SlideShare une entreprise Scribd logo

What Should We Do about Cyber Attacks?

Télécharger en tant que PPTX, PDF
Mercatus Center
Mercatus Center

The document discusses options for addressing increasing cyber attacks, particularly against the US Federal government. It notes several existing information sharing programs between government and private sectors. While a new program called CISA is proposed, the document questions if another program is needed given existing overlap. Instead, it suggests prioritizing security over surveillance, responsibly disclosing vulnerabilities, enforcing two-factor authentication, limiting contractors, and allowing security research to strengthen defenses long-term through a strategic, systematic approach rather than an urgent "sprint".

Technologie
1  sur  17
What should we do about cyber-attacks? Eli Dourado Research Fellow Director, Technology Policy Program
The infosec landscape • Era of mega-hacks • Increasingly state-based attacks • Espionage, not cyber-war • U.S. Federal government particularly vulnerable
The OPM hack • Began on May 7, 2014 • Exfiltration in July/August and December 2014 • 22 million current and former federal employees’ data compromised • Discovered on April 15, 2015 • Massive, but not isolated
What should we do? • Spend more? • A cybersecurity sprint? • An information sharing program? • Something else?
Information sharing • CISPA introduced in 2011 • Concern from civil libertarians • CISA introduced last year • Civil libertarians still concerned • Would information sharing work?
Information sharing programs already exist • DHS/IP National Infrastructure Coordinating Center (NICC) • “Dedicated 24/7 coordination and information sharing operations center that maintains situational awareness of the nation’s critical infrastructure for the federal government.” • http://www.dhs.gov/national- infrastructure-coordinating-center
Information sharing programs already exist • DHS/CS&C National Cyber Security and Communications Integration Center (NCCIC) • “Shares information among the public and private sectors to provide greater understanding of cybersecurity and communications situation awareness of vulnerabilities, intrusions, incidents, mitigation, and recovery actions.” • http://www.dhs.gov/about-national- cybersecurity-communications-integration- center
Information sharing programs already exist • DNI Cyber Threat Intelligence Integration Center (CTIIC) • “Oversees the development and implementation of intelligence sharing capabilities…to enhance shared situational awareness of intelligence related to foreign cyber threats or related to cyber incidents affecting U.S. national interests.” • https://www.whitehouse.gov/the-press- office/2015/02/25/presidential-memorandum- establishment-cyber-threat-intelligence-integrat
Would CISA work? • Do we need 21 information sharing programs instead of 20? • Is CISA really about national information security?
What should we do instead? • Prioritize security over SIGINT • Responsibly disclose vulnerabilities • Two-factor auth at all agencies with penalties for noncompliance • Limit the use of private contractors • Reform the CFAA to allow security research • Reform the CFAA to allow active defense • Support strong encryption • Eliminate duplication • Security audits of open source software
The bottom line • We need federal humility • A marathon, not a sprint • A priority, not an afterthought • There is no silver bullet
Thank you.

Recommandé

Cybersecurity environment in malaysia and the function of internal auditor
Cybersecurity environment in malaysia and the function of internal auditorCybersecurity environment in malaysia and the function of internal auditor
Cybersecurity environment in malaysia and the function of internal auditor
Khalizan Halid
 
Hawaii - Governor David Ige - Leadership in Action - Information Technology (IT)
Hawaii - Governor David Ige - Leadership in Action - Information Technology (IT)Hawaii - Governor David Ige - Leadership in Action - Information Technology (IT)
Hawaii - Governor David Ige - Leadership in Action - Information Technology (IT)
Clifton M. Hasegawa & Associates, LLC
 
2021-02-10_CogSecCollab_UBerkeley
2021-02-10_CogSecCollab_UBerkeley2021-02-10_CogSecCollab_UBerkeley
2021-02-10_CogSecCollab_UBerkeley
Sara-Jayne Terp
 
Homeland Security workshop
Homeland Security workshopHomeland Security workshop
Homeland Security workshop
Candice Martinez
 
Securing your Data, Reporting Recommended Practices
Securing your Data, Reporting Recommended PracticesSecuring your Data, Reporting Recommended Practices
Securing your Data, Reporting Recommended Practices
John Martin
 
Information Sharing and Protection
Information Sharing and ProtectionInformation Sharing and Protection
Information Sharing and Protection
Oxford Martin Centre, OII, and Computer Science at the University of Oxford
 
Tallinn manual 2.0 Prof. Michael Schmitt
Tallinn manual 2.0 Prof. Michael SchmittTallinn manual 2.0 Prof. Michael Schmitt
Tallinn manual 2.0 Prof. Michael Schmitt
JeffreyCarr7
 
Socialmediapublicsavety
SocialmediapublicsavetySocialmediapublicsavety
Socialmediapublicsavety
Frank Smilda
 

Recommandé

Cybersecurity environment in malaysia and the function of internal auditor
Cybersecurity environment in malaysia and the function of internal auditorCybersecurity environment in malaysia and the function of internal auditor
Cybersecurity environment in malaysia and the function of internal auditor
Khalizan Halid
 
Hawaii - Governor David Ige - Leadership in Action - Information Technology (IT)
Hawaii - Governor David Ige - Leadership in Action - Information Technology (IT)Hawaii - Governor David Ige - Leadership in Action - Information Technology (IT)
Hawaii - Governor David Ige - Leadership in Action - Information Technology (IT)
Clifton M. Hasegawa & Associates, LLC
 
2021-02-10_CogSecCollab_UBerkeley
2021-02-10_CogSecCollab_UBerkeley2021-02-10_CogSecCollab_UBerkeley
2021-02-10_CogSecCollab_UBerkeley
Sara-Jayne Terp
 
Homeland Security workshop
Homeland Security workshopHomeland Security workshop
Homeland Security workshop
Candice Martinez
 
Securing your Data, Reporting Recommended Practices
Securing your Data, Reporting Recommended PracticesSecuring your Data, Reporting Recommended Practices
Securing your Data, Reporting Recommended Practices
John Martin
 
Information Sharing and Protection
Information Sharing and ProtectionInformation Sharing and Protection
Information Sharing and Protection
Oxford Martin Centre, OII, and Computer Science at the University of Oxford
 
Tallinn manual 2.0 Prof. Michael Schmitt
Tallinn manual 2.0 Prof. Michael SchmittTallinn manual 2.0 Prof. Michael Schmitt
Tallinn manual 2.0 Prof. Michael Schmitt
JeffreyCarr7
 
Socialmediapublicsavety
SocialmediapublicsavetySocialmediapublicsavety
Socialmediapublicsavety
Frank Smilda
 
Government and Enterprise Collaboration in Cybersecurity
Government and Enterprise Collaboration in CybersecurityGovernment and Enterprise Collaboration in Cybersecurity
Government and Enterprise Collaboration in Cybersecurity
Charles Mok
 
Idc bif2018 praveen raman _v1.0
Idc bif2018 praveen raman _v1.0Idc bif2018 praveen raman _v1.0
Idc bif2018 praveen raman _v1.0
Praveen Raman
 
Sc po some-05
Sc po some-05Sc po some-05
Sc po some-05
Fabrice Epelboin
 
CHIME Lead Forum - Seattle 2015
CHIME Lead Forum - Seattle 2015CHIME Lead Forum - Seattle 2015
CHIME Lead Forum - Seattle 2015
Health IT Conference – iHT2
 
Introducing Globaleaks
Introducing GlobaleaksIntroducing Globaleaks
Introducing Globaleaks
Vittorio Pasteris
 
Kentucky's Cyber Enclave
Kentucky's Cyber EnclaveKentucky's Cyber Enclave
Kentucky's Cyber Enclave
Dawn Yankeelov
 
Protection of critical information infrastructure
Protection of critical information infrastructureProtection of critical information infrastructure
Protection of critical information infrastructure
Neha Agarwal
 
Data Breach In The Hospitality Industry
Data Breach In The Hospitality IndustryData Breach In The Hospitality Industry
Data Breach In The Hospitality Industry
Clarknuber
 
ATHack! Inc. - Social Good Hackathons
ATHack! Inc. - Social Good HackathonsATHack! Inc. - Social Good Hackathons
ATHack! Inc. - Social Good Hackathons
Ehb Teng
 
SEWERLOCK AND TELECOMLOCK INFRASTRUCTURE ASSETS
SEWERLOCK AND TELECOMLOCK INFRASTRUCTURE ASSETSSEWERLOCK AND TELECOMLOCK INFRASTRUCTURE ASSETS
SEWERLOCK AND TELECOMLOCK INFRASTRUCTURE ASSETS
S. F. (Sid) Nash
 
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...National Critical Information Infrastructure Protection Centre (NCIIPC): Role...
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...
Cybersecurity Education and Research Centre
 
Understanding Technology Stakeholders: Their Progress and Challenges
Understanding Technology Stakeholders: Their Progress and ChallengesUnderstanding Technology Stakeholders: Their Progress and Challenges
Understanding Technology Stakeholders: Their Progress and Challenges
John Gilligan
 
War Against Terrorism - CIO's Role
War Against Terrorism - CIO's RoleWar Against Terrorism - CIO's Role
War Against Terrorism - CIO's Role
Ayodeji Rotibi
 
Cybersecurity Law and Policy II Slides for First Summit Meeting
Cybersecurity Law and Policy II Slides for First Summit MeetingCybersecurity Law and Policy II Slides for First Summit Meeting
Cybersecurity Law and Policy II Slides for First Summit Meeting
David Opderbeck
 
CloudCamp Chicago - March 2nd 2015 - Cloud Security
CloudCamp Chicago - March 2nd 2015 - Cloud Security CloudCamp Chicago - March 2nd 2015 - Cloud Security
CloudCamp Chicago - March 2nd 2015 - Cloud Security
CloudCamp Chicago
 
ID IGF 2016 - Infrastruktur 3 - Security Governance Framework
ID IGF 2016 - Infrastruktur 3 - Security Governance FrameworkID IGF 2016 - Infrastruktur 3 - Security Governance Framework
ID IGF 2016 - Infrastruktur 3 - Security Governance Framework
IGF Indonesia
 
CyberSecurity: Protecting Law Firms - Vanderburg - JurInnov
CyberSecurity: Protecting Law Firms - Vanderburg - JurInnovCyberSecurity: Protecting Law Firms - Vanderburg - JurInnov
CyberSecurity: Protecting Law Firms - Vanderburg - JurInnov
Eric Vanderburg
 
Cyber Civil Defense - Risk Masters - Allan Cytryn
Cyber Civil Defense - Risk Masters - Allan CytrynCyber Civil Defense - Risk Masters - Allan Cytryn
Cyber Civil Defense - Risk Masters - Allan Cytryn
Boston Global Forum
 
What's Next in Cybersecurity Policy
What's Next in Cybersecurity PolicyWhat's Next in Cybersecurity Policy
What's Next in Cybersecurity Policy
Ely Kahn
 
2 Cloud chalenges
2 Cloud chalenges2 Cloud chalenges
2 Cloud chalenges
Darius Spaicys
 
1a Aula - Slides Cri-Int
1a Aula - Slides Cri-Int1a Aula - Slides Cri-Int
1a Aula - Slides Cri-Int
Icm Bela Vista
 
SANJOY DAS CV 1
SANJOY DAS CV 1SANJOY DAS CV 1
SANJOY DAS CV 1
sanjoy das
 

Contenu connexe

Tendances

Protection of critical information infrastructure
Protection of critical information infrastructureProtection of critical information infrastructure
Protection of critical information infrastructure
Neha Agarwal
 
ATHack! Inc. - Social Good Hackathons
ATHack! Inc. - Social Good HackathonsATHack! Inc. - Social Good Hackathons
ATHack! Inc. - Social Good Hackathons
Ehb Teng
 
SEWERLOCK AND TELECOMLOCK INFRASTRUCTURE ASSETS
SEWERLOCK AND TELECOMLOCK INFRASTRUCTURE ASSETSSEWERLOCK AND TELECOMLOCK INFRASTRUCTURE ASSETS
SEWERLOCK AND TELECOMLOCK INFRASTRUCTURE ASSETS
S. F. (Sid) Nash
 

Tendances (20)

Government and Enterprise Collaboration in Cybersecurity
Government and Enterprise Collaboration in CybersecurityGovernment and Enterprise Collaboration in Cybersecurity
Government and Enterprise Collaboration in Cybersecurity
 
Idc bif2018 praveen raman _v1.0
Idc bif2018 praveen raman _v1.0Idc bif2018 praveen raman _v1.0
Idc bif2018 praveen raman _v1.0
 
Sc po some-05
Sc po some-05Sc po some-05
Sc po some-05
 
CHIME Lead Forum - Seattle 2015
CHIME Lead Forum - Seattle 2015CHIME Lead Forum - Seattle 2015
CHIME Lead Forum - Seattle 2015
 
Introducing Globaleaks
Introducing GlobaleaksIntroducing Globaleaks
Introducing Globaleaks
 
Kentucky's Cyber Enclave
Kentucky's Cyber EnclaveKentucky's Cyber Enclave
Kentucky's Cyber Enclave
 
Protection of critical information infrastructure
Protection of critical information infrastructureProtection of critical information infrastructure
Protection of critical information infrastructure
 
Data Breach In The Hospitality Industry
Data Breach In The Hospitality IndustryData Breach In The Hospitality Industry
Data Breach In The Hospitality Industry
 
ATHack! Inc. - Social Good Hackathons
ATHack! Inc. - Social Good HackathonsATHack! Inc. - Social Good Hackathons
ATHack! Inc. - Social Good Hackathons
 
SEWERLOCK AND TELECOMLOCK INFRASTRUCTURE ASSETS
SEWERLOCK AND TELECOMLOCK INFRASTRUCTURE ASSETSSEWERLOCK AND TELECOMLOCK INFRASTRUCTURE ASSETS
SEWERLOCK AND TELECOMLOCK INFRASTRUCTURE ASSETS
 
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...National Critical Information Infrastructure Protection Centre (NCIIPC): Role...
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...
 
Understanding Technology Stakeholders: Their Progress and Challenges
Understanding Technology Stakeholders: Their Progress and ChallengesUnderstanding Technology Stakeholders: Their Progress and Challenges
Understanding Technology Stakeholders: Their Progress and Challenges
 
War Against Terrorism - CIO's Role
War Against Terrorism - CIO's RoleWar Against Terrorism - CIO's Role
War Against Terrorism - CIO's Role
 
Cybersecurity Law and Policy II Slides for First Summit Meeting
Cybersecurity Law and Policy II Slides for First Summit MeetingCybersecurity Law and Policy II Slides for First Summit Meeting
Cybersecurity Law and Policy II Slides for First Summit Meeting
 
CloudCamp Chicago - March 2nd 2015 - Cloud Security
CloudCamp Chicago - March 2nd 2015 - Cloud Security CloudCamp Chicago - March 2nd 2015 - Cloud Security
CloudCamp Chicago - March 2nd 2015 - Cloud Security
 
ID IGF 2016 - Infrastruktur 3 - Security Governance Framework
ID IGF 2016 - Infrastruktur 3 - Security Governance FrameworkID IGF 2016 - Infrastruktur 3 - Security Governance Framework
ID IGF 2016 - Infrastruktur 3 - Security Governance Framework
 
CyberSecurity: Protecting Law Firms - Vanderburg - JurInnov
CyberSecurity: Protecting Law Firms - Vanderburg - JurInnovCyberSecurity: Protecting Law Firms - Vanderburg - JurInnov
CyberSecurity: Protecting Law Firms - Vanderburg - JurInnov
 
Cyber Civil Defense - Risk Masters - Allan Cytryn
Cyber Civil Defense - Risk Masters - Allan CytrynCyber Civil Defense - Risk Masters - Allan Cytryn
Cyber Civil Defense - Risk Masters - Allan Cytryn
 
What's Next in Cybersecurity Policy
What's Next in Cybersecurity PolicyWhat's Next in Cybersecurity Policy
What's Next in Cybersecurity Policy
 
2 Cloud chalenges
2 Cloud chalenges2 Cloud chalenges
2 Cloud chalenges
 

En vedette

SANJOY DAS CV 1
SANJOY DAS CV 1SANJOY DAS CV 1
SANJOY DAS CV 1
sanjoy das
 
Rèsumè 1.2015 current
Rèsumè 1.2015 currentRèsumè 1.2015 current
Rèsumè 1.2015 current
Sai Kalva
 
[SESG6043][Ben Williams][Delays in the European New Build Renaissance]
[SESG6043][Ben Williams][Delays in the European New Build Renaissance][SESG6043][Ben Williams][Delays in the European New Build Renaissance]
[SESG6043][Ben Williams][Delays in the European New Build Renaissance]
Ben Williams
 
Primer Parcial Filos
Primer Parcial FilosPrimer Parcial Filos
Primer Parcial Filos
denisse
 
Idean_LeanResearch_Jan2014_FINAL
Idean_LeanResearch_Jan2014_FINALIdean_LeanResearch_Jan2014_FINAL
Idean_LeanResearch_Jan2014_FINAL
Liya James
 
Presentación gira alianza pacifico para méxico, agroindustria y servicios, pe...
Presentación gira alianza pacifico para méxico, agroindustria y servicios, pe...Presentación gira alianza pacifico para méxico, agroindustria y servicios, pe...
Presentación gira alianza pacifico para méxico, agroindustria y servicios, pe...
ProColombia
 
Cinematography - Lesson 2 Development of Cinematography
Cinematography - Lesson 2 Development of CinematographyCinematography - Lesson 2 Development of Cinematography
Cinematography - Lesson 2 Development of Cinematography
South Sefton College
 

En vedette (18)

1a Aula - Slides Cri-Int
1a Aula - Slides Cri-Int1a Aula - Slides Cri-Int
1a Aula - Slides Cri-Int
 
SANJOY DAS CV 1
SANJOY DAS CV 1SANJOY DAS CV 1
SANJOY DAS CV 1
 
Rèsumè 1.2015 current
Rèsumè 1.2015 currentRèsumè 1.2015 current
Rèsumè 1.2015 current
 
М.О.Сулима. Особливості вивчення окремих тем курсу «Фінансова грамотність»
М.О.Сулима. Особливості вивчення окремих тем курсу «Фінансова грамотність»М.О.Сулима. Особливості вивчення окремих тем курсу «Фінансова грамотність»
М.О.Сулима. Особливості вивчення окремих тем курсу «Фінансова грамотність»
 
Ficha2 Power
Ficha2 PowerFicha2 Power
Ficha2 Power
 
[SESG6043][Ben Williams][Delays in the European New Build Renaissance]
[SESG6043][Ben Williams][Delays in the European New Build Renaissance][SESG6043][Ben Williams][Delays in the European New Build Renaissance]
[SESG6043][Ben Williams][Delays in the European New Build Renaissance]
 
36 Pinterest Power Tips
36 Pinterest Power Tips36 Pinterest Power Tips
36 Pinterest Power Tips
 
Sunu1
Sunu1Sunu1
Sunu1
 
Primer Parcial Filos
Primer Parcial FilosPrimer Parcial Filos
Primer Parcial Filos
 
Erosion Profe
Erosion ProfeErosion Profe
Erosion Profe
 
TarunD resume
TarunD resumeTarunD resume
TarunD resume
 
CP Japanese Convenient Store Market Overview
CP Japanese Convenient Store Market OverviewCP Japanese Convenient Store Market Overview
CP Japanese Convenient Store Market Overview
 
Jonh Holland-Market for information. Economic function and the role of social...
Jonh Holland-Market for information. Economic function and the role of social...Jonh Holland-Market for information. Economic function and the role of social...
Jonh Holland-Market for information. Economic function and the role of social...
 
Idean_LeanResearch_Jan2014_FINAL
Idean_LeanResearch_Jan2014_FINALIdean_LeanResearch_Jan2014_FINAL
Idean_LeanResearch_Jan2014_FINAL
 
Presentación gira alianza pacifico para méxico, agroindustria y servicios, pe...
Presentación gira alianza pacifico para méxico, agroindustria y servicios, pe...Presentación gira alianza pacifico para méxico, agroindustria y servicios, pe...
Presentación gira alianza pacifico para méxico, agroindustria y servicios, pe...
 
Cinematography - Lesson 2 Development of Cinematography
Cinematography - Lesson 2 Development of CinematographyCinematography - Lesson 2 Development of Cinematography
Cinematography - Lesson 2 Development of Cinematography
 
десят дроби
десят дробидесят дроби
десят дроби
 
Kashif CV PDF
Kashif CV PDFKashif CV PDF
Kashif CV PDF
 

Similaire à What Should We Do about Cyber Attacks?

Cyber capability brochureCybersecurity Today A fresh l.docx
Cyber capability brochureCybersecurity Today A fresh l.docxCyber capability brochureCybersecurity Today A fresh l.docx
Cyber capability brochureCybersecurity Today A fresh l.docx
faithxdunce63732
 
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
WCIT 2014
 

Similaire à What Should We Do about Cyber Attacks? (20)

Achieving Caribbean Cybersecuirty
Achieving Caribbean CybersecuirtyAchieving Caribbean Cybersecuirty
Achieving Caribbean Cybersecuirty
 
Event: George Washington University -- National Security Threat Convergence: ...
Event: George Washington University -- National Security Threat Convergence: ...Event: George Washington University -- National Security Threat Convergence: ...
Event: George Washington University -- National Security Threat Convergence: ...
 
Cyber Security: Threat and Prevention
Cyber Security: Threat and PreventionCyber Security: Threat and Prevention
Cyber Security: Threat and Prevention
 
Security, Vulnerability & Redundancy in MN Broadband Infrastrcuture
Security, Vulnerability & Redundancy in MN Broadband InfrastrcutureSecurity, Vulnerability & Redundancy in MN Broadband Infrastrcuture
Security, Vulnerability & Redundancy in MN Broadband Infrastrcuture
 
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]
 
Introduction to National Critical Infrastructure Cyber Security: Background a...
Introduction to National Critical Infrastructure Cyber Security: Background a...Introduction to National Critical Infrastructure Cyber Security: Background a...
Introduction to National Critical Infrastructure Cyber Security: Background a...
 
Final presentation january iia cybersecurity securing your 2016 audit plan
Final presentation january iia cybersecurity securing your 2016 audit planFinal presentation january iia cybersecurity securing your 2016 audit plan
Final presentation january iia cybersecurity securing your 2016 audit plan
 
Final presentation january iia cybersecurity securing your 2016 audit plan
Final presentation january iia cybersecurity securing your 2016 audit planFinal presentation january iia cybersecurity securing your 2016 audit plan
Final presentation january iia cybersecurity securing your 2016 audit plan
 
S fahey
S faheyS fahey
S fahey
 
TALK Public Policy 2022
TALK Public Policy 2022TALK Public Policy 2022
TALK Public Policy 2022
 
Cyber capability brochureCybersecurity Today A fresh l.docx
Cyber capability brochureCybersecurity Today A fresh l.docxCyber capability brochureCybersecurity Today A fresh l.docx
Cyber capability brochureCybersecurity Today A fresh l.docx
 
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
 
A Smarter, More Secure Internet of Things
A Smarter, More Secure Internet of Things A Smarter, More Secure Internet of Things
A Smarter, More Secure Internet of Things
 
DHS Cybersecurity Webinar
DHS Cybersecurity Webinar DHS Cybersecurity Webinar
DHS Cybersecurity Webinar
 
Working with Law Enforcement on Cyber Security Strategies
Working with Law Enforcement on Cyber Security StrategiesWorking with Law Enforcement on Cyber Security Strategies
Working with Law Enforcement on Cyber Security Strategies
 
Cyberattacks.pptx
Cyberattacks.pptxCyberattacks.pptx
Cyberattacks.pptx
 
U.S. Approach to Cybersecurity Governance
U.S. Approach to Cybersecurity GovernanceU.S. Approach to Cybersecurity Governance
U.S. Approach to Cybersecurity Governance
 
Practical approach to combating cyber crimes
Practical approach to combating cyber crimesPractical approach to combating cyber crimes
Practical approach to combating cyber crimes
 
Market Intelligence Briefing: The Civilian FY16 Federal Budget
Market Intelligence Briefing: The Civilian FY16 Federal BudgetMarket Intelligence Briefing: The Civilian FY16 Federal Budget
Market Intelligence Briefing: The Civilian FY16 Federal Budget
 

Plus de Mercatus Center

Stephen C. Goss Presentation for Mercatus Center SSDI Panel
Stephen C. Goss Presentation for Mercatus Center SSDI PanelStephen C. Goss Presentation for Mercatus Center SSDI Panel
Stephen C. Goss Presentation for Mercatus Center SSDI Panel
Mercatus Center
 
David Stapleton Presentation for Mercatus Center SSDI Panel
David Stapleton Presentation for Mercatus Center SSDI PanelDavid Stapleton Presentation for Mercatus Center SSDI Panel
David Stapleton Presentation for Mercatus Center SSDI Panel
Mercatus Center
 
Jason J. Fichtner Presentation for Mercatus Center SSDI Panel
Jason J. Fichtner Presentation for Mercatus Center SSDI PanelJason J. Fichtner Presentation for Mercatus Center SSDI Panel
Jason J. Fichtner Presentation for Mercatus Center SSDI Panel
Mercatus Center
 
Stephen C. Goss Presentation for Mercatus Center SSDI Panel
Stephen C. Goss Presentation for Mercatus Center SSDI PanelStephen C. Goss Presentation for Mercatus Center SSDI Panel
Stephen C. Goss Presentation for Mercatus Center SSDI Panel
Mercatus Center
 

Plus de Mercatus Center (20)

ACA Has Worsened Medicaid's Structural Problems
ACA Has Worsened Medicaid's Structural ProblemsACA Has Worsened Medicaid's Structural Problems
ACA Has Worsened Medicaid's Structural Problems
 
Evaluating a Sluggish Economy with Bruce Yandle
Evaluating a Sluggish Economy with Bruce YandleEvaluating a Sluggish Economy with Bruce Yandle
Evaluating a Sluggish Economy with Bruce Yandle
 
Affordable Care Act's 6 Year Anniversary
Affordable Care Act's 6 Year AnniversaryAffordable Care Act's 6 Year Anniversary
Affordable Care Act's 6 Year Anniversary
 
Capitol Hill Campis March 2016
Capitol Hill Campis March 2016Capitol Hill Campis March 2016
Capitol Hill Campis March 2016
 
Nominal GDP Targeting
Nominal GDP TargetingNominal GDP Targeting
Nominal GDP Targeting
 
Understanding the U.S. Health Care System
Understanding the U.S. Health Care SystemUnderstanding the U.S. Health Care System
Understanding the U.S. Health Care System
 
Wireless Spectrum in 2016: A Policy Update
Wireless Spectrum in 2016: A Policy UpdateWireless Spectrum in 2016: A Policy Update
Wireless Spectrum in 2016: A Policy Update
 
Buchanan Speaker Series: Education, Inequality, and Incentives
Buchanan Speaker Series: Education, Inequality, and IncentivesBuchanan Speaker Series: Education, Inequality, and Incentives
Buchanan Speaker Series: Education, Inequality, and Incentives
 
Modernizing Freight Rail Regulation: Recommendations from the TRB Study
Modernizing Freight Rail Regulation: Recommendations from the TRB StudyModernizing Freight Rail Regulation: Recommendations from the TRB Study
Modernizing Freight Rail Regulation: Recommendations from the TRB Study
 
Modernizing the SSDI Eligibility Criteria: Trends in Demographics and Labor M...
Modernizing the SSDI Eligibility Criteria: Trends in Demographics and Labor M...Modernizing the SSDI Eligibility Criteria: Trends in Demographics and Labor M...
Modernizing the SSDI Eligibility Criteria: Trends in Demographics and Labor M...
 
An Economic Situation Update with Bruce Yandle
An Economic Situation Update with Bruce YandleAn Economic Situation Update with Bruce Yandle
An Economic Situation Update with Bruce Yandle
 
How Can Policymakers and Regulators Better Engage the Internet of Things?
How Can Policymakers and Regulators Better Engage the Internet of Things? How Can Policymakers and Regulators Better Engage the Internet of Things?
How Can Policymakers and Regulators Better Engage the Internet of Things?
 
Tools for Tracking the Economic Impact of Legislation
Tools for Tracking the Economic Impact of LegislationTools for Tracking the Economic Impact of Legislation
Tools for Tracking the Economic Impact of Legislation
 
The Sharing Economy: Perspectives on Policies in the New Economy
The Sharing Economy: Perspectives on Policies in the New EconomyThe Sharing Economy: Perspectives on Policies in the New Economy
The Sharing Economy: Perspectives on Policies in the New Economy
 
Sustaining Surface Transportation: Overview of the Highway Trust Fund and Ide...
Sustaining Surface Transportation: Overview of the Highway Trust Fund and Ide...Sustaining Surface Transportation: Overview of the Highway Trust Fund and Ide...
Sustaining Surface Transportation: Overview of the Highway Trust Fund and Ide...
 
Bootleggers and Baptists in the Garden of Good and Evil: Understanding Americ...
Bootleggers and Baptists in the Garden of Good and Evil: Understanding Americ...Bootleggers and Baptists in the Garden of Good and Evil: Understanding Americ...
Bootleggers and Baptists in the Garden of Good and Evil: Understanding Americ...
 
Stephen C. Goss Presentation for Mercatus Center SSDI Panel
Stephen C. Goss Presentation for Mercatus Center SSDI PanelStephen C. Goss Presentation for Mercatus Center SSDI Panel
Stephen C. Goss Presentation for Mercatus Center SSDI Panel
 
David Stapleton Presentation for Mercatus Center SSDI Panel
David Stapleton Presentation for Mercatus Center SSDI PanelDavid Stapleton Presentation for Mercatus Center SSDI Panel
David Stapleton Presentation for Mercatus Center SSDI Panel
 
Jason J. Fichtner Presentation for Mercatus Center SSDI Panel
Jason J. Fichtner Presentation for Mercatus Center SSDI PanelJason J. Fichtner Presentation for Mercatus Center SSDI Panel
Jason J. Fichtner Presentation for Mercatus Center SSDI Panel
 
Stephen C. Goss Presentation for Mercatus Center SSDI Panel
Stephen C. Goss Presentation for Mercatus Center SSDI PanelStephen C. Goss Presentation for Mercatus Center SSDI Panel
Stephen C. Goss Presentation for Mercatus Center SSDI Panel
 

Dernier

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Roshan Dwivedi
 

Dernier (20)

Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 

What Should We Do about Cyber Attacks?

  • 1. What should we do about cyber-attacks? Eli Dourado Research Fellow Director, Technology Policy Program
  • 2. The infosec landscape • Era of mega-hacks • Increasingly state-based attacks • Espionage, not cyber-war • U.S. Federal government particularly vulnerable
  • 3. The OPM hack • Began on May 7, 2014 • Exfiltration in July/August and December 2014 • 22 million current and former federal employees’ data compromised • Discovered on April 15, 2015 • Massive, but not isolated
  • 4.
  • 5.
  • 6. What should we do? • Spend more? • A cybersecurity sprint? • An information sharing program? • Something else?
  • 7.
  • 8.
  • 9. Information sharing • CISPA introduced in 2011 • Concern from civil libertarians • CISA introduced last year • Civil libertarians still concerned • Would information sharing work?
  • 10. Information sharing programs already exist • DHS/IP National Infrastructure Coordinating Center (NICC) • “Dedicated 24/7 coordination and information sharing operations center that maintains situational awareness of the nation’s critical infrastructure for the federal government.” • http://www.dhs.gov/national- infrastructure-coordinating-center
  • 11. Information sharing programs already exist • DHS/CS&C National Cyber Security and Communications Integration Center (NCCIC) • “Shares information among the public and private sectors to provide greater understanding of cybersecurity and communications situation awareness of vulnerabilities, intrusions, incidents, mitigation, and recovery actions.” • http://www.dhs.gov/about-national- cybersecurity-communications-integration- center
  • 12. Information sharing programs already exist • DNI Cyber Threat Intelligence Integration Center (CTIIC) • “Oversees the development and implementation of intelligence sharing capabilities…to enhance shared situational awareness of intelligence related to foreign cyber threats or related to cyber incidents affecting U.S. national interests.” • https://www.whitehouse.gov/the-press- office/2015/02/25/presidential-memorandum- establishment-cyber-threat-intelligence-integrat
  • 13.
  • 14. Would CISA work? • Do we need 21 information sharing programs instead of 20? • Is CISA really about national information security?
  • 15. What should we do instead? • Prioritize security over SIGINT • Responsibly disclose vulnerabilities • Two-factor auth at all agencies with penalties for noncompliance • Limit the use of private contractors • Reform the CFAA to allow security research • Reform the CFAA to allow active defense • Support strong encryption • Eliminate duplication • Security audits of open source software
  • 16. The bottom line • We need federal humility • A marathon, not a sprint • A priority, not an afterthought • There is no silver bullet