Presentation is loading. Please wait.

Presentation is loading. Please wait.

Office of the National Security Council Republic of Croatia Cyber Security, Cyber Defence and Cyber Operations - National Framework and International Cooperation.

Published byLogan Houston Modified over 8 years ago

Similar presentations

Presentation on theme: "Office of the National Security Council Republic of Croatia Cyber Security, Cyber Defence and Cyber Operations - National Framework and International Cooperation."— Presentation transcript:

1 Office of the National Security Council Republic of Croatia Cyber Security, Cyber Defence and Cyber Operations - National Framework and International Cooperation - RACVIAC: Building a Cyber Resilient Society in South-Eastern Europe – Advanced Training Course, Supported by The NATO Science for Peace and Security Programme Zagreb, 17 October 2016 Dr. sc. Aleksandar Klaić

2 2 1.Global trends and developments in Cyberspace - Situational awareness 2.Cyber Terms & Definitions – Taxonomy 3.Information Security Policy vs Cyber Security Policy 4.National Cyber Security Strategy Framework – Croatian Example 5.Conclusion Table of Contents:

3 3 NATO Warsaw Summit July 2016 - Communique http://www.nato.int/cps/en/natohq/official_texts_133169.htm http://www.nato.int/cps/en/natohq/official_texts_133169.htm „… recognise cyberspace as a domain of operations in which NATO has to defend itself as effectively as it does in the air, on land, and at the sea …” Baseline Requirements for National Resilience Security implications of energy supply and national critical infrastructure... Actual Cyberspace Related Trends in NATO

4 4 Cybersecurity Strategy of the EU: An Open, Safe and Secure Cyberspace, 7 February 2013 NIS Directive (EU) 2016/1148, 6 July 2016 eIDAS Regulation (EU) No 910/2014 A Digital Single Market Strategy for Europe, May 2015 GDPR Regulation (EU) 2016/679, 27 April 2016 GDPR Directive (EU) 2016/680, 27 April 2016 Contractual Public Private Partnership on Cybersecurity Actual Cyberspace Related Trends in EU

5 5 Opinion - Council of EU, July 2013, 12109/13 „... international law, including international conventions such as the Council of Europe Convention on Cybercrime (Budapest Convention) and relevant conventions on international humanitarian law and human rights, such as the International Covenant on Civil and Political Rights, the International Covenant on Economic, Social and Cultural Rights provide a legal framework applicable in cyberspace. Efforts should therefore be made to ensure that these instruments are upheld in cyberspace; therefore the EU does not call for the creation of new international legal instruments for cyber issues,...” UN, OECD, OSCE – Regionally targeted initiatives Meridian process (CIIP) - https://www.meridianprocess.org/ https://www.meridianprocess.org/ International Chamber of Commerce - http://www2.hgk.hr/ http://www2.hgk.hr/ ICC Cyber Security Guide for Business - www.iccwbo.org/cybersecurity www.iccwbo.org/cybersecurity International Cyberspace Related Trends

6 6 Internet and all connected communication and information systems Infrastructure and data People ?  Cyberspace = virtual dimension of the society Cyberspace

7 7 Capacitation and mutual coordination of all societal sectors Protection of core values of liberty, fairness, transparency and the efficient rule of law Primarily organizational issues Societal sectors (public, academic, economic, citizens) Sectoral cyber security stakeholders with different understanding of cyber issues, different competences, responsibilities, tasks, needs, expectations, interest, … Cyber Security

8 8 NATO CCD COE - https://ccdcoe.org/cyber-definitions.html#list https://ccdcoe.org/cyber-definitions.html#list NIST - http://nvlpubs.nist.gov/nistpubs/ir/2013/NIST.IR.7298r2.pdf http://nvlpubs.nist.gov/nistpubs/ir/2013/NIST.IR.7298r2.pdf Cyber Security: „Preservation of confidentiality, integrity and availability of information in the Cyberspace.” ISO/IEC 27032:2012 Information technology — Security techniques — Guidelines for cybersecurity ISO/IEC 27032:2012 Information technology — Security techniques — Guidelines for cybersecurity „The ability to protect or defend the use of cyberspace from cyber attacks.” NIST US Department of Commerce: Glossary of Key Information Security Terms NIST US Department of Commerce: Glossary of Key Information Security Terms Cyber Operations: The employment of cyber capabilities with the primary purpose of achieving objectives in or by the use of cyberspace. Tallinn Manual on the International Law Applicable to Cyber Warfare - 2013 Tallinn Manual on the International Law Applicable to Cyber Warfare - 2013 Cyber Terms & Definitions

9 9 Cyber Defence: Represents the part of the defence strategy falling under the responsibility of the ministry in charge of defence issues: Croatian Cyber Security Strategy (2015)Croatian Cyber Security Strategy (2015) Refers to all measures to defend cyber space with military and appropriate means for achieving military-strategic goals. Cyber defence is an integrated system, comprising the implementation of all measures relating to ICT and information security, the capabilities of milCERT and CNO (Computer Network Operations) as well as the support of the physical capabilities of the army: Austrian Cyber Security Strategy (2013)Austrian Cyber Security Strategy (2013) The set of all technical and non-technical measures allowing a State to defend in cyberspace information systems that it considers to be critical. Source: Information Systems and Defence – France’s Strategy (2011)Information Systems and Defence – France’s Strategy (2011) Cyber Terms & Definitions

10 10 Hierarchical domain taxonomy comprised of vocabulary (terms), definitions of terms (concepts) and relations to other concepts I.Cyberspace  Virtual Part of the Society II.Cyber Security  National Cyber Security Strategy (NCSS) III. Cyber Crime  NCSS, Criminal Code, … III. CIIP  CIP, NCSS III. Cyber Defence  Military Doctrine III. Cyber Espionage  Separate Strategy/policy III. Cyber Terrorism  Separate Strategy/policy III.... Cyber Taxonomy …

11 11 National CERT Responsibility and International Exchange of Security Incident Information 11 IP addressDomainPhysical LocationDomain Owner 1.Croatian S/H* Providers.hrCroatia (RH)Domestic/Foreign 2.Croatian S/H* Providers.com;.net;.org; …Croatia (RH)Domestic/Foreign 3.Foreign S/H* Providers.hrOut of CroatiaDomestic/Foreign 4.Foreign S/H* Providers.com;.net;.org; …Out of CroatiaDomestic * S/H = Service or Hosting Red Arrows = Notifications/Feeds to National CERT Blue Arrows = Notifications from National CERT Early Warning Direct Functional and Sectoral Approach Incident Handling Analysis and Forensics Information Sharing Situational Awareness

12 12 CERT = CSIRT Public Sector: National, Governmental, Departmental, … Private Sector Abuse Teams, SOC / CSOC, … Economic Sectors/Regulators ISACs (Information Sharing and Analysis Centres) Subsidiarity principle National Coordination Sub-national Scope of Operation (Gov, Dept, Sector, Company, …) Intelligence analysis trend CERT Taxonomy …

13 13 From Information Security to Cyber Security

14 14 UK – Cyber Essential Scheme: Boundary firewalls and internet gateways, Secure configuration, Access Control, Malware Protection, Patch Management Mapping to ISO 27001/02, ISF, HMG - Gov security Policy, … US - Framework for Improving Critical Infrastructure Cybersecurity Mapping to NIST SP800-53, ISO 27001, CoBIT, … Cyber Security Policy vs Information Security Policy

15 15  Cyber Security Risk vs Information Security Risk  Core Strategic Risk vs Operational Risk  Company Management Board vs IT Department  Classified Information - Head of Gov. body  Organisational (key) factor in the policy  Plus: People / Process / Technology  Interdependencies among four key policy factors What is the difference between IS and CS policy?

16 16 Baseline Procedures / Risk Management Information Centric / Value Centric Protected Information (Regulation) Classified Information Unclassified Information, Limite, FOUO, … Personal Data Intellectual property Trade Secret Sensitive Information / infrastructure? Security Policy

17 17 Cyber Space regulation and Security Policy … Gaps: Critical Infrastructure Protection ----------------- National Critical Sectors Government Security Policy ----------------- Classified / Unclassified Information Protection Sensitive Information Sensitive infrastructure Duty of Diligence --------------- Awareness & Responsibility Duty of Care --------------- Appropriate Protection Measures

18 18 Security of the Virtual Dimension of Society 18 SECURITY TRUST Communication Cooperation New Emerging Threats Information Sharing e-Government Public Electornic Services CIP / CIIP Security Awareness and Education

19 19 Implementa- tion of Croatian National Information Security Programme enacted in 2005:

20 20 The Main Elements of Croatian Strategy:

21 21 The Method for the Elaboration of Strategy and Action Plan:

22 22 Correlation of the Strategy and Action Plan Strategy: VISION is defined with 8 GENERAL GOALS 5 AREAS and 4 INTERRELATIONS with 35 SPECIFIC OBJECTIVES Action Plan: 35 SPECIFIC OBJECTIVES are elaborated with 77 MEASURES Areas & Interrelations marked with red colour are covered by most of the measures: (B) Gov. Inf. Infrastructure, (D) Critical Inf. Infrastructure & Crises Management, (I) Education, Security Awareness, R&D Areas and Interrelations 5+4ABCDEFGHI Specific Objectives 35332555363 Measures7738413565627

23 23 Strategic Level Planning Strategies and National Policies Tactical Level Implementation Sectoral Policies Harmonisation Operational and Technical Level Enforcement Information Sharing, Incident Treatment, … Levels for the Strategy Planning Process

24 24 Covered Levels In the Initial Documents Strategy and Action Plan (10/2015) Interdepartmental Bodies (06/2016) Further enhancements on the basis of the regular yearly control and 3-years period of the Strategy revision

25 25 Stakeholders & Strategy Implementation Management National Council for Cyber Security (Representatives from 16 institutions headed by the Office of the National Security Council, Government Decision in the Official Gazette 61/2016) National Council for Cyber Security (Representatives from 16 institutions headed by the Office of the National Security Council, Government Decision in the Official Gazette 61/2016) Other Institutions – Stakeholders in the Strategy & Action Plan, societal sectors in general Operational and Technical Cyber Security Coordination Group (Representatives from 8 institutions headed by MoI) Operational and Technical Cyber Security Coordination Group (Representatives from 8 institutions headed by MoI) EU NIS Cooperation Group National Single Point of Contact, CSIRTs Network National Competent Authorities, other requirements NIS Directive Correlation

26 26 Cyberspace virtual dimension of the society Cyber Security trust for economy development Cyber Taxonomy Terms, definitions, relations Cyber Security Strategy / Policy National / institutional Frameworks for cooperation in virtual dimension of the society – organisational factor Conclusion

27 27 Aleksandar Klaić, Ph.D. Assistant Director for Information Security aleksandar.klaic@uvns.hr aleksandar.klaic@uvns.hr Office of the National Security Council Croatian NSA/DSA tel. +385.1.4681 222; fax. +385.1.4686 049 www.uvns.hr www.uvns.hr Thank You ! ?

Download ppt "Office of the National Security Council Republic of Croatia Cyber Security, Cyber Defence and Cyber Operations - National Framework and International Cooperation."

Similar presentations

Philippine Cybercrime Efforts

Philippine Cybercrime Efforts
International Telecommunication Union Developing a Cybersecurity Strategy that Supports National Policy Goals “Regional Arab Forum on Cybersecurity,” Giza.

International Telecommunication Union Developing a Cybersecurity Strategy that Supports National Policy Goals “Regional Arab Forum on Cybersecurity,” Giza.
Online Government June/2002 Public FTAA.ecom/inf/141/Add.3 June 4, 2002 Original: Spanish Translation: FTAA Secretariat.

Online Government June/2002 Public FTAA.ecom/inf/141/Add.3 June 4, 2002 Original: Spanish Translation: FTAA Secretariat.
ENISA Cyber Security Strategies Workshop November 27, 2014 Brussels

ENISA Cyber Security Strategies Workshop November 27, 2014 Brussels
DHS, National Cyber Security Division Overview

DHS, National Cyber Security Division Overview
MINISTRY OF NATIONAL DEFENCE REPUBLIC OF POLAND CLASSIFIED INFORMATION PROTECTION DEPARTMENT COL. PIOTR GRZYBOWSKI, Director, Classified Information Protection.

MINISTRY OF NATIONAL DEFENCE REPUBLIC OF POLAND CLASSIFIED INFORMATION PROTECTION DEPARTMENT COL. PIOTR GRZYBOWSKI, Director, Classified Information Protection.
1.Legal basis 2.Perception of cyber defence 3.Computer Incident Response System 4.Cyber Operations 5.Protection of information 6.Summary.

1.Legal basis 2.Perception of cyber defence 3.Computer Incident Response System 4.Cyber Operations 5.Protection of information 6.Summary.
SECR 5140-FL Critical Infrastructure Protection Dr. Barry S. Hess Spring 2 Semester Week 3: 1 April 2006.

SECR 5140-FL Critical Infrastructure Protection Dr. Barry S. Hess Spring 2 Semester Week 3: 1 April 2006.
INFORMATION SOCIETY DEVELOPMENT IN THE REPUBLIC OF BULGARIA “Information Society perspectives in South-Eastern Europe” Thessaloniki, 29 & 30 June 2001.

INFORMATION SOCIETY DEVELOPMENT IN THE REPUBLIC OF BULGARIA “Information Society perspectives in South-Eastern Europe” Thessaloniki, 29 & 30 June 2001.
Global Cyber Security Capacity Maturity Model - CMM WSIS Forum 2015 – Geneva Dr Maria Bada 25/05/2015.

Global Cyber Security Capacity Maturity Model - CMM WSIS Forum 2015 – Geneva Dr Maria Bada 25/05/2015.
Strategy and Policy Unit: Current Activities and Future Tasks

Strategy and Policy Unit: Current Activities and Future Tasks
NIS Directive and NIS Platform

NIS Directive and NIS Platform
James Ennis, Department of State, USA ITU-D Question 22/1 Rapporteur.

James Ennis, Department of State, USA ITU-D Question 22/1 Rapporteur.
National Cybersecurity Management System

National Cybersecurity Management System
1 May 2006 … Identity management - Internet - Data controller - PKI - Vulnerabilities - Fingerprint - Critical Information Infrastructure - Privacy and.

1 May 2006 … Identity management - Internet - Data controller - PKI - Vulnerabilities - Fingerprint - Critical Information Infrastructure - Privacy and.
Legal Framework on Information Security Ministry of Trade, Tourism and Telecommunication Nebojša Vasiljević.

Legal Framework on Information Security Ministry of Trade, Tourism and Telecommunication Nebojša Vasiljević.
EU’s Information Security Expectations Aleksandar Klaić Office of the National Security Council – Croatian National Security Authority (NSA)

EU’s Information Security Expectations Aleksandar Klaić Office of the National Security Council – Croatian National Security Authority (NSA)
12/12/2013 Cluster Workshop on Cybersecurity 1 Michele Bezzi (SAP) Kazim Hussain (ATOS) SecCord & CYSPA Projects.

12/12/2013 Cluster Workshop on Cybersecurity 1 Michele Bezzi (SAP) Kazim Hussain (ATOS) SecCord & CYSPA Projects.
Building Capacities for Management of IPRs in Countries in Transition. WIPO Tools. Tbilisi, November 12, 2012 Mr. Michal Svantner, Director, Division for.

Building Capacities for Management of IPRs in Countries in Transition. WIPO Tools. Tbilisi, November 12, 2012 Mr. Michal Svantner, Director, Division for.
Review on development of SDI as a basis of E-government in Croatia Ivan Landek, assistant director State Geodetic Administration of RoC International Workshop.

Review on development of SDI as a basis of E-government in Croatia Ivan Landek, assistant director State Geodetic Administration of RoC International Workshop.

Similar presentations

Ads by Google