Presentation given at the Joint UN/ITU CITEL Cybersecurity Workshop in Salta City, Argentina - Nov 2010. The material discusses Cybersecurity Skills Development and International Partnerships for the Americas.
Introduce IPv6 related activities in ITU-T especially focused on SG13 and near future expectation of using IPv6 jointly with Ubiquitous Networking concept.
World Conference on International Telecommunications (#WCIT12) myth busting - presented by ITU to civil society stakeholders during the WCIT12 global briefing session held at ITU HQ on 9 October, 15:00-16:30.
Achievements and future works of ITU-T Study Group 17 on Security
Presented at WTSA-16 by Mr Heung-Youl Youm, Vice-chairman, on behalf of Mr Arkadiy Kremer, Chairman of ITU-T Study Group 17
ITU Security in Telecommunications & Information TechnologyITU
The ITU-T Security Manual offers a comprehensive overview of ITU-T’s work to build confidence and security in the use of information and communication technologies (ICTs).
The manual documents ITU-T’s efforts to respond to global cybersecurity challenges with international standards, complementary guidance documents and outreach to build capacity in the application of advanced ICT security mechanisms.
Introductory chapters highlight high-priority areas of ITU-T security work and basic requirements for the protection of ICT applications, services and information. Central to this introduction is an examination of standards’ role in meeting the security requirements borne of prevalent threats and vulnerabilities.
The manual outlines foundational security architectures as a basis for the discussion of more specific security considerations, following an iterative structure addressing key aspects of ICT security:
Generic security architectures for open systems and end-to-end communications, as well as examples of application-specific architectures, which establish frameworks for the consistent application of multiple facets of security.
Information security management, risk management and asset management, including management activities relevant to securing network infrastructure and the data used to monitor and control the telecommunications network.
The Directory and its role in supporting authentication and other security services. Particular attention is paid to the cryptographic concepts that rely on Directory services, providing an introduction to public key infrastructures, digital signatures and privilege-management infrastructures.
Identity management – a topic of growing importance to connected things, objects and devices – and the related topic of telebiometrics, the use of biometric characteristics for personal identification and authentication in telecommunications environments.
Approaches to network security, including the security requirements for next-generation networks and mobile communications networks in transition from a single technologies (e.g. CDMA or GSM) to mobility across heterogeneous platforms using the Internet Protocol (IP). This section also tackles security provisions for home networks, cable television and ubiquitous sensor networks.
Cybersecurity and incident response, looking at how best to develop an effective response to cyber attacks, including the need to understand the source and nature of attacks when sharing associated information with monitoring agencies.
Application-specific security needs, emphasizing the security features defined in ITU-T standards for Voice over IP, Internet Protocol Television, Web services, and identification tags such as RFID tags.
Technical measures to counter common network threats such as spam, malicious code and spyware, including the importance of ti
Achievements and future works of ITU-T Study Group 2 on Operational aspects of service provision and Telecommunications management
Presented at WTSA-16 by Dr Sherif Guinena, Chairman of ITU-T Study Group 2
Introduce IPv6 related activities in ITU-T especially focused on SG13 and near future expectation of using IPv6 jointly with Ubiquitous Networking concept.
World Conference on International Telecommunications (#WCIT12) myth busting - presented by ITU to civil society stakeholders during the WCIT12 global briefing session held at ITU HQ on 9 October, 15:00-16:30.
Achievements and future works of ITU-T Study Group 17 on Security
Presented at WTSA-16 by Mr Heung-Youl Youm, Vice-chairman, on behalf of Mr Arkadiy Kremer, Chairman of ITU-T Study Group 17
ITU Security in Telecommunications & Information TechnologyITU
The ITU-T Security Manual offers a comprehensive overview of ITU-T’s work to build confidence and security in the use of information and communication technologies (ICTs).
The manual documents ITU-T’s efforts to respond to global cybersecurity challenges with international standards, complementary guidance documents and outreach to build capacity in the application of advanced ICT security mechanisms.
Introductory chapters highlight high-priority areas of ITU-T security work and basic requirements for the protection of ICT applications, services and information. Central to this introduction is an examination of standards’ role in meeting the security requirements borne of prevalent threats and vulnerabilities.
The manual outlines foundational security architectures as a basis for the discussion of more specific security considerations, following an iterative structure addressing key aspects of ICT security:
Generic security architectures for open systems and end-to-end communications, as well as examples of application-specific architectures, which establish frameworks for the consistent application of multiple facets of security.
Information security management, risk management and asset management, including management activities relevant to securing network infrastructure and the data used to monitor and control the telecommunications network.
The Directory and its role in supporting authentication and other security services. Particular attention is paid to the cryptographic concepts that rely on Directory services, providing an introduction to public key infrastructures, digital signatures and privilege-management infrastructures.
Identity management – a topic of growing importance to connected things, objects and devices – and the related topic of telebiometrics, the use of biometric characteristics for personal identification and authentication in telecommunications environments.
Approaches to network security, including the security requirements for next-generation networks and mobile communications networks in transition from a single technologies (e.g. CDMA or GSM) to mobility across heterogeneous platforms using the Internet Protocol (IP). This section also tackles security provisions for home networks, cable television and ubiquitous sensor networks.
Cybersecurity and incident response, looking at how best to develop an effective response to cyber attacks, including the need to understand the source and nature of attacks when sharing associated information with monitoring agencies.
Application-specific security needs, emphasizing the security features defined in ITU-T standards for Voice over IP, Internet Protocol Television, Web services, and identification tags such as RFID tags.
Technical measures to counter common network threats such as spam, malicious code and spyware, including the importance of ti
Achievements and future works of ITU-T Study Group 2 on Operational aspects of service provision and Telecommunications management
Presented at WTSA-16 by Dr Sherif Guinena, Chairman of ITU-T Study Group 2
Achievements and future works of ITU-T Study Group 3 on Tariff and accounting principles including related telecommunication economic and policy issues
Presented at WTSA-16 by Mr Seiichi Tsugawa, Chairman of ITU-T Study Group 3
Last update: Feb 2, 2021
With Standalone (SA) appearing in the U.S. in the not so distant future or ahead of schedule one year from now, there will be a lot more 5G association focuses – more entrances of chance for cyber criminals to reap private information.
AI and ML have just demonstrated their adequacy in various fields for order, ID and mechanization with higher exactness.
As 5G systems' essential selling point has been higher information rates and speed, it will be hard to handle wide scope of dangers from various focuses utilizing common/conventional defensive measures.
5G systems make a significantly extended, advanced digital assault weakness. In this way, the re-classified idea of these systems requires a likewise re-imagined digital technique.
Need to find out additional?
Tonex offers Tonex offers 5G Security Training, a 4-day hand on course that furnishes attendees with a solid and instinctive comprehension of what security in the remote frameworks is and how the security capacities are actualized.
The course is performed in both live onsite and offline.
Also, Tonex offers about two dozen 5G Training Courses that spread everything from 5G essentials to more particular regions, for example, C-RAN Training, NOMA Training, LTE Advanced Pro Training and mmWaves Technology Training.
5G Training Courses :
5G and mmWave Antenna Engineering Training
5G Citizens Band Radio Services (CBRS) Training
5G Cyber security Bootcamp | 3GPP Version
5G for Sales and Tech Sales/Support Training
5G NR Training | 5G New Radio (NR)
5G Security Training | 5G Wireless Security Training
5G Training for Non Engineers | 5G Wireless Training for Non Engineers
5G Training | 5G System Survey Training
5G Wi-Fi Offload Training | LTE-U | LAA
5G Wireless Crash Course
5G Wireless Networks Training | The Fundamentals
5G Wireless Training for Non-Engineers
5G Wireless Training | 5G Technical Fundamentals
C-RAN Training | Cloud-RAN Training
D2D Communications Training | 5G Device to Device Communications
LTE Advanced Pro Training
LTE, LTE-A, and LTE-A Pro Migration to 5G Training
mmW Technology Training | Millimeter Wave Training
Mobile Broadband Transformation Training Bootcamp | 3GPP 5G Training
Next Generation Wireless Networks Crash Course
Non-Orthogonal Multiple Access (NOMA) Training | Future 5G Technologies
Vehicle-to-Vehicle Communications Training | V2V Communications Training | v2v Training
VoNR Training | Voice over New Radio | Voice over 5G Standalone
Learn More :
5G Security Training, 5G Training Course
https://www.tonex.com/5g-security-training-5g-training-course/
Singapore's National Cyber Security StrategyBenjamin Ang
Singapore's National Cyber Security Strategy was launched by the Singapore government at the inaugural Singapore International Cyber Week 2016. This presentation gives an overview of the 4 pillars of the Strategy and some of its implementation steps so far, including the upcoming new Cybersecurity Act, and the SGD 10 million fund for capacity building in ASEAN. You can download the full Strategy at www.csa.gov.sg
Singapore. industry 4.0 and cybersecurity Yuri Anisimov
For all critical sectors to establish robust and systematic cyber risk management processes and capabilities
Systematic cyber risk management framework
risk assessments, vulnerability assessments and system reviews;
well-informed and conscious trade-offs in security, cost and functionality
sound systems and procedures to mitigate and manage these risks, including disaster recovery and business continuity plans;
effective implementation that encompasses awareness building and training across the organisation
continuous measurement of performance through process audits and cyber-security exercises.
Framework of responsible state behaviour in cyberspace - for Marshall Center ...Benjamin Ang
Lecture on the different cyber norms frameworks for responsible state behaviour in cyberspace - describing Paris Call, Charter of Trust, Microsoft Digital Geneva Convention, Tech Accord, GCSC, Shanghai SCO, UN GGE, UN OEWG - explaining each of the 11 cyber norms from the UN GGE 2015 meeting, and concluding with a case study on ASEAN's approach to international law in cyber operations
5G Wireless Security Training : Tonex TrainingBryan Len
TONEX 5G security training is an essential element in the development of security policies and technologies to protect 5G wireless networks from hacking, cyberattacks and financial fraud.
Topics Include:
Security 5G Essentials Bootcamp Style:
Intro to 5G Security
5G communications systems architecture
Security Issues and Challenges in 5G Communications Systems
Mobile Malware Attacks Targeting UE
ITU-T and 3GPP Security Frameworks
LTE, LTE-Advanced and LTE-Pro Security Principles
LTE-U and LAA Security
802.11ax Security applied to 5G
802.11ah Security applied to 5G
802.11ay Security applied to 5G
Self-Organizing Network (SON)
Voice over WiFi (VoWiFi) Security
LTE Direct and D2D Communication Security
IoT Security
NFV Security
Software Defined Networking (SDN) Security
Cloud and Virtualization Security
C-RAN Security
V2V Security
Securing 5G Automation
More...
TONEX 5G Security Workshop/Recommendations:
Key Issues
Embedded SIM Security
mmWave Security Issues
5G Autonomous Driving Security Solutions
Critical 5G Security Controls Planning, Implementing and Auditing
Top 5G Mitigation Strategies Implementing and Auditing
Advanced 5G Security Principles
5G Intrusion Detection
5G Wireless Hacker Tools, Techniques, Exploits and Incident Handling
Issues with Access Network Flash Network Traffic
Radio interface key management
User plane integrity
Security measures
DOS Attacks Against Network Infrastructure
Overload of the signaling plane security issues
Bulk configuration security issues
Request more information. Visit Tonex website link below and learn more about 5G wireless security training
https://www.tonex.com/training-courses/5g-security-training/
UN/ITU - Organisational Structures and Incident Management - CybersecurityDr David Probert
In-Depth Presentation for the Cybersecurity Workshop that was Jointly Organised by the UN/ITU and CITEL in Salta City, Argentina - November 2010. The presentation focuses on the implementation of the recommended UN/ITU (International Telecommunications Union) Global Cybersecurity Agenda and the importance of CERTs (Computer Emergency Response Teams)
Cybersecurity Technologies, Standards and OperationsDr David Probert
2-Day Cybersecurity Master Class given at the University of Technology (UTECH), Kingston, Jamaica - 16th-17th September 2010 - in partnership with the UN/ITU Excellence Network in the Caribbean Region. These lectures are more technical than those in the more general 3-Day Cybersecurity Master Class that we held on 13th to 15th September. Topics covered include ITU, NIST, IEEE and ISO/IEC Standards. Setting up and running CERTs/CSIRTS - Computer Emergency Response Team - and Business Continuity.
Achievements and future works of ITU-T Study Group 3 on Tariff and accounting principles including related telecommunication economic and policy issues
Presented at WTSA-16 by Mr Seiichi Tsugawa, Chairman of ITU-T Study Group 3
Last update: Feb 2, 2021
With Standalone (SA) appearing in the U.S. in the not so distant future or ahead of schedule one year from now, there will be a lot more 5G association focuses – more entrances of chance for cyber criminals to reap private information.
AI and ML have just demonstrated their adequacy in various fields for order, ID and mechanization with higher exactness.
As 5G systems' essential selling point has been higher information rates and speed, it will be hard to handle wide scope of dangers from various focuses utilizing common/conventional defensive measures.
5G systems make a significantly extended, advanced digital assault weakness. In this way, the re-classified idea of these systems requires a likewise re-imagined digital technique.
Need to find out additional?
Tonex offers Tonex offers 5G Security Training, a 4-day hand on course that furnishes attendees with a solid and instinctive comprehension of what security in the remote frameworks is and how the security capacities are actualized.
The course is performed in both live onsite and offline.
Also, Tonex offers about two dozen 5G Training Courses that spread everything from 5G essentials to more particular regions, for example, C-RAN Training, NOMA Training, LTE Advanced Pro Training and mmWaves Technology Training.
5G Training Courses :
5G and mmWave Antenna Engineering Training
5G Citizens Band Radio Services (CBRS) Training
5G Cyber security Bootcamp | 3GPP Version
5G for Sales and Tech Sales/Support Training
5G NR Training | 5G New Radio (NR)
5G Security Training | 5G Wireless Security Training
5G Training for Non Engineers | 5G Wireless Training for Non Engineers
5G Training | 5G System Survey Training
5G Wi-Fi Offload Training | LTE-U | LAA
5G Wireless Crash Course
5G Wireless Networks Training | The Fundamentals
5G Wireless Training for Non-Engineers
5G Wireless Training | 5G Technical Fundamentals
C-RAN Training | Cloud-RAN Training
D2D Communications Training | 5G Device to Device Communications
LTE Advanced Pro Training
LTE, LTE-A, and LTE-A Pro Migration to 5G Training
mmW Technology Training | Millimeter Wave Training
Mobile Broadband Transformation Training Bootcamp | 3GPP 5G Training
Next Generation Wireless Networks Crash Course
Non-Orthogonal Multiple Access (NOMA) Training | Future 5G Technologies
Vehicle-to-Vehicle Communications Training | V2V Communications Training | v2v Training
VoNR Training | Voice over New Radio | Voice over 5G Standalone
Learn More :
5G Security Training, 5G Training Course
https://www.tonex.com/5g-security-training-5g-training-course/
Singapore's National Cyber Security StrategyBenjamin Ang
Singapore's National Cyber Security Strategy was launched by the Singapore government at the inaugural Singapore International Cyber Week 2016. This presentation gives an overview of the 4 pillars of the Strategy and some of its implementation steps so far, including the upcoming new Cybersecurity Act, and the SGD 10 million fund for capacity building in ASEAN. You can download the full Strategy at www.csa.gov.sg
Singapore. industry 4.0 and cybersecurity Yuri Anisimov
For all critical sectors to establish robust and systematic cyber risk management processes and capabilities
Systematic cyber risk management framework
risk assessments, vulnerability assessments and system reviews;
well-informed and conscious trade-offs in security, cost and functionality
sound systems and procedures to mitigate and manage these risks, including disaster recovery and business continuity plans;
effective implementation that encompasses awareness building and training across the organisation
continuous measurement of performance through process audits and cyber-security exercises.
Framework of responsible state behaviour in cyberspace - for Marshall Center ...Benjamin Ang
Lecture on the different cyber norms frameworks for responsible state behaviour in cyberspace - describing Paris Call, Charter of Trust, Microsoft Digital Geneva Convention, Tech Accord, GCSC, Shanghai SCO, UN GGE, UN OEWG - explaining each of the 11 cyber norms from the UN GGE 2015 meeting, and concluding with a case study on ASEAN's approach to international law in cyber operations
5G Wireless Security Training : Tonex TrainingBryan Len
TONEX 5G security training is an essential element in the development of security policies and technologies to protect 5G wireless networks from hacking, cyberattacks and financial fraud.
Topics Include:
Security 5G Essentials Bootcamp Style:
Intro to 5G Security
5G communications systems architecture
Security Issues and Challenges in 5G Communications Systems
Mobile Malware Attacks Targeting UE
ITU-T and 3GPP Security Frameworks
LTE, LTE-Advanced and LTE-Pro Security Principles
LTE-U and LAA Security
802.11ax Security applied to 5G
802.11ah Security applied to 5G
802.11ay Security applied to 5G
Self-Organizing Network (SON)
Voice over WiFi (VoWiFi) Security
LTE Direct and D2D Communication Security
IoT Security
NFV Security
Software Defined Networking (SDN) Security
Cloud and Virtualization Security
C-RAN Security
V2V Security
Securing 5G Automation
More...
TONEX 5G Security Workshop/Recommendations:
Key Issues
Embedded SIM Security
mmWave Security Issues
5G Autonomous Driving Security Solutions
Critical 5G Security Controls Planning, Implementing and Auditing
Top 5G Mitigation Strategies Implementing and Auditing
Advanced 5G Security Principles
5G Intrusion Detection
5G Wireless Hacker Tools, Techniques, Exploits and Incident Handling
Issues with Access Network Flash Network Traffic
Radio interface key management
User plane integrity
Security measures
DOS Attacks Against Network Infrastructure
Overload of the signaling plane security issues
Bulk configuration security issues
Request more information. Visit Tonex website link below and learn more about 5G wireless security training
https://www.tonex.com/training-courses/5g-security-training/
UN/ITU - Organisational Structures and Incident Management - CybersecurityDr David Probert
In-Depth Presentation for the Cybersecurity Workshop that was Jointly Organised by the UN/ITU and CITEL in Salta City, Argentina - November 2010. The presentation focuses on the implementation of the recommended UN/ITU (International Telecommunications Union) Global Cybersecurity Agenda and the importance of CERTs (Computer Emergency Response Teams)
Cybersecurity Technologies, Standards and OperationsDr David Probert
2-Day Cybersecurity Master Class given at the University of Technology (UTECH), Kingston, Jamaica - 16th-17th September 2010 - in partnership with the UN/ITU Excellence Network in the Caribbean Region. These lectures are more technical than those in the more general 3-Day Cybersecurity Master Class that we held on 13th to 15th September. Topics covered include ITU, NIST, IEEE and ISO/IEC Standards. Setting up and running CERTs/CSIRTS - Computer Emergency Response Team - and Business Continuity.
Supporting the global efforts in strengthening the safety, security and resilience of Cyberspace, the Commonwealth Cybersecurity Forum 2013, organised by the Commonwealth Telecommunications Organisation. The ceremonial opening examined how Cyberspace could be governed and utilised in a manner to foster freedom and entrepreneurship, while protecting individuals, property and the state, leading to socio-economic development. Speakers of this session, Mr Mario Maniewicz, Chief, Department of Infrastructure, Enabling Environment and E-Applications, ITU; Mr David Pollington, Director, International Security Relations, Microsoft; Mr Alexander Seger, Secretary, Cybercrime Convention Committee, Council of Europe; Mr Nigel Hickson, Vice President, Europe, ICANN and Mr Pierre Dandjinou, Vice President, Africa, ICANN, added their perspectives on various approaches to Cybergovernance, with general agreement on the role Cyberspace could play to facilitate development equitably and fairly across the world.
Hosted by the Ministry of Posts and Telecommunications of Cameroon together with the Telecommunications Regulatory Board of Cameroon and backed by partners and industry supporters including ICANN, Council of Europe, Microsoft, MTN Cameroon, AFRINIC and Internet Watch Foundation, the Commonwealth Cybersecurity Forum 2013 seeks to broaden stakeholder dialogue to facilitate practical action in Cybergovernance and Cybersecurity, some of which will be reflected in the CTO’s own work programmes under its Cybersecurity agenda.
Carolina Limbatto's presentation on Cybersecurity in the second webinar on Cybersecurity and infrastructure challenges (orig. : 'Desafíos en materia de ciberseguridad e infraestructura') of Jornada Perspectivas de las Telecomunicaciones y TIC 2020.
Development of National Cybersecurity Strategy and OrganisationDr David Probert
3-Day Master Class given at the University of Technology (UTECH) Kingston, Jamaica - 13th to 15th September 2010 - in Partnership with the UN/ITU Centres of Excellence Network for the Caribbean Region - International Telecommunications Union - Global Cybersecurity Agenda.
Caribbean needs more inclusive approach towards digital economy particpationShiva Bissessar
Looking beyond the Government actor towards developing the digital economy in Caribbean. Need for events which encourage participation from SMEs, academia, civic and other
Industrial Control Cybersecurity USA Cyber Senate conferenceJames Nesbitt
Public and Private partnerships are paramount and information sharing on an international level a priority. We will be addressing key areas of vulnerability, threat detection, mitigation, and planning for the Water, Utilities, Oil and Gas, Nuclear, Power and Smart Grid Energy sector
Brief article on the Impact of Artificial Intelligence & Machine Learning on the Security Sector. We review the fundamentals of AI Security before providing a quick review of key sectors. Finally we provide a speculative set of scenarios for 2030, 2050, 2075 & 2100 regarding the possible future evolution of artificial intelligence. This includes a short assessment of the risks that autonomous AI tools bring that could prove to be an existential risk to Human Life, Culture & Society. This year will be 50 years since I started my own PhD into AI - "Stochastic Machine Learning" at Cambridge University Statistical Laboratory which is part of the Department of Mathematics. Enjoy!
AI & Cybersecurity Tools are being weaponised by National Governments which is already impacting Export Rules & Regulations. This short article opens up an online discussion of some of these contemporary issues which impact us all!
From Hughesovka to Donetsk (Translated to Russian)Dr David Probert
Donetsk, Ukraine is at the core of regional issues between Russia & the West. In the 19thC my Great Great Grandfather worked for 25 years in Hughesovka which was created as an Industrial Public Private Partnership (PPP) between the Russian Government & Welsh Entrepreneur - John Hughes with the "New Russia Company Limited" registered in 1869. This 19thC Company Town was renamed Stalino in 1924 & Donetsk in 1961. Here is the Russian Translation of my Personal Thoughts & Family Story relating to the historical journey from Hughesovka (1870) to Donetsk (2022) .
Some Personal Reflections on the Evolution of the 19thC Industrial Complex set up by John Hughes in 1870 by the New Russia Company in the City known then as Hughesovka and since renamed as Donetsk in Donbas - Eastern Ukraine. The article includes some family history and connections with Donbas and a Personal Postscript & Analysis of current events.
We compare the challenge of the current COVID-19 Bio-Pandemic with the potential of Global Cyber-Pandemic during the coming decade! Bio-Events are Spatial whilst Cyber-Events are Temporal & require "Defence in Time" We speculate on the emergence of "Silicon Life" and the possibility of autonomous cyber-attacks by networks of AI-Bots & Drone Swarms upon Critical National Infrastructure. The paper assumes some understanding of Artificial Intelligence, Machine Learning and Cybersecurity. Enjoy!
Intelligent, Integrated Cybersecurity - CyberCrime, CyberTerror & CyberWar!Dr David Probert
Invited Talk @ 40th International East-West Security Conference ' Hilton Hotel, Malta - November 2019 on Intelligent & Integrated CyberSecurity! The talk explores the current status of Cybersecurity threats & defence and then develops Scenarios for its future evolution. This focuses upon the role of Artificial Intelligence, Stochastic Machine Learning & Deep Learning and provide much faster & accurate real-time "Speed of Light" responses against Cyber Attacks! We discuss the evolution of the Internet during the last 50 years since its birth, and then explore possible cyber trends for the next 25 to 30 years based upon technological & social evolution. Topics include Network Intelligence, Self-Learning, Self-Adaptive Security & then finally "Neural Security" for 2040 onwards! The presentation provides several examples of recent cyber attacks as well as some of the "Best of Breed" Cyber AI solutions that are already available from Cybersecurity vendors! We warp-up with a warning regarding the need to "take control of the more advanced AI tools" and to programme the AI software with some understanding of compliance with Human Needs & Ethics! The author has worked on InfoSec & Cybersecurity for 25 years since summer 1994. He has also more than 40 years of experience in AI having completed the very 1st Doctorate in Stochastic Machine Learning @ Cambridge University Statistical Laboratory & Churchill College in June 1976!
Upgrading Industrial CyberSecurity & Security Critical National InfrastructureDr David Probert
Invited talk at the 40th International East-West Security Conference @ Hilton Hotel - Malta on Upgrading Industrial CyberSecurity. The talk focuses on the Industrial Internet of Things (IIoT) and specifically on ICS/SCADA systems - Industrial Control Systems and Supervisory Control and Data Acquisition. These legacy systems are often not well secured and open to a wide range of Cyber Threats & Attacks. Examples are given on some recent attacks including DDoS and Ransomware in Trans-National Industrial Enterprises.The talk covers the integration of physical & cyber security as well as the problem of counterfeit electronic parts & components within the industrial value-chain. We explore the issue of industrial espionage & surveillance including video & satellite images that may be used by the "bad guys" when researching economic, political or terror attacks on critical infrastructure. We explore the risks within the energy sector such as civilian nuclear power plants & industrial metal smelting works. We wrap-up by recommending 10 ways to secure your industrial enterprise & the paths to developing your Smart Security Business Plan. The author has worked in the field of CyberSecurity / InfoSec for 25 years since Summer 1994. He has also worked in AI/Machine Learning for more than 40 years since completing the 1st Doctorate in Stochastic Machine Learning @ the Cambridge University Statistical Laboratory in June 1976.
21stC Trends in CyberSecurity in the Finance & Banking Sectors Security!Dr David Probert
Invited Presentation @ 40th Internationnal East-West Security Conference in Malta on the Theme of Cybersecurity in Finance & Banking! This 45minute talk covers the importance of upgrading to the new cyber tools based upon Artificial Intelligence & Stochastic Machine Learning that are now available for several leading "best of breed" vendors! The talk also covers typical cyber threats from DDoS to Ransomware as well as the role of blockchains & big data analytics in improving transaction security and compliance with Anti-Money Laundering & Counter-Terror Financing. The talk ends with recommended guidelines on ways to improve & upgrade your own enterprise cybersecurity using AI, Machine & Deep Learning! The author has spent more than 25 years working on Cybersecurity and completed his Doctorate in AI & Stochastic Machine Learning @ Cambridge University in 1976!
Effective CyberSecurity for the 2020s - Intelligent Analytics & Modelling Dr David Probert
This invited presentation was given at the International East-West Security Conference on the 4th June in Naples, Italy. The talk begins with a review of the current Cyber Society including the topics of CyberCrime, CyberTerror & CyberWar. We include a quick review of the extremely useful national cybersecurity strategy guides developed by the UN/ITU (United Nations - International telecommunications Union) during the last 10 years. We then progress to review the Top 10 Cyber Threats & Attacks including DDOS, SQL Injection, Ransomware, APT - Advanced Persistent Attack, Custom Torjan "Bots", Classic Malware, & Toxic Cookies, DNS & Proxy Diversion Attacks, We provide numerous examples of some recent devastating cyber attacks across market sectors such as Banking, Airllines, Shipping, Healthcare & Government. We the proceed to review future cyber scenarios - 2019 (Integrated Security), 2020(Self-Adaptive Security), 2022 (Self-Learning), 2025 (Cyber-Intelligent) & way into the future - 2040 (Neural Security). Once again we provide many examples of Cyber Solutions & Toolkits that are available today for implmentation. Many Cyber tools already embed AI & Deep Learning Algorithms which can help mitigate zero-day attacks and most other cyber stealth & malware attacks including DDoS, APT, SQL & Ransomware. We conclude, as usual, with suggestions for how YOUR Business can review, audit and upgrade to boost cyber resilience! Enjoy!
24/7 Intelligent Video Surveillance: Securing Your Business Data & PrivacyDr David Probert
This invited presentation was given at the International East-West Security Conference in Naples, Italy on th 4th June 2019. The talk has 9 chapters beginning with a background review of the evolution of the marketplace for video intelligence from 20thC CCTV to 21srC Real-Time Networked Video Surveillance! We then discuss the importance of deploying intelligence video surveillance in crowded places such as shopping malls, stadiums, theatres, transport hubs, airports & sports events. We provide examples of some recent tragic events related to Urban Terrorism such as Nice, Paris, Brussels, London, Berlin & Moscow. We discuss the importance of providing an integrated dashboard for Physical & CyberSecurity in order to Identify, Mitigate & ideally prevent such Urban Terrorism. At all stages of the talk we try an provide examples & case studies of Intelligent Video Surveillance solutions that are available on the marketplace today! W then review Advanced Video Analytics based upon Artificial Intelligence & Deep Learning (Neural Networks). This includes a discussion of intelligent behaviour profiling and real-time biometric analysis & digital forensics. The development of on-line services has led to the new economic theory of Surveillance Capitalism (Published by Shoshana Zuboff - Jan 2019). This is highly relevant to Video Surveillance since some of the intelligent video tools such as Public Facial Recognition have provoked a strong reaction in cities such as San Francisco. We conclude the talk with a review of ways in which Big Data Analytics can provide Fast Intelligent Support in the analysis of massive video databases & real-time streams. We also suggest Top 3 Actions & Security RoadMap for YOUR Business! Enjoy!
21stC Trends in FinTech Security - AI, Deep Learning & BlockchainDr David Probert
The presentation has 9 chapters beginning with a brief survey of FinTech Evolution & the Global Marketplace with a strong focus on China & the USA! We note that Fintech is a disruptive technology and that there are inherent cyber-risks. We provide examples of some recent major hacks within the FinTech & Financial Services Sector. We then consider ways options to mitigate these security risks using new technological tools based upon Artificial Intelligence, Machine Learning Algorithms , & Deep Learning (Neural Networks). We then also review ways in which Blockchains can provide enhanced security for peer-to-peer transactions both in FinTech as well as in most other market sectors. We then discuss Cyber Fraud Detection & Prevention including tools for identifying Money Laundering, and Financing for Terrorism & other National & International Criminal Exploits. We review ways in which the latest Tools for Big Data Mining & Analytics can reduce the impact & devastating losses from Global FinTech CyberCrime. We conclude with a summary of the current disruptive transition from 20thC Physical Banks to 21stC Virtual FinTech Accounts. We include suggestions for ways in which you can provide enhanced Security for FinTech within YOUR Business! This invited talk was given at the International East-West Security Conference in Naples, Italy on the 4th June 2019
KolaNet 1992-1999 and Beyond! Arctic Environmental Monitoring Networks!Dr David Probert
Invited Presentation at the Plenary Session of the 30th Anniversary Conference of the "Institute of Ecological Problems of the North" - Kola Science Centre - Russian Academy of Sciences - Apatity, Murmansk Region, Russia. The presentation reviews the Multi-National Project that aimed to establish a network to monitor radiation levels (in case of nuclear accident or major leak) around the Kola Atomic Power Station in the Russian Kola Peninsula, the programme included several training courses held in Svahovd Norway as well as the Kola Science Centre, Apatity. The project later extended its mission to include monitoring of other industrial pollution such as sulphur dioxide from the extensive Nickel Smelting Works within the Region @ Nikel & Monchegorsk. The presentation concludes with suggestions for redefining & upgrading the KolaNet Programme for the 21st Century with a focus on Artificial Intelligence, Big Data Analytics, Machine & Deep Learning to research massive databases related to climate change & arctic pollution! We conclude with a review of the KolaNet Lessons noting that the programme was successful due to (1) TeamWork (2) Practical Adaptation & Exploitation of Advanced Technologies (3) International Partnerships across the Nordic Region - Norway, Sweden, Finland & Russia!
CyberVision: 2020 to 2030 - Your 21stC Cybersecurity Toolkit!Dr David Probert
This presentation provides a personal vision of cybersecurity trends for the coming 10 years and beyond! We begin with some historical relics and the discovery of the Antikythera Mechanism almost 2000 years ago (Cyber Year ZERO!). We rapidly move to our cyber society - 2018 - and some recent massive cyber hacks & attacks related both to cybercrime, cyberterror and emerging cyber and information warfare. We briefly discuss the TOP 10 Cyber attack and means of defence. These include Advanced Persistent Threat (APT), Stealth Monitoring, Toxic eMail, Custom Bots (Stuxnet), DDoS, Ransomware and Toxic Cookies/Proxy & DNS Hacks & Attacks. After briefing exploring Blockchains, "Internet of Things" & Integrated Security Dashboards we present a sequence of cyber scenarios for 2019 (Self-Adaptive), 2020 (Self-Learning), 2025 (Cyber Intelligent) and 2040 (Neural Security). We provide examples of cyber tools already available that deploy machine learning, AI and Deep Learning to protect business and governments around the world. We provide some warnings from the late Stephen Hawking on both the risks and rewards or the widespread deployment of artificial intelligence based solutions in both business, government & open society! Finally we wrap up with a quick review of future cyber tools and suggestions for your own Business Action Plan & RoadMap! Enjoy!
Intelligent Cyber Surveillance: AI Video Analytics & Biometrics!Dr David Probert
This presentation discusses recent trends in cyber surveillance to combat increasing cybercrime, cyberterrorism and the advent of cyberwarfare! We begin by reviewing the convergence of physical & cybersecurity before moving to recent tragic events in urban terrorism, We discuss the ways in which "crowded place" such as stadiums, transport hubs, resorts and malls may be more fully secured against cyberterrorists, We then review trends in advanced AI - artificial intelligence - based video analytics & biometric which are now a key component in business & government cyber toolkit! We provide a short review of cyber sector sector before providing some 7 year cyber trends towards the year 2025. The presentation wraps up with your TOP 3 Actions and a suggested Cyber Shopping List for your Business! Enjoy!
Cybersecurity for Critical National InfrastructureDr David Probert
Presentation focuses on National Cybersecurity Strategies, Models and Plans. These include the well known UN/ITU - International Telecommunication Union Strategy Guidelines which were updated this year. The talk includes the authors security missions to Armenia and Georgia as well as industrial ICS/SCADA security and the critical info sectors. We briefly review national cybersecurity legislation as well as standards and cyber skills requirements. We wrap up with a cyber "Shopping List" , Business Action Plan & Conceptual RoadMap. This presentation was given on the 6th November 2018 at the 38th East-West Security Conference in Nice, France! Enjoy!
21stC Cybersecurity Trends: 2018-2025 & Beyond!... Dr David Probert
Presentation to the ISSA Summer Cybersecurity Conference on HQS Wellington Ship on the River Thames, London - 5th July 2018. The keynote talk covers the TOP 10 Cyber Attacks - APT, Stealth Monitoring, Toxic eMail, Classic Malware, Custom Bots,, DDoS, Ransomware & DNS/Proxy Re-routing..We present Cybervision Scenarios for 2018 (Integrated Security), 2019(Self-Adaptive), 2020 (Self-Learning), 2025 (Cyber-Intelligent) and finally 2040 (Neural Security & Artificial Silicon Life!). This is followed by a brief survey of Maritime Security including the BIMCO & IET Guidelines and then wrapped up with a summary of the New Cybersecurity Toolkit. The presentation has a strong focus on the applications of artificial intelligence, Machine Learning & Deep Learning (Neural Networks) to Cybersecurity Solutions. In addition there is analysis of the fields of Intelligent Video Analytics, Digital Forensics & Cyber-Biometrics together with some real world solutions. Finally there is reference to Strategy Toolkits such as those from the United Nations / ITU, and from NIST = US National Institute of Standards & Technology. I would like to thank Sophie Wingrove & Team for their kind invitation to speak at this CyberSecurity Conference!
This presentation updates earlier talks and provides a CyberVision for Cybersecurity Tools & Technologies for the next 5 to 10 Years. The talk discusses CyberScenarios for Scenario 2018: Integrated Physical & CyberSecurity, Scenario 2019: Adaptive Security including the "Internet of Things & "Smart Security", Scenario 2020: Self-Learning Security using Machine Learning, Scenario 2025 Intellgent Security based upon Networked Artificial Intellgence & finally Scenario 2040 (!) - Neural Security based upon Advanced Deep Learning & Artificial General Intelligence where we may see the emergence of "Artificial Silicon Life"?! In each scenario we explore the emergent tools & provide some concrete examples of Advanced CyberSecurity Applications that are already available for Governments & Enterprises. the talk also touches upon the Integration of Biometrics & Digital Forensics into the 21st Century Cyber Toolkit. We also mention the role of Blockchains and CryptoCurrencies in the provision of Secure Encrypted "Peer-to-Peer" Financial Records & "Networked Spreadsheets"! Talk concludes with Recommendations for the TOP 10 Actions that YOUR CSO can execute to provide maximal CyberDefence for your Business or Agency! This talk was given on the Tuesday 21st November 2017 @ the 36th International East-Wet Security Conference @ Seville, Spain - by Dr David E Probert.
Cyber Threats & Defence! - "Intelligent CyberSecurity"!Dr David Probert
Presentation discusses TOP 10 CyberSecurity Threats - Exploration, Penetration & Attack! We review some recent Case Studies of CyberCrime, CyberTerrorism & Cyber Political & Hacktivist Attacks. The Threats discussed include: !1) APT - Advanced Persistent Attacks, (2) Stealth Monitoring with Loggers & Cams, (3) Toxic eMail & Social Phishing (4) Database SQL Attacks & Web Hacks, (5) Classic Malware, Viruses & Trojans, (6) Authentication/Compliance Hacks including Missing Patches & Password Dictionaries, (7) Custom Design "Bot" such as Stuxnet & Flame, (8) Toxic Cookies, DNS & Proxy Re-Direction, (9) DDoS - Distributed Denial of Service Attacks and finally (10) Ransomware using Toxic Scripts such as Petya & WannaCry! The presentation concludes with recommendations for ways to defend against such attacks including both Technical and Operationsl Action Plans. We stress the importance of appointing a BOARD LEVEL Chief Security Officer to manage ALL aspects of both Cyber & Physical Security for your Enterprise or government Agency. This talk was given on the Tuesday 21st November 2017 at the 36th East-West International Security Conference @ the Melia Hotel - Seville, Spain - by Dr David E Probert.
21stC CyberSecurity Defence: Next 7 Years - 2018 to 2025!Dr David Probert
This presentation provides a personal vision of trends in Cybersecurity during the coming 7 years - 2018 to 2025. We start with focusing on the Board Level Agenda for the newly appointed Chief Security Officer (CSO/CISO) and then briefly discuss the TOP 10 Cybersecurity Threats that include Ransomware, DDos Attacks, SQL injection, Social Media Phishing, Toxic Cookies, Classical Malware, Authentication Hacks, Stealth Monitoring and Advanced Persistent Attacks. We group these generic cyber threats under Exploration, Penetration and Real-Time Attacks! We then discuss the need for new Cyber Tools that will provide effective defence against such threat since classical tools such as anti-virus & firewalls will no longer stop the "bad guys" - CyberCriminals, Cyber Hacktivists & CyberTerrorists! We describe scenarios for 2018 (Integrated Security - Cyber & Physical Security), 2020 (Adaptive Security for the Internet of Things) and 2025 (Intelligent Security based upon Artificial Intelligence & Machine Learning). These tools are all available today and yet most organisations are still relying on the classical AV/Firewall Solutions and hence are highly vulnerable to cyberattacks. We wrap up the presentation with a brief look at Security for Critical Sectors such as Banking/Finance & Government. We suggest ways in which business can prioritise and organise CyberSecurity based upon frameworks such as those from NIST, SANS and the UN/ITU. Finally we return to the metaphor that Classical Physical Attacks & Warfare occur at the "Speed of Sound" whilst Global Cyber Attacks & CyberWarfare take place 1million times faster @ the "Speed of Light". This provides the key motivation for significantly upgrading our CyberDefences to provide Security within our 21stC Neural Society!
Cyber Tools and Trends - Next 7 Years: 2018 - 2025 !Dr David Probert
We present Cyber Trends and Tools for 2018 (Cyber Transition), 2020 (Intelligent Security) and 2025 (Neural Security) We discuss the evolution of the next generation of Tools based upon Artificial Intelligence & Machine Learning. And then we discuss applications to the Defence of Smart Devices (Internet of Things - IOT), Smart Transportation and Smart Cities. We briefly profile Next Generation Cybersecurity Products & Services from leading edge Vendors. We conclude with a discussion of ways to interface "Intelligent machines" with the "human brain" through recent developments in Virtual and Augmented Reality. And as usual we provide suggestions for ways to develop a Cyber Action Plan for YOUR Business with a Focus on the Importance of a Chief Information Security Officer (CISO/CSO) @ Board Level!
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Monitoring Java Application Security with JDK Tools and JFR Events
UN/ITU: Cybersecurity Skills Development - Salta, Argentina - 2010
1. “Cybersecurity Capacity Building
&
ITU AND CITEL REGIONAL CYBERSECURITY
CAPACITY BUILDING WORKSHOP FOR THE AMERICAS
Monday 1st November 2010, Salta City, Argentina
1
&
International Collaboration ”
Dr David E. Probert
2. Capacity Building & International Collaboration
1–Aim:Capacity Development 2 – Cyber Skill Requirements 3 – Critical Sector Cyber Skills
4– Cyber Culture & Awareness 5 –ITU Academy & Workshops 6 – ITU Standards & Toolkits
ITU AND CITEL REGIONAL CYBERSECURITY
CAPACITY BUILDING WORKSHOP FOR THE AMERICAS
Monday 1st November 2010, Salta City, Argentina
7 – IMPACT Cyber Training 8 – International Partnerships 9 – Next Suggested Steps
2
3. ITU: Cybersecurity Capacity Development
Call for Action: Migration from 20thC Physical Security to 21stC Cyber
Security for all National ICT Networks, & across Critical Service Sectors
Global Shortage: Practically ALL countries & regions, including UK and
USA, have significant shortage of qualified cybersecurity professionals
Cybercrime : The growth in cybercrime & cyber terrorism means that
countries need to quickly build capacity to defend critical services
ITU AND CITEL REGIONAL CYBERSECURITY
CAPACITY BUILDING WORKSHOP FOR THE AMERICAS
Monday 1st November 2010, Salta City, Argentina
National CIRTs : The Computer Incident Response Teams can be
focused upon capacity building across the Key Cybersecurity Actions
Partnerships: Global organisations such as the ITU are working
intensively to develop & communicate cybersecurity training resources,
as well as guidelines and standards for “best practice”
…..In this presentation I review the major skill requirements, professional
qualifications, the role of CIRTs & supporting ITU Training Programmes
3
4. National Cybersecurity: Cyber Skills Strategy
National CIRT: Each country needs to build cybersecurity skills within
the context of its national cybersecurity plan, led by the National CIRT
Stakeholders: The skills development programme will be an on-going
multi-year programme and should be undertaken by the government in
partnership with key public & private security stakeholders including:
Academic & Research Institutions such as major Universities & Colleges
ITU AND CITEL REGIONAL CYBERSECURITY
CAPACITY BUILDING WORKSHOP FOR THE AMERICAS
Monday 1st November 2010, Salta City, Argentina
Awareness Programmes with High Schools through games & competitions
such as the UK and US Government “Cyber Challenge” Programmes
ICT Market Sector, including the major Telecomms, ISP & Mobile Players
Critical Service Sector Businesses including Energy, Financial & Transportation
Support: The Government should provide some financial support to
“kick-start” the programme which should initially run for 3 to 5 years,
with the aim to train-up professionally certified cybersecurity specialists
4
5. Capacity Building & International Collaboration
1–Aim:Capacity Development 2 – Cyber Skill Requirements 3 – Critical Sector Cyber Skills
4– Cyber Culture & Awareness 5 –ITU Academy & Workshops 6 – ITU Standards & Toolkits
ITU AND CITEL REGIONAL CYBERSECURITY
CAPACITY BUILDING WORKSHOP FOR THE AMERICAS
Monday 1st November 2010, Salta City, Argentina
7 – IMPACT Cyber Training 8 – International Partnerships 9 – Next Suggested Steps
5
6. Cybersecurity Skills Needs
Management Information Assurance Technical
• Cybersecurity business case
formulation
• IT Base skills
• Staff Management skills/
Leadership skills
• Personnel Security
• Cybersecurity Policies,
Standards and Procedures
• Risk Management
• System Accreditation
• Compliance Checking
• IT technical skills (security
management)
• IT technical skills (IT defences
deployment)
• Security Design Principles e.g.
zoning
ITU AND CITEL REGIONAL CYBERSECURITY
CAPACITY BUILDING WORKSHOP FOR THE AMERICAS
Monday 1st November 2010, Salta City, Argentina
• Personnel Security
• Multi-Disciplinary skills
(technology, people etc)
• Communication skills
• Cyber-Criminal Psychology
• Cyber-Ethics Skills
• Data ownership
• Audit and Monitoring
• User Rights and
Responsibilities
• Incident Management
Process Design
• Assurance, trust and
confidence mechanisms
zoning
• Resilient Infrastructure
• Data Protection/ System
administration
• Cryptographic and Applied
Crypto Skills
• Data custodianship
• Operational Security
• Incident Management
6
7. Professional Cybersecurity Roles
1) Chief Information Security Officer (CSO/CISO)
2) Systems Operations & Maintenance Personnel
3) Network Security Specialists
4) Digital Forensics & Incident Response Analysts
5) Information Security Assessor
ITU AND CITEL REGIONAL CYBERSECURITY
CAPACITY BUILDING WORKSHOP FOR THE AMERICAS
Monday 1st November 2010, Salta City, Argentina
5) Information Security Assessor
6) Information Systems Security Officer
7) Security Architect
8) Vulnerability Analyst
9) Information Security Systems & Software Development
7
8. Capacity Building & International Collaboration
1–Aim:Capacity Development 2 – Cyber Skill Requirements 3 – Critical Sector Cyber Skills
4– Cyber Culture & Awareness 5 –ITU Academy & Workshops 6 – ITU Standards & Toolkits
ITU AND CITEL REGIONAL CYBERSECURITY
CAPACITY BUILDING WORKSHOP FOR THE AMERICAS
Monday 1st November 2010, Salta City, Argentina
7 – IMPACT Cyber Training 8 – International Partnerships 9 – Next Suggested Steps
8
9. Infrastructure Relationships in Cyberspace
ITU AND CITEL REGIONAL CYBERSECURITY
CAPACITY BUILDING WORKSHOP FOR THE AMERICAS
Monday 1st November 2010, Salta City, Argentina
9
10. Critical Sector Cybersecurity Skills
Every critical service sector will require some professional level of both
general and sector specific cybersecurity expertise in the future:
Telecommunications: End-to-End Network & Systems Security for Servers,
Routers, Switches, Transmission and all ICT Comms Hubs & Facilities
Banking/Finance: Defences against financial cybercrime and ID Theft
Civil/Military Forces: Digital Forensics and e-Crime Investigation Units
Transportation/Airports: Integrated security for airports & Transport Hubs
Energy/Water Utilities: Protection for the National Electrical Power Grids,
and Operational Control Networks for Pipelines for Oil, Gas and Water
ITU AND CITEL REGIONAL CYBERSECURITY
CAPACITY BUILDING WORKSHOP FOR THE AMERICAS
Monday 1st November 2010, Salta City, Argentina
and Operational Control Networks for Pipelines for Oil, Gas and Water
Industry/Manufacturing: Integrated physical-cyber security including Process
Control Systems (SCADA) against targeted Stuxnet type threats
Emergency Services: Secure real-time communications and applications
Healthcare: Integrated security for hospitals, medical systems & facilities
Education: Professional training courses, and advanced cybersecurity R&D
……Provision of these sector specific skills will require the National CIRT to
establish partnerships “best practice” public & private sector organisations.
10
11. Government Directive on
Cybersecurity Skills
Training Programmes
ITU: Flow-Chart for Cyber Skills Capacity Building(1)
ITU AND CITEL REGIONAL CYBERSECURITY
CAPACITY BUILDING WORKSHOP FOR THE AMERICAS
Monday 1st November 2010, Salta City, Argentina
11
12. ITU: Flow-Chart for Cyber Skills Capacity Building(2)
ITU AND CITEL REGIONAL CYBERSECURITY
CAPACITY BUILDING WORKSHOP FOR THE AMERICAS
Monday 1st November 2010, Salta City, Argentina
12
13. Capacity Building & International Collaboration
1–Aim:Capacity Development 2 – Cyber Skill Requirements 3 – Critical Sector Cyber Skills
4– Cyber Culture & Awareness 5 –ITU Academy & Workshops 6 – ITU Standards & Guidelines
ITU AND CITEL REGIONAL CYBERSECURITY
CAPACITY BUILDING WORKSHOP FOR THE AMERICAS
Monday 1st November 2010, Salta City, Argentina
7 – IMPACT Cyber Training 8 – International Partnerships 9 – Next Suggested Steps
13
14. ITU: Promoting a Culture of Cybersecurity
ITU AND CITEL REGIONAL CYBERSECURITY
CAPACITY BUILDING WORKSHOP FOR THE AMERICAS
Monday 1st November 2010, Salta City, Argentina
14
15. Cybersecurity Training and Awareness
Cybersecurity training and awareness will need to be tackled as a multi-
sector and multi-stakeholder programme.
Ultimately every business and every citizen will need to become cyber
aware if they are to remain safe in the virtual world of cyberspace.
Public awareness programmes will need strong central government
support in order that all citizen segments from children to the elderly
become conversant with cyber risks & how to protect oneself on-line.
Awareness Campaigns may target the client sectors through:
ITU AND CITEL REGIONAL CYBERSECURITY
CAPACITY BUILDING WORKSHOP FOR THE AMERICAS
Monday 1st November 2010, Salta City, Argentina
Awareness Campaigns may target the client sectors through:
Brochures, Newsletters and Video Materials
Local Discussions Groups held in Schools
Employee Handbooks for Staff Awareness
Short Training & Awareness Courses
Interactive Cybersecurity Website
Viral Marketing Campaign through Social Media Sites
Every media awareness channel is important if the country is to promote
& achieve a cybersecurity culture during the coming 3 to 5 years!...
15
16. Australian Government: CSPC –
Cybersecurity Awareness Campaign
ITU AND CITEL REGIONAL CYBERSECURITY
CAPACITY BUILDING WORKSHOP FOR THE AMERICAS
Monday 1st November 2010, Salta City, Argentina
16
17. “Cybersecurity Awareness: Malaysia”
Cyber Awareness: Excellent example of Awareness Campaign targeting
End-users with regards to 10 Major Cybersecurity & Cybercrime Threats:
1) Phishing Scam
2) Identify Theft
3) Safety of Internet Chat
4) Spam Emails
5) Safe On-Line Shopping
6) Safe On-Line Banking
ITU AND CITEL REGIONAL CYBERSECURITY
CAPACITY BUILDING WORKSHOP FOR THE AMERICAS
Monday 1st November 2010, Salta City, Argentina
Campaign is promoted by the Malaysian Government Cybersecurity
Agency under MOSTi – Ministry of Science, Technology and Innovation
17
6) Safe On-Line Banking
7) Security Checklists
8) Malware
9) Spyware
10)Password Protection
18. UK Government : Office of Cybersecurity (OCS)
The UK Government Office of Cybersecurity (OCS)
has eight well defined work streams as follows:
1) Safe, Secure and Resilient Systems
2) Policy, Legal and Regulatory Issues
3) Awareness and Culture Change
4) Cybersecurity Skills and Education
5) Technical Capabilities and R&D
6) Exploitation of UK Capabilities
7) International Engagement & Partnership
ITU AND CITEL REGIONAL CYBERSECURITY
CAPACITY BUILDING WORKSHOP FOR THE AMERICAS
Monday 1st November 2010, Salta City, Argentina
18
7) International Engagement & Partnership
8) Governance, Roles and Responsibilities
…these include the further development of
Digital Forensics Skills & the UK Cybercrime
response through the National eCrime Unit.
….. Significant focus in the UK Office of Cybersecurity (OCS) is also focused upon
“Cybersecurity Capacity Building” and the Development of a “Cybersecurity Culture”
19. Cybersecurity Awareness &
Education Techniques
Web or
Classroom
Training
Newsletters
Email and
Brochures
Security
ITU AND CITEL REGIONAL CYBERSECURITY
CAPACITY BUILDING WORKSHOP FOR THE AMERICAS
Monday 1st November 2010, Salta City, Argentina
19
Employee
Handbook
Presentations
Intranet
Site
Instructional
Videos
Email and
Voicemail
Reminders
Security
Awareness
Program
20. ITU: Child On-Line Protection (COP)
Guidelines for Children, Policy Makers, Industry and Educators
ITU AND CITEL REGIONAL CYBERSECURITY
CAPACITY BUILDING WORKSHOP FOR THE AMERICAS
Monday 1st November 2010, Salta City, Argentina
20
21. Cyber Skills & Capacity Building
Professional Cybersecurity Skills are currently in extremely short supply
even in developed countries & regions such as USA, UK and Europe!
The US Centre for Strategic and International Studies published a report
ITU AND CITEL REGIONAL CYBERSECURITY
CAPACITY BUILDING WORKSHOP FOR THE AMERICAS
Monday 1st November 2010, Salta City, Argentina
The US Centre for Strategic and International Studies published a report
in July 2010 recommending ways to overcome the skills crisis
The UK Government launched the Cybersecurity Challenge – July 2010
The US-led DC3 Digital Forensics Challenge finishes today – 1st Nov 2010
21
22. ITU Cybersecurity & ICT Essay Competition
ITU: National Cybersecurity Culture & Awareness
Task 1: Government
Assess whether:
(a) A comprehensive national awareness programme exists to
encourage all participants—businesses, the general workforce, and
the general population— to secure their own parts of cyberspace
(b) Government has allocated resources to build cybersecurity culture
(c) Government has led by example and required all staff, contractors
and third parties to demonstrate good cybersecurity practices
(d) Government has invested in Research and Development (R&D)
activities to develop solutions to cyber risks.
Task 2: Business
Establish whether:
(a) Business understand their responsibility to secure their cyberspace
(b) Incentives exist to encourage the development of a culture of
cybersecurity in business enterprises
ITU AND CITEL REGIONAL CYBERSECURITY
CAPACITY BUILDING WORKSHOP FOR THE AMERICAS
Monday 1st November 2010, Salta City, Argentina
22
cybersecurity in business enterprises
(c) Penalties exist against poor security practices
Task 3: End users
Assess whether:
(a) End users are aware of risks to business from their use of ICTs
(b) Users understand their individual responsibility and accountability
for actions on ICTs
(c) Users have received adequate training
(d) Security Operating Procedures clearly state user
responsibility and accountability for security
(e) A programme exists to educate and protect children and other
vulnerable groups against cyber threats
23. Capacity Building & International Collaboration
1–Aim:Capacity Development 2 – Cyber Skill Requirements 3 – Critical Sector Cyber Skills
4–Cyber Culture & Awareness 5 –ITU Academy & Workshops 6 – ITU Standards & Toolkits
ITU AND CITEL REGIONAL CYBERSECURITY
CAPACITY BUILDING WORKSHOP FOR THE AMERICAS
Monday 1st November 2010, Salta City, Argentina
7 – IMPACT Cyber Training 8 – International Partnerships 9 – Next Suggested Steps
23
24. ITU Academy Centres of Excellence
ITU AND CITEL REGIONAL CYBERSECURITY
CAPACITY BUILDING WORKSHOP FOR THE AMERICAS
Monday 1st November 2010, Salta City, Argentina
24
59 - ITU Academy Centres of Excellence
75 - ITU Academy Internet Training Centres
25. Securing Jamaica in Cyberspace!
---- (1)(1)(1)(1) ––––
Legal MeasuresLegal MeasuresLegal MeasuresLegal Measures ---- (2)(2)(2)(2) ––––
Technical &Technical &Technical &Technical &
ProceduralProceduralProceduralProcedural
----(3)(3)(3)(3) ––––
OrganizationalOrganizationalOrganizationalOrganizational
---- (4)(4)(4)(4) –––– CapacityCapacityCapacityCapacity BuildingBuildingBuildingBuilding
ITU AND CITEL REGIONAL CYBERSECURITY
CAPACITY BUILDING WORKSHOP FOR THE AMERICAS
Monday 1st November 2010, Salta City, Argentina
25
ProceduralProceduralProceduralProcedural
MeasuresMeasuresMeasuresMeasures
OrganizationalOrganizationalOrganizationalOrganizational
StructuresStructuresStructuresStructures
---- (5)(5)(5)(5) –––– International CollaborationInternational CollaborationInternational CollaborationInternational Collaboration
26. ITU: 5-day Cybersecurity Workshop - Jamaica 2010
ITU AND CITEL REGIONAL CYBERSECURITY
CAPACITY BUILDING WORKSHOP FOR THE AMERICAS
Monday 1st November 2010, Salta City, Argentina
26
27. Jamaican Cybersecurity RoadMap:
- Project Activities for Critical Sectors -
1st Quarter
2nd Quarter
ITU AND CITEL REGIONAL CYBERSECURITY
CAPACITY BUILDING WORKSHOP FOR THE AMERICAS
Monday 1st November 2010, Salta City, Argentina
27
3rd Quarter
4th Quarter
28. ITU Cybersecurity Mission to Georgia
ITU AND CITEL REGIONAL CYBERSECURITY
CAPACITY BUILDING WORKSHOP FOR THE AMERICAS
Monday 1st November 2010, Salta City, Argentina
28
29. Georgian Cyber Mission Objectives & Outcomes
Stakeholders: Interview the key stakeholders including the Government
Ministries, Georgian CERT (GRENA) & Critical Infrastructure Sectors
(Telecommunications, ISPs, National & Commercial Banks)
ITU GCA: Follow the 5 GCA Pillars: Legal, Technology, Organisation,
Capacity Building & Partnerships and develop detailed recommended
Action Plan & Rolling Project Road-Map for the Georgian Government
General Outcomes:
National Cybersecurity Agency(NCA) : Recommendation to establish an NCA with
ITU AND CITEL REGIONAL CYBERSECURITY
CAPACITY BUILDING WORKSHOP FOR THE AMERICAS
Monday 1st November 2010, Salta City, Argentina
National Cybersecurity Agency(NCA) : Recommendation to establish an NCA with
authority and budget to manage the national cybersecurity strategy & programmes
Georgian CERT: Key player with professional skills that can be leveraged to build up
capacity across both the Public and Private Sector working with International Partners
Critical Infrastructure: Recommendation to Review, Audit and then Upgrade Critical
Infrastructure to International Technical & Operational Security Standards (ITU/ISO)
……Long-Term Success will be dependant upon developing professional cybersecurity skills through
public-private partnerships that leverage existing CERT skills & also international organisations.
29
30. CERT Georgia: “GRENA” – Educational Sector
ITU AND CITEL REGIONAL CYBERSECURITY
CAPACITY BUILDING WORKSHOP FOR THE AMERICAS
Monday 1st November 2010, Salta City, Argentina
30
31. Georgia: Risk Assessment & Compliance Review
A priority action for every National Government and major Business will
be to assess the current levels of risks & security of computing
installations, networks, systems and applications.
During the ITU Georgian Mission, the following topics were considered
during each stakeholder interview such as Government, Telco & Banking:
1) ICT Management Organization
2) Personnel Security – Vetting & Access Controls
3) Software & Applications Security
4) Device and Hardware Security
ITU AND CITEL REGIONAL CYBERSECURITY
CAPACITY BUILDING WORKSHOP FOR THE AMERICAS
Monday 1st November 2010, Salta City, Argentina
4) Device and Hardware Security
5) Network Communications – Access, Encryption, Fail-over
6) Business Continuity and Disaster Recovery (BCP/DR)
7) Personal & Business Data Protection
8) Cybersecurity Standards and Frameworks
9) Physical Building & Facilities Security
……Following the initial audit and upgrades for each designated critical computing
facility there typically be annual audits to check upon standards compliance
31
32. ITU: Regional CIRT Training Workshops
ITU Cybersecurity Team has established CIRT Workshop and Training
Programme rolling-out during 2010/2011 across geographical regions
CIRT Development is at the core of the ITU Global Cybersecurity Agenda
The ITU Workshops promote CIRT creation and evolution under a practical
3 Phase Model & proceeds through the traditional Project Methodology of -
“Plan” – “Design” – “Implement” and “Operations”:
ITU AND CITEL REGIONAL CYBERSECURITY
CAPACITY BUILDING WORKSHOP FOR THE AMERICAS
Monday 1st November 2010, Salta City, Argentina
“Plan” – “Design” – “Implement” and “Operations”:
Phase 1 – 6 Months – Training & Awareness, Alerts, Incident Management
Phase 2 – 12 Months – Vulnerability Handling & Management, Technology Watch
Phase 3 - 18 to 24 Months – Risk Analysis & Consulting, Forensics & Audits
…ITU CIRT Workshops have already been held in the regions of West & East Africa,
and a further workshop will be held this month for Central & Eastern Europe…
32
33. ITU: CIRT Organisational Development Phases
6 MONTHS
12 MONTHS
18 - 24 MONTHS
ITU AND CITEL REGIONAL CYBERSECURITY
CAPACITY BUILDING WORKSHOP FOR THE AMERICAS
Monday 1st November 2010, Salta City, Argentina
33
34. ITU-IMPACT: CIRT READINESS ASSESSMENT QUESTIONNAIRE
Task:1 National CIRT Capacity - Identify:
(a) Government Agencies involved in CIRT activities
(b) Points of contact for incident response in the CIRT
(c) Internal or external organisations interfacing with CIRT Project
(d) Relevant Agencies / ministries /sectors involved in CII
(e) Internet Service Providers
Task:2 Mission and Target
For operational or planned CIRT establish:
(a) Objectives of the CIRT
(b) Short-term and long-term goals
Task:3 CIRT Initiatives within the Country - Record:
(a) Current or past Government or private sector CIRT initiatives
(b) Systems protected by each CIRT initiative
(c) Initiatives focused on recording cybercrime
(d) History of cyber incidents
(e) Cybersecurity research initiatives
Task:4 CIRT Service Model - For every CIRT identify:
ITU AND CITEL REGIONAL CYBERSECURITY
CAPACITY BUILDING WORKSHOP FOR THE AMERICAS
Monday 1st November 2010, Salta City, Argentina
34
Task:4 CIRT Service Model - For every CIRT identify:
(a) CIRT service model i.e. Unbounded, Bounded and Hybrid
(b) Criteria for selecting CIRT service model
(c) Operational Framework e.g. advertisement of membership/services
(d) Level of CIRT authority i.e. Full, Shared and None
(e) Whether CIRT owns its premises and technical infrastructure
(f) Manpower planning i.e. Staffing levels and Cybersecurity skills
(g) Incident Response and Performance evaluation model
(h) Participation in international information sharing activities
Task:5 CIRT Reporting Structure - Identify:
(a) Whether CIRT is an independent or Subsidiary organisation
(b) Its relationship with other CIRTs
(c) Financial model i.e. source of funding and revenue
35. ITU Regional Workshop on National CIRT
Readiness Assessment and Capacity Building
West-Africa Workshop – 4 Member States
attended (May 2010)
East-Africa Workshop - 4 Member States
attended (June 2010)
South-East Asia – assessment in 5 Member
States
ITU AND CITEL REGIONAL CYBERSECURITY
CAPACITY BUILDING WORKSHOP FOR THE AMERICAS
Monday 1st November 2010, Salta City, Argentina
States
Central Eastern Europe Workshop – expected
6 Member States (November 2010) to attend
Central Africa Workshop – expected 5 Member
States (December 2010) to attend
35
36. ITU Regional CIRT Workshop Programme
Answer
Questionnaire
Answer
Questionnaire
Experts – Data
Analysis
Experts – Data
Analysis
Customize the
Workshop Content
•Based on Analysis and
Customize the
Workshop Content
•Based on Analysis and
5 Days Intensive
Capacity Building
Workshop
5 Days Intensive
Capacity Building
Workshop
ITU AND CITEL REGIONAL CYBERSECURITY
CAPACITY BUILDING WORKSHOP FOR THE AMERICAS
Monday 1st November 2010, Salta City, Argentina
36
•Based on Analysis and
Findings
•Based on Analysis and
Findings
Workshop
•Country Breakout Sessions
Workshop
•Country Breakout Sessions
Assessment Report
and
Recommendations (2
weeks after the
workshop)
Assessment Report
and
Recommendations (2
weeks after the
workshop)
37. Capacity Building & International Collaboration
1–Aim:Capacity Development 2 – Cyber Skill Requirements 3 – Critical Sector Cyber Skills
4– Cyber Culture & Awareness 5 – ITU Academy & Workshops 6 – ITU Standards & Toolkits
ITU AND CITEL REGIONAL CYBERSECURITY
CAPACITY BUILDING WORKSHOP FOR THE AMERICAS
Monday 1st November 2010, Salta City, Argentina
7 – IMPACT Cyber Training 8 – International Partnerships 9 – Next Suggested Steps
37
38. ITU Security Handbook for ICT
ITU AND CITEL REGIONAL CYBERSECURITY
CAPACITY BUILDING WORKSHOP FOR THE AMERICAS
Monday 1st November 2010, Salta City, Argentina
38
39. ITU-X Technical Security Standards
The ITU Technical Families of Telecommunications Security Standards are
extremely comprehensive and span practically all technical aspects of
government and enterprise cybersecurity systems and architectures.
The ITU-X Series Standards are extremely useful in providing structures,
architectures and project guidelines during capacity building programmes.
The standards are also being continuously developed and upgraded by
professional specialists from the ICT Industry, Government & Academia
X.805 – Security Architecture for End-to-End Communications
ITU AND CITEL REGIONAL CYBERSECURITY
CAPACITY BUILDING WORKSHOP FOR THE AMERICAS
Monday 1st November 2010, Salta City, Argentina
X.805 – Security Architecture for End-to-End Communications
X.1056 – CIRTs: Incident Response Management Structures
X.1121 – Security Technologies for Mobile Data Communications
X.1191 – Functional Requirements for IPTV Security Agents
X.1205 – Overview of Cybersecurity and General Guidelines (Technologies)
X.1250 – Security Standards for Identity Management (IdM)
X.509 – Public Key Infrastructure & Certificate Frameworks (PKI)
………The ITU-X security standards can be freely downloaded from “ITU.int”
39
40. Cybersecurity in Telecomms & ICT (1)
ITU AND CITEL REGIONAL CYBERSECURITY
CAPACITY BUILDING WORKSHOP FOR THE AMERICAS
Monday 1st November 2010, Salta City, Argentina
40
41. Cybersecurity in Telecomms & ICT (2)
ITU AND CITEL REGIONAL CYBERSECURITY
CAPACITY BUILDING WORKSHOP FOR THE AMERICAS
Monday 1st November 2010, Salta City, Argentina
41
42. ITU – X.805 Security Architecture
ITU AND CITEL REGIONAL CYBERSECURITY
CAPACITY BUILDING WORKSHOP FOR THE AMERICAS
Monday 1st November 2010, Salta City, Argentina
42
….The ITU-X.805 Cybersecurity Architecture coupled with ITU-X.1205 Standards
together provide an excellent framework for in-depth Professional Technical Training
43. X.1205 Cybersecurity Technologies (1)
ITU AND CITEL REGIONAL CYBERSECURITY
CAPACITY BUILDING WORKSHOP FOR THE AMERICAS
Monday 1st November 2010, Salta City, Argentina
43
44. X.1205 Cybersecurity Technologies (2)
ITU AND CITEL REGIONAL CYBERSECURITY
CAPACITY BUILDING WORKSHOP FOR THE AMERICAS
Monday 1st November 2010, Salta City, Argentina
44
45. On-Line Cybersecurity Resources: ITU
All the ITU Publications can be found & downloaded from: www.itu.int
(use the titles below as search terms on the ITU Website Home Page)
1) ITU – Global Cybersecurity Agenda – HLEG Strategic Report – 2008
2) ITU – Cybersecurity Guide for Developing Countries – 2009
3) ITU – “BotNet” Mitigation Toolkit Guide – 2008
4) ITU – National Cybersecurity/CIIP Self-Assessment Tool – 2009
5)
ITU AND CITEL REGIONAL CYBERSECURITY
CAPACITY BUILDING WORKSHOP FOR THE AMERICAS
Monday 1st November 2010, Salta City, Argentina
5) ITU – Toolkit for Cybersecurity Legislation – 2010
6) ITU – Understanding Cybercrime: A Guide for Developing Countries-2009
7) ITU – Technical Security Standards & Recommendations – “X-Series” –
including X.509 (PKI), X.805 (Architecture), X.1205 (Threats & Solutions)
8) ITU – GCA: Global Cybersecurity Agenda: Summary Brochure – 2010
……..ITU GCA Home Page: www.itu.int/osg/csd/cybersecurity/gca/
45
46. ITU Cybersecurity Guides & Toolkits
ITU AND CITEL REGIONAL CYBERSECURITY
CAPACITY BUILDING WORKSHOP FOR THE AMERICAS
Monday 1st November 2010, Salta City, Argentina
46
47. Cybercrime & Legislation:
- Definition & Scope -
Cybercrime: Criminal activities that specifically target a computer or
network for malicious damage, infiltration, extortion, theft & fraud.
Cyberterrorism: Used for those cybercriminal acts that are deliberately
targeted to create large-scale disruption of critical information instructure
such as government, banking, energy & telecommunications networks
ITU AND CITEL REGIONAL CYBERSECURITY
CAPACITY BUILDING WORKSHOP FOR THE AMERICAS
Monday 1st November 2010, Salta City, Argentina
Cyberattacks: Typical terms used to designate cyberattacks include:
spamming, phishing, spoofing, pharming, denial of service, trojans,
viruses, worms, malware, spyware and botnets.
47
Upgraded National Laws & Regulations are required to enable the civil & military
enforcement agencies to investigate & prosecute cybercriminal & cyberterrorist
activities that are illegal & disruptive against citizens, businesses and the state.
48. ITU Toolkits: Cybercrime Legislation and a
Cybercrime Guide for Developing Countries
ITU AND CITEL REGIONAL CYBERSECURITY
CAPACITY BUILDING WORKSHOP FOR THE AMERICAS
Monday 1st November 2010, Salta City, Argentina
48
49. ITU CYBERCRIME TOOLKIT LEGISLATIVE REQUIREMENTS
Acts Against Computers, Computer Systems, Networks, Computer
Data, Content Data, and Traffic Data
Section 1: Definition of Terms
Section 2: Unauthorized Access to Computers, Computer Systems, and
Networks
Section 3: Unauthorized Access to or Acquisition of Computer Data,
Content Data, Traffic Data
Section 4: Interference and Disruption
Section 5: Interception
Section 6: Misuse and Malware
Section 7: Digital Forgery
Section 8: Digital Fraud, Procure Economic Benefit
Section 9: Extortion
Jurisdictional Provisions
Section 21: Jurisdiction
International Cooperation
Section 22: International Cooperation: General Principles
Section 23: Extradition Principles
Section 24: Mutual Assistance: General Principles
Section 25: Unsolicited Information
Section 26: Procedures for Mutual Assistance
Section 27: Expedited Preservation of Stored Computer Data,
Content Data, or Traffic Data
ITU Guidelines for Government Legislation Agencies
ITU AND CITEL REGIONAL CYBERSECURITY
CAPACITY BUILDING WORKSHOP FOR THE AMERICAS
Monday 1st November 2010, Salta City, Argentina
Section 9: Extortion
Section 10: Aiding, Abetting, and Attempting
Section 11: Corporate Liability
Provisions for Criminal Investigations and Proceedings for Offenses
within this Law
Section 12: Scope of Procedural Provisions
Section 13: Conditions and Safeguards
Section 15: Expedited Preservation and Partial Disclosure of Traffic Data
Section 17: Production Order
Section 18: Search and Seizure of Stored Data
Section 19: Interception (Real Time Collection) of Traffic Data
Section 20: Interception (Real Time Collection) of Content Data
49
Section 28: Expedited Disclosure of Preserved Content Data,
Computer Data or Traffic
Section 29: Mutual Assistance Regarding Access to Stored
Computer Data, Content Data, or Traffic Data
Section 30: Trans Border Access to Stored Computer Data,
Content Data, or Traffic Data
Section 31: Mutual Assistance In Real Time Collection of Traffic
Data
Section 32: Mutual Assistance Regarding Interception of Content
Data or Computer Data
50. ITU: Cybersecurity Project Gateway
ITU AND CITEL REGIONAL CYBERSECURITY
CAPACITY BUILDING WORKSHOP FOR THE AMERICAS
Monday 1st November 2010, Salta City, Argentina
50
….Currently….Currently 141141 ITU Project Initiatives in partnership withITU Project Initiatives in partnership with 5151 OrganisationsOrganisations
51. WSIS = World Summit on the Information Society
ITU AND CITEL REGIONAL CYBERSECURITY
CAPACITY BUILDING WORKSHOP FOR THE AMERICAS
Monday 1st November 2010, Salta City, Argentina
51
…The ITU took the global lead for WSIS in Cybersecurity & “Securing the Information Society”…The ITU took the global lead for WSIS in Cybersecurity & “Securing the Information Society”
52. ITU: Cybersecurity Programmes
ITU AND CITEL REGIONAL CYBERSECURITY
CAPACITY BUILDING WORKSHOP FOR THE AMERICAS
Monday 1st November 2010, Salta City, Argentina
52
….Multiple ITU Programmes that all contribute to National Cybersecurity Capacity Building!….Multiple ITU Programmes that all contribute to National Cybersecurity Capacity Building!….Multiple ITU Programmes that all contribute to National Cybersecurity Capacity Building!….Multiple ITU Programmes that all contribute to National Cybersecurity Capacity Building!
53. Capacity Building & International Collaboration
1–Aim:Capacity Development 2 – Cyber Skill Requirements 3 – Critical Sector Cyber Skills
4– Cyber Culture & Awareness 5 –ITU Academy & Workshops 6 – ITU Standards & Toolkits
ITU AND CITEL REGIONAL CYBERSECURITY
CAPACITY BUILDING WORKSHOP FOR THE AMERICAS
Monday 1st November 2010, Salta City, Argentina
7 – IMPACT Cyber Training 8 – International Partnerships 9 – Next Suggested Steps
53
54. IMPACT Global Headquarters:
Cyberjaya, Malaysia
ITU AND CITEL REGIONAL CYBERSECURITY
CAPACITY BUILDING WORKSHOP FOR THE AMERICAS
Monday 1st November 2010, Salta City, Argentina
54
IMPACT = International Multilateral Partnerships Against Cyber Threats
55. IMPACT: Cyber Training Roadmap
ITU AND CITEL REGIONAL CYBERSECURITY
CAPACITY BUILDING WORKSHOP FOR THE AMERICAS
Monday 1st November 2010, Salta City, Argentina
55
56. ITU-IMPACT: Cybersecurity Technical Training
ITU AND CITEL REGIONAL CYBERSECURITY
CAPACITY BUILDING WORKSHOP FOR THE AMERICAS
Monday 1st November 2010, Salta City, Argentina
56
CyberSecurity Technical Courses
Total Student Days = 41 (8+ Weeks)
57. ITU-IMPACT: Cyber Management Training
CyberSecurity Management Courses
Total Student Days = 16 (3+ weeks)
ITU AND CITEL REGIONAL CYBERSECURITY
CAPACITY BUILDING WORKSHOP FOR THE AMERICAS
Monday 1st November 2010, Salta City, Argentina
57
58. Capacity Building & International Collaboration
1–Aim:Capacity Development 2 – Cyber Skill Requirements 3 – Critical Sector Cyber Skills
4– Cyber Culture & Awareness 5 –ITU Academy & Workshops 6 – ITU Standards & Toolkits
ITU AND CITEL REGIONAL CYBERSECURITY
CAPACITY BUILDING WORKSHOP FOR THE AMERICAS
Monday 1st November 2010, Salta City, Argentina
7 – IMPACT Cyber Training 8 – International Partnerships 9 – Next Suggested Steps
58
59. International Cybersecurity Collaboration
Cybersecurity is a global trans-border issue. Cybercrime investigations and forensics
can only be managed through strong international collaboration and partnerships
The ITU Global Cybersecurity Agenda tackles this through multiple partnerships
including its role within the IMPACT Alliance, and its NEWS and ESCAPE Programmes,
as well as in-depth skills training, and the development of the CIRT-LITE Programme
INTERPOL is also a critically important partner for law enforcement authorities in many
countries for the investigation of international cybercrime “rings” & cyberterrorist “cells”
CERTs/CSIRTS also have well connected international communities that enable member
countries to support each other during cyber attacks:
ITU AND CITEL REGIONAL CYBERSECURITY
CAPACITY BUILDING WORKSHOP FOR THE AMERICAS
Monday 1st November 2010, Salta City, Argentina
countries to support each other during cyber attacks:
FIRST – Forum for Incident Response & Security Teams : 226 Teams in 48 Countries (FIRST.org)
CMU – Carnegie Mellon University pioneered the concept of CERTs during the early 1990s and
now runs the commercial CERT.ORG and provides global network support (CERT.org)
US-CERT – United States Computer Emergency Readiness Team (US-CERT.gov)
ENISA – European Network & Information Security Agency – (ENISA.europa.eu)
…The ITU currently has active working partnerships with all these international
cybersecurity organisations & many more as in the following graphical slide!
59
60. Stakeholders for the ITU Cybersecurity Ecosystem
ITU AND CITEL REGIONAL CYBERSECURITY
CAPACITY BUILDING WORKSHOP FOR THE AMERICAS
Monday 1st November 2010, Salta City, Argentina
60
61. Capacity Building & International Collaboration
1–Aim:Capacity Development 2 – Cyber Skill Requirements 3 – Critical Sector Cyber Skills
4– Cyber Culture & Awareness 5 –ITU Academy & Workshops 6 – ITU Standards & Toolkits
ITU AND CITEL REGIONAL CYBERSECURITY
CAPACITY BUILDING WORKSHOP FOR THE AMERICAS
Monday 1st November 2010, Salta City, Argentina
7 – IMPACT Cyber Training 8 – International Partnerships 9 – Resources & Next Steps
61
62. Next Steps for CITEL/OAS Members
During this intensive One Day Cybersecurity workshop we’ve covered all the
Five Pillars of ITU’s comprehensive Global Cybersecurity Agenda (GCA)
Some key actions for ITU & CITEL Members to consider during the next year are:
CIRT: Build or Upgrade your National CIRT and use this resource as a Catalyst for Capacity Building
NCA: Develop a National Cybersecurity Agency (or Council) within your Government Administration
Laws: Review the Legislation and Regulations, and ways in which your nation can implement New
Legislation to further secure the nation in Cyberspace, against Cybercrimes & Terrorism
Culture: Promote a culture of cybersecurity understanding and awareness across business & citizens
ITU AND CITEL REGIONAL CYBERSECURITY
CAPACITY BUILDING WORKSHOP FOR THE AMERICAS
Monday 1st November 2010, Salta City, Argentina
Culture: Promote a culture of cybersecurity understanding and awareness across business & citizens
Training: Work with your National CIRT to facilitate professional training within educational institutions
CIIP: Ensure that the Government and Critical Sectors are fully supported by your National CIRT
Forensics: Upgrade the professional experience & skills of the Cybercrime Teams in Digital Forensics
PPP: Implement PPP Agreements to outsource Government Cybersecurity Programmes to Business
Collaboration: Promote Cybersecurity Collaboration through Regional and Global partnerships
……the ITU looks forward to supporting your actions through its global
Cybersecurity Agenda of Guidelines, Workshops & Partnerships!
62
63. ITU & CITEL RegionalITU & CITEL Regional
Cybersecurity WorkshopCybersecurity Workshop
-- Capacity Building & International CollaborationCapacity Building & International Collaboration --
ITU & CITEL RegionalITU & CITEL Regional
Cybersecurity WorkshopCybersecurity Workshop
-- Capacity Building & International CollaborationCapacity Building & International Collaboration --
ThankThank--You!...You!...ThankThank--You!...You!...
ITU AND CITEL REGIONAL CYBERSECURITY
CAPACITY BUILDING WORKSHOP FOR THE AMERICAS
Monday 1st November 2010, Salta City, Argentina
ThankThank--You!...You!...ThankThank--You!...You!...
63
64. ITU & CITEL Regional Cybersecurity Workshop:
- Capacity Building & International Collaboration -
BACK-UP SLIDESBACK-UP SLIDES
ITU AND CITEL REGIONAL CYBERSECURITY
CAPACITY BUILDING WORKSHOP FOR THE AMERICAS
Monday 1st November 2010, Salta City, Argentina
BACK-UP SLIDESBACK-UP SLIDES
64
65. ITU Cybersecurity Guide for Developing Countries
ITU AND CITEL REGIONAL CYBERSECURITY
CAPACITY BUILDING WORKSHOP FOR THE AMERICAS
Monday 1st November 2010, Salta City, Argentina
65
66. Cybersecurity for Critical Sector “Sensor Networks”
Sensor Networks
ITU AND CITEL REGIONAL CYBERSECURITY
CAPACITY BUILDING WORKSHOP FOR THE AMERICAS
Monday 1st November 2010, Salta City, Argentina
66
67. StuxNet Worm: Targets Industrial SCADA Systems
Stuxnet Worm : 1st Discovered June 2010
ITU AND CITEL REGIONAL CYBERSECURITY
CAPACITY BUILDING WORKSHOP FOR THE AMERICAS
Monday 1st November 2010, Salta City, Argentina
67
SCADA = Supervisory Control & Data Acquisition
- Mainly for Power Stations & Industrial Plants -
68. Special Cybersecurity Technical Organisations
Effective national and enterprise cybersecurity requires the
implementation of professionally staffed technical organisations
In this session we’ll consider the cybersecurity organisations and
associated technical skills for:
CERT/CSIRT: Computer Emergency Response Team – We’ll explore the steps required to
establish and manage a National or Enterprise CERT. We will use the CMU (Carnegie
Mellon University), and ENISA (European Network & Information Security Agency)
Guidelines as the foundations for our technical and management analysis
ITU AND CITEL REGIONAL CYBERSECURITY
CAPACITY BUILDING WORKSHOP FOR THE AMERICAS
Monday 1st November 2010, Salta City, Argentina
NCU/eCrime Unit: National Cybercrime Unit – We’ll use the UK National eCrime Unit as
an example of “Best Practice” for the organisation, including the process for cybercrime
investigation, evidence collection and the skills for Digital Forensics
Global IMPACT Centre: International Multi-Lateral Partnership against Cyber Threats -
This is a unique organisation is an alliance with several major global players including
the ITU and Interpol. We’ll present some of the programmes that may be relevant to
National Government, major Institutions and Commercial Enterprises
68
69. Cyber Technologies and Standards
Architectures & Standards: The protection of critical national
infrastructure requires systems & services to be implemented to
internationally agreed architectures & technical standards
ITU Standards: Standards Groups supported by the ITU have defined
and published an extensive set of standards based around X.805 and
X.1205b that cover practically all aspect of cybersecurity systems
Integrated Security: The implementation of complete cybersecurity
ITU AND CITEL REGIONAL CYBERSECURITY
CAPACITY BUILDING WORKSHOP FOR THE AMERICAS
Monday 1st November 2010, Salta City, Argentina
Integrated Security: The implementation of complete cybersecurity
security solutions for critical sectors requires the integration of
cybersecurity technologies within those for physical security
Open Wireless World: The open world of mobile gadgets & social
networking means that cybersecurity professionals have to continually
design new technical solutions to maintain comprehensive security
69
70. CyberCrimes against Critical Sectors
Government:
Theft of secret intelligence, manipulation of documents, and illegal
access to confidential citizen databases & national records
Banking/Finance:
Denial of Service attacks against clearing bank network, phishing
attacks against bank account & credit cards, money laundering
Telecomms/Mobile:
Interception of wired & wireless communications, and penetration
ITU AND CITEL REGIONAL CYBERSECURITY
CAPACITY BUILDING WORKSHOP FOR THE AMERICAS
Monday 1st November 2010, Salta City, Argentina
Interception of wired & wireless communications, and penetration
of secure government & military communications networks
Transport/Tourism:
Cyberterrorism against airports, hotels and resorts, malicious
penetration of on-line booking & reservations networks
Energy/Water:
Manipulation and disruption of the national energy grid & water
utilities through interference of the process control network
70
71. CISSP Certification Domains
The CISSP – Certified Information Systems Security Professional is one
of the highest international qualifications from the (ISC)² , and is based
upon the core tenets of Confidentiality, Integrity & Availability:
1) Access Control
2) Application Security
3) Business Continuity and Disaster Recovery
4) Cryptography
5) Information Security and Risk Management
6) Legal, Regulations, Compliance and Investigations
ITU AND CITEL REGIONAL CYBERSECURITY
CAPACITY BUILDING WORKSHOP FOR THE AMERICAS
Monday 1st November 2010, Salta City, Argentina
6) Legal, Regulations, Compliance and Investigations
7) Operations Security
8) Physical (Environmental) Security
9) Security Architecture and Design
10)Telecommunications and Network Security
An in-depth study of all these security domains would easily fill an
intensive 3 month training schedule, but it is possible to provide an
overview of the essential features during an intensive 5-day workshop!
71