Presentation is loading. Please wait.

Presentation is loading. Please wait.

Www.bmi.bund.de International Cyber Warfare and Security Conference Cyber Defence Germany's Analysis of Global Threats 19th November 2013, Ankara.

Published byHope Shaw Modified over 9 years ago

Similar presentations

Presentation on theme: "Www.bmi.bund.de International Cyber Warfare and Security Conference Cyber Defence Germany's Analysis of Global Threats 19th November 2013, Ankara."— Presentation transcript:

1 www.bmi.bund.de International Cyber Warfare and Security Conference Cyber Defence Germany's Analysis of Global Threats 19th November 2013, Ankara

2 www.bmi.bund.de Motivation for the new german cyber security strategy: Changed Security Situation 2 Cyber Security Crime Underground Economy Crime Underground Economy Hacker, Cracker Competition Espionage Competition Espionage Military Intelligence Services Military Intelligence Services Interconnection Complexity of IT Systems Short Innovation Cycles Convergency of Networks IP Convergency of Networks IP Busisness Processes on the Internet

3 www.bmi.bund.de Industry Fed. Gov. Local Authorities Shared Responsibility Joined Action 3 Virtualization International Networking Integration and Convergence Citizens Fed. States Operators of CII

4 www.bmi.bund.de Framework Conditions Issues and Action Lines Cyberspace Security Resilience of Infrastructure Integrity and Availability (failure safety) of Systems and Data Security in Cyberspace Secure Action in Cyberspace Authenticity, Integrity, Confidentiality of Data and Networks Legal Security Legal Obligation Security against Crime Security against Malicious Activities Internet as a Public Space Internet as a Public Good 4

5 www.bmi.bund.de Cyber-security-strategy goals and measures 5 National Cyber Security Council National Cyber Response Center Critical IT Infrastructure IT of Citizens IT in the Public Administration Effective Crime Control International Cooperation (EU, worldwide) Personnel development Fed. Gov. Use of Reliable and Trustworthy Information Technology Response to Cyber- Attcks

6 www.bmi.bund.de Participants in the National Cyber Response Center 6 BSI, BfV, BBk BKA Bw BND BPol ZKA BAFin BNetzA LBA EBA DWD Supervision CIIP … Federal States

7 www.bmi.bund.de National Cyber Response Center Information is supplied by … 7 Cyber Response Center BSI CERT, Command centre int. CERT Association (monitoring/reports) BKA (modus operandi, crime trends) Implementation Plan Federation/Federal Gov (incidents, counter-measures) Implementation Plan KRITIS (incidents, counter-measures) Federal Armed Forces (intelligence; own experience/ findings).: Supervisory authorities (routine and incident-related) Hard- and software suppliers (vulnerabilities, counter-measures).: Federal Intelligence Service (intelligence; own experience/ findings)

8 www.bmi.bund.de National Cyber Response Centre Information is supplied to … 8 Nat. Cyber Response Centre BKA, ZKA, Bundeswehr, BND (all types of intelligence) National Cyber Security Council (periodic reports, recommendations) Hard- and software suppliers (vulnerabilities and recommendations) BSI-CERT and Command Centre (coordinated evaluations/recommendations) Crisis management staff (support in times of crisis) IP KRITIS / IP Federation/Fed. Gov. (vulnerabilities, alerts, reecommendations) Industry in general (alerts, recommendations) Federal states depending on structure General public (alerts)

9 www.bmi.bund.de Communication Architecture in the Implementation Plan kritis Cyber Response Center SPOC Sector 1 SPOC Sector n Single Points of Contact companies Company 1 Company 2 Company 3 Company x CERTS Industry...

10 www.bmi.bund.de Federal Office for Information Security (BSI) & National Cyber Response Centre Findings after the first year More than 900 incidents analysed 80/20 rule confirmed: About 80% of cyber attacks could be prevented if the basic 20% of known counter-measures were consistently applied! Among the remaining 20% there is a growing number of very sophisticated attacks – for all we know by special forces 10

11 www.bmi.bund.de National Cyber Security Council - Tasks Federal Government Industry Federal states 11

12 www.bmi.bund.de The National Cyber-Security Council Coordinates Instruments and Overlapping Policy Making 12 Goals and Tasks Coordination of Cyber Security Policy Stances Identification und Correction of Structural Trouble Spots Discussion of Cyber Security Issues, new technologies Transparency in Collaboration Recommendations to the Cyber Response Center

13 www.bmi.bund.de Next steps – key questions Ongoing implementation of strategy This includes, e.g.: Enhancing and extending cooperation on critical infrastructure protection Creating more PC security by increasing provider responsibility Intensifying cooperation both at home and abroad Establishing norms of state behaviour in Cyberspace in international fora (G8, United Nations) 13

14 www.bmi.bund.de Draft IT Security Act - Draft provisions to improve the protection of Critical National Infrastructure (CNI) - Legal obligation to meet minimum organizational and technical IT security standards in the field of CNI; state of the art. Industries to work out standards. Federal Office for Information Security (BSI) to recognize suitable standards, after consultation with supervisory authorities. Security audits to be conducted every two years; list of audits and identified deficiencies to be forwarded to BSI; BSI may require operators to remedy problems immediately. Major IT incidents to be reported to BSI directly. Purpose of reports: BSI to compile situation reports and to inform CNI operators when necessary.

15 www.bmi.bund.de Draft IT Security Act - Draft provisions governing ICT providers/operators - ICT industry: Key role in cyber security Telecommunications network operators and providers of telecommunications services for the general public  should always take into account the state of the art when seeking to guarantee IT security.  should report IT security incidents, even if they have not caused direct disruptions of telecommunications networks/services.  should inform users about failures caused by their systems and point out technical remedies for such problems. Telemedia service providers (acting on a commercial basis and, as a general rule, for payment) should safeguard state-of-the-art IT security to the extent technically possible and reasonable.

16 www.bmi.bund.de Thank you http://www.bmi.bund.de 16

Download ppt "Www.bmi.bund.de International Cyber Warfare and Security Conference Cyber Defence Germany's Analysis of Global Threats 19th November 2013, Ankara."

Similar presentations

Philippine Cybercrime Efforts

Philippine Cybercrime Efforts
International Telecommunication Union An Insight into BDT Programme 3 Marco Obiso ICT Applications and Cybersecurity Division Telecommunication Development.

International Telecommunication Union An Insight into BDT Programme 3 Marco Obiso ICT Applications and Cybersecurity Division Telecommunication Development.
Homeland Security at the FCC July 10, 2003. FCCs Homeland Security Focus Interagency Partnerships Industry Partnerships Infrastructure Protection Communications.

Homeland Security at the FCC July 10, FCCs Homeland Security Focus Interagency Partnerships Industry Partnerships Infrastructure Protection Communications.
What is GARP®? GARP® is an Acronym for Generally Accepted Recordkeeping Principles ARMA understands that records must be.

What is GARP®? GARP® is an Acronym for Generally Accepted Recordkeeping Principles ARMA understands that records must be.
Federal IT Steering Unit (FITSU) Federal Intelligence Service (FIS) Reporting and Analysis Centre for Information Assurance (IA) MELANI National Strategy.

Federal IT Steering Unit (FITSU) Federal Intelligence Service (FIS) Reporting and Analysis Centre for Information Assurance (IA) MELANI National Strategy.
ENISA Cyber Security Strategies Workshop November 27, 2014 Brussels

ENISA Cyber Security Strategies Workshop November 27, 2014 Brussels
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group 209-754-9130

Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
Jinhyun CHO Senior Researcher Korea Internet and Security Agency.

Jinhyun CHO Senior Researcher Korea Internet and Security Agency.
Classification The Threat Environment Joyce Corell, NCSC Assistant Director for Supply Chain National Defense Industrial Association Global Supply Chain.

Classification The Threat Environment Joyce Corell, NCSC Assistant Director for Supply Chain National Defense Industrial Association Global Supply Chain.
The new Hungarian cybersecurity landscape Dr. Ferenc Suba Vice-Chair, European Network and Information Security Agency Chairman, National CERT Working.

The new Hungarian cybersecurity landscape Dr. Ferenc Suba Vice-Chair, European Network and Information Security Agency Chairman, National CERT Working.
The French approach to CIIP ENISA workshop. Coordination of CIP in France ANSSI 2 A cross-ministerial issue The General Secretariat for Defense and National.

The French approach to CIIP ENISA workshop. Coordination of CIP in France ANSSI 2 A cross-ministerial issue The General Secretariat for Defense and National.
DHS, National Cyber Security Division Overview

DHS, National Cyber Security Division Overview
Speaker: Tamar Shapatava

Speaker: Tamar Shapatava
MINISTRY OF NATIONAL DEFENCE REPUBLIC OF POLAND CLASSIFIED INFORMATION PROTECTION DEPARTMENT COL. PIOTR GRZYBOWSKI, Director, Classified Information Protection.

MINISTRY OF NATIONAL DEFENCE REPUBLIC OF POLAND CLASSIFIED INFORMATION PROTECTION DEPARTMENT COL. PIOTR GRZYBOWSKI, Director, Classified Information Protection.
National Space-Based Positioning, Navigation, and Timing (PNT) Federal Advisory Board DHS Challenges & Opportunities Captain Curtis Dubay, P.E. Department.

National Space-Based Positioning, Navigation, and Timing (PNT) Federal Advisory Board DHS Challenges & Opportunities Captain Curtis Dubay, P.E. Department.
SECR 5140-FL Critical Infrastructure Protection Dr. Barry S. Hess Spring 2 Semester Week 3: 1 April 2006.

SECR 5140-FL Critical Infrastructure Protection Dr. Barry S. Hess Spring 2 Semester Week 3: 1 April 2006.
© BT PLC 2005 ‘Risk-based’ Approach to Managing Infrastructure a ‘Commercial Prospective’ Malcolm Page BT UK AFCEA Lisbon 2005.

© BT PLC 2005 ‘Risk-based’ Approach to Managing Infrastructure a ‘Commercial Prospective’ Malcolm Page BT UK AFCEA Lisbon 2005.
Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.

Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.
1 Regulatory Challenges During and Following a Major Safety or Security Event Muhammad Iqbal Pakistan Nuclear Regulatory Authority Presentation at General.

1 Regulatory Challenges During and Following a Major Safety or Security Event Muhammad Iqbal Pakistan Nuclear Regulatory Authority Presentation at General.
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.

Similar presentations

Ads by Google