Part of the Pell Center's Cyber Leadership project, the Rhode Island Corporate Cybersecurity Initiative supports senior business leaders and decision makers who can affect change and make Rhode Island's corporate community more secure and resilient to cyber incidents.
By bringing together senior leaders from the defense industry, financial services, technology, health care, energy and telecommunication, the initiative:
- Addresses the most critical cybersecurity challenges facing the private sector
- Encourages cybersecurity awareness and training
- Promotes best practices, business continuity and resiliency planning
- Develops approaches to share cyber threat information and assure legal and regulatory compliance
The Rhode Island Corporate Cybersecurity Initiative takes advantage of New England's outstanding academic, industrial and research resources to develop the next generation of cyber-strategic leaders, who understand the technical, ethical, legal and compliance issues regarding cybersecurity and take responsibility for the development of effective security policies, procedure and protocols to protect their organizations and the nation's private infrastructure.
For more information, or to register for an upcoming event, contact Francesca Spidalieri, Pell Center fellow for cyber leadership.
Tuesday, Oct. 14
8:30-9 a.m. networking breakfast
9-10:30 a.m. seminar
Speaker: Steve Katz, president of Security Risk Solutions LLC in New York and first ever chief information officer in the cybersecurity industry
Information security is both a business risk management and governance issue that connects technology, business management and the board room. There is an increasingly clear link between cyber attacks and their impact on customers, brand, revenue and profits. The risk is so great that plausible deniability, lack of awareness about information risk, and treating information security as a mere technology problem are no longer acceptable options. CEOs and company boards are accountable for the health of their organizations and for setting levels of risk for their companies. They are also responsible for building a team of trusted information security professionals who will not only implement a program that meets risk and governance requirements but also routinely report on the company's cybersecurity posture.
Katz will discuss why corporate leaders must be fully informed about how cyber-risk issues are being addressed within the company and what the information security staff should be doing to communicate issues, solutions and progress in addressing cyber-risk. He will also discuss the skills and knowledge needed to be an effective chief information security officer (CISO) and the type of information that business executives and the boards should expect from the CISO. Katz will discuss the need for CISOs to understand the business they are in and how to integrate security into business, and business into security. Going forward, senior leaders need to understand their increasing role and visibility in their organization's overall cybersecurity risk posture; while information security professionals will be required to provide meaningful and actionable information to leadership so that effective risk based actions can be taken.
The world's first chief information officer, Katz was appointed to that position when he joined Citicorp. Prior to Citi, he was the senior information security executive at JP Morgan. After Citi, Katz was the chief information security officer and chief privacy officer at Merrill Lynch. He has testified before Congress on numerous information security issues and was appointed as the first financial services sector coordinator for critical infrastructure protection by the Secretary of the Treasury. Katz was also the first chairman of the Financial Services Information Sharing and Analysis Center.
Tuesday, Nov. 11
8:30-9 a.m. networking breakfast
9-10:30 a.m. seminar
Speaker: Frank Motta, executive vice president of CAI Managed IT
The seminar will explore cybersecurity and business continuity technology and solutions for small and medium-size businesses (SMBs). Motta will focus on the need for a holistic, company-wide strategy to minimizing an organization’s exposure to cyber criminals. He will further discuss various approaches and best practices around cybersecurity, disaster recovery and business continuity, and will highlight some of the affordable technology solutions available to SMBs today.
The event brought together internationally renowned experts and cybersecurity practitioners to discuss numerous key cyber-operation concepts, including the legal implications of active defense, cyber-countermeasures vis-a-vis the Tallinn Manual, and how "privatized cyber counter strikes" may influence the future of cyber deterrence.
The panel included:
- Joe Provost, CEO of SYNCSTATE, a cyber threat security and intelligence analysis company
- Robert Clark, distinguished professor of law at the U.S. Naval Academy's Center for Cyber Security Studies
- Col. James Bitzes, staff judge advocate for the U.S. Cyber Command
- Michael Schmitt, director of the Stockton Center for the Study of International Law at the U.S. Naval War College and main author of the "Tallinn Manual on the International Law Applicable to Cyber Warfare"
- Karl Wadensten, president of VIBCO, a prominent R.I. manufacturer
The five distinguished panelists explored the timely and controversial issues of commercial hacking and the lack of clearly-defined laws - whether domestic or international - to deter, punish, and/or pursue foreign hackers.
The invitation-only roundtable discussion brought together key players in the state to review current gaps in Rhode Island's Data Security and Breach Notification Law, compare the R.I. law with those of other states, and propose methods to strengthen the existing law. The distinguished group of policy makers, state representatives, business leaders and law enforcement officials present at the workshop agreed that an update to the current R.I. notification of breach law is both necessary and urgent in order to raise the cost of data breaches, to better protect customers' personal information, and to provide companies with incentive to implement better security practices. A list of their recommendations to strengthen the existing law will be published in an upcoming policy memo.
The first R.I. Corporate Cybersecurity Tabletop Exercise was a cross-industry, discussion-based exercise that provided private sector leaders the opportunity to raise their awareness and develop an understanding of the most pressing cyber threats to their organizations' networks and sensitive information.
More than 30 industry leaders participated in the exercise demonstrating their commitment to cybersecurity and desire to build upon existing informal relationships to improve the overall security posture of the RI private sector.
Melissa Hathaway, president of Hathaway Global Strategies and a senior adviser at Harvard University's Belfer Center for Science and International Affairs, gave a public lecture titled "Strategic Advantage: Why You Should Care About Cybersecurity."
The After-Action Report Workshop discussed lessons learned from the Corporate Cybersecurity Tabletop Exercise and further steps companies may take to better protect their organizations from cyber threats and vulnerabilities. The workshop built upon the exercise by outlining major strengths and areas of improvement, discussing how organizations currently handle situations similar to the ones simulated in the exercise, and identifying any related best practices.
The comprehensive After Action Report includes the findings and observations of this exercise and offers actionable recommendations to help organizations prioritize their cybersecurity improvement plans and cultivate information-sharing and cooperation activities.
The seminar introduced participants to the current tactics, techniques, and procedures that malicious actors are deploying against network infrastructure worldwide. Ken Bell, senior cyber intelligence analyst at Raytheon and adjunct fellow at the Pell Center, examined the emerging trends and threats related to cybersecurity for 2014 and discussed proactive measures to help organizations, regardless of their size/industry, better protect their proprietary information and assets from those emerging threats.
The workshop focused on the often missing link in cybersecurity - plain English communication between IT people and executives, whose responsibility is to protect company assets and reputation. Subject matter experts April Lorenzen and Nat Kopcyk from Dissect Cyber led the workshop and various group exercises and activities on some of the most pressing cybersecurity topics. Participants came away with a better idea of how to infuse a stronger culture of security, proof and transparency into the protection of their organizations' sensitive information and digital assets.
The panel discussion explored how Rhode Island organizations charged with providing the state and nation’s financial, energy, health care and other critical systems could use the National Cybersecurity Framework to better protect their information and physical assets from cyber attacks. The panel included Adam Sedgewick, National Institute of Standards and Technology senior information technology policy adviser; Michael Leking, the Department of Homeland Security’s cybersecurity adviser for the Northeast region; and Jamia McDonald, executive director of the state’s Emergency Management Agency. The three distinguished panelists discussed the specifics of the framework and other national and state initiatives to support its implementation. In addition, Sen. Sheldon Whitehouse (D-RI) and Rep. James Langevin (D-RI) delivered keynote speeches and acknowledged the commitment of R.I. leaders to strengthen the state’s cybersecurity posture and of institutions, like the Pell Center, that provide an excellent forum for regional efforts in this field.