Presentation is loading. Please wait.

Presentation is loading. Please wait.

RACVIAC SEE Centre for Security Cooperation &

Published byGiles Gordon Modified over 6 years ago

Similar presentations

Presentation on theme: "RACVIAC SEE Centre for Security Cooperation &"— Presentation transcript:

1 Croatian Industrial Security Policy Development and Related Global Trends
RACVIAC SEE Centre for Security Cooperation & Croatian Office of the National Security Council Zagreb, 4 May 2017 Dr. sc. Aleksandar Klaić, dipl. ing

2 Cyberspace Influence Slide 2

3 Industrial Security – Government Security Policy Area for Public-Private Classified Cooperation
NSA / DSA bodies German DSA Established 1962 MISWG organization Multinational Industrial Security Working Group Established 1985 NSA bodies Cooperative arms programme Croatia: NATO MS since 2009 EU MS since 2013 Croatian NSA/DSA: Established 2007 FSCs issuance since 2009 Around 100 valid FSCs Legal person, employees, security areas, CIS Slide 3

4 Industrial Security Certification
Cooperation: Government Bodies – Legal entities FSC certification request model: Project Based - Request of a Government Body (National/Foreign) Intention Based - Request of a Legal Entity via Ministry of Economics (international classified contracts) Restricted Level Classified Contracts: no FSC Government bodies responsibility NSA/DSA authorized for security briefings / inspections / accreditations if internationally required Slide 4

5 FSCs – Types, Levels, Validity
National Classified Contracts FSC: Confidential, Secret, (Top Secret) NATO/EU Classified Contracts FSC: Confidential, Secret Other International use of FSC based on bilateral GSA: Translation of National FSC Validity: 5 years / rechecked for each new Contract Questionnaire for the security vetting of legal entities: Slide 5

6 FSC Certification Process
Certification Contract: Legal Entity - DSA Guidance on Information Security Measures and Standards for Legal Entities Statements and documents from Legal Entity Security vetting procedure: Legal Entity, Owners, Board Members / FSO / Project Staff Accreditation of Physical premises / CIS Issuance of the FSC valid for 5 years 5 year certification contract obligation regarding: Inspections / certification contract annexes for extended scope of classified project / FSO education and coordination … Slide 6

7 Trends in Classified Information Today
NATO Accountable CTS NS Non-accountable (NC) NR NATO UNCLASSIFIED Levels ratio - 3:2 CI number ratio 1:10 and more UK (2014) CI Top Secret Secret Sensitive Information . . . Levels ratio - 2:n Inf. number ratio - 1:n Internally Treated (Air-gap, Internet Tunnelling, Data diodes …) – Cyber Space Indirectly Related Cyber Space Directly Related Number n is increasing, as well as the demands for fast information availability and actions in globalised world Slide 7

8 - Croatian CIS Security Accreditation Process - Example of the lowest Restricted Security Level Complexities Restricted classified level complexity due to its more direct relation to cyberspace and open CIS Restricted level is both NATO and EU focus within industrial security policies for the last few years Harmonisation among member states is very difficult due to various policy solutions Slide 8

9 Evolving Security Threats Environment
Traditional Society Traditional threats Exposure of Classified Information Personnel (Insider Threat) Foreign Intelligence (Organised) Crime Terrorism . . . Symmetric Virtual Dimension of Society - Cyberspace Cyber counterparts of traditional threats Asymmetric Hybrid Changing of the threat environment – using and mixing all of the available combination of threat vectors Slide 9

10 Digital Market Changes
EU - Digital Single Market Strategy (05/2015) 3 pillars: Improving access to digital goods and services Environment were digital networks & services can prosper Digital as driver for growth NATO – Warsaw Summit (07/2016) Cyber space as military domain Nations National Cyber Security Strategy  Organizational aspects Not narrow telecommunication sector any more SECURITY TRUST Prosperity of cyberspace cannot be achieved without comprehensive national approach Slide 10

11 EU NIS Directive Directive (EU) 2016/1148, 19.7.2016 Goals:
Cybersecurity Strategy of the European Union: An Open, Safe and Secure Cyberspace, , JOIN(2013)1 final currently in revision Directive (EU) 2016/1148, , NIS (Network and Information Security) directive Goals: Strategic cooperation of EU MSs (Cooperation Group) CSIRT (CERT) cooperation on EU level (CSIRT Network) Criteria, security requirements and incident notification Operators of Essential Services (OES), Digital Service Providers (DSP) Example of EU cyber space security and trust development Slide 11

12 NATO Cyber Defence and MSs
NATO – Warsaw Summit (07/2016) Cyber space as military domain CIS as logistic of other military domains NATO Industry Cyber Partnership (NICP) Shift of focus to Member States (MSs): Cyber Defence (CD) Pledge (replacement of former CD MoU) Cyber Defence Assessment of MSs (2017) „National Cyber Defence” = Cyber Security on national level Problem: not only in the lack of investment even more in the scope, prioritization and direction of investment The biggest part of CD assessment is targeted national level because it is not possible to develop military cyber defence capabilities without having national cyber security capabilities Slide 12

13 Government Security Policy Framework
Obligation for companies doing business in certain areas/sectors Legacy approach Industrial Security, CIP / CIIP Military, IT, … Enabler for coordinated national efforts and development of national economy Public-private partnership  Contractual (e.g. EC - ECSO) Cyberspace related industry, … New role of security policy in our society, not only the protection of classified information (government secret information) but the protection of prosperity and development of the society in whole Slide 13

14 Security of the Virtual Dimension of Society
Communication New Emerging Threats Information Sharing NATIONAL CYBER SECURITY STRATEGY e-Government Cooperation CIP / CIIP Public Electronic Services Security Awareness and Education SECURITY TRUST Government as executive pillar National Security System for recognising new threats and enabling information sharing Slide 14

15 The Main Elements of Croatian National Cyber Security Strategy (10/2015): (www.uvns.hr/en)
Slide 15

16 To Conclude - be ready to shift . . .
From classified information to sensitive information Duty of diligence & duty of care From baseline procedures to risk management Government to society From obligation to partnership Certification/accreditation From selective security approach to digital hygiene on societal level Criticality becomes moving target Slide 16

17 Assistant Director for Information Security and
Thank You ! ? Aleksandar Klaić, Ph.D. Assistant Director for Information Security and Chairman of the National Council for Cyber Security Office of the National Security Council tel fax Slide 17

Download ppt "RACVIAC SEE Centre for Security Cooperation &"

Similar presentations

Philippine Cybercrime Efforts

Philippine Cybercrime Efforts
Critical Infrastructure Protection Policy Priorities Sara Pinheiro European Commission DG Home Affairs.

Critical Infrastructure Protection Policy Priorities Sara Pinheiro European Commission DG Home Affairs.
MINISTRY OF NATIONAL DEFENCE REPUBLIC OF POLAND CLASSIFIED INFORMATION PROTECTION DEPARTMENT COL. PIOTR GRZYBOWSKI, Director, Classified Information Protection.

MINISTRY OF NATIONAL DEFENCE REPUBLIC OF POLAND CLASSIFIED INFORMATION PROTECTION DEPARTMENT COL. PIOTR GRZYBOWSKI, Director, Classified Information Protection.
EMAS III: A mature instrument for new challenges Soledad BLANCO Director, Directorate Industry DG Environment.

EMAS III: A mature instrument for new challenges Soledad BLANCO Director, Directorate Industry DG Environment.
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
Strategy and Policy Unit: Current Activities and Future Tasks

Strategy and Policy Unit: Current Activities and Future Tasks
NIS Directive and NIS Platform

NIS Directive and NIS Platform
National CIRT - Montenegro “Regional Development Forum” Bucharest, April 2015 Ministry for Information Society and Telecommunications.

National CIRT - Montenegro “Regional Development Forum” Bucharest, April 2015 Ministry for Information Society and Telecommunications.
National Cybersecurity Management System

National Cybersecurity Management System
WORKSHOP ON DEVELOPING NATIONAL CRITICAL INFRASTRUCTURE PROTECTION IN SERBIA – ROLE OF PRIVATE SECURITY COMPANIES CoESS and developing critical infrastructure.

WORKSHOP ON DEVELOPING NATIONAL CRITICAL INFRASTRUCTURE PROTECTION IN SERBIA – ROLE OF PRIVATE SECURITY COMPANIES CoESS and developing critical infrastructure.
Www.enisa.europa.eu European Union Agency for Network and Information Security Follow ENISA: ENISA and standards Sławomir Górniak European Union Agency.

European Union Agency for Network and Information Security Follow ENISA: ENISA and standards Sławomir Górniak European Union Agency.
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.

Resiliency Rules: 7 Steps for Critical Infrastructure Protection.
Opportunities of ICT sector The Ministry of Information Technologies & Communications Ms. Dona ŞCOLA, Deputy Minister.

Opportunities of ICT sector The Ministry of Information Technologies & Communications Ms. Dona ŞCOLA, Deputy Minister.
EU’s Information Security Expectations Aleksandar Klaić Office of the National Security Council – Croatian National Security Authority (NSA)

EU’s Information Security Expectations Aleksandar Klaić Office of the National Security Council – Croatian National Security Authority (NSA)
12/12/2013 Cluster Workshop on Cybersecurity 1 Michele Bezzi (SAP) Kazim Hussain (ATOS) SecCord & CYSPA Projects.

12/12/2013 Cluster Workshop on Cybersecurity 1 Michele Bezzi (SAP) Kazim Hussain (ATOS) SecCord & CYSPA Projects.
BITS Proprietary and Confidential © BITS 2003. Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.

BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.
Isdefe ISXXXX-090000-1XX 5.10.2010 Your best ally Panel: Future scenarios for European critical infrastructures protection Carlos Martí Sempere. Essen.

Isdefe ISXXXX XX Your best ally Panel: Future scenarios for European critical infrastructures protection Carlos Martí Sempere. Essen.
Programming of International Development Assistance Donor Sectoral Meeting Ministry of Interior September 17, 2007.

Programming of International Development Assistance Donor Sectoral Meeting Ministry of Interior September 17, 2007.
Introduction to the National Cybersecurity & Communications Integration Center (NCCIC) “A Partnership for Strength” 1.

Introduction to the National Cybersecurity & Communications Integration Center (NCCIC) “A Partnership for Strength” 1.
Www.bmi.bund.de International Cyber Warfare and Security Conference Cyber Defence Germany's Analysis of Global Threats 19th November 2013, Ankara.

International Cyber Warfare and Security Conference Cyber Defence Germany's Analysis of Global Threats 19th November 2013, Ankara.

Similar presentations

Ads by Google