Agenda Cyberspace Strategic Impact Social Risk Management Cyber and Cyber Defence Cyber Defense: NATO Vision Cyber Strategic Concept Conclusions Seminar Cyber : An Action to Establish the Cyber Center GNS - Lt Lisboa, Col Paulo 12 September Nunes 2013 2 Personal Access Networks Cyberspace dual nature: (social, economic, political and cultural interactions); (Internet). Physical and Logic Infrastructure Internet Connected! 3 Fonte: NNEC Lisboa Abril 2011 GNS, 12Set13 The Cloud Why? (Commercial) Technology Evolution Information Superiority Source: 6 1
Adapted from: 11-09-2013 Threat Spectrum Why are we attacked? Adapted from Symantec (2011) Mainly for: More disruptive and destructive Attacks Transações Comerciais Comércio Sexual Affect Functioning Information Theft Money Extortion Destruction Information Theft and Destruction Redes Terroristas Hackers Autoridades - Spam - DDOS Atacks - Phishing - Sensitive Information ex: personal data and home banking - Blackmail - Spearphishing - Hackitivism - Cyber-Sabotage - Spying - Cyber Warfare Examples: Rustock Zeus Rogue AV Stuxnet Flame Cyber Arms 8 Mobile Threats Warfare Dynamic Evolution Warfare was always a question of Threats vs. SMiShing Goes Mainstream All About APPS! 15B, 6B Downloads de Apps do itunes store e do Android Market, respectively EXPLOSIVE Grouth! 550K Activações de Dispositivos Android TODOS os dias. Cyber Defense Cyber Warfare Clickzkrieg Source: Symantec (2011) Technology and Maneuver interact to speed up the pace of Conflicts 9 10 Military Cyber Impact: 4+1 Paradigm 12 2
Cyber Threats are here to stay... Cyber Attacks: China, USA, Israel, Palestina, Estónia, Georgia, Radio Free Europe, Kyrgyzstão Armed Forces (20-30 Countries) with Cyber Warfare Units (Soriano, Mar11) Events: Estonia Cyber Attack (April/May 2007); Georgia Invasion (August 2009); US Cyber Command (IOC: May10, FOC: Nov10) Cyber Arms (Stuxnet 2011; Flame 2012; etc. ) Documents: NATO Cyber Defence Concept (2007) NATO Strategic Concept 2010 (Lisboa, 18-19 Nov 2010) NATO Cyber Defence Policy and Action Plan (2011) Cyber and Cyber Defence Strategies 13 Global Risks 2013 Cyber Impact Global Risks 2013 Cyberspace is a Global Risk! Fonte: WEF, Global Risks Report 2013 Fonte: WEF, Global Risks Report 2013 15 16 Cyber Threats: Value Preposition Low Risk High Benefit! High Exposure of most Countries (including Portugal) 17 18 3
LAW ENFORCEMENT LAW ENFORCEMENT INTELLIGENCE AGENCIES INTELLIGENCE AGENCIES ARMED FORCES 11-09-2013 Fonte:Lino Santos, Rogério Bravo e Paulo Viegas Nunes (2012), Social Risk : What can we do about it? Protection and Defense of NII Relevant Questions 19 20 Cyber vs Cyber Defense How to Articulate Different Operational Domains? PT CYBER SECURITY GLOBAL CYBER SECURITY CYBER DEFENSE (Computer Network Operations - CNO) Defense and Missions Cyberspace Global (Common) Cyberspace Simple Protection Individual and Organizational Mitigation Measures Evidence Colletion Alerts Criminal Prossecution Mitigation Measures Evidence Colletion Alerts Crisis Management Mitigation Measures Evidence Colletion Alerts Defence PROTECÇÃO DO CIBERESPAÇO: Visão Analítica 21 22 Cyber and Cyber Defense: One House, several Pillars Missão Crisis Management Objectivos Policy and Strategic Orientation NATIONAL CERTS NETWORK (Civil and Military) NATIONAL AND INTERNACIONAL COOPERATION (Civil and Military) 23 23 4
Information Assurance: NATO Vision NATO Cyber Defence Policy: Cyber Attacks Response INFORMATION ASSURANCE CYBER DEFENSE INFOSEC Political/Strategic Level NATO Cyber Defence Management Board (NATO HQ, BI-SCs, NCSA, NC3A, ACOS CIS&INT) CD Coordination and Support Centre NCIRC CC + CD Threat Assessment Cell (NOS & NHQC3S NATO HQ) Support Request NATIONS Cyber Defence Capability Framework Document (Ver.2-28Feb11) Computer Network Operations (CNO) Computer Computer Computer Network Network Network Attack Defence Exploitation (CNA) CYBER DEFENSE = CNO+ (COMPUSEC) (CND) (CNE) Information (INFOSEC) Communications (COMSEC) Computer (COMPUSEC) Operational Level Tactical Level NCIRC Technical Centre (FOC) (NCSA/NIATC, Mons, Belgium) Rapid Reaction Team NATO Computer Networks (~70.000 computers in 58 Locations in 30 Countries ) 25 25 CERT (Cyber Defense) NATO Cyber Defence Concept 26 Cyber : NATO vs Model CNC Operational View: Principles Planning and Coordenation 1 Policy Strategic direction level liaison Cyber Coordination Centre Counsel Crisis Management NOS/NC3Staff SIMPLE MULTIPURPOSE to face all kinds of attacks (different level of threats); FLEXIBLE CERT services Operational IDS Management Management 2 Vulnerability Management Scientific services Users 3 Local INFOSEC management NCIRC Technical Centre Cyber Centre Incidents Response NITC / NCSA Users NATO CIS Citizens, Enterprises, Operating Organizations Authorities All NATO HQs and Agencies 27 27 to be easily understood, eliminate malfunctions and promote an efficient inter-ministerial coordination. COMPATIBLE to be interoperable with systems of allied countries and organizations that Portugal is part of (NATO, EU and UN...); Cyber Structure COMPLEMENTARY to ensure a more comprehensive and complete response as possible, integrating more areas and sectors concerning the Cybersecurity. to adapt and cope with threat scenarios dynamics SCALABLE to provide a gradual response, proportionally applying resources to the situation requirements (be more efficient) 28 Conceptual Model : vs International Framework Cyber and Defence Value Chain Political Level Government of Portugal Supporting Activities Human Resources Management Strategic Level Conselho Nacional de Segurança e Defesa (...) Cyber Counsel International EU CIIP EFMS (...) Finantial Resourses Management Specific Legislation and Norms Education & Courses Doctrine & Training Research & Development Primary Activities and Defense of Cyberspace Armed Forces Operational Level Rede de CISRT Academia Indústria Cyber Centre International EGP FIRST EU CIIP E3PR Development and Management of Competencies and Skills Information Cyber Cyberspace Operations (CNO) Synergies International Cooperation 29 30 5
Strategic Approach: From Vision to Action Interests Principles and Strategic Goals FROM VISION TO ACTION Aim Objectives Measures (Level of Ambition) Promote and Reinforce Strategic Potential 31 33 Cyber Strategy: Aim, Objectives and Measures Conclusions Aim Information Assurance Secure and efficient use of Cyberspace; Protection and Defense of Critical Information Infrastructure Information and Cyber Defense Objectives Secure use of Cyberspace (Generate and Protect Value) Reinforce Cyber of Critical Infraestruturas (Reduce Social Risk) Defend Interests and Freedom of Action in Cyberspace (Reaffirm Identity and Defend Sovereignty) Measures Analyse Information environment and anticipate attacks; Detect and block attacks, alert and support potential victims; Enhance R&D to promote technological independence; Adapt Legal framework and fight Cybercrime; Develop international cooperation initiatives Communicate, raise awareness and inform citizens Reinforce Governmental Networks ICT ; Reinforce Government and Critical Infrastructures IS (Resilience and Survival); Knowledge and Information Society initiatives; Protect and Defend E-Gov; Cyber and Cyber Defense Structures; Synergies and International Cooperation Cyberspace is not limited: individual/collective; public/private; civil / military or national / international (Networked Society); Cyberspace is a high priority strategic domain where national values and interests must be defended (non negotiable); Building a national digital future requires a Cyber Strategy Legal Framework, doctrine, governance/organization and means to implement a Cyber Strategy Clarify Cyber vs. Cyber Defense concepts Cyber and Cyber Defense are mandatory for Information Age Societies NATO and EU Directives 34 35 Cyber Defence and Work for a lot of worker bees Questions? Thank You! 6