The innovation: Fostering international cooperation among government agencies and private companies to identify and implement the most critical cybersecurity controls to protect their systems, networks, and information—potentially leading to an internationally recognized minimum standard of due care in cybersecurity
WASHINGTON, Nov. 28, 2012 /PRNewswire-USNewswire/ -- The SANS Institute today announced that three UK government departments/Authorities — CESG (the National Technical Authority for Information Assurance), CPNI (the Centre for the Protection of National Infrastructure), and BIS (the Department for Business, Innovation and Skills)—have jointly won a 2012 U.S. National Cybersecurity Innovation Award for accelerating global consensus on the most critical steps to take to protect networks and computers and the data they store and process.
Companies and government agencies throughout the world have access to a large amount of advice from consultants and vendors offering to solve the latest security problem. Yet those solutions, on their own, are not enough to stop targeted attacks used by the most successful and determined intruders.As the global cyber threat becomes increasingly more immediate and visible to senior executives, they are asking three questions: (1) What must be done to protect our systems? (2) How much is enough? and (3) Whom can we trust to answer the first two questions?
CESG, CPNI and BIS demonstrated extraordinary leadership by initiating a program of international cooperation to address those questions. The emerging coalition involves multiple agencies in the United States (National Security Agency and the Department of Homeland Security), Australia (Defence Signals Directorate), and the United Kingdom, as well as private organizations like the SANS Institute, Verizon, Goldman Sachs, and many others. Working together, they are reaching consensus on the specific controls needed to respond to current attacks and the methods that should be used to implement those controls.
Building on the 20 Critical Controls pioneered by U.S. organizations and on the 35 Strategies pioneered in Australia, the United Kingdom's consensus-building program promises to create a set of procedures that can be relied upon by system owners in government and industry throughout the world. In other words, the award winners found an innovative way to answer the three central cybersecurity questions being asked by senior executives in cybersecurity.
About the National Cybersecurity Innovation Awards
The annual U.S. National Cybersecurity Innovation Awards recognize initiatives by companies and government agencies that contribute to significant cyber risk reduction, have not been deployed effectively before in a similar fashion, can be scaled quickly to serve large numbers of people, and should be supported and adopted quickly by many other organizations. Nominators include senior U.S. government officials involved with cybersecurity as well as leaders from major cybersecurity Information Sharing and Analysis Centers. Corporations and individuals may also nominate innovations. For the 2012 awards, more than 30 nominations were received and nine were selected. The panel of judges for the 2012 awards is described below.
Sameer Bhalotra served as White House Senior Director for Cybersecurity, leading the national identity management and continuous monitoring initiatives. He also served as the principal cybersecurity staffer for the Senate Intelligence Committee, which oversees the cyber budgets of the National Security Agency and the other intelligence agencies.
Tony Sager's stellar career at the National Security Agency spanned 34 years. He headed the Systems & Network Attack Center, oversaw all Red and Blue Team projects, created and headed security product evaluation teams, helped guide the agency's top talent development programs, served as founding director of the Vulnerability Analysis & Operations Group (comprised of 700 of the NSA's top technical cybersecurity specialists), and was the Chief Operating Officer for the Information Assurance Directorate.
Asheem Chandna is the dean of venture capitalists in the cybersecurity field. As a partner at Greylock since 2003, he has helped create and grow multiple security technology businesses to market-leading positions, and successfully merged several into larger companies. He also serves on the panel of judges for the Wall Street Journal Global Technology Innovation Awards.
Alan Paller is Director of Research at the SANS Institute, where he oversees an international search for people and organizations that have identified important ways to reduce the risk posed by cyber threats. He also oversees the Internet Storm Center and the annual initiative to determine the seven most dangerous new attack vectors. He co-chairs the DHS Task Force on Cyberskills and the FCC Working Group on Cybersecurity Best Practices in the telecommunications industry.
SOURCE SANS Institute