Your SlideShare is downloading. ×

Why Government & Corporate Cyber Programmes are Failing

465

Published on

Why Government & Corporate Cyber Programmes are Failing by Dr. Frederick Wamala at c0c0n - International Cyber Security and Policing Conference http://is-ra.org/c0c0n/speakers.html …

Why Government & Corporate Cyber Programmes are Failing by Dr. Frederick Wamala at c0c0n - International Cyber Security and Policing Conference http://is-ra.org/c0c0n/speakers.html

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
465
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
31
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Why Government & CorporateCyber Programmes are failingDr. Frederick Wamala, CISSP®Trivandrum, Kerala, India, 3-4 August 2012 International Telecommunication Union
  • 2. Disclaimer – One for the Lawyers Opinions expressed here are mine. The view I express do not necessarily reflect those of any past or present employers and/or associates. All trademarks are the properties of their respective owners.© Dr. Frederick Wamala, CISSP® 2
  • 3. Quotation – Cybercrime “In fact, in my opinion, its the greatest transfer of wealth in history ... McAfee estimates that $1 trillion was spent globally under remediation. And thats our future disappearing in front of us.” – Gen. Keith Alexander, NSA/CYBERCOM© Dr. Frederick Wamala, CISSP® 3
  • 4. ITU Cybersecurity Strategy Guides© Dr. Frederick Wamala, CISSP® 4
  • 5. Cybersecurity Strategy Model© Dr. Frederick Wamala, CISSP® 5
  • 6. Cybersecurity Strategy ModelURL: http://www.itu.int/ITU-D/cyb/cybersecurity/strategies.html © Dr. Frederick Wamala, CISSP® 6
  • 7. Strategic Context© Dr. Frederick Wamala, CISSP® 7
  • 8. Critical Information Infrastructure (CII)© Dr. Frederick Wamala, CISSP® 8
  • 9. Privately-owned – Govt oversight?© Dr. Frederick Wamala, CISSP® 9
  • 10. © Dr. Frederick Wamala, CISSP® 10
  • 11. Focus on attack methods not Sources© Dr. Frederick Wamala, CISSP® 11
  • 12. Threat Assessment© Dr. Frederick Wamala, CISSP® 12
  • 13. Incomplete Threat Assessments Threat Sources and Threat Actors Capability  Level 1 – Opportunistic  Level 5 – Extremely capable and well resourced to carry out sophisticated attacks e.g. Flame Motivation  Level 0 – No interest in attacking a given system  Level 5 – An absolute priority of the actor to breach the security of a given system. Use all means e.g. Detailed research, bribery, coercion,© Dr. Frederick Wamala, CISSP® 13
  • 14. Failure to understand “Cybersecurity Ends”© Dr. Frederick Wamala, CISSP® 14
  • 15. Cybersecurity “Intensity of Interest” Cybersecurity is not JUST a technical issue Cyber attacks threat „vital‟ interests of States© Dr. Frederick Wamala, CISSP® 15
  • 16. India – Impact on Diplomatic Affairs “A portion of the recovered data included visa applications submitted to Indian diplomatic missions in Afghanistan. This data was voluntarily provided to the Indian missions by nationals of 13 countries as part of the regular visa application process.”© Dr. Frederick Wamala, CISSP® 16
  • 17. Gaps – Legal Measures© Dr. Frederick Wamala, CISSP® 17
  • 18. Cybercrime legislation coverage Criminalisation Substantive criminal law e.g. Unauthorised access to computer systems and networks Jurisdiction Procedure and law enforcement investigative measures Electronic evidence Liability of internet service providers International cooperation© Dr. Frederick Wamala, CISSP® 18
  • 19. Convention on Cybercrime – 2001 Criminalization International Cooperation Procedures Jurisdiction Criminalization Procedures Council of Europe Convention on Cybercrime Electronic evidence Jurisdiction Service Provider Liability International Cooperation© Dr. Frederick Wamala, CISSP® 19
  • 20. Commonwealth Legislation – 2002 International Cooperation Criminalization Jurisdiction Electronic evidence Criminalization Procedures Procedures Electronic evidence Commonwealth Model Legislation Jurisdiction Service Provider Liability International Cooperation© Dr. Frederick Wamala, CISSP® 20
  • 21. US – Joint Chief Lobby for Legislation© Dr. Frederick Wamala, CISSP® 21
  • 22. © Dr. Frederick Wamala, CISSP® 22
  • 23. Technical and Procedural Measures© Dr. Frederick Wamala, CISSP® 23
  • 24. Reactive – Subversion of Products© Dr. Frederick Wamala, CISSP® 24
  • 25. UK – Capacity to certify products© Dr. Frederick Wamala, CISSP® 25
  • 26. India – Comprehensive Approach© Dr. Frederick Wamala, CISSP® 26
  • 27. Gaps –OrganisationalStructures© Dr. Frederick Wamala, CISSP® 27
  • 28. India – National Cybersecurity Strategy MCIT/Departmental cybersecurity strategy Only CERT-In has a national cyber mandate Oversight: MCIT; Defence, Home Affairs, NSA© Dr. Frederick Wamala, CISSP® 28
  • 29. DHS vs. White House Czar mandates© Dr. Frederick Wamala, CISSP® 29
  • 30. US – NSA involvement questioned© Dr. Frederick Wamala, CISSP® 30
  • 31. Gaps – Capacity Building© Dr. Frederick Wamala, CISSP® 31
  • 32. Gaps – Cybersecurity Skills “India is regarded as an IT superpower but its record on IT security is not too brilliant. ... It does not have the required number of experts and professionals in cyber security.” – Dr. Arvind Gupta, IDSA, India, 27/06/2012© Dr. Frederick Wamala, CISSP® 32
  • 33. © Dr. Frederick Wamala, CISSP® 33
  • 34. UK – Intelligence not retaining staff© Dr. Frederick Wamala, CISSP® 34
  • 35. Gaps – International Cooperation© Dr. Frederick Wamala, CISSP® 35
  • 36. Russia rejects Convention© Dr. Frederick Wamala, CISSP® 36
  • 37. Convention – Article 32© Dr. Frederick Wamala, CISSP® 37
  • 38. EU and US wreck UN Treaty© Dr. Frederick Wamala, CISSP® 38
  • 39. Conclusion© Dr. Frederick Wamala, CISSP® 39
  • 40. © Dr. Frederick Wamala, CISSP® 40
  • 41. Questions? Dr. Frederick Wamala, CISSP® Cybersecurity Adviser – Strategic and Technical E-mail: f.wamala@efrivo.com Twitter: @DrWamala© Dr. Frederick Wamala, CISSP® 41

×