Showing posts with label Computer security. Show all posts
Showing posts with label Computer security. Show all posts

Sunday, September 6, 2015

Governor McAuliffe Signs Executive Directive to Strengthen Cybersecurity Protocol

~ Executive Directive would expand cyber-related risk management activities ~

RICHMOND – Today Governor McAuliffe signed Executive Directive 6 to strengthen the Commonwealth’s cybersecurity measures in order to protect personal information and sensitive data through the expansion of cyber-related risk management activities.

“A key ingredient to building a new Virginia economy is a solid cyber infrastructure,” said Governor McAuliffe. “That is why it’s vital that the Commonwealth take the proper precautions to protect and safeguard the information entrusted to our care. I am proud to sign this Directive, which initiates enhanced risk management processes that will increase our ability to mitigate the ever increasing flow of cyber threats.”

The Directive requires the Virginia Information Technologies Agency to provide an updated inventory of all data and computer systems while recommending strategies to strengthen and modernize agencies’ cyber security profiles.  

Cybersecurity is a responsibility shared by every level of government,” said Secretary of Technology Karen Jackson. “These risk mitigation steps will allow the Commonwealth to take a more strategic approach to securing our systems and data.”

The full Executive Directive is below:

Executive Directive 6 (2015)


EXPANDING CYBER-RELATED RISK MANAGEMENT ACTIVITIES


Importance of the Initiative

One of the primary responsibilities of the Chief Executive Officer of the Commonwealth of Virginia is to protect and safeguard citizen data.  In light of ever-increasing cybersecurity attacks on personal information, sensitive data, and systems, I am committed to expanding our cyber-related risk management activities and strengthening our ability to protect the information entrusted to our care.

I am directing the Secretaries of Technology and Finance and the Commonwealth’s Chief Information Officer to take the necessary steps to complete a review of all Commonwealth of Virginia systems and associated data in the following manner:

  1. The Virginia Information Technologies Agency (VITA) shall provide an updated inventory of all data and computer systems to the Governor’s Office by October 15, 2015.   The inventory shall include but not be limited to:
    1. Determination of sensitivity and criticality of systems and data
    2. Risk prioritization and scope of systems and data, and
    3. Development of a risk-based approach to enhance protection of systems and data

  1. The Secretary of Technology and VITA shall recommend strategies to strengthen and modernize agencies’ cyber-security profiles by October 15, 2015, including:
    1. Completion of security audits,
    2. Development of risk mitigation and resilience plans, and
    3. Plans for remediation with completion dates.

  1. VITA shall provide a status report on the execution of the strategies, along with associated plans and actions, to the Governor and the Secretaries of Technology and Finance by October 1, 2016.

These risk-mitigation steps to strengthen our sensitive systems and data cannot be effectively and accurately completed without the cooperation of each executive branch agency.  For this reason, I am directing each executive branch agency to assist VITA by providing all requested information required to complete this inventory in a timely manner.

Tuesday, June 17, 2014

Governor McAuliffe Kicks Off Inaugural Meeting of the Virginia Cyber Security Commission

Richard A. Clarke
Richard A. Clarke (Photo credit: Wikipedia)
FAIRFAX –  Governor McAuliffe kicked off the inaugural meeting of the Virginia Cyber Security Commission, a group established by executive order which will bring public and private sector experts together to make recommendations on how to make Virginia a leader in cyber security. Speaking to the Commission’s 17 members at George Mason University, Governor McAuliffe emphasized the urgency of growing Virginia’s cyber industry to both enhance the Commonwealth’s security capabilities and expand economic opportunity.
“It is my great pleasure to welcome Chair Richard A. Clarke, and all the members of the Virginia Cyber Security Commission, to this exciting and groundbreaking first meeting. As Governor, I must address the challenge of securing and protecting our citizens and economy. But I also see cyber security efforts as an opportunity – to build upon our vast cyber and military assets that we have in the Commonwealth to drive economic development."
Governor McAuliffe's message was echoed by Cyber Security Commission Co-Chair Richard A. Clarke:
"I am extremely honored to serve as Co-Chair of this commission and excited to work with everyone here to make Virginia the driving engine behind cyber security innovation and economic development, and to establish the Commonwealth's leadership in this field as a model for the nation."
Today’s meeting agenda included official administering of the oath of office for the commission members, briefings from cyber industry leaders, and in-depth discussions on the current state of Virginia’s burgeoning cyber industry. The Commission’s members agreed to break out into working groups to better tackle the many layers and aspects that fall under the broad umbrella of cyber security. The focuses of these subgroups will include: modernizing infrastructure, driving economic growth, strengthening education and workforce development, and promoting improved cyber hygiene.
Governor McAuliffe established the Cyber Security Commission in February through Executive Order (EO8). The commission is co-chaired by Secretary of Technology Karen Jackson and Richard A. Clarke, who served as senior White House adviser on national security to Presidents Obama, Bush, and Clinton. The Cyber Security Commission's 17 members include cabinet officials from Governor McAuliffe's administration, cyber security business leaders, and academic researchers.  
More information can be found on the Commission’s website: http://cyberva.virginia.gov/.

Wednesday, May 21, 2014

Governor McAuliffe Names Members of Virginia Cyber Security Commission

Flag of Virginia
Flag of Virginia (Photo credit: Wikipedia)
RICHMOND – Today, Governor McAuliffe announced the members of the Virginia Cyber Security Commission, a group established by executive order which will bring public and private sector experts together to make recommendations on how to make Virginia a leader in cyber security.
The Commission will be co-chaired by Secretary of Technology Karen Jackson and Richard Clarke, Chairman and CEO of Good Harbor Security Risk Management. The Commission includes industry leaders from across the Commonwealth as well as representatives from the McAuliffe Administration and will hold its inaugural meeting on June 11th.
“This group of experts, industry leaders, and administration officials will work together to identify ways in which the public and private sector can work together to bolster Virginia’s cyber security industry so we can expand Virginia’s economic footprint in cyber technology and protect the Commonwealth from cyber threats,” said Governor McAuliffe. “The Commission will also explore opportunities to advance education in key STEM sectors that will support a workforce pipeline to prepare Virginia students for jobs in industries of the 21st Century including cyber security.”
The Cyber Security Commission was established by Executive Order (EO8) in February 2014. 
Responsibilities of the Commission:
The Commission’s responsibilities shall include the following: 
  1. Identify high risk cyber security issues facing the Commonwealth of Virginia
  2. Provide advice and recommendations related to securing Virginia’s state networks, systems, and data, including interoperability, standardized plans and procedures, and evolving threats and best practices to prevent the unauthorized access, theft, alteration, and destruction of the Commonwealth’s data. 
  3. Provide suggestions for the addition of cyber security to Virginia’s Emergency Management and Disaster Response capabilities, including testing cyber security incident response scenarios, recovery and restoration plans, and coordination with the federal government – in consultation with the Virginia Information Technologies Agency.
  4. Offer suggestions for promoting awareness of cyber hygiene among the Commonwealth’s citizens, businesses and government entities;
  5. Present recommendations for cutting edge science, technology, engineering and math (STEM) educational and training programs for all ages, including K-12, community colleges, universities, in order to foster an improved cyber security workforce pipeline and create cyber security professionals with a wide range of expertise. 
  6. Offer strategies to advance private sector cyber security economic development opportunities, including innovative technologies, research and development, and start-up firms, and maximize public-private partnerships throughout the Commonwealth. 
  7. Provide suggestions for coordinating the review of and assessing opportunities for cyber security private sector growth as it relates to military facilities and defense activities in Virginia.
Members of the Commission:
Commission to be co-chaired by Richard Clarke and Secretary of Technology, Karen Jackson.
Mr.  Richard A. Clarke – Chairman and CEO of Good Harbor Security Risk Management and an internationally recognized expert on cyber security, homeland security, national security, and counterterrorism.  Mr. Clarke served the last three Presidents as a senior White House Advisor, including as Special Advisor to the President for Cyber Security and National Coordinator for Security and Counterterrorism, and was a member of President Obama’s Review Group on Intelligence and Communication Technologies.
Ms. Rhonda Eldridge – Director of Engineering at Technica Corporation.  In her current role she leads six divisions within Technica and is responsible for internal research and development, visioning, and business development – focusing on cutting edge cyber security and IT projects for Federal customers including the Department of Defense.
Ms. Jennifer Bisceglie, President and CEO, Interos Solutions, Inc.  Ms. Bisceglie has more than 20 years of commercial technology and business operations experience in cyber security, business process re-engineering, and commercial technology implementation for diverse companies industries and governments.
Mr. Paul Kurtz is the Chief Strategy Officer at CyberPoint.  Mr. Kurtz leads the development and communication of CyberPoint’s strategic vision for managing cyber threats.  A recognized cyber security expert, he has held senior positions in both industry and government.  During his government service, Kurtz was Special Assistant to the President and Senior Director for Critical Infrastructure Protection on the White House’s Homeland Security Council (HSC).
Mr. Paul Tiao, Attorney and partner with the international law firm of Hunton and Williams, LLP where he is a leader in the firm’s global privacy and cyber security practice.  Prior to joining the firm Mr. Tiao served as Senior Counselor for cyber security and technology to FBI Director Robert S. Mueller.
Dr. Barry Horowitz, Munster Professor of Systems and Information Engineering and Chair of theSystems and Information Engineering Department  at the University of Virginia.  Dr. Horowitz’ research effort center on economic models and system technologies related to cyber security. He currently is leading a DoD sponsored research effort focused on embedding security solutions into systems, referred to as System Aware Cyber Security Dr. Horowitz serves as a member of the Naval Studies Board (NSB) of the National Academy of Science and recently led a Chief of Naval Operations sponsored study for the NSB on cyber security.
Mr. Andrew H. Turner, Vice President and Head of Global Security, VISA.  Mr. Turner developed, from the ground up, VISA’s Cyber Security organization, including the Attack Surface Management, Threat Intelligence, Incident Response and Digital Brand Protection Programs.  He also implemented a Cyber Fusion based program utilizing intelligence collection, analysis and overall sensor enrichment to actively monitor and defend against global threats to the VISA enterprise and ecosystem.  Prior to joining VISA, Mr. Turner served as Cyber Intelligence Practice Director for the Microsoft Corporation. 
Mr. Jeffrey C. “J.C.” Dodson, Global Chief Information Security Officer, BAE Systems.  Mr. Dodson is a global cyber security expert across government, defense, aerospace, law enforcement, and advanced technology sectors.  He is the chairman of the Aerospace Industries Association’s Industrial Security Committee and was appointed to serve as an Industry Representative to the U.S. Government’s National Industrial Security Program Policy Advisory Committee. 
Ms. Jandria Alexander, Principal Director of the Cyber Security Subdivision in the Engineering Technology Group at the Aerospace Company.  Ms. Alexander currently leads cyber and network security support to numerous customers and leads teams performing systems engineering for cyber operations, including architecture, requirements and concept of operations (CONOPS) support for integrating cyber operations into advanced ground and space segments.
Ms. Elizabeth “Betsy” Hight  - Retired US Navy rear admiral who served as the Vice Director of the Defense Intelligence Agency (DISA).  Most recently she served as Vice President of the Hewlett Packard’s Enterprise Services U.S. Public Sector Cybersecurity Practice.
Mr. John Wood is chief executive officer, chairman of the board and director for Telos Corporation. As CEO, he orchestrates the company's support of the federal government in the critical areas of cyber operations and defense, secure communications and collaboration, and identity assurance.
Anne Holton, Secretary of Education
John Harvey, Secretary of Veterans and Defense Affairs
Dr. Bill Hazel, Secretary of Health and Human Resources
Karen Jackson, Secretary of Technology
Maurice Jones, Secretary of Commerce and Trade
Brian Moran, Secretary of Public Safety and Homeland Security
Enhanced by Zemanta

Friday, February 14, 2014

Governor McAuliffe Announces Virginia Adopts National Cybersecurity Framework

McAuliffe speaking at Frying Pan Park in Hernd...
. (Photo credit: Wikipedia)
Commonwealth is first to use new framework as part of efforts to reduce cybersecurity risks to critical infrastructure

RICHMOND - Governor Terry McAuliffe announced today that the Commonwealth of Virginia will adopt the new National Institute of Standards and Technology (NIST) framework into the existing Commonwealth risk framework to help identify and communicate cybersecurity risks.

NIST today announced the framework, and Virginia immediately adopted it into existing cybersecurity efforts.

“Adding this framework to the existing efforts led by the Secretary of Technology, Chief Information Officer, Chief Information Security Officer and the Virginia Information Technologies Agency will strengthen the Commonwealth’s ability to fight cyber crime and further enhance Virginia’s position as a leader in cybersecurity,” Governor McAuliffe said. “Virginia has an award-winning cybersecurity program in place, but must continue to advance our ability to keep our families and businesses safe and make the Commonwealth the national hub for the cybersecurity industry and the jobs that come with it.”

The new framework will help to enhance the systematic process for identifying, assessing, prioritizing and communicating cybersecurity risks; efforts to address risks; and, steps needed to reduce risks as part of the state’s broader priorities.

NIST coordinated the development of the framework with a broad array of stakeholders from the public and private sectors as a result of a federal executive order to develop a way to address cybersecurity risks to critical infrastructure. Input was provided by public and private infrastructure owners and operators, industry leaders and other stakeholders in workshops, meetings, webinars and other information sessions over the past year.
Enhanced by Zemanta