FT Cyber Security Summit USA

FT Live Calendar

Wednesday, March 18, 2015

8:30 am - 9:00 am	Registration and Breakfast
9:00 am - 9:10 am	Chair's Opening Remarks Gillian Tett, US Managing Editor, Financial Times
9:10 am - 9:30 am	First Keynote Address: The US Government’s Response to the Cyber Threat Cyber attacks are on the increase, but governments and businesses around the world are working more closely together to protect themselves and wider society from cyber criminals. What are the threats to national security, government services, the private sector and citizens Governments have created national cyber security strategies – but how effective are they, and how could they be improved? How are US policymakers executing their cyber security programmes, in particular the National Institute of Standards and Technology’s (NIST) Framework for Improving Critical Infrastructure Cybersecurity? Are they doing enough to engage with business leaders to help ensure the security and resilience of critical infrastructure companies and other businesses?
9:30 am - 9:50 am	Second Keynote Address: US Industry’s Response to the Cyber Threat Businesses have woken up to the dangers that exist in cyberspace, but they need to do more to address what is a not just an IT issue but a major business risk. What are the threats to industry, and how should they be tackled? How do companies conduct a realistic cost-benefit analysis? How much security should they buy to protect narrowly defined commercial interests, and when should they go further from a reputational or national security perspective? Are public-private partnerships working? The DHS, NIST and other government departments have adjusted their expectations of what US industry should be doing to combat the cyber threat, but are they still asking too much?
9:50 am - 10:00 am	Panel Framing Presentation: Corporate Security Risk Management – Improving the Safety and Resilience of Businesses in Cyberspace David Burg, Principal, US Advisory Practice, and Global & US Advisory Cybersecurity Leader, PwC
10:00 am - 10:40 am	Panel Discussion: Cyber Security Risk Management – Improving the Safety and Resilience of Businesses in Cyberspace Do board directors and executive managers really understand the cyber risks they face, and do enough to mitigate them? What constitutes an effective corporate cyber security strategy, and how should it be integrated into the overall business strategy? How do you find and allocate the right resources – information security professionals, IT and money – to provide the counter measures required? Guidance from federal and state governments and agencies – how useful is it? David Burg, Principal, US Advisory Practice, and Global & US Advisory Cybersecurity Leader, PwC Larry Clinton, President and CEO, Internet Security Alliance Marcy Klevorn, Vice President and Chief Information Officer, Ford Motor Company Adam Sedgewick, Senior Information Technology Advisor, National Institute of Standards and Technology (NIST) Moderated by: Gillian Tett, US Managing Editor, Financial Times
10:40 am - 11:00 am	Networking Break
11:00 am - 11:25 am	On-Stage Interview: View from the Boardroom Why do boardrooms typically not give cyber security the attention it deserves? How do you set the right tone from the top, demonstrating to everyone in the organisation that information and communications security is a serious business risk and not just a government policy or technical issue? How closely should the board and executive management work with the chief information security officer and other security professionals in managing cyber threats? When disaster strikes: in the event of a serious breach of security how should the immediate risks be managed, in terms of closing the breach, limiting the damage, ensuring business continuity, informing customers and the public, and managing the media? Val Rahmani, Board Member, Teradici; Board Member, Decooda; Advisory Board Member, Zakipoint Health; Board Member, Georgia Partnership for Excellence in Education William Roskin, Senior Director, Lyons, Benenson and Company; Board Member, Sony Corporation of America; Board Member, Martha Stewart Living Omnimedia; Board Member, New York Chapter, National Association of Corporate Directors
11:25 am - 11:35 am	Panel Framing Presentation: All Locked Up – Cyber Security in the Financial Services Sector Valerie Abend, Senior Critical Infrastructure Officer, Office of the Comptroller of the Currency, US Department of Treasury Note: This presentation will be held under the Chatham House Rule
11:35 am - 12:15 pm	Panel Discussion: All Locked Up – Cyber Security in the Financial Services Sector The modern state depends on the reliable functioning of critical infrastructure such as financial services, which is why banks, credit card companies, insurance companies and other financial firms have effective measures in place to guard against denial-of-service attacks, online fraud, data theft and other similar threats. What are the cyber security risks facing banks and other financial services companies? How are those risks managed, and who is in responsible? How far ahead of other sectors is the financial services sector when it comes to combating cyber crime? What level of support should the CEO and the rest of the executive management team be giving to the chief information security officer and others in the front line? What level of assistance is required from financial regulators, law enforcement agencies, IT vendors and other organizations? Russell Fitzgibbons, EVP and Chief Risk Officer, The Clearing House; and Chairman, Financial Services Coordinating Council for Critical Infrastructure Protection and Homeland Security Chris Sutherland, US Chief Information Security Officer, BMO Financial Group Note: This panel discussion will be held under the Chatham House Rule
12:15 pm - 1:00 pm	Panel Discussion: Power to the People – Cyber Security in the Energy Sector Oil, gas, electricity generation and other companies in the energy sector provide essential services which, if disrupted, can bring a nation to its knees. They therefore need to be resilient to cyber attacks that could reduce their ability to provide these services. What are the main risks confronting energy companies in cyberspace? How are those risks being managed, and how much scope is there for improvement? What should an effective cyber security strategy look like? Who should be involved, from those with immediate responsibility for security, up to the highest level of the organisation? How useful have government initiatives been in helping energy corporations enhance their security and resilience, in particular the President’s Executive Order 13636 Improving Critical Infrastructure Cybersecurity, NIST’s Framework for Improving Critical Infrastructure Cybersecurity, and the Department of Homeland Security’s (DHS) Critical Infrastructure Cyber Community Program C3 Voluntary Program? Gerry Cauley, President and Chief Executive Officer, North American Electric Reliability Corporation (NERC) Savio Lobo, Vice President, IT Planning and Operations, NiSource Graham Wright, Chief Information Security Officer & Global Head of Digital Risk and Security, National Grid
1:00 pm - 2:00 pm	Lunch
2:00 pm - 2:30 pm	On-Stage Interview: Defending the Nation The US faces multiple threats in cyberspace from foreign adversaries, and the government conducts a variety of operations to defeat them. What are the main cyber threats to US national security, and how are they countered by government departments and agencies such as the Department of Defense, National Security Agency, US Cyber Command and the Central Intelligence Agency? How effective are the nation’s cyber security and information assurance measures? Do they need to be improved? Emerging threats: how are the US and its NATO allies dealing with “ambiguous attacks”, as witnessed in the Ukraine crisis, which blend cyber attacks with conventional information warfare, sabotage and other undercover action? Recruitment: how do you find and train the right personnel and turn them into an effective cyberforce? How do governments develop offensive cyber capabilities without becoming cyber aggressors? Major General John Davis, Acting Deputy Assistant Secretary of Defense for Cyber Policy, US Department of Defense
2:30 pm - 3:15 pm	Panel Discussion: Planes, Trains and Automobiles… and Ships – Cyber Security in the Transportation Sector Transport is one of 16 critical infrastructure industries – along with financial services and energy, dealt with earlier – identified by Presidential Policy Directive 21, and part of the Department of Homeland Security’s National Infrastructure Protection Plan (NIPP), which aims to improve physical and cyber security. The threats and the solutions – how do you create an effective cyber security strategy for companies in the rail, aviation, highway and marine transportation sectors? How useful are IT solutions in preventing cyber attacks? What innovations are shaping future threat analysis and management in cyberspace? The importance of board and executive management buy-in: how do you achieve it? Working with the Department of Homeland Security, the Department of Transportation and other government departments and agencies to improve security – what are the benefits, and the pitfalls? Denise Wood, Chief Information Security Officer, Chief IT Risk Officer, FedEx Corporation
3:15 pm - 3:40 pm	On-Stage Interview: Venturing Forth – Investing in Cyber Security Software Developers Technological innovation is the key to protecting businesses in cyberspace. Tools for preventing, detecting, mitigating and analysing attacks have to be constantly refined or completely over-hauled, and new ones invented, to keep up with the changing nature of the threats and the ingenuity of hackers. There are many well-established providers of cyber security solutions, but new companies with different ways of looking at things are being set up, and venture capital (VC) is playing a key role in their creation. The capital is coming from pure VC firms, as well as from the corporate venture arms of banks, industrial conglomerates and technology giants that already have their own cyber security divisions. What have been their most interesting VC investments to date, from an IT and a business perspective? What are the most serious cyber threats today, and how well are software developers – in established and start-up firms – dealing with them? What do venture capitalists look for when investing in a cyber security start-up? What are the main investment criteria? Ted Schlein, General Partner, Kleiner Perkins Caufield & Byers; former Chairman, National Venture Capital Association
3:40 pm - 4:25 pm	Closing Keynote Addresses: Taking a Holistic Approach to Cyber Security Cyber security should be treated as a strategic business, not a narrow IT one. So: How do you develop and implement an effective cyber security strategy, one that ensures the safety and resilience of the business in cyberspace without hindering commercial objectives and costing the earth? What are the main obstacles to such a strategy – a lack of senior management commitment and vision, a shortage of skilled professionals, ineffective IT solutions or the ingenuity of cyber attackers? How do you overcome those obstacles? How do you tap in to the assistance given to businesses by federal government and other public sector agencies? Jeanette Manfra, Director for Critical Infrastructure Cybersecurity, National Security Council, Executive Office of the President
4:25 pm - 4:30 pm	Closing Remarks Gillian Tett, US Managing Editor, Financial Times
4:30 pm - 5:30 pm	Networking Cocktail Reception *Please note this is a preliminary agenda and subject to change.