REBOOTING CRITICAL INFRASTRUCTURE PROTECTION

Presented at DEF CON 29 (2021), Aug. 6, 2021, noon (45 minutes)

In 1998 the US government issued the first major policy document on Critical Infrastructure Protection (CIP). Since then, CIP has become one of the most fundamental tasks for governments everywhere, and has given birth to a plethora of institutions and processes seeking to manage what is called a "Public Private Partnership" between government, industry, and civil society. But despite all the efforts put into information exchanges, incident management, but also supply chain protection and even national industrial policies, cyber-attacks have not decreased, both in the United States and elsewhere. What else needs to be done? What lessons learned are there from international experiences? And how can the community help best?

Presenters:

• Danny McPherson - Executive Vice President & Chief Security Officer, Verisign
  Danny McPherson is Executive Vice President and Chief Security Officer at Verisign, where he is responsible for Verisign's information systems, services, and security. Prior to joining Verisign, McPherson has held technical leadership positions with Arbor Networks, Qwest Communications, MCI Communications, and the U.S. Army Signal Corps. McPherson is an active contributor in the network, security, operations, and research communities and has authored several books, numerous internet protocol standards, network and security research papers, and other publications. He is currently a member of ICANN's SSAC and the FCC's CSRIC, and has served on the IAB and IRSG, and chaired an array of IETF and other standards and research working groups and committees in these and related forums.
• Eric Goldstein - Executive Assistant Director, DHS CISA
  Eric Goldstein serves as the Executive Assistant Director for Cybersecurity for the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) as of February 19, 2021. In this role, Goldstein leads CISA's mission to protect and strengthen federal civilian agencies and the nation'scritical infrastructure against cyber threats. Previously, Goldstein was the Head of Cybersecurity Policy, Strategy, and Regulation at Goldman Sachs, where he led a global team to improve andmature the firm's cybersecurity risk management program. He served at CISA'sprecursor agency, the National Protection and Programs Directorate, from 2013 to 2017 in various roles including Policy Advisor for Federal Network Resilience, Branch Chief for Cybersecurity Partnerships and Engagement, Senior Advisor to the Assistant Secretary for Cybersecurity, and Senior Counselor to the Under Secretary. At other points in his career, Goldstein practiced cybersecurity law at an international law firm, led cybersecurity research and analysis projects at a federally-funded research and development center, and served as a Fellow in Advanced Cyber Studies at the Center for Strategic and International Studies, among other roles.
• Perri Adams
• Amélie Koran - Senior Technology Advocate, Splunk
  D'oer of things, say'er of stuff. Amélie is a Senior Technology Advocate at Splunk, focused on helping organizations transform, grow and secure themselves in the ever-evolving world of technologies and their accompanying challenges. She arrives at Splunk after nearly 25 years as a technologist, from systems administration and engineering to executive technology leadership in various industries, academia, NGOs, and the government. In the last decade, she's supported various Federal agencies, leading various projects and initiatives, including modernization activities, cybersecurity policy, and security architecture and operations. Often seen "soapboxing" about technology workforce development, training and recruiting policies, practices and techniques. She's a serial volunteer who tries to return the help she's received in her own career through mentorship, conversation and community building.
• Faye Francy - Executive Director, Automotive Information Sharing and Analysis Center
  Faye Francy is the Executive Director of the Automotive Information Sharing and Analysis Center (Auto-ISAC). The Executive Director serves the global automotive industry by providing strategic leadership and vision to foster collaboration for mitigating the risks of a cyber-attack. The Auto-ISAC was established in 2015 with the goal of developing a more resilient global automotive industry through member collaboration and sharing of timely cyber threat information. Faye is actively engaged with private-sector stakeholders, partners, and government agencies to facilitate information sharing to help strengthen the industry's capability and capacity to detect, prevent, respond to, and mitigate disruptions related to the connected vehicle and supporting infrastructure. The Auto-ISAC is a non-profit organization operating in Washington, D.C. Previously Ms. Francy stood up and led the Aviation-ISAC while at the Boeing Company. She held numerous leadership positions before retiring from Boeing, including Cyber ONE Leader, Director Enterprise Technologies, Director of Research in Phantom Works, and Director for Air Traffic Management.
• Alexander Klimburg - Director, Global Commission on the Stability of Cyberspace
  Alexander Klimburg is a cyber policy wonk, infosec geek, and free Internet advocate. The director of the Global Commission on the Stability of Cyberspace, he is also a director at The Hague Center for Strategic Studies (HCSS) and a senior-associate of the Center of Strategic and International Studies (CSIS). Previously he held positions and affiliations with Harvard University and the Atlantic Council. Since around 2010 Alex has been trying to mediate between the policy and technical world, with marginal success, having previously spent too much time in consulting and dot-bomb venture capital. He has accompanied the diplomatic work on cyber norms at the UN and OSCE, helped draft national cyber security strategies and relevant legislation for several governments, and has advised on the set-up and operation of national cybersecurity centers and infosec practices. Alex has been responsible for some of the world's most important track 1.5. diplomatic discussions and occasionally gets to opine on offensive cyber effect operations and TTPs. Hobbies include supporting cybercrime investigations, tutoring on basic infosec practices, and helping lead the DEF CON Policy department. He is the author of several publications, including the critically acclaimed "The Darkening Web" published 2017 by Penguin Press.
• Joseph Marks - Washington Post, Panel Moderator
  Joseph Marks writes The Washington Post's daily Cybersecurity 202 newsletter focused on the policy and politics of cybersecurity. Before joining The Washington Post, he covered cybersecurity for Politico and Nextgov. He began his career at Midwestern newspapers covering city and county governments, crime and features. He spent two years covering higher education for the Grand Forks Herald in North Dakota and is originally from Iowa City, Iowa.

Links:

• https://defcon.org/html/defcon-29/dc-29-speakers.html#policy-reboot
• https://infocon.org/cons/DEF CON/DEF CON 29/DEF CON 29 video and slides/DEF CON 29 - Policy Panel - Rebooting Critical Infrastructure Protection - Live.mp4

Similar Presentations:

• BSidesLV 2017 / Lightning Talks: Thinking Different
• DEF CON 17 (2009) / Perspective of the DoD Chief Security Officer
• 31C3 (2014) / Doing right by sources, done right