cyber security strategies and approaches

1

Cyber Security Strategies and Approaches

Sue DaleyGovernment Relations Manager UK & Ireland

Presentation Identifier Goes Here 4

Given threat environment what response needed? 1

Outline of different approaches and strategies 2

Commonalities , best practices and lessons 3

What is Symantec seeing?

– US and EU leading thought leadership

– Connected nations realizing need to work across borders

– Legislators, regulators seeing IT security as horizontal issue

– Increasing recognition target is not just system but information

– Understanding that response must be operational, reactive and dynamic

So what’s the result?

• Various projects, initiatives, strategies, operational structures

•National

•Regional, multi‐national

•Public ‐ Private sector

• Symantec advised or involved at all levels

7

National Approach

… in the nineteenth

century we had to

secure the seas…and in

the twentieth century

we had to secure the air,

in the twenty first

century we also have to

secure our position in

cyber space...8

UK Approach

• Launched June 2009

1. Reduce risks to UK use’s of internet

2. Exploit opportunities – gather intelligence and intervene

3. Improve knowledge, capabilities and decision making – policies, governance

• Strategic leadership across government – coordination• 8 key work streams policy and regulatory issues awareness and culture changetechnical capabilities/R&D international engagement

• GCHQ, Cheltenham• Improve UK technical response to cyber incidents• Disseminate information on risks, attacks and coordinate

action

Thank you!

Copyright © 2010 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.

This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.

1

US 60 day Review….

• May 2009 ‐ “Assuring a trusted and resilient information and communications infrastructure”

• Builds on 2008 Comprehensive National Cyber security Initiative

• Since the review…

• Enhanced 2009 Cyber security Enhancement Act• Boost federal R&D, stimulate US workforce

• Estimated to give $396 million

• Cyber Storm Exercise Feb 2010 ‐ Symantec key partner

• Appointment Cyber Tsar


Cyber Security Tsar – Howard Schmidt • March 2010 key themes

PartnershipsTransparency

“ Transparency improves our collective knowledge and helps bind our partnerships together to form the most powerful cyber tools that we have”

Estonia

• September 2008 strategy

– graduated system of security measures

– Expertise development

– appropriate regulatory and legal framework

– international co‐operation

– Awareness raising

• November 2009 NATO‐accredited Cooperative Cyber Defence Centre of Excellence (CCDCOE)

– Symantec and NATO memorandum of understanding

– Joint research project to promote cooperation on online threats

– Explore modus operandi of attackers


Singapore

• iN2015 Master Plan 2005 (3 years)

– Intelligent and trusted infocomm infrastructure

• Led by Infocomm Development Authority (IDA)

– Included National Infocomm Security committee

– formulates IT security policies

• Result of 2005 plan

– “enhanced overall security situational awareness”

• So 2nd Master plan launched 2008

“…first Master plan aimed largely at providing the public sector with measures to counter infocomm security threats, the second Masterplan will expand on that and engage both the public and private sectors “



Emerging technologies

Threats

International Relations

StandardsR&D

Industry

Users

Practioners

Cyber Watch Centre (CWC)

Creation of SISTA

Cyber Security Awareness Alliance

•Association of Security Professionals (AiSP) Meridan process -

CIIP trust building

CERT-to-CERT

National Infocomm security Scholarship

Singapore next steps…

• Singapore Infocomm Technology Security Authority (SITSA)

– Created Oct 2009

– Safeguard Singapore against IT Security Threats

– Develop, execute contingency operations and plans

• Core Activities:

•Partnership Development

•Critical Information Infrastructure Protection

•Technology Development

•Planning, preparedness response

•cyber attack exercises



EU Approach

EU Approach • Interdependence of European Member State• Common shared approach to security needed

• Regulation and legislation role– European Cyber crime Convention ‐2001 – Framework Decision on attacks against information systems – 2005

– Commission Communication ‐ "Protecting Europe from large scale cyber‐attacks and disruptions” ‐ 20091.Preparedness and prevention2.Detection and response3.Mitigation and recovery4.International and EU wide cooperation

But its not just legislation only…

19

Thank you!



EU Working together

• Research and development—EU FP7 funding –WOMBAT ‐Worldwide Observatory of Malicious Behaviours and Attack Threats

–LOBSTER ‐ European broadband security

• Co‐operation, Collaboration, Partnership —ENISA – European Network Information Security Agency

—Critical Infrastructure Warning Information Network (CIWIN) project

—European Information Sharing and Alert System (EISAS)—CERTS

20

Thank you!



CERTS across Europe


Public – Private Sector Collaboration

Collaboration is key

• Up to 90% of critical infrastructure private sector operated

– Industry, government and law enforcers coming together

– Developing public, private partnerships and approaches

• Symantec’s involvement

– Joint deployment of security intelligence technologies

– Joint exercises – US Cyber storm, UK CWID, US IT‐ Information Sharing and Analysis Centre (ISAC)

– Joint research projects– EU FP7 , Wombat, Lobster, NATO Estonia centre

– Participation in expert groups, committees ‐ ENISA, UK IACG, UK Council for Child Safety, UK e‐Crime Reduction Partnership,

– Sponsoring events and conferences – UK IA09, Presentation Identifier Goes Here 23

Public Awareness and Culture Change

• Online security key to trust, take up and buy‐in of citizens • Industry can help by reaching public



CommonalitiesBest practicesLessons


Raising awareness and addressing culture change is key

Importance of international engagement

Information sharing and trusted networks are needed

Need for joint approach to protect society

Need to work with private sector partners

Recognition of interconnected nature of IT systems

Move from attack detection to prevention measures

Role of regulation and legislation

Lessons learnt ‐ Symantec’s top 5 to leave behind…

1. A holistic approach to security policy is required

• Move away from closed, nationally protected computer networks

• Understand moving threat environment

2. Real time awareness of threat landscape vital

• 24 – 7

• Information and intelligence is power

3. Both proactive and reactive capabilities needed

• Operational and technical

• Threat awareness and analysis based

• Technical expertise and skills neededPresentation Identifier Goes Here 27

Lessons learnt ‐ what is important

4. Collaboration and co‐operation at different levels is key

• Trusted environment, network, systems

• Secure information sharing structures

• Relationship, partner building

5. Technology is one part of the solution

• People, process, technology• Culture change

• Awareness raising


Thank you!




[email protected]+44 7809 492 490

cyber security strategies and approaches

Documents

attacksandcoordinate

ukapproach launchedjune2009