This paper provides the conceptual basis of the Cyber Green Initiative (CGI), and includes a description of its rationale, key definitions, existing efforts, and its proposed mission. CGI’s core focus is on tapping the collaborative potential of stakeholders in cyberspace through promoting the concept of “cyber health” and establishing a reliable platform for generating cross-­‐comparable statistics. CGI will focus on the following core tasks: establishing reliable cross-­‐comparable statistics and information sharing mechanisms, enabling operational remediation efforts, and providing insight into systemic risk conditions in the cyber ecosystem.

AITRI SEMINAR ON NEW TECHNOLOGY RISKS AND CYBER SECURITY, KUALA LUMPUR

Cyberattacks and defenses against them are conducted in complex environments, with numerous factors contributing to attack success and mission impacts. Network topology, host configurations, vulnerabilities, firewall settings, intrusion detection systems, mission dependencies, and many other elements can play parts. To go beyond rudimentary assessments of security posture, organizations need to merge isolated data into higher-level knowledge of network-wide attack vulnerability and mission readiness in the face of cyber threats.

This two-year project in building the foundations for predictive cyber analytics was sponsored by the National Institute of Standards and Technology NIST (Project Leads: Mr. Jon Boyens; and Ms. Celia Paulsen); and the General Services Administration (Project Leads: Ms. Angela Smith and Mr. Emile Monette).

Missions, business functions, organizations, and nations are increasingly dependent on cyberspace. The need for cyber resiliency—for information and communications systems and those who depend on them to be resilient in the face of persistent, stealthy, and sophisticated attacks focused on cyber resources—is increasingly recognized. While resilience is sometimes described as an emergent property, resilience in the face of cyber threats must be engineered.

As cyber threats evolve, organizations increasingly need to define their strategies for cyber security, defense, and resilience. Cyber Prep 2.0 is a threat-oriented approach that allows an organization to define and articulate its threat assumptions, and to develop organization-appropriate, tailored strategic elements.

Advanced cyber threats present a challenge to established engineering and strategic analysis processes: Mitigation techniques vary widely in maturity; relevance to organizations, mission, and systems; and affordability, efficiency, and effectiveness. Cyber mission assurance engineering complements and extends established processes, to facilitate cost-effective risk management.

Запропоновано аналітичне дослідження нормативно-правової бази розвинених держав світу щодо варіацій ключових понять у галузі захисту критичної інформаційної інфраструктури. У результаті аналізу виявлено як спільні, так і відмінні особливості підходів до визначення критичної інфраструктури (та інших суміжних понять) низки держав, а також окреслено вітчизняні проблеми в цій галузі. Здобуті результати будуть корисні при проведенні багатокритеріального аналізу зазначених дефініцій і допоможуть у розробці методик віднесення тих чи інших об’єктів до критичної інформаційної інфраструктури.

This study describes the impact of these issues and recommends 11 actions for broader, more cross-government approaches to motivating federal agencies, entities acting on their behalf, and claimants to ensure Payment Integrity.