November 2013 Monthly Highlights

January 15, 2014

ISA Accomplishments and Activities for November 2013

  • New National Infrastructure Protection Plan (NIPP) Draft Embraces ISA Proposals on Key Elements such as Risk, Economics of Cyber Security and Relationship/Responsibilities of Industry and Government.  DHS Acting Under Secretary Suzanne Spaulding personally called ISA to inform us that the final DHS adjudication group had accepted a series of critical, changes ISA had suggested for the new NIPP, which was called for by Presidential Policy Directive 21. The NIPP re-write has now been submitted to the White House, and it reflects ISA Social Contract constructs, such as the different ways industry and government assess risk – particularly the economic differences between the public and private sectors – and the need for an altered government industry relationship that better appreciates industry’s needs and contributions.
  • The U.S. State Department Hosts and Funds ISA Tour in India.  Appreciative of the ISA’s views on the cyber security, including the need to address cyber security on an international basis, the State Department requested that ISA conduct a sponsored tour throughout India to promote cyber security awareness, international cooperation and government industry partnerships. Although the US Embassy organized and paid for the tour, ISA was given neither instruction nor advice regarding issues to address or how to address them. ISA maintained total editorial control over all content. The US Embassy arranged a packed agenda, including meetings with senior Indian government officials, industry groups, media and academia.
  • ISA Asked to Represent Industry at Critical Infrastructure Advisory Council (CIPAC) Annual Meeting.  The CIPAC was created by law as an umbrella government-industry group and granted special powers to operate in partnerships to assist in joint critical infrastructure protection. At this year’s annual meeting, ISA was the designated industry representative to speak on the panel on how the industry-government relationship needs to be adjusted under PPD 21. This is the third time ISA has been asked to provide the sole industry keynote at an official industry/government event related to the development of the President’s Executive Order.  In October, ISA President Clinton was the sole industry keynote speaker at a National Press Club roll-out event for the draft release of the NIST Preliminary Cybersecurity Framework.
  • ISA Outlines “Beta-Test” Proposal.  ISA publically introduced the idea that the NIST Framework should be “beta tested” with targeted elements of the critical infrastructure before being generally deployed.  ISA’s proposal, built on discussions at the October Board meeting, follows what is normally done during the roll out of any major product or service in the private sector.  The proposal calls for testing what “adoption” means functionally, what the costs of adoption would be, and what incentives could be deployed to offset costs. The idea has generated substantial interest in the community. It was a major topic at the final NIST clinic, CIPAC meeting and has been discussed in Computerworld, Inside Counsel, CSO Online, and BankInfoSecurity.
  • CSG International Joined the ISA Board.  CSG International, Inc., is a market-leading business support solutions and services company serving the majority of the top 100 global communications service providers, including fellow ISA sponsors Verizon and Vodafone. Our new Board member from CSG will be Paul Nguyen, Division President, Global Cyber Solutions.