Creating Trust in Critical Network Infrastructures Canadian Case Study Michael Harrop.

Slides:

Advertisements

Similar presentations

1 Industry Brief Apr Outline How is Alberta preparing? How is Alberta preparing? Albertas Health Response Albertas Health Response Albertas Operational.

Advertisements

Protective Security Advisors Securing the Nations critical infrastructure one community at a time.

Philippine Cybercrime Efforts

European Consumer Summit 2014 On-line and mobile payments Dr Florent Frederix Trust & Security Unit, DG CONNECT, European Commission 1 th of April 2014.

Cyber Security and Data Protection Presented by Mrs Drudeisha Madhub (Data Protection Commissioner ) Tel: Helpdesk:+230.

UNCLASSIFIED Cybercrime: The Australian Experience Australian Cybercrime Online Reporting Network (ACORN) Conference Assistant Commissioner Tim Morris.

Principles of Information Systems, Sixth Edition Electronic Commerce Chapter 8.

International Cyber- Collaboration – Issues and Opportunities Moderator –Dr Andrew Vallerand Canadian Centre for Security Science Panellists - Mr. Josh.

Addressing Terrorist Use of the Internet, Cyber Crime and Other Threats: National Expert Workshop Forging a Comprehensive Approach to Cyber Security Richard.

1 PUBLIC - PRIVATE PARTNERSHIP FOR AVIAN INFLUENZA CONTROL AND PANDEMIC PREPAREDNESS Presented by Bayu Krisnamurthi Indonesia National Committee for Avian.

Introduction to Information Technology, 2nd Edition Turban, Rainer & Potter © 2003 John Wiley & Sons, Inc Introduction to Information Technology.

(Geneva, Switzerland, September 2014)

Preparedness for cybersecurity threats domestic aspects of cyber security Jaan Priisalu.

Role of Alberta Human Services at the POC in support of the delivery of Emergency Social Services ESS Forum

Comptroller of the Currency Administrator of National Banks E- Security Risk Mitigation: A Supervisor’s Perspective Global Dialogue World Bank Group September.

SOCIAL PROTECTION IN THE CARIBBEAN :- BARBADOS. Presenters :- Angela Mendez Chief Welfare Officer Dianne Haynes Project Co-ordinator Ministry of Social.

August 2011Beyond the Border1 Beyond the Border: A Shared Vision for Perimeter Security and Economic Competitiveness CSG-ERC Canada-U.S. Relations Committee.

Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

1 Telecom Regulation and Competition Law in Canada American Bar Association -Telecom Antitrust Fundamentals II – Globalization and Telecom June 27, 2007.

Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.

Space Systems as Critical Infrastructure Iulia-Elena Jivanescu 1st Space Retreat, Tenerife, Spain, 8-22 January, 2013.

Florida Division of Emergency Management1 Year 2000 Y2K and Emergency Management.

A project implemented by the HTSPE consortium This project is funded by the European Union GLOBAL EUROPE INSTRUMENT FOR STABILITY

Potential of E-commerce Worldwide Market Number of Internet users mid million now378 million Value of e-Commerce revenue 2000US$657 billion.

1 Group-IB: Digital investigations and forensic Ilya Sachkov Group-IB

Standards and Critical Network Infrastructures Michael Harrop TSACC GSC-8111 SOURCE:TSACC TITLE:Standards and Critical Network Infrastructures AGENDA ITEM:Joint.

Isdefe ISXXXX XX Your best ally Panel: Future scenarios for European critical infrastructures protection Carlos Martí Sempere. Essen.

COMP 6125 An Introduction to Electronic Commerce Session 4: E-Commerce In Developing Countries.

1 An Introduction to China’s “Digital Economy” Yuan Yuehong, Li Jia Chinese University of Hong Kong Ma Jun Development Research Center, State Council of.

1 © 2003 Cisco Systems, Inc. All rights reserved. CIAG-HLS Security For Infrastructure Protection: Public-Private Partnerships KEN WATSON 15 OCT.

1 Information System Security Assurance Architecture A Proposed IEEE Standard for Managing Enterprise Risk February 7, 2005 Dr. Ron Ross Computer Security.

Canada Border Services Agency Update Presentation to: Transportation Border Working Group Bellingham, Washington June 7, 2006.

ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:

The NIGF CONFERENCE © 2013 ADDRESSING THE VULNERABILITY OF CRITICAL ICT INFRASTRUCTURE by Ernest Ndukwe, OFR Chairman Openmedia Communications Ltd 18 th.

NATO Advanced Research Workshop “Best Practices and Innovative Approaches to Develop Cyber Security and Resiliency Policy Framework” Scenario for Discussion.

1 Transportation Infrastructure Programs Past, Present & Future Transportation Association of Canada Fall Conference September 2011 Edmonton, Alberta.

An Analysis of the Cyber Security Strategy (2008) of Estonia Based in part on ITU Q.22/1 Report On Best Practices For A National Approach To Cybersecurity:

The role of Geographic Information within the evolving European Union Chris Corbin EUROGI ISSS-LORIS March 2004.

2011 East African Internet Governance Forum (EA – IGF) Rwanda Cyber briefing: Positive steps and challenges Didier Nkurikiyimfura IT Security Division.

Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:

1Office of the Federal Coordinator for Meteorology OFCM OFCM Special Session: Challenges of Urban Test Beds Charge to the Joint Action Group for Joint.

1 GSC: Standardization Advancing Global Communications ISACC Opening Plenary Presentation GSC-11 SOURCE:ISACC TITLE:ISACC Opening Plenary Presentation.

9 Systems Analysis and Design in a Changing World, Fourth Edition.

2010 Ministry of Economic Development of Georgia Communications and IT Department Overview of the Georgian ICT Sphere and its Future Development Irakli.

International Telecommunication Union Geneva, 9(pm)-10 February 2009 BEST PRACTICES FOR ORGANIZING NATIONAL CYBERSECURITY EFFORTS James Ennis US Department.

Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”. © 2016 Pearson.

GSC Global Standards Collaboration GSC August – 2 September 2005 Sophia Antipolis, France August 28 – September 2, ISACC Opening Plenary Presentation.

CHAPTER 17 INTERNATIONAL MARKETING IN E-COMMERCE.

A Global Approach to Protecting the Global Critical Infrastructure Dr. Stephen D. Bryen.

Governor’s Office of Homeland Security & Emergency Preparedness LOUISIANA BANKERS ASSOCIATION 2010 Louisiana Emergency Preparedness Coalition Meetings.

International Recovery Forum 2014 ~ The Role of Private Sector in Disaster Recovery ~ 21 January 2014 Kobe, Japan Dr Janet L. Asherson THE LINK BETWEEN.

The Regional Transport Strategy Transport for Regional Growth Conference Edinburgh 5 November 2015 John Saunders SEStran.

Follow up PDNA actions Chisinau, September 30, State Chancellery Government of Moldova.

Enterprise Data Solutions A Better Network. A Better ROI. Martin Matthews Technical Sales Engineer.

EU activities against cyber crime Radomír Janský Unit - Fight against Organised Crime Directorate-General Justice, Freedom and Security (DG JLS) European.

IT Security in Nepal: Issues and challenges Rajan R. Pant ITSERT-NP.

Tshepo Makhanye Information Section: Research Unit.

GSC9_011 Bill McCrum Executive Secretary TSACC Since GSC 8.

OAS Secretariat for Multidimensional Security CICTE Secretariat Disasters and Critical Infrastructure Protection.

CYBER RISKS IN THE HEALTHCARE INDUSTRY HIROC 's Annual Risk Management Conference, April 2015 Jim Patterson, Partner, Co-Head of Fraud Law, Toronto, Bennett.

M O N T E N E G R O Negotiating Team for the Accession of Montenegro to the European Union Working Group for Chapter 10 – Information society and media.

EUROPEAN SECURITY POLICY A SNAPSHOT ON SURVEILLANCE AND PRIVACY DESSI WORKSHOP, CPH 24 JUNE 2014 Birgitte Kofod Olsen, Chair Danish Council for Digital.

March 23, 2015 Missouri Public Service Commission | Jefferson City, MO.

4th SG13 Regional Workshop for Africa on “Future Networks for a better Africa: IMT-2020, Trust, Cloud Computing and Big Data” (Accra, Ghana, March.

EMERGENCY COMMUNICATIONS

Challenges and Successes in the Zambian ICT Security Sector

European Programme for Critical Infrastructure Protection (EPCIP)

Deborah Housen-Couriel, ADV.

Telecommunications for Disaster Relief in Canada

Presentation transcript:

Creating Trust in Critical Network Infrastructures Canadian Case Study Michael Harrop

Overview of Presentation Outline of the Canadian environment Organisations involved in infrastructure protection Legal issues The importance of network infrastructures to the Canadian economy Examples of network infrastructure dependencies Protection of the enterprise Conclusions and Suggestions for Further Study

The Canadian Environment Three levels of government each with distinct responsibilities Vast country (almost 7% of the world’s land mass) 31 million people spread over 10 million sq. km.

The Canadian Environment Population largely concentrated in urban centres but rural and remote parts of the country must also be served

The Canadian Environment The environment (i.e. the geography, population distribution, the remoteness of some communities, and the size of the country) presents serious challenges to providing telecommunications

Key Organizations in Canadian Critical Infrastructure Protection Federal Organizations: –Office of Critical Infrastructure Protection and Emergency Preparedness (OCIPEP) –Communications Security Establishment (CSE) –Royal Canadian Mounted Police (RCMP) –Industry Canada Provincial & Municipal Organizations Non-government Organizations

Legislation Legal issues relating to networks and data security are addressed functionally under various sections of the Criminal Code. Canada has signed the Council of Europe Convention on Cyber-Crime and is active in the G8 Lyons Group on High-Tech Crime. The Canadian government is now examining what changes to current criminal law might be required in order to implement the Council of Europe convention.

Telecommunications and Network Services Teledensity access lines per 100 of population 562 existing or emerging wireline competitive carriers, 14 wireless providers, and 187 satellite and other providers 3.7 million households with Internet service 51% of households have at least one regular Internet user

The importance of networks to the Financial Services financial services organizations, all heavily dependent on telecommunications LANs, MANs, WANs, Private, Shared and Public networks 5 million transactions Inter-bank transactions per day with average value in excess of $135 million 1999 settlements totalled more than 30 times GDP

The importance of networks to the Financial Services- 2 Interac (Private Network) –Over 2 billion transactions (Cdn$94.9 billion in sales) in 2001 –10.8 million direct debit transactions on busiest single day Credit cards (on-line authorization) –1,226 million transactions valued at $121.8 billion in 2001

The importance of networks to the Financial Services- 3 PC/Internet Banking –47.2m transactions in 2000 –increase of 74% over 1999 Telephone Banking –74.0m transactions in 2000 E-Commerce –$7.2 billion in Internet orders in 2000

The importance of networks to government Increasing reliance on Internet for service delivery at all levels of government –Over 11m income tax returns filed electronically in 2001 –The Government of Canada web site receives almost 4 million page requests per week. –The online Job Bank is receiving 100,000 visitors to every day

Critical Infrastructure Dependencies - 1 The National Telecommunications Infrastructure The Electricity Industry Internet Services

Critical Infrastructure Dependencies - 2 Examples of other industries that would be seriously affected by network failure: –Financial Services –Government –The Oil and Gas Industry –Surface Transportation - land and marine –Air Transportation and Airports –Food Production and Distribution –Health Care

Protecting the Enterprise from Network Attacks- 1 Insider threats constitute the dominant threat to networks and end-systems for most organizations A consistent, enterprise-wide approach to security is essential Network security must protect the network, end- systems and applications using network facilities; and support the provision of services to protect user data in transit for both insider and external threats.

Protecting the Enterprise from Network Attacks- 2 Good perimeter defence is absolutely essential to protecting each part of the enterprise Perimeter defence can be applied in layers Perimeter defence is not enough. You still need to protect the data at all times, whether in storage or in transit.

Conclusions and Suggestions for Further Study

The importance of networking infrastructures to the Canadian economy Both public and private sectors are highly dependent on networking infrastructures for their day-to-day operations, and this dependence is growing Although both sectors are increasingly relying on the public Internet for service delivery, to a large extent, Canadian organizations appear to be still using traditional communications channels, rather than the Internet, for their most critical applications

Work is needed to address the criticalities……. We need to re-examine infrastructure criticalities to identify the points of risk and to determine how to protect them We need for a coordinated approach that addresses both the emergency measures aspects and the cyber security aspects of infrastructure protection

…. and understand the interdependencies Critical Infrastructure Protection comprises many facets, the interdependencies of which are not yet well understood. Much work needs to be done to identify the interdependencies and the potential implications of those interdependencies

The robustness of networks Traditional carrier networks are relatively robust: the Internet much less so

The risk to network infrastructures Traditional network infrastructures are at risk as a result of the changed communications environment

The impact of Internet-based threats Critical infrastructures are at risk from Internet-based threats. There is a need for aggressive defensive measures to protect systems and information from attack and for much more effort to be put into ensuring the “correctness” of networking software and systems

The application of cyber-crime laws Cyber-crime laws and their application are not consistent from country to country. There is a need for greater consistency in cyber-crime laws and in their application

Summary Many sectors of the economy are highly dependent on networks. The critical network infrastructure is vulnerable to attack which, if realized, could have a devastating effect. Much work needs to be done to get a better understanding of the criticalities and interdependencies. Greater international cooperation is needed to fight cyber crime.

Thank You