Cyber Committee White Papers
AFCEA Committees bring together the top thought leaders to collaborate on issues of national and global importance. Often a subject is addressed that evolves into a white paper for distribution to higher levels, including government and military leadership. The following represent the work of the AFCEA Cyber Committee. A list of additional AFCEA white papers is also available.
The Cyber Insurance Subcommittee of AFCEA International's Cyber Committee concluded cyber insurance is useful in risk transference but with some important caveats. For example, a purchase decision is contingent on individual company circumstances, such as revenue, risk tolerance, board guidance and regulatory environment relative to protected categories of information. In addition, every purchase decision should be critically reviewed regarding the extent of exclusions to coverage in each policy. The subcommittee also concluded that it remains in the indeterminate future whether cyber insurance underwriters routinely will begin to discount premiums for businesses that implement sound security countermeasures.
Despite obvious and compelling needs for ways to measure security, AFCEA’s Cyber Committee found that there is no consensus about how to measure security. To the contrary, its members found that the security metrics are all over the map with most organizations admitting in confidential discussions that they are not comfortable with the metrics they are using.
Given the breakneck speed of technological change, challenges associated with developing/issuing national policy and concomitant adversary capabilities, government often finds itself behind the curve with respect to coordinated cybersecurity readiness and response.
There is a high level of frustration that the enemy is moving at unprecedented speeds, and it is unlikely that public policy can change fast enough to adapt and morph at the necessary speed to mitigate the impact of our attackers.
This paper addresses recommendations for implementation strategies that should be pursued in implementing the provisions of the executive order (EO) on information sharing1. However, the committee believes that a successful implementation of the EO requires an appropriate context for these efforts as well as a framework that could be used to define success.
This paper provides recommendations for establishing the standards and implementation of an effective National Information Sharing Infrastructure.
In the cyber environment, some realities defy dispute. First, the cybersecurity challenge is pervasive and growing with an ever-evolving range of threats. Second, no one wants to be a victim of cyber crime or a cyber attack, but many people, businesses, and organizations simply do not know how to dissuade cyber intruders.
Once we, as individual consumers, introduce the IoT into our families and lives, we allow machine-tomachine interactions on our behalf. This changes legal and liability issues and, in some cases, introduces a series of grey areas yet to be defined.