SlideShare a Scribd company logo

CSCoE ASIS v2

Download as PPT, PDF
Alessandro Gazzini
Alessandro Gazzini

The document discusses the development of a Global Cyber Security Center (GCSC) megacommunity to address cyber security challenges. The GCSC would bring together business, government, and civil society to share information and capabilities through a collaborative approach. It would work to reduce the global "security divide" and protect internet infrastructure through international coordination of task forces. The design of the Cyber Security Center of Excellence focuses on governance, activities, partnerships, funding, and expected benefits to stakeholders.

1 of 17
Booz & Company This document is confidential and is intended solely for the use and information of the client to whom it is addressed. Developing a Security Megacommunity Case Study for the development of an International Cyber Security Initiative ASIS European Security Conference Lisbon, 19th April 2009
NCEMABooz & Company DATE 2 The world that we operate in is increasingly globalized and interconnected -- requiring new approaches also for Security  Our world today is driven by a constantly evolving set of security threats, with terrorist groups, health epidemics, natural disasters and financial shocks conspiring, individually and collectively, to disrupt global markets, incite conflict, reduce prosperity, and impact our basic security.  These issues that threaten national, homeland and economic security are increasingly dangerous due to the unprecedented integration of the international economy – and the modern technologies that both link geographically dispersed populations and simultaneously enable their destabilization.  Our increasingly globalized and interconnected world is creating issues that are too large for any one authority to solve alone – the situation calls for a new type of tri-sector leadership in which business, government and nonprofits work together in a state of permanent negotiation.  To be effective, tomorrow’s leaders will need to reach across traditional sector divisions to form a collaborative “megacommunity.” A common question emerges: How can leaders confront these challenges? A common question emerges: How can leaders confront these challenges?
NCEMABooz & Company DATE 3 The Megacommunity thinking recognizes the necessity of business, government, and civil society in working together on issues … A Megacommunity is a collaborative socio- economic environment in which business, government, and civil society interact according to their common interests, while maintaining their unique priorities  Tri-Sector Engagement  Overlapping Vital Interests  Convergence  Structure  Adaptability Levers of Influence Levers of Influence Levers of Influence MEGA- COMMUNITY CIVILSOCIETY BUSINESS GOVERNMENT A megacommunity relies on the dynamic tension that exists among all three sectors – each sector uses its levers of influence to interact with the other sectors to solve a mutually recognized problem
NCEMABooz & Company DATE 4  A Megacommunity is the space in which complex problems exist, and are addressed  A Megacommunity is a lens in which to examine a complex problem in a new way  Megacommunities are determined by the existence of tri-sector engagement and an overlap in common interest  The objective for each organization operating in a Megacommunity is achieved by: – Optimizing its interests instead of maximizing, all participants gain – Operating in a Megacommunity is not a zero-sum game  For clarification, a Megacommunity is not: – another name for corporate social responsibility or philanthropy – another international/intergovernmental forum (e.g., The World Economic Forum) – a really big community of interest – a collection of like-minded actors – an advanced form of public-private partnerships … providing a fresh solutions-oriented perspective to address seemingly intractable problems … To be published by Palgrave Macmillan in March 2008
NCEMABooz & Company DATE 5 …and shifts the way organizations need to approach problems in a complex, interconnected environment  Organizations from the public, private and civil sectors deliberately join together around a compelling issue of mutual importance  Participants remain independent but their common interest compels them to work together  Participants benefit from shared capabilities  Leaders are engaged and implement a common set of practices and principles that influence organizations other than their own to achieve results  Participants focus on relationships and listen to other perspectives in order to reach a common goal  View problems and potential solutions from the perspective of a single organization, not taking account diverse stakeholders  Collaborate only to maximize objectives for an individual organization  Leaders create operating principles exclusively tailored to and used in their own organization  A limited degree of openness, trust and collaboration between organizations with disparate objectives Megacommunity ApproachTraditional Approach
NCEMABooz & Company DATE 6 This approach can be applied to the cyber security challenge 1) Internet crime complaint center (I3C) Report 2008; Booz & Co. Analysis Cyber Threats can have a dramatic impact on our Society All Critical services (energy, transportation, government, etc) depend on Digital Infrastructure, that could be compromised causing severe impact on our society  Cyber Crime is on the rise (US$ 1,4 billion per year (1) )  New threats scenarios are quickly emerging thanks to new “Web” cooperation models  Potential impact is rapidly increasing due to digitalization of vital information and activities  Cyberwar is an emerging scenario: (Estonia 2007, Georgia 2008) and Massive Attacks (Italy 2007)  US Cyber Consequences Unit estimates that a 10 days attack to the US Internet Infrastructure could have an impact of 70% of US GDP Challenges  Move away from a purely technical view towards a global shared approach with Political Vision, Strategy, Policies and Standards  Develop higher coordination and governance  Cyber Security requires advanced cooperation models focused on Research and Information Exchange  There is big gap of specialized capabilities, innovative research, skills and knowledge development  Problem set is full of hidden interdependencies
NCEMABooz & Company DATE 7 Governments are starting to put their weight behind the problem "I believe Europe must do more for the security of its communication networks. Europe needs a security tsar with authority to act immediately if a cyber attack is underway, a Cyber Cop in charge of the coordination of our forces and of developing tactical plans to improve our level of resilience.“ Viviane Reding, Commissioner, EC Directorate General for Information Society and Media, April 2009 Examples of Recent National Cyber Security Initiatives "Cyberspace is real, and so are the risks that come with it. This is a matter of public safety and national security. We know that cyber intruders have probed our electrical grid and that in other countries cyber attacks have plunged entire cities into darkness. In short, America's economic prosperity in the 21st century will depend on cyber security. ” Barack Obama, President, United States of America, May 2009 Australian Government Cyber Security Strategy 2009 UK Government Cyber Security Strategy 2009 US Government Cyber Security Policy Review 2009 French White paper on Defence and National Security 2009 Estonian Cyber Security Strategy 2008
Prepared for client nameCSCoE ASIS v2.pptBooz & Company DATE 8 A Cyber Security Megacommunity Case Study
NCEMABooz & Company DATE 9 In the last year we have been working for the creation of a cyber security megacommunity through 2 specific and related initiatives Global Cyber Security Center (GCSC)  MOU signed on 30th June 2009  Founders: US Secret Service, Italian Police and Poste Italiane  Objectives: develop a European Electronic Crime Task Force  Voluntary basis  Infosharing on cyber crime European Electronic Crime Task ForceLevers of Influence Levers of Influence Levers of Influence MEGA- COMMUNITY CIVILSOCIETY BUSINESS GOVERNMENT  Objectives: develop an international cyber security center  Location: Rome  Membership basis  Non for profit Foundation
NCEMABooz & Company DATE 10 The vision for the GCSC defines the ideal state of a digital community and what needs to be done to achieve it International cyber community of people, businesses, and governments… …interacting safely and confidently… …across a shared digital medium Vision  The user base of a global cyber community drives demand and growth of the digital economy  The user base must be safe from threats on the Internet, and they must believe that they are safe and their information / services are not compromised  Since no single entity owns the Internet, multiple international players share the responsibility for managing it properly Components of Vision Reduce the “security divide” by increasing the size of the user base and relative security knowledge Protect the Internet from bad things, and protect people, businesses, and governments from bad things on the Internet International cyber community of people, businesses, and governments interacting safely and confidently across the internet medium Contribute to the cohesiveness and interaction of global task forces protecting the Internet infrastructure. Promote research and knowledge on vulnerabilities and countermeasures. Actions
NCEMABooz & Company DATE 11 The design of the Cyber Security CoE has been structured around 5 core area Cyber Security CoE Model - Analyzed Dimensions Operational Model & Activities Partnership Model Funding Model Expected Benefits GCSC Governance & Organization Model 1 23 4 5 1 3 5 4 2  Governance & Organizational Model: – What are the potential legal models that could be adopted for the Cyber Security CoE ? Pros and Cons ? – What would be the core organizational construct ?  Operational Model & Activities: – What will be the reference “megacommunity” that will be managed? – What should be the activities ? What are the required skills ?  Partnership Model: – Who should be the stakeholder group of partners / experts to be involved in activities ? – Which ones are core Vs nice to have ?  Funding Model: – How will the GCSC finance itself ? What sources of funds ? – How much will it need to develop it’s activities and objectives ?  Expected Benefits: – What will be the specific benefits for each stakeholder group ? – How can we measure the results ? Operational Model & Activities All Interrelated !
NCEMABooz & Company DATE 12 The GCSC will combine various stakeholders into a shared and organized construct CyberSecurityMegacommunity Private Sector Partners Network of Experts National Institutions International Institutions Academia A strong cooperation and mutual benefit formula is a key success factor for GCSC Operational Model Media
NCEMABooz & Company DATE 13 The Centre will perform various core activities … Constant monitoring of developments around cyber security on selected thematic areas. Initiate research activities on selected primary topics. Develop a “living lab” concept. Support to the formulation of selected new policies and harmonization of them between different countries Conduct of highly specialized training, host seminars and other activities Organization, marketing and management of all the CoE communication activities / events of different types The CoE will have to promote information sharing between different actors Training & Skill Development Research and Observatory Information Sharing Communication & Awareness Policy, Standards and International Cooperation Cyber Security Centre of Excellence
NCEMABooz & Company DATE 14 … and work on an initial set of core reseach pilars All three topics share the same objective: Securing Internet and Digital Services for Society  Users - New Frontiers of Digital Identity: Digital Identity is a key element of Digital Services. The Centre will work to develop new solutions / best practices to allow citizens and organizations to access Digital Services in full security.  Infrastructure - Internet Infrastructure Security: the Digital Infrastructure vulnerabilities are used to compromise services and attack systems. The Centre will define and test new technologies and approaches to protect Digital Infrastructure (example Naming and Addressing Systems, DNSSec, Internet Routing, etc).  Threat - New approaches to fight Cyber Crime: the evolution of Cyber Crime requires new approaches to fight it. The Centre will work on International Cooperation and Information Exchange, Real Time Monitoring & Analysis, Incident and Crisis Coordination & Cooperation and Digital Live Forensics.
NCEMABooz & Company DATE 15 CERT - Information Sharing Cyber Security Lab  Definition – Controlled research and testing environment for tests, proof of concepts, simulations and exercises  Objectives – Provide an international, vendor-neutral environment for cyber security testing and simulation – Lab can be used for Cyber Security exercies  Definition – Support the sharing of information between CERTs, research labs, private companies and government agencies  Objectives – Support the development of Information Sharing capabilities in the International CERT community – Support the improvement of CERT’s Incident Response capabilities Selected Examples Global Incident MapOSF Dataloss DB PREDICT RepositoryDETER Network Security Testbed Additionally the Center will develop also a technology “test lab” and a CERT support center
NCEMABooz & Company DATE 16 Poste Italiane, US Secret Service and Italian Postal & Communication Police created on June 30 a “European Electronic Crime Task Force - EECTF” EECTF Founders Main Steps of EECTF Creation  May / June 2009: Poste Italiane decide to create a European Electronic Crime Task Force (modeled to the US ones) and involve two key stakeholders (Italian Communication Police and US Secret Service) that are willing to participate  June 30 2009: Poste Italiane signs together with the US Secret Service and Italian Postal & Communication Police a “Memorandum of Understanding” to establish a European Electronic Crime Task Force  September 2009: founders define EECTF governance model and start to organize first “launch” meeting for March 2009  March 16th 2010: first ECTF meeting with more than 40 European organizations involved, including various law enforcement agencies, financial institutions and speakers from US Secret Service, Italian Police and Poste Italiane. European Electronic Crime Task Force
NCEMABooz & Company DATE 17 Lesssons Learnt  You must have an overall impelling need which cannot be solved by a single entity  You need a passionate and visionary leader (s)  You need to understand specific value drivers of different stakeholders  You need strong cultural change to overcome natural barriers - nothing is for granted (!)  You need a clear agenda and financing  You need to focus on the key partnerships rather than technical specifics  Have clear “business plan” and governance model  Be flexible, flexible and again flexible

Recommended

Online security – an assessment of the new
Online security – an assessment of the newOnline security – an assessment of the new
Online security – an assessment of the new
sunnyjoshi88
 
Cyberdefense strategy - Boston Global Forum - 2017
Cyberdefense strategy - Boston Global Forum - 2017Cyberdefense strategy - Boston Global Forum - 2017
Cyberdefense strategy - Boston Global Forum - 2017
NgocHaBui1
 
Global Partnership Key to Cyber Security
Global Partnership Key to Cyber SecurityGlobal Partnership Key to Cyber Security
Global Partnership Key to Cyber Security
Dominic Karunesudas
 
IDC Best Practices in Private Sector Cyber Security
IDC Best Practices in Private Sector Cyber SecurityIDC Best Practices in Private Sector Cyber Security
IDC Best Practices in Private Sector Cyber Security
inside-BigData.com
 
Final presentation cyber security submit copy
Final presentation cyber security submit copyFinal presentation cyber security submit copy
Final presentation cyber security submit copy
smita mitra
 
Agenda PWC Cybersecurity Day - 18 octobre 2016
Agenda PWC Cybersecurity Day - 18 octobre 2016Agenda PWC Cybersecurity Day - 18 octobre 2016
Agenda PWC Cybersecurity Day - 18 octobre 2016
ITnation Luxembourg
 
Cyber Insurance as Digital Strategy
Cyber Insurance as Digital StrategyCyber Insurance as Digital Strategy
Cyber Insurance as Digital Strategy
Randeep Sudan
 
All Things Digital
All Things DigitalAll Things Digital
All Things Digital
Randeep Sudan
 

Recommended

Online security – an assessment of the new
Online security – an assessment of the newOnline security – an assessment of the new
Online security – an assessment of the new
sunnyjoshi88
 
Cyberdefense strategy - Boston Global Forum - 2017
Cyberdefense strategy - Boston Global Forum - 2017Cyberdefense strategy - Boston Global Forum - 2017
Cyberdefense strategy - Boston Global Forum - 2017
NgocHaBui1
 
Global Partnership Key to Cyber Security
Global Partnership Key to Cyber SecurityGlobal Partnership Key to Cyber Security
Global Partnership Key to Cyber Security
Dominic Karunesudas
 
IDC Best Practices in Private Sector Cyber Security
IDC Best Practices in Private Sector Cyber SecurityIDC Best Practices in Private Sector Cyber Security
IDC Best Practices in Private Sector Cyber Security
inside-BigData.com
 
Final presentation cyber security submit copy
Final presentation cyber security submit copyFinal presentation cyber security submit copy
Final presentation cyber security submit copy
smita mitra
 
Agenda PWC Cybersecurity Day - 18 octobre 2016
Agenda PWC Cybersecurity Day - 18 octobre 2016Agenda PWC Cybersecurity Day - 18 octobre 2016
Agenda PWC Cybersecurity Day - 18 octobre 2016
ITnation Luxembourg
 
Cyber Insurance as Digital Strategy
Cyber Insurance as Digital StrategyCyber Insurance as Digital Strategy
Cyber Insurance as Digital Strategy
Randeep Sudan
 
All Things Digital
All Things DigitalAll Things Digital
All Things Digital
Randeep Sudan
 
Cisco 2013 Annual Security Report
Cisco 2013 Annual Security ReportCisco 2013 Annual Security Report
Cisco 2013 Annual Security Report
Kim Jensen
 
Cybersecurity report
Cybersecurity reportCybersecurity report
Cybersecurity report
Kevin Leffew
 
L479096.pdf
L479096.pdfL479096.pdf
L479096.pdf
American Research Journal of Humanities & Social Science
 
WSIS10 Action Line C5 Building Confidence and Security in the use of ICT's
WSIS10 Action Line C5 Building Confidence and Security in the use of ICT'sWSIS10 Action Line C5 Building Confidence and Security in the use of ICT's
WSIS10 Action Line C5 Building Confidence and Security in the use of ICT's
Dr Lendy Spires
 
Bc Digital Business Ecosystems 20081012
Bc Digital Business Ecosystems 20081012Bc Digital Business Ecosystems 20081012
Bc Digital Business Ecosystems 20081012
Esa Blomberg
 
Why the Private Sector is Key to Cyber Defence
Why the Private Sector is Key to Cyber DefenceWhy the Private Sector is Key to Cyber Defence
Why the Private Sector is Key to Cyber Defence
Gareth Niblett
 
Internet Safety
Internet SafetyInternet Safety
Internet Safety
Charles Mok
 
DBryant-Cybersecurity Challenge
DBryant-Cybersecurity ChallengeDBryant-Cybersecurity Challenge
DBryant-Cybersecurity Challenge
msdee3362
 
Government and Enterprise Collaboration in Cybersecurity
Government and Enterprise Collaboration in CybersecurityGovernment and Enterprise Collaboration in Cybersecurity
Government and Enterprise Collaboration in Cybersecurity
Charles Mok
 
Nimesh cultural studies technoculture and risks 222222222
Nimesh cultural studies technoculture and risks 222222222Nimesh cultural studies technoculture and risks 222222222
Nimesh cultural studies technoculture and risks 222222222
Dave Nimesh B
 
Improve Public Safety
Improve Public SafetyImprove Public Safety
Improve Public Safety
estotts75
 
TLC220_2014_S1_ResearchEssay_DinesR_31510992_Monday_1030am
TLC220_2014_S1_ResearchEssay_DinesR_31510992_Monday_1030amTLC220_2014_S1_ResearchEssay_DinesR_31510992_Monday_1030am
TLC220_2014_S1_ResearchEssay_DinesR_31510992_Monday_1030am
Rod Dines
 
Information Security – Review Of 2008 And 2009 97 2003
Information Security – Review Of 2008 And 2009 97 2003Information Security – Review Of 2008 And 2009 97 2003
Information Security – Review Of 2008 And 2009 97 2003
Graeme Payne
 
Volume2 chapter1 security
Volume2 chapter1 securityVolume2 chapter1 security
Volume2 chapter1 security
at MicroFocus Italy ❖✔
 
Marriage of Cyber Security with Emergency Management -- Action Plan
Marriage of Cyber Security with Emergency Management -- Action PlanMarriage of Cyber Security with Emergency Management -- Action Plan
Marriage of Cyber Security with Emergency Management -- Action Plan
David Sweigert
 
From Social Media Chaos to Social Business Security - Geneva 2014
From Social Media Chaos to Social Business Security - Geneva 2014From Social Media Chaos to Social Business Security - Geneva 2014
From Social Media Chaos to Social Business Security - Geneva 2014
iDIALOGHI
 
Cyber intelligence sharing and protect act research
Cyber intelligence sharing and protect act researchCyber intelligence sharing and protect act research
Cyber intelligence sharing and protect act research
LaVerne Kemp
 
Cyber intelligence sharing and protection act research
Cyber intelligence sharing and protection act researchCyber intelligence sharing and protection act research
Cyber intelligence sharing and protection act research
LaVerne Kemp
 
Cybersecurity Context in African Continent - Way Forward
Cybersecurity Context in African Continent - Way ForwardCybersecurity Context in African Continent - Way Forward
Cybersecurity Context in African Continent - Way Forward
Gokul Alex
 
RESEARCH PAPER
RESEARCH PAPERRESEARCH PAPER
RESEARCH PAPER
Tanvi Jindal
 
Cyber Security Conference - Trustworthy computing cybersecurity white paper
Cyber Security Conference - Trustworthy computing cybersecurity white paperCyber Security Conference - Trustworthy computing cybersecurity white paper
Cyber Security Conference - Trustworthy computing cybersecurity white paper
Microsoft
 
Delusions of-safety-cyber-savvy-ceo
Delusions of-safety-cyber-savvy-ceoDelusions of-safety-cyber-savvy-ceo
Delusions of-safety-cyber-savvy-ceo
Cyber Threat Intelligence Network
 

More Related Content

What's hot

Cisco 2013 Annual Security Report
Cisco 2013 Annual Security ReportCisco 2013 Annual Security Report
Cisco 2013 Annual Security Report
Kim Jensen
 
Cybersecurity report
Cybersecurity reportCybersecurity report
Cybersecurity report
Kevin Leffew
 
L479096.pdf
L479096.pdfL479096.pdf
L479096.pdf
American Research Journal of Humanities & Social Science
 
WSIS10 Action Line C5 Building Confidence and Security in the use of ICT's
WSIS10 Action Line C5 Building Confidence and Security in the use of ICT'sWSIS10 Action Line C5 Building Confidence and Security in the use of ICT's
WSIS10 Action Line C5 Building Confidence and Security in the use of ICT's
Dr Lendy Spires
 
Bc Digital Business Ecosystems 20081012
Bc Digital Business Ecosystems 20081012Bc Digital Business Ecosystems 20081012
Bc Digital Business Ecosystems 20081012
Esa Blomberg
 
Why the Private Sector is Key to Cyber Defence
Why the Private Sector is Key to Cyber DefenceWhy the Private Sector is Key to Cyber Defence
Why the Private Sector is Key to Cyber Defence
Gareth Niblett
 
Internet Safety
Internet SafetyInternet Safety
Internet Safety
Charles Mok
 
DBryant-Cybersecurity Challenge
DBryant-Cybersecurity ChallengeDBryant-Cybersecurity Challenge
DBryant-Cybersecurity Challenge
msdee3362
 
Government and Enterprise Collaboration in Cybersecurity
Government and Enterprise Collaboration in CybersecurityGovernment and Enterprise Collaboration in Cybersecurity
Government and Enterprise Collaboration in Cybersecurity
Charles Mok
 
Nimesh cultural studies technoculture and risks 222222222
Nimesh cultural studies technoculture and risks 222222222Nimesh cultural studies technoculture and risks 222222222
Nimesh cultural studies technoculture and risks 222222222
Dave Nimesh B
 
Improve Public Safety
Improve Public SafetyImprove Public Safety
Improve Public Safety
estotts75
 
TLC220_2014_S1_ResearchEssay_DinesR_31510992_Monday_1030am
TLC220_2014_S1_ResearchEssay_DinesR_31510992_Monday_1030amTLC220_2014_S1_ResearchEssay_DinesR_31510992_Monday_1030am
TLC220_2014_S1_ResearchEssay_DinesR_31510992_Monday_1030am
Rod Dines
 
Information Security – Review Of 2008 And 2009 97 2003
Information Security – Review Of 2008 And 2009 97 2003Information Security – Review Of 2008 And 2009 97 2003
Information Security – Review Of 2008 And 2009 97 2003
Graeme Payne
 
Volume2 chapter1 security
Volume2 chapter1 securityVolume2 chapter1 security
Volume2 chapter1 security
at MicroFocus Italy ❖✔
 
Marriage of Cyber Security with Emergency Management -- Action Plan
Marriage of Cyber Security with Emergency Management -- Action PlanMarriage of Cyber Security with Emergency Management -- Action Plan
Marriage of Cyber Security with Emergency Management -- Action Plan
David Sweigert
 
From Social Media Chaos to Social Business Security - Geneva 2014
From Social Media Chaos to Social Business Security - Geneva 2014From Social Media Chaos to Social Business Security - Geneva 2014
From Social Media Chaos to Social Business Security - Geneva 2014
iDIALOGHI
 
Cyber intelligence sharing and protect act research
Cyber intelligence sharing and protect act researchCyber intelligence sharing and protect act research
Cyber intelligence sharing and protect act research
LaVerne Kemp
 
Cyber intelligence sharing and protection act research
Cyber intelligence sharing and protection act researchCyber intelligence sharing and protection act research
Cyber intelligence sharing and protection act research
LaVerne Kemp
 
Cybersecurity Context in African Continent - Way Forward
Cybersecurity Context in African Continent - Way ForwardCybersecurity Context in African Continent - Way Forward
Cybersecurity Context in African Continent - Way Forward
Gokul Alex
 
RESEARCH PAPER
RESEARCH PAPERRESEARCH PAPER
RESEARCH PAPER
Tanvi Jindal
 

What's hot (20)

Cisco 2013 Annual Security Report
Cisco 2013 Annual Security ReportCisco 2013 Annual Security Report
Cisco 2013 Annual Security Report
 
Cybersecurity report
Cybersecurity reportCybersecurity report
Cybersecurity report
 
L479096.pdf
L479096.pdfL479096.pdf
L479096.pdf
 
WSIS10 Action Line C5 Building Confidence and Security in the use of ICT's
WSIS10 Action Line C5 Building Confidence and Security in the use of ICT'sWSIS10 Action Line C5 Building Confidence and Security in the use of ICT's
WSIS10 Action Line C5 Building Confidence and Security in the use of ICT's
 
Bc Digital Business Ecosystems 20081012
Bc Digital Business Ecosystems 20081012Bc Digital Business Ecosystems 20081012
Bc Digital Business Ecosystems 20081012
 
Why the Private Sector is Key to Cyber Defence
Why the Private Sector is Key to Cyber DefenceWhy the Private Sector is Key to Cyber Defence
Why the Private Sector is Key to Cyber Defence
 
Internet Safety
Internet SafetyInternet Safety
Internet Safety
 
DBryant-Cybersecurity Challenge
DBryant-Cybersecurity ChallengeDBryant-Cybersecurity Challenge
DBryant-Cybersecurity Challenge
 
Government and Enterprise Collaboration in Cybersecurity
Government and Enterprise Collaboration in CybersecurityGovernment and Enterprise Collaboration in Cybersecurity
Government and Enterprise Collaboration in Cybersecurity
 
Nimesh cultural studies technoculture and risks 222222222
Nimesh cultural studies technoculture and risks 222222222Nimesh cultural studies technoculture and risks 222222222
Nimesh cultural studies technoculture and risks 222222222
 
Improve Public Safety
Improve Public SafetyImprove Public Safety
Improve Public Safety
 
TLC220_2014_S1_ResearchEssay_DinesR_31510992_Monday_1030am
TLC220_2014_S1_ResearchEssay_DinesR_31510992_Monday_1030amTLC220_2014_S1_ResearchEssay_DinesR_31510992_Monday_1030am
TLC220_2014_S1_ResearchEssay_DinesR_31510992_Monday_1030am
 
Information Security – Review Of 2008 And 2009 97 2003
Information Security – Review Of 2008 And 2009 97 2003Information Security – Review Of 2008 And 2009 97 2003
Information Security – Review Of 2008 And 2009 97 2003
 
Volume2 chapter1 security
Volume2 chapter1 securityVolume2 chapter1 security
Volume2 chapter1 security
 
Marriage of Cyber Security with Emergency Management -- Action Plan
Marriage of Cyber Security with Emergency Management -- Action PlanMarriage of Cyber Security with Emergency Management -- Action Plan
Marriage of Cyber Security with Emergency Management -- Action Plan
 
From Social Media Chaos to Social Business Security - Geneva 2014
From Social Media Chaos to Social Business Security - Geneva 2014From Social Media Chaos to Social Business Security - Geneva 2014
From Social Media Chaos to Social Business Security - Geneva 2014
 
Cyber intelligence sharing and protect act research
Cyber intelligence sharing and protect act researchCyber intelligence sharing and protect act research
Cyber intelligence sharing and protect act research
 
Cyber intelligence sharing and protection act research
Cyber intelligence sharing and protection act researchCyber intelligence sharing and protection act research
Cyber intelligence sharing and protection act research
 
Cybersecurity Context in African Continent - Way Forward
Cybersecurity Context in African Continent - Way ForwardCybersecurity Context in African Continent - Way Forward
Cybersecurity Context in African Continent - Way Forward
 
RESEARCH PAPER
RESEARCH PAPERRESEARCH PAPER
RESEARCH PAPER
 

Similar to CSCoE ASIS v2

Cyber Security Conference - Trustworthy computing cybersecurity white paper
Cyber Security Conference - Trustworthy computing cybersecurity white paperCyber Security Conference - Trustworthy computing cybersecurity white paper
Cyber Security Conference - Trustworthy computing cybersecurity white paper
Microsoft
 
Delusions of-safety-cyber-savvy-ceo
Delusions of-safety-cyber-savvy-ceoDelusions of-safety-cyber-savvy-ceo
Delusions of-safety-cyber-savvy-ceo
Cyber Threat Intelligence Network
 
Cyber savvy (2)
Cyber savvy (2)Cyber savvy (2)
Cyber savvy (2)
naveen p
 
Improved-Cybersecurity-cooperation
Improved-Cybersecurity-cooperationImproved-Cybersecurity-cooperation
Improved-Cybersecurity-cooperation
rrepko
 
Delusions of-safety-cyber-savvy-ceo
Delusions of-safety-cyber-savvy-ceoDelusions of-safety-cyber-savvy-ceo
Delusions of-safety-cyber-savvy-ceo
João Rufino de Sales
 
The National Cyber Security Strategy: Success Through Cooperation
The National Cyber Security Strategy: Success Through CooperationThe National Cyber Security Strategy: Success Through Cooperation
The National Cyber Security Strategy: Success Through Cooperation
Mark Johnson
 
REPORT Risk Nexus - Global Cyber Governance: Preparing for New Business Risks
REPORT Risk Nexus - Global Cyber Governance: Preparing for New Business Risks REPORT Risk Nexus - Global Cyber Governance: Preparing for New Business Risks
REPORT Risk Nexus - Global Cyber Governance: Preparing for New Business Risks
ESADE
 
Wef risk responsibility_hyperconnectedworld_report_2014
Wef risk responsibility_hyperconnectedworld_report_2014Wef risk responsibility_hyperconnectedworld_report_2014
Wef risk responsibility_hyperconnectedworld_report_2014
Silvia Cardona
 
Olaf Kolkman - FIRST Keynote on Collaborative Security
Olaf Kolkman - FIRST Keynote on Collaborative SecurityOlaf Kolkman - FIRST Keynote on Collaborative Security
Olaf Kolkman - FIRST Keynote on Collaborative Security
Internet Technology Matters (Internet Society)
 
Input on threat images against information society
Input on threat images against information societyInput on threat images against information society
Input on threat images against information society
Somerco Research
 
Analyzing the WEF’s 2024 Cybersecurity Report- Insights for Tackling Cyber In...
Analyzing the WEF’s 2024 Cybersecurity Report- Insights for Tackling Cyber In...Analyzing the WEF’s 2024 Cybersecurity Report- Insights for Tackling Cyber In...
Analyzing the WEF’s 2024 Cybersecurity Report- Insights for Tackling Cyber In...
tonyStark925586
 
BT Cloud Security Whitepaper
BT Cloud Security WhitepaperBT Cloud Security Whitepaper
BT Cloud Security Whitepaper
Dean Bonehill ♠Technology for Business♠
 
Cybersecurity: Protecting Local Government Digital Resources Report
Cybersecurity: Protecting Local Government Digital Resources ReportCybersecurity: Protecting Local Government Digital Resources Report
Cybersecurity: Protecting Local Government Digital Resources Report
Samantha Wagner
 
Enterprise Cyber Security 2016
Enterprise Cyber Security 2016Enterprise Cyber Security 2016
Enterprise Cyber Security 2016
Supply Chain Coalition
 
Cyber Security Conference - Msps cybersecurity whitepaper
Cyber Security Conference - Msps cybersecurity whitepaperCyber Security Conference - Msps cybersecurity whitepaper
Cyber Security Conference - Msps cybersecurity whitepaper
Microsoft
 
Guideline Thailand Cybersecure Strate Digital Economy
Guideline Thailand Cybersecure Strate Digital EconomyGuideline Thailand Cybersecure Strate Digital Economy
Guideline Thailand Cybersecure Strate Digital Economy
Settapong_CyberSecurity
 
MDDR_FINAL_2023_1004_Comprehensive and full
MDDR_FINAL_2023_1004_Comprehensive and fullMDDR_FINAL_2023_1004_Comprehensive and full
MDDR_FINAL_2023_1004_Comprehensive and full
haris21044
 
Towards a Future Internet workshop
Towards a Future Internet workshopTowards a Future Internet workshop
Towards a Future Internet workshop
blogzilla
 
Cybersecurity Business Risk, Literature Review
Cybersecurity Business Risk, Literature ReviewCybersecurity Business Risk, Literature Review
Cybersecurity Business Risk, Literature Review
Enow Eyong
 
Cyber Security For Businesses
Cyber Security For BusinessesCyber Security For Businesses
Cyber Security For Businesses
Parliamentary Yearbook
 

Similar to CSCoE ASIS v2 (20)

Cyber Security Conference - Trustworthy computing cybersecurity white paper
Cyber Security Conference - Trustworthy computing cybersecurity white paperCyber Security Conference - Trustworthy computing cybersecurity white paper
Cyber Security Conference - Trustworthy computing cybersecurity white paper
 
Delusions of-safety-cyber-savvy-ceo
Delusions of-safety-cyber-savvy-ceoDelusions of-safety-cyber-savvy-ceo
Delusions of-safety-cyber-savvy-ceo
 
Cyber savvy (2)
Cyber savvy (2)Cyber savvy (2)
Cyber savvy (2)
 
Improved-Cybersecurity-cooperation
Improved-Cybersecurity-cooperationImproved-Cybersecurity-cooperation
Improved-Cybersecurity-cooperation
 
Delusions of-safety-cyber-savvy-ceo
Delusions of-safety-cyber-savvy-ceoDelusions of-safety-cyber-savvy-ceo
Delusions of-safety-cyber-savvy-ceo
 
The National Cyber Security Strategy: Success Through Cooperation
The National Cyber Security Strategy: Success Through CooperationThe National Cyber Security Strategy: Success Through Cooperation
The National Cyber Security Strategy: Success Through Cooperation
 
REPORT Risk Nexus - Global Cyber Governance: Preparing for New Business Risks
REPORT Risk Nexus - Global Cyber Governance: Preparing for New Business Risks REPORT Risk Nexus - Global Cyber Governance: Preparing for New Business Risks
REPORT Risk Nexus - Global Cyber Governance: Preparing for New Business Risks
 
Wef risk responsibility_hyperconnectedworld_report_2014
Wef risk responsibility_hyperconnectedworld_report_2014Wef risk responsibility_hyperconnectedworld_report_2014
Wef risk responsibility_hyperconnectedworld_report_2014
 
Olaf Kolkman - FIRST Keynote on Collaborative Security
Olaf Kolkman - FIRST Keynote on Collaborative SecurityOlaf Kolkman - FIRST Keynote on Collaborative Security
Olaf Kolkman - FIRST Keynote on Collaborative Security
 
Input on threat images against information society
Input on threat images against information societyInput on threat images against information society
Input on threat images against information society
 
Analyzing the WEF’s 2024 Cybersecurity Report- Insights for Tackling Cyber In...
Analyzing the WEF’s 2024 Cybersecurity Report- Insights for Tackling Cyber In...Analyzing the WEF’s 2024 Cybersecurity Report- Insights for Tackling Cyber In...
Analyzing the WEF’s 2024 Cybersecurity Report- Insights for Tackling Cyber In...
 
BT Cloud Security Whitepaper
BT Cloud Security WhitepaperBT Cloud Security Whitepaper
BT Cloud Security Whitepaper
 
Cybersecurity: Protecting Local Government Digital Resources Report
Cybersecurity: Protecting Local Government Digital Resources ReportCybersecurity: Protecting Local Government Digital Resources Report
Cybersecurity: Protecting Local Government Digital Resources Report
 
Enterprise Cyber Security 2016
Enterprise Cyber Security 2016Enterprise Cyber Security 2016
Enterprise Cyber Security 2016
 
Cyber Security Conference - Msps cybersecurity whitepaper
Cyber Security Conference - Msps cybersecurity whitepaperCyber Security Conference - Msps cybersecurity whitepaper
Cyber Security Conference - Msps cybersecurity whitepaper
 
Guideline Thailand Cybersecure Strate Digital Economy
Guideline Thailand Cybersecure Strate Digital EconomyGuideline Thailand Cybersecure Strate Digital Economy
Guideline Thailand Cybersecure Strate Digital Economy
 
MDDR_FINAL_2023_1004_Comprehensive and full
MDDR_FINAL_2023_1004_Comprehensive and fullMDDR_FINAL_2023_1004_Comprehensive and full
MDDR_FINAL_2023_1004_Comprehensive and full
 
Towards a Future Internet workshop
Towards a Future Internet workshopTowards a Future Internet workshop
Towards a Future Internet workshop
 
Cybersecurity Business Risk, Literature Review
Cybersecurity Business Risk, Literature ReviewCybersecurity Business Risk, Literature Review
Cybersecurity Business Risk, Literature Review
 
Cyber Security For Businesses
Cyber Security For BusinessesCyber Security For Businesses
Cyber Security For Businesses
 

CSCoE ASIS v2

  • 1. Booz & Company This document is confidential and is intended solely for the use and information of the client to whom it is addressed. Developing a Security Megacommunity Case Study for the development of an International Cyber Security Initiative ASIS European Security Conference Lisbon, 19th April 2009
  • 2. NCEMABooz & Company DATE 2 The world that we operate in is increasingly globalized and interconnected -- requiring new approaches also for Security  Our world today is driven by a constantly evolving set of security threats, with terrorist groups, health epidemics, natural disasters and financial shocks conspiring, individually and collectively, to disrupt global markets, incite conflict, reduce prosperity, and impact our basic security.  These issues that threaten national, homeland and economic security are increasingly dangerous due to the unprecedented integration of the international economy – and the modern technologies that both link geographically dispersed populations and simultaneously enable their destabilization.  Our increasingly globalized and interconnected world is creating issues that are too large for any one authority to solve alone – the situation calls for a new type of tri-sector leadership in which business, government and nonprofits work together in a state of permanent negotiation.  To be effective, tomorrow’s leaders will need to reach across traditional sector divisions to form a collaborative “megacommunity.” A common question emerges: How can leaders confront these challenges? A common question emerges: How can leaders confront these challenges?
  • 3. NCEMABooz & Company DATE 3 The Megacommunity thinking recognizes the necessity of business, government, and civil society in working together on issues … A Megacommunity is a collaborative socio- economic environment in which business, government, and civil society interact according to their common interests, while maintaining their unique priorities  Tri-Sector Engagement  Overlapping Vital Interests  Convergence  Structure  Adaptability Levers of Influence Levers of Influence Levers of Influence MEGA- COMMUNITY CIVILSOCIETY BUSINESS GOVERNMENT A megacommunity relies on the dynamic tension that exists among all three sectors – each sector uses its levers of influence to interact with the other sectors to solve a mutually recognized problem
  • 4. NCEMABooz & Company DATE 4  A Megacommunity is the space in which complex problems exist, and are addressed  A Megacommunity is a lens in which to examine a complex problem in a new way  Megacommunities are determined by the existence of tri-sector engagement and an overlap in common interest  The objective for each organization operating in a Megacommunity is achieved by: – Optimizing its interests instead of maximizing, all participants gain – Operating in a Megacommunity is not a zero-sum game  For clarification, a Megacommunity is not: – another name for corporate social responsibility or philanthropy – another international/intergovernmental forum (e.g., The World Economic Forum) – a really big community of interest – a collection of like-minded actors – an advanced form of public-private partnerships … providing a fresh solutions-oriented perspective to address seemingly intractable problems … To be published by Palgrave Macmillan in March 2008
  • 5. NCEMABooz & Company DATE 5 …and shifts the way organizations need to approach problems in a complex, interconnected environment  Organizations from the public, private and civil sectors deliberately join together around a compelling issue of mutual importance  Participants remain independent but their common interest compels them to work together  Participants benefit from shared capabilities  Leaders are engaged and implement a common set of practices and principles that influence organizations other than their own to achieve results  Participants focus on relationships and listen to other perspectives in order to reach a common goal  View problems and potential solutions from the perspective of a single organization, not taking account diverse stakeholders  Collaborate only to maximize objectives for an individual organization  Leaders create operating principles exclusively tailored to and used in their own organization  A limited degree of openness, trust and collaboration between organizations with disparate objectives Megacommunity ApproachTraditional Approach
  • 6. NCEMABooz & Company DATE 6 This approach can be applied to the cyber security challenge 1) Internet crime complaint center (I3C) Report 2008; Booz & Co. Analysis Cyber Threats can have a dramatic impact on our Society All Critical services (energy, transportation, government, etc) depend on Digital Infrastructure, that could be compromised causing severe impact on our society  Cyber Crime is on the rise (US$ 1,4 billion per year (1) )  New threats scenarios are quickly emerging thanks to new “Web” cooperation models  Potential impact is rapidly increasing due to digitalization of vital information and activities  Cyberwar is an emerging scenario: (Estonia 2007, Georgia 2008) and Massive Attacks (Italy 2007)  US Cyber Consequences Unit estimates that a 10 days attack to the US Internet Infrastructure could have an impact of 70% of US GDP Challenges  Move away from a purely technical view towards a global shared approach with Political Vision, Strategy, Policies and Standards  Develop higher coordination and governance  Cyber Security requires advanced cooperation models focused on Research and Information Exchange  There is big gap of specialized capabilities, innovative research, skills and knowledge development  Problem set is full of hidden interdependencies
  • 7. NCEMABooz & Company DATE 7 Governments are starting to put their weight behind the problem "I believe Europe must do more for the security of its communication networks. Europe needs a security tsar with authority to act immediately if a cyber attack is underway, a Cyber Cop in charge of the coordination of our forces and of developing tactical plans to improve our level of resilience.“ Viviane Reding, Commissioner, EC Directorate General for Information Society and Media, April 2009 Examples of Recent National Cyber Security Initiatives "Cyberspace is real, and so are the risks that come with it. This is a matter of public safety and national security. We know that cyber intruders have probed our electrical grid and that in other countries cyber attacks have plunged entire cities into darkness. In short, America's economic prosperity in the 21st century will depend on cyber security. ” Barack Obama, President, United States of America, May 2009 Australian Government Cyber Security Strategy 2009 UK Government Cyber Security Strategy 2009 US Government Cyber Security Policy Review 2009 French White paper on Defence and National Security 2009 Estonian Cyber Security Strategy 2008
  • 8. Prepared for client nameCSCoE ASIS v2.pptBooz & Company DATE 8 A Cyber Security Megacommunity Case Study
  • 9. NCEMABooz & Company DATE 9 In the last year we have been working for the creation of a cyber security megacommunity through 2 specific and related initiatives Global Cyber Security Center (GCSC)  MOU signed on 30th June 2009  Founders: US Secret Service, Italian Police and Poste Italiane  Objectives: develop a European Electronic Crime Task Force  Voluntary basis  Infosharing on cyber crime European Electronic Crime Task ForceLevers of Influence Levers of Influence Levers of Influence MEGA- COMMUNITY CIVILSOCIETY BUSINESS GOVERNMENT  Objectives: develop an international cyber security center  Location: Rome  Membership basis  Non for profit Foundation
  • 10. NCEMABooz & Company DATE 10 The vision for the GCSC defines the ideal state of a digital community and what needs to be done to achieve it International cyber community of people, businesses, and governments… …interacting safely and confidently… …across a shared digital medium Vision  The user base of a global cyber community drives demand and growth of the digital economy  The user base must be safe from threats on the Internet, and they must believe that they are safe and their information / services are not compromised  Since no single entity owns the Internet, multiple international players share the responsibility for managing it properly Components of Vision Reduce the “security divide” by increasing the size of the user base and relative security knowledge Protect the Internet from bad things, and protect people, businesses, and governments from bad things on the Internet International cyber community of people, businesses, and governments interacting safely and confidently across the internet medium Contribute to the cohesiveness and interaction of global task forces protecting the Internet infrastructure. Promote research and knowledge on vulnerabilities and countermeasures. Actions
  • 11. NCEMABooz & Company DATE 11 The design of the Cyber Security CoE has been structured around 5 core area Cyber Security CoE Model - Analyzed Dimensions Operational Model & Activities Partnership Model Funding Model Expected Benefits GCSC Governance & Organization Model 1 23 4 5 1 3 5 4 2  Governance & Organizational Model: – What are the potential legal models that could be adopted for the Cyber Security CoE ? Pros and Cons ? – What would be the core organizational construct ?  Operational Model & Activities: – What will be the reference “megacommunity” that will be managed? – What should be the activities ? What are the required skills ?  Partnership Model: – Who should be the stakeholder group of partners / experts to be involved in activities ? – Which ones are core Vs nice to have ?  Funding Model: – How will the GCSC finance itself ? What sources of funds ? – How much will it need to develop it’s activities and objectives ?  Expected Benefits: – What will be the specific benefits for each stakeholder group ? – How can we measure the results ? Operational Model & Activities All Interrelated !
  • 12. NCEMABooz & Company DATE 12 The GCSC will combine various stakeholders into a shared and organized construct CyberSecurityMegacommunity Private Sector Partners Network of Experts National Institutions International Institutions Academia A strong cooperation and mutual benefit formula is a key success factor for GCSC Operational Model Media
  • 13. NCEMABooz & Company DATE 13 The Centre will perform various core activities … Constant monitoring of developments around cyber security on selected thematic areas. Initiate research activities on selected primary topics. Develop a “living lab” concept. Support to the formulation of selected new policies and harmonization of them between different countries Conduct of highly specialized training, host seminars and other activities Organization, marketing and management of all the CoE communication activities / events of different types The CoE will have to promote information sharing between different actors Training & Skill Development Research and Observatory Information Sharing Communication & Awareness Policy, Standards and International Cooperation Cyber Security Centre of Excellence
  • 14. NCEMABooz & Company DATE 14 … and work on an initial set of core reseach pilars All three topics share the same objective: Securing Internet and Digital Services for Society  Users - New Frontiers of Digital Identity: Digital Identity is a key element of Digital Services. The Centre will work to develop new solutions / best practices to allow citizens and organizations to access Digital Services in full security.  Infrastructure - Internet Infrastructure Security: the Digital Infrastructure vulnerabilities are used to compromise services and attack systems. The Centre will define and test new technologies and approaches to protect Digital Infrastructure (example Naming and Addressing Systems, DNSSec, Internet Routing, etc).  Threat - New approaches to fight Cyber Crime: the evolution of Cyber Crime requires new approaches to fight it. The Centre will work on International Cooperation and Information Exchange, Real Time Monitoring & Analysis, Incident and Crisis Coordination & Cooperation and Digital Live Forensics.
  • 15. NCEMABooz & Company DATE 15 CERT - Information Sharing Cyber Security Lab  Definition – Controlled research and testing environment for tests, proof of concepts, simulations and exercises  Objectives – Provide an international, vendor-neutral environment for cyber security testing and simulation – Lab can be used for Cyber Security exercies  Definition – Support the sharing of information between CERTs, research labs, private companies and government agencies  Objectives – Support the development of Information Sharing capabilities in the International CERT community – Support the improvement of CERT’s Incident Response capabilities Selected Examples Global Incident MapOSF Dataloss DB PREDICT RepositoryDETER Network Security Testbed Additionally the Center will develop also a technology “test lab” and a CERT support center
  • 16. NCEMABooz & Company DATE 16 Poste Italiane, US Secret Service and Italian Postal & Communication Police created on June 30 a “European Electronic Crime Task Force - EECTF” EECTF Founders Main Steps of EECTF Creation  May / June 2009: Poste Italiane decide to create a European Electronic Crime Task Force (modeled to the US ones) and involve two key stakeholders (Italian Communication Police and US Secret Service) that are willing to participate  June 30 2009: Poste Italiane signs together with the US Secret Service and Italian Postal & Communication Police a “Memorandum of Understanding” to establish a European Electronic Crime Task Force  September 2009: founders define EECTF governance model and start to organize first “launch” meeting for March 2009  March 16th 2010: first ECTF meeting with more than 40 European organizations involved, including various law enforcement agencies, financial institutions and speakers from US Secret Service, Italian Police and Poste Italiane. European Electronic Crime Task Force
  • 17. NCEMABooz & Company DATE 17 Lesssons Learnt  You must have an overall impelling need which cannot be solved by a single entity  You need a passionate and visionary leader (s)  You need to understand specific value drivers of different stakeholders  You need strong cultural change to overcome natural barriers - nothing is for granted (!)  You need a clear agenda and financing  You need to focus on the key partnerships rather than technical specifics  Have clear “business plan” and governance model  Be flexible, flexible and again flexible