CTO-Cybersecurity-2010-Dr. Martin Koyabe


Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Key point – understanding CII
  • Key point – understanding CII
  • Key point – Understand the two levels of security risks facing CII
  • Key point – Description of the global trends towards CIIP
  • Key point – Description of the global trends towards CIIP
  • Key point – Lack of financial investment in developing CIIP
  • Key point – Description of the global trends towards CIIP
  • Key point – Description of the global trends towards CIIP
  • Key point – Description of the global trends towards CIIP
  • Key point – Description of the global trends towards CIIP
  • Key point – Description of the global trends towards CIIP
  • CTO-Cybersecurity-2010-Dr. Martin Koyabe

    1. 1. Critical Information Infrastructure Protection: Threats & Challenges for Developing Countries Dr Martin Koyabe Security Futures Practice, BT Innovate & Design CTO, Cyber Security Forum, London,UK 17-18 th June 2010
    2. 2. Basic Understanding of CII [1/2] <ul><li>Critical Information Infrastructures (CII) </li></ul><ul><ul><li>communications and/or information services whose availability, reliability and resilience are essential to the functioning of a modern economy </li></ul></ul><ul><ul><li>CII also includes: </li></ul></ul><ul><ul><ul><li>telecommunications, power distribution, water supply, public health services, national defense, law enforcement, government services, and emergency services </li></ul></ul></ul>
    3. 3. Basic Understanding of CII [2/2] <ul><li>Critical Information Infrastructure Protection (CIIP) </li></ul><ul><ul><li>Focuses on protection of IT systems and assets </li></ul></ul><ul><ul><ul><li>Telecommunication, computers/software, Internet, Satellite, interconnected computers/networks (Internet) & services they provide </li></ul></ul></ul><ul><ul><li>Ensures C onfidentiality, I ntegrity and A vailability </li></ul></ul><ul><ul><ul><li>Required 27/4 (365 days) </li></ul></ul></ul><ul><ul><ul><li>Part of the daily modern economy and the existence of any country </li></ul></ul></ul>Confidentiality Integrity Availability
    4. 4. Key levels of CII risks <ul><li>Technical </li></ul><ul><ul><li>Complexity and interdependencies </li></ul></ul><ul><ul><ul><li>Increased dependencies  increased vulnerabilities </li></ul></ul></ul><ul><ul><li>Trust relationships increasingly complex </li></ul></ul><ul><ul><li>End-to-End mitigation can be difficult </li></ul></ul><ul><li>Actor </li></ul><ul><ul><li>State-sponsored actors </li></ul></ul><ul><ul><li>Ideological and political extremist actors </li></ul></ul><ul><ul><li>Frustrated insiders/social-engineering </li></ul></ul><ul><ul><li>Organised criminal agents/individuals </li></ul></ul><ul><ul><ul><li>Supported by underworld economy </li></ul></ul></ul>
    5. 5. Global trends towards CIIP <ul><li>Increased awareness for CIIP & cyber security </li></ul><ul><ul><li>Countries aware that risks to CIIP need to be managed </li></ul></ul><ul><ul><ul><li>Whether at National, Regional or International level </li></ul></ul></ul><ul><li>Cyber security & CIIP becoming essential tools </li></ul><ul><ul><li>For supporting national security & social-economic well-being </li></ul></ul><ul><li>At national level </li></ul><ul><ul><li>Increased need to share responsibilities & co-ordination </li></ul></ul><ul><ul><ul><li>Among stakeholders in prevention, preparation, response & recovery </li></ul></ul></ul><ul><li>At regional & international level </li></ul><ul><ul><li>Increased need for co-operation & co-ordination with partners </li></ul></ul><ul><ul><ul><li>In order to formulate and implement effective CIIP frameworks </li></ul></ul></ul>
    6. 6. How about developed economies? <ul><li>Key Cybersecurity threat(s) are diverse, but related </li></ul><ul><ul><li>“ Established capable states...” </li></ul></ul><ul><ul><ul><ul><li>Source: UK Cyber Security Strategy [2009] </li></ul></ul></ul></ul><ul><ul><li>“ The role of nations in exploiting information networks...” </li></ul></ul><ul><ul><ul><ul><li>Source: US Cyberspace Policy Review [2009] </li></ul></ul></ul></ul><ul><ul><li>“ The dangers from IT crime, threat to government agencies...” </li></ul></ul><ul><ul><ul><ul><li>Source: Swedish Emergency Management Agency (SEMA) [2008] </li></ul></ul></ul></ul><ul><ul><li>“ Financial incentive for online criminal behaviour...” </li></ul></ul><ul><ul><ul><ul><li>Source: Towards a Belgian strategy on Information Security [2008] </li></ul></ul></ul></ul>
    7. 7. Challenges for developing countries <ul><li>#1 : Cost and lack of (limited) financial investment </li></ul><ul><ul><li>Economics for establishing a CIIP framework can be a hindrance </li></ul></ul><ul><ul><li>Limited human & institutional resources </li></ul></ul>
    8. 8. Challenges for developing countries <ul><li>#2 : Technical complexity in deploying CIIP </li></ul><ul><ul><li>Need to understand dependencies & interdependencies </li></ul></ul><ul><ul><ul><li>Especially vulnerabilities & how they cascade </li></ul></ul></ul><ul><ul><li>Lack of effective trust relationships among stakeholders </li></ul></ul>Provides Technical & Policy assistance to member states
    9. 9. Challenges for developing countries <ul><li>#3 : Need for Cybersecurity education & culture re-think </li></ul><ul><ul><li>Create awareness on importance of Cybersecurity & CIIP </li></ul></ul><ul><ul><ul><li>By sharing information on what works & successful best practices </li></ul></ul></ul><ul><ul><li>Creating a Cybersecurity culture can promote trust & confidence </li></ul></ul><ul><ul><ul><li>It will stimulate secure usage, ensure protection of data and privacy </li></ul></ul></ul>
    10. 10. Challenges for developing countries <ul><li>#4 : Lack of relevant CII policies & legal framework </li></ul><ul><ul><li>Needs Cybercrime legislation & enforcement mechanisms </li></ul></ul><ul><ul><li>Setup policies to encourage co-operation among stakeholders </li></ul></ul><ul><ul><ul><li>Especially through Public-Private-Partnerships (PPP) </li></ul></ul></ul><ul><li>#5 : Lack of information sharing & knowledge transfer </li></ul><ul><ul><li>It is important at ALL levels National, Regional & International </li></ul></ul><ul><ul><li>Necessary for developing trust relationships among stakeholders </li></ul></ul><ul><ul><ul><li>Including CERT teams </li></ul></ul></ul>
    11. 11. Future CII threat vectors <ul><li>Expanding Infrastructures </li></ul><ul><ul><li>Fiber optic connectivity </li></ul></ul><ul><ul><ul><li>TEAMS/Seacom/EASSy </li></ul></ul></ul><ul><ul><li>Mobile/Wireless Networks </li></ul></ul><ul><ul><ul><li>Africa – accounts for 30% of ALL mobile phones in the world </li></ul></ul></ul><ul><li>Existence of failed states </li></ul><ul><ul><li>Increased ship piracy </li></ul></ul><ul><ul><ul><li>To fund other activities </li></ul></ul></ul><ul><ul><li>Cyber warfare platforms </li></ul></ul><ul><ul><ul><li>Doesn’t need troops or military hardware </li></ul></ul></ul><ul><li>Cyber communities </li></ul><ul><ul><li>Social Networks – Attacker’s “gold mine” </li></ul></ul>
    12. 12. Summary <ul><li>CIIP deployment in developing countries is working progress </li></ul><ul><ul><li>Despite the challenges, there are also success stories too </li></ul></ul><ul><ul><ul><li>E.g. TUNISIA (CERT/TCC) </li></ul></ul></ul><ul><li>CIIP/Cybersecurity is a 24/7 (365 days) business </li></ul><ul><ul><li>It’s costly, but doing without it is even worse </li></ul></ul><ul><li>Co-ordination & co-operation among stake holders is crucial </li></ul><ul><ul><li>Encourages trust, knowledge sharing & skills transfer </li></ul></ul><ul><li>Future threat vectors need our full attention </li></ul><ul><ul><li>Dependencies & interdependencies will become more complex </li></ul></ul>
    13. 13. Q&A Session <ul><li>Thank You </li></ul><ul><li>[email_address] </li></ul>