Cybersecurity: Public Sector Threats and Responses


Published on

Presentation from Kim Andreasson, Managing Director, DAKA advisory AB in Indonesia Information Security Forum 2012

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Cybersecurity: Public Sector Threats and Responses

  1. 1. Cybersecurity:Public Sector Threats and ResponsesKim AndreassonManaging DirectorDAKA advisory ABIndonesiaInformation Security Forum (IISF)Hotel Hilton Bandung,10 October 2012
  2. 2. Presentation overview An introduction to cyber security in the public sector Cyber threats Public sector responses Steps towards a more resilient organizational cyber security strategy Conclusion
  3. 3. Understanding cyber security inthe public sectorA convergence of three trends:1. Globalization2. Connectivity3. E-government
  4. 4. 1. Globalization  ICTs contribute strongly to economic growth and better social outcomes  Benchmarking the information society is important in order for policy-makers to understand the factors behind it and how to achieve improved outcomes  Most benchmarks include a component of e-government
  5. 5. 2. Connectivity The world will go 120 114.2 from 2bn Internet 100 Mobil e s ubs cri pti ons : Devel oped countri es users in 2010 to Mobil e s ubs cri pti ons : 5bn in 2015 80 Devel opi ng countri es Per 100 inhabitants 70.1 An opportunity 60 to improve 40 service delivery 20 An opportunity 0 to leapfrog 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 The developed/developing country classifications are based on the UN M49, see: Source: ITU World Telecommunication /ICT Indicators database
  6. 6. 3. E-government Information and service delivery Transparency and accountability Link to broader development objectives Digital by default
  7. 7. 3.1. Supply of e-government Benchmarking global e-government development since 2003 to “inform and improve the understanding of policy makers’ choices to shape their e-government programs” (UN 2004) The survey measures “the willingness and capacity of countries to use online and mobile technology in the execution of government functions” (UN 2010)
  8. 8. 3.2. E-government progress
  9. 9. 3.3. Demand for e-government In 1990, the American tax authority, the IRS, said 4m people used online tax filing (the first year such service was available) In 2000, the number filing their taxes online had risen to 35m In 2010, 100m Americans used e-file
  10. 10. Enter cyber security An increase in usage means an increase in dependency About 75% of organizations suffer from a cyber attack every year Attacks can compromise trust in e-government
  11. 11. Categorizing cyber threats Politically motivated threats: cyber warfare, cyber terrorism, espionage and hacktivism Non-politically motivated threats: typically financially motivated, such as cyber crime, intellectual property theft, and fraud, but also hacking for fun or retribution, for example, from a disgruntled employee
  12. 12. Understanding cyber threats“When we first started this process… agencies didn’t know what they didn’t know.”-Karen S. Evans Administrator for E-Government and Information Technology in testimony before the House Committee on Homeland Security, February 28, 2008 What is the risk? Is there control? Can you live with the residual risk? What is your response plan when services become compromised?
  13. 13. Public sector responses The public sector is different as it must consider, for example: Tension between transparency and privacy Cost optimization; agencies often only seek to meet minimum standards Build closer relations with other stakeholders, including the private sector Key performance indicators (KPIs) But one thing remains the same: Cyber security is a global phenomenon and a challenge for every organization. It must be dealt with at all levels, from the international arena to the regional, national and local levels
  14. 14. Global cyber security agenda1. Legal measures2. Technical and procedural measures3. Organizational structures4. Capacity building5. International cooperation
  15. 15. The problem for organizationalcyber security People! According to the Data Breach Investigations Report from Verizon, an American telecommunications firm, 85% of confirmed cyber breaches were not considered very difficult and 96% were avoidable More work is needed to create and maintain comprehensive yet clearly communicated cyber security policies that are enforced
  16. 16. Steps towards a more resilientorganizational cyber securitystrategy1. Close the gap between IT and management2. Improve awareness and education3. Capture technology trends, including the move from e-government to m-government
  17. 17. Step #1: Close the gapbetween IT and management Assess underlying factor(s), e.g. user awareness based on an internal survey Translate results into KPIs, e.g. average user awareness Communicate key message to management, e.g. the meaning of score(s) and their importance related to other issue(s)
  18. 18. Step #2: Improve awarenessand education ICT skills divide Governments cannot go it alone; a role for the private sector and NGOsMake people SMART: Specific Measurable Attainable Relevant Time-bound
  19. 19. Step #3: Track trends, such asmobility New threats: from spam to spim and mobile malware New challenges: insecure wireless connections, missing (stolen) devices, data loss, “always on” connections Same answers: comprehensive and clearly communicated policies that are measurable
  20. 20. Conclusion:measure cyber security at all levels Compared with just a decade ago, governments have made significant progress in expanding ICT access But just as crime have always been part of history, cyber security is likely to continue well into the future, especially since the two are increasingly intertwined There is a demand for measurement at all levels in order to give policy-makers and public sector managers data, tools and benchmarks to better understand cyber security from a policy perspective and to communicate that message Every case is different, yet fundamentally the same
  21. 21. Thank