Yangon, Myanmar, 28-29 November 2013 Cybersecurity-Related Standardization Initiatives in the EU and the U.S.: Lessons for Developing Countries Nir Kshetri.

Slides:

Advertisements

Similar presentations

Philippine Cybercrime Efforts

Advertisements

GAMBIA COMPETITION COMMISSION GAMBIA COMPETITION COMMISSION Levelling the Field for Development BY : EXECUTIVE SECRETARY 5 TH JUNE 2013.

ENISA Cyber Security Strategies Workshop November 27, 2014 Brussels

Cyber Security and Data Protection Presented by Mrs Drudeisha Madhub (Data Protection Commissioner ) Tel: Helpdesk:+230.

The French approach to CIIP ENISA workshop. Coordination of CIP in France ANSSI 2 A cross-ministerial issue The General Secretariat for Defense and National.

Eneken Tikk // EST. Importance of Legal Framework  Law takes the principle of territoriality as point of departure;  Cyber security tools and targets.

Speaker: Tamar Shapatava

Juan A. Avellán Chief Legal Officer WISeKey S.A. Regulatory Considerations for the Establishment of a Global Public Key Infrastructure.

NIS Directive and NIS Platform

James Ennis, Department of State, USA ITU-D Question 22/1 Rapporteur.

European Union Agency for Network and Information Security Follow ENISA: ENISA and standards Sławomir Górniak European Union Agency.

Framework for Improving Critical Infrastructure Cybersecurity Overview and Status Executive Order “Improving Critical Infrastructure Cybersecurity”

Overview Summary from Africa and ASEAN assistance Dr. Peter Pembleton, UNIDO.

Legal Framework on Information Security Ministry of Trade, Tourism and Telecommunication Nebojša Vasiljević.

Your cybersecurity breach will happen! Here’s what to do to mitigate your risk Thursday, 25 September 2014.

12/12/2013 Cluster Workshop on Cybersecurity 1 Michele Bezzi (SAP) Kazim Hussain (ATOS) SecCord & CYSPA Projects.

BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.

Jeju, 13 – 16 May 2013Standards for Shared ICT CYBERSECURITY-RELATED STANDARDS ACTIVITY IN THE TELECOMMUNICATIONS INDUSTRY ASSOCIATION Eric Barnhart, Fellow.

Supporting Tourism Investment in the Pacific Islands: IFC’s Sector-based Approach to Overcoming Investment Climate Barriers Trinnex Meeting 30 August 2010.

REGIONAL POLICY EUROPEAN COMMISSION The EU Recovery Plan and the proposal amending the European Regional Development Fund Regulation.

Privacy Codes of Conduct as a self- regulatory approach to cope with restrictions on transborder data flow Dr. Anja Miedbrodt Exemplified with the help.

1 International Forum on Trade Facilitation May 2003 Trade Facilitation, Security Concerns and the Postal Industry Thomas E. Leavey Director General, UPU.

E-government in the Pacific Islands: project update Rowena Cullen Graham Hassall.

Macro Economic Framework for Economic Growth Renzo Daviddi European Commission Liaison Office to Kosovo 8 June 2010.

Isdefe ISXXXX XX Your best ally Panel: Future scenarios for European critical infrastructures protection Carlos Martí Sempere. Essen.

BOTSWANA NATIONAL CYBER SECURITY STRATEGY PROJECT

OVERVIEW OF CAPITAL MARKET DEVELOPMENT IN THE LAC REGION Carolin A. Crabbe Infrastructure and Financial Markets Division INTER-AMERICAN DEVELOPMENT BANK.

Achieving a sound investment climate – the role of regulators Boaz Moselle Joint-Chair, CEER Gas Working Group Managing Director – Corporate Strategy Ofgem.

A National approach to Cyber security/CIIP: Raising awareness.

Ninth Meeting of the Regional Interagency Working Group on Information and Communication Technology (ICT), 19 December, 2005, Bangkok 1 STRATEGIC PLAN.

Advanced Program in Auditing and Accounting Regulation Module 12 Enhancing Statutory Audit Quality from a Financial Regulator’s Perspective Presenter:

The 3rd package for the internal energy market Key proposals EUROPEAN COMMISSION Heinz Hilbrecht Directorate C - Security of supply and energy markets.

10/19/2015 / 1 Electronic Commerce Branch UNCTAD - United Nations Conference on Trade and Development Dr. Susanne Teltscher United.

Jerry Cochran Principal Security Strategist Trustworthy Computing Group Microsoft Corporation.

Environmental Management System Definitions

European Standards on Confidentiality and Privacy in Healthcare Dr Colin M Harper Division of Psychiatry & Neuroscience Queen’s University.

Approaches and Mainstreaming of Ecosystem-based Adaptation in Europe International workshop “Mainstreaming an ecosystem based approach to climate change.

CYBERWARFARE LAW AND POLICY PROPOSALS FOR U.S. AND GLOBAL GOVERNANCE By Stuart S. Malawer, J.D., Ph.D. Distinguished Service Professor of Law & International.

EU Legislation Rob Schnepper April 2003 Riga, Latvia.

1. Main types: 1. Formal International and Supranational Organizations -WTO: the world trade agreements provide for binding obligations of the Member.

2002 Symantec Corporation, All Rights Reserved The EU Regulations and IT security An industry perspective Ilias Chantzos, Government Relations EMEA Terena.

International Telecommunication Union Geneva, 9(pm)-10 February 2009 BEST PRACTICES FOR ORGANIZING NATIONAL CYBERSECURITY EFFORTS James Ennis US Department.

TOWARDS BETTER REGULATION: THE ROLE OF IMPACT ASSESSMENT COLIN KIRKPATRICK IMPACT ASSESSMENT RESEARCH CENTRE UNIVERSITY OF MANCHESTER, UK UNECE Symposium.

Of XX Cybersecurity in Government Contracting, Acquisition and Procurement Nicholas R. Schacht ©2015 PubKLearning. All rights reserved.1 KnowCyber improves.

Andrea SERVIDA European Commission DG INFSO.A3 Update on EU policy on Network and Information Security & Critical Information.

1 COMPETITION LAW FORUM Paris 21 June 2006 Competitiveness versus Competition Presentation by Humbert DRABBE Director for Cohesion and Competitiveness,

European Labour Law Institutions and their Competencies JUDr. Jana Komendová, Ph.D.

ISACA Ireland Cyber Security Policy 9 February 2016.

A solid privacy and security approach Alf Moens, Corporate Security Officer SURF Evelijn Jeunink, Legal adviser, Corporate Privacy Officer SURF.

New approach in EU Accession Negotiations: Rule of Law Brussels, May 2013 Sandra Pernar Government of the Republic of Croatia Office for Cooperation.

Information and Network security: Lithuania Tomas Lamanauskas Deputy Director Communications Regulatory Authority (RRT) Republic of Lithuania; ENISA Liaison.

M O N T E N E G R O Negotiating Team for the Accession of Montenegro to the European Union Working Group for Chapter 10 – Information society and media.

EUROPEAN SECURITY POLICY A SNAPSHOT ON SURVEILLANCE AND PRIVACY DESSI WORKSHOP, CPH 24 JUNE 2014 Birgitte Kofod Olsen, Chair Danish Council for Digital.

HHS Security and Improvement Recommendations Insert Name CSIA 412 Final Project Final Project.

Program Overview and 2015 Outlook Finance & Administration Committee Meeting February 10, 2015 Sheri Le, Manager of Cybersecurity RTD.

Developing Logistics Centres in Inland Ports Dr Saša Jovanović, dipl.ing. Workshop on Ports as Engines of Economic Development and Strategic Management.

TAIEX-REGIO Workshop on Applying the Partnership Principle in the European Structural and Investment Funds Bratislava, 20/05/2016 Involvement of Partners.

Information Security Program

Cybersecurity in the ECOWAS region

The 3rd package for the internal energy market

Arrangements and procedure on the sales of financial products

About the NIS directive

Microsoft Corporation

8 Building Blocks of National Cyber Strategies

Dan Tofan | Expert in NIS 21st Art. 13a WG| LISBON |

The European Union response to cyber threats

Community of Users.

NATIONAL AND INTERNATIONAL MEASURES OF CYBERSECURITY

ITU Regional Workshop on Bridging the Standardization Gap

Summary from Africa and ASEAN assistance Dr. Peter Pembleton, UNIDO

Presentation transcript:

Yangon, Myanmar, November 2013 Cybersecurity-Related Standardization Initiatives in the EU and the U.S.: Lessons for Developing Countries Nir Kshetri Professor, The University of North Carolina—Greensboro ITU Regional Workshop on Bridging the Standardization Gap (Yangon, Myanmar, November 2013)

2 Yangon, Myanmar, November 2013

3 Strategy Document EC’s CSS and a proposed directive on network/ information security US EO Released/ signed February 7, 2013February 12, 2013 Key agencies to implement / roles ENISA: Assist the Member States in developing cyber resilience capabilities  Examine the feasibility ICS- CSIRTs Support in Cyber incident exercises to test preparedness/ cope with cyber-disruptions. NIST: develop a CS framework: finalizing voluntary standards and procedures to help companies address CS risks. Pentagon: recommend whether CS standards should be considered in contracting decisions. The EU and US cybersecurity strategies (CSS) Kshetri & Murugesan (2013).

4 Yangon, Myanmar, November 2013 Constraints / next steps The European Parliament needs to approve Member States have to write it into national legislation. Weak legal footing It cannot compel firms to comply – only legislation can do that. Vision/pri orities Achieving cyber resilience Reducing cybercrime, Developing cyber defense policy and capabilities related to the Common Security and Defense Policy (CSDP) Developing industrial and technological resources for CS Establishing a coherent international cyberspace policy/promoting core EU values Combat cyberattacks and cyber-espionage on government agencies and critical sectors such as banking, power and transportation industries and U.S. companies. EU CSSUS EO

5 Key Concerns EU CSS  Appropriateness of pan-European rules  Compliance costs : concerns of the private sector’s confidentiality, extra costs and possible damage to reputation.  Obligation to report cyberattacks: “vague”/ little to protect EU citizens' data stored outside the EU  Misdirection of funds away from the police into intelligence agencies US EO  Voluntary standards may turn into mandatory regulations (de facto requirements).  Too much focus on information sharing/ little to address problems related to insecure system.  Firms outside of critical infrastructure: EO does little to enhance CS. Yangon, Myanmar, November 2013

6 Effects on the Private Sector EU CSS  Further development of European PPP for resilience/ cooperation/ info. sharing with pub. authorities.  Investment on CS/dev. of best practices- TDL/other initiatives.  Robust/user-friendly security features in products/services.  Cloud providers: reduce reliance on foreign suppliers.  Members: compel firms (transport, telecoms, finance energy, health, online infra.) to disclose details of cyberattacks to the national CERT. US EO  Defense and intelligence agencies would share classified cyberthreats data with companies.  Incentives to follow security standards.  Companies are not required to publically disclose breaches unless identifying information (e.g., credit card or Social Security numbers) is involved. Yangon, Myanmar, November 2013

7 Effects on Privacy and Security Interests of Consumers EU CSS  Defensible and preferable in promoting privacy and security interests of consumers. US EO  White House: shared information would be limited to cyberthreats and would not contain the contents of private s.  The flow of data is one-way: Private-sector firms not required to release information about clients.  Better protect privacy than the CISPA (ACLU).  “privacy-neutral way to distribute critical cyber information” Yangon, Myanmar, November 2013

8 Discussion of EU and US CSS Both incomplete/lack teeth and legitimacy Companies’ failure to spend sufficient resources/efforts to protect networks: Bloomberg Government study: to prevent 95% of potential cyberattacks, 172 organizations need to spend $47b: 774% higher than current spending. Absence of regulatory requirements: no incentive to spend on cybersecurity. Yangon, Myanmar, November 2013

9 Discussion of EU and US CSS Fail to acknowledge: lack of CS professionals. The U.K.’s National Audit Office: 20 years to bridge CS skills gap. NIST: > 700,000 new CS professionals needed in the U.S. by 20 Both inward-oriented Huawei: importance of working globally US-China Business Council: asked US and Chinese governments to work together Yangon, Myanmar, November 2013

10 Lessons for Developing Countries Sound cybersecurity standard/ regulatory framework: participation of governments, business, IT industry, law enforcement agencies and the public Common goal: cyberspace safe and secure, leaving their Working with other national govts, political parties: beyond vested national or political party interests Yangon, Myanmar, November 2013

11 Conclusions and Recommendations Increasing importance of CSS for developing countries National security, economic growth, trade and investment politics, international relations and other implications Higher degree of vulnerability Manpower challenges a higher concern Yangon, Myanmar, November 2013