SlideShare a Scribd company logo

Mind the gap : Is Norway Security Enough in Cyber Space

S
Stewart Kowalski

Presented at the Oslo Polytenisk-forening . "Cybersikkerhet-implikasjoner for samfunnet og demokratiet: Er vår nasjonale sikkerhet trutet. Cyber Security its implications for the Norwegian Society

Education
1 of 45
Download to read offline
Mind the Gap Stewart Kowalski (stewart.kowalski@ntnu.no) Department of Information Security and Communication Technology «Vær oppmerksom på avstanden mellom de og den «Norsk» digital plattforms»
2 Overview • A socio-technical security perspective of the “cyber” security situations for individuals, organization, nations and societies. • Some of the on going work at NTNU-Gjøvik to frame the discussion to help create adequate and fit for purpose cyber security for Norway, the Nordics countires and beyond.
Information Security and Privacy Management Cyber DefenceCritical Infrastructure Security and Resilience e-Health and Welfare Security 3 NTNU Digital Forensics Group Norwegian Biometrics Laboratory Centre for Cyber and Information SecurityCCIS
Institutt for informasjonssikkerhet og kommunikasjonsteknologi (IIK) ● 80 ansatte i Gjøvik og Trondheim ● Forskningslaboratorier innen avhengighet og ytelse, biometri, cyberforsvar, forensics, intelligente transportsystemer, internet of things, informasjonssikkerhetsledelse, kritisk infrastruktur, kryptografi, skadevare, e-helse og velferd ● 1 bachelor- (60), 2 master- (60+20), 1 siv.ing- (45) (45) og 2 PhD-utdanninger ● Forskningsprosjekter: EU H2020 (5), EU FP7 (4), EU Cost (1), EDA (1), NFR FME (1), NFR IKT+ (4), NFR ENERGIX (1), NFR BIA (2), NFR Forskerskole (1), NFR NæringsPhD (1), RFF (4) Omfang ca 40 MNOK (45% budsjettet) ● Vertsinstitutt for NTNUs Center for Cyber and Information Security ● Akademiske konferanser, Cyber symposiet, SikkertNOK, Sikkerhetstoppmøtet
Cyberforsvaret Telenor Eidsiva Eidsiva Bredbånd IKOMM Combitech AS Høgskolen i Innlandet Evry Buypass Helsenødnettsdriftsorganis asjon NorSIS NTNU Sivilforsvaret Starum Nammo Norsk Tipping Innlandet Politidistrikt Geno
Cyber Security Skill Shortage “A 2015 report from Cisco puts the global figure at one million cybersecurity job openings. Demand is expected to rise to 6 million globally by 2019, with a projected shortfall of 1.5 million, says Michael Brown, CEO at Symantec, the world’s largest security software vendor.” https://www.forbes.com/sites/stevemorgan/2016/01/02/one- million-cybersecurity-job-openings-in-2016/#764a33b27ea2 https://www.cisco.com/c/dam/en/us/products/collateral/security/cybersecurity-talent.pdf Demand & Education Output 2000 Demand OutputGap 2019
https://www.cio.com/article/3060813/it-skills-training/top-u-s-universities-failing-at-cybersecurity-education.html
The Problem (Technological Determinism vs Socio-Constructivism) https://www.youtube.com/watch?v=uOrG6jfBzEU The School of Athens
The Problem: Learning how to think about secure computers and technology land earning how to work with computers and technology https://oldplay.dsv.su.se/hypercaster/3762/width=640/height=360/link.js Teach them to coding and encryption first. Teach them to think about secure systems first.
All the world “including Norway “!) is made of faith, trust and pixie dust by either well educated or poorly educated socio-technical systems designers
Demand & Education Output Demand OutputGap 2019 ?
PROBLEM 1 “IKT” research funding development, adoption and implementation is driven to a large extent by “hype” and security issue and other constraints are neither thought about or taught correctly!
EXAMPLE GARTNERS SECURITY HYPE CURVES 2003
PROBLEM 1 research and development, adoption and implementation is driven to a large extent by “hype” and security issue and other constraints are neither thought about or taught correctly! Do you want to buy a parachute? What ??????? We need to make this thing a light as possiblle!
PROBLEM 1 ICT research and development, adoption and implementation is driven to a large extent by “hype” and security issue and other constraints are neither thought about or taught correctly correctly! http://ca.news.yahoo.com/blogs/good-news/airplane-recovery-parachute-saves-three- lives-connecticut-crash-171749029.html
PROBLEM 1 Computer and Media Technology research and development, adoption and implementation is driven to a large extent by “hype” and security issue and other constraints are neither thought about or taught correctly correctly!
Kunnskap for en bedre verden Information system components: ● Data and information ● Software, applications, services ● Hardware, network, infrastructure ● Humans, users, management ● Organisation, society Federal Research and Development Strategic Plan
!The Problem! There is always a Security GAP (social-technical and socio-technical with new technology !
Why Do We Model Some like to undestand what they believe in. Others like to believe in what they understand. (Stainslaw Jerzy Lec) Which one are you? Niave Mental Models ”engineering vs science”
“You continually need to learn to mange yourself and your organization or society efficient and effectively with incentives and disincentive or you will end up being managed by your enemies or near friends. “ The Information Security Management Group researches and teaches critical thinking in, theoretical, empirical, applied and clinical methods and techniques to model, measure, manage i.e. govern information security management system’s strengths (security, privacy) and weaknesses (Risk) at the individual, organization and nation levels. Information Security Management and Privacy Group (ISMG) ! Manage or be Managed !
The Socio Technical Systems Approach (PAST) • Eric Trist and Ken Bamforth etc – 1950 – Coal mine – Three levels • primary work system • the whole organization • macro-social phenomena Interesting Link but bad sound https://www.youtube.com/watch?v=O Uqtmo8vmz0 Interesting Link 25 minutes https://www.youtube.com/watch?v=O Uqtmo8vmz0
26 Risk Normal form a Socio-Techincal (View)
Socio-Techinical Analysis 1989 USA
IMIT 4115 IT Rhetoric for Seucurity and Risk Managment Stewart Kowalski Ph.D Professor Information Security 28 stewart.kowalski@ntnu.no
29 SikkertNOK på NTNU Campus Gjøvik. oktober 2016. Pizza and Panic: 16:00-18:30 The Annual Information Security Management and Privacy Group Cyber Security Ghost Story and Question Competition .
Challenge: To Be or Not to be a Security Enough in Cyber Space Viking name of the city of York (Jórvík) http://languagehat.com/atlas-of-true-names/http://study.com/academy/lesson/alas-poor-yorick-quotes-meaning-lesson-quiz.html Fake news Alert not verified but fun!
31 The Challenge Your task is to tell your fellow cyber-citizens', a story about a information or cyber security incident that will get them to stop, be scared, think socio-technical system security and change your fellow cyber citizen to Act, feel, and know how to be good citizen in cyber space! Ref 2 Ref2
32 5th Place Jórvík beats Oxford and West Point https://www.youtube.com/watch?v=O-Q-dRw7ngU&feature=youtu.be Bridge the Gap
33 SikkertNOK på NTNU Campus Gjøvik. XX oktober 2018. Pizza and Panic: 16:00-18:30 The Annual Information Security Management and Privacy Group Delta 2 Debate and Question Competition .
ο από μηχανής Θεός ή διάβολος A Rhetoric's Game: Cyber security by Debate A Delta2 Debate on “ “Digital Drivers Licenses” for Norway” Moderator: Mariusz Nowostawski (NTNU) SikkertNOK 2017 . ὁ δὲ ἀνεξέταστος βίος οὐ βιωτὸς ἀνθρώπῳ
Why are we here ? Add value to your education An Apology ? ὁ δὲ ἀνεξέταστος βίος οὐ βιωτὸς ἀνθρώπῳ “The unexamined life is not worth living” and it might not be worth securing in cyber space.
• In the Cyberworld, cyber security like ”fake news” is a consumable good. • Definition of: consumable good1 A material that is used up and needs continuous replenishment, such as paper and toner. "The low-tech end of the high-tech field!“ 1 http://www.pcmag.com/encyclopedia_term/0,2542,t=consumable&i=40253,00.asp https://Apple or Banna Debate
Goals of a Delat 2 Debate • Cyber Security like any other consumable good has to be marketed, maintained and managed. • The goal of these debate is explore how we can collectively market, maintain, and manage the socio-technical systems we call cyber space to be secure “enough”. • Move from using FUD Fear Uncertainty and Doubt • To RUD =Reason Uncertaintiy and Doubt
Delta 2 Debate Format • Flip a coin to decide who will be For/Against the motion (Simon/Stewart) • Audience votes (For, Against Undecided, No at Relevant motion” • For 3 minutes • Against 3 minutes • 2.33 Minutes Reflection – https://Music of the inner spheres • For cross examination 5 minutes • Against cross examination 5 minutes Against 1 Minutes Summary • 2.00 Minutes Reflection – https://Music of the inner spheres • Against 1 minutes Closing • For 1 minute Closing • Audience votes (For, Against Undersided, No at Relevant motion” 3 8
Motion Norway should enact a cyber space regulation that requires citizens to pass a digital driver licences test which both indicates that their have the necessary security competence to operate in the Norwegian .no domain and their digital identity .
Is Cyber Security in Norway still a public good? Public Phone Gone Possible 2018 Delta 2 Debate
!Problem!
!Do we have a cyber – academic – Industrial complex in Norway ! In the councils of government, we must guard against the acquisition of unwarranted influence, whether sought or unsought, by the military industrial complex. The potential for the disastrous rise of misplaced power exists and will persist. 1:37 https://www.youtube.com/watch?v=8y06NSBBRtY
43 Overview • A socio-technical security perspective of the “cyber” security situations for individuals, organization, nations and societies. • Some of the on going work at NTNU-Gjøvik to frame the discussion to help create adequate and fit for purpose cyber security for Norway, the Nordics and beyond.
S.KowalskiTheSBCModelasaConceptualFrameworkfor ReportingITCrimes,ProceedingsoftheIFIPTC9/WG9.6 WorkingConferenceonSecurityandControlofInformation TechnologyinSociety(1993) ● Cybersikkerhet går langt ut over teknologi og samband ● Forstå konsekvensene av mulige hendelsene for et individ, en virksomhet og en nasjon ● 100% sikkerhet er ikke oppnåelig, vi må evne å akseptere et risikonivå Trenger kunnskap, ferdigheter og kompetanse innen teknologi, organisasjon og ledelse.
Time Leanr to do Learn to think 1976 2009 THE Gap THE GAP needs to be filled with Socio-Technical Debate Debate Socio- Technical DEBATE Questions

Recommended

Implementing ‘Namebers’ Using Microchip Implants: The Black Box Beneath The Skin
Implementing ‘Namebers’ Using Microchip Implants: The Black Box Beneath The SkinImplementing ‘Namebers’ Using Microchip Implants: The Black Box Beneath The Skin
Implementing ‘Namebers’ Using Microchip Implants: The Black Box Beneath The SkinFoCAS Initiative
 
The Consequences of Living and Breathing with Hyperconnectedness
The Consequences of Living and Breathing with HyperconnectednessThe Consequences of Living and Breathing with Hyperconnectedness
The Consequences of Living and Breathing with HyperconnectednessFoCAS Initiative
 
Be Vigilant: There Are Limits to Veillance
Be Vigilant: There Are Limits to VeillanceBe Vigilant: There Are Limits to Veillance
Be Vigilant: There Are Limits to VeillanceFoCAS Initiative
 
Intimate technology - the battle for our body and behaviour
Intimate technology - the battle for our body and behaviourIntimate technology - the battle for our body and behaviour
Intimate technology - the battle for our body and behaviourKarlos Svoboda
 
Neural devices will change humankind
Neural devices will change humankindNeural devices will change humankind
Neural devices will change humankindKarlos Svoboda
 
Internet of Things and Artificial Intelligence
Internet of Things and Artificial IntelligenceInternet of Things and Artificial Intelligence
Internet of Things and Artificial IntelligenceIrem Gokce Aydin
 
When AI becomes a data-driven machine, and digital is everywhere!
When AI becomes a data-driven machine, and digital is everywhere!When AI becomes a data-driven machine, and digital is everywhere!
When AI becomes a data-driven machine, and digital is everywhere!Thammasat University, Musashino University
 
Responsible use of ict brief project report - feb 2011
Responsible use of ict brief project report - feb 2011Responsible use of ict brief project report - feb 2011
Responsible use of ict brief project report - feb 2011Mel Tan
 

Recommended

Implementing ‘Namebers’ Using Microchip Implants: The Black Box Beneath The Skin
Implementing ‘Namebers’ Using Microchip Implants: The Black Box Beneath The SkinImplementing ‘Namebers’ Using Microchip Implants: The Black Box Beneath The Skin
Implementing ‘Namebers’ Using Microchip Implants: The Black Box Beneath The SkinFoCAS Initiative
 
The Consequences of Living and Breathing with Hyperconnectedness
The Consequences of Living and Breathing with HyperconnectednessThe Consequences of Living and Breathing with Hyperconnectedness
The Consequences of Living and Breathing with HyperconnectednessFoCAS Initiative
 
Be Vigilant: There Are Limits to Veillance
Be Vigilant: There Are Limits to VeillanceBe Vigilant: There Are Limits to Veillance
Be Vigilant: There Are Limits to VeillanceFoCAS Initiative
 
Intimate technology - the battle for our body and behaviour
Intimate technology - the battle for our body and behaviourIntimate technology - the battle for our body and behaviour
Intimate technology - the battle for our body and behaviourKarlos Svoboda
 
Neural devices will change humankind
Neural devices will change humankindNeural devices will change humankind
Neural devices will change humankindKarlos Svoboda
 
Internet of Things and Artificial Intelligence
Internet of Things and Artificial IntelligenceInternet of Things and Artificial Intelligence
Internet of Things and Artificial IntelligenceIrem Gokce Aydin
 
When AI becomes a data-driven machine, and digital is everywhere!
When AI becomes a data-driven machine, and digital is everywhere!When AI becomes a data-driven machine, and digital is everywhere!
When AI becomes a data-driven machine, and digital is everywhere!Thammasat University, Musashino University
 
Responsible use of ict brief project report - feb 2011
Responsible use of ict brief project report - feb 2011Responsible use of ict brief project report - feb 2011
Responsible use of ict brief project report - feb 2011Mel Tan
 
מצגת של פרופ' ניב אחיטוב בסמינר בי"ס לחינוך
מצגת של פרופ' ניב אחיטוב בסמינר בי"ס לחינוךמצגת של פרופ' ניב אחיטוב בסמינר בי"ס לחינוך
מצגת של פרופ' ניב אחיטוב בסמינר בי"ס לחינוךgkurtz
 
20101012 isa larry_clinton
20101012 isa larry_clinton20101012 isa larry_clinton
20101012 isa larry_clintonCIONET
 
20101012 CIOnet Cyber Security Final Results
20101012 CIOnet Cyber Security Final Results20101012 CIOnet Cyber Security Final Results
20101012 CIOnet Cyber Security Final ResultsCIONET
 
Role play - The internet of things - Nanotechnology
Role play - The internet of things - NanotechnologyRole play - The internet of things - Nanotechnology
Role play - The internet of things - NanotechnologyNANOYOU
 
Usable security- It isn't secure if people can't use it. O-ISC conference 14m...
Usable security- It isn't secure if people can't use it. O-ISC conference 14m...Usable security- It isn't secure if people can't use it. O-ISC conference 14m...
Usable security- It isn't secure if people can't use it. O-ISC conference 14m...Darren Kall
 
What will the world be like 50 years 20 (1)
What will the world be like 50 years 20 (1)What will the world be like 50 years 20 (1)
What will the world be like 50 years 20 (1)nitut1
 
Research Agenda in Security Research
Research Agenda in Security ResearchResearch Agenda in Security Research
Research Agenda in Security Researchsiswarren
 
Georgios Tselentis
Georgios TselentisGeorgios Tselentis
Georgios TselentisFire Conference 2010
 
Civilian OPSEC in cyberspace
Civilian OPSEC in cyberspaceCivilian OPSEC in cyberspace
Civilian OPSEC in cyberspacezapp0
 
Introducing the Internet of Things: lecture @IULM University
Introducing the Internet of Things: lecture @IULM UniversityIntroducing the Internet of Things: lecture @IULM University
Introducing the Internet of Things: lecture @IULM UniversityLeandro Agro'
 
Def COMMIT Demoboekje V2 LR
Def COMMIT Demoboekje V2 LRDef COMMIT Demoboekje V2 LR
Def COMMIT Demoboekje V2 LRMieke van den Berg
 
Trustworthy Computational Science: A Multi-decade Perspective
Trustworthy Computational Science: A Multi-decade PerspectiveTrustworthy Computational Science: A Multi-decade Perspective
Trustworthy Computational Science: A Multi-decade PerspectiveVon Welch
 
Cybersecurity and continuous intelligence
Cybersecurity and continuous intelligenceCybersecurity and continuous intelligence
Cybersecurity and continuous intelligenceNISIInstituut
 
New technologies
New technologiesNew technologies
New technologiesChandrakantha11
 
Jdb code biology and ai final
Jdb code biology and ai finalJdb code biology and ai final
Jdb code biology and ai finalJoachim De Beule
 
Cyber security solutions for the energy industry in north america israel ga...
Cyber security solutions for the energy industry in north america israel ga...Cyber security solutions for the energy industry in north america israel ga...
Cyber security solutions for the energy industry in north america israel ga...Israel Galvan Bobadilla
 
Computer ForensicsDiscussion 1Forensics Certifications Ple.docx
Computer ForensicsDiscussion 1Forensics Certifications Ple.docxComputer ForensicsDiscussion 1Forensics Certifications Ple.docx
Computer ForensicsDiscussion 1Forensics Certifications Ple.docxdonnajames55
 
“5th World: Texas Industry Cluster Initiative and 21st-Century Science, Techn...
“5th World: Texas Industry Cluster Initiative and 21st-Century Science, Techn...“5th World: Texas Industry Cluster Initiative and 21st-Century Science, Techn...
“5th World: Texas Industry Cluster Initiative and 21st-Century Science, Techn...Jim "Brodie" Brazell
 
Ti 5thworld
Ti 5thworldTi 5thworld
Ti 5thworldJim "Brodie" Brazell
 
Ti 5thworld
Ti 5thworldTi 5thworld
Ti 5thworldJim "Brodie" Brazell
 
Exploring Leadership in Third Industrial Revolution Teigland
Exploring Leadership in Third Industrial Revolution TeiglandExploring Leadership in Third Industrial Revolution Teigland
Exploring Leadership in Third Industrial Revolution TeiglandRobin Teigland
 
5th world otron
5th world otron5th world otron
5th world otronJim "Brodie" Brazell
 

More Related Content

What's hot

מצגת של פרופ' ניב אחיטוב בסמינר בי"ס לחינוך
מצגת של פרופ' ניב אחיטוב בסמינר בי"ס לחינוךמצגת של פרופ' ניב אחיטוב בסמינר בי"ס לחינוך
מצגת של פרופ' ניב אחיטוב בסמינר בי"ס לחינוךgkurtz
 
20101012 isa larry_clinton
20101012 isa larry_clinton20101012 isa larry_clinton
20101012 isa larry_clintonCIONET
 
20101012 CIOnet Cyber Security Final Results
20101012 CIOnet Cyber Security Final Results20101012 CIOnet Cyber Security Final Results
20101012 CIOnet Cyber Security Final ResultsCIONET
 
Role play - The internet of things - Nanotechnology
Role play - The internet of things - NanotechnologyRole play - The internet of things - Nanotechnology
Role play - The internet of things - NanotechnologyNANOYOU
 
Usable security- It isn't secure if people can't use it. O-ISC conference 14m...
Usable security- It isn't secure if people can't use it. O-ISC conference 14m...Usable security- It isn't secure if people can't use it. O-ISC conference 14m...
Usable security- It isn't secure if people can't use it. O-ISC conference 14m...Darren Kall
 
What will the world be like 50 years 20 (1)
What will the world be like 50 years 20 (1)What will the world be like 50 years 20 (1)
What will the world be like 50 years 20 (1)nitut1
 
Research Agenda in Security Research
Research Agenda in Security ResearchResearch Agenda in Security Research
Research Agenda in Security Researchsiswarren
 

What's hot (7)

מצגת של פרופ' ניב אחיטוב בסמינר בי"ס לחינוך
מצגת של פרופ' ניב אחיטוב בסמינר בי"ס לחינוךמצגת של פרופ' ניב אחיטוב בסמינר בי"ס לחינוך
מצגת של פרופ' ניב אחיטוב בסמינר בי"ס לחינוך
 
20101012 isa larry_clinton
20101012 isa larry_clinton20101012 isa larry_clinton
20101012 isa larry_clinton
 
20101012 CIOnet Cyber Security Final Results
20101012 CIOnet Cyber Security Final Results20101012 CIOnet Cyber Security Final Results
20101012 CIOnet Cyber Security Final Results
 
Role play - The internet of things - Nanotechnology
Role play - The internet of things - NanotechnologyRole play - The internet of things - Nanotechnology
Role play - The internet of things - Nanotechnology
 
Usable security- It isn't secure if people can't use it. O-ISC conference 14m...
Usable security- It isn't secure if people can't use it. O-ISC conference 14m...Usable security- It isn't secure if people can't use it. O-ISC conference 14m...
Usable security- It isn't secure if people can't use it. O-ISC conference 14m...
 
What will the world be like 50 years 20 (1)
What will the world be like 50 years 20 (1)What will the world be like 50 years 20 (1)
What will the world be like 50 years 20 (1)
 
Research Agenda in Security Research
Research Agenda in Security ResearchResearch Agenda in Security Research
Research Agenda in Security Research
 

Similar to Mind the gap : Is Norway Security Enough in Cyber Space

Civilian OPSEC in cyberspace
Civilian OPSEC in cyberspaceCivilian OPSEC in cyberspace
Civilian OPSEC in cyberspacezapp0
 
Introducing the Internet of Things: lecture @IULM University
Introducing the Internet of Things: lecture @IULM UniversityIntroducing the Internet of Things: lecture @IULM University
Introducing the Internet of Things: lecture @IULM UniversityLeandro Agro'
 
Trustworthy Computational Science: A Multi-decade Perspective
Trustworthy Computational Science: A Multi-decade PerspectiveTrustworthy Computational Science: A Multi-decade Perspective
Trustworthy Computational Science: A Multi-decade PerspectiveVon Welch
 
Cybersecurity and continuous intelligence
Cybersecurity and continuous intelligenceCybersecurity and continuous intelligence
Cybersecurity and continuous intelligenceNISIInstituut
 
Jdb code biology and ai final
Jdb code biology and ai finalJdb code biology and ai final
Jdb code biology and ai finalJoachim De Beule
 
Cyber security solutions for the energy industry in north america israel ga...
Cyber security solutions for the energy industry in north america israel ga...Cyber security solutions for the energy industry in north america israel ga...
Cyber security solutions for the energy industry in north america israel ga...Israel Galvan Bobadilla
 
Computer ForensicsDiscussion 1Forensics Certifications Ple.docx
Computer ForensicsDiscussion 1Forensics Certifications Ple.docxComputer ForensicsDiscussion 1Forensics Certifications Ple.docx
Computer ForensicsDiscussion 1Forensics Certifications Ple.docxdonnajames55
 
“5th World: Texas Industry Cluster Initiative and 21st-Century Science, Techn...
“5th World: Texas Industry Cluster Initiative and 21st-Century Science, Techn...“5th World: Texas Industry Cluster Initiative and 21st-Century Science, Techn...
“5th World: Texas Industry Cluster Initiative and 21st-Century Science, Techn...Jim "Brodie" Brazell
 
Exploring Leadership in Third Industrial Revolution Teigland
Exploring Leadership in Third Industrial Revolution TeiglandExploring Leadership in Third Industrial Revolution Teigland
Exploring Leadership in Third Industrial Revolution TeiglandRobin Teigland
 
Testing with Fewer Resources: Toward Adaptive Approaches for Cost-effective ...
Testing with Fewer Resources: Toward Adaptive Approaches for Cost-effective ...Testing with Fewer Resources: Toward Adaptive Approaches for Cost-effective ...
Testing with Fewer Resources: Toward Adaptive Approaches for Cost-effective ...Sebastiano Panichella
 
Testing with Fewer Resources: Toward Adaptive Approaches for Cost-effective ...
Testing with Fewer Resources: Toward Adaptive Approaches for Cost-effective ...Testing with Fewer Resources: Toward Adaptive Approaches for Cost-effective ...
Testing with Fewer Resources: Toward Adaptive Approaches for Cost-effective ...Sebastiano Panichella
 
The Rising Tide Lifts All Boats: The Advancement of Science in Cybersecurity
The Rising Tide Lifts All Boats: The Advancement of Science in Cybersecurity The Rising Tide Lifts All Boats: The Advancement of Science in Cybersecurity
The Rising Tide Lifts All Boats: The Advancement of Science in Cybersecurity laurieannwilliams
 
Cyber Security for the Military and Defence Sector 2013
Cyber Security for the Military and Defence Sector 2013Cyber Security for the Military and Defence Sector 2013
Cyber Security for the Military and Defence Sector 2013Dale Butler
 

Similar to Mind the gap : Is Norway Security Enough in Cyber Space (20)

Georgios Tselentis
Georgios TselentisGeorgios Tselentis
Georgios Tselentis
 
Civilian OPSEC in cyberspace
Civilian OPSEC in cyberspaceCivilian OPSEC in cyberspace
Civilian OPSEC in cyberspace
 
Introducing the Internet of Things: lecture @IULM University
Introducing the Internet of Things: lecture @IULM UniversityIntroducing the Internet of Things: lecture @IULM University
Introducing the Internet of Things: lecture @IULM University
 
Def COMMIT Demoboekje V2 LR
Def COMMIT Demoboekje V2 LRDef COMMIT Demoboekje V2 LR
Def COMMIT Demoboekje V2 LR
 
Trustworthy Computational Science: A Multi-decade Perspective
Trustworthy Computational Science: A Multi-decade PerspectiveTrustworthy Computational Science: A Multi-decade Perspective
Trustworthy Computational Science: A Multi-decade Perspective
 
Cybersecurity and continuous intelligence
Cybersecurity and continuous intelligenceCybersecurity and continuous intelligence
Cybersecurity and continuous intelligence
 
New technologies
New technologiesNew technologies
New technologies
 
Jdb code biology and ai final
Jdb code biology and ai finalJdb code biology and ai final
Jdb code biology and ai final
 
Cyber security solutions for the energy industry in north america israel ga...
Cyber security solutions for the energy industry in north america israel ga...Cyber security solutions for the energy industry in north america israel ga...
Cyber security solutions for the energy industry in north america israel ga...
 
Computer ForensicsDiscussion 1Forensics Certifications Ple.docx
Computer ForensicsDiscussion 1Forensics Certifications Ple.docxComputer ForensicsDiscussion 1Forensics Certifications Ple.docx
Computer ForensicsDiscussion 1Forensics Certifications Ple.docx
 
“5th World: Texas Industry Cluster Initiative and 21st-Century Science, Techn...
“5th World: Texas Industry Cluster Initiative and 21st-Century Science, Techn...“5th World: Texas Industry Cluster Initiative and 21st-Century Science, Techn...
“5th World: Texas Industry Cluster Initiative and 21st-Century Science, Techn...
 
Ti 5thworld
Ti 5thworldTi 5thworld
Ti 5thworld
 
Ti 5thworld
Ti 5thworldTi 5thworld
Ti 5thworld
 
Exploring Leadership in Third Industrial Revolution Teigland
Exploring Leadership in Third Industrial Revolution TeiglandExploring Leadership in Third Industrial Revolution Teigland
Exploring Leadership in Third Industrial Revolution Teigland
 
5th world otron
5th world otron5th world otron
5th world otron
 
Testing with Fewer Resources: Toward Adaptive Approaches for Cost-effective ...
Testing with Fewer Resources: Toward Adaptive Approaches for Cost-effective ...Testing with Fewer Resources: Toward Adaptive Approaches for Cost-effective ...
Testing with Fewer Resources: Toward Adaptive Approaches for Cost-effective ...
 
Testing with Fewer Resources: Toward Adaptive Approaches for Cost-effective ...
Testing with Fewer Resources: Toward Adaptive Approaches for Cost-effective ...Testing with Fewer Resources: Toward Adaptive Approaches for Cost-effective ...
Testing with Fewer Resources: Toward Adaptive Approaches for Cost-effective ...
 
IEEE-SMC-TCHS 2016
IEEE-SMC-TCHS 2016IEEE-SMC-TCHS 2016
IEEE-SMC-TCHS 2016
 
The Rising Tide Lifts All Boats: The Advancement of Science in Cybersecurity
The Rising Tide Lifts All Boats: The Advancement of Science in Cybersecurity The Rising Tide Lifts All Boats: The Advancement of Science in Cybersecurity
The Rising Tide Lifts All Boats: The Advancement of Science in Cybersecurity
 
Cyber Security for the Military and Defence Sector 2013
Cyber Security for the Military and Defence Sector 2013Cyber Security for the Military and Defence Sector 2013
Cyber Security for the Military and Defence Sector 2013
 

Recently uploaded

How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17Celine George
 
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfFraming an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfUjwalaBharambe
 
MARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized GroupMARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized GroupJonathanParaisoCruz
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxiammrhaywood
 
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersDATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersSabitha Banu
 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Celine George
 
Hierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementHierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementmkooblal
 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Celine George
 
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfLike-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfMr Bounab Samir
 
Painted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaPainted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaVirag Sontakke
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...Marc Dusseiller Dusjagr
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxmanuelaromero2013
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTiammrhaywood
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Educationpboyjonauth
 
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfEnzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfSumit Tiwari
 

Recently uploaded (20)

TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17
 
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfFraming an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
 
MARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized GroupMARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized Group
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
 
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersDATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginners
 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17
 
Hierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementHierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of management
 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17
 
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfLike-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
 
Painted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaPainted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of India
 
OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
 
9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Education
 
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
 
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfEnzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
 

Mind the gap : Is Norway Security Enough in Cyber Space

  • 1. Mind the Gap Stewart Kowalski (stewart.kowalski@ntnu.no) Department of Information Security and Communication Technology «Vær oppmerksom på avstanden mellom de og den «Norsk» digital plattforms»
  • 2. 2 Overview • A socio-technical security perspective of the “cyber” security situations for individuals, organization, nations and societies. • Some of the on going work at NTNU-Gjøvik to frame the discussion to help create adequate and fit for purpose cyber security for Norway, the Nordics countires and beyond.
  • 4. Institutt for informasjonssikkerhet og kommunikasjonsteknologi (IIK) ● 80 ansatte i Gjøvik og Trondheim ● Forskningslaboratorier innen avhengighet og ytelse, biometri, cyberforsvar, forensics, intelligente transportsystemer, internet of things, informasjonssikkerhetsledelse, kritisk infrastruktur, kryptografi, skadevare, e-helse og velferd ● 1 bachelor- (60), 2 master- (60+20), 1 siv.ing- (45) (45) og 2 PhD-utdanninger ● Forskningsprosjekter: EU H2020 (5), EU FP7 (4), EU Cost (1), EDA (1), NFR FME (1), NFR IKT+ (4), NFR ENERGIX (1), NFR BIA (2), NFR Forskerskole (1), NFR NæringsPhD (1), RFF (4) Omfang ca 40 MNOK (45% budsjettet) ● Vertsinstitutt for NTNUs Center for Cyber and Information Security ● Akademiske konferanser, Cyber symposiet, SikkertNOK, Sikkerhetstoppmøtet
  • 5. Cyberforsvaret Telenor Eidsiva Eidsiva Bredbånd IKOMM Combitech AS Høgskolen i Innlandet Evry Buypass Helsenødnettsdriftsorganis asjon NorSIS NTNU Sivilforsvaret Starum Nammo Norsk Tipping Innlandet Politidistrikt Geno
  • 6.
  • 7. Cyber Security Skill Shortage “A 2015 report from Cisco puts the global figure at one million cybersecurity job openings. Demand is expected to rise to 6 million globally by 2019, with a projected shortfall of 1.5 million, says Michael Brown, CEO at Symantec, the world’s largest security software vendor.” https://www.forbes.com/sites/stevemorgan/2016/01/02/one- million-cybersecurity-job-openings-in-2016/#764a33b27ea2 https://www.cisco.com/c/dam/en/us/products/collateral/security/cybersecurity-talent.pdf Demand & Education Output 2000 Demand OutputGap 2019
  • 9.
  • 10. The Problem (Technological Determinism vs Socio-Constructivism) https://www.youtube.com/watch?v=uOrG6jfBzEU The School of Athens
  • 11. The Problem: Learning how to think about secure computers and technology land earning how to work with computers and technology https://oldplay.dsv.su.se/hypercaster/3762/width=640/height=360/link.js Teach them to coding and encryption first. Teach them to think about secure systems first.
  • 12. All the world “including Norway “!) is made of faith, trust and pixie dust by either well educated or poorly educated socio-technical systems designers
  • 14. PROBLEM 1 “IKT” research funding development, adoption and implementation is driven to a large extent by “hype” and security issue and other constraints are neither thought about or taught correctly!
  • 15. EXAMPLE GARTNERS SECURITY HYPE CURVES 2003
  • 16. PROBLEM 1 research and development, adoption and implementation is driven to a large extent by “hype” and security issue and other constraints are neither thought about or taught correctly! Do you want to buy a parachute? What ??????? We need to make this thing a light as possiblle!
  • 17. PROBLEM 1 ICT research and development, adoption and implementation is driven to a large extent by “hype” and security issue and other constraints are neither thought about or taught correctly correctly! http://ca.news.yahoo.com/blogs/good-news/airplane-recovery-parachute-saves-three- lives-connecticut-crash-171749029.html
  • 18. PROBLEM 1 Computer and Media Technology research and development, adoption and implementation is driven to a large extent by “hype” and security issue and other constraints are neither thought about or taught correctly correctly!
  • 19. Kunnskap for en bedre verden Information system components: ● Data and information ● Software, applications, services ● Hardware, network, infrastructure ● Humans, users, management ● Organisation, society Federal Research and Development Strategic Plan
  • 20.
  • 21. !The Problem! There is always a Security GAP (social-technical and socio-technical with new technology !
  • 22. Why Do We Model Some like to undestand what they believe in. Others like to believe in what they understand. (Stainslaw Jerzy Lec) Which one are you? Niave Mental Models ”engineering vs science”
  • 23. “You continually need to learn to mange yourself and your organization or society efficient and effectively with incentives and disincentive or you will end up being managed by your enemies or near friends. “ The Information Security Management Group researches and teaches critical thinking in, theoretical, empirical, applied and clinical methods and techniques to model, measure, manage i.e. govern information security management system’s strengths (security, privacy) and weaknesses (Risk) at the individual, organization and nation levels. Information Security Management and Privacy Group (ISMG) ! Manage or be Managed !
  • 24. The Socio Technical Systems Approach (PAST) • Eric Trist and Ken Bamforth etc – 1950 – Coal mine – Three levels • primary work system • the whole organization • macro-social phenomena Interesting Link but bad sound https://www.youtube.com/watch?v=O Uqtmo8vmz0 Interesting Link 25 minutes https://www.youtube.com/watch?v=O Uqtmo8vmz0
  • 25.
  • 26. 26 Risk Normal form a Socio-Techincal (View)
  • 28. IMIT 4115 IT Rhetoric for Seucurity and Risk Managment Stewart Kowalski Ph.D Professor Information Security 28 stewart.kowalski@ntnu.no
  • 29. 29 SikkertNOK på NTNU Campus Gjøvik. oktober 2016. Pizza and Panic: 16:00-18:30 The Annual Information Security Management and Privacy Group Cyber Security Ghost Story and Question Competition .
  • 30. Challenge: To Be or Not to be a Security Enough in Cyber Space Viking name of the city of York (Jórvík) http://languagehat.com/atlas-of-true-names/http://study.com/academy/lesson/alas-poor-yorick-quotes-meaning-lesson-quiz.html Fake news Alert not verified but fun!
  • 31. 31 The Challenge Your task is to tell your fellow cyber-citizens', a story about a information or cyber security incident that will get them to stop, be scared, think socio-technical system security and change your fellow cyber citizen to Act, feel, and know how to be good citizen in cyber space! Ref 2 Ref2
  • 32. 32 5th Place Jórvík beats Oxford and West Point https://www.youtube.com/watch?v=O-Q-dRw7ngU&feature=youtu.be Bridge the Gap
  • 33. 33 SikkertNOK på NTNU Campus Gjøvik. XX oktober 2018. Pizza and Panic: 16:00-18:30 The Annual Information Security Management and Privacy Group Delta 2 Debate and Question Competition .
  • 34. ο από μηχανής Θεός ή διάβολος A Rhetoric's Game: Cyber security by Debate A Delta2 Debate on “ “Digital Drivers Licenses” for Norway” Moderator: Mariusz Nowostawski (NTNU) SikkertNOK 2017 . ὁ δὲ ἀνεξέταστος βίος οὐ βιωτὸς ἀνθρώπῳ
  • 35. Why are we here ? Add value to your education An Apology ? ὁ δὲ ἀνεξέταστος βίος οὐ βιωτὸς ἀνθρώπῳ “The unexamined life is not worth living” and it might not be worth securing in cyber space.
  • 36. • In the Cyberworld, cyber security like ”fake news” is a consumable good. • Definition of: consumable good1 A material that is used up and needs continuous replenishment, such as paper and toner. "The low-tech end of the high-tech field!“ 1 http://www.pcmag.com/encyclopedia_term/0,2542,t=consumable&i=40253,00.asp https://Apple or Banna Debate
  • 37. Goals of a Delat 2 Debate • Cyber Security like any other consumable good has to be marketed, maintained and managed. • The goal of these debate is explore how we can collectively market, maintain, and manage the socio-technical systems we call cyber space to be secure “enough”. • Move from using FUD Fear Uncertainty and Doubt • To RUD =Reason Uncertaintiy and Doubt
  • 38. Delta 2 Debate Format • Flip a coin to decide who will be For/Against the motion (Simon/Stewart) • Audience votes (For, Against Undecided, No at Relevant motion” • For 3 minutes • Against 3 minutes • 2.33 Minutes Reflection – https://Music of the inner spheres • For cross examination 5 minutes • Against cross examination 5 minutes Against 1 Minutes Summary • 2.00 Minutes Reflection – https://Music of the inner spheres • Against 1 minutes Closing • For 1 minute Closing • Audience votes (For, Against Undersided, No at Relevant motion” 3 8
  • 39. Motion Norway should enact a cyber space regulation that requires citizens to pass a digital driver licences test which both indicates that their have the necessary security competence to operate in the Norwegian .no domain and their digital identity .
  • 40. Is Cyber Security in Norway still a public good? Public Phone Gone Possible 2018 Delta 2 Debate
  • 42. !Do we have a cyber – academic – Industrial complex in Norway ! In the councils of government, we must guard against the acquisition of unwarranted influence, whether sought or unsought, by the military industrial complex. The potential for the disastrous rise of misplaced power exists and will persist. 1:37 https://www.youtube.com/watch?v=8y06NSBBRtY
  • 43. 43 Overview • A socio-technical security perspective of the “cyber” security situations for individuals, organization, nations and societies. • Some of the on going work at NTNU-Gjøvik to frame the discussion to help create adequate and fit for purpose cyber security for Norway, the Nordics and beyond.
  • 44. S.KowalskiTheSBCModelasaConceptualFrameworkfor ReportingITCrimes,ProceedingsoftheIFIPTC9/WG9.6 WorkingConferenceonSecurityandControlofInformation TechnologyinSociety(1993) ● Cybersikkerhet går langt ut over teknologi og samband ● Forstå konsekvensene av mulige hendelsene for et individ, en virksomhet og en nasjon ● 100% sikkerhet er ikke oppnåelig, vi må evne å akseptere et risikonivå Trenger kunnskap, ferdigheter og kompetanse innen teknologi, organisasjon og ledelse.
  • 45. Time Leanr to do Learn to think 1976 2009 THE Gap THE GAP needs to be filled with Socio-Technical Debate Debate Socio- Technical DEBATE Questions