• Like
CTO-CyberSecurityForum-2010-Anders Johanson
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.

CTO-CyberSecurityForum-2010-Anders Johanson



Published in Technology , Business
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads


Total Views
On SlideShare
From Embeds
Number of Embeds



Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

    No notes for slide
  • When working with measures to improve redundancy and flexibility of networks for electronic communications, the following four circumstances must be considered: Places that are highly likely to be affected by disruptions. It is reasonable that work is done where disruptions in extraordinary situations will have the greatest probability of occurring. Certain parts of Sweden are for example more vulnerable to extreme weather, certain places may be more interesting as targets of sabotage and terrorism. Vulnerable functions. Certain functions of electronic communications systems are more central for the function of the systems. Needs for functions vital to society. The presence of functions vital to society can justify special work with redundancy. This may involve operations that are important at a local, regional or national level. Number of subscribers affected. In order to limit strain on society it is important that as few people as possible are affected in the event of disruptions and interruptions.
  • Och så här ser det ut när man zoomar in sig i kartan (3 och Telia kommer att dema senare under dagen) Vår lösning har klarat tre stora stormar med bravur, det som är svårast är faktiskt att sätta prognosen på när felen ska vara åtgärdade. Vi hade ett stort fel i våras då nästan 40 000 kunder försökte gå in på sidan samtidigt…det klarade den inte…nu är lösningen uppgraderad. Vår Again this year we have had to deal with three winter storms, one of them was really big and… I´m proud to tell you that now a big storm is not a big deal for us to handle at the NMC. In November 2007, TeliaSonera was the first operator in Sweden and in the world, to launch an interactive web application for Public Operational Information based on mobile coverage outage. The solution was developed by Cell Vision. And as I said in the beginning we are joint finalist in the Excellence Awards 2008 with this solution. As we are very satisfied with earlier solutions from cell Visian and also very satisfied with our cooperation with them, we have been partners since 2003… It was naturally for us to chose Cellvision also when developing this solution This is the startside on the web. Here the customer sees a map of sweden showing telias normal coverage in green. The white areas are not covered yet… You can zoom by clicking the map or by chose for a city or adress In zoomed map the user can view: KLICL… The solution also displays disturbances due to planned work. These planned disturbances are displayed 4 days in advance. As I said, we have used it in three storms this year with very good results…..and for normal daily disturbances we have only good experiences so far and a high customer satisfaction. Approx. 10,000 visits/week on the website (hit rate, not clicks nor unique visitors) With self care solutions like this one, our customers can: … .have an instant overview of disturbances in their region caused by faults or by planned work: … . emergency services will know where the public can dial 112 ( they use this service daily to see where Telia’s disturbances are) Result: fewer errands for the Operational Centre to handle for emergency services … during bad weather electricity companies use this service to see where they can send their crew without risk of losing communication Result: Telia get a better service from electricity companies when they can plan their work in a better way
  • Säkra upp tid
  • In 2006, the Government assigned PTS to submit proposals on a strategy to improve Internet Security in Sweden. The aim of the strategy is to facilitate and clarify future work to secure the infrastructure of the Internet in Sweden, and is directed at those parts of the infrastructure that are unique to the Internet. The strategy does not address content on the Internet. The goal of the strategy is to secure critical functions in the Internet infrastructure that, if not maintained, would cause substantial disruption or interruption and in this way impede or prevent the use of the Internet for large groups of individual users or for vital public businesses, authorities or organisations. PTS proposed a strategy, an action plan, a designation of responsibility, and a management plan for the strategy. Eight strategic positions were adopted in the strategy. These positions are what PTS considers that Sweden should work with in the long-term, in order to secure the infrastructure of the Internet. Twenty-three actions were proposed in the action plan. These are a number of actions within the framework of the strategic positions adopted, showing the allocation of responsibility, level of importance, timeframe, and estimated cost for the respective measure. The management plan lays down the administrative rules concerning how the strategic positions adopted, and the action plan, should be attended to. PTS delivered the proposal in July 2006, and the strategy was confirmed by the Government in December 2006 as a National Strategy. PTS has just recently written a report to the Government on the progress of the action plan The strategy and the progress report are available in the English language.
  • The Swedish IT Incident Centre, SITIC, is a national function charged with supporting society in the areas of incident response and proactive measures. SITIC is the National Computer Emergency Response Team (National CERT) The main task for SITIC is to rapidly respond to incidents by advising and participating in the coordination of actions that are needed to remedy and mitigate incidents. Another assignment is to advise and support government agencies, regions, municipalities and the private sector, regarding proactive measures in the area of network security. SITIC is the national point of contact for international incident response cooperation and has an extensive international cooperation. It is an active member of the European Government CSIRT Group (EGC), which gathers the national and governmental Computer Security Incident Response Teams in Europe. SITIC is a member of FIRST, the Forum of Incident Response and Security Teams, and a member of the International Watch & Warning Network, IWWN. SITIC has developed network monitoring systems for collection and analysis of traffic data and malicious code, and has a 24/7 watch, warning, and response capability. SITIC was established in 2003 and its existence is e nacted as a law, with inclusion in the formal government instruction of the PTS.


  • 1. Cybersecurity Forum 2010 To ensure resilience and security in e-communication networks, a PPP challenge Sweden - Lessons learned Anders Johanson 2009-02-26
  • 2. Customer expectations
    • Resilient and secure e-communication
    • Limited failures, break downs
    • No privacy leakage
    • Service Level Agreements
  • 3. Societal expectations
    • Resilient and secure e-communication is critical to all activities in the society
    • Governements has to be concerned with CIIP
  • 4. The Swedish NRA - PTS
    • Is supervising SP:s on failures and privacy leakages
    • Facilitates PPP-projects
    • Performed 300 PPP-projects last 8 years
  • 5. Criteria to start PPP-projects
    • Functions that are highly likely to be affected by disruptions
    • Vulnerable functions
    • Needs for functions vital to society
    • Significant number of clients affected during significant time
  • 6. Ex. 1 National Telecommunications Coordination Group (NTCG)
    • NTCG supports the restoration of national infrastructures of e-communications during critical disturbances
    • NTCG - 8 largest Telcos and ISP:s, the leading distributor of radio & television, the national powergrid, the armed forces, PTS (chair)
    • NTCG compiles situational reports, act as advisor and can, when needed, co-ordinate operations in the field during crisis
    • NTCG conducts major exercises bi-anually
    • Letter of intent signed by CEO:s
  • 7. Ex. 2 MIMER –GIS Multipurpose Information Management and Exchange for Robustness
    • A GIS for crisis management and situational assessment for the e-communications sector
    • Technical platform for secure information exchange
    • Emergency Services interface
    • Public information dissemination component
    • EU-sponsored (EPCIP)
  • 8. ” Where” ” When” ” What, how and why” Which services etc 867513 Videotelefoni fungerar inte i området. Problem att ringa 3G-samtal och surfa med hög hastighet. Beräknad klartid 081103 kl 14.00
  • 9. Major SP:s inform publicly on disruptions in real- time
    • Mobilt Driftinformation Kundservice - Telia.se
  • 10. Option to show 10 at one time and/o, if more disturbances, to start paging function General information: Currently there are severe disturbances in broadband in X-county due to... … Id 1 Municipality Limited or no conn- 20070831;08.15 2007-08-31; 10.00 GSM, 3G, GPRS... in x-county ectivity in X due to… Id 2 Etc. Dist. ID Location Descr. and Cause Occurred Estimated end Affected service Customers affe. Cause is described with standard texts such as ”cable malfunction", ”equipment malfunction", ”maintenance work", ”or ”weather” Numbers of affected customers are stated only re fixed networks Clickable link, when clicking zoom is activated (and centers) map to disturbance. Map shows the hold disturbance. From zoom situation 1:50000 will each disturbance in the map be identifiable with marking in the map (where disturbance ID is shown). Free text: Descriptive text; Optional information Descriptive text does not need to have interactive link to list or map (Presentation of Map / GIS ) (Presentation of descriptive text) (Presentation of List) List automatically generated on the basis of what is shown in the map. The list is populated at scale 1:3 000000 (corresponding to Norrbottens County), i.e. from this scale may the list ”be activated” by the member. The list contains all disturbances present in current map MIMER II, Common Situation Awarenes GUI example 1: 3 000 000
  • 11. Ex 3 Major excercises
    • Bi-annual national electronic communications exercises
    • TELÖ-09 was the largest exercise in the e-communications sector to this date
    • Aim: strengthen crisis management capabilities within the sector, test NTCG and its capability to operate virtually, test the MIMER concept
    • Terrorism-scenario
  • 12. Ex. 4 National Portal for Cables and Pipes
  • 13. Network-owners registers information about his network in a database – existing/non-existing in a km-grid throughout the nation Power Grids Data- filtering Telco-networks Local Utilities Local Broadband Local Authorities Federal Networks Network information i stored in database only as ”existing/non-existing in every km-grid
  • 14. Databas Call center Power Grids Telco-networks Local Utilities Local Broadband Local Authorities Federal Networks Query In the portal, planned digging is outlined by contractor 1 Query is sent to database 2 Database confirms immediately that there are four network-owners in the area and that the contractor will receive information from relevant network-owners 3 Information is relayed to network-owners who have networks in relevant km-grid 4
  • 15. Database Call centre Power Grids Telco-networks Local Utilities Local Broadband Local Authorities Federal Networks Each network-owner will answer the contractor relevant to the respective networks topology Answers from network-owners
  • 16. Ex. 5 Strategy to Improve Internet Security
    • The aim of the strategy is to facilitate and clarify future work to secure the infrastructure of the Internet in Sweden
    • PTS proposed a strategy, an action plan, an allocation of responsibility, and a management plan for the strategy
    • 8 strategic positions were adopted in the strategy
    • 23 actions/measures were proposed in the action plan
    • The proposal is confirmed by the Government as a National Strategy
  • 17. Examples of Measures in the Action Plan
    • Promote the use of DNSSEC in name servers
    • Produce recommendations for more secure traffic exchange between Internet operators (BGP)
    • Provide the Internet operators with a legal possibility of impeding the dissemination of harmful traffic
    • Further develop operative international networks for incident management
    • Produce a co-ordinated continuity plan for the Internet infrastructure in Sweden
  • 18. Ex. 6 Swedish national CERT - SITIC
    • A national function, CERT, charged with supporting society in the areas of incident response and proactive measures.
    • SITIC rapidly responds to incidents by advising and participating in the coordination of actions needed to remedy and mitigate incidents.
    • SITIC advises and supports government agencies, regions, municipalities and the private sector, on proactive measures in the area of network security
    • SITIC is the national point of contact for international incident response cooperation.
  • 19.
    • The Wake up !
    • Orkan winds broke down local access lines and electric power lines (2005)
    • Recovery was difficult
    • Lack of co-op routines
    • Telcos became loosers in media
  • 20.
    • This gave a push to the National Telecom Co-ordination Group
    • Training and execises were impoved
    • A geografical information system was developed
    • -- Used by telcos to share disruption information
    • -- Public available by telcos on the web
  • 21. Lessons learned
    • Trust is fundamental
    • Facilitate proactive win-win projects
    • NRA can initiate and facilitate PPP
    • Competion in business -
    • -Partnership in promoting resilience and crises management
    • PTS stimulates - Service Providers act