Fordham was selected by the White House to be part of a national rollout of anexecutive order that calls for a framework to reduce the nation’s cyberrisk.
Samara Moore, director for Cybersecurity Critical Infrastructure Protection, gave the keynote address at the March 11 event.
The School of Professional and Continuing Studies (PCS) and the Computer and Information Sciences Department hosted. PCS Dean Isabelle Frank, Ph.D., also took the opportunity to unveil the school’s new Masters of Science in Cybersecurity.
Moore described an “increased willingness to attack” on the part of cyberterrorists, and a vulnerability that could effect the nation’s critical infrastructure and the “ecosystem that supports that.”
In explaining the complexity of various sector “ecosystems” Moore said the program divides the nation’s critical infrastructure into 16 sectors, such as healthcare, finance, or energy. Within each sector there are sometimes dozens of subsectors. Energy gets divided between oil/natural gas and electricity. Electricity in turn gets divided into distribution, generation, and transmission. Transmission also has six subsectors. As each sector is unique, so too are the threats.
President Obama’s framework includes set of standards, methodologies, and procedures to address risks. A voluntary program has been set up for owners and operators of critical infrastructure to adopt the framework and then share information within and across sectors.
Jenny Menna, of the Department of Homeland Security, said that sharing information is one of the key goals of the framework. She noted that many of the government’s classified documents hold information that might be helpful in stemming cyberrisk. As part of the order, her department can pluck out “indicators of compromise, intrusion, and mitigation techniques” from those documents and share them among members of the program.
“An organization can do more if they have certain capabilities in place–situational awareness capabilities,” said Menna.
Moore said the program already counts large multi-nationals as members, as well as small businesses and utilities.
“The framework is about a business-driven approach to managing cyber security, we’re talking about outcomes,” said Moore. “So for those just getting started it’s a roadmap, for those that are large it’s been useful for communications. Having that ecosystem to mature is key.”