Cybersecurity, competence and preparedness Hanne Tangen Nilsen – Chief Security Officer – Telenor Norway
160 years+ of communication and risk… Now: Very complex risk picture. High demands and expectations regarding uptime and normalization. The digital dependence makes society vulnerable in a new way. Before: Risks associated with manual operation. Higher tolerance for errors and time to normalize. The community was not dependent on services.
Protection of anything connected via ICT…
Risk management and management involvement Board of Directors Telenor ASA Strategic risk picture Top-down Corporation Norway Top Management Divisions Operational Units Departments Board of Directors Business Unit Risk Reporting Allocation and prioritisation Operational risk picture Bottom-up
We need to understand this – all of us…. Threat picture Vulnerabilities Security level needed Telenor Security Digital way of life Legislation and regulation Global business models
Security using intelligence to predict threats: Security the way most think:
The cyber threat revolution… but it started a long time ago Grafikk fra Lastline Inc. technical presentation
Who represents a threat? Hacktivism Organized Crime Crime & Fraud Contractors States* Advanced Persistent Threat Capacity and capability * … and state like entities…
The cyber kill chain; a typical attack Reconnaissance: Eg social manipulation Phishing: Mail still most common attack platform Infiltration: Users tricks to open attachments Backdoor: Actor gets accesses Lateral movement: Actor expand his rights Data collection: Colleting data, placement of new malware for later use+++ Exfiltration: Theft of data for intelligence or sale The best guys will not use code! Access is power. 9
No matter how robust; preparedness is main asset when it goes wrong…. Net operational center / Security operation center / CERT
Business Continuity in Telenor Norge Crisis Management Incident Management Operational management Business Continuity in Telenor Norge Reserve- / beredskapsutstyr Resources management Design of Networks and solutions Business Continuity: «The ability of Telenor to Ensure continuity and availability of service and support for customers, partners and the general public interest before, during and after a Crisis.» Innovation+++ Problem Management
In peace, crisis and times of war… Crisis Management is a management tool to help the normal organization! Crisis Management is an addition to, not a substitute for preparedness, spare equipment, aso. Incident handling and spare equipment Readiness and preparedness Normal situation Fallouts Crisis Terrorism War Crisis Management
CyberDawn 2013: One year of interesting work One year in depth planning; planning staff from security, operations, technology, customer care and communications Realistic and tested scenarios; we did break in to be sure the scenarios were realistic 6 week pre exercise; gave the parties a realistic geopolitical picture as background
No disruptive attack on Norwegian critical infrastructure so far… « …but are we prepared to handle it when it occurs? Are governmantal bodies prepared?»
We need to understand this – all of it…
Public/private cooperation needs culture for sharing Sharing without lack of time and context: Actionable information! Policy Will Based on: Competence Trust Legality 18
Who is in the National Cyber Situation Room (NCSR)? If we had one.. Challenge; The one in charge of NCSR would need advice from critical social actors and functions in order to establish adequate situational awareness. The one in charge of NCSR will need to gather players who understand the consequences of an event, as well as the relationships and dependencies across the cyber value chains. Must have a seat: Power grid owners and owners of national telecommunications infrastructure May have a seat – depending on the cyber situation and incident: Finance, Health Transportation Oil and gas Defence industry Food and supply industry Purpose: An advisory body across sectors to ensure an overall situational awareness before, during and after a crisis situation in the cyber domain.
Takk for oppmerksomheten!