Whos in Charge
Howard Schmidt
Potpourri
In
2004,
Congress
established
the
na@onal
Cyber
Security
Division
in
this
federal
department
Department
of
Homeland
Security
In
2000,
the
US.
Government
established
this
en@ty
focused
on
na@onal
cyber
defense,
locate
at
Ft.
Meade,
MD.
Cyber
Command
Presiden@al
Direc@ve
63,
promulgated
in
1998,
created
these
sector-specic
private
sector
en@@es
to
increase
coordina@on
about
cyber
threats
and
vulnerabili@es
Informa9on
Sharing
and
Analysis
Centers
(ISACs)
At
the
conclusion
of
the
111th
Congress
this
was
the
number
of
Congressional
CommiOees
claiming
jurisdic@on
over
cyber
security.
4
8
12
In
his
White
House
mee@ng
with
public
and
private
partners
on
cyber
security
in
July
2010,
President
Obama
cited
this
fact
as
the
reason
that
regula@ng
to
achieve
cyber
security
was
unlikely
to
be
eec@ve.
Lack
of
Congressional
awareness
of
the
problem
The
interconnected
nature
of
the
Internet
Lack
of
Technical
solu@ons
Prior to working in the Obama White House, he held a similar rd President. posi@on for this 43
George W. Bush
Prior
to
taking
his
current
posi@on
at
the
White
House
he
was
CISO
and
Chief
Security
Strategist
for
this
major
on-line
shopping
site---whats
your
bid?
ebay
Contrary
to
press
reports
his
ocial
@tle
is
Cyber
Coordinator.
He
has
never
held
this
@tle---and
he
doesnt
have
a
daughter
named
Anastasia.
Cyber
Czar
One
of
his
rst
acts
as
President
Obamas
cyber
advisor
was
to
declassify
much
of
the
content
included
in
this
major
cyber
program
launched
at
the
end
of
President
Bushs
second
term.
Comprehensive
Na9onal
Cyber
Security
Ini9a9ve
(CNCI)
As
a
member
of
the
Execu@ve
branch
of
government,
this
cons@tu@onal
doctrine
prevents
Congress
from
requiring
him
to
appear
before
it.
Separa9on
of
Powers
According
to
research
from
PricewaterhouseCoopers,
this
method
of
aOack---not
hacking
from
the
outside---is
the
most
frequent
form
of
cyber
aOack--- just
like
WikiLeaks.
Insider
Threats
According
to
Symantec,
we
have
now
moved
into
the
post
era
of
this
Phorm
of
Phrequent
cyber
aOacks
Phishing
According
to
research
by
the
U.S.
Secret
Service
and
Verizon,
this
percentage
of
cyber
aOacks
could
be
successfully
prevented
or
mi@gated
simply
by
using
exis@ng
standards
and
prac@ces.
50
65
94
According
to
a
2009
study
by
CSIS,
this
is
the
number
one
reason
companies
are
not
deploying
more
cyber
security
solu@ons.
Lack
of
awareness
of
the
problem
Lack
of
eec@ve
solu@ons
Cost
The
only
the
market
incen@ve
listed
here
that
was
NOT
specically
recommended
by
President
Obamas
Cyberspace
Policy
Review
for
deployment
to
the
private
sector
to
improve
cyber
security
Procurement
incen@ves
Insurance
incen@ves
Tax
incen@ves
Liability
incen@ves
In
2006
and
2007
the
Russian
military
launched
cyber
aOacks
against
the
governments
of
Estonia
and
Georgia
FALSE
According
to
PWC
and
CSIS,
between
2008
and
2010,
approximately
50%
to
66%
of
American
companies
deferred
or
reduced
their
investments
in
informa@on
security
TRUE
Virtually
every
electronic
informa@on
system
used
by
our
federal
government
has,
at
some
point,
been
manufactured
or
assembled
outside
the
US
TRUE
According
to
Mandiant
Secret
Services,
The
most
revealing
dierence
when
you
combat
the
APT
is
your
preven@on
eorts
will
eventually
fail.
TRUE
User-friendly
cyber
aOack
tools
can
be
purchased
easily
over
the
Internet
for
less
that
the
average
Congressional
staers
bi-monthly
paycheck.
TRUE
According
to
Symantec,
the
percentage
of
new
cyber
threats
increased
by
this
percentage
between
2007
and
2009.
100%
500%
1000%
According
to
Carnegie
Mellon
University,
this
percentage
of
private
sector
enterprises
had
a
cross-organiza@onal
privacy
security
team
as
of
2010.
17%
65%
95%
The
DHS
approved
slogan
for
their
na@onal
educa@on
and
awareness
campaign
to
increase
individual
cyber
responsibility.
Look
before
you
leap
into
cyber
space
Stop,
think
connect
Only
you
can
prevent
your
cyber
ID
from
being
stolen
The
percentage
of
cri@cal
infrastructure
currently
covered
by
private
insurance
in
case
of
a
Katrina-level
cyber
incident.
Less
than
1%
25%
50%
According
to
PricewaterhouseCoopers,
nearly
half
of
all
enterprises
are
now
deploying
some
form
of
cloud
compu@ng.
However,
this
is
the
percentage
that
expresses
liOle
or
no
condence
in
the
ability
to
secure
their
assets
in
the
cloud.
20%
62%
90%
FINAL JEOPARDY
Future Federal IT
On Feb. 8, 2011, the Chief US IO required each federal agency to evaluate deploying this before making any new investments.
CLOUD COMPUTING