Date post: | 14-Dec-2015 |
Category: |
Documents |
Upload: | kirk-bulkeley |
View: | 216 times |
Download: | 0 times |
Cybersecurity:Opportunities & Pitfalls for
Selling in the US Marketplace
Enterprise Ireland Forum David Z. Bodenheimer
June 16, 2009 Crowell & Moring LLP© 2009 Crowell & Moring LLP
2
Urgency for Cyber Defense
The Cyber Crisis is Now!! – Everyone Agrees
Congress: “time to combat cyber terror was yesterday”(Senators Rockefeller & Snowe, May 29, 2009)
Whitehouse: “This status quo is no longer acceptable” (President Obama, May 29, 2009)
Industry: “Quite frankly, the bad guys are winning” (Cyber Security Industry Alliance testimony, Mar. 12, 2008)
Cyber Report: “one of the most urgent national security problems” (CSIS Commission on Cybersecurity, Dec. 2008)
Signs of the Cyber Apocalypse
© 2009 Crowell & Moring LLP
4
262 Million Breaches
No One Remains to Have an ID Stolen
“2008 Data Breach Total Soars: 47% Increase over 2007” Identity Theft News (Identity Theft Daily, Jan. 5, 2009)
Records with sensitive personal information involved in security breaches in the U.S. since January 2005: 262,442,156 records (Privacy Rights Clearinghouse, June 11, 2009)
“Millions of Americans have been victimized, their privacy violated, their identities stolen, their lives upended, and their wallets emptied.”
(President Obama, May 29, 2009)
5
Cyber-Crime > $100 Billion
Hacking is More Lucrative than Doping
INTERNET LAW – “Cyber-Crime Hits $100 Billion in 2007, Out-earning Illegal Drug Trade” (IBLS Internet Law, Oct. 15, 2007)
>
“$1 trillion globally in lost intellectual property and expenditures for repairing the damage” (House Homeland Security Committee Hearing, Mar. 31, 2009)
6
President’s Data Breached
Any Hacker Can Pretend to the Throne“Source In Iran Sees Plans for President’s Chopper”(USA Today, Mar. 2, 2009)
“The U.S. Navy is investigating how an unauthorized user in Iran gained online access to blueprints and other information about a helicopter in President Obama’s fleet.”
Hacking Obama’s Website
“It’s no secret that my presidential campaign harnessed the Internet and technology to transform politics. What isn’t widely known is that during the general election hackers managed to penetrate our computer systems.”
(President Obama, May 29, 2009)
7
Infrastructure at Risk
The Scary Names Are Used Up
“Cyber Katrina”
“Digital Pearl Harbor”
“Cyber Barbarians Storming the Security Walls”
8
Everyone’s On-Board
Government & Industry Agree
“Cybersecurity . . . a top priority”(DHS Secretary nominee Janet Napolitano, Jan. 15, 2009)
“DHS Puts Cybersecurity Toward Top of 2008 To-Do List” (DHS Secretary Chertoff, Federal Computer Week, Dec. 13, 2007)
“Data Breach Likely to be Hot Topic at Porn Summit”(Technology Daily, Jan. 14, 2008)
XXX
Cybersecurity in US:Top Priority & Huge
Market
© 2009 Crowell & Moring LLP
10
U.S. Federal IT Marketplace
800-Pound Information Gorilla
“The Federal government is the largest single producer, collector, consumer, and disseminator of information in the United States and perhaps the world.” (OMB, 2007)
US IT Budgets
• $72.9 billion – (FY O9)
• $75.8 billion – (FY 10)
11
US Federal Information
Information Treasure Trove
• National Security
• Personal Data
• Infrastructure Data
• Technology
• Trade Secrets
12
US Federal Cybersecurity
Information Security Spending
• $14.6 Billion– (FY 09)
• $25.5 Billion– (FY 13)
• $30-40 Billion– (Next 5 Years)
13
US Homeland Security
Homeland SecurityPriorities & Dollars• 6% FY10 over FY09
• $7.5 Billion (12% )– Transportation Security
• $918 Million (15% )– Critical Infrastructure – Electrical Grid– Financial Sector
• $127 Million (30% )– Inspector General
DHS Budget (FY10)
14
US Healthcare Technology
Heathcare TechnologyPriorities & Dollars
• Top Presidential Priority
• Health Information Technology for Economic & Clinical Health (HITECH, Title XIII, ARRA)
• $31 Billion Infrastructure & Health Information Technology
• $19 Billion Health IT
• 33% in Veterans Administration IT Budget
Computerizing America’s health Recordsin five years. The current, paper-based medicalrecords system that relies on patients’ memoryand reporting of their medical history is prone toerror, time-consuming, costly, and wasteful. Withrigorous privacy standards in place to protectsensitive medical records, we will embark on an effort to computerize all Americans’ health recordsin five years. This effort will help prevent medicalerrors, and improve health care quality, andis a necessary step in starting to modernize theAmerican health care system and reduce healthcare costs.
15
Global Cyber Markets
Cyber Gold Rush
“Contractors Vie for Plum Work, Hacking for U.S.”
“Nearly all of the largest military companies – including Northrop Grumman, General Dynamics, Lockheed Martin, and Raytheon – have major cyber contracts with the military and intelligence agencies.” (NYT, May 31, 2009)
Global Arms Race
“Cyber security the new ‘arms race’” Van Loan
“I really look at [cybersecurity] almost as the new arms race. There isn’t a day that goes by without someone somewhere trying to breach the Government of Canada’s information systems.” (Public Safety Minister Van Loan, CTV News, May 27, 2009)
16
Congress’ Cyber Scrutiny
Congressional Pressure
(2008-2009 Actions)
• Congressional Scrutiny– Over 30 Hearings & Actions – 9 Different Committees
• GAO Reviews– Congress’ Investigative Arm– 22 Reports on Cyber Issues
• Legislative Actions– Senate Bill (S. 773)– House Bill (H.R. 2195)
17
Presidential Priority
Presidential Priority
“My administration will pursue a new comprehensive approach to securing America’s digital infrastructure. This new approach starts at the top with this commitment from me: From now on, our digital infrastructure – the networks and computers we depend on every day – will be treated as they should be: as a strategic national asset. Protecting this infrastructure will be a national security priority.”
(President Obama, May 29, 2009)
18
Expanding Security Rules
OMB (whitehouse.gov/omb)
OMB Circular A-130, Transmittal Memorandum #4, Management of Federal Information Resources (Nov. 28, 2000)
OMB Memo M-08-09, New FISMA Privacy Reporting Requirements for FY 2008 (Jan. 18, 2008)
OMB Memo M-07-16, Safeguarding Against and Responding to the Breach of Personally Identifiable Information (May 22, 2007)
NIST (csrc.nist.gov)
SP 800-53 A Guide for Assessing the Security Controls in Federal Information Systems (July 2008)
SP 800-53 Rev. 3 DRAFT Recommended Security Controls for Federal Information Systems and Organizations (Feb. 5, 2009)
SP 800-61 Rev. Computer Security Incident Handling Guide (Mar. 2008)
SP 800-83 Guide to Malware Incident Prevention and Handling (Nov. 2005)
SP 800-100 Information Security Handbook: A Guide for Managers (Oct. 2006)
SP 800-122 DRAFT Guide to Protecting the Confidentiality of Personally Identifiable Information (PII) (Jan. 13, 2009)
19
Cybersecurity Technology
Opportunities
• No Technology Limits– Data Mining & Analysis– Encryption & Biometrics– Penetration & Detection
• No Boundaries– Federal, State, Local– International
• Dual-Use Technologies– Public/Private
• Instant Demand– Ready-to-go Technology
And Challenges
• Product Differentiation– Multiple Solutions– Little Effectiveness Proof– No Central Data Bank
• Customer Fragmentation– No Single Entry Point– Export Restrictions
• Private-Use Barriers– National Security
• Development Funds???– Short-term Horizon