• Like
Cybersecurity: Public Sector Threats and Responses
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

Cybersecurity: Public Sector Threats and Responses

  • 856 views
Published

Presentation from Kim Andreasson, Managing Director, DAKA advisory AB in Indonesia Information Security Forum 2012

Presentation from Kim Andreasson, Managing Director, DAKA advisory AB in Indonesia Information Security Forum 2012

Published in Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
856
On SlideShare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
122
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Cybersecurity:Public Sector Threats and ResponsesKim AndreassonManaging DirectorDAKA advisory ABIndonesiaInformation Security Forum (IISF)Hotel Hilton Bandung,10 October 2012
  • 2. Presentation overview An introduction to cyber security in the public sector Cyber threats Public sector responses Steps towards a more resilient organizational cyber security strategy Conclusion
  • 3. Understanding cyber security inthe public sectorA convergence of three trends:1. Globalization2. Connectivity3. E-government
  • 4. 1. Globalization  ICTs contribute strongly to economic growth and better social outcomes  Benchmarking the information society is important in order for policy-makers to understand the factors behind it and how to achieve improved outcomes  Most benchmarks include a component of e-government
  • 5. 2. Connectivity The world will go 120 114.2 from 2bn Internet 100 Mobil e s ubs cri pti ons : Devel oped countri es users in 2010 to Mobil e s ubs cri pti ons : 5bn in 2015 80 Devel opi ng countri es Per 100 inhabitants 70.1 An opportunity 60 to improve 40 service delivery 20 An opportunity 0 to leapfrog 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 The developed/developing country classifications are based on the UN M49, see: http://www.itu.int/ITU-D/ict/definitions/regions/index.html Source: ITU World Telecommunication /ICT Indicators database
  • 6. 3. E-government Information and service delivery Transparency and accountability Link to broader development objectives Digital by default
  • 7. 3.1. Supply of e-government Benchmarking global e-government development since 2003 to “inform and improve the understanding of policy makers’ choices to shape their e-government programs” (UN 2004) The survey measures “the willingness and capacity of countries to use online and mobile technology in the execution of government functions” (UN 2010)
  • 8. 3.2. E-government progress http://www.archive.org
  • 9. 3.3. Demand for e-government In 1990, the American tax authority, the IRS, said 4m people used online tax filing (the first year such service was available) In 2000, the number filing their taxes online had risen to 35m In 2010, 100m Americans used e-file
  • 10. Enter cyber security An increase in usage means an increase in dependency About 75% of organizations suffer from a cyber attack every year Attacks can compromise trust in e-government
  • 11. Categorizing cyber threats Politically motivated threats: cyber warfare, cyber terrorism, espionage and hacktivism Non-politically motivated threats: typically financially motivated, such as cyber crime, intellectual property theft, and fraud, but also hacking for fun or retribution, for example, from a disgruntled employee
  • 12. Understanding cyber threats“When we first started this process… agencies didn’t know what they didn’t know.”-Karen S. Evans Administrator for E-Government and Information Technology in testimony before the House Committee on Homeland Security, February 28, 2008 What is the risk? Is there control? Can you live with the residual risk? What is your response plan when services become compromised?
  • 13. Public sector responses The public sector is different as it must consider, for example: Tension between transparency and privacy Cost optimization; agencies often only seek to meet minimum standards Build closer relations with other stakeholders, including the private sector Key performance indicators (KPIs) But one thing remains the same: Cyber security is a global phenomenon and a challenge for every organization. It must be dealt with at all levels, from the international arena to the regional, national and local levels
  • 14. Global cyber security agenda1. Legal measures2. Technical and procedural measures3. Organizational structures4. Capacity building5. International cooperation
  • 15. The problem for organizationalcyber security People! According to the Data Breach Investigations Report from Verizon, an American telecommunications firm, 85% of confirmed cyber breaches were not considered very difficult and 96% were avoidable More work is needed to create and maintain comprehensive yet clearly communicated cyber security policies that are enforced
  • 16. Steps towards a more resilientorganizational cyber securitystrategy1. Close the gap between IT and management2. Improve awareness and education3. Capture technology trends, including the move from e-government to m-government
  • 17. Step #1: Close the gapbetween IT and management Assess underlying factor(s), e.g. user awareness based on an internal survey Translate results into KPIs, e.g. average user awareness Communicate key message to management, e.g. the meaning of score(s) and their importance related to other issue(s)
  • 18. Step #2: Improve awarenessand education ICT skills divide Governments cannot go it alone; a role for the private sector and NGOsMake people SMART: Specific Measurable Attainable Relevant Time-bound
  • 19. Step #3: Track trends, such asmobility New threats: from spam to spim and mobile malware New challenges: insecure wireless connections, missing (stolen) devices, data loss, “always on” connections Same answers: comprehensive and clearly communicated policies that are measurable
  • 20. Conclusion:measure cyber security at all levels Compared with just a decade ago, governments have made significant progress in expanding ICT access But just as crime have always been part of history, cyber security is likely to continue well into the future, especially since the two are increasingly intertwined There is a demand for measurement at all levels in order to give policy-makers and public sector managers data, tools and benchmarks to better understand cyber security from a policy perspective and to communicate that message Every case is different, yet fundamentally the same
  • 21. Thank youwww.DAKAADVISORY.com