Toward A Closer Digital Alliance

Transcription

1 Toward A Closer Digital Alliance Presented at: GOVCERT.NL Symposium 2010 by: Melissa Hathaway HathawayGlobalStrategies@gmail.com

2 2020 Visions are Not Aligned NATO 2020: ASSURED SECURITY; DYNAMIC ENGAGEMENT ANALYSIS AND RECOMMENDATIONS OF THE GROUP OF EXPERTS ON A NEW STRATEGIC CONCEPT FOR NATO 17 MAY May May 2010

3 Reinforce Coordination of Economic and Security Policies Harmonize information communications technology initiatives Promote greater digital interoperability Enhance Internet trust, access, and security Enable broadband (high speed Internet access) Focus and fund research and development Provide for mutual assistance through better information sharing Undertake crisis response operations within, along, and beyond borders

4 Mobile Connectivity Drives New ways to do Old things faster, cheaper, better. More Connected--Real-time 24x7 connectivity, in palm of hand More Affordable--WiFi nearly ubiquitous in many developed markets Faster--low latency for boot-up, search, connect and pay Fun to Use--Social, casual gaming, advanced marketing Access to Everything--Music, video, data, stuff in cloud

5 Gives Way to Faster Exploit and Attack Paths The cross border flows of goods, services, people, technology, ideas and information are being limited by those who want to exploit these channels for crime and conflict.

6 The Tools Are Common JR Tracking GhostNet: Volume 3, Number 1 Investigating a Cyber Espionage Network The State of the Internet 1st Quarter, 2010 Report Information Warfare Monitor March 29, 2009 J A N U A R Y Contested Commons: The Future of American Power in a Multipolar World Edited by Abraham M. Denmark and Dr. James Mulvenon Contributing Authors: Abraham M. Denmark, Dr. James Mulvenon, Frank Hoffman, Lt Col Kelly Martin (USAF), Oliver Fritz, Eric Sterner, Dr. Greg Rattray, Chris Evans, Jason Healey, Robert D. Kaplan Securing Europe s Information Society General Report UK Security Breach Investigations Report An Analysis of Data Compromise Cases DRIVING FORCES, UNCERTAINTIES, and FOUR SCENARIOS TO 2025 Conducted by The 7th Annual e-crime Congress Supported By in partnership with!

7 Opponents Exploit the Mission Seams Governments organize by mission and often defensive strategies in one mission area are not shared with other missions. Securing our national networks and infrastructures requires building trust relationships: Private-Public; Private-Private; and Public Public.

8 Aligning Private and Public Interests Information communications infrastructure has become valuable to society over and above its value to the corporations that own and control it--and therefore--security must be demanded by the public sector: laws, policies, taxes, procurement incentives, regulations, liabilities, subsidies, or other market levers

9 Synchronizing May be Difficult Speed or Rhythm? Synchronization is Difficult if Moving at Different Pace with Different Priorities

10 Contributions to the Partnership Public Sector Private Sector Laws, Policies, Regulation, Incentives Access to Sensitive/ Proprietary Data Access to Classified Information Operational Responsibility of Core Infrastructures Interface/cooperation with other governments (treaty and multilateral agreements) Interface/cooperation with other private sector entities Money Money

11 Alliance Partners Priorities Differ Internet Service Providers assume more responsibility for hygiene and health of National Infrastructure Corporations assume more responsibility for data protection Governments assume broader mission of continuous surveillance of networks Regulation, Policy, Law...

12 Mutual Assistance, Information Sharing, Assured Survivability The Alliance must contribute to the broader security of the entire Euro-Atlantic region What is NATO s role as the defender of its own interests when the policies, technologies, and expertise resides in civilian and private holdings-- and not the military s area of influence? How are areas of common concern defined and information shared prior to a time of crisis, when the knowledge resides in private corporations? How do we distinguish between private and public property?

13 Leveraging the Public Infrastructure Illicit and illegal activities ignore national boundaries Broadband--Telecommunications or Internet? Assured Essential Services Cloud Computing--Rapid provisioning, global access, minimal management--at expense of security? Operation Aurora Cooperative approaches for electronic evidence gathering, jurisdictional adjudication, enlisting private sector talent, conscripting ISPs, and aligning data protection regulatory frameworks

14 What is an Act of Armed Aggression? Conscripted Computers Use of Civilian Infrastructure Combatant vice Non-Combatant Response Doctrine, Proportional Response, Attribution

15 Pooling Funds in a Fiscally Constrained Environment The Euro-Atlantic Alliance would benefit from a strategic Agenda of Intellectual Federalization Partner in R&D Nearly 11 bn Pursued by academic institutions, small businesses, and multi-national companies

16 Pooling Funds in a Fiscally Constrained Environment The Euro-Atlantic Alliance would benefit from a strategic Agenda of Intellectual Federalization Partner in R&D Nearly 11 bn Pursued by academic institutions, small businesses, and multi-national companies

17 Aligning Strategy with Execution-Europe Restore secure and safety in time of crisis Community research E U R O P E A N COMMISSION Improve security systems integration, interconnectivity, and interoperability, Increase security of infrastructure and utilities FP7 in Brief How to get involved in the EU 7 th Framework Programme for Research a pocket guide for newcomers

18 Aligning Strategy with Execution-United States Improve trust and integrity of on-line transactions Increase survivability of time-critical systems A Roadmap for Cybersecurity Research Improve situation awareness and attack attribution Determine provenance of data, information, systems software and hardware November 2009

19 International Alignment is Required Too Secretary-General of the U.N. International Telecommunications Union (ITU), has called for a comprehensive cyber treaty that would have a built-in legal and regulatory framework, as well as crosscontinent contingency plans in the event of large-scale cyber attacks. ICANN appeal for preserving security, stability and resiliency related to matters of DNS and ensuring appropriate contingency planning EU and NATO Lisbon Summits (11/2010) may place Information Security and Cyber Defense as top priority G-20, Council of Europe, others all working aspects

20 Progress Takes Time Build trust and pursue an inclusive strategy Demand partnership and recognize role of private sector Seek digital interoperability and build digital bridges Gain situation awareness Improve response coordination Improve resiliency

21 My Ask Identify the seams between economic and national security goals Consider yourself a Security Advisor to the economic initiatives - lead the discussion, tell a simple story Identify at least one industry partner that can improve our defensive posture and act

22 SAIS Review: Cybersecurity saisreview/current/hathaway.html