cyber security strategies and approaches
DESCRIPTION
Presentation by Symantec.TRANSCRIPT
1
Cyber Security Strategies and Approaches
Sue DaleyGovernment Relations Manager UK & Ireland
Presentation Identifier Goes Here 4
Given threat environment what response needed? 1
Outline of different approaches and strategies 2
Commonalities , best practices and lessons 3
What is Symantec seeing?
– US and EU leading thought leadership
– Connected nations realizing need to work across borders
– Legislators, regulators seeing IT security as horizontal issue
– Increasing recognition target is not just system but information
– Understanding that response must be operational, reactive and dynamic
So what’s the result?
• Various projects, initiatives, strategies, operational structures
•National
•Regional, multi‐national
•Public ‐ Private sector
• Symantec advised or involved at all levels
7
National Approach
… in the nineteenth
century we had to
secure the seas…and in
the twentieth century
we had to secure the air,
in the twenty first
century we also have to
secure our position in
cyber space...8
UK Approach
• Launched June 2009
1. Reduce risks to UK use’s of internet
2. Exploit opportunities – gather intelligence and intervene
3. Improve knowledge, capabilities and decision making – policies, governance
• Strategic leadership across government – coordination• 8 key work streams policy and regulatory issues awareness and culture changetechnical capabilities/R&D international engagement
• GCHQ, Cheltenham• Improve UK technical response to cyber incidents• Disseminate information on risks, attacks and coordinate
action
Thank you!
Copyright © 2010 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.
This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.
1
US 60 day Review….
• May 2009 ‐ “Assuring a trusted and resilient information and communications infrastructure”
• Builds on 2008 Comprehensive National Cyber security Initiative
• Since the review…
• Enhanced 2009 Cyber security Enhancement Act• Boost federal R&D, stimulate US workforce
• Estimated to give $396 million
• Cyber Storm Exercise Feb 2010 ‐ Symantec key partner
• Appointment Cyber Tsar
Presentation Identifier Goes Here 12
Cyber Security Tsar – Howard Schmidt • March 2010 key themes
PartnershipsTransparency
“ Transparency improves our collective knowledge and helps bind our partnerships together to form the most powerful cyber tools that we have”
Estonia
• September 2008 strategy
– graduated system of security measures
– Expertise development
– appropriate regulatory and legal framework
– international co‐operation
– Awareness raising
• November 2009 NATO‐accredited Cooperative Cyber Defence Centre of Excellence (CCDCOE)
– Symantec and NATO memorandum of understanding
– Joint research project to promote cooperation on online threats
– Explore modus operandi of attackers
Presentation Identifier Goes Here 14
Singapore
• iN2015 Master Plan 2005 (3 years)
– Intelligent and trusted infocomm infrastructure
• Led by Infocomm Development Authority (IDA)
– Included National Infocomm Security committee
– formulates IT security policies
• Result of 2005 plan
– “enhanced overall security situational awareness”
• So 2nd Master plan launched 2008
“…first Master plan aimed largely at providing the public sector with measures to counter infocomm security threats, the second Masterplan will expand on that and engage both the public and private sectors “
Presentation Identifier Goes Here 15
Presentation Identifier Goes Here 16
Emerging technologies
Threats
International Relations
StandardsR&D
Industry
Users
Practioners
Cyber Watch Centre (CWC)
Creation of SISTA
Cyber Security Awareness Alliance
•Association of Security Professionals (AiSP) Meridan process -
CIIP trust building
CERT-to-CERT
National Infocomm security Scholarship
Singapore next steps…
• Singapore Infocomm Technology Security Authority (SITSA)
– Created Oct 2009
– Safeguard Singapore against IT Security Threats
– Develop, execute contingency operations and plans
• Core Activities:
•Partnership Development
•Critical Information Infrastructure Protection
•Technology Development
•Planning, preparedness response
•cyber attack exercises
Presentation Identifier Goes Here 17
Presentation Identifier Goes Here 18
EU Approach
EU Approach • Interdependence of European Member State• Common shared approach to security needed
• Regulation and legislation role– European Cyber crime Convention ‐2001 – Framework Decision on attacks against information systems – 2005
– Commission Communication ‐ "Protecting Europe from large scale cyber‐attacks and disruptions” ‐ 20091.Preparedness and prevention2.Detection and response3.Mitigation and recovery4.International and EU wide cooperation
But its not just legislation only…
19
Thank you!
Copyright © 2010 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.
This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.
EU Working together
• Research and development—EU FP7 funding –WOMBAT ‐Worldwide Observatory of Malicious Behaviours and Attack Threats
–LOBSTER ‐ European broadband security
• Co‐operation, Collaboration, Partnership —ENISA – European Network Information Security Agency
—Critical Infrastructure Warning Information Network (CIWIN) project
—European Information Sharing and Alert System (EISAS)—CERTS
20
Thank you!
Copyright © 2010 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.
This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.
CERTS across Europe
Presentation Identifier Goes Here 22
Public – Private Sector Collaboration
Collaboration is key
• Up to 90% of critical infrastructure private sector operated
– Industry, government and law enforcers coming together
– Developing public, private partnerships and approaches
• Symantec’s involvement
– Joint deployment of security intelligence technologies
– Joint exercises – US Cyber storm, UK CWID, US IT‐ Information Sharing and Analysis Centre (ISAC)
– Joint research projects– EU FP7 , Wombat, Lobster, NATO Estonia centre
– Participation in expert groups, committees ‐ ENISA, UK IACG, UK Council for Child Safety, UK e‐Crime Reduction Partnership,
– Sponsoring events and conferences – UK IA09, Presentation Identifier Goes Here 23
Public Awareness and Culture Change
• Online security key to trust, take up and buy‐in of citizens • Industry can help by reaching public
Presentation Identifier Goes Here 24
Presentation Identifier Goes Here 25
CommonalitiesBest practicesLessons
Presentation Identifier Goes Here 26
Raising awareness and addressing culture change is key
Importance of international engagement
Information sharing and trusted networks are needed
Need for joint approach to protect society
Need to work with private sector partners
Recognition of interconnected nature of IT systems
Move from attack detection to prevention measures
Role of regulation and legislation
Lessons learnt ‐ Symantec’s top 5 to leave behind…
1. A holistic approach to security policy is required
• Move away from closed, nationally protected computer networks
• Understand moving threat environment
2. Real time awareness of threat landscape vital
• 24 – 7
• Information and intelligence is power
3. Both proactive and reactive capabilities needed
• Operational and technical
• Threat awareness and analysis based
• Technical expertise and skills neededPresentation Identifier Goes Here 27
Lessons learnt ‐ what is important
4. Collaboration and co‐operation at different levels is key
• Trusted environment, network, systems
• Secure information sharing structures
• Relationship, partner building
5. Technology is one part of the solution
• People, process, technology• Culture change
• Awareness raising
Presentation Identifier Goes Here 28
Thank you!
Copyright © 2010 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.
This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.
Presentation Identifier Goes Here 29
[email protected]+44 7809 492 490