Author: United States. Congress. Senate. Committee on Governmental Affairs. Subcommittee on Oversight of Government Management
Publisher:
ISBN:
Category : Computers
Languages : en
Pages : 530

View

Book Description

Author: U.s. Government Accountability Office
Publisher:
ISBN: 9781974446940
Category :
Languages : en
Pages : 38

View

Book Description
Pervasive and sustained computer-based attacks pose a potentially devastating impact to systems and operations and the critical infrastructures they support. Addressing these threats depends on effective partnerships between the government and private sector owners and operators of critical infrastructure. Federal policy, including the Department of Homeland Securitys (DHS) National Infrastructure Protection Plan, calls for a partnership model that includes public and private councils to coordinate policy and information sharing and analysis centers to gather and disseminate information on threats to physical and cyber-related infrastructure. GAO was asked to determine (1) private sector stakeholders expectations for cyber-related, public-private partnerships and to what extent these expectations are being met and (2) public sector stakeholders expectations for cyber-related, public-private partnerships and to what extent these expectations are being met. To do this, GAO conducted surveys and interviews of public and private sector officials and analyzed relevant policies and other documents.Private sector stakeholders reported that they expect their federal partners to provide usable, timely, and actionable cyber threat information and alerts; access to sensitive or classified information; a secure mechanism for sharing information; security clearances; and a single centralized government cybersecurity organization to coordinate government efforts. However, according to private sector stakeholders, federal partners are not consistently meeting these expectations. For example, less than one-third of private sector respondents reported that they were receiving actionable cyber threat information and alerts to a great or moderate extent. (See table below.) Federal partners are taking steps that may address the key expectations of the private sector, including developing new information-sharing arrangements. However, while the ongoing efforts may address the public sectors ability to meet the private sectors expectations, much work remains to fully implement improved information sharing.Private Sector Expected Services and the Extent to Which They Are MetServicesGreatly or moderately expectedGreatly or moderately receivedTimely and actionable cyber threat information98%27%Timely and actionable cyber alerts96%27%Access to actionable classified or sensitive information (such as intelligence and law enforcement information)87%16%A secure information-sharing mechanism78%21%Source: GAO analysis based on survey data of 56 private sector respondents.Public sector stakeholders reported that they expect the private sector to provide a commitment to execute plans and recommendations, timely and actionable cyber threat information and alerts, and appropriate staff and resources. Four of the five public sector councils that GAO held structured interviews with reported that their respective private sector partners are committed to executing plans and recommendations and providing timely and actionable information. However, public sector council officials stated that improvements could be made to the partnership, including improving private sector sharing of sensitive information. Some private sector stakeholders do not want to share their proprietary information with the federal government for fear of public disclosure and potential loss of market share, among other reasons.Without improvements in meeting private and public sector expectations, the partnerships will remain less than optimal, and there is a risk that owners of critical infrastructure will not have the information necessary to thwart cyber attacks that could have catastrophic effects on our nations cyber-reliant critical infrastructure.

Author: President's Information Technology Advisory Committee
Publisher:
ISBN:
Category : Computer security
Languages : en
Pages : 72

View

Book Description

Author:
Publisher: DIANE Publishing
ISBN: 143793630X
Category :
Languages : en
Pages :

View

Book Description

Author: United States. Congress. House. Committee on Oversight and Government Reform. Subcommittee on Government Management, Organization, and Procurement
Publisher:
ISBN:
Category : Computers
Languages : en
Pages : 128

View

Book Description

Author: National Research Council
Publisher: National Academies Press
ISBN: 0309303214
Category : Computers
Languages : en
Pages : 150

View

Book Description
We depend on information and information technology (IT) to make many of our day-to-day tasks easier and more convenient. Computers play key roles in transportation, health care, banking, and energy. Businesses use IT for payroll and accounting, inventory and sales, and research and development. Modern military forces use weapons that are increasingly coordinated through computer-based networks. Cybersecurity is vital to protecting all of these functions. Cyberspace is vulnerable to a broad spectrum of hackers, criminals, terrorists, and state actors. Working in cyberspace, these malevolent actors can steal money, intellectual property, or classified information; impersonate law-abiding parties for their own purposes; damage important data; or deny the availability of normally accessible services. Cybersecurity issues arise because of three factors taken together - the presence of malevolent actors in cyberspace, societal reliance on IT for many important functions, and the presence of vulnerabilities in IT systems. What steps can policy makers take to protect our government, businesses, and the public from those would take advantage of system vulnerabilities? At the Nexus of Cybersecurity and Public Policy offers a wealth of information on practical measures, technical and nontechnical challenges, and potential policy responses. According to this report, cybersecurity is a never-ending battle; threats will evolve as adversaries adopt new tools and techniques to compromise security. Cybersecurity is therefore an ongoing process that needs to evolve as new threats are identified. At the Nexus of Cybersecurity and Public Policy is a call for action to make cybersecurity a public safety priority. For a number of years, the cybersecurity issue has received increasing public attention; however, most policy focus has been on the short-term costs of improving systems. In its explanation of the fundamentals of cybersecurity and the discussion of potential policy responses, this book will be a resource for policy makers, cybersecurity and IT professionals, and anyone who wants to understand threats to cyberspace.

Author: United States. General Accounting Office
Publisher:
ISBN:
Category : Computer networks
Languages : en
Pages : 40

View

Book Description

Author: Gregory C. Wilshusen
Publisher: DIANE Publishing
ISBN: 1437918638
Category : Computers
Languages : en
Pages : 7

View

Book Description
Addresses additional questions arising from the May 19, 2009, hearing on federal information security held by the Subcommittee on Government Management, Organization, and Procurement. In that hearing, there was a discussion on the current state of information security throughout the federal government and agency efforts to comply with the requirements of the Federal Information Security Management Act of 2002 (FISMA). Congress had the following two questions: (1) Comment on the need for improved cyber security relating to S.773, the proposed Cybersecurity Act of 2009; and (2) Provide recommendations to improve the Federal Information Security Management Act. This report provides the responses.

Author: United States. Congress. House. Committee on Government Operations. Legislation and National Security Subcommittee
Publisher:
ISBN:
Category : Computer crimes
Languages : en
Pages : 128

View

Book Description

Author: Steven M. Rinaldi
Publisher:
ISBN:
Category : Computer networks
Languages : en
Pages : 84

View

Book Description
This is the 33rd volume in the Occasional Paper series of the U.S. Air Force Institute for National Security Studies (INSS). This paper, along with Occasional Paper 32, Richard Aldrich's "Cyberterrorism and Computer Crimes: Issues Surrounding the Establishment of an International Legal Regime,"address the context surrounding the question of how the U.S. military responds to the cyber threat facing the American military and society today. The U.S. military has become increasingly dependent upon the nation's information and communications infrastructures. Concurrently, threats to and vulnerabilities in these infrastructures are expanding, in large part due to structural factors not likely to disappear in the future. To prevail against the increasing threat, the military -- and, more broadly, the government -- needs to adopt a risk reduction and management program. A crucial element of this risk management program is information sharing with the private sector. However, substantial barriers threaten to block information exchanges between the government and private sector. These barriers include concerns over release of sensitive material under Freedom of Information Act requests, antitrust actions, protection of business confidential and other private material, possible liability due to shared information, disclosure of classified information, and burdens entailed with cooperating with law enforcement agencies. There is good cause to believe that the government and private sector can overcome these barriers, guided by lessons learned from numerous successful government-private sector information-sharing mechanisms. This analysis concludes with actions the government should undertake to develop an information-sharing mechanism with the private sector. Key among them are actively engaging the private sector from the onset, determining information requirements, and fostering a partnership based on trust.