SlideShare a Scribd company logo

Information Security Aspects of the Public Safety Data Interoperability Network

Blaz Ivanc
Blaz Ivanc

Major security incidents require cross-border cooperation with the national security authorities and other public safety agencies. The purpose of the REDIRNET (Emergency Responder Data Interoperability Network) consortium was to provide a true Europe-wide interoperability that is non-reliant on specific technology or proprietorial system. In a technical sense, the REDIRNET provides a communication solution for the exchange and sharing of information via voice, data, images, video, CCTV and remote sensors. In order to develop such capacity, it is necessary to ensure adequate security of the system and data protection.

Technology
1 of 13
Download to read offline
Information Security Aspects of the Public Safety Data Interoperability Network Blaž Ivanc blaz.ivanc@determinanta.si European Intelligence and Security Informatics Conference (EISIC) 2016 Session: Risk and crisis management, 18 August 2016, Uppsala, Sweden
INTRODUCTION › Major security incidents require cross-border cooperation › The purpose of the REDIRNET consortium is to provide a true Europe-wide interoperability that is non-reliant on specific technology or proprietorial system » REDIRNET will provide a communication solution for the exchange and sharing of information via voice, data, images, video, CCTV and remote sensors › REDIRNET achievements will be valued in the smart cities projects » The concept of a smart city controls key infrastructure and security aspects in order to ensure high security to the inhabitants » In order to develop such capacity, it is necessary to ensure adequate security of the system and data protection
PUBLIC SAFETY DATA INTEROPERABILITY AND INFORMATION SECURITY ASPECTS › The definition of interoperability in communication systems between different services for public protection and disaster relief » „capability of two organizations or discrete parts of the same organization to exchange decision-critical information and to use the information that has been exchanged“ › Challenges: » interoperability, broadband connectivity, lack of coverage, destroyed infrastructure and technological gaps with commercial technologies › Communication in the public safety agencies is slowly shifting from predominantly audio messages to media enriched broadband communication. » At the time of emergency response: sensitive voice information, videos, images, maps, data from different records …
› The range of approaches to address the security aspects » Security risks have been identified for each key component of the REDIRNET system already during the design. » The implemented security mechanisms and good practices correspond to the proposed risk mitigation strategies. » During security guidance, monitoring and system evaluation, we used a number of operational and technically specific approaches not explained in detail. • typical methods and techniques in the field of penetration testing • attack modeling (during the design and development) » We also produced several security documents intended for both developers and end-users. SECURITY ASPECTS IN THE DEVELOPMENT AND INTEGRATION OF THE REDIRNET SYSTEM
SECURITY ASPECTS IN THE DEVELOPMENT AND INTEGRATION OF THE REDIRNET SYSTEM › Security requirements of the REDIRNET system » It is necessary for agencies to have the ability to decide what resources should be shared or disclosed to their partners at any given moment. » Communication with and within the system must be secured and encrypted. » Even if the information is not classified (such as EU Sensitive) it cannot be transmitted over unprotected channels in plain text form. » Storage of all the data gathered by agencies should be encrypted and protected.
› System components based on high-level architecture design SECURITY ASPECTS IN THE DEVELOPMENT AND INTEGRATION OF THE REDIRNET SYSTEM
› Security overview of system components and security assessments » Overview of security mechanism for individual system component • REDIRNET Platform () • Main Switch • Core Data Storage • Ontology Services • Collaboration Web • Open-source Gateway • Plug-in(s) SECURITY ASPECTS IN THE DEVELOPMENT AND INTEGRATION OF THE REDIRNET SYSTEM
SECURITY ASPECTS IN THE DEVELOPMENT AND INTEGRATION OF THE REDIRNET SYSTEM › Checklist for assessing the security measures in place to protect the REDIRNET Platform implementation » REDIRNET Platform is a vital part of the REDIRNET, providing various infrastructure services to the system and hosts the core REDIRNET components. • Auditing • Privacy protection • Implementation and operation • Strong keys and cryptographic mechanisms • Infrastructure and operations ()
SECURITY ASPECTS IN THE DEVELOPMENT AND INTEGRATION OF THE REDIRNET SYSTEM › High-level security assessment of the REDIRNET system » ENISA technical guidelines - 25 security objectives in seven security domains: • Governance and risk management • Human resources security • Security of systems and facilities • Operations management • Incident management • Business continuity management • Monitoring, auditing and testing
CONCLUSION › The main approaches in addressing the security aspects of the REDIRNET system were presented › Major emergency responses require coordination between various public safety agencies in several countries » In this respect, concern for system security and data is crucial » Certain adjustments that will result from the subsequent coordination of a large number of integrations with the existing systems of public safety agencies are expected » Challenge: specific security „wishes“ of some end-users
Questions? Contact blaz.ivanc@determinanta.si https://si.linkedin.com/in/blazivanc

Recommended

Cybersecurity Summit AHR20 Protect Cimetrics
Cybersecurity Summit AHR20 Protect CimetricsCybersecurity Summit AHR20 Protect Cimetrics
Cybersecurity Summit AHR20 Protect CimetricsCimetrics Inc
 
Cyber Threat Intelligence Solution Demonstration
Cyber Threat Intelligence Solution DemonstrationCyber Threat Intelligence Solution Demonstration
Cyber Threat Intelligence Solution DemonstrationSurfWatch Labs
 
Security Meetup Scotland - August 2017 (Deconstructing SIEM)
Security Meetup Scotland - August 2017 (Deconstructing SIEM)Security Meetup Scotland - August 2017 (Deconstructing SIEM)
Security Meetup Scotland - August 2017 (Deconstructing SIEM)Harry McLaren
 
Cybersecurity Summit AHR20 Detect KMC
Cybersecurity Summit AHR20 Detect KMCCybersecurity Summit AHR20 Detect KMC
Cybersecurity Summit AHR20 Detect KMCCimetrics Inc
 
SurfWatch Labs Threat Intelligence Solution Demo
SurfWatch Labs Threat Intelligence Solution DemoSurfWatch Labs Threat Intelligence Solution Demo
SurfWatch Labs Threat Intelligence Solution DemoSurfWatch Labs
 
Fundamentals of threats and risk management course, cybersecurity
Fundamentals of threats and risk management course, cybersecurityFundamentals of threats and risk management course, cybersecurity
Fundamentals of threats and risk management course, cybersecurityTonex
 
Cloud security training, certified cloud security professional
Cloud security training, certified cloud security professionalCloud security training, certified cloud security professional
Cloud security training, certified cloud security professionalBryan Len
 
Lesson 1
Lesson 1Lesson 1
Lesson 1MLG College of Learning, Inc
 

Recommended

Cybersecurity Summit AHR20 Protect Cimetrics
Cybersecurity Summit AHR20 Protect CimetricsCybersecurity Summit AHR20 Protect Cimetrics
Cybersecurity Summit AHR20 Protect CimetricsCimetrics Inc
 
Cyber Threat Intelligence Solution Demonstration
Cyber Threat Intelligence Solution DemonstrationCyber Threat Intelligence Solution Demonstration
Cyber Threat Intelligence Solution DemonstrationSurfWatch Labs
 
Security Meetup Scotland - August 2017 (Deconstructing SIEM)
Security Meetup Scotland - August 2017 (Deconstructing SIEM)Security Meetup Scotland - August 2017 (Deconstructing SIEM)
Security Meetup Scotland - August 2017 (Deconstructing SIEM)Harry McLaren
 
Cybersecurity Summit AHR20 Detect KMC
Cybersecurity Summit AHR20 Detect KMCCybersecurity Summit AHR20 Detect KMC
Cybersecurity Summit AHR20 Detect KMCCimetrics Inc
 
SurfWatch Labs Threat Intelligence Solution Demo
SurfWatch Labs Threat Intelligence Solution DemoSurfWatch Labs Threat Intelligence Solution Demo
SurfWatch Labs Threat Intelligence Solution DemoSurfWatch Labs
 
Fundamentals of threats and risk management course, cybersecurity
Fundamentals of threats and risk management course, cybersecurityFundamentals of threats and risk management course, cybersecurity
Fundamentals of threats and risk management course, cybersecurityTonex
 
Cloud security training, certified cloud security professional
Cloud security training, certified cloud security professionalCloud security training, certified cloud security professional
Cloud security training, certified cloud security professionalBryan Len
 
Lesson 1
Lesson 1Lesson 1
Lesson 1MLG College of Learning, Inc
 
Itir oct0714-network security-en
Itir oct0714-network security-enItir oct0714-network security-en
Itir oct0714-network security-enKBIZEAU
 
Next-Generation SIEM: Delivered from the Cloud
Next-Generation SIEM: Delivered from the Cloud Next-Generation SIEM: Delivered from the Cloud
Next-Generation SIEM: Delivered from the Cloud Alert Logic
 
Cybersecurity Summit 2020 Slide Deck
Cybersecurity Summit 2020 Slide DeckCybersecurity Summit 2020 Slide Deck
Cybersecurity Summit 2020 Slide DeckCimetrics Inc
 
Skybox security
Skybox security Skybox security
Skybox security Alejandro Cadarso
 
Selex ES at Le Bourget 2013 Cyber Security Seminar-Alessandro Menna
Selex ES at Le Bourget 2013 Cyber Security Seminar-Alessandro Menna Selex ES at Le Bourget 2013 Cyber Security Seminar-Alessandro Menna
Selex ES at Le Bourget 2013 Cyber Security Seminar-Alessandro Menna Leonardo
 
Cybersecurity Summit AHR20 Recover Tridium
Cybersecurity Summit AHR20 Recover TridiumCybersecurity Summit AHR20 Recover Tridium
Cybersecurity Summit AHR20 Recover TridiumCimetrics Inc
 
Every cloud cloud risk assessment 2018
Every cloud cloud risk assessment 2018Every cloud cloud risk assessment 2018
Every cloud cloud risk assessment 2018soniamcpherson11
 
Sect r35 b
Sect r35 bSect r35 b
Sect r35 bSelectedPresentations
 
Distributed Ledger PKI Risk Management Framework, Rob Campbell
Distributed Ledger PKI Risk Management Framework, Rob CampbellDistributed Ledger PKI Risk Management Framework, Rob Campbell
Distributed Ledger PKI Risk Management Framework, Rob CampbellNapier University
 
Lesson 1- Intrusion Detection
Lesson 1- Intrusion DetectionLesson 1- Intrusion Detection
Lesson 1- Intrusion DetectionMLG College of Learning, Inc
 
SocialUniversity:How Do Universities Use Social Media? An Empirical Survey of...
SocialUniversity:How Do Universities Use Social Media? An Empirical Survey of...SocialUniversity:How Do Universities Use Social Media? An Empirical Survey of...
SocialUniversity:How Do Universities Use Social Media? An Empirical Survey of...Danube University Krems, Centre for E-Governance
 
Lesson 1- Risk Managment
Lesson 1- Risk ManagmentLesson 1- Risk Managment
Lesson 1- Risk ManagmentMLG College of Learning, Inc
 
Lesson 2
Lesson 2Lesson 2
Lesson 2MLG College of Learning, Inc
 
Lesson 3
Lesson 3Lesson 3
Lesson 3MLG College of Learning, Inc
 
NTXISSACSC2 - Software Assurance (SwA) by John Whited
NTXISSACSC2 - Software Assurance (SwA) by John WhitedNTXISSACSC2 - Software Assurance (SwA) by John Whited
NTXISSACSC2 - Software Assurance (SwA) by John WhitedNorth Texas Chapter of the ISSA
 
How to Comply with NIST 800-171
How to Comply with NIST 800-171How to Comply with NIST 800-171
How to Comply with NIST 800-171Corserva
 
Infosec 2014: Finding and Understanding the Risk Impact of Firewall Changes
Infosec 2014: Finding and Understanding the Risk Impact of Firewall ChangesInfosec 2014: Finding and Understanding the Risk Impact of Firewall Changes
Infosec 2014: Finding and Understanding the Risk Impact of Firewall ChangesSkybox Security
 
Information and network security 8 security mechanisms
Information and network security 8 security mechanismsInformation and network security 8 security mechanisms
Information and network security 8 security mechanismsVaibhav Khanna
 
Lesson 1
Lesson 1Lesson 1
Lesson 1MLG College of Learning, Inc
 
Lesson 3- Effectiveness of IDPS
Lesson 3- Effectiveness of IDPSLesson 3- Effectiveness of IDPS
Lesson 3- Effectiveness of IDPSMLG College of Learning, Inc
 
Infrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy HiremathInfrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy HiremathClubHack
 
Risk Assessment Solutions of H2020 IoT Security/Privacy Cluster Projects
Risk Assessment Solutions of H2020 IoT Security/Privacy Cluster ProjectsRisk Assessment Solutions of H2020 IoT Security/Privacy Cluster Projects
Risk Assessment Solutions of H2020 IoT Security/Privacy Cluster ProjectsSecureIoT H2020 funded project
 

More Related Content

What's hot

Itir oct0714-network security-en
Itir oct0714-network security-enItir oct0714-network security-en
Itir oct0714-network security-enKBIZEAU
 
Next-Generation SIEM: Delivered from the Cloud
Next-Generation SIEM: Delivered from the Cloud Next-Generation SIEM: Delivered from the Cloud
Next-Generation SIEM: Delivered from the Cloud Alert Logic
 
Cybersecurity Summit 2020 Slide Deck
Cybersecurity Summit 2020 Slide DeckCybersecurity Summit 2020 Slide Deck
Cybersecurity Summit 2020 Slide DeckCimetrics Inc
 
Selex ES at Le Bourget 2013 Cyber Security Seminar-Alessandro Menna
Selex ES at Le Bourget 2013 Cyber Security Seminar-Alessandro Menna Selex ES at Le Bourget 2013 Cyber Security Seminar-Alessandro Menna
Selex ES at Le Bourget 2013 Cyber Security Seminar-Alessandro Menna Leonardo
 
Cybersecurity Summit AHR20 Recover Tridium
Cybersecurity Summit AHR20 Recover TridiumCybersecurity Summit AHR20 Recover Tridium
Cybersecurity Summit AHR20 Recover TridiumCimetrics Inc
 
Every cloud cloud risk assessment 2018
Every cloud cloud risk assessment 2018Every cloud cloud risk assessment 2018
Every cloud cloud risk assessment 2018soniamcpherson11
 
Distributed Ledger PKI Risk Management Framework, Rob Campbell
Distributed Ledger PKI Risk Management Framework, Rob CampbellDistributed Ledger PKI Risk Management Framework, Rob Campbell
Distributed Ledger PKI Risk Management Framework, Rob CampbellNapier University
 
How to Comply with NIST 800-171
How to Comply with NIST 800-171How to Comply with NIST 800-171
How to Comply with NIST 800-171Corserva
 
Infosec 2014: Finding and Understanding the Risk Impact of Firewall Changes
Infosec 2014: Finding and Understanding the Risk Impact of Firewall ChangesInfosec 2014: Finding and Understanding the Risk Impact of Firewall Changes
Infosec 2014: Finding and Understanding the Risk Impact of Firewall ChangesSkybox Security
 
Information and network security 8 security mechanisms
Information and network security 8 security mechanismsInformation and network security 8 security mechanisms
Information and network security 8 security mechanismsVaibhav Khanna
 

What's hot (20)

Itir oct0714-network security-en
Itir oct0714-network security-enItir oct0714-network security-en
Itir oct0714-network security-en
 
Next-Generation SIEM: Delivered from the Cloud
Next-Generation SIEM: Delivered from the Cloud Next-Generation SIEM: Delivered from the Cloud
Next-Generation SIEM: Delivered from the Cloud
 
Cybersecurity Summit 2020 Slide Deck
Cybersecurity Summit 2020 Slide DeckCybersecurity Summit 2020 Slide Deck
Cybersecurity Summit 2020 Slide Deck
 
Skybox security
Skybox security Skybox security
Skybox security
 
Selex ES at Le Bourget 2013 Cyber Security Seminar-Alessandro Menna
Selex ES at Le Bourget 2013 Cyber Security Seminar-Alessandro Menna Selex ES at Le Bourget 2013 Cyber Security Seminar-Alessandro Menna
Selex ES at Le Bourget 2013 Cyber Security Seminar-Alessandro Menna
 
Cybersecurity Summit AHR20 Recover Tridium
Cybersecurity Summit AHR20 Recover TridiumCybersecurity Summit AHR20 Recover Tridium
Cybersecurity Summit AHR20 Recover Tridium
 
Every cloud cloud risk assessment 2018
Every cloud cloud risk assessment 2018Every cloud cloud risk assessment 2018
Every cloud cloud risk assessment 2018
 
Sect r35 b
Sect r35 bSect r35 b
Sect r35 b
 
Distributed Ledger PKI Risk Management Framework, Rob Campbell
Distributed Ledger PKI Risk Management Framework, Rob CampbellDistributed Ledger PKI Risk Management Framework, Rob Campbell
Distributed Ledger PKI Risk Management Framework, Rob Campbell
 
Lesson 1- Intrusion Detection
Lesson 1- Intrusion DetectionLesson 1- Intrusion Detection
Lesson 1- Intrusion Detection
 
SocialUniversity:How Do Universities Use Social Media? An Empirical Survey of...
SocialUniversity:How Do Universities Use Social Media? An Empirical Survey of...SocialUniversity:How Do Universities Use Social Media? An Empirical Survey of...
SocialUniversity:How Do Universities Use Social Media? An Empirical Survey of...
 
Lesson 1- Risk Managment
Lesson 1- Risk ManagmentLesson 1- Risk Managment
Lesson 1- Risk Managment
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
 
Lesson 3
Lesson 3Lesson 3
Lesson 3
 
NTXISSACSC2 - Software Assurance (SwA) by John Whited
NTXISSACSC2 - Software Assurance (SwA) by John WhitedNTXISSACSC2 - Software Assurance (SwA) by John Whited
NTXISSACSC2 - Software Assurance (SwA) by John Whited
 
How to Comply with NIST 800-171
How to Comply with NIST 800-171How to Comply with NIST 800-171
How to Comply with NIST 800-171
 
Infosec 2014: Finding and Understanding the Risk Impact of Firewall Changes
Infosec 2014: Finding and Understanding the Risk Impact of Firewall ChangesInfosec 2014: Finding and Understanding the Risk Impact of Firewall Changes
Infosec 2014: Finding and Understanding the Risk Impact of Firewall Changes
 
Information and network security 8 security mechanisms
Information and network security 8 security mechanismsInformation and network security 8 security mechanisms
Information and network security 8 security mechanisms
 
Lesson 1
Lesson 1Lesson 1
Lesson 1
 
Lesson 3- Effectiveness of IDPS
Lesson 3- Effectiveness of IDPSLesson 3- Effectiveness of IDPS
Lesson 3- Effectiveness of IDPS
 

Similar to Information Security Aspects of the Public Safety Data Interoperability Network

Infrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy HiremathInfrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy HiremathClubHack
 
Risk Assessment Solutions of H2020 IoT Security/Privacy Cluster Projects
Risk Assessment Solutions of H2020 IoT Security/Privacy Cluster ProjectsRisk Assessment Solutions of H2020 IoT Security/Privacy Cluster Projects
Risk Assessment Solutions of H2020 IoT Security/Privacy Cluster ProjectsSecureIoT H2020 funded project
 
Sfa community of practice a natural way of building
Sfa community of practice a natural way of buildingSfa community of practice a natural way of building
Sfa community of practice a natural way of buildingChuck Speicher
 
Sfa community of practice a natural way of building
Sfa community of practice a natural way of buildingSfa community of practice a natural way of building
Sfa community of practice a natural way of buildingCharles "Chuck" Speicher Jr.
 
Week 09_Cyber security u.pdf
Week 09_Cyber security u.pdfWeek 09_Cyber security u.pdf
Week 09_Cyber security u.pdfdhanywahyudi17
 
Lessons Learned from the NIST CSF
Lessons Learned from the NIST CSFLessons Learned from the NIST CSF
Lessons Learned from the NIST CSFDigital Bond
 
Protecting microservices using secure design patterns 1.0
Protecting microservices using secure design patterns 1.0Protecting microservices using secure design patterns 1.0
Protecting microservices using secure design patterns 1.0Trupti Shiralkar, CISSP
 
SC7 Workshop 3: Enhancing cyber defence of cyber space systems
SC7 Workshop 3: Enhancing cyber defence of cyber space systemsSC7 Workshop 3: Enhancing cyber defence of cyber space systems
SC7 Workshop 3: Enhancing cyber defence of cyber space systemsBigData_Europe
 
Building a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS EnvironmentsBuilding a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS EnvironmentsShah Sheikh
 
QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk M sharifi
 
Cybersecurity for Smart Grids: Technical Approaches to Provide Cybersecurity
Cybersecurity for Smart Grids: Technical Approaches to Provide CybersecurityCybersecurity for Smart Grids: Technical Approaches to Provide Cybersecurity
Cybersecurity for Smart Grids: Technical Approaches to Provide CybersecurityLeonardo ENERGY
 
Cyber-menaces et cyber-préjudices : regards croisés par Gilles DESOBLIN & Red...
Cyber-menaces et cyber-préjudices : regards croisés par Gilles DESOBLIN & Red...Cyber-menaces et cyber-préjudices : regards croisés par Gilles DESOBLIN & Red...
Cyber-menaces et cyber-préjudices : regards croisés par Gilles DESOBLIN & Red...TelecomValley
 
IOT-2016 7-9 Septermber, 2016, Stuttgart, Germany
IOT-2016 7-9 Septermber, 2016, Stuttgart, GermanyIOT-2016 7-9 Septermber, 2016, Stuttgart, Germany
IOT-2016 7-9 Septermber, 2016, Stuttgart, GermanyCharith Perera
 
Isaca atlanta ulf mattsson - do you have a roadmap for eu gdpr
Isaca atlanta ulf mattsson - do you have a roadmap for eu gdprIsaca atlanta ulf mattsson - do you have a roadmap for eu gdpr
Isaca atlanta ulf mattsson - do you have a roadmap for eu gdprUlf Mattsson
 
AFAC session 2 - September 8, 2014
AFAC session 2 - September 8, 2014AFAC session 2 - September 8, 2014
AFAC session 2 - September 8, 2014KBIZEAU
 
Witdom overview 2016
Witdom overview 2016Witdom overview 2016
Witdom overview 2016Elsa Prieto
 
Saltzer principles.pptx
Saltzer principles.pptxSaltzer principles.pptx
Saltzer principles.pptxbekirm
 
Robust Cyber Security for Power Utilities
Robust Cyber Security for Power UtilitiesRobust Cyber Security for Power Utilities
Robust Cyber Security for Power UtilitiesNir Cohen
 

Similar to Information Security Aspects of the Public Safety Data Interoperability Network (20)

Infrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy HiremathInfrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy Hiremath
 
Risk Assessment Solutions of H2020 IoT Security/Privacy Cluster Projects
Risk Assessment Solutions of H2020 IoT Security/Privacy Cluster ProjectsRisk Assessment Solutions of H2020 IoT Security/Privacy Cluster Projects
Risk Assessment Solutions of H2020 IoT Security/Privacy Cluster Projects
 
Sfa community of practice a natural way of building
Sfa community of practice a natural way of buildingSfa community of practice a natural way of building
Sfa community of practice a natural way of building
 
Ijisa
IjisaIjisa
Ijisa
 
Sfa community of practice a natural way of building
Sfa community of practice a natural way of buildingSfa community of practice a natural way of building
Sfa community of practice a natural way of building
 
Week 09_Cyber security u.pdf
Week 09_Cyber security u.pdfWeek 09_Cyber security u.pdf
Week 09_Cyber security u.pdf
 
Lessons Learned from the NIST CSF
Lessons Learned from the NIST CSFLessons Learned from the NIST CSF
Lessons Learned from the NIST CSF
 
Protecting microservices using secure design patterns 1.0
Protecting microservices using secure design patterns 1.0Protecting microservices using secure design patterns 1.0
Protecting microservices using secure design patterns 1.0
 
SC7 Workshop 3: Enhancing cyber defence of cyber space systems
SC7 Workshop 3: Enhancing cyber defence of cyber space systemsSC7 Workshop 3: Enhancing cyber defence of cyber space systems
SC7 Workshop 3: Enhancing cyber defence of cyber space systems
 
Building a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS EnvironmentsBuilding a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS Environments
 
QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk
 
Cybersecurity for Smart Grids: Technical Approaches to Provide Cybersecurity
Cybersecurity for Smart Grids: Technical Approaches to Provide CybersecurityCybersecurity for Smart Grids: Technical Approaches to Provide Cybersecurity
Cybersecurity for Smart Grids: Technical Approaches to Provide Cybersecurity
 
Cyber-menaces et cyber-préjudices : regards croisés par Gilles DESOBLIN & Red...
Cyber-menaces et cyber-préjudices : regards croisés par Gilles DESOBLIN & Red...Cyber-menaces et cyber-préjudices : regards croisés par Gilles DESOBLIN & Red...
Cyber-menaces et cyber-préjudices : regards croisés par Gilles DESOBLIN & Red...
 
IOT-2016 7-9 Septermber, 2016, Stuttgart, Germany
IOT-2016 7-9 Septermber, 2016, Stuttgart, GermanyIOT-2016 7-9 Septermber, 2016, Stuttgart, Germany
IOT-2016 7-9 Septermber, 2016, Stuttgart, Germany
 
Isaca atlanta ulf mattsson - do you have a roadmap for eu gdpr
Isaca atlanta ulf mattsson - do you have a roadmap for eu gdprIsaca atlanta ulf mattsson - do you have a roadmap for eu gdpr
Isaca atlanta ulf mattsson - do you have a roadmap for eu gdpr
 
AFAC session 2 - September 8, 2014
AFAC session 2 - September 8, 2014AFAC session 2 - September 8, 2014
AFAC session 2 - September 8, 2014
 
Witdom overview 2016
Witdom overview 2016Witdom overview 2016
Witdom overview 2016
 
Saltzer principles.pptx
Saltzer principles.pptxSaltzer principles.pptx
Saltzer principles.pptx
 
CSO CXO Series Breakfast
CSO CXO Series BreakfastCSO CXO Series Breakfast
CSO CXO Series Breakfast
 
Robust Cyber Security for Power Utilities
Robust Cyber Security for Power UtilitiesRobust Cyber Security for Power Utilities
Robust Cyber Security for Power Utilities
 

Recently uploaded

Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 

Recently uploaded (20)

Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 

Information Security Aspects of the Public Safety Data Interoperability Network

  • 1. Information Security Aspects of the Public Safety Data Interoperability Network Blaž Ivanc blaz.ivanc@determinanta.si European Intelligence and Security Informatics Conference (EISIC) 2016 Session: Risk and crisis management, 18 August 2016, Uppsala, Sweden
  • 2. INTRODUCTION › Major security incidents require cross-border cooperation › The purpose of the REDIRNET consortium is to provide a true Europe-wide interoperability that is non-reliant on specific technology or proprietorial system » REDIRNET will provide a communication solution for the exchange and sharing of information via voice, data, images, video, CCTV and remote sensors › REDIRNET achievements will be valued in the smart cities projects » The concept of a smart city controls key infrastructure and security aspects in order to ensure high security to the inhabitants » In order to develop such capacity, it is necessary to ensure adequate security of the system and data protection
  • 3.
  • 4. PUBLIC SAFETY DATA INTEROPERABILITY AND INFORMATION SECURITY ASPECTS › The definition of interoperability in communication systems between different services for public protection and disaster relief » „capability of two organizations or discrete parts of the same organization to exchange decision-critical information and to use the information that has been exchanged“ › Challenges: » interoperability, broadband connectivity, lack of coverage, destroyed infrastructure and technological gaps with commercial technologies › Communication in the public safety agencies is slowly shifting from predominantly audio messages to media enriched broadband communication. » At the time of emergency response: sensitive voice information, videos, images, maps, data from different records …
  • 5. › The range of approaches to address the security aspects » Security risks have been identified for each key component of the REDIRNET system already during the design. » The implemented security mechanisms and good practices correspond to the proposed risk mitigation strategies. » During security guidance, monitoring and system evaluation, we used a number of operational and technically specific approaches not explained in detail. • typical methods and techniques in the field of penetration testing • attack modeling (during the design and development) » We also produced several security documents intended for both developers and end-users. SECURITY ASPECTS IN THE DEVELOPMENT AND INTEGRATION OF THE REDIRNET SYSTEM
  • 6. SECURITY ASPECTS IN THE DEVELOPMENT AND INTEGRATION OF THE REDIRNET SYSTEM › Security requirements of the REDIRNET system » It is necessary for agencies to have the ability to decide what resources should be shared or disclosed to their partners at any given moment. » Communication with and within the system must be secured and encrypted. » Even if the information is not classified (such as EU Sensitive) it cannot be transmitted over unprotected channels in plain text form. » Storage of all the data gathered by agencies should be encrypted and protected.
  • 7. › System components based on high-level architecture design SECURITY ASPECTS IN THE DEVELOPMENT AND INTEGRATION OF THE REDIRNET SYSTEM
  • 8. › Security overview of system components and security assessments » Overview of security mechanism for individual system component • REDIRNET Platform () • Main Switch • Core Data Storage • Ontology Services • Collaboration Web • Open-source Gateway • Plug-in(s) SECURITY ASPECTS IN THE DEVELOPMENT AND INTEGRATION OF THE REDIRNET SYSTEM
  • 9. SECURITY ASPECTS IN THE DEVELOPMENT AND INTEGRATION OF THE REDIRNET SYSTEM › Checklist for assessing the security measures in place to protect the REDIRNET Platform implementation » REDIRNET Platform is a vital part of the REDIRNET, providing various infrastructure services to the system and hosts the core REDIRNET components. • Auditing • Privacy protection • Implementation and operation • Strong keys and cryptographic mechanisms • Infrastructure and operations ()
  • 10.
  • 11. SECURITY ASPECTS IN THE DEVELOPMENT AND INTEGRATION OF THE REDIRNET SYSTEM › High-level security assessment of the REDIRNET system » ENISA technical guidelines - 25 security objectives in seven security domains: • Governance and risk management • Human resources security • Security of systems and facilities • Operations management • Incident management • Business continuity management • Monitoring, auditing and testing
  • 12. CONCLUSION › The main approaches in addressing the security aspects of the REDIRNET system were presented › Major emergency responses require coordination between various public safety agencies in several countries » In this respect, concern for system security and data is crucial » Certain adjustments that will result from the subsequent coordination of a large number of integrations with the existing systems of public safety agencies are expected » Challenge: specific security „wishes“ of some end-users