NATO Advanced Research Workshop “Best Practices and Innovative Approaches to Develop Cyber Security and Resiliency Policy Framework” Scenario for Discussion.

Slides:



Advertisements
Similar presentations
FFIEC Agency Supplement to Authentication in an Internet Banking Environment
Advertisements

Identification of Critical Infrastructures in the Mediterranean Sea context and communications’ criticalities Irene Fiorucci Cesidio Bianchi Istituto Nazionale.
The shadow war: What policymakers need to know about cybersecurity Eric Miller Vice President, Policy, Innovation, and Competitiveness Canadian Council.
The French approach to CIIP ENISA workshop. Coordination of CIP in France ANSSI 2 A cross-ministerial issue The General Secretariat for Defense and National.
Cyber and Maritime Infrastructure
Greg Lamb. Introduction It is clear that we as consumers and entrepreneurs cannot expect complete privacy when discussing business matters. However… There.
Mobile Technology & Cyber Threats Promoting E-Commerce in Ghana Ruby Saakor Tetteh Ministry of Trade & Industry, Ghana Sixth Annual African Dialogue Consumer.
E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.
WebCast 5 May 2003 NERC Cyber Security Standard Overview of Proposed Cyber Security Standard.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
CIAO July Critical Infrastructure Assurance Office Protecting America’s Cyberspace: Version 1.0 of the National Plan Jeffrey Hunker National.
Information Security Policies Larry Conrad September 29, 2009.
Closing the CIP Technology Gap in the Banking and Finance Sector Treasury Department Office of Critical Infrastructure Protection and Compliance Policy.
Lecture 11 Reliability and Security in IT infrastructure.
(Geneva, Switzerland, September 2014)
ELECTRONIC COMMERCE. CONTEXT: Definition of E-Commerce. History of E-Commerce. Advantages and Disadvantages of E-Commerce. Types of E-Commerce. E-Commerce.
Comptroller of the Currency Administrator of National Banks E- Security Risk Mitigation: A Supervisor’s Perspective Global Dialogue World Bank Group September.
A project under the 7th Framework Programme CPS Workshop Stockholm 12/04/2010 Gunnar Björkman Project Coordinator A Security Project for the Protection.
Creating Trust in Critical Network Infrastructures Canadian Case Study Michael Harrop.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.
Cyber Crimes.
2015 ANNUAL TRAINING By: Denise Goff
BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.
Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 DRAFT.
Network Security Resources from the Department of Homeland Security National Cyber Security Division.
Jackie Phahlamohlaka Mapule Modise Nthumeni Nengovhela
1 Chapter 9 E- Security. Main security risks 2 (a) Transaction or credit card details stolen in transit. (b) Customer’s credit card details stolen from.
Isdefe ISXXXX XX Your best ally Panel: Future scenarios for European critical infrastructures protection Carlos Martí Sempere. Essen.
Association of Defense Communities June 23, 2015
Information Warfare Playgrounds to Battlegrounds.
Secure Connections for a Smarter World Dr. Shuyuan Mary Ho Assistant Professor School of Information Florida State University.
Cyber Security Nevada Businesses Overview June, 2014.
Role for Electric Sector in Critical Infrastructure Protection R&D Presented to NERC CIPC Washington D.C. June 9, 2005 Bill Muston Public Release.
APEC ENERGY WORKING GROUP FRAMEWORK PROPOSAL FOR IMPLEMENTING ENERGY INVESTMENT RECOMMENDATIONS (November 2004).
2011 East African Internet Governance Forum (EA – IGF) Rwanda Cyber briefing: Positive steps and challenges Didier Nkurikiyimfura IT Security Division.
WebCast 5 May 2003 Proposed NERC Cyber Security Standard Presentation to IT Standing Committee Stuart Brindley, IMO May 26, 2003.
Cybersecurity: Think Globally, Act Locally Dr. Peter Freeman NSF Assistant Director for CISE Educause Net2003 April 30, 2003.
Legitimate Vulnerability Markets By: Jeff Wheeler.
SECURITY Professor Mona Mursi. ENVIRONMENT IT infrastructures are made up of many components, abstractly: IT infrastructures are made up of many components,
International Telecommunication Union Geneva, 9(pm)-10 February 2009 BEST PRACTICES FOR ORGANIZING NATIONAL CYBERSECURITY EFFORTS James Ennis US Department.
Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.
Exercise 3 What is Necessary to build a Framework NATO Advanced Research Workshop “Best Practices and Innovative Approaches to Develop Cyber Security and.
Security and Assurance in IT organization Name: Mai Hoang Nguyen Class: INFO 609 Professor: T. Rohm.
Information Warfare Playgrounds to Battlegrounds.
Alex Adamec.  Any physical or virtual information system that controls, processes, transmits, receives, or stores electronic information in any form.
Protecting Yourself from Fraud including Identity Theft Personal Finance.
Homeland Security, First Edition © 2012 Pearson Education, Inc. All rights reserved. Overview of National Infrastructure Protection CHAPTER 3.
External Threats Internal Threats Nation States Cyber Terrorists Hacktivists Organised criminal networks Independent insider Insider planted by external.
Security, Ethics and the Law. Vocabulary Terms Copyright laws -software cannot be copied or sold without the software company’s permission. Copyright.
EUROPEAN SECURITY POLICY A SNAPSHOT ON SURVEILLANCE AND PRIVACY DESSI WORKSHOP, CPH 24 JUNE 2014 Birgitte Kofod Olsen, Chair Danish Council for Digital.
Program Overview and 2015 Outlook Finance & Administration Committee Meeting February 10, 2015 Sheri Le, Manager of Cybersecurity RTD.
E-Procurement : Towards Transparency and Efficiency in Public Service Delivery.
November 19, 2002 – Congress passed the Homeland Security Act of 2002, creating a new cabinet-level agency DHS activated in early 2003 Original Mission.
LESSON 12 Business Internet. Electronic business, or e-business, is the application of information and communication technologies (ICT) in support of.
April 19 th, 2016 Governors Homeland Security and All-Hazards Cyber Security Sub-Committee.
Network Security Presented by: JAISURYA BANERJEA MBA, 2ND Semester.
Information Technology Sector
Challenges in making India a cashless economy.
California Cybersecurity Integration Center (Cal-CSIC)
Threat Trends and Protection Strategies Barbara Laswell, Ph. D
David Sayago EU Research Funding Team Valorisation Centre.
Role for Electric Sector in Critical Infrastructure Protection R&D
CompTIA Security+ Study Guide (SY0-401)
Protecting Yourself from Fraud including Identity Theft
NERC Cyber Security Standard
Work Programme 2012 COOPERATION Theme 6 Environment (including climate change) Challenge 6.4 Protecting citizens from environmental hazards European.
National Information Assurance (NIA) Policy
ELECTRONIC COMMERCE. CONTEXT: Definition of E-Commerce. History of E-Commerce. Advantages and Disadvantages of E-Commerce. Types of E-Commerce. E-Commerce.
Presentation transcript:

NATO Advanced Research Workshop “Best Practices and Innovative Approaches to Develop Cyber Security and Resiliency Policy Framework” Scenario for Discussion Topic One Who is in Charge?

Who is in Charge ?: What National Agency or Private Sector Enterprise is responsible for taking the lead in response to a Cyber Attack? Whose laws apply? Whose regulations apply? Is it just a civilian problem or will militaries become involved? Lack of Cyber Situational Awareness: There does not appear to be an organization at national levels responsible for providing cyber situational awareness to: Government Agencies Private Sector Enterprises

Most stakeholders assume SA to be a Federal capability and responsibility, but Livewire challenged that assumption –It may be quite difficult to determine that seemingly disparate cyber disruptions in different sectors constitute a coordinated, wide-spread, cyber attack. –The indications of a sophisticated and coordinated cyber attack may not be initially visible to the cadre of technicians monitoring Internet health or assessing now familiar patterns of vulnerability exploits. –The first visible effects may be societal effects. Private industry is first to recognize and address anomalies to their “normal” state of business or network health. Private industry is therefore an integral component in the Indications and Warning process.

Competing Concepts Stimulate the Economy vs. Improve National Security Infrastructure Modernisation vs. Critical Infrastructure Protection Private Sector vs. Public Sector Data Protection vs. Information Sharing Freedom of Expression vs. Political Stability

Who is responsible for mitigating the following: (Assume all to be the result of cyber disruption) Home computers are unable to connect to the Internet Who are the victims? What can be done? Who can help with mitigation? (Who would this victim call) Should LE be informed? Is this a government issue?

Cannot access files at work Who are the victims? What can be done? Who can help with mitigation? (Who would this victim call) Should LE be informed? Is this a government issue? Who is responsible for mitigating the following: (Assume all to be the result of cyber disruption)

Someone is using your credit card to make purchases Who are the victims? What can be done? Who can help with mitigation? (Who would this victim call) Should LE be informed? Is this a government issue? Who is responsible for mitigating the following: (Assume all to be the result of cyber disruption)

An e-commerce site is being subject to a DDOS attack and cannot transact any business Who are the victims? What can be done? Who can help with mitigation? (Who would this victim call) Should LE be informed? Is this a government issue? Who is responsible for mitigating the following: (Assume all to be the result of cyber disruption)

Personal data has been compromised to include credit card numbers and is now published on a hacker website Who are the victims? What can be done? Who can help with mitigation? (Who would this victim call) Should LE be informed? Is this a government issue? Who is responsible for mitigating the following: (Assume all to be the result of cyber disruption)

Electronic transfer of government pay accounts has been interrupted and employees are unable to gain access to the funds Who are the victims? What can be done? Who can help with mitigation? (Who would this victim call) Should LE be informed? Is this a government issue? Who is responsible for mitigating the following: (Assume all to be the result of cyber disruption)

National and regional banks are reporting that networked ATM machines have been compromised Who are the victims? What can be done? Who can help with mitigation? (Who would this victim call) Should LE be informed? Is this a government issue? Who is responsible for mitigating the following: (Assume all to be the result of cyber disruption)

Supervisory controls within the critical infrastructure have been compromised creating a widespread power outage and interruption of the distribution of drinking water Who are the victims? What can be done? Who can help with mitigation? (Who would this victim call) Should LE be informed? Is this a government issue? Who is responsible for mitigating the following: (Assume all to be the result of cyber disruption)

There is a cyber attack that is ongoing and designed to interrupt the continuity of government in a given nation Who are the victims? What can be done? Who can help with mitigation? (Who would this victim call) Should LE be informed? Is this a government issue? Who is responsible for mitigating the following: (Assume all to be the result of cyber disruption)

Home computers are unable to connect to the Internet Cannot access files at work Someone is using your credit card to make purchases An e-commerce site is being subject to a DDOS attack and cannot transact any business Personal data has been compromised to include credit card numbers and is now published on a hacker website Electronic transfer of government pay accounts has been interrupted and employees are unable to gain access to the funds National and regional banks are reporting that networked ATM machines have been compromised Supervisory controls within the critical infrastructure have been compromised creating a widespread power outage and interruption of the distribution of drinking water There is a cyber attack that is ongoing and designed to interrupt the continuity of government in a given nation