itu regional workshop...many threats cyber criminals, hacktivists,terrorists, state-sponsored,...
TRANSCRIPT
Itu regional workshop "KeyAspectsofCybersecurityintheContextofInternetofThings(IoT)“
NataliaSPINU
18September,2017 Tashkent,Uzbekistan
1. INTRODUCTION
2. Moldovan public policy on cybersecurity
3. RECOMMENDATIONS
AGENDA
Introduction
WHYTHISMATTERSTOYOU
Growing space with rapid expansion
§ Acrossallsectors:individuals,commerce,governments
§ Growingpervasivenessineverythingwedo
Many threats § Cybercriminals,hacktivists, terrorists,state-sponsored,hackers,amateurs,insiders,trustedpartnersandmanyother
Cyber Security is an unclear concept
§ Considerableuncertainty,broadscope,andever-changingdimensions
§ Cybersecuritydefinitionsvarywidelyandlacktrueconformity
Cyber is a chaotic and ungoverned environment
§ Increasingtensionbetweengovernments,individuals,privateenterprises,commence.
§ Whatiscyberdefense?
Early stages of cyber expansion
§ Technologicaladvancement
§ Fastandintensecompetition
§ Anuncertainfutureofthecyberdomain,theinternetandmore
Government roles increasing in number and importance
THECYBERSECURITYCHALLENGE…When…
In the Cyber world, security was an
afterthought
Innovation is constant, and highly
unpredictable
The Cyber world lacks a single central cyber
architect
The Cyber world is not static but constantly
evolving
The Cyber world is a system of insecure
systems
WHY?3)ComplexTrustrelationshipsbetweencyberdomains
Cyber security affects every person who
§ Whoisnotconnectedinsomeway?
§ Usesasmartphone,computer,automatedbanking,GPS,andmodernmedicine
§ Rapidexpansion.TheInternetofThings….
§ Machinetomachineinteraction
Trust is foundational
Howdoorganizationsfindtherightbalanceoftrust,transparency,andprivacy?
HOWEVER,WHATDOWEKNOWABOUTCYBERSPACE?
Globally connected Contested environment
Mostly in private hands
Great deal of anonymity
Changing environment
New form of warfare?
“FifthDomain”
Moldovan public policy on cybersecurity
DIGITALCONTEXT
ICTcontributes~10%ofGDP:§ 153ITcompanies;§ 7majorISPs;§ 3mobileoperators;
Internetpenetration:§ Overall- 50%;§ Broadband– 11%;§ Since2010someISPs
offer100/100Mbitfor250MDL(~13USD);
Mobilepenetration–110%:§ Highspeed3Ginternet
accesssince2008,3.5Gsince2010,4Gsince2012;
DIGITAL
CONTEXT
GuvernamentalServices§ 522available§ 125areelectronic
Infrastructure:§ Fiberlinkto99%oflocalities,lastmileisEthernet;
§ Separate100Mbpsdarkfibernetworkservingcentralpublicadministration
EVOLUTIONofMoldovanPublicPolicyonCybersecurity
2007:§LawNo.241of15.11.2007“onelectroniccommunications”
2009:§ LawNo.20of
03.02.2009“onpreventingandcombatingcybercrime”
2010:§ Government
DecisionNo.746of2010"OntheapprovaloftheupdatedIndividualPartnershipActionPlantheRepublicofMoldova- NATO"
2013:§GovernmentdecisionNo.857of31.10.2013“NationalStrategyforinformationsocietydevelopment'DigitalMoldova2020'”
2015:§ Government
Decision№811of29.10.2015“NationalProgrammeonCyberSecurity”
1 2 3 4 5
DUALISMOF DEVELOPMENTVECTORSofMoldovanPublicPolicyonCybersecurity
Accessandinfrastructure
Digitalcontentandelectronicservices
Capacitiesandutilization
Internationalcooperation
Education,and
continuousawareness
Strengtheningcyberdefensecapacities
Preventingand
combatingcybercrime
Creationofcybersecurity
incidentresponseteamat
nationallevel
Securityandintegrityofelectronic
communicationsnetworksandservices
Safedataprocessing,storageandaccess,
21 “Digital Moldova 2020”NATIONAL PROGRAM
ON CYBER SECURITY 2016 – 2020
OVERALLOBJECTIVE:Tocreatesecureenvironmentfor
developmentofinformationsociety
GOAL:Tocreateandimplementnationalcybersecuritymanagement
system
KEYASPECTSofMoldovanPublicPolicyonCybersecurity
INTERNATIONAL
COOPERATION
CYBER
SECURITY
INTERNATIONALCOOPERATIONMostactivecooperationpartnersofMoldovaoncybersecurity
International organizationsInternationalTelecommunicationUnionOrganizationforSecurityandCo-operationinEuropeNorthAtlanticTreatyOrganizationUnitedStatesAgencyforInternationalDevelopmentCouncilofEuropeRegionalCommonwealth inthefieldofCommunications
States and unionsEuropeanUnion
UnitedStatesSouthKorea
Estonia International CYBERSEC
URITYCOOPERAT
IONCybersecurity
CommunityCSIRTsandCSIRT
communitiesSpecializedorganizations
PrivatecompaniesIndependentexperts
Insufficiency of international cooperation in identifying risks, vulnerabilities, other events occurring in the world cyberspace, and preventing cross-border cyber threats and attacks.
NationalProgramme onCyberSecurityGovernmentDecision№ 811of29.10.2015
MAINCHALLENGE
INTERNATIONALCOOPERATIONApprovedcourseofactions
Strengthening cooperation with international CSIRTs
Signingcooperationagreements withUS-CERT,NCERTandother CSIRTS
Creationofplatformforinternationalconsultationandcoordinationoncyberthreats
Development of capacities for technical interaction
Establishingofcontactpoints,organisation ofregularmeetings
Development of Public-Private Cooperation
PromotionofnationalinterestsatinternationalarenaPromotion of national
interests at international arena
Development ofcooperation with(ISC)2,ISACA,SANSandother institutions
Strengthening cooperation between national universities
and leadingEDUCATIONAL companies
(1)Citizenarenotconsciousthattheirelectronicdevicesmightbealreadyhacked§ “Inspiteofabignumberofcybersecurity victims,onlyafewcitizenareconsciousthattheirelectronicdevices(mobilephones,tablets,notebooks,computers,etc.)mightbecompromisedbycyberattacksthroughtheInternet.Thatfactsignificantlycontributestothegrowofcybercrimesexploitingthevulnerabilityofhumancharacter.”(NationalProgramonCybersecurity)
(2)Lackofcontinuouseducationandawarenessincybersecurityarea
EDUCATIONANDCONTINUOUSAWARENESSCoreproblems
EDUCATIONANDCONTINUOUSAWARENESS
Awareness campaigns
Educational curriculum
Awareness portal
Competence requirements
Cybersecurity trainings
Cybersecurity laboratory
Developmentofawarenessintheregardofexistingrisksofcyberspace
Augmentationofcybersecurityeducationalcurriculum
Creationofawarenessportalforinformingaboutcurrentcyberthreats
AdoptionoftherequirementstothecompetenceofemployeesincybersecuritydomainbothinprivateandpublicsectorsOrganizationandimplementationoftrainingsandworkshopsoncybersecurityforpublicandprivatepersonnel,holdersofcriticalinfrastructure
Creationofcybersecuritylaboratory
Policyplan
EDUCATIONANDCONTINUOUSAWARENESSPolicyimplementationachievements.Cybersecuritytrainings
JointeducationalactivitiessupportedbyEU
POLICYIMPLEMENTATIONACHIEVEMENTS
State-OF-art
Technology
Advanced Cyber
training capacities
Through red/blue
team exercises
Located at Technical University of moldova
Operational since 6th
oct 2016
Supported by Nato
RECOMMENDATIONS
RECOMMENDATIONSTipsforImplementingaCybersecurityProgram
FOCUSONCRITICALINFORMATION Whateffectdoesanattackonyourbusinesshaveandwhatcanbedoneaboutit?
EVALUATEACYBERINCIDENTRESPONSEPLAN
Whatvulnerabilitieshavebeenidentifiedandhowhavetheybeenresolved?
LOOKOVERTHEBUDGET Isthecybersecuritybudgetbeingusedappropriately?
BEINFORMEDABOUTKEYRISKINDICATORS
Doyouknowenoughaboutdefence,monitoring,riskanddataprotection?
WORKWITHINTERNALANDEXTERNALSPECIALISTS
Areyouconstantlybeingbriefedonnewdevelopmentsintechnologyandcybersecurity?
FOLLOWTHESAFTEYRULESOFEXTERNALPROVIDERS
Whataretheprivacyandsecuritypoliciesofexternalproviders?Dotheymeetyourrequirements?
COMPLYWITHLAWS/REGULATIONSFORCYBERSECURITY
Areyoukeepingup-to-datewiththelatestcyberthreatsandnewlaws?
RECOMMENDATIONSTipsfordealingwithchallenges
Changethemassculture
Keepthecyberstrategyinmind
Allocateresourcesandbudgets
Understandtheinfluenceofnewlyemergedcyber
threats
Ensureeffectivenationalandinternationalcollaboration
CHALLENGES
