Cybersecurity Policy and Presentations/Speeches

The Cybersecurity Summit meetings have proven to be a useful forum to foster dialog between awardees, cybersecurity experts and NSF. NSF will provide feedback on the 2007 Summit meeting and discuss best practices in cybersecurity that might be useful to large facilities.

There has been much improvement in securing cyberspace in the last five years, but much still needs to be done. The Center for Strategic and International Studies (CSIS) has established a Commission on Cyber Security for the 44th Presidency, the administration that will take office in January 2009. The goal of the commission is to identify a strategy and set of recommendations for the next administration to move ahead in securing cyberspace. This session will provide a status report on the commission's work to date. It will also provide an opportunity to offer input regarding progress that has been made in the higher education sector, remaining challenges and opportunities, and the role of the federal government to help improve cybersecurity at colleges and universities.

The Directorate for Science and Technology (S&T) is the primary research and development arm of the U.S. Department of Homeland Security. S&T uses the Homeland Security Advanced Research Project Agency to engage industry, academia, government, and other sectors in innovative research and development, rapid prototyping, and technology transfer to meet operational needs. Academic organizations such as the Computing Research Association and industry groups have called for increased funding for cybersecurity R&D. This keynote will describe what the S&T directorate is doing to drive, discover, and deliver new solutions to address cybervulnerabilities as well as what research areas it considers as priorities in the near term.

Why is it risky for technologists to ignore the nontechnical context where their systems will be deployed? Furthermore, what is the risk when policymakers ignore the limits and potential of technology? How can we structure dialogue between technologists and policymakers to address security failings—to revisit identity theft, electronic voting machines, digital rights management, and network neutrality? Fred Schneider, editor of the National Research Council study Trust in Cyberspace and longtime researcher on what makes computer systems secure, will consider these and other questions.

The Department of Homeland Security's National Cyber Security Division worked with subject matter experts from government, the private sector, and academia to develop an umbrella framework that establishes a national baseline representing the essential knowledge and skills IT security practitioners must have to perform their jobs. The IT Security EBK builds directly on established work and is not intended to represent a standard, directive, or policy by DHS. Instead, it further clarifies key IT security terms and concepts for well-defined competencies, identifies notional security roles, and defines primary functional perspectives to help advance the IT security training and certification landscape as we strive to ensure that we have the most qualified and appropriately trained IT security workforce possible.

In 2004, Visa and MasterCard collaboratively developed the Payment Card Industry Data Security Standard (PCI DSS) to create common industry security requirements. This session will share the campus perspectives and approaches of Washington State University and the University of Washington in addressing the standard.