A Global Approach to Protecting the Global Critical Infrastructure Dr. Stephen D. Bryen.

Slides:



Advertisements
Similar presentations
Secretariat for Multidimensional Security
Advertisements

Thai delegation Presentation at 4 th ARF seminar on Cyber-terrorism
Cyberterrorism. Critical Infrastructure Vulnerability.
Addressing Terrorist Use of the Internet, Cyber Crime and Other Threats: National Expert Workshop Forging a Comprehensive Approach to Cyber Security Richard.
DHS, National Cyber Security Division Overview
Management’s Role in Information Security V.T. Raja, Ph.D., Oregon State University.
CIAO July Critical Infrastructure Assurance Office Protecting America’s Cyberspace: Version 1.0 of the National Plan Jeffrey Hunker National.
SECR 5140-FL Critical Infrastructure Protection Dr. Barry S. Hess Spring 2 Semester Week 3: 1 April 2006.
June 9, 2003 Updated July 2004 Slide 1 Critical Infrastructure Assurance: The US Experience.
(Geneva, Switzerland, September 2014)
Value Chain Analysis Methods Getachew Legese Ethiopian Livestock Feed (ELF) Project.
Counter-Terrorism Implementation Task Force (CTITF) Open Briefing to Member States 27 July 2010 Conference Room 2 NLB.
IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.
Cracking down on international cyberterrorism
Experiences from establishing a national Centre for Information Security in Norway TERENA Networking Conference 2003 Maria Bartnes Dahl &
IT Security Policy in Japan 23 September 2002 Office of IT Security Policy Ministry of Economy, Trade and Industry JAPAN.
BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.
The U. S. National Strategy for Global Supply Chain Security Neema Khatri Office of International Affairs U.S. Department of Homeland Security.
ARTIFICIAL INTELLIGENCE IN HOMELAND SECURITY Patrick Hathaway CS572 – Advanced Artificial Intelligence.
Network Security Resources from the Department of Homeland Security National Cyber Security Division.
Isdefe ISXXXX XX Your best ally Panel: Future scenarios for European critical infrastructures protection Carlos Martí Sempere. Essen.
1 © 2003 Cisco Systems, Inc. All rights reserved. CIAG-HLS Security For Infrastructure Protection: Public-Private Partnerships KEN WATSON 15 OCT.
1 Information System Security Assurance Architecture A Proposed IEEE Standard for Managing Enterprise Risk February 7, 2005 Dr. Ron Ross Computer Security.
IAEA International Atomic Energy Agency IAEA Nuclear Security Programme Enhancing cybersecurity in nuclear infrastructure TWG-NPPIC – IAEA May 09 – A.
BOTSWANA NATIONAL CYBER SECURITY STRATEGY PROJECT
International Cyber Warfare and Security Conference Cyber Defence Germany's Analysis of Global Threats 19th November 2013, Ankara.
Information Warfare Playgrounds to Battlegrounds.
The NIGF CONFERENCE © 2013 ADDRESSING THE VULNERABILITY OF CRITICAL ICT INFRASTRUCTURE by Ernest Ndukwe, OFR Chairman Openmedia Communications Ltd 18 th.
Secure Connections for a Smarter World Dr. Shuyuan Mary Ho Assistant Professor School of Information Florida State University.
Critical Infrastructure Protection Critical Infrastructure Protection Private Sector Programs April 7, 2005 Rod Nydam, JD, GMU Law School Private Sector.
EECS 710: Information Security and Assurance Assignment #3 Brent Frye 10/13/
Recent Cyber Attacks and Countermeasures September 2006.
2011 East African Internet Governance Forum (EA – IGF) Rwanda Cyber briefing: Positive steps and challenges Didier Nkurikiyimfura IT Security Division.
Information Security: It’s Everyone’s Business September 16, 2003 Greg Garcia, Vice President, Information Security ITAA.
Chapter 2: Anatomy of the Problem Recent terrorist attacks and the raise in cyber attacks have raised concern about the need to protect the nation’s cyber.
CYBERWARFARE LAW AND POLICY PROPOSALS FOR U.S. AND GLOBAL GOVERNANCE By Stuart S. Malawer, J.D., Ph.D. Distinguished Service Professor of Law & International.
InfraGard A Government and Private Sector Alliance Information sharing begins with human relationships – people talking with people whom they trust. Information.
Randy Beavers CS 585 – Computer Security February 19, 2009.
Unclassified  1 Critical Infrastructure Protection Chuck Whitley EMS User’s Group June 9, 1999.
Advanced attack techniques Advanced attack techniques Increased by passing techniques against the existing detection methods such as IDS and anti- virus.
Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.
1 Washington State Critical Infrastructure Program “No security, No infrastructure” Infrastructure Protection Office Emergency Management Division Washington.
Governor’s Office of Homeland Security & Emergency Preparedness LOUISIANA BANKERS ASSOCIATION 2010 Louisiana Emergency Preparedness Coalition Meetings.
Cyber Attacks Threaten: privacy reliability safety resiliency 2.
Information Warfare Playgrounds to Battlegrounds.
Created by: Ashley Spivey For Department of Homeland Security All information from:
What is “national security”?  No longer defined only by threat of arms  It really is the economy  Infrastructure not controlled by the government.
Inter-American Committee against Terrorism CICTE primary forum for the Member State governments to promote national, regional and international.
SECR 5140-FL Critical Infrastructure Protection Dr. Barry S. Hess Spring 2 Semester Week 2: 25 March 2006.
NATIONAL CYBER SECURITY GOVERNANCE & EMERGING CYBER SECURITY THREATS
Chapter 17: Foreign Policy and National Defense Section 2.
Cyber Defense: The Industry point of view Asgeir Myhre Managing director Teleplan Globe AS (Norway)
V Global Forum on Fighting Corruption and Safeguarding Integrity – South Africa Trade and Customs Partnership to fight against corruption and safeguard.
EUROPEAN SECURITY POLICY A SNAPSHOT ON SURVEILLANCE AND PRIVACY DESSI WORKSHOP, CPH 24 JUNE 2014 Birgitte Kofod Olsen, Chair Danish Council for Digital.
INFORMATION ASSURANCE POLICY. Information Assurance Information operations that protect and defend information and information systems by ensuring their.
November 19, 2002 – Congress passed the Homeland Security Act of 2002, creating a new cabinet-level agency DHS activated in early 2003 Original Mission.
CPUC/CEC Adaptation Working Group Guido Franco Kristin Ralff-Douglas Team Lead Senior Policy Analyst Energy Commission Public Utilities Commission Climate.
Disaster and Emergency Management
Ken Watson 9 Sep 2003 Critical Infrastructure Assurance: Business Case for Public-Private Partnership Ken Watson 9 Sep 2003
About the NIS directive
CONFIDENTIALITY, INTEGRITY, LEGAL INTERCEPTION
AVI AFRIQUE October 2018 Tshepo Peege
The U.S. Department of Homeland Security
5/6/2019 Information Warfare Trends, Dangers, and the Impact for European Research Policy Dipl. Pol. Ralf Bendrath, Berlin FoG:IS ReG:IS Forschungsgruppe.
Deborah Housen-Couriel, ADV.
Discussion Government Private Business Tools for prevention Congress
Presentation transcript:

A Global Approach to Protecting the Global Critical Infrastructure Dr. Stephen D. Bryen

Scope of Problem Study of 4,900 computer professionals in 30 countries shows immense losses due to computer attacks … In the U.S. companies will buy $1.7 billion in security services by 2005 (up from $140 million in 1999)

Types of Information Warfare 3 Main Classes Class I --Privacy Attacks Class II –Espionage (public & private) Class III– Terror attacks against Critical Infrastructure

Nature of the Cyber Environment No borders or boundaries to defend Governments control only a part of the telecommunications/Internet environment Voluntary cooperation (at best)

Critical Infrastructure Concept put forward by President’s Commission on Critical Infrastructure Protection (1996)and reflected in PDD- 63 (U.S.) and Executive Order on Critical Infrastructure Protection in the Information Age ( October, 2001)

Critical Infrastructure Elements Information & Communications (telecom, networks, Internet) Electric Power (conventional, nuclear) Transportation Oil & Gas (supply, transport, refining, distribution) Banking and Finance Water & Emergency Services Government (+military) Manufacturing (Japan)

Lack of Success U.S. General Accounting Offices gives “failing grades” to government agency efforts to implement and protect networks, despite substantial funding plus ups August 2001 finds “significant and pervasive weaknesses” and “serious security problems”

Defining the Threat Structured (group, organization, government) Well financed Is a hostile actor Actor protects its team Backed up by intelligence agency or agencies or equivalent structure Shares intelligence with other countries, terrorists

Countermeasures Most solutions are technical. Most are product designs focused on “hackers” and not against structured hostile threat Today’s protective schemes include virus and intrusion detection, vulnerability testing, security patches, security policies Most schemes don’t protect well against insider threats (inside structured hostile threat)

Poor Linkages in Security Protection Schemes Most technical solutions suffer from a poor linkage between current intelligence (both law enforcement and national means) and off the shelf (COTS) solutions Most U.S. government agencies buy COTS security products (including military) Many technical solutions fail to protect networks from “novel” attacks

Linkages continued … Most commercial software takes a minimalist strategy toward security (e.g., Microsoft /browser, Microsoft Office, Sun Java) Virtually all commercial software is designed by engineers and programmers who have no security background or threat briefings

Current U.S. “Solution” Major funded initiative to enhance network security in government agencies Voluntary cooperation with private sector Effort to produce “government” (e.g., DITSCAP, HIPAA)security standards Limited international cooperation Not yet supporting ISO17799 (British Standard 7799)

An International “Solution” Cooperation in setting technical computer and network standards Formal certification and accreditation system applied to networks and security products International coordination in intelligence gathering, law enforcement

International “Solution” Underpinnings Agreement on common critical infrastructure model Trust and confidence building Active government participation at policy level Collective Security

A collective security agreement among the infrastructure stake holder countries An attack against the infrastructure of one is an attack against all and member states are obliged to cooperate fully to intercede against the source of the attack

Is it Possible? Thinking ahead – Start with a limited experiment to protect collectively telecommunications networks and military networks Expand if warranted to other parts of the critical infrastructure

Elements of the IO Member States political representatives supported by technical experts and commercial firms A Charter reflecting the collective security responsibilities of the Members A Secretariat and Staff to manage high level meetings and the IO’s committees

Elements of the IO A Secretary General of high rank to provide leadership and continuity for the IO Agreement to safeguard sensitive and timely information and means to secure information Vetting of staffs (reciprocal)

Organization Cyber Warning Center to coordinate intelligence about possible cyber attacks and identify probable origins of attacks Legal Affairs Coordinating Center for laws enforcement initiatives Business and Industry Cooperative Forum Technology Security Committee

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.