In [34]:
import sys
import json
import re
import string
import nltk
import uuid
import glob
import numpy as np
from numpy import mean, ptp, var, std, median
from scipy.stats import mode
import pandas as pd
# import matplotlib.pyplot as plt
import seaborn as sns
# import matplotlib.pyplot
from matplotlib import pyplot
%matplotlib inline
In [35]:
def drawBar_category(grades):
xticks = ['L M', 'T M', 'O M', 'C B',
'COOP',"C O P","No"]
color = ["red","blue","yellow","green","magenta","orange","grey"]
gradeGroup = {}
for grade in grades:
gradeGroup[grade] = gradeGroup.get(grade, 0) + 1
fig = pyplot.bar(range(7), [gradeGroup.get(xtick, 0) for xtick in xticks], align='center',
color = color, width = 0.5,animated=True)
pyplot.xticks(range(7), xticks)
pyplot.xlabel('Category')
pyplot.ylabel('Frequency')
pyplot.title('Category Of CyberSecurity')
# pyplot.figure(figsize=(40,40))
pyplot.show()
In [36]:
def drawBar_subcategory(grades):
xticks = ['LM_CL','LM_RC','TM_CIRT','TM_STAN','TM_CER','OM_P','OM_ROAD',"OM_RA",'OM_NB',
'CB_SD','CB_MD','CB_PC','CB_AC','COOP_IS','COOP_IA','COOP_PS','COOP_IC',
"COP_NL","COP_UN","COP_IS","COP_RM","No"]
color = ["red","crimson","cyan","deepskyblue","dodgerblue",
"khaki","yellow","yellow","gold",
"greenyellow","chartreuse","lawngreen","lime",
"magenta","fuchsia","m","darkmagenta",
"orange","darkorange","sandybrown","orangered",
"grey"]
gradeGroup = {}
for grade in grades:
gradeGroup[grade] = gradeGroup.get(grade, 0) + 1
fig = pyplot.bar(range(22), [gradeGroup.get(xtick, 0) for xtick in xticks], align='center',
color = color, width = 0.5,animated=True)
pyplot.xticks(range(22), xticks,rotation = 'vertical')
pyplot.xlabel('Subcategory')
pyplot.ylabel('Frequency')
pyplot.title('Subcategory Of CyberSecurity')
# pyplot.figure(figsize=(40,40))
pyplot.show()
In [37]:
def drawPie_category(grades):
labels = ['L M', 'T M', 'O M', 'C B',
'COOP',"C O P","No"]
color = ["red","blue","yellow","green","magenta","orange","grey"]
gradeGroup = {}
for grade in grades:
gradeGroup[grade] = gradeGroup.get(grade, 0) + 1
pyplot.pie([gradeGroup.get(label, 0) for label in labels], labels=labels, autopct='%1.2f%%',colors=color
,radius = 1.1,startangle=90,shadow=True)
pyplot.title('Category Of CyberSecurity')
pyplot.show()
In [38]:
def drawPie_subcategory(grades):
labels = ['LM_CL','LM_RC','TM_CIRT','TM_STAN','TM_CER','OM_P','OM_ROAD',"OM_RA",'OM_NB',
'CB_SD','CB_MD','CB_PC','CB_AC','COOP_IS','COOP_IA','COOP_PS','COOP_IC',
"COP_NL","COP_UN","COP_IS","COP_RM","No"]
color = ["red","crimson","cyan","deepskyblue","dodgerblue",
"khaki","yellow","yellow","gold",
"greenyellow","chartreuse","lawngreen","lime",
"magenta","fuchsia","m","darkmagenta",
"orange","darkorange","sandybrown","orangered",
"grey"]
gradeGroup = {}
for grade in grades:
gradeGroup[grade] = gradeGroup.get(grade, 0) + 1
pyplot.pie([gradeGroup.get(label, 0) for label in labels], labels=labels, autopct='%1.2f%%',colors=color
,radius = 1.5,startangle=90,shadow=True)
pyplot.title('Subcategory Of CyberSecurity')
pyplot.show()
In [39]:
def category_collect(content):
category_list = []
for i in range(len(content)):
if len(content[i]["tag"][0]["category"])> 0:
for j in content[i]["tag"][0]["category"]:
if j == "legal measures":
category_list.append("L M")
elif j == "technical measures":
category_list.append("T M")
elif j == "organization measures":
category_list.append("O M")
elif j == "capacity building":
category_list.append("C B")
elif j == "cooperation":
category_list.append("COOP")
else:
category_list.append("C O P")
else:
category_list.append("No")
return category_list
In [40]:
def subcategory_colloct(content):
subcategory_list = []
for i in range(len(content)):
if len(content[i]["tag"][0]["subcategory"])> 0:
for j in content[i]["tag"][0]["subcategory"]:
if j == "criminal legislation":
subcategory_list.append("LM_CL")
elif j == "regulation and compliance":
subcategory_list.append("LM_RC")
elif j == "cirt":
subcategory_list.append("TM_CIRT")
elif j == "standards":
subcategory_list.append("TM_STAN")
elif j == "certification":
subcategory_list.append("TM_CER")
elif j == "policy":
subcategory_list.append("OM_P")
elif j == "roadmap for governance":
subcategory_list.append("OM_ROAD")
elif j == "responsible agency":
subcategory_list.append("OM_RA")
elif j == "national benchmarking":
subcategory_list.append("OM_NB")
elif j == "standardisation development":
subcategory_list.append("CB_SD")
elif j == "manpower development":
subcategory_list.append("CB_MD")
elif j == "professional certification":
subcategory_list.append("CB_PC")
elif j == "agency certification":
subcategory_list.append("CB_AC")
elif j == "intra-state cooperation":
subcategory_list.append("COOP_IS")
elif j == "intra-agency cooperation":
subcategory_list.append("COOP_IA")
elif j == "public sector partnership":
subcategory_list.append("COOP_PS")
elif j == "international cooperation":
subcategory_list.append("COOP_IC")
elif j == "national legislation":
subcategory_list.append("COP_NL")
elif j == "un convention and protocol":
subcategory_list.append("COP_UN")
elif j == "institutional support":
subcategory_list.append("COP_IS")
elif j == "reporting mechanism":
subcategory_list.append("COP_RM")
else:
subcategory_list.append("No")
return subcategory_list
In [41]:
def input_countryname():
country_name = raw_input("please input the country name:")
return country_name
In [42]:
def show_content(content,countryname):
for sentence in content:
print "Sentence: "+sentence["sentence"]
print "Country:" + countryname
category_list = []
for category in sentence["tag"][0]["category"]:
category_list.append(category)
print "Category: " + str(category_list)
subcategory_list = []
for subcategory in sentence["tag"][0]["subcategory"]:
subcategory_list.append(subcategory)
print "Subcategory: " + str(subcategory_list)
print "\n"
In [43]:
def country_visualization():
countryname=input_countryname()
Dirction = 'Tagged_Sentence\\'
new_Dirction = Dirction + countryname
json_files = glob.glob('Tagged_Sentence\*.json')
for passage in json_files:
if passage.startswith(new_Dirction):
content = json.load(open(passage))
category_list = category_collect(content)
drawBar_category(category_list)
drawPie_category(category_list)
subcategory_list = subcategory_colloct(content)
drawBar_subcategory(subcategory_list)
drawPie_subcategory(subcategory_list)
show_content(content,countryname)
In [44]:
country_visualization()
please input the country name:US-1
Sentence: T H E N A T I O N A L S T R A T E G Y T O SECURE CYBERSPACE F E B R U A R Y 2 0 0 3 T H E N A T I O N A L S T R A T E G Y T O SECURE CYBERSPACE F E B R U A R Y 2 0 0 3 THE WHITE HOUSE WASHINGTON My Fellow Americans: The way business is transacted, government operates, and national defense is conducted have changed.
Country:US-1
Category: []
Subcategory: []
Sentence: These activities now rely on an interdependent network of information technology infrastructures called cyberspace.
Country:US-1
Category: []
Subcategory: []
Sentence: The National Strategy to Secure Cyberspace provides a framework for protecting this infrastructure that is essential to our economy, security, and way of life.
Country:US-1
Category: []
Subcategory: []
Sentence: In the past few years, threats in cyberspace have risen dramatically.
Country:US-1
Category: [u'technical measures', u'cooperation']
Subcategory: [u'cirt', u'intra-agency cooperation', u'public sector partnership']
Sentence: The policy of the United States is to protect against the debilitating disruption of the operation of information systems for critical infrastructures and, thereby, help to protect the people, economy, and national security of the United States.
Country:US-1
Category: [u'organization measures', u'cooperation', u'technical measures']
Subcategory: [u'policy', u'intra-agency cooperation', u'public sector partnership', u'cirt']
Sentence: We must act to reduce our vulnerabilities to these threats before they can be exploited to damage the cyber systems supporting our Nations critical infrastructures and ensure that such disruptions of cyberspace are infrequent, of minimal duration, manageable, and cause the least damage possible.
Country:US-1
Category: [u'organization measures', u'cooperation']
Subcategory: [u'policy', u'intra-agency cooperation', u'public sector partnership']
Sentence: Securing cyberspace is an extraordinarily difficult strategic challenge that requires a coordinated and focused effort from our entire societythe federal government, state and local governments, the private sector, and the American people.
Country:US-1
Category: []
Subcategory: []
Sentence: To engage Americans in securing cyberspace, a draft version of this strategy was released for public comment, and ten town hall meetings were held around the Nation to gather input on the development of a national strategy.
Country:US-1
Category: [u'legal measures', u'technical measures', u'organization measures', u'cooperation']
Subcategory: [u'criminal legislation', u'regulation and compliance', u'certification', u'policy', u'intra-state cooperation', u'international cooperation']
Sentence: Thousands of people and numerous organizations participated in these town hall meetings and responded with comments.
Country:US-1
Category: [u'cooperation']
Subcategory: [u'intra-state cooperation', u'international cooperation']
Sentence: I thank them all for their continuing participation.
Country:US-1
Category: []
Subcategory: []
Sentence: The cornerstone of Americas cyberspace security strategy is and will remain a public-private partnership.
Country:US-1
Category: []
Subcategory: []
Sentence: The federal government invites the creation of, and participation in, public-private partnerships to implement this strategy.
Country:US-1
Category: [u'cooperation']
Subcategory: [u'intra-state cooperation']
Sentence: Only by acting together can we build a more secure future in cyberspace.
Country:US-1
Category: []
Subcategory: []
Sentence: T A B L E O F C O N T E N T S Table of Contents Executive Summary .
Country:US-1
Category: [u'child online protection']
Subcategory: [u'reporting mechanism']
Sentence: .1 Cyberspace Threats and Vulnerabilities: A Case for Action .
Country:US-1
Category: []
Subcategory: []
Sentence: .5 National Policy and Guiding Principles .
Country:US-1
Category: [u'organization measures']
Subcategory: [u'policy', u'responsible agency']
Sentence: .13 National Cyberspace Security Priorities Priority I: A National Cyberspace Security Response System .
Country:US-1
Category: []
Subcategory: []
Sentence: .19 Priority II: A National Cyberspace Security Threat and Vulnerability Reduction Program .
Country:US-1
Category: [u'legal measures', u'child online protection']
Subcategory: [u'regulation and compliance', u'un convention and protocol']
Sentence: .27 Priority III: A National Cyberspace Security Awareness and Training Program .
Country:US-1
Category: [u'capacity building']
Subcategory: [u'manpower development', u'professional certification']
Sentence: .37 Priority IV: Securing Governments Cyberspace .
Country:US-1
Category: []
Subcategory: []
Sentence: .43 Priority V: National Security and International Cyberspace Security Cooperation .
Country:US-1
Category: []
Subcategory: []
Sentence: .49 Conclusion: The Way Forward .
Country:US-1
Category: []
Subcategory: []
Sentence: .53 Appendix: Actions and Recommendations (A/R) Summary .
Country:US-1
Category: []
Subcategory: []
Sentence: .55 T H E N AT I O N A L S T R AT E G Y T O S E C U R E C Y B E R S PA C E v E X E C U T I V E S U M M A R Y Executive Summary Our Nations critical infrastructures are composed of public and private institutions in the sectors of agriculture, food, water, public health, emergency services, government, defense industrial base, information and telecommunications, energy, transportation, banking and finance, chemicals and hazardous materials, and postal and shipping.
Country:US-1
Category: [u'organization measures', u'cooperation']
Subcategory: [u'policy', u'intra-agency cooperation', u'public sector partnership']
Sentence: Cyberspace is their nervous systemthe control system of our country.
Country:US-1
Category: []
Subcategory: []
Sentence: Cyberspace is composed of hundreds of thousands of interconnected computers, servers, routers, switches, and fiber optic cables that allow our critical infrastructures to work.
Country:US-1
Category: [u'organization measures', u'cooperation']
Subcategory: [u'policy', u'intra-agency cooperation', u'public sector partnership']
Sentence: Thus, the healthy functioning of cyberspace is essential to our economy and our national security.
Country:US-1
Category: [u'technical measures', u'organization measures', u'capacity building', u'cooperation']
Subcategory: [u'standards', u'policy', u'responsible agency', u'national benchmarking', u'manpower development', u'international cooperation']
Sentence: This National Strategy to Secure Cyberspace is part of our overall effort to protect the Nation.
Country:US-1
Category: []
Subcategory: []
Sentence: It is an implementing component of the National Strategy for Homeland Security and is complemented by a National Strategy for the Physical Protection of Critical Infrastructures and Key Assets.
Country:US-1
Category: [u'technical measures', u'organization measures', u'cooperation']
Subcategory: [u'standards', u'certification', u'responsible agency', u'policy', u'intra-agency cooperation', u'public sector partnership']
Sentence: The purpose of this document is to engage and empower Americans to secure the portions of cyberspace that they own, operate, control, or with which they interact.
Country:US-1
Category: []
Subcategory: []
Sentence: Securing cyberspace is a difficult strategic challenge that requires coordinated and focused effort from our entire societythe federal government, state and local governments, the private sector, and the American people.
Country:US-1
Category: []
Subcategory: []
Sentence: T H E N A T I O N A L S T R A T E G Y T O S E C U R E C Y B E R S P A C E vii E X E C U T I V E The National Strategy to Secure Cyberspace outlines an initial framework for both organizing and prioritizing efforts.
Country:US-1
Category: []
Subcategory: []
Sentence: It provides direction to the federal government departments and agencies that have roles in cyberspace security.
Country:US-1
Category: [u'organization measures', u'capacity building', u'legal measures', u'child online protection']
Subcategory: [u'roadmap for governance', u'agency certification', u'regulation and compliance', u'un convention and protocol']
Sentence: It also identifies steps that state and local governments, private companies and organizations, and individual Americans can take to improve our collective cybersecurity.
Country:US-1
Category: [u'capacity building', u'cooperation']
Subcategory: [u'standardisation development', u'manpower development', u'public sector partnership']
Sentence: The Strategy highlights the role of publicprivate engagement.
Country:US-1
Category: []
Subcategory: []
Sentence: The document provides a framework for the contributions that we all can make to secure our parts of cyberspace.
Country:US-1
Category: []
Subcategory: []
Sentence: The dynamics of cyberspace will require adjustments and amendments to the Strategy over time.
Country:US-1
Category: []
Subcategory: []
Sentence: The speed and anonymity of cyber attacks makes distinguishing among the actions of terrorists, criminals, and nation states difficult, a task which often occurs only after the fact, if at all.
Country:US-1
Category: []
Subcategory: []
Sentence: Therefore, the National Strategy to Secure Cyberspace helps reduce our Nations vulnerability to debilitating attacks against our critical information infrastructures or the physical assets that support them.
Country:US-1
Category: []
Subcategory: []
Sentence: Strategic Objectives Consistent with the National Strategy for Homeland Security, the strategic objectives of this National Strategy to Secure Cyberspace are to: Prevent cyber attacks against Americas critical infrastructures; Reduce national vulnerability to cyber attacks; and Minimize damage and recovery time from cyber attacks that do occur.
Country:US-1
Category: [u'organization measures', u'cooperation']
Subcategory: [u'policy', u'roadmap for governance', u'public sector partnership']
Sentence: Threat and Vulnerability Our economy and national security are fully dependent upon information technology and the information infrastructure.
Country:US-1
Category: [u'legal measures', u'child online protection']
Subcategory: [u'regulation and compliance', u'un convention and protocol']
Sentence: At the core of the information infrastructure upon which we depend is the Internet, a system originally S U M M A R Y designed to share unclassified research among scientists who were assumed to be uninterested in abusing the network.
Country:US-1
Category: [u'capacity building']
Subcategory: [u'standardisation development']
Sentence: It is that same Internet that today connects millions of other computer networks making most of the nations essential services and infrastructures work.
Country:US-1
Category: [u'cooperation']
Subcategory: [u'international cooperation']
Sentence: These computer networks also control physical objects such as electrical transformers, trains, pipeline pumps, chemical vats, radars, and stock markets, all of which exist beyond cyberspace.
Country:US-1
Category: [u'technical measures', u'cooperation']
Subcategory: [u'cirt', u'public sector partnership']
Sentence: A spectrum of malicious actors can and do conduct attacks against our critical information infrastructures.
Country:US-1
Category: [u'technical measures', u'organization measures', u'capacity building', u'cooperation', u'child online protection']
Subcategory: [u'cirt', u'national benchmarking', u'manpower development', u'professional certification', u'responsible agency', u'intra-agency cooperation', u'public sector partnership', u'national legislation']
Sentence: Of primary concern is the threat of organized cyber attacks capable of causing debilitating disruption to our Nations critical infrastructures, economy, or national security.
Country:US-1
Category: [u'legal measures', u'technical measures', u'capacity building']
Subcategory: [u'regulation and compliance', u'standards', u'certification', u'agency certification']
Sentence: The required technical sophistication to carry out such an attack is highand partially explains the lack of a debilitating attack to date.
Country:US-1
Category: []
Subcategory: []
Sentence: We should not, however, be too sanguine.
Country:US-1
Category: []
Subcategory: []
Sentence: There have been instances where organized attackers have exploited vulnerabilities that may be indicative of more destructive capabilities.
Country:US-1
Category: [u'legal measures', u'technical measures', u'cooperation']
Subcategory: [u'criminal legislation', u'cirt', u'intra-state cooperation', u'intra-agency cooperation', u'international cooperation']
Sentence: Uncertainties exist as to the intent and full technical capabilities of several observed attacks.
Country:US-1
Category: [u'technical measures', u'capacity building']
Subcategory: [u'standards', u'manpower development']
Sentence: Enhanced cyber threat analysis is needed to address long-term trends related to threats and vulnerabilities.
Country:US-1
Category: [u'technical measures', u'cooperation']
Subcategory: [u'cirt', u'intra-agency cooperation', u'public sector partnership']
Sentence: What is known is that the attack tools and methodologies are becoming widely available, and the technical capability and sophistication of users bent on causing havoc or disruption is improving.
Country:US-1
Category: []
Subcategory: []
Sentence: In peacetime Americas enemies may conduct espionage on our Government, university research centers, and private companies.
Country:US-1
Category: [u'technical measures', u'organization measures', u'capacity building']
Subcategory: [u'cirt', u'national benchmarking', u'manpower development', u'professional certification']
Sentence: They may also seek to prepare for cyber strikes during a confrontation by mapping U.S. information systems, identifying key targets, and lacing our infrastructure with back doors and other means of access.
Country:US-1
Category: []
Subcategory: []
Sentence: In wartime or crisis, adversaries may seek to intimidate the Nations political leaders by attacking critical infrastructures and key economic functions or eroding public confidence in information systems.
Country:US-1
Category: [u'capacity building', u'organization measures', u'cooperation']
Subcategory: [u'standardisation development', u'policy', u'intra-agency cooperation', u'public sector partnership']
Sentence: viii T H E N A T I O N A L S T R A T E G Y T O S E C U R E C Y B E R S P A C E E X E C U T I V E Cyber attacks on United States information networks can have serious consequences such as disrupting critical operations, causing loss of revenue and intellectual property, or loss of life.
Country:US-1
Category: []
Subcategory: []
Sentence: Countering such attacks requires the development of robust capabilities where they do not exist today if we are to reduce vulnerabilities and deter those with the capabilities and intent to harm our critical infrastructures.
Country:US-1
Category: [u'child online protection', u'legal measures', u'technical measures', u'cooperation']
Subcategory: [u'institutional support', u'reporting mechanism', u'criminal legislation', u'cirt', u'intra-state cooperation', u'intra-agency cooperation', u'international cooperation']
Sentence: The Government Role in Securing Cyberspace In general, the private sector is best equipped and structured to respond to an evolving cyber threat.
Country:US-1
Category: [u'capacity building', u'cooperation']
Subcategory: [u'standardisation development', u'manpower development', u'public sector partnership']
Sentence: There are specific instances, however, where federal government response is most appropriate and justified.
Country:US-1
Category: []
Subcategory: []
Sentence: Looking inward, providing continuity of government requires ensuring the safety of its own cyber infrastructure and those assets required for supporting its essential missions and services.
Country:US-1
Category: []
Subcategory: []
Sentence: Externally, a government role in cybersecurity is warranted in cases where high transaction costs or legal barriers lead to significant coordination problems; cases in which governments operate in the absence of private sector forces; resolution of incentive problems that lead to under provisioning of critical shared resources; and raising awareness.
Country:US-1
Category: [u'legal measures', u'technical measures', u'organization measures']
Subcategory: [u'regulation and compliance', u'cirt', u'policy']
Sentence: Public-private engagement is a key component of our Strategy to secure cyberspace.
Country:US-1
Category: [u'technical measures']
Subcategory: [u'certification']
Sentence: This is true for several reasons.
Country:US-1
Category: []
Subcategory: []
Sentence: Public-private partnerships can usefully confront coordination problems.
Country:US-1
Category: [u'cooperation']
Subcategory: [u'intra-state cooperation']
Sentence: They can significantly enhance information exchange and cooperation.
Country:US-1
Category: [u'capacity building', u'cooperation']
Subcategory: [u'manpower development', u'intra-state cooperation', u'public sector partnership', u'international cooperation']
Sentence: Public-private engagement will take a variety of forms and will address awareness, training, technological improvements, vulnerability remediation, and recovery operations.
Country:US-1
Category: []
Subcategory: []
Sentence: A federal role in these and other cases is only justified when the benefits of intervention outweigh the associated costs.
Country:US-1
Category: []
Subcategory: []
Sentence: This standard is especially important in cases where there are viable private sector solutions for addressing any potential threat or vulnerability.
Country:US-1
Category: []
Subcategory: []
Sentence: For each case, S U M M A R Y consideration should be given to the broadbased costs and impacts of a given government action, versus other alternative actions, versus non-action, taking into account any existing or future private solutions.
Country:US-1
Category: [u'technical measures', u'cooperation']
Subcategory: [u'standards', u'international cooperation']
Sentence: Federal actions to secure cyberspace are warranted for purposes including: forensics and attack attribution, protection of networks and systems critical to national security, indications and warnings, and protection against organized attacks capable of inflicting debilitating damage to the economy.
Country:US-1
Category: [u'legal measures', u'child online protection']
Subcategory: [u'regulation and compliance', u'un convention and protocol']
Sentence: Federal activities should also support research and technology development that will enable the private sector to better secure privately-owned portions of the Nations critical infrastructure.
Country:US-1
Category: [u'organization measures', u'capacity building', u'cooperation']
Subcategory: [u'national benchmarking', u'standardisation development', u'manpower development', u'public sector partnership']
Sentence: Department of Homeland Security and Cyberspace Security On November 25, 2002, President Bush signed legislation creating the Department of Homeland Security (DHS).
Country:US-1
Category: []
Subcategory: []
Sentence: This new cabinetlevel department will unite 22 federal entities for the common purpose of improving our homeland security.
Country:US-1
Category: []
Subcategory: []
Sentence: The Secretary of DHS will have important responsibilities in cyberspace security.
Country:US-1
Category: []
Subcategory: []
Sentence: These responsibilities include: Developing a comprehensive national plan for securing the key resources and critical infrastructure of the United States; Providing crisis management in response to attacks on critical information systems; Providing technical assistance to the private sector and other government entities with respect to emergency recovery plans for failures of critical information systems; Coordinating with other agencies of the federal government to provide specific warning information and advice about appropriate protective measures and countermeasures to state, local, and nongovernmental organizations including T H E N A T I O N A L S T R A T E G Y T O S E C U R E C Y B E R S P A C E ix E X E C U T I V E the private sector, academia, and the public; and Performing and funding research and development along with other agencies that will lead to new scientific understanding and technologies in support of homeland security.
Country:US-1
Category: [u'organization measures', u'capacity building', u'cooperation', u'legal measures', u'technical measures', u'child online protection']
Subcategory: [u'responsible agency', u'standardisation development', u'public sector partnership', u'regulation and compliance', u'standards', u'certification', u'policy', u'roadmap for governance', u'national benchmarking', u'manpower development', u'agency certification', u'national legislation', u'un convention and protocol']
Sentence: Consistent with these responsibilities, DHS will become a federal center of excellence for cybersecurity and provide a focal point for federal outreach to state, local, and nongovernmental organizations including the private sector, academia, and the public.
Country:US-1
Category: [u'technical measures', u'capacity building']
Subcategory: [u'cirt', u'standardisation development']
Sentence: Critical Priorities for Cyberspace Security The National Strategy to Secure Cyberspace articulates five national priorities including: I.
Country:US-1
Category: []
Subcategory: []
Sentence: A National Cyberspace Security Response System; II.
Country:US-1
Category: []
Subcategory: []
Sentence: A National Cyberspace Security Threat and Vulnerability Reduction Program; III.
Country:US-1
Category: [u'legal measures', u'child online protection']
Subcategory: [u'regulation and compliance', u'un convention and protocol']
Sentence: A National Cyberspace Security Awareness and Training Program; IV.
Country:US-1
Category: []
Subcategory: []
Sentence: Securing Governments Cyberspace; and V. National Security and International Cyberspace Security Cooperation.
Country:US-1
Category: []
Subcategory: []
Sentence: The first priority focuses on improving our response to cyber incidents and reducing the potential damage from such events.
Country:US-1
Category: []
Subcategory: []
Sentence: The second, third, and fourth priorities aim to reduce threats from, and our vulnerabilities to, cyber attacks.
Country:US-1
Category: []
Subcategory: []
Sentence: The fifth priority is to prevent cyber attacks that could impact national security assets and to improve the international management of and response to such attacks.
Country:US-1
Category: []
Subcategory: []
Sentence: S U M M A R Y Priority I: A National Cyberspace Security Response System Rapid identification, information exchange, and remediation can often mitigate the damage caused by malicious cyberspace activity.
Country:US-1
Category: []
Subcategory: []
Sentence: For those activities to be effective at a national level, the United States needs a partnership between government and industry to perform analyses, issue warnings, and coordinate response efforts.
Country:US-1
Category: [u'technical measures', u'organization measures', u'legal measures', u'child online protection']
Subcategory: [u'cirt', u'responsible agency', u'national benchmarking', u'regulation and compliance', u'roadmap for governance', u'un convention and protocol']
Sentence: Privacy and civil liberties must be protected in the process.
Country:US-1
Category: [u'technical measures', u'organization measures']
Subcategory: [u'cirt', u'policy', u'responsible agency']
Sentence: Because no cybersecurity plan can be impervious to concerted and intelligent attack, information systems must be able to operate while under attack and have the resilience to restore full operations quickly.
Country:US-1
Category: [u'technical measures', u'organization measures']
Subcategory: [u'cirt', u'policy']
Sentence: Improve and enhance public-private information sharing involving cyber attacks, threats, and vulnerabilities.
Country:US-1
Category: [u'capacity building', u'cooperation']
Subcategory: [u'manpower development', u'intra-state cooperation', u'public sector partnership', u'international cooperation']
Sentence: Assess and secure emerging systems.
Country:US-1
Category: []
Subcategory: []
Sentence: Priority III: A National Cyberspace Security Awareness and Training Program Priority II: A National Cyberspace Security Threat and Vulnerability Reduction Program By exploiting vulnerabilities in our cyber systems, an organized attack may endanger the security of our Nations critical infrastructures.
Country:US-1
Category: [u'capacity building', u'legal measures', u'child online protection']
Subcategory: [u'manpower development', u'professional certification', u'regulation and compliance', u'un convention and protocol']
Sentence: The vulnerabilities that most threaten cyberspace occur in the information assets of critical infrastructure enterprises themselves and their external supporting structures, such as the mechanisms of the Internet.
Country:US-1
Category: []
Subcategory: []
Sentence: Lesser-secured sites on the interconnected network of networks also present potentially significant exposures to cyber attacks.
Country:US-1
Category: []
Subcategory: []
Sentence: Vulnerabilities result from weaknesses in technology and because of improper implementation and oversight of technological products.
Country:US-1
Category: []
Subcategory: []
Sentence: Many cyber vulnerabilities exist because of a lack of cybersecurity awareness on the part of computer users, systems administrators, technology developers, procurement officials, auditors, chief information officers (CIOs), chief executive officers, and corporate boards.
Country:US-1
Category: [u'organization measures', u'cooperation']
Subcategory: [u'responsible agency', u'intra-agency cooperation']
Sentence: Such awareness-based vulnerabilities present serious risks to critical infrastructures regardless of whether they exist within the infrastructure itself.
Country:US-1
Category: [u'organization measures', u'cooperation']
Subcategory: [u'policy', u'intra-agency cooperation', u'public sector partnership']
Sentence: A lack of trained personnel and the absence of widely accepted, multi-level certification programs for cybersecurity professionals complicate the task of addressing cyber vulnerabilities.
Country:US-1
Category: [u'technical measures', u'capacity building']
Subcategory: [u'certification', u'professional certification']
Sentence: Promote private-sector support for well-coordinated, widely recognized professional cybersecurity certifications.
Country:US-1
Category: []
Subcategory: []
Sentence: Priority IV: Securing Governments Cyberspace Although governments administer only a minority of the Nations critical infrastructure computer systems, governments at all levels perform essential services in the agriculture, food, water, public health, emergency services, defense, social welfare, information and telecommunications, energy, transportation, banking and finance, chemicals, and postal and shipping sectors that depend upon cyberspace for their delivery.
Country:US-1
Category: [u'technical measures', u'organization measures', u'cooperation']
Subcategory: [u'cirt', u'national benchmarking', u'international cooperation']
Sentence: Governments can lead by example in cyberspace security, including fostering a marketplace for more secure technologies through their procurement.
Country:US-1
Category: []
Subcategory: []
Sentence: Encourage state and local governments to consider establishing information technology security programs and participate in information sharing and analysis centers with similar governments.
Country:US-1
Category: [u'organization measures', u'capacity building']
Subcategory: [u'roadmap for governance', u'agency certification']
Sentence: Priority V: National Security and International Cyberspace Security Cooperation Americas cyberspace links the United States to the rest of the world.
Country:US-1
Category: []
Subcategory: []
Sentence: A network of networks spans the planet, allowing malicious actors on one continent to act on systems thousands of miles away.
Country:US-1
Category: [u'organization measures', u'capacity building', u'cooperation', u'child online protection']
Subcategory: [u'responsible agency', u'manpower development', u'intra-agency cooperation', u'public sector partnership', u'national legislation']
Sentence: Cyber attacks cross borders at light speed, and discerning the source of malicious activity is difficult.
Country:US-1
Category: [u'cooperation']
Subcategory: [u'international cooperation']
Sentence: America must be capable of safeguarding and defending its critical systems and networks.
Country:US-1
Category: []
Subcategory: []
Sentence: Enabling our ability to do so requires a system of international cooperation to facilitate information sharing, reduce vulnerabilities, and deter malicious actors.
Country:US-1
Category: [u'technical measures', u'capacity building', u'cooperation']
Subcategory: [u'standards', u'professional certification', u'agency certification', u'international cooperation']
Sentence: Foster the establishment of national and international watch-and-warning networks to detect and prevent cyber attacks as they emerge; and this Strategy.
Country:US-1
Category: []
Subcategory: []
Sentence: Inputs from the critical sectors themselves can be found at http://www.pcis.org.
Country:US-1
Category: []
Subcategory: []
Sentence: (These documents were not subject to government approval.)
Country:US-1
Category: []
Subcategory: []
Sentence: Encourage other nations to accede to the Council of Europe Convention on Cybercrime, or to ensure that their laws and procedures are at least as comprehensive.
Country:US-1
Category: []
Subcategory: []
Sentence: These comprehensive infrastructure plans describe the strategic initiatives of various sectors, including: Banking and Finance; A National Effort Insurance; Protecting the widely distributed assets of cyberspace requires the efforts of many Americans.
Country:US-1
Category: []
Subcategory: []
Sentence: The federal government alone cannot sufficiently defend Americas cyberspace.
Country:US-1
Category: []
Subcategory: []
Sentence: Our traditions of federalism and limited government require that organizations outside the federal government take the lead in many of these efforts.
Country:US-1
Category: []
Subcategory: []
Sentence: Every American who can contribute to securing part of cyberspace is encouraged to do so.
Country:US-1
Category: []
Subcategory: []
Sentence: The federal government invites the creation of, and participation in, public-private partnerships to raise cybersecurity awareness, train personnel, stimulate market forces, improve technology, identify and remediate vulnerabilities, exchange information, and plan recovery operations.
Country:US-1
Category: [u'capacity building', u'cooperation']
Subcategory: [u'manpower development', u'intra-state cooperation']
Sentence: Chemical; People and organizations across the United States have already taken steps to improve cyberspace security.
Country:US-1
Category: []
Subcategory: []
Sentence: On September 18, 2002, many private-sector entities released plans and strategies for securing their respective infrastructures.
Country:US-1
Category: []
Subcategory: []
Sentence: The Partnership for Critical Infrastructure Security has played a unique role in facilitating private-sector contributions to Oil and Gas; Electric; Law Enforcement; Higher Education; Transportation (Rail); Information Technology and Telecommunications; and Water.
Country:US-1
Category: []
Subcategory: []
Sentence: As each of the critical infrastructure sectors implements these initiatives, threats and vulnerabilities to our infrastructures will be reduced.
Country:US-1
Category: [u'legal measures', u'organization measures', u'cooperation', u'child online protection']
Subcategory: [u'regulation and compliance', u'policy', u'intra-agency cooperation', u'public sector partnership', u'un convention and protocol']
Sentence: For the foreseeable future two things will be true: America will rely upon cyberspace and the federal government will seek a continuing broad partnership with the private sector to develop, implement, and refine a National Strategy to Secure Cyberspace.
Country:US-1
Category: [u'capacity building', u'cooperation']
Subcategory: [u'standardisation development', u'manpower development', u'public sector partnership']
Sentence: T H E N A T I O N A L S T R A T E G Y T O S E C U R E C Y B E R S P A C E xiii E X E C U T I V E xiv T H E N A T I O N A L S T R A T E G Y T O S E C U R E C Y B E R S P A C E S U M M A R Y I N T R O D U C T I O N Introduction A Nation in Cyberspace Our Nations critical infrastructures consist of the physical and cyber assets of public and private institutions in several sectors: agriculture, food, water, public health, emergency services, government, defense industrial base, information and telecommunications, energy, transportation, banking and finance, chemicals and hazardous materials, and postal and shipping.
Country:US-1
Category: [u'organization measures', u'cooperation']
Subcategory: [u'policy', u'intra-agency cooperation', u'public sector partnership']
Sentence: Cyberspace is the nervous system of these infrastructuresthe control system of our country.
Country:US-1
Category: []
Subcategory: []
Sentence: Cyberspace comprises hundreds of thousands of interconnected computers, servers, routers, switches, and fiber optic cables that make our critical infrastructures work.
Country:US-1
Category: [u'organization measures', u'cooperation']
Subcategory: [u'policy', u'intra-agency cooperation', u'public sector partnership']
Sentence: Thus, the healthy functioning of cyberspace is essential to our economy and our national security.
Country:US-1
Category: [u'technical measures', u'organization measures', u'capacity building', u'cooperation']
Subcategory: [u'standards', u'policy', u'responsible agency', u'national benchmarking', u'manpower development', u'international cooperation']
Sentence: Unfortunately, recent events have highlighted the existence of cyberspace vulnerabilities and the fact that malicious actors seek to exploit them.
Country:US-1
Category: [u'technical measures', u'capacity building', u'cooperation', u'organization measures', u'child online protection']
Subcategory: [u'cirt', u'manpower development', u'intra-state cooperation', u'intra-agency cooperation', u'international cooperation', u'responsible agency', u'public sector partnership', u'national legislation']
Sentence: (See, Cyberspace Threats and Vulnerabilities.)
Country:US-1
Category: []
Subcategory: []
Sentence: This National Strategy to Secure Cyberspace is part of an overall effort to protect the Nation.
Country:US-1
Category: []
Subcategory: []
Sentence: It is an implementing component of the National Strategy for Homeland Security and is complemented by the National Strategy for the Physical Protection of Critical Infrastructures and Key Assets.
Country:US-1
Category: [u'technical measures', u'organization measures', u'cooperation']
Subcategory: [u'standards', u'certification', u'responsible agency', u'policy', u'intra-agency cooperation', u'public sector partnership']
Sentence: The purpose of this document is to engage and empower Americans to secure the portions of cyberspace that they own, operate, or control, or with which they interact.
Country:US-1
Category: []
Subcategory: []
Sentence: Securing T H E N AT I O N A L S T R AT E G Y T O S E C U R E C Y B E R S PA C E 1 I N T R O D U C T I O N cyberspace is a difficult strategic challenge that requires coordinated and focused effort from our entire societythe federal government, state and local governments, the private sector, and the American people.
Country:US-1
Category: []
Subcategory: []
Sentence: A Unique Problem, a Unique Process Most critical infrastructures, and the cyberspace on which they rely, are privately owned and operated.
Country:US-1
Category: []
Subcategory: []
Sentence: The technologies that create and support cyberspace evolve rapidly from privatesector and academic innovation.
Country:US-1
Category: [u'technical measures', u'capacity building', u'cooperation', u'child online protection']
Subcategory: [u'standards', u'standardisation development', u'manpower development', u'public sector partnership', u'institutional support', u'reporting mechanism']
Sentence: Government alone cannot sufficiently secure cyberspace.
Country:US-1
Category: []
Subcategory: []
Sentence: Thus, President Bush has called for voluntary partnerships among government, industry, academia, and nongovernmental groups to secure and defend cyberspace.
Country:US-1
Category: []
Subcategory: []
Sentence: (See, National Policy and Guiding Principles.)
Country:US-1
Category: []
Subcategory: []
Sentence: In recognition of this need for partnership, the process to develop the National Strategy to Secure Cyberspace included soliciting views from both the public and private sectors.
Country:US-1
Category: []
Subcategory: []
Sentence: To do so, the White House sponsored town hall meetings on cyberspace security in ten metropolitan areas.
Country:US-1
Category: [u'cooperation']
Subcategory: [u'intra-state cooperation', u'international cooperation']
Sentence: Consequently, individual sectors (e.g., higher education, state and local government, banking and finance) formed workgroups to create initial sector-specific cyberspace security strategies.
Country:US-1
Category: [u'technical measures', u'capacity building', u'cooperation', u'child online protection']
Subcategory: [u'standards', u'standardisation development', u'manpower development', u'public sector partnership', u'institutional support', u'reporting mechanism']
Sentence: Additionally, the White House created a Presidential advisory panel, the National Infrastructure Advisory Council, consisting of leaders from the key sectors of the economy, government, and academia.
Country:US-1
Category: [u'capacity building', u'technical measures', u'cooperation']
Subcategory: [u'standardisation development', u'certification', u'public sector partnership']
Sentence: The Presidents National Security Telecommunications Advisory Committee reviewed and commented on the Strategy.
Country:US-1
Category: [u'technical measures', u'organization measures', u'capacity building', u'cooperation']
Subcategory: [u'standards', u'responsible agency', u'manpower development', u'international cooperation']
Sentence: In September 2002, the Presidents Critical Infrastructure Protection Board sought comments from individuals and institutions nationwide by placing a draft version of the Strategy online for review.
Country:US-1
Category: [u'legal measures', u'technical measures', u'organization measures', u'capacity building', u'cooperation']
Subcategory: [u'criminal legislation', u'regulation and compliance', u'certification', u'policy', u'responsible agency', u'manpower development', u'intra-agency cooperation', u'public sector partnership']
Sentence: Thousands participated in the town hall meetings and provided comments online.
Country:US-1
Category: [u'cooperation']
Subcategory: [u'intra-state cooperation', u'international cooperation']
Sentence: Their comments contributed to shaping the Strategy by narrowing its focus and sharpening its priorities.
Country:US-1
Category: []
Subcategory: []
Sentence: This process recognizes that we can only secure cyberspace successfully through an inclusive national effort that engages major institutions throughout the country.
Country:US-1
Category: []
Subcategory: []
Sentence: The federal government designed the Strategy development process to raise the Nations level of awareness of the importance of cybersecurity.
Country:US-1
Category: [u'capacity building', u'organization measures']
Subcategory: [u'manpower development', u'national benchmarking', u'standardisation development']
Sentence: Its intent was to produce a Strategy that many Americans could feel they had a direct role in developing, and to which they would be committed.
Country:US-1
Category: []
Subcategory: []
Sentence: Although the redrafting process reflects many of the comments provided, not everyone will agree with each component of the National Strategy to Secure Cyberspace.
Country:US-1
Category: [u'technical measures']
Subcategory: [u'certification']
Sentence: Many issues could not be addressed in detail, and others are not yet ripe for national policy.
Country:US-1
Category: []
Subcategory: []
Sentence: The Strategy is not immutable; actions will evolve as technologies advance, as threats and vulnerabilities change, and as our understanding of the cybersecurity issues improves and clarifies.
Country:US-1
Category: [u'legal measures', u'child online protection']
Subcategory: [u'regulation and compliance', u'un convention and protocol']
Sentence: A national dialogue on cyberspace security must therefore continue.
Country:US-1
Category: []
Subcategory: []
Sentence: In the weeks following the release of the draft Strategy, Congress approved the creation of the Department of Homeland Security (DHS), assigned to it many agencies that are active in cybersecurity, and directed it to perform new cybersecurity missions.
Country:US-1
Category: [u'legal measures', u'technical measures', u'organization measures']
Subcategory: [u'criminal legislation', u'regulation and compliance', u'cirt', u'certification', u'policy', u'national benchmarking']
Sentence: This Strategy reflects those changes.
Country:US-1
Category: []
Subcategory: []
Sentence: Congress passed and the President signed the Cyber Security Research and Development Act (Public Law 107-305), authorizing a multi-year effort to create more secure cyber technologies, to expand cybersecurity research and development, and to improve the cybersecurity workforce.
Country:US-1
Category: [u'technical measures', u'capacity building', u'cooperation', u'child online protection', u'legal measures']
Subcategory: [u'standards', u'standardisation development', u'manpower development', u'public sector partnership', u'institutional support', u'reporting mechanism', u'regulation and compliance', u'un convention and protocol']
Sentence: Five National Cyberspace Security Priorities The National Strategy to Secure Cyberspace is a call for national awareness and action by individuals and institutions throughout the United States, to increase the level of cybersecurity nationwide and to implement continuous processes for identifying and remedying cyber vulnerabilities.
Country:US-1
Category: []
Subcategory: []
Sentence: Its framework is an agenda of 2 T H E N AT I O N A L S T R AT E G Y T O S E C U R E C Y B E R S PA C E I N T R O D U C T I O N five broad priorities that require widespread voluntary participation.
Country:US-1
Category: []
Subcategory: []
Sentence: Each individual program consists of several components, many of which were drawn from the draft Strategys recommendations and related public comments.
Country:US-1
Category: [u'legal measures', u'technical measures', u'organization measures']
Subcategory: [u'criminal legislation', u'regulation and compliance', u'certification', u'policy']
Sentence: Addressing these priorities requires the leadership of DHS as well as several other key federal departments and agencies.
Country:US-1
Category: []
Subcategory: []
Sentence: As part of the Office of Management and Budget (OMB)-led budget process, and with the support of Congress, these departments and agencies now have the task of translating the Strategys recommendations into actions.
Country:US-1
Category: [u'legal measures', u'child online protection']
Subcategory: [u'regulation and compliance', u'un convention and protocol']
Sentence: Corporations, universities, state and local governments, and other partners are also encouraged to take actions consistent with these five national cyberspace security priorities, both independently and in partnership with the federal government.
Country:US-1
Category: []
Subcategory: []
Sentence: Each private-sector organization must make its own decisions based on cost effectiveness analysis and risk-management and mitigation strategies.
Country:US-1
Category: [u'organization measures', u'cooperation']
Subcategory: [u'policy', u'public sector partnership']
Sentence: The National Strategy to Secure Cyberspace articulates five national priorities.
Country:US-1
Category: []
Subcategory: []
Sentence: The first priority focuses on improving our ability to respond to cyber incidents and reduce the potential damage from such events.
Country:US-1
Category: []
Subcategory: []
Sentence: The second, third, and fourth priorities aim to reduce the numbers of cyber threats and our overall vulnerability to cyber attacks.
Country:US-1
Category: []
Subcategory: []
Sentence: The fifth priority focuses on preventing cyber attacks with the potential to impact national security assets and improving international management of and response to such attacks.
Country:US-1
Category: []
Subcategory: []
Sentence: Priority I: A National Cyberspace Security Response System Rapid identification, information exchange, and remediation can often mitigate the damage caused by malicious cyberspace activity.
Country:US-1
Category: []
Subcategory: []
Sentence: For those activities to take place effectively at a national level, the United States requires a partnership between government and industry to perform analyses, issue warnings, and coordinate response efforts.
Country:US-1
Category: [u'technical measures', u'organization measures', u'legal measures', u'child online protection']
Subcategory: [u'cirt', u'responsible agency', u'national benchmarking', u'regulation and compliance', u'roadmap for governance', u'un convention and protocol']
Sentence: Privacy and civil liberties must be protected in the process.
Country:US-1
Category: [u'technical measures', u'organization measures']
Subcategory: [u'cirt', u'policy', u'responsible agency']
Sentence: Because no cybersecurity plan can be impervious to concerted and intelligent attacks, information systems must be able to operate while under attack and also have the resilience to restore full operations in their wake.
Country:US-1
Category: [u'technical measures', u'organization measures']
Subcategory: [u'cirt', u'policy']
Sentence: To prepare for the possibility of major cyber attacks, America needs a national cyber disaster recovery plan.
Country:US-1
Category: []
Subcategory: []
Sentence: The National Cyberspace Security Response System will involve public and private institutions and cyber centers to perform analysis, conduct watch and warning activities, enable information exchange, and facilitate restoration efforts.
Country:US-1
Category: [u'technical measures', u'organization measures', u'capacity building']
Subcategory: [u'cirt', u'national benchmarking', u'manpower development', u'professional certification']
Sentence: Priority II: A National Cyberspace Security Threat and Vulnerability Reduction Program By exploiting vulnerabilities in our cyber systems, an organized cyber attack may endanger the security of our Nations critical infrastructures.
Country:US-1
Category: [u'legal measures', u'child online protection']
Subcategory: [u'regulation and compliance', u'un convention and protocol']
Sentence: Cyberspace vulnerabilities occur in the critical infrastructure enterprises and government departments themselves, in their external supporting structures (such as the mechanisms of the Internet), and in unsecured sites across the interconnected network of networks.
Country:US-1
Category: [u'organization measures', u'capacity building']
Subcategory: [u'roadmap for governance', u'agency certification']
Sentence: Vulnerabilities exist for several reasons including technological weaknesses, poor security-control implementation, and absences of effective oversight.
Country:US-1
Category: []
Subcategory: []
Sentence: A National Cyberspace Security Threat and Vulnerability reduction program will include coordinated national efforts conducted by governments and the private sector to identify and remediate the most serious cyber vulnerabilities through collaborative activities, such as sharing best practices and evaluating and implementing new technologies.
Country:US-1
Category: [u'technical measures', u'organization measures', u'legal measures', u'capacity building', u'cooperation', u'child online protection']
Subcategory: [u'standards', u'responsible agency', u'regulation and compliance', u'standardisation development', u'manpower development', u'public sector partnership', u'un convention and protocol']
Sentence: Additional program components will include raising cybersecurity awareness, increasing criminal justice activities, and developing national security programs to deter future cyber threats.
Country:US-1
Category: [u'legal measures', u'child online protection']
Subcategory: [u'criminal legislation', u'national legislation']
Sentence: T H E N AT I O N A L S T R AT E G Y T O S E C U R E C Y B E R S PA C E 3 I N T R O D U C T I O N Priority III: A National Cyberspace Security Awareness and Training Program Many information-system vulnerabilities exist because of a lack of cyberspace security awareness on the part of computer users, systems administrators, technology developers, procurement officials, auditors, chief information officers, chief executive officers, and corporate boards.
Country:US-1
Category: [u'capacity building']
Subcategory: [u'manpower development', u'professional certification']
Sentence: These vulnerabilities can present serious risks to the infrastructures even if they are not actually part of the infrastructure itself.
Country:US-1
Category: []
Subcategory: []
Sentence: A lack of trained personnel and the absence of widely accepted, multi-level certifications for personnel further complicate the task of reducing vulnerabilities.
Country:US-1
Category: [u'technical measures', u'capacity building']
Subcategory: [u'certification', u'professional certification']
Sentence: The National Cyberspace Security Awareness and Training Program will raise cybersecurity awareness in companies, government agencies, universities, and among the Nations computer users.
Country:US-1
Category: [u'capacity building']
Subcategory: [u'manpower development', u'professional certification']
Sentence: It will further address shortfalls in the numbers of trained and certified cybersecurity personnel.
Country:US-1
Category: []
Subcategory: []
Sentence: Priority IV: Securing Governments Cyberspace Although governments administer only a minority of the Nations critical infrastructure computer systems, governments at all levels perform essential services that rely on each of the critical infrastructure sectors, which are agriculture, food, water, public health, emergency services, government, defense industrial base, information and telecommunications, energy, transportation, banking and finance, chemicals and hazardous materials, and postal and shipping.
Country:US-1
Category: [u'technical measures', u'organization measures', u'cooperation']
Subcategory: [u'cirt', u'national benchmarking', u'international cooperation']
Sentence: With respect to investment in cyberspace security, government can lead by example by fostering a marketplace for more secure technologies through large procurements of advanced information assurance technologies.
Country:US-1
Category: [u'organization measures']
Subcategory: [u'responsible agency']
Sentence: A program to implement such products will help to ensure that federal computer systems and networks are secure.
Country:US-1
Category: [u'legal measures', u'child online protection']
Subcategory: [u'regulation and compliance', u'un convention and protocol']
Sentence: The federal government will also assist state and local governments with cybersecurity awareness, training, and information exchange.
Country:US-1
Category: [u'organization measures', u'capacity building']
Subcategory: [u'roadmap for governance', u'agency certification']
Sentence: Priority V: National Security and International Cyberspace Security Cooperation Americas cyberspace links the United States to the rest of the world.
Country:US-1
Category: []
Subcategory: []
Sentence: A network of networks spans the planet, allowing malicious actors on one continent to act on systems thousands of miles away.
Country:US-1
Category: [u'organization measures', u'capacity building', u'cooperation', u'child online protection']
Subcategory: [u'responsible agency', u'manpower development', u'intra-agency cooperation', u'public sector partnership', u'national legislation']
Sentence: Cyber attacks cross borders at light speed, and discerning the source of malicious activity is difficult.
Country:US-1
Category: [u'cooperation']
Subcategory: [u'international cooperation']
Sentence: America must be capable of safeguarding and defending its critical systems and networksregardless of where an attack originates.
Country:US-1
Category: []
Subcategory: []
Sentence: Facilitating our ability to do so requires a system of international cooperation to enable the information sharing, reduce vulnerabilities, and deter malicious actors.
Country:US-1
Category: [u'technical measures', u'capacity building', u'cooperation']
Subcategory: [u'standards', u'professional certification', u'agency certification', u'international cooperation']
Sentence: Actions and Recommendations The Strategy highlights actions that the federal government will take and makes recommendations to our partners in nongovernmental organizations.
Country:US-1
Category: []
Subcategory: []
Sentence: The actions and recommendations (A/R) are italicized throughout the Strategy and numbered according to the associated priority.
Country:US-1
Category: []
Subcategory: []
Sentence: For example A/R 1-1 is the first action or recommendation in Priority I.
Country:US-1
Category: [u'legal measures']
Subcategory: [u'regulation and compliance']
Sentence: Appendix A provides a summary of all of the A/Rs proposed.
Country:US-1
Category: []
Subcategory: []
Sentence: 4 T H E N AT I O N A L S T R AT E G Y T O S E C U R E C Y B E R S PA C E C Y B E R S P A C E T H R E A T S A N D V U L N E R A B I L I T I E S A Mapping of Code Red Penetration on a Portion of the Internet.
Country:US-1
Category: [u'technical measures', u'organization measures']
Subcategory: [u'cirt', u'national benchmarking']
Sentence: Image courtesy UCSD/CAIDA (www.caida.org) 2002 The Regents of the University of California.
Country:US-1
Category: []
Subcategory: []
Sentence: Cyberspace Threats and Vulnerabilities A Case for Action The terrorist attacks against the United States that took place on September 11, 2001, had a profound impact on our Nation.
Country:US-1
Category: [u'legal measures', u'child online protection']
Subcategory: [u'regulation and compliance', u'un convention and protocol']
Sentence: The federal government and society as a whole have been forced to reexamine conceptions of security on our home soil, with many understanding only for the first time the lengths to which selfdesignated enemies of our country are willing to go to inflict debilitating damage.
Country:US-1
Category: [u'capacity building', u'cooperation']
Subcategory: [u'standardisation development', u'intra-state cooperation']
Sentence: We must move forward with the understanding that there are enemies who seek to inflict damage on our way of life.
Country:US-1
Category: []
Subcategory: []
Sentence: They are ready to attack us on our own soil, and they have shown a willingness to use unconventional means to execute those attacks.
Country:US-1
Category: []
Subcategory: []
Sentence: While the attacks of September 11 were physical attacks, we are facing increasing threats from hostile adversaries in the realm of cyberspace as well.
Country:US-1
Category: []
Subcategory: []
Sentence: A Nation Now Fully Dependent on Cyberspace For the United States, the information technology revolution quietly changed the way business and government operate.
Country:US-1
Category: []
Subcategory: []
Sentence: Without a great deal of thought about security, the Nation shifted the control of essential processes in manufacturing, utilities, banking, and communications to networked computers.
Country:US-1
Category: []
Subcategory: []
Sentence: As a result, the cost of doing business dropped and productivity skyrocketed.
Country:US-1
Category: []
Subcategory: []
Sentence: The trend toward greater use of networked systems continues.
Country:US-1
Category: []
Subcategory: []
Sentence: T H E N AT I O N A L S T R AT E G Y T O S E C U R E C Y B E R S PA C E 5 C Y B E R S P A C E T H R E A T S By 2003, our economy and national security became fully dependent upon information technology and the information infrastructure.
Country:US-1
Category: []
Subcategory: []
Sentence: A network of networks directly supports the operation of all sectors of our economyenergy (electric power, oil and gas), transportation (rail, air, merchant marine), finance and banking, information and telecommunications, public health, emergency services, water, chemical, defense industrial base, food, agriculture, and postal and shipping.
Country:US-1
Category: [u'child online protection']
Subcategory: [u'institutional support']
Sentence: The reach of these computer networks exceeds the bounds of cyberspace.
Country:US-1
Category: []
Subcategory: []
Sentence: They also control physical objects such as electrical transformers, trains, pipeline pumps, chemical vats, and radars.
Country:US-1
Category: [u'technical measures', u'cooperation']
Subcategory: [u'cirt', u'public sector partnership']
Sentence: Threats in Cyberspace A spectrum of malicious actors can and do conduct attacks against our critical information infrastructures.
Country:US-1
Category: [u'technical measures', u'organization measures', u'capacity building', u'cooperation', u'child online protection']
Subcategory: [u'cirt', u'national benchmarking', u'manpower development', u'professional certification', u'responsible agency', u'intra-agency cooperation', u'public sector partnership', u'national legislation']
Sentence: Of primary concern is the threat of organized cyber attacks capable of causing debilitating disruption to our Nations critical infrastructures, economy, or national security.
Country:US-1
Category: [u'legal measures', u'technical measures', u'capacity building']
Subcategory: [u'regulation and compliance', u'standards', u'certification', u'agency certification']
Sentence: The required technical sophistication to carry out such an attack is highand partially explains the lack of a debilitating attack to date.
Country:US-1
Category: []
Subcategory: []
Sentence: We should not, however, be too sanguine.
Country:US-1
Category: []
Subcategory: []
Sentence: There have been instances where attackers have exploited vulnerabilities that may be indicative of more destructive capabilities.
Country:US-1
Category: [u'legal measures', u'technical measures', u'cooperation']
Subcategory: [u'criminal legislation', u'cirt', u'intra-state cooperation', u'intra-agency cooperation', u'international cooperation']
Sentence: Uncertainties exist as to the intent and full technical capabilities of several observed attacks.
Country:US-1
Category: [u'technical measures', u'capacity building']
Subcategory: [u'standards', u'manpower development']
Sentence: Enhanced cyber threat analysis is needed to address long-term trends related to threats and vulnerabilities.
Country:US-1
Category: [u'technical measures', u'cooperation']
Subcategory: [u'cirt', u'intra-agency cooperation', u'public sector partnership']
Sentence: What is known is that the attack tools and methodologies are becoming widely available, and the technical capability and sophistication of users bent on causing havoc or disruption is improving.
Country:US-1
Category: []
Subcategory: []
Sentence: As an example, consider the NIMDA (ADMIN spelled backwards) attack.
Country:US-1
Category: []
Subcategory: []
Sentence: Despite the fact that NIMDA did not create a catastrophic disruption to the critical infrastructure, it is a good example of the increased technical sophistication showing up in cyber A N D V U L N E R A B I L I T I E S attacks.
Country:US-1
Category: [u'technical measures', u'capacity building', u'cooperation', u'child online protection']
Subcategory: [u'standards', u'standardisation development', u'manpower development', u'public sector partnership', u'institutional support', u'reporting mechanism']
Sentence: It demonstrated that the arsenal of weapons available to organized attackers now contains the capability to learn and adapt to its local environment.
Country:US-1
Category: [u'legal measures', u'technical measures', u'cooperation']
Subcategory: [u'criminal legislation', u'cirt', u'intra-state cooperation', u'intra-agency cooperation', u'international cooperation']
Sentence: NIMDA was an automated cyber attack, a blend of a computer worm and a computer virus.
Country:US-1
Category: []
Subcategory: []
Sentence: It propagated across the Nation with enormous speed and tried several different ways to infect computer systems it invaded until it gained access and destroyed files.
Country:US-1
Category: []
Subcategory: []
Sentence: It went from nonexistent to nationwide in an hour, lasted for days, and attacked 86,000 computers.
Country:US-1
Category: []
Subcategory: []
Sentence: Consider that two months before NIMDA, a cyber attack called Code Red infected 150,000 computer systems in 14 hours.
Country:US-1
Category: []
Subcategory: []
Sentence: Because of the increasing sophistication of computer attack tools, an increasing number of actors are capable of launching nationally significant assaults against our infrastructures and cyberspace.
Country:US-1
Category: []
Subcategory: []
Sentence: In peacetime Americas enemies may conduct espionage on our Government, university research centers, and private companies.
Country:US-1
Category: [u'technical measures', u'organization measures', u'capacity building']
Subcategory: [u'cirt', u'national benchmarking', u'manpower development', u'professional certification']
Sentence: They may also seek to prepare for cyber strikes during a confrontation by mapping U.S. information systems, identifying key targets, lacing our infrastructure with back doors and other means of access.
Country:US-1
Category: []
Subcategory: []
Sentence: In wartime or crisis, adversaries may seek to intimidate the nations political leaders by attacking critical infrastructures and key economic functions or eroding public confidence in information systems.
Country:US-1
Category: [u'capacity building', u'organization measures', u'cooperation']
Subcategory: [u'standardisation development', u'policy', u'intra-agency cooperation', u'public sector partnership']
Sentence: Cyber attacks on U.S. information networks can have serious consequences such as disrupting critical operations, causing loss of revenue and intellectual property, or loss of life.
Country:US-1
Category: []
Subcategory: []
Sentence: Countering such attacks requires the development of robust capabilities where they do not exist today if we are to reduce vulnerabilities and deter those with the capabilities and intent to harm our critical infrastructures.
Country:US-1
Category: [u'child online protection', u'legal measures', u'technical measures', u'cooperation']
Subcategory: [u'institutional support', u'reporting mechanism', u'criminal legislation', u'cirt', u'intra-state cooperation', u'intra-agency cooperation', u'international cooperation']
Sentence: Cyberspace provides a means for organized attack on our infrastructure from a distance.
Country:US-1
Category: []
Subcategory: []
Sentence: These attacks require only commodity 6 T H E N AT I O N A L S T R AT E G Y T O S E C U R E C Y B E R S PA C E C Y B E R S P A C E T H R E A T S A N D V U L N E R A B I L I T I E S technology, and enable attackers to obfuscate their identities, locations, and paths of entry.
Country:US-1
Category: [u'legal measures', u'technical measures', u'cooperation']
Subcategory: [u'criminal legislation', u'cirt', u'intra-state cooperation', u'intra-agency cooperation', u'international cooperation']
Sentence: Not only does cyberspace provide the ability to exploit weaknesses in our critical infrastructures, but it also provides a fulcrum for leveraging physical attacks by allowing the possibility of disrupting communications, hindering U.S. defensive or offensive response, or delaying emergency responders who would be essential following a physical attack.
Country:US-1
Category: []
Subcategory: []
Sentence: Vulnerability assessment and remediation activities must be ongoing.
Country:US-1
Category: []
Subcategory: []
Sentence: An information technology security audit conducted by trained professionals to identify infrastructure vulnerabilities can take months.
Country:US-1
Category: []
Subcategory: []
Sentence: Subsequently, the process of creating a multilayered defense and a resilient network to remedy the most serious vulnerabilities could take several additional months.
Country:US-1
Category: []
Subcategory: []
Sentence: The process must then be regularly repeated.
Country:US-1
Category: []
Subcategory: []
Sentence: In the last century, geographic isolation helped protect the United States from a direct physical invasion.
Country:US-1
Category: []
Subcategory: []
Sentence: In cyberspace national boundaries have little meaning.
Country:US-1
Category: []
Subcategory: []
Sentence: Information flows continuously and seamlessly across political, ethnic, and religious divides.
Country:US-1
Category: []
Subcategory: []
Sentence: Even the infrastructure that makes up cyberspacesoftware and hardware is global in its design and development.
Country:US-1
Category: [u'technical measures', u'capacity building', u'cooperation']
Subcategory: [u'cirt', u'standardisation development', u'intra-agency cooperation']
Sentence: Because of the global nature of cyberspace, the vulnerabilities that exist are open to the world and available to anyone, anywhere, with sufficient capability to exploit them.
Country:US-1
Category: [u'legal measures', u'capacity building', u'cooperation']
Subcategory: [u'regulation and compliance', u'standardisation development', u'manpower development', u'international cooperation']
Sentence: Threat and Vulnerability: A Five-Level Problem Reduce Vulnerabilities in the Absence of Known Threats Level 1, the Home User/Small Business While the Nations critical infrastructures must, of course, deal with specific threats as they arise, waiting to learn of an imminent attack before addressing important critical infrastructure vulnerabilities is a risky and unacceptable strategy.
Country:US-1
Category: [u'organization measures', u'cooperation']
Subcategory: [u'policy', u'intra-agency cooperation', u'public sector partnership']
Sentence: Cyber attacks can burst onto the Nations networks with little or no warning and spread so fast that many victims never have a chance to hear the alarms.
Country:US-1
Category: []
Subcategory: []
Sentence: Even with forewarning, they likely would not have had the time, knowledge, or tools needed to protect themselves.
Country:US-1
Category: []
Subcategory: []
Sentence: In some cases creating defenses against these attacks would have taken days.
Country:US-1
Category: []
Subcategory: []
Sentence: A key lesson derived from these and other such cyber attacks is that organizations that rely on networked computer systems must take proactive steps to identify and remedy their vulnerabilities, rather than waiting for an attacker to be stopped or until alerted of an Managing threat and reducing vulnerability in cyberspace is a particularly complex challenge because of the number and range of different types of users.
Country:US-1
Category: [u'legal measures', u'technical measures', u'cooperation', u'capacity building']
Subcategory: [u'criminal legislation', u'cirt', u'intra-state cooperation', u'intra-agency cooperation', u'international cooperation', u'manpower development']
Sentence: Cyberspace security requires action on multiple levels and by a diverse group of actors because literally hundreds of millions of devices are interconnected by a network of networks.
Country:US-1
Category: []
Subcategory: []
Sentence: The problem of cyberspace security can be best addressed on five levels.
Country:US-1
Category: []
Subcategory: []
Sentence: Though not a part of a critical infrastructure the computers of home users can become part of networks of remotely controlled machines that are then used to attack critical infrastructures.
Country:US-1
Category: []
Subcategory: []
Sentence: Undefended home and small business computers, particularly those using digital subscriber line (DSL) or cable connections, are vulnerable to attackers who can employ the use of those machines without the owners knowledge.
Country:US-1
Category: [u'legal measures', u'technical measures', u'cooperation']
Subcategory: [u'criminal legislation', u'cirt', u'intra-state cooperation', u'intra-agency cooperation', u'international cooperation']
Sentence: Groups of such zombie machines can then be used by third-party actors to launch denial-of-service (DoS) attacks on key Internet nodes and other important enterprises or critical infrastructures.
Country:US-1
Category: []
Subcategory: []
Sentence: Level 2, Large Enterprises Large-scale enterprises (corporations, government agencies, and universities) are common targets for cyber attacks.
Country:US-1
Category: []
Subcategory: []
Sentence: Many such enterprises are part of critical infrastructures.
Country:US-1
Category: []
Subcategory: []
Sentence: Enterprises require clearly articulated, active T H E N AT I O N A L S T R AT E G Y T O S E C U R E C Y B E R S PA C E 7 C Y B E R S P A C E T H R E A T S information security policies and programs to audit compliance with cybersecurity best practices.
Country:US-1
Category: [u'legal measures', u'technical measures']
Subcategory: [u'regulation and compliance', u'standards']
Sentence: According to the U.S. intelligence community, American networks will be increasingly targeted by malicious actors both for the data and the power they possess.
Country:US-1
Category: [u'organization measures', u'capacity building', u'cooperation', u'child online protection']
Subcategory: [u'responsible agency', u'manpower development', u'intra-agency cooperation', u'public sector partnership', u'national legislation']
Sentence: Level 3, Critical Sectors/Infrastructures When organizations in sectors of the economy, government, or academia unite to address common cybersecurity problems, they can often reduce the burden on individual enterprises.
Country:US-1
Category: []
Subcategory: []
Sentence: Such collaboration often produces shared institutions and mechanisms, which, in turn, could have cyber vulnerabilities whose exploitation could directly affect the operations of member enterprises and the sector as a whole.
Country:US-1
Category: []
Subcategory: []
Sentence: Enterprises can also reduce cyber risks by participating in groups that develop best practices, evaluate technological offerings, certify products and services, and share information.
Country:US-1
Category: []
Subcategory: []
Sentence: Several sectors have formed Information Sharing and Analysis Centers (ISACs) to monitor for cyber attacks directed against their respective infrastructures.
Country:US-1
Category: []
Subcategory: []
Sentence: ISACs are also a vehicle for sharing information about attack trends, vulnerabilities, and best practices.
Country:US-1
Category: []
Subcategory: []
Sentence: Level 4, National Issues and Vulnerabilities Some cybersecurity problems have national implications and cannot be solved by individual enterprises or infrastructure sectors alone.
Country:US-1
Category: []
Subcategory: []
Sentence: All sectors share the Internet.
Country:US-1
Category: []
Subcategory: []
Sentence: Accordingly, they are all at risk if its mechanisms (e.g., protocols and routers) are not secure.
Country:US-1
Category: [u'child online protection']
Subcategory: [u'un convention and protocol']
Sentence: Weaknesses in widely used software and hardware products can also create problems at the national level, requiring coordinated activities for the research and development of improved technologies.
Country:US-1
Category: [u'technical measures', u'capacity building', u'cooperation', u'child online protection', u'legal measures']
Subcategory: [u'standards', u'standardisation development', u'manpower development', u'public sector partnership', u'institutional support', u'reporting mechanism', u'regulation and compliance', u'un convention and protocol']
Sentence: Additionally, the lack of trained and certified cybersecurity professionals also merits nationallevel concern.
Country:US-1
Category: []
Subcategory: []
Sentence: A N D V U L N E R A B I L I T I E S Level 5, Global The worldwide web is a planetary information grid of systems.
Country:US-1
Category: [u'capacity building', u'cooperation']
Subcategory: [u'standardisation development', u'intra-agency cooperation']
Sentence: Internationally shared standards enable interoperability among the worlds computer systems.
Country:US-1
Category: [u'capacity building', u'cooperation']
Subcategory: [u'manpower development', u'intra-state cooperation', u'public sector partnership']
Sentence: This interconnectedness, however, also means that problems on one continent have the potential to affect computers on another.
Country:US-1
Category: []
Subcategory: []
Sentence: We therefore rely on international cooperation to share information related to cyber issues and, further, to prosecute cyber criminals.
Country:US-1
Category: [u'technical measures', u'capacity building', u'cooperation']
Subcategory: [u'standards', u'professional certification', u'agency certification', u'international cooperation']
Sentence: Without such cooperation, our collective ability to detect, deter, and minimize the effects of cyber-based attacks would be greatly diminished.
Country:US-1
Category: []
Subcategory: []
Sentence: New Vulnerabilities Requiring Continuous Response New vulnerabilities are created or discovered regularly.
Country:US-1
Category: [u'capacity building', u'cooperation']
Subcategory: [u'manpower development', u'intra-agency cooperation', u'international cooperation']
Sentence: The process of securing networks and systems, therefore, must also be continuous.
Country:US-1
Category: []
Subcategory: []
Sentence: The Computer Emergency Response Team/Coordination Center (CERT/CC) notes that not only are the numbers of cyber incidents and attacks increasing at an alarming rate, so too are the numbers of vulnerabilities that an attacker could exploit.
Country:US-1
Category: [u'legal measures', u'technical measures', u'cooperation', u'capacity building', u'child online protection']
Subcategory: [u'criminal legislation', u'cirt', u'intra-state cooperation', u'intra-agency cooperation', u'international cooperation', u'regulation and compliance', u'manpower development', u'un convention and protocol', u'institutional support', u'reporting mechanism']
Sentence: The mere installation of a network security device is not a substitute for maintaining and updating a networks defenses.
Country:US-1
Category: []
Subcategory: []
Sentence: Ninety percent of the participants in a recent Computer Security Institute survey reported using antivirus software on their network systems, yet 85 percent of their systems had been damaged by computer viruses.
Country:US-1
Category: []
Subcategory: []
Sentence: In the same survey, 89 percent of the respondents had installed computer firewalls, and 60 percent had intrusion detection systems.
Country:US-1
Category: [u'legal measures', u'technical measures']
Subcategory: [u'regulation and compliance', u'cirt']
Sentence: Nevertheless, 90 percent reported that security breaches had taken place, and 40 percent of their systems had 8 T H E N AT I O N A L S T R AT E G Y T O S E C U R E C Y B E R S PA C E C Y B E R S P A C E T H R E A T S A N D V U L N E R A B I L I T I E S Roles and Responsibilites in Securing Cyberspace Priority 1 Priority 2 Priority 3 National National National Cyberspace Cyberspace Cyberspace Security Threat and Security Awareness Security Response Vulnerability and Training System Reduction System Program Home User/Small Business Priority 4 Priority 5 Securing Governments Cyberspace National Security and International Cyberspace Security Cooperation Large Enterprises Critical Sectors/ Infrastructures National Issues and Vulnerabilities Global been penetrated from outside their network.
Country:US-1
Category: []
Subcategory: []
Sentence: The majority of security vulnerabilities can be mitigated through good security practices.
Country:US-1
Category: [u'technical measures', u'organization measures', u'capacity building', u'cooperation']
Subcategory: [u'cirt', u'policy', u'manpower development', u'intra-state cooperation', u'intra-agency cooperation']
Sentence: As these survey numbers indicate, however, practicing good security includes more than simply installing those devices.
Country:US-1
Category: []
Subcategory: []
Sentence: It also requires operating them correctly and keeping them current through regular patching and virus updates.
Country:US-1
Category: []
Subcategory: []
Sentence: Cybersecurity and Opportunity Cost For individual companies and the national economy as a whole, improving computer security requires investing attention, time, and money.
Country:US-1
Category: [u'organization measures', u'capacity building', u'cooperation']
Subcategory: [u'national benchmarking', u'manpower development', u'intra-state cooperation']
Sentence: For fiscal year 2003, President Bush requested that Congress increase funds to secure federal computers by 64 percent.
Country:US-1
Category: [u'capacity building']
Subcategory: [u'standardisation development']
Sentence: President Bushs investment in securing federal computer networks now will eventually reduce overall expenditures through cost-saving E-Government solutions, modern enterprise management, and by reducing the number of opportunities for waste and fraud.
Country:US-1
Category: []
Subcategory: []
Sentence: For the national economyparticularly its information technology industry componentthe dearth of trusted, reliable, secure information systems presents a barrier to future growth.
Country:US-1
Category: []
Subcategory: []
Sentence: Much of the potential for economic growth made possible by the information technology revolution has yet to be realizeddeterred in part by cyberspace security risks.
Country:US-1
Category: [u'technical measures', u'capacity building']
Subcategory: [u'cirt', u'manpower development']
Sentence: Cyberspace vulnerabilities place more than transactions at risk; they jeopardize intellectual property, business operations, infrastructure services, and consumer trust.
Country:US-1
Category: []
Subcategory: []
Sentence: Conversely, cybersecurity investments result in more than costly overhead expenditures.
Country:US-1
Category: []
Subcategory: []
Sentence: They produce a return on investment.
Country:US-1
Category: []
Subcategory: []
Sentence: Surveys repeatedly show that: Although the likelihood of suffering a severe cyber attack is difficult to estimate, the costs associated with a successful one are likely to be greater than the investment in a cybersecurity program to prevent it; and T H E N AT I O N A L S T R AT E G Y T O S E C U R E C Y B E R S PA C E 9 C Y B E R S P A C E T H R E A T S Designing strong security protocols into the information systems architecture of an enterprise can reduce its overall operational costs by enabling cost-saving processes, such as remote access and customer or supply-chain interactions, which could not occur in networks lacking appropriate security.
Country:US-1
Category: [u'child online protection', u'cooperation']
Subcategory: [u'un convention and protocol', u'international cooperation']
Sentence: These results suggest that, with greater awareness of the issues, companies can benefit from increasing their levels of cybersecurity.
Country:US-1
Category: []
Subcategory: []
Sentence: Greater awareness and voluntary efforts are critical components of the National Strategy to Secure Cyberspace.
Country:US-1
Category: []
Subcategory: []
Sentence: A N D V U L N E R A B I L I T I E S from attacks that do occur.
Country:US-1
Category: []
Subcategory: []
Sentence: Through this statement, we reveal nothing to potential foes that they and others do not already know.
Country:US-1
Category: []
Subcategory: []
Sentence: In 1997 a Presidential Commission identified the risks in a seminal public report.
Country:US-1
Category: []
Subcategory: []
Sentence: In 2000 the first national plan to address the problem was published.
Country:US-1
Category: []
Subcategory: []
Sentence: Citing these risks, President Bush issued an Executive Order in 2001, making cybersecurity a priority, and accordingly, increasing funds to secure federal networks.
Country:US-1
Category: [u'capacity building']
Subcategory: [u'standardisation development']
Sentence: In 2002 the President moved to consolidate and strengthen federal cybersecurity agencies as part of the proposed Department of Homeland Security.
Country:US-1
Category: []
Subcategory: []
Sentence: Individual and National Risk Management Until recently overseas terrorist networks had caused limited damage in the United States.
Country:US-1
Category: []
Subcategory: []
Sentence: On September 11, 2001, that quickly changed.
Country:US-1
Category: []
Subcategory: []
Sentence: One estimate places the increase in cost to our economy from attacks to U.S. information systems at 400 percent over four years.
Country:US-1
Category: []
Subcategory: []
Sentence: While those losses remain relatively limited, that too could change abruptly.
Country:US-1
Category: []
Subcategory: []
Sentence: Every day in the United States individual companies, and home computer users, suffer damage from cyber attacks that, to the victims, represent significant losses.
Country:US-1
Category: []
Subcategory: []
Sentence: Conditions likewise exist for relative measures of damage to occur on a national level, affecting the networks and systems on which the Nation depends: 5 199 6 199 8 199 7 199 9 199 0 200 1 200 2 200 Potential adversaries have the intent; Tools that support malicious activities are broadly available; and, Vulnerabilities of the Nations systems are many and well known.
Country:US-1
Category: [u'cooperation', u'legal measures', u'child online protection']
Subcategory: [u'international cooperation', u'regulation and compliance', u'un convention and protocol']
Sentence: No single strategy can completely eliminate cyberspace vulnerabilities and their associated threats.
Country:US-1
Category: []
Subcategory: []
Sentence: Nevertheless, the Nation must act to manage risk responsibly and to enhance its ability to minimize the damage that results 8 9 90 198 198 19 10 T H E N A T I O N A L S T R A T E G Y T O S E C U R E C Y B E R S P A C E 1 199 2 199 3 199 4 199 5 6 8 7 199 199 199 199 9 199 0 200 2 1 200 200 Source CERT CC C Y B E R S P A C E T H R E A T S Government Alone Cannot Secure Cyberspace Despite increased awareness around the importance of cybersecurity and the measures taken thus far to improve our capabilities, cyber risks continue to underlie our national information networks and the critical systems they manage.
Country:US-1
Category: [u'capacity building', u'cooperation']
Subcategory: [u'manpower development', u'intra-state cooperation', u'public sector partnership', u'international cooperation']
Sentence: Reducing that risk requires an unprecedented, active partnership among diverse components of our country and our global partners.
Country:US-1
Category: [u'capacity building', u'cooperation']
Subcategory: [u'standardisation development', u'intra-state cooperation']
Sentence: A N D V U L N E R A B I L I T I E S The federal government could notand, indeed, should notsecure the computer networks of privately owned banks, energy companies, transportation firms, and other parts of the private sector.
Country:US-1
Category: []
Subcategory: []
Sentence: The federal government should likewise not intrude into homes and small businesses, into universities, or state and local agencies and departments to create secure computer networks.
Country:US-1
Category: [u'technical measures', u'capacity building', u'cooperation', u'child online protection']
Subcategory: [u'standards', u'standardisation development', u'manpower development', u'public sector partnership', u'institutional support', u'reporting mechanism']
Sentence: Each American who depends on cyberspace, the network of information networks, must secure the part that they own or for which they are responsible.
Country:US-1
Category: []
Subcategory: []
Sentence: T H E N A T I O N A L S T R A T E G Y T O S E C U R E C Y B E R S P A C E 11 C Y B E R S P A C E T H R E A T S A N D 12 T H E N A T I O N A L S T R A T E G Y T O S E C U R E C Y B E R S P A C E V U L N E R A B I L I T I E S N A T I O N A L P O L I C Y A N D G U I D I N G P R I N C I P L E S National Policy and Guiding Principles National Policy, Principles, and Organization This section describes the national policy that shapes the National Strategy to Secure Cyberspace and the basic framework of principles within which it was developed.
Country:US-1
Category: [u'organization measures']
Subcategory: [u'policy', u'responsible agency']
Sentence: It also outlines the roles and missions of federal agencies.
Country:US-1
Category: []
Subcategory: []
Sentence: National Policy The information technology revolution has changed the way business is transacted, government operates, and national defense is conducted.
Country:US-1
Category: []
Subcategory: []
Sentence: These three functions now depend on an interdependent network of critical information infrastructures that we refer to as cyberspace.
Country:US-1
Category: []
Subcategory: []
Sentence: It is the policy of the United States to prevent or minimize disruptions to critical information infrastructures and thereby protect the people, the economy, the essential human and government services, and the national security of the United States.
Country:US-1
Category: []
Subcategory: []
Sentence: Disruptions that do occur should be infrequent, of minimal duration and manageable and cause the least damage possible.
Country:US-1
Category: []
Subcategory: []
Sentence: The policy requires a continuous effort to secure information systems for critical infrastructure and includes voluntary public-private partnerships involving corporate and nongovernmental organizations.
Country:US-1
Category: [u'cooperation']
Subcategory: [u'intra-state cooperation']
Sentence: Consistent with the objectives of the National Strategy for Homeland Security, the objectives of the National Strategy to Secure Cyberspace are to: T H E N A T I O N A L S T R A T E G Y T O S E C U R E C Y B E R S P A C E 13 N A T I O N A L P O L I C Y A N D G U I D I N G Prevent cyber attacks against our critical infrastructures; Identify instances where the tragedy of the commons can affect homeland, national, and economic security; and Reduce our national vulnerabilities to cyber attack; and, Share information about cyber threats and vulnerabilities so nongovernmental entities can adjust their risk management strategies and plans, as appropriate.
Country:US-1
Category: [u'legal measures', u'child online protection']
Subcategory: [u'regulation and compliance', u'un convention and protocol']
Sentence: Minimize the damage and recovery time from cyber attacks that do occur.
Country:US-1
Category: []
Subcategory: []
Sentence: Guiding Principles In January 2001, the Administration began to review the role of information systems and cybersecurity.
Country:US-1
Category: [u'organization measures']
Subcategory: [u'policy', u'responsible agency']
Sentence: In October 2001, President Bush issued Executive Order 13231, authorizing a protection program that consists of continuous efforts to secure information systems for critical infrastructure, including emergency preparedness communications and the physical assets that support such systems.
Country:US-1
Category: [u'technical measures', u'cooperation', u'child online protection']
Subcategory: [u'cirt', u'international cooperation', u'institutional support']
Sentence: The Federal Information Security Management Act (FISMA) and Executive Order 13231, together with other relevant Presidential directives and statutory authorities, provide the framework for executive branch cyberspace security activities.
Country:US-1
Category: []
Subcategory: []
Sentence: In every case, the scope for government involvement is limited to those cases when the benefits of intervention outweigh the direct and indirect costs.
Country:US-1
Category: [u'technical measures', u'capacity building', u'cooperation']
Subcategory: [u'cirt', u'manpower development', u'international cooperation']
Sentence: Every American who can contribute to securing part of cyberspace is encouraged to do so.
Country:US-1
Category: []
Subcategory: []
Sentence: The federal government promotes the creation of, and participation in, public-private partnerships to raise awareness, train personnel, stimulate market forces, improve technology, identify and remediate vulnerabilities, exchange information, and plan recovery operations.
Country:US-1
Category: [u'capacity building', u'cooperation']
Subcategory: [u'manpower development', u'intra-state cooperation']
Sentence: Many sectors have undertaken the important step of developing ISACs, which facilitate communication, the development of best practices, and the dissemination of security-related information.
Country:US-1
Category: []
Subcategory: []
Sentence: In addition, various sectors have developed plans to secure their parts of cyberspace, which complement this Strategy, and the government intends for this productive and collaborative partnership to continue.
Country:US-1
Category: []
Subcategory: []
Sentence: The protection of these cyber systems is essential to every sector of the economy.
Country:US-1
Category: []
Subcategory: []
Sentence: A National Effort: Protecting the widely distributed assets of cyberspace requires the efforts of many Americans.
Country:US-1
Category: []
Subcategory: []
Sentence: The federal government alone cannot defend Americas cyberspace.
Country:US-1
Category: []
Subcategory: []
Sentence: Our traditions of federalism and limited government require that organizations outside the federal government take the lead in many of these efforts.
Country:US-1
Category: []
Subcategory: []
Sentence: Protect Privacy and Civil Liberties: The abuse of cyberspace infringes on our privacy and our liberty.
Country:US-1
Category: [u'child online protection']
Subcategory: [u'institutional support', u'reporting mechanism']
Sentence: It is incumbent on the federal government to avoid such abuse and infringement.
Country:US-1
Category: [u'child online protection']
Subcategory: [u'institutional support', u'reporting mechanism']
Sentence: Cybersecurity and personal privacy need not be opposing goals.
Country:US-1
Category: []
Subcategory: []
Sentence: Cyberspace security programs must strengthen, not weaken, such protections.
Country:US-1
Category: []
Subcategory: []
Sentence: Accordingly, care must be taken to respect privacy interests and 14 T H E N A T I O N A L S T R A T E G Y T O S E C U R E C Y B E R S P A C E N A T I O N A L P O L I C Y other civil liberties.
Country:US-1
Category: [u'organization measures']
Subcategory: [u'responsible agency']
Sentence: Consumers and operators must have confidence their voluntarily shared, nonpublic information will be handled accurately, confidentially, and reliably.
Country:US-1
Category: []
Subcategory: []
Sentence: The federal government will lead by example in implementing strong privacy policies and practices in the agencies.
Country:US-1
Category: [u'technical measures', u'organization measures']
Subcategory: [u'standards', u'responsible agency']
Sentence: As part of this process, the federal government will consult regularly with privacy advocates and experts.
Country:US-1
Category: []
Subcategory: []
Sentence: Regulation and Market Forces: federal regulation will not become a primary means of securing cyberspace.
Country:US-1
Category: []
Subcategory: []
Sentence: Broad regulations mandating how all corporations must configure their information systems could divert more successful efforts by creating a lowest-commondenominator approach to cybersecurity, which evolving technology would quickly marginalize.
Country:US-1
Category: []
Subcategory: []
Sentence: Even worse, such an approach could result in less secure and more homogeneous security architectures than we have now.
Country:US-1
Category: []
Subcategory: []
Sentence: By law, some federal regulatory agencies already include cybersecurity considerations in their oversight activity.
Country:US-1
Category: []
Subcategory: []
Sentence: However, the market itself is expected to provide the major impetus to improve cybersecurity.
Country:US-1
Category: []
Subcategory: []
Sentence: Accountability and Responsibility: The National Strategy to Secure Cyberspace is focused on producing a more resilient and reliable information infrastructure.
Country:US-1
Category: []
Subcategory: []
Sentence: When possible, it designates lead executive branch departments or agencies for federal cyberspace security initiatives.
Country:US-1
Category: []
Subcategory: []
Sentence: On November 25, 2002, the President signed the Homeland Security Act of 2002 establishing the Department of Homeland Security (DHS).
Country:US-1
Category: []
Subcategory: []
Sentence: DHS will be responsible for many of the initiatives outlined in the National Strategy to Secure Cyberspace.
Country:US-1
Category: []
Subcategory: []
Sentence: The Strategy also recommends actions federal, state and local governments, the private sector, and the American people can take to help secure cyberspace.
Country:US-1
Category: []
Subcategory: []
Sentence: Ensure Flexibility: Cyber threats change rapidly.
Country:US-1
Category: []
Subcategory: []
Sentence: Accordingly, the National Strategy to Secure Cyberspace emphasizes flexibility in our ability to respond to cyber attacks and manage vulnerability reduction.
Country:US-1
Category: []
Subcategory: []
Sentence: The rapid development of attack tools provides potential attackers with a strategic advantage to adapt their offensive tactics quickly to target perceived weaknesses in networked information systems and organizations abilities to respond.
Country:US-1
Category: [u'legal measures', u'technical measures', u'cooperation']
Subcategory: [u'criminal legislation', u'cirt', u'intra-state cooperation', u'intra-agency cooperation', u'international cooperation']
Sentence: Flexible planning allows organizations to reassess priorities and realign resources as the cyber threat evolves.
Country:US-1
Category: []
Subcategory: []
Sentence: Multi-Year Planning: Securing cyberspace is an ongoing process, as new technologies appear and new vulnerabilities are identified.
Country:US-1
Category: [u'capacity building', u'cooperation']
Subcategory: [u'manpower development', u'intra-agency cooperation', u'international cooperation']
Sentence: The National Strategy to Secure Cyberspace provides an initial framework for achieving cyberspace security objectives.
Country:US-1
Category: []
Subcategory: []
Sentence: Departments and agencies should adopt multi-year cybersecurity plans for sustaining their respective roles.
Country:US-1
Category: [u'legal measures', u'child online protection']
Subcategory: [u'regulation and compliance', u'un convention and protocol']
Sentence: Other public- and private-sector organizations are also encouraged to consider multi-year plans.
Country:US-1
Category: []
Subcategory: []
Sentence: Department of Homeland Security and Cyberspace Security DHS unites 22 federal entities for the common purpose of improving homeland security.
Country:US-1
Category: []
Subcategory: []
Sentence: The Department also creates a focal point for managing cyberspace incidents that could impact the federal government or even the national information infrastructures.
Country:US-1
Category: [u'technical measures', u'capacity building']
Subcategory: [u'cirt', u'standardisation development']
Sentence: The Secretary of Homeland Security will have important responsibilities in cyberspace security, including: Developing a comprehensive national plan for securing the key resources and critical infrastructures of the United States, including information technology and telecommunications systems (including T H E N A T I O N A L S T R A T E G Y T O S E C U R E C Y B E R S P A C E 15 N A T I O N A L P O L I C Y A N D G U I D I N G P R I N C I P L E S CRITICAL INFRASTRUCTURE LEAD AGENCIES LEAD AGENCY SECTORS Department of Homeland Security Information and Telecommunications Transportation (aviation, rail, mass transit, waterborne commerce, pipelines, and highways (including trucking and intelligent transportation systems) Postal and Shipping Emergency Services Continuity of Government Department of the Treasury Banking and Finance Department of Health and Human Services Public Health (including prevention, surveillance, laboratory services, and personal health services) Food (all except for meat and poultry) Department of Energy Energy (electric power, oil and gas production, and storage) Environmental Protection Agency Water Chemical Industry and Hazardous Materials Department of Agriculture Agriculture Food (meat and poultry) Department of Defense Defense Industrial Base satellites) and the physical and technological assets that support such systems; Providing crisis management support in response to threats to, or attacks on, critical information systems; Providing technical assistance to the private sector and other governmental entities with respect to emergency recovery plans that respond to major failures of critical information systems; Coordinating with other federal agencies to provide specific warning information and advice about appropriate protective measures and countermeasures to state and local government agencies and authorities, the private sector, other entities, and the public; and Performing and funding research and development along with other agencies that will lead to new scientific understanding and technologies in support of homeland security.
Country:US-1
Category: [u'organization measures', u'capacity building', u'cooperation', u'legal measures', u'technical measures', u'child online protection']
Subcategory: [u'responsible agency', u'standardisation development', u'public sector partnership', u'regulation and compliance', u'standards', u'certification', u'policy', u'roadmap for governance', u'national benchmarking', u'manpower development', u'agency certification', u'intra-agency cooperation', u'national legislation', u'un convention and protocol']
Sentence: 16 T H E N A T I O N A L S T R A T E G Y T O S E C U R E C Y B E R S P A C E N A T I O N A L P O L I C Y Designation of Coordinating Agencies A productive partnership between the federal government and the private sector depends on effective coordination and communication.
Country:US-1
Category: [u'capacity building', u'cooperation']
Subcategory: [u'standardisation development', u'manpower development', u'public sector partnership']
Sentence: To facilitate and enhance this collaborative structure, the government has designated a Lead Agency for each of the major sectors of the economy vulnerable to infrastructure attack.
Country:US-1
Category: [u'capacity building', u'cooperation']
Subcategory: [u'manpower development', u'intra-state cooperation', u'public sector partnership', u'international cooperation']
Sentence: In addition, the Office of Science and Technology Policy (OSTP) coordinates research and development to support critical infrastructure protection.
Country:US-1
Category: [u'legal measures', u'capacity building', u'child online protection']
Subcategory: [u'regulation and compliance', u'standardisation development', u'un convention and protocol']
Sentence: The Office of Management and Budget (OMB) oversees the implementation of governmentwide policies, principles, standards, and guidelines for federal government computer security programs.
Country:US-1
Category: []
Subcategory: []
Sentence: The Department of State coordinates international outreach on cybersecurity.
Country:US-1
Category: []
Subcategory: []
Sentence: The Director of Central Intelligence is responsible for assessing the foreign threat to U.S. networks and information systems.
Country:US-1
Category: [u'legal measures', u'child online protection']
Subcategory: [u'regulation and compliance', u'un convention and protocol']
Sentence: The Department of Justice (DOJ) and the Federal Bureau of Investigation (FBI) lead the national effort to investigate and prosecute cybercrime.
Country:US-1
Category: [u'capacity building', u'cooperation']
Subcategory: [u'manpower development', u'public sector partnership']
Sentence: A N D G U I D I N G P R I N C I P L E S The government will continue to support the development of public-private partnerships.
Country:US-1
Category: [u'cooperation']
Subcategory: [u'international cooperation']
Sentence: Working together, sector representatives and federal lead agencies assess their respective sectors vulnerabilities to cyber or physical attacks and, accordingly, recommend plans or measures to eliminate significant exposures.
Country:US-1
Category: [u'organization measures', u'capacity building', u'cooperation', u'child online protection']
Subcategory: [u'responsible agency', u'manpower development', u'intra-agency cooperation', u'international cooperation', u'institutional support']
Sentence: Both technology and the threat environment can change rapidly.
Country:US-1
Category: [u'technical measures', u'organization measures', u'cooperation']
Subcategory: [u'cirt', u'policy', u'intra-agency cooperation', u'public sector partnership']
Sentence: Therefore, sectors and lead agencies should frequently assess the reliability, vulnerability, and threat environments of the Nations infrastructures and employ appropriate protective measures and responses to safeguard them.
Country:US-1
Category: [u'legal measures', u'organization measures', u'child online protection']
Subcategory: [u'regulation and compliance', u'policy', u'national benchmarking', u'national legislation']
Sentence: The governments full authority, capabilities, and resources must be available to support critical infrastructure protection efforts.
Country:US-1
Category: [u'organization measures', u'cooperation']
Subcategory: [u'policy', u'intra-agency cooperation', u'public sector partnership']
Sentence: These include, as appropriate, crisis management, law enforcement, regulation, foreign intelligence, and defense preparedness.
Country:US-1
Category: []
Subcategory: []
Sentence: T H E N A T I O N A L S T R A T E G Y T O S E C U R E C Y B E R S P A C E 17 N A T I O N A L P O L I C Y A N D 18 T H E N A T I O N A L S T R A T E G Y T O S E C U R E C Y B E R S P A C E G U I D I N G P R I N C I P L E S P R I O R I T Y I Priority I: A National Cyberspace Security Response System In the 1950s and 1960s, our Nation became vulnerable to attacks from aircraft and missiles for the first time.
Country:US-1
Category: []
Subcategory: []
Sentence: The federal government responded by creating a national system to: monitor our airspace with radar to detect unusual activity, analyze and warn of possible attacks, coordinate our fighter aircraft defenses during an attack, and restore our Nation after an attack through civil defense programs.
Country:US-1
Category: [u'organization measures']
Subcategory: [u'responsible agency']
Sentence: Today, the Nations critical assets could be attacked through cyberspace.
Country:US-1
Category: [u'cooperation']
Subcategory: [u'intra-state cooperation', u'intra-agency cooperation', u'public sector partnership']
Sentence: The United States now requires a different kind of national response system in order to detect potentially damaging activity in cyberspace, to analyze exploits and warn potential victims, to coordinate incident responses, and to restore essential services that have been damaged.
Country:US-1
Category: [u'organization measures', u'cooperation']
Subcategory: [u'responsible agency', u'international cooperation']
Sentence: The fact that the vast majority of cyberspace is neither owned nor operated by any single group public or privatepresents a challenge for creating a National Cyberspace Security Response System.
Country:US-1
Category: [u'technical measures', u'organization measures', u'capacity building', u'cooperation']
Subcategory: [u'cirt', u'policy', u'manpower development', u'intra-state cooperation', u'intra-agency cooperation']
Sentence: There is no synoptic or holistic view of cyberspace.
Country:US-1
Category: []
Subcategory: []
Sentence: Therefore, there is no panoramic vantage point from which we can see attacks coming or spreading.
Country:US-1
Category: []
Subcategory: []
Sentence: Information that indicates an attack has occurred (worms, viruses, denial-of-service attacks) accumulates through many different organizations.
Country:US-1
Category: []
Subcategory: []
Sentence: However, there is no organized mechanism for reviewing T H E N A T I O N A L S T R A T E G Y T O S E C U R E C Y B E R S P A C E 19 P R I O R I T Y these indicators and determining their implications.
Country:US-1
Category: [u'technical measures', u'cooperation']
Subcategory: [u'standards', u'intra-agency cooperation', u'public sector partnership']
Sentence: To mitigate the impact of cyber attacks, information about them must disseminate widely and quickly.
Country:US-1
Category: [u'capacity building', u'cooperation']
Subcategory: [u'manpower development', u'intra-agency cooperation', u'public sector partnership']
Sentence: Analytical and incident response capabilities that exist in numerous organizations could be coordinated to determine how to best defend against an attack, mitigate effects, and restore service.
Country:US-1
Category: [u'organization measures', u'child online protection']
Subcategory: [u'responsible agency', u'reporting mechanism']
Sentence: Establishing a proper administrative mechanism for the National Cyberspace Security Response System presents another challenge.
Country:US-1
Category: []
Subcategory: []
Sentence: Unlike the U.S. airspace-monitoring program during the Cold War, individuals who operate the systems that enable and protect cyberspace usually are not federal employees.
Country:US-1
Category: [u'technical measures', u'organization measures']
Subcategory: [u'cirt', u'policy']
Sentence: Thus, the National Cyberspace Security Response System must operate from a less formal, collaborative network of governmental and nongovernmental organizations.
Country:US-1
Category: [u'technical measures', u'organization measures']
Subcategory: [u'cirt', u'policy']
Sentence: DHS is responsible for developing the national cyberspace security response system, which includes: Providing crisis management support in response to threats to, or attacks on, critical information systems; and Coordinating with other agencies of the federal government to provide specific warning information, and advice about appropriate protective measures and countermeasures, to state and local government agencies and authorities, the private sector, other entities, and the public.
Country:US-1
Category: [u'legal measures', u'technical measures', u'organization measures', u'capacity building', u'child online protection']
Subcategory: [u'regulation and compliance', u'standards', u'certification', u'policy', u'roadmap for governance', u'responsible agency', u'national benchmarking', u'manpower development', u'agency certification', u'national legislation']
Sentence: DHS will lead and synchronize efforts for the National Cyberspace Security Response System as part of its overall information sharing and crisis coordination mandate; however, the system itself will consist of many organizations from both government and private sectors.
Country:US-1
Category: []
Subcategory: []
Sentence: The authorizing legislation for the Department of Homeland Security also created the position of a privacy officer to ensure that any mechanisms I The National Cyberspace Security Response System The National Cyberspace Security Response System is a public-private architecture, coordinated by the Department of Homeland Security, for analyzing and warning; managing incidents of national significance; promoting continuity in government systems and private sector infrastructures; and increasing information sharing across and between organizations to improve cyberspace security.
Country:US-1
Category: [u'organization measures', u'cooperation']
Subcategory: [u'responsible agency', u'intra-agency cooperation']
Sentence: The National Cyberspace Security Response System will include governmental entities and nongovernmental entities, such as private sector information sharing and analysis centers (ISACs).
Country:US-1
Category: []
Subcategory: []
Sentence: associated with the National Cyberspace Security Response System appropriately balance its mission with civil liberty and privacy concerns.
Country:US-1
Category: []
Subcategory: []
Sentence: This officer will consult regularly with privacy advocates, industry experts, and the public at large to ensure broad input and consideration of privacy issues so that we achieve solutions that protect privacy while enhancing security.
Country:US-1
Category: [u'technical measures', u'organization measures', u'cooperation']
Subcategory: [u'standards', u'roadmap for governance', u'responsible agency', u'intra-agency cooperation']
Sentence: Among the system components outlined below are existing federal programs and new federal initiatives pending budget-review consideration, as well as initiatives recommended for our partners.
Country:US-1
Category: []
Subcategory: []
Sentence: ESTABLISH PUBLIC-PRIVATE ARCHITECTURE FOR RESPONDING TO NATIONAL-LEVEL CYBER INCIDENTS Establishing the National Cyberspace Security Response System will not require an expensive or bureaucratic federal program.
Country:US-1
Category: []
Subcategory: []
Sentence: In many cases the system will augment the capabilities of several important federal entities with existing cyberspace security responsibilities, which are 20 T H E N A T I O N A L S T R A T E G Y T O S E C U R E C Y B E R S P A C E P R I O R I T Y I National Cyberspace Security Response System Analysis Warning Incident Management Response/ Recovery Components/ Capabilities DHS Analysis Center Strategic group Tactical group Vulnerability assessments DHS Incident Operations Center Cyber Warning and Information Network ISACs now part of DHS.
Country:US-1
Category: [u'technical measures', u'capacity building', u'child online protection']
Subcategory: [u'cirt', u'standards', u'manpower development', u'reporting mechanism']
Sentence: The synergy that results from integrating the resources of the National Communications System, the National Infrastructure Protection Centers analysis and warning functions, the Federal Computer Incident Response Center, the Office of Energy Assurance, and the Critical Infrastructure Assurance Office under the purview of the Under Secretary for Information Analysis and Infrastructure Protection will help build the necessary foundation for the National Cyberspace Security Response System.
Country:US-1
Category: [u'organization measures', u'child online protection']
Subcategory: [u'responsible agency', u'reporting mechanism']
Sentence: The Nations private-sector networks are increasingly targeted, and they will therefore likely be the first organizations to detect attacks with potential national significance.
Country:US-1
Category: []
Subcategory: []
Sentence: Thus, ISACs will play an increasingly important role in the National Cyberspace Security Response System and the overall missions of homeland security.
Country:US-1
Category: []
Subcategory: []
Sentence: ISACs possess unique operational insight into their industries core functions and will help provide the necessary analysis to support national efforts.
Country:US-1
Category: []
Subcategory: []
Sentence: Typically, an ISAC is an industry-led mechanism for gathering, analyzing, sanitizing, and disseminating sector-specific security information and articulating and promulgating best DHS Incident Management Structure Federal coordination Private, state and local coordination National Response Contingency Plans Federal plans Private plan coordination practices.
Country:US-1
Category: [u'technical measures', u'organization measures', u'capacity building', u'child online protection']
Subcategory: [u'cirt', u'standards', u'policy', u'roadmap for governance', u'manpower development', u'reporting mechanism']
Sentence: ISACs are designed by the various sectors to meet their respective needs and financed through their memberships.
Country:US-1
Category: []
Subcategory: []
Sentence: DHS will work closely with ISACs as appropriate to ensure that they receive timely and actionable threat and vulnerability data and to coordinate voluntary contingency planning efforts.
Country:US-1
Category: [u'organization measures', u'legal measures', u'child online protection']
Subcategory: [u'responsible agency', u'policy', u'roadmap for governance', u'regulation and compliance', u'un convention and protocol']
Sentence: The federal government encourages the private sector to continue to establish ISACs and, further, to enhance the analytical capabilities of existing ISACs.
Country:US-1
Category: [u'capacity building', u'cooperation']
Subcategory: [u'manpower development', u'intra-state cooperation', u'public sector partnership', u'international cooperation', u'standardisation development']
Sentence: Provide for the Development of Tactical and Strategic Analysis of Cyber Attacks and Vulnerability Assessments Analysis is the first step toward gaining important insight about a cyber incident, including the nature of attack, the information it compromised, and the extent of damage it caused.
Country:US-1
Category: [u'cooperation']
Subcategory: [u'international cooperation']
Sentence: Analysis can also provide an indication of the intruders possible intentions, the potential tools he used, and the vulnerabilities he exploited.
Country:US-1
Category: []
Subcategory: []
Sentence: There are three closely related, but discrete, categories of analysis related to cyberspace: T H E N A T I O N A L S T R A T E G Y T O S E C U R E C Y B E R S P A C E 21 P R I O R I T Y (i) Tactical analysis examines factors associated with incidents under investigation or specific, identified vulnerabilities to generate indications and warnings.
Country:US-1
Category: []
Subcategory: []
Sentence: Examples of tactical analysis include: examining the delivery mechanism of a computer virus to develop and issue immediate guidance on ways to prevent or mitigate damage; and studying a specific computer intrusion, or set of intrusions, to determine the perpetrator, his motive, and his method of attack.
Country:US-1
Category: [u'technical measures', u'organization measures', u'capacity building']
Subcategory: [u'standards', u'national benchmarking', u'standardisation development', u'manpower development']
Sentence: (ii) Strategic analysis looks beyond specific incidents to consider broader sets of incidents or implications that may indicate threats of potential national importance.
Country:US-1
Category: []
Subcategory: []
Sentence: For example, strategic analyses may identify long-term trends related to threat and vulnerability that could be used to provide advanced warnings of increasing risks, such as emerging attack methods.
Country:US-1
Category: [u'legal measures', u'child online protection']
Subcategory: [u'regulation and compliance', u'un convention and protocol']
Sentence: Strategic analysis also provides policymakers with information they can use to anticipate and prepare for attacks, thereby diminishing the damage they cause.
Country:US-1
Category: []
Subcategory: []
Sentence: Strategic analysis also provides a foundation to identify patterns that can support indications and warnings.
Country:US-1
Category: []
Subcategory: []
Sentence: (iii) Vulnerability assessments are detailed reviews of cyber systems and their physical components to identify and study their weaknesses.
Country:US-1
Category: []
Subcategory: []
Sentence: Vulnerability assessments are an integral part of the intelligence cycle for cyberspace security.
Country:US-1
Category: [u'organization measures', u'capacity building', u'cooperation']
Subcategory: [u'policy', u'manpower development', u'public sector partnership']
Sentence: These assessments enable planners to predict the consequences of possible cyber attacks against specific facilities or sectors of the economy or government.
Country:US-1
Category: []
Subcategory: []
Sentence: These projections then allow infrastructure owners and operators to strengthen their defenses against various types of threat.
Country:US-1
Category: [u'organization measures', u'cooperation', u'legal measures', u'child online protection']
Subcategory: [u'policy', u'intra-agency cooperation', u'public sector partnership', u'regulation and compliance', u'un convention and protocol']
Sentence: (This will be discussed in the Cyberspace Security Threat and Vulnerability Reduction Program.)
Country:US-1
Category: [u'legal measures', u'child online protection']
Subcategory: [u'regulation and compliance', u'un convention and protocol']
Sentence: DHS will foster the development of strong analytic capabilities in each of these areas.
Country:US-1
Category: []
Subcategory: []
Sentence: It should seek partnership and assistance from the private sector, including the ISACs, in developing these capabilities.
Country:US-1
Category: []
Subcategory: []
Sentence: Encourage the Development of a Private Sector Capability to Share a Synoptic View of the Health of Cyberspace The lack of a synoptic view of the Internet frustrates efforts to develop Internet threat analysis and indication and warning capabilities.
Country:US-1
Category: [u'technical measures', u'cooperation']
Subcategory: [u'cirt', u'intra-agency cooperation', u'public sector partnership']
Sentence: The effects of a cyber attack on one sector have the potential to cascade across several other sectors, thereby producing significant consequences that could rapidly overwhelm the capabilities of many private companies and state and local governments.
Country:US-1
Category: [u'capacity building', u'cooperation']
Subcategory: [u'standardisation development', u'manpower development', u'public sector partnership']
Sentence: DHSs integration of several key federal cybersecurity operations centers creates a focal point for the federal government to manage cybersecurity emergencies in its own systems, and, if requested, facilitate crisis management in non-federal critical infrastructure systems.
Country:US-1
Category: [u'organization measures', u'capacity building', u'cooperation', u'technical measures']
Subcategory: [u'policy', u'manpower development', u'public sector partnership', u'cirt', u'standards', u'national benchmarking', u'standardisation development']
Sentence: Separately, industry is encouraged to develop a mechanismwhether virtual or physicalthat could enable the sharing of aggregated information on Internet health to improve analysis, warning, response, and recovery.
Country:US-1
Category: []
Subcategory: []
Sentence: To the extent permitted by law, this voluntary coordination of activities among nongovernmental entities could enable different network operators and Internet backbone providers to analyze and exchange data about attacks.
Country:US-1
Category: []
Subcategory: []
Sentence: Such coordination could prevent exploits from escalating and causing damage or disruption of vital systems.
Country:US-1
Category: []
Subcategory: []
Sentence: DHS will create a single point-of-contact for the federal governments interaction with industry and other partners for 24 x7 functions, including cyberspace analysis, warning, information sharing, major incident response, and national-level recovery efforts.
Country:US-1
Category: [u'technical measures', u'capacity building', u'cooperation', u'child online protection']
Subcategory: [u'standards', u'standardisation development', u'manpower development', u'public sector partnership', u'institutional support', u'reporting mechanism']
Sentence: Private sector organizations, which have major contributions for those functions, are encouraged to coordinate activities, as permitted by law, in order to provide a synoptic view of the health of cyberspace on a 24 x 7 basis.
Country:US-1
Category: [u'organization measures']
Subcategory: [u'responsible agency']
Sentence: (A/R 1-1) 22 T H E N A T I O N A L S T R A T E G Y T O S E C U R E C Y B E R S P A C E P R I O R I T Y b.
Country:US-1
Category: []
Subcategory: []
Sentence: Expand the Cyber Warning and Information Network to Support DHSs Role in Coordinating Crisis Management for Cyberspace Hours and minutes can make a difference between a major disruption and a manageable incident.
Country:US-1
Category: [u'technical measures', u'organization measures', u'capacity building']
Subcategory: [u'standards', u'policy', u'national benchmarking', u'manpower development']
Sentence: Improving national capabilities for warning requires a secure infrastructure to provide assured communications between critical asset owners and operators and their service providers.
Country:US-1
Category: [u'legal measures', u'child online protection']
Subcategory: [u'regulation and compliance', u'un convention and protocol']
Sentence: The Cyber Warning and Information Network (CWIN) will provide an out-of-band private and secure communications network for government and industry, with the purpose of sharing cyber alert and warning information.
Country:US-1
Category: []
Subcategory: []
Sentence: The network will include voice conferencing and data collaboration.
Country:US-1
Category: []
Subcategory: []
Sentence: While the first phase was implemented between the federal government cyber watch centers, CWIN participants will ultimately include other critical government and industry partners, such as ISACs that deal with cyber threats on a daily basis.
Country:US-1
Category: [u'legal measures', u'organization measures', u'child online protection']
Subcategory: [u'regulation and compliance', u'roadmap for governance', u'un convention and protocol']
Sentence: As other entities expand in this area, membership will increase as well.
Country:US-1
Category: [u'legal measures', u'technical measures', u'organization measures', u'cooperation']
Subcategory: [u'regulation and compliance', u'cirt', u'policy', u'national benchmarking', u'public sector partnership']
Sentence: Key to CWIN membership is the ability to share sensitive cyber threat information in a secure, protected, and trusted environment.
Country:US-1
Category: []
Subcategory: []
Sentence: As outlined in the 2003 budget, the federal government will complete the installation of CWIN to key government cybersecurity-related network operation centers, to disseminate analysis and warning information and perform crisis coordination.
Country:US-1
Category: [u'technical measures', u'organization measures', u'capacity building', u'cooperation']
Subcategory: [u'cirt', u'national benchmarking', u'manpower development', u'intra-agency cooperation', u'public sector partnership']
Sentence: The federal government will also explore linking the ISACs to CWIN.
Country:US-1
Category: []
Subcategory: []
Sentence: National Incident Management Enhancing analytical capabilities within DHS, the private sector ISACs, and expanding CWIN will contribute to the improvement of national cyber incident management.
Country:US-1
Category: [u'technical measures', u'child online protection', u'capacity building', u'cooperation']
Subcategory: [u'cirt', u'reporting mechanism', u'standardisation development', u'manpower development', u'public sector partnership']
Sentence: However, incident management within the federal government will still require coordination with organizations other than those being transferred to DHS.
Country:US-1
Category: [u'technical measures', u'child online protection']
Subcategory: [u'cirt', u'reporting mechanism']
Sentence: For example, the Departments of I Justice, Defense, and Commerce all have roles to perform in response to incidents in cyberspace.
Country:US-1
Category: [u'legal measures', u'technical measures', u'organization measures']
Subcategory: [u'regulation and compliance', u'cirt', u'national benchmarking']
Sentence: Within the White House a number offices have responsibilities, including the Office of Science and Technology Policy, which is responsible for executing emergency telecommunications authorities, the National Security Council, which coordinates all matters related to national security and international cooperation, and the Office of Management and Budget.
Country:US-1
Category: [u'legal measures', u'child online protection']
Subcategory: [u'regulation and compliance', u'un convention and protocol']
Sentence: In addition, national incident management capabilities will also integrate state chief information officers as well as international entities, as appropriate.
Country:US-1
Category: [u'organization measures', u'cooperation', u'technical measures', u'child online protection']
Subcategory: [u'responsible agency', u'intra-agency cooperation', u'cirt', u'reporting mechanism']
Sentence: Create Processes to Coordinate the Voluntary Development of National Public-Private Continuity and Contingency Plans Among the lessons learned from security reviews following the events of September 11, 2001, was that federal agencies had vastly inconsistent, and in most cases incomplete, contingency capabilities for their communications and other systems.
Country:US-1
Category: [u'technical measures', u'organization measures', u'capacity building', u'cooperation', u'child online protection']
Subcategory: [u'cirt', u'standards', u'responsible agency', u'standardisation development', u'manpower development', u'intra-state cooperation', u'intra-agency cooperation', u'public sector partnership', u'international cooperation', u'institutional support', u'reporting mechanism', u'certification', u'policy', u'roadmap for governance', u'agency certification']
Sentence: Contingency planning is a key element of cybersecurity.
Country:US-1
Category: [u'organization measures']
Subcategory: [u'policy', u'roadmap for governance']
Sentence: Without adequate contingency planning and training, agencies may not be able to effectively handle disruptions in service and ensure business continuity.
Country:US-1
Category: [u'organization measures']
Subcategory: [u'policy', u'roadmap for governance']
Sentence: OMB, through the Federal Information Security Management Act requirements and with assistance from the inspectors general, is holding agencies accountable for developing continuity plans.
Country:US-1
Category: []
Subcategory: []
Sentence: Exercise Cybersecurity Continuity Plans in Federal Cyber Systems DHS has the responsibility for providing crisis management support in response to threats to, or attacks on, critical information systems for other government agencies, state and local governments and, upon request, the private sector.
Country:US-1
Category: [u'technical measures', u'organization measures', u'capacity building']
Subcategory: [u'standards', u'policy', u'roadmap for governance', u'national benchmarking', u'manpower development', u'agency certification']
Sentence: In order to establish a baseline T H E N A T I O N A L S T R A T E G Y T O S E C U R E C Y B E R S P A C E 23 P R I O R I T Y understanding of federal readiness, DHS will explore exercises for the civilian agencies similar to the Defense Department Eligible Receiver exercises that test cybersecurity preparedness.
Country:US-1
Category: []
Subcategory: []
Sentence: To test civilian agencies security preparedness and contingency planning, DHS will use exercises to evaluate the impact of cyber attacks on governmentwide processes.
Country:US-1
Category: []
Subcategory: []
Sentence: Weaknesses discovered will be included in agency corrective action plans and submitted to OMB.
Country:US-1
Category: [u'organization measures']
Subcategory: [u'policy', u'roadmap for governance']
Sentence: DHS also will explore such exercises as a way to test the coordination of public and private incident management, response and recovery capabilities.
Country:US-1
Category: [u'legal measures', u'organization measures', u'child online protection']
Subcategory: [u'regulation and compliance', u'responsible agency', u'un convention and protocol']
Sentence: (A/R 1-3) (i) Encourage increased cyber risk management and business continuity.
Country:US-1
Category: []
Subcategory: []
Sentence: There are a number of measures that nongovernmental entities can employ to manage the risk posed by cyberspace and plan for business continuity.
Country:US-1
Category: []
Subcategory: []
Sentence: Risk management is a discipline that involves risk assessment, risk prevention, risk mitigation, risk transfer, and risk retention.
Country:US-1
Category: []
Subcategory: []
Sentence: There is no special technology that can make an enterprise completely secure.
Country:US-1
Category: []
Subcategory: []
Sentence: No matter how much money companies spend on cybersecurity, they may not be able to prevent disruptions caused by organized attackers.
Country:US-1
Category: []
Subcategory: []
Sentence: Some businesses whose products or services directly or indirectly impact the economy or the health, welfare or safety of the public have begun to use cyber risk insurance programs as a means of transferring risk and providing for business continuity.
Country:US-1
Category: []
Subcategory: []
Sentence: An important way to reduce an organizations exposure to cyber-related losses, as well as to help protect companies from operational and financial impairment, is to ensure that adequate contingency plans are developed and tested.
Country:US-1
Category: [u'child online protection', u'organization measures']
Subcategory: [u'institutional support', u'policy', u'roadmap for governance']
Sentence: Corporations are encouraged to regularly review and exercise IT continuity plans and to consider diversity in IT service providers as a way of mitigating risk.
Country:US-1
Category: []
Subcategory: []
Sentence: (A/R 1-4) I (ii) Promote public-private contingency planning for cybersecurity.
Country:US-1
Category: [u'organization measures']
Subcategory: [u'policy', u'roadmap for governance']
Sentence: It may not be possible to prevent a wide-range of cyber attacks.
Country:US-1
Category: []
Subcategory: []
Sentence: For those attacks that do occur, the Nation needs an integrated public-private plan for responding to significant outages or disruptions in cyberspace.
Country:US-1
Category: []
Subcategory: []
Sentence: Some organizations have plans for how they will recover their cyber network and capabilities in the event of a major outage or catastrophe.
Country:US-1
Category: []
Subcategory: []
Sentence: However, there is no mechanism for coordinating such plans across an entire infrastructure or at a national level.
Country:US-1
Category: []
Subcategory: []
Sentence: The legislation establishing DHS also provides a trusted mechanism for private industry to develop contingency planning by using the voluntary preparedness planning provisions that were established in the Defense Production Act of 1950, as amended.
Country:US-1
Category: [u'technical measures', u'cooperation', u'organization measures']
Subcategory: [u'certification', u'public sector partnership', u'policy', u'roadmap for governance']
Sentence: Infrastructure sectors are encouraged to establish mutual assistance programs for cybersecurity emergencies.
Country:US-1
Category: []
Subcategory: []
Sentence: DoJ and the Federal Trade Commission should work with the sectors to address barriers to such cooperation, as appropriate.
Country:US-1
Category: []
Subcategory: []
Sentence: In addition, DHSs Information Analysis and Infrastructure Protection Directorate will coordinate the development and regular update of voluntary, joint government-industry cybersecurity contingency plans, including a plan for recovering Internet functions.
Country:US-1
Category: [u'organization measures']
Subcategory: [u'responsible agency']
Sentence: Improve and Enhance Public-Private Information Sharing about Cyber Attacks, Threats, and Vulnerabilities Successfully developing capabilities for analysis, indications, and warnings requires a voluntary public-private information sharing effort.
Country:US-1
Category: [u'capacity building', u'cooperation']
Subcategory: [u'manpower development', u'intra-state cooperation', u'public sector partnership', u'international cooperation']
Sentence: The voluntary sharing of information about such incidents or attacks is vital to cybersecurity.
Country:US-1
Category: [u'cooperation']
Subcategory: [u'intra-state cooperation', u'intra-agency cooperation', u'public sector partnership']
Sentence: Real or perceived legal obstacles make some organizations hesitant to share information about cyber incidents with the government or with each other.
Country:US-1
Category: []
Subcategory: []
Sentence: First, some fear that shared data that is confidential, proprietary, or 24 T H E N A T I O N A L S T R A T E G Y T O S E C U R E C Y B E R S P A C E P R I O R I T Y potentially embarrassing could become subject to public examination when shared with the government.
Country:US-1
Category: []
Subcategory: []
Sentence: Second, concerns about competitive advantage may impede information sharing between companies within an industry.
Country:US-1
Category: [u'legal measures', u'technical measures', u'capacity building']
Subcategory: [u'regulation and compliance', u'standards', u'certification', u'agency certification', u'manpower development']
Sentence: Finally, in some cases, the mechanisms are simply not yet in place to allow efficient sharing of information.
Country:US-1
Category: [u'organization measures', u'cooperation']
Subcategory: [u'policy', u'intra-agency cooperation', u'public sector partnership']
Sentence: The legislation establishing DHS provides several specific mechanisms intended to improve two-way information sharing.
Country:US-1
Category: []
Subcategory: []
Sentence: First, the legislation encourages industry to share information with DHS by ensuring that such voluntarily provided data about threats and vulnerabilities will not be disclosed in a manner that could damage the submitter.
Country:US-1
Category: [u'legal measures', u'child online protection']
Subcategory: [u'regulation and compliance', u'un convention and protocol']
Sentence: Second, the legislation requires that the federal government share information and analysis with the private sector as appropriate and consistent with the need to protect classified and other sensitive national security information.
Country:US-1
Category: [u'capacity building', u'cooperation']
Subcategory: [u'standardisation development', u'manpower development', u'public sector partnership']
Sentence: As required by law, DHS, in consultation with appropriate federal agencies, will establish uniform procedures for the receipt, care, and storage by federal agencies of critical infrastructure information that is voluntarily submitted to the government.
Country:US-1
Category: [u'technical measures', u'organization measures', u'capacity building']
Subcategory: [u'certification', u'responsible agency', u'agency certification']
Sentence: The procedures will address how the Department will: Acknowledge the receipt of voluntarily submitted critical infrastructure information; Maintain the information as voluntarily submitted critical infrastructure information; Establish protocols for the care and storage of such information; and Create methods for protecting the confidentiality of the submitting entity while still allowing the information to be used in the issuance of notices and warnings for protection of the critical infrastructure.
Country:US-1
Category: [u'legal measures', u'technical measures', u'organization measures', u'capacity building', u'cooperation', u'child online protection']
Subcategory: [u'regulation and compliance', u'standards', u'policy', u'standardisation development', u'manpower development', u'public sector partnership', u'un convention and protocol', u'institutional support', u'reporting mechanism']
Sentence: I DHS will raise awareness about the removal of impediments to information sharing about cybersecurity and infrastructure vulnerabilities between the public and private sectors.
Country:US-1
Category: [u'capacity building']
Subcategory: [u'manpower development']
Sentence: The Department will also establish an infrastructure protection program office to manage the information flow, including the development of protocols for how to care for voluntarily submitted critical infrastructure information.
Country:US-1
Category: [u'child online protection']
Subcategory: [u'un convention and protocol']
Sentence: Encourage Broader Information Sharing on Cybersecurity Nongovernmental organizations with significant computing resources are encouraged to take active roles in information sharing organizations.
Country:US-1
Category: []
Subcategory: []
Sentence: Corporations, colleges, and universities can play important roles in detecting and reporting cyber attacks, exploits, or vulnerabilities.
Country:US-1
Category: []
Subcategory: []
Sentence: In particular, both corporations and institutions of higher learning can gain from increased sharing on cyberspace security issues.
Country:US-1
Category: []
Subcategory: []
Sentence: Programs such as ISACs, FBI Infragard, or the United States Secret Service electronic crimes task forces can also benefit the respective participants.
Country:US-1
Category: []
Subcategory: []
Sentence: Because institutions of higher learning have vast computer resources that can be used as launch pads for attacks, colleges and universities are encouraged to consider establishing an on-call point-of-contact to Internet service providers (ISPs) and law enforcement officials.
Country:US-1
Category: []
Subcategory: []
Sentence: Corporations are encouraged to consider active involvement in industrywide programs to share information on IT security, including the potential benefits of joining an appropriate ISAC.
Country:US-1
Category: [u'technical measures', u'capacity building', u'cooperation']
Subcategory: [u'cirt', u'manpower development', u'international cooperation']
Sentence: Colleges and universities are encouraged to consider establishing: (1) one or more ISACs to deal with cyber attacks and vulnerabilities; and, (2) an on-call point-of-contact, to Internet service providers and law enforcement officials in the event that the schools IT systems are discovered to be launching cyber attacks.
Country:US-1
Category: []
Subcategory: []
Sentence: (A/R 1-7) T H E N AT I O N A L S T R AT E G Y T O S E C U R E C Y B E R S PA C E 25 P R I O R I T Y 26 T H E N A T I O N A L S T R A T E G Y T O S E C U R E C Y B E R S P A C E I P R I O R I T Y I I Priority II: A National Cyberspace Security Threat and Vulnerability Reduction Program Malicious actors in cyberspace can take many forms including individuals, criminal cartels, terrorists, or nation states.
Country:US-1
Category: [u'organization measures', u'capacity building', u'cooperation', u'child online protection', u'legal measures']
Subcategory: [u'responsible agency', u'manpower development', u'intra-agency cooperation', u'public sector partnership', u'national legislation', u'regulation and compliance', u'un convention and protocol']
Sentence: While attackers take many forms, they all seek to exploit vulnerabilities created by the design or implementation of software, hardware, networks, and protocols to achieve a wide range of political or economic effects.
Country:US-1
Category: [u'legal measures', u'technical measures', u'organization measures', u'capacity building', u'cooperation', u'child online protection']
Subcategory: [u'criminal legislation', u'cirt', u'roadmap for governance', u'standardisation development', u'intra-state cooperation', u'intra-agency cooperation', u'international cooperation', u'un convention and protocol', u'standards', u'manpower development']
Sentence: As our reliance on cyberspace increases so too does the scope of damage that malicious actors can impose.
Country:US-1
Category: [u'organization measures', u'capacity building', u'cooperation', u'child online protection']
Subcategory: [u'responsible agency', u'manpower development', u'intra-agency cooperation', u'public sector partnership', u'national legislation']
Sentence: Waiting to act until we learn that a malicious actor is about to exploit a particular vulnera- bility is risky.
Country:US-1
Category: []
Subcategory: []
Sentence: Such warning information may not always be available.
Country:US-1
Category: []
Subcategory: []
Sentence: Even when warning data is available, remediation of some vulnerabilities may take days, weeks, or even years.
Country:US-1
Category: []
Subcategory: []
Sentence: As a result, vulnerabilities must be identified and corrected in critical networks before threats surface.
Country:US-1
Category: []
Subcategory: []
Sentence: The most dangerous vulnerabilities must be prioritized and reduced in a systematic fashion.
Country:US-1
Category: []
Subcategory: []
Sentence: As technology evolves and new systems are introduced, new vulnerabilities emerge.
Country:US-1
Category: [u'capacity building', u'cooperation']
Subcategory: [u'manpower development', u'intra-agency cooperation', u'international cooperation']
Sentence: Our strategy cannot be to eliminate all T H E N A T I O N A L S T R A T E G Y T O S E C U R E C Y B E R S P A C E 27 P R I O R I T Y vulnerabilities, or to deter all threats.
Country:US-1
Category: []
Subcategory: []
Sentence: Rather, we will pursue a three-part effort to: (1) Reduce threats and deter malicious actors through effective programs to identify and punish them; (2) Identify and remediate those existing vulnerabilities that could create the most damage to critical systems, if exploited; and (3) Develop new systems with less vulnerability and assess emerging technologies for vulnerabilities.
Country:US-1
Category: [u'technical measures', u'capacity building', u'cooperation', u'child online protection', u'organization measures']
Subcategory: [u'standards', u'standardisation development', u'manpower development', u'public sector partnership', u'institutional support', u'reporting mechanism', u'responsible agency', u'intra-agency cooperation', u'national legislation']
Sentence: The federal government cannot accomplish these goals acting alone.
Country:US-1
Category: []
Subcategory: []
Sentence: It can only do so in partnership with state and local governments and the private sector.
Country:US-1
Category: [u'organization measures', u'capacity building']
Subcategory: [u'roadmap for governance', u'agency certification']
Sentence: Many federal agencies must play a part in this effort, which will be led and coordinated by DHS as part of its overall vulnerability reduction mandate.
Country:US-1
Category: [u'technical measures', u'organization measures', u'capacity building']
Subcategory: [u'certification', u'responsible agency', u'agency certification']
Sentence: The components of this program are discussed in this section.
Country:US-1
Category: []
Subcategory: []
Sentence: They include federal programs (both existing programs and initiatives that will be considered as part of the budget decision making process) and activities that the federal government recommends to its partners.
Country:US-1
Category: [u'technical measures', u'organization measures', u'child online protection']
Subcategory: [u'standards', u'national benchmarking', u'institutional support', u'reporting mechanism']
Sentence: Many activities that can be taken by individuals, companies, and other private organizations to reduce vulnerabilities will be stimulated and accelerated through awareness and are discussed as part of the awareness initiative described in Priority III.
Country:US-1
Category: []
Subcategory: []
Sentence: Enhance Law Enforcements Capabilities for Preventing and Prosecuting The National Strategy to Secure Cyberspace is especially concerned with those threats that could cause significant damage to our economy or security through actions taken using or against our cyber infrastructure.
Country:US-1
Category: [u'capacity building', u'cooperation']
Subcategory: [u'manpower development', u'intra-state cooperation', u'public sector partnership', u'international cooperation']
Sentence: By identifying threats that would cause us significant harm, we I I can reduce the threats to homeland security, national security, and the economy.
Country:US-1
Category: []
Subcategory: []
Sentence: Law enforcement and the national security community play a critical role in preventing attacks in cyberspace.
Country:US-1
Category: []
Subcategory: []
Sentence: Law enforcement plays the central role in attributing an attack through the exercise of criminal justice authorities.
Country:US-1
Category: [u'legal measures', u'child online protection']
Subcategory: [u'criminal legislation', u'national legislation']
Sentence: Many cyber-based attacks are crimes.
Country:US-1
Category: []
Subcategory: []
Sentence: As a result the Justice Departments Computer Crime and Intellectual Property Section, the FBIs Cyber Division, and the U.S. Secret Service all play a central role in apprehending and swiftly bringing to justice the responsible individuals.
Country:US-1
Category: []
Subcategory: []
Sentence: When incidents do occur, a rapid response can stem the tide of an ongoing attack and lessen the harm that is ultimately caused.
Country:US-1
Category: [u'child online protection']
Subcategory: [u'institutional support', u'reporting mechanism']
Sentence: The Nation currently has laws and mechanisms to ensure quick responses to large incidents.
Country:US-1
Category: []
Subcategory: []
Sentence: Ideally, an investigation, arrest, and prosecution of the perpetrators, or a diplomatic or military response in the case of a state-sponsored action, will follow such an incident.
Country:US-1
Category: []
Subcategory: []
Sentence: Threat reduction, however, involves more than prosecution.
Country:US-1
Category: []
Subcategory: []
Sentence: Analyzing and disseminating practical information gathered by law enforcement can help promote national infrastructure security.
Country:US-1
Category: []
Subcategory: []
Sentence: For example, through various initiatives such as the FBI Infragard program and the U.S. Secret Service electronic crimes task forces, law enforcement can share lessons learned from attacks with private sector organizations.
Country:US-1
Category: [u'cooperation', u'capacity building']
Subcategory: [u'intra-state cooperation', u'manpower development', u'international cooperation']
Sentence: The information gleaned from investigations can provide the federal government and private industry a framework for examining the robustness of their cybersecurity skill sets, and assist in prioritizing their limited resources to manage the unique risk of their enterprise.
Country:US-1
Category: [u'capacity building', u'cooperation']
Subcategory: [u'manpower development', u'public sector partnership']
Sentence: Justice and the FBI will need to work closely with DHS to ensure that the information gleaned from investigations is appropriately analyzed and shared with ISACs and other nongovernmental entities to promote improved risk management in critical infrastructure sectors.
Country:US-1
Category: [u'capacity building', u'cooperation']
Subcategory: [u'manpower development', u'public sector partnership']
Sentence: 28 T H E N A T I O N A L S T R A T E G Y T O S E C U R E C Y B E R S P A C E P R I O R I T Y The Nation will seek to prevent, deter, and significantly reduce cyber attacks by ensuring the identification of actual or attempted perpetrators followed by an appropriate government response.
Country:US-1
Category: []
Subcategory: []
Sentence: In the case of cybercrime this would include swift apprehension, and appropriately severe punishment.
Country:US-1
Category: []
Subcategory: []
Sentence: DOJ and other appropriate agencies will develop and implement efforts to reduce cyber attacks and cyber threats through the following means: (1) identifying ways to improve information sharing and investigative coordination within the federal, state, and local law enforcement community working on critical infrastructure and cyberspace security matters, and with other agencies and the private sector; (2) exploring means to provide sufficient investigative and forensic resources and training to facilitate expeditious investigation and resolution of critical infrastructure incidents; and, (3) developing better data about victims of cybercrime and intrusions in order to understand the scope of the problem and be able to track changes over time.
Country:US-1
Category: [u'legal measures', u'technical measures', u'organization measures', u'capacity building']
Subcategory: [u'regulation and compliance', u'certification', u'responsible agency', u'agency certification']
Sentence: Create a Process for National Vulnerability Assessments to Better Understand the Potential Consequences of Threats and Vulnerabilities a. Assess the Potential Impact of Strategic Cyber Attacks To better understand how to further detect and prevent attacks, the Nation must know the threat it is facing.
Country:US-1
Category: [u'technical measures', u'capacity building', u'cooperation', u'child online protection', u'legal measures']
Subcategory: [u'standards', u'standardisation development', u'manpower development', u'public sector partnership', u'institutional support', u'reporting mechanism', u'regulation and compliance', u'un convention and protocol']
Sentence: To date, no comprehensive assessment of the impact of a strategic cyber attack against the United States has been conducted.
Country:US-1
Category: []
Subcategory: []
Sentence: Because nation states and terrorists are developing capabilities for cyber-based attacks, it is important to understand the potential impact of such an attack and possible ways to mitigate the effects.
Country:US-1
Category: []
Subcategory: []
Sentence: DHS, in coordination with appropriate agencies and the private sector, will lead in the development and conduct of a national threat assessment including red teaming, blue teaming, and other methods to identify the I I impact of possible attacks on a variety of targets.
Country:US-1
Category: [u'technical measures', u'organization measures', u'capacity building']
Subcategory: [u'cirt', u'national benchmarking', u'manpower development', u'professional certification']
Sentence: IDENTIFY AND REMEDIATE EXISTING VULNERABILITIES Reducing vulnerabilities can be resource intensive.
Country:US-1
Category: []
Subcategory: []
Sentence: Accordingly, our national efforts to identify and remediate vulnerabilities must be focused to reduce vulnerabilities in a cost effective and systematic manner.
Country:US-1
Category: []
Subcategory: []
Sentence: The United States must reduce vulnerabilities in four major components of cyberspace, including: (1) the mechanisms of the Internet; (2) digital control How the Internet Works Data sent from one computer to another across the Internet is broken into small packets of information containing addressing information as well as a portion of the total message.
Country:US-1
Category: []
Subcategory: []
Sentence: The packets travel across the Internet separately and are reassembled at the receiving computer.
Country:US-1
Category: []
Subcategory: []
Sentence: There are two primary protocols that enable these packets of data to traverse the complex networks and arrive in an understandable format.
Country:US-1
Category: [u'child online protection']
Subcategory: [u'un convention and protocol']
Sentence: These protocols are: (1) the Transmission Control Protocol (TCP) which decomposes data into packets and ensures that they are reassembled properly at the destination; and (2) the Internet Protocol (IP), which guides or routes the packets of data though the Internet.
Country:US-1
Category: [u'technical measures', u'organization measures', u'child online protection']
Subcategory: [u'standards', u'policy', u'un convention and protocol']
Sentence: Together they are referred to as TCP/IP.
Country:US-1
Category: []
Subcategory: []
Sentence: IP is essential to almost all Internet activities including sending data such as e-mail.
Country:US-1
Category: []
Subcategory: []
Sentence: Data is transmitted based on IP addresses, which are a series of numbers.
Country:US-1
Category: [u'technical measures', u'capacity building', u'cooperation', u'child online protection']
Subcategory: [u'standards', u'certification', u'standardisation development', u'manpower development', u'public sector partnership', u'institutional support']
Sentence: The Domain Name System (DNS) was developed to simplify the management of IP addresses.
Country:US-1
Category: []
Subcategory: []
Sentence: The DNS maps IP numbers to recognizable sets of letters, words or numbers.
Country:US-1
Category: []
Subcategory: []
Sentence: The DNS does this by establishing domains and a structured hierarchical addressing scheme.
Country:US-1
Category: []
Subcategory: []
Sentence: T H E N A T I O N A L S T R A T E G Y T O S E C U R E C Y B E R S P A C E 29 P R I O R I T Y systems/supervisory control and data acquisition systems; (3) software and hardware vulnerability remediation; and, (4) physical infrastructure and interdependency.
Country:US-1
Category: [u'organization measures', u'cooperation']
Subcategory: [u'policy', u'intra-agency cooperation', u'public sector partnership']
Sentence: These four areas have broad implications for the majority of the Nations critical infrastructures.
Country:US-1
Category: [u'technical measures', u'organization measures', u'capacity building', u'cooperation']
Subcategory: [u'cirt', u'policy', u'manpower development', u'intra-state cooperation', u'intra-agency cooperation']
Sentence: Initiating efforts to eliminate vulnerabilities in these important areas will reduce the vulnerability of critical infrastructure services to attack or compromise.
Country:US-1
Category: []
Subcategory: []
Sentence: Secure the Mechanisms of the Internet The development and implementation of the mechanisms for securing the Internet are responsibilities shared by its owners, operators, and users.
Country:US-1
Category: [u'legal measures', u'capacity building', u'child online protection']
Subcategory: [u'regulation and compliance', u'standardisation development', u'un convention and protocol']
Sentence: Private industry is leading the effort to ensure that the core functions of the Internet develop in a secure manner.
Country:US-1
Category: []
Subcategory: []
Sentence: As appropriate, the federal government will continue to support these efforts.
Country:US-1
Category: [u'cooperation']
Subcategory: [u'international cooperation']
Sentence: The goal is the development of secure and robust mechanisms that will enable the Internet to support the Nations needs now and in the future.
Country:US-1
Category: []
Subcategory: []
Sentence: This will include securing the protocols on which the Internet is based, ensuring the security of the routers that direct the flow of data, and implementing effective management practices.
Country:US-1
Category: [u'technical measures', u'organization measures', u'child online protection', u'capacity building']
Subcategory: [u'standards', u'responsible agency', u'un convention and protocol', u'policy', u'manpower development']
Sentence: Improve the Security and Resilience of Key Internet Protocols Essential to the security of the Internet infrastructure is ensuring the reliability and secure use of three key protocols: the Internet Protocol (IP), the Domain Name System (DNS), and the Border Gateway Protocol (BGP).
Country:US-1
Category: [u'child online protection']
Subcategory: [u'un convention and protocol']
Sentence: The Internet is currently based on Internet Protocol version 4 (IPv4).
Country:US-1
Category: [u'child online protection']
Subcategory: [u'un convention and protocol']
Sentence: Some organizations and countries are moving to an updated version of the protocol, version 6 (IPv6).
Country:US-1
Category: []
Subcategory: []
Sentence: In addition to offering a vast amount of addresses, it provides for improved security features, including attribution and native IP security (IPSEC), as well as enabling new applications and capabilities.
Country:US-1
Category: [u'technical measures', u'capacity building', u'cooperation', u'child online protection']
Subcategory: [u'cirt', u'standardisation development', u'manpower development', u'intra-state cooperation', u'institutional support']
Sentence: China is also considering early adoption of the protocol.
Country:US-1
Category: [u'technical measures', u'organization measures', u'capacity building', u'cooperation']
Subcategory: [u'standards', u'policy', u'manpower development', u'public sector partnership']
Sentence: The United States must understand the merits of, and obstacles to, moving to IPv6 and, based on that understanding, identify a process for moving to an IPv6 based infrastructure.
Country:US-1
Category: []
Subcategory: []
Sentence: The federal government can lead in developing this understanding by employing IPv6 on some of its own networks and by coordinating its activities with those in the private sector.
Country:US-1
Category: [u'legal measures', u'technical measures', u'capacity building']
Subcategory: [u'regulation and compliance', u'cirt', u'manpower development']
Sentence: The Department of Commerce will form a task force to examine the issues related to IPv6, including the appropriate role of government, international interoperability, security in transition, and costs and benefits.
Country:US-1
Category: [u'legal measures', u'organization measures', u'capacity building', u'cooperation']
Subcategory: [u'regulation and compliance', u'policy', u'responsible agency', u'manpower development', u'intra-agency cooperation']
Sentence: The task force will solicit input from potentially impacted industry segments.
Country:US-1
Category: [u'organization measures', u'capacity building', u'cooperation']
Subcategory: [u'policy', u'responsible agency', u'manpower development', u'intra-agency cooperation']
Sentence: (ii) Secure the Domain Name System.
Country:US-1
Category: []
Subcategory: []
Sentence: DNS serves as the central database that helps route information throughout the Internet.
Country:US-1
Category: [u'capacity building', u'cooperation']
Subcategory: [u'professional certification', u'public sector partnership']
Sentence: The ability to route information can be disrupted when the databases cannot be accessed or updated or when they have been corrupted.
Country:US-1
Category: []
Subcategory: []
Sentence: Attackers can disrupt the DNS by flooding the system with information or requests or by gaining access to the system and corrupting or destroying the information that it contains.
Country:US-1
Category: [u'legal measures', u'technical measures', u'cooperation']
Subcategory: [u'criminal legislation', u'cirt', u'intra-state cooperation', u'intra-agency cooperation', u'international cooperation']
Sentence: The October 21, 2002 attacks on the core DNS root servers revealed a vulnerability of the Internet by degrading or disrupting some of the 13 root servers necessary for the DNS to function.
Country:US-1
Category: [u'cooperation']
Subcategory: [u'international cooperation']
Sentence: The occurrence of this attack punctuates the urgent need for expeditious action to make such attacks more difficult and less effective.
Country:US-1
Category: [u'legal measures', u'technical measures', u'cooperation']
Subcategory: [u'criminal legislation', u'cirt', u'intra-state cooperation', u'intra-agency cooperation', u'international cooperation']
Sentence: (iii) Border Gateway Protocol.
Country:US-1
Category: []
Subcategory: []
Sentence: Of the many routing protocols in use within the Internet, the Border Gateway Protocol (BGP) is at greatest risk of being the target of attacks designed to disrupt or degrade service on a large scale.
Country:US-1
Category: [u'child online protection']
Subcategory: [u'un convention and protocol']
Sentence: BGP is used to interconnect the thousands of networks that make up the Internet.
Country:US-1
Category: []
Subcategory: []
Sentence: It allows routing information to be exchanged between networks that may have separate administrators, administrative policies, or protocols.
Country:US-1
Category: []
Subcategory: []
Sentence: 30 T H E N A T I O N A L S T R A T E G Y T O S E C U R E C Y B E R S P A C E P R I O R I T Y Propagation of false routing information in the Internet can deny service to small or large portions of the Internet.
Country:US-1
Category: []
Subcategory: []
Sentence: For example, false routes can create black holes that absorb traffic destined for a particular block of address space.
Country:US-1
Category: [u'technical measures', u'capacity building', u'cooperation', u'child online protection']
Subcategory: [u'standards', u'standardisation development', u'manpower development', u'public sector partnership', u'institutional support', u'reporting mechanism']
Sentence: They can also lead to cascade failures that have occurred in other types of large routing/switching systems in the past, where the failure of one switch or mechanism results in the failure of those connected to it, resulting in additional waves of failures expanding outward from the initial fault.
Country:US-1
Category: []
Subcategory: []
Sentence: More secure forms of BGP and DNS will benefit all owners, operators and users of the Internet.
Country:US-1
Category: []
Subcategory: []
Sentence: To address this issue, the Internet Engineering Task Force, a voluntary private body consisting of users, owners, and operators of the Internet, has established working groups for securing BGP and DNS.
Country:US-1
Category: []
Subcategory: []
Sentence: These groups have made progress, but have been limited by technical obstacles and the need for coordination.
Country:US-1
Category: []
Subcategory: []
Sentence: The security and continued functioning of the Internet will be greatly influenced by the success or failure of implementing more secure and more robust BGP and DNS.
Country:US-1
Category: [u'technical measures', u'organization measures', u'capacity building', u'cooperation']
Subcategory: [u'standards', u'policy', u'responsible agency', u'national benchmarking', u'manpower development', u'international cooperation']
Sentence: The Nation has a vital interest in ensuring that this work proceeds.
Country:US-1
Category: []
Subcategory: []
Sentence: The government should play a role when private efforts break down due to a need for coordination or a lack of proper incentives.
Country:US-1
Category: []
Subcategory: []
Sentence: Promote Improved Internet Routing Routers on the Internet share a number of design characteristics that make them relatively easy to disable, especially through denial-ofservice (DoS) attacks that overwhelm a routers processing capability.
Country:US-1
Category: [u'technical measures', u'capacity building', u'cooperation']
Subcategory: [u'cirt', u'standardisation development', u'intra-agency cooperation']
Sentence: Internet routing can be substantially improved by promoting increased use of address verification and out-of-band management.
Country:US-1
Category: []
Subcategory: []
Sentence: Today there are few effective solutions available, even commercially, to mitigate the effect of DoS attacks, as the scale and lack of address verification and I I accountability makes filtering and contacting the sources of an attack impossible.
Country:US-1
Category: []
Subcategory: []
Sentence: One of the largest weaknesses in our current Internet infrastructure is the lack of source address verification.
Country:US-1
Category: []
Subcategory: []
Sentence: Establishing an Internet infrastructure that provides forged source address filtering is a critical step towards defeating these types of attacks.
Country:US-1
Category: []
Subcategory: []
Sentence: (ii) Out-of-Band Management.
Country:US-1
Category: []
Subcategory: []
Sentence: DoS attacks are difficult to mitigate because they prevent control data from reaching the router.
Country:US-1
Category: []
Subcategory: []
Sentence: Separate control networks, commonly called out-ofband management links, are one technique that can be used to counter DoS attacks.
Country:US-1
Category: []
Subcategory: []
Sentence: DHS will examine the need for increased research to improve router security through new technology or approaches to routing information.
Country:US-1
Category: []
Subcategory: []
Sentence: In particular, DHS will assess progress on out-of-band management and address filtering and recommend steps that can be taken by government or the private sector to improve their effectiveness and use.
Country:US-1
Category: [u'organization measures', u'cooperation', u'capacity building']
Subcategory: [u'policy', u'public sector partnership', u'standardisation development', u'manpower development']
Sentence: In addition, DHS will work with the private sector to understand the most efficient path and obstacles to increasing router security using current techniques and technology.
Country:US-1
Category: [u'organization measures', u'cooperation', u'capacity building']
Subcategory: [u'policy', u'intra-agency cooperation', u'public sector partnership', u'standardisation development', u'manpower development']
Sentence: c. Improve Management Much improvement can be made in the security of the Internet infrastructure if best practices for managing the Internet, including the data that flows through it and the equipment that supports it, are widely employed.
Country:US-1
Category: [u'child online protection']
Subcategory: [u'institutional support']
Sentence: DHS will work with organizations that own and operate the Internet to develop and promote the adoption of best practices.
Country:US-1
Category: [u'technical measures', u'organization measures', u'capacity building', u'cooperation']
Subcategory: [u'cirt', u'standards', u'policy', u'manpower development', u'public sector partnership']
Sentence: In particular, DHS will work with Internet service providers to help develop a widely accepted code of conduct for network management.
Country:US-1
Category: [u'technical measures', u'organization measures', u'capacity building']
Subcategory: [u'cirt', u'national benchmarking', u'manpower development', u'professional certification']
Sentence: This work will include a review of existing documented best practices such as those published by Network Reliability and Interoperability Council (NRIC) of the Federal Communications Commission (FCC).
Country:US-1
Category: [u'capacity building', u'cooperation']
Subcategory: [u'manpower development', u'intra-state cooperation', u'public sector partnership']
Sentence: T H E N A T I O N A L S T R A T E G Y T O S E C U R E C Y B E R S P A C E 31 P R I O R I T Y DHS, in coordination with the Commerce Department and appropriate agencies, will coordinate public-private partnerships to encourage: (1) the adoption of improved security protocols; (2) the development of more secure router technology; and, (3) the adoption by ISPs of a code of good conduct, including cybersecurity practices and security related cooperation.
Country:US-1
Category: [u'legal measures', u'technical measures', u'organization measures', u'capacity building', u'cooperation']
Subcategory: [u'regulation and compliance', u'standards', u'policy', u'responsible agency', u'manpower development', u'public sector partnership', u'intra-state cooperation']
Sentence: DHS will support these efforts as required for their success, subject to other budget considerations.
Country:US-1
Category: []
Subcategory: []
Sentence: Foster Trusted Digital Control Systems / Supervisory Control and Data Acquisition Systems Many industries in America have radically transformed the way they control and monitor equipment over the last 20 years by employing digital control systems (DCS) and supervisory control and data acquisition systems (SCADA).
Country:US-1
Category: []
Subcategory: []
Sentence: DCS/SCADA are computer-based systems that are used by many infrastructures and industries to remotely control sensitive processes and physical functions that once had to be controlled manually.
Country:US-1
Category: []
Subcategory: []
Sentence: DCS and SCADA are present in almost every sector of the economy including water, transportation, chemicals, energy, and manufacturing, among others.
Country:US-1
Category: []
Subcategory: []
Sentence: Increasingly DCS/SCADA systems use the Internet to transmit data rather than the closed networks used in the past.
Country:US-1
Category: []
Subcategory: []
Sentence: Securing DCS/SCADA is a national priority.
Country:US-1
Category: []
Subcategory: []
Sentence: Disruption of these systems can have significant consequences for public health and safety.
Country:US-1
Category: [u'capacity building', u'cooperation']
Subcategory: [u'manpower development', u'intra-agency cooperation', u'public sector partnership']
Sentence: However, securing these systems is complicated by various factors.
Country:US-1
Category: []
Subcategory: []
Sentence: First, adding security requires investment in systems and in research and development that companies cannot afford or justify on their own.
Country:US-1
Category: [u'legal measures', u'capacity building', u'child online protection']
Subcategory: [u'regulation and compliance', u'standardisation development', u'un convention and protocol']
Sentence: Such research may require the involvement of multiple infrastructure operators or industries.
Country:US-1
Category: [u'technical measures', u'capacity building', u'cooperation']
Subcategory: [u'cirt', u'manpower development', u'international cooperation']
Sentence: Second, current technological limitations could impede the implementation of security measures.
Country:US-1
Category: []
Subcategory: []
Sentence: For example, DCS/SCADA systems are typically small and self-contained units with limited power supplies.
Country:US-1
Category: []
Subcategory: []
Sentence: Security features are not easily adapted to the space or power requirements.
Country:US-1
Category: []
Subcategory: []
Sentence: In I I addition, these systems operate in real time and security measures could reduce performance or impact the synchronization of larger processes.
Country:US-1
Category: [u'technical measures', u'organization measures']
Subcategory: [u'cirt', u'policy']
Sentence: Both the private and public sectors have a role in securing SCADA systems.
Country:US-1
Category: []
Subcategory: []
Sentence: DHS, in coordination with the Department of Energy and other concerned agencies, will work in partnership with private industry to ensure that there is broad awareness among industry vendors and users, both regulated and unregulated, of the vulnerabilities in DCS/SCADA systems, and the consequences of exploitation of those vulnerabilities.
Country:US-1
Category: []
Subcategory: []
Sentence: For operators of DCS/SCADA systems, these efforts should include developing and deploying training and certification of DCS/SCADA-oriented software and hardware security.
Country:US-1
Category: [u'technical measures', u'capacity building']
Subcategory: [u'certification', u'professional certification']
Sentence: In addition, DHS will work with the private sector to promote voluntary standards efforts, and security policy creation.
Country:US-1
Category: [u'capacity building', u'cooperation']
Subcategory: [u'standardisation development', u'manpower development', u'public sector partnership']
Sentence: The development of adequate test bed environments and the development of technology in the areas of extremely low latency link encryptors/authenticators, key management, and network status/state-of-health monitoring will aid in the effort to secure DCS/SCADA.
Country:US-1
Category: []
Subcategory: []
Sentence: DHS, in coordination with DOE and other concerned agencies and in partnership with industry, will develop best practices and new technology to increase security of DCS/SCADA, to determine the most critical DCS/SCADA-related sites, and to develop a prioritized plan for shortterm cybersecurity improvements in those sites.
Country:US-1
Category: [u'organization measures', u'capacity building', u'cooperation']
Subcategory: [u'policy', u'manpower development', u'intra-state cooperation', u'intra-agency cooperation']
Sentence: Reduce and Remediate Software Vulnerabilities A third critical area of national exposure is the many flaws that exist in critical infrastructure due to software vulnerabilities.
Country:US-1
Category: [u'child online protection']
Subcategory: [u'institutional support']
Sentence: New vulnerabilities emerge daily as use of software reveals flaws that malicious actors can exploit.
Country:US-1
Category: [u'organization measures', u'capacity building', u'cooperation', u'child online protection']
Subcategory: [u'responsible agency', u'manpower development', u'intra-agency cooperation', u'public sector partnership', u'international cooperation', u'national legislation']
Sentence: Currently, approximately 3,500 vulnerabilities are reported annually.
Country:US-1
Category: []
Subcategory: []
Sentence: Corrections are usually completed by the manufacturer in the form of a 32 T H E N A T I O N A L S T R A T E G Y T O S E C U R E C Y B E R S P A C E P R I O R I T Y patch and made available for distribution to fix the flaws.
Country:US-1
Category: []
Subcategory: []
Sentence: Many known flaws, for which solutions are available, remain uncorrected for long periods of time.
Country:US-1
Category: [u'legal measures', u'organization measures']
Subcategory: [u'regulation and compliance', u'national benchmarking']
Sentence: For example, the top ten known vulnerabilities account for the majority of reported incidents of cyber attacks.
Country:US-1
Category: [u'technical measures', u'organization measures', u'capacity building', u'cooperation']
Subcategory: [u'cirt', u'policy', u'manpower development', u'intra-state cooperation', u'intra-agency cooperation']
Sentence: This happens for multiple reasons.
Country:US-1
Category: []
Subcategory: []
Sentence: Many system administrators may lack adequate training or may not have time to examine every new patch to determine whether it applies to their system.
Country:US-1
Category: []
Subcategory: []
Sentence: The software to be patched may affect a complex set of interconnected systems that take a long time to test before a patch can be installed with confidence.
Country:US-1
Category: []
Subcategory: []
Sentence: If the systems are critical, it could be difficult to shut them down to install the patch.
Country:US-1
Category: []
Subcategory: []
Sentence: Unpatched software in critical infrastructures makes those infrastructures vulnerable to penetration and exploitation.
Country:US-1
Category: [u'technical measures', u'organization measures', u'cooperation']
Subcategory: [u'cirt', u'national benchmarking', u'policy', u'intra-agency cooperation', u'public sector partnership']
Sentence: Software flaws are exploited to propagate worms that can result in denial of service, disruption, or other serious damage.
Country:US-1
Category: []
Subcategory: []
Sentence: Such flaws can be used to gain access to and control over physical infrastructure.
Country:US-1
Category: []
Subcategory: []
Sentence: Improving the speed, coverage, and effectiveness of remediation of these vulnerabilities is important for both the public and private sector.
Country:US-1
Category: [u'organization measures', u'cooperation']
Subcategory: [u'policy', u'public sector partnership']
Sentence: First, the Nation needs a better-defined approach to the disclosure of vulnerabilities.
Country:US-1
Category: [u'legal measures']
Subcategory: [u'regulation and compliance']
Sentence: The issue is complex because exposing vulnerabilities both helps speed the development of solutions and also creates opportunities for would be attackers.
Country:US-1
Category: []
Subcategory: []
Sentence: In addition, the clearinghouse for such disclosures must be a neutral body between vendors, security companies, and the public at large.
Country:US-1
Category: []
Subcategory: []
Sentence: Today the government partially funds such organizations.
Country:US-1
Category: [u'capacity building']
Subcategory: [u'standardisation development']
Sentence: However, the appropriate level and form for this funding need to be reviewed.
Country:US-1
Category: [u'capacity building']
Subcategory: [u'standardisation development']
Sentence: DHS will work with the National Infrastructure Advisory Council and private sector organizations to develop an optimal approach and mechanism for vulnerability disclosure.
Country:US-1
Category: [u'technical measures', u'cooperation']
Subcategory: [u'certification', u'public sector partnership']
Sentence: (A/R 2-6) I I A second step that will speed the distribution of patches in software systems is the creation of common test-beds.
Country:US-1
Category: []
Subcategory: []
Sentence: Such test-beds running applications that are common among government agencies or companies can speed patch implementation by testing one time, for many users, the impact that a patch will have on a variety of applications.
Country:US-1
Category: [u'capacity building']
Subcategory: [u'agency certification']
Sentence: GSA will work with DHS on an improved approach to implementing a patch clearinghouse for the federal government.
Country:US-1
Category: [u'technical measures', u'organization measures']
Subcategory: [u'standards', u'responsible agency']
Sentence: DHS will also share lessons learned with the private sector and encourage the development of a voluntary, industry-led, national effort to develop a similar clearinghouse for other sectors including large enterprises.
Country:US-1
Category: [u'cooperation', u'technical measures', u'capacity building']
Subcategory: [u'intra-state cooperation', u'certification', u'public sector partnership', u'standardisation development', u'manpower development']
Sentence: (A/R 2-7) Finally, best practices in vulnerability remediation should be established and shared in areas such as training requirements for system administrators, the use of automated tools, and management processes for patch implementation.
Country:US-1
Category: []
Subcategory: []
Sentence: DHS will work with public and private entities on the development and dissemination of such practices.
Country:US-1
Category: [u'capacity building', u'cooperation']
Subcategory: [u'standardisation development', u'manpower development', u'public sector partnership']
Sentence: More secure initial configurations for shipped cyber products would facilitate more secure use by making the default set-up secure rather than insecure.
Country:US-1
Category: []
Subcategory: []
Sentence: The software industry is encouraged to consider promoting more secure out-of-the-box installation and implementation of their products, including increasing: (1) user awareness of the security features in products; (2) ease-of-use for security functions; and, (3) where feasible, promotion of industry guidelines and best practices that support such efforts.
Country:US-1
Category: [u'capacity building']
Subcategory: [u'manpower development']
Sentence: Understand Infrastructure Interdependency and Improve Physical Security of Cyber Systems and Telecommunications Reducing the vulnerability of the cyber infrastructure includes mitigating the potentially devastating attacks on cyberspace that can occur when key physical linkages are destroyed.
Country:US-1
Category: []
Subcategory: []
Sentence: The impact of such attacks can be amplified by cascading impacts through a variety of dependant infrastructures affecting both the economy and the health and welfare of citizens: a train derailed in a Baltimore tunnel and the T H E N AT I O N A L S T R AT E G Y T O S E C U R E C Y B E R S PA C E 33 P R I O R I T Y Internet slowed in Chicago; a campfire in New Mexico damaged a gas pipeline and IT-related production halted in Silicon Valley; a satellite spun out of control hundreds of miles above the Earth and affected bank customers could not use their ATMs.
Country:US-1
Category: [u'technical measures', u'cooperation', u'legal measures']
Subcategory: [u'certification', u'international cooperation', u'criminal legislation', u'cirt', u'intra-state cooperation', u'intra-agency cooperation']
Sentence: Cyberspace has physical manifestations: the buildings and conduits that support telecommunications and Internet networks.
Country:US-1
Category: []
Subcategory: []
Sentence: These physical elements have been designed and built to create redundancy and avoid single points of failure.
Country:US-1
Category: [u'technical measures', u'capacity building', u'cooperation', u'child online protection']
Subcategory: [u'standards', u'standardisation development', u'manpower development', u'public sector partnership', u'institutional support', u'reporting mechanism']
Sentence: Nonetheless, the carriers and service providers are encouraged to independently and collectively continue to analyze their networks to strengthen reliability and intentional redundancy.
Country:US-1
Category: [u'cooperation', u'legal measures', u'technical measures', u'capacity building']
Subcategory: [u'international cooperation', u'regulation and compliance', u'cirt', u'manpower development']
Sentence: The FCC, through its Network Reliability and Interoperability Council, and the National Security Telecommunications Advisory Committee, can contribute to such efforts and should identify any governmental impediments to strengthening the national networks.
Country:US-1
Category: [u'capacity building', u'cooperation']
Subcategory: [u'manpower development', u'intra-state cooperation', u'public sector partnership']
Sentence: DHS will work actively to reduce interdependencies and physical vulnerability.
Country:US-1
Category: []
Subcategory: []
Sentence: DHS will establish and lead a public-private partnership to identify cross-sectoral interdependencies, both cyber and physical.
Country:US-1
Category: [u'cooperation']
Subcategory: [u'intra-state cooperation']
Sentence: The partnership will develop plans to reduce related vulnerabilities in conjunction with programs proposed in the National Strategy for Homeland Security.
Country:US-1
Category: []
Subcategory: []
Sentence: The National Infrastructure Simulation and Analysis Center in DHS will support these efforts by developing models to identify the impact of cyber and physical interdependencies.
Country:US-1
Category: []
Subcategory: []
Sentence: (A/R 2-9) DHS also will support, when requested and as appropriate, voluntary efforts by owners and operators of information system networks and network data centers to develop remediation and contingency plans to reduce the consequences of large-scale physical damage to facilities supporting such networks, and to develop appropriate procedures for limiting access to critical facilities.
Country:US-1
Category: [u'legal measures', u'technical measures', u'organization measures', u'capacity building', u'child online protection']
Subcategory: [u'regulation and compliance', u'cirt', u'policy', u'roadmap for governance', u'manpower development', u'un convention and protocol']
Sentence: (A/R 2-10) I I C. DEVELOP SYSTEMS WITH FEWER VULNERABILITIES AND ASSESS EMERGING TECHNOLOGIES FOR VULNERABILITIES As the Nation takes steps to improve the security of current systems, it must also ensure that future cyber systems and infrastructure are built to be secure.
Country:US-1
Category: []
Subcategory: []
Sentence: This will become increasingly important as more and more of our daily economic and physical lives come to depend on cyber infrastructure.
Country:US-1
Category: []
Subcategory: []
Sentence: Future security requires research in cyberspace security topics and a commitment to the development of more secure products.
Country:US-1
Category: []
Subcategory: []
Sentence: Prioritize the Federal Research and Development Agenda Federal investment in research for the next generation of technologies to maintain and secure cyberspace must keep pace with an increasing number of vulnerabilities.
Country:US-1
Category: [u'legal measures', u'capacity building', u'child online protection']
Subcategory: [u'regulation and compliance', u'standardisation development', u'un convention and protocol']
Sentence: Flexibility and nimbleness are important in ensuring that the research and development process accommodates the dynamic technology environment in the years ahead.
Country:US-1
Category: [u'organization measures', u'capacity building', u'legal measures', u'child online protection']
Subcategory: [u'national benchmarking', u'standardisation development', u'regulation and compliance', u'un convention and protocol']
Sentence: The Nation will prioritize and provide resources as necessary to advance the research to secure cyberspace.
Country:US-1
Category: []
Subcategory: []
Sentence: A new generation of enabling technologies will serve to modernize the Internet for rapidly growing traffic volumes, expanded e-commerce, and the advanced applications that will be possible only when next-generation networks are widely available.
Country:US-1
Category: []
Subcategory: []
Sentence: As a result, national research efforts must be prioritized to support the transition of cyberspace into a secure, high-speed knowledge and communications infrastructure for this century.
Country:US-1
Category: []
Subcategory: []
Sentence: Vital research is required for this effort.
Country:US-1
Category: []
Subcategory: []
Sentence: The Nation must prioritize its cyberspace security research efforts across all sectors and funding sources.
Country:US-1
Category: [u'capacity building']
Subcategory: [u'standardisation development']
Sentence: To meet these needs, the Director of OSTP will coordinate the development, and update on an annual basis, a federal government research and 34 T H E N A T I O N A L S T R A T E G Y T O S E C U R E C Y B E R S P A C E P R I O R I T Y development agenda that includes near-term (1-3 years), mid-term (3-5 years), and later (5 years out and longer) IT security research for Fiscal Year 2004 and beyond.
Country:US-1
Category: [u'organization measures']
Subcategory: [u'responsible agency']
Sentence: Existing priorities include, among others, intrusion detection, Internet infrastructure security (including protocols such as BGP and DNS), application security, DoS, communications security (including SCADA system encryption and authentication), high-assurance systems, and secure system composition.
Country:US-1
Category: [u'technical measures', u'child online protection']
Subcategory: [u'standards', u'un convention and protocol', u'reporting mechanism']
Sentence: (A/R 2-11) I I processes and procedures that diminish the possibilities of erroneous code, malicious code, or trap doors that could be introduced during development.
Country:US-1
Category: []
Subcategory: []
Sentence: Assess and Secure Emerging Systems To optimize research efforts relative to those of the private sector, DHS will ensure that adequate mechanisms exist for coordination of research and development among academia, industry, and government, and will develop new mechanisms where needed.
Country:US-1
Category: [u'legal measures', u'capacity building', u'child online protection']
Subcategory: [u'regulation and compliance', u'standardisation development', u'un convention and protocol']
Sentence: (A/R 2-12) As new technologies are developed they introduce the potential for new security vulnerabilities.
Country:US-1
Category: []
Subcategory: []
Sentence: Some new technologies introduce security weaknesses that are only corrected over time, with great difficulty, or sometimes not at all.
Country:US-1
Category: []
Subcategory: []
Sentence: A person driving in a car around a city, for example, can access many wireless local area networks without the knowledge of their owners unless strong security measures are added to those systems.
Country:US-1
Category: []
Subcategory: []
Sentence: An important goal of cybersecurity research will be the development of highly secure, trustworthy, and resilient computing systems.
Country:US-1
Category: []
Subcategory: []
Sentence: In the future, working with a computer, the Internet, or any other cyber system may become as dependable as turning on the lights or the water.
Country:US-1
Category: []
Subcategory: []
Sentence: As telephones and personal digital assistants, and many other mobile devices, incorporate more sophisticated operating systems and connectivity they may require security features to prevent their exploitation for distributed attacks on mobile networks and even the Internet.
Country:US-1
Category: [u'legal measures', u'cooperation']
Subcategory: [u'criminal legislation', u'international cooperation']
Sentence: The Nation must seek to ensure that future components of the cyber infrastructure are built to be inherently secure and dependable for their users.
Country:US-1
Category: []
Subcategory: []
Sentence: Development of highly secure and reliable systems will be pursued, subject to budgeting constraints, through the national cyberspace security research agenda.
Country:US-1
Category: []
Subcategory: []
Sentence: Emerging areas of research also can produce unforeseen consequences for security.
Country:US-1
Category: []
Subcategory: []
Sentence: The emergence of optical computing and intelligent agents, as well as in the longer term, developments in areas such as nanotechnology and quantum computing, among others, will likely reshape cyberspace and its security.
Country:US-1
Category: [u'technical measures', u'organization measures', u'capacity building', u'cooperation', u'child online protection']
Subcategory: [u'cirt', u'national benchmarking', u'standardisation development', u'international cooperation', u'institutional support']
Sentence: The Nation must be at the leading edge in understanding these technologies and their implications for security.
Country:US-1
Category: []
Subcategory: []
Sentence: The private sector is encouraged to consider including in near-term research and development priorities, programs for highly secure and trustworthy operating systems.
Country:US-1
Category: [u'legal measures', u'capacity building', u'cooperation', u'child online protection']
Subcategory: [u'regulation and compliance', u'standardisation development', u'manpower development', u'public sector partnership', u'un convention and protocol']
Sentence: If such systems are developed and successfully evaluated, the federal government will, subject to budget considerations, accelerate procurement of such systems.
Country:US-1
Category: []
Subcategory: []
Sentence: (A/R 2-13) In addition, DHS will facilitate a national publicprivate effort to promulgate best practices and methodologies that promote integrity, security, and reliability in software code development, including DHS, in coordination with OSTP and other agencies, as appropriate, will facilitate communication between the public and private research and the security communities, to ensure that emerging technologies are periodically reviewed by the appropriate body within the National Science and Technology Council, in the context of possible homeland and cyberspace security implications, and relevance to the federal research agenda.
Country:US-1
Category: [u'cooperation', u'legal measures', u'child online protection']
Subcategory: [u'international cooperation', u'regulation and compliance', u'un convention and protocol']
Sentence: (A/R 2-15) T H E N AT I O N A L S T R AT E G Y T O S E C U R E C Y B E R S PA C E 35 P R I O R I T Y 36 T H E N A T I O N A L S T R A T E G Y T O S E C U R E C Y B E R S P A C E I I P R I O R I T Y I I I Priority III: A National Cyberspace Security Awareness and Training Program Everyone who relies on part of cyberspace is encouraged to help secure the part of cyberspace that they can influence or control.
Country:US-1
Category: [u'capacity building']
Subcategory: [u'manpower development', u'professional certification']
Sentence: To do that, users need to know the simple things that they can do to help to prevent intrusions, cyber attacks, or other security breaches.
Country:US-1
Category: []
Subcategory: []
Sentence: All users of cyberspace have some responsibility, not just for their own security, but also for the overall security and health of cyberspace.
Country:US-1
Category: []
Subcategory: []
Sentence: In addition to the vulnerabilities in existing information technology systems, there are at least two other major barriers to users and managers acting to improve cybersecurity: (1) a lack of familiarity, knowledge, and understanding of the issues; and (2) an inability to find sufficient numbers of adequately trained and/or appropriately certified personnel to create and manage secure systems.
Country:US-1
Category: [u'technical measures', u'capacity building', u'cooperation', u'child online protection']
Subcategory: [u'cirt', u'standards', u'standardisation development', u'manpower development', u'intra-state cooperation', u'public sector partnership', u'institutional support', u'reporting mechanism']
Sentence: Among the components of this priority are the following: Promote a comprehensive national awareness program to empower all Americansbusinesses, the general workforce, and the general population to secure their own parts of cyberspace; Foster adequate training and education programs to support the Nations cybersecurity needs; T H E N A T I O N A L S T R A T E G Y T O S E C U R E C Y B E R S P A C E 37 P R I O R I T Y Increase the efficiency of existing federal cybersecurity training programs; and Promote private sector support for wellcoordinated, widely recognized professional cybersecurity certification.
Country:US-1
Category: [u'legal measures', u'capacity building', u'child online protection']
Subcategory: [u'regulation and compliance', u'manpower development', u'un convention and protocol']
Sentence: Key to any successful national effort to enhance cybersecurity must be a national effort to raise awareness (of users and managers at all levels) and maintain an adequate pool of well trained and certified IT security specialists.
Country:US-1
Category: [u'capacity building', u'cooperation']
Subcategory: [u'manpower development', u'intra-state cooperation', u'public sector partnership', u'international cooperation']
Sentence: The federal government cannot by itself create or manage all aspects of such an effort.
Country:US-1
Category: [u'technical measures', u'capacity building', u'cooperation', u'child online protection']
Subcategory: [u'standards', u'standardisation development', u'manpower development', u'public sector partnership', u'institutional support', u'reporting mechanism']
Sentence: It can only do so in partnership with industry, other governments, and nongovernmental actors.
Country:US-1
Category: []
Subcategory: []
Sentence: Many federal agencies must play a part in this effort, which will be led and coordinated by DHS.
Country:US-1
Category: [u'technical measures', u'organization measures', u'capacity building']
Subcategory: [u'certification', u'responsible agency', u'agency certification']
Sentence: The components of this program will include the following federal programs (both existing programs and initiatives which will be considered as part of the budget decision making process) and activities, which we recommend to our partners.
Country:US-1
Category: [u'technical measures', u'organization measures', u'child online protection']
Subcategory: [u'standards', u'national benchmarking', u'institutional support', u'reporting mechanism']
Sentence: Promote a Comprehensive National Awareness Program to Empower All AmericansBusinesses, the General Workforce, and the General Population to Secure their Own Parts of Cyberspace In many cases solutions to cybersecurity issues exist, but the people who need them do not know they exist or do not know how or where to find them.
Country:US-1
Category: [u'technical measures', u'capacity building']
Subcategory: [u'standards', u'manpower development']
Sentence: In other cases people may not even be aware of the need to make a network element secure.
Country:US-1
Category: []
Subcategory: []
Sentence: A small business, for example, may not realize that the configuration of its web server uses a default password that allows anyone to gain control of the system.
Country:US-1
Category: [u'capacity building', u'cooperation']
Subcategory: [u'standardisation development', u'intra-agency cooperation']
Sentence: Education and outreach play an important role in making users and operators of cyberspace sensitive to security needs.
Country:US-1
Category: [u'technical measures', u'organization measures', u'capacity building']
Subcategory: [u'cirt', u'national benchmarking', u'manpower development']
Sentence: These activities are an important part of the solution for almost all of the issues discussed in the National Strategy to Secure I I I Cyberspace, from securing digital control systems in industry, to securing broadband Internet access at home.
Country:US-1
Category: [u'cooperation', u'child online protection']
Subcategory: [u'international cooperation', u'institutional support']
Sentence: DHS, working in coordination with appropriate federal, state, and local entities and private sector organizations, will facilitate a comprehensive awareness campaign including audience-specific awareness materials, expansion of the StaySafeOnline campaign, and development of awards programs for those in industry making significant contributions to security.
Country:US-1
Category: [u'capacity building']
Subcategory: [u'manpower development']
Sentence: (A/R 3-1) Increasing awareness and education prepares private sectors, organizations, and individuals to secure their parts of cyberspace.
Country:US-1
Category: [u'legal measures', u'capacity building', u'child online protection']
Subcategory: [u'regulation and compliance', u'manpower development', u'un convention and protocol']
Sentence: Actions taken by one entity on a network can immediately and substantially affect one or many others.
Country:US-1
Category: []
Subcategory: []
Sentence: Because the insecurity of one participant in cyberspace can have a major impact on the others, the actions they take to secure their own networks contribute to the security of the whole.
Country:US-1
Category: [u'legal measures', u'technical measures', u'capacity building']
Subcategory: [u'regulation and compliance', u'cirt', u'manpower development']
Sentence: For example, a few subverted servers recently enabled an attack on some of the Internet Domain Name System root servers and threatened to disrupt service for many users.
Country:US-1
Category: [u'cooperation']
Subcategory: [u'international cooperation']
Sentence: Through improved awareness the Nation can stimulate actions to secure cyberspace by creating an understanding at all audience levels of both cybersecurity issues and solutions.
Country:US-1
Category: []
Subcategory: []
Sentence: DHS will lead an effort to increase cybersecurity awareness for key audiences: a.
Country:US-1
Category: []
Subcategory: []
Sentence: Home Users and Small Business Home users and small business are not part of the critical infrastructures.
Country:US-1
Category: []
Subcategory: []
Sentence: However, their systems are being increasingly subverted by malicious actors to attack critical systems.
Country:US-1
Category: [u'organization measures', u'capacity building', u'cooperation', u'child online protection']
Subcategory: [u'responsible agency', u'manpower development', u'intra-agency cooperation', u'public sector partnership', u'national legislation']
Sentence: Therefore, increasing the awareness about cybersecurity among these users contributes to greater infrastructure security.
Country:US-1
Category: [u'capacity building', u'cooperation']
Subcategory: [u'standardisation development', u'manpower development', u'intra-state cooperation', u'public sector partnership']
Sentence: Home users and small business owners of cyber systems often start with the greatest knowledge gap about cybersecurity.
Country:US-1
Category: []
Subcategory: []
Sentence: DHS, in coordination with other agencies and private organizations, will work to educate the 38 T H E N A T I O N A L S T R A T E G Y T O S E C U R E C Y B E R S P A C E P R I O R I T Y general public of home users, students, children, and small businesses on basic cyberspace safety and security issues.
Country:US-1
Category: [u'technical measures', u'organization measures', u'capacity building', u'cooperation', u'legal measures', u'child online protection']
Subcategory: [u'certification', u'responsible agency', u'agency certification', u'intra-state cooperation', u'intra-agency cooperation', u'regulation and compliance', u'un convention and protocol']
Sentence: As part of these efforts, DHS will partner with the Department of Education and state and local governments to elevate the exposure of cybersecurity issues in primary and secondary schools.
Country:US-1
Category: [u'child online protection', u'organization measures', u'capacity building']
Subcategory: [u'institutional support', u'roadmap for governance', u'agency certification']
Sentence: In addition, the Federal Trade Commission will continue to provide information on cybersecurity for consumers and small businesses through http://www.ftc.gov/infosecurity.
Country:US-1
Category: [u'cooperation']
Subcategory: [u'international cooperation', u'intra-state cooperation', u'intra-agency cooperation']
Sentence: DHS, in coordination with the Department of Education, will encourage and support, where appropriate subject to budget considerations, state, local, and private organizations in the development of programs and guidelines for primary and secondary school students in cybersecurity.
Country:US-1
Category: [u'capacity building']
Subcategory: [u'manpower development']
Sentence: (A/R 3-2) In recent years, with the spread of always on connections for systems, such as cable modems, digital subscriber lines (DSL), and wireless and satellite systems, the security of home user and small business systems has become more important not only to the users themselves, but to others to which they are connected through the Internet.
Country:US-1
Category: [u'legal measures', u'cooperation']
Subcategory: [u'criminal legislation', u'international cooperation']
Sentence: For example, these connections generally mean that larger amounts of data can be sent and done so in a continuous stream.
Country:US-1
Category: [u'legal measures', u'cooperation']
Subcategory: [u'criminal legislation', u'international cooperation']
Sentence: These two factors can be exploited and used to attack other systems, possibly even resulting in nationally significant damage.
Country:US-1
Category: []
Subcategory: []
Sentence: The Internet service providers, antivirus software companies, and operating system/application software developers that provide services or products to home users and small businesses can help raise their awareness of cybersecurity issues.
Country:US-1
Category: [u'capacity building', u'cooperation']
Subcategory: [u'manpower development', u'intra-state cooperation', u'intra-agency cooperation']
Sentence: Home users and small businesses can help the Nation secure cyberspace by securing their own connections to it.
Country:US-1
Category: [u'legal measures', u'cooperation']
Subcategory: [u'criminal legislation', u'international cooperation', u'intra-state cooperation', u'intra-agency cooperation']
Sentence: Installing firewall software and updating it regularly, maintaining current antivirus software, and regularly updating operating systems and major applications with security enhancements are actions that individuals and enterprise operators can take to help secure cyberspace.
Country:US-1
Category: []
Subcategory: []
Sentence: To facilitate such actions, DHS will create a public-private task force of private I I I companies, organizations, and consumer users groups to identify ways that providers of information technology products and services, and other organizations can make it easier for home users and small businesses to secure their systems.
Country:US-1
Category: [u'technical measures', u'capacity building', u'cooperation', u'child online protection', u'organization measures']
Subcategory: [u'standards', u'standardisation development', u'manpower development', u'public sector partnership', u'institutional support', u'reporting mechanism', u'policy', u'responsible agency', u'intra-state cooperation', u'intra-agency cooperation']
Sentence: Large Enterprises The security of large enterprises is important not only to individual businesses, but to the Nation as a whole.
Country:US-1
Category: []
Subcategory: []
Sentence: Large enterprises own major cyber networks and computing systems that, if not secure, can be exploited for attacks on other businesses in an increasingly interconnected economy, and could, in the case of a massive attack, have major economic consequences.
Country:US-1
Category: []
Subcategory: []
Sentence: The cybersecurity of large enterprises can be improved through strong management to ensure that best practices and efficient technology are being employed, especially in the areas of configuration management, authentication, training, incident response, and network management.
Country:US-1
Category: [u'organization measures', u'cooperation']
Subcategory: [u'policy', u'intra-agency cooperation', u'public sector partnership']
Sentence: DHS will continue the work of sensitizing the owners of these networks to their vulnerabilities and what can be done to mitigate them.
Country:US-1
Category: [u'cooperation']
Subcategory: [u'international cooperation']
Sentence: DHS, working with other government agencies and private sector organizations, will build upon and expand existing efforts to direct the attention of key corporate decision makers (e.g., CEOs and members of boards of directors) to the business case for securing their companies information systems.
Country:US-1
Category: [u'legal measures', u'technical measures', u'organization measures', u'capacity building']
Subcategory: [u'regulation and compliance', u'standards', u'roadmap for governance', u'national benchmarking', u'agency certification']
Sentence: Decision makers can take a variety of steps to improve the security of their enterprise networks and to ensure that their networks cannot be maliciously exploited.
Country:US-1
Category: [u'legal measures', u'technical measures', u'organization measures', u'capacity building']
Subcategory: [u'regulation and compliance', u'cirt', u'standards', u'national benchmarking', u'manpower development']
Sentence: Large enterprises are encouraged to evaluate the security of their networks that impact the security of the Nations critical infrastructures.
Country:US-1
Category: [u'legal measures', u'technical measures', u'capacity building']
Subcategory: [u'regulation and compliance', u'cirt', u'manpower development']
Sentence: Such evaluations might include: (1) conducting audits to ensure effectiveness and use of best practices; (2) developing continuity plans which consider offsite staff and equipment; and, (3) participating in industrywide information sharing and best practice dissemination.
Country:US-1
Category: [u'organization measures', u'cooperation']
Subcategory: [u'policy', u'public sector partnership']
Sentence: (A/R 3-4) T H E N A T I O N A L S T R A T E G Y T O S E C U R E C Y B E R S P A C E 39 P R I O R I T Y (i) Insider Threats.
Country:US-1
Category: []
Subcategory: []
Sentence: Many cyber attacks on enterprise systems are perpetrated by trusted insiders.
Country:US-1
Category: []
Subcategory: []
Sentence: Insiders are people trusted with legitimate access rights to enterprise information systems and networks.
Country:US-1
Category: []
Subcategory: []
Sentence: Such trusted individuals can pose a significant threat to the enterprise and beyond.
Country:US-1
Category: []
Subcategory: []
Sentence: The insider threat poses a key risk because it provides a potential avenue for individuals who seek to harm the Nation to gain access to systems that could support their malicious objectives.
Country:US-1
Category: [u'child online protection']
Subcategory: [u'institutional support', u'reporting mechanism']
Sentence: Effectively mitigating the insider threat requires policies, practices, and continued training.
Country:US-1
Category: []
Subcategory: []
Sentence: Three common policy areas which can reduce insider threat include: (1) access controls, (2) segregation of duties, and, (3) effective policy enforcement.
Country:US-1
Category: []
Subcategory: []
Sentence: Poor access controls enable an individual or group to inappropriately modify, destroy, or disclose sensitive data or computer programs for purposes such as personal gain or sabotage.
Country:US-1
Category: [u'legal measures']
Subcategory: [u'regulation and compliance']
Sentence: Segregation of duties is important in assuring the integrity of an enterprises information system.
Country:US-1
Category: []
Subcategory: []
Sentence: No one person should have complete control of any system.
Country:US-1
Category: []
Subcategory: []
Sentence: Effective enforcement of an enterprise security policy can be challenging and requires regular auditing.
Country:US-1
Category: []
Subcategory: []
Sentence: New automated software is beginning to emerge which can facilitate efficient enforcement of enterprise security.
Country:US-1
Category: [u'organization measures', u'cooperation']
Subcategory: [u'policy', u'intra-agency cooperation', u'public sector partnership']
Sentence: These programs allow the input of policy in human terms, translation to machine code, and then monitoring at the packet level of all data transactions within, and outbound from, the network.
Country:US-1
Category: []
Subcategory: []
Sentence: Such software can detect and stop inappropriate use of networks and cyber-based resources.
Country:US-1
Category: []
Subcategory: []
Sentence: c. Institutions of Higher Education (IHEs) Awareness plays an especially important role in increasing the cybersecurity of IHEs.
Country:US-1
Category: []
Subcategory: []
Sentence: As recent experience has shown, organized attackers have collectively exploited many insecure computer systems traceable to the campus networks of I I I higher education as a platform from which to launch denial-of-service attacks and other threats to unrelated systems on the Internet.
Country:US-1
Category: [u'legal measures', u'technical measures', u'capacity building', u'cooperation']
Subcategory: [u'criminal legislation', u'cirt', u'manpower development', u'intra-state cooperation', u'intra-agency cooperation', u'public sector partnership', u'international cooperation']
Sentence: Such attacks harm not only the targeted systems, but also the owners of those systems and those who desire to use their services.
Country:US-1
Category: [u'child online protection', u'legal measures', u'technical measures', u'cooperation']
Subcategory: [u'institutional support', u'reporting mechanism', u'criminal legislation', u'cirt', u'intra-state cooperation', u'intra-agency cooperation', u'international cooperation']
Sentence: IHEs are subject to exploitation for two reasons: (1) they possess vast amounts of computing power; and (2) they allow relatively open access to those resources.
Country:US-1
Category: []
Subcategory: []
Sentence: The computing power owned by IHEs is extensive, covering over 3,000 schools, many with research and significant central computing facilities.
Country:US-1
Category: []
Subcategory: []
Sentence: The higher education community, collectively, has been actively engaged in efforts to organize its members and coordinate action to raise awareness and enhance cybersecurity on Americas campuses.
Country:US-1
Category: [u'organization measures', u'capacity building', u'cooperation']
Subcategory: [u'responsible agency', u'manpower development', u'intra-state cooperation', u'public sector partnership', u'international cooperation']
Sentence: Most notably, through EDUCAUSE, the community has raised the issue of the Strategys development with top leaders of higher education, including the American Council on Education and the Higher Education IT Alliance.
Country:US-1
Category: [u'capacity building']
Subcategory: [u'standardisation development']
Sentence: Significantly, through this effort, top university presidents have adopted a 5-point Framework for Action that commits them to giving IT security high priority and to adopting the policies and measures necessary to realize greater system security: (1) Make IT security a priority in higher education; (2) Revise institutional security policy and improve the use of existing security tools; (3) Improve security for future research and education networks; (4) Improve collaboration between higher education, industry, and government; and (5) Integrate work in higher education with the national effort to strengthen critical infrastructure.
Country:US-1
Category: [u'legal measures', u'organization measures', u'child online protection']
Subcategory: [u'regulation and compliance', u'responsible agency', u'un convention and protocol']
Sentence: 40 T H E N A T I O N A L S T R A T E G Y T O S E C U R E C Y B E R S P A C E P R I O R I T Y Colleges and universities are encouraged to secure their cyber systems by establishing some or all of the following as appropriate: (1) one or more ISACs to deal with cyber attacks and vulnerabilities; (2) model guidelines empowering Chief Information Officers (CIOs) to address cybersecurity; (3) one or more sets of best practices for IT security; and, (4) model user awareness programs and materials.
Country:US-1
Category: [u'organization measures', u'cooperation']
Subcategory: [u'responsible agency', u'intra-agency cooperation']
Sentence: (A/R 3-5) d. Private Sectors DHS will work with private sectors on general awareness as well as on specific issues impacting particular sectors.
Country:US-1
Category: [u'technical measures', u'cooperation']
Subcategory: [u'certification', u'public sector partnership']
Sentence: Private sectors own and operate the vast majority of the Nations cyberspace.
Country:US-1
Category: [u'technical measures', u'organization measures', u'capacity building', u'cooperation']
Subcategory: [u'cirt', u'policy', u'manpower development', u'intra-state cooperation', u'intra-agency cooperation', u'certification', u'public sector partnership']
Sentence: As long time partners in the effort to secure cyberspace, many sectors have developed plans in parallel with the National Strategy to Secure Cyberspace to help secure their critical infrastructures.
Country:US-1
Category: []
Subcategory: []
Sentence: The sectors can serve a vital role in the reduction of vulnerabilities by creating sector-wide awareness of issues that affect multiple members.
Country:US-1
Category: []
Subcategory: []
Sentence: Members can develop and share best practices and work together toward common security solutions.
Country:US-1
Category: []
Subcategory: []
Sentence: For example, SCADA systems are a widespread security issue in the energy sector.
Country:US-1
Category: []
Subcategory: []
Sentence: Solutions are being coordinated with the Department of Energy and across the sector.
Country:US-1
Category: []
Subcategory: []
Sentence: The sectors also play a role in the identification of research needs.
Country:US-1
Category: []
Subcategory: []
Sentence: DHS will closely coordinate with private sectors on plans and initiatives to secure cyberspace.
Country:US-1
Category: [u'organization measures', u'technical measures', u'cooperation']
Subcategory: [u'responsible agency', u'certification', u'public sector partnership']
Sentence: A public-private partnership should continue work in helping to secure the Nations cyber infrastructure through participation in, as appropriate and feasible, a technology and R&D gap analysis to provide input into the federal cybersecurity research agenda, coordination on the conduct of associated research, and the development and dissemination of best practices for cybersecurity.
Country:US-1
Category: [u'technical measures', u'organization measures', u'capacity building', u'cooperation']
Subcategory: [u'cirt', u'national benchmarking', u'manpower development', u'professional certification', u'international cooperation', u'standardisation development', u'intra-state cooperation']
Sentence: (A/R 3-6) e. State and Local Governments DHS will implement plans to focus key decision makers in state and local governmentssuch as governors, state legislatures, I I I mayors, city managers, and county commissioners/boards of supervisorsto support investment in information systems security measures and adopt enforceable management policies and practices.
Country:US-1
Category: [u'legal measures', u'technical measures', u'organization measures', u'capacity building']
Subcategory: [u'regulation and compliance', u'standards', u'roadmap for governance', u'national benchmarking', u'agency certification']
Sentence: TRAINING In addition to raising general awareness, the Nation must focus resources on training a talented and innovative pool of citizens that can specialize in securing the infrastructure.
Country:US-1
Category: [u'technical measures', u'capacity building', u'cooperation', u'child online protection']
Subcategory: [u'cirt', u'standardisation development', u'manpower development', u'intra-state cooperation', u'institutional support']
Sentence: While the need for this pool has grown quickly with the expansion of the Internet and the pervasiveness of computers, networks, and other cyber devices, the investment in training has not kept pace.
Country:US-1
Category: []
Subcategory: []
Sentence: Universities are turning out fewer engineering graduates, and much of their resources are dedicated to other subjects, such as biology and life sciences.
Country:US-1
Category: []
Subcategory: []
Sentence: This trend must be reversed if the United States is to lead the world with its cyber economy.
Country:US-1
Category: []
Subcategory: []
Sentence: Foster Adequate Training and Education Programs to Support the Nations Cybersecurity Needs Improvements in cybersecurity training will be accomplished primarily through the work of private training organizations, institutions of learning, and the Nations school systems.
Country:US-1
Category: [u'organization measures', u'capacity building', u'cooperation', u'legal measures', u'child online protection']
Subcategory: [u'policy', u'manpower development', u'intra-state cooperation', u'intra-agency cooperation', u'regulation and compliance', u'un convention and protocol']
Sentence: DHS will also encourage private efforts to ensure that adequate opportunities exist for continuing education and advanced training in the workplace to maintain high skills standards and the capacity to innovate.
Country:US-1
Category: []
Subcategory: []
Sentence: The federal government can play a direct role in several ways.
Country:US-1
Category: []
Subcategory: []
Sentence: First, DHS will implement and encourage the establishment of programs to advance the training of cybersecurity professionals in the United States, including coordination with NSF, OPM, and NSA, to identify ways to leverage the existing Cyber Corps Scholarship for Service program as well as the various graduate, postdoctoral, senior researcher, and faculty development fellowship and traineeship programs created by the T H E N A T I O N A L S T R A T E G Y T O S E C U R E C Y B E R S P A C E 41 P R I O R I T Y Cyber Security Research and Development Act, to address these important training and education workforce issues.
Country:US-1
Category: [u'capacity building', u'legal measures', u'child online protection']
Subcategory: [u'manpower development', u'regulation and compliance', u'standardisation development', u'un convention and protocol']
Sentence: Increase the Efficiency of Existing Federal Cybersecurity Training Programs Second, DHS will explore the benefits of a center for the development of cybersecurity training practices that would draw together expertise and be consistent with the federal build once, use many approach.
Country:US-1
Category: [u'capacity building']
Subcategory: [u'manpower development', u'professional certification']
Sentence: DHS, in coordination with other agencies with cybersecurity training expertise, will develop a coordination mechanism linking federal cybersecurity and computer forensics training programs.
Country:US-1
Category: [u'technical measures', u'organization measures', u'capacity building']
Subcategory: [u'certification', u'responsible agency', u'agency certification']
Sentence: Promote Private Sector Support for Wellcoordinated Widely Recognized Professional Cybersecurity Certifications Related to education and training is the need for certification of qualified persons.
Country:US-1
Category: [u'technical measures', u'capacity building', u'legal measures', u'child online protection']
Subcategory: [u'certification', u'professional certification', u'regulation and compliance', u'manpower development', u'un convention and protocol']
Sentence: Certification can provide employers and consumers with greater information about the capabilities of potential employees or security consultants.
Country:US-1
Category: [u'technical measures', u'capacity building']
Subcategory: [u'certification', u'manpower development', u'professional certification']
Sentence: Currently, some certifications for cybersecurity workers exist; however, they vary greatly in the requirements they impose.
Country:US-1
Category: [u'technical measures', u'capacity building']
Subcategory: [u'certification', u'professional certification']
Sentence: For example, some programs emphasize broad knowledge verified by an extensive multiplechoice exam, while others verify in-depth I I I practical knowledge on a particular cyber component.
Country:US-1
Category: []
Subcategory: []
Sentence: No one certification offers a level of assurance about a persons practical and academic qualifications, similar to those offered by the medical and legal professions.
Country:US-1
Category: [u'technical measures', u'capacity building', u'child online protection']
Subcategory: [u'certification', u'manpower development', u'professional certification', u'institutional support', u'reporting mechanism']
Sentence: To address this issue, a number of industry stakeholders including representatives of both consumers and providers of IT security certifications are beginning to explore approaches to developing nationally recognized certifications and guidelines for certification.
Country:US-1
Category: [u'technical measures', u'organization measures', u'capacity building', u'cooperation', u'child online protection']
Subcategory: [u'certification', u'responsible agency', u'manpower development', u'professional certification', u'intra-agency cooperation', u'international cooperation', u'institutional support']
Sentence: Aspects that warrant consideration by these organizations include levels of education and experience, peer recognition, continuing education requirements, testing guidance, as applicable for various levels of certification that may be established, and models for administering a certification for IT security professionals similar to those successfully employed in other professions.
Country:US-1
Category: [u'technical measures', u'capacity building', u'organization measures']
Subcategory: [u'standards', u'certification', u'professional certification', u'national benchmarking']
Sentence: DHS and other federal agencies, as downstream consumers (prospective employers of certified personnel), can aid these efforts by effectively articulating the needs of the federal IT security community.
Country:US-1
Category: []
Subcategory: []
Sentence: DHS will encourage efforts that are needed to build foundations for the development of security certification programs that will be broadly accepted by the public and private sectors.
Country:US-1
Category: [u'technical measures', u'capacity building', u'child online protection']
Subcategory: [u'certification', u'manpower development', u'professional certification', u'reporting mechanism']
Sentence: DHS and other federal agencies can aid these efforts by effectively articulating the needs of the federal IT security community.
Country:US-1
Category: [u'technical measures', u'organization measures', u'capacity building']
Subcategory: [u'certification', u'responsible agency', u'agency certification']
Sentence: (A/R 3-9) 42 T H E N A T I O N A L S T R A T E G Y T O S E C U R E C Y B E R S P A C E P R I O R I T Y I V Priority IV: Securing Governments Cyberspace Although most critical infrastructures are in the private sector, governments at various levels perform many key functions.
Country:US-1
Category: [u'technical measures', u'organization measures', u'cooperation']
Subcategory: [u'cirt', u'national benchmarking', u'policy', u'intra-agency cooperation', u'public sector partnership']
Sentence: Among those key functions are national defense, homeland security, emergency response, taxation, payments to citizens, central bank activities, criminal justice, and public health.
Country:US-1
Category: []
Subcategory: []
Sentence: All of those functions and others now depend upon information networks and systems.
Country:US-1
Category: []
Subcategory: []
Sentence: Thus, it is the duty of governments to secure their information systems in order to provide essential services.
Country:US-1
Category: []
Subcategory: []
Sentence: At the federal level it is also required by law.
Country:US-1
Category: []
Subcategory: []
Sentence: The foundation for the federal governments cybersecurity requires assigning clear and unambiguous authority and responsibility for security, holding officials accountable for fulfilling those responsibilities, and integrating security requirements into budget and capital planning processes.
Country:US-1
Category: []
Subcategory: []
Sentence: The federal government will lead by example, giving cybersecurity appropriate attention and care, and encouraging others to do so.
Country:US-1
Category: []
Subcategory: []
Sentence: The federal governments procurement practices will be used to help promote cybersecurity.
Country:US-1
Category: []
Subcategory: []
Sentence: For example, federal agencies should become early adopters of new, more secure systems and protocols where appropriate.
Country:US-1
Category: [u'child online protection', u'technical measures', u'organization measures', u'capacity building']
Subcategory: [u'un convention and protocol', u'certification', u'responsible agency', u'agency certification']
Sentence: State and local governments can have a similar effect on cybersecurity.
Country:US-1
Category: [u'organization measures', u'capacity building']
Subcategory: [u'roadmap for governance', u'agency certification']
Sentence: The federal government T H E N A T I O N A L S T R A T E G Y T O S E C U R E C Y B E R S P A C E 43 P R I O R I T Y I V is ready to partner with both state and local governments to promote cybersecurity.
Country:US-1
Category: [u'organization measures', u'capacity building']
Subcategory: [u'roadmap for governance', u'agency certification']
Sentence: Continuously Assess Threats and Vulnerabilities to Federal Cyber Systems Within the federal government the Director of OMB is responsible for ensuring that department and agency heads carry out their legal responsibilities to secure IT systems, with the exception of classified systems of national security departments and agencies that are the responsibility of the Secretary of Defense and the Director of Central Intelligence.
Country:US-1
Category: [u'legal measures', u'child online protection']
Subcategory: [u'regulation and compliance', u'un convention and protocol']
Sentence: A key step to ensuring the security of federal information technology is to understand the current state of the effectiveness of security and privacy controls in individual systems.
Country:US-1
Category: [u'organization measures', u'cooperation']
Subcategory: [u'policy', u'public sector partnership']
Sentence: Once identified, it is equally important to maintain that understanding through a continuing cycle of risk assessment.
Country:US-1
Category: []
Subcategory: []
Sentence: This approach is reflected in OMB security policies, and is featured in FISMA.
Country:US-1
Category: []
Subcategory: []
Sentence: THE FEDERAL GOVERNMENT Beginning with the Budget Blueprint in February 2001, continuing in the fiscal year 2002 and 2003 budgets, and the Management Reform Agenda, this administration has set a clear agenda for government reform.
Country:US-1
Category: []
Subcategory: []
Sentence: These reforms include unifying federal government security and critical infrastructure protection initiatives, and making strong security a condition of funding for all federal investments in information-technology systems.
Country:US-1
Category: [u'legal measures', u'capacity building', u'organization measures', u'cooperation']
Subcategory: [u'criminal legislation', u'standardisation development', u'policy', u'intra-agency cooperation', u'public sector partnership']
Sentence: The National Strategy to Secure Cyberspace supports these efforts by working to ensure that the federal government can identify vulnerabilities, anticipate threats, mitigate attacks when possible, and provide for continuity of operations.
Country:US-1
Category: [u'child online protection']
Subcategory: [u'institutional support']
Sentence: To overcome deficiencies in cybersecurity, OMB established a governmentwide IT security program, as required by law, to set IT security policies and perform oversight of federal agency compliance with security requirements.
Country:US-1
Category: [u'legal measures', u'technical measures', u'organization measures']
Subcategory: [u'regulation and compliance', u'cirt', u'standards', u'national benchmarking']
Sentence: This program is based on a costeffective, risk-based approach.
Country:US-1
Category: []
Subcategory: []
Sentence: Agencies must ensure that security is integrated within every IT investment.
Country:US-1
Category: []
Subcategory: []
Sentence: This approach is designed to enable federal government business operations, not to unnecessarily impede those functions.
Country:US-1
Category: []
Subcategory: []
Sentence: OMBs first report to Congress on government information security reform in February 2002 identified six common governmentwide security performance gaps.
Country:US-1
Category: []
Subcategory: []
Sentence: These weaknesses included: (1) Lack of senior management attention; (2) Lack of performance measurement; (3) Poor security education and awareness; (4) Failure to fully fund and integrate security into capital planning and investment control; (5) Failure to ensure that contractor services are adequately secure; and (6) Failure to detect, report, and share information on vulnerabilities.
Country:US-1
Category: [u'technical measures', u'organization measures', u'capacity building']
Subcategory: [u'standards', u'policy', u'manpower development']
Sentence: These gaps are not new or surprising.
Country:US-1
Category: []
Subcategory: []
Sentence: OMB, along with the General Accounting Office and agency inspectors general, has found them to be problems for at least 6 years.
Country:US-1
Category: []
Subcategory: []
Sentence: The evaluation and reporting requirements established by law have given OMB and federal agencies an opportunity to develop a comprehensive, crossgovernment baseline of agency IT security performance that had not been previously available.
Country:US-1
Category: [u'organization measures', u'capacity building', u'cooperation', u'technical measures']
Subcategory: [u'national benchmarking', u'manpower development', u'intra-state cooperation', u'certification', u'responsible agency', u'agency certification']
Sentence: More importantly, through the development and use of corrective action plans, the federal government has a uniform process to track progress in fixing those weaknesses.
Country:US-1
Category: []
Subcategory: []
Sentence: 44 T H E N A T I O N A L S T R A T E G Y T O S E C U R E C Y B E R S P A C E P R I O R I T Y Before OMB approves funding for a system an agency must demonstrate that it has resolved outstanding security issues related to the system.
Country:US-1
Category: [u'capacity building']
Subcategory: [u'standardisation development']
Sentence: Additionally, agencies must ensure that security has been incorporated and security costs reported for every IT investment through the federal capital planning process.
Country:US-1
Category: []
Subcategory: []
Sentence: OMB policy stipulates that specific lifecycle security costs be identified, built into, and funded as part of each system investment.
Country:US-1
Category: []
Subcategory: []
Sentence: Failure to do so results in disapproval of funding for the entire system.
Country:US-1
Category: [u'capacity building']
Subcategory: [u'standardisation development']
Sentence: Agency-Specific Processes The federal government must have a comprehensive and crosscutting approach to improving cybersecurity.
Country:US-1
Category: []
Subcategory: []
Sentence: Three processes central to improving and maintaining federal cybersecurity in the agencies are: identifying and documenting enterprise architectures; continuously assessing threats and vulnerabilities, and understanding the risks they pose to agency operations and assets; and implementing security controls and remediation efforts to reduce and manage those risks.
Country:US-1
Category: [u'technical measures', u'organization measures']
Subcategory: [u'standards', u'responsible agency']
Sentence: Each agency will be expected to create and implement this formal three-step process to achieve greater security.
Country:US-1
Category: [u'technical measures', u'organization measures', u'capacity building', u'cooperation', u'child online protection']
Subcategory: [u'standards', u'roadmap for governance', u'standardisation development', u'manpower development', u'public sector partnership', u'institutional support', u'reporting mechanism']
Sentence: Identify and Document Enterprise Architectures OMB policy requires each agency to identify and document their enterprise architecture, including an authoritative inventory of all operations and assets, all agency IT systems, critical business processes, and their interrelationships with other organizations.
Country:US-1
Category: []
Subcategory: []
Sentence: This process yields a governmentwide view of critical security needs.
Country:US-1
Category: []
Subcategory: []
Sentence: Through the budget process, the federal government will drive agency investments in commercially available tools to improve their architectures and system configuration.
Country:US-1
Category: []
Subcategory: []
Sentence: Configuration management and control has incidental and important benefits to security.
Country:US-1
Category: []
Subcategory: []
Sentence: For example, controlling system configuration I V permits agencies to more effectively and efficiently enforce policies and permissions and more easily install antivirus definitions and other software updates and patches across an entire system or network.
Country:US-1
Category: []
Subcategory: []
Sentence: Continuously Assess Threats and Vulnerabilities Commercially available automated auditing and reporting mechanisms should be used to validate the effectiveness of the security controls across a system and are essential to continuously understand risks to those systems.
Country:US-1
Category: [u'organization measures', u'cooperation', u'legal measures', u'child online protection']
Subcategory: [u'policy', u'public sector partnership', u'regulation and compliance', u'un convention and protocol']
Sentence: These tools can help in analyzing data, providing forwardlooking assessments, and alerting agencies of unacceptable risks to their operations.
Country:US-1
Category: []
Subcategory: []
Sentence: Federal agencies will continue to expand the use of automated, enterprise-wide security assessment and security policy enforcement tools and actively deploy threat management tools to deter attacks.
Country:US-1
Category: [u'cooperation', u'technical measures', u'organization measures', u'capacity building']
Subcategory: [u'public sector partnership', u'international cooperation', u'certification', u'responsible agency', u'agency certification']
Sentence: The federal government will determine whether specific actions are necessary (e.g., through the policy or budget processes) to promote the greater use of these tools.
Country:US-1
Category: [u'technical measures']
Subcategory: [u'standards', u'certification']
Sentence: (A/R 4-1) c. Implement Security Controls and Remediation Efforts The implementation of security controls that maintain risk at an acceptable level can often be accomplished in a relatively brief amount of time.
Country:US-1
Category: [u'capacity building', u'child online protection']
Subcategory: [u'manpower development', u'reporting mechanism']
Sentence: However, the remediation of vulnerabilities is a much more complex challenge.
Country:US-1
Category: []
Subcategory: []
Sentence: Software is constantly changing and each new upgrade can introduce new vulnerabilities.
Country:US-1
Category: []
Subcategory: []
Sentence: As a result, vulnerabilities must be assessed continuously.
Country:US-1
Category: []
Subcategory: []
Sentence: Remediation often involves patching or installing pieces of software or code that are used to update the main program.
Country:US-1
Category: []
Subcategory: []
Sentence: The remediation of federal systems must be planned in a consistent fashion.
Country:US-1
Category: []
Subcategory: []
Sentence: T H E N A T I O N A L S T R A T E G Y T O S E C U R E C Y B E R S P A C E 45 P R I O R I T Y B.
Country:US-1
Category: []
Subcategory: []
Sentence: ADDITIONAL GOVERNMENTWIDE CHALLENGES In addition, there are four specific governmentwide security challenges that need to be addressed.
Country:US-1
Category: []
Subcategory: []
Sentence: Each agency, as appropriate, should work with OMB to resolve these challenges.
Country:US-1
Category: []
Subcategory: []
Sentence: Authenticate and Maintain Authorization for Users of Federal Systems Identifying and authenticating each system user is the first link in the system security chain, and it must take place whenever system access is initiated.
Country:US-1
Category: []
Subcategory: []
Sentence: To establish and maintain secure system operations, organizations must ensure that the people on the system are who they say they are and are doing only what they are authorized to do.
Country:US-1
Category: []
Subcategory: []
Sentence: Many authentication procedures used today are inadequate.
Country:US-1
Category: []
Subcategory: []
Sentence: Passwords are not being changed from the system default, are often incorrectly configured, and are rarely updated.
Country:US-1
Category: []
Subcategory: []
Sentence: The federal government will continue to promote a continuing chain of security for all federal employees and processes, including the use, where appropriate, of biometric smart cards for access to buildings and computers, and authentication from the moment of computer log on.
Country:US-1
Category: [u'capacity building', u'cooperation']
Subcategory: [u'manpower development', u'international cooperation']
Sentence: The benefits of such an approach are clear.
Country:US-1
Category: []
Subcategory: []
Sentence: By promoting multi-layered identification and authenticationthe use of strong passwords, smart tokens, and biometrics - the federal government will eliminate many significant security problems that it has today.
Country:US-1
Category: []
Subcategory: []
Sentence: Through the ongoing E-Authentication initiative, the federal government will review the need for stronger access control and authentication; explore the extent to which all departments can employ the same physical and logical access control tools and authentication mechanisms; and consequently, further promote consistency and interoperability.
Country:US-1
Category: [u'cooperation']
Subcategory: [u'international cooperation']
Sentence: (A/R 4-2) I V The National Information Assurance Partnership (NIAP) NIAP is a U.S. Government initiative to meet testing, evaluation, and assessment needs of both information technology (IT) producers and consumers.
Country:US-1
Category: []
Subcategory: []
Sentence: The partnership, originated in 1997, combines the extensive security experience of both agencies to promote the development of technically sound security requirements for IT products and systems and appropriate metrics for evaluating those products and systems.
Country:US-1
Category: [u'capacity building', u'cooperation']
Subcategory: [u'manpower development', u'public sector partnership']
Sentence: The long-term goal of NIAP is to help increase the level of trust consumers have in their information systems and networks through the use of cost-effective security testing, evaluation, and assessment programs.
Country:US-1
Category: [u'legal measures', u'child online protection']
Subcategory: [u'regulation and compliance', u'un convention and protocol']
Sentence: NIAP continues to build important relationships with government agencies and industry in a variety of areas to help meet current and future IT security challenges affecting the Nations critical information infrastructure.
Country:US-1
Category: [u'cooperation', u'capacity building']
Subcategory: [u'intra-state cooperation', u'agency certification']
Sentence: More information on the partnership can be found at http://www.niap.nist.gov.
Country:US-1
Category: []
Subcategory: []
Sentence: Secure Federal Wireless Local Area Networks When using wireless technology, the federal government will carefully evaluate the risks associated with using such technology for critical functions.
Country:US-1
Category: []
Subcategory: []
Sentence: The National Institute of Standards and Technology (NIST) notes that wireless communications can be intercepted and that wireless networks can also experience denial-of-service attacks.
Country:US-1
Category: [u'capacity building', u'cooperation']
Subcategory: [u'manpower development', u'public sector partnership']
Sentence: Federal agencies should use the NIST findings and 46 T H E N A T I O N A L S T R A T E G Y T O S E C U R E C Y B E R S P A C E P R I O R I T Y I V recommendations on wireless systems as a guide to the operation of wireless networks.
Country:US-1
Category: [u'technical measures', u'organization measures', u'capacity building']
Subcategory: [u'certification', u'responsible agency', u'agency certification']
Sentence: vendors to submit their product for evaluation to be further considered.
Country:US-1
Category: [u'technical measures', u'organization measures']
Subcategory: [u'certification', u'policy']
Sentence: Federal agencies should consider installing systems that continuously check for unauthorized connections to their networks.
Country:US-1
Category: [u'legal measures', u'cooperation', u'technical measures', u'organization measures', u'capacity building']
Subcategory: [u'criminal legislation', u'international cooperation', u'certification', u'responsible agency', u'agency certification']
Sentence: Agency policy and procedures should reflect careful consideration of additional risk reduction measures, including the use of strong encryption, bi-directional authentication, shielding standards and other technical security considerations, configuration management, intrusion detection, incident handling, and computer security awareness and training programs.
Country:US-1
Category: [u'technical measures']
Subcategory: [u'standards']
Sentence: (A/R 4-3) Following this program review, the government will evaluate the cost effectiveness of expanding the program to cover all federal agencies.
Country:US-1
Category: [u'organization measures', u'cooperation']
Subcategory: [u'policy', u'public sector partnership']
Sentence: If this proves workable, it could both improve government security and leverage the governments significant purchasing power to influence the market and begin to improve the security of all consumer information technology products.
Country:US-1
Category: [u'capacity building']
Subcategory: [u'manpower development']
Sentence: Improve Security in Government Outsourcing and Procurement Through a joint effort of OMBs Office of Federal Procurement Policy, the Federal Acquisition Regulations Council, and the Executive Branch Information Systems Security Committee, the federal government is identifying ways to improve security in agency contracts and evaluating the overall federal procurement process as it relates to security.
Country:US-1
Category: []
Subcategory: []
Sentence: Agencies maintenance of security for outsourced operations was cited as one of the key weaknesses identified in OMBs February 2002 security report to Congress.
Country:US-1
Category: []
Subcategory: []
Sentence: Additionally, the federal government will be conducting a comprehensive review of the National Information Assurance Partnership (NIAP), to determine the extent to which it is adequately addressing the continuing problem of security flaws in commercial software products.
Country:US-1
Category: []
Subcategory: []
Sentence: This review will include lessons learned from implementation of the Defense Departments July 2002 policy requiring the acquisition of products reviewed under the NIAP or similar evaluation processes.
Country:US-1
Category: [u'cooperation']
Subcategory: [u'intra-state cooperation']
Sentence: (A/R 4-4) Department of Defense (DOD) policy stipulates that if an evaluated product of the type being sought is available for use, then the DOD component must procure the evaluated product.
Country:US-1
Category: [u'technical measures']
Subcategory: [u'certification']
Sentence: Develop Specific Criteria for Independent Security Reviews and Reviewers and Certification With the growing emphasis on security comes the corresponding need for expert independent verification and validation of agency security programs and practices.
Country:US-1
Category: [u'technical measures', u'capacity building']
Subcategory: [u'certification', u'professional certification']
Sentence: FISMA and OMBs implementing guidance require that agencies program officials and CIOs review at least annually the status of their programs.
Country:US-1
Category: [u'technical measures', u'organization measures', u'capacity building']
Subcategory: [u'standards', u'responsible agency', u'national benchmarking', u'standardisation development', u'manpower development']
Sentence: Few agencies have available personnel resources to conduct such reviews, and thus they frequently contract for such services.
Country:US-1
Category: [u'technical measures', u'organization measures', u'capacity building']
Subcategory: [u'cirt', u'national benchmarking', u'manpower development', u'professional certification']
Sentence: Agencies and OMB have found that contractor security expertise varies widely from the truly expert to less than acceptable.
Country:US-1
Category: []
Subcategory: []
Sentence: Moreover, many independent verification and validation contractors are also in the business of providing security program implementation services; thus, their program reviews may be biased toward their preferred way of implementing security.
Country:US-1
Category: [u'technical measures', u'organization measures']
Subcategory: [u'standards', u'responsible agency']
Sentence: The federal government will explore whether private sector security service providers to the federal government should be certified as meeting certain minimum capabilities, including the extent to which they are adequately independent.
Country:US-1
Category: []
Subcategory: []
Sentence: (A/R 4-5) C. STATE AND LOCAL GOVERNMENTS American democracy is rooted in the precepts of federalisma system of government in which power is allocated between federal and state governments.
Country:US-1
Category: [u'organization measures', u'capacity building']
Subcategory: [u'roadmap for governance', u'agency certification']
Sentence: This structure of overlapping T H E N A T I O N A L S T R A T E G Y T O S E C U R E C Y B E R S P A C E 47 P R I O R I T Y federal, state, and local governance has more than 87,000 different jurisdictions and provides unique opportunity and challenges for cyberspace security efforts.
Country:US-1
Category: [u'organization measures', u'capacity building', u'cooperation']
Subcategory: [u'national benchmarking', u'manpower development', u'intra-state cooperation']
Sentence: State and local governments, like the federal government, operate large, interconnected information systems upon which critical government services depend.
Country:US-1
Category: [u'technical measures', u'organization measures']
Subcategory: [u'cirt', u'policy']
Sentence: States provide services that make up the public safety net for millions of Americans and their families.
Country:US-1
Category: [u'capacity building', u'cooperation']
Subcategory: [u'manpower development', u'intra-agency cooperation', u'public sector partnership']
Sentence: Services include essential social support activities as well as critical public safety functions, such as law enforcement and emergency response services.
Country:US-1
Category: [u'capacity building', u'cooperation']
Subcategory: [u'manpower development', u'intra-agency cooperation', u'public sector partnership']
Sentence: States also own and operate critical infrastructure systems, such as electric power and transmission, transportation, and water systems.
Country:US-1
Category: [u'technical measures', u'organization measures']
Subcategory: [u'cirt', u'policy']
Sentence: They play a catalytic role in bringing together the different stakeholders that deliver critical services within their state to prepare for, respond to, manage, and recover from a crisis.
Country:US-1
Category: []
Subcategory: []
Sentence: Delivering critical services unique to their roles and responsibilities within our federalist system makes state government a critical infrastructure sector in its own right.
Country:US-1
Category: [u'legal measures', u'child online protection']
Subcategory: [u'regulation and compliance', u'un convention and protocol']
Sentence: Many of these critical functions carried out by states are inexorably tied to ITincluding making payments to welfare recipients, supporting law enforcement with electronic access to criminal records, and operating stateowned utility and transportation services.
Country:US-1
Category: [u'organization measures', u'cooperation']
Subcategory: [u'policy', u'intra-agency cooperation']
Sentence: Preventing cyber attacks and responding quickly when they do occur, ensures that these 24/7 systems remain available and in place to provide important services that the public needs and expects.
Country:US-1
Category: []
Subcategory: []
Sentence: Information technology systems I V have the potential for bringing unprecedented efficiency and responsiveness from state governments for their residents.
Country:US-1
Category: []
Subcategory: []
Sentence: Citizen confidence in the integrity of these systems and the data collected and maintained by them is essential for expanded use and capture of these potential benefits.
Country:US-1
Category: []
Subcategory: []
Sentence: With an increasing dependence on integrated systems, state, local, and federal agencies have to collectively combat cyber attacks.
Country:US-1
Category: [u'legal measures', u'child online protection', u'technical measures', u'organization measures', u'capacity building']
Subcategory: [u'regulation and compliance', u'national legislation', u'certification', u'responsible agency', u'agency certification']
Sentence: Sharing information to protect systems is an important foundation for ensuring government continuity.
Country:US-1
Category: []
Subcategory: []
Sentence: States have adopted several mechanisms to facilitate the sharing of information on cyber attacks and in reporting incidents.
Country:US-1
Category: [u'cooperation']
Subcategory: [u'intra-state cooperation', u'intra-agency cooperation', u'public sector partnership']
Sentence: These mechanisms are continually modified and improved as new policy emerges and as technological solutions become available.
Country:US-1
Category: []
Subcategory: []
Sentence: In addition, states are exploring options for improving information sharing both internally and externally.
Country:US-1
Category: [u'child online protection']
Subcategory: [u'un convention and protocol']
Sentence: These options include enacting legislation that provides additional funding and training for cybersecurity and forming partnerships across state, local, and federal governments to manage cyber threats.
Country:US-1
Category: [u'capacity building', u'child online protection']
Subcategory: [u'standardisation development', u'un convention and protocol']
Sentence: DHS will Work with State and Local Governments and Encourage them to Consider Establishing IT Security Programs and to Participate in ISACs with Similar Governments State and local governments are encouraged to establish IT security programs for their departments and agencies, including awareness, audits, and standards; and to participate in the established ISACs with similar governments.
Country:US-1
Category: [u'organization measures', u'capacity building']
Subcategory: [u'roadmap for governance', u'agency certification']
Sentence: (A/R 4-6) 48 T H E N A T I O N A L S T R A T E G Y T O S E C U R E C Y B E R S P A C E P R I O R I T Y V Priority V: National Security and International Cyberspace Security Cooperation Americas cyberspace is linked to that of the rest of the world.
Country:US-1
Category: []
Subcategory: []
Sentence: Attacks cross borders at light speed.
Country:US-1
Category: []
Subcategory: []
Sentence: Distinguishing between malicious activity originating from criminals, nation state actors, and terrorists in real time is difficult.
Country:US-1
Category: [u'cooperation']
Subcategory: [u'international cooperation']
Sentence: This requires America to be prepared to defend critical networks and respond to attacks in each case.
Country:US-1
Category: []
Subcategory: []
Sentence: Systems supporting this countrys critical national defense and the intelligence community must be secure, reliable, and resilientable to withstand attack regardless of the origin of attack.
Country:US-1
Category: [u'capacity building', u'cooperation']
Subcategory: [u'standardisation development', u'intra-state cooperation']
Sentence: America must also be prepared to respond as appropriate to attacks against its critical infrastructure.
Country:US-1
Category: []
Subcategory: []
Sentence: At the same time, America must be ready to lead global efforts, working with governments and industry alike, to secure cyberspace that is vital to the operation of the worlds economy and markets.
Country:US-1
Category: []
Subcategory: []
Sentence: Global efforts require raising awareness, promoting stronger security standards, and aggressively investigating and prosecuting cybercrime.
Country:US-1
Category: []
Subcategory: []
Sentence: ENSURING AMERICAS NATIONAL SECURITY We face adversaries, including nation states and terrorists, who could launch cyber attacks or T H E N A T I O N A L S T R A T E G Y T O S E C U R E C Y B E R S P A C E 49 P R I O R I T Y seek to exploit our systems.
Country:US-1
Category: []
Subcategory: []
Sentence: In peacetime Americas enemies will conduct espionage against our government, university research centers, and private companies.
Country:US-1
Category: [u'technical measures', u'organization measures', u'capacity building']
Subcategory: [u'cirt', u'national benchmarking', u'manpower development', u'professional certification']
Sentence: Activities would likely include mapping U.S. information systems, identifying key targets, lacing our infrastructure with back doors and other means of access.
Country:US-1
Category: []
Subcategory: []
Sentence: In wartime or crisis, adversaries may seek to intimidate by attacking critical infrastructures and key economic functions or eroding public confidence in information systems.
Country:US-1
Category: [u'organization measures', u'cooperation']
Subcategory: [u'policy', u'intra-agency cooperation', u'public sector partnership']
Sentence: They may also attempt to slow the U.S. military response by disrupting systems of the Department of Defense (DoD), the Intelligence Community, and other government organizations as well as critical infrastructures.
Country:US-1
Category: [u'organization measures', u'capacity building']
Subcategory: [u'roadmap for governance', u'agency certification']
Sentence: America has already experienced significant national cybersecurity events.
Country:US-1
Category: []
Subcategory: []
Sentence: In 1998, attackers carried out a sophisticated, tightly orchestrated series of cyber intrusions into the computers of DoD, NASA, and government research labs.
Country:US-1
Category: [u'legal measures', u'technical measures', u'capacity building', u'cooperation', u'child online protection']
Subcategory: [u'criminal legislation', u'cirt', u'standards', u'certification', u'standardisation development', u'manpower development', u'intra-state cooperation', u'intra-agency cooperation', u'public sector partnership', u'international cooperation', u'institutional support']
Sentence: The intrusions were targeted against those organizations that conduct advanced technical research on national security, including atmospheric and oceanographic topics as well as aircraft and cockpit design.
Country:US-1
Category: [u'technical measures', u'organization measures', u'capacity building']
Subcategory: [u'cirt', u'national benchmarking', u'manpower development', u'professional certification']
Sentence: The United States must have the capability to secure and defend systems and infrastructures that are deemed national security assets, and develop the capability to quickly identify the origin of malicious activity.
Country:US-1
Category: []
Subcategory: []
Sentence: We must improve our national security posture in cyberspace to limit the ability of adversaries to conduct espionage or pressure the United States.
Country:US-1
Category: [u'technical measures', u'organization measures', u'capacity building']
Subcategory: [u'cirt', u'national benchmarking', u'manpower development', u'professional certification']
Sentence: Strengthen Counterintelligence Efforts in Cyberspace The FBI and intelligence community should ensure a strong counterintelligence posture to counter cyber-based intelligence collection against the United States government, and commercial and educational organizations.
Country:US-1
Category: [u'technical measures', u'capacity building', u'cooperation']
Subcategory: [u'cirt', u'standards', u'manpower development', u'intra-agency cooperation']
Sentence: This effort must include a deeper understanding of the capability and intent of our adversaries to use cyberspace as a means for espionage.
Country:US-1
Category: []
Subcategory: []
Sentence: Improve Attack Attribution and Prevention Capabilities The intelligence community, DoD, and the law enforcement agencies must improve the Nations ability to quickly attribute the source of threatening attacks or actions to enable timely and effective response.
Country:US-1
Category: [u'legal measures']
Subcategory: [u'criminal legislation', u'regulation and compliance']
Sentence: Consistent with the National Security Strategy, these efforts will also seek to develop capabilities to prevent attacks from reaching critical systems and infrastructures.
Country:US-1
Category: []
Subcategory: []
Sentence: Improve Coordination for Responding to Cyber Attacks within the United States National Security Community The United States must improve interagency coordination between law enforcement, national security, and defense agencies involving cyber-based attacks and espionage, ensuring that criminal matters are referred, as appropriate, among those agencies.
Country:US-1
Category: []
Subcategory: []
Sentence: The National Security Council and the Office of Homeland Security will lead a study to ensure that appropriate mechanisms are in place.
Country:US-1
Category: []
Subcategory: []
Sentence: Reserve the Right to Respond in an Appropriate Manner When a nation, terrorist group, or other adversary attacks the United States through cyberspace, the U.S. response need not be limited to criminal prosecution.
Country:US-1
Category: []
Subcategory: []
Sentence: The United States reserves the right to respond in an appropriate manner.
Country:US-1
Category: []
Subcategory: []
Sentence: The United States will be prepared for such contingencies.
Country:US-1
Category: []
Subcategory: []
Sentence: INTERNATIONAL COOPERATION The Department of State will lead federal efforts to enhance international cyberspace security cooperation.
Country:US-1
Category: [u'capacity building', u'cooperation', u'technical measures']
Subcategory: [u'manpower development', u'intra-state cooperation', u'public sector partnership', u'international cooperation', u'standards', u'professional certification', u'agency certification']
Sentence: Work through International Organizations and with Industry to Facilitate and to Promote a Global Culture of Security Americas interest in promoting global cybersecurity extends beyond our borders.
Country:US-1
Category: [u'technical measures', u'capacity building', u'cooperation', u'organization measures']
Subcategory: [u'standards', u'professional certification', u'agency certification', u'international cooperation', u'responsible agency', u'manpower development', u'public sector partnership']
Sentence: Our 50 T H E N A T I O N A L S T R A T E G Y T O S E C U R E C Y B E R S P A C E P R I O R I T Y information infrastructure is directly linked with Canada, Mexico, Europe, Asia, and South America.
Country:US-1
Category: []
Subcategory: []
Sentence: The United States and world economy increasingly depend upon global markets and multinational corporations connected via information networks.
Country:US-1
Category: []
Subcategory: []
Sentence: The vast majority of cyber attacks originates or passes through systems abroad, crosses several borders, and requires international investigative cooperation to be stopped.
Country:US-1
Category: [u'technical measures', u'organization measures', u'capacity building', u'cooperation']
Subcategory: [u'cirt', u'policy', u'manpower development', u'intra-state cooperation', u'intra-agency cooperation']
Sentence: Global networks supporting critical economic and security operations must be secure and reliable.
Country:US-1
Category: []
Subcategory: []
Sentence: Securing global cyberspace will require international cooperation to raise awareness, increase information sharing, promote security standards, and investigate and prosecute those who engage in cybercrime.
Country:US-1
Category: [u'capacity building', u'cooperation', u'technical measures', u'organization measures']
Subcategory: [u'manpower development', u'public sector partnership', u'standards', u'policy', u'standardisation development', u'professional certification', u'agency certification', u'international cooperation']
Sentence: The United States is committed to working with nations to ensure the integrity of the global information networks that support critical economic and security infrastructure.
Country:US-1
Category: []
Subcategory: []
Sentence: We are also ready to utilize government-sponsored organizations such as the Organization of Economic Cooperation and Development (OECD), G-8, the Asia Pacific Economic Cooperation forum (APEC), and the Organization of American States (OAS), and other relevant organizations to facilitate global coordination on cybersecurity.
Country:US-1
Category: [u'cooperation']
Subcategory: [u'international cooperation']
Sentence: In order to facilitate coordination with the private sector, we will also utilize such organizations as the Transatlantic Business Dialogue.
Country:US-1
Category: []
Subcategory: []
Sentence: Develop Secure Networks The United States will engage in cooperative efforts to solve technical, scientific, and policyrelated problems to assure the integrity of information networks.
Country:US-1
Category: [u'organization measures', u'capacity building']
Subcategory: [u'responsible agency', u'standardisation development']
Sentence: We will encourage the development and adoption of international technical standards and facilitate collaboration and research among the worlds best scientists and researchers.
Country:US-1
Category: [u'technical measures', u'organization measures', u'capacity building', u'cooperation']
Subcategory: [u'standards', u'policy', u'standardisation development', u'manpower development', u'public sector partnership']
Sentence: We will promote such efforts as the OECDs Guidelines for the Security of Information Systems and Networks, which strive to inculcate a culture of security across all participants in the new information society.
Country:US-1
Category: [u'organization measures', u'capacity building', u'cooperation']
Subcategory: [u'responsible agency', u'manpower development', u'public sector partnership']
Sentence: V Because most nations key information infrastructures reside in private hands, the United States will seek the participation of United States industry to engage foreign counterparts in a peer-to-peer dialogue, with the twin objectives of making an effective business case for cybersecurity, and explaining successful means for partnering with government on cybersecurity.
Country:US-1
Category: []
Subcategory: []
Sentence: The United States will work through appropriate international organizations and in partnership with industry to facilitate dialogue between foreign public and private sectors on information infrastructure protection and promote a global culture of security.
Country:US-1
Category: [u'technical measures', u'capacity building', u'cooperation']
Subcategory: [u'standards', u'certification', u'professional certification', u'agency certification', u'public sector partnership', u'international cooperation']
Sentence: Promote North American Cyberspace Security The United States will work with Canada and Mexico to make North America a Safe Cyber Zone.
Country:US-1
Category: []
Subcategory: []
Sentence: We will expand programs to identify and secure critical common networks that underpin telecommunications, energy, transportation, banking and finance systems, emergency services, food, public health, and water systems.
Country:US-1
Category: [u'legal measures', u'child online protection']
Subcategory: [u'regulation and compliance', u'un convention and protocol']
Sentence: Foster the Establishment of National and International Watch-and-Warning Networks to Detect and Prevent Cyber Attacks as they Emerge The United States will urge each nation to build on the common Y2K experience and appoint a centralized point-of-contact who can act as a liaison between domestic and global cybersecurity efforts.
Country:US-1
Category: [u'capacity building', u'cooperation']
Subcategory: [u'manpower development', u'public sector partnership']
Sentence: Establishing points of contact can greatly enhance the international coordination and resolution of cyberspace security issues.
Country:US-1
Category: [u'legal measures', u'capacity building', u'cooperation']
Subcategory: [u'regulation and compliance', u'manpower development', u'intra-state cooperation', u'public sector partnership', u'international cooperation']
Sentence: We will also encourage each nation to develop its own watchand-warning network capable of informing government agencies, the public, and other countries about impending attacks or viruses.
Country:US-1
Category: [u'organization measures', u'capacity building', u'cooperation']
Subcategory: [u'national benchmarking', u'standardisation development', u'intra-state cooperation']
Sentence: (A/R 5-7) To facilitate real-time sharing of the threat information as it comes to light, the United States will foster the establishment of an international T H E N A T I O N A L S T R A T E G Y T O S E C U R E C Y B E R S P A C E 51 P R I O R I T Y network capable of receiving, assessing, and disseminating this information globally.
Country:US-1
Category: []
Subcategory: []
Sentence: Such a network can build on the capabilities of nongovernmental institutions such as the Forum of Incident Response and Security Teams.
Country:US-1
Category: [u'cooperation', u'organization measures', u'child online protection']
Subcategory: [u'international cooperation', u'responsible agency', u'reporting mechanism']
Sentence: (A/R 5-8) The United States will encourage regional organizations, such as the APEC, EU, and OAS, to each form or designate a committee responsible for cybersecurity.
Country:US-1
Category: [u'technical measures', u'organization measures', u'capacity building', u'cooperation']
Subcategory: [u'standards', u'responsible agency', u'manpower development', u'international cooperation']
Sentence: Such committees would also benefit from establishing parallel working groups with representatives from the private sector.
Country:US-1
Category: [u'technical measures', u'organization measures', u'capacity building', u'cooperation', u'child online protection']
Subcategory: [u'standards', u'responsible agency', u'manpower development', u'intra-agency cooperation', u'international cooperation', u'institutional support']
Sentence: The United States will also encourage regional organizationssuch as the APEC, EU, and OASto establish a joint committee on cybersecurity with representatives from government and the private sector.
Country:US-1
Category: [u'technical measures', u'organization measures', u'capacity building', u'cooperation', u'child online protection']
Subcategory: [u'standards', u'responsible agency', u'manpower development', u'intra-agency cooperation', u'international cooperation', u'institutional support']
Sentence: Encourage Other Nations to Accede to the Council of Europe Convention on Cybercrime, or to Ensure that their Laws and Procedures are at Least as Comprehensive The United States will actively foster international cooperation in investigating and prosecuting cybercrime.
Country:US-1
Category: [u'technical measures', u'capacity building', u'cooperation']
Subcategory: [u'standards', u'professional certification', u'agency certification', u'international cooperation']
Sentence: The United States has V signed and supports the recently concluded Council of Europe Convention on Cybercrime, which requires countries to make cyber attacks a substantive criminal offense and to adopt procedural and mutual assistance measures to better combat cybercrime across international borders.
Country:US-1
Category: [u'legal measures', u'child online protection']
Subcategory: [u'regulation and compliance', u'national legislation', u'institutional support']
Sentence: The United States will encourage other nations to accede to the Council of Europe Convention on Cybercrime or to ensure that their laws and procedures are at least as comprehensive.
Country:US-1
Category: []
Subcategory: []
Sentence: (A/R 5-10) Ongoing multilateral efforts, such as those in the G-8, APEC, and OECD are also important.
Country:US-1
Category: []
Subcategory: []
Sentence: The United States will work to implement agreed-upon recommendations and action plans that are developed in these forums.
Country:US-1
Category: [u'organization measures']
Subcategory: [u'policy', u'roadmap for governance']
Sentence: Among these initiatives, the United States in particular will urge countries to join the 24hour, high-tech crime contact network begun within the G-8, and now expanded to the Council of Europe membership, as well as other countries.
Country:US-1
Category: []
Subcategory: []
Sentence: 52 T H E N A T I O N A L S T R A T E G Y T O S E C U R E C Y B E R S P A C E C O N C L U S I O N : T H E W A Y F O R W A R D Conclusion: The Way Forward Our reliance on cyberspace will only continue to grow in the years ahead.
Country:US-1
Category: [u'cooperation']
Subcategory: [u'international cooperation']
Sentence: Cyberspace and the networks that connect to it now support our economy and provide for our national and homeland defense.
Country:US-1
Category: []
Subcategory: []
Sentence: This national dependency must be managed with continuous efforts to secure the cyber systems that control our infrastructures.
Country:US-1
Category: []
Subcategory: []
Sentence: Securing cyberspace is a complex and evolving challenge.
Country:US-1
Category: []
Subcategory: []
Sentence: The National Strategy to Secure Cyberspace was developed in close collaboration with key sectors of the economy that rely on cyberspace, state and local governments, colleges and universities, and concerned organizations.
Country:US-1
Category: [u'technical measures', u'capacity building', u'cooperation']
Subcategory: [u'certification', u'manpower development', u'intra-state cooperation', u'intra-agency cooperation', u'public sector partnership']
Sentence: Town hall meetings were held around the country, and fifty-three clusters of key questions were published to spark public debate.
Country:US-1
Category: [u'cooperation']
Subcategory: [u'intra-state cooperation', u'international cooperation']
Sentence: In addition, a draft version of the National Strategy to Secure Cyberspace was shared with the Nation for public comment.
Country:US-1
Category: [u'legal measures', u'technical measures', u'organization measures']
Subcategory: [u'criminal legislation', u'regulation and compliance', u'certification', u'policy']
Sentence: The response has been overwhelming.
Country:US-1
Category: []
Subcategory: []
Sentence: The public-private partnerships that formed in response to the Presidents call have developed their own strategies to protect the parts of cyberspace on which they rely.
Country:US-1
Category: [u'cooperation']
Subcategory: [u'intra-state cooperation']
Sentence: This unique partnership and process was and will continue to be necessary because the majority of the countrys cyber resources are controlled by entities outside of government.
Country:US-1
Category: [u'technical measures', u'organization measures', u'capacity building', u'cooperation']
Subcategory: [u'cirt', u'policy', u'standardisation development', u'manpower development', u'intra-state cooperation', u'intra-agency cooperation', u'international cooperation']
Sentence: For the National Strategy to Secure Cyberspace to work it must be a plan in which a broad cross section of the country is both invested and committed.
Country:US-1
Category: []
Subcategory: []
Sentence: Accordingly, the dialogue about how we secure cyberspace will continue.
Country:US-1
Category: []
Subcategory: []
Sentence: T H E N A T I O N A L S T R A T E G Y T O S E C U R E C Y B E R S P A C E 53 C O N C L U S I O N : T H E The National Strategy to Secure Cyberspace identifies five national priorities that will help us achieve this ambitious goal.
Country:US-1
Category: [u'organization measures']
Subcategory: [u'roadmap for governance']
Sentence: These are: (1) a national cyberspace security response system; (2) a national cyberspace security threat and vulnerability reduction program; (3) a national cyberspace security awareness and training program; (4) securing governments cyberspace; and, (5) national security and international cyberspace security cooperation.
Country:US-1
Category: [u'legal measures', u'child online protection']
Subcategory: [u'regulation and compliance', u'un convention and protocol']
Sentence: These five priorities will serve to prevent, deter, and protect against attacks.
Country:US-1
Category: []
Subcategory: []
Sentence: In addition, they also create a process for minimizing the damage and recovering from attacks that do occur.
Country:US-1
Category: [u'technical measures', u'capacity building', u'cooperation', u'child online protection']
Subcategory: [u'standards', u'standardisation development', u'manpower development', u'public sector partnership', u'institutional support', u'reporting mechanism']
Sentence: The National Strategy to Secure Cyberspace is, however, only a first step in a long-term effort to secure our information infrastructures.
Country:US-1
Category: [u'cooperation']
Subcategory: [u'international cooperation']
Sentence: The federal executive branch will use a variety of tools to implement this Strategy.
Country:US-1
Category: []
Subcategory: []
Sentence: The Administration will work with Congress to craft future federal security budgets based on the Strategy, providing every department and agency involved in cybersecurity with resources to execute its responsibilities.
Country:US-1
Category: [u'legal measures', u'child online protection']
Subcategory: [u'regulation and compliance', u'un convention and protocol']
Sentence: Each lead department and agency will plan and program to execute the initiatives assigned by the National Strategy to Secure Cyberspace.
Country:US-1
Category: [u'legal measures', u'child online protection']
Subcategory: [u'regulation and compliance', u'un convention and protocol']
Sentence: Within the federal government DHS will play a central role in implementing the National Strategy to Secure Cyberspace.
Country:US-1
Category: [u'technical measures', u'organization measures']
Subcategory: [u'standards', u'responsible agency']
Sentence: In addition to executing its assigned initiatives, the Department would also serve as the primary federal point-of-contact for state and local governments, the private sector, and the American people on issues related to cyberspace security.
Country:US-1
Category: [u'technical measures', u'capacity building', u'cooperation', u'child online protection']
Subcategory: [u'cirt', u'standardisation development', u'manpower development', u'intra-state cooperation', u'institutional support']
Sentence: Working with the White House, the W A Y F O R W A R D Department therefore would coordinate and support implementation of non-federal tasks recommended in the National Strategy to Secure Cyberspace.
Country:US-1
Category: [u'organization measures']
Subcategory: [u'responsible agency']
Sentence: Each department and agency will also be accountable for its performance on cybersecurity efforts.
Country:US-1
Category: [u'legal measures', u'child online protection']
Subcategory: [u'regulation and compliance', u'un convention and protocol']
Sentence: The federal government will employ performance measuresand encourage the same for state and local governmentsto evaluate the effectiveness of the cybersecurity programs outlined in this Strategy.
Country:US-1
Category: [u'organization measures', u'cooperation']
Subcategory: [u'policy', u'public sector partnership']
Sentence: These performance measures will allow agencies to measure their progress, make resource allocation decisions, and adjust priorities accordingly.
Country:US-1
Category: []
Subcategory: []
Sentence: Federal, state, and local governments, as well as organizations and people all across the United States will continue to work to improve cyberspace security.
Country:US-1
Category: [u'cooperation']
Subcategory: [u'international cooperation']
Sentence: As these strategies and plans are implemented, we will begin to incrementally reduce threats and vulnerabilities.
Country:US-1
Category: []
Subcategory: []
Sentence: Cybersecurity and personal privacy need not be opposing goals.
Country:US-1
Category: []
Subcategory: []
Sentence: Cyberspace security programs must strengthen, not weaken, such protections.
Country:US-1
Category: []
Subcategory: []
Sentence: The federal government will continue to regularly meet with privacy advocates to discuss cybersecurity and the implementation of this Strategy.
Country:US-1
Category: [u'cooperation']
Subcategory: [u'international cooperation']
Sentence: For the foreseeable future, two things will be true: America will rely upon cyberspace and the federal government will seek a continuing broad partnership to develop, implement, and refine the National Strategy to Secure Cyberspace.
Country:US-1
Category: []
Subcategory: []
Sentence: 54 T H E N A T I O N A L S T R A T E G Y T O S E C U R E C Y B E R S P A C E A P P E N D I X Actions and Recommendations (A/R) Summary Priority I: A National Cyberspace Security Response System A/R 1-1: DHS will create a single point-ofcontact for the federal governments interaction with industry and other partners for 24 x7 functions, including cyberspace analysis, warning, information sharing, major incident response, and national-level recovery efforts.
Country:US-1
Category: [u'technical measures', u'capacity building', u'cooperation', u'child online protection']
Subcategory: [u'standards', u'standardisation development', u'manpower development', u'public sector partnership', u'institutional support', u'reporting mechanism']
Sentence: Private sector organizations, which have major contributions for those functions, are encouraged to coordinate activities, as permitted by law, in order to provide a synoptic view of the health of cyberspace on a 24 x 7 basis.
Country:US-1
Category: [u'organization measures']
Subcategory: [u'responsible agency']
Sentence: A/R 1-2: As outlined in the 2003 budget, the federal government will complete the installation of CWIN to key government cybersecurity-related network operation centers, to disseminate analysis and warning information and perform crisis coordination.
Country:US-1
Category: [u'technical measures', u'organization measures', u'capacity building', u'cooperation']
Subcategory: [u'cirt', u'national benchmarking', u'manpower development', u'intra-agency cooperation', u'public sector partnership']
Sentence: The federal government will also explore linking the ISACs to CWIN.
Country:US-1
Category: []
Subcategory: []
Sentence: A/R 1-3: To test civilian agencies security preparedness and contingency planning, DHS will use exercises to evaluate the impact of cyber attacks on governmentwide processes.
Country:US-1
Category: []
Subcategory: []
Sentence: Weaknesses discovered will be included in agency corrective action plans and submitted to the OMB.
Country:US-1
Category: [u'organization measures']
Subcategory: [u'policy', u'roadmap for governance']
Sentence: DHS also will explore such exercises as a way to test the coordination of public and private incident management, response and recovery capabilities.
Country:US-1
Category: [u'legal measures', u'organization measures', u'child online protection']
Subcategory: [u'regulation and compliance', u'responsible agency', u'un convention and protocol']
Sentence: A/R 1-4: Corporations are encouraged to regularly review and exercise IT continuity plans and to consider diversity in IT service providers as a way of mitigating risk.
Country:US-1
Category: []
Subcategory: []
Sentence: A/R 1-5: Infrastructure sectors are encouraged to establish mutual assistance programs for cybersecurity emergencies.
Country:US-1
Category: []
Subcategory: []
Sentence: DoJ and the Federal Trade Commission should work with the sectors to address barriers to such cooperation, as appropriate.
Country:US-1
Category: []
Subcategory: []
Sentence: In addition, DHSs Information Analysis and Infrastructure Protection Directorate will coordinate the development and regular update of voluntary joint government-industry cybersecurity contingency plans, including a plan for recovering Internet functions.
Country:US-1
Category: [u'organization measures']
Subcategory: [u'responsible agency']
Sentence: A/R 1-6: DHS will raise awareness about the removal of impediments to information sharing about cybersecurity and infrastructure vulnerabilities between the public and private sectors.
Country:US-1
Category: [u'capacity building']
Subcategory: [u'manpower development']
Sentence: The Department will also establish an infrastructure protection program office to manage the information flow, including the development of protocols for how to care for voluntarily submitted critical infrastructure information.
Country:US-1
Category: [u'child online protection']
Subcategory: [u'un convention and protocol']
Sentence: A/R 1-7: Corporations are encouraged to consider active involvement in industrywide programs to share information on IT security, including the potential benefits of joining an appropriate ISAC.
Country:US-1
Category: [u'technical measures', u'capacity building', u'cooperation']
Subcategory: [u'cirt', u'manpower development', u'international cooperation']
Sentence: Colleges and universities are encouraged to consider establishing: (1) one or more ISACs to deal with cyber attacks and vulnerabilities; and, (2) an on-call point-ofcontact to Internet service providers and law enforcement officials in the event that the schools IT systems are discovered to be launching cyber attacks.
Country:US-1
Category: []
Subcategory: []
Sentence: T H E N A T I O N A L S T R A T E G Y T O S E C U R E C Y B E R S P A C E 55 A P P E N D I X Priority II: A National Cyberspace Security Threat and Vulnerability Reduction Program A/R 2-1: DoJ and other appropriate agencies will develop and implement efforts to reduce cyber attacks and cyber threats through the following means: (1) identifying ways to improve information sharing and investigative coordination within the federal, state, and local law enforcement community working on critical infrastructure and cyberspace security matters, and with other agencies and the private sector; (2) exploring means to provide sufficient investigative and forensic resources and training to facilitate expeditious investigation and resolution of critical infrastructure incidents; and, (3) developing better data about victims of cybercrime and intrusions in order to understand the scope of the problem and be able to track changes over time.
Country:US-1
Category: [u'legal measures', u'technical measures', u'organization measures', u'capacity building', u'child online protection']
Subcategory: [u'regulation and compliance', u'certification', u'responsible agency', u'agency certification', u'un convention and protocol']
Sentence: A/R 2-2: DHS, in coordination with appropriate agencies and the private sector, will lead in the development and conduct of a national threat assessment including red teaming, blue teaming, and other methods to identify the impact of possible attacks on a variety of targets.
Country:US-1
Category: [u'technical measures', u'organization measures', u'capacity building']
Subcategory: [u'cirt', u'national benchmarking', u'manpower development', u'professional certification']
Sentence: A/R 2-3: The Department of Commerce will form a task force to examine the issues related to IPv6, including the appropriate role of government, international interoperability, security in transition, and costs and benefits.
Country:US-1
Category: [u'legal measures', u'organization measures', u'capacity building', u'cooperation']
Subcategory: [u'regulation and compliance', u'policy', u'responsible agency', u'manpower development', u'intra-agency cooperation']
Sentence: The task force will solicit input from potentially impacted industry segments.
Country:US-1
Category: [u'organization measures', u'capacity building', u'cooperation']
Subcategory: [u'policy', u'responsible agency', u'manpower development', u'intra-agency cooperation']
Sentence: A/R 2-4: DHS, in coordination with the Commerce Department and appropriate agencies, will coordinate public-private partnerships to encourage: (1) the adoption of improved security protocols; (2) the development of more secure router technology; and, (3) the adoption by ISPs of a code of good conduct, including cybersecurity practices and security related cooperation.
Country:US-1
Category: [u'legal measures', u'technical measures', u'organization measures', u'capacity building', u'cooperation']
Subcategory: [u'regulation and compliance', u'standards', u'policy', u'responsible agency', u'manpower development', u'public sector partnership', u'intra-state cooperation']
Sentence: DHS will support these efforts as required for their success, subject to other budget considerations.
Country:US-1
Category: []
Subcategory: []
Sentence: A/R 2-5: DHS, in coordination with DOE and other concerned agencies and in partnership with industry, will develop best practices and new technology to increase security of DCS/SCADA, to determine the most critical DCS/SCADA-related sites, and to develop a prioritized plan for short-term cybersecurity improvements in those sites.
Country:US-1
Category: [u'organization measures', u'capacity building', u'cooperation']
Subcategory: [u'policy', u'manpower development', u'intra-state cooperation', u'intra-agency cooperation']
Sentence: A/R 2-6: DHS will work with the National Infrastructure Advisory Council and private sector organizations to develop an optimal approach and mechanism for vulnerability disclosure.
Country:US-1
Category: [u'technical measures', u'cooperation']
Subcategory: [u'certification', u'public sector partnership']
Sentence: A/R 2-7: GSA will work with DHS on an improved approach to implementing a patch clearinghouse for the federal government.
Country:US-1
Category: [u'technical measures', u'organization measures']
Subcategory: [u'standards', u'responsible agency']
Sentence: DHS will also share lessons learned with the private sector and encourage the development of a voluntary, industry-led, national effort to develop a similar clearinghouse for other sectors including large enterprises.
Country:US-1
Category: [u'cooperation', u'technical measures', u'capacity building']
Subcategory: [u'intra-state cooperation', u'certification', u'public sector partnership', u'standardisation development', u'manpower development']
Sentence: A/R 2-8: The software industry is encouraged to consider promoting more secure out-of-thebox installation and implementation of their products, including increasing: (1) user awareness of the security features in products; (2) ease-of-use for security functions; and, (3) where feasible, promotion of industry guidelines and best practices that support such efforts.
Country:US-1
Category: [u'capacity building']
Subcategory: [u'manpower development']
Sentence: A/R 2-9: DHS will establish and lead a publicprivate partnership to identify cross-sectoral interdependencies both cyber and physical.
Country:US-1
Category: []
Subcategory: []
Sentence: The partnership will develop plans to reduce related vulnerabilities in conjunction with programs proposed in the National Strategy for Homeland Security.
Country:US-1
Category: []
Subcategory: []
Sentence: The National Infrastructure Simulation and Analysis Center in DHS will support these efforts by developing models to identify the impact of cyber and physical interdependencies.
Country:US-1
Category: []
Subcategory: []
Sentence: 56 T H E N A T I O N A L S T R A T E G Y T O S E C U R E C Y B E R S P A C E A P P E N D I X A/R 2-10: DHS also will support, when requested and as appropriate, voluntary efforts by owners and operators of information system networks and network data centers to develop remediation and contingency plans to reduce the consequences of large-scale physical damage to facilities supporting such networks, and to develop appropriate procedures for limiting access to critical facilities.
Country:US-1
Category: [u'legal measures', u'technical measures', u'organization measures', u'capacity building', u'child online protection']
Subcategory: [u'regulation and compliance', u'cirt', u'policy', u'roadmap for governance', u'manpower development', u'un convention and protocol']
Sentence: A/R 2-11: To meet these needs, the Director of OSTP will coordinate the development, and update on an annual basis a federal government research and development agenda that includes near-term (1-3 years), mid-term (3-5 years), and later (5 years out and longer) IT security research for Fiscal Year 2004 and beyond.
Country:US-1
Category: [u'organization measures', u'legal measures', u'capacity building', u'child online protection']
Subcategory: [u'responsible agency', u'regulation and compliance', u'standardisation development', u'un convention and protocol']
Sentence: Existing priorities include, among others, intrusion detection, Internet infrastructure security (including protocols such as BGP and DNS), application security, DoS, communications security (including SCADA system encryption and authentication), high-assurance systems, and secure system composition.
Country:US-1
Category: [u'technical measures', u'child online protection']
Subcategory: [u'standards', u'un convention and protocol', u'reporting mechanism']
Sentence: A/R 2-12: To optimize research efforts relative to those of the private sector, DHS will ensure that adequate mechanisms exist for coordination of research and development among academia, industry and government, and will develop new mechanisms where needed.
Country:US-1
Category: [u'legal measures', u'capacity building', u'child online protection']
Subcategory: [u'regulation and compliance', u'standardisation development', u'un convention and protocol']
Sentence: A/R 2-13: The private sector is encouraged to consider including in near-term research and development priorities, programs for highly secure and trustworthy operating systems.
Country:US-1
Category: [u'legal measures', u'capacity building', u'cooperation', u'child online protection']
Subcategory: [u'regulation and compliance', u'standardisation development', u'manpower development', u'public sector partnership', u'un convention and protocol']
Sentence: If such systems are developed and successfully evaluated, the federal government will, subject to budget considerations, accelerate procurement of such systems.
Country:US-1
Category: []
Subcategory: []
Sentence: A/R 2-14: DHS will facilitate a national public-private effort to promulgate best practices and methodologies that promote integrity, security, and reliability in software code development, including processes and procedures that diminish the possibilities of erroneous code, malicious code, or trap doors that could be introduced during development.
Country:US-1
Category: []
Subcategory: []
Sentence: A/R 2-15: DHS, in coordination with OSTP and other agencies, as appropriate, will facilitate communication between the public and private research and the security communities, to ensure that emerging technologies are periodically reviewed by the appropriate body within the National Science and Technology Council, in the context of possible homeland and cyberspace security implications, and relevance to the federal research agenda.
Country:US-1
Category: [u'cooperation', u'legal measures', u'child online protection']
Subcategory: [u'international cooperation', u'regulation and compliance', u'un convention and protocol']
Sentence: Priority III: A National Cyberspace Security Awareness and Training Program A/R 3-1: DHS, working in coordination with appropriate federal, state, and local entities and private sector organizations, will facilitate a comprehensive awareness campaign including audience-specific awareness materials, expansion of the StaySafeOnline campaign, and development of awards programs for those in industry making significant contributions to security.
Country:US-1
Category: [u'capacity building']
Subcategory: [u'manpower development', u'professional certification']
Sentence: A/R 3-2: DHS, in coordination with the Department of Education, will encourage and support, where appropriate subject to budget considerations, state, local, and private organizations in the development of programs and guidelines for primary and secondary school students in cybersecurity.
Country:US-1
Category: [u'capacity building']
Subcategory: [u'manpower development']
Sentence: A/R 3-3: Home users and small businesses can help the Nation secure cyberspace by securing their own connections to it.
Country:US-1
Category: [u'legal measures', u'cooperation']
Subcategory: [u'criminal legislation', u'international cooperation', u'intra-state cooperation', u'intra-agency cooperation']
Sentence: Installing firewall software and updating it regularly, maintaining current antivirus software, and regularly updating operating systems and major applications with security enhancements are actions that individuals and enterprise operators can take to help secure cyberspace.
Country:US-1
Category: []
Subcategory: []
Sentence: To facilitate such actions, DHS will create a public-private task force of private companies, organizations, and consumer users groups to identify ways that T H E N A T I O N A L S T R A T E G Y T O S E C U R E C Y B E R S P A C E 57 A P P E N D I X providers of information technology products and services, and other organizations can make it easier for home users and small businesses to secure their systems.
Country:US-1
Category: [u'technical measures', u'capacity building', u'cooperation', u'child online protection', u'organization measures']
Subcategory: [u'standards', u'standardisation development', u'manpower development', u'public sector partnership', u'institutional support', u'reporting mechanism', u'policy', u'responsible agency', u'intra-state cooperation', u'intra-agency cooperation']
Sentence: A/R 3-4: Large enterprises are encouraged to evaluate the security of their networks that impact the security of the Nations critical infrastructures.
Country:US-1
Category: [u'legal measures', u'technical measures', u'capacity building']
Subcategory: [u'regulation and compliance', u'cirt', u'manpower development']
Sentence: Such evaluations might include: (1) conducting audits to ensure effectiveness and use of best practices; (2) developing continuity plans which consider offsite staff and equipment; and, (3) participating in industrywide information sharing and best practices dissemination.
Country:US-1
Category: [u'organization measures', u'cooperation']
Subcategory: [u'policy', u'public sector partnership']
Sentence: A/R 3-5: Colleges and universities are encouraged to secure their cyber systems by establishing some or all of the following as appropriate: (1) one or more ISACs to deal with cyber attacks and vulnerabilities; (2) model guidelines empowering Chief Information Officers (CIOs) to address cybersecurity; (3) one or more sets of best practices for IT security; and, (4) model user awareness programs and materials.
Country:US-1
Category: [u'organization measures', u'cooperation']
Subcategory: [u'responsible agency', u'intra-agency cooperation']
Sentence: A/R 3-6: A public-private partnership should continue work in helping to secure the Nations cyber infrastructure through participation in, as appropriate and feasible, a technology and R&D gap analysis to provide input into the federal cybersecurity research agenda, coordination on the conduct of associated research, and the development and dissemination of best practices for cybersecurity.
Country:US-1
Category: [u'technical measures', u'organization measures', u'capacity building', u'cooperation']
Subcategory: [u'cirt', u'national benchmarking', u'manpower development', u'professional certification', u'international cooperation', u'standardisation development', u'intra-state cooperation']
Sentence: A/R 3-7: DHS will implement and encourage the establishment of programs to advance the training of cybersecurity professionals in the United States, including coordination with NSF, OPM, and NSA, to identify ways to leverage the existing Cyber Corps Scholarship for Service program as well as the various graduate, postdoctoral, senior researcher, and faculty development fellowship and traineeship programs created by the Cyber Security Research and Development Act, to address these important training and education workforce issues.
Country:US-1
Category: [u'capacity building', u'legal measures', u'child online protection']
Subcategory: [u'manpower development', u'regulation and compliance', u'standardisation development', u'un convention and protocol']
Sentence: A/R 3-8: DHS, in coordination with other agencies with cybersecurity training expertise, will develop a coordination mechanism linking federal cybersecurity and computer forensics training programs.
Country:US-1
Category: [u'technical measures', u'organization measures', u'capacity building']
Subcategory: [u'certification', u'responsible agency', u'agency certification']
Sentence: A/R 3-9: DHS will encourage efforts that are needed to build foundations for the development of security certification programs that will be broadly accepted by the public and private sectors.
Country:US-1
Category: [u'technical measures', u'capacity building', u'child online protection']
Subcategory: [u'certification', u'manpower development', u'professional certification', u'reporting mechanism']
Sentence: DHS and other federal agencies can aid these efforts by effectively articulating the needs of the Federal IT security community.
Country:US-1
Category: [u'technical measures', u'organization measures', u'capacity building']
Subcategory: [u'certification', u'responsible agency', u'agency certification']
Sentence: Priority IV: Securing Governments Cyberspace A/R 4-1: Federal agencies will continue to expand the use of automated, enterprise-wide security assessment and security policy enforcement tools and actively deploy threat management tools to deter attacks.
Country:US-1
Category: [u'cooperation', u'technical measures', u'organization measures', u'capacity building']
Subcategory: [u'public sector partnership', u'international cooperation', u'certification', u'responsible agency', u'agency certification']
Sentence: The federal government will determine whether specific actions are necessary (e.g., through the policy or budget processes) to promote the greater use of these tools.
Country:US-1
Category: [u'technical measures']
Subcategory: [u'standards', u'certification']
Sentence: A/R 4-2: Through the ongoing EAuthentication initiative, the federal government will review the need for stronger access control and authentication; explore the extent to which all departments can employ the same physical and logical access control tools and authentication mechanisms; and, consequently, further promote consistency and interoperability.
Country:US-1
Category: [u'cooperation']
Subcategory: [u'international cooperation']
Sentence: A/R 4-3: Federal agencies should consider installing systems that continuously check for unauthorized connections to their networks.
Country:US-1
Category: [u'legal measures', u'cooperation', u'technical measures', u'organization measures', u'capacity building']
Subcategory: [u'criminal legislation', u'international cooperation', u'certification', u'responsible agency', u'agency certification']
Sentence: Agency policy and procedures should reflect careful consideration of additional risk reduction measures, including the use of strong encryption, bi-directional authentication, shielding standards and other technical security 58 T H E N A T I O N A L S T R A T E G Y T O S E C U R E C Y B E R S P A C E A P P E N D I X considerations, configuration management, intrusion detection, incident handling, and computer security awareness and training programs.
Country:US-1
Category: [u'technical measures']
Subcategory: [u'standards']
Sentence: A/R 4-4: Additionally, the federal government will be conducting a comprehensive review of the National Information Assurance Partnership (NIAP), to determine the extent to which it is adequately addressing the continuing problem of security flaws in commercial software products.
Country:US-1
Category: []
Subcategory: []
Sentence: This review will include lessons-learned from implementation of the Defense Departments July 2002 policy requiring the acquisition of products reviewed under the NIAP or similar evaluation processes.
Country:US-1
Category: []
Subcategory: []
Sentence: A/R 4-5: The federal government will explore whether private sector security service providers to the federal government should be certified as meeting certain minimum capabilities, including the extent to which they are adequately independent.
Country:US-1
Category: []
Subcategory: []
Sentence: A/R 4-6: State and local governments are encouraged to establish IT security programs for their departments and agencies, including awareness, audits, and standards; and to participate in the established ISACs with similar governments.
Country:US-1
Category: [u'organization measures', u'capacity building']
Subcategory: [u'roadmap for governance', u'agency certification']
Sentence: Priority V: National Security and International Cyberspace Security Cooperation A/R 5-1: The FBI and intelligence community should ensure a strong counterintelligence posture to counter cyber-based intelligence collection against the U.S. Government, and commercial and educational organizations.
Country:US-1
Category: [u'technical measures', u'capacity building', u'cooperation']
Subcategory: [u'cirt', u'standards', u'manpower development', u'intra-agency cooperation']
Sentence: This effort must include a deeper understanding of the capability and intent of our adversaries to use cyberspace as a means for espionage.
Country:US-1
Category: []
Subcategory: []
Sentence: A/R 5-2: The intelligence community, DoD, and the law enforcement agencies must improve the Nations ability to quickly attribute the source of threatening attacks or actions to enable timely and effective response.
Country:US-1
Category: [u'legal measures']
Subcategory: [u'criminal legislation', u'regulation and compliance']
Sentence: Consistent with the National Security Strategy, these efforts will also seek to develop capabilities to prevent attacks from reaching critical systems and infrastructures.
Country:US-1
Category: []
Subcategory: []
Sentence: A/R 5-3: The United States must improve interagency coordination between law enforcement, national security, and defense agencies involving cyber-based attacks and espionage, ensuring that criminal matters are referred, as appropriate, among those agencies.
Country:US-1
Category: []
Subcategory: []
Sentence: The National Security Council and the Office of Homeland Security will lead a study to ensure that appropriate mechanisms are in place.
Country:US-1
Category: []
Subcategory: []
Sentence: A/R 5-4: When a nation, terrorist group, or other adversary attacks the United States through cyberspace, the U.S. response need not be limited to criminal prosecution.
Country:US-1
Category: []
Subcategory: []
Sentence: The United States reserves the right to respond in an appropriate manner.
Country:US-1
Category: []
Subcategory: []
Sentence: The United States will be prepared for such contingencies.
Country:US-1
Category: []
Subcategory: []
Sentence: A/R 5-5: The United States will work through appropriate international organizations and in partnership with industry to facilitate dialogue between foreign public and private sectors on information infrastructure protection and promote a global culture of security.
Country:US-1
Category: [u'technical measures', u'capacity building', u'cooperation']
Subcategory: [u'standards', u'certification', u'professional certification', u'agency certification', u'public sector partnership', u'international cooperation']
Sentence: A/R 5-6: The United States will work with Canada and Mexico to make North America a Safe Cyber Zone.
Country:US-1
Category: []
Subcategory: []
Sentence: We will expand programs to identify and secure critical common networks that underpin telecommunications, energy, transportation, banking and finance systems, emergency services, food, public health, and water systems.
Country:US-1
Category: [u'legal measures', u'child online protection']
Subcategory: [u'regulation and compliance', u'un convention and protocol']
Sentence: A/R 5-7: The United States will urge each nation to build on the common Y2K experience and appoint a centralized point-of-contact who can act as a liaison between domestic and global cybersecurity efforts.
Country:US-1
Category: [u'capacity building', u'cooperation']
Subcategory: [u'manpower development', u'public sector partnership']
Sentence: Establishing points of contact can greatly enhance the international coordination and resolution of cyberspace T H E N AT I O N A L S T R AT E G Y T O S E C U R E C Y B E R S PA C E 59 A P P E N D I X security issues.
Country:US-1
Category: [u'legal measures', u'capacity building', u'cooperation']
Subcategory: [u'regulation and compliance', u'manpower development', u'intra-state cooperation', u'public sector partnership', u'international cooperation']
Sentence: We will also encourage each nation to develop its own watch-and-warning network capable of informing government agencies, the public, and other countries about impending attacks or viruses.
Country:US-1
Category: [u'organization measures', u'capacity building', u'cooperation']
Subcategory: [u'national benchmarking', u'standardisation development', u'intra-state cooperation']
Sentence: A/R 5-8: To facilitate real-time sharing of the threat information as it comes to light; the United States will foster the establishment of an international network capable of receiving, assessing, and disseminating this information globally.
Country:US-1
Category: []
Subcategory: []
Sentence: Such a network can build on the capabilities of nongovernmental institutions such as the Forum of Incident Response and Security Teams.
Country:US-1
Category: [u'cooperation', u'organization measures', u'child online protection']
Subcategory: [u'international cooperation', u'responsible agency', u'reporting mechanism']
Sentence: A/R 5-9: The United States will encourage regional organizations, such as the APEC, EU, and OAS, to each form or designate a committee responsible for cybersecurity.
Country:US-1
Category: [u'technical measures', u'organization measures', u'capacity building', u'cooperation']
Subcategory: [u'standards', u'responsible agency', u'manpower development', u'international cooperation']
Sentence: Such committees would also benefit from establishing parallel working groups with representatives from the private sector.
Country:US-1
Category: [u'technical measures', u'organization measures', u'capacity building', u'cooperation', u'child online protection']
Subcategory: [u'standards', u'responsible agency', u'manpower development', u'intra-agency cooperation', u'international cooperation', u'institutional support']
Sentence: The United States will also encourage regional organizationssuch as the APEC, EU, and OASto establish a joint committee on cybersecurity with representatives from government and the private sector.
Country:US-1
Category: [u'technical measures', u'organization measures', u'capacity building', u'cooperation', u'child online protection']
Subcategory: [u'standards', u'responsible agency', u'manpower development', u'intra-agency cooperation', u'international cooperation', u'institutional support']
Sentence: A/R 5-10: The United States will encourage other nations to accede to the Council of Europe Convention on Cybercrime or to ensure that their laws and procedures are at least as comprehensive.
Country:US-1
Category: []
Subcategory: []
Sentence: 60 T H E N A T I O N A L S T R A T E G Y T O S E C U R E C Y B E R S P A C E 0 1 0 1 0 111 0 1 0 1 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 0 0 1 0 1 0 1 0 0 1 0 1 0 111 0 1 0 1 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 0 0 1 0 1 0 1 0 0 1 0 1 0 111 0 1 0 1 0 1 0 111 0 1 0 1 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 0 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 0 0 1 0 1 0 1 0 0 0 1 0 1 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 0 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 11 0 1 0 111 0 1 0 1 0 1 0 0 0 1 0 1 0 1 0 0 1 0 1 0 111 0 1 0 1 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 0 0 1 0 1 0 1 0 0 1 0 1 0 111 0 1 0 1 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 0 0 1 0 1 0 1 0 0 1 0 1 0 111 0 1 0 1 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 0 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 0 0 1 0 1 0 1 0 0 0 1 0 1 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 0 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 1 0 1 0 1 0 0 0 1 0 1 0 111 0 1 0 1 0 1111 0 0 0 11 1111 0 0 0 111 0 1 0 1 0 0 1 0 1 0 111 0 1 0 1 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 0 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 0 0 1 0 1 0 1 0 0 0 1 0 1 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 0 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 1 0 1 0 1 0 0 0 11 0 1 0 1 0 0 1 0 111 0 1 0 1 0 1 0 11 0 1 0 1 0 1 0 0 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 1 0 1 0 1 0 0 0 11 0 1 0 1 0 1 0 11 0 1 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 111 0 1 0 1 0 111 0 1 0 11 0 1 0 1 0 1 0 1 0 1 0 0 1 0 0 0 111 0 1 0 1 0 0 1 0 1 0 111 0 1 0 1 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 0 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 0 0 1 0 1 0 1 0 0 0 1 0 1 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 0 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 1 0 1 0 1 0 0 0 11 0 1 0 1 0 0 1 0 111 0 1 0 1 0 1 0 11 0 1 0 1 0 1 0 0 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 1 0 1 0 1 0 0 0 11 0 1 0 1 0 1 0 11 0 1 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 111 0 1 0 1 0 111 0 1 0 11 0 1 0 0 0 1 0 1 0 1 0 0 1 0 1 0 111 0 1 0 1 0 1 0 111 0 1 0 1 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 0 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 0 0 1 0 1 0 1 0 0 0 1 0 1 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 0 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 11 0 1 0 111 0 1 0 1 0 1 0 0 0 1 0 1 0 1 0 0 1 0 1 0 111 0 1 0 1 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 0 0 1 0 1 0 1 0 0 1 0 1 0 111 0 1 0 1 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 0 0 1 0 1 0 1 0 0 1 0 1 0 111 0 1 0 1 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 0 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 0 0 1 0 1 0 1 0 0 0 1 0 1 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 0 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 1 0 1 0 1 0 0 0 1 0 1 0 111 0 1 0 1 0 1111 0 0 0 11 1 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 0 0 1 0 1 0 1 0 0 1 0 1 0 111 0 1 0 1 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 0 0 1 0 1 0 1 0 0 1 0 1 0 111 0 1 0 1 0 1111 0 0 0 111 0 1 0 1 0 0 1 0 1 0 111 0 1 0 1 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 0 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 0 0 1 0 1 0 1 0 0 0 1 0 1 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 0 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 1 0 1 0 1 0 0 0 11 0 1 0 1 0 0 1 0 111 0 1 0 1 0 1 0 11 0 1 0 1 0 1 0 0 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 1 0 1 0 1 0 0 0 11 0 1 0 1 0 1 0 11 0 1 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 111 0 1 0 1 0 111 0 1 0 11 0 1 0 1 0 1 0 1 0 1 0 0 1 0 0 0 111 0 1 0 1 0 0 1 0 1 0 111 0 1 0 1 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 0 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 0 0 1 0 1 0 1 0 0 0 1 0 1 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 0 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 1 0 1 0 1 0 0 0 11 0 1 0 1 0 0 1 0 111 0 1 0 1 0 1 0 11 0 1 0 1 0 1 0 0 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 1 0 1 0 1 0 0 0 11 0 1 0 1 0 1 0 11 0 1 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 111 0 1 0 1 0 111 0 1 0 11 0 1 0 1 0 0 1 0 1 0 1 0 0 1 0 1 0 111 0 1 0 1 0 1 0 111 0 1 0 1 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 0 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 1111 0 1 0 11 0 0 1 0 1 0 111 0 1 0 1 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 0 0 1 0 1 0 1 0 0 1 0 1 0 111 0 1 0 1 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 0 0 1 0 1 0 1 0 0 1 0 1 0 111 0 1 0 1 0 1 0 111 0 1 0 1 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 0 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 0 0 1 0 1 0 1 0 0 0 1 0 1 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 0 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 11 0 1 0 111 0 1 0 1 0 1 0 0 0 1 0 1 0 1 0 0 1 0 1 0 111 0 1 0 1 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 0 0 1 0 1 0 1 0 0 1 0 1 0 111 0 1 0 1 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 0 0 1 0 1 0 1 0 0 1 0 1 0 111 0 1 0 1 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 0 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 0 0 1 0 1 0 1 0 0 0 1 0 1 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 0 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 1 0 1 0 1 0 0 0 1 0 1 0 111 0 1 0 1 0 1111 0 0 0 11 1 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 0 0 1 0 1 0 1 0 0 1 0 1 0 111 0 1 0 1 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 0 0 1 0 1 0 1 0 0 1 0 1 0 111 0 1 0 1 0 1111 0 0 0 111 0 1 0 1 0 0 1 0 1 0 111 0 1 0 1 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 0 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 0 0 1 0 1 0 1 0 0 0 1 0 1 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 0 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 1 0 1 0 1 0 0 0 11 0 1 0 1 0 0 1 0 111 0 1 0 1 0 1 0 11 0 1 0 1 0 1 0 0 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 1 0 1 0 1 0 0 0 11 0 1 0 1 0 1 0 11 0 1 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 111 0 1 0 1 0 111 0 1 0 11 0 1 0 1 0 1 0 1 0 1 0 0 1 0 0 0 111 0 1 0 1 0 0 1 0 1 0 111 0 1 0 1 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 0 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 0 0 1 0 1 0 1 0 0 0 1 0 1 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 0 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 1 0 1 0 1 0 0 0 11 0 1 0 1 0 0 1 0 111 0 1 0 1 0 1 0 11 0 1 0 1 0 1 0 0 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 1 0 1 0 1 0 0 0 11 0 1 0 1 0 1 0 11 0 1 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 111 0 1 0 1 0 111 0 1 0 11 0 1 0 1 0 0 1 0 1 0 1 0 0 1 0 1 0 111 0 1 0 1 0 1 0 111 0 1 0 1 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 0 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 1111 0 1 0 11 0 0 1 0 1 0 111 0 1 0 1 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 0 0 1 0 1 0 1 0 0 1 0 1 0 111 0 1 0 1 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 0 0 1 0 1 0 1 0 0 1 0 1 0 111 0 1 0 1 0 1 0 111 0 1 0 1 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 0 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 0 0 1 0 1 0 1 0 0 0 1 0 1 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 0 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 11 0 1 0 111 0 1 0 1 0 1 0 0 0 1 0 1 0 1 0 0 1 0 1 0 111 0 1 0 1 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 0 0 1 0 1 0 1 0 0 1 0 1 0 111 0 1 0 1 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 0 0 1 0 1 0 1 0 0 1 0 1 0 111 0 1 0 1 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 0 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 0 0 1 0 1 0 1 0 0 0 1 0 1 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 0 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 1 0 1 0 1 0 0 0 1 0 1 0 111 0 1 0 1 0 1111 0 0 0 11 1 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 0 0 1 0 1 0 1 0 0 1 0 1 0 111 0 1 0 1 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 0 0 1 0 1 0 1 0 0 1 0 1 0 111 0 1 0 1 0 1111 0 0 0 111 0 1 0 1 0 0 1 0 1 0 111 0 1 0 1 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 0 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 0 0 1 0 1 0 1 0 0 0 1 0 1 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 0 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 1 0 1 0 1 0 0 0 11 0 1 0 1 0 0 1 0 111 0 1 0 1 0 1 0 11 0 1 0 1 0 1 0 0 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 1 0 1 0 1 0 0 0 11 0 1 0 1 0 1 0 11 0 1 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 111 0 1 0 1 0 111 0 1 0 11 0 1 0 1 0 1 0 1 0 1 0 0 1 0 0 0 111 0 1 0 1 0 0 1 0 1 0 111 0 1 0 1 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 0 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 0 0 1 0 1 0 1 0 0 0 1 0 1 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 0 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 1 0 1 0 1 0 0 0 11 0 1 0 1 0 0 1 0 111 0 1 0 1 0 0 1 0 1 0 1 0 0 1 0 1 0 111 0 1 0 1 0 1 0 111 0 1 0 1 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 0 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 1111 0 1 0 11 0 0 1 0 1 0 111 0 1 0 1 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 0 0 1 0 1 0 1 0 0 1 0 1 0 111 0 1 0 1 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 0 0 1 0 1 0 1 0 0 1 0 1 0 111 0 1 0 1 0 1 0 111 0 1 0 1 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 0 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 1 0 1 0 1 0 0 1 0 1 0 111 0 1 0 1 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 0 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 0 0 1 0 1 0 1 0 0 0 1 0 1 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 0 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 1 0 1 0 1 0 0 0 1 0 1 0 111 0 1 0 1 0 1111 0 0 0 11 1 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 0 0 1 0 1 0 1 0 0 1 0 1 0 111 0 1 0 1 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 0 0 1 0 1 0 1 0 0 1 0 11 0 1 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 0 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 1 0 1 0 1 0 0 0 11 0 1 0 1 0 0 1 0 111 0 1 0 1 0 1 0 11 0 1 0 1 0 1 0 0 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 1 0 1 0 1 0 0 0 11 0 1 0 1 0 1 0 11 0 1 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 111 0 1 0 1 0 111 0 1 0 11 0 1 0 1 0 1 0 1 0 1 0 0 1 0 0 0 111 0 1 0 1 0 0 1 0 1 0 111 0 1 0 1 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 0 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 0 0 1 0 1 0 1 0 0 0 1 0 1 0 11 11 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 0 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 1 0 1 0 1 0 0 0 11 0 1 0 1 0 0 1 0 111 0 1 0 1 0 1 0 11 0 1 0 1 0 1 0 0 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 1 0 1 0 1 0 0 0 11 0 1 0 1 0 1 0 11 0 1 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 111 0 1 0 1 0 111 0 1 0 11 0 1 0 1 0 0 1 0 1 0 1 0 0 1 0 1 0 111 0 1 0 1 0 1 0 111 0 1 0 1 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 0 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 1111 0 1 0 11 0 0 11 0 1 0 1 0 1 0 1 0 1111 0 1 0 11 0 0 11 0 1 0 1 0 1 0 1 0 1111 0 1 0 11 0 0 11 0 1 0 1 0 1 0 1 0 1111 0 1 0 11 0 0 11 0 1 0 1 0 1 0 1 0 1111 0 1 0 11 0 0 11 0 1 0 1 0 1 0 1 0 1111 0 1 0 11 0 0 11111 0 1 0 11 0 1 0 1 0 0 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 1 0 1 0 1 0 0 0 11 0 1 0 1 0 1 0 11 0 1 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 111 0 1 0 1 0 111 0 1 0 11 0 1 0 1 0 1111 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 0 0 1 0 1 0 1 0 0 1 0 1 0 111 0 1 0 1 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 0 0 1 0 1 0 1 0 0 1 0 1 0 111 0 1 0 1 0 1 0 111 0 1 0 1 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 0 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 0 0 1 0 1 0 1 0 0 0 1 0 1 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 0 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 11 0 1 0 111 0 1 0 1 0 1 0 0 0 1 0 1 0 1 0 0 1 0 1 0 111 0 1 0 1 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 0 0 1 0 1 0 1 0 0 1 0 1 0 111 0 1 0 1 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 0 0 1 0 1 0 1 0 0 1 0 1 0 111 0 1 0 1 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 0 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 0 0 1 0 1 0 1 0 0 0 1 0 1 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 0 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 1 0 1 0 1 0 0 0 1 0 1 0 111 0 1 0 1 0 1111 0 0 0 11 1 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 0 0 1 0 1 0 1 0 0 1 0 1 0 111 0 1 0 1 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 0 0 1 0 1 0 1 0 0 1 0 1 0 111 0 1 0 1 0 1111 0 0 0 111 0 1 0 1 0 0 1 0 1 0 111 0 1 0 1 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 0 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 0 0 1 0 1 0 1 0 0 0 1 0 1 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 0 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 1 0 1 0 1 0 0 0 11 0 1 0 1 0 0 1 0 111 0 1 0 1 0 1 0 11 0 1 0 1 0 1 0 0 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 1 0 1 0 1 0 0 0 11 0 1 0 1 0 1 0 11 0 1 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 111 0 1 0 1 0 111 0 1 0 11 0 1 0 1 0 1 0 1 0 1 0 0 1 0 0 0 111 0 1 0 1 0 0 1 0 1 0 111 0 1 0 1 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 0 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 0 0 1 0 1 0 1 0 0 0 1 0 1 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 0 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 1 0 1 0 1 0 0 0 11 0 1 0 1 0 0 1 0 111 0 1 0 1 0 1 0 11 0 1 0 1 0 1 0 0 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 1 0 1 0 1 0 0 0 11 0 1 0 1 0 1 0 11 0 1 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 111 0 1 0 1 0 111 0 1 0 11 0 1 0 1 0 0 1 0 1 0 1 0 0 1 0 1 0 111 0 1 0 1 0 1 0 111 0 1 0 1 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 111 0 1 0 1 0 1 0 0 0 1111 0 0 0 111 0 1 0 1 0 11 0 11 0 1 0 1 0 1 0 1 0 1111 0 1 0 11 0 T H E N A T I O N A L S T R A T E G Y T O SECURE CYBERSPACE F E B R U A R Y 2 0 0 3
Country:US-1
Category: []
Subcategory: []
In [ ]:
Content source: credentdj/Cyber-Security
Similar notebooks: