Www.bmi.bund.de International Cyber Warfare and Security Conference Cyber Defence Germany's Analysis of Global Threats 19th November 2013, Ankara.

Slides:

Advertisements

Similar presentations

Philippine Cybercrime Efforts

Advertisements

International Telecommunication Union An Insight into BDT Programme 3 Marco Obiso ICT Applications and Cybersecurity Division Telecommunication Development.

Homeland Security at the FCC July 10, FCCs Homeland Security Focus Interagency Partnerships Industry Partnerships Infrastructure Protection Communications.

What is GARP®? GARP® is an Acronym for Generally Accepted Recordkeeping Principles ARMA understands that records must be.

Federal IT Steering Unit (FITSU) Federal Intelligence Service (FIS) Reporting and Analysis Centre for Information Assurance (IA) MELANI National Strategy.

ENISA Cyber Security Strategies Workshop November 27, 2014 Brussels

Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group

Jinhyun CHO Senior Researcher Korea Internet and Security Agency.

Classification The Threat Environment Joyce Corell, NCSC Assistant Director for Supply Chain National Defense Industrial Association Global Supply Chain.

The new Hungarian cybersecurity landscape Dr. Ferenc Suba Vice-Chair, European Network and Information Security Agency Chairman, National CERT Working.

The French approach to CIIP ENISA workshop. Coordination of CIP in France ANSSI 2 A cross-ministerial issue The General Secretariat for Defense and National.

DHS, National Cyber Security Division Overview

Speaker: Tamar Shapatava

MINISTRY OF NATIONAL DEFENCE REPUBLIC OF POLAND CLASSIFIED INFORMATION PROTECTION DEPARTMENT COL. PIOTR GRZYBOWSKI, Director, Classified Information Protection.

National Space-Based Positioning, Navigation, and Timing (PNT) Federal Advisory Board DHS Challenges & Opportunities Captain Curtis Dubay, P.E. Department.

SECR 5140-FL Critical Infrastructure Protection Dr. Barry S. Hess Spring 2 Semester Week 3: 1 April 2006.

© BT PLC 2005 ‘Risk-based’ Approach to Managing Infrastructure a ‘Commercial Prospective’ Malcolm Page BT UK AFCEA Lisbon 2005.

Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.

1 Regulatory Challenges During and Following a Major Safety or Security Event Muhammad Iqbal Pakistan Nuclear Regulatory Authority Presentation at General.

Stephen S. Yau CSE , Fall Security Strategies.

National Cybersecurity Management System

Security Issues on Campus: Government Initiatives Rodney J. Petersen University of Maryland Educause/Internet2 Security Task Force Copyright Rodney J.

AfDB - EBRD Joint conference in procurement reform in North Africa and SEMED Countries Marrakech 22 and 23 April 2013 Jordan Delegation 22-23/4/2013.

GOVERNMENT OF UGANDA PLANS FOR INFORMATION SECURITY ASSURANCE PETER KAHIIGI, CISSP®. DIRECTOR INFORMATION SECURITY 30th JANUARY 2013 Directorate of Information.

Cyber Warfare v. Cyber Stability Jody R. Westby, Esq. Forth International Forum Garmisch-Partenkirchen, Germany April 12-15,

IT security seminar Copenhagen, April 4th 2002 M. Jean-Michel HUBERT Chairman of the French Regulation Authority IRG Chairman.

Resiliency Rules: 7 Steps for Critical Infrastructure Protection.

After the crisis: Changes in Regulation in Europe... - the most important trends and influences upon the insurance market Michaela Koller, director general,

SEC835 Database and Web application security Information Security Architecture.

BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.

1 International Conference on Enhancing the Effectiveness of Deposit Insurance Operation, Hanoi March, 2007 ENHANCING THE LEGAL FOUNDATION FOR DEPOSIT.

SECURE –FORCE Project Christodoulos Keratidis Atlantis Consulting S.A. 1 st SEE-INNOVATION Know How Event Skopje, December 2006.

IAEA International Atomic Energy Agency IAEA Nuclear Security Programme Enhancing cybersecurity in nuclear infrastructure TWG-NPPIC – IAEA May 09 – A.

BOTSWANA NATIONAL CYBER SECURITY STRATEGY PROJECT

Information Sharing Challenges, Trends and Opportunities

Australia Cybercrime Capacity Building Conference April 2010 Brunei Darussalam Ms Marcella Hawkes Director, Cyber Security Policy Australian Government.

A National approach to Cyber security/CIIP: Raising awareness.

Todor Tagarev, Zlatogor Minchev, Nataliya Ivanova IT for Security Department, Institute of ICT, Bulgarian Academy of Sciences October 1-2, 2012 Sofia,

1 Smart Grid Cyber Security Annabelle Lee Senior Cyber Security Strategist Computer Security Division National Institute of Standards and Technology June.

Jerry Cochran Principal Security Strategist Trustworthy Computing Group Microsoft Corporation.

Recent Cyber Attacks and Countermeasures September 2006.

POSTAL CONFERENCE 25 th – 27 th February 2015 Nairobi, Kenya By Yvonne UMUTONI Chairperson of EACO Working Group 9 (Quality of Service and Consumer Affairs)

The new cyber threats in 2013 – the hungarian approach Mr. Mihály Zala, Major-general President of National Security Authority of Hungary.

Project co-funded by the European Commission within the 7th Framework Program (Grant Agreement No ) Business Convergence WS#2 Smart Grid Technologies.

An R&D Manager’s Perspective TechExpo October 5, 2004 Presented by: Veena Rawat.

THE REPUBLIC OF SLOVENIA MINISTRY OF HIGHER EDUCATION, SCIENCE AND TECHNOLOGY e: Kotnikova 38, 1000 Ljubljana p:

Piemonte Workshop 1 11 September 2006 Paolo Salieri European Commission DG ENTR-H4 Security research in FP7.

International Telecommunication Union Geneva, 9(pm)-10 February 2009 BEST PRACTICES FOR ORGANIZING NATIONAL CYBERSECURITY EFFORTS James Ennis US Department.

ITU CoE/ARB 11 th Annual Meeting of the Arab Network for Human Resources 16 – 18 December 2003; Khartoum - Sudan 1 The content is based on New OECD Guidelines.

Advanced attack techniques Advanced attack techniques Increased by passing techniques against the existing detection methods such as IDS and anti- virus.

A Global Approach to Protecting the Global Critical Infrastructure Dr. Stephen D. Bryen.

National Information Communication Technologies Strategy Vasif Khalafov “National strategy” working group - Web -

What is “national security”?  No longer defined only by threat of arms  It really is the economy  Infrastructure not controlled by the government.

Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.

Network Reliability and Interoperability Council VII NRIC Council Meeting Focus Group 1B Network Architectures for Emergency Communications in 2010 September.

Cyber Security Architecture of Georgia Giorgi Tielidze 0 Current Challenges and Future Perspectives Tbilisi 2015.

Safe’n’Sec IT security solutions for enterprises of any size.

US CYBER COMMAND The overall classification of this brief is: UNCLASSIFIED 1 Perspectives from the Command to APEX LtGen Robert E. Schmidle USMC Deputy.

ISACA Ireland Cyber Security Policy 9 February 2016.

Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011.

Cyber Defense: The Industry point of view Asgeir Myhre Managing director Teleplan Globe AS (Norway)

EUROPEAN SECURITY POLICY A SNAPSHOT ON SURVEILLANCE AND PRIVACY DESSI WORKSHOP, CPH 24 JUNE 2014 Birgitte Kofod Olsen, Chair Danish Council for Digital.

University of Piraeus Research Centre (UPRC) Assistant Professor Nineta Polemi “PREVENTION, PREPAREDENESS AND CONSEQUENCE MANAGEMENT OF.

Colonel Chaipun Nilvises Deputy Director, Office of ASEAN Affairs Office of Policy and Planning Ministry of Defence of Thailand.

Crisis management related research at

4th SG13 Regional Workshop for Africa on “Future Networks for a better Africa: IMT-2020, Trust, Cloud Computing and Big Data” (Accra, Ghana, March.

Public-private cooperation

European Insurance and Occupational Pensions Authority Introduction

AVI AFRIQUE October 2018 Tshepo Peege

DSC Contract Management Committee Meeting

Presentation transcript:

International Cyber Warfare and Security Conference Cyber Defence Germany's Analysis of Global Threats 19th November 2013, Ankara

Motivation for the new german cyber security strategy: Changed Security Situation 2 Cyber Security Crime Underground Economy Crime Underground Economy Hacker, Cracker Competition Espionage Competition Espionage Military Intelligence Services Military Intelligence Services Interconnection Complexity of IT Systems Short Innovation Cycles Convergency of Networks IP Convergency of Networks IP Busisness Processes on the Internet

Industry Fed. Gov. Local Authorities Shared Responsibility Joined Action 3 Virtualization International Networking Integration and Convergence Citizens Fed. States Operators of CII

Framework Conditions Issues and Action Lines Cyberspace Security Resilience of Infrastructure Integrity and Availability (failure safety) of Systems and Data Security in Cyberspace Secure Action in Cyberspace Authenticity, Integrity, Confidentiality of Data and Networks Legal Security Legal Obligation Security against Crime Security against Malicious Activities Internet as a Public Space Internet as a Public Good 4

Cyber-security-strategy goals and measures 5 National Cyber Security Council National Cyber Response Center Critical IT Infrastructure IT of Citizens IT in the Public Administration Effective Crime Control International Cooperation (EU, worldwide) Personnel development Fed. Gov. Use of Reliable and Trustworthy Information Technology Response to Cyber- Attcks

Participants in the National Cyber Response Center 6 BSI, BfV, BBk BKA Bw BND BPol ZKA BAFin BNetzA LBA EBA DWD Supervision CIIP … Federal States

National Cyber Response Center Information is supplied by … 7 Cyber Response Center BSI CERT, Command centre int. CERT Association (monitoring/reports) BKA (modus operandi, crime trends) Implementation Plan Federation/Federal Gov (incidents, counter-measures) Implementation Plan KRITIS (incidents, counter-measures) Federal Armed Forces (intelligence; own experience/ findings).: Supervisory authorities (routine and incident-related) Hard- and software suppliers (vulnerabilities, counter-measures).: Federal Intelligence Service (intelligence; own experience/ findings)

National Cyber Response Centre Information is supplied to … 8 Nat. Cyber Response Centre BKA, ZKA, Bundeswehr, BND (all types of intelligence) National Cyber Security Council (periodic reports, recommendations) Hard- and software suppliers (vulnerabilities and recommendations) BSI-CERT and Command Centre (coordinated evaluations/recommendations) Crisis management staff (support in times of crisis) IP KRITIS / IP Federation/Fed. Gov. (vulnerabilities, alerts, reecommendations) Industry in general (alerts, recommendations) Federal states depending on structure General public (alerts)

Communication Architecture in the Implementation Plan kritis Cyber Response Center SPOC Sector 1 SPOC Sector n Single Points of Contact companies Company 1 Company 2 Company 3 Company x CERTS Industry...

Federal Office for Information Security (BSI) & National Cyber Response Centre Findings after the first year More than 900 incidents analysed 80/20 rule confirmed: About 80% of cyber attacks could be prevented if the basic 20% of known counter-measures were consistently applied! Among the remaining 20% there is a growing number of very sophisticated attacks – for all we know by special forces 10

National Cyber Security Council - Tasks Federal Government Industry Federal states 11

The National Cyber-Security Council Coordinates Instruments and Overlapping Policy Making 12 Goals and Tasks Coordination of Cyber Security Policy Stances Identification und Correction of Structural Trouble Spots Discussion of Cyber Security Issues, new technologies Transparency in Collaboration Recommendations to the Cyber Response Center

Next steps – key questions Ongoing implementation of strategy This includes, e.g.: Enhancing and extending cooperation on critical infrastructure protection Creating more PC security by increasing provider responsibility Intensifying cooperation both at home and abroad Establishing norms of state behaviour in Cyberspace in international fora (G8, United Nations) 13

Draft IT Security Act - Draft provisions to improve the protection of Critical National Infrastructure (CNI) - Legal obligation to meet minimum organizational and technical IT security standards in the field of CNI; state of the art. Industries to work out standards. Federal Office for Information Security (BSI) to recognize suitable standards, after consultation with supervisory authorities. Security audits to be conducted every two years; list of audits and identified deficiencies to be forwarded to BSI; BSI may require operators to remedy problems immediately. Major IT incidents to be reported to BSI directly. Purpose of reports: BSI to compile situation reports and to inform CNI operators when necessary.

Draft IT Security Act - Draft provisions governing ICT providers/operators - ICT industry: Key role in cyber security Telecommunications network operators and providers of telecommunications services for the general public  should always take into account the state of the art when seeking to guarantee IT security.  should report IT security incidents, even if they have not caused direct disruptions of telecommunications networks/services.  should inform users about failures caused by their systems and point out technical remedies for such problems. Telemedia service providers (acting on a commercial basis and, as a general rule, for payment) should safeguard state-of-the-art IT security to the extent technically possible and reasonable.

Thank you 16