CYBER SECURITY. Marcin Olender Head of Unit Information Society Department

Transcription

1 CYBER SECURITY Marcin Olender Head of Unit Information Society Department 1

2 MINISTRY OF ADMINISTRATION AND DIGITIZATION OF POLAND The areas of our activity: The Ministry was established on 18 November 2011 Administration; Co-operation between the government and local government units; Coordinating disaster prevention and recovery; Telecommunications; Digitization; Postal services; National and ethnic minorities and religious institutions; Public collection of money and goods; 2

3 MAiC DIGITAL AREA INFORMATION SOCIETY: coordination of tasks related to the development of information society undertaken by the institutions carrying out public assignments, as well as supporting non-governmental initiatives matters related to preventing digital exclusion and to applying digital technology in information society; shaping policies related to the management of access to public information and its further use, as well as creating the fundaments for building the so-called open government ; INFORMATIZATION: recommending strategic tasks of the state, standards and guidelines concerning the computerisation of public administration between the government and local government units Designing the legal, organisational and technological fundaments for the development of the computerisation of public administration TELECOMUNICATION: co-operation with the International Telecommunication Union (ITU); coordinating the construction of broadband networks in Poland, CYBERSPACE: passive actions, coordinator for implementing PBC 3

4 DIVISION OF CYBERSPACE Cyberdefence Cyberwarfare Ministry of of Administration and Digitization Cyberespionage Cybersecurity Działania proaktywne CYBER Działania reaktywne DBTI.gov Cyberterrorism passive measures Cybersafety Cybercrime Cooperation with: RCB, NASK

5 DDoS ATTACKS AGAINST POLISH GOVERNMENT WEBSITES January 2012 r. multiple attacks targeting websites in gov.pl domain Protests against the ACTA treaty rallied by Anonymous group (distibuted LOIC attack) Websites of the Polish Parliament, The Chancellery of the Prime Minister, Ministry of Foreign Affairs and The Ministry of Culture and National Heritage and many others were taken down. 5

6 CYBERSPACE PROTECTION POLICY OF THE REPUBLIC OF POLAND - 1 The document was developped in close cooperation between Ministry of Administration and Digitization and Internal Security Agency Adopted by the Council of Ministers on the 25th of June

7 CYBERSPACE PROTECTION POLICY OF THE REPUBLIC OF POLAND - 2 SPECIFIC OBJECTIVES: Increasing the level of security of the State ICT infrastructure by improving the capacity to prevent and combat threats from cyberspace Reducing the impact of incidents threatening ICT security Determining the competence of entities responsible for the security of cyberspace Creating and implementing a coherent system of cyberspace security management for all government administration entities and establishing guidelines in this area for non-state actors Creating a sustainable system of coordination and exchange of information between the entities responsible for the security of cyberspace and the cyberspace users Increasing awareness of the cyberspace users on the methods and safety measures in cyberspace 7

8 THE MAIN LINES OF ACTION Risk assesement Security of Government portals and systems - plenipotentiaries Education, learning and awareness raising (higher education courses, govt staff training, social campaigns) Technical actions (research programmes, strengthening of govt. CERTs and cooperation mechanisms incl. early warning mechanisms) Setting up a cyber council (pending) Legislative actions 8

9 METHODS AND FORMS OF COOPERATION For the protection of cyberspace forms of cooperation between the authorities responsible for the security of cyberspace and responsible for combating computer crime of criminal nature should be developed: - enterprises active in important fields such as transport, energy and other utiliteis, information society services etc - manufacturers and providers of ICT equipment and systems - telecommunication networks operators 9

10 NETWORK AND INFORMATION SECURITY DIRECTIVE MAIN CONCEPTS AND RAMIFICATIONS Mimimal institutional harmonisation: designated authority (MaiC) and national CERTs Cooperation network (mechanism?) between member states, including early warning and coordinated response to incidents Expansion of obligations to new sectors (financial, health, infosoc providers?) Designated authority to be invested with binding decision-making powers Implementation in Poland will require legislative action A new Cybersecurity strategy Reorganisation of current framework possible 10

11 THANK YOU FOR YOUR ATTENTION 11