Commerce Secretary on Collaboration

Our forum likes the speech the Commerce Secretary Penny Pritzker gave at the US Chamber of Commerce Cyber Security Summit Tuesday.

” Even though the internet is now ubiquitous in our lives Cyber is the only domain where we ask private companies to defend themselves against Russian, China, Iran, and other nation states. …..

Commerce Secretary penny pritzker
Commerce Secretary Penny Pritzker

Government has a solemn obligation   to protect our people against systemic threats to our national and economic security.

Cyber attacks can not be handled exclusively by our governments law enforcement, military and intelligent services, nor are federal regulations able to keep pace with ever evolving cyber threats. ….

Through  law and rule making congress and federal agencies intact solutions for our nations challenges Companies then react with compliance. ……

But laws and regulations alone cannot protect us from the emerging cyber threats….

Our cyber advisories constantly deploy new and evolving methods to exploit vulnerability’s and inflict harm on our country……

Just weeks ago the Pegasus attack represented an unprecedented attack on Apples iOS platform. No static checklist, no agency role, no reactive regulation alone is capable of thwarting a threat we can not foresee.

The federal government cannot regulate cyber risk out of existence.  What we can do is work with you. Business leaders, technical experts and cybersecurity professionals, to better manage cyber risk.

Commerce believes this requires a new proactive collaborative approach between government and industry. One not reliant on static requirements but on vigilant continuous cyber risk management.

We need is a joint defense posture with real public private partnerships.

These are nice words but actually how do we turn them into action and reliable protection.

We need government and industry to speak the same language of cyber risk because we can not work together without understanding each other.

We new laws to facilitate continuous candid collaboration between industries and agencies outside of the enforcement space.

We need to work together to counter threats and deploy technical solutions that bake securities into innovation.

The Cyber Security Framework is the primary tool to evaluate cyber security posture…

Last month the FTC used the Cyber Security Framework lexicon of Identify, Protect, Detect, Respond, and Recover. The FTC detailed over 60 enforcement actions for data-breaches in a manor that CEO’s and CIOS can easily plug them into their own operations to improve their cyber security…….”

Commerce Secretary, Penny Pritzker 27 September 2016
US Chamber of Commerce Annual Cyber Security Summit

 

 

 

 

Mission Driven Services Enabled by Cyber Resilience

Evidence of mission driven cyber resilient services– Board Room
– Workforce
– Cyber Insurance Companies
– Supply Chain Evaluation
– Procurement Evaluation

————————————-

People Cyber Resilience Experienced, Educated
Organizational Capacity
– Is the Right Person in the Right Role
– ID Skills Gaps Present and Future
– Ability of Organization to Close Gaps

————————————-

cyber resilience processes– Desired Outcomes being Delivered
– Respond, Recover, Minimize Impact of Events
– Measures show Trends, Impact of events
– Show Improvement Opportunities

————————————-

Cyber Security Technology– Why was this Technology Selected?
– Measure of Effectiveness (Performance/Availability)
–  Continual Improvement process associated with it?

 

————————————-

cyber security technology partners– Criteria established within the Supply Chain as a Partner of Others
– Requirements for Organizations who are Part of Products/Services Offered