Itu regional workshop

Similar documents
NATIONAL CYBER SECURITY STRATEGY. - Version 2.0 -

Cyber Security in Europe

RESOLUTION 130 (REV. BUSAN, 2014)

Package of initiatives on Cybersecurity

13967/16 MK/mj 1 DG D 2B

RESOLUTION 130 (Rev. Antalya, 2006)

ENISA EU Threat Landscape

Cybersecurity & Digital Privacy in the Energy sector

Brussels, 19 May 2011 COUNCIL THE EUROPEAN UNION 10299/11 TELECOM 71 DATAPROTECT 55 JAI 332 PROCIV 66. NOTE From : COREPER

COUNCIL OF THE EUROPEAN UNION. Brussels, 24 May /13. Interinstitutional File: 2013/0027 (COD)

THE CYBER SECURITY ENVIRONMENT IN LITHUANIA

Commonwealth Cyber Declaration

Promoting Global Cybersecurity

The challenges of the NIS directive from the viewpoint of the Vienna Hospital Association

COMMISSION RECOMMENDATION. of on Coordinated Response to Large Scale Cybersecurity Incidents and Crises

Cybersecurity governance in Europe. Sokratis K. Katsikas Systems Security Laboratory Dept. of Digital Systems University of Piraeus

Bradford J. Willke. 19 September 2007

ENISA & Cybersecurity. Dr. Udo Helmbrecht Executive Director, European Network & Information Security Agency (ENISA) 25 October 2010

CONCLUSIONS OF THE WESTERN BALKANS DIGITAL SUMMIT APRIL, SKOPJE

National CIRT - Montenegro. Ministry for Information Society and Telecommunications

Cybersecurity Strategy of the Republic of Cyprus

Society, the economy and the state depend on information and communications technology (ICT).

The commission communication "towards a general policy on the fight against cyber crime"

UN General Assembly Resolution 68/243 GEORGIA. General appreciation of the issues of information security

Cyber Security Strategy

Netherlands Cyber Security Strategy. Michel van Leeuwen Head of Cyber Security Policy Ministry of Security and Justice

Critical Infrastructure Protection (CIP) as example of a multi-stakeholder approach.

Cybersecurity in Asia-Pacific State of play, key issues for trade and e-commerce

Resolution adopted by the General Assembly on 21 December [on the report of the Second Committee (A/64/422/Add.3)]

A Strategy for a secure Information Society Dialogue, Partnership and empowerment

EU policy on Network and Information Security & Critical Information Infrastructures Protection

NIS Standardisation ENISA view

RESOLUTION 45 (Rev. Hyderabad, 2010)

COMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN

NATIONAL BROADBAND STRATEGY IN THE REGION OF CENTRAL AND SOUTH EAST EUROPE (overview, market structure, challenges, recommendations)

Provisional Translation

OAS Cybersecurity Capacity Building Efforts

Cyber Security Strategy

Presentation to the ITU on the Q-CERT Incident Management Team. Ian M Dowdeswell Incident Manager, Q-CERT

NEW INNOVATIONS NEED FOR NEW LAW ENFORCEMENT CAPABILITIES

Cybersecurity, Trade, and Economic Development

E-Signature Law of Iraq no. ( 78) of 2012

Fundamentals of Cybersecurity/CIIP. Building Capacity: Using a National Strategy & Self-Assessment

Cybersecurity for ALL

Leading the Digital Transformation from the Centre of Government

About Issues in Building the National Strategy for Cybersecurity in Vietnam

Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure

Protecting Critical Information Infrastructure in times of increasing cyber conflict

Call for Expressions of Interest

Caribbean Cyber Security: Not Only Government s Responsibility

SAINT PETERSBURG DECLARATION Building Confidence and Security in the Use of ICT to Promote Economic Growth and Prosperity

CIRT: Requirements and implementation

ENISA s Position on the NIS Directive

VdTÜV Statement on the Communication from the EU Commission A Digital Single Market Strategy for Europe

G8 Lyon-Roma Group High Tech Crime Subgroup

REGIONAL WORKSHOP ON E-COMMERCE LEGISLATION HARMONIZATION IN THE CARIBBEAN COMBATING CYBERCRIME: TOOLS AND CAPACITY BUILDING FOR EMERGING ECONOMIES

Securing Europe's Information Society

INDEPENDENT COMMUNICATIONS AUTHORITY OF SOUTH AFRICA(ICASA) CYBERSECURITY PRESENTATION AT SAIGF. 28 th November 2018

Directive on security of network and information systems (NIS): State of Play

Australian Government Cyber-security Activities in the Pacific

DIGITAL AGENDA FOR EUROPE

Global cybersecurity and international standards

WORKSHOP CYBER SECURITY AND CYBERCRIME POLICIES FOR AFRICAN DIPLOMATS. Okechukwu Emmanuel Ibe

European Directives and reglements for Information security

National Communications Authority

Critical Information Infrastructure Protection. Role of CIRTs and Cooperation at National Level

Establishing National Incident Response Capability for Viet Nam - VNCERT activities and challenges

10025/16 MP/mj 1 DG D 2B

Implementation Strategy for Cybersecurity Workshop ITU 2016

GLobal Action on CYbercrime (GLACY) Assessing the Threat of Cybercrime in Mauritius

National program of digital transformation

Draft Resolution for Committee Consideration and Recommendation

CERT.LV activities, role in Latvia and globally. Baiba Kaskina, CERT.LV , Sofia, Bulgaria

CSM-ACE 2010 KUALA LUMPUR CONVENTION CENTRE OCTOBER 2010

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

BRIEFING COMBATING CYBERCRIME: TOOLS AND CAPACITY BUILDING FOR EMERGING ECONOMIES. Geneva 18 April David Satola

INFORMATION SECURITY NO MORE THE CINDERELLA?

Cyber Security Roadmap

ISACA National Cyber Security Conference 8 December 2017, National Bank of Romania

ENISA Cooperation in the EU / NIS Directive

The Republic of Korea. economic and social benefits. However, on account of its open, anonymous and borderless

G7 Bar Associations and Councils

Angela McKay Director, Government Security Policy and Strategy Microsoft

Building digital competences in national and regional clusters

Rohana Palliyaguru Director -Operations Sri Lanka CERT CC APCERT AGM and Conference, 24 th October 2018 Shanghai, China MINISTRY OF TELECOMMUNICATION

Global Alliance Against Child Sexual Abuse Online 2014 Reporting Form

"DIGITAL GENEVA CONVENTION" IN TIMES OF CYBER (IN)SECURITY?

Cybersecurity in Government

Securing Europe s IoT Devices and Services

Concept Note: GIDC. Feasibility Study(F/S) on Government Integrated Data Center (GIDC) for the Republic of Nicaragua

EMPOWER PEOPLE IMPROVE LIVES INSPIRE SUCCESS

PROTECTING NATIONAL CRITICAL INFRASTRUCTURE AGAINST CYBER ATTACKS BEST PRACTICES RELATED TO TECHNOLOGY AND STANDARDS FROM EUROPE BANGKOK

3.4 The EU as a partner in cyber diplomacy and defence

Security and resilience in Information Society: the European approach

ITU-ACMA Asia Pacific Regulators Roundtable July 2014

Horizon 2020 Security

Germany: Report on Developments in the Field of Information and Telecommunications in the Context of International Security (RES 68/243),

Cyber Security Strategic Level Landscape in Poland. Krzysztof Silicki NASK Institute, Poland ENISA MB, EB

National Cyber Security Strategy - Qatar. Michael Lewis, Deputy Director

Towards an Egyptian Framework for CyberSecurity

Transcription:

Itu regional workshop "Key Aspects of Cybersecurity in the Context of Internet of Things (IoT) Natalia SPINU 18 September, 2017 Tashkent, Uzbekistan

AGENDA 1. INTRODUCTI ON 2. Moldovan public policy on cybersecurity 3. RECOMMEN DATIONS

Introduction

WHY THIS MATTERS TO YOU Growing space with rapid expansion Across all sectors: individuals, commerce, governments Growing pervasiveness in everything we do Many threats Cyber Security is an unclear concept Cyber is a chaotic and ungoverned environment Early stages of cyber expansion Cyber criminals, hacktivists, terrorists, state-sponsored, hackers, amateurs, insiders, trusted partners and many other Considerable uncertainty, broad scope, and ever-changing dimensions Cyber security definitions vary widely and lack true conformity Increasing tension between governments, individuals, private enterprises, commence. What is cyber defense? Technological advancement Fast and intense competition An uncertain future of the cyber domain, the internet and more Government roles increasing in number and importance

THE CYBER SECURITY CHALLENGE When In the Cyber world, security was an afterthought The Cyber world lacks a single central cyber architect The Cyber world is a system of insecure systems The Cyber world is not static but constantly evolving Innovation is constant, and highly unpredictable

WHY? 3) Complex Trust relationships between cyber domains Cyber security affects every person who Trust is foundational Who is not connected in some way? Uses a smart phone, computer, automated banking, GPS, and modern medicine Rapid expansion. The Internet of Things. Machine to machine interaction How do organizations find the right balance of trust, transparency, and privacy?

HOWEVER, WHAT DO WE KNOW ABOUT CYBERSPACE? Globally connected Contested environment Mostly in private hands Great deal of anonymity Changing environment New form of warfare? Fifth Domain

Moldovan public policy on cybersecurity

DIGITAL CONTEXT ICT contributes ~10% of GDP: 153 IT companies; 7 major ISPs; 3 mobile operators; Guvernamental Services 522 available 125 are electronic Mobile penetration 110%: High speed 3G internet access since 2008, 3.5G since 2010, 4G since 2012; DIGIT AL CONT EXT Internet penetration: Overall - 50%; Broadband 11%; Since 2010 some ISPs offer 100/100Mbit for 250 MDL (~13 USD); Infrastructure: Fiber link to 99% of localities, last mile is Ethernet; Separate 100Mbps dark fiber network serving central public administration

EVOLUTION of Moldovan Public Policy on Cybersecurity 1 2 3 4 5 2007: Law No. 241 of 15.11.2007 on electronic communications 2009: Law No. 20 of 03.02.2009 on preventing and combating cybercrime 2010: Government Decision No. 746 of 2010 "On the approval of the updated Individual Partnership Action Plan the Republic of Moldova - NATO" 2013: Government decision No. 857 of 31.10.2013 National Strategy for information society development 'Digital Moldova 2020' 2015: Government Decision 811 of 29.10.2015 National Programme on Cyber Security

DUALISM OF DEVELOPMENT VECTORS of Moldovan Public Policy on Cybersecurity OVERALL OBJECTIVE: To create secure environment for development of information society GOAL: To create and implement national cybersecurity management system 1 Digital Moldova 2020 2 NATIONAL PROGRAM ON CYBER SECURITY 2016 2020 Access and infrastructure Digital content and electronic services Capacities and utilization International cooperation Education, and continuous awareness Strengthening cyber defense capacities Preventing and combating cybercrime Creation of cybersecurity incident response team at national level Security and integrity of electronic communicatio ns networks and services Safe data processing, storage and access,

KEY ASPECTS of Moldovan Public Policy on Cybersecurity CYBE R SECU INTERNATIO RITY NAL COOPERATIO N

INTERNATIONAL COOPERATION Most active cooperation partners of Moldova on cybersecurity States and unions European Union United States South Korea Estonia Cybersecurity Community CSIRTs and CSIRT communities Specialized organizations Private companies Independent experts International CYBERSEC URITY COOPERAT ION International organizations International Telecommunication Union Organization for Security and Co-operation in Europe North Atlantic Treaty Organization United States Agency for International Development Council of Europe Regional Commonwealth in the field of Communications

MAIN CHALLENGE Insufficiency of international cooperation in identifying risks, vulnerabilities, other events occurring in the world cyberspace, and preventing cross-border cyber threats and attacks. National Programme on Cyber Security Government Decision 811 of 29.10.2015

INTERNATIONAL COOPERATION Approved course of actions Strengthening cooperation with international CSIRTs Signing cooperation agreements with US-CERT, NCERT and other CSIRTS Development of capacities for technical interaction Creation of platform for international consultation and coordination on cyber threats Development of Public- Private Cooperation Promotion of national interests at international arena Strengthening cooperation between national universities and leading EDUCATIONAL companies Establishing of contact points, organisation of regular meetings Promotion of national interests at international arena Development of cooperation with (ISC) 2, ISACA, SANS and other institutions

EDUCATION AND CONTINUOUS AWARENESS Core problems (1) Citizen are not conscious that their electronic devices might be already hacked In spite of a big number of cybersecurity victims, only a few citizen are conscious that their electronic devices (mobile phones, tablets, notebooks, computers, etc.) might be compromised by cyber attacks through the Internet. That fact significantly contributes to the grow of cyber crimes exploiting the vulnerability of human character. (National Program on Cybersecurity) (2) Lack of continuous education and awareness in cybersecurity area

EDUCATION AND CONTINUOUS AWARENESS Policy plan Awareness campaigns Educational curriculum Awareness portal Competence requirements Cybersecurity trainings Cybersecurity laboratory Development of awareness in the regard of existing risks of cyberspace Augmentation of cybersecurity educational curriculum Creation of awareness portal for informing about current cyber threats Adoption of the requirements to the competence of employees in cybersecurity domain both in private and public sectors Organization and implementation of trainings and workshops on cybersecurity for public and private personnel, holders of critical infrastructure Creation of cybersecurity laboratory

EDUCATION AND CONTINUOUS AWARENESS Policy implementation achievements. Cybersecurity trainings Joint educational activities supported by EU

POLICY IMPLEMENTATION ACHIEVEMENTS Supported by Nato Operational since 6 th oct 2016 State-OFart Technology Located at Technical University of moldova Through red/blue team exercises Advanced Cyber training capacities

RECOMMENDATI ONS

RECOMMENDATIONS Tips for Implementing a Cybersecurity Program FOCUS ON CRITICAL INFORMATION EVALUATE A CYBER INCIDENT RESPONSE PLAN LOOK OVER THE BUDGET BE INFORMED ABOUT KEY RISK INDICATORS WORK WITH INTERNAL AND EXTERNAL SPECIALISTS FOLLOW THE SAFTEY RULES OF EXTERNAL PROVIDERS COMPLY WITH LAWS/ REGULATIONS FOR CYBERSECURITY What effect does an attack on your business have and what can be done about it? What vulnerabilities have been identified and how have they been resolved? Is the cybersecurity budget being used appropriately? Do you know enough about defence, monitoring, risk and data protection? Are you constantly being briefed on new developments in technology and cybersecurity? What are the privacy and security policies of external providers? Do they meet your requirements? Are you keeping up-to-date with the latest cyber threats and new laws?

RECOMMENDATIONS Tips for dealing with challenges CHALLENGES Change the mass culture Keep the cyber strategy in mind Ensure effective national and international collaboration Allocate resources and budgets Understand the influence of newly emerged cyber threats

THANK YOU! Natalia SPINU natalia.spinu@cts.md natalia.spinu@cert.gov.md

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback