Upload File

commercial sector readiness national security … · 2018-02-13 · is the commercial sector ready...

  • Home
  • Documents
  • COMMERCIAL SECTOR READINESS NATIONAL SECURITY … · 2018-02-13 · Is the commercial sector ready for rising threat levels? When it comes to the increasing cybersecurity risk faced
4
COMMERCIAL SECTOR READINESS NATIONAL SECURITY CYBERSECURITY IMPERATIVE LEADERSHIP RECOMMENDATIONS

Upload: others

Post on 17-Mar-2020

1 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: COMMERCIAL SECTOR READINESS NATIONAL SECURITY … · 2018-02-13 · Is the commercial sector ready for rising threat levels? When it comes to the increasing cybersecurity risk faced

COMMERCIAL SECTOR READINESS

NATIONAL SECURITY CYBERSECURITY IMPERATIVE

LEADERSHIP RECOMMENDATIONS

Page 2: COMMERCIAL SECTOR READINESS NATIONAL SECURITY … · 2018-02-13 · Is the commercial sector ready for rising threat levels? When it comes to the increasing cybersecurity risk faced

Is the commercial sector ready for rising threat levels?

When it comes to the increasing cybersecurity risk faced by commercial companies, leaders in government, private enterprise and academia express varying opinions. However, a common thread is a shared sense that leaders feel overwhelmed by the growing threats and see a lack of focus and commitment to basic — but often difficult — principles across their operations. Many people, including those at organizations’ highest levels, assume cybersecurity has become a problem we cannot fix. But we can.

Organizations should consider a few key points for developing, maintaining and maturing responsible cybersecurity governance practices.

Establish a frameworkPotential threats extend to every part of running a business. Most business leaders — especially those reading this report — understand the rising risk to their general and administrative networks. One of the greatest increases in threats, however, is to operational technology. Automation has made building management and factories faster and more efficient than ever. It has also made them susceptible to attack. The interfaces that control this machinery require diligent cybersecurity measures — from software patches to constant monitoring for signs of tamper. Anything short of that puts the assembly line, products and customers at risk.

The sheer breadth of issues and the depth of potential impact that cyber risk can have on every element of an enterprise present a foundational management challenge. To address this challenge, leadership at the very highest levels — not stopping at the information security team or chief information security officer — needs to adopt a common framework for cyber risk management across the entire enterprise. Such a framework is critical to providing leadership with the broad visibility and strategic prioritization they need to responsibly manage cyber risk.

Although no standard of care or universal mandatory framework currently exists, leaders would be wise to adopt the Cybersecurity Framework issued by NIST, allowing them to tap into the common language being adopted by organizations and governments worldwide. The Framework’s five core functions and 22 categories offer a broadly applicable plain language, layperson’s approach to cybersecurity’s key concepts while also providing specific mappings to international standards with detailed implementation guidance. The Framework also offers recommendations on achieving organizational goals, easing the way for cooperation with the U.S. government.

Page 3: COMMERCIAL SECTOR READINESS NATIONAL SECURITY … · 2018-02-13 · Is the commercial sector ready for rising threat levels? When it comes to the increasing cybersecurity risk faced

Build a solid foundationOrganizations should start simple, with a focus on robust and consistent use of basic and cost-effective cybersecurity measures. Often, organizational leaders overlook and undervalue the importance of good asset management policies and processes for cybersecurity. Many discussions of cybersecurity focus on the importance of identifying an organization’s so-called “crown jewels” or high-value assets. While this focus is important, it is impossible to identify the highest-value assets, much less to begin to properly secure them, if an organization does not first have a complete understanding of the full range of its assets and how they are interconnected.

Depending on an organization’s mission and operations, a particular dataset or piece of intellectual property could be a crown jewel, but so too might be a key function used to access or process that data. Moreover, due to the highly interconnected nature of cybersecurity, organizations that do not have a comprehensive understanding of how all assets and operations are connected will be limited in their ability to verify whether cybersecurity investments are sound. For example, they may be pouring resources into protection of their so-called crown jewels while completely neglecting equally critical gaps in their defenses resulting from distinct but related network connections, access points or processes.

Developing a robust asset management program that can keep up with an organization’s changing operations, strategic partners and technological needs requires substantial and ongoing resource investment, but can pay dividends by providing a clear picture of what needs to be protected. This picture will provide the basis for informed decisions on other investments in cybersecurity measures as well as significant cost savings if an incident occurs.

Measure your progressTo build on a strong foundational cybersecurity program strategically and cost effectively, organizational leaders should push to identify key metrics and require reporting on them. Metrics should relate to specific elements of the organization’s established framework and measure both effectiveness of basic cybersecurity measures and how well and broadly these measures are being implemented companywide.

Organizations could collect and track an infinite number of performance measures. As with standards of care and risk frameworks, there is no universal set of cybersecurity metrics. And, the various cybersecurity-related laws call for relatively few metrics. Beyond legal and contractual requirements, leaders should select and track metrics that demand robust application of the basics and promote understanding of business risk.

The metric of dwell time — the amount of time an intruder was able to make use of your assets — is a useful example. This number, easy to report and understand, shows a trend easily tied to a security posture’s effectiveness. Focusing on this metric promotes the effort of first trying to prevent an attacker, but then seeking to limit their presence once on your network, which can be achieved through good security technology, an educated workforce, efficient processes and robust hygiene. Security improves as the dwell-time number declines.

The diversity of perspectives on cybersecurity is nearly as broad as the diversity of organizations themselves. However, a common thread among many enterprises is a shared sense that leaders feel overwhelmed by the growing threats, and see a lack of focus and commitment to basic — but often difficult — principles across their business operations and supply chain. Many people — including those at the highest levels — assume cybersecurity has become a problem we cannot fix. But we can.

By focusing first and foremost on building a robust companywide cybersecurity governance program, informed by the entirety of the enterprise’s operational perspectives — from HR and Supply Chain to Manufacturing and Engineering — and by measuring and incentivizing risk-weighted priorities, leadership can manage those risks and remain resilient in the face of ever-changing threats.

Page 4: COMMERCIAL SECTOR READINESS NATIONAL SECURITY … · 2018-02-13 · Is the commercial sector ready for rising threat levels? When it comes to the increasing cybersecurity risk faced

When everything is connected, security is everything: That’s why Raytheon delivers solutions based on its decades of experience on the front lines of the cyber domain for government agencies, businesses and nations. With decades of experience in protecting information across domains, Raytheon builds the most advanced cyber defenses into operational systems to safeguard what matters most. From hardening defense systems against intruders to protecting critical infrastructure and data, we ensure critical missions continue when combatting cyber threats. In 2016, the company formed Forcepoint, a commercial-facing business, to offer companies defense-grade cyber products created from Raytheon’s experience in keeping national security networks resilient while under attack. Raytheon is headquartered in Waltham, Massachusetts.

The Kogod Cybersecurity Governance Center (KCGC) at American University aims to promote responsible cybersecurity governance by providing organizational leaders and their designees with thoughtful, practical and well-supported guidance on the cybersecurity issues that are essential to their core stakeholder responsibilities. The KCGC is collocated with the Kogod School of Business at American University’s location in Washington, DC., giving it a unique position to access, integrate, synthesize and report on leading-edge research and practice in the private and public sectors.

Raytheon Intelligence, Information and Services22270 Pacific Boulevard Sterling, Virginia 20166USA

raytheon.com

This document does not contain technology or Technical Data controlled under either the U.S. International Traffic in Arms Regulations or the U.S. Export Administration Regulations. Approved for release. RGEMS E18-M4YG. © 2018 Raytheon Company. All rights reserved. Printed in the U.S.A. AM 2/8 4454464


Turkish Pulses Sector has faced many difficulties in 2008

Commercial structural refurbishment for the commercial sector

growth challenges faced by SMEs in the ICT sector in Zimbabwe

STG Commercial Sector Experience

Ss Group Commercial Sector 86 Gurgaon - 9999650991

Commercial opportunities in the Open Data sector

Sector Consultation: Commercial Landlords

Commercial private health sector

New commercial project in gurgaon sector 70

COMMERCIAL WHALING IN THE NORTH PACIFIC SECTOR

Sector summary commercial

Marteking strategies in commercial banking sector

Assessment Issues in Commercial Cookery …. EXECUTIVE SUMMARY The Fellowship ‘Assessment Issues in Commercial Cookery Education: A Finnish Perspective’ focuses on challenges faced

Investors, Insight Investment, Railpen Superannuation ... · The UK commercial property sector: the adaptation challenge The UK commercial property sector is faced with major challenges

A Study of Obstacles Faced by Institutes in Ukraine · A Study of Obstacles Faced by Institutes in Ukraine ... • The commercial potential from scientific discoveries and technology

Evaluation of China’s Commercial Space Sector

Corporate & Commercial Trends in the UK hotel sector · Royal Bank of Scotland | Corporate & Commercial 1 Trends in the UK hotel sector Summer 2015 Corporate & Commercial

Pools Design for Residential and Commercial Sector

INVESTIGATING THE ETHICAL CONSIDERATIONS FACED BY …...INVESTIGATING THE ETHICAL CONSIDERATIONS FACED BY SMALL BUSINESS ENTREPRENEURS IN THE INFORMAL SECTOR: ZANDSPRUIT TOWNSHIP,

Commercial Aviation Sector Update Doric Aviation … Aviation Day... · Commercial Aviation Sector Update Doric Aviation Day ... jets ex-US market Used aircraft availability Commercial

Challenges Faced by Public Sector Institutions in Adopting Entrepreneurial Skills …hrmars.com/hrmars_papers/Challenges_Faced_by_Public... · 2015-06-13 · Challenges Faced by Public

Commercial Sector Applications of GIS

Latest Development of China’s Banking Sector Challenges faced by China’s State-owned commercial banks Our response to the Challenges

SECTOR - Yamuna Expresswayyamunaexpresswayauthority.com/sites/default/files/... · SECTOR COMMERCIAL SECTOR FACILITY SECTOR PARK AND GREEN SECTOR BOUNDARY INDUSTRIAL PLOTS INDUSTRIAL

Australian Commercial Building Sector Greenhouse Gas ... · Australian Commercial Building Sector Greenhouse ... Australian Commercial Building Sector Greenhouse Gas ... greenhouse

Challenges Faced In Psv Insurance Sector In Kenya: How

OFFICES, THE COMMERCIAL SECTOR AND “NORTH-SHORING” · OFFICES, THE COMMERCIAL ... taken up in Manchester’s commercial property sector in the first half of 2019. This represents

Mid-tier commercial buildings sector report

Obstacles Faced by Underrepresented Groups and Solutions ... · 12/6/2019  · Obstacles Faced by Underrepresented Groups & Solutions to Ameliorate Them Government Sector . Pedro

Challenges Faced by Public Sector Insurance[1]

A Survey Of Challenges Faced By Kenya Commercial Bank Ltd

Review of Draft Commercial Sector Conservation Assessment

research project report on challenges faced by working women in private sector banks

Challenges Faced in Indian Construction Sector

THAILAND COMMERCIAL FISHING SECTOR SURVEY AND …