Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Global Approach to Protecting the Global Critical Infrastructure Dr. Stephen D. Bryen.

Published byBernard Bryan Hunter Modified over 8 years ago

Similar presentations

Presentation on theme: "A Global Approach to Protecting the Global Critical Infrastructure Dr. Stephen D. Bryen."— Presentation transcript:

1

2 A Global Approach to Protecting the Global Critical Infrastructure Dr. Stephen D. Bryen

3 Scope of Problem Study of 4,900 computer professionals in 30 countries shows immense losses due to computer attacks … In the U.S. companies will buy $1.7 billion in security services by 2005 (up from $140 million in 1999)

4 Types of Information Warfare 3 Main Classes Class I --Privacy Attacks Class II –Espionage (public & private) Class III– Terror attacks against Critical Infrastructure

5 Nature of the Cyber Environment No borders or boundaries to defend Governments control only a part of the telecommunications/Internet environment Voluntary cooperation (at best)

6 Critical Infrastructure Concept put forward by President’s Commission on Critical Infrastructure Protection (1996)and reflected in PDD- 63 (U.S.) and Executive Order on Critical Infrastructure Protection in the Information Age ( October, 2001)

7 Critical Infrastructure Elements Information & Communications (telecom, networks, Internet) Electric Power (conventional, nuclear) Transportation Oil & Gas (supply, transport, refining, distribution) Banking and Finance Water & Emergency Services Government (+military) Manufacturing (Japan)

8 Lack of Success U.S. General Accounting Offices gives “failing grades” to government agency efforts to implement and protect networks, despite substantial funding plus ups August 2001 finds “significant and pervasive weaknesses” and “serious security problems”

9 Defining the Threat Structured (group, organization, government) Well financed Is a hostile actor Actor protects its team Backed up by intelligence agency or agencies or equivalent structure Shares intelligence with other countries, terrorists

10 Countermeasures Most solutions are technical. Most are product designs focused on “hackers” and not against structured hostile threat Today’s protective schemes include virus and intrusion detection, vulnerability testing, security patches, security policies Most schemes don’t protect well against insider threats (inside structured hostile threat)

11 Poor Linkages in Security Protection Schemes Most technical solutions suffer from a poor linkage between current intelligence (both law enforcement and national means) and off the shelf (COTS) solutions Most U.S. government agencies buy COTS security products (including military) Many technical solutions fail to protect networks from “novel” attacks

12 Linkages continued … Most commercial software takes a minimalist strategy toward security (e.g., Microsoft email/browser, Microsoft Office, Sun Java) Virtually all commercial software is designed by engineers and programmers who have no security background or threat briefings

13 Current U.S. “Solution” Major funded initiative to enhance network security in government agencies Voluntary cooperation with private sector Effort to produce “government” (e.g., DITSCAP, HIPAA)security standards Limited international cooperation Not yet supporting ISO17799 (British Standard 7799)

14 An International “Solution” Cooperation in setting technical computer and network standards Formal certification and accreditation system applied to networks and security products International coordination in intelligence gathering, law enforcement

15 International “Solution” Underpinnings Agreement on common critical infrastructure model Trust and confidence building Active government participation at policy level Collective Security

16 A collective security agreement among the infrastructure stake holder countries An attack against the infrastructure of one is an attack against all and member states are obliged to cooperate fully to intercede against the source of the attack

17 Is it Possible? Thinking ahead – Start with a limited experiment to protect collectively telecommunications networks and military networks Expand if warranted to other parts of the critical infrastructure

18 Elements of the IO Member States political representatives supported by technical experts and commercial firms A Charter reflecting the collective security responsibilities of the Members A Secretariat and Staff to manage high level meetings and the IO’s committees

19 Elements of the IO A Secretary General of high rank to provide leadership and continuity for the IO Agreement to safeguard sensitive and timely information and means to secure information Vetting of staffs (reciprocal)

20 Organization Cyber Warning Center to coordinate intelligence about possible cyber attacks and identify probable origins of attacks Legal Affairs Coordinating Center for laws enforcement initiatives Business and Industry Cooperative Forum Technology Security Committee

Download ppt "A Global Approach to Protecting the Global Critical Infrastructure Dr. Stephen D. Bryen."

Similar presentations

Secretariat for Multidimensional Security

Secretariat for Multidimensional Security
Thai delegation Presentation at 4 th ARF seminar on Cyber-terrorism

Thai delegation Presentation at 4 th ARF seminar on Cyber-terrorism
Cyberterrorism. Critical Infrastructure Vulnerability.

Cyberterrorism. Critical Infrastructure Vulnerability.
Addressing Terrorist Use of the Internet, Cyber Crime and Other Threats: National Expert Workshop Forging a Comprehensive Approach to Cyber Security Richard.

Addressing Terrorist Use of the Internet, Cyber Crime and Other Threats: National Expert Workshop Forging a Comprehensive Approach to Cyber Security Richard.
DHS, National Cyber Security Division Overview

DHS, National Cyber Security Division Overview
Management’s Role in Information Security V.T. Raja, Ph.D., Oregon State University.

Management’s Role in Information Security V.T. Raja, Ph.D., Oregon State University.
CIAO.0209 - July 99 - 1 Critical Infrastructure Assurance Office Protecting America’s Cyberspace: Version 1.0 of the National Plan Jeffrey Hunker National.

CIAO July Critical Infrastructure Assurance Office Protecting America’s Cyberspace: Version 1.0 of the National Plan Jeffrey Hunker National.
SECR 5140-FL Critical Infrastructure Protection Dr. Barry S. Hess Spring 2 Semester Week 3: 1 April 2006.

SECR 5140-FL Critical Infrastructure Protection Dr. Barry S. Hess Spring 2 Semester Week 3: 1 April 2006.
June 9, 2003 Updated July 2004 Slide 1 Critical Infrastructure Assurance: The US Experience.

June 9, 2003 Updated July 2004 Slide 1 Critical Infrastructure Assurance: The US Experience.
(Geneva, Switzerland, September 2014)

(Geneva, Switzerland, September 2014)
Value Chain Analysis Methods Getachew Legese Ethiopian Livestock Feed (ELF) Project.

Value Chain Analysis Methods Getachew Legese Ethiopian Livestock Feed (ELF) Project.
Counter-Terrorism Implementation Task Force (CTITF) Open Briefing to Member States 27 July 2010 Conference Room 2 NLB.

Counter-Terrorism Implementation Task Force (CTITF) Open Briefing to Member States 27 July 2010 Conference Room 2 NLB.
IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.

IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.

Resiliency Rules: 7 Steps for Critical Infrastructure Protection.
Cracking down on international cyberterrorism

Cracking down on international cyberterrorism
1 2003-05-19 Experiences from establishing a national Centre for Information Security in Norway TERENA Networking Conference 2003 Maria Bartnes Dahl &

Experiences from establishing a national Centre for Information Security in Norway TERENA Networking Conference 2003 Maria Bartnes Dahl &
IT Security Policy in Japan 23 September 2002 Office of IT Security Policy Ministry of Economy, Trade and Industry JAPAN.

IT Security Policy in Japan 23 September 2002 Office of IT Security Policy Ministry of Economy, Trade and Industry JAPAN.
BITS Proprietary and Confidential © BITS 2003. Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.

BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.
The U. S. National Strategy for Global Supply Chain Security Neema Khatri Office of International Affairs U.S. Department of Homeland Security.

The U. S. National Strategy for Global Supply Chain Security Neema Khatri Office of International Affairs U.S. Department of Homeland Security.
ARTIFICIAL INTELLIGENCE IN HOMELAND SECURITY Patrick Hathaway CS572 – Advanced Artificial Intelligence.

ARTIFICIAL INTELLIGENCE IN HOMELAND SECURITY Patrick Hathaway CS572 – Advanced Artificial Intelligence.

Similar presentations

Ads by Google