Your SlideShare is downloading. ×
CTO-Cybersecurity-2010-Dr. Martin Koyabe
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

CTO-Cybersecurity-2010-Dr. Martin Koyabe

698
views

Published on

Published in: Technology

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
698
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
21
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • Key point – understanding CII
  • Key point – understanding CII
  • Key point – Understand the two levels of security risks facing CII
  • Key point – Description of the global trends towards CIIP
  • Key point – Description of the global trends towards CIIP
  • Key point – Lack of financial investment in developing CIIP
  • Key point – Description of the global trends towards CIIP
  • Key point – Description of the global trends towards CIIP
  • Key point – Description of the global trends towards CIIP
  • Key point – Description of the global trends towards CIIP
  • Key point – Description of the global trends towards CIIP
  • Transcript

    • 1. Critical Information Infrastructure Protection: Threats & Challenges for Developing Countries Dr Martin Koyabe Security Futures Practice, BT Innovate & Design CTO, Cyber Security Forum, London,UK 17-18 th June 2010
    • 2. Basic Understanding of CII [1/2]
      • Critical Information Infrastructures (CII)
        • communications and/or information services whose availability, reliability and resilience are essential to the functioning of a modern economy
        • CII also includes:
          • telecommunications, power distribution, water supply, public health services, national defense, law enforcement, government services, and emergency services
    • 3. Basic Understanding of CII [2/2]
      • Critical Information Infrastructure Protection (CIIP)
        • Focuses on protection of IT systems and assets
          • Telecommunication, computers/software, Internet, Satellite, interconnected computers/networks (Internet) & services they provide
        • Ensures C onfidentiality, I ntegrity and A vailability
          • Required 27/4 (365 days)
          • Part of the daily modern economy and the existence of any country
      Confidentiality Integrity Availability
    • 4. Key levels of CII risks
      • Technical
        • Complexity and interdependencies
          • Increased dependencies  increased vulnerabilities
        • Trust relationships increasingly complex
        • End-to-End mitigation can be difficult
      • Actor
        • State-sponsored actors
        • Ideological and political extremist actors
        • Frustrated insiders/social-engineering
        • Organised criminal agents/individuals
          • Supported by underworld economy
    • 5. Global trends towards CIIP
      • Increased awareness for CIIP & cyber security
        • Countries aware that risks to CIIP need to be managed
          • Whether at National, Regional or International level
      • Cyber security & CIIP becoming essential tools
        • For supporting national security & social-economic well-being
      • At national level
        • Increased need to share responsibilities & co-ordination
          • Among stakeholders in prevention, preparation, response & recovery
      • At regional & international level
        • Increased need for co-operation & co-ordination with partners
          • In order to formulate and implement effective CIIP frameworks
    • 6. How about developed economies?
      • Key Cybersecurity threat(s) are diverse, but related
        • “ Established capable states...”
            • Source: UK Cyber Security Strategy [2009]
        • “ The role of nations in exploiting information networks...”
            • Source: US Cyberspace Policy Review [2009]
        • “ The dangers from IT crime, threat to government agencies...”
            • Source: Swedish Emergency Management Agency (SEMA) [2008]
        • “ Financial incentive for online criminal behaviour...”
            • Source: Towards a Belgian strategy on Information Security [2008]
    • 7. Challenges for developing countries
      • #1 : Cost and lack of (limited) financial investment
        • Economics for establishing a CIIP framework can be a hindrance
        • Limited human & institutional resources
    • 8. Challenges for developing countries
      • #2 : Technical complexity in deploying CIIP
        • Need to understand dependencies & interdependencies
          • Especially vulnerabilities & how they cascade
        • Lack of effective trust relationships among stakeholders
      Provides Technical & Policy assistance to member states
    • 9. Challenges for developing countries
      • #3 : Need for Cybersecurity education & culture re-think
        • Create awareness on importance of Cybersecurity & CIIP
          • By sharing information on what works & successful best practices
        • Creating a Cybersecurity culture can promote trust & confidence
          • It will stimulate secure usage, ensure protection of data and privacy
    • 10. Challenges for developing countries
      • #4 : Lack of relevant CII policies & legal framework
        • Needs Cybercrime legislation & enforcement mechanisms
        • Setup policies to encourage co-operation among stakeholders
          • Especially through Public-Private-Partnerships (PPP)
      • #5 : Lack of information sharing & knowledge transfer
        • It is important at ALL levels National, Regional & International
        • Necessary for developing trust relationships among stakeholders
          • Including CERT teams
    • 11. Future CII threat vectors
      • Expanding Infrastructures
        • Fiber optic connectivity
          • TEAMS/Seacom/EASSy
        • Mobile/Wireless Networks
          • Africa – accounts for 30% of ALL mobile phones in the world
      • Existence of failed states
        • Increased ship piracy
          • To fund other activities
        • Cyber warfare platforms
          • Doesn’t need troops or military hardware
      • Cyber communities
        • Social Networks – Attacker’s “gold mine”
    • 12. Summary
      • CIIP deployment in developing countries is working progress
        • Despite the challenges, there are also success stories too
          • E.g. TUNISIA (CERT/TCC)
      • CIIP/Cybersecurity is a 24/7 (365 days) business
        • It’s costly, but doing without it is even worse
      • Co-ordination & co-operation among stake holders is crucial
        • Encourages trust, knowledge sharing & skills transfer
      • Future threat vectors need our full attention
        • Dependencies & interdependencies will become more complex
    • 13. Q&A Session
      • Thank You
      • [email_address]
    • 14.