Challenges in Developing National Cyber Security Policy Frameworks

Similar documents
Security and resilience in Information Society: the European approach

Background. Threats. Present Status. Challenges and Strategies 9/30/2009 TRAI 2

Commonwealth Cyber Declaration

EU policy on Network and Information Security & Critical Information Infrastructures Protection

About Issues in Building the National Strategy for Cybersecurity in Vietnam

SAINT PETERSBURG DECLARATION Building Confidence and Security in the Use of ICT to Promote Economic Growth and Prosperity

COMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN

We are in the Network Economy. Policy and Regulatory Challenges Facing the NGN. Network Economy. Communications Infrastructure

Cyber Security and Cyber Fraud

Outreach and Partnerships for Promoting and Facilitating Private Sector Emergency Preparedness

Critical Infrastructure Protection (CIP) as example of a multi-stakeholder approach.

NATIONAL CYBER SECURITY STRATEGY. - Version 2.0 -

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

Brussels, 19 May 2011 COUNCIL THE EUROPEAN UNION 10299/11 TELECOM 71 DATAPROTECT 55 JAI 332 PROCIV 66. NOTE From : COREPER

Cybersecurity in Asia-Pacific State of play, key issues for trade and e-commerce

The NIS Directive and Cybersecurity in

The European Policy on Critical Information Infrastructure Protection (CIIP) Andrea SERVIDA European Commission DG INFSO.A3

Safeguarding company from cyber-crimes and other technology scams ASSOCHAM

RESOLUTION 45 (Rev. Hyderabad, 2010)

Governance Ideas Exchange

Legal Foundation and Enforcement: Promoting Cybersecurity

Next Generation Networks (NGN): Quality of Service Issues & Consumer Protection. Session No 6 (Day 2)

Promoting Global Cybersecurity

Cyber security: a building block of the Digital Single Market

National Cybersecurity preparation to deal with Cyber Attacks

Supply Chain Integrity and Security Assurance for ICT. Mats Nilsson

Australian Government Cyber-security Activities in the Pacific

Enhancing infrastructure cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

The challenges of the NIS directive from the viewpoint of the Vienna Hospital Association

Critical Infrastructure Analysis and Protection - A Case for Secure Information Exchange. August 16, 2016

Future and Emerging Threats in ICT

Doug Couto Texas A&M Transportation Technology Conference 2017 College Station, Texas May 4, 2017

Universal Trusted Service Provider Identity to Reduce Vulnerabilities

Security Standardization and Regulation An Industry Perspective

RESOLUTION 130 (REV. BUSAN, 2014)

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

Information Security Management Systems Standards ISO/IEC Global Opportunity for the Business Community

Cyber fraud and its impact on the NHS: How organisations can manage the risk

Principles for a National Space Industry Policy

The NIST Cybersecurity Framework

ENISA EU Threat Landscape

Thailand Initiatives and Challenges in Cyber Terrorism

21ST CENTURY CYBER SECURITY FOR MEDIA AND BROADCASTING

Cyber Security: Threat and Prevention

Valérie Andrianavaly European Commission DG INFSO-A3

Cybersecurity Risk Management:

Caribbean Cyber Security: Not Only Government s Responsibility

The Australian Government s Approach to Critical Infrastructure Resilience

RESOLUTION 130 (Rev. Antalya, 2006)

Presented by: Njei Check Head, Audit Security Division, ANTIC

Cybersecurity Standards Coordination and Deployment Strategies: CITEL Initiatives

Systemic Analyser in Network Threats

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

Innovation policy for Industry 4.0

National Policy and Guiding Principles

Keynotes. Mobile Version Subscribe Contact Us About Us Advertising Editorial SC UK SC Aus/NZ

Cybersecurity for ALL

EUROPEAN COMMISSION JOINT RESEARCH CENTRE. Information Note. JRC activities in the field of. Cybersecurity

Cyber Security in Europe

Plenipotentiary Conference (PP- 14) Busan, 20 October 7 November 2014

Cybersecurity & Spam after WSIS: How MAAWG can help

Kaspersky Security. The Power to Protect Your Organization

Module 4: ICT Trends for Government Leaders

Data Governance for Smart City Management

COUNTERING COUNTERING SPAM IN A DIGITAL WORLD

How DDoS Mitigation is about Corporate Social Responsibility

Special Action Plan on Countermeasures to Cyber-terrorism of Critical Infrastructure (Provisional Translation)

Security and networks

Version 11

NIS Standardisation ENISA view

Future-Proof Security & Privacy in IoT

Cyber Crime Update. Mark Brett Programme Director February 2016

KENYA YOUR RELIABLE PARTNER AT THE ITU. Candidate for the ITU Council in Region D

Cybersecurity. Securely enabling transformation and change

13967/16 MK/mj 1 DG D 2B

World Broadcasting Unions Cyber Security Recommendations

Building digital societies in Asia: mobile government and m-services

ICTS for SUSTAINABLE DEVELOPMENT IN ASIA PACIFIC ITU ASIA & THE PACIFIC REGIONAL DEVELOPMENT FORUM

Certified Cyber Security Analyst VS-1160

CCISO Blueprint v1. EC-Council

The modern car has 100 million lines of code and over half of new vehicles will be connected by 2020.

European Union Agency for Network and Information Security

INFORMATION SECURITY NO MORE THE CINDERELLA?

Energy Assurance Energy Assurance and Interdependency Workshop Fairmont Hotel, Washington D.C. December 2 3, 2013

CITEL s s Focus on Cybersecurity and Critical Infrastructure Protection CITEL

Information Security Controls Policy

STATUS OF SPECTRUM MANAGEMENT

Medical Device Cybersecurity: FDA Perspective

Liberia ICT Policy

A Strategy for a secure Information Society Dialogue, Partnership and empowerment

NATIONAL BROADBAND POLICY AND IMPLEMENTATION STRATEGY. Task Team Leader

PacNOG-21. Migrating to IPv6 : Experiences from Asia-Pacific

Key Findings from the Global State of Information Security Survey 2017 Indonesian Insights

India s National Policy On. Information Technology. Ajay Sawhney, President & CEO, National egovernance Division, Dept of IT

Cybersecurity. Anna Chan, Marketing Director, Akamai Technologies

Presented by Ingrid Fredeen and Pamela Passman. Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0

NIS-Directive and Smart Grids

STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE

2017 Company Profile

Package of initiatives on Cybersecurity

Transcription:

Challenges in Developing National Cyber Security Policy Frameworks Regional Workshop on Frameworks for Cybersecurity and Critical Information Infrastructure Protection William McCrum Deputy Director General Telecom Engineering Industry Canada 28 August 2007 1

Millions of users 2500 2000 1500 1000 500 0 546 572 16 23 4.4 7 A global information society Growth of the information society 1991-2006 Main Telephone Lines Internet Users Mobile Subscribers 1405 1263 1162 1207 1140 1053 983 846 905 955 1086 738 792 643 689 964 604 740 863 490 724 318 619 215 502 145 34 56 91 399 10 21 40 74 277 117 183 emerging 1752 2137 1991 1992 1993 1994 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 1093 Sources: ITU, 2006, Internet World Statistics, January 11, 2007 Notes: Internet Users data 1991-2005 (ITU), 2006 estimate (Internet World Statistics) 2

ICTs at the centre the global information society Power/ Electricity Retail / Service Industries Banking and Finance National Defence Biotech / Life Sciences Automotive and Manufacturing Water/Sewage Information and Communication Technologies (ICTs) Healthcare Education Transportation Air Traffic Control Home / Work Oil and Gas Public Safety / Law Enforcement Information and and Communication Technologies (ICTs) power the the global information society 3

Critical infrastructures dependent on ICT infrastructure Retail Finance Mfg. Transport Energy Public Safety ICT Infrastructure Trust and and confidence demands strict protection of of critical information by by means of of secure access, distribution, and and transmission 4

We are moving to an XoIP world Top-down: What the network thinks you want, when they think you want it and in the format they want TV content on cable or over the air Radio show on radio Books in the bookstore or library Snail mail rain or shine Voice by monopoly phone provider Choice: What you want, when you want it, from anywhere All content and services available online Choice of receptors: computers, cell-phones, blackberry, ipods October 12, 2005 First TV network show available for download through itunes 45 million downloads to date (as of Sept 2006, USA only) Consumer pull and and freedom of of choice --rather than than technology push 5

where everyone and everything is connected Internet Things Ecosystem of the Internet of Things Source: ITU, 2005 Smart tech Human Body Wireless sensors 2G mobile 3G+ mobile Human Being Satellite RFID Nanotech xdsl WiMAN WiLAN Cable A world of of inter-connected devices and and objects 6

The wireless revolution is here Wireless technologies and and the the mobile Internet is is revolutionizing communications globally 7

ICT infrastructure in transition Past Future PSTN VoIP CATV Internet Broadband VoD WWW, Corporate Intranets Converged IP Network Wireless & Satellite CDMA, GSM Convergence leads to to network complexity; the the network becomes inherently less less secure 8

Trust and confidence in ICT infrastructure Privacy and online security concerns Privacy and security fears discouraging e-commerce in Canada Users changing their online behaviour due to security concerns Consumers losing trust in online banking Online threats continue to evolve Spam is clogging the networks and increasing costs Spyware, adware and zombies Identity theft and cybercrime E-mail fraud, e-commerce attacks and extortion Malicious attacks on networks Virus, worms, denial of service attacks, malware Maintaining trust trust and and confidence in in the the ICT ICT infrastructure is is a challenge 9

Changing security environment Natural Disasters Malware Vulnerabilities Identity Theft Phishing Worms / Viruses Pandemics Terrorism ICT Infrastructure BotNets Spam Privacy Accidental Sophistication Social Interdependencies Outcome Communications Economic Manmade Magnitude Trust & Confidence Exacerbating Factors National Security 10

New breed of cyber attackers Disorganized attacker Challenge/pride motivated Individuals or small groups Hacks (e.g., DoS, disruptions, defacements) Cyber criminals Profit motivated Extend fraud/theft activities White collar crime Cyber-extortion Jurisdictional arbitrage Money-laundering New New breed of of cyber attackers with with different motivations 11

More sophisticated threats Evolving trojans Morphing trojans Targeted trojans More sophisticated botnets Evolving spam Wireless messaging spam Image spam Number of new TrojWare programs Jan 2003-Nov 2006 (Kaspersky Lab) Detecting threats/attacks and and mitigating their their impacts presents many challenges, particularly where multiple files, files, processes and and registry components are are involved 12

New vulnerabilities Percentage 25.00 20.00 15.00 10.00 5.00 0.00 Vulnerability Trends 2001 2002 2003 2004 2005 2006 Year XSS sql-inject php-include buf dot Over last 5 years, 75% of exploited vulnerabilities were in web application and clients Vulnerabilities that could be exploited remotely topped 88% in 2006 Vulnerability exploits have shifted away from from networks and and operating systems towards web web applications and and clients 13

Challenges in securing the ICT infrastructure Increased service and device complexity More services, new means of service delivery Overlap between fixed and mobile services; Overlap between telecommunications, broadcasting and Internet domains Complex interconnections needed between distributed intelligent devices Multi-vendor product interoperability New competitors and more complex relationships between competitors Globalization impacts and pressures Global mobility Internet governance National security and public safety concerns and its impact in international setting Maintaining trust and confidence in changing security environment New threats and vulnerabilities such as malware, viruses, spam, spit, spim, phishing, spoofing, denial of service cyber-terrorism, fraud The The most important issue is is to to assure the the cyber security of of the the ICT ICT infrastructure 14

Stakeholders Public Policy Regulation Government establishes public policy and sets regulation to safeguard ICT infrastructures Users (both enterprises and individuals) implement policies to secure their portion of the ICT infrastructure User Application / Content Providers Service Provider Vendors Network Provider Application and content providers deliver tools and products to end users to help safeguard the ICT infrastructure Service and network providers typically own the bulk of the ICT infrastructure assets and take steps to secure and safeguard the network Vendors build tools and products to help secure the ICT infrastructure Continual dialogue between all all stakeholders required to to secure ICT ICT infrastructure 15

Access and adoption National cyber security policy frameworks Encourage all stakeholders to use and deploy secure ICT infrastructure Marketplace and business environments Improve marketplace and promote business environments that foster secure ICT infrastructures Innovation Enable innovation to improve the security of the ICT infrastructures Key Key elements of of national cyber security frameworks address the the challenges of of securing critical infrastructures 16

Access and adoption Provide incentives for secure access infrastructure to be developed and deployed Provide computer support and training Helps users to take advantage of emerging opportunities in the new global knowledgebased economy Promote e-commerce and electronic access to government services Secure universal access is is a bridge to to economic and and social inclusion 17

Access and adoption Other policy framework elements Protect users and safeguard the ICT infrastructure Establish national Cyber Security Emergency Response Team (CERT) Establish cyber security best practices for all application, service and network providers Adopt guidelines for securing ICT infrastructures Promote cyber security information sharing between stakeholders Organize round table exchanges and communities of interest Raise awareness of cyber risks and cyber security protection strategies Develop advertising campaigns that alert users to risk and mitigation Establish hotlines for users to deal with cyber security threats, attacks, fraud National policies help help protect both both users and and the the ICT ICT infrastructure 18

Security awareness education essential for all And And still still Social Engineering is is a major challenge for for all all 19

Marketplace and business environment Improve marketplace environment for secure ICT infrastructures Develop expertise to analyse policy and regulatory impacts of new competitive environments, new service offerings, and new spectrum needs Establish government procurement policies that promote secure ICT infrastructures Consider regulatory requirements for minimum cyber security levels Evaluate use of Common Criteria standards Promote secure ICT infrastructure business environment Encourage ICT infrastructure security standards development Global standards have key key role role in in securing ICT ICT infrastructure 20

Importance of standards development In an increasingly open free-market economy, the role of standards become key Accelerate adoption of new technology Ensure interoperability between competing platforms and technology Link supply chains Increase market efficiency Facilitate regulatory compliance Examples ITU-T Study group 17 is lead Study Group on telecommunications security International standard (ISO/IEC 15408) sets a framework for specification and evaluation of security requirements Security standardization objectives: responsive, efficient, productive, inclusive 21

Example national cyber security policy frameworks Canada (National Security Policy, 2004) United Kingdom (Protecting our Information Systems, 2003) US (National Strategy to Secure Cyber Space, 2003) Common element: focus on on discrete cyber security initiatives Australia (E-Security National Agenda, 2001) 22

Summary Critical infrastructures are dependent on a secure ICT infrastructure The ICT infrastructure itself is evolving into a converged network, leading to challenges of interoperability and security An ever changing security environment makes it difficult to maintain users trust and confidence in critical infrastructures Continual dialogue between all stakeholders users, provider, vendors, governments is required to meet these challenges National cyber security policy frameworks contain elements that Encourage access and adoption of secure ICT assets Improve marketplace and promote business environments that help secure ICT infrastructures Enable innovation to improve the security of the ICT infrastructures International collaboration and and sharing of of national cyber security frameworks help help strengthen global ICT ICT infrastructure 23

Contact Bill McCrum Telecommunications Engineering and Certification Industry Canada +1 613 990-4493 mccrum.william@ic.gc.ca 24

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback