Session One: Managing Cyber Risk
- Michael Johnson, Chief Information Officer, Department of Energy
- Steve Orrin, Federal Chief Technologist, Intel Corp
- Robert Silvers, Assistant Secretary for Cyber Policy, Department of Homeland Security
- Moderator: Terry Roberts, Founder & President, WhiteHawk , Inc.
This session explored specific types of cyber risk and covered strategies to address them, including threats to critical infrastructure, vulnerabilities introduced by the Internet of Things, and both active and passive counter-risk measures. The panel discussed the best methods for defining cyber risk, best practices and strategies for implementing a sound Cyber Risk Framework tailored to your organization with methods that are both measurable and effective. The panelists also covered Risk Baseline and a Living Risk Posture for Executive Level insight and decision making.
Session Two: A National Cyber Deterrence Strategy
- Opening Remarks: Terry Roberts, Founder and President, WhiteHawk, Inc.
- Shawn Henry, President, CrowdStrike Services
- Sean Kanuck, former National Intelligence Officer for Cyber Office of the Director of National Intelligence
- Lt Gen James “Kevin” McLaughlin USAF, Deputy Commander, US Cyber Command
- Dr. Greg Shannon, Office of Science and Technology Policy, The White House
Sean Kanuck's analogy comparing the field of cyber deterrence to nuclear weapons in the 1950’s encapsulated the conversation of this session. The panelists explained that while many advancements have been made in cyber deterrence, the rules of this new theater of warfare are still being discovered and deterrence efforts still have room for improvement. Shawn Henry professed that sophisticated adversaries will “always find ways to access the system”, and efforts should be focused more on deterrence. It was agreed upon that a stronger rhetoric between the private sector and the intelligence community needs to be established. However, the question of where the “red line” was in regards to cyber-attacks and U.S. response was one that was debated and still left open. With foreign governments refusing to turn over cyber attackers, and an ambiguities definition of what constitutes as an attack worthy of a formal response, the rules for engagement in cyberspace remain unestablished.
Session Three: Implementing the Cybersecurity and Information Security Act (CISA) Challenges and Opportunities
- Brig Gen Greg Touhill, USAF (Ret.), Deputy Assistant Secretary of Cybersecurity and Communications, DHS
- Chris Boyer, Assistant Vice President for Global Public Policy, AT&T
- James Katavolos, Senior Vice President, Cyber Intelligence Center, Citibank
- Michael Allen, Partner, Beacon Global Strategies
- Moderator: Chris Inglis, Venture Partner, Paladin; Former Deputy Director, NSA
The “Implementing the Cybersecurity and Information Security Act Challenges and Opportunities” break-out session began with opening remarks by moderator Chris Inglis. He discussed some of the history and background of the Cybersecurity and Information Security Act (CISA). CISA hopes to advance cybersecurity through information sharing. Each panelist was then given the opportunity to describe what they believe are the strengths and difficulties that CISA presents. The main topic discussed was the potential problems and difficulties with the implementation of CISA. Brigadier General Greg Touhill provided the governmental perspective through his position in the Department of Homeland Security. Chris Boyer, Michael Allen, and James Katavolos expanded on why this act was an important step for both the private sector and the government, and how information sharing within cybersecurity can benefit both parties. There are also contingencies to consider for the private sector when choosing to participate in CISA that were explained and rationalized by the panelists throughout this discussion.