Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Cybersecurity: Dos and Dont's

990 views

Published on

Presentation at 5th Annual QED Conference on Cybersecurity on 22 June 2017: https://qed.eu/Events/5th%20Annual%20QED%20Conference%20on%20Cybersecurity%20/Bio/

Video available at: https://www.youtube.com/watch?v=y0vg231Bl6o&t=778s

Published in: Internet
  • Login to see the comments

  • Be the first to like this

Cybersecurity: Dos and Dont's

  1. 1. C Y B E R S E C U R I T Y: D O S & D O N ’ T S M A R T I N A F R A N C E S C A F E R R A C A N E R E S E A R C H A S S O C I A T E A T E C I P E Q E D 2 2 J U N E 2 0 1 7
  2. 2. O U T L I N E 1. G E T T I N G T H E T E R M I N O L O G Y R I G H T 2. D O N ’ T S 3. D O S
  3. 3. O U T L I N E 1. G E T T I N G T H E T E R M I N O L O G Y R I G H T 2. D O N ’ T S 3. D O S
  4. 4. C Y B E R S E C U R I T Y Cybersecurity is the body of technologies, processes and practices designed to protect networks, computers, programs and data from attack, damage or unauthorized access. Elements of cybersecurity include: Application security; Information security; Network security; Disaster recovery / business continuity planning; Operational security; End-user education. Source: http://whatis.techtarget.com
  5. 5. C Y B E R S E C U R I T Y Cyber threats can be grouped in 4 categories: - Crime: fraud, extorsion, theft, DoS, etc - Commercial espionage - Nation-State espionage - Warfare Source: Information Technology Industry Council (2015)
  6. 6. A C C E S S T O D A TA F O R N A T I O N A L S E C U R I T Y & L A W E N F O R C E M E N T Different issues such as: - Counter-terrorism measures - MLATs - Data sovereignty
  7. 7. D A TA P R I VA C Y Data privacy concerns the collection, protection and dissemination of personal or private information about individuals or organisations. Source: http://lexicon.ft.com/
  8. 8. F R E E D O M O F E X P R E S S I O N Different issues such as: - Fake news - Censorship - Hate speech
  9. 9. O U T L I N E 1. G E T T I N G T H E T E R M I N O L O G Y R I G H T 2. D O N ’ T S 3. D O S
  10. 10. F R A G M E N TA T I O N ( I ) “Member States have very different levels of preparedness, which has led to fragmented approaches across the Union. This results in an unequal level of protection of consumers and businesses, and undermines the overall level of security of network and information systems within the Union.” Recital (5) - NIS Directive
  11. 11. F R A G M E N TA T I O N ( I I ) “Each Member State shall adopt a national strategy on the security of network and information systems defining the strategic objectives and appropriate policy and regulatory measures with a view to achieving and maintaining a high level of security of network and information systems (…)” Article 7 - NIS Directive
  12. 12. F R A G M E N TA T I O N ( I I I ) “Member States shall lay down the rules on penalties applicable to infringements of national provisions adopted pursuant to this Directive and shall take all measures necessary to ensure that they are implemented (…)” Article 21 - NIS Directive
  13. 13. N O T I F I C A T I O N O F I N C I D E N T S Digital services: have to report those incidents that have a ‘substantial impact on the provision of a service (…) they offer in the EU’. Operators of essential services have to report those incidents ‘having significant impact on the continuity of the essential services they provide’ Art. 14 & Art. 16 - NIS Directive ‘without undue delay’
  14. 14. C O M P U L S O RY S E C U R I T Y S TA N D A R D S ( I ) “Member States shall (…) encourage the use of European or internationally accepted standards and specifications relevant to the security of network and information systems.” Article 19 - NIS Directive
  15. 15. C O M P U L S O RY S E C U R I T Y S TA N D A R D S ( I I ) - Multi-Level Protection Scheme (MPLS) - China - Preferential Market Access (PMA) - India - Cybersecurity Law - China ‘The security reviews will not target any country or region, they will not discriminate against foreign technology or products, nor limit their access to the Chinese market. On the contrary, they will boost consumer confidence in such products and services, and expand their markets.’ CAC China
  16. 16. “We cannot allow [terrorism] the safe space it needs to breed – yet that is precisely what the internet, and the big companies that provide internet-based services provide” Theresa May H O W S E C U R I T Y S TA N D A R D S C O U L D B E A B U S E D …
  17. 17. ‘Personal information and important data collected and generated by critical information infrastructure operators in the PRC must be stored domestically’ Art. 37 - China Cybersecurity Law - June 2017 D A TA L O C A L I S A T I O N ( I ) ‘Where due to business requirements it is truly necessary to provide it [data] outside the mainland, they shall (…) conduct a security assessment’
  18. 18. D A TA L O C A L I S A T I O N ( I I ) Source: Digital Trade Estimates Database - ECIPE
  19. 19. O U T L I N E 1. G E T T I N G T H E T E R M I N O L O G Y R I G H T 2. D O N ’ T S 3. D O S
  20. 20. - Focus on systems that are truly critical in nature - Improve public agencies - Improve coordination intra-EU and globally - Develop national cybersecurity plans - Involve the private sector in the development of cybersecurity strategy - Invest in R&D - Increase PPP - Participate in international fora and consortia D O S
  21. 21. - Preserve interoperability and openness to the global market - Balance cybersecurity concerns with: - civil liberties - innovation - trade - other policy priorities D O S
  22. 22. "It's no longer OK not to understand how the Internet works.” Aaron Swartz
  23. 23. R E F E R E N C E S - Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union: http://eur-lex.europa.eu/legal- content/EN/TXT/?uri=CELEX%3A32016L1148 - English Sina (2017). China Internet regulator says cyber security law not a trade barrier: http://english.sina.com/news/2017-05-31/detail-ifyfuvpm6886418.shtml - FT (2017). Special Report on Cyber Security: https://www.ft.com/reports/cyber- security - Independent (2017). Theresa May says the internet must now be regulated following London Bridge terror attack: http://www.independent.co.uk/news/ uk/politics/theresa-may-internet-regulated-london-bridge-terror-attack- google-facebook-whatsapp-borough-security-a7771896.html
  24. 24. R E F E R E N C E S - ITIC (2013). ITI Position Paper on the Proposed “Directive of the European Parliament and of the Council Concerning Measures to Ensure a High Common Level of Network and Information Security Across the Union”: https://www.itic.org/dotAsset/a748f2f7-7d73-4d62-8ea0-b5ad35e3af27.pdf - ITIC (2015). The IT Industry’s Cybersecurity Principles for Industry and Government: https://www.itic.org/dotAsset/0e3b41c2-587a-48a8- b376-9cb493be36ec.pdf - NIST (2014): Framework for Improving Critical Infrastructure Cybersecurity: https://www.nist.gov/sites/default/files/documents/cyberframework/ cybersecurity-framework-021214.pdf - QUARTZ (2016). How countries like China and Russia are able to control the internet: https://qz.com/780675/how-do-internet-censorship-and-surveillance- actually-work/
  25. 25. R E F E R E N C E S Websites: - www.ecipe.org/dte - http://whatis.techtarget.com - http://lexicon.ft.com/
  26. 26. M A R T I N A F R A N C E S C A F E R R A C A N E E M A I L : M A R T I N A . F E R R A C A N E @ E C I P E . O R G THANK YOU!

×