Digital Life and Cyber Security «Public-Private Governance" Mustafa AFYONLUOGLU Cyber Security & e-governance Chief Expert

Transcription

1 Digital Life and Cyber Security «Public-Private Governance" Mustafa AFYONLUOGLU Cyber Security & e-governance Chief Expert March 7th 2017

2 HUMAN DIGITAL LIFE PUBLIC AGENCIES SERVICE PROVIDER SERVICE REQUESTOR PRIVATE SECTOR CITIZEN UNIVERSITIES D A T A SECURITY NGO POWER DEVICES

3 İNSANLAR DİJİTAL YAŞAM KAMU KURUMLARI HİZMET SAĞLAYAN HİZMET ALAN ÖZEL SEKTÖR VATANDAŞLAR ÜNİVERSİTELER V E R İ SECURITY STK POWER CİHAZLAR

4 İNSANLAR DİJİTAL YAŞAM KAMU KURUMLARI HİZMET SAĞLAYAN HİZMET ALAN ÖZEL SEKTÖR VATANDAŞLAR ÜNİVERSİTELER V E R İ SECURITY STK POWER CİHAZLAR

5 PUBLIC SECTOR & PRIVATE SECTOR LIKE TWO WINGS OF A BIRD IN HARMONY!

6 What happens on the internet for 60 seconds? (February 2017)

7 What happens on the internet for 1 Hour? (February 2017)

8 Internet Connected Devices Internet of Things 2016 Symantec Internet Security Thread Report,, Gartner IoT Report 10 Kasım 2015

9 Internet Connected Devices Internet of Things 2016 Symantec Internet Security Thread Report,, Gartner IoT Report 10 Kasım 2015

10 Internet Connected Devices Internet of Things IoT Güvenlik Sorunları Expected Economical Size in IoT 2016 Symantec Internet Security Thread Report,, Gartner IoT Report 10 Kasım 2015

11 Internet Connected Devices Internet of Things 2016 Symantec Internet Security Thread Report,, Gartner IoT Report 10 Kasım 2015

12 WHAT HAPPENS IN 2 MONTHS? CI: Health October 4th, 2016 J&J: Attack on Diabetic Insulin Pumps CI: Finance October 22th, million bank card information of Indian banks stolen Global: İnternet October 15th, 2016 IoT: DDoS Attack of Mirai BotNET to Dyn DNS 10 Tbps National October 23rd, 2016 Interenet interrruption on 78% of ABD with 14 Million IoT $ 7 Billion loss Otonomy Systems October 24th, 2016 UK: «Motor Vehicles Cyber Security Guide» published CI: Health November 3rd, 2016 UK National Health System closed down due to malware National November 15th, 2016 Pre-loaded 700,000 phone sends data to China CI: Transport November 28th, 2016 Cyber attack to San Francisco Municipal Metro System CI: Communication November 28th, 2016 Cyber attack to routers of Alma Telekom Terrorism November 30th, 2016 Files of 54 terrorist groups leaked from from Europol National December 7th, 2016 The North Korean Operating System «Red Star» was captured by a remote attack October 10th, 2016 Cyber Attack on Germany Nuclear Power Plants CI: Energy October 22nd, 2016 DDoS attack to Singapore Telekom Starhub CI: Communication November 1st, 2016 Cyber attacks on Schneider Electrics ICS Panels CI: Industry November 9th, 2016 Central heating system in Finland closed with DDoS attack Public Service November 25th,2016 Massive DDoS Attack on European Commission servers Institutional November 28th,2016 Data Breach: 26,500 UK National Lottery User Account Taken Public December 3rd, million Android downloads were attacked via AirDroid Mobile December 4th, 2016 Visa cards break in 06 seconds CI: Finance CI: Critical Infrastructure ICS: Industrial Control System IoT: Internet of Things ( IoT: $ - DarkWeb)

13 February 2016: The Technical Arrangement on cooperation in cyber defense with the European Union was signed. July 2016: Cyber Space is the 5th operational area after Land, Air, Sea and Space. December 2016: Cyber defense is one of NATO's key tasks in the field of collective defense. International law should also be applied to the cyber field. NATO will develop cyber training and exercise skills.

14 GOVERNANCE HOW? Personal Privacy Public Data Trade Secrets

15 Syber Security Governance Model of Netherlands Ministry of Security and Justice National Cyber Security Council (NCSS) ICT Response Board (IRB) Governance Board Directorate of Cyber Security National Coordinator for Counterterrorism and Security Policy Division Incident Response Team Knowledge Services Team Development Team National Cyber Security Centre (NCSC) GOVCERT.NL Security Operation Center (SOC)

16 South Korea E-Government Governance Model Expert Committee Strategy Ownership / Top Level Responsibility Program Efficiency Administrative Authority President Prime Ministry Information Society Council Administrative Board e-government Expert Board Co-Chairman: Prime Minister and Private Sector Representative Members: Repr. from Ministries + Private Sector Managers Co-Chairman: MoI Vice President and Private Sector Representative Members:Senior bureaucrats and experts Chairman: MoI Vice President and Private Sector Representative Members:Senior bureaucrats and experts Execution / Support MoI (MOSPA) Planning / Evaluation Technology / Project Support NIA MOSPA / MoI: Ministry of Security & Public Administration NIA: National Information Society Agency Administration, Technology Support Local Government Ministry Project Execution Ministry Project Execution

17 South Korea E-Government Governance Model Expert Committee Strategy Ownership / Top Level Responsibility Program Efficiency Administrative Authority President Prime Ministry Information Society Council Administrative Board e-government Expert Board Co-Chairman: Prime Minister and Private Sector Representative Members: Repr. from Ministries + Private Sector Managers Co-Chairman: MoI Vice President and Private Sector Representative Members:Senior bureaucrats and experts Chairman: MoI Vice President and Private Sector Representative Members:Senior bureaucrats and experts Execution / Support MoI (MOSPA) Planning / Evaluation Technology / Project Support NIA MOSPA / MoI: Ministry of Security & Public Administration NIA: National Information Society Agency Administration, Technology Support Local Government Ministry Project Execution Ministry Project Execution

18 Japan E-Government Governance Model Efficiency of Programs IT Strategies Headquarters Chairman: Prime Minister Members: Representatives from All Ministries and Private Sector Representatives Strategy Ownership / Top Level Responsibility Planning Board Chairman: Minister of Science & Technology Policies Members: Deputy Minister Public Programs Management Office (E-Government Incentive and Management Office, Cabinet Secretariat) Planning & Evaluation Administrative Authority CIO Council Chairman: Deputy Secretary of Cabinet Members: Ministry CIO s Strategy / Technology Consultancy Technology / Project Consultancy Advisory CIO Council (Members: Ministry s Consultant CIO s (Private) 2003 te kuruldu. CIO Council Technical Management Board (Members: Ministry s ICT Managers) Program Management Office Members: CIO, Advisory CIO, Strategic Planning Departments Ministry A Ministry B Ministry C Technology / Project Support

19 Japan E-Government Governance Model Efficiency of Programs IT Strategies Headquarters Chairman: Prime Minister Members: Representatives from All Ministries and Private Sector Representatives Strategy Ownership / Top Level Responsibility Planning Board Chairman: Minister of Science & Technology Policies Members: Deputy Minister Public Programs Management Office (E-Government Incentive and Management Office, Cabinet Secretariat) Planning & Evaluation Administrative Authority CIO Council Chairman: Deputy Secretary of Cabinet Members: Ministry CIO s Strategy / Technology Consultancy Technology / Project Consultancy Advisory CIO Council (Members: Ministry s Consultant CIO s (Private) 2003 te kuruldu. CIO Council Technical Management Board (Members: Ministry s ICT Managers) Program Management Office Members: CIO, Advisory CIO, Strategic Planning Departments Ministry A Ministry B Ministry C Technology / Project Support

20 SUGGESTIONS 1. Cyber Security and e-government should be coordinated from top level in ONE CENTER 2. In this Center, there should be Public-Private Governance Board 3. National Cyber Security Policy and Prioritized Sectoral Areas should be prepared National Solutions in «Perimeter Security» Layer: National Firewall National Intrusion Detection & Prevention systems National Web Filtering National Anti-virus Solutions National Cyber Thread Intelligence Bank

21 SUGGESTIONS 4. Government should Support private sector, while developing Sectoral Capacity * Definitions of Cyber Security, Data Security and e-government Expertizes / Professions * Software Development and Cyber Security Education Programs from Primary School to Universities * Preparation of HR Capacity Developing Programs for private sectotr * Innovation Incentives in prioritized areas 5. The government should be beside the sector in creating the regional and global power of the sector 6. Special incentives for the sector targeted to grow in the region (financial and administrative)

22 SUGGESTIONS 7. Use of NATIONAL PRODUCTS without exception as a National Policy in the public sector «WE WILL USE FIRST!» Dissemination Policy in Public Sector: «Company Rating» in public procurement with accreditation and certification Promotion Model: R&D For successful results «Production Support» Pilot Applications Support & Development Infrastructure Positioning in Public Current products in the first layer, National Products in the second layer After transition and maturity, national products in all layers At least two National Solution Policy in each segment Regional Dissemination

23 Digital Life and Cyber Security «Public-Private Governance" Mustafa AFYONLUOĞLU Cyber Security & e-governance Chief Expert afyonluoglu [at] gmail.com Linkedin: Twitter: Web: afyonluoglu.com