Geneva, Switzerland, 15-16 September 2014 Critical telecommunication infrastructure protection in Brazil Antonio Guimaraes / Paulo Moura National Telecommunication.

Slides:

Advertisements

Similar presentations

Capacity Building Mandate We, the participants…recognize the need to support: …A coordinated effort to involve and assist developing countries in improving.

Advertisements

World Bank and SPS With special emphasis on the recently established multi-donor Standards and Trade Facility Cees de Haan Agriculture and Rural Department,

Critical Infrastructure Protection Policy Priorities Sara Pinheiro European Commission DG Home Affairs.

Cities and Green Growth OECD Green Cities Programme

1 Measuring ICT4D: ITUs Focus on Household and Individual Market, Economics & Finance Unit Telecommunication Development Bureau.

International Telecommunication Union An Insight into BDT Programme 3 Marco Obiso ICT Applications and Cybersecurity Division Telecommunication Development.

PRJ presentation in brief

Botswana Policy Statement at the WSIS+10 Honourable Nonofo E. Molefhi Minister of Transport and Communications.

Cloud computing security related works in ITU-T SG17

Adaptations to Climate Change in Africa’s Water Sector: Contributions of the World Meteorological Organization Datius Rutashobya Climate and Water Department.

Wade E. Kline, AICP Community Development Planner.

The relationship between the regulatory and competition bodies The Brazilian Experience Cleveland Prates Teixeira Commissioner of the Brazilian Administrative.

Combat of Counterfeit, Substandard and Unauthorized ICT devices in Brazil João Alexandre Zanon Regulatory Specialist, Regulatory.

Geneva, Switzerland, September 2014 Overview of Kenya’s Cybersecurity Framework Michael K. Katundu Director, Information Technology Communications.

National Cybersecurity Management System

1 Content and Products of the NCD Observatory CARMEN Policy Observatory Meeting (Montreal, Quebec, Canada, March 2005)

Climate Futures and Oregon’s Coastal Communities A Survey and Strategy to Address the Effects of Climate Change on the Oregon Coast.

Overview of ITU-T Study Group 5 “Environment and Climate Change” Cristina Bueti, Adviser, ITU.

A project under the 7th Framework Programme CPS Workshop Stockholm 12/04/2010 Gunnar Björkman Project Coordinator A Security Project for the Protection.

Space Systems as Critical Infrastructure Iulia-Elena Jivanescu 1st Space Retreat, Tenerife, Spain, 8-22 January, 2013.

Giandonato CAGGIANO ENISA MANAGEMENT BOARD REPRESENTATIVE LEGAL ADVISER ON EUROPEAN AFFAIRS OF THE MINISTRY OF COMMUNICATIONS U. OF ROMA TRE LAW FACULTY.

PROTECTIVE SERVICES MANAGEMENT SYSTEMS The PSMS course was created by our operational management team to fill an identified skill gap in the protective.

Jeju, 13 – 16 May 2013Standards for Shared ICT CYBERSECURITY-RELATED STANDARDS ACTIVITY IN THE TELECOMMUNICATIONS INDUSTRY ASSOCIATION Eric Barnhart, Fellow.

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 DRAFT.

Isdefe ISXXXX XX Your best ally Panel: Future scenarios for European critical infrastructures protection Carlos Martí Sempere. Essen.

International Telecommunication Union ICTs and Climate Change Adaptation Angelica V Ospina, University of Manchester, UK Cristina Bueti, International.

Programming of International Development Assistance Donor Sectoral Meeting Ministry of Interior September 17, 2007.

Development and Transfer of Technologies UNFCCC Expert Workshop On Technology Information Technology Transfer Network and Matchmaking Systems: a LA & C.

Association of Defense Communities June 23, 2015

Workshops DeSIRE and DeFINE CNR, Pisa 25 th -27 th November, 2002 Dr. Stefano Bruno and Daniel Bircher, Ernst Basler + Partners Ltd. Ernst Basler + Partners.

Critical Infrastructure Protection: Program Overview

A National approach to Cyber security/CIIP: Raising awareness.

The NIGF CONFERENCE © 2013 ADDRESSING THE VULNERABILITY OF CRITICAL ICT INFRASTRUCTURE by Ernest Ndukwe, OFR Chairman Openmedia Communications Ltd 18 th.

Regional Capacity Building Activities in the Caribbean UNFCCC Expert Workshop on Monitoring and Evaluating Capacity- building in Developing Countries Carlos.

Conselheiro José Leite1 JOSÉ LEITE PEREIRA FILHO Member of the Board PORTO SEGURO, BA 4 JUNE 2001 ITU-T SEMINAR Multimedia in the 21st Century.

Committed to Connecting the World International Telecommunication Union Presentation Brief about ICTs Applications activities Telecommunication Development.

10/19/2015 / 1 Electronic Commerce Branch UNCTAD - United Nations Conference on Trade and Development Dr. Susanne Teltscher United.

National Strategy for the Development of Statistics (NSDS): A Framework for Building Statistical Capacity Presented by Pali Lehohla, Statistician General,

Jerry Cochran Principal Security Strategist Trustworthy Computing Group Microsoft Corporation.

INFORMATION SECURITY GOVERNANCE READINESS IN GOVERNMENT INSTITUTION

2011 East African Internet Governance Forum (EA – IGF) Rwanda Cyber briefing: Positive steps and challenges Didier Nkurikiyimfura IT Security Division.

Approaches and Mainstreaming of Ecosystem-based Adaptation in Europe International workshop “Mainstreaming an ecosystem based approach to climate change.

Towards Green ICT strategies: Government paving the way - Ghana Environmental Protection Agency and VODAFONE (Ghana) Collaboration At: Fifth ITU Symposium.

GCM, Annecy – France Activity Report Piotr Grygier Vice President Multifunctional forest management and society matters.

XVI th Madrid Forum Madrid, 28 May 2009 Walter Boltz (Gas Working Group Chair) Transparency guidelines and GRI transparency work.

1 The FNR Foresight A participative Process. 2 Aims of the Foresight exercise Identification of National Research Priorities in the public sector with.

São Paulo, Brazil, 30 July 2013 Smart sustainable cities ICT projects in Brazil Eduardo Hiroshi Murakami Specialist on Regulation ANATEL

Durban, South Africa, 8 July 2013 Outcome of WTSA-12 on spam Xiaoya Yang, Head, WTSA Programmes Division ITU-TSB ITU Workshop on “Countering.

Chapter 3 Strategic Information Systems Planning.

Risto Kulmala News from EasyWay. EasyWay CEDR O1 Stockholm 12 Feb EasyWay Deployment of European ITS Services on TERN 21+3 countries (EU+oth) Road.

Information Security Measures Confidentiality IntegrityAccessibility Information cannot be available or disclosed to unauthorized persons, entities or.

Regulatorna agencija za komunikacije Регулаторна агенција за комуникације Communications Regulatory Agency Community access to ICT measuring,

SCAN-ICT: the INDICATORS by Makane Faye Senior Regional Adviser for ICTs Regional Workshop on ICT indicators October 2004 Gaborone (Botswana)

S3.1 session day 3 1 training delivered by Oxfam GB, RedR India and Humanitarian Benchmark; January 2012, Yangon, Myanmar approved by the Advisory.

Ministry of Security and Public Administration Disaster and Safety Management

Striving to achieve Cristina Bueti Advisor. What does the future hold? 2.

EXECUTIVE COURSE International Labour Office Social Security Department Education, Training and Capacity Building.

CARIBBEAN WORKSHOP ON E-GOVERNMENT BEST PRACTICES Port of Spain, Trinidad & Tobago, July 26-28, 2005.

Examples for the Engagement of high level policymakers to sustain project outcomes GEF IW LEARN Workshop Jamaica March 2014 Norbert Fenzl Maria Apostolova.

Cooperation between Government Authorities and Agencies to Achieve the Sustainable Development Goals by the Republic of Belarus Yelena Kukharevich National.

WTSA-12 Resolutions addressing security

Priorities and coordination of capacity building in Azerbaijan

WGEA Regional Report COMTEMA - OLACEFS

WTSA-12 Resolutions addressing security

Critical Infrastructure Protection Policy Priorities

Implementation of the Sustainable Development Goals (SDG) in the Republic of Uzbekistan Geneva, April 12, 2017.

ITU-T Study Group 17 Security

Session 4 – ICT role in critical infrastructure protection

European Commission Initiatives for eGovernment

Bridging Standardization Gap

Presentation transcript:

Geneva, Switzerland, September 2014 Critical telecommunication infrastructure protection in Brazil Antonio Guimaraes / Paulo Moura National Telecommunication Agency - Anatel, Brazil ITU Workshop on “ICT Security Standardization for Developing Countries” (Geneva, Switzerland, September 2014)

Agenda Brazilian legal framework Anatel’s prior involvement Methodologies for CTIP SIEC project development Main functionalities of SIEC New regulations (in progress) Conclusions Geneva, Switzerland, September

Brazilian legal framework Ordinance No. 2, of February 2008, the Cabinet of Institutional Security of the Presidency (GSI/PR) created the Technical Group on Protection of Critical Infrastructures (GTSIC); Critical Infrastructures are considered as facilities, services, goods and systems that, if disrupted or destroyed, would bring serious economic, political or social impacts or risks to the security of the state and society; GTSIC studies and proposes the implementation of measures and actions related to the security of critical infrastructure in the areas of energy, transport, water and telecommunications. Geneva, Switzerland, September

Telecommunication Infrastructure Interministerial Ordinance No. 16, of July 2008, established the Technical Subgroup on Critical Telecommunication Infrastructure Protection (SGTSIC - Telecom), aiming to: I. study and propose a method for identifying Critical Telecommunication Infrastructure (CTI); II. identify the CTI in Brazil; III. assess the vulnerabilities of the identified CTI and their interrelationships; IV. select causes and assess the risks that may affect the security and safety of CTI; V. propose, coordinate and monitor measures necessary for the security and safety of the CTI; and VI. to study, propose and implement a CTI information system, containing online data for decision support. Geneva, Switzerland, September

Anatel’s prior involvement National Telecommunications Agency (Anatel) is part of SGTSIC - Telecom, with GSI/PR, Ministry of Communications, other agencies and experts; Anatel had prior involvement in this subject, through the project “Critical Telecommunications Infrastructure Protection (CTIP)”, run by CPqD: identification of CTI in the scope of the Pan-American Games (2007), aiming security and safety planning; benchmarks on CTI in the world, in order to contribute to the development of the national strategy for critical infrastructure protection and foster the creation of working groups in the sphere of the federal government; development of a first information system on critical telecommunication infrastructure protection (off-line). Geneva, Switzerland, September

6 Methodologies for CTIP CTIP model was implemented by a set of five methodologies; Each methodology is responsible for a specific part of the model; Nevertheless, they are interdependent, since the output of one could be the input of other.

SIEC project development As mandated by SGTSIC – Telecom, Anatel is developing a comprehensive project on CTI protection, know as “Critical Telecommunication Infrastructures Security (SIEC)”; The project considers the development of an information system to deal with governance, risks and conformity (GRC), as well as carry out near real-time monitoring of key networks elements, such as stations and routes; System will receive data from operator’s network management systems, among other sources; SIEC is based on ISO/IEC 27k and 31k series. Geneva, Switzerland, September

SIEC – system overview Geneva, Switzerland, September Network GRC Control Panel Anatel’s legacy systems Risk questionnaires Operator´s NMS analysis & evaluation treatment & control actions conformity data collector topology faults quality

Main functionalities of SIEC SIEC offers a series of dashboard reports, with drill-down capabilities to more granular data; Main functions are grouped under 5 modules: Analysis and evaluation: threat assessment on assets, classed by station, operator, service and localization; Processing and control actions: functionalities related to contingency analysis and risk mitigation plans; Conformity assessment: analysis on risk questionnaires (filled by operators), according to ISO/IEC 27k and 31k; Network monitoring: near real-time information on faults, interruptions, quality, capacity and traffic; Control panel: graphic presentation of network elements and assets, including geographic referenced information. Geneva, Switzerland, September

10 Governance, risks, and conformity Services mapped: fixed line phone mobile phone/data fixed broadband pay TV Questionnaires (filled by operators, for each telecom station) Calculation of indexes of risk by SIEC 470 Questions on: Energy supply Security Network Sharing Transmission Traffic incidents on demand reports; maps of risks, per station. Identification of high risk assets

Geneva, Switzerland, September Examples of SIEC views

GRC and network monitoring Geneva, Switzerland, September SIEC is integrated to the existing “National Centre for Remote Telecommunication Monitoring” of Anatel

New regulations (in progress) Geneva, Switzerland, September

Conclusions Excepted some network monitoring functions, SIEC system is already operating, with a partially populated database; SIEC has been extensively tested during FIFA 2014 Soccer World Cup, with very good results; SIEC system is highly scalable, with room for additions and improvements in the future, such as SIEM functions, more accurate vulnerability metrics, and broader cybersecurity coordination with SOCs and CSIRTs; Some of SIEC developments could be good candidates for contributions to ITU-T SG-17. Geneva, Switzerland, September

Thank you ! Geneva, Switzerland, September Antonio Guimaraes /