Cyber Security and Law Enforcement - University of Houston

advertisement
NASA/JSC
Keynote
Russell D. Robinson (Assistant Special Agent in Charge, FBI)
Cyber Security and Law Enforcement
small
business
Sergio C. Muniz (President, CYFOR Technologies LLC)
legal
Sheryl A. Falk (Of Counsel, Winston & Strawn LLP)
Small Business Perspectives in the Cyber Market
The Zero Hour Phone Call – How to respond to a data breach to
minimize your legal risks
public
safety
John T. Chaney (Mobility Architect, Broadband Services Division, Harris
County, Information Technology)
Public Safety IT Cyber Security Challenges in Today’s Information
Sharing World
utilities
Valentine Emesih (Control Systems Director, CenterPoint Energy)
Modernizing electricity delivery infrastructure and potential cyber
security challenges
healthcare
Stephen Jones (CEO, Clear Lake Regional Medical Center)
How Hospitals Protect Your Health Information
aerospace
Jason A. Soloff (Lead, Systems Security Engineering, NASA/JSC)
Space Systems Protection in Cyber Risk Environment
Panel discussion and Q&A
• All types of security
–
–
–
–
–
–
–
–
–
–
–
Computer security
Information security
Data security
Database security
Network security
Software security
Application security
Physical security
Web security
Mobile Security
…
The CIA Model
(aka. CIA triad)
•
•
•
Confidentiality prevents unauthorized disclosure of sensitive information
and/or resources.
Integrity prevents unauthorized modification.
Availability is the prevention of loss of access to resources and information
to ensure that information or resource is available for use when it is needed.
Source: http://en.wikipedia.org/wiki/Information_security
5
Cyber Security and Law Enforcement
This talk covers issues involved in securing the cyber space, in particular
where cyber security and law enforcement intertwines. Mr. Robinson will
discuss the impact of cyber threats against the U.S. infrastructures and the
various industries, and what the community can do together to mitigate the
issues. He will also discuss some of the investigative techniques that FBI
investigators utilize to assist the Bureau in better understanding the threats
that Cyber actors pose to both the private and the public sectors, and how the
FBI disseminates that information to the various stakeholders.
Russell D. Robinson
Assistant Special Agent in Charge (ASAC)
Houston Division – FBI
Cyber Security Institute (CSI)
Small Business Perspectives in the Cyber Market
The cyber market has grown significantly and is affecting virtually every
section of our economy. Government, academia, the private sector, and in
particular small businesses are focused meeting the demands of the high
growth cyber market that will be essential to our economic well being and
national security. Cyber will grow in importance and creates both opportunity
and risks. Small business opportunities come in the form of lower barriers to
entry into the cyber market. Advanced cyber technologies are easily available
and relatively inexpensive and accessible to small business. The same low
barriers to entry for small businesses create significant risks in that they
provide low barriers to various cyber threats including cyber crime, industrial
espionage, and attacks against our critical infrastructure (SCADA/ICS, power
grids, banking and finance).
Sergio C. Muniz
President
CYFOR Technologies LLC
Cyber Security Institute (CSI)
The Zero Hour Phone Call
– How to respond to a data breach to minimize your legal risks
You just answered the phone call that no one ever wants to receive, you
system has been breached and your data may have been compromised. Do
you know what actions to take? Do you know how to conduct the
investigation and help protect your organization from potential legal action?
Do you know who you are required to notify and when?
Sheryl A. Falk
Of Counsel
Winston & Strawn LLP
Cyber Security Institute (CSI)
Public Safety IT Cyber Security Challenges
in Today’s Information Sharing World
Mr. Chaney will discuss Harris County’s deployment of Public Safety LTE
(Long Term Evolution) 4G broadband as part of a nationwide plan. He will
also address the partnerships that this takes and the challenges when it comes
to Cyber Security and the mission of information sharing for better
situational awareness for public safety first responders.
John T. Chaney
Mobility Architect
Broadband Services Division
Harris County, Information Technology
Cyber Security Institute (CSI)
Modernizing electricity delivery infrastructure
and potential cyber security challenges
CenterPoint Energy recently completed deployment of its Advanced
Metering System infrastructure (AMS.) AMS included new smart meters
for 2.2 Million electric customers, a communication infrastructure for
gathering and exchanging meter data, and back office systems for processing
meter commands and information. CenterPoint Energy is also in the process
of completing an Intelligent Grid (IG) demonstration project. The IG project
involves deploying field devices to a select number of substations and
distribution circuits, and control systems for remotely monitoring and
managing CenterPoint Energy’s electric distribution grid. A broad overview
of the deployed infrastructure will be covered as well as benefits and
challenges.
Valentine A. Emesih, P.E.
Control Systems Director
CenterPoint Energy
Cyber Security Institute (CSI)
How Hospitals Protect Your Health Information
In 1996 Congress passed the Health Insurance Portability and Accountability
Act (HIPAA), which outlined the first national standards for individuals’
health information. The Act created the “Privacy Rule” - standards for
privacy of individually identifiable health information. This rule developed
regulations and expectations for hospitals and other entities to assure the
confidentiality and protection of individuals’ health information.
HIPAA via the privacy rule outlines how your health care information must
be protected. Your information can only be shared when certain perimeters in
the law is met. Hospitals have spent millions of dollars upgrading
infrastructure to assure the security of health information and compliance
with the HIPAA.
Stephen K. Jones, Jr.
CEO
Clear Lake Regional Medical Center
Cyber Security Institute (CSI)
Space Systems Protection in Cyber Risk Environment
The U.S. aerospace industry and civil/commercial space operations
community exists in an increasingly contested environment. New challenges
from the cyber front to U.S. economic and technical superiority as well as
critical mission and infrastructure capability are emerging daily. NASA is
moving to address these new challenges by adapting and applying timetested system engineering methods and philosophies to the new domains of
cyber risk assessment, cyber-defense and their element in space systems
mission assurance. This presentation will discuss the new environment in
which the U.S. aerospace sector must operate, some of the methods NASA
has used to adapt, and some lessons learned and future opportunities.
Jason A. Soloff
Lead, Systems Security Engineering
Human Exploration & Operations Mission
NASA/JSC
Cyber Security Institute (CSI)
Cyber Security ?
• Security does not focus on “products” only; it is a process and
focuses on the whole “information system”.
- no panacea or cure-all
- a continual and iterative process
- building up readiness
- knowledge acquisition
- learning & research
- intelligence collection,
- close monitoring, …
- knowledge sharing
- community awareness and involvement
13
Regional Industry Threats
The Public Health of the Internet
• “EastWest Institute Proposes Public
Health Model For Internet Cyber
Security”, by Mickey McCarter,
06/06/2012
– Scott Charney, "As use and
reliance on the Internet continues
to grow, improving Internet health
requires all ecosystem members
to take a global, collaborative
approach to protecting people
from potential dangers online."
• “Collective Defense: Applying Public
Health Models to the Internet”, By
Scott Charney, Corporate Vice
President, Trustworthy Computing,
Microsoft Corp., 2010.
15
Cyber Security Collaboration Model
Strategy:
Accelerate Bay Area Houston’s cyber security industry by leveraging the synergy
created through the collaborative efforts of the community, academia, local and
state government, DoD, Federal protection agencies, and regional business sectors.
16
operations
Research
projects
Collaborative R&D
Original research by
- CSI faculty
- postdoc researchers
- graduate research assistants
Education
Corporate &
Community Services
 Research results are
 Research findings &
integrated into the UHCL
experiences are published and
curricula.
shared with the community
 Research and development
contracts with government
agencies and business
organizations
Collaborative research with
- JSC researchers
- high tech companies’
researchers
- faculty in other colleges
Knowledge  Repository of cybersecurity
 Advancement of
acquisition
research results
cybersecurity research
& transfer  Continually updated
and development are
cybersecurity knowledge base
integrated into class
- New vulnerabilities
teaching.
- New protection technologies
- Reviews of vendors and tools
 Up-to-date knowledge is
transferred to start-up
companies and cybersecurity
professionals via
collaborations and/or
consulting.
Knowledge  Research publications and
sharing
presentations
 Online sharing of papers and
project experiences
 On-site research seminars
 On-site research workshops
and/or conferences
 Raising user and community
awareness of cybersecurity
by offering free seminars
 Summer camps for high
schoolers
 Summer research experience
for college students
 Supporting UHCL’s
computer science,
engineering and other
programs with respect to
cybersecurity knowledge
and technologies
 Certified cybersecurity
curriculum by NSA,
NIST, etc.
17
18
• A sustainable Cyber Security Institute for the Bay Area region
How one may help?
 Financial
- Corporation donation
- Personal donation
- in-kind contribution
 Professional participation
-Advisory Board
- Industry Technical committees
- Distinguished speakers
- Mentors
- Volunteers
Promotion
Download