Cybersecurity, competence and preparedness

Slides:



Advertisements
Similar presentations
Its a new digital world with new digital dangers….
Advertisements

Philippine Cybercrime Efforts
1 Protecting the Long Island Business Community A Public Safety Partnership.
“High Performing Financial Institutions and the Keys to Success in an Uncertain Environment”
DHS, National Cyber Security Division Overview
Greg Shaw How do we turn private sector preparedness into an investment rather than a cost of doing.
PPA 573 – Emergency Management and Homeland Security Lecture 9b - Department of Homeland Security Strategic Plan.
National Institute of Standards and Technology Computer Security Division Information Technology Laboratory Threat Information Sharing; Perspectives, Strategies,
How to better protect the business - Introduction based on findings of SUPPORT Delft, May 9, 2012 Henk van Unnik Senior advisor, Securitas Maritime & Logistics.
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.
Experiences from establishing a national Centre for Information Security in Norway TERENA Networking Conference 2003 Maria Bartnes Dahl &
© 2014 The MITRE Corporation. All rights reserved. Greg Nelson June 23, 2014 Aviation Safety Information Analysis and Sharing (ASIAS) Overview.
Isdefe ISXXXX XX Your best ally Panel: Future scenarios for European critical infrastructures protection Carlos Martí Sempere. Essen.
1 © 2003 Cisco Systems, Inc. All rights reserved. CIAG-HLS Security For Infrastructure Protection: Public-Private Partnerships KEN WATSON 15 OCT.
IAEA International Atomic Energy Agency IAEA Nuclear Security Programme Enhancing cybersecurity in nuclear infrastructure TWG-NPPIC – IAEA May 09 – A.
BOTSWANA NATIONAL CYBER SECURITY STRATEGY PROJECT
Kim Andreasson Managing Director DAKA advisory AB Bahrain International eGovernment Forum Kingdom of Bahrain 8-10 April 2013 Measuring E-Government.
Information Warfare Playgrounds to Battlegrounds.
Presentation of projects’ ideas. 1. Madrid Network “A public-private network which aim is to contibute actively to position Madrid Region in the top.
Jerry Cochran Principal Security Strategist Trustworthy Computing Group Microsoft Corporation.
Recent Cyber Attacks and Countermeasures September 2006.
Information Security: It’s Everyone’s Business September 16, 2003 Greg Garcia, Vice President, Information Security ITAA.
℠ Pryvos ℠ Computer Security and Forensic Services May 27, 2015 Copyright © 2015 Pryvos, Inc. 1.
Frankfurt (Germany), 6-9 June 2011 Iiro Rinta-Jouppi – Sweden – RT 3c – Paper 0210 COMMUNICATION & DATA SECURITY.
Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.
The information contained in this document is confidential, for internal use only, and may not be distributed outside Ministry of Transport and Communications.
Hurdles in implementation of cyber security in India.
Information Warfare Playgrounds to Battlegrounds.
FFIEC Cyber Security Assessment Tool
UNCLASSIFIED 1 National Security in Cyberspace: It Takes a Nation Sandra Stanar-Johnson NSA/CSS Representative to the Department of Homeland Security February.
NATIONAL CYBER SECURITY GOVERNANCE & EMERGING CYBER SECURITY THREATS
SPANISH NATIONAL POLICE INNOVATION & DEVELOPMENT SERVICE LOGISTICS GENERAL DIRECTORATE SMI2GS - H2020, BRUSSELS 26 & 27 February 2016 H2020 (CALL 2016)
Regional Telecommunications Workshop on FMRANS 2015 Presentation.
Homeland Security, First Edition © 2012 Pearson Education, Inc. All rights reserved. Overview of National Infrastructure Protection CHAPTER 3.
EUROPEAN SECURITY POLICY A SNAPSHOT ON SURVEILLANCE AND PRIVACY DESSI WORKSHOP, CPH 24 JUNE 2014 Birgitte Kofod Olsen, Chair Danish Council for Digital.
HSCIC Cyber Security Presented by: Richard Ives - Stakeholder Engagement Manager IGA Conference - 16 Mar 2016.
April 19 th, 2016 Governors Homeland Security and All-Hazards Cyber Security Sub-Committee.
Cyber Security Phillip Davies Head of Content, Cyber and Investigations.
Proactive Incident Response
Broadband Challenges 2017 Christopher Tamarin
Horizon 2020 Secure Societies European Info Day and Brokerage Event
Information Security – Current Challenges
Q & A Overview of the Coalition Surge Test (CST)
Crisis management related research at
INFORMATION SECURITY IN ARMENIA: PRESENT STATUS AND TASKS
Information Technology Sector
Cyber Security: State of the Nation
Teri Takai EXECUTIVE DIRECTOR, CENTER FOR DIGITAL GOVERNMENT.
Cyber Security coordination in Europe CERT-EU’s perspective
Managing Information Technology
8 Building Blocks of National Cyber Strategies
How to approach a top-down call topic in Horizon 2020?
2017 Health care Preparedness and Response Draft Capabilities
Cybersecurity at PJM Jonathon Monken
ROB PROW MIPI/MCMI ALTERNATIVE SOLUTIONS LIMITED
PGE Chris Nolke, Director of Cybersecurity
Cybersecurity Threats and Opportunities in Latin America
Marketing in Today’s Economy
The U.S. Department of Homeland Security
Road Infrastructure for Road Vehicles Automation
The European Union response to cyber threats
Community of Users.
Computer Emergency Response Team
Securing Critical Chemical Assets: The Responsible Care® Security Code
The CYBERWISER.eu project
National Information Assurance (NIA) Policy
Cybersecurity at PJM Jonathon Monken
Public- Private Partnerships: Key Drivers of Disaster Supply Chains
Deborah Housen-Couriel, ADV.
Thames Valley Chamber / Claire Logic
Presentation transcript:

Cybersecurity, competence and preparedness Hanne Tangen Nilsen – Chief Security Officer – Telenor Norway

160 years+ of communication and risk… Now: Very complex risk picture. High demands and expectations regarding uptime and normalization. The digital dependence makes society vulnerable in a new way. Before: Risks associated with manual operation. Higher tolerance for errors and time to normalize. The community was not dependent on services.

Protection of anything connected via ICT…

Risk management and management involvement Board of Directors Telenor ASA Strategic risk picture Top-down Corporation Norway Top Management Divisions Operational Units Departments Board of Directors Business Unit Risk Reporting Allocation and prioritisation Operational risk picture Bottom-up

We need to understand this – all of us…. Threat picture Vulnerabilities Security level needed Telenor Security Digital way of life Legislation and regulation Global business models

Security using intelligence to predict threats: Security the way most think:

The cyber threat revolution… but it started a long time ago Grafikk fra Lastline Inc. technical presentation

Who represents a threat? Hacktivism Organized Crime Crime & Fraud Contractors States* Advanced Persistent Threat Capacity and capability * … and state like entities…

The cyber kill chain; a typical attack Reconnaissance: Eg social manipulation Phishing: Mail still most common attack platform Infiltration: Users tricks to open attachments Backdoor: Actor gets accesses Lateral movement: Actor expand his rights Data collection: Colleting data, placement of new malware for later use+++ Exfiltration: Theft of data for intelligence or sale The best guys will not use code! Access is power. 9

No matter how robust; preparedness is main asset when it goes wrong…. Net operational center / Security operation center / CERT

Business Continuity in Telenor Norge Crisis Management Incident Management Operational management Business Continuity in Telenor Norge Reserve- / beredskapsutstyr Resources management Design of Networks and solutions Business Continuity: «The ability of Telenor to Ensure continuity and availability of service and support for customers, partners and the general public interest before, during and after a Crisis.» Innovation+++ Problem Management

In peace, crisis and times of war… Crisis Management is a management tool to help the normal organization! Crisis Management is an addition to, not a substitute for preparedness, spare equipment, aso. Incident handling and spare equipment Readiness and preparedness Normal situation Fallouts Crisis Terrorism War Crisis Management

CyberDawn 2013: One year of interesting work One year in depth planning; planning staff from security, operations, technology, customer care and communications Realistic and tested scenarios; we did break in to be sure the scenarios were realistic 6 week pre exercise; gave the parties a realistic geopolitical picture as background

No disruptive attack on Norwegian critical infrastructure so far… « …but are we prepared to handle it when it occurs? Are governmantal bodies prepared?»

We need to understand this – all of it…

Public/private cooperation needs culture for sharing Sharing without lack of time and context: Actionable information! Policy Will Based on: Competence Trust Legality 18

Who is in the National Cyber Situation Room (NCSR)? If we had one.. Challenge; The one in charge of NCSR would need advice from critical social actors and functions in order to establish adequate situational awareness. The one in charge of NCSR will need to gather players who understand the consequences of an event, as well as the relationships and dependencies across the cyber value chains. Must have a seat: Power grid owners and owners of national telecommunications infrastructure May have a seat – depending on the cyber situation and incident: Finance, Health Transportation Oil and gas Defence industry Food and supply industry Purpose: An advisory body across sectors to ensure an overall situational awareness before, during and after a crisis situation in the cyber domain.

Takk for oppmerksomheten!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.