Masters level responses

csec670_05.pdf

Home >Computer Science homework help >Masters level responses

UMUC Cybersecurity Capstone CSEC670

Contents Topic 1: Scenario ............................................................................................................................. 2

Scenario: A Challenging Assignment .......................................................................................... 2 Topic 2: Module Introduction ........................................................................................................... 5 Topic 3: International Cybersecurity Collaboration Initiatives ......................................................... 6

DHS and DoD .............................................................................................................................. 6 DHS Programs with Other Countries ........................................................................................... 7 Other DHS Initiatives ................................................................................................................... 9 DoD Programs With Other Countries ........................................................................................ 13 Jack's Update 1 .......................................................................................................................... 15

Topic 4: Multinational Cybersecurity Programs ............................................................................. 17 Five Eyes ................................................................................................................................... 17 Mutual Legal Assistance Treaties .............................................................................................. 18 GBDe ......................................................................................................................................... 20 Jack's Update 2 .......................................................................................................................... 22

Topic 5: Approaches to Cybersecurity Programs .......................................................................... 24 Cross-Sector Cybersecurity Working Group .............................................................................. 24 Smart Grid Cyber Security Working Group ................................................................................ 27

Topic 6: Cybersecurity Programs in Private Industry .................................................................... 30 Microsoft Internet Safety and Anti-Piracy Efforts ....................................................................... 30 Symantec's Initiatives ................................................................................................................. 32 Intel's Purchase of McAfee ........................................................................................................ 33 Jack's Update 3 .......................................................................................................................... 34

Topic 7: Public Awareness and Education .................................................................................... 36 The Programs ............................................................................................................................ 36 Jack's Update 4 .......................................................................................................................... 39

Topic 8: Summary.......................................................................................................................... 41 Glossary ......................................................................................................................................... 42

UMUC Cybersecurity Capstone CSEC670

Topic 1: Scenario

Scenario: A Challenging Assignment

Implementing Cybersecurity Programs Within and Across Organizations

CSEC670—Module 5

A Challenging Assignment Massachusetts Medical Care Coordinators Without Borders (MMCCWB), a nongovernmental organization in the United States, provides medical care coordination services to the public at the state and regional levels. It also plans to assist agencies that provide foreign aid, such as the National Acupuncturist Commune (NAC), a Chinese organization. MMCCWB wants to protect its health care data that it will share with NAC. They do not want to fall prey to a data breach. Therefore, MMCCWB has hired Jack Snow as Chief Information Security Officer (CISO) to develop and implement a cybersecurity program. In addition to MMCCWB and NAC, the program will involve two federal government departments: the Department of Defense (DoD) and the Department of Homeland Security (DHS). Disclaimer: The storyline and characters in this part of the module are fictitious and were developed for the purposes of this course. No association with any real person, places, or events is intended or should be inferred.

Scenario The Meeting

As CISO, Jack's assignment is to develop and implement an effective cybersecurity program that will involve governmental and nongovermental organizations, both domestic and international. To get started, Jack meets with Mary Lewis, the Chief Executive Officer (CEO) of MMCCWB. Mary has served on the boards of several private organizations. She is concerned that the budget for MMCCWB's cybersecurity program is limited, and she wants to get the best results for the money that will be invested. Here is a transcript of the conversation between Jack and Mary. Mary: Hi, Jack. I was chatting with an old friend at the State Department last week. Although our country has signed some recent trade-related agreements with China, those agreements don't pertain to cybersecurity protection. Mary: The United States Information Assurance and Computer Network Defense agreement with Singapore is generally thought to be an exemplary effort, and it is likely that it will be used as a model for a future cybersecurity agreement between the U.S. and China. Mary: Can you review this agreement please? I want to avoid having to redesign our program. We just don’t know if the U.S. and Chinese governments will adopt an agreement similar to the one between the U.S. and Singapore.

UMUC Cybersecurity Capstone CSEC670

Jack: Sure, Mary. I will certainly review it and let you know what I find, and I can make sure our program is compatible with this agreement. Mary: Thank you, Jack. I plan to visit our group in China next month. I want to give them a preview of what we have in mind for our cybersecurity public awareness and education program and get their input. Have you begun working on that aspect of the program yet? Jack: I've spoken to our IT and HR teams, and they've provided me with several resources. Jack: For example, the child awareness programs for the K-12 educational sector were rolled out by the National Cyber Security Alliance here in the U.S. Maybe that can be adapted to raise cybersecurity awareness within both our group and the NAC. Jack: The Chinese already have many technology courses in their schools, and they may cooperate with us in developing a cybersecurity awareness program. Mary: I like the idea. Hopefully, such mutually beneficial programs may help us to overcome thornier issues. On that note, what do you think will be the most difficult issue we're likely to face on this project? Jack: I believe cultural bias will be the most difficult issue. The people at the NAC are familiar with a centralized form of government control because that's how things get done in China. Jack: They may not understand our decentralized and voluntary approach to cybersecurity. While the U.S. government may take a particular approach to cybersecurity, organizations in the private sector may take an altogether different approach based on their own priorities. Jack: I'm wondering whether it's a good idea to explain that our government leads by example and it is up to private industry to get involved as it sees fit. Mary: Yes, that seems like a good idea. We could use an example involving the private sector or an infrastructure protection program. Jack: Maybe the Microsoft anti-piracy program would be a good example. I think the Chinese will have heard about this program already, so they will be able to relate to it. Mary: Just let me know what you come up with. I'm off to our board meeting. It was great to meet with you, Jack. Take care. The Assessment After his meeting with Mary, Jack makes plans to assess current collaborative initiatives among the various organizations that cooperate with MMCCWB. He plans to assess the following programs and initiatives, and then put together a set of best practices to ensure that MMCCWB complies with all relevant regulations in designing its cybersecurity program.

UMUC Cybersecurity Capstone CSEC670

DHS and DoD Cybersecurity Initiatives

Multinational Cybersecurity Programs

Multisector and Cross-Sector Cybersecurity Programs

Private Industry Cybersecurity Programs

Public Awareness and Education Programs on Cybersecurity DHS and DoD Cybersecurity Initiatives MMCCWB will have to work with many foreign organizations, some of which could be considered foes of the United States. In order to garner U.S. government support for MMCCWB's efforts, Jack plans to assess existing DHS and DoD cybersecurity programs to locate areas in which cooperation will be beneficial to all parties. Multinational Cybersecurity Programs In order to garner national sponsorship support for MMCCWB's efforts, Jack plans to assess existing multinational cybersecurity programs. These programs include DoD's Five Eyes program, existing bilateral Mutual Legal Assistance Treaties (MLATs), and the work done by the Global Business Dialogue on e-Society group. Jack hopes to derive information about where these programs have been successful and to recommend new areas where cooperation may be possible. Multisector and Cross-Sector Cybersecurity Programs Jack plans to examine methods that have been used successfully by the Cross-Sector Cybersecurity Working Group and the Smart Grid Cyber Security Working Group. Private Industry Cybersecurity Programs In order to recommend successful approaches that have produced beneficial results in private industry, Jack plans to assess the following:

Microsoft's Internet safety and anti-piracy efforts

The Symantec effort to collocate with the National Cyber-Forensics & Training Alliance (NCFTA)

The Intel cybersecurity strategy Public Awareness and Education Programs on Cybersecurity In order to implement effective cybersecurity awareness and education programs, Jack plans to assess public awareness and education efforts conducted under the following programs:

StaySafeOnline.org

The Stop.Think.Connect. campaign

Awareness programs directed at children

The Federal Trade Commission's identity theft awareness program

UMUC Cybersecurity Capstone CSEC670

Topic 2: Module Introduction

This module focuses on the various elements that are required for developing and implementing effective cybersecurity programs. It covers existing collaboration programs that address the needs of private industry, multinational organizations, and international organizations, and it assesses existing public cybersecurity threat awareness programs. This module covers the salient points of some cybersecurity programs. Some of these programs are collaborative in nature. The programs that have been undertaken by DHS and DoD in cooperation with other countries are good examples of collaborative programs. These programs often put their focus on cybersecurity information sharing, awareness, and education, and they may involve the cooperation of multiple countries and groups. Some programs are sponsored by private industry and focus on the particular cybersecurity needs of that sector.

UMUC Cybersecurity Capstone CSEC670

Topic 3: International Cybersecurity Collaboration Initiatives

DHS and DoD

The private sector has derived cost efficiencies from using the Internet's infrastructure to streamline its operations. The federal government also realizes cost efficiencies by using this cyberinfrastructure. Day-to-day services, as well as critical government emergency response systems, depend on an efficient cyberinfrastructure. However, new concerns regarding national security have emerged from the dependence of these services and systems on cyberinfrastructure. DHS and DoD are each partly responsible for addressing these concerns. DHS coordinates for the safeguard of the critical infrastructure on which the country relies, and DOD retains its traditional homeland defense mission as well as special responsibility for the defense industrial base. The national security of the United States is tied to its economic security. The U.S. government realizes that unreliable financial and economic systems would create chaos and have severe consequences for the general population. Unreliable systems would hurt industry and eventually cripple the government financially as well. Moreover, the global cyberinfrastructure now plays a critical role in the U.S. financial system. A successful attack on the U.S. financial system would have severe consequences on the tightly integrated global financial system, and vice versa. In view of this interdependency, the U.S. government has entered into cooperative programs to share intelligence on cyberthreats with friendly foreign governments and agencies. Thus, national security has become the foundation of cybersecurity.

UMUC Cybersecurity Capstone CSEC670

Topic 3: International Cybersecurity Collaboration Initiatives

DHS Programs with Other Countries

DHS is involved in numerous international collaborative initiatives through many of its subsidiary agencies. Jack decides to focus on programs that relate to international cybersecurity collaboration. He finds relevant excerpts from the following documents:

The Quadrennial Homeland Security Review Report

The Implementing Recommendations of the 9/11 Commission Act of 2007 The Quadrennial Homeland Security Review Report This report contains a comprehensive strategic assessment of U.S. homeland security. It contains the following recommendations for forging new international partnerships to strengthen national security:

Expand and extend governmental and private-sector international partnerships: Transform how government and the private sector interact. International partners are key participants in the homeland security enterprise. The interconnected nature of world economies and international infrastructure means that seemingly isolated events often have transnational origins and global consequences. The acceleration of the flows of ideas, goods, and people around the world and across U.S. borders generally advances America's interests, but also creates security challenges that are increasingly borderless and unconventional. International partners are critical to the effort to secure the homeland against threats that transcend jurisdictional and geographic boundaries. International engagement enhances the transparency of threat trajectories and increases our capacity to understand, investigate, and interdict threats at the earliest possible point, ideally before they become manifest, reach our shores, or disrupt the critical networks on which we depend. The United States must work with its international partners to increase global security against terrorism and violent extremism, the spread of infectious diseases, and the consequences of natural disasters (DHS, 2010, pp. 73-74).

Reference: U.S. Department of Homeland Security (DHS). (2010, February). Quadrennial homeland security review report: A strategic framework for a secure homeland. Retrieved from http://www.dhs.gov/xlibrary/assets/qhsr_report.pdf

Implementing Recommendations of the 9/11 Commission Act of 2007 DHS established its International Cooperative Programs Office (ICPO) to address the Implementing Recommendations of the 9/11 Commission Act of 2007 and its provision that "The United States and its allies in the global war on terrorism will mutually benefit from the sharing of technological expertise to combat domestic and international terrorism" (Implementing Recommendations of the 9/11 Commission Act of 2007, §1901(a)(5)). The mission of the ICPO is to foster international collaborative research agreements that allow the United States to benefit from foreign expertise that can assist in protecting U.S. national security. The ICPO uses different methods to encourage the development of new tools, methods, and approaches that assist DHS with its mission of defending the

UMUC Cybersecurity Capstone CSEC670

country. As of 2010, ICPO oversaw 12 bilateral science and technology agreements with 12 foreign countries. It also oversees a research grant program used to encourage collaboration between U.S. and foreign educational institutions. Reference: Implementing Recommendations of the 9/11 Commission Act of 2007, Pub. L. 110-53, §1901(a)(5), 121 Stat. 505 (2007). Retrieved from http://www.intelligence.senate.gov/laws/pl11053.pdf

During fiscal year 2011, ICPO awarded more than $2 million in grants to foster research in biometrics, sequencing and signature identification of botulism strains, smart monitoring of complex public scenes, and early-detection tools for flood-control infrastructure (ICPO, 2011). Reference: U.S. Department of Homeland Security, Science and Technology Directorate, International Cooperative Programs Office (ICPO). (2011, July 5). International research grant program. Retrieved from http://www.euussciencetechnology.eu/uploads/docs/DHS%20ST%20ICPO%20Grant%20Program%20July %205%202011%20(APPROVED%20FOR%20PUBLIC).pdf

UMUC Cybersecurity Capstone CSEC670

Topic 3: International Cybersecurity Collaboration Initiatives

Other DHS Initiatives

DHS is involved with international collaborative efforts through its numerous organizational units. Jack examines how these initiatives interact.

Federal Law Enforcement Training Center The FLETC International Training and Technical Assistance Division emerged in the 1980s from efforts to counter international hijackings and financial crimes. The International Training and Technical Assistance Division now extends law enforcement training abroad to curb international crime, drug-trafficking, and terrorist activity, and to protect the United States. It coordinates training and assistance requests, partners with the Department of State to support and manage International Law Enforcement Academies abroad, and facilitates training for select foreign nationals (DHS OIG, 2008, p. 124).

Reference: U.S. Department of Homeland Security, Office of Inspector General (DHS OIG). (2008, June). Management of Department of Homeland Security international activities and interests (OIG-08-71). Retrieved from Homeland Security Digital Library Web site: https://www.hsdl.org/?view&did=487686

National Cyber Security Division

The National Cyber Security Division works to secure cyberspace and America's cyber assets in cooperation with public, private, and international entities. The Division's international role stems from several strategic plans and directives, including the National Strategy to Secure Cyber Space, Presidential Decision Directive 7, National Infrastructure Preparedness Plan, the Information Technology Sector Specific Plan, and National Response Plan. The National Cyber Security Division maintains international engagements and working relationships with the United Kingdom, Australia, New Zealand, and Canada. The division participates in international initiatives including the International Watch and Warning Network and the Security and Prosperity Partnership between the United States, Canada, and Mexico. The National Cyber Security Division also provides subject matter experts to a number of multilateral organizations (DHS OIG, 2008, p. 126).

UMUC Cybersecurity Capstone CSEC670

National Communications System The National Communications System is a consortium of 23 federal departments and agencies that seek to ensure the availability of a viable national security and emergency preparedness communications infrastructure. The National Communications System participates in several international working groups that involve Canada; the United Kingdom; NATO; and the International Telecommunications Committee. In addition, the National Communications System conducts activities in support of several international agreements, including the Security and Prosperity Partnership with Mexico and Canada (DHS OIG, 2008, p. 126).

In 2009, the operational arm of the NCS, the National Coordinating Center for Telecommunications (NCC), was unified with other DHS elements, such as the U.S. Computer Emergency Readiness Team (US-CERT), under the National Cybersecurity and Communications Integration Center (NCCIC). The NCCIC is a DHS-led 24x7 cyber infrastructure monitoring and warning center. Reference: US Department of Homeland Security. October 30, 2009. Secretary Napolitano Opens New National Cybersecurity and Communications Integration Center. Press Release retrieved from http://www.ncs.gov/news/2009/103109.html

Office of Infrastructure Protection

The Office of Infrastructure Protection was established to protect U.S. critical infrastructure and key assets. The Office of Infrastructure Protection has some international engagements because a number of infrastructures vital to the United States cross borders or have international dimensions (e.g., dams and bridges that span borders). The Office of Infrastructure Protection has identified cross-border critical infrastructures and conducted joint infrastructure assessments with Mexican and Canadian counterparts (DHS OIG, 2008, p. 126).

Office of Operations Coordination

The Office of Operations Coordination provides situational awareness, strategic decision making support, incident management, and contingency planning services for DHS. It oversees the principal operations center for DHS, the National Operations Center, which collects and combines threat and operational information from federal, state, and local governments, and private sector organizations. The office acts as liaison and shares information with foreign operations centers in Canada and the United Kingdom, engages Australian operational staff through an information system portal, and hosts visitors from other nations (DHS OIG, 2008, p. 128).

UMUC Cybersecurity Capstone CSEC670

Privacy Office

Established in the department's enabling legislation, the Privacy Office's mission is to sustain privacy protections and transparency of government operations, while achieving the DHS goals. The office seeks to engage international partners to foster international cooperation and understanding of privacy issues related to DHS missions and operations (DHS OIG, 2008, p. 129).

U.S. Secret Service

The Secret Service is the lead federal law enforcement agency for counterfeiting investigations and credit card, financial wire transaction, telemarketing, telecommunications, and computer fraud investigations. The Secret Service also investigates cases of forgery, money laundering, and identity theft. Secret Service staff abroad support domestic investigations by working with local law enforcement to address international leads. They also provide instruction in investigative techniques at International Law Enforcement Academies … (DHSOIG, 2008, p. 130).

Reference: U.S. Department of Homeland Security, Office of Inspector General (DHS OIG). (2008, June). Management of Department of Homeland Security international activities and interests (OIG-08-71).

Retrieved from Homeland Security Digital Library Web site: https://www.hsdl.org/?view&did=487686

U.S. Immigration and Customs Enforcement

ICE attachés abroad provide information and investigative support for cases involving: child exploitation and human trafficking; travel document fraud; human, narcotics, and weapons smuggling; financial and cyber crimes; trade enforcement and financial crimes; and export enforcement issues (DHS OIG, 2008, p. 125).

Reference: U.S. Department of Homeland Security, Office of Inspector General (DHS OIG). (2008, June). Management of Department of Homeland Security international activities and interests (OIG-08-71).

Retrieved from Homeland Security Digital Library Web site: https://www.hsdl.org/?view&did=487686

Organization of American States Assistance As a contributing member, DHS also participates in initiatives sponsored by the Organization of American States (OAS). According to a recent presentation by OAS program manager Brian Sullivan (Sullivan, 2010, slide 5), the OAS has been pursuing three cybersecurity mandates:

Assist member states in developing cybercrime investigative and prosecutorial capabilities as well as the legislative framework and legal tools that will support their efforts.

Assist member states in developing their cybersecurity monitoring and response capabilities through the development of national incident response teams that can cooperate on an international basis.

UMUC Cybersecurity Capstone CSEC670

"The Inter-American Telecommunication Commission (CITEL) was mandated to promote a culture of cyber security, and to work with government and industry stakeholders on the development and implementation of cyber security standards and regulations."

According to Sullivan, the OAS has run into many obstacles that have hampered progress (Sullivan, 2010, slide 6). These obstacles are similar to the obstacles DHS has tackled previously in its initiatives. Obstacle 1 A persistent lack of cybersecurity awareness at the policy- and decision-making levels within the member states. Many member states continue to overlook cyberthreats to their information infrastructures, as well as the potential consequences of cyberattacks or security breaches, especially when a response capability has not been planned (Sullivan, 2010, slide 6). Obstacle 2 A lack of awareness of the critical need for a national cybersecurity framework that would clarify roles and responsibilities to ensure effective coordination within and outside OAS member governments. It has been difficult to coordinate the cybersecurity-related activities of the numerous ministries, departments, and agencies in order to foster more sharing of information, especially when there is no clear direction from the decision- making level of the country. A national framework for cybersecurity for each OAS member state would go a long way toward resolving some of these challenges (Sullivan, 2010, slide 6). Reference: Sullivan, B. (2010, September 30). A regional perspective on cyber security in the Americas: Challenges and opportunities. [PowerPoint presentation to the International Cyber Security Breakfast Roundtable, International Cyber Center, George Mason University]. Retrieved from http://www.google.com/url?sa=t&rct=j&q=oas%20cybersecurity&source=web&cd=8&ved=0CGEQFjAH&url= http%3A%2F%2Ficc.ite.gmu.edu%2Ficcbreakfast%2FBelisario_Contreras.ppt&ei=4f_CTtnbOsetgQePs4jXD g&usg=AFQjCNGloNFIvXceob8b9IIcgGpjRjTX0w

Jack's Thoughts on the Subject After assessing the various DHS-sponsored initiatives, we can see that most of the related activities involve the sharing of information among the agreement partners in order to ensure that all participants benefit. Additionally, there appears to be a deliberate overlap of some of the responsibilities between units, such as between ICE and the Secret Service on investigative matters. I think multiple perspectives are valuable and can have a cumulative effect on collaborative initiatives. Also, we can see that other government departments support the mission and efforts of DHS, including DoD. These initiatives are all tied to protecting our national security. Next, I will examine some of DoD's international cybersecurity collaboration initiatives.

UMUC Cybersecurity Capstone CSEC670

Topic 3: International Cybersecurity Collaboration Initiatives

DoD Programs With Other Countries

The Department of Defense encourages numerous cybersecurity initiatives. Its goals were recently formulated in a document titled "Department of Defense Strategy for Operating in Cyberspace." This document describes how the Pentagon intends to reinforce its defense of cyberspace using five initiatives, or pillars. The strategy includes the following five strategic initiatives:

1. DoD will treat cyberspace as an operational domain like land, air, sea, and space, operating and defending department networks as well as equipping forces for cybermissions (DoD, 2011, p. 5).

2. DoD will introduce new operating methods, including active cyberdefenses, to protect its networks and systems (DoD, 2011, p. 6).

3. DoD will partner with DHS and the private sector to protect critical national infrastructures like the power grid, the transportation system, and the financial sector in order to create a "whole-of-government cybersecurity strategy" (DoD, 2011, p. 8).

4. DoD will build collective cyberdefenses with allies and international partners to expand awareness of, and strengthen, collective cybersecurity (DoD, 2011, p. 9).

5. DoD will foster the development of an innovative technological workforce to foster cybersecurity innovation (DoD, 2011, p. 10).

Reference: U.S. Department of Defense (DoD). (2011, July). Department of Defense strategy for operating in cyberspace. Retrieved from http://www.defense.gov/news/d20110714cyber.pdf

Jack's Thoughts on the Subject The fourth initiative has an emphasis on building cyberdefenses with allies and international partners, as well as the expansion of security awareness-related activities. It will be productive to examine this initiative more closely. Slide 1

Strategic Initiative 4: DoD will build robust relationships with U.S. allies and international partners to strengthen collective cybersecurity…

In support of the U.S. International Strategy for Cyberspace and in collaboration with its interagency partners, DoD will seek increasingly robust international relationships to reflect our core commitments and common interests in cyberspace. The development of international shared situational awareness and warning capabilities will enable collective self-defense and collective deterrence. By sharing timely indicators about cyber events, threat signatures of malicious code, and information about emerging actors and threats, allies and international partners can increase collective cyber defense. Cyberspace is a network of networks that includes thousands of ISPs across the globe; no single state or organization can maintain effective cyberdefenses on its own (DoD, 2011, p. 9).

Reference: U.S. Department of Defense (DoD). (2011, July). Department of Defense strategy for operating in cyberspace. Retrieved from http://www.defense.gov/news/d20110714cyber.pdf

UMUC Cybersecurity Capstone CSEC670

Slide 2 DoD's international engagement will support the U.S. International Strategy for Cyberspace and the President's commitment to fundamental freedoms, privacy, and the free flow of information. DoD will assist U.S. efforts to advance the development and promotion of international cyberspace norms and principles that promote openness, interoperability, security, and reliability. The Department will work with interagency and international partners to encourage responsible behavior and oppose those who would seek to disrupt networks and systems, dissuade and deter malicious actors, and reserve the right to defend these vital national assets as necessary and appropriate. These efforts will sustain a cyberspace that provides opportunities to innovate and yield benefits for all (DoD, 2011, pp. 9-10).

Reference: U.S. Department of Defense (DoD). (2011, July). Department of Defense strategy for operating in cyberspace. Retrieved from http://www.defense.gov/news/d20110714cyber.pdf

Slide 3

As international cyberspace cooperation continues to develop, DoD will advance its close cyberspace cooperation with its allies to defend U.S. and allied interests in cyberspace. DoD will work closely with its allies and international partners to develop shared warning capabilities, engage in capacity building, and conduct joint training activities. Engagement will create opportunities to initiate dialogues for sharing best practices in areas such as forensics, capability development, exercise participation, and public-private partnerships. Further, the development of burden sharing arrangements can play to each nation's core strengths and capabilities; this will bolster areas where partners are less proficient, increase capacity, and strengthen collective cybersecurity (DoD, 2011, p. 10).

Reference: U.S. Department of Defense (DoD). (2011, July). Department of Defense strategy for operating in cyberspace. Retrieved from http://www.defense.gov/news/d20110714cyber.pdf

Slide 4

DoD will expand its formal and informal cyber cooperation to a wider pool of allied and partner militaries to develop collective self-defense and increase collective deterrence. DoD will create new opportunities for like-minded states to work cooperatively based on shared principles; expanded and strengthened relationships with allies and international partners can maximize scarce cyber capabilities, mitigate risk, and create coalitions to deter malicious activities in cyberspace. These coalitions will serve to augment DoD's formal alliances and partnerships and increase broader cybersecurity (DoD, 2011, p. 10).

Reference: U.S. Department of Defense (DoD). (2011, July). Department of Defense strategy for operating in cyberspace. Retrieved from http://www.defense.gov/news/d20110714cyber.pdf

UMUC Cybersecurity Capstone CSEC670

Topic 3: International Cybersecurity Collaboration Initiatives

Jack's Update 1

DoD's cyberstrategy extends the long-standing multinational intelligence-sharing initiative called Five Eyes. Jack e-mails Mary with an update, and then decides to examine this program as well as other multinational agreements. Here is a copy of the e-mail Jack sent Mary. From: Jack Snow To: Mary Lewis Subject: Cybersecurity Project—Update 1 Hi Mary, I am in the early stages of my review, but I wanted to provide you with a brief update. There is a wide range of cybersecurity initiatives that exist at the international level. On the U.S. side, the majority of these are coordinated by the Department of Homeland Security. Some of the programs are based both in the U.S. and in foreign countries. For example, the Federal Law Enforcement Training Center operates in at least four centers overseas, including Bangkok, Budapest, Gaborone, and San Salvador. While these are good programs, I see some challenges. First, the amount of overseas cooperation seems to be relatively small. Secondly, the U.S. government should be more aggressive in pursuing opportunities with other nations that are currently not part of these programs, because cybersecurity is truly a worldwide problem. Regards, Jack Activity Question 1: When is the best time for the United States to establish new international partnerships with a foreign country? a. When the United States is used as an information clearinghouse b. When the foreign country is the only one providing information c. When information is shared between the United States and the other country d. When the other country acts as a front man for an adversary of the United States Correct Answer: Option c Feedback: Mutual sharing and receiving of sensitive cybersecurity information between the United States and a foreign country makes sense only when both countries benefit.

UMUC Cybersecurity Capstone CSEC670

Question 2: In which aspects of cybersecurity does the U.S. Secret Service often become involved? a. Telemarketing fraud b. Computer fraud c. Safeguarding the president d. Forgery Correct Answer: Options a, b, and d Feedback: With regard to cybersecurity, the U.S. Secret Service has direct investigative responsibilities for telemarketing fraud, computer fraud, and forgery of documents and currency. In addition, the U.S. Secret Service also is responsible for protecting the physical security of the president, vice-president, and secretarial members of the president’s cabinet. This responsibility also extends to working with the protective details for visiting foreign dignitaries. The Secret Service's responsibilities include investigating telemarketing fraud, computer fraud, and forgery.

UMUC Cybersecurity Capstone CSEC670

Topic 4: Multinational Cybersecurity Programs

Five Eyes

DoD's cybersecurity strategy includes cooperation with international partners as a way of strengthening America's cybersecurity posture. Jack plans to examine the Five Eyes program, one of the most enduring multinational intelligence-sharing initiatives, so he can derive insight into best practices. Five Eyes The Five Eyes intelligence alliance was developed as part of the 1946 UKUSA bilateral agreement. This alliance now includes Australia, Canada, and New Zealand in addition to the United Kingdom and the United States. The UKUSA agreement originally grew out of joint codebreaking efforts during World War II, and expanded during the Cold War to cover the gathering of intelligence on the Soviet Union and China. Because of the political context of the Cold War, one of the tenets of the Five Eyes agreement was that even though it was not military in nature, the group's capabilities for gathering and sharing intelligence could assist members in deterring direct attacks if political conflicts arose with nonmember countries. It was believed that intelligence-sharing agreements like Five Eyes would bring greater benefits than those of more public bilateral and multilateral agreements, which are more formally structured and less secretive. According to Guardian journalist Richard Aldrich, the Five Eyes group has suffered during its long history from politically motivated internal clashes that resulted in communication breakdowns and eventual resolutions. Here are some examples:

Access to intelligence was sometimes a useful stick for beating allies. In August 1973, [U.S. President] Richard Nixon and [National Security Advisor] Henry Kissinger lost patience with [British Prime Minister] Edward Heath's pro- European [Economic Community] polices. To signal their displeasure, they told their people to cut Britain out.… Canada also endured "cut-offs". After Saddam Hussein's invasion of Kuwait in 1990, Washington asked Ottawa to assist by sending naval ships to the Gulf. The Canadian fleet was out-dated and equipped for anti-submarine warfare. Fearing the threat from aircraft and Exocet missiles, the Canadians protested that their ships would be too vulnerable. Washington signaled its intense displeasure by cutting off the intelligence flow and so the "screens went blank". Ottawa had a change of heart and three days later communications were restored. In honour of this memorable episode in allied relations, Ottawa's defence chiefs christened their Gulf naval deployment "Operation Friction" (Aldrich, 2010).

Reference: Aldrich, R. (2010, June 24). Allied code-breakers co-operate—but not always. The Guardian. Retrieved from http://www.guardian.co.uk/world/2010/jun/24/intelligence-sharing-codebreakers-agreement- ukusa

UMUC Cybersecurity Capstone CSEC670

Topic 4: Multinational Cybersecurity Programs

Mutual Legal Assistance Treaties

The United States has established a strong framework to promote international cooperation, including cooperation on legal issues. Some of the longest-standing elements of this strategy are the bilateral Mutual Legal Assistance Treaties (MLATs) that the United States has established with other countries. Due to the global nature of the Internet, evidence of cybercrimes targeting Americans is increasingly only available outside U.S. jurisdiction. The United States and its allies need this evidence in order to investigate cybercrimes and prosecute the perpetrators. MLATs provide formal mechanisms for coordinating the necessary cooperation between the signatories' legal representatives.

Mutual Legal Assistance Agreements (sometimes called judicial assistance agreements) obligate each party to gather and provide evidence located in its territory concerning litigation or criminal prosecutions that occur within the jurisdiction of another party requesting such assistance. The United States is a party to several dozen mutual legal assistance agreements. Some of these agreements apply only to the management of particular litigation or to certain types of offenses such as drug trafficking and money laundering. Only a few mutual legal assistance agreements apply broadly to all law enforcement investigations and prosecutions. Such an agreement may supply the only domestic legal authority for the assisting party to investigate offenses that did not occur within its jurisdiction, and it also establishes procedures that expedite the requested assistance. To be effective in helping to suppress computer crimes and other high-tech offenses, mutual legal assistance agreements must either expressly cover such offenses or they must apply broadly to all crimes (DoD OGC, 1999, p. 35).

Reference: U.S. Department of Defense, Office of General Counsel (DoD OGC). (1999, May). An assessment of international legal issues in information operations. Retrieved from http://www.au.af.mil/au/awc/awcgate/dod-io-legal/dod-io-legal.pdf

According to the U.S. State Department's Treaties in Force report, in 2011, the United States had active treaties with [selected] countries that specifically addressed the areas of information assurance, computer network defense, homeland security, and counterterrorism. Subject Areas Covered by Treaties with the United States Argentina "Agreement for information assurance research collaboration" (U.S. Department of State, 2011, p. 6). Australia "Agreement on cooperation in science and technology for homeland/domestic security matters" (U.S. Department of State, 2011, p. 12).

UMUC Cybersecurity Capstone CSEC670

Germany "Agreement on cooperation in science and technology concerning homeland/civil security matters" (U.S. Department of State, 2011, p. 105). Israel "Agreement on counterterrorism cooperation" (U.S. Department of State, 2011, p. 139). "Agreement on cooperation in science and technology for homeland security matters" (U.S. Department of State, 2011, p. 139). Japan "Agreement concerning cooperation on information assurance and computer network defense" (U.S. Department of State, 2011, p. 149). Mexico "Agreement on cooperation in science and technology for homeland security matters" (U.S. Department of State, 2011, p. 187). New Zealand "Agreement on science and technology cooperation contributing to domestic and external security capabilities" (U.S. Department of State, 2011, p. 202). Poland "Agreement concerning cooperation on information assurance (IA) and computer network defense (CND)" (U.S. Department of State, 2011, p. 229). Singapore "Agreement on cooperation in science and technology for homeland/domestic security matters" (U.S. Department of State, 2011, p. 250). South Korea "Memorandum of understanding concerning cooperation on information assurance (IA) and computer network defense (CND)" (U.S. Department of State, 2011, p. 160). Sweden "Agreement concerning cooperation on Information Assurance (IA) and Computer Network Defense (CND)" (U.S. Department of State, 2011, p. 263). "Agreement on cooperation in science and technology for homeland security matters" (U.S. Department of State, 2011, p. 264). United Kingdom "Agreement on cooperation in science and technology for critical infrastructure protection and other homeland/civil security matters" (U.S. Department of State, 2011, p. 295). Reference: U.S. Department of State. (2011). Treaties in Force. Retrieved from http://www.state.gov/documents/organization/169274.pdf

UMUC Cybersecurity Capstone CSEC670

Topic 4: Multinational Cybersecurity Programs

GBDe

What Is GBDe? A group led by global CEOs formed the Global Business Dialogue on e-Society (GBDe) in 1999. The group aims to assist the development of a global policy framework that would better accommodate the emerging global online economy. The group felt that the patchwork of existing government regulation, as demonstrated by the MLATs, would hamper the development of the cybereconomy and that the private sector would be best- equipped to identify the issues that need the attention of government policymakers. Government has generally looked to the private sector for leadership in this technological field and is usually open to input from leaders in the field. At its formation, the group identified the following urgent issue areas (GBDe, 2012):

Taxation

Tariffs

Intellectual property rights

Encryption

Authentication

Data protection

Liability GBDe formulates recommendations through Issue Groups that focus on certain areas or concerns. Reference: Global Business Dialogue on e-Society (GBDe). (2012). History. Retrieved from http://www.gbd- e.org/about_history.html What Are GBDe's Former Issue Groups? The GBDe Cybersecurity Issue Group was active until it issued its final recommendations in 2008. Here is a list of some other former GBDe Issue Groups that have focused on cybersecurity in general as well as many related elements (GBDe, 2012).

Ubiquitous Network Society (UNS)

International NFC [Near Field Communication] Payments

Digital Home

Digital Opportunity

Cybersecurity

e-Government

Intellectual Property Rights (IPR)

New Business Models

Securing Electronic Transactions

Spam

Taxation

Trade Reference: Global Business Dialogue on e-Society (GBDe). (2012). Issue Groups. Retrieved from http://www.gbd-e.org/issue_groups.html

UMUC Cybersecurity Capstone CSEC670

What Are GBDe's Active Issue Groups? There are currently two active Issue Groups, which focus on consumer confidence and digital life. Let's examine how these two areas relate directly to cybersecurity.

1. Consumer Confidence: Consumer confidence plays a critical role in e- commerce issues, and this aligns well with the goals of DHS and DoD. After laying the groundwork for the establishment of a global trustmark, the Consumer Confidence group also established numerous multilateral alternative dispute resolution (ADR) arrangements. It also enumerated data privacy protection and traceability issues involved in international e-business transactions (GBDe, 2011).

2. Digital Life: Digital life is GBDe's new name for e-commerce. This name reflects the inclusion of IT-related developments that support corporate use of social networking tools and corporate social responsibility issues. This GBDe group focuses on efforts to control greenhouse gas emissions, as well as the implementation of the Smart Grid to address this issue. The 2010 Group Reflection Paper mentioned the critical role of IT in the development of the Smart Grid (GBDe, 2010).

References: Global Business Dialogue on e-Society (GBDe). (2010). Smart and reliable society (Digital Life Issue Group reflection paper). Retrieved from http://www.gbd-e.org/pubs/Digital_Life_IG_Reflection_Paper.pdf Global Business Dialogue on e-Society (GBDe). (2011). Consumer Confidence (1999-current). Retrieved from http://www.gbd-e.org/ig/cc_top.html

Jack's Thoughts on the Subject Most of the multinational cybersecurity programs that I have examined up until now allow government agencies in multiple countries to cooperate and provide mutual assistance in order to create a stronger cybersecurity posture. With input from private-sector groups like GBDe, government agencies can foster the development of additional alliances. Of course, I presume that these international agreements will have to be supported by the business sectors that they regulate. I think cross-sector approaches to cybersecurity also need to play a role in the development of further international agreements. I will examine some of these next after I send my update to Mary.

UMUC Cybersecurity Capstone CSEC670

Topic 4: Multinational Cybersecurity Programs

Jack's Update 2

Here is a copy of the e-mail Jack sent Mary. From: Jack Snow To: Mary Lewis Subject: Cybersecurity Project—Update 2 Hi Mary, I have learned about some interesting international efforts involving the Department of Defense, including special programs with various U.S. allies. One program, called "Five Eyes," allows for the sharing of sensitive intelligence and cyberterrorism information with Canada, Australia, New Zealand, and the United Kingdom. The fifth "eye" is the United States. As you know, these countries have been among America's biggest and best allies in many military and political conflicts. While this is not the only multinational program for cybersecurity, I am wondering why it has not been expanded. One reason could be language. All of the Five Eyes countries are English-speaking, which removes a major potential operational barrier. Regards, Jack Activity Question 1: Which country is not part of the Five Eyes program? a. Japan b. Australia c. New Zealand d. Canada

Correct Answer: Option a Feedback: The Five Eyes program includes the United States, the United Kingdom, Australia, New Zealand, and Canada. Question 2: Which organization would be a logical candidate to approach if it were decided that an expansion of the Five Eyes program would be desirable? a. The U.S. Secret Service b. The United Nations c. The North Atlantic Treaty Organization (NATO) d. The International Telecommunication Union (ITU) Correct Answer: Option c

UMUC Cybersecurity Capstone CSEC670

Feedback: NATO would seem to be the most logical candidate, because its member countries already have treaties and agreements in place to share information with other nation- states. This is demonstrated by the alliance's recent establishment of an Emerging Security Challenges Division to focus on risks such as cybersecurity.

UMUC Cybersecurity Capstone CSEC670

Topic 5: Approaches to Cybersecurity Programs

Cross-Sector Cybersecurity Working Group

At Mary's suggestion, Jack next decides to assess the cross-sector cybersecurity initiatives undertaken by the Department of Homeland Security. In 2007, DHS established a Cross-Sector Cyber Security Working Group (CSCSWG) with the objective of fostering and developing national preparedness and encouraging the exploration of risk-related interdependencies across public and private critical infrastructure sectors. According to CSCSWG's 2009 National Infrastructure Protection Plan (NIPP),

Key activities needed to enhance CIKR [critical infrastructure/key resources] protection and resiliency over the long term include:

Building national awareness to support the CIKR protection program and related investments by ensuring a focused understanding of the all-hazards risk environment and what is being done to protect and enable the timely restoration of the Nation's CIKR in light of such threats;

Enabling education, training, and exercise programs to ensure that skilled and knowledgeable professionals and experienced organizations are able to undertake NIPP-related responsibilities in the future;

Conducting R&D [research and development] and using technology to improve protective capabilities or resiliency strategies or to lower the costs of existing capabilities so that CIKR partners can afford to do more with limited budgets;

Developing, protecting, and maintaining data systems and simulations to enable continuously refined risk assessment within and across sectors and to ensure preparedness for domestic incident management; and

Continuously improving the NIPP and associated plans and programs through ongoing management and revision, as required (DHS, 2009, p. 81).

Reference: U.S. Department of Homeland Security (DHS). (2009). National Infrastructure Protection Plan: Partnering to enhance protection and resiliency. Retrieved from http://www.dhs.gov/xlibrary/assets/NIPP_Plan.pdf

UMUC Cybersecurity Capstone CSEC670

Continuous Improvement to Enhance Protection of CIKR To help the various participants cooperate more efficiently, the group devised the following NIPP risk management framework. This framework includes a continuous improvement process to improve protection of the national infrastructure.

Source: Based on DHS, 2009, p. 42 Reference: U.S. Department of Homeland Security (DHS). (2009). National Infrastructure Protection Plan: Partnering to enhance protection and resiliency. Retrieved from http://www.dhs.gov/xlibrary/assets/NIPP_Plan.pdf

Jack finds the recommendations specified in the implementation phase of the risk management framework to be relevant to the cybersecurity program he is working on. He jots down the characteristics of effective critical infrastructure protection programs identified in the NIPP. Comprehensive Effective programs must include all aspects of critical infrastructure, such as physical, cyber, and human elements. The programs should also include various timelines pertaining to the short- and long-term activities that will be involved, and ensure that activities are sustainable (DHS, 2009, p. 43). Coordinated Activities must be coordinated among the various actors at their various levels and areas of responsibility (DHS, 2009, p. 43). Cost-Effective Resources are precious, and they need to be focused on achieving the best results through the mitigation of risk (DHS, 2009, p. 44). Risk-Informed Activities need to allow for measurement and evaluation, and they should include conduits for feedback (DHS, 2009, p. 44). Reference: U.S. Department of Homeland Security (DHS). (2009). National Infrastructure Protection Plan: Partnering to enhance protection and resiliency. Retrieved from

http://www.dhs.gov/xlibrary/assets/NIPP_Plan.pdf

UMUC Cybersecurity Capstone CSEC670

What Next? As exemplified in the NIPP framework, various types of participants from the public and private sectors have the opportunity to provide input into efforts that will make our critical infrastructure more resistant and resilient in the face of cyberattack. One particular focus of concern is the reliability of the electric grid. Jack decides to examine a cooperative effort in this area to analyze what has made it successful. Both DoD and DHS have partnered with the private sector and with other countries on efforts to protect the national infrastructure, of which the power grid is a component. The GBDe group of global CEOs also pointed out the criticality of the power grid for its initiatives. It is therefore not surprising that a specific alliance in this critical area is required and has been created. Jack decides to examine this alliance next.

UMUC Cybersecurity Capstone CSEC670

Topic 5: Approaches to Cybersecurity Programs

Smart Grid Cyber Security Working Group

The Energy Independence and Security Act of 2007 directed the National Institute of Standards and Technology (NIST) to coordinate the development of a Smart Grid. The act specified characteristics of the Smart Grid, including:

(1) Increased use of digital information and controls technology to improve reliability, security, and efficiency of the electric grid. (2) Dynamic optimization of grid operations and resources, with full cyber- security. (3) Deployment and integration of distributed resources and generation, including renewable resources (Energy Independence and Security Act of 2007, §1301(1)- (3)).

Reference: Energy Independence and Security Act of 2007, Pub. L. 110-140, §1301 (1)-(3), 121 Stat. 1784 (2007). Retrieved from http://www.gpo.gov/fdsys/pkg/PLAW-110publ140/pdf/PLAW-110publ140.pdf The White House also reinforced the need for the Smart Grid effort in its 2009 Cyberspace Policy Review:

… as the United States deploys new Smart Grid technology, the Federal government must ensure that security standards are developed and adopted to avoid creating unexpected opportunities for adversaries to penetrate these systems or conduct large-scale attacks (The White House, 2009, p. 29).

Reference: The White House. (2009, May). Cyberspace policy review: Assuring a trusted and resilient information and communications infrastructure. Retrieved from http://www.whitehouse.gov/assets/documents/Cyberspace_Policy_Review_final.pdf

In order to accomplish its mission in this area, NIST formed the Cyber Security Working Group (CSWG). This group is made up of experts from both the public and private sectors, and it is tasked with providing recommendations for new standards to support interoperability within the Smart Grid. This diagram represents the elements and stakeholders of NIST's Smart Grid framework.

UMUC Cybersecurity Capstone CSEC670

NIST Smart Grid Framework 1.0

Source: Based on NIST, 2010. Reference: National Institute of Standards and Technology (NIST). (2010, December 23). NIST & the Smart Grid. Retrieved from http://www.nist.gov/smartgrid/nistandsmartgrid.cfm

While current Smart Grid developments have occurred at the national level for each country that has joined in this effort, NIST has foreseen the need for coordinated and harmonized international standards. These standards are developed with the intent of yielding broader export potential for Smart Grid products, as well as related cost efficiencies for Smart Grid product manufacturers. To encourage coordination among the stakeholders, NIST has encouraged bilateral and multilateral engagements in this area. Canada, Mexico, Brazil, the European Union, Japan, South Korea, Australia, India, and China have already committed to cooperation on the Smart Grid (DOC, 2010). Results from this international coordination effort are already apparent, as demonstrated by an announcement from Honeywell, which will be assisting China's State Grid Electric Power Research Institute to create the country's first power demand response project. This initiative will focus on reducing the negative effects of power peak loads (Honeywell, 2012). Honeywell has also been selected to conduct an automated demand response pilot project in Europe (SmartGridNews, 2011).

References: Honeywell International Inc. (Honeywell). (2012, January 5). Honeywell and TEDA launch China's first demand response project under United States-China Smart Grid cooperative. [Press release]. Retrieved from http://honeywell.com/News/Pages/Honeywell-And-TEDA-Launch-China%E2%80%99s-First-Demand- Response-Project-Under-United-States-China-Smart-Grid-Cooperative.aspx SmartGridNews. (2011, October 6). Honeywell tapped for Europe's first commercial and industrial automated DR pilot. Retrieved from http://www.smartgridnews.com/artman/publish/Technologies_Demand_Response/Honeywell-tapped-for- Europe-s-first-commercial-and-industrial-automated-DR-pilot-4059.html

UMUC Cybersecurity Capstone CSEC670

U.S. Department of Commerce (DOC). (2010, July 20). Smart Grid: Domestic and international partnerships and programs. [Presentation by Shannon Fraser, Office of Energy and Environmental Industries, International Trade Administration]. Retrieved from http://www.nist.gov/smartgrid/upload/South_Korea_Smart_Grid_July_20_2010.pdf

UMUC Cybersecurity Capstone CSEC670

Topic 6: Cybersecurity Programs in Private Industry

Microsoft Internet Safety and Anti-Piracy Efforts

In a recent assessment of its work, Microsoft reported on many of its past and future Internet safety-related efforts in the areas of product development and cybersecurity awareness. Slide 1 Microsoft improved its Internet browser security functionality so users are better- equipped to protect their privacy from malware. Microsoft also ensured that privacy- protecting features were built into its Kinect for Xbox360 so sensitive user information gathered by the device cannot be misused (Burt, 2011). Reference: Burt, D. (2011, October 5). Microsoft 2011 citizenship report: Privacy & safety. Microsoft Privacy & Safety. Retrieved from http://blogs.technet.com/b/privacyimperative/archive/2011/10/05/microsoft-2011- citizenship-report-privacy-amp-safety.aspx

Slide 2 Microsoft assisted in the development and implementation of technology by Facebook and other online service providers to remove child pornography images from the Internet. It has also implemented new internal privacy standards for employees to foster the integration of privacy in all organizational processes (Burt, 2011). Reference: Burt, D. (2011, October 5). Microsoft 2011 citizenship report: Privacy & safety. Microsoft Privacy & Safety. Retrieved from http://blogs.technet.com/b/privacyimperative/archive/2011/10/05/microsoft-2011- citizenship-report-privacy-amp-safety.aspx

Slide 3 In the area of cybersecurity, Microsoft's Digital Crimes Unit helped to take down a botnet that was operating with more than a million malware-infected computers. The unit has also provided assistance and tools to global computer emergency response teams to remove malware from infected computers. Microsoft continues to support foreign governments' efforts to fight cybercrime (Burt, 2011). Reference: Burt, D. (2011, October 5). Microsoft 2011 citizenship report: Privacy & safety. Microsoft Privacy & Safety. Retrieved from http://blogs.technet.com/b/privacyimperative/archive/2011/10/05/microsoft-2011- citizenship-report-privacy-amp-safety.aspx

Slide 4 Microsoft assisted the European Commission by helping to create 2CENTRE, which will support European cybercrimefighting efforts. In addition, Microsoft has created the Digital Crimes Community Portal, which is used by law enforcement agencies to fight cybercrime (Burt, 2011). Reference: Burt, D. (2011, October 5). Microsoft 2011 citizenship report: Privacy & safety. Microsoft Privacy & Safety. Retrieved from http://blogs.technet.com/b/privacyimperative/archive/2011/10/05/microsoft-2011- citizenship-report-privacy-amp-safety.aspx

Slide 5 Microsoft has continued to foster cybercrime awareness with policymakers and multilateral organizations like the Organization for Economic Co-Operation and Development (OECD) and the Council of Europe so that member countries can

UMUC Cybersecurity Capstone CSEC670

understand the rising need for legal frameworks and comprehensive legislative tools that will support their mutual anti-cybercrime efforts (Burt, 2011). Reference: Burt, D. (2011, October 5). Microsoft 2011 citizenship report: Privacy & safety. Microsoft Privacy & Safety. Retrieved from http://blogs.technet.com/b/privacyimperative/archive/2011/10/05/microsoft-2011-

citizenship-report-privacy-amp-safety.aspx

Slide 6 Microsoft continues to support cybersafety and data privacy through its Web portals. It also sponsors National Cyber Security Awareness Month, Safer Internet Day, and Data Privacy Day, and works with educational institutions to host Family Online Safety Nights (Burt, 2011). Reference: Burt, D. (2011, October 5). Microsoft 2011 citizenship report: Privacy & safety. Microsoft Privacy & Safety. Retrieved from http://blogs.technet.com/b/privacyimperative/archive/2011/10/05/microsoft-2011- citizenship-report-privacy-amp-safety.aspx

Slide 7 In order to develop a global solution to cybersecurity problems, Microsoft has partnered with public and private organizations to address the threat of piracy. Microsoft compiles its global enforcement actions against piracy into an interactive map, available at http://www.microsoft.com/presspass/presskits/antipiracy/interactiveMap.aspx (Microsoft, 2012). Reference: Microsoft. (2012). Global Play Fair Day virtual presskit. Microsoft News Center. Retrieved from http://www.microsoft.com/presspass/presskits/antipiracy/interactiveMap.aspx

Slide 8 Microsoft's public awareness efforts have met with some success, as was demonstrated in 2007, when Microsoft customers assisted the company by using reporting tools to provide legal evidence that was used to build a case against a global software counterfeiting group based in China (Microsoft, 2007).

Reference: Microsoft. (2007, July 24). Raids in southern China target $2 billion global software counterfeiting syndicate. Microsoft News Center. Retrieved from http://www.microsoft.com/presspass/press/2007/jul07/07- 24CounterfeitingSyndicatePR.mspx

UMUC Cybersecurity Capstone CSEC670

Topic 6: Cybersecurity Programs in Private Industry

Symantec's Initiatives

Other security product vendors have also joined forces with national groups to assist with cybersecurity issues. Symantec's commitment to close cooperation with the National Cyber-Forensics & Training Alliance (NCFTA) demonstrates how public-private partnerships can offer critical advantages in providing improved cybersecurity (Symantec, 2006). The NCFTA believes that collocating cybersecurity defense resources will assist participants by building trust and increasing the likelihood of resource sharing. As a nonprofit corporation, the NCFTA has addressed the issues of cybercrime by facilitating the cooperation of global experts from all sectors (NCFTA, 2010). The alliance currently performs its duties through six initiatives that focus on the cybersecurity areas of Internet fraud alert, malware and botnet, pharmacy, phishing, e- commerce-related shipping, and financial services (NCFTA, 2010). Symantec has committed to participating in alliance-related initiatives through its global sponsorships of threat awareness initiatives, cybercrime investigation conferences, and internships with NCFTA. References: National Cyber-Forensics & Training Alliance (NCFTA). (2010). About the NCFTA. Retrieved from http://www.ncfta.net/about-ncfta Symantec. (2006, November 13). Symantec phish report network opens to consumers worldwide; National Cyber-Forensics and Training Alliance joins Symantec’s leading antifraud community, distributing data to law enforcement officials. [Press release]. Retrieved from http://www.symantec.com/about/news/release/article.jsp?prid=20061113_02

UMUC Cybersecurity Capstone CSEC670

Topic 6: Cybersecurity Programs in Private Industry

Intel's Purchase of McAfee

While software companies like Microsoft and Symantec have been partnering for knowledge sharing, some hardware vendors have been proactively investing in cybersecurity defenses to make their products more valuable in the future. In 2010, Intel purchased McAfee, a security software company, to change its strategic focus from that of an energy-efficient performance and Internet connectivity company to one that now includes security as a critical component. Intel expects rapid and explosive expansion of Internet-connected devices and an increasing dependence on wireless mobility. It feels that having the expertise provided by McAfee will allow it to meet the challenges presented by this technologically complex environment. According to Intel, this environment will require a new model for protection. It will require the development of new hardware, software, and services in order to provide Intel's customers with a more secure online experience (Intel, 2011). Reference: Greenberg, S. (2011, February 28). Intel completes acquisition of McAfee. [Press release]. Intel Newsroom. Retrieved from http://newsroom.intel.com/community/intel_newsroom/blog/2011/02/28/intel- completes-acquisition-of-mcafee

Jack's Thoughts on the Subject Given the nature of the Smart Grid-related devices that are in development, it would appear that Intel's move to acquire McAfee places it in a critical position to build security proactively within this ubiquitous Internet-connected equipment.

UMUC Cybersecurity Capstone CSEC670

Topic 6: Cybersecurity Programs in Private Industry

Jack's Update 3

Here is a copy of the e-mail Jack sent Mary. From: Jack Snow To: Mary Lewis Subject: Cybersecurity Project—Update 3 Hi Mary, For the past two decades or more, industry experts and observers have tried to understand which Commercial Off-the-Shelf (COTS) software products from various vendors are more secure than others. Some industry giants are working hard to make their systems more secure and to simultaneously be part of private-sector efforts that deal with Internet safety, anti-piracy, anti-child pornography, and other efforts to help all users develop safe computing practices. Regards, Jack Activity Question 1: Which of the following is a private-sector organization that works to protect the global online economy? a. International Chamber of Commerce b. The Global Business Dialogue on e-Society c. The Federal Bureau of Investigation d. The International Telecommunication Union Correct Answer: Option b Feedback: The Global Business Dialogue on e-Society is a private-sector organization that works to protect the global online economy. The International Chamber of Commerce (ICC) is focused on promoting commerce on a worldwide basis. The FBI mission deals with counter-terrorism activities and complex domestic crimes. The ITU is a standard setting body. Question 2: Which country is not involved in a cybersecurity-related mutual legal assistance treaty with the United States? a. Australia b. Germany c. Poland d. North Korea Correct Answer: Option d

UMUC Cybersecurity Capstone CSEC670

Feedback: The United States does not have an MLAT with North Korea. North Korea has for many decades been an adversary of the United States and many of its allies; especially, Japan. It is highly unlikely that that an MLAT will be established with this Communist nation until its government stops its nuclear weapons development program and/or there is a change of government. Question 3: Which organization did DHS establish in 2007 to study potential cybersecurity risks among various organizations in different industries? a. CERT/CC b. NIST c. CSCSWG d. The Energy ISAC Correct Answer: Option c Feedback: The Cross-Sector Cyber Security Working Group (CSCSWG) was established to study potential cybersecurity risks among various organizations in different industries. By taking such a cross-sector approach to cybersecurity the organization is able to identify specific threats that face companies in the sector. In addition, this effort may also examine potential vulnerabilities that are applicable to more than one individual industry. Question 4: The Energy Independence and Security Act of 2007 assigned responsibility for the Smart Grid Working Group to which federal government entity? a. DoD b. USSS c. DHS d. NIST Correct Answer: Option d Feedback: The National Institute of Standards and Technology (NIST) is charged with coordinating the Smart Grid Working Group. This working group focuses on ways to share information about risk management techniques and the existing vulnerabilities in the Smart Grid which is largely viewed as one of the most vulnerability components of the U.S. Critical Infrastructure.

UMUC Cybersecurity Capstone CSEC670

Topic 7: Public Awareness and Education

The Programs

Introduction After having assessed numerous alliances and partnerships formed to increase and share the technical knowledge required to mitigate current and future cyberthreats, Jack moves on to looking into cybersecurity public awareness and education programs. He decides to examine the following programs:

Microsoft education programs

The Stop.Think.Connect. campaign

Awareness programs for K-12 students

Federal Trade Commission identity theft awareness programs Microsoft Education Programs Microsoft sponsors many consumer-oriented educational Web sites. Sites such as Staysafe.org have been subsumed under the Microsoft Safety & Security Center Web portal. The Safety & Security Center has various areas of interest to consumers. It offers information on computer security, as well as online privacy and safety. It also provides educational resources related to cybersecurity by providing direction on how to become a successful Microsoft digital citizen. This resource provides free educational materials that can be used to teach others how to stay safe online. Microsoft also co-sponsors the GetNetWise education portal initiative. This portal was launched in 2007 by a coalition of technology, media, commercial, and nonprofit organizations for the purpose of educating parents and children about the importance of online safety (Project Online Safety, 2007). Its most recent project was to develop a digital safety and security advice application for Android smartphones and tablets (GetNetWise, 2011). References: GetNetWise. (2011, January 31). Download 1st-ever digital safety app for your smartphone. Retrieved from http://www.getnetwise.org/blog/2011/01/31/download-1st-ever-digital-safety-app-for-your-smartphone/ Project Online Safety. (2007, February 7). Major technology and media organizations, non-profits launch Project Online Safety: Educational campaign to promote Internet safety via online portal, PSAs. [Press release]. Retrieved from GetNetWise.org Web Site: http://www.getnetwise.org/press/POS-release.pdf

The Stop.Think.Connect. Campaign The Department of Homeland Security has launched a national public awareness effort to educate the American public about online security. Stop.Think.Connect. views Internet safety as a responsibility that is shared among all participants. DHS has partnered with various private organizations, including the Young Women's Christian Association (YWCA), to assist in delivering its cybersecurity message and in promoting October as National Cyber Security Awareness Month (DHS, 2011b). DHS sponsors the Awareness Month campaign in cooperation with the National Cyber Security Alliance (NCSA) and the Multi-State Information Sharing and Analysis Center (MS-ISAC) (DHS, 2011c). The DHS Web site also offers additional educational materials on the campaign and cybersecurity in general, as well as other ways for individuals and organizations to get involved. As of June 2011, 8,000 individuals have joined with Stop.Think.Connect. as Friends of the Campaign and have hosted Cyber Citizen Forums nationwide (DHS, 2001a).

UMUC Cybersecurity Capstone CSEC670

References: U.S. Department of Homeland Security (DHS). (2011, June 1). Campaign launches Just One initiative. Retrieved from http://www.dhs.gov/files/events/stop-think-connect-news.shtm#9 U.S. Department of Homeland Security (DHS). (2011, October 12). Secretary Napolitano announces Stop.Think.Connect. campaign partnership with the YWCA. [Press release]. Retrieved from http://www.dhs.gov/ynews/releases/20111012-stop-think-connect-and-ywca.shtm U.S. Department of Homeland Security (DHS). (2011, October 27). National Cyber Security Awareness Month. Retrieved from http://www.dhs.gov/files/programs/gc_1158611596104.shtm

Awareness Programs for K-12 Students DHS partnered with public and private organizations to establish the National Cyber Security Alliance (NCSA) in 2001. This nonprofit organization focuses on promoting cybersecurity awareness to consumers, small- and medium-size businesses, and students in grades K-12 (NCSA, n.d.-a). The NCSA recommends education programs in cybersecurity, cybersafety, and cyberethics. These educational programs include

The C-SAVE (Cyber Security Awareness Volunteer Education) program, which provides teaching materials and enlists the support of volunteer educators

National K-12 studies that evaluate the state of cybersecurity training in U.S. schools

According to the NCSA, the results of the 2011 study indicated "that young people still are not receiving adequate training and that teachers are ill-prepared to teach the subjects due, in large part, to lack of professional development" (NCSA, n.d.-b). References: National Cyber Security Alliance (NCSA). (n.d.). National Cyber Security Alliance in brief. Retrieved from White House Web site: http://www.whitehouse.gov/files/documents/cyber/National%20Cyber%20Security%20 Alliance%20in%20Brief%203%209%2009.pdf National Cyber Security Alliance (NCSA). (n.d.). NCSA's national K-12 studies. Retrieved from http://www.staysafeonline.org/in-the-classroom/ncsa%E2%80%99s-national-k-12-studies

FTC Identity Theft Awareness Programs In order to address consumer concerns regarding the issues of cybersecurity and identify theft, and to address the burden these issues place on the U.S. financial system, the White House established the President's Identity Theft Task Force in 2006. This task force has marshaled the resources of many federal agencies. To support the goals of the task force's strategic plan, the Federal Trade Commission (FTC) focused its efforts in the areas of law enforcement, education, and government safeguards (President's Task Force on Identity Theft, n.d.). Among its accomplishments, the FTC has issued recommendations on the use of Social Security numbers in the private sector; created an identity theft information resources Web site; and produced various educational and awareness materials for businesses, consumers, and military personnel. The commission's Bureau of Consumer Protection is responsible for collecting consumer complaints about identity theft through a victim assistance call center. The bureau turns these complaints over to law enforcement agencies (FTC BCP, 2007). The FTC has also published its Identify Theft Victims'

UMUC Cybersecurity Capstone CSEC670

Statement of Rights to assist identity theft victims in dealing with the numerous factors that can complicate the resolution of identity theft (FTC BCP, n.d.-b). On the regulation front, the FTC required financial institutions and creditors to implement written identify theft prevention programs (FTC BCP, n.d.-a). References: Federal Trade Commission, Bureau of Consumer Protection (FTC BCP). (n.d.). Fighting fraud with the Red Flags Rule. Retrieved from http://www.ftc.gov/bcp/edu/microsites/redflagsrule/index.shtml Federal Trade Commission, Bureau of Consumer Protection (FTC BCP). (n.d.). Identity Theft Victims' Statement of Rights. Retrieved from http://www.ftc.gov/bcp/edu/microsites/idtheft/consumers/rights.html Federal Trade Commission, Bureau of Consumer Protection (FTC BCP). (2007, October 23). Division of Privacy and Identity Protection. Retrieved from http://www.ftc.gov/bcp/bcppip.shtm President's Identity Theft Task Force. (n.d.). About the task force. Retrieved from http://www.idtheft.gov/about.html

UMUC Cybersecurity Capstone CSEC670

Topic 7: Public Awareness and Education

Jack's Update 4

Here is a copy of the e-mail Jack sent Mary. From: Jack Snow To: Mary Lewis Subject: Cybersecurity Project—Project Wrap-Up Hi Mary, Due to the growth in Internet-based technologies—whether they are tablets, smartphones, gaming systems, or netbook computers—there is an important need for the public to be aware of and educated about cybersecurity threats. While we have taken a serious approach to this need here in our organization, we know there is always more that can be done. Various organizations and government agencies have developed programs to spread the word about and address cyberthreats such as spoofing attacks, child pornography, fraud, and computer crime. However, I feel that there is more that should be done in this area. Thank you very much for asking me to handle this project. I think I am now better- informed about today's cybersecurity landscape. I will now be able to develop an effective, all-encompassing cybersecurity program involving various state and nonstate partners. Regards, Jack Activity Question 1: Which of the following areas is dealt with by a division of the Federal Trade Commission? a. Antivirus software b. Counterfeit currency c. Identity theft d. Child pornography Correct Answer: Option c Feedback: The FTC has a dedicated division that deals exclusively with identity theft. Different organizations focus on the other cybersecurity challenges. For example, the FBI leads the country’s efforts against child pornography while the U.S. Secret Service deals with combating the forgery of U.S. currency.

UMUC Cybersecurity Capstone CSEC670

Question 2: Which group of students is it most important to educate about Internet safety and security? a. Undergraduate students b. Graduate students c. K-12 students d. None of the above Correct Answer: Option c Feedback It is most important to educate students in grades K-12 about Internet safety and security. This is because the K-12 group represents the youngest age group that is also considered highly vulnerable to pedophiles, cyberstalking, cyberbullying, and other crimes.

UMUC Cybersecurity Capstone CSEC670

Topic 8: Summary

We have come to the end of Module 5. The key concepts covered in this module are listed below.

When developing a cybersecurity program that involves other organizations, such as the Department of Defense (DoD) and the Department of Homeland Security (DHS), it is important to consider relevant regulations and the best practices of these organizations.

Existing international cybersecurity programs operated by DoD and DHS should be considered when an organization has to garner U.S. government support for collaboration with foreign organizations.

DoD's multinational cybersecurity programs include the Five Eyes program and bilateral Mutual Legal Assistance Treaties (MLATs). In the private sector, the Global Business Dialogue on e-Society (GBDe) group is one of the organizations that studies international cybersecurity issues.

If an organization's cybersecurity program involves the private sector, the organization should study successful cybersecurity programs already in existence in private industry.

Private-sector cybersecurity programs include Microsoft's Internet safety and anti-piracy initiatives, Symantec's efforts to collocate with the National Cyber- Forensics & Training Alliance (NCFTA), and Intel's cybersecurity strategy.

Multisector and cross-sector cybersecurity programs include those employed by the Cross-Sector Cyber Security Working Group (CSCSWG) and the Smart Grid Cyber Security Working Group (CSWG).

Cybersecurity awareness and education programs worth considering include those sponsored by the National Cyber Security Alliance; DHS's Stop.Think.Connect. campaign; child awareness programs in the K-12 sector; and the FTC's identity theft awareness programs.

UMUC Cybersecurity Capstone CSEC670

Glossary

Term Definition

Near Field Communication (NFC)

Near Field Communication (NFC) are used in wireless technology for contactless cards and mobile phones.

Trustmark A trustmark is an agreed-upon participatory framework that facilitates cross-border e-commerce.

Cyberethics Cyberethics are ethical rules for cyberspace that allow civil dialogue and usage.

Smart Grid The Smart Grid is an electricity procurement and delivery system that uses sophisticated technology to make the electricity delivery grid more efficient.