The Cyber Security Challenge: What Can be Done?

Similar documents
Cybersecurity. Canisius College

Cyber Diplomacy A New Component of Foreign Policy 6

Harmful Interference into Satellite Telecommunications by Cyber Attack

Achieving Global Cyber Security Through Collaboration

The BGF-G7 Summit Initiative Ise-Shima Norms

TUNIS COMMITMENT. Document WSIS-05/TUNIS/DOC/7 -E 18 November 2005 Original: English

How Effective are International Approaches for Global Cyber Security?

Cybersecurity & International Relations. Assist. Prof. D. ARIKAN AÇAR, Ph.D. Department of International Relations, Yaşar University, Turkey.

Work of the UN first Committee

Cybersecurity Global status update. Dr. Hamadoun I. Touré Secretary-General, ITU

VIENNA MODEL UNITED NATIONS CLUB

Germany: Report on Developments in the Field of Information and Telecommunications in the Context of International Security (RES 69/28),

Cyber defence in the EU Preparing for cyber warfare?

Cyber Security Strategy of Georgia

Information and Communications Technology Supply Chain Risk Management (ICT SCRM) AND NIST Cybersecurity Framework

UN Emergency Summit on Cyber Security Topic Abstract

Cyber Defense and Cyber Security Policies in the UK and Germany

Research Note Engaging in Cyber Warfare

ICT4Peace: Strategic use of ICT for Crisis Management 1 High- Level Working Lunch, 15 th November 2007

UNCLASSIFIED. Executive Cyber Intelligence Bi-Weekly Report by INSS-CSFI. June 15th, 2015

Five Principles for Shaping Cybersecurity Norms

Toward a Deeper and Broader U.S.-Japan Alliance: Building on 50 Years of Partnership

ENISA: Cybersecurity policy in Energy Dr. Andreas Mitrakas, LL.M., M.Sc., Head of Unit Quality & data mgt

CONFIDENCE BUILDING MEASURES AND INTERNATIONAL CYBER SECURITY

NATO & Cyber Conflict: Background & Challenges

Confrontation or Collaboration?

"Cyber War or Electronic Espionage - Active Defense or Hack Back" David Willson Attorney at Law, CISSP Assess & Protect Corporate Information

Cyber Security Strategy

A Reluctant Cyber Security Agreement between the US and China

New Battlegrounds: The Future of Cyber Security and Cyber Warfare

Working Towards the 2020 Tokyo Olympics

PROPOSAL 20. Resolution 130 of Marrakesh on the role of ITU in information and communication network security

(U) Appendix E: Case for Developing an International Cybersecurity Policy Framework

General Assembly. United Nations A/66/359

Internet Safety and Security: Strategies for Building an Internet Safety Wall

The OSCE Efforts in the Field of Cyber Security and Protecting Critical Energy Infrastructure from Terrorist Attacks

U.S.-Japan Cooperation in Cybersecurity

Session 4: Programmes: the Core of the 10YFP

It's a MAD, MAD, MAD Cyber World

National Cyber Security Policy -2013

General Assembly. United Nations A/69/723

Adopted by the Security Council at its 5430th meeting, on 28 April 2006

RUSSIA CHINA NEXUS IN CYBER SPACE

DECISION No DEPLOYMENT OF AN OSCE SPECIAL MONITORING MISSION TO UKRAINE

DECLARATION STRENGTHENING CYBER-SECURITY IN THE AMERICAS

STATEMENT OF MR. THOMAS ATKIN ACTING ASSISTANT SECRETARY OF DEFENSE FOR HOMELAND DEFENSE AND GLOBAL SECURITY OFFICE OF THE SECRETARY OF DEFENSE;

Cyberterror. Cyberspace computer-mediated communication systems has become a battleground between states and terrorists, and among nation states.

BORDER SECURITY AND MANAGEMENT CONCEPT

CYBER SECURITY THREATS AND RESPONSES

GLOBAL CONFERENCE ON CYBERSPACE 2015 CHAIR S STATEMENT

THE CURRENT GLOBAL THREATS TO CYBERSPACE SECURITY

Statement for the Record. Richard Bejtlich. Chief Security Strategist. FireEye, Inc. Before the. U.S. House of Representatives

Security concerns and the desire to reduce fossil fuel emissions have led the United Nations to take up the topic of nuclear power.

DIGITAL DEVELOPMENT DEBATES

CYBERSPACE SECURITY CONTINUUM

THANK YOU TO IANPHI FOR INVITING THE WORLD FEDERATION OF PUBLIC HEALTH ASSOCIATIONS. Professor Bettina Borisch, MD, MPH, FRCPath

Michael Yakushev PIR-Center, Moscow (Russia)

The Guidelines for U.S.-Japan Defense Cooperation April 27, 2015

BRUNEI DARUSSALAM'S SECURITY CONCEPTS AND PERCEPTIONS

"The European Union's Security Architecture and its role to strengthen Peace and Security"

ODUMUNC 39. Disarmament and International Security Committee. The Future of Cyber Intelligence. By: Joseph Espinoza

Main Research Gaps in Cyber Security

UN Global Compact Business for Peace (B4P): A Business Leadership Pla?orm

NEW MEDIA TOOLS AND TECHNIQUES IN CIVILIAN CRISIS MANAGEMENT

Cybersecurity: Taking Stock and Looking Ahead

THE WHITE HOUSE Office of the Press Secretary. Annex to U.S. - Gulf Cooperation Council Camp David Joint Statement

The International Context for Cybersecurity

working group on foreign policy and grand strategy

Internet security: Shutting the doors to keep hackers off your network

The main object of my research is :

CSCAP MEMORANDUM NO. 24 Safety and Security of Vital Undersea Communications Infrastructure

The Arms Trade Treaty

The final version of the Cyber Security Strategy and Action Plan note the following priorities to be implemented in :

Unifying Incident Response Teams Via Multi Lateral Cyber Exercise for Mitigating Cros Border Incidents: Malaysia CERT Case Study

The UK cyber security strategy: Landscape review. Cross-government

Andrzej Kozłowski Research Fellow Casimir pulaski Foundation. The cyber strikes back the retaliation against the cyberattack

peace, Security and Development in BRICS

NATIONAL CYBERSECURITY STRATEGIES: AUSTRALIA AND CANADA

Declaration of Principles of the World Summit. Tunis in 2005 adopted by Heads of States and Governments stated that:

The Cancer Running Through IT Cybercrime and Information Security

Business Continuity for Cyber Threat

Cyber Security Strategy for Germany

ITU National Cybersecurity/CIIP Self-Assessment Tool

Hybrid Warfare & Cyber Defence

Adopted by the Security Council at its 5916th meeting, on 19 June 2008

Offensive capabilities

A Community Position paper on. Law of CyberWar. Paul Shaw. 12 October Author note

AN INSIGHT TO CYBER WORLD WITH PROF. MICHAEL E.SMITH

Question of Cyber security Maria Paek (President)

the Council of Councils initiative

DECISION No OSCE STRATEGIC FRAMEWORK FOR POLICE-RELATED ACTIVITIES

Federal Bureau of Investigation. Los Angeles Field Office Computer Crime Squad

Confidence-building and international agreement in cybersecurity

A New Obstacle For Cyberinsurance Coverage

22 ND ANNUAL MEETING OF THE ASIA-PACIFIC PARLIAMENTARY FORUM RESOLUTION APPF22/RES 01

Summary. Russian-Dutch Bilateral Seminar

Trends Concerning Cyberspace

James R. Clapper. Director of National Intelligence

NEW MEDIA TOOLS AND TECHNIQUES IN CIVILIAN CRISIS MANAGEMENT

Today s Global Cyber Security Status and Trustworthy Systems That Leverage Distrust Amongst Sovereigns

Transcription:

The Cyber Security Challenge: What Can be Done? Swiss Business Associa=on Singapore Grand HyaB, 22 October 2015 Presenta)on by Daniel Stauffacher President, ICT4Peace Founda=on www.ict4peace.org

Cybersecurity Incidents (Based on ar=cle by Wired Magazine: hbp://www.wired.co.uk/magazine/archive/ 2015/10/start/infoporn- cyberabacks- state- sponsored- hacking) 1. UNITED STATES 2001-2015: Target: the world. Seriously, the NSA's reach appears to be limitless, according to documents leaked by Edward Snowden, which describe a vast hacking opera=on aimed at subver=ng the internet's infrastructure. 2. UNITED STATES 2007: The US launched the Stuxnet worm against Iran to sabotage that country's nuclear program. Outcome: Stuxnet succeeded in briefly se^ng back the Iranian nuclear programme. The aback set a precedent for cyberwarfare: countries now launch digital assaults to resolve poli=cal disputes.

Cybersecurity Incidents (according to Wired Magazine) 3. CHINA2009-2011: China allegedly hacked Google, RSA Security and others to get the source code. The hackers who breached RSA obtained core data used in the company's two- factor authen=ca=on scheme used by governments and corpora=ons. 4. CHINA 2014: China breached several databases belonging to the US Office of Personnel Management. The hackers stole sensi=ve data, including Social Security numbers, rela=ng to more than 21 million people who had been interviewed for government background checks. 5. UNITED KINGDOM 2009-2013: The UK hacked Google's and Yahoo's undersea cables to siphon unencrypted traffic. According to documents leaked by Edward Snowden, the UK accessed data through taps of undersea cables belonging not just to these companies, but to major telecoms too.

Cybersecurity Incidents (according to Wired Magazine) 6. UNITED KINGDOM 2012: The UK's Government Communica=ons Headquarters (GHHQ) hacked Belgacom to monitor all mobile traffic passing through its routers. 7. NORTH KOREA 2014: Sony Pictures Entertainment was abacked. The US abributed it to North Korea and applied addi=onal sanc=ons against the country and specific officials. 8. ISRAEL 2014: Israel allegedly hacked Russian security firm Kaspersky Lab to obtain intel on its research about na=on- state abacks. It also struck venues in Europe where the UN Security Council met to nego=ate Iran's nuclear programm.

Cybersecurity Incidents (according to Wired Magazine) 9. ISRAEL 2012: Suspected of launching the Wiper aback against the Iranian oil ministry and the Na=onal Iranian Oil Company. 10. IRAN 2012: Iran allegedly launched a virus called Shamoon against oil conglomerate Saudi Aramco's computers. US officials blame Iran for the aback but have not produced evidence. 11. NORTH KOREA 2013: Computers in South Korea were struck by a logic bomb that caused data dele=on as well as preven=ng reboo=ng. South Korea blamed North Korea for the aback but it has never produced solid evidence.

Cybersecurity Incidents (according to Wired Magazine) 12 RUSSIA 2014: Russia allegedly hacked the US State Department and the White House. The abackers had access to unclassified emails for President Obama as well as non- public details about his schedule. 13. RUSSIA 2015: TV5Monde, a French- language broadcaster, is hacked - - reportedly by Russia. A group calling itself the CyberCaliphate took credit, but French officials have pointed the finger at the Kremlin. The hackers blacked out broadcas=ng for several hours and posted messages expressing support for ISIS to the TV channel's social- media accounts. 14. IRAN 2011-2012: Iran launched a series of denial- - of- service abacks on US banks. Although Izz ad- - Din al- Qassam Cyber Fighters took responsibility, US officials claimed Iran was retalia=ng for Stuxnet and UN sanc=ons.

The Cybersecurity Challenge Many states are pursuing military cyber- capabili)es: UNIDIR Cyber Index: more than 114 na=onal cyber security programs world- wide, more than 45 have cyber- security programs that give some role to the armed forces. A private can obtain, train and use cyber weapons of war. Damaging of a country s certain cri)cal infrastructure: power, transport, financial sector etc. is possible. The step from common crime to poli)cally mo)vated acts, even terrorism, is not far.

The Cybersecurity Challenge An exclusive, all- out cyber- war has not happened yet, but abacks have happened as part of conflicts: 2007 against Estonia, 2008 against Georgia, 2010 against Iran, 2013 against South Korea, 2014 in Ukraine. In the context of the Syrian war, denial- of- service abacks have been reported. However, Cyber Capabili=es do not fit tradi)onal security strategies (deterrence, denial), because: Problem of abribu=on of an aback Rapidly evolving technology produced and in the hands of the private sector Use of Non- State actors, Proxies Arms control agreements (so far) unrealis)c for cyber capabili=es Mul=ple actors, both state and non- state actors No commonly accepted defini=on of a cyber weapon so far

The Cyber Security Challenge: What Can be Done? These scenarios show that we need: to engage in an interna=onal discussion on the norms and principles of responsible state behavior in cyber space, including on the conduct of cyber warfare, and its possible exclusion or mi=ga=on (Tallinn Manual a beginning) In order to establish a universal understanding of the norms and principles of responsible state behavior in cyber space, we need to turn to the United Na)ons (such as UN GA, UNGGE, WSIS Geneva Ac=on Line 5) To prevent an escala)on we need to develop Confidence Building Measures (CBMs) (e.g. Bilateral Agreements, OSCE, ARF, UN GGE) We need Capacity Building at all levels (policy, diploma)c and technical) to include also developing and emerging countries

UN Group of Governmental Experts (GGE) on Cybersecurity 2015: First Set of Peace )me norms of responsible behaviour GGE report confirmed that interna=onal law, par=cularly the UN Charter, is applicable and essen=al to maintaining peace and stability and promo=ng an open, secure, peaceful and accessible ICT environment. A State should not conduct or knowingly support ICT that inten=onally damages cri=cal infrastructure or otherwise impairs the use and opera=on of cri=cal infrastructure to provide services to the public States should not knowingly allow their territory to be used for interna=onally wrongful acts using ICTs; States should consider how best to cooperate to exchange informa=on, assist each other, prosecute terrorist and criminal use of ICTs, and implement other coopera=ve measures to address such threats. At the same =me, efforts to address the security of ICTs would need to go hand- in- hand with respect for human rights and fundamental freedoms as set forth in the Universal Declara=on of Human Rights and other interna=onal instruments.

Cybersecurity and Resilient Internet International Processes: Council of Europe, OSCE, UN GGE, London, ARF Example CBMs

Confidence Building Measures: Important Progress at OSCE (CH Presidency) Nomina=ng contact points; Providing their na=onal views on various aspects of na=onal and transna=onal threats to and in the use of Informa=on and Communica=on Technologies; Facilita=ng co- opera=on among the competent na=onal bodies and exchanging informa=on; Holding consulta=ons in order to reduce the risks of mispercep=on, and of possible emergence of poli=cal or military tension or conflict that may stem from the use of Informa=on and Communica=on Technologies; Sharing informa=on on measures that they have taken to ensure an open, interoperable, secure, and reliable Internet, and on their na=onal organiza=on; strategies; policies and programs; Using the OSCE as a plarorm for dialogue, exchange of best prac=ces, awareness- raising and informa=on on capacity- building;

BILATERAL EFFORTS IN THE FIELD OF INTERNATIONAL AND REGIONAL SECURITY Track 1, 1.5 and 2 Dialogues

ICT4Peace Policy Research on Peace, Trust and Security in Cyberspace

ICT4Peace Cybersecurity policy and diplomacy capacity building program with different regional organisa)ons.

The Role of ICTs in Preventing, Responding to and Recovering from Conflict WSIS Tunis 2005 ICT4Peace/UN ICT Task Force (http://bit.ly/1br0ypi) 19

The UN World Summit on the Information Society (WSIS) in Tunis 2005 Paragraph 36 of the World Summit on the Information Society (WSIS) Tunis Declaration (2005): 36. We value the potential of ICTs to promote peace and to prevent conflict which, inter alia, negatively affects achieving development goals. ICTs can be used for identifying conflict situations through earlywarning systems preventing conflicts, promoting their peaceful resolution, supporting humanitarian action, including protection of civilians in armed conflicts, facilitating peacekeeping missions, and assisting post conflict peace-building and reconstruction between peoples, communities and stakeholders involved in crisis management, humanitarian aid and peacebuilding.

Thank you very much danielstauffacher@ict4peace.org

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information