foreign everyone and welcome to cis's Virtual industry day which is being hosted by cis's Office of the chief acquisition executive my name is Monique Parks this says industry engagement coordinator before we get started I would like to provide some guidelines and information to make the day run smoothly for everyone please note all information shared in CIS industry Day events regarding system's future capability needs or requirements it's solely for informational purposes the presentations or and discussions in no Express or implied obligate the government to purchase or otherwise acquire the items or Services discussed the government is now bound or obligated in any way to give any special considerations to any organization on future contracts resulting from these communications today's live event is being recorded the use of the Microsoft Live event recording is approved for information sharing only misuse of the recording and transcription without the approval of sister is prohibited by participating in today's industry you consent to the recording and subsequent view broadcast of any interaction note if you disagree with the recording disclaimer statement then you may opt out of viewing or participating in today's industry day please check out sister's YouTube channel in the near future for video posting and for latest happenings in Sasa on the screen now is our agenda for today as you can see we have opening remarks from sister ocie and presentations providing information on sister National risk management Center's overview focused areas and capabilities later during our breakout session you will have opportunity to engage with the presenters our presenters will be taking questions during their presentations participants May type questions in the chat functions during the breakout session and please be assured that sister will be capturing any unanswered questions entered in the meeting chat and we will provide official responses after industry day is completed via an amendment to the sam.gov notice along with the presentation decks now that we have gone through all the housekeeping for the day onto the good part I'm pleased to introduce Christian van ginders this is Deputy Chief acquisition executive for business operations hello I'm Christian van ginders this is Deputy Chief acquisition executive for business operations Welcome to our industry date focused on cis's important risk management and Analysis Mission we have received numerous requests to record our industry days we've heard those requests so today's live event is being recorded an edited version will be posted on cis's YouTube channel in the near future unfortunately we're not able to record the breakout sessions associated with this event Cisco's forward-looking industry Day events are not focused on specific contract actions instead we try to provide a better understanding of sisa its diverse missions and provide a look forward at our potential future capability needs these types of events provide information to help you plan and determine what business to develop or potentially compete for in the future in turn we hope it results in better products and services when we need them in our mini meetings with industry there seems to be some common misunderstandings about what sysit does and does not do as part of its various missions so we hope to do a little myth busting to help you better understand how we support and provide actionable risk analysis to critical infrastructure and with that make it easier for you to help us secure the future in today's live event you will hear from senior members of the national Risk Management Center the nrmc presenters will provide information about their mission and the capabilities they have and look to build upon in the future in our follow-on breakout session later today subject matter experts and requirements owners participate in more in-depth discussion and Q a sessions I encourage you to participate in the breakout session as it allows for more direct interaction with the people who know the most about the mission in addition to our industry days and breakout sessions you've probably heard about our vendor engagement program and how much more engagement we at sister are doing with industry you can reach out to the vendor engagement program and ask to provide capability briefings and product demonstrations to representatives from cis's various divisions and offices while these are not tied to or intended to lead to any specific Contracting opportunities the industry capability briefings allow you to Showcase your products and services while helping us gain a better under awareness and understanding of the marketplace and support our subject matter experts in developing potential requirements for the future these briefing opportunities are very popular and we have greatly increased our number of engagements to give you more opportunities to tell us the great capabilities you have to offer of course the number of requests still exceed the number we can accommodate further because of the volume of requests we tend to schedule these meetings several months in advance as always I encourage you to visit doing business with cisa on cisa.gov for upcoming events links and information also please visit sam.gov for our current Contracting opportunities and reach out to the listed pocs should you have any questions you can also visit the acquisition planning forecast system apfs to a few potential future Contracting opportunities if you have any apfs inquiries please send them via email to apfs-inquiries at cisa.dhs.gov I want to take this opportunity to thank our presenters the team who coordinated this week of excuse me this week's event and thank you for attending now please join me in welcoming nrmc director for strategy policy and resources Sarah Ellis to the virtual stage thanks Christian I really appreciate it good afternoon everyone as was just stated my name is Sarah Ellis and I'm an associate director of the national Risk Management Center I'm grateful for the opportunity to introduce today's session for you from a program perspective and I look forward to both sharing more with you about our mission ongoing work and future priorities as well as hearing from you where you have questions later this afternoon we know that in the industry you have a lot to bring to the table and it is built in the system DNA to work hand and glove with industry who both own and operate critical infrastructure and help us secure it over the course of the presentation I'll plan to give you a high level overview of the nrmc and then hand it off to George Bamford to get into the details with a later breakout this afternoon as Monique mentioned to dig into even more specifics we hope that you can listen in on each of these sessions and then ask questions at the end I understand there will be ample time for that later in the breakout sessions why don't we move on to slide two please so as you know the national Risk Management Center is one of the six operational elements of cisa sisa is charged with securing American infrastructure those systems assets and the functions they provide that enable our daily lives one of my personal favorite things to do is to participate in career day at my kids school and for many years I talk with the kids about what infrastructure is and why it matters and it's clear even elementary kids understand that water electricity Transportation food they're all Essentials that make their daily lives run smoothly it's clear that the work that we do here is essential to all of our lives and our communities and at says that we want to ensure that our critical infrastructure continues to function so that kids families members of our community can go about their business supported by reliable secure infrastructure this is an all hazards organization we secure infrastructure against physical and cyber risks and we have in our purview to look across all types of critical infrastructure often focusing on risks that Cascade across infrastructure types my colleague George Bamford will talk with you more about that later highlighting the variety of risks that are in scope for us lastly on this slide before I move on to the the more details on the nrmc I want to highlight the mission statement here which puts front and center the critical role the industry and other government entities play in all of our work system does not own or operate critical infrastructure so we see ourselves as enabling owners and operators and leading the way on challenging issues as part of a much broader team effort to secure critical infrastructure across our country next slide so what is the role of the nrmc within system the nrmc was established in 2018 to serve as the nation's Center for critical infrastructure risk analysis nrmc provides the analysis that enables the risk mitigation or action that results in a more secure and resilient critical infrastructure we can layer on a lot of details but we need to be clear on this foundational level we aspire to provide our customers especially cisa operations with vital timely actionable risk analysis services that improve our nation's management of risk to critical infrastructure nrmc has recently gone through an organizational realignment to strengthen our focus on this Mission but our mission remains providing actionable risk analysis with our new design and focus areas we will translate analysis to action and impact for the critical infrastructure Community our analysis is for actions this means that our analytic Frameworks and tools must be developed from the beginning with the end in mind that end of reducing risk to critical infrastructure for us context is everything this means that understanding the impacts of disruptions is more valuable when we capture the cascading impacts across entities sectors and jurisdictions next slide please the nrmc supports Sizzle leadership and operations Federal Partners State local tribal and territorial partners and the broader critical infrastructure community and our work Builds on a history of national efforts to support critical infrastructure security and resiliency our risk analysis enables the prioritization of operations across the interagency and the broader critical infrastructure Community our analytic mission is embedded within our organization director easterly is very clear about where nrmc fits in the context of cesa her vision is for nrmc to provide analytic support largely but not exclusively to assist the operational needs in response to director easterly's mandate to refocus and redesign our organization to improve Mission impact with clarified our strategic Direction and designed a more effective organization that fits into cis's organization and operations with our new design and focused areas we'll translate analysis to action and impact for the critical infrastructure Community since no single stakeholder has all the information necessary to detect or comprehensively manage systems systemic risks this is information sharing and coordination role as well as its ability to engage policy and decision makers are essential to success in our shared Homeland Security mission this is vision of secure and resilient infrastructure for the American people cannot be achieved quickly it's an abiding goal that Demands a Long View search of emerging and future risks and analyzes that make decisions to reduce to reduce them actionable today over time we aim to measurably reduce future risk and increase the I adaptivity of the nation's critical infrastructure Risk Managers on this slide you see how we view analysis as feeding into action as feeding into impact our analysis should never be a book report it should always have a stakeholder in mind and be clear how it's going to secure the country and make critical infrastructure more secure at this point I have the pleasure of introducing George Bamford who is the associate director for risk services division within the nrmz over to you George thank you Sarah good afternoon ladies and gentlemen next slide please as a nation we Face a number of traditional and emerging risks to our cyber and physical infrastructure some of them are listed on the slide you are viewing the nrmc is unique in the government as the national Risk Management Center focuses our analysis on National cross-sector risk risk we Leverage The expertise and the data from sector risk management agencies outside of cisa but the the but the mrmc is the place where we integrate that information into a national picture of risk that supports crossed sector collaborative risk reduction planning efforts almost all national level risks span across sectors the methods data tools and governance for understanding those cross-sector risks and developing Solutions lives at the national Risk Management Center next slide please nrfc is committed to working alongside our partners in service of the American people this slide shows the 16 critical infrastructures sectors the 16 critical infrastructure SEC sectors recognized in the United States and the associated sector risk management agencies inside the federal government we Leverage The expertise and data from sector risk management agencies and sector Partners in pursuit of our admission focus on providing actionable risk analysis to sisa and our partners in service of the American people our focus is National critical infrastructure our relationship with governments and Industry Partners ensures that we provide analytical products and services that provide decision support to the critical infrastructure Community to help inform their risk management activities a majority of critical infrastructure is owned and operated by the private sector effective risk management depends on the critical infrastructure community's ability to engage across all 16 sectors to facilitate a shared understanding of risk and integrate a wide range of activities to manage that risk we are driving coordination through forums including sector coordinating councils government coordinating councils and working groups to understand partner concerns and focus areas to better tailor our activities examples include the information technology Communications and Technology supply chain risk management task force the Space Systems critical infrastructure working group the cyber security advisory committee and receiving private sector input that informs cis's response to geopolitical and pandemic risks in addition the national Risk Management Center leads a federal risk management working group also known as the frmwg which is the risk management coordinating body for the sector risk management agencies the federal risk management working group provides risk management recommendations to the federal senior Leadership Council across a cross-sector council focused on critical infrastructure risk and resilience the national Risk Management Center uses the federal risk management working group to elicit feedback from sector risk management agency partners on the nrmc's analytical capabilities and risk services notably sisa also leads the risk management for the election security sub-sector under the government facilities next slide please where there are known cross-sector risks that have the governance or risk management gaps the national Risk Management Center also leads initiatives to understand and manage those risks as news risks emerge such as emerging technology or the risks associated with article artificial intelligence we will continue to assist with policy Doctrine and process enhancements through state-of-the-art analytics to reprioritize or identify new priorities and establish risk management initiatives to effectively secure our nation throughout our partnership efforts with the critical infrastructure Community we are able to incorporate sector expertise into our risk analysis to understand National critical functions at the highest risk of an attacker threat as a result we have implemented key initiatives to help the government and Industry Partners manage risk to these vital critical functions this includes risk to systemically important entities election security critical infrastructure risk register and as noted earlier the information technology Communications and Technology Supply chains I will discuss in more depth the ICT supply chain risk management issues later in the presentation as new risks emerge such as emerging technology we will continue to assist with policy Doctrine and process enhancements next slide please as I have said earlier we have identified some areas of potentially significant risk to our nation where the responsibility for risk analysis and risk mitigation spans across multiple sectors for those cross-sector risks where no sector is clearly the lead we stand up temporary efforts to assess the risk and deep and develop cross-sector mitigation strategies some of these efforts are well established like position navigation and timing where we are working with the interagency and private sector to address our growing dependence on GPS others such as the connected communities and Space Systems are relatively new as space-based capabilities and connected communities are integrated with existing infrastructure we must understand how these capabilities change the risk landscape and be proactive in Risk mitigation electromatic pulse also known as EMP creates a complicated risk environment system completed a quadrennial EMP risk assessment in 2022 we can provide additional information in a classified environment I can share that we are working closely with the interagency to understand the risk both from naturally occurring and man-made EMP in order to inform risk mitigation efforts next slide please the national Risk Management Center Supply Chain management working group includes two main elements partnership in analysis established in 2018 the information and Communications technology supply chain risk management task force is a center of gravity for public-private supply chain risk management partnership it is cheered by this by the cyber security infrastructure Security Agency and the information technology and communication sector coordinating councils and as a membership that includes 40 of the largest companies in the it and com sectors and 20 Partners from across the interagency including every entity represented in the federal acquisition Security Council and two State associations the first year of the task force focused on four Priory priority areas of policy concern for supply chain risk management including information sharing threat evaluation qualified bidder list and qualified manufacturer lists and policy recommendations to incentivize the purchase of ICT from original equipment manufacturers and authorized resellers now in its fourth year the task force efforts include standing up the hardware bills of materials working group standing up a software Assurance working group and continuing the small business working group which engages which engages the smaller medium-sized business Community to understand and tailor task force products to meet their needs next slide please as America's cyber Defense Agency and the national coordinator for critical infrastructure security and resilience sisa leads the national effort to understand manage and reduce risk to cyber and physical infrastructure that Americans rely on every hour of every day we are a slide behind the damage caused by unsafe technology products come into the marketplace might be difficult to measure but the collective toll is staggering as we know as we know it when we see it it's a it's difficult to measure but the collective toll is staggering if ransomware is forcing a school district to shut down a patient forced to divert to another hospital or a family defrauded of their savings we have an unused or nefarious use of Technology Americans need a new model to address the gaps in cyber security a model a model of sustainable security two principles in this model of security include security but by Design and ensuring that that technology products are secure by default sisa and the national Risk Management Center is working to develop risk mitigation strategies to address these emerging issues next slide please next slide please the the sister National Risk Management Center is currently working very diligently to review and refine or analysis products to meet customer needs visitors to our website listed on our slide we'll find a list of our services and offerings that may assist your risk your understanding of our capabilities and services that concludes my portion of the brief I'd now like to turn it back over to Christian from OCA ocae thank you thank you so um again I just want to thank everybody for attending today uh also out there in Industry I also appreciate today's presenters for taking their time to deliver insight into their missions and for the assistant team that supported the event so I know today we covered a lot of ground related to nrmc's priorities and capabilities and provided some insight into their role the infrastructure risks and how we engage My Hope Is that we we were successful in busting some myths today uh that we we answer some questions and really gave you all some insight into how we are looking toward the future here at ciso particularly with nrmc in their mission um with that again I I invite you to please attend the breakout session where you can have an interactive space there for your q a uh and again just thank you all for coming today back to you thank you Christian and thank you everyone for participating in systems industry day we hope you found today's presentation informative as always vendors are encouraged to monitor the DHS acquisition planning forecast system apfs which provides high level information regarding system's upcoming compared requirements that said it should be noted that cisa continues to update apfs throughout the year as new requirements emerge so it will be beneficial for everyone to continue to monitor the site during the entire year please send apfs inquiries via email to apfs dash inquiries at system.dhs.gov looking to fy23 for the
rest of the year please go ahead and continue to check out doing business with sister under sister.gov for more information uh regarding upcoming virtual industry days also the industry engagement team will host 30-minute weekly vendors focused sessions for specific capabilities to ensure assistance staff have a chance to learn about the Innovative work being done in a wider Market you may contact engagement team access the vendor engagement at cisco.dhs.gov and please join us later this afternoon for a breakout session and I believe the link is being provided on the chat presented by nrmc subject matter exports where they will present the various topics and answer your questions and again thank you for attending today's industry Day event and this concludes the main event session and we hope to see you later today thank you foreign
2023-06-04