Cybersecurity:Opportunities & Pitfalls for

Selling in the US Marketplace

Enterprise Ireland Forum David Z. Bodenheimer

June 16, 2009 Crowell & Moring LLP© 2009 Crowell & Moring LLP

2

Urgency for Cyber Defense

The Cyber Crisis is Now!! – Everyone Agrees

Congress: “time to combat cyber terror was yesterday”(Senators Rockefeller & Snowe, May 29, 2009)

Whitehouse: “This status quo is no longer acceptable” (President Obama, May 29, 2009)

Industry: “Quite frankly, the bad guys are winning” (Cyber Security Industry Alliance testimony, Mar. 12, 2008)

Cyber Report: “one of the most urgent national security problems” (CSIS Commission on Cybersecurity, Dec. 2008)

Signs of the Cyber Apocalypse

© 2009 Crowell & Moring LLP

4

262 Million Breaches

No One Remains to Have an ID Stolen

“2008 Data Breach Total Soars: 47% Increase over 2007” Identity Theft News (Identity Theft Daily, Jan. 5, 2009)

Records with sensitive personal information involved in security breaches in the U.S. since January 2005: 262,442,156 records (Privacy Rights Clearinghouse, June 11, 2009)

“Millions of Americans have been victimized, their privacy violated, their identities stolen, their lives upended, and their wallets emptied.”

(President Obama, May 29, 2009)

5

Cyber-Crime > $100 Billion

Hacking is More Lucrative than Doping

INTERNET LAW – “Cyber-Crime Hits $100 Billion in 2007, Out-earning Illegal Drug Trade” (IBLS Internet Law, Oct. 15, 2007)

>

“$1 trillion globally in lost intellectual property and expenditures for repairing the damage” (House Homeland Security Committee Hearing, Mar. 31, 2009)

6

President’s Data Breached

Any Hacker Can Pretend to the Throne“Source In Iran Sees Plans for President’s Chopper”(USA Today, Mar. 2, 2009)

“The U.S. Navy is investigating how an unauthorized user in Iran gained online access to blueprints and other information about a helicopter in President Obama’s fleet.”

Hacking Obama’s Website

“It’s no secret that my presidential campaign harnessed the Internet and technology to transform politics. What isn’t widely known is that during the general election hackers managed to penetrate our computer systems.”

(President Obama, May 29, 2009)

7

Infrastructure at Risk

The Scary Names Are Used Up

“Cyber Katrina”

“Digital Pearl Harbor”

“Cyber Barbarians Storming the Security Walls”

8

Everyone’s On-Board

Government & Industry Agree

“Cybersecurity . . . a top priority”(DHS Secretary nominee Janet Napolitano, Jan. 15, 2009)

“DHS Puts Cybersecurity Toward Top of 2008 To-Do List” (DHS Secretary Chertoff, Federal Computer Week, Dec. 13, 2007)

“Data Breach Likely to be Hot Topic at Porn Summit”(Technology Daily, Jan. 14, 2008)

XXX

Cybersecurity in US:Top Priority & Huge

Market

© 2009 Crowell & Moring LLP

10

U.S. Federal IT Marketplace

800-Pound Information Gorilla

“The Federal government is the largest single producer, collector, consumer, and disseminator of information in the United States and perhaps the world.” (OMB, 2007)

US IT Budgets

• $72.9 billion – (FY O9)

• $75.8 billion – (FY 10)

11

US Federal Information

Information Treasure Trove

• National Security

• Personal Data

• Infrastructure Data

• Technology

• Trade Secrets

12

US Federal Cybersecurity

Information Security Spending

• $14.6 Billion– (FY 09)

• $25.5 Billion– (FY 13)

• $30-40 Billion– (Next 5 Years)

13

US Homeland Security

Homeland SecurityPriorities & Dollars• 6% FY10 over FY09

• $7.5 Billion (12% )– Transportation Security

• $918 Million (15% )– Critical Infrastructure – Electrical Grid– Financial Sector

• $127 Million (30% )– Inspector General

DHS Budget (FY10)

14

US Healthcare Technology

Heathcare TechnologyPriorities & Dollars

• Top Presidential Priority

• Health Information Technology for Economic & Clinical Health (HITECH, Title XIII, ARRA)

• $31 Billion Infrastructure & Health Information Technology

• $19 Billion Health IT

• 33% in Veterans Administration IT Budget

Computerizing America’s health Recordsin five years. The current, paper-based medicalrecords system that relies on patients’ memoryand reporting of their medical history is prone toerror, time-consuming, costly, and wasteful. Withrigorous privacy standards in place to protectsensitive medical records, we will embark on an effort to computerize all Americans’ health recordsin five years. This effort will help prevent medicalerrors, and improve health care quality, andis a necessary step in starting to modernize theAmerican health care system and reduce healthcare costs.

15

Global Cyber Markets

Cyber Gold Rush

“Contractors Vie for Plum Work, Hacking for U.S.”

“Nearly all of the largest military companies – including Northrop Grumman, General Dynamics, Lockheed Martin, and Raytheon – have major cyber contracts with the military and intelligence agencies.” (NYT, May 31, 2009)

Global Arms Race

“Cyber security the new ‘arms race’” Van Loan

“I really look at [cybersecurity] almost as the new arms race. There isn’t a day that goes by without someone somewhere trying to breach the Government of Canada’s information systems.” (Public Safety Minister Van Loan, CTV News, May 27, 2009)

16

Congress’ Cyber Scrutiny

Congressional Pressure

(2008-2009 Actions)

• Congressional Scrutiny– Over 30 Hearings & Actions – 9 Different Committees

• GAO Reviews– Congress’ Investigative Arm– 22 Reports on Cyber Issues

• Legislative Actions– Senate Bill (S. 773)– House Bill (H.R. 2195)

17

Presidential Priority

Presidential Priority

“My administration will pursue a new comprehensive approach to securing America’s digital infrastructure. This new approach starts at the top with this commitment from me: From now on, our digital infrastructure – the networks and computers we depend on every day – will be treated as they should be: as a strategic national asset. Protecting this infrastructure will be a national security priority.”

(President Obama, May 29, 2009)

18

Expanding Security Rules

OMB (whitehouse.gov/omb)

OMB Circular A-130, Transmittal Memorandum #4, Management of Federal Information Resources (Nov. 28, 2000)

OMB Memo M-08-09, New FISMA Privacy Reporting Requirements for FY 2008 (Jan. 18, 2008)

OMB Memo M-07-16, Safeguarding Against and Responding to the Breach of Personally Identifiable Information (May 22, 2007)

NIST (csrc.nist.gov)

SP 800-53 A Guide for Assessing the Security Controls in Federal Information Systems (July 2008)

SP 800-53 Rev. 3 DRAFT Recommended Security Controls for Federal Information Systems and Organizations (Feb. 5, 2009)

SP 800-61 Rev. Computer Security Incident Handling Guide (Mar. 2008)

SP 800-83 Guide to Malware Incident Prevention and Handling (Nov. 2005)

SP 800-100 Information Security Handbook: A Guide for Managers (Oct. 2006)

SP 800-122 DRAFT Guide to Protecting the Confidentiality of Personally Identifiable Information (PII) (Jan. 13, 2009)

19

Cybersecurity Technology

Opportunities

• No Technology Limits– Data Mining & Analysis– Encryption & Biometrics– Penetration & Detection

• No Boundaries– Federal, State, Local– International

• Dual-Use Technologies– Public/Private

• Instant Demand– Ready-to-go Technology

And Challenges

• Product Differentiation– Multiple Solutions– Little Effectiveness Proof– No Central Data Bank

• Customer Fragmentation– No Single Entry Point– Export Restrictions

• Private-Use Barriers– National Security

• Development Funds???– Short-term Horizon

20

Questions?

David Z. Bodenheimer

Crowell & Moring LLP

dbodenheimer@crowell.com

(202) 624-27138180322