3-Day Master Class given at the University of Technology (UTECH) Kingston, Jamaica - 13th to 15th September 2010 - in Partnership with the UN/ITU Centres of Excellence Network for the Caribbean Region - International Telecommunications Union - Global Cybersecurity Agenda.
National Cybersecurity - Roadmap and Action PlanDr David Probert
Analysis, strategies and practical action plans for National Government Cybersecurity based upon the United Nations - International Telecommunications Union - UN/ITU Cybersecurity Framework and their Global Cybersecurity Agenda - GCA.
Cybersecurity Technologies, Standards and OperationsDr David Probert
2-Day Cybersecurity Master Class given at the University of Technology (UTECH), Kingston, Jamaica - 16th-17th September 2010 - in partnership with the UN/ITU Excellence Network in the Caribbean Region. These lectures are more technical than those in the more general 3-Day Cybersecurity Master Class that we held on 13th to 15th September. Topics covered include ITU, NIST, IEEE and ISO/IEC Standards. Setting up and running CERTs/CSIRTS - Computer Emergency Response Team - and Business Continuity.
UN/ITU - Organisational Structures and Incident Management - CybersecurityDr David Probert
In-Depth Presentation for the Cybersecurity Workshop that was Jointly Organised by the UN/ITU and CITEL in Salta City, Argentina - November 2010. The presentation focuses on the implementation of the recommended UN/ITU (International Telecommunications Union) Global Cybersecurity Agenda and the importance of CERTs (Computer Emergency Response Teams)
Cybersecurity for Critical National InfrastructureDr David Probert
Presentation focuses on National Cybersecurity Strategies, Models and Plans. These include the well known UN/ITU - International Telecommunication Union Strategy Guidelines which were updated this year. The talk includes the authors security missions to Armenia and Georgia as well as industrial ICS/SCADA security and the critical info sectors. We briefly review national cybersecurity legislation as well as standards and cyber skills requirements. We wrap up with a cyber "Shopping List" , Business Action Plan & Conceptual RoadMap. This presentation was given on the 6th November 2018 at the 38th East-West Security Conference in Nice, France! Enjoy!
We compare the challenge of the current COVID-19 Bio-Pandemic with the potential of Global Cyber-Pandemic during the coming decade! Bio-Events are Spatial whilst Cyber-Events are Temporal & require "Defence in Time" We speculate on the emergence of "Silicon Life" and the possibility of autonomous cyber-attacks by networks of AI-Bots & Drone Swarms upon Critical National Infrastructure. The paper assumes some understanding of Artificial Intelligence, Machine Learning and Cybersecurity. Enjoy!
Integrated Cybersecurity and the Internet of ThingsDr David Probert
Presentation given in Madrid at the East-West International Security Conference - October 2015. The topics include Integrated Cybersecurity and Physical Security as well as developments in the Internet of Things. The talk discusses models, architectures and standards for the IoT as well as a survey of some EU work under the IERC Programme. Finally the talk makes suggestions for actions by Chief Security Officers (CSOs) to prepare themselves for IoT Security. It is recommended that CSOs review the security for ALL their legacy networked devices to mitigate the risks of cyber attacks. The talk was given by Dr David Eric Probert on 27th October 2015 at the Security Conference Venue - Melia Galgos Hotel - Madrid, Spain.
National Cybersecurity - Roadmap and Action PlanDr David Probert
Analysis, strategies and practical action plans for National Government Cybersecurity based upon the United Nations - International Telecommunications Union - UN/ITU Cybersecurity Framework and their Global Cybersecurity Agenda - GCA.
Cybersecurity Technologies, Standards and OperationsDr David Probert
2-Day Cybersecurity Master Class given at the University of Technology (UTECH), Kingston, Jamaica - 16th-17th September 2010 - in partnership with the UN/ITU Excellence Network in the Caribbean Region. These lectures are more technical than those in the more general 3-Day Cybersecurity Master Class that we held on 13th to 15th September. Topics covered include ITU, NIST, IEEE and ISO/IEC Standards. Setting up and running CERTs/CSIRTS - Computer Emergency Response Team - and Business Continuity.
UN/ITU - Organisational Structures and Incident Management - CybersecurityDr David Probert
In-Depth Presentation for the Cybersecurity Workshop that was Jointly Organised by the UN/ITU and CITEL in Salta City, Argentina - November 2010. The presentation focuses on the implementation of the recommended UN/ITU (International Telecommunications Union) Global Cybersecurity Agenda and the importance of CERTs (Computer Emergency Response Teams)
Cybersecurity for Critical National InfrastructureDr David Probert
Presentation focuses on National Cybersecurity Strategies, Models and Plans. These include the well known UN/ITU - International Telecommunication Union Strategy Guidelines which were updated this year. The talk includes the authors security missions to Armenia and Georgia as well as industrial ICS/SCADA security and the critical info sectors. We briefly review national cybersecurity legislation as well as standards and cyber skills requirements. We wrap up with a cyber "Shopping List" , Business Action Plan & Conceptual RoadMap. This presentation was given on the 6th November 2018 at the 38th East-West Security Conference in Nice, France! Enjoy!
We compare the challenge of the current COVID-19 Bio-Pandemic with the potential of Global Cyber-Pandemic during the coming decade! Bio-Events are Spatial whilst Cyber-Events are Temporal & require "Defence in Time" We speculate on the emergence of "Silicon Life" and the possibility of autonomous cyber-attacks by networks of AI-Bots & Drone Swarms upon Critical National Infrastructure. The paper assumes some understanding of Artificial Intelligence, Machine Learning and Cybersecurity. Enjoy!
Integrated Cybersecurity and the Internet of ThingsDr David Probert
Presentation given in Madrid at the East-West International Security Conference - October 2015. The topics include Integrated Cybersecurity and Physical Security as well as developments in the Internet of Things. The talk discusses models, architectures and standards for the IoT as well as a survey of some EU work under the IERC Programme. Finally the talk makes suggestions for actions by Chief Security Officers (CSOs) to prepare themselves for IoT Security. It is recommended that CSOs review the security for ALL their legacy networked devices to mitigate the risks of cyber attacks. The talk was given by Dr David Eric Probert on 27th October 2015 at the Security Conference Venue - Melia Galgos Hotel - Madrid, Spain.
Cyber Vardzia - Integrated Physical and Cyber Security Systems for GeorgiaDr David Probert
Invited Presentation at the 3rd Georgian IT Innovation & Cybersecurity Conference (GITI) in Tbilisi, Georgia. The presentation focus upon the urgent need to integrate physical and cyber security within a single management team headed by a Chief Security Officer (CSO). The title references - Vardzia - which was a Medieval Georgian Cave Fortress that had extensive physical security and withstood attacks from invaders for many years.
CyberVision: 2020 to 2030 - Your 21stC Cybersecurity Toolkit!Dr David Probert
This presentation provides a personal vision of cybersecurity trends for the coming 10 years and beyond! We begin with some historical relics and the discovery of the Antikythera Mechanism almost 2000 years ago (Cyber Year ZERO!). We rapidly move to our cyber society - 2018 - and some recent massive cyber hacks & attacks related both to cybercrime, cyberterror and emerging cyber and information warfare. We briefly discuss the TOP 10 Cyber attack and means of defence. These include Advanced Persistent Threat (APT), Stealth Monitoring, Toxic eMail, Custom Bots (Stuxnet), DDoS, Ransomware and Toxic Cookies/Proxy & DNS Hacks & Attacks. After briefing exploring Blockchains, "Internet of Things" & Integrated Security Dashboards we present a sequence of cyber scenarios for 2019 (Self-Adaptive), 2020 (Self-Learning), 2025 (Cyber Intelligent) and 2040 (Neural Security). We provide examples of cyber tools already available that deploy machine learning, AI and Deep Learning to protect business and governments around the world. We provide some warnings from the late Stephen Hawking on both the risks and rewards or the widespread deployment of artificial intelligence based solutions in both business, government & open society! Finally we wrap up with a quick review of future cyber tools and suggestions for your own Business Action Plan & RoadMap! Enjoy!
CyberTerror-CyberCrime-CyberWar! - Crucial Role of CyberSecurity in "War on T...Dr David Probert
Now we see the evolution of Hybrid Warfare, Cybercrime and Terrorism. To mitigate to Terror Attacks we urgently need to integrate Real-Time Cybersecurity Solutions with Physical Surveillance in Business, Campus, Cities And Nationwide! In this presentation we discuss both Historic & Current Cyber Threats and practical options to minimise the risks of future Terror Attacks through Integrated Physical-Cybersecurity Solutions. We briefly review the United Nations/ITU, NATO and NIST Cybersecurity Frameworks, and the threats on Critical National Information Infrastructure. Finally we suggest the TOP Actions for Chief Security Officers (CSO) to mitigate Attacks within their own Security Operations. This invited presentation was given @ the International East-West Security Conference at the Marriott Courtyard Hotel in Prague - June 2016.
Energising Cybersecurity with Biometrics & Digital ForensicsDr David Probert
Fighting Cybercrime and Cyberterror requires Business & Government to integrate Biometrics (Pre-Attack) and Digital Forensics (Post-Attack) in order to both mitigate & diagnose attack vectors. This presentation was given @ the East-West International Security Conference in Prague - June 2016. It includes a 25 year Cyber Vision of Future Adaptive, Intelligent & Neural Cybersecurity Tools. These will be based upon Artificial Intelligence, Machine Learning & Adaptive Behavioural Analytics. The advance of Hybrid Cybercrime, Cyberwar & Cyberterror require all Businesses & Government Agencies to seriously consider the deployment of Intelligent Cybersecurity Solutions with Biometrics & Digital Forensics during next 10 years!
Effective CyberSecurity for the 2020s - Intelligent Analytics & Modelling Dr David Probert
This invited presentation was given at the International East-West Security Conference on the 4th June in Naples, Italy. The talk begins with a review of the current Cyber Society including the topics of CyberCrime, CyberTerror & CyberWar. We include a quick review of the extremely useful national cybersecurity strategy guides developed by the UN/ITU (United Nations - International telecommunications Union) during the last 10 years. We then progress to review the Top 10 Cyber Threats & Attacks including DDOS, SQL Injection, Ransomware, APT - Advanced Persistent Attack, Custom Torjan "Bots", Classic Malware, & Toxic Cookies, DNS & Proxy Diversion Attacks, We provide numerous examples of some recent devastating cyber attacks across market sectors such as Banking, Airllines, Shipping, Healthcare & Government. We the proceed to review future cyber scenarios - 2019 (Integrated Security), 2020(Self-Adaptive Security), 2022 (Self-Learning), 2025 (Cyber-Intelligent) & way into the future - 2040 (Neural Security). Once again we provide many examples of Cyber Solutions & Toolkits that are available today for implmentation. Many Cyber tools already embed AI & Deep Learning Algorithms which can help mitigate zero-day attacks and most other cyber stealth & malware attacks including DDoS, APT, SQL & Ransomware. We conclude, as usual, with suggestions for how YOUR Business can review, audit and upgrade to boost cyber resilience! Enjoy!
Upgrading Industrial CyberSecurity & Security Critical National InfrastructureDr David Probert
Invited talk at the 40th International East-West Security Conference @ Hilton Hotel - Malta on Upgrading Industrial CyberSecurity. The talk focuses on the Industrial Internet of Things (IIoT) and specifically on ICS/SCADA systems - Industrial Control Systems and Supervisory Control and Data Acquisition. These legacy systems are often not well secured and open to a wide range of Cyber Threats & Attacks. Examples are given on some recent attacks including DDoS and Ransomware in Trans-National Industrial Enterprises.The talk covers the integration of physical & cyber security as well as the problem of counterfeit electronic parts & components within the industrial value-chain. We explore the issue of industrial espionage & surveillance including video & satellite images that may be used by the "bad guys" when researching economic, political or terror attacks on critical infrastructure. We explore the risks within the energy sector such as civilian nuclear power plants & industrial metal smelting works. We wrap-up by recommending 10 ways to secure your industrial enterprise & the paths to developing your Smart Security Business Plan. The author has worked in the field of CyberSecurity / InfoSec for 25 years since Summer 1994. He has also worked in AI/Machine Learning for more than 40 years since completing the 1st Doctorate in Stochastic Machine Learning @ the Cambridge University Statistical Laboratory in June 1976.
Intelligent Cyber Surveillance: AI Video Analytics & Biometrics!Dr David Probert
This presentation discusses recent trends in cyber surveillance to combat increasing cybercrime, cyberterrorism and the advent of cyberwarfare! We begin by reviewing the convergence of physical & cybersecurity before moving to recent tragic events in urban terrorism, We discuss the ways in which "crowded place" such as stadiums, transport hubs, resorts and malls may be more fully secured against cyberterrorists, We then review trends in advanced AI - artificial intelligence - based video analytics & biometric which are now a key component in business & government cyber toolkit! We provide a short review of cyber sector sector before providing some 7 year cyber trends towards the year 2025. The presentation wraps up with your TOP 3 Actions and a suggested Cyber Shopping List for your Business! Enjoy!
Cybersecurity Trends and CyberVision : 2015 - 2025Dr David Probert
Personal Vision of the Evolution of the Cybersecurity Sector during the next 10 years - 2015 - 2015.The presentation includes a review of the major players, both the "Good Guys" and the "Bad Guys". We discuss the important role of Artificial Intelligence, Machine Learning & Adaptive Systems in proving "Speed of Light" response to the continuous 24/7 Real-Time Threats that now target Business & Government. We conclude the presentation with a quick review of the Business Sector including the leading "new wave" cybersecurity companies, mergers, acquisitions and Venture Capital Investment.
24/7 Intelligent Video Surveillance: Securing Your Business Data & PrivacyDr David Probert
This invited presentation was given at the International East-West Security Conference in Naples, Italy on th 4th June 2019. The talk has 9 chapters beginning with a background review of the evolution of the marketplace for video intelligence from 20thC CCTV to 21srC Real-Time Networked Video Surveillance! We then discuss the importance of deploying intelligence video surveillance in crowded places such as shopping malls, stadiums, theatres, transport hubs, airports & sports events. We provide examples of some recent tragic events related to Urban Terrorism such as Nice, Paris, Brussels, London, Berlin & Moscow. We discuss the importance of providing an integrated dashboard for Physical & CyberSecurity in order to Identify, Mitigate & ideally prevent such Urban Terrorism. At all stages of the talk we try an provide examples & case studies of Intelligent Video Surveillance solutions that are available on the marketplace today! W then review Advanced Video Analytics based upon Artificial Intelligence & Deep Learning (Neural Networks). This includes a discussion of intelligent behaviour profiling and real-time biometric analysis & digital forensics. The development of on-line services has led to the new economic theory of Surveillance Capitalism (Published by Shoshana Zuboff - Jan 2019). This is highly relevant to Video Surveillance since some of the intelligent video tools such as Public Facial Recognition have provoked a strong reaction in cities such as San Francisco. We conclude the talk with a review of ways in which Big Data Analytics can provide Fast Intelligent Support in the analysis of massive video databases & real-time streams. We also suggest Top 3 Actions & Security RoadMap for YOUR Business! Enjoy!
Intelligent, Integrated Cybersecurity - CyberCrime, CyberTerror & CyberWar!Dr David Probert
Invited Talk @ 40th International East-West Security Conference ' Hilton Hotel, Malta - November 2019 on Intelligent & Integrated CyberSecurity! The talk explores the current status of Cybersecurity threats & defence and then develops Scenarios for its future evolution. This focuses upon the role of Artificial Intelligence, Stochastic Machine Learning & Deep Learning and provide much faster & accurate real-time "Speed of Light" responses against Cyber Attacks! We discuss the evolution of the Internet during the last 50 years since its birth, and then explore possible cyber trends for the next 25 to 30 years based upon technological & social evolution. Topics include Network Intelligence, Self-Learning, Self-Adaptive Security & then finally "Neural Security" for 2040 onwards! The presentation provides several examples of recent cyber attacks as well as some of the "Best of Breed" Cyber AI solutions that are already available from Cybersecurity vendors! We warp-up with a warning regarding the need to "take control of the more advanced AI tools" and to programme the AI software with some understanding of compliance with Human Needs & Ethics! The author has worked on InfoSec & Cybersecurity for 25 years since summer 1994. He has also more than 40 years of experience in AI having completed the very 1st Doctorate in Stochastic Machine Learning @ Cambridge University Statistical Laboratory & Churchill College in June 1976!
Singapore's National Cyber Security StrategyBenjamin Ang
Singapore's National Cyber Security Strategy was launched by the Singapore government at the inaugural Singapore International Cyber Week 2016. This presentation gives an overview of the 4 pillars of the Strategy and some of its implementation steps so far, including the upcoming new Cybersecurity Act, and the SGD 10 million fund for capacity building in ASEAN. You can download the full Strategy at www.csa.gov.sg
Artificial Intelligence and Machine Learning for CybersecurityDr David Probert
The talk discusses the application of artificial intelligence and machine learning to enterprise cybersecurity. The topics include self-learning, stochastic cellular automata, adaptive & self-organising systems and recursive Bayesian algorithms. The talk briefly surveys several cybersecurity companies including Darktrace, Logrhythm and Norse Corporation. There is also discussion of the application of AI and neural networks within the Banking sector for "Algorithmic Trading" during the last 10 to 20 years. These techniques are now highly relevant, and even ESSENTIAL, for the provision of real-time enterprise cybersecurity to complement traditional "signature" based anti-virus & firewall based solutions. The talk closes with the presentations for the future of Cybersecurity in 2020, 2025 and 2040 including reference to similar forecasts from both Business & Governments. The talk was given by Dr David Eric Probert at the East-West International Security Conference at the Melia Galgos Hotel in Madrid, Spain on the Tuesday 27th October 2015.
21stC CyberSecurity Defence: Next 7 Years - 2018 to 2025!Dr David Probert
This presentation provides a personal vision of trends in Cybersecurity during the coming 7 years - 2018 to 2025. We start with focusing on the Board Level Agenda for the newly appointed Chief Security Officer (CSO/CISO) and then briefly discuss the TOP 10 Cybersecurity Threats that include Ransomware, DDos Attacks, SQL injection, Social Media Phishing, Toxic Cookies, Classical Malware, Authentication Hacks, Stealth Monitoring and Advanced Persistent Attacks. We group these generic cyber threats under Exploration, Penetration and Real-Time Attacks! We then discuss the need for new Cyber Tools that will provide effective defence against such threat since classical tools such as anti-virus & firewalls will no longer stop the "bad guys" - CyberCriminals, Cyber Hacktivists & CyberTerrorists! We describe scenarios for 2018 (Integrated Security - Cyber & Physical Security), 2020 (Adaptive Security for the Internet of Things) and 2025 (Intelligent Security based upon Artificial Intelligence & Machine Learning). These tools are all available today and yet most organisations are still relying on the classical AV/Firewall Solutions and hence are highly vulnerable to cyberattacks. We wrap up the presentation with a brief look at Security for Critical Sectors such as Banking/Finance & Government. We suggest ways in which business can prioritise and organise CyberSecurity based upon frameworks such as those from NIST, SANS and the UN/ITU. Finally we return to the metaphor that Classical Physical Attacks & Warfare occur at the "Speed of Sound" whilst Global Cyber Attacks & CyberWarfare take place 1million times faster @ the "Speed of Light". This provides the key motivation for significantly upgrading our CyberDefences to provide Security within our 21stC Neural Society!
Presentation discusses CyberCrime, CyberTerror & CyberWar & the ways in which the "Bad Guys" organise themselves to undertake major Cyber Attacks. The TOP 10 Threats are categorized as Exploration, Penetration and Attack Tools. The threats include: (1) Advanced Persistent Attack (APT), (2) Stealth Monitoring, (3) Toxic eMail, (4) Database & Web Hacks (SQL/XSS), (5) Classic Virus/Trojan Malware, (6) Authentication Hacks, (7) Designer "Bots" (Stuxnet), (8) Toxic Cookies/Proxy/DNS (9) DDoS & (10) Ransomware, We conclude with recommendations to Defend your Business with In-Depth Technical & Operational Defence Action Plans!
Presentation given at the International East-West Security Conference in Rome - November 2016. The presentation begins with a review of Models of the Internet and CyberSpace such as those based upon IP Hilbert Space. We then discuss the transformation from 20thC Physical Threats (Speed of Sound) to the 21stC Cyber Threats (Speed of Light) such as CyberCrime, CyberTerror, CyberEspionage and CyberWar from sources such as the UN/ITU and the World Economic Forum. The core presentation explores Cyber Scenarios for 2018 (Integrated Security). 2020 (Adaptive Security), 2025 (Intelligent Security) and 2040 (Neural Security).We consider the New Generation of Tools based upon Machine Learning & Artificial Intelligence that use Self-Learning & Self-Organisation. We consider the application of these tools for the effective defence of Critical National Infrastructure and also to enhance Cybersecurity for the Internet of Things. We review some of the latest Cyber Ventures that provide Security Solutions based upon Machine Learning. Finally we provide a suggested TOP 10 Actions for your Business to upgrade Cybersecurity & Mitigate Future Attacks!
21stC Cybersecurity Trends: 2018-2025 & Beyond!... Dr David Probert
Presentation to the ISSA Summer Cybersecurity Conference on HQS Wellington Ship on the River Thames, London - 5th July 2018. The keynote talk covers the TOP 10 Cyber Attacks - APT, Stealth Monitoring, Toxic eMail, Classic Malware, Custom Bots,, DDoS, Ransomware & DNS/Proxy Re-routing..We present Cybervision Scenarios for 2018 (Integrated Security), 2019(Self-Adaptive), 2020 (Self-Learning), 2025 (Cyber-Intelligent) and finally 2040 (Neural Security & Artificial Silicon Life!). This is followed by a brief survey of Maritime Security including the BIMCO & IET Guidelines and then wrapped up with a summary of the New Cybersecurity Toolkit. The presentation has a strong focus on the applications of artificial intelligence, Machine Learning & Deep Learning (Neural Networks) to Cybersecurity Solutions. In addition there is analysis of the fields of Intelligent Video Analytics, Digital Forensics & Cyber-Biometrics together with some real world solutions. Finally there is reference to Strategy Toolkits such as those from the United Nations / ITU, and from NIST = US National Institute of Standards & Technology. I would like to thank Sophie Wingrove & Team for their kind invitation to speak at this CyberSecurity Conference!
21stC Trends in FinTech Security - AI, Deep Learning & BlockchainDr David Probert
The presentation has 9 chapters beginning with a brief survey of FinTech Evolution & the Global Marketplace with a strong focus on China & the USA! We note that Fintech is a disruptive technology and that there are inherent cyber-risks. We provide examples of some recent major hacks within the FinTech & Financial Services Sector. We then consider ways options to mitigate these security risks using new technological tools based upon Artificial Intelligence, Machine Learning Algorithms , & Deep Learning (Neural Networks). We then also review ways in which Blockchains can provide enhanced security for peer-to-peer transactions both in FinTech as well as in most other market sectors. We then discuss Cyber Fraud Detection & Prevention including tools for identifying Money Laundering, and Financing for Terrorism & other National & International Criminal Exploits. We review ways in which the latest Tools for Big Data Mining & Analytics can reduce the impact & devastating losses from Global FinTech CyberCrime. We conclude with a summary of the current disruptive transition from 20thC Physical Banks to 21stC Virtual FinTech Accounts. We include suggestions for ways in which you can provide enhanced Security for FinTech within YOUR Business! This invited talk was given at the International East-West Security Conference in Naples, Italy on the 4th June 2019
Cyber Tools and Trends - Next 7 Years: 2018 - 2025 !Dr David Probert
We present Cyber Trends and Tools for 2018 (Cyber Transition), 2020 (Intelligent Security) and 2025 (Neural Security) We discuss the evolution of the next generation of Tools based upon Artificial Intelligence & Machine Learning. And then we discuss applications to the Defence of Smart Devices (Internet of Things - IOT), Smart Transportation and Smart Cities. We briefly profile Next Generation Cybersecurity Products & Services from leading edge Vendors. We conclude with a discussion of ways to interface "Intelligent machines" with the "human brain" through recent developments in Virtual and Augmented Reality. And as usual we provide suggestions for ways to develop a Cyber Action Plan for YOUR Business with a Focus on the Importance of a Chief Information Security Officer (CISO/CSO) @ Board Level!
Singapore. industry 4.0 and cybersecurity Yuri Anisimov
For all critical sectors to establish robust and systematic cyber risk management processes and capabilities
Systematic cyber risk management framework
risk assessments, vulnerability assessments and system reviews;
well-informed and conscious trade-offs in security, cost and functionality
sound systems and procedures to mitigate and manage these risks, including disaster recovery and business continuity plans;
effective implementation that encompasses awareness building and training across the organisation
continuous measurement of performance through process audits and cyber-security exercises.
UN/ITU: Cybersecurity Skills Development - Salta, Argentina - 2010Dr David Probert
Presentation given at the Joint UN/ITU CITEL Cybersecurity Workshop in Salta City, Argentina - Nov 2010. The material discusses Cybersecurity Skills Development and International Partnerships for the Americas.
Data Protection: balancing convenience, privacy and securityEthical Sector
Myanmar Government’s policy and plans on data protection, transfer and storage
Presentation at Myanmar Digital Rights Forum 2019
Read more: https://www.myanmar-responsiblebusiness.org/news/digital-rights-forum-2019-report.html
Cyber Vardzia - Integrated Physical and Cyber Security Systems for GeorgiaDr David Probert
Invited Presentation at the 3rd Georgian IT Innovation & Cybersecurity Conference (GITI) in Tbilisi, Georgia. The presentation focus upon the urgent need to integrate physical and cyber security within a single management team headed by a Chief Security Officer (CSO). The title references - Vardzia - which was a Medieval Georgian Cave Fortress that had extensive physical security and withstood attacks from invaders for many years.
CyberVision: 2020 to 2030 - Your 21stC Cybersecurity Toolkit!Dr David Probert
This presentation provides a personal vision of cybersecurity trends for the coming 10 years and beyond! We begin with some historical relics and the discovery of the Antikythera Mechanism almost 2000 years ago (Cyber Year ZERO!). We rapidly move to our cyber society - 2018 - and some recent massive cyber hacks & attacks related both to cybercrime, cyberterror and emerging cyber and information warfare. We briefly discuss the TOP 10 Cyber attack and means of defence. These include Advanced Persistent Threat (APT), Stealth Monitoring, Toxic eMail, Custom Bots (Stuxnet), DDoS, Ransomware and Toxic Cookies/Proxy & DNS Hacks & Attacks. After briefing exploring Blockchains, "Internet of Things" & Integrated Security Dashboards we present a sequence of cyber scenarios for 2019 (Self-Adaptive), 2020 (Self-Learning), 2025 (Cyber Intelligent) and 2040 (Neural Security). We provide examples of cyber tools already available that deploy machine learning, AI and Deep Learning to protect business and governments around the world. We provide some warnings from the late Stephen Hawking on both the risks and rewards or the widespread deployment of artificial intelligence based solutions in both business, government & open society! Finally we wrap up with a quick review of future cyber tools and suggestions for your own Business Action Plan & RoadMap! Enjoy!
CyberTerror-CyberCrime-CyberWar! - Crucial Role of CyberSecurity in "War on T...Dr David Probert
Now we see the evolution of Hybrid Warfare, Cybercrime and Terrorism. To mitigate to Terror Attacks we urgently need to integrate Real-Time Cybersecurity Solutions with Physical Surveillance in Business, Campus, Cities And Nationwide! In this presentation we discuss both Historic & Current Cyber Threats and practical options to minimise the risks of future Terror Attacks through Integrated Physical-Cybersecurity Solutions. We briefly review the United Nations/ITU, NATO and NIST Cybersecurity Frameworks, and the threats on Critical National Information Infrastructure. Finally we suggest the TOP Actions for Chief Security Officers (CSO) to mitigate Attacks within their own Security Operations. This invited presentation was given @ the International East-West Security Conference at the Marriott Courtyard Hotel in Prague - June 2016.
Energising Cybersecurity with Biometrics & Digital ForensicsDr David Probert
Fighting Cybercrime and Cyberterror requires Business & Government to integrate Biometrics (Pre-Attack) and Digital Forensics (Post-Attack) in order to both mitigate & diagnose attack vectors. This presentation was given @ the East-West International Security Conference in Prague - June 2016. It includes a 25 year Cyber Vision of Future Adaptive, Intelligent & Neural Cybersecurity Tools. These will be based upon Artificial Intelligence, Machine Learning & Adaptive Behavioural Analytics. The advance of Hybrid Cybercrime, Cyberwar & Cyberterror require all Businesses & Government Agencies to seriously consider the deployment of Intelligent Cybersecurity Solutions with Biometrics & Digital Forensics during next 10 years!
Effective CyberSecurity for the 2020s - Intelligent Analytics & Modelling Dr David Probert
This invited presentation was given at the International East-West Security Conference on the 4th June in Naples, Italy. The talk begins with a review of the current Cyber Society including the topics of CyberCrime, CyberTerror & CyberWar. We include a quick review of the extremely useful national cybersecurity strategy guides developed by the UN/ITU (United Nations - International telecommunications Union) during the last 10 years. We then progress to review the Top 10 Cyber Threats & Attacks including DDOS, SQL Injection, Ransomware, APT - Advanced Persistent Attack, Custom Torjan "Bots", Classic Malware, & Toxic Cookies, DNS & Proxy Diversion Attacks, We provide numerous examples of some recent devastating cyber attacks across market sectors such as Banking, Airllines, Shipping, Healthcare & Government. We the proceed to review future cyber scenarios - 2019 (Integrated Security), 2020(Self-Adaptive Security), 2022 (Self-Learning), 2025 (Cyber-Intelligent) & way into the future - 2040 (Neural Security). Once again we provide many examples of Cyber Solutions & Toolkits that are available today for implmentation. Many Cyber tools already embed AI & Deep Learning Algorithms which can help mitigate zero-day attacks and most other cyber stealth & malware attacks including DDoS, APT, SQL & Ransomware. We conclude, as usual, with suggestions for how YOUR Business can review, audit and upgrade to boost cyber resilience! Enjoy!
Upgrading Industrial CyberSecurity & Security Critical National InfrastructureDr David Probert
Invited talk at the 40th International East-West Security Conference @ Hilton Hotel - Malta on Upgrading Industrial CyberSecurity. The talk focuses on the Industrial Internet of Things (IIoT) and specifically on ICS/SCADA systems - Industrial Control Systems and Supervisory Control and Data Acquisition. These legacy systems are often not well secured and open to a wide range of Cyber Threats & Attacks. Examples are given on some recent attacks including DDoS and Ransomware in Trans-National Industrial Enterprises.The talk covers the integration of physical & cyber security as well as the problem of counterfeit electronic parts & components within the industrial value-chain. We explore the issue of industrial espionage & surveillance including video & satellite images that may be used by the "bad guys" when researching economic, political or terror attacks on critical infrastructure. We explore the risks within the energy sector such as civilian nuclear power plants & industrial metal smelting works. We wrap-up by recommending 10 ways to secure your industrial enterprise & the paths to developing your Smart Security Business Plan. The author has worked in the field of CyberSecurity / InfoSec for 25 years since Summer 1994. He has also worked in AI/Machine Learning for more than 40 years since completing the 1st Doctorate in Stochastic Machine Learning @ the Cambridge University Statistical Laboratory in June 1976.
Intelligent Cyber Surveillance: AI Video Analytics & Biometrics!Dr David Probert
This presentation discusses recent trends in cyber surveillance to combat increasing cybercrime, cyberterrorism and the advent of cyberwarfare! We begin by reviewing the convergence of physical & cybersecurity before moving to recent tragic events in urban terrorism, We discuss the ways in which "crowded place" such as stadiums, transport hubs, resorts and malls may be more fully secured against cyberterrorists, We then review trends in advanced AI - artificial intelligence - based video analytics & biometric which are now a key component in business & government cyber toolkit! We provide a short review of cyber sector sector before providing some 7 year cyber trends towards the year 2025. The presentation wraps up with your TOP 3 Actions and a suggested Cyber Shopping List for your Business! Enjoy!
Cybersecurity Trends and CyberVision : 2015 - 2025Dr David Probert
Personal Vision of the Evolution of the Cybersecurity Sector during the next 10 years - 2015 - 2015.The presentation includes a review of the major players, both the "Good Guys" and the "Bad Guys". We discuss the important role of Artificial Intelligence, Machine Learning & Adaptive Systems in proving "Speed of Light" response to the continuous 24/7 Real-Time Threats that now target Business & Government. We conclude the presentation with a quick review of the Business Sector including the leading "new wave" cybersecurity companies, mergers, acquisitions and Venture Capital Investment.
24/7 Intelligent Video Surveillance: Securing Your Business Data & PrivacyDr David Probert
This invited presentation was given at the International East-West Security Conference in Naples, Italy on th 4th June 2019. The talk has 9 chapters beginning with a background review of the evolution of the marketplace for video intelligence from 20thC CCTV to 21srC Real-Time Networked Video Surveillance! We then discuss the importance of deploying intelligence video surveillance in crowded places such as shopping malls, stadiums, theatres, transport hubs, airports & sports events. We provide examples of some recent tragic events related to Urban Terrorism such as Nice, Paris, Brussels, London, Berlin & Moscow. We discuss the importance of providing an integrated dashboard for Physical & CyberSecurity in order to Identify, Mitigate & ideally prevent such Urban Terrorism. At all stages of the talk we try an provide examples & case studies of Intelligent Video Surveillance solutions that are available on the marketplace today! W then review Advanced Video Analytics based upon Artificial Intelligence & Deep Learning (Neural Networks). This includes a discussion of intelligent behaviour profiling and real-time biometric analysis & digital forensics. The development of on-line services has led to the new economic theory of Surveillance Capitalism (Published by Shoshana Zuboff - Jan 2019). This is highly relevant to Video Surveillance since some of the intelligent video tools such as Public Facial Recognition have provoked a strong reaction in cities such as San Francisco. We conclude the talk with a review of ways in which Big Data Analytics can provide Fast Intelligent Support in the analysis of massive video databases & real-time streams. We also suggest Top 3 Actions & Security RoadMap for YOUR Business! Enjoy!
Intelligent, Integrated Cybersecurity - CyberCrime, CyberTerror & CyberWar!Dr David Probert
Invited Talk @ 40th International East-West Security Conference ' Hilton Hotel, Malta - November 2019 on Intelligent & Integrated CyberSecurity! The talk explores the current status of Cybersecurity threats & defence and then develops Scenarios for its future evolution. This focuses upon the role of Artificial Intelligence, Stochastic Machine Learning & Deep Learning and provide much faster & accurate real-time "Speed of Light" responses against Cyber Attacks! We discuss the evolution of the Internet during the last 50 years since its birth, and then explore possible cyber trends for the next 25 to 30 years based upon technological & social evolution. Topics include Network Intelligence, Self-Learning, Self-Adaptive Security & then finally "Neural Security" for 2040 onwards! The presentation provides several examples of recent cyber attacks as well as some of the "Best of Breed" Cyber AI solutions that are already available from Cybersecurity vendors! We warp-up with a warning regarding the need to "take control of the more advanced AI tools" and to programme the AI software with some understanding of compliance with Human Needs & Ethics! The author has worked on InfoSec & Cybersecurity for 25 years since summer 1994. He has also more than 40 years of experience in AI having completed the very 1st Doctorate in Stochastic Machine Learning @ Cambridge University Statistical Laboratory & Churchill College in June 1976!
Singapore's National Cyber Security StrategyBenjamin Ang
Singapore's National Cyber Security Strategy was launched by the Singapore government at the inaugural Singapore International Cyber Week 2016. This presentation gives an overview of the 4 pillars of the Strategy and some of its implementation steps so far, including the upcoming new Cybersecurity Act, and the SGD 10 million fund for capacity building in ASEAN. You can download the full Strategy at www.csa.gov.sg
Artificial Intelligence and Machine Learning for CybersecurityDr David Probert
The talk discusses the application of artificial intelligence and machine learning to enterprise cybersecurity. The topics include self-learning, stochastic cellular automata, adaptive & self-organising systems and recursive Bayesian algorithms. The talk briefly surveys several cybersecurity companies including Darktrace, Logrhythm and Norse Corporation. There is also discussion of the application of AI and neural networks within the Banking sector for "Algorithmic Trading" during the last 10 to 20 years. These techniques are now highly relevant, and even ESSENTIAL, for the provision of real-time enterprise cybersecurity to complement traditional "signature" based anti-virus & firewall based solutions. The talk closes with the presentations for the future of Cybersecurity in 2020, 2025 and 2040 including reference to similar forecasts from both Business & Governments. The talk was given by Dr David Eric Probert at the East-West International Security Conference at the Melia Galgos Hotel in Madrid, Spain on the Tuesday 27th October 2015.
21stC CyberSecurity Defence: Next 7 Years - 2018 to 2025!Dr David Probert
This presentation provides a personal vision of trends in Cybersecurity during the coming 7 years - 2018 to 2025. We start with focusing on the Board Level Agenda for the newly appointed Chief Security Officer (CSO/CISO) and then briefly discuss the TOP 10 Cybersecurity Threats that include Ransomware, DDos Attacks, SQL injection, Social Media Phishing, Toxic Cookies, Classical Malware, Authentication Hacks, Stealth Monitoring and Advanced Persistent Attacks. We group these generic cyber threats under Exploration, Penetration and Real-Time Attacks! We then discuss the need for new Cyber Tools that will provide effective defence against such threat since classical tools such as anti-virus & firewalls will no longer stop the "bad guys" - CyberCriminals, Cyber Hacktivists & CyberTerrorists! We describe scenarios for 2018 (Integrated Security - Cyber & Physical Security), 2020 (Adaptive Security for the Internet of Things) and 2025 (Intelligent Security based upon Artificial Intelligence & Machine Learning). These tools are all available today and yet most organisations are still relying on the classical AV/Firewall Solutions and hence are highly vulnerable to cyberattacks. We wrap up the presentation with a brief look at Security for Critical Sectors such as Banking/Finance & Government. We suggest ways in which business can prioritise and organise CyberSecurity based upon frameworks such as those from NIST, SANS and the UN/ITU. Finally we return to the metaphor that Classical Physical Attacks & Warfare occur at the "Speed of Sound" whilst Global Cyber Attacks & CyberWarfare take place 1million times faster @ the "Speed of Light". This provides the key motivation for significantly upgrading our CyberDefences to provide Security within our 21stC Neural Society!
Presentation discusses CyberCrime, CyberTerror & CyberWar & the ways in which the "Bad Guys" organise themselves to undertake major Cyber Attacks. The TOP 10 Threats are categorized as Exploration, Penetration and Attack Tools. The threats include: (1) Advanced Persistent Attack (APT), (2) Stealth Monitoring, (3) Toxic eMail, (4) Database & Web Hacks (SQL/XSS), (5) Classic Virus/Trojan Malware, (6) Authentication Hacks, (7) Designer "Bots" (Stuxnet), (8) Toxic Cookies/Proxy/DNS (9) DDoS & (10) Ransomware, We conclude with recommendations to Defend your Business with In-Depth Technical & Operational Defence Action Plans!
Presentation given at the International East-West Security Conference in Rome - November 2016. The presentation begins with a review of Models of the Internet and CyberSpace such as those based upon IP Hilbert Space. We then discuss the transformation from 20thC Physical Threats (Speed of Sound) to the 21stC Cyber Threats (Speed of Light) such as CyberCrime, CyberTerror, CyberEspionage and CyberWar from sources such as the UN/ITU and the World Economic Forum. The core presentation explores Cyber Scenarios for 2018 (Integrated Security). 2020 (Adaptive Security), 2025 (Intelligent Security) and 2040 (Neural Security).We consider the New Generation of Tools based upon Machine Learning & Artificial Intelligence that use Self-Learning & Self-Organisation. We consider the application of these tools for the effective defence of Critical National Infrastructure and also to enhance Cybersecurity for the Internet of Things. We review some of the latest Cyber Ventures that provide Security Solutions based upon Machine Learning. Finally we provide a suggested TOP 10 Actions for your Business to upgrade Cybersecurity & Mitigate Future Attacks!
21stC Cybersecurity Trends: 2018-2025 & Beyond!... Dr David Probert
Presentation to the ISSA Summer Cybersecurity Conference on HQS Wellington Ship on the River Thames, London - 5th July 2018. The keynote talk covers the TOP 10 Cyber Attacks - APT, Stealth Monitoring, Toxic eMail, Classic Malware, Custom Bots,, DDoS, Ransomware & DNS/Proxy Re-routing..We present Cybervision Scenarios for 2018 (Integrated Security), 2019(Self-Adaptive), 2020 (Self-Learning), 2025 (Cyber-Intelligent) and finally 2040 (Neural Security & Artificial Silicon Life!). This is followed by a brief survey of Maritime Security including the BIMCO & IET Guidelines and then wrapped up with a summary of the New Cybersecurity Toolkit. The presentation has a strong focus on the applications of artificial intelligence, Machine Learning & Deep Learning (Neural Networks) to Cybersecurity Solutions. In addition there is analysis of the fields of Intelligent Video Analytics, Digital Forensics & Cyber-Biometrics together with some real world solutions. Finally there is reference to Strategy Toolkits such as those from the United Nations / ITU, and from NIST = US National Institute of Standards & Technology. I would like to thank Sophie Wingrove & Team for their kind invitation to speak at this CyberSecurity Conference!
21stC Trends in FinTech Security - AI, Deep Learning & BlockchainDr David Probert
The presentation has 9 chapters beginning with a brief survey of FinTech Evolution & the Global Marketplace with a strong focus on China & the USA! We note that Fintech is a disruptive technology and that there are inherent cyber-risks. We provide examples of some recent major hacks within the FinTech & Financial Services Sector. We then consider ways options to mitigate these security risks using new technological tools based upon Artificial Intelligence, Machine Learning Algorithms , & Deep Learning (Neural Networks). We then also review ways in which Blockchains can provide enhanced security for peer-to-peer transactions both in FinTech as well as in most other market sectors. We then discuss Cyber Fraud Detection & Prevention including tools for identifying Money Laundering, and Financing for Terrorism & other National & International Criminal Exploits. We review ways in which the latest Tools for Big Data Mining & Analytics can reduce the impact & devastating losses from Global FinTech CyberCrime. We conclude with a summary of the current disruptive transition from 20thC Physical Banks to 21stC Virtual FinTech Accounts. We include suggestions for ways in which you can provide enhanced Security for FinTech within YOUR Business! This invited talk was given at the International East-West Security Conference in Naples, Italy on the 4th June 2019
Cyber Tools and Trends - Next 7 Years: 2018 - 2025 !Dr David Probert
We present Cyber Trends and Tools for 2018 (Cyber Transition), 2020 (Intelligent Security) and 2025 (Neural Security) We discuss the evolution of the next generation of Tools based upon Artificial Intelligence & Machine Learning. And then we discuss applications to the Defence of Smart Devices (Internet of Things - IOT), Smart Transportation and Smart Cities. We briefly profile Next Generation Cybersecurity Products & Services from leading edge Vendors. We conclude with a discussion of ways to interface "Intelligent machines" with the "human brain" through recent developments in Virtual and Augmented Reality. And as usual we provide suggestions for ways to develop a Cyber Action Plan for YOUR Business with a Focus on the Importance of a Chief Information Security Officer (CISO/CSO) @ Board Level!
Singapore. industry 4.0 and cybersecurity Yuri Anisimov
For all critical sectors to establish robust and systematic cyber risk management processes and capabilities
Systematic cyber risk management framework
risk assessments, vulnerability assessments and system reviews;
well-informed and conscious trade-offs in security, cost and functionality
sound systems and procedures to mitigate and manage these risks, including disaster recovery and business continuity plans;
effective implementation that encompasses awareness building and training across the organisation
continuous measurement of performance through process audits and cyber-security exercises.
UN/ITU: Cybersecurity Skills Development - Salta, Argentina - 2010Dr David Probert
Presentation given at the Joint UN/ITU CITEL Cybersecurity Workshop in Salta City, Argentina - Nov 2010. The material discusses Cybersecurity Skills Development and International Partnerships for the Americas.
Data Protection: balancing convenience, privacy and securityEthical Sector
Myanmar Government’s policy and plans on data protection, transfer and storage
Presentation at Myanmar Digital Rights Forum 2019
Read more: https://www.myanmar-responsiblebusiness.org/news/digital-rights-forum-2019-report.html
Strengthening Cybersecurity Collaborations: Outcomes from missions to Singapo...KTN
Between June 2018 and October 2019, three Global Expert Missions took place to Singapore, the USA and Israel to better understand their research and innovation landscapes and to establish potential opportunities for collaboration in the cyber security sector.
The intention of the Missions was to identify the specific areas where a more focussed collaborative innovation approach would be mutually of interest and beneficial.
This is the presentation delivered by Vladimiro Sassone, The Director of Academic Centre of Excellence in Cyber Security at the University of Southampton. Vladimiro is also a professor of Computer Science in ECS (Electronics and Computer Science), also at the University of Southampton.
Public safety interoperability: an international perspectiveComms Connect
The paper will discuss a wide range of public safety communications interoperability -related issues both with a view to the Canadian/US environment and their relevance to the Australia/New Zealand landscape.
These include:
- Public safety wireless broadband in North America;
- Public safety interoperability strategic planning at the local, regional, state, national and international levels;
- Trends in interoperability technology, including both voice- and data-related issues;
- Next Generation (NG) 911 and its future in Canada and beyond;
- Situational awareness, common/user-defined operating pictures, precision information environments, GIS systems, blue force tracking and location-based services;
- 3D in-door tracking and location for firefighters and public safety responders; and,
- Social media for emergency management (#SMEM).
Inspector (Ret.) Lance Valcour O.O.M, Chair, Law Enforcement Information Management Section International Association of Chiefs of Police
Saigf 15 thematic-paper 7 - A case for multi-stakeholder partnerships for cri...Cade Zvavanjanja
Southern African Internet Governance Forum 2015
(SAIGF-15) Thematic Paper No. 7
“A Case for Multi-stakeholder partnerships for critical Internet resources
security in the SADC Region”
Produced by: Southern African Development Community (SADC) Secretariat
Prepared by: Mr. Cade Zvavanjanja
Abstract: With much of SADC‟s Member State‟s critical Internet resources being in the hands of both private and public sector, it seems a natural solution for industry,
Government, civic society and private citizens to work together in ensuring it is both secure and resilient. This cooperation in the form of Multi-stakeholder Partnerships (MPs) is needed in and among Member States and at different times, depending on the environment, culture and legal framework. There is no common definition of what constitutes a MP addressing this area. Diversity is strength when making networks and systems resilient, yet there also exist a need for interworking and a common understanding, especially when making a case for SADC view. There is also a need for a global view as there is a growing awareness for a truly global approach to Critical Internet resources security (CIRS). No country can create a CIRS approach in isolation, as there are no national boundaries on the Internet. The paper makes a case for MPs for CIRS in SADC while addressing the Why, Who, How, What and When questions associated with establishing and maintaining MPs for CIRS in SADC. It uses data from both public and private sector stakeholders across 14 SADC countries. This is not a prescriptive guide, but has a focus on clarity of purpose and approach so that stakeholders can easily choose those aspects that will add value to their endeavours in establishing and maintaining MPs.
Supporting the global efforts in strengthening the safety, security and resilience of Cyberspace, the Commonwealth Cybersecurity Forum 2013, organised by the Commonwealth Telecommunications Organisation. The ceremonial opening examined how Cyberspace could be governed and utilised in a manner to foster freedom and entrepreneurship, while protecting individuals, property and the state, leading to socio-economic development. Speakers of this session, Mr Mario Maniewicz, Chief, Department of Infrastructure, Enabling Environment and E-Applications, ITU; Mr David Pollington, Director, International Security Relations, Microsoft; Mr Alexander Seger, Secretary, Cybercrime Convention Committee, Council of Europe; Mr Nigel Hickson, Vice President, Europe, ICANN and Mr Pierre Dandjinou, Vice President, Africa, ICANN, added their perspectives on various approaches to Cybergovernance, with general agreement on the role Cyberspace could play to facilitate development equitably and fairly across the world.
Hosted by the Ministry of Posts and Telecommunications of Cameroon together with the Telecommunications Regulatory Board of Cameroon and backed by partners and industry supporters including ICANN, Council of Europe, Microsoft, MTN Cameroon, AFRINIC and Internet Watch Foundation, the Commonwealth Cybersecurity Forum 2013 seeks to broaden stakeholder dialogue to facilitate practical action in Cybergovernance and Cybersecurity, some of which will be reflected in the CTO’s own work programmes under its Cybersecurity agenda.
Singapore Cybersecurity Strategy and Legislation (2018)Benjamin Ang
A primer on Singapore's Cybersecurity Strategy, and the laws of Singapore relating to Cybersecurity (Computer Misuse Act, Personal Data Protection Act, Cybersecurity Act 2018). Also contains a summary of the results of the Public Consultation on the Cybersecurity Bill
Brief article on the Impact of Artificial Intelligence & Machine Learning on the Security Sector. We review the fundamentals of AI Security before providing a quick review of key sectors. Finally we provide a speculative set of scenarios for 2030, 2050, 2075 & 2100 regarding the possible future evolution of artificial intelligence. This includes a short assessment of the risks that autonomous AI tools bring that could prove to be an existential risk to Human Life, Culture & Society. This year will be 50 years since I started my own PhD into AI - "Stochastic Machine Learning" at Cambridge University Statistical Laboratory which is part of the Department of Mathematics. Enjoy!
AI & Cybersecurity Tools are being weaponised by National Governments which is already impacting Export Rules & Regulations. This short article opens up an online discussion of some of these contemporary issues which impact us all!
From Hughesovka to Donetsk (Translated to Russian)Dr David Probert
Donetsk, Ukraine is at the core of regional issues between Russia & the West. In the 19thC my Great Great Grandfather worked for 25 years in Hughesovka which was created as an Industrial Public Private Partnership (PPP) between the Russian Government & Welsh Entrepreneur - John Hughes with the "New Russia Company Limited" registered in 1869. This 19thC Company Town was renamed Stalino in 1924 & Donetsk in 1961. Here is the Russian Translation of my Personal Thoughts & Family Story relating to the historical journey from Hughesovka (1870) to Donetsk (2022) .
Some Personal Reflections on the Evolution of the 19thC Industrial Complex set up by John Hughes in 1870 by the New Russia Company in the City known then as Hughesovka and since renamed as Donetsk in Donbas - Eastern Ukraine. The article includes some family history and connections with Donbas and a Personal Postscript & Analysis of current events.
21stC Trends in CyberSecurity in the Finance & Banking Sectors Security!Dr David Probert
Invited Presentation @ 40th Internationnal East-West Security Conference in Malta on the Theme of Cybersecurity in Finance & Banking! This 45minute talk covers the importance of upgrading to the new cyber tools based upon Artificial Intelligence & Stochastic Machine Learning that are now available for several leading "best of breed" vendors! The talk also covers typical cyber threats from DDoS to Ransomware as well as the role of blockchains & big data analytics in improving transaction security and compliance with Anti-Money Laundering & Counter-Terror Financing. The talk ends with recommended guidelines on ways to improve & upgrade your own enterprise cybersecurity using AI, Machine & Deep Learning! The author has spent more than 25 years working on Cybersecurity and completed his Doctorate in AI & Stochastic Machine Learning @ Cambridge University in 1976!
KolaNet 1992-1999 and Beyond! Arctic Environmental Monitoring Networks!Dr David Probert
Invited Presentation at the Plenary Session of the 30th Anniversary Conference of the "Institute of Ecological Problems of the North" - Kola Science Centre - Russian Academy of Sciences - Apatity, Murmansk Region, Russia. The presentation reviews the Multi-National Project that aimed to establish a network to monitor radiation levels (in case of nuclear accident or major leak) around the Kola Atomic Power Station in the Russian Kola Peninsula, the programme included several training courses held in Svahovd Norway as well as the Kola Science Centre, Apatity. The project later extended its mission to include monitoring of other industrial pollution such as sulphur dioxide from the extensive Nickel Smelting Works within the Region @ Nikel & Monchegorsk. The presentation concludes with suggestions for redefining & upgrading the KolaNet Programme for the 21st Century with a focus on Artificial Intelligence, Big Data Analytics, Machine & Deep Learning to research massive databases related to climate change & arctic pollution! We conclude with a review of the KolaNet Lessons noting that the programme was successful due to (1) TeamWork (2) Practical Adaptation & Exploitation of Advanced Technologies (3) International Partnerships across the Nordic Region - Norway, Sweden, Finland & Russia!
This presentation updates earlier talks and provides a CyberVision for Cybersecurity Tools & Technologies for the next 5 to 10 Years. The talk discusses CyberScenarios for Scenario 2018: Integrated Physical & CyberSecurity, Scenario 2019: Adaptive Security including the "Internet of Things & "Smart Security", Scenario 2020: Self-Learning Security using Machine Learning, Scenario 2025 Intellgent Security based upon Networked Artificial Intellgence & finally Scenario 2040 (!) - Neural Security based upon Advanced Deep Learning & Artificial General Intelligence where we may see the emergence of "Artificial Silicon Life"?! In each scenario we explore the emergent tools & provide some concrete examples of Advanced CyberSecurity Applications that are already available for Governments & Enterprises. the talk also touches upon the Integration of Biometrics & Digital Forensics into the 21st Century Cyber Toolkit. We also mention the role of Blockchains and CryptoCurrencies in the provision of Secure Encrypted "Peer-to-Peer" Financial Records & "Networked Spreadsheets"! Talk concludes with Recommendations for the TOP 10 Actions that YOUR CSO can execute to provide maximal CyberDefence for your Business or Agency! This talk was given on the Tuesday 21st November 2017 @ the 36th International East-Wet Security Conference @ Seville, Spain - by Dr David E Probert.
Cyber Threats & Defence! - "Intelligent CyberSecurity"!Dr David Probert
Presentation discusses TOP 10 CyberSecurity Threats - Exploration, Penetration & Attack! We review some recent Case Studies of CyberCrime, CyberTerrorism & Cyber Political & Hacktivist Attacks. The Threats discussed include: !1) APT - Advanced Persistent Attacks, (2) Stealth Monitoring with Loggers & Cams, (3) Toxic eMail & Social Phishing (4) Database SQL Attacks & Web Hacks, (5) Classic Malware, Viruses & Trojans, (6) Authentication/Compliance Hacks including Missing Patches & Password Dictionaries, (7) Custom Design "Bot" such as Stuxnet & Flame, (8) Toxic Cookies, DNS & Proxy Re-Direction, (9) DDoS - Distributed Denial of Service Attacks and finally (10) Ransomware using Toxic Scripts such as Petya & WannaCry! The presentation concludes with recommendations for ways to defend against such attacks including both Technical and Operationsl Action Plans. We stress the importance of appointing a BOARD LEVEL Chief Security Officer to manage ALL aspects of both Cyber & Physical Security for your Enterprise or government Agency. This talk was given on the Tuesday 21st November 2017 at the 36th East-West International Security Conference @ the Melia Hotel - Seville, Spain - by Dr David E Probert.
Presentation on Smart Security given at the International East-West Security Conference - Rome - November 2016. We begin with reviewing the 21stC Security Landscape including CyberCrime, CyberTerror, CyberEspionage and CyberWar. Specific Topics covered include Integrated Physical & CyberSecurity such as PSIM and SIEM Technologies, Tools & Solutions. The Smart Security Architectures discussed are those from the UN/ITU (United Nations - International Telecommunications Union), NATO, NIST, EU/ENISA, SANS, IEEE and ISO/IEC. The presentation reviews recent Cyber Attacks and analyses the impact on BotNets such as MiraiNet that originate from the "Internet of Things". Finally we discuss Smart Security Defence for Critical National Information Infrastructure and suggest Practical Actions & RoadMap for YOUR Business!
Project KolaNet - Rethinking IT Support for the EnvironmentDr David Probert
Presentation given @ Kola Science Centre, Apatity, Russia for the 7th Anniversary Celebration of the Launch of the International KolaNet Project in the Russian Arctic Kola Peninsula ( Russian Lapland ). The Project Mission was to use advanced digital networking, computing and sensor technologies to provide a "quick response" in case of a possible nuclear accident within the Russian Murmansk Region.
Embedding Artificial Intelligence in the EnterpriseDr David Probert
Influential Presentation that was presented during DECVille 1988 @ the Cannes Palais des Congress for Digital Equipment Corporation (DEC). The author introduces the concept of the "Knowledge Lens" which is used to show how Artificial Intelligence (A.I.) is now being embedded in enterprise products, software and applications. The talk also discusses the 3 Ages of Computing that span the 1960s to 21st Century. This talk was subsequently used as the basis of a Keynote Speech for the British Computer Society Conference on Expert Systems that was held in Brighton, UK during December 1988.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
Development of National Cybersecurity Strategy and Organisation
1. “Developing a
National and Organizational
Cybersecurity Strategy”
Dr David E. Probert
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
1
Dr David E. Probert
2. * ITU Cybersecurity Strategy *
“3-Day Workshop Overview”
S1- Mon: 9:30-11:00
“The Cybersecurity
S2-Mon: 11:30-13:00
“The Need for Action!”
S3 - Mon:14:00-15:30
Group Session:
“Developing the
S4 - Mon:16:00-17:30
Group Session:
“Group Discussion:“The Cybersecurity
Challenge!...”
“The Need for Action!” “Developing the
National Cybersecurity
Action Plans”
“Group Discussion:
National Cybersecurity
Action Plans”
S5- Tues: 9:30-11:00
ITU Cyber Agenda: 1
“Cybercrime and
Legislation”
S6-Tues: 11:30-13:00
ITU Cyber Agenda: 2
“Technological Risks
and Solutions”
S7 -Tues:14:00-15:30
Group Session:
“Developing the
National Legislation and
Regulations”
S8 -Tues:16:00-17:30
Group Session:
“Group Discussion:
National Legislation
and Regulations”
S9- Wed: 9:30-11:00 S10-Wed:11:30-13:00 S11-Wed:14:00-15:30 S12-Wed:16:00-17:30
Workshop PresentationsWorkshop PresentationsWorkshop PresentationsWorkshop Presentations
Workshop PresentationsWorkshop PresentationsWorkshop PresentationsWorkshop Presentations
Group Tasks & DiscussionsGroup Tasks & DiscussionsGroup Tasks & DiscussionsGroup Tasks & Discussions
Group Tasks & DiscussionsGroup Tasks & DiscussionsGroup Tasks & DiscussionsGroup Tasks & Discussions
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
2
S9- Wed: 9:30-11:00
ITU Cyber Agenda: 3
“Operational Risks
and Organisational
Structures”
S10-Wed:11:30-13:00
ITU Cyber Agenda: 4&5
“Capacity Building
and Collaboration”
S11-Wed:14:00-15:30
Group Session:
“Working on the
Jamaican Cybersecurity
Plans & Roadmap”
S12-Wed:16:00-17:30
Group Session:
“The Jamaican
Cybersecurity Action
Plans & Roadmap”
3. Securing Jamaica in Cyberspace!
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
3
4. Jamaican & Caribbean Connectivity
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
4
5. From Buccaneers to “Cyber-Pirates”!
17th – 19th Centuries = Maritime Security
Attacks & Raids from the Sea
Protection of Coastal RegionsProtection of Coastal Regions
Regional Buccaneers & Pirates
20th Century = Territorial & Aerial Security
Physical, Financial & Political Crimes
Networked Physical Security
Establishment of United Nations
21st Century = Global Cyber Security
Cybercrime, Cyber Risks & Threats
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
5
Cybercrime, Cyber Risks & Threats
Emergence of Information Security
Establishment of the UN/ITU – GCA
* Global Cybersecurity Agenda *
6. ITU: High-Level Expert Group –
Global Cybersecurity Agenda
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
6
7. The ITU GCA - GlobalThe ITU GCA - Global
Cybersecurity Agenda:
1 – Legal Measures
2 – Technical Measures
3 – Organisational Measures
4 – Capacity Building
5 – International Cooperation
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
7
8. ITU GCA – Seven Strategic Goals
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
8
9. Securing Jamaica in Cyberspace!
---- (1)(1)(1)(1) ––––
---- (4)(4)(4)(4) –––– CapacityCapacityCapacityCapacity BuildingBuildingBuildingBuilding
---- (1)(1)(1)(1) ––––
Legal MeasuresLegal MeasuresLegal MeasuresLegal Measures ---- (2)(2)(2)(2) ––––
Technical &Technical &Technical &Technical &
ProceduralProceduralProceduralProcedural
MeasuresMeasuresMeasuresMeasures
----(3)(3)(3)(3) ––––
OrganizationalOrganizationalOrganizationalOrganizational
StructuresStructuresStructuresStructures
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
9
---- (5)(5)(5)(5) –––– International CollaborationInternational CollaborationInternational CollaborationInternational Collaboration
10. Securing the Caribbean in Cyberspace!
Caribbean Region
- 1830 -
- (4) – Capacity Building
- (1) –
Legal
Measures
- (3) –
Organisational
Structures
- (2) –
Technical
&
Procedural
Measures
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
10
- (5) – Regional and International Collaboration
11. * ITU Cybersecurity Strategy *
“3-Day Workshop Overview”
S1- Mon: 9:30-11:00
“The Cybersecurity
S2-Mon: 11:30-13:00
“The Need for Action!”
S3 - Mon:14:00-15:30
Group Session:
“Developing the
S4 - Mon:16:00-17:30
Group Session:
“Group Discussion:“The Cybersecurity
Challenge!...”
“The Need for Action!” “Developing the
National Cybersecurity
Action Plans”
“Group Discussion:
National Cybersecurity
Action Plans”
S5- Tues: 9:30-11:00
ITU Cyber Agenda: 1
“Cybercrime and
Legislation”
S6-Tues: 11:30-13:00
ITU Cyber Agenda: 2
“Technological Risks
and Solutions”
S7 -Tues:14:00-15:30
Group Session:
“Developing the
National Legislation and
Regulations”
S8 -Tues:16:00-17:30
Group Session:
“Group Discussion:
National Legislation
and Regulations”
S9- Wed: 9:30-11:00 S10-Wed:11:30-13:00 S11-Wed:14:00-15:30 S12-Wed:16:00-17:30
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
11
S9- Wed: 9:30-11:00
ITU Cyber Agenda: 3
“Operational Risks
and Organisational
Structures”
S10-Wed:11:30-13:00
ITU Cyber Agenda: 4&5
“Capacity Building
and Collaboration”
S11-Wed:14:00-15:30
Group Session:
“Working on the
Jamaican Cybersecurity
Plans & Roadmap”
S12-Wed:16:00-17:30
Group Session:
“The Jamaican
Cybersecurity Action
Plans & Roadmap”
12. * Workshop Session 1 *
The Cybersecurity Challenge
1 – Jamaica in Cyberspace 2 - Stakeholders 3 – Critical Service Sectors
4 – Cyber Threats 5 – Cyber Attacks 6 – Recent Case Studies
7 - $$$ Financial Impacts 8 – Trade & Political Impacts 9 - Jamaica: Strategic Needs
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
12
13. * Workshop Session 1 *
The Cybersecurity Challenge
1 – Jamaica in Cyberspace 2 - Stakeholders 3 – Critical Service Sectors
4 – Cyber Threats 5 – Cyber Attacks 6 – Recent Case Studies
7 - $$$ Financial Impacts 8 – Trade & Political Impacts 9 - Jamaica: Strategic Needs
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
13
14. “Securing Jamaica in Cyberspace”
During this 3-day intensive ITU Workshop we’ll work
together to develop:
An Action Plan for Cybersecurity in Jamaica
Models for National & Organizational Cybersecurity Agencies
An Outline Action Roadmap for Implementing and Managing
Cybersecurity within Jamaica during the next 12 – 18 months
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
We begin by exploring the threats from cybercrime &
cyber attacks upon the government & business sectors.
14
15. * Workshop Session 1 *
The Cybersecurity Challenge
1 – Jamaica in Cyberspace 2 - Stakeholders 3 – Critical Service Sectors
4 – Cyber Threats 5 – Cyber Attacks 6 – Recent Case Studies
7 - $$$ Financial Impacts 8 – Trade & Political Impacts 9 - Jamaica: Strategic Needs
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
15
16. Cybersecurity Stakeholders
Everyone sector has some interest in cybersecurity:
Jamaican Government: Ministries, Parliament, Regional & Local
Administrations, Military & Civil Defence, Emergency Services
Jamaican Business Sectors: Banking, Financial, Airline, Road &
Rail Transportation, Telecommunications, Power & Water Utilities,
Education, Healthcare, Tourism, Agriculture & Manufacturing.
Jamaican Citizens: Risk of Personal Identify Theft and Losses from
On-Line Cybercrimes such as Phishing Attacks, Spam, & Hacking.
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
On-Line Cybercrimes such as Phishing Attacks, Spam, & Hacking.
16
17. * Workshop Session 1 *
The Cybersecurity Challenge
1 – Jamaica in Cyberspace 2 - Stakeholders 3 – Critical Service Sectors
4 – Cyber Threats 5 – Cyber Attacks 6 – Recent Case Studies
7 - $$$ Financial Impacts 8 – Trade & Political Impacts 9 - Jamaica: Strategic Needs
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
17
18. Critical Service Sectors (Business)
Every nation is dependant upon critical service sectors
in order to function efficiently for its citizens…
…..These are the sectors that may be the targets for
cyberattacks from criminals, terrorists or hackers.
Critical Sectors within the Jamaican Economy would
certainly include:
Travel, Transportation and Tourism
Banking and Financial Institutions
Power and Water Utilities Network
Telecommunications and Mobile Networks
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
Telecommunications and Mobile Networks
Agriculture & Fisheries Production Value-Chain
…………Cybersecurity is not just a technological ICT issue!
18
19. Critical Service Sectors (Government)
Overall responsibility for cybersecurity strategy, laws
and regulations lies with the Jamaican Government &
Cabinet Ministries including:Cabinet Ministries including:
Office of the Prime Minister – Overall responsibility for national
cybersecurity strategy, organisation and implementation.
Ministry of National Security – Specific in-depth responsibility for
the management & integration of cybersecurity within the fields of
physical, information, intelligence & communications security.
Ministry of Justice – Developing of Legislation & Regulations
against the threats from cybercrimes & cyberattacks
Ministry of Finance – Protection of the national banking & financial
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
Ministry of Finance – Protection of the national banking & financial
services infrastructure in partnership with banking sector.
Ministry of Foreign Affairs – Collaboration with international
partners to combat cybercrime, cyber attacks & cyber terrorism.
19
20. Cybersecurity for US Defence:
“The Pentagon’s Cyberstrategy”
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
20
21. * Workshop Session 1 *
The Cybersecurity Challenge
1 – Jamaica in Cyberspace 2 - Stakeholders 3 – Critical Service Sectors
4 – Cyber Threats 5 – Cyber Attacks 6 – Recent Case Studies
7 - $$$ Financial Impacts 8 – Trade & Political Impacts 9 - Jamaica: Strategic Needs
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
21
22. “Visualisation of Cyberspace”: Global IP WHOIS Addresses
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
22
23. Cyber Threats
Cyber Criminals: Digital Fraud & Forgery, Extortion, Digital “Advanced
Fee” Scams, ID Theft, Digital Money Laundering, Offensive &
Pornographic Materials, Drug Trafficking, Cyber Stalking & Hate Crimes.
Cyber Terrorists: Denial of Service, Website Defacement, Theft of
Secret Information & Intelligence, On-Line Blackmail, Disruption of
Critical Infrastructure such as Airports, Power Stations, Hospitals, and
the National Clearing Banking Networks.
Cyber Warfare: Closely related to cyber terrorism, and applied when
there is a concerted cyber attack from a region or nation against the
infrastructure and citizens of some other defined region or nation.
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
Cyber Hackers: Skilled Individuals and “Researchers” that will initiate
malicious attacks for the penetration of secure systems and theft of
secret documents & databases from both governments & businesses.
23
24. Typical Cybercrime Threats
(a) – Hardware & Software Keyloggers (b) – Email Phishing
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
24
(c) – Advance Fee Scam (d) – Denial of Service
25. Cybercrime in Jamaica
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
25
26. Jamaican Cybercrime & Counterfeiting : 2010
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
26
27. Jamaica: Lottery Scam
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
27
28. USB Memory Stick: Cybersecurity Info Risk
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
28
29. Evolution of Spam Attacks
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
29
30. Typical “Botnet” Cyberattack
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
30
31. * Workshop Session 1 *
The Cybersecurity Challenge
1 – Jamaica in Cyberspace 2 - Stakeholders 3 – Critical Service Sectors
4 – Cyber Threats 5 – Cyber Attacks 6 – Recent Case Studies
7 - $$$ Financial Impacts 8 – Trade & Political Impacts 9 - Jamaica: Strategic Needs
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
31
32. Cyber Attacks
Industrialisation and Mainstreaming of Cyber Attacks:
(1) Researchers & Cyber Software Creators of Malicious Codes : Often
creative talented computer scientists that have turned their skills to
tools for illegal penetration & control of secure systems
(2) “Botnet” - Farmers & Herders : They are responsible for the illegal
international distribution and infection of target “zombie” networked
laptops PCs & Servers within homes and offices. The malicious codes
(malware such as viruses & trojans) are spread through spam emails,
infected websites and “backdoor” attacks.
(3) “Commercial Botnet Dealers” : They sell access to herds of
“zombie” infected machines. The embedded malicious code can be
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
“zombie” infected machines. The embedded malicious code can be
triggered to stimulate “Denial of Service (DDoS)” attacks on target
servers & websites. The aim is usually to maximise economic and
political damage upon the targeted nation and associated businesses.
…..For further information see the ITU “BotNet” Mitigation Toolkit(2008)
32
33. * Workshop Session 1 *
The Cybersecurity Challenge
1 – Jamaica in Cyberspace 2 - Stakeholders 3 – Critical Service Sectors
4 – Cyber Threats 5 – Cyber Attacks 6 – Recent Case Studies
7 - $$$ Financial Impacts 8 – Trade & Political Impacts 9 - Jamaica: Strategic Needs
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
33
34. Recent Cyber Case Studies
Estonia : May 2007
Targeted at Government & Banking Servers – and immobilised
national & commercial economic infrastructure for several daysnational & commercial economic infrastructure for several days
Georgia : August 2008
Targeted at Government Servers including Parliament & Ministry of
Foreign Affairs, and the National & Commercial Banking Network.
South Korea : July 2009
Targets included the Defence Ministry, Presidential Offices, National
Assembly, and Korea Exchange Banks. This attack was also
simultaneously targeted at various high-profile US Sites & Servers
such as the NY Stock Exchange, White House & Pentagon.
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
such as the NY Stock Exchange, White House & Pentagon.
…….Small scale penetrations & cyber attacks continue on an almost 24/7
against certain countries, targeted regimes and business interests.
34
35. * Workshop Session 1 *
The Cybersecurity Challenge
1 – Jamaica in Cyberspace 2 - Stakeholders 3 – Critical Service Sectors
4 – Cyber Threats 5 – Cyber Attacks 6 – Recent Case Studies
7 - $$$ Financial Impacts 8 – Trade & Political Impacts 9 - Jamaica: Strategic Needs
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
35
36. $$$ Financial Impacts
Cyber attacks can have significant financial & commercial
impacts including:
Banks: Partial Loss of Banking & Financial Revenues during period
of attacks on banking infrastructure such as the national clearingof attacks on banking infrastructure such as the national clearing
bank & retail ATM networks. There may also be loss of bank
account and credit card details which will compromise customers.
Airports: Possible closure of national airline transportation hubs
such as International (Kingston) and Regional Airports (Montego
Bay), which in turn will result in lost tourist, hotel and resort
revenues.
Investment: Following cyber attacks there may be some of
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
Investment: Following cyber attacks there may be some of
confidence in the targeted nation with regards to the resilience of
its critical service infrastructure. This will in turn result in reduced
foreign investment, fewer tourists and reduced business growth.
36
37. $ IMPACT: Trade, Economics and Public Finance
Sub-category Impact Level 0 Impact Level 1 Impact Level 2 Impact Level 3 Impact Level 4 Impact Level 5 Impact Level 6
Impact on
Public Finances
Minimal impact Cause a loss to
Public Sector of
up to
Cause a loss to
Public Sector of
up
Cause a loss to
HMG/Public
Sector of
£millions
Cause a loss to
HMG/ Public
Sector of £10s
millions
Cause short
term material
damage to
national finances
Cause major,
long term
damage to the
economy
up to
£10,000 to £1 million £millions millions national finances
or economic
interests (to an
estimated total
up to
£1 billion)
economy
(to an estimated
total in
excess of £10s
billions)
Impact on Trade
and Commerce
None None Undermine the
financial viability
of a number of
UK SMEs
Undermine the
financial
viability of a
minor UK-based
or UK-owned
organisation
Undermine the
financial
viability of a
major UK-based
or UK-owned
organisation
Cause material
damage to
international
trade or
commerce,
directly and
Cause major,
long term
damage to
global trade or
commerce,
leading to
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
organisation organisation directly and
noticeably
reducing
economic growth
in the UK
leading to
prolonged
recession or
hyperinflation in
the UK
37
38. * Workshop Session 1 *
The Cybersecurity Challenge
1 – Jamaica in Cyberspace 2 - Stakeholders 3 – Critical Service Sectors
4 – Cyber Threats 5 – Cyber Attacks 6 – Recent Case Studies
7 - $$$ Financial Impacts 8 – Trade & Political Impacts 9 - Jamaica: Strategic Needs
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
38
39. Trade & Political Impacts
Besides the financial impacts, cyberattacks could have wider
impacts upon Jamaica including:
Confidence: Loss of confidence in the government’s ability to defend theConfidence: Loss of confidence in the government’s ability to defend the
nation, critical service infrastructure and the economy in cyberspace
Tourism: Significant reduction in travel, tourism and resort revenues
Trade: Temporary closure of the Banking & Financial Infrastructure
following major cyber attacks could lead to suspension of trade &
exports of high value agricultural produce within Jamaican Ports
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
Defence: Possible Loss of secret government, military and defence data
& information, maybe through stolen laptops, memory chips, or
penetrated “secure” servers by malicious code of compromised staff
39
40. * Workshop Session 1 *
The Cybersecurity Challenge
1 – Jamaica in Cyberspace 2 - Stakeholders 3 – Critical Service Sectors
4 – Cyber Threats 5 – Cyber Attacks 6 – Recent Case Studies
7 - $$$ Financial Impacts 8 – Trade & Political Impacts 9 - Jamaica: Strategic Needs
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
40
41. Jamaica: Strategic Cyber Agenda
Jamaica's Security in 21stC Cyberspace requires:
(1) – Upgraded Laws, Legislation, Polices and Regulations
(2) – New Technological Measures and Operational Procedures
(3) - National Jamaican Government Cybersecurity Agency
(4) - Cybersecurity Teams within major businesses and critical
service sectors such as Banking/Finance, Energy & Water Utilities,
Telecommunications, Transportation, Ports, Tourism, & Agriculture
(5) - Cybersecurity Cultural Awareness and Professional Training
Courses leading to Certification to accepted International Standards
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
Courses leading to Certification to accepted International Standards
(6) - International Collaboration and Partnerships with organisations
such as Interpol that are focused upon tackling global cybercrime.
41
42. * ITU Cybersecurity Strategy *
“3-Day Workshop Overview”
S1- Mon: 9:30-11:00
“The Cybersecurity
S2-Mon: 11:30-13:00
“The Need for Action!”
S3 - Mon:14:00-15:30
Group Session:
“Developing the
S4 - Mon:16:00-17:30
Group Session:
“Group Discussion:“The Cybersecurity
Challenge!...”
“The Need for Action!” “Developing the
National Cybersecurity
Action Plans”
“Group Discussion:
National Cybersecurity
Action Plans”
S5- Tues: 9:30-11:00
ITU Cyber Agenda: 1
“Cybercrime and
Legislation”
S6-Tues: 11:30-13:00
ITU Cyber Agenda: 2
“Technological Risks
and Solutions”
S7 -Tues:14:00-15:30
Group Session:
“Developing the
National Legislation and
Regulations”
S8 -Tues:16:00-17:30
Group Session:
“Group Discussion:
National Legislation
and Regulations”
S9- Wed: 9:30-11:00 S10-Wed:11:30-13:00 S11-Wed:14:00-15:30 S12-Wed:16:00-17:30
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
42
S9- Wed: 9:30-11:00
ITU Cyber Agenda: 3
“Operational Risks
and Organisational
Structures”
S10-Wed:11:30-13:00
ITU Cyber Agenda: 4&5
“Capacity Building
and Collaboration”
S11-Wed:14:00-15:30
Group Session:
“Working on the
Jamaican Cybersecurity
Plans & Roadmap”
S12-Wed:16:00-17:30
Group Session:
“The Jamaican
Cybersecurity Action
Plans & Roadmap”
43. * Workshop Session 2 *
The Need for Action!
1 –Aim: Jamaican Action Plan 2 – Cybersecurity Costs 3 – Annual Cyber-Budgets
4 – Cybersecurity Benefits 5 – Benefits: Critical Sectors 6 – National Case Studies
7 – Jamaican Cyber Strategy 8 – ITU GCA Strategic Pillars 9 – Organisational RoadMap
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
43
44. * Workshop Session 2 *
The Need for Action!
1 –Aim: Jamaican Action Plan 2 – Cybersecurity Costs 3 – Annual Cyber-Budgets
4 – Cybersecurity Benefits 5 – Benefits: Critical Sectors 6 – National Case Studies
7 – Jamaican Cyber Strategy 8 – ITU GCA Strategic Pillars 9 – Organisational RoadMap
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
44
45. Towards the Jamaican Action Plan
Action Plan: During this session we outline the essential
features of a Cybersecurity Action Plan for Jamaica
Cost Benefits Analysis: We’ll also consider the Economic
Case for Action based upon a “Cost Benefit Analysis”
and the multi-year “Total Cost of Ownership” (TCO) for
the Jamaican government & major businesses
National Case Studies: There are already numerous
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
National Case Studies: There are already numerous
models for national cybersecurity actions plans from
countries in Europe, the Americas, Asia and the Far East
45
46. International Stakeholders for
the Cybersecurity Ecosystem
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
46
47. * Workshop Session 2 *
The Need for Action!
1 –Aim: Jamaican Action Plan 2 – Cybersecurity Costs 3 – Annual Cyber-Budgets
4 – Cybersecurity Benefits 5 – Benefits: Critical Sectors 6 – National Case Studies
7 – Jamaican Cyber Strategy 8 – ITU GCA Strategic Pillars 9 – Organisational RoadMap
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
47
48. Cybersecurity Costs : Short-Term
1) National Cyber Agency: Establishment of a possible National Jamaican
Cybersecurity Agency within the Central Government MinistriesCybersecurity Agency within the Central Government Ministries
2) CIIP: Long Term Critical Information Infrastructure Protection (CIIP)
3) System Upgrades: Technical Infrastructure Upgrades including Hardware,
Software, Databases, Secure Network Links, Biometrics & RFID
4) Back-Up: Disaster Recovery, Business Continuity and Back-Up Systems
5) Physical : Physical Security Applications – CCTV, Alarms, Control Centre
6) Awareness Campaign: Government Campaign for cybersecurity awareness
7) Training: National Cybersecurity Skills & Professional Training Programme
8) Encryption: National User & Systems PKI Authentication Programme
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
8) Encryption: National User & Systems PKI Authentication Programme
9) Laws: Costs for Drafting and Enforcing Cyber Laws. Policies & Regulations
48
49. * Workshop Session 2 *
The Need for Action!
1 –Aim: Jamaican Action Plan 2 – Cybersecurity Costs 3 – Annual Cyber-Budgets
4 – Cybersecurity Benefits 5 – Benefits: Critical Sectors 6 – National Case Studies
7 – Jamaican Cyber Strategy 8 – ITU GCA Strategic Pillars 9 – Organisational RoadMap
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
49
50. Annual Cybersecurity Budgets
Managing cybersecurity is an ongoing task with a continuous
need for government & business systems upgrades, staff
training, and response to emergency cyber events & alerts
Annual Security Budgets will need to include allowances for:
Staff salaries & operational costs for the proposed National Cyber Agency
Costs for tackling cybercrime through a possible National Cybercrime Unit
Management of cybersecurity by Jamaican Military & Defence Organisation
Costs of required annual security audits to ensure ongoing compliance
Professional training courses at leading Jamaican Institutions such as UTECH
Costs for maintaining “best practice” cybersecurity within each of the critical
service sectors within the Jamaican Economy such as Banking, Tourism & Trade
Regular Systems, Computing & Communications reviews & upgrades for all
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
Regular Systems, Computing & Communications reviews & upgrades for all
secure government computing centres, as well as those for major enterprises
On-going costs top support extensive international partnerships & collaboration
50
51. * Workshop Session 2 *
The Need for Action!
1 –Aim: Jamaican Action Plan 2 – Cybersecurity Costs 3 – Annual Cyber-Budgets
4 – Cybersecurity Benefits 5 – Benefits: Critical Sectors 6 – National Case Studies
7 – Jamaican Cyber Strategy 8 – ITU GCA Strategic Pillars 9 – Organisational RoadMap
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
51
52. Cybersecurity Benefits: Government
Improved cybersecurity provides significant benefits to the
Government & Critical National Utilities including:
eGovernment: Fully secure & cost effective delivery of on-line
services to both citizens and businesses, such as taxes & customs,services to both citizens and businesses, such as taxes & customs,
social welfare, civil & land registries, passports & driving licences
eDefence: Early warning, alerts and defences against cyberattacks
through national CERT (Computer Emergency Response Centre)
Cybercrime: Investigate, Digital Forensics and Prosecution of
cybercrimes such ID & Financial Theft, “Computer Misuse,
Laundering, On-Line Drug Trafficking & Pornographic Materials
Cyberterrorism: Ability to assess, predict and prevent potential major
cyber terrorist attacks, and to minimise damage during events
Power & Water Utilities: Prevent malicious damage to control systems
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
Power & Water Utilities: Prevent malicious damage to control systems
Telecommunications: Top security of government communications
with alternative routings, encryption & protection against cyberattack
52
53. * Workshop Session 2 *
The Need for Action!
1 –Aim: Jamaican Action Plan 2 – Cybersecurity Costs 3 – Annual Cyber-Budgets
4 – Cybersecurity Benefits 5 – Benefits: Critical Sectors 6 – National Case Studies
7 – Jamaican Cyber Strategy 8 – ITU GCA Strategic Pillars 9 – Organisational RoadMap
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
53
54. Business Benefits: Critical Sectors
Banking & Finance: This sector, at the heart of the economy, has most
to gain from improved cybersecurity for its financial databases, secure
transactions & national networks
Air Transportation: Island Jamaica is totally dependant upon theAir Transportation: Island Jamaica is totally dependant upon the
security and safety of its airport infrastructure including the facilities,
airline networks, staff, assets & support services
Travel & Tourism: International visitors and tourists place a high value
upon personal safety & security, so improved cybersecurity & reduced
cybercrime will help boost tourism revenues
Agriculture & Fisheries: Even the Jamaican agricultural value-chain has
a high dependence upon secure computing applications & networks
Ports & International Trade: International trade is now highly automated
with real-time management of the Jamaican Ports & Export/Import
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
with real-time management of the Jamaican Ports & Export/Import
Shipments. Cybersecurity upgrades will improve the overall security,
and system resilience to malicious attacks by criminals or terrorists.
54
55. * Workshop Session 2 *
The Need for Action!
1 –Aim: Jamaican Action Plan 2 – Cybersecurity Costs 3 – Annual Cyber-Budgets
4 – Cybersecurity Benefits 5 – Benefits: Critical Sectors 6 – National Case Studies
7 – Jamaican Cyber Strategy 8 – ITU GCA Strategic Pillars 9 – Organisational RoadMap
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
55
56. National Security Case Studies
UK Government: Cybersecurity Strategy for the UK – Safety, Security &
Resilience in Cyberspace (UK Office of Cybersecurity – June 2009)
US Government: Cyberspace Policy Review – Assuring a Trusted and
Resilient Information and Communications Infrastructure – May 2009
Canada: Canadian Cyber Incident Response Centre (CCIRC) – IntegratedCanada: Canadian Cyber Incident Response Centre (CCIRC) – Integrated
within the Strategic Government Operations Centre (GOC)
Australia: Australian Cybersecurity Policy and Co-ordination Committee
(CSPC – Nov 2009), within the Attorney-General’s Government Dept
Malaysia: “Cybersecurity Malaysia” – Mosti : Ministry of Science, Technology
& Innovation, and includes the MyCERT & Training Centre
Singapore: Cybersecurity Awareness Alliance & the IDA Security Masterplan
(Sept 2009) -Singapore Infocomm Techology Security Authority - SITSA
South Korea: Korea Internet and Security Agency (KISA – July 2009)
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
Latin America : CITEL/OAS has developed regional cybersecurity strategy
European Union: ENISA – European Network and Information Security
Agency (September 2005) tackles all aspects of cybersecurity & cybercrime
for the countries of the European Union and beyond
56
57. UK Office of Cybersecurity – OCS & CSOC
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
57
58. US Government : Cybersecurity Review
* 60-Day *
Policy Review
May 2009
Policy Review
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
58
59. Canadian Government
The Canadian Cyber Incident Response Centre (CCIRC) monitors the cyber threat
environment around the clock and is responsible for coordinating the national
response to any cyber security incident. Its focus is the protection of national
critical infrastructure against cyber incidents. The Centre is a part of the
Government Operations Centre and a key component of the government's all-
hazards approach to national security and emergency preparedness.hazards approach to national security and emergency preparedness.
CCIRC works with national and international counterparts to collect, analyze and
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
CCIRC works with national and international counterparts to collect, analyze and
disseminate data on cyber threats. The Centre provides analytical releases, as well
as a variety of information products and services specifically for IT professionals
and managers of critical infrastructure and other related industries.
59
60. Singapore Government : SITSA
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
60
61. South Korea Government: KISA
KISA = “Korean Internet & Security Agency”
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
61
62. KISA : Korea Internet & Security Agency
KISA(Korea Internet & Security Agency) was established as the public
corporation responsible for managing the Internet of Korea on July 23th,
2009, by merging three institutes NIDA, KISA, and KIICA.
NIDA(National Internet Development Agency of Korea)
KISA(Korean Information Security Agency)
KIICA(Korea IT International Cooperation Agency)
KISA has the following roles:
Protects Internet infrastructure from hacking cyber-terror, spam and other malicious activities
Operates krCERT CC (Korea Computer Emergency Response Team Coordination Center) to
improve Internet security in Korea
Supporting international organizations such as ITU and OECD and assisting Korean IT companies
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
Supporting international organizations such as ITU and OECD and assisting Korean IT companies
Specifically, KISA manages the Internet address resources such as IP address and .kr domain
name as the national NIC (Network Information Center), and also researches for the next
generation Internet address resources of Korea.
62
63. Latin America : CITEL/OAS
Within Latin America & Caribbean, CITEL and the OAS are working
together on Regional Cybersecurity Strategy & Plans with ITU support:
CITEL = Inter-American Telecomms Commission
OAS = Organisation of American States
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
63
64. European Union : ENISA
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
64
65. * Workshop Session 2 *
The Need for Action!
1 –Aim: Jamaican Action Plan 2 – Cybersecurity Costs 3 – Annual Cyber-Budgets
4 – Cybersecurity Benefits 5 – Benefits: Critical Sectors 6 – National Case Studies
7 – Jamaican Cyber Strategy 8 – ITU GCA Strategic Pillars 9 – Organisational RoadMap
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
65
66. Jamaican Cyber Strategy Plan
1) Strategy: Define & Communicate National Cyber Strategy
2) Agency: Establish National Cybersecurity Agency (NCA)2) Agency: Establish National Cybersecurity Agency (NCA)
3) Upgrades: Roll-Out cybersecurity reviews and upgrades
for all government ministries, agencies & institutions
4) Budgets: Determine Investment & Operational Budgets
5) CIIP: Work with representatives of all the Critical Service
Sectors to define & implement cybersecurity action plans
6) Awareness: Roll-out national cybersecurity awareness
campaign to all stakeholders including citizens & business
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
campaign to all stakeholders including citizens & business
7) Skills: Establish professional cybersecurity skills training
66
67. * Workshop Session 2 *
The Need for Action!
1 –Aim: Jamaican Action Plan 2 – Cybersecurity Costs 3 – Annual Cyber-Budgets
4 – Cybersecurity Benefits 5 – Benefits: Critical Sectors 6 – National Case Studies
7 – Jamaican Cyber Strategy 8 – ITU GCA Strategic Pillars 9 – Organisational RoadMap
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
67
68. ITU GCA Strategic Pillars
We’ll consider each of the ITU GCA strategic pillars
in-depth during our 3-day cybersecurity workshop:
1) Legal & Regulation Measures – Tues @ 9:30
2) Technical & Process Measures – Tues @ 11:30
3) Organisational Structures – Weds @ 9:30
4) Capacity & Skills Building – Weds @ 11:30
5) International Collaboration – Weds @ 12:15
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
We’ll then develop an outline Jamaican Cybersecurity Roadmap!…
68
69. * ITU Cybersecurity Strategy *
“3-Day Workshop Overview”
S1- Mon: 9:30-11:00
“The Cybersecurity
S2-Mon: 11:30-13:00
“The Need for Action!”
S3 - Mon:14:00-15:30
Group Session:
“Developing the
S4 - Mon:16:00-17:30
Group Session:
“Group Discussion:“The Cybersecurity
Challenge!...”
“The Need for Action!” “Developing the
National Cybersecurity
Action Plans”
“Group Discussion:
National Cybersecurity
Action Plans”
S5- Tues: 9:30-11:00
ITU Cyber Agenda: 1
“Cybercrime and
Legislation”
S6-Tues: 11:30-13:00
ITU Cyber Agenda: 2
“Technological Risks
and Solutions”
S7 -Tues:14:00-15:30
Group Session:
“Developing the
National Legislation and
Regulations”
S8 -Tues:16:00-17:30
Group Session:
“Group Discussion:
National Legislation
and Regulations”
S9- Wed: 9:30-11:00 S10-Wed:11:30-13:00 S11-Wed:14:00-15:30 S12-Wed:16:00-17:30
* Legal ** Legal ** Legal ** Legal * * Technical** Technical** Technical** Technical*
*Organisation**Organisation**Organisation**Organisation* Capacity &Capacity &Capacity &Capacity &
ITU – Global
Cybersecurity
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
69
S9- Wed: 9:30-11:00
ITU Cyber Agenda: 3
“Operational Risks
and Organisational
Structures”
S10-Wed:11:30-13:00
ITU Cyber Agenda: 4&5
“Capacity Building
and Collaboration”
S11-Wed:14:00-15:30
Group Session:
“Working on the
Jamaican Cybersecurity
Plans & Roadmap”
S12-Wed:16:00-17:30
Group Session:
“The Jamaican
Cybersecurity Action
Plans & Roadmap”
*Organisation**Organisation**Organisation**Organisation* Capacity &Capacity &Capacity &Capacity &
CollaborationCollaborationCollaborationCollaboration
Cybersecurity
Agenda - GCA
70. * Workshop Session 2 *
The Need for Action!
1 –Aim: Jamaican Action Plan 2 – Cybersecurity Costs 3 – Annual Cyber-Budgets
4 – Cybersecurity Benefits 5 – Benefits: Critical Sectors 6 – National Case Studies
7 – Jamaican Cyber Strategy 8 – ITU GCA Strategic Pillars 9 – Organisational RoadMap
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
70
71. Jamaican Cybersecurity RoadMap
1st Quarter1st Quarter
2nd Quarter
3rd Quarter
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
71
4th Quarter
72. Critical Sectors: Cyber RoadMaps
Each Critical Service Sector such as Banking,
Telecommunications and Energy will require itsTelecommunications and Energy will require its
own Cyber Strategy, Action Plan & Roadmap:
During the Group Work Sessions we’ll work
in teams to develop Strategies, Actions and
Activities that are relevant for each sector…
We’ll also work together on the Laws, Policies
& Regulations that are required to significantly
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
72
& Regulations that are required to significantly
reduce Cybercrime, Cyber terrorism & Attacks…
73. # Action SHORT-TERM ACTION PLAN: APRIL – SEPTEMBER 2011
1 Government Cybersecurity Accountability
Consider making cybersecurity one of the Government’s main management accountabilities with clear success criteria.
2 Appoint National Cybersecurity Coordinator
Consider designating a senior Government Aide as National Cybersecurity Coordinator. The official should coordinate
cybersecurity activities across the Government and report to the appropriate national bodies
3 Complete and Promulgate National Cybersecurity Strategy
Consider using the template from the ITU Guidelines as a starting point for the National Cybersecurity Strategy. The
Strategy should have clear roles and responsibilities, priorities, timeframes and performance metrics. Thereafter, obtain
Government approval for the Cybersecurity Strategy.
Example of National Cybersecurity Action Plan: Short-Term
Government approval for the Cybersecurity Strategy.
4 Create National Cybersecurity Coordination Agency
In common with other countries, consider creating a multi-agency body as a focal point for all activities dealing with
protecting ’s cyberspace against threats such as cybercrime.
5 Define National Cybersecurity Framework
The framework should be flexible to allow stakeholder organisations to achieve the stated goals in the most efficient and
effective manner.
6 Initiate Public-Private Sector Cybersecurity partnership
The process should be transparent and consider all views.
7 Create Computer Incident Response Team (CIRT)
Consider creating a national CIRT to analyse cyber threat trends, improve response coordination and dissemination of
information across the Government, to industry, citizens and international partners.
8 Strengthen Legal and Regulatory System
Complete the Cybercrime Legislation Programme and enforce the new laws.
9 Initiate Cybersecurity Awareness and Education campaign
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
9 Initiate Cybersecurity Awareness and Education campaign
Consider working with the private sector and civil society to explain cyber threats to the citizens and their role in
defending cyberspace.
10 Define and initiate Cybersecurity Skills and Training Programme
Consider the experience of other countries in creating a cybersecurity skills and training programme with periodic
measurement of skills.
73
74. # Action MID-TERM ACTION PLAN: OCTOBER 2011 – JANUARY 2012
1 Define, localise and communicate Government cybersecurity Standards in areas such as Data Classification and
Staff Vetting and Clearance.
2 The National Cybersecurity Agency (NCA) should ensure that cybersecurity policies are in line with the new
Cybercrime legislation
3 Launch cybersecurity awareness campaign across Government and NCA website for government, commercial
and educational sectors with guidelines, standards and training materials.
4 As National Technical Authority for Information Assurance, the NCA should advise on how to secure
eGovernment Services.
5 Use formal channels to organise study trips for NCA Staff to other Cybersecurity Agencies
Example of National Cybersecurity Action Plan: Mid-Term
5 Use formal channels to organise study trips for NCA Staff to other Cybersecurity Agencies
6 Conduct in-depth cybersecurity review and audit of Government ministries, agencies and associated bodies.
7 Review Physical Security of organisations hosting critical infrastructure.
8 Parliamentary review of the proposed National Cybersecurity Act 2011
9 NCA Programme on Business Continuity and Disaster Recovery
10 Develop and Resource the national CIRT/CERT. In addition, develop national Cyber Incident Response
Framework involving public-private stakeholders. Also develop, test and exercise incident response plans for
Government emergency communications during natural disasters, cyberattacks, crisis or war as required by the
National Security Concept.
11 Implement six to nine months’ programme of Operational Cybersecurity upgrades. The activities may extend into
2011 and beyond.
12 Ensure that the Government Communications Network and all new services comply with the agreed
Government Authentication Framework.
13 Launch the Cybersecurity Skills and Training Programme for cybersecurity professionals and collaborate with
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
13 Launch the Cybersecurity Skills and Training Programme for cybersecurity professionals and collaborate with
commercial and educational sectors to boost cybersecurity Research and Development.
14 Secure Parliamentary, Cabinet & Government approval of the Cybersecurity Act 2011 and associated
Cybercrime legislation.
15 Organise an annual Regional Cybersecurity Conference to communicate progress, share views and promote
national Cybersecurity Programme.
74
75. ITU Self-Assessment Toolkit: Critical
Information Instructure Protection - CIIP
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
75
76. Initial Actions: National Cybersecurity
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
76
77. Actions: National CIIP Participants
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
77
78. Actions: Cyber Policy and Operations
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
78
79. Cybersecurity: Public & Private
Sector Partnership (PPP)
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
79
80. Actions: CIIP Incident Response
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
80
81. Actions: Update National Legislation
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
81
82. Actions: Cybersecurity
Cultural Awareness
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
82
83. Summary: National Cybersecurity
Action Plan and RoadMap
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
83
84. * ITU Cybersecurity Strategy *
“3-Day Workshop Overview”
S1- Mon: 9:30-11:00
“The Cybersecurity
S2-Mon: 11:30-13:00
“The Need for Action!”
S3 - Mon:14:00-15:30
Group Session:
“Developing the
S4 - Mon:16:00-17:30
Group Session:
“Group Discussion:“The Cybersecurity
Challenge!...”
“The Need for Action!” “Developing the
National Cybersecurity
Action Plans”
“Group Discussion:
National Cybersecurity
Action Plans”
S5- Tues: 9:30-11:00
ITU Cyber Agenda: 1
“Cybercrime and
Legislation”
S6-Tues: 11:30-13:00
ITU Cyber Agenda: 2
“Technological Risks
and Solutions”
S7 -Tues:14:00-15:30
Group Session:
“Developing the
National Legislation and
Regulations”
S8 -Tues:16:00-17:30
Group Session:
“Group Discussion:
National Legislation
and Regulations”
S9- Wed: 9:30-11:00 S10-Wed:11:30-13:00 S11-Wed:14:00-15:30 S12-Wed:16:00-17:30
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
84
S9- Wed: 9:30-11:00
ITU Cyber Agenda: 3
“Operational Risks
and Organisational
Structures”
S10-Wed:11:30-13:00
ITU Cyber Agenda: 4&5
“Capacity Building
and Collaboration”
S11-Wed:14:00-15:30
Group Session:
“Working on the
Jamaican Cybersecurity
Plans & Roadmap”
S12-Wed:16:00-17:30
Group Session:
“The Jamaican
Cybersecurity Action
Plans & Roadmap”
85. * Group Workshop Session 3 *
Developing Cybersecurity Action Plans
# Action SHORT-TERM ACTION PLAN: January - June 2011
1 Action Title
Action Description
2 Action Title
Action DescriptionAction Description
3 Action Title
Action Description
4 Action Title
Action Description
5 Action Title
Action Description
6 Action Title
Action Description
7 Action Title
Action Description
8 Action Title
Action Description
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
85
Action Description
9 Action Title
Action Description
10 Action Title
Action Description
86. * Group Workshop Session 3 *
Developing Cybersecurity Action Plans
Team Worksheet – Cybersecurity Action Plans
Task 1 – Choose Critical Sector: Banking, Energy, Government, Healthcare, EducationTask 1 – Choose Critical Sector: Banking, Energy, Government, Healthcare, Education
Task 2 - Identify and Discuss the Potential Cyber Threats and Risks to your Sector
Task 3 – Evaluation the Impact and Economic Damage of such Cyber Threats & Risks
Task 4 – Brainstorm the Possible Management Actions to Combat these Risks
Task 5 – Structure and Prioritise the chosen Actions for the Critical Sector
Task 6 – Complete the Cybersecurity Action Plan Template
Task 7 - Write a short presentation script & slides as CSO to “sell” your programme
……Focus on practical actions and think about the most efficient ways in which they can
be delivered with the staff, technical and operational resources at your disposal!
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
be delivered with the staff, technical and operational resources at your disposal!
86
87. Task Description: Government Sector
1) You have just been appointed as the new CSO (Chief Security Officer) for the
Government working within the Prime Minister’s Cabinet Office with top-level
responsibility for cybersecurity across all aspects of Government.
2) Your task is to prepare a report & short presentation to the Cabinet regarding
the technical and operational actions that should be taken across Government inthe technical and operational actions that should be taken across Government in
order to provide an adequate defence against cyberthreats & potential attacks.
3) Assume that the Government comprises around 20 Ministries including Foreign
Office, Home Office, Security, Defence, Transportation, Finance, Justice, Energy,
Environment, Healthcare and Industry, as well as Regional Administrations
4) There is already a Government Data Network and various ICT computer centres
and databases that are not yet secured against cyber threats & attacks
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
…..Plan your security priorities, and prepare a practical cybersecurity action plan
87
88. Task Description: Banking/Finance Sector
1) You have just been appointed as the CSO (Chief Security Officer) for a major
National Financial Institution with both retail & investment operations
2) Your task is to prepare a report and presentation for the Board of Management with
recommendations on the technical and operational actions that should be takenrecommendations on the technical and operational actions that should be taken
across the Financial Group to provide security against cybercriminal attacks
3) Assume that the Bank includes a large national retail network of local branches and
ATM machines, as well as on-line banking operations. Also assume that the
investment banking operations are networked with several other major global
banking networks and that stocks, bonds & commodities are traded in real-time
4) There have already been cybercriminal attacks on bank accounts & transactions in
the past year and you are asked by the CEO to ensure that any future attacks are
immediately detected, maybe with an in-house CERT, and any losses minimised
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
immediately detected, maybe with an in-house CERT, and any losses minimised
……Consider all the potential cyber threats and prioritise your action plan for the Board
88
89. Task Description: Telecomms/Mobile Sector
You have just been appointed as the CSO (Chief Security Officer) for the
National Telecommunications or Mobile Networking Carrier in Jamaica
Your task is to prepare a full report and presentation to your Board of
Management with recommendations for upgrading all aspects of cybersecurity,Management with recommendations for upgrading all aspects of cybersecurity,
specifically focusing upon the technical and operational procedures & measures
Assume that the National Telecomms and/or Mobile Operations comprises a
national distributed radio and landline network with a range of traditional
telecomms and broadband “new generation” IP technology switches & servers.
You are responsible for ALL aspects of network security including the private
leased line (VPN) networks for the government & large enterprises, as well as
the telecomms ISP operations which includes Hosted eCommerce WebSites,
VoIP & Gateways & Routers to other Regional and International Networks
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
VoIP & Gateways & Routers to other Regional and International Networks
…Consider all the threats and prioritise your actions in order to minimise the risks
and potential damage from future cyber attacks on the national telco network
89
90. Task Description: Transport/Airports Sector
You have just been appointed the CSO (Chief Security Officer) for the country’s
largest international airport (Kingston), including both passenger and cargo
operations, as well as associated regional airports (Montego Bay)
Your task is to prepare a report and presentation to the Board of Management
for the Airport with recommendations and action plan for the upgrading of allfor the Airport with recommendations and action plan for the upgrading of all
aspects of security across the airport/port operational and ICT facilities.
Assume that the Airport has both airside and landside operations, with multiple
domestic and international airlines flying routes to an intensive schedule. The
ICT assets include the real-time air traffic control, passenger & cargo screening
systems, staff and vehicle access, and the computerised dispatching network
and baggage handling network.
You are responsible as CSO for both the operational security and associated
security staff as well as all the cybersecurity aspects of the airport operation.
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
security staff as well as all the cybersecurity aspects of the airport operation.
…Consider all the possible cybercriminal and cyberterrorist threats to the airport
facilities and prioritise your action plan to minimise risks from potential attacks
90
91. Task Description: Energy/Utilities Sector
You have recently been appointed as the CSO (Chief Security Officer) for the
National Energy and Power Grid which provides most of the nation’s energy
Your task is to prepare a report and presentation for the Board of Management
with recommendations and action plan for upgrading all aspects of security withwith recommendations and action plan for upgrading all aspects of security with
respect to the National Power Grid and its regional centres and operations
Assume that the National Power Grid and Company has several large power
stations (non-nuclear) and distribution network across cities, towns & villages.
The ICT computer facilities include all the power station process control
networks & applications, as well as the 24/7 real-time management of energy
(electricity & gas flow) through the national power grid to business & end-users
You are responsible as CSO for both the technical aspects of ICT cybersecurity
as well as operational security for the power stations, offices and other facilities
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
as well as operational security for the power stations, offices and other facilities
….Consider all the possible cyberthreats and cyberterrorism that could impact the
national grid and prioritise a practical plan that minimises the risk of attack, and
reduces the collateral damage and disruption following any major power failure
91
92. * Group Workshop Session 3*
Developing Cybersecurity Sector Action Plans
Suggested Time Allocations for Task Actions: 90mins
1 – Task Assignment: Choose
your Critical Service Sector:
Task 2 – Define Cyberthreats Task 2 – Define Cyberthreats
Government, Banking/Finance
Telecomms, Transport, Energy
Task 3 – Evaluate the Potential
Impact & Economic Damage
from your list of cyberthreats
Task 4 – Discuss Management
Actions to Combat & Defend
against these Cyber Risks
Task 5 – Structure & Prioritise
Actions for your Critical Sector
(Colour-Code Actions by the 5 ITU
GCA Cybersecurity Strategy Pillars)
Task 6 – Complete the Sector
Cybersecurity Actions Plans for
the Short & Mid-Term: 2011
Task 7– Prepare Short 10 Min
Presentation of Action Plans
Task 7 – Prepare Short 10min
Presentation of Action Plans
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
92
Note: Each Task Time Segment = 10Mins
the Short & Mid-Term: 2011
93. Key to Cybersecurity Workshop Session
Colour-Code Classifications: Interactive Tasks
RED ORANGE YELLOW BLUE GREEN
Workshop
Colour Code
Monday
-Action
Plans -
(1) Legal (2) Technical (3) Organisation (4) Capacity (5) International
Tuesday
- Laws -
Information
Disclosure
Computer
Misuse
Forgery &
ID Fraud
Information
Interception
Copyright & Patents
Law
Wednesday
- Road
Map -
Q1-2011 Q2-2011 Q3-2011 Q4-2011 FY2012
Thursday
- ICT
Unauthorised
Info Access
DDoS-Denial of
Services MALWARE
Disclosure &
Misuse
Info Access &
Exploitation
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
- ICT
Security-
Friday
- Sector
Security -
Cyber Criminal
Threat
Cyber Terrorist
Threat
Malicious Hacking &
Exploitation
Internal
Operational Threat
Natural Disaster or
Other Event
93
94. * ITU Cybersecurity Strategy *
“3-Day Workshop Overview”
S1- Mon: 9:30-11:00
“The Cybersecurity
S2-Mon: 11:30-13:00
“The Need for Action!”
S3 - Mon:14:00-15:30
Group Session:
“Developing the
S4 - Mon:16:00-17:30
Group Session:
“Group Discussion:“The Cybersecurity
Challenge!...”
“The Need for Action!” “Developing the
National Cybersecurity
Action Plans”
“Group Discussion:
National Cybersecurity
Action Plans”
S5- Tues: 9:30-11:00
ITU Cyber Agenda: 1
“Cybercrime and
Legislation”
S6-Tues: 11:30-13:00
ITU Cyber Agenda: 2
“Technological Risks
and Solutions”
S7 -Tues:14:00-15:30
Group Session:
“Developing the
National Legislation and
Regulations”
S8 -Tues:16:00-17:30
Group Session:
“Group Discussion:
National Legislation
and Regulations”
S9- Wed: 9:30-11:00 S10-Wed:11:30-13:00 S11-Wed:14:00-15:30 S12-Wed:16:00-17:30
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
94
S9- Wed: 9:30-11:00
ITU Cyber Agenda: 3
“Operational Risks
and Organisational
Structures”
S10-Wed:11:30-13:00
ITU Cyber Agenda: 4&5
“Capacity Building
and Collaboration”
S11-Wed:14:00-15:30
Group Session:
“Working on the
Jamaican Cybersecurity
Plans & Roadmap”
S12-Wed:16:00-17:30
Group Session:
“The Jamaican
Cybersecurity Action
Plans & Roadmap”
95. * Group Workshop Session 4*
Team Discussion: Cybersecurity Sector Action Plans
Schedule: Task Presentations = 90mins
Group 1 = Government Group 1 = Government Group 2 = Banking/Finance
Group 2 = Banking/Finance Group 3 = Telecomms/Mobile Group 3 = Telecomms/Mobile
Group 4 = Transport or Energy Group 4 = Transport or Energy Group Discussion & Summary
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
95
Note: Each Task Time Segment = 10Mins
96. * ITU Cybersecurity Strategy *
“3-Day Workshop Overview”
S1- Mon: 9:30-11:00
“The Cybersecurity
S2-Mon: 11:30-13:00
“The Need for Action!”
S3 - Mon:14:00-15:30
Group Session:
“Developing the
S4 - Mon:16:00-17:30
Group Session:
“Group Discussion:“The Cybersecurity
Challenge!...”
“The Need for Action!” “Developing the
National Cybersecurity
Action Plans”
“Group Discussion:
National Cybersecurity
Action Plans”
S5- Tues: 9:30-11:00
ITU Cyber Agenda: 1
“Cybercrime and
Legislation”
S6-Tues: 11:30-13:00
ITU Cyber Agenda: 2
“Technological Risks
and Solutions”
S7 -Tues:14:00-15:30
Group Session:
“Developing the
National Legislation and
Regulations”
S8 -Tues:16:00-17:30
Group Session:
“Group Discussion:
National Legislation
and Regulations”
S9- Wed: 9:30-11:00 S10-Wed:11:30-13:00 S11-Wed:14:00-15:30 S12-Wed:16:00-17:30
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
96
S9- Wed: 9:30-11:00
ITU Cyber Agenda: 3
“Operational Risks
and Organisational
Structures”
S10-Wed:11:30-13:00
ITU Cyber Agenda: 4&5
“Capacity Building
and Collaboration”
S11-Wed:14:00-15:30
Group Session:
“Working on the
Jamaican Cybersecurity
Plans & Roadmap”
S12-Wed:16:00-17:30
Group Session:
“The Jamaican
Cybersecurity Action
Plans & Roadmap”
97. * Workshop Session 5 *
The Global Cybersecurity Agenda:
…Cybercrime & Legislation
1 – Definition and Scope 2 – Dimensions of Cybercrime 3 – Cybercrimes against CIIP1 – Definition and Scope 2 – Dimensions of Cybercrime 3 – Cybercrimes against CIIP
4 – National Cybercrime Laws 5 – UK Cyber Legislation 6 – National Cyber Strategies
7 – ITU Cybercrime Toolkit 8 – Digital Forensics 9 – Legislation for Jamaica
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
97
7 – ITU Cybercrime Toolkit 8 – Digital Forensics 9 – Legislation for Jamaica
98. * Workshop Session 5 *
The Global Cybersecurity Agenda:
…Cybercrime & Legislation
1 – Definition and Scope 2 – Dimensions of Cybercrime 3 – Cybercrimes against CIIP1 – Definition and Scope 2 – Dimensions of Cybercrime 3 – Cybercrimes against CIIP
4 – National Cybercrime Laws 5 – UK Cyber Legislation 6 – National Cyber Strategies
7 – ITU Cybercrime Toolkit 8 – Digital Forensics 9 – Legislation for Jamaica
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
98
7 – ITU Cybercrime Toolkit 8 – Digital Forensics 9 – Legislation for Jamaica
99. Cybercrime & Legislation:
- Definition & Scope -
Cybercrime: Criminal activities that specifically target a computer or
network for malicious damage, infiltration, extortion, theft & fraud.
Cyberterrorism: Used for those cybercriminal acts that are deliberately
targeted to create large-scale disruption of critical information instructure
such as government, banking, energy & telecommunications networks
Cyberattacks: Typical terms used to designate cyberattacks include:
spamming, phishing, spoofing, pharming, denial of service, trojans,
viruses, worms, malware, spyware and botnets.
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
99
Upgraded National Laws & Regulations are required to enable the civil & military
enforcement agencies to investigate & prosecute cybercriminal & cyberterrorist
activities that are illegal & disruptive against citizens, businesses and the state.
100. ITU Toolkit for Cybercrime
Legislation : February 2010
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
100
101. * Workshop Session 5 *
The Global Cybersecurity Agenda:
…Cybercrime & Legislation
1 – Definition and Scope 2 – Dimensions of Cybercrime 3 – Cybercrimes against CIIP1 – Definition and Scope 2 – Dimensions of Cybercrime 3 – Cybercrimes against CIIP
4 – National Cybercrime Laws 5 – UK Cyber Legislation 6 – National Cyber Strategies
7 – ITU Cybercrime Toolkit 8 – Digital Forensics 9 – Legislation for Jamaica
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
101
7 – ITU Cybercrime Toolkit 8 – Digital Forensics 9 – Legislation for Jamaica
102. Dimensions of Cybercrime
Cybercrimes & Cyberterrorism cover many dimensions of
illegal cyber activity including:
Unauthorised Access to Computers and Networks
Malicious Interference and Disruption of Systems
Distribution and Remote Management of Malware
Digital Forgery, Fraud, Gaming Scams and Financial Extortion
Theft of Information, Databases, Documents & related materials
Interception of wireless, mobile & wired network communications
Theft of personal identities (IDs), as well as RFID & Access Devices
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
Distributed Denial of Service Attacks using Global “Botnets”
Defacement & Manipulation of Websites, Databases & Documents
102
103. ITU Guide on Cybercrime: 2009
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
103
104. Multi-Country Involvement in CyberAttacks
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
104
105. Independence of Location and
Presence at the Crime Site
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
105
106. Distributed Denial of Service (DDoS)
using Spam Mail and “Botnets”
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
106
107. Malicious Activity by Country
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
107
108. Cybercrime : Identity Theft
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
108
109. Top Categories of Spam Mail
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
109
110. Growth of Malicious Codes: 2002 - 2009
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
110
111. Comparison of Malicious Codes
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
111
112. Phishing Attacks by Sector
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
112
113. Threats to Confidential Information
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
113
114. Cybercriminal On-Line Services
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
114
115. Secret Exchange of Criminal
Information using Pixel Coding
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
115
116. * Workshop Session 5 *
The Global Cybersecurity Agenda:
…Cybercrime & Legislation
1 – Definition and Scope 2 – Dimensions of Cybercrime 3 – Cybercrimes against CIIP1 – Definition and Scope 2 – Dimensions of Cybercrime 3 – Cybercrimes against CIIP
4 – National Cybercrime Laws 5 – UK Cyber Legislation 6 – National Cyber Strategies
7 – ITU Cybercrime Toolkit 8 – Digital Forensics 9 – Legislation for Jamaica
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
116
7 – ITU Cybercrime Toolkit 8 – Digital Forensics 9 – Legislation for Jamaica
117. CyberCrimes against Critical Sectors
Government:
Theft of secret intelligence, manipulation of documents, and illegal
access to confidential citizen databases & national records
Banking/Finance:Banking/Finance:
Denial of Service attacks against clearing bank network, phishing
attacks against bank account & credit cards, money laundering
Telecomms/Mobile:
Interception of wired & wireless communications, and penetration
of secure government & military communications networks
Travel/Tourism:
Cyberterrorism against airports, hotels and resorts, malicious
penetration of on-line booking & reservations networks
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
penetration of on-line booking & reservations networks
Energy/Water:
Manipulation and disruption of the national energy grid & water
utilities through interference of the process control network
117
118. * Workshop Session 5 *
The Global Cybersecurity Agenda:
…Cybercrime & Legislation
1 – Definition and Scope 2 – Dimensions of Cybercrime 3 – Cybercrimes against CIIP1 – Definition and Scope 2 – Dimensions of Cybercrime 3 – Cybercrimes against CIIP
4 – National Cybercrime Laws 5 – UK Cyber Legislation 6 – National Cyber Strategies
7 – ITU Cybercrime Toolkit 8 – Digital Forensics 9 – Legislation for Jamaica
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
118
7 – ITU Cybercrime Toolkit 8 – Digital Forensics 9 – Legislation for Jamaica
119. National Cybercrime Legislation
UK : The UK Government now has a comprehensive set of
upgraded laws that provide security in cyberspace
We’ll discuss these laws & the UK Cyberstrategy as an example of “bestWe’ll discuss these laws & the UK Cyberstrategy as an example of “best
practice” for the deployment of cyber legislation & regulations
EU: The Council of Europe established one of the first
international treaties to address Computer & Internet Crime
We’ll discuss the CoE Convention on Cybercrime (CETS No 185)
ITU: The ITU assembled a global team of legal & cybersecurity
experts to advise and to develop an in-depth legal toolkit
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
experts to advise and to develop an in-depth legal toolkit
We’ll provide an overview and analysis of the ITU Cybercrime Toolkit, and work
together today on group tasks related to Cyber Legislation for Jamaica
119
120. Jamaica: Cyber Crimes Act - 2009
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
120
121. Jamaica Cyber Crimes Act - 2009
Cyber Crime a Serious Problem - PM
by Jamaica Information service
Posted: Feb 12, 2010 19:37 UTC
KINGSTON (JIS) - Prime Minister, Hon. Bruce Golding, says that cyber crime has become a serious problem in
Jamaica, which has to be addressed.Jamaica, which has to be addressed.
"We are particularly familiar with the lotto scam in Montego Bay. It is not just the crime and the fraud that is
committed, it is the murder to which it gives rise," Mr. Golding stated as he piloted the Cyber Crimes Act in the
House of Representatives on Wednesday (February 10).
The legislation imposes criminal sanctions on the misuse of computer systems or data. Offences covered include:
intentional unauthorised access to computer data; access to computer programmes or data with intent to commit
any offence; intentional unauthorised modification of a computer programme or data; unauthorised interception of
computer function or service; willful unauthorised obstruction of the operation of a computer or denial of access to
a computer programme or data; and unlawfully making available, devices or data for the commission of any of the
above offences.
The Bill also makes consequential amendments to the Interception of Communications Act, the Mutual Assistance
(Criminal Matters) Act, and the Proceeds of Crime Act.
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
According to the Prime Minister, the legislation is "really just catching up with innovation and technology," which
has now become an essential way of life.
He said that more consumers are carrying out business transactions via the Internet and in the United States
alone the value of e-commerce sales for 2009 was almost US$100 billion.
121
122. Jamaican Cyber Crime Act
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
122
123. Jamaica: Copyright Legislation
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
123
124. Jamaican Intellectual Property Office : JIPO
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
124
125. * Workshop Session 5 *
The Global Cybersecurity Agenda:
…Cybercrime & Legislation
1 – Definition and Scope 2 – Dimensions of Cybercrime 3 – Cybercrimes against CIIP1 – Definition and Scope 2 – Dimensions of Cybercrime 3 – Cybercrimes against CIIP
4 – National Cybercrime Laws 5 – UK Cyber Legislation 6 – National Cyber Strategies
7 – ITU Cybercrime Toolkit 8 – Digital Forensics 9 – Legislation for Jamaica
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
125
7 – ITU Cybercrime Toolkit 8 – Digital Forensics 9 – Legislation for Jamaica
126. UK CYBERCRIME LEGISLATION
1. The Official Secrets Acts - 1911 to 1989
2. The Public Records Acts - 1958 to 1967
3. The Data Protection Act - 1998
4. The Freedom of Information Act - 2000
5. The Human Rights Act - 1998
UK Cybercrime Legislation
5. The Human Rights Act - 1998
6. The Computer Misuse Act 1990
7. The Copyright Designs and Patents Act 1988
8. The Civil Evidence Act 1968
9. The Police and Criminal Evidence Act 1984
10. The Wireless Telegraphy Act 1949 - 2006
11. The Communications Act 2003
12. The Regulation of Investigatory Powers Act 2000 (RIPA)
13. The Telecommunications Regulations 2000 (Interception)
14. The Civil Contingencies Act 2004
15. The Anti-Terrorism, Crime and Security Act 2001
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
15. The Anti-Terrorism, Crime and Security Act 2001
16. The Forgery and Counterfeiting Act 1981
17. The Fraud Act 2006
18. Police Justice Act 2006
19. The Theft Act - 1978 to 1996
20. The Cybersecurity Strategy - Cabinet Office - June 2009
126
127. 1. UK Official Secrets Acts 1911 to 1989
Official Secrets Acts 1911 to 1989
Unauthorised Disclosure of Official Information
Under the Official Secrets Act 1989, it is an offence for a Crown
servant or government contractor to disclose official information inservant or government contractor to disclose official information in
any of the protected categories if the disclosure is made without
lawful authority and is damaging to the national interest. It is also an
offence if a member of the public, or any other person who is not a
Crown servant or government contractor under the Act, has in his or
her possession, official information in one of the protected categories,
and the information has been disclosed without lawful authority, or
entrusted by a Crown servant or government contractor on terms
requiring it to be held in confidence.
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
Cybersecurity Relevance: Covers all electronic communications,
documents and media whatever format.
127
128. 2. UK Official Disclosure Public
Records Acts 1958 and 1967
2. Official Disclosure Public Records Acts 1958 and 1967
The law on public records is set out in the Public Records Acts of 1958
and 1967. Public records are defined as “administrative andand 1967. Public records are defined as “administrative and
departmental records belonging to Her Majesty’s Government,
whether in the United Kingdom or elsewhere”. The Public Records Act
of 1958 places a responsibility on all government departments to
review the records which are produced within the department, to
choose those which are worthy of permanent preservation and
transfer them to the Public Records Office (PRO), and to destroy all
records which are not selected. The 1967 Act stipulates that all
surviving public records should normally be released to the public 30
years after their creation.
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
years after their creation.
Cybersecurity Relevance: Now applies to all electronic
communications and media
128
129. 3. UK Data Protection Act 1998
3. Data Protection Act 1998
This Act provides a right of access by living individuals to personal data
held about them by any person, subject to any exemption which may
apply. It also imposes responsibilities on those who process personalapply. It also imposes responsibilities on those who process personal
data. The Act requires compliance with eight data protection principles,
one of which is ensuring that adequate security is employed when
processing personal data.
The Act also requires those persons who hold personal data to register
that fact with the Information Commissioner together with a description
of the purpose of processing, data class (the information processed), its
sources & the recipients (persons to whom it may be disclosed).
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
- Cybersecurity Relevance: Particularly relevant to all on-line
databases, personal information collected by companies, websites, call
centres for whatever purposes & in any electronic or physical format
129
130. 4. UK Freedom of Information Act 2000
4. Freedom of Information Act 2000
The Freedom of Information Act 2000 relates to the publication and
disclosure of information held by public authorities. It gives adisclosure of information held by public authorities. It gives a
statutory right of access to information, which entitles any person to
be told on request, subject to certain exemptions, whether the
Department holds particular information (the duty to confirm or deny)
and, assuming that it does, to have that information communicated to
them within 20 working days. The Act also requires all public
authorities to maintain a Publication Scheme and to release
information proactively and keep the scheme under review.
Cybersecurity Relevance: Provides the Public with rights to access
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
Cybersecurity Relevance: Provides the Public with rights to access
most on-line personal electronic media
130
131. 5. UK Human Rights Act 1998
5. Human Rights Act 1998
This Act, which brings the European Convention on Human RightsThis Act, which brings the European Convention on Human Rights
(ECHR) in UK domestic law, provides every person in the UK certain
human rights and fundamental freedoms including the right to privacy
and freedom of expression, subject to a number of exceptions. The
extent of these rights, including an individual’s right to privacy and
freedom of expression, has been tested in the European Court of
Human Rights and in UK courts by several cases
- Cybersecurity Relevance: Provides for personal right to privacy and
freedom of expression
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
freedom of expression
131
132. 6. Communications and Information Systems
Computer Misuse Act 1990 – (CMA)
6. Communications and Information Systems Computer
Misuse Act 1990 – (CMA)
This deals with the rights of computer owners against theThis deals with the rights of computer owners against the
unauthorised use of a computer by any party, making offences of
attempted or actual penetration or subversion of computer systems.
Under the terms of Section 3 of the Computer Misuse Act it is a
criminal offence to introduce unauthorised software into a computer
system with the intention of impairing the operation of the computer
system or the integrity of any data or program stored within the
computer system. Updated through the Police and Justice Act (2006)
- Cybersecurity Relevance: This is a key act that makes it illegal to
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
- Cybersecurity Relevance: This is a key act that makes it illegal to
penetrate or hack computer systems, as well as to install malicious
codes, “bots”, trojans or any other unauthorized software or device.
132
133. 7. UK Copyright (Computer Programs)
Designs & Patents Regulations-1988
7. Copyright (Computer Programs) Regulations – Copyright
Designs and Patents Act-1988
Infringement and copying of Computer Software is governed by the CopyrightInfringement and copying of Computer Software is governed by the Copyright
Designs and Patents Act 1988. Individuals and users should be aware that
copyright infringements are not exclusively a matter of civil actions for damages
by a copyright owner. The criminal penalties for infringing computer software
copyright may include heavy fines, imprisonment (for up to 2 years) and the
forfeiture of infringing copies and articles for making them. The Director or CEO
of an organisation may also be subject to prosecution for permitting the illegal
copying of software or its use within the area of their responsibility.
- Cybersecurity Relevance: Copying software and other media is relatively easy
on-line, but is established as being illegal under the copyright act. Legislation is
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
on-line, but is established as being illegal under the copyright act. Legislation is
also applicable for music, videos, DVDs, books and all other forms of copyright
or patented materials accessible or downloadable on-line.
133
134. 8. UK Civil Evidence Act 1968
8. Civil Evidence Act 1968
Provides the basis for the use of computer-based evidence in Civil
Proceedings
- Cybersecurity Relevance: The prosecution of civil cases may require
the collection of electronic materials such as emails, phone records,
log files, text messages, & digital photos.
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
134
135. 9. UK Police and Criminal Evidence Act 1984
9. Police and Criminal Evidence Act 1984
Provides the basis for the use of computer-based evidence in CriminalProvides the basis for the use of computer-based evidence in Criminal
Proceedings
- Cybersecurity Relevance: The prosecution of criminal cases may
require the collection of electronic materials such as emails, phone
records, log files, text messages, & digital photos.
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
135
136. 10. UK Wireless Telegraphy Act 1949 & 2006
10. Wireless Telegraphy Act 1949 and 2006
This prohibits the unauthorised use of wireless telegraphy apparatusThis prohibits the unauthorised use of wireless telegraphy apparatus
for the transmission or reception and subsequent disclosure of
communications.
- Cybersecurity Relevance: This act has several applications including
it being illegal to penetrate wireless communications networks, and to
then use or disclose this information to 3rd parties. In principle this
could be used in relation to Wi-Fi, Wi-Max networks or any other form
of radio, wireless or satellite transmission.
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
136
137. 11. UK The Communications Act 2003
11. The Communications Act 2003
This massive integrated Act (over 600 pages) largely repeals theThis massive integrated Act (over 600 pages) largely repeals the
provisions of earlier communications Acts, e.g. Telecommunications
Act 1984, and confers functions on the Office of Communications
(OFCOM) and makes provision about the regulation of the provision of
electronic communications network and services and the use of the
electronic spectrum.
Cybersecurity Relevance: This is one of the cornerstones of modern
UK Legislation relating to electronic communications including the
Internet, Broadcast and Telecommunications
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
Internet, Broadcast and Telecommunications
137
138. 12. Regulation of Investigatory
Powers Act 2000 (RIPA)
12. Regulation of Investigatory Powers Act 2000 (RIPA)
This is a piece of permissive legislation allowing for the interception ofThis is a piece of permissive legislation allowing for the interception of
communications, the carrying out of surveillance, and the running of
covert human intelligence sources in certain limited circumstances. In
relation to the interception of communications, authorisation can only
be given by the Secretary of State, and in relation to surveillance and
source handling activities authorisation must be given senior official
level. The Act also confers on the Secretary of State the power to
make orders, regulations or rules under various provisions of the Act.
RIPA does not prohibit the interception of communications where all
parties have consented to the interception (see also next slide).
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
Cybersecurity Relevance: Criminal actions in cyberspace require the
investigation of traffic flows, data centres and in-depth surveillance of
targeted electronic facilities, infrastructure and assets
138
139. 13. The Telecommunications (Interception
of Communications) Regulations 2000
13. The Telecommunications Regulations 2000
(Interception of Communications)
These Regulations authorise certain interceptions of telecommunication
communications which would otherwise be prohibited by section 1 of the
Regulation of Investigatory Powers Act 2000. The interception has to be by
or with the consent of a person carrying on a business for purposes
relevant to that person's business and using that business's own
telecommunication system. Interceptions are authorised only if the
controller of the telecommunications system on which they are affected has
made all reasonable efforts to inform potential users that interceptions may
be made.
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
be made.
Cybersecurity Relevance: This extends the right for inception & surveillance
to collect electronic evidence in the cases that RIPA is not applicable
139
140. 14. The UK Civil Contingencies Act (2004)
14. The Civil Contingencies Act (2004)
The Civil Contingencies Act, and accompanying non-legislative measures,
delivers a single framework for civil protection in the UK. The act is separated
into two parts: local arrangements for civil protection (Part1) and emergency
powers (Part2). Part 1 of the Act and supporting Regulations and statutorypowers (Part2). Part 1 of the Act and supporting Regulations and statutory
guidance establish a clear set of roles and responsibilities for those involved in
emergency preparation and response at the local level. The Act divides local
responders into two categories, imposing a difference set of duties on each.
Those in Category 1 are those organisations at the core of the response to most
emergencies and are subject to the full set of civil protection duties, part of
which, is to put in place Business Continuity Management arrangements.
- Cybersecurity Relevance: This concerns the responsibilities civil protection,
including business continuity planning and disaster recovery in the event of
large-scale crisis and emergency for whatever means. Clearly this will involve
ITU Centres of Excellence Network for the Caribbean Region
Developing a National and Organizational Cybersecurity Strategy
13-15 September, Kingston, Jamaica
large-scale crisis and emergency for whatever means. Clearly this will involve
substantial investment to secure Central Government and Regional cyber
infrastructure to ensure no single-points of failure, and to ensure rapid recovery
following cyberattacks and on-line threats.
140