What is cyberspace? National Security Presidential Directive 54/Homeland Security Presidential Directive 23 (NSPD-54/HSPD23) defines cyberspace as the interdependent network of information technology infrastructures, and includes the Internet, telecommunications networks, computer systems, and embedded processors and controllers in critical industries. Common usage of the term also refers to the virtual environment of information and interactions between people.
Threats to cyberspace pose one of the most serious economic and national security challenges of the 21st Century for the United States and our allies. A growing array of state and non-state actors, such as terrorists and international criminal groups, are targeting U.S. citizens, commerce, critical infrastructure, and government. These actors have the ability to compromise, steal, change, or completely destroy information. The continued exploitation of information networks and the compromise of sensitive data, especially by foreign nations, leave the United States vulnerable to the loss of economic competitiveness and the loss of the military’s technological advantages. As the Director of National Intelligence (DNI) recently testified before Congress, “The growing connectivity between information systems, the Internet, and other infrastructures creates opportunities for attackers to disrupt telecommunications, electrical power, energy pipelines, refineries, financial networks, and other critical infrastructures.” The Intelligence Community assesses that a number of hostile foreign nations already have the technical capability to conduct such attacks.
RiVidium has the right portfolio of capabilities to assist with Cyber security threats. RiVidium’s Cyber Security Assessment Framework (CSAF) allows organizations to assess their cyber security posture by determining the key drivers that allows cyber-attacks to be prevalent within an organization. RiVidium’s CSAF analysis assesses, at a minimum, the following elements:
- Architecture Assessment
- Governance Assessment
- Behavior Assessment
- Capacity Assessment
Architecture Assessment
This addresses the performance, cost, and security characteristics of existing information and communications systems and infrastructures as well as strategic planning for the optimal system characteristics that will be necessary in the future. This element includes standards; identity management; authentication and attribution; software assurance; research and development; procurement; and supply chain risk management.
Governance Assessment
This encompasses organizational structures for policy development and coordination of operational activities related to the cyber mission across the Executive Branch. This element includes reviewing overlapping missions and responsibilities that are the result of vesting authority with various departments and agencies.
Behavior Assessment
This addresses those elements of law, regulation, and policies and undertakings, as well as consensus-based measures (e.g., best practices) that collectively circumscribe and define standards of conduct in cyberspace.
Capacity Assessment
This encompasses the overall scale of resources, activities, and capabilities required to become a more cyber-competent enterprise. This scale includes resource requirements; research and development; public education and awareness; and partnerships, as well as all other activities that allow the organization to interface with its citizenry and workforce. This allows the organization to build the digital information and communications infrastructure of the future.