WCR hosted an illuminating roundtable with Tom Moran, Executive Director of the All Hazards Consortium (AHC) and Keith Ward and Shauna Russell of the Transglobal Secure Collaboration Program (TSCP). Our panelists discussed the AHC’s efforts to create public-private trust frameworks to support information sharing, opportunities for industry to get involved in innovative test cases, and the Consortium’s secure information sharing initiative case study with TSCP.

The Washington Cyber Roundtable hosted our first panel discussion featuring Emile Monette, Senior Cybersecurity Strategist and Acquisition Advisor, Continuous Diagnostic and Mitigation Program, DHS; Carter Schoenberg, President, Hemisphere Cyber Security and Felicia Thorpe, Risk Consultant, Ahtins. During the collaborative discussion, our speakers shed light on continuous diagnostics and mitigation program (CDM) and supply chain risk management (SCRM) and how both topics are related to the emerging industry of cyber insurance.

WCR hosted Dr. Peter M. Fonash, Professor and Associate Director of Cybersecurity Program at George Mason University, for a roundtable event with industry. Until this past January, Dr. Fonash served as the Chief Technology Officer for the Department of Homeland Security’s Cybersecurity and Communications Office. Dr. Fonash and attendees discussed how cybersecurity practices must evolve as society shifts from enterprise systems to the Internet of Things (IOT).

Mr. Ron Ross, Fellow at the National Institute of Standards and Technology (NIST), discussed his latest publication, Systems Security Engineering Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems (NIST SP 800-160). He addressed how the complexities and redundancies in cyber are making security efforts a challenge and what the government, with NIST's guidance, is considering to address those challenges.

Mr. Anthony Montemarano, Executive Deputy Director, Defense Information Systems Agency (DISA), presented to WCR's members in a roundtable event. Mr. Montemarano discussed the agency's role in working with industry to strengthen support for the warfighter through cyber. He addressed the role of data management and the challenges of protecting classified information and making the defense systems secure while functioning at a high capacity. 

Mr. Harry Anastopulos, a licensed D.C. and Maryland attorney who has worked in both the public and private sectors in the areas of technology, telecommunications, cybersecurity, and data privacy law, spoke to the Washington Cyber Roundtable about his current work in the U.S. Senate on how areas of law interact with American entrepreneurship and in the cyber arena. The discussion touched on how small businesses are handling cybersecurity, FirstNet Nationwide Emergency Communications Network, encryption and surveillance/privacy issues.

WCR hosted Robert Novy, Deputy Assistant Director, Office of Investigations and Daniel Dick, Assistant to the Special Agent in Charge, Detailee to the Department of Homeland Security Office of Policy, discussed with members how the U.S. Secret Service (USSS) investigates cybersecurity crimes and protects critical institutions in the public and private sectors. They shared how the Service works to rain the “supply chain of Law Enforcement” and how they collaborate with industry to combat bad actors.

Mr. Mark Fox, Senior Manager of Amazon Web Services (AWS) Worldwide Public Sector, discussed AWS’s work with the Department of Defense and how cybersecurity is a key reason organizations are moving to the cloud.

Congresswoman Barbara Comstock (R-VA-10) addressed current legislative efforts she is working on as the Chairwoman of the Subcommittee on Research and Technology within the Committee on Science, Space & Technology to improve the nation’s cyber posture and her hopes for the future. She discussed with attendees acquisition reform, facilitating a healthy partnership between the public and private sectors to share information and best practices and educating a cybersecurity workforce.

Sean Lang, Chief of the IT Security Group at the Library of Congress discussed lessons learned from protecting one of the largest collections of information in the world. He also touched on the challenges that arise when protecting a network with parts that must remain accessible to the public. Mr. Lang also highlighted solutions for moving apps and systems to the cloud and covered the “forgotten areas” of IT security, such as end user awareness and application code review.

Richard "Rick" Harris, Acting Deputy Director Stakeholder Engagement and Cyber Infrastructure Resilience Division in the Office of Cybersecurity and Communications at the Department of Homeland Security, and Krystle Kaul, Senior Consultant in the Federal Practice of Deloitte Consulting, belong to a group of cybersecurity, data analytics, and policy specialists exploring how the Intelligence Community (IC) can better leverage the Internet of Things (IoT) to bolster collection and improve tactical and strategic analysis. The group includes representatives from both the public and private sectors. Their research explores the issue of securing smart cities to mitigate against potential future threats. During the roundtable event they discussed the proliferation of Internet-enabled data gathering devices - and how those devices provide opportunities for enhanced collection on priority intelligence targets. They also explored challenges to collection efforts, to include non-standard data collection, sensor technology, and the breadth, scope, and volume of data produced by IoT.

WCR hosted a roundtable event with Ann Beauchesne, Senior Vice President for National Security & Emergency Preparedness at the U.S. Chamber of Commerce. Ms. Beauchesne and attendees discussed current cyber threats to business, cyber risk management with the NIST framework and industry best practices. She also shared educational outreach initiatives and  legislation addressing cyber threat information sharing.

Brian Peretti, Director of the Treasury Department's Office of Critical Infrastructure Protection and Compliance Policy, met with WCR to discuss public and private initiatives to strengthen the cybersecurity of the financial sector. In particular, Mr. Peretti explained the mechanisms by which financial institutions work with Treasury and with each other through collaborative partnerships, to include the Financial Banking Information Infrastructure Committee and the Financial Services Sector Coordinating Council.

WCR teamed with the InfraGard National Capital Region Members Alliance for our March roundtable event with Neil Hershfield, Deputy Director of the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) at the Department of Homeland Security (DHS). Mr. Hershfield presented on DHS's efforts to reduce cyber risk in industrial control systems. The roundtable discussed a range of opportunities for cybersecurity professionals and critical infrastructure owners and operators to increase engagement with the ICS-CERT.

Charles Nelson, Senior Advisor for Cyber Capabilities at the White House’s Office of Science and Technology Policy, met with WCR to discuss how innovation is shaping the future of cyberspace security. The roundtable explored the strategic landscape for enabling resilience and deterrence in cyberspace, as well as the workforce and S&T challenges confronting the public and private sectors in this domain. Building on the ideas discussed, WCR is compiling a report that discusses forward-looking questions for research and innovation in the rapidly changing domain of cyberspace.

Office of the Deputy CIO for Cybersecurity

WCR met with John Mills, Chief of the Cybersecurity Strategy Division of the Office of the Deputy CIO for Cybersecurity at the Department of Defense, to discuss the trajectory of cybersecurity across the defense enterprise. Mr. Mills presented his perspectives on the evolving cyber landscape and solicited attendees’ feedback on a range of issues from the most urgent cyber threat to DoD (and possible responses) to public-private collaboration.

National Aeronautics and Space Administration 

WCR met with Howard Whyte, the Cyber Security Operations Executive in the Office of the Chief Information Officer at the National Aeronautics and Space Administration (NASA), to discuss the agency’s strategy for managing and protecting data. WCR will consolidate industry success stories on data loss protection - to include tagging and tracking - to help NASA identify best practices.

Department of Justice

The Assistant Attorney General for National Security, John Carlin, led a roundtable to discuss the Department of Justice's role in combating cyber crime. Mr. Carlin solicited industry perspectives on obstacles to public-private information sharing, tactics for addressing economic espionage, and strategic outreach on Federal activities related to cyber policy.

Vernon Mosley, Senior Cybersecurity Engineer at the Public Safety and Homeland Security Bureau (PSHSB) of the Federal Communications Commission (FCC), met with WCR to discuss the FCC’s role in securing critical communications infrastructure. The PSHSB is charged with advancing the Commission’s role in improving the reliability and security of infrastructure essential to public safety and emergency management capabilities. Mr. Mosley has lead technical responsibility for analyzing the resilience of the public communications infrastructure to cyber threats.

Department of Homeland Security

Robin "Montana" Williams, Chief of the National Cybersecurity Education & Awareness Branch and the Department of Homeland Security's lead for the National Initiative for Cybersecurity Education (NICE), met with WCR to discuss how industry can work together with the Federal Government to promote cybersecurity awareness and develop the professional workforce. NICE involves more than 20 Federal department and agencies, academia, and industry to address four key issue areas: national awareness, formal education, workforce structure, and workforce training and professional development.

WCR discussed the implications of the defense budget for cyber capabilities and the roles the CNCI, Congress, and the QDR are playing in shaping the cyber posture of the United States. Moderating this roundtable were two retired senior staffers from the United States Senate Committee on Armed Services: Lucian Niemeyer, president of the Niemeyer Group, and Gregory Kiley, president of Kiley & Associates LLC.

Department of Homeland Security

In February 2014, DHS announced the establishment of the new Office of Cyber and Infrastructure Analysis (OCIA) within the National Protection and Programs Directorate (NPPD). OCIA is mandated to conduct integrated consequence analysis of physical and cyber threats to critical infrastructure. The Director of OCIA, John Murphy, met with WCR to discuss the responsibilities of his new office and his vision for working with private sector to lower the risk profiles of critical infrastructure owners and operators.

Department of Homeland Security

Jeanette Manfra, advisor to the Assistant Secretary for Cybersecurity and Communications (CS&C) in the Department of Homeland Security (DHS), updated attendees on the history and current status of President Obama's Executive Order 13636: Improving Critical Infrastructure Cybersecurity and Presidential Policy Directive 21: Critical Infrastructure Security and Resilience during the roundtable discussion entitled "Critical Infrastructure Cybersecurity: The Way Forward."  Ms. Manfra and attendees discussed how information can be better shared and what incentives DHS could provide to encourage companies in the private sector to adopt EO 13636 and PPD-21. 

Speakers from the Federal Bureau of Investigation and the InfraGard National Members Alliance met with WCR and its members to discuss public-private information sharing issues related to cybersecurity.  Specific topics included recently launched initiatives like the new iGuardian portal and Operation Clean Slate.  The roundtable discussion - titled "Corporate Cybersecurity and Federal Law Enforcement" - isolated a number of issues and yielded recommendations for improving cyber cooperation between the FBI and industry.

Dr. Ron Ross of the National Institute of Standards and Technology (NIST) led a dynamic roundtable entitled the "Future of Cyber Security."  Dr. Ross discussed the Federal Government's strategic thinking toward cybersecurity and the new features of Special Publication 800-53 revision 4, NIST's latest and most up-to-date catalog of information security controls.  In response to questions posed by Dr. Ross, WCR - in collaboration with cybersecurity experts from the private sector - developed a ten-page report providing constructive industry feedback on 800-53's newest iteration.

United States Air Force

WCR members met with Joseph Paradis of the Office of the Assistant Vice Chief of Staff of the Air Force.  Capt. Paradis is responsible for developing the C4ISR component of the Air Force's strategic review as part of the 2014 Quadrennial Defense Review.  Our conversation covered structural issues (like budget constraints and the Air Force's relationship with industry), technical matters (such as innovation, speed of operations, and cyber rules of engagement), and personnel issues (including recruitment and training).

Brigadier General George J. Franz III, the Director of Current Operations (J-33) for US Cyber Command, met with WCR to solicit feedback regarding a range of cybersecurity issues.  Our engagement with BG Franz covered recruiting, training, and retention as well as other topics of mutual interest for industry.

United States Navy

Dr. Starnes Walker, Chief Technology Officer & Technical Director for U.S. Fleet Cyber Command, discussed the Tenth Fleet's role in the nation’s cybersecurity posture, as well as important issues and trends involving technology, government, and private sector relationships.

George Mason University (GMU)

WCR hosted Dr. Arun Sood, Co-Director of the ICC at GMU, for a discussion about academia’s role in cybersecurity.  Dr. Sood, who is also the Founder and CEO of SCIT Labs Inc., recounted his research activities and described the activities of the ICC, which reports directly to the GMU provost.

Office of the Director of National Intelligence (ODNI)

WCR arranged a discussion with NCTC senior staff followed by a private tour of NCTC, providing an opportunity for members to understand the layout and structure of the organization. The event concluded with a private member reception.

United States Air Force

Lt. Col. Michelle "Shelli" Brunswick is the Air Force Congressional and Appropriations Liaison responsible for space and cyber budgeting issues. She met with us to solicit feedback regarding topics of mutual interest for industry and the 24th Air Force. She also addressed questions about cyber procurement.

WCR met with Colonel Fred Milburn, the Director of Plans for US Cyber Command (CYBERCOM), to discuss, contribute ideas to, and provide feedback on CYBERCOM plans and programs.  WCR prepared a summary report for CYBERCOM that explored how industry could assist the common goal of an improved national cyber posture.

National Security Agency (NSA)

In partnership with Dr. Patricia Muoio, Chief of NSA’s National Information Assurance Research Lab, WCR hosted a roundtable discussion on tailored trustworthy spaces in cyberspace. Dr. Muoio leads an interdisciplinary cadre of over 100 researchers developing capabilities that enable national security customers to operate safely in compromised environments. Dr. Muoio was joined by Dr. Tomas Vagoun, who explained the purpose and function of the Networking and Information Technology Research and Development (NITRD) program that he leads.

Department of Homeland Security (DHS)

In collaboration with Dr. Richard Marshall, Director of Global Cyber Security Management at NCSD, WCR hosted a roundtable focused on discrete DHS projects tied to the National Initiative for Cybersecurity Education (NICE).  Participating in the discussion were Dr. Ernest McDuffie from the National Institute of Standards and Technology (NIST) and lead for NICE; Peggy Maxson, the Director for National Cybersecurity Education Strategy at DHS; Angela Curry, the Director for National Cybersecurity Workforce Structure Strategy at DHS; and Roy Burgess, the lead for NICE Training and Professional Development Functional Areas 1 & 2 at DHS.  WCR developed a concise summary report that captured the major takeaways from the discussion.  Members were able to work in conjunction with DHS, providing collaborative inputs to the education and workforce development framework.

Department of Homeland Security

WCR hosted two roundtables featuring Ken Ritchhart, Deputy Assistant Commissioner at CBP’s Office of Information and Technology.  The first roundtable revolved around agile development in secure environments.  The second, which included Wolfe Tombe, CBP's Chief Technology Officer, focused specifically on security policy in the cloud.  WCR provided CBP with summary reports that encapsulated the major takeaways from each discussion.

In partnership with Richard Ledgett, National Intelligence Manager for Cyber and Director of Collection at ODNI, WCR members met to discuss and provide feedback on existing cybersecurity and information sharing policies.  WCR provided a summary report encapsulating the discussion and member input to ODNI’s policy framework.

Office of the Director of National Intelligence (ODNI)

In partnership with Dr. Patricia Muoio, Science and Technology Lead for Cyber at ODNI, WCR provided industry perspectives on the cyber economy - specifically, which factors drive corporate executive decisions on cybersecurity investments.  WCR developed a report with a series of recommendations for ODNI, which Dr. Muoio fed into the intelligence community’s policy framework.