Cyber Risk Management: CDM/SCRM and Cyber Insurance
The Washington Cyber Roundtable hosted our first panel discussion featuring Emile Monette, Senior Cybersecurity Strategist and Acquisition Advisor, Continuous Diagnostic and Mitigation Program, DHS; Carter Schoenberg, President, Hemisphere Cyber Security and Felicia Thorpe, Risk Consultant, Ahtins. During the collaborative discussion, our speakers shed light on continuous diagnostics and mitigation program (CDM) and supply chain risk management (SCRM) and how both topics are related to the emerging industry of cyber insurance.
Challenges in the Internet of Things
WCR hosted Dr. Peter M. Fonash, Professor and Associate Director of Cybersecurity Program at George Mason University, for a roundtable event with industry. Until this past January, Dr. Fonash served as the Chief Technology Officer for the Department of Homeland Security’s Cybersecurity and Communications Office. Dr. Fonash and attendees discussed how cybersecurity practices must evolve as society shifts from enterprise systems to the Internet of Things (IOT).
Security Engineering in Complex Systems
Mr. Ron Ross, Fellow at the National Institute of Standards and Technology (NIST), discussed his latest publication, Systems Security Engineering Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems (NIST SP 800-160). He addressed how the complexities and redundancies in cyber are making security efforts a challenge and what the government, with NIST's guidance, is considering to address those challenges.
Supporting the Warfighter in Cybersecurity 
Mr. Anthony Montemarano, Executive Deputy Director, Defense Information Systems Agency (DISA), presented to WCR's members in a roundtable event. Mr. Montemarano discussed the agency's role in working with industry to strengthen support for the warfighter through cyber. He addressed the role of data management and the challenges of protecting classified information and making the defense systems secure while functioning at a high capacity. 
 
Cyber Legislation in the Senate
Mr. Harry Anastopulos, a licensed D.C. and Maryland attorney who has worked in both the public and private sectors in the areas of technology, telecommunications, cybersecurity, and data privacy law, spoke to the Washington Cyber Roundtable about his current work in the U.S. Senate on how areas of law interact with American entrepreneurship and in the cyber arena. The discussion touched on how small businesses are handling cybersecurity, FirstNet Nationwide Emergency Communications Network, encryption and surveillance/privacy issues.
Investigating Cyber Crime with the U.S. Secret Service
WCR hosted Robert Novy, Deputy Assistant Director, Office of Investigations and Daniel Dick, Assistant to the Special Agent in Charge, Detailee to the Department of Homeland Security Office of Policy, discussed with members how the U.S. Secret Service (USSS) investigates cybersecurity crimes and protects critical institutions in the public and private sectors. They shared how the Service works to rain the “supply chain of Law Enforcement” and how they collaborate with industry to combat bad actors.
Navigating Cybersecurity in a Cloud Environment
Mr. Mark Fox, Senior Manager of Amazon Web Services (AWS) Worldwide Public Sector, discussed AWS’s work with the Department of Defense and how cybersecurity is a key reason organizations are moving to the cloud.
Congres & Cybersecurity: The Way Ahead
 
Congresswoman Barbara Comstock (R-VA-10) addressed current legislative efforts she is working on as the Chairwoman of the Subcommittee on Research and Technology within the Committee on Science, Space & Technology to improve the nation’s cyber posture and her hopes for the future. She discussed with attendees acquisition reform, facilitating a healthy partnership between the public and private sectors to share information and best practices and educating a cybersecurity workforce.
 
Securing America's Largest Library
 
Sean Lang, Chief of the IT Security Group at the Library of Congress discussed lessons learned from protecting one of the largest collections of information in the world. He also touched on the challenges that arise when protecting a network with parts that must remain accessible to the public. Mr. Lang also highlighted solutions for moving apps and systems to the cloud and covered the “forgotten areas” of IT security, such as end user awareness and application code review.
 
Rising Smart Cities and the U.S. Intelligence Community
 
Richard "Rick" Harris, Acting Deputy Director Stakeholder Engagement and Cyber Infrastructure Resilience Division in the Office of Cybersecurity and Communications at the Department of Homeland Security, and Krystle Kaul, Senior Consultant in the Federal Practice of Deloitte Consulting, belong to a group of cybersecurity, data analytics, and policy specialists exploring how the Intelligence Community (IC) can better leverage the Internet of Things (IoT) to bolster collection and improve tactical and strategic analysis. The group includes representatives from both the public and private sectors. Their research explores the issue of securing smart cities to mitigate against potential future threats. During the roundtable event they discussed the proliferation of Internet-enabled data gathering devices - and how those devices provide opportunities for enhanced collection on priority intelligence targets. They also explored challenges to collection efforts, to include non-standard data collection, sensor technology, and the breadth, scope, and volume of data produced by IoT.
 
U.S. Chamber of Commerce Roundtable
 
WCR hosted a roundtable event with Ann Beauchesne, Senior Vice President for National Security & Emergency Preparedness at the U.S. Chamber of Commerce. Ms. Beauchesne and attendees discussed current cyber threats to business, cyber risk management with the NIST framework and industry best practices. She also shared educational outreach initiatives and  legislation addressing cyber threat information sharing.  
 
 
Cybersecurity in the Financial Sector
 
Brian Peretti, Director of the Treasury Department's Office of Critical Infrastructure Protection and Compliance Policy, met with WCR to discuss public and private initiatives to strengthen the cybersecurity of the financial sector. In particular, Mr. Peretti explained the mechanisms by which financial institutions work with Treasury and with each other through collaborative partnerships, to include the Financial Banking Information Infrastructure Committee and the Financial Services Sector Coordinating Council.
 
New Trust Frameworks for Secure Information Sharing
 
WCR hosted an illuminating roundtable with Tom Moran, Executive Director of the All Hazards Consortium (AHC) and Keith Ward and Shauna Russell of the Transglobal Secure Collaboration Program (TSCP). Our panelists discussed the AHC’s efforts to create public-private trust frameworks to support information sharing, opportunities for industry to get involved in innovative test cases, and the Consortium’s secure information sharing initiative case study with TSCP.
 
Cyber Risk in Industrial Control Systems
 
WCR teamed with the InfraGard National Capital Region Members Alliance for our March roundtable event with Neil Hershfield, Deputy Director of the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) at the Department of Homeland Security (DHS). Mr. Hershfield presented on DHS's efforts to reduce cyber risk in industrial control systems. The roundtable discussed a range of opportunities for cybersecurity professionals and critical infrastructure owners and operators to increase engagement with the ICS-CERT.
 
The Future of Cyberspace Innovation
 
Charles Nelson, Senior Advisor for Cyber Capabilities at the White House’s Office of Science and Technology Policy, met with WCR to discuss how innovation is shaping the future of cyberspace security. The roundtable explored the strategic landscape for enabling resilience and deterrence in cyberspace, as well as the workforce and S&T challenges confronting the public and private sectors in this domain. Building on the ideas discussed, WCR is compiling a report that discusses forward-looking questions for research and innovation in the rapidly changing domain of cyberspace.
 
Department of Defense
Office of the Deputy CIO for Cybersecurity
 
WCR met with John Mills, Chief of the Cybersecurity Strategy Division of the Office of the Deputy CIO for Cybersecurity at the Department of Defense, to discuss the trajectory of cybersecurity across the defense enterprise. Mr. Mills presented his perspectives on the evolving cyber landscape and solicited attendees’ feedback on a range of issues from the most urgent cyber threat to DoD (and possible responses) to public-private collaboration.
 
Office of the Chief Information Officer
National Aeronautics and Space Administration 
 
WCR met with Howard Whyte, the Cyber Security Operations Executive in the Office of the Chief Information Officer at the National Aeronautics and Space Administration (NASA), to discuss the agency’s strategy for managing and protecting data. WCR will consolidate industry success stories on data loss protection - to include tagging and tracking - to help NASA identify best practices.
 
National Security Division
Department of Justice
 
The Assistant Attorney General for National Security, John Carlin, led a roundtable to discuss the Department of Justice's role in combating cyber crime. Mr. Carlin solicited industry perspectives on obstacles to public-private information sharing, tactics for addressing economic espionage, and strategic outreach on Federal activities related to cyber policy.
 
Public Safety and Homeland Security Bureau
Federal Communications Commission
 
Vernon Mosley, Senior Cybersecurity Engineer at the Public Safety and Homeland Security Bureau (PSHSB) of the Federal Communications Commission (FCC), met with WCR to discuss the FCC’s role in securing critical communications infrastructure. The PSHSB is charged with advancing the Commission’s role in improving the reliability and security of infrastructure essential to public safety and emergency management capabilities. Mr. Mosley has lead technical responsibility for analyzing the resilience of the public communications infrastructure to cyber threats.
 
National Cybersecurity Education & Awareness Branch
Department of Homeland Security
 
Robin "Montana" Williams, Chief of the National Cybersecurity Education & Awareness Branch and the Department of Homeland Security's lead for the National Initiative for Cybersecurity Education (NICE), met with WCR to discuss how industry can work together with the Federal Government to promote cybersecurity awareness and develop the professional workforce. NICE involves more than 20 Federal department and agencies, academia, and industry to address four key issue areas: national awareness, formal education, workforce structure, and workforce training and professional development.
 
Former Senate Armed Services Committee Senior Staff
 
WCR discussed the implications of the defense budget for cyber capabilities and the roles the CNCI, Congress, and the QDR are playing in shaping the cyber posture of the United States. Moderating this roundtable were two retired senior staffers from the United States Senate Committee on Armed Services: Lucian Niemeyer, president of the Niemeyer Group, and Gregory Kiley, president of Kiley & Associates LLC.
 
Office of Cyber and Infrastructure Analysis
National Protection and Programs Directorate
Department of Homeland Security
 
In February 2014, DHS announced the establishment of the new Office of Cyber and Infrastructure Analysis (OCIA) within the National Protection and Programs Directorate (NPPD). OCIA is mandated to conduct integrated consequence analysis of physical and cyber threats to critical infrastructure. The Director of OCIA, John Murphy, met with WCR to discuss the responsibilities of his new office and his vision for working with private sector to lower the risk profiles of critical infrastructure owners and operators.
 
Office of Cybersecurity and Communications
Department of Homeland Security
 
Jeanette Manfra, advisor to the Assistant Secretary for Cybersecurity and Communications (CS&C) in the Department of Homeland Security (DHS), updated attendees on the history and current status of President Obama's Executive Order 13636: Improving Critical Infrastructure Cybersecurity and Presidential Policy Directive 21: Critical Infrastructure Security and Resilience during the roundtable discussion entitled "Critical Infrastructure Cybersecurity: The Way Forward."  Ms. Manfra and attendees discussed how information can be better shared and what incentives DHS could provide to encourage companies in the private sector to adopt EO 13636 and PPD-21. 
 
Federal Bureau of Investigation
 
Speakers from the Federal Bureau of Investigation and the InfraGard National Members Alliance met with WCR and its members to discuss public-private information sharing issues related to cybersecurity.  Specific topics included recently launched initiatives like the new iGuardian portal and Operation Clean Slate.  The roundtable discussion - titled "Corporate Cybersecurity and Federal Law Enforcement" - isolated a number of issues and yielded recommendations for improving cyber cooperation between the FBI and industry.
 
National Institute of Standards and Technology
 
Dr. Ron Ross of the National Institute of Standards and Technology (NIST) led a dynamic roundtable entitled the "Future of Cyber Security."  Dr. Ross discussed the Federal Government's strategic thinking toward cybersecurity and the new features of Special Publication 800-53 revision 4, NIST's latest and most up-to-date catalog of information security controls.  In response to questions posed by Dr. Ross, WCR - in collaboration with cybersecurity experts from the private sector - developed a ten-page report providing constructive industry feedback on 800-53's newest iteration.
 
United States Air Force
 
WCR members met with Joseph Paradis of the Office of the Assistant Vice Chief of Staff of the Air Force.  Capt. Paradis is responsible for developing the C4ISR component of the Air Force's strategic review as part of the 2014 Quadrennial Defense Review.  Our conversation covered structural issues (like budget constraints and the Air Force's relationship with industry), technical matters (such as innovation, speed of operations, and cyber rules of engagement), and personnel issues (including recruitment and training).  
 
United States Cyber Command
 
Brigadier General George J. Franz III, the Director of Current Operations (J-33) for US Cyber Command, met with WCR to solicit feedback regarding a range of cybersecurity issues.  Our engagement with BG Franz covered recruiting, training, and retention as well as other topics of mutual interest for industry.
 
Fleet Cyber Command / U.S. Tenth Fleet
United States Navy
 
Dr. Starnes Walker, Chief Technology Officer & Technical Director for U.S. Fleet Cyber Command, discussed the Tenth Fleet's role in the nation’s cybersecurity posture, as well as important issues and trends involving technology, government, and private sector relationships.
 
International Cyber Center (ICC)
George Mason University (GMU)
 
WCR hosted Dr. Arun Sood, Co-Director of the ICC at GMU, for a discussion about academia’s role in cybersecurity.  Dr. Sood, who is also the Founder and CEO of SCIT Labs Inc., recounted his research activities and described the activities of the ICC, which reports directly to the GMU provost.
 
National Counterterrorism Center (NCTC)
Office of the Director of National Intelligence (ODNI)
 
WCR arranged a discussion with NCTC senior staff followed by a private tour of NCTC, providing an opportunity for members to understand the layout and structure of the organization. The event concluded with a private member reception.
 
Congressional and Appropriations Liaison
United States Air Force
 
Lt. Col. Michelle "Shelli" Brunswick is the Air Force Congressional and Appropriations Liaison responsible for space and cyber budgeting issues. She met with us to solicit feedback regarding topics of mutual interest for industry and the 24th Air Force. She also addressed questions about cyber procurement.
 
United States Cyber Command
 
WCR met with Colonel Fred Milburn, the Director of Plans for US Cyber Command (CYBERCOM), to discuss, contribute ideas to, and provide feedback on CYBERCOM plans and programs.  WCR prepared a summary report for CYBERCOM that explored how industry could assist the common goal of an improved national cyber posture.
 
National Information Assurance Research Lab
National Security Agency (NSA)
 
In partnership with Dr. Patricia Muoio, Chief of NSA’s National Information Assurance Research Lab, WCR hosted a roundtable discussion on tailored trustworthy spaces in cyberspace. Dr. Muoio leads an interdisciplinary cadre of over 100 researchers developing capabilities that enable national security customers to operate safely in compromised environments. Dr. Muoio was joined by Dr. Tomas Vagoun, who explained the purpose and function of the Networking and Information Technology Research and Development (NITRD) program that he leads.
 
National Cyber Security Division (NCSD)
U.S. Department of Homeland Security (DHS)
 
In collaboration with Dr. Richard Marshall, Director of Global Cyber Security Management at NCSD, WCR hosted a roundtable focused on discrete DHS projects tied to the National Initiative for Cybersecurity Education (NICE).  Participating in the discussion were Dr. Ernest McDuffie from the National Institute of Standards and Technology (NIST) and lead for NICE; Peggy Maxson, the Director for National Cybersecurity Education Strategy at DHS; Angela Curry, the Director for National Cybersecurity Workforce Structure Strategy at DHS; and Roy Burgess, the lead for NICE Training and Professional Development Functional Areas 1 & 2 at DHS.  WCR developed a concise summary report that captured the major takeaways from the discussion.  Members were able to work in conjunction with DHS, providing collaborative inputs to the education and workforce development framework.
 
Customs and Border Protection (CBP)
U.S. Department of Homeland Security
 
WCR hosted two roundtables featuring Ken Ritchhart, Deputy Assistant Commissioner at CBP’s Office of Information and Technology.  The first roundtable revolved around agile development in secure environments.  The second, which included Wolfe Tombe, CBP's Chief Technology Officer, focused specifically on security policy in the cloud.  WCR provided CBP with summary reports that encapsulated the major takeaways from each discussion.
 
Office of the Director of National Intelligence (ODNI)
 
In partnership with Richard Ledgett, National Intelligence Manager for Cyber and Director of Collection at ODNI, WCR members met to discuss and provide feedback on existing cybersecurity and information sharing policies.  WCR provided a summary report encapsulating the discussion and member input to ODNI’s policy framework.
 
The Cyber Economy
Office of the Director of National Intelligence (ODNI)
 
In partnership with Dr. Patricia Muoio, Science and Technology Lead for Cyber at ODNI, WCR provided industry perspectives on the cyber economy - specifically, which factors drive corporate executive decisions on cybersecurity investments.  WCR developed a report with a series of recommendations for ODNI, which Dr. Muoio fed into the intelligence community’s policy framework.