancialLawrence Dobranski, Chief Strategic Security, NortelPradeep Khosla, Dean Carnegie Mellon School of ComputerSciences

Joe Buonomo, President, DCRBruno Mahlmann, VP Cyber Security, Perot Systems

J. Michael Hickey, 1st Vice ChairVP Government Affairs, Verizon

Marc-Anthony Signorino, Treas.National Assoc. of Manufacturers


3/19

Our Partners


4/19

RECENT SUCCESSES

Membership Development---ISA Sponsors(top level70K) increased 33% in past 12months

Alter Public Policy----ISA Social Contractis first document cited by pres. Obama---cites 13 ISA Policy Papers

Program Growth---Supply Chain, RiskManagement, VOIP, Legal Compliance,Education


5/19


6/19

Internet Security Alliance Priority

Projects

1. Public Policy: The Cyber Security SocialContract: Recommendations to Obama

2. Financial Risk Management of CyberEvents

3. Securing the Globalized IT Supply chain4.

Securing the Unified CommunicationsPlatform

5. Modernizing Law in the Digital Age


7/19

Releasing the Cyber Security Social ContractNovember, 2008


8/19

Cyber Social Contract

Similar to the agreement that led to publicutility infrastructure dissemination in 20th

century

Infrastructure development through marketincentives

Consumer protection through regulation Gov role to motive is more creative

harder

Industry role is to develop practices andstandards and implement them


9/19

President Obamas Report on

Cyber Security (May 30 2009) The United States faces the dual challenge of

maintaining an environment that promotes efficiency,

innovation, economic prosperity, and free trade while

also promoting safety, security, civil liberties, and

privacy rights. (Presidents Cyber Space Policy

Review page iii)

Quoting from Internet Security Alliance CyberSecurity Social Contract: Recommendations to theObama Administration and the 111th Congress

November 2008


10/19

President Obamas Report on

Cyber Security (May 30, 2009) The government, working with State and local partners,

should identify procurement strategies that will incentivize

the market to make more secure products and servicesavailable to the public. Additional incentive mechanisms

that the government should explore include adjustments to

liability considerations (reduced liability in exchange forimproved security or increased liability for the

consequences of poor security), indemnification, taxincentives, and new regulatory requirements and

compliance mechanisms. Presidents Cyber Space Policy

Review May 30, 2009 page v

Quoting Internet Security Alliance Cyber Security SocialContract: Recommendations to the Obama Administration

and 111th Congress


11/19

Securing The IT Supply ChainIn The Age of Globalization

November, 2007


12/19

Securing the IT Supply Chain

The challenge with supply chain attacks is that asophisticated adversary might narrowly focus on

particular systems and make manipulation virtually

impossible to discover. Foreign manufacturing does

present easier opportunities for nation-state

adversaries to subvert products; however, the same

goals could be achieved through the recruitment of

key insiders or other espionage activities. ----

Presidents Cyber Space Policy Review May 30,

2009 page 34


13/19

Developing SCAP Automated Security &Assurance for VoIP & Converged Networks

September, 2008


14/19

ISA Unified Communications Legal

Compliance Analysis (June 2009)

1.Descibes available UnifiedCommunications (UC) Technologies

2. Describes Security Risks of Deployment

3. Inventory of Laws to be considered predeployment

4. Analysis if ECPA creates a legal barrier to

deployment5 Toolkit for lawyers and clients to assist in

avoiding exposure from deployment


15/19

Financial Impact of Cyber RiskOctober, 2008


16/19

The need to understand business

economics to address cyber issues If the risks and consequences can be assigned

monetary value, organizations will have greater

ability and incentive to address cybersecurity. In

particular, the private sector often seeks a business

case to justify the resource expenditures needed for

integrating information and communications system

security into corporate risk management and for

engaging partnerships to mitigate collective risk.

Government can assist by considering incentive-

based legislative or regulatory tools to enhance the

value proposition and fostering an environment thatencourages partnership. --- Presidents Cyber

Space Policy Review May 30, 2009 page 18

Fi i l M t f b


17/19

Financial Management of cyber

Risk

It is not enough for the information technologyworkforce to understand the importance of

cybersecurity; leaders at all levels of government and

industry need to be able to make business and

investment decisions based on knowledge of risks

and potential impacts. Presidents Cyber Space

Policy Review May 30, 2009 page 15

ISA-ANSI Project on Financial Risk Management ofCyber Events: 50 Questions Every CFO should Ask

----including what they ought to be asking their

General Counsel and outside counsel. Also, HR, Bus

Ops, Public and Investor Communications &

Compliance


18/19

ISAs New 3-year Plan

Expand the social contract idea Continue current priorities, financial risk

management, supply chain, VOIP, legal

compliance assistance

New Areas for consideration:Develop International Partnerships

Smart Grid Enterprise Education Program


19/19

ISA CIO-Net Proposal

ISA assists CIO-Net in developing EUversions of ISA Programs (CIO Net paysISA expenses

CIO-Net gets rights to sale and newmembers from ISA-based programs

CIO-Net sponsors ISA at 20% discount CIO-Net members get 20% discount ISA ISA develops new proj w/CIO-Net (e.g.

Enterprise Education and shares revenue)

Documents

2009 09 24 Larry Clinton CIONet Belgium