2 Gabi Siboni, 1 Senior Research Fellow and Director,
|
|
- Elinor Elliott
- 2 years ago
- Views:
Transcription
1 Cyber Security Build-up of India s National Force 2 Gabi Siboni, 1 Senior Research Fellow and Director, Military and Strategic Affairs and Cyber Security Programs, Institute for National Security Studies, Israel Cyberspace creates countless opportunities alongside complex challenges. India, as a technologically advanced country with substantial online services and businesses, is highly dependent on computer communication and control systems. This is not unique to India alone, but is a global phenomenon. That is, the more that countries or organisations rely on developing technology in cyberspace to run, manage and control business operations, the greater their vulnerability and the greater the risk of severe disruption of these technologies. Today, there is a common understanding that cyber security threats are one of the most serious challenges for national security, public safety and the economy for every nation and for the entire global society. There are innumerable examples of misuse of cyberspace. Events in recent years show that cyberspace has become an area of much activity and conflict; countries and organisations receive state support to act against other countries; others operate for reasons of intellectual property espionage and theft. Another group of active attackers are terrorists who use cyberspace to promote their own agenda, exploiting the ability to remain anonymous. Criminals and criminal organisations operate in cyberspace for money theft, blackmail and financial fraud. Finally, cyberspace accommodates ad-hoc individuals and groups of activists operating at any given moment against a common target. Correlating these developments with India s National Cyber Security Policy vision 2 requires the country to initiate a process that will transform India to a more secure place to do business in and to use services in cyberspace. Such a process will enhance India s resilience against cyber attacks and its abilities to better protect its interests. Moreover, it will help shape an open and stable cyberspace that would support India s economic development and help build India s cyber security knowledge base, skills and capabilities. 15
2 Digital Debates: CyFy Journal 2014 Over a year has passed since India set out its National Cyber Security Strategy. The release of the policy framework in 2013 was an important step towards securing India s cyberspace. However, there are certain areas that need further consideration for the actual implementation of the strategy. This paper discusses conceptual pillars for the process of building a force for cyber security, which would focus on a high-level defence approach, with the aim of improving the security and resilience of national information infrastructures and services. The Five Pillars of Building a National Cyber Security Force The process of building a national cyber security capacity would entail long-term preparation requiring various stakeholders, projects and developments to enable a sustainable systematic and targeted force build-up. This process is a significant challenge requiring a national effort. This model comprises of five basic pillars: Formulation of national strategy in cyberspace: This is the foundation upon which the entire process of building the force rests. This will involve drafting the nation s resources and management to improve cyberspace abilities and worldwide position. Technological development of cyber security capabilities: These are needed to allow the implementation of the strategy. Development of human resources and human capital: These are needed to allow for the effective use of developed technology within the strategy framework. Definition of the organisational structure: This will support the strategy. Training and assimilation of the entire force: This will ensure that all systems function properly and will provide the opportunity to systematically refine and develop knowledge. National Strategy The development of a national strategy is the initial phase of building the force and it must address two different perspectives: An offence strategy in cyberspace must be prepared, as India needs to respond to large-scale cyber attacks. It needs to have a clear strategy of how it would react to hostile action threatening the government, military, the health of its citizens or the country s economy. As an offence strategy has a distinct mission, it is not the focus of this article but should be discussed in a parallel process. A comprehensive defence approach must be developed that reflects India s cyberspace vision. 16
3 Cyber Security The defensive strategy needs to address the unique security protection requirements of the following groups: National security organisations and sensitive defence industries; Critical national infrastructure; Government services; and The civilian sector. It is assumed that the first three groups are more secure and regulated and that the fourth group, the civilian population, is the most vulnerable. This group includes civilian organisations, businesses and private users; typically, this group has no guidance for cyber security, and since the entities in this group are not regulated, they are the most vulnerable to attackers, who in any case prefer to target those less protected. One can only imagine the impacts of a successful terror attack occurring against one of India s large food manufacturing plants or against a private financial organisation, or the effect of an intellectual property cyber theft from one of India s technological companies. At the same time, changes in the structure of the Indian economy and privatisation processes should sharpen the understanding that cyber security needs of the civilian sector have to be addressed with greater attention. One of the key elements of the process of developing a cyber security strategy is the inclusion of national cyber security risk assessment, with specific focus on critical information infrastructures. Based on risk analysis, the strategy should define the minimal defensive measures to be taken in each of the pillars defined for building a national cyber security force. India needs to evaluate where it is standing and where it needs to focus its resources and investments in order to increase, in the global context, the resilience and security of its national information and communication technology assets, which support critical functions of the state. Such an evaluation needs to be done in four different areas: The nation s ability to have accurate early warnings of cyber security-related events; The nation s capabilities to prevent cyber incidents; The nation s competence to detect and identify security events; and The nation s response capabilities, which should be measured separately for early warnings and for a particular event or series of events to mitigate the situation, to take further corrective actions in relation to identified deficiencies and to prevent these events from recurring. Alongside, there are two key phases in the development of a national cyber security strategy: Developing and executing the strategy, and evaluating and adjusting the strategy. A lifecycle approach needs to be adopted i.e., the output of the evaluation phase should be used to maintain and adjust the strategy itself, and the national strategy should be able 17
4 Digital Debates: CyFy Journal 2014 to quickly respond to emerging cyber security issues and emerging threats. The strategy objectives also need to be priorities; this is of paramount importance for successful implementation and for constant improvement. The success of the implementation of India s national cyberspace strategy relies on the remaining four pillars of building a cyberspace force. Technology and Means A country that leads in cyber security technology enjoys economic advantages as well as cyberspace geopolitical domination. Moreover, the application of constantly evolving defence tools is required to achieve a country s vision for cyberspace today and in the future. It brings innovation to the protection of critical infrastructures, enhanced command and control capabilities, and high quality of intelligence, among other elements. Obviously, there are also advantages of precise and rapid attack capabilities in the realm of offence. These capabilities contribute to a nation s power, and strengthen its national security and international position. Some of the challenges India is facing today are at the level of its cyberspace hygiene, the lack of cyber security information-sharing tools and best practice, the lack of internal cyber monitoring, and the lack of proactive cyber defence capabilities within the country s critical infrastructure. It is important that India invest in acquiring the proper technology and means, both by internally developing new technologies and by purchasing from the private sector or allied governments. A coordinated national effort to encourage the private sector by funnelling research and development (R&D) investments to develop new cyber security-related defence tools and concepts of defence operations should be part of this phase. Investing in R&D and putting in seed money in new technological companies is one of the tools to make sure new technologies and cyber security products are synchronised with the strategy requirements. It would also serve two additional Indian objectives: Better customised products to defend itself, and the promotion of the country as an exporter of technology. For example, one of the components of India s cyberspace strategy will probably be the establishment of an integrated national Computer Emergency Response Team (CERT), as will be elaborated further on in a subsequent section. Thus, funding of R&D for dedicated early warning technologies may be required. It is important that India should strengthen its cyber defence R&D programmes and further support and prioritise development of the cyber defence industry. The government needs to coordinate cooperation between security and defence organisations, such as military and intelligence agencies, and between high-tech R&D companies. 18
5 Cyber Security Development of Designated Human Resources Human resource and human capital development, together with the technological development of tools and methods, must be fully integrated and synchronised, so as to maximally utilise all national resources for the fortification of India s cyber capabilities. For example, a cyber security workforce needs to stay up to date with emerging risks, threats and cyber security technologies that typically require frequent knowledge acquisition and extension of studies. Another issue to be considered is innovation in cyber security, from both the offensive and defensive perspectives, to be among the world s leaders. This can be achieved by intersectoral partnerships and by providing flexibility to cyber security talents to move and integrate easily between sectors like high-tech, academia, government agencies and the private sector to constantly develop skills and advance India s knowledge base for the development of future opportunities. From a long-term perspective, it is important to define the overall cyber security workforce requirements to ensure that the country is investing in the right type of education for specific types of workforces and is keeping pace with the workforce demand. The development of a workforce for cyber security needs to address the typical duties and skill required. In 2013, the National Institute of Standards and Technology (NIST) of the US Department of Commerce released a workforce framework 3 identifying seven cyber security workforce categories: Securely Provision: Workers are responsible for conceptualising, designing and building secure information technology (IT) systems (i.e., responsible for aspects of systems development). Operate and Maintain: Involves workers who specialise in areas of providing support, administration and maintenance, necessary to ensure effective and efficient IT system performance and security. Protect and Defend: Workers are responsible for identification, analysis and mitigation of threats to internal IT systems or networks. Investigation: Involves workers who specialise in investigation of cyber events and cyber crimes. Collect and Operate: Personnel are responsible for specialised denial and deception operations and collection of cyber security-related information that may be used to develop intelligence. Analyse: Analysts are responsible for highly specialised review and evaluation of incoming cyber security-related information to determine its usefulness for intelligence. 19
6 Digital Debates: CyFy Journal 2014 Oversight and Development: Workers are responsible for providing leadership, management, direction and advocacy, so that individuals and organisations may effectively conduct cyber security work. These categories, presented by the NIST, may not be fully in line with India s cyber security strategy. India should identify its professional cyber security needs in a way that would support the technological advances being encouraged in the country. This requires coordinated staff work and long-term educational planning (for all levels of education, from early schooling to advanced academia programmes) across all relevant cyber security categories mentioned above. For example, the need to develop civil cyber defence requires the academic development of designated human resources; these will fill positions in the civil defence sector in technology development, security consumer organisations, as well as the country s national regulatory bodies that will comprise the civil defence force. Organisation: Utilising the National Potential Most of the organisations in India have naturally developed some preoccupation with cyberspace and it is assumed that security organisations are building their own cyberspace capabilities to support their basic tasks. However, there is work to be done in two dimensions: 1. The first is the need to conduct a macro-analysis of the nation s cyber security needs, and accordingly build the nation s cyber security ecosystem and define the roles and responsibilities of the various relevant entities. A good starting point is the initiation by the Government of India of the National Critical Information Infrastructure Protection Centre, which is becoming more active and relevant. This should be followed by the establishment or further strengthening of other bodies and initiatives such as: The National Computer Emergency Response Team India: This will improve national coordination of cyber incidents, and act as a focus point for international sharing of technical information and feeds on cyber security. A CERT unit also needs to include a national Security Operation Centre (SOC), which would function as a hub for monitoring the network and detecting anomalies. An SOC would also be responsible for issuing alerts to users and providing advice on best security practices. Such an entity has a great impact on the defence strategy iterative cycle i.e., early warning, prevention, detection and response, as stated above. Establishment of a national CERT will promote India s resilience to cyber attacks and maintain its interests in cyberspace. National Cyber Crime Unit: This will further develop India s capabilities to combat the threat from cyber criminals. Such a unit will make India a more secure place to conduct online business. India also needs to consider developing initiatives that would enhance collaborations between government, industry, academia and law enforcement agencies to better coordinate efforts to reduce cyber crimes. Such collaborations will raise awareness, improve reporting and help the industry become more resilient to threats. 20
7 Cyber Security Law enforcement capabilities need to be further developed to tackle cyber crime and enhance the society s confidence in conducting online business and using online services. Initiatives for international cooperation will promote India s interests in cyberspace. This should include cooperation with UN committees, regional (South Asia and Asia Pacific) politico-economic unions and the Commonwealth of Nations. India also needs to promote international cyber conferences. Such initiatives will help shape an open, vibrant and stable cyberspace that would support the nation s needs and the global community. It is advisable to establish regulators for the protection and guidance of the government ministries and authorities, and the exposed civilian sector. India needs to run an awareness campaign reaching out to the private sector to raise awareness of threats and to encourage business, as well as to embed effective cyber security risk management practices. The above are a few examples of required cyber security initiatives and missions at the national level. It is highly important to plan India s cyber security organisational structure by mapping the cyber security strategy objectives. This will ensure that all activities and cyber security operations are aligned with the strategy. 2. The second dimension is the need to define the relationships between the organisations and establish the parameters of authority of each one. This step will be the culmination of the process of building a cyber security force (see diagram on next page). Drills, Training and Assimilation Drills are a core component of the proposed cyber security force build-up to generate knowhow and enable organisations to better prepare themselves for various scenarios. Though operational drills usually address specific scenarios (readiness for cyber attacks, IT incidents, equipment failure and more), the know-how developed as a result of these drills always exceeds the narrow limits of the specific scenario. Typically, operational drills are conducted at all levels of the organisation, up to the supreme command level. Security organisations routinely carry out training, exercises and drills. It is important to adopt the concept in the civilian sector, which is known to be the most exposed to damage caused in cyberspace. National training programmes should be established and should focus on improving the civilian sector and the individual s knowledge of risks and vulnerabilities in cyberspace. They should also help the public learn how to deal with intrusions on their computers and devices, and encourage and promote the use of cyber security resources and tools. In addition, there should be an annual national cyber protection exercise featuring a scenario of several cyber security incidents in a simulated environment, with clear objectives of testing escalation processes and national level coordination procedures. The exercise must challenge all pillars listed for the force build-up to regularly improve and 21
8 Digital Debates: CyFy Journal 2014 Planning Phase Implementation Organisation A Responsibilities Resources India s National Strategy Organisation B Responsibilities Resources Organisation C Responsibilities Resources India s Strategy Implementation Organisation D Responsibilities Resources Coordinating and synchronising India s national effort enhance the national response. The exercise will serve as a basis for the development of operational plans that will improve India s readiness to respond to cyber attacks. An Overall View The National Cyber Security Strategy will be the keystone of the national force build-up. Once this has been formulated, two main efforts need to be launched and synchronised: The development of technology and means, and the development of human resources. Those two are to be funnelled into organisations, each of which has predefined responsibilities (and authority) and is allocated required resources, such as budgets, tools and people. Drills and exercises, both in the local and the national arena, must be part of the strategy implementation. Of course, the government will need to continuously monitor and synchronise the national force build-up process, and will have to take required measures to make necessary corrections. In July 2013, India declared its National Cyber Security Strategy. Now it is time to move to the next phase and formulate a comprehensive force build-up process. India needs to establish key elements of the planned activities over the short, intermediate and long term in support of the strategy. The strategy assessment process should be undertaken to verify progress and make adjustments as necessary, in response to changes in the technological and threat environments. This should be done on an iterative basis to make sure that the level of cyber security is constantly enhanced. Implementation of such a process could move India to the next generation of cyber security readiness and position it with leading nations in the arena of cyber security preparedness. 22
National Cyber Security Policy -2013
National Cyber Security Policy -2013 Preamble 1. Cyberspace 1 is a complex environment consisting of interactions between people, software and services, supported by worldwide distribution of information
Business Plan 2012/13
Business Plan 2012/13 Contents Introduction 3 About the NFA..4 Priorities for 2012/13 4 Resources.6 Reporting Arrangements.6 Objective 1 7 To raise the profile and awareness of fraud among individuals,
Preventing and Defending Against Cyber Attacks November 2010
Preventing and Defending Against Cyber Attacks November 2010 The Nation s first ever Quadrennial Homeland Security Review (QHSR), delivered to Congress in February 2010, identified safeguarding and securing
The UK cyber security strategy: Landscape review. Cross-government
REPORT BY THE COMPTROLLER AND AUDITOR GENERAL HC 890 SESSION 2012-13 12 FEBRUARY 2013 Cross-government The UK cyber security strategy: Landscape review 4 Key facts The UK cyber security strategy: Landscape
RUAG Cyber Security. More security for your data
RUAG Cyber Security More security for your data More security in cyberspace The RUAG Cyber Security Portfolio offers greater protection for your data through inspection, event analysis and decision-making
Preventing and Defending Against Cyber Attacks June 2011
Preventing and Defending Against Cyber Attacks June 2011 The Department of Homeland Security (DHS) is responsible for helping Federal Executive Branch civilian departments and agencies secure their unclassified
Preventing and Defending Against Cyber Attacks October 2011
Preventing and Defending Against Cyber Attacks October 2011 The Department of Homeland Security (DHS) is responsible for helping Federal Executive Branch civilian departments and agencies secure their
GLOBAL BUSINESS DIALOGUE ON ELECTRONIC COMMERCE CYBER SECURITY AND CYBER CRIME SEPTEMBER 26, 2000. CEO EDS Corporation
GLOBAL BUSINESS DIALOGUE ON ELECTRONIC COMMERCE CYBER SECURITY AND CYBER CRIME SEPTEMBER 26, 2000 Issue Chair: Issue Sherpa: Dick Brown CEO EDS Corporation Bill Poulos EDS Corporation Tel: (202) 637-6708
An Overview of Large US Military Cybersecurity Organizations
An Overview of Large US Military Cybersecurity Organizations Colonel Bruce D. Caulkins, Ph.D. Chief, Cyber Strategy, Plans, Policy, and Exercises Division United States Pacific Command 2 Agenda United
Lessons from Defending Cyberspace
Lessons from Defending Cyberspace The Challenge of Addressing National Cyber Risk Andy Purdy Workshop on Cyber Security Center for American Studies, Christopher Newport College 10 28-2009 Cyber Threat
FFIEC Cybersecurity Assessment Tool Overview for Chief Executive Officers and Boards of Directors
Overview for Chief Executive Officers and Boards of Directors In light of the increasing volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council 1 (FFIEC) developed
NATIONAL STRATEGY FOR GLOBAL SUPPLY CHAIN SECURITY
NATIONAL STRATEGY FOR GLOBAL SUPPLY CHAIN SECURITY JANUARY 2012 Table of Contents Executive Summary 1 Introduction 2 Our Strategic Goals 2 Our Strategic Approach 3 The Path Forward 5 Conclusion 6 Executive
ROCKEFELLER SNOWE CYBERSECURITY ACT SUBSTITUTE AMENDMENT FOR S.773
ROCKEFELLER SNOWE CYBERSECURITY ACT SUBSTITUTE AMENDMENT FOR S.773 March 17, 2010 BACKGROUND & WHY THIS LEGISLATION IS IMPORTANT: Our nation is at risk. The networks that American families and businesses
DHS, National Cyber Security Division Overview
DHS, National Cyber Security Division Overview Hun Kim, Deputy Director Strategic Initiatives Information Analysis and Infrastructure Protection Directorate www.us-cert.gov The strategy of DHS, as defined
2015 Michigan NASCIO Award Nomination. Cyber Security Initiatives: Michigan Cyber Disruption Response Strategy
2015 Michigan NASCIO Award Nomination Cyber Security Initiatives: Michigan Cyber Disruption Response Strategy Sponsor: David Behen, DTMB Director and Chief Information Officer Program Manager: Rod Davenport,
Cyber Security Strategy
2014 2017 Cyber Security Strategy Ministry of Economic Affairs and Communication 2014 TABLE OF CONTENTS Introduction... 2 1. Analysis of current situation... 2 1.1. Sectoral progress... 2 1.2. Trends...
A NEW APPROACH TO CYBER SECURITY
A NEW APPROACH TO CYBER SECURITY We believe cyber security should be about what you can do not what you can t. DRIVEN BY BUSINESS ASPIRATIONS We work with you to move your business forward. Positively
The internet and digital technologies play an integral part
The Cyber challenge Adjacent Digital Politics Ltd gives an overview of the EU Commission s Cyber Security Strategy and Commissioner Ashton s priorities to increase cyber security in Europe The internet
Council of Europe Project on Cybercrime in Georgia Report by Virgil Spiridon and Nigel Jones. Tbilisi 28-29, September 2009
Council of Europe Project on Cybercrime in Georgia Report by Virgil Spiridon and Nigel Jones Tbilisi 28-29, September 2009 Presentation Contents An assessment of the Georgian view of cybercrime and current
Honourable members of the National Parliaments of the EU member states and candidate countries,
Speech by Mr Rudolf Peter ROY, Head of division for Security Policy and Sanctions of the European External Action Service, at the L COSAC Meeting 29 October 2013, Vilnius Honourable members of the National
European Union / Council of Europe Project on Cybercrime in Georgia. Tbilisi-2 March 2010
European Union / Council of Europe Project on Cybercrime in Georgia Tbilisi-2 March 2010 How to create a specialized cyber crime unit Recommendations Priorities How to create a specialized cyber crime
Middle Class Economics: Cybersecurity Updated August 7, 2015
Middle Class Economics: Cybersecurity Updated August 7, 2015 The President's 2016 Budget is designed to bring middle class economics into the 21st Century. This Budget shows what we can do if we invest
Safety by trust: British model of cyber security. David Wallace, First Secretary, Head of of the Policy Delivery Group British Embassy in Warsaw
Safety by trust: British model of cyber security David Wallace, First Secretary, Head of of the Policy Delivery Group British Embassy in Warsaw Strategy Structure Campaign Partnerships Strategy The UK
CYBER SECURITY STRATEGY AN OVERVIEW
CYBER SECURITY STRATEGY AN OVERVIEW Commonwealth of Australia 2009 This work is copyright. Apart from any use as permitted under the Copyright Act 1968, no part may be reproduced by any process without
Cyber security Indian perspective & Collaboration With EU
Cyber security Indian perspective & Collaboration With EU Abhishek Sharma, BIC IAG member, On behalf of Dr. A.S.A Krishnan, Sr. Director, Department of Electronics & Information Technology Government of
CYBER SECURITY STRATEGY OF THE CZECH REPUBLIC FOR THE 2011 2015 PERIOD
CYBER SECURITY STRATEGY OF THE CZECH REPUBLIC FOR THE 2011 2015 PERIOD The 2011 2015 Cyber Security Strategy of the Czech Republic is linked to the Security Strategy of the Czech Republic and reflects
Cyber Security Strategy of Georgia
Cyber Security Strategy of Georgia 1 1. Introduction The Government of Georgia publishes its Cyber Security Strategy for the first time. Large-scale cyber attacks launched by Russia against Georgia in
Cyber Security Strategy
NEW ZEALAND S Cyber Security Strategy 2015 A secure, resilient and prosperous online New Zealand Ministerial Foreword The internet and technology have become a fundamental element in our lives. We use
E-SECURITY REVIEW 2008 DISCUSSION PAPER FOR PUBLIC CONSULTATION
1. Introduction E-SECURITY REVIEW 2008 DISCUSSION PAPER FOR PUBLIC CONSULTATION Australia s national security and economic and social well-being rely upon the use and availability of a range of Information
C ETS C/ETS: CYBER INTELLIGENCE + ENTERPRISE SOLUTIONS CSCSS / ENTERPRISE TECHNOLOGY + SECURITY
CSCSS / ENTERPRISE TECHNOLOGY + SECURITY C/ETS: CYBER INTELLIGENCE + ENTERPRISE SOLUTIONS CENTRE FOR STRATEGIC CSCSS CYBERSPACE + SECURITY SCIENCE CSCSS / ENTERPRISE TECHNOLOGY + SECURITY GROUP Information
CYBER SECURITY GUIDANCE
CYBER SECURITY GUIDANCE With the pervasiveness of information technology (IT) and cyber networks systems in nearly every aspect of society, effectively securing the Nation s critical infrastructure requires
CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility
CYBER SECURITY AND RISK MANAGEMENT An Executive level responsibility Cyberspace poses risks as well as opportunities Cyber security risks are a constantly evolving threat to an organisation s ability to
CLOSING THE DOOR TO CYBER ATTACKS HOW ENTERPRISES CAN IMPLEMENT COMPREHENSIVE INFORMATION SECURITY
CLOSING THE DOOR TO CYBER ATTACKS HOW ENTERPRISES CAN IMPLEMENT COMPREHENSIVE INFORMATION SECURITY CLOSING THE DOOR TO CYBER ATTACKS Cybersecurity and information security have become key challenges for
IT Professional Standards. Information Security Discipline. Sub-discipline 605 Information Security Testing and Information Assurance Methodologies
IT Professional Standards Information Security Discipline Sub-discipline 605 Information Security Testing and Information Assurance Methodologies December 2012 Draft Version 0.6 DOCUMENT REVIEW Document
Cyber security is a shared responsibility and each of us has a role to play in making it safer, more secure and resilient.
Overview of Cyber Security: Our daily life, economic vitality, and national security depend on a stable, safe, and resilient cyberspace. We rely on this vast array of networks to communicate and travel,
NICE and Framework Overview
NICE and Framework Overview Bill Newhouse NIST NICE Leadership Team Computer Security Division Information Technology Lab National Institute of Standards and Technology TABLE OF CONTENTS Introduction to
Internet Safety and Security: Strategies for Building an Internet Safety Wall
Internet Safety and Security: Strategies for Building an Internet Safety Wall Sylvanus A. EHIKIOYA, PhD Director, New Media & Information Security Nigerian Communications Commission Abuja, NIGERIA Internet
The Comprehensive National Cybersecurity Initiative
The Comprehensive National Cybersecurity Initiative President Obama has identified cybersecurity as one of the most serious economic and national security challenges we face as a nation, but one that we
A Detailed Strategy for Managing Corporation Cyber War Security
A Detailed Strategy for Managing Corporation Cyber War Security Walid Al-Ahmad Department of Computer Science, Gulf University for Science & Technology Kuwait alahmed.w@gust.edu.kw ABSTRACT Modern corporations
Legislative Council Panel on Information Technology and Broadcasting. Information Security
For Information on 8 July 2013 LC Paper No. CB(4)834/12-13(05) Legislative Council Panel on Information Technology and Broadcasting Information Security Purpose This paper updates Members on the latest
Commonwealth Approach to Cybergovernance and Cybersecurity. By the Commonwealth Telecommunications Organisation
Commonwealth Approach to Cybergovernance and Cybersecurity By the Commonwealth Telecommunications Organisation Trends in Cyberspace Cyberspace provides access to ICT Bridging the digital divide and influencing
Security Management Systems (SEMS) for Air Transport Operators. Executive Summary
Security Management Systems (SEMS) for Air Transport Operators Executive Summary March 2011 Security Management Systems (SeMS) for Air Transport Operators Introduction and Scope Executive Summary In early
For Discussion Paper No. 9/2011 on 3 November 2011 DIGITAL 21 STRATEGY ADVISORY COMMITTEE. Cyber Security
For Discussion Paper No. 9/2011 on 3 November 2011 DIGITAL 21 STRATEGY ADVISORY COMMITTEE Cyber Security Purpose This paper briefs Members on the global cyber security outlook facing governments of some
JOB ANNOUNCEMENT. Chief Security Officer, Cheniere Energy, Inc.
JOB ANNOUNCEMENT Chief Security Officer, Cheniere Energy, Inc. Position Overview The Vice President and Chief Security Risk Officer (CSRO) reports to the Chairman, Chief Executive Officer and President
National Initiative for Cyber Security Education
2014/PPWE/SEM2/007 Agenda Item: 5 National Initiative for Cyber Security Education Submitted by: United States Women Business and Smart Technology Seminar Beijing, China 23 May 2014 NICE OVERVIEW Women
NATIONAL CYBERSECURITY STRATEGIES: AUSTRALIA AND CANADA
NATIONAL CYBERSECURITY STRATEGIES: AUSTRALIA AND CANADA JOÃO MANUEL ASSIS BARBAS Coronel de Artilharia. Assessor de Estudos do IDN INTRODUCTION Globalization and information and communication technologies
The National Cybersecurity Workforce Framework. 2015 Delaware Cyber Security Workshop September 29, 2015
The National Cybersecurity Workforce Framework 2015 Delaware Cyber Security Workshop September 29, 2015 Bill Newhouse NICE Program Office at the National Institute of Standards and Technology NICE is a
CYBER SECURITY AND CYBER DEFENCE IN THE EUROPEAN UNION OPPORTUNITIES, SYNERGIES AND CHALLENGES
CYBER SECURITY AND CYBER DEFENCE IN THE EUROPEAN UNION OPPORTUNITIES, SYNERGIES AND CHALLENGES By Wolfgang Röhrig, Programme Manager Cyber Defence at EDA and Wg Cdr Rob Smeaton, Cyber Defence Staff Officer
Technology and Cyber Resilience Benchmarking Report 2012. December 2013
Technology and Cyber Resilience Benchmarking Report 2012 December 2013 1 Foreword by Andrew Gracie Executive Director, Special Resolution Unit, Bank of England On behalf of the UK Financial Authorities
Government response to the AIV/CAVV report on cyber warfare
Government response to the AIV/CAVV report on cyber warfare On 17 January 2012 a joint committee of members of the Advisory Council on International Affairs (AIV) and the Advisory Committee on Issues of
Cyberspace Situational Awarness in National Security System
Cyberspace Situational Awarness in National Security System Rafał Piotrowski, Joanna Sliwa, Military Communication Institute C4I Systems Department Zegrze, Poland, r.piotrowski@wil.waw.pl, j.sliwa@wil.waw.pl
Cyber Security Operations Centre Reveal Their Secrets - Protect Our Own Defence Signals Directorate
Cyber Security Operations Centre Reveal Their Secrets - Protect Our Own Defence Signals Directorate Contents Message from the Director 3 Cyber Security Operations Centre 5 Cyber Security Strategy 7 Conversation
On the European experience in critical infrastructure protection
DCAF a centre for security, development and the rule of law On the European experience in critical infrastructure protection Valeri R. RATCHEV ratchevv@yahoo.com @ratchevv DCAF/CSDM 1 This presentation
NEW ZEALAND S CYBER SECURITY STRATEGY
Appendix 1 NEW ZEALAND S CYBER SECURITY STRATEGY June 2011 New Zealand Government 7 June 2011 ISBN: 978-0-478-38200-6 www.med.govt.nz/cyberstrategy MED11 Foreword from the Minister The Internet and digital
Cyber Defence Capability Assessment Tool (CDCAT ) Improving cyber security preparedness through risk and vulnerability analysis
Cyber Defence Capability Assessment Tool (CDCAT ) Improving cyber security preparedness through risk and vulnerability analysis An analogue approach to a digital world What foundations is CDCAT built on?
Developing a National Strategy for Cybersecurity FOUNDATIONS FOR SECURITY, GROWTH, AND INNOVATION. Cristin Flynn Goodwin J.
Developing a National Strategy for Cybersecurity FOUNDATIONS FOR SECURITY, GROWTH, AND INNOVATION Cristin Flynn Goodwin J. Paul Nicholas October 2013 Contents Executive Summary... 3 What Is a National
Department of Homeland Security
Department of Homeland Security Cybersecurity Awareness for Colleges and Universities EDUCAUSE Live! July 24, 2014 Overview Dramatic increase in cyber intrusions, data breaches, and attacks at institutions
CYBER SECURITY THREATS AND RESPONSES
CYBER SECURITY THREATS AND RESPONSES AT GLOBAL, NATION-STATE, INDUSTRY AND INDIVIDUAL LEVELS Heli Tiirmaa-Klaar* Although cyber security has accompanied the ICT sector since the first computer systems
EU Cybersecurity: Ensuring Trust in the European Digital Economy
EU Cybersecurity: Ensuring Trust in the European Digital Economy Synthesis of the FIC Breakfast-Debate 15 October 2013, Brussels With the participation of Tunne Kelam Member of the European Parliament'
evolving nature of cyber security risks
Managing the evolving nature of cyber security risks NatWest Trustee & Depositary Service Fund Management Industry Conference 21 April 2016 Agenda 1. Overview of the cyber security landscape 2. Cyber security
How do we Police Cyber Crime?
How do we Police Cyber Crime? Thursday 4 th June 2015 Craig Jones, SEROCU Presentation Content UK policing cyber crime programme Cyber threat landscape and impact Cyber business resilience Future Challenges
Business Continuity Management Framework 2014 2017
Business Continuity Management Framework 2014 2017 Blackpool Council Business Continuity Framework V3.0 Page 1 of 13 CONTENTS 1.0 Forward 03 2.0 Administration 04 3.0 Policy 05 4.0 Business Continuity
Accenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges
Accenture Intelligent Security for the Digital Enterprise Archer s important role in solving today's pressing security challenges The opportunity to improve cyber security has never been greater 229 2,287
www.pwc.co.uk Cyber security Building confidence in your digital future
www.pwc.co.uk Cyber security Building confidence in your digital future November 2013 Contents 1 Confidence in your digital future 2 Our point of view 3 Building confidence 4 Our services Confidence in
Commonwealth IT Threat Management: Keeping Out the Cyber Villains Category: Cyber Security Initiatives. Initiation date: January 2012
Commonwealth IT Threat Management: Keeping Out the Cyber Villains Category: Cyber Security Initiatives Initiation date: January 2012 Completion date: June 2012 Nomination submitted by: Samuel A. Nixon
OUTCOME OF PROCEEDINGS
Council of the European Union Brussels, 18 November 2014 15585/14 COPS 303 POLMIL 103 CYBER 61 RELEX 934 JAI 880 TELECOM 210 CSC 249 CIS 13 COSI 114 OUTCOME OF PROCEEDINGS From: Council On: 17 18 November
Cyber Crime ACC Crime
AGENDA ITEM 10 STRATEGIC POLICING AND CRIME BOARD 3 rd December 2013 Cyber Crime ACC Crime PURPOSE OF REPORT 1. The purpose of this report is to provide members of the Strategic Police and Crime Board
Cyber Side-Effects: How Secure is the Personal Information Entered into the Flawed Healthcare.gov? Statement for the Record
Cyber Side-Effects: How Secure is the Personal Information Entered into the Flawed Healthcare.gov? Statement for the Record Roberta Stempfley Acting Assistant Secretary for Cybersecurity and Communications
Business Continuity for Cyber Threat
Business Continuity for Cyber Threat April 1, 2014 Workshop Session #3 3:00 5:30 PM Susan Rogers, MBCP, MBCI Cyberwise CP S2 What happens when a computer program can activate physical machinery? Between
Cyber Incident Annex. Cooperating Agencies: Coordinating Agencies:
Cyber Incident Annex Coordinating Agencies: Department of Defense Department of Homeland Security/Information Analysis and Infrastructure Protection/National Cyber Security Division Department of Justice
MALTA NATIONAL CYBER SECURITY STRATEGY GREEN PAPER
MALTA NATIONAL CYBER SECURITY STRATEGY GREEN PAPER MALTA NATIONAL CYBER SECURITY STRATEGY GREEN PAPER CONTENTS Minister s Forward Executive Summary 1 Background 2 Purpose and Scope 9 The Consultation Process
Icelandic National Cyber Security Strategy 2015 2026 Plan of action 2015 2018
Icelandic National Cyber Security Strategy 2015 2026 Plan of action 2015 2018 Summary in English of the Icelandic National Cyber Security Strategy approved by the Minister of the Interior in April 2015
Information Security Summit 2005
Information Security Summit 2005 Forensically Sound Information Security Management in a Risk Compliance Era Keynote Opening Address by Mr. Howard C Dickson Government Chief Information Officer Government
Cyber Security for audit committees
AUDIT COMMITTEE INSTITUTE Cyber Security for audit committees An introduction kpmg.com/globalaci 2 Audit Committee Institute An introduction to cyber security for audit committees Audit committees have
Cyber Security Strategy for Germany
Cyber Security Strategy for Germany Contents Introduction 2 IT threat assessment 3 Framework conditions 4 Basic principles of the Cyber Security Strategy 4 Strategic objectives and measures 6 Sustainable
Cybersecurity: Mission integration to protect your assets
Cybersecurity: Mission integration to protect your assets C Y B E R S O L U T I O N S P O L I C Y O P E R AT I O N S P E O P L E T E C H N O L O G Y M A N A G E M E N T Ready for what s next Cyber solutions
ITU National Cybersecurity/CIIP Self-Assessment Tool
ITU National Cybersecurity/CIIP Self-Assessment Tool ICT Applications and Cybersecurity Division Policies and Strategies Department ITU Telecommunication Development Sector April 2009 Revised Draft For
GOVERNMENT OF THE REPUBLIC OF LITHUANIA
GOVERNMENT OF THE REPUBLIC OF LITHUANIA RESOLUTION NO 796 of 29 June 2011 ON THE APPROVAL OF THE PROGRAMME FOR THE DEVELOPMENT OF ELECTRONIC INFORMATION SECURITY (CYBER-SECURITY) FOR 20112019 Vilnius For
Address C-level Cybersecurity issues to enable and secure Digital transformation
Home Overview Challenges Global Resource Growth Impacting Industries Address C-level Cybersecurity issues to enable and secure Digital transformation We support cybersecurity transformations with assessments,
Suzanne B. Schwartz, MD, MBA Director Emergency Preparedness/Operations & Medical Countermeasures (EMCM Program) CDRH/FDA
8 th Annual Safeguarding Health Information: Building Assurance through HIPAA Security HHS Office of Civil Rights and National Institute of Standards & Technology Wednesday September 2, 2015 Suzanne B.
Water Critical Infrastructure and Key Resources Sector-Specific Plan as input to the National Infrastructure Protection Plan Executive Summary
Water Critical Infrastructure and Key Resources Sector-Specific Plan as input to the National Infrastructure Protection Plan Executive Summary May 2007 Environmental Protection Agency Executive Summary
Keynote. Professor Russ Davis Chairperson IC4MF & Work Shop Coordinator for Coordinator for Technology, Innovation and Exploitation.
Keynote Professor Russ Davis Chairperson IC4MF & Work Shop Coordinator for Coordinator for Technology, Innovation and Exploitation 6 & 7 Nov 2013 So many of us now don t just work online but live part
The Danish Cyber and Information Security Strategy
February 2015 The Danish Cyber and Information Security Strategy 1. Introduction In December 2014 the Government presented a National Cyber and Information Security Strategy containing 27 government initiatives
1 Cyberspace and Security
1 Cyberspace and Security 1 Paper by Deputy Secretary of Defense William J. Lynn, Defending a New Domain: The Pentagon s Cyber Strategy, Foreign Affairs (Sep Oct 2010). In addition, an annual report by
------------------------------------------------------------------------------------------------------------------------
WRITTEN MINISTERIAL STATEMENT CABINET OFFICE 3 RD DECEMBER 2012 Minister for the Cabinet Office and Paymaster General: Progress on the UK Cyber Security Strategy: Protecting and Promoting the UK in a Digital
Information Guide. 2011 Version 1.0
Information Guide 2011 Version 1.0 NMIC - National Maritime Information Centre Contents WELCOME...2 1.0 INTRODUCTION...3 1.1 What is the NMIC?...3 2.0 NMIC VISION, MISSION STATEMENT & CHARTER...4 2.1
Defending yesterday. Financial Services. Key findings from The Global State of Information Security Survey 2014
www.pwc.com/security Defending yesterday While organizations have made significant security improvements, they have not kept pace with today s determined adversaries. As a result, many rely on yesterday
National Cyber Crime Unit
National Cyber Crime Unit Kevin Williams Partnership Engagement & National Cyber Capabilities Programme Kevin.Williams@nca.x.gsi.gov.uk Official Problem or opportunity Office for National Statistics In
Training Courses Catalog 2015
Training Courses Catalog 2015 Office of Homeland Security Tennessee Department of Safety & Homeland Security Homeland Security Training January 2015 Law Enforcement and Public Safety Courses Introduction
Microsoft s cybersecurity commitment
Microsoft s cybersecurity commitment Published January 2015 At Microsoft, we take the security and privacy of our customers data seriously. This focus has been core to our culture for more than a decade
Pol 24/15 Appendix 2. National Policing Fraud Protect Strategy
National Policing Fraud Protect Strategy Draft prepared by the National Police Coordinator for Economic Crime V2.1 February 2015 1 PROTECTING THE COMMUNITY FROM FRAUD Introduction: This is the draft National
Sytorus Information Security Assessment Overview
Sytorus Information Assessment Overview Contents Contents 2 Section 1: Our Understanding of the challenge 3 1 The Challenge 4 Section 2: IT-CMF 5 2 The IT-CMF 6 Section 3: Information Management (ISM)
SENATE STANDING COMMITTEE ON LEGAL AND CONSTITUTIONAL AFFAIRS AUSTRALIAN FEDERAL POLICE. Question No. 100
SENATE STANDING COMMITTEE ON LEGAL AND CONSTITUTIONAL AFFAIRS AUSTRALIAN FEDERAL POLICE Question No. 100 Senator McKenzie asked the following question at the hearing on 24 May 2012: a) How do you define
Strategic Priorities for the Cooperation against Cybercrime in the Eastern Partnership Region
CyberCrime@EAP EU/COE Eastern Partnership Council of Europe Facility: Cooperation against Cybercrime Strategic Priorities for the Cooperation against Cybercrime in the Eastern Partnership Region Adopted
SYMANTEC CYBERV ASSESSMENT SERVICE OVER THE HORIZON VISIBILITY INTO YOUR CYBER RESILIENCE MORE FOCUS, LESS RISK.
SYMANTEC CYBERV ASSESSMENT SERVICE OVER THE HORIZON VISIBILITY INTO YOUR CYBER RESILIENCE Cyberspace the always-on, technologically hyperconnected world offers unprecedented opportunities for connectivity,
Information Security Management System for Microsoft s Cloud Infrastructure
Information Security Management System for Microsoft s Cloud Infrastructure Online Services Security and Compliance Executive summary Contents Executive summary 1 Information Security Management System
REPORT. Next steps in cyber security
REPORT March 2015 Contents Executive summary...3 The Deloitte and Efma questionnaire...5 Level of awareness...5 Level of significance...8 Level of implementation...11 Gap identification and concerns...15
CAPACITY BUILDING TO STRENGTHEN CYBERSECURITY. Sazali Sukardi Vice President Research CyberSecurity Malaysia
CAPACITY BUILDING TO STRENGTHEN CYBERSECURITY by Sazali Sukardi Vice President Research CyberSecurity Malaysia SCOPE INTRODUCTION CYBER SECURITY INCIDENTS IN MALAYSIA CAPACITY BUILDING The Council For
Managed Security Services
Proactive Real-Time Monitoring and Risk Management Managed Security Services NCS Group Offices Australia Bahrain Brunei China Dubai Hong Kong SAR Korea Malaysia Philippines Singapore Sri Lanka Understanding