Enterprise Ireland Forum, Washington, DC
advertisement
Cybersecurity: Opportunities & Pitfalls for Selling in the US Marketplace Enterprise Ireland Forum David Z. Bodenheimer June 16, 2009 Crowell & Moring LLP © 2009 Crowell & Moring LLP Urgency for Cyber Defense The Cyber Crisis is Now!! – Everyone Agrees Congress: “time to combat cyber terror was yesterday” (Senators Rockefeller & Snowe, May 29, 2009) Whitehouse: “This status quo is no longer acceptable” (President Obama, May 29, 2009) Industry: “Quite frankly, the bad guys are winning” (Cyber Security Industry Alliance testimony, Mar. 12, 2008) Cyber Report: “one of the most urgent national security problems” (CSIS Commission on Cybersecurity, Dec. 2008) 2 Signs of the Cyber Apocalypse © 2009 Crowell & Moring LLP 262 Million Breaches No One Remains to Have an ID Stolen “2008 Data Breach Total Soars: 47% Increase over 2007” Identity Theft News (Identity Theft Daily, Jan. 5, 2009) Records with sensitive personal information involved in security breaches in the U.S. since January 2005: 262,442,156 records (Privacy Rights Clearinghouse, June 11, 2009) “Millions of Americans have been victimized, their privacy violated, their identities stolen, their lives upended, and their wallets emptied.” (President Obama, May 29, 2009) 4 Cyber-Crime > $100 Billion Hacking is More Lucrative than Doping INTERNET LAW – “Cyber-Crime Hits $100 Billion in 2007, Out-earning Illegal Drug Trade” (IBLS Internet Law, Oct. 15, 2007) “$1 trillion globally in lost intellectual property and expenditures for repairing the damage” (House Homeland Security Committee Hearing, Mar. 31, 2009) > 5 President’s Data Breached Any Hacker Can Pretend to the Throne “Source In Iran Sees Plans for President’s Chopper” (USA Today, Mar. 2, 2009) “The U.S. Navy is investigating how an unauthorized user in Iran gained online access to blueprints and other information about a helicopter in President Obama’s fleet.” Hacking Obama’s Website “It’s no secret that my presidential campaign harnessed the Internet and technology to transform politics. What isn’t widely known is that during the general election hackers managed to penetrate our computer systems.” (President Obama, May 29, 2009) 6 Infrastructure at Risk The Scary Names Are Used Up “Cyber Katrina” “Digital Pearl Harbor” “Cyber Barbarians Storming the Security Walls” 7 Everyone’s On-Board Government & Industry Agree “Cybersecurity . . . a top priority” (DHS Secretary nominee Janet Napolitano, Jan. 15, 2009) “DHS Puts Cybersecurity Toward Top of 2008 To-Do List” (DHS Secretary Chertoff, Federal Computer Week, Dec. 13, 2007) “Data Breach Likely to be Hot Topic at Porn Summit” (Technology Daily, Jan. 14, 2008) XXX 8 Cybersecurity in US: Top Priority & Huge Market © 2009 Crowell & Moring LLP U.S. Federal IT Marketplace 800-Pound Information Gorilla “The Federal government is the largest single producer, collector, consumer, and disseminator of information in the United States and perhaps the world.” (OMB, 2007) US IT Budgets • $72.9 billion – (FY O9) • $75.8 billion – (FY 10) 10 US Federal Information Information Treasure Trove • National Security • Personal Data • Infrastructure Data • Technology • Trade Secrets 11 US Federal Cybersecurity Information Security Spending • $14.6 Billion – (FY 09) • $25.5 Billion – (FY 13) • $30-40 Billion – (Next 5 Years) 12 US Homeland Security Homeland Security Priorities & Dollars • 6% FY10 DHS Budget (FY10) over FY09 • $7.5 Billion (12% ) – Transportation Security • $918 Million (15% ) – Critical Infrastructure – Electrical Grid – Financial Sector • $127 Million (30% ) – Inspector General 13 US Healthcare Technology Heathcare Technology Priorities & Dollars • Top Presidential Priority • Health Information Technology for Economic & Clinical Health (HITECH, Title XIII, ARRA) • $31 Billion Infrastructure & Health Information Technology • $19 Billion Health IT • 33% in Veterans Administration IT Budget Computerizing America’s health Records in five years. The current, paper-based medical records system that relies on patients’ memory and reporting of their medical history is prone to error, time-consuming, costly, and wasteful. With rigorous privacy standards in place to protect sensitive medical records, we will embark on an effort to computerize all Americans’ health records in five years. This effort will help prevent medical errors, and improve health care quality, and is a necessary step in starting to modernize the American health care system and reduce health care costs. 14 Global Cyber Markets Cyber Gold Rush Global Arms Race “Contractors Vie for Plum Work, Hacking for U.S.” “Cyber security the new ‘arms race’” Van Loan “Nearly all of the largest military companies – including Northrop Grumman, General Dynamics, Lockheed Martin, and Raytheon – have major cyber contracts with the military and intelligence agencies.” (NYT, May 31, 2009) “I really look at [cybersecurity] almost as the new arms race. There isn’t a day that goes by without someone somewhere trying to breach the Government of Canada’s information systems.” (Public Safety Minister Van Loan, CTV News, May 27, 2009) 15 Congress’ Cyber Scrutiny Congressional Pressure (2008-2009 Actions) • Congressional Scrutiny – Over 30 Hearings & Actions – 9 Different Committees • GAO Reviews – Congress’ Investigative Arm – 22 Reports on Cyber Issues • Legislative Actions – Senate Bill (S. 773) – House Bill (H.R. 2195) 16 Presidential Priority Presidential Priority “My administration will pursue a new comprehensive approach to securing America’s digital infrastructure. This new approach starts at the top with this commitment from me: From now on, our digital infrastructure – the networks and computers we depend on every day – will be treated as they should be: as a strategic national asset. Protecting this infrastructure will be a national security priority.” (President Obama, May 29, 2009) 17 Expanding Security Rules OMB (whitehouse.gov/omb) OMB Circular A-130, Transmittal Memorandum #4, Management of Federal Information Resources (Nov. 28, 2000) OMB Memo M-08-09, New FISMA Privacy Reporting Requirements for FY 2008 (Jan. 18, 2008) OMB Memo M-07-16, Safeguarding Against and Responding to the Breach of Personally Identifiable Information (May 22, 2007) NIST (csrc.nist.gov) SP 800-53 A Guide for Assessing the Security Controls in Federal Information Systems (July 2008) SP 800-53 Rev. 3 DRAFT Recommended Security Controls for Federal Information Systems and Organizations (Feb. 5, 2009) SP 800-61 Rev. Computer Security Incident Handling Guide (Mar. 2008) SP 800-83 Guide to Malware Incident Prevention and Handling (Nov. 2005) SP 800-100 Information Security Handbook: A Guide for Managers (Oct. 2006) SP 800-122 DRAFT Guide to Protecting the Confidentiality of Personally Identifiable Information (PII) (Jan. 13, 2009) 18 Cybersecurity Technology Opportunities And Challenges • No Technology Limits • Product Differentiation • No Boundaries • Customer Fragmentation • Dual-Use Technologies • Private-Use Barriers • Instant Demand • Development Funds??? – Data Mining & Analysis – Encryption & Biometrics – Penetration & Detection – Federal, State, Local – International – Public/Private – Ready-to-go Technology – Multiple Solutions – Little Effectiveness Proof – No Central Data Bank – No Single Entry Point – Export Restrictions – National Security – Short-term Horizon 19 Questions? David Z. Bodenheimer Crowell & Moring LLP dbodenheimer@crowell.com (202) 624-2713 8180322 20
