Interesting People mailing list archives

Re: CSIS Commission on Cyber Security "Securing Cyberspace for the 44th Presidency" report published

From: David Farber <dave () farber net>
Date: Fri, 12 Dec 2008 11:54:03 -0500



Begin forwarded message:

From: "James Brenton" <jbrenton () austin rr com>
Date: December 12, 2008 7:49:09 AM EST
To: "'Suresh Ramasubramanian'" <suresh () hserus net>
Cc: <dave () farber net>

Subject: RE: [IP] CSIS Commission on Cyber Security "SecuringCyberspace for the 44th Presidency" report published


Suresh,

Thank you for the information and link. My personal interest isprimarily

focused on the study's direct and immediate impact to Critical

Infrastructure Protection in the Electricity Sector. This is an areawherethe U.S. Congress along with several Federal agencies and departmentsare

competing to see who will be in charge and take the lead in providing
additional mandatory and enforceable cyber security regulations for the
electricity industry:  NERC/FERC, DoE, DHS, or NIST.

Little of what is now happening in this venue makes sense today,except tosay that many in government want to unilaterally impose and takecredit forincreased security regulation without having to bear theresponsibility ofincreased costs which would be passed on to commercial firms andeventually

to rate payers.

Will it be ISO-27002, NIST SP800-53 rev 2, NIST SP800-82, or the NERCCyber

Security Stds CIP002-009 is a large question with answers that remains

unclear today? Many government groups are competing to see who willfind away impose their security standards on this most critical industry.NERCand the industry have not yet really stepped up to the bar on thissubject

either, so the end results remain very much in doubt.

Please watch our CIP sector over the next two years, it will be
"interesting" to say the very least.
http://www.nerc.com/filez/standards/Project_2008-06_Cyber_Security.html

Jim Brenton
Director, Security
ERCOT

Disclaimer: Above represents my personal views and opinions and in nowayreflects the public opinion or position of my employer, ERCOT, Inc. orthe

industry stakeholders and market participants from the ERCOT Region.

-----Original Message-----
From: Suresh Ramasubramanian [mailto:suresh () hserus net]
Sent: Thursday, December 11, 2008 7:47 AM
To: David Farber
Cc: jbrenton () austin rr com

Subject: Re: [IP] CSIS Commission on Cyber Security "SecuringCyberspace for

the 44th Presidency" report published

Meanwhile here's another interesting paper on the malware economy -
commissioned by the ITU, and written by Professors Johannes Bauer of MSU
and Michel van Eeten of TU-Delft (with other authors cited).

Financial Aspects of Network Security: Malware and Spam
<http://www.itu.int/ITU-D/cyb/cybersecurity/docs/itu-study-financial-aspects
-of-malware-and-spam.pdf>

This appears to be a followup on a related study by the authors, thatwas

part of the excellent OECD / APECTEL joint work on malware
ministerial brief at <http://www.oecd.org/dataoecd/53/34/40724457.pdf>

Well worth a read. I had an opportunity to review some early drafts of
Bauer and van Eeten's work and it was impressive. The authors were kind

enough to thank me and ITU's Bob Shaw for the reviews, in the intro tothis

paper.

        srs

David Farber [11/12/08 08:27 -0500]:



Begin forwarded message:

From: "James Brenton" <jbrenton () austin rr com>
Date: December 11, 2008 7:44:09 AM EST
To: <dave () farber net>

Subject: CSIS Commission on Cyber Security "Securing Cyberspace forthe

44th Presidency" report published

Dave,

This study is as vital for the future of Cyber Security in the United
States
as was the 1957 Soviet launch of their first satellite to focus public
and
government action toward increased security of our nation's critical
infrastructure.

Jim Brenton

Synopsis:
The CSIS Commission on Cybersecurity for the 44th Presidency has
released its final report, "Securing Cyberspace for the 44th
Presidency." The Commission's three major findings are:

 1. Cybersecurity is now one of the major national security problems
facing the United States;
 2. Decisions and actions must respect American values related to
privacy and civil liberties; and
 3. Only a comprehensive national security strategy that embraces both

the domestic and international aspects of cybersecurity will improvethe

situation.

http://www.csis.org/component/option,com_csis_pubs/task,view/id,5157/type,1







-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com






-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com

Current thread:

CSIS Commission on Cyber Security "Securing Cyberspace for the 44th Presidency" report published David Farber (Dec 11)
- <Possible follow-ups>
- Re: CSIS Commission on Cyber Security "Securing Cyberspace for the 44th Presidency" report published David Farber (Dec 11)
- Re: CSIS Commission on Cyber Security "Securing Cyberspace for the 44th Presidency" report published David Farber (Dec 11)
- Re: CSIS Commission on Cyber Security "Securing Cyberspace for the 44th Presidency" report published David Farber (Dec 12)