NASA/JSC Keynote Russell D. Robinson (Assistant Special Agent in Charge, FBI) Cyber Security and Law Enforcement small business Sergio C. Muniz (President, CYFOR Technologies LLC) legal Sheryl A. Falk (Of Counsel, Winston & Strawn LLP) Small Business Perspectives in the Cyber Market The Zero Hour Phone Call – How to respond to a data breach to minimize your legal risks public safety John T. Chaney (Mobility Architect, Broadband Services Division, Harris County, Information Technology) Public Safety IT Cyber Security Challenges in Today’s Information Sharing World utilities Valentine Emesih (Control Systems Director, CenterPoint Energy) Modernizing electricity delivery infrastructure and potential cyber security challenges healthcare Stephen Jones (CEO, Clear Lake Regional Medical Center) How Hospitals Protect Your Health Information aerospace Jason A. Soloff (Lead, Systems Security Engineering, NASA/JSC) Space Systems Protection in Cyber Risk Environment Panel discussion and Q&A • All types of security – – – – – – – – – – – Computer security Information security Data security Database security Network security Software security Application security Physical security Web security Mobile Security … The CIA Model (aka. CIA triad) • • • Confidentiality prevents unauthorized disclosure of sensitive information and/or resources. Integrity prevents unauthorized modification. Availability is the prevention of loss of access to resources and information to ensure that information or resource is available for use when it is needed. Source: http://en.wikipedia.org/wiki/Information_security 5 Cyber Security and Law Enforcement This talk covers issues involved in securing the cyber space, in particular where cyber security and law enforcement intertwines. Mr. Robinson will discuss the impact of cyber threats against the U.S. infrastructures and the various industries, and what the community can do together to mitigate the issues. He will also discuss some of the investigative techniques that FBI investigators utilize to assist the Bureau in better understanding the threats that Cyber actors pose to both the private and the public sectors, and how the FBI disseminates that information to the various stakeholders. Russell D. Robinson Assistant Special Agent in Charge (ASAC) Houston Division – FBI Cyber Security Institute (CSI) Small Business Perspectives in the Cyber Market The cyber market has grown significantly and is affecting virtually every section of our economy. Government, academia, the private sector, and in particular small businesses are focused meeting the demands of the high growth cyber market that will be essential to our economic well being and national security. Cyber will grow in importance and creates both opportunity and risks. Small business opportunities come in the form of lower barriers to entry into the cyber market. Advanced cyber technologies are easily available and relatively inexpensive and accessible to small business. The same low barriers to entry for small businesses create significant risks in that they provide low barriers to various cyber threats including cyber crime, industrial espionage, and attacks against our critical infrastructure (SCADA/ICS, power grids, banking and finance). Sergio C. Muniz President CYFOR Technologies LLC Cyber Security Institute (CSI) The Zero Hour Phone Call – How to respond to a data breach to minimize your legal risks You just answered the phone call that no one ever wants to receive, you system has been breached and your data may have been compromised. Do you know what actions to take? Do you know how to conduct the investigation and help protect your organization from potential legal action? Do you know who you are required to notify and when? Sheryl A. Falk Of Counsel Winston & Strawn LLP Cyber Security Institute (CSI) Public Safety IT Cyber Security Challenges in Today’s Information Sharing World Mr. Chaney will discuss Harris County’s deployment of Public Safety LTE (Long Term Evolution) 4G broadband as part of a nationwide plan. He will also address the partnerships that this takes and the challenges when it comes to Cyber Security and the mission of information sharing for better situational awareness for public safety first responders. John T. Chaney Mobility Architect Broadband Services Division Harris County, Information Technology Cyber Security Institute (CSI) Modernizing electricity delivery infrastructure and potential cyber security challenges CenterPoint Energy recently completed deployment of its Advanced Metering System infrastructure (AMS.) AMS included new smart meters for 2.2 Million electric customers, a communication infrastructure for gathering and exchanging meter data, and back office systems for processing meter commands and information. CenterPoint Energy is also in the process of completing an Intelligent Grid (IG) demonstration project. The IG project involves deploying field devices to a select number of substations and distribution circuits, and control systems for remotely monitoring and managing CenterPoint Energy’s electric distribution grid. A broad overview of the deployed infrastructure will be covered as well as benefits and challenges. Valentine A. Emesih, P.E. Control Systems Director CenterPoint Energy Cyber Security Institute (CSI) How Hospitals Protect Your Health Information In 1996 Congress passed the Health Insurance Portability and Accountability Act (HIPAA), which outlined the first national standards for individuals’ health information. The Act created the “Privacy Rule” - standards for privacy of individually identifiable health information. This rule developed regulations and expectations for hospitals and other entities to assure the confidentiality and protection of individuals’ health information. HIPAA via the privacy rule outlines how your health care information must be protected. Your information can only be shared when certain perimeters in the law is met. Hospitals have spent millions of dollars upgrading infrastructure to assure the security of health information and compliance with the HIPAA. Stephen K. Jones, Jr. CEO Clear Lake Regional Medical Center Cyber Security Institute (CSI) Space Systems Protection in Cyber Risk Environment The U.S. aerospace industry and civil/commercial space operations community exists in an increasingly contested environment. New challenges from the cyber front to U.S. economic and technical superiority as well as critical mission and infrastructure capability are emerging daily. NASA is moving to address these new challenges by adapting and applying timetested system engineering methods and philosophies to the new domains of cyber risk assessment, cyber-defense and their element in space systems mission assurance. This presentation will discuss the new environment in which the U.S. aerospace sector must operate, some of the methods NASA has used to adapt, and some lessons learned and future opportunities. Jason A. Soloff Lead, Systems Security Engineering Human Exploration & Operations Mission NASA/JSC Cyber Security Institute (CSI) Cyber Security ? • Security does not focus on “products” only; it is a process and focuses on the whole “information system”. - no panacea or cure-all - a continual and iterative process - building up readiness - knowledge acquisition - learning & research - intelligence collection, - close monitoring, … - knowledge sharing - community awareness and involvement 13 Regional Industry Threats The Public Health of the Internet • “EastWest Institute Proposes Public Health Model For Internet Cyber Security”, by Mickey McCarter, 06/06/2012 – Scott Charney, "As use and reliance on the Internet continues to grow, improving Internet health requires all ecosystem members to take a global, collaborative approach to protecting people from potential dangers online." • “Collective Defense: Applying Public Health Models to the Internet”, By Scott Charney, Corporate Vice President, Trustworthy Computing, Microsoft Corp., 2010. 15 Cyber Security Collaboration Model Strategy: Accelerate Bay Area Houston’s cyber security industry by leveraging the synergy created through the collaborative efforts of the community, academia, local and state government, DoD, Federal protection agencies, and regional business sectors. 16 operations Research projects Collaborative R&D Original research by - CSI faculty - postdoc researchers - graduate research assistants Education Corporate & Community Services Research results are Research findings & integrated into the UHCL experiences are published and curricula. shared with the community Research and development contracts with government agencies and business organizations Collaborative research with - JSC researchers - high tech companies’ researchers - faculty in other colleges Knowledge Repository of cybersecurity Advancement of acquisition research results cybersecurity research & transfer Continually updated and development are cybersecurity knowledge base integrated into class - New vulnerabilities teaching. - New protection technologies - Reviews of vendors and tools Up-to-date knowledge is transferred to start-up companies and cybersecurity professionals via collaborations and/or consulting. Knowledge Research publications and sharing presentations Online sharing of papers and project experiences On-site research seminars On-site research workshops and/or conferences Raising user and community awareness of cybersecurity by offering free seminars Summer camps for high schoolers Summer research experience for college students Supporting UHCL’s computer science, engineering and other programs with respect to cybersecurity knowledge and technologies Certified cybersecurity curriculum by NSA, NIST, etc. 17 18 • A sustainable Cyber Security Institute for the Bay Area region How one may help? Financial - Corporation donation - Personal donation - in-kind contribution Professional participation -Advisory Board - Industry Technical committees - Distinguished speakers - Mentors - Volunteers Promotion