Hybrid Cyber Warfare, dual risks?

Similar documents
Hybrid cyber warfare and the evolution of aerospace power: risks and opportunities 1

Cyber Security in Europe

13967/16 MK/mj 1 DG D 2B

Training + Information Sharing: Pillars of enhancing cybersecurity posture

Position Paper of the ASD Civil Aviation Cybersecurity Taskforce

Cybersecurity & Digital Privacy in the Energy sector

Enhancing Cooperative Energy Security. NATO Energy Security Centre of Excellence

Netherlands Cyber Security Strategy. Michel van Leeuwen Head of Cyber Security Policy Ministry of Security and Justice

Cybersecurity, safety and resilience - Airline perspective

Les joies et les peines de la transformation numérique

Brussels, 19 May 2011 COUNCIL THE EUROPEAN UNION 10299/11 TELECOM 71 DATAPROTECT 55 JAI 332 PROCIV 66. NOTE From : COREPER

Horizon 2020 Security

French-American Foundation Conference on cyber issues. Opening remarks. 25 October 2017

Draft Resolution for Committee Consideration and Recommendation

Role of NATO and Energy Security Centre of Excellence in Supporting Protection of Critical Energy Infrastructure and Enhancing its Resiliency

Emerging Security Challenges November 22, 2012, Baku

ENISA & Cybersecurity. Dr. Udo Helmbrecht Executive Director, European Network & Information Security Agency (ENISA) 25 October 2010

COUNCIL OF THE EUROPEAN UNION. Brussels, 28 January 2003 (OR. en) 15723/02 TELECOM 78 JAI 307 PESC 593

ENISA EU Threat Landscape

G7 Bar Associations and Councils

Itu regional workshop

Resolution adopted by the General Assembly on 21 December [on the report of the Second Committee (A/64/422/Add.3)]

COMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN

Security and resilience in Information Society: the European approach

Cyber Intelligence Professional Certificate Program Booz Allen Hamilton 2-Day Seminar Agenda September 2016

Package of initiatives on Cybersecurity

Implementation Strategy for Cybersecurity Workshop ITU 2016

Cybersecurity & Privacy Enhancements

NATIONAL CYBER SECURITY STRATEGY. - Version 2.0 -

GENERIC CONTROL SYSTEM ARCHITECTURE FOR CRITICAL INFRASTRUCTURE PROTECTION

COMMISSION RECOMMENDATION. of on Coordinated Response to Large Scale Cybersecurity Incidents and Crises

Towards a Theory of Cyberpower

Society, the economy and the state depend on information and communications technology (ICT).

CSM-ACE 2010 KUALA LUMPUR CONVENTION CENTRE OCTOBER 2010

10 years young Total: 28 missions, > personnel Wide variety of mandates, but often incl. Security Sector Reform Launchable in 3-6 weeks (EUMM)

Directive on security of network and information systems (NIS): State of Play

Resolution adopted by the General Assembly. [without reference to a Main Committee (A/62/L.30 and Add.1)]

Valérie Andrianavaly European Commission DG INFSO-A3

Resilience, Deterrence and Defence: Building strong cybersecurity for the EU

EU policy on Network and Information Security & Critical Information Infrastructures Protection

NATIONAL DEFENSE INDUSTRIAL ASSOCIATION Homeland Security Symposium

Cyber Security Roadmap

CEIP and Energy Security in Perspective of NATO Energy Security Centre of Excellence

Cyberspace Security Threats Evaluation System of the Republic of Poland

RESOLUTION 130 (REV. BUSAN, 2014)

Protecting Critical Energy Infrastructure International Multistakeholder Conference, Training & Exhibition

Department of Homeland Security Updates

CORPORATE PRESENTATION

Cyber Security Beyond 2020

Dr. Stephanie Carter CISM, CISSP, CISA

Enhancing the cyber security &

Germany: Report on Developments in the Field of Information and Telecommunications in the Context of International Security (RES 68/243),

Rethinking Information Security Risk Management CRM002

Defence, Safety and Security

5972/17 GT/cb 1 DG G 3 C

UAE National Space Policy Agenda Item 11; LSC April By: Space Policy and Regulations Directory

Perspectives on Cyber Operations

Implementing the Administration's Critical Infrastructure and Cybersecurity Policy

A New Cyber Defense Management Regulation. Ophir Zilbiger, CRISC, CISSP SECOZ CEO

Panelists. Moderator: Dr. John H. Saunders, MITRE Corporation

H2020 WP Cybersecurity PPP topics

Cyber Security Incident Response Fighting Fire with Fire

A Strategy for a secure Information Society Dialogue, Partnership and empowerment

COUNCIL OF THE EUROPEAN UNION. Brussels, 24 May /13. Interinstitutional File: 2013/0027 (COD)

The Interim Report on the Revision of the Guidelines for U.S.-Japan Defense Cooperation

Commonwealth Cyber Declaration

Cooperation has been established between the EU and NATO staffs with regard to strategic communication. Between now and mid-2017, they will:

Delegations will find in an Annex a non-paper of the Presidency.

Angela McKay Director, Government Security Policy and Strategy Microsoft

Cybersecurity Package

EUROPEAN COMMISSION JOINT RESEARCH CENTRE. Information Note. JRC activities in the field of. Cybersecurity

EISAS Enhanced Roadmap 2012

About Issues in Building the National Strategy for Cybersecurity in Vietnam

Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure

Discussion on MS contribution to the WP2018

Information sharing in the EU policy on NIS & CIIP. Andrea Servida European Commission DG INFSO-A3

SPACE SECURITY AND CYBERSECURITY: INTERSECTING CHALLENGES

Between 1981 and 1983, I worked as a research assistant and for the following two years, I ran a Software Development Department.

Workshop IT Star IT Security Professional Positioning and Monitoring: e-cfplus support

The challenges of the NIS directive from the viewpoint of the Vienna Hospital Association

INDEPENDENT COMMUNICATIONS AUTHORITY OF SOUTH AFRICA(ICASA) CYBERSECURITY PRESENTATION AT SAIGF. 28 th November 2018

Risk-Based Cyber Security for the 21 st Century

Understanding the Changing Cybersecurity Problem

European Cybersecurity PPP European Cyber Security Organisation - ECSO November 2016

Workshop on Cyber Security & Cyber Crime Policies. Policies for African Diplomats

Principles for a National Space Industry Policy

National Cyber Security Strategy - Qatar. Michael Lewis, Deputy Director

European Directives and reglements for Information security

Developments in the field of information and

RESOLUTION 67 (Rev. Buenos Aires, 2017)

RUAG Cyber Security Training Range & Attack Simulation. Peter Hladký Senior Cyber Security Specialist RUAG Defence

Committee on Foreign Affairs. on space capabilities for European security and defence (2015/2276(INI))

*** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***

Dual use Actions at EU level in support of SMEs, clusters & regions

THE CYBER SECURITY ENVIRONMENT IN LITHUANIA

CONE 2019 Project Proposal on Cybersecurity

Ms. Izumi Nakamitsu High Representative for Disarmament Affairs United Nations

UNCLASSIFIED R-1 ITEM NOMENCLATURE FY 2013 OCO

Promoting Global Cybersecurity

The role of COP/ITU on international level. Dr Ibrahim Al dabal chair of child on line council working group

Transcription:

Hybrid Cyber Warfare, dual risks? Cologne - 26/04/2017 ing. Giuseppe G. Zorzino ERMCP, CISA, CISM, CGEIT, CRISC, LA ISO27001

Bio Giuseppe Giovanni Zorzino Teacher and consultant of information security, currently I deal with cyberstrategies, security management systems, governance and organization information security, privacy, compliance and awareness. More than 35 years of experience in the IT industry which more than 15 on IT security. Italian Air Force Academy, Official (ret) of the Air Force Corps of Engineers. Cybersecurity coordinator of CESMA (Military Aeronautical Studies Center) "Giulio Douhet". Member of IT Security Committee of Engineer Council of Rome, as well as ISACA Rome Chapter and ISC2 Italian Chapter. Extensive educational activity at public authorities and SMEs. 2 patents. Active certifications: ERMCP, CISA, CISM, CGEIT, CRISC, Lead Auditor ISO 27001, Security+, CMMI appr, MCSASec 2003, Certificatore etico, IBM Cert Solution Architect, IBM_Cert_Specialist, 26/04/2017 Hybrid Cyber Warfare, dual risks? 2

CESMA Acronym of Centro Studi Militari Aeronautici Giulio Douhet, a non profit Think Tank of the Italian Air Force Association. Mission: to contribute to the diffusion of the Aerospace and Defence culture in Aerospace and Defence, both within Italy and internationally; to make studies, exchange ideas and discuss the trends of Defence and Aerospace, making a common space available to all Stakeholders (Air Force, Civil Aviation, Italian Space Agency, Air Component of the other Armed Forces, Industry, Academia, International and European Organizations) Vision: to be widely recognized, at the European and International level, as value providers for all the stakeholders and for the Italian nation. CESMA has organized and organize several workshops and lectures on UAVs, Space, History of the Italian Air Force, Military Ethics, Cyber, etc. www.cesmamil.org 26/04/2017 Hybrid Cyber Warfare, dual risks? 3

WG: "Cyber Hybrid Warfare and the aerospatial power: risks and opportunities" AGENDA Hybrid and Strategy Hybrid and Doctrine Hybrid and Satellite systems Hybrid and EW Hybrid and the NATO view Hybrid and Psychology Hybrid and Awareness Hybrid and Legal The work will be published in the next months, please ask to info@cesmamil.org 26/04/2017 Hybrid Cyber Warfare, dual risks? 4

Hybrid threats Hybrid is the new "buzzword" in the military field It is not obvious appearance of an asymmetric conflict No established doctrine, so there are no elements that allow a Commander to develop its campaign operations Exploitation of vulnerabilities on the target, using conventional and unconventional methods, to generate ambiguity to hinder decision-making processes generate surprise; seize the initiative; generate deception and ambiguity; avoid attribution of action; maximize deniability of responsibility for aggressive actions. 26/04/2017 Hybrid Cyber Warfare, dual risks? 5

Cyber threats Cyber threats resemble threats in the fifth dimension of warfare, as cyber warfare is often termed, and refer to a sustained campaign of concerted cyber operations against the IT (Sacha Bachman) Cyberspace is an enabler correlated with Air and Space, and not only It is an actual and concerning trend the use of cyber capabilities related with military of hybrid operations: the so-called "cyber dimension of Hybrid Warfare" Two perspectives: taking advantage of the opportunities of cyberspace as a domain for free, fast and effective communication use of cyberspace as an attack on warfare domain 26/04/2017 Hybrid Cyber Warfare, dual risks? 6

Risks military side Hybrid is the dark reflection of our comprehensive approach. We use a combination of military and non-military means to stabilize countries. Others use it to destabilize them. (Stoltenberg) http://www.nato.int/cps/en/natohq/opinions_118435.htm Hybrid Warfare as integration of tools, techniques, tactics, and procedures, conventional and un-conventional methods, use of regular forces and irregular, in a context of symmetrical and asymmetrical conflict, to gain strategic or tactical advantage, inflict damage and loss to the adversary, at minimal cost Un-conventional warfare = integration of various dimensions, not last the information dimension This is "Unrestricted warfare", "War beyond limits", as Chinese analysts indicate the integrated use of all the strength expressions of a nation 26/04/2017 Hybrid Cyber Warfare, dual risks? 7

Risks civilian side In June 2015 the European Council recalled the need to mobilize EU instruments to help counter hybrid threats. EU Commission - "Joint Framework on countering hybrid threats, a European Union response", Brussels, 6.4.2016 "While definitions of hybrid threats vary and need to remain flexible to respond to their evolving nature, the concept aims to capture the mixture of coercive and subversive activity, conventional and unconventional methods (i.e. diplomatic, military, economic, technological), which can be used in a coordinated manner by state or non-state actors to achieve specific objectives while remaining below the threshold of formally declared warfare." Many EU Member States face common threats, which can also target crossborder networks or infrastructures (SCADA) "How France's TV5 was almost destroyed by " "Cyberattack on a German steel-mill" Air Traffic control.. 26/04/2017 Hybrid Cyber Warfare, dual risks? 8

Opportunities Hybrid warfare strategy cooperation NATO with EU (Warsaw 2016) Threats reconnaissance National resilience of Critical Infrastructure and (Air) Defence Systems Rapid assessment and decision making National capabilities Fill the technology gaps with the industrial cooperation Improve application of IT standards (ISO27001, NIST Framework, ISO31000) Governance Threats management Consequence management No practical legal framework just to Tallinn Manual 2.0 Action 12: The Commission, in coordination with Member States, will work together with industry within the context of a contractual Public Private Partnership for cybersecurity, to develop and test technologies to better protect users and infrastructures against cyber aspects of hybrid threats. 26/04/2017 Hybrid Cyber Warfare, dual risks? 9

Questions? 26/04/2017 Hybrid Cyber Warfare, dual risks? 10

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback