Toward A Closer Digital Alliance Presented at: GOVCERT.NL Symposium 2010 by: Melissa Hathaway HathawayGlobalStrategies@gmail.com
2020 Visions are Not Aligned NATO 2020: ASSURED SECURITY; DYNAMIC ENGAGEMENT ANALYSIS AND RECOMMENDATIONS OF THE GROUP OF EXPERTS ON A NEW STRATEGIC CONCEPT FOR NATO 17 MAY 2010 17 May 2010 19 May 2010
Reinforce Coordination of Economic and Security Policies Harmonize information communications technology initiatives Promote greater digital interoperability Enhance Internet trust, access, and security Enable broadband (high speed Internet access) Focus and fund research and development Provide for mutual assistance through better information sharing Undertake crisis response operations within, along, and beyond borders
Mobile Connectivity Drives New ways to do Old things faster, cheaper, better. More Connected--Real-time 24x7 connectivity, in palm of hand More Affordable--WiFi nearly ubiquitous in many developed markets Faster--low latency for boot-up, search, connect and pay Fun to Use--Social, casual gaming, advanced marketing Access to Everything--Music, video, data, stuff in cloud
Gives Way to Faster Exploit and Attack Paths The cross border flows of goods, services, people, technology, ideas and information are being limited by those who want to exploit these channels for crime and conflict.
The Tools Are Common JR02-2009 Tracking GhostNet: Volume 3, Number 1 Investigating a Cyber Espionage Network The State of the Internet 1st Quarter, 2010 Report Information Warfare Monitor March 29, 2009 J A N U A R Y 2 0 1 0 Contested Commons: The Future of American Power in a Multipolar World Edited by Abraham M. Denmark and Dr. James Mulvenon Contributing Authors: Abraham M. Denmark, Dr. James Mulvenon, Frank Hoffman, Lt Col Kelly Martin (USAF), Oliver Fritz, Eric Sterner, Dr. Greg Rattray, Chris Evans, Jason Healey, Robert D. Kaplan Securing Europe s Information Society General Report 2009 http://www.infowar-monitor.net/ghostnet http://www.tracking-ghost.nett UK Security Breach Investigations Report An Analysis of Data Compromise Cases 2010 2009 DRIVING FORCES, UNCERTAINTIES, and FOUR SCENARIOS TO 2025 Conducted by The 7th Annual e-crime Congress Supported By in partnership with!
Opponents Exploit the Mission Seams Governments organize by mission and often defensive strategies in one mission area are not shared with other missions. Securing our national networks and infrastructures requires building trust relationships: Private-Public; Private-Private; and Public Public.
Aligning Private and Public Interests Information communications infrastructure has become valuable to society over and above its value to the corporations that own and control it--and therefore--security must be demanded by the public sector: laws, policies, taxes, procurement incentives, regulations, liabilities, subsidies, or other market levers
Synchronizing May be Difficult Speed or Rhythm? Synchronization is Difficult if Moving at Different Pace with Different Priorities
Contributions to the Partnership Public Sector Private Sector Laws, Policies, Regulation, Incentives Access to Sensitive/ Proprietary Data Access to Classified Information Operational Responsibility of Core Infrastructures Interface/cooperation with other governments (treaty and multilateral agreements) Interface/cooperation with other private sector entities Money Money
Alliance Partners Priorities Differ Internet Service Providers assume more responsibility for hygiene and health of National Infrastructure Corporations assume more responsibility for data protection Governments assume broader mission of continuous surveillance of networks Regulation, Policy, Law...
Mutual Assistance, Information Sharing, Assured Survivability The Alliance must contribute to the broader security of the entire Euro-Atlantic region What is NATO s role as the defender of its own interests when the policies, technologies, and expertise resides in civilian and private holdings-- and not the military s area of influence? How are areas of common concern defined and information shared prior to a time of crisis, when the knowledge resides in private corporations? How do we distinguish between private and public property?
Leveraging the Public Infrastructure Illicit and illegal activities ignore national boundaries Broadband--Telecommunications or Internet? Assured Essential Services Cloud Computing--Rapid provisioning, global access, minimal management--at expense of security? Operation Aurora Cooperative approaches for electronic evidence gathering, jurisdictional adjudication, enlisting private sector talent, conscripting ISPs, and aligning data protection regulatory frameworks
What is an Act of Armed Aggression? Conscripted Computers Use of Civilian Infrastructure Combatant vice Non-Combatant Response Doctrine, Proportional Response, Attribution
Pooling Funds in a Fiscally Constrained Environment The Euro-Atlantic Alliance would benefit from a strategic Agenda of Intellectual Federalization Partner in R&D Nearly 11 bn Pursued by academic institutions, small businesses, and multi-national companies
Pooling Funds in a Fiscally Constrained Environment The Euro-Atlantic Alliance would benefit from a strategic Agenda of Intellectual Federalization Partner in R&D Nearly 11 bn Pursued by academic institutions, small businesses, and multi-national companies
Aligning Strategy with Execution-Europe Restore secure and safety in time of crisis Community research E U R O P E A N COMMISSION Improve security systems integration, interconnectivity, and interoperability, Increase security of infrastructure and utilities FP7 in Brief How to get involved in the EU 7 th Framework Programme for Research a pocket guide for newcomers
Aligning Strategy with Execution-United States Improve trust and integrity of on-line transactions Increase survivability of time-critical systems A Roadmap for Cybersecurity Research Improve situation awareness and attack attribution Determine provenance of data, information, systems software and hardware November 2009
International Alignment is Required Too Secretary-General of the U.N. International Telecommunications Union (ITU), has called for a comprehensive cyber treaty that would have a built-in legal and regulatory framework, as well as crosscontinent contingency plans in the event of large-scale cyber attacks. ICANN appeal for preserving security, stability and resiliency related to matters of DNS and ensuring appropriate contingency planning EU and NATO Lisbon Summits (11/2010) may place Information Security and Cyber Defense as top priority G-20, Council of Europe, others all working aspects
Progress Takes Time Build trust and pursue an inclusive strategy Demand partnership and recognize role of private sector Seek digital interoperability and build digital bridges Gain situation awareness Improve response coordination Improve resiliency
My Ask Identify the seams between economic and national security goals Consider yourself a Security Advisor to the economic initiatives - lead the discussion, tell a simple story Identify at least one industry partner that can improve our defensive posture and act
SAIS Review: Cybersecurity http://www.sais-jhu.edu/publications/ saisreview/current/hathaway.html