Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cybersecurity Jakub Harašta & Attila Kiss. Information Society Not new – just better Availability – ICT dependency.

Published byCurtis Matthews Modified over 8 years ago

Similar presentations

Presentation on theme: "Cybersecurity Jakub Harašta & Attila Kiss. Information Society Not new – just better Availability – ICT dependency."— Presentation transcript:

1 Cybersecurity Jakub Harašta & Attila Kiss

2 Information Society Not new – just better Availability – ICT dependency

3 Information Society II Changes – Commerce – Social life – Education – Entertainment – Government – Geography – Threats!

4 Cyber Security CIA – Confidentiality – Integrity – Availability Alternative concepts – Parkerian Hexade confidentiality, possession or control, integrity, authenticity, availability, utility

5 Confidentiality Unauthorized cannot access – Authentication – who are you? Knowing, having, being… – Authorization – can you do that? Perfect situation: – Computer minus Internet plus finite list of users plus heavy encryption So…

6 Integrity Preventing change of data – Authentication – Authorization – Nonrepudiation Every change has to be listed with possible recovery

7 Availability You need it? – Up and running

8 Threats Cyber crime Hacktivism Cyber warfare Cyber espionage

9 Or… Violation of obligation – Non-reporting, updating – Private Cyber crime – Criminal Cyber Terrorism – Non-state actors Cyber Warfare – State actors

10 So far Duping the Soviets – 80s? Estonia 2007 – DDoS, solely cyberspace Georgia 2008 – DDoS in war, cyberspace within conventional Stuxnet – APT, sophisticated, air gap Red October – Espionage Anonymous – Hacktivism Sony 2011 – More than 75 million accounts stolen

11 Cyber Security Prevention Reaction Investigation

12 Prevention Standards (ISO, NIST) Security policy Security proceedings Evaluation/re-evaluation GET READY!

13 Reaction People and institutions – CERTs FIX IT and WARN!

14 Investigation Either outside the scope… – Police …or back to prevention. – What happened and how do we prevent it from happening again? WHO and HOW?

15 Legislation Act No. 181/2014 Sb. Act L of 2013, on the Electronic Information Security of Central and Local Government Agencies Law on the Security on Information Technologies (2010) Revised proposal in Germany (August 2014) COM 2013/48 Proposal for a directive concerning measures to ensure a high common level of network and information security across the Union

16 But also… Discussion Education – banka123 – nbu123

17 CySec != InfoSec Information Security – China, Russia – Content – Also offline

18 But… NATO talk – Cyber defense EU talk – Network and information security What did I just say? – ICT security

19 International Cooperation Estonia 2007 – CCD COE (NATO) – Tallinn Manual (Schmitt et al.) – Tallinn Manual 2.0 – EU reaction? ENISA (EU) ICRC UN: ITU - IMPACT

20 Czech legislation Main issues: – What‘s the point of having a legislation constantly challenged? – Proportionality Distributive and non-distributive rights

21 Who is obliged? Critical infrastructure operators – Critical information infrastructure – Critical communication infrastructure Significant information systems Significant networks Provider of electronic communication services

22 Why?

23 Basic obligations Contact information Detection of cyber incidents Reporting of cyber incidents Security documentation NSA CZ

24 CSIRT/CERT/CIRC Explicitly in 181/2014 Implicitly in 181/2014 Outside of scope of 181/2014

25 Other Plethora of different models – Hungary – EU

26 Proceedings 2012/2096(INI) - European Parliament resolution of 22 November 2012 on Cyber Security and Defence Online public consultation on ‘Improving network and information security in the EU – 57% experienced incidents The European Commission and High Representative’s 2013 Cyber Security Strategy – comprehensive policy document – internal market, justice and home affairs and foreign policy angles of cyberspace 2013/0027 (COD) NIS Directive Proposal

27 To achieve Freedom and openness: EU values and fundamental rights in cyberspace Apply laws as much in cyberspace: Reduce the level of cybercrime Cyber security capacity building: the EU engages with international partners and organisations, the private sector and civil society International cooperation in cyberspace: preserving open, free and secure cyberspace is a global challenge Need for a comprehensive EU vision

28 to ensure a high common level of network and information security (NIS) Achieved by: 1. requiring the Member States to increase their preparedness 2.to improve their cooperation with each other 3.to manage security risks and report serious incidents – of ‘critical infrastructure’ – to the national competent authorities.

29 How? Increase preparedness: National NIS Strategy National Competent Authority (monitoring) Computer Emergency Response Team (CERT) (handling and mitigating the risk of incidents)

30 Cooperation NIS competent authorities to cooperate within a network at EU level  Early warnings and coordinated response  Capacity building  NIS exercises at EU level  ENISA to assist

31 Identify and facilitate the up-take of risk management best practices Draw from international standards and best practices Cross-cutting / horizontal approach No imposition of standards

32 Ways of risk management CRAMM-model (UK) CCTA Risk Analysis and Management Method But only the necessary level of security: Risk appetite and risk tolerance

33 Ways of risk management probable impact following an occurrence + the likelihood of the occurrence happening - allocate accountability - implement mitigating controls/processes - monitoring effectiveness of controls

34 ‘critical infrastructure’ Energy – electricity, gas and oil Credit institutions and stock exchanges Transport – air, maritime, rail Healthcare Internet enablers Public administrations July 2015 – maybe financial market infrastructures, internet exchange points and food chains in addition

35 Awareness raising organisations apply for a Cyber Essentials certification Cybersecurity month – October Cybersecurity championship – ENISA guidelines NIS education and training

36 At the national level it recommends: (a) The definition of the objectives and priorities of the strategy based on an up-to-date risk and incident analysis; (b) A governance framework to achieve the strategy objectives and priorities, including a clear definition of the roles and responsibilities of the government bodies and the other relevant actors; (c) The identification of the general measures on preparedness, response and recovery, including cooperation mechanisms between the public and private sectors

37 Useful links EU Cybersecurity Strategy High-Level Conference 2014: http://ec.europa.eu/digital-agenda/en/news/eu- cybersecurity-strategy-high-level-conference-0 http://ec.europa.eu/digital-agenda/en/news/eu- cybersecurity-strategy-high-level-conference-0 Trust and Security: http://ec.europa.eu/digital- agenda/en/our-goals/pillar-iii-trust-securityhttp://ec.europa.eu/digital- agenda/en/our-goals/pillar-iii-trust-security Cybersecurity: http://ec.europa.eu/digital- agenda/en/cybersecurityhttp://ec.europa.eu/digital- agenda/en/cybersecurity Digital Futures: https://ec.europa.eu/digital- agenda/en/digital-futures-objectives-and-scopehttps://ec.europa.eu/digital- agenda/en/digital-futures-objectives-and-scope Help up improve our analysis and measurement: http://ec.europa.eu/digital-agenda/en/help-us-improve- our-analysis-measurement http://ec.europa.eu/digital-agenda/en/help-us-improve- our-analysis-measurement

Download ppt "Cybersecurity Jakub Harašta & Attila Kiss. Information Society Not new – just better Availability – ICT dependency."

Similar presentations

Philippine Cybercrime Efforts

Philippine Cybercrime Efforts
Critical Infrastructure Protection Policy Priorities Sara Pinheiro European Commission DG Home Affairs.

Critical Infrastructure Protection Policy Priorities Sara Pinheiro European Commission DG Home Affairs.
International Telecommunication Union An Insight into BDT Programme 3 Marco Obiso ICT Applications and Cybersecurity Division Telecommunication Development.

International Telecommunication Union An Insight into BDT Programme 3 Marco Obiso ICT Applications and Cybersecurity Division Telecommunication Development.
European Consumer Summit 2014 On-line and mobile payments Dr Florent Frederix Trust & Security Unit, DG CONNECT, European Commission 1 th of April 2014.

European Consumer Summit 2014 On-line and mobile payments Dr Florent Frederix Trust & Security Unit, DG CONNECT, European Commission 1 th of April 2014.
International Telecommunication Union Developing a Cybersecurity Strategy that Supports National Policy Goals “Regional Arab Forum on Cybersecurity,” Giza.

International Telecommunication Union Developing a Cybersecurity Strategy that Supports National Policy Goals “Regional Arab Forum on Cybersecurity,” Giza.
ENISA Cyber Security Strategies Workshop November 27, 2014 Brussels

ENISA Cyber Security Strategies Workshop November 27, 2014 Brussels
DHS, National Cyber Security Division Overview

DHS, National Cyber Security Division Overview
Speaker: Tamar Shapatava

Speaker: Tamar Shapatava
Protection of Classified Information & Cyber Security

Protection of Classified Information & Cyber Security
Global Cyber Security Capacity Maturity Model - CMM WSIS Forum 2015 – Geneva Dr Maria Bada 25/05/2015.

Global Cyber Security Capacity Maturity Model - CMM WSIS Forum 2015 – Geneva Dr Maria Bada 25/05/2015.
Strategy and Policy Unit: Current Activities and Future Tasks

Strategy and Policy Unit: Current Activities and Future Tasks
NIS Directive and NIS Platform

NIS Directive and NIS Platform
National CIRT - Montenegro “Regional Development Forum” Bucharest, April 2015 Ministry for Information Society and Telecommunications.

National CIRT - Montenegro “Regional Development Forum” Bucharest, April 2015 Ministry for Information Society and Telecommunications.
Geneva, Switzerland, 15-16 September 2014 Overview of Kenya’s Cybersecurity Framework Michael K. Katundu Director, Information Technology Communications.

Geneva, Switzerland, September 2014 Overview of Kenya’s Cybersecurity Framework Michael K. Katundu Director, Information Technology Communications.
Eurostat Coverage of Security Issues Pascal Jacques ESTAT B0 Local Informatics Security Officer.

Eurostat Coverage of Security Issues Pascal Jacques ESTAT B0 Local Informatics Security Officer.
Legal Framework on Information Security Ministry of Trade, Tourism and Telecommunication Nebojša Vasiljević.

Legal Framework on Information Security Ministry of Trade, Tourism and Telecommunication Nebojša Vasiljević.
A project implemented by the HTSPE consortium This project is funded by the European Union GLOBAL EUROPE INSTRUMENT FOR STABILITY 2014-2020.

A project implemented by the HTSPE consortium This project is funded by the European Union GLOBAL EUROPE INSTRUMENT FOR STABILITY
12/12/2013 Cluster Workshop on Cybersecurity 1 Michele Bezzi (SAP) Kazim Hussain (ATOS) SecCord & CYSPA Projects.

12/12/2013 Cluster Workshop on Cybersecurity 1 Michele Bezzi (SAP) Kazim Hussain (ATOS) SecCord & CYSPA Projects.
Isdefe ISXXXX-090000-1XX 5.10.2010 Your best ally Panel: Future scenarios for European critical infrastructures protection Carlos Martí Sempere. Essen.

Isdefe ISXXXX XX Your best ally Panel: Future scenarios for European critical infrastructures protection Carlos Martí Sempere. Essen.
BOTSWANA NATIONAL CYBER SECURITY STRATEGY PROJECT

BOTSWANA NATIONAL CYBER SECURITY STRATEGY PROJECT

Similar presentations

Ads by Google