Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 SNDC/IOS LN 0111 The Swedish Initiative on Critical Infrastructure Protection Dir. Lars D. Nicander, National Office of IO/CIP-Studies, Swedish National.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "1 SNDC/IOS LN 0111 The Swedish Initiative on Critical Infrastructure Protection Dir. Lars D. Nicander, National Office of IO/CIP-Studies, Swedish National."— Presentation transcript:

1 1 SNDC/IOS LN 0111 The Swedish Initiative on Critical Infrastructure Protection Dir. Lars D. Nicander, National Office of IO/CIP-Studies, Swedish National Defence College Secretary of The Cabinet Working-Group on IO-D/CIP Presentation at ETH/ÖCB Workshop Zurich 9 November 2001

2 2 SNDC/IOS LN 0111 The Swedish Initiative on Critical Infrastructure Protection n Our view on IO/CIP n Issues n How to organize a National IO-D/CIP-Management n Some proposals n Time frame n Possible areas of international co-operation

3 3 SNDC/IOS LN 0111 Cabinet Working Group on IW-D/CIP (970101-000621) DoD (chair) NDC (secr) DRE NCPSwSS DoInd.PsycdefAFHQMil. I&S Information Warfare - threats, security, protection CO Telia State DoJ OMB Stkt TCN GAO Teracom SR SVT SJ/BV LME SAF SNUS Sv.Bf JCS PTS DMA FI KK DRI ÖCB Sv Kraftnät ?

4 4 SNDC/IOS LN 0111 Cabinet Working Group on IO-D/CIP (000622-011231) NDC (secr) DoD (chair + dep.) Information Operations - threats, security, protection DoI,E&C. MoFA (2) PsycdefAF/OpsMil. I&S NCID SwSSDoJ (2)PTS DMAFRAFI NSD SwBA CO/Adm FOA ÖCB SwAAD Council Do FiDoD (3)

5 5 SNDC/IOS LN 0111 Strategic/Economic Environment IO/IW Synergy Information Systems, Infosec Information, Intelligence Perceptions Joint Operations IO/ IW

6 6 SNDC/IOS LN 0111 Levels Coalitions Nations Organisations Individuals Coalitions Nations Organisations Individuals Classes (W. Schwartau) III II I

7 7 SNDC/IOS LN 0111 Taxonomy Defensive Information Operations (IO-D)/ Defensive Information Warfare (IW-D) Critical Infrastructure Protection Information Assurance

8 8 SNDC/IOS LN 0111 First strike attack for nations First strike attack for nations Means of diplomatic pressures Means of diplomatic pressures Terrorists Terrorists Corporate espionage Corporate espionage Drug cartels, criminal organisations Drug cartels, criminal organisations The disgruntled employee The disgruntled employee Threats

9 9 SNDC/IOS LN 0111 FBI/CSI-Survey  Interviews with 634 companies on IT- incidents  $25 billion losses in year 2000

10 10 SNDC/IOS LN 0111 Some Weapons n Psychological Operations n Blackmail, extortion n Data manipulation n Cryptoanalysis n Virus n Logical bombs n Backdoors n Chipping n EMP; electromagnetic pulse n Physical destruction

11 11 SNDC/IOS LN 0111 Issues n Policy development  “Sweden should be a safe marketplace!” n Organisation/structure –Focal point? »Threat overview »Setting security standards for government and recommend standards for critical private infrastructure –National CERT n Programs for awareness, education and training n Funding for security and redundancy incentives n International Co-operation and Regimes

12 12 SNDC/IOS LN 0111 Protective philosophy - Report no 2 n Protect-Detect-React (RM-perspective) n Clarify the hidden statistics of IT- incidents n Define Minimal Essential Critical Information Infrastructure n ”Helpdesk” + responsive functions in real time ---> GovCERT

13 13 SNDC/IOS LN 0111 Structures, responsibilities - Report no 2 Problem Problem –”Who´s in charge?” »Need for a new bureaucratic syntesis Character Character –Intelligence or operational matter? Organisational direction Organisational direction –A new agency? –A new function hosted by an established agency?

14 14 SNDC/IOS LN 0111 Criteria for a ”lead agency” n Strong linkage threat-planning n Far-reaching administrative and operational responsibility n Organic relations within the Total Defense Community as well as with the Private Sector (c.f. PCCIP) n Law Enforcement Authorities n Education, training and personal development of a national Red Team- unit

15 15 SNDC/IOS LN 0111 National IO-D Management National IO-D Management Cabinet co-ordination group AFHQ CESG GovCERT Threat/ IO-intel Joint planning and co-ordination Security Incident analysis Statistics unit (Nat. ISAC) Red Team DRE Private Sector FI PTS SwSS NCID GAO ”Joint Venture” private/public ÖCB PsyB Counter Psyops/Deception I&W-unit

16 16 SNDC/IOS LN 0111 Cabinet WG - Report 2 - main proposals Consensus Consensus A co-ordination group within Cabinet Office A co-ordination group within Cabinet Office A new national IO-D co-ordination body on the Agency-level (separate division within ÖCB) A new national IO-D co-ordination body on the Agency-level (separate division within ÖCB) A GovCERT will be organised by PTS (LEA support) A GovCERT will be organised by PTS (LEA support) A National ISAC will be organised A National ISAC will be organised Reporting duty within Government Reporting duty within Government Defense Bill March -99 Wait OK

17 17 SNDC/IOS LN 0111 Cabinet WG - Report 2 - main proposals (cont.)  Expanded Armed Forces mandate for support of vital National Information Systems  An active IT-check function for the government administration will be organised within the Armed Forces  Constitutional amendments  Analysis of perception/desinformation methods on Internet at The National Board of Psychological Defence  New forms of co-operation etc. concerning IC OK

18 18 SNDC/IOS LN 0111 SWE c.f. US in CIP approaches  More emphasis on the top-down perspective (IO-D) than on the infosec bottom-up perspective (IA).  More emphasis on the CIAO-equivalent and less on the NIPC, due to the assessment of tight linkage between threat and planning  One stop-shop to the Private Sector through the Private Sectors Security Delegation –One Private-Government National ISAC –GovCERT+ deals with private CERTs ---> NatCERT

19 19 SNDC/IOS LN 0111 Presented to The Cabinet 11 May 2001 Presented to The Cabinet 11 May 2001 Explicit IT security strategy Explicit IT security strategy Cross-boundary co-ordination centre Cross-boundary co-ordination centre Overall public IT security responsibility within a new agency for civil planning Overall public IT security responsibility within a new agency for civil planning National CERT National CERT A new technology competence centre A new technology competence centre Certification body Certification body The Committee on Vulnerability and Security in Civil Society IT security and IO protection:

20 20 SNDC/IOS LN 0111 Structure Co-ordination centre Technology Competence Centre National CERT Planning, risk assessment Certification Body

21 21 SNDC/IOS LN 0111 Time frame Parliament Decision I, May 1999 Parliament Decision I, May 1999 Swedish Defence Commission: White Paper 2, September 1999 ”...of great importance to security policy!” Swedish Defence Commission: White Paper 2, September 1999 ”...of great importance to security policy!” Parliament Decision II, March 2000 Parliament Decision II, March 2000 Special Commissioner on Vulnerabilities in Society, May 2001 Special Commissioner on Vulnerabilities in Society, May 2001 Cabinet Bill to Parliament, September 2001 Cabinet Bill to Parliament, September 2001 Parliament Decision III, November 2001 Parliament Decision III, November 2001 Implementation 2002-2003 (New agency etc.) Implementation 2002-2003 (New agency etc.)

22 22 SNDC/IOS LN 0111 Three Challenges Management issues (”bending pipes”) International Co-operation, Regimes etc International law (”use of force”) etc Domestic tasks International tasks

23 23 SNDC/IOS LN 0111 Collective Security in Cyberspace There are no borders in Cyberspace! There are no borders in Cyberspace! A cyber-intrusion could be routed from country A through country B, C and D before it ends up in country E. A cyber-intrusion could be routed from country A through country B, C and D before it ends up in country E. How can we trace back these intrusions? How can we trace back these intrusions? –Today: International Law Enforcement or private initiatives (FIRST etc) –Tomorrow: ”Fishwebs” between national CERT:s for tracing intrusions back in real time?

24 24 SNDC/IOS LN 0111 Country X Country E Country C Country D Country ACountry B Country Y Country Z Building fishwebs in Cyberspace UN, ITU etc

25 25 SNDC/IOS LN 0111 Areas of international co- operation? Doctrines concerning use of IO/IW under UN or other international legal auspices (international operations, upholding sanctions etc.) Doctrines concerning use of IO/IW under UN or other international legal auspices (international operations, upholding sanctions etc.) Principles of building Regimes for defensive actions taken in Cyberspace (tracing, counterhacking etc.) Principles of building Regimes for defensive actions taken in Cyberspace (tracing, counterhacking etc.)

26 26 SNDC/IOS LN 0111 More info…. Website:

Download ppt "1 SNDC/IOS LN 0111 The Swedish Initiative on Critical Infrastructure Protection Dir. Lars D. Nicander, National Office of IO/CIP-Studies, Swedish National."

Similar presentations

Secretariat for Multidimensional Security

Secretariat for Multidimensional Security
1 ASEAN Regional Forum Meeting 28 – 30 April 2010 Bandar Seri Begawan, Brunei CERT-Ins Initiative on International Information Security Dr A S Kamble Director.

1 ASEAN Regional Forum Meeting 28 – 30 April 2010 Bandar Seri Begawan, Brunei CERT-Ins Initiative on International Information Security Dr A S Kamble Director.
Critical Infrastructure Protection Policy Priorities Sara Pinheiro European Commission DG Home Affairs.

Critical Infrastructure Protection Policy Priorities Sara Pinheiro European Commission DG Home Affairs.
Towards a framework for integrated cross-border law enforcement initiatives Based on the Consultation Paper circulated to CACOLE in July 2008 by Public.

Towards a framework for integrated cross-border law enforcement initiatives Based on the Consultation Paper circulated to CACOLE in July 2008 by Public.
The new Hungarian cybersecurity landscape Dr. Ferenc Suba Vice-Chair, European Network and Information Security Agency Chairman, National CERT Working.

The new Hungarian cybersecurity landscape Dr. Ferenc Suba Vice-Chair, European Network and Information Security Agency Chairman, National CERT Working.
SECURITY STRATEGIES OF THE REGION Witek Nowosielski.

SECURITY STRATEGIES OF THE REGION Witek Nowosielski.
Cyber Security R&D Challenges: A Homeland Security Perspective Simon Szykman, Ph.D. Director, Cyber Security R&D 202-254-5802.

Cyber Security R&D Challenges: A Homeland Security Perspective Simon Szykman, Ph.D. Director, Cyber Security R&D
DHS, National Cyber Security Division Overview

DHS, National Cyber Security Division Overview
MINISTRY OF NATIONAL DEFENCE REPUBLIC OF POLAND CLASSIFIED INFORMATION PROTECTION DEPARTMENT COL. PIOTR GRZYBOWSKI, Director, Classified Information Protection.

MINISTRY OF NATIONAL DEFENCE REPUBLIC OF POLAND CLASSIFIED INFORMATION PROTECTION DEPARTMENT COL. PIOTR GRZYBOWSKI, Director, Classified Information Protection.
CIAO.0209 - July 99 - 1 Critical Infrastructure Assurance Office Protecting America’s Cyberspace: Version 1.0 of the National Plan Jeffrey Hunker National.

CIAO July Critical Infrastructure Assurance Office Protecting America’s Cyberspace: Version 1.0 of the National Plan Jeffrey Hunker National.
The Federal Bureaucracy

The Federal Bureaucracy
Chapter 15 Government at Work: Bureaucracy.

Chapter 15 Government at Work: Bureaucracy.
SECR 5140-FL Critical Infrastructure Protection Dr. Barry S. Hess Spring 2 Semester Week 3: 1 April 2006.

SECR 5140-FL Critical Infrastructure Protection Dr. Barry S. Hess Spring 2 Semester Week 3: 1 April 2006.
Conference Report – part 1.  Total number of selected abstracts – 19  Total Number Presented – 6.

Conference Report – part 1.  Total number of selected abstracts – 19  Total Number Presented – 6.
(Geneva, Switzerland, September 2014)

(Geneva, Switzerland, September 2014)
Strategy and Policy Unit: Current Activities and Future Tasks

Strategy and Policy Unit: Current Activities and Future Tasks
Counter-Terrorism Implementation Task Force (CTITF) Open Briefing to Member States 27 July 2010 Conference Room 2 NLB.

Counter-Terrorism Implementation Task Force (CTITF) Open Briefing to Member States 27 July 2010 Conference Room 2 NLB.
1 DEPARTMENT FOR SOCIAL INCLUSION OF PERSONS WITH DISABILITIES REPUBLIC OF CYPRUS MINISTRY OF LABOUR AND SOCIAL INSURANCE Department for Social Inclusion.

1 DEPARTMENT FOR SOCIAL INCLUSION OF PERSONS WITH DISABILITIES REPUBLIC OF CYPRUS MINISTRY OF LABOUR AND SOCIAL INSURANCE Department for Social Inclusion.
IT Security Policy in Japan 23 September 2002 Office of IT Security Policy Ministry of Economy, Trade and Industry JAPAN.

IT Security Policy in Japan 23 September 2002 Office of IT Security Policy Ministry of Economy, Trade and Industry JAPAN.
IAEA International Atomic Energy Agency International Cooperation in Nuclear Security David Ek Office of Nuclear Security.

IAEA International Atomic Energy Agency International Cooperation in Nuclear Security David Ek Office of Nuclear Security.

Similar presentations

Ads by Google