RACVIAC SEE Centre for Security Cooperation &

Slides:



Advertisements
Similar presentations
Philippine Cybercrime Efforts
Advertisements

Critical Infrastructure Protection Policy Priorities Sara Pinheiro European Commission DG Home Affairs.
MINISTRY OF NATIONAL DEFENCE REPUBLIC OF POLAND CLASSIFIED INFORMATION PROTECTION DEPARTMENT COL. PIOTR GRZYBOWSKI, Director, Classified Information Protection.
EMAS III: A mature instrument for new challenges Soledad BLANCO Director, Directorate Industry DG Environment.
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
Strategy and Policy Unit: Current Activities and Future Tasks
NIS Directive and NIS Platform
National CIRT - Montenegro “Regional Development Forum” Bucharest, April 2015 Ministry for Information Society and Telecommunications.
National Cybersecurity Management System
WORKSHOP ON DEVELOPING NATIONAL CRITICAL INFRASTRUCTURE PROTECTION IN SERBIA – ROLE OF PRIVATE SECURITY COMPANIES CoESS and developing critical infrastructure.
European Union Agency for Network and Information Security Follow ENISA: ENISA and standards Sławomir Górniak European Union Agency.
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.
Opportunities of ICT sector The Ministry of Information Technologies & Communications Ms. Dona ŞCOLA, Deputy Minister.
EU’s Information Security Expectations Aleksandar Klaić Office of the National Security Council – Croatian National Security Authority (NSA)
12/12/2013 Cluster Workshop on Cybersecurity 1 Michele Bezzi (SAP) Kazim Hussain (ATOS) SecCord & CYSPA Projects.
BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.
Isdefe ISXXXX XX Your best ally Panel: Future scenarios for European critical infrastructures protection Carlos Martí Sempere. Essen.
Programming of International Development Assistance Donor Sectoral Meeting Ministry of Interior September 17, 2007.
Introduction to the National Cybersecurity & Communications Integration Center (NCCIC) “A Partnership for Strength” 1.
International Cyber Warfare and Security Conference Cyber Defence Germany's Analysis of Global Threats 19th November 2013, Ankara.
Australia Cybercrime Capacity Building Conference April 2010 Brunei Darussalam Ms Marcella Hawkes Director, Cyber Security Policy Australian Government.
Conclusions for the New NATO Members from the UK Experience in Defence Research and Development Author: Ventzislav Atanassov, MSc in Ec., MCSc.
A National approach to Cyber security/CIIP: Raising awareness.
An Analysis of the Cyber Security Strategy (2008) of Estonia Based in part on ITU Q.22/1 Report On Best Practices For A National Approach To Cybersecurity:
12th Environmental P.f.P. Conference U.S./C.E.E. - Bucharest, ROMANIA 31 MAY-04 JUNE EUROPEAN UNION & ENVIRONMENTAL MANAGEMENT SYSTEMS (E.M.S.)
1 The Bulgarian Model for R&D Management in Support of Defence Industry Presented by Assoc. Prof. Dr Tsvetan Tsvetkov UNWE-DNRS
2011 East African Internet Governance Forum (EA – IGF) Rwanda Cyber briefing: Positive steps and challenges Didier Nkurikiyimfura IT Security Division.
UK Cyber Security Caley Robertson
Piemonte Workshop 1 11 September 2006 Paolo Salieri European Commission DG ENTR-H4 Security research in FP7.
“The Quality Infrastructure in Lebanon” Export Norms, Quality Control and Competitiveness FUTURE PROGRAMME Prepared By Ali Berro Director of Quality Programme.
A Global Approach to Protecting the Global Critical Infrastructure Dr. Stephen D. Bryen.
Directorate General for Enterprise and Industry European Commission The New Legislative Framework - Market Surveillance UNECE “MARS” Group meeting Bratislava,
CYBER SECURITY in UKRAINE NATO LIAISON OFFICE, KYIV
EU Cybersecurity Strategy and Proposal for Directive on network and information security (NIS) {JOIN(2013) 1 final} {COM(2013) 48 final} Digital Enlightenment.
ISACA Ireland Cyber Security Policy 9 February 2016.
DG CONNECT NIPS Study – CONSULTATION CONFERENCE 13 November 2013
Cybersecurity Strategy in Japan May 2016 Yasu TANIWAKI Deputy Director-General National center of Incident readiness and Strategy for Cybersecurity (NISC)
M O N T E N E G R O Negotiating Team for the Accession of Montenegro to the European Union Working Group for Chapter 31 - Foreign, security and defence.
EUROPEAN SECURITY POLICY A SNAPSHOT ON SURVEILLANCE AND PRIVACY DESSI WORKSHOP, CPH 24 JUNE 2014 Birgitte Kofod Olsen, Chair Danish Council for Digital.
Colonel Chaipun Nilvises Deputy Director, Office of ASEAN Affairs Office of Policy and Planning Ministry of Defence of Thailand.
ADDRESS BY MINISTER OF COMMUNICATIONS Dr Ivy Matsepe-Casaburri LAUNCH OF ELECTRONIC COMMERCE POLICY July 1999.
Office of the National Security Council Republic of Croatia Cyber Security, Cyber Defence and Cyber Operations - National Framework and International Cooperation.
Office of the National Security Council Republic of Croatia Croatian Cyber Security Approach and the Role of NSA - Current Situation and Future Plans -
Cybersecurity, competence and preparedness
Crisis management related research at
Dimitra Liveri | NIS Expert CSA CEE Summit 2017|Ljubljana - 9 March
Table of contents Foundation for support of reforms in Ukraine. Initiation……………………….3 Structure of the Foundation …………………………………………………………4 Areas of Activities …………………………………………………….5.
French Port Cybersecurity Initiative
Public-private cooperation
About the NIS directive
DIGITAL CZECH REPUBLIC Impact of Digital Revolution
Critical Infrastructure Protection Policy Priorities
Cybersecurity in Belarus a general overview of support areas
Session 2 European Regulatory Environment (just a part!)
Cyber Security coordination in Europe CERT-EU’s perspective
8 Building Blocks of National Cyber Strategies
EU Cybersecurity Act Towards a reformed
Dan Tofan | Expert in NIS 21st Art. 13a WG| LISBON |
European Regulatory Environment (just a part!)
Trust and Security Unit
AVI AFRIQUE October 2018 Tshepo Peege
CYBERSPACE: CAN FRAGMENTATION BE STOPPED
Presentation to the INTOSAI Working Group on IT Audit Systems assurance and data analytics for continued audit quality and improved efficiency of audits.
Cyber Security Culture
The European Union response to cyber threats
Community of Users.
UNDERSTANDING THE ENTITY AND ITS ENVIRONMENT AND ASSESSING THE RISKS OF MATERIAL MISSTATEMENT Topic 5.
THE ROLE OF CYBERSECURITY IN THE ROMANIAN DEFENCE EDUCATIONAL SYSTEM
in the Republic of Macedonia
Presentation transcript:

Croatian Industrial Security Policy Development and Related Global Trends RACVIAC SEE Centre for Security Cooperation & Croatian Office of the National Security Council Zagreb, 4 May 2017 Dr. sc. Aleksandar Klaić, dipl. ing

Cyberspace Influence Slide 2

Industrial Security – Government Security Policy Area for Public-Private Classified Cooperation NSA / DSA bodies German DSA Established 1962 MISWG organization Multinational Industrial Security Working Group Established 1985 NSA bodies Cooperative arms programme Croatia: NATO MS since 2009 EU MS since 2013 Croatian NSA/DSA: Established 2007 FSCs issuance since 2009 Around 100 valid FSCs Legal person, employees, security areas, CIS http://www.uvns.hr/en Slide 3

Industrial Security Certification Cooperation: Government Bodies – Legal entities FSC certification request model: Project Based - Request of a Government Body (National/Foreign) Intention Based - Request of a Legal Entity via Ministry of Economics (international classified contracts) Restricted Level Classified Contracts: no FSC Government bodies responsibility NSA/DSA authorized for security briefings / inspections / accreditations if internationally required Slide 4

FSCs – Types, Levels, Validity National Classified Contracts FSC: Confidential, Secret, (Top Secret) NATO/EU Classified Contracts FSC: Confidential, Secret Other International use of FSC based on bilateral GSA: Translation of National FSC Validity: 5 years / rechecked for each new Contract Questionnaire for the security vetting of legal entities: www.uvns.hr Slide 5

FSC Certification Process Certification Contract: Legal Entity - DSA Guidance on Information Security Measures and Standards for Legal Entities Statements and documents from Legal Entity Security vetting procedure: Legal Entity, Owners, Board Members / FSO / Project Staff Accreditation of Physical premises / CIS Issuance of the FSC valid for 5 years 5 year certification contract obligation regarding: Inspections / certification contract annexes for extended scope of classified project / FSO education and coordination … Slide 6

Trends in Classified Information Today NATO Accountable CTS NS Non-accountable (NC) NR NATO UNCLASSIFIED Levels ratio - 3:2 CI number ratio 1:10 and more UK (2014) CI Top Secret Secret Sensitive Information . . . Levels ratio - 2:n Inf. number ratio - 1:n Internally Treated (Air-gap, Internet Tunnelling, Data diodes …) – Cyber Space Indirectly Related Cyber Space Directly Related Number n is increasing, as well as the demands for fast information availability and actions in globalised world Slide 7

- Croatian CIS Security Accreditation Process - Example of the lowest Restricted Security Level Complexities Restricted classified level complexity due to its more direct relation to cyberspace and open CIS Restricted level is both NATO and EU focus within industrial security policies for the last few years Harmonisation among member states is very difficult due to various policy solutions Slide 8

Evolving Security Threats Environment Traditional Society --------------- Traditional threats Exposure of Classified Information Personnel (Insider Threat) Foreign Intelligence (Organised) Crime Terrorism . . . Symmetric Virtual Dimension of Society - Cyberspace --------------- Cyber counterparts of traditional threats Asymmetric Hybrid Changing of the threat environment – using and mixing all of the available combination of threat vectors Slide 9

Digital Market Changes EU - Digital Single Market Strategy (05/2015) 3 pillars: Improving access to digital goods and services Environment were digital networks & services can prosper Digital as driver for growth NATO – Warsaw Summit (07/2016) Cyber space as military domain Nations National Cyber Security Strategy  Organizational aspects Not narrow telecommunication sector any more SECURITY TRUST Prosperity of cyberspace cannot be achieved without comprehensive national approach Slide 10

EU NIS Directive Directive (EU) 2016/1148, 19.7.2016 Goals: Cybersecurity Strategy of the European Union: An Open, Safe and Secure Cyberspace, 7.2.2013, JOIN(2013)1 final currently in revision Directive (EU) 2016/1148, 19.7.2016 https://ec.europa.eu/digital-single-market/en/cybersecurity , NIS (Network and Information Security) directive Goals: Strategic cooperation of EU MSs (Cooperation Group) CSIRT (CERT) cooperation on EU level (CSIRT Network) Criteria, security requirements and incident notification Operators of Essential Services (OES), Digital Service Providers (DSP) Example of EU cyber space security and trust development Slide 11

NATO Cyber Defence and MSs NATO – Warsaw Summit (07/2016) Cyber space as military domain CIS as logistic of other military domains NATO Industry Cyber Partnership (NICP) Shift of focus to Member States (MSs): Cyber Defence (CD) Pledge (replacement of former CD MoU) Cyber Defence Assessment of MSs (2017) „National Cyber Defence” = Cyber Security on national level Problem: not only in the lack of investment even more in the scope, prioritization and direction of investment The biggest part of CD assessment is targeted national level because it is not possible to develop military cyber defence capabilities without having national cyber security capabilities Slide 12

Government Security Policy Framework Obligation for companies doing business in certain areas/sectors Legacy approach Industrial Security, CIP / CIIP Military, IT, … Enabler for coordinated national efforts and development of national economy Public-private partnership  Contractual (e.g. EC - ECSO) Cyberspace related industry, … New role of security policy in our society, not only the protection of classified information (government secret information) but the protection of prosperity and development of the society in whole Slide 13

Security of the Virtual Dimension of Society Communication New Emerging Threats Information Sharing NATIONAL CYBER SECURITY STRATEGY e-Government Cooperation CIP / CIIP Public Electronic Services Security Awareness and Education SECURITY TRUST Government as executive pillar National Security System for recognising new threats and enabling information sharing Slide 14

The Main Elements of Croatian National Cyber Security Strategy (10/2015): (www.uvns.hr/en) Slide 15

To Conclude - be ready to shift . . . From classified information to sensitive information Duty of diligence & duty of care From baseline procedures to risk management Government to society From obligation to partnership Certification/accreditation From selective security approach to digital hygiene on societal level Criticality becomes moving target Slide 16

Assistant Director for Information Security and Thank You ! ? Aleksandar Klaić, Ph.D. Assistant Director for Information Security and Chairman of the National Council for Cyber Security aleksandar.klaic@uvns.hr Office of the National Security Council tel. +385.1.4681 222 fax. +385.1.4686 049 www.uvns.hr Slide 17

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.