1 / 23

a National approach to Cyber security/CIIP: Raising awareness

a National approach to Cyber security/CIIP: Raising awareness. Presented to: Workshop on Capacity Building for Computer Emergency Readiness Team (CERT) for Africa November 1-2, 2010 By Joseph Richardson Senior Fellow, GMU-ICC. Objectives.

Télécharger la présentation

a National approach to Cyber security/CIIP: Raising awareness

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. a National approach to Cyber security/CIIP: Raising awareness Presented to: Workshop on Capacity Building for Computer Emergency Readiness Team (CERT) for Africa November 1-2, 2010 By Joseph Richardson Senior Fellow, GMU-ICC

  2. Objectives • Propose a way of thinking about Cyber Security/CIIP • A FRAMEWORK • Identify key elements of the FRAMEWORK and relationships among them • Suggest methods for building a national consensus on FRAMEWORK and on implementation actions.

  3. cybersecurity:Why Worry? • Nation is dependent on ICTs • Economic wellbeing • National security • Social cohesion • Risk is inherent in ICT use • Vulnerabilities • Threats • Interdependences • Conclusion: Action is required

  4. cybersecurity:Who’s responsible? “Government, business, other organizations, and individual users who develop, own, provide, manage, service and use information systems and networks” - UNGA Resolution 57/239 Creation of a global culture of cybersecurity • Collectively known as The Participants

  5. Participants:What should They do? AWARENESS: Be aware of the need for security and what they can do to enhance it. RESPONSIBILITY: Review their own security policies, practices, measures an procedures regularly and assess appropriateness. RESPONSE: Act in a timely and cooperative manner to prevent, detect and respond to security incidents. • In a manner appropriate to their roles See: UNGA Res 57/239.

  6. cybersecurityresponsibility It’s SHARED All participants must be responsible Each participant must take action -- appropriate to its role in the overall system • Government has responsibility to lead

  7. Government lead: what Does it do? • Ensure all participants are aware of security • Promote responsibility, and • Assure coordinated response by participants; using • A common national vision • Policy and institutional frameworks

  8. Government lead how? • Conduct a national Cybersecurity Self-Assessment • Take stock • Promulgate A National Cybersecurity Strategy • Vision for action

  9. Cyber securityscope What is meant by cybersecurity? • ITU documents speak of “Enhancing security and building confidence in the use of ICT applications” • UNGA resolutions 57/239 and 58/199 speak of “a culture of cyber security in the application and use of information technologies” and in the protection of critical information infrastructures. • Others speak in terms such as cyberspace, the Internet and the information society.

  10. Cyber securityscope Recognizing there is no fixed definition, a national approach to cybersecurity should include • Physical security of the information infrastructure • Virtual security, and • Human aspects of the use of ICTs, including interactions among people

  11. Key documents UNGA Resolutions: • 64-211 Taking stock of cybersecurity needs and strategies • 58-199 Creation of a global culture of cybersecurity and the protection of critical information infrastructures • 57-239 Creation of a global culture of cybersecurity • 56-121 Combating the criminal misuse of information technologies • 55-63 Combating the criminal misuse of information technologies See: http://www.un.org/documents/resga.htm

  12. Key documents ITU National Cybersecurity/CIIP Self-Assessment Tool ITU Q.22/1 Report On Best Practices For A National Approach To Cybersecurity: Building Blocks For Organizing National Cybersecurity Efforts ITU Cybercrime Resources:  • ITU Toolkit For Cybercrime Legislation • ITU Publication on Understanding Cybercrime – A Guide for Developing Countries See: http://www.itu.int/ITU-D/cyb/cybersecurity/index.html

  13. Take Stock Self-Assessment - What is it? • An identification and evaluation of existing national approach to cyber security. • Policies • Procedures • Mechanisms • Norms • Institutions • Relationships • What are we doing? • What should we be doing? • Input for a National Cybersecurity Strategy

  14. VisionNational Strategy - What is it? A Policy Document that Provides a National Vision: • Outlines the case for national action • Identifies participants and their roles • Elaborates organizational responsibilities • Establishes policy and operational structures • Addresses key elements of cybersecurity • Lays out a plan of action

  15. Getting Started • The Audience • Who are they? • What is their level of awareness and response? • What decisions already taken? • The Participants • Those entities and persons who • Will prepare and comment on the Self-Assessment and the National Strategy, • Will implement the National Strategy • They come from • Government • Business and Industry • Academia • Civil Society

  16. Getting Started • The Case for Action • Role of ICTs in the nation • Vulnerabilities and threats • Risks to be managed • The stage for Cybersecurity: • Relationship to other national goals and objectives • Economic and Development goals • Industry goals • Social goals • Security goals

  17. key elements Collaboration and Information Exchange IncidentManagement Legal Framework Culture ofCybersecurity Key Elements of a National Cybersecurity Strategy

  18. objectives For each key element • A statement of policy • Identify and prioritize goals to support policy • Elaborate specific steps to reach goals

  19. Other considerations Other Considerations • Resources • Budget and financing • Equipment and technology • Human capacities • Timeframes and milestones • Priorities • Reviews and reassessments

  20. Output Self-assessment provides: Input to a National Cybersecurity Strategy • A set of Findings and Recommendations • With supporting documentation • Reviewed by all participants • That provide the basis for policy decisions and a program of action to address cybersecurity • Promulgated at a level to ensure action by all participants

  21. Conclusion Use of a National Cyber Security Self–Assessment to produce a National Cyber Security Strategy can assist governments: • Understand the existing national approach • Develop “baseline” on best practices • Identify areas for attention • Prioritize national efforts • Promote national action and assist with • regionally and internationally coordination and • cross border cooperation

  22. Final Observations No nation starts at ZERO No “right” answer Continual review and revision needed All “participants” must be involved • Appropriate to their roles

  23. Questions? Joseph Richardson Senior Fellow GMU-ICC

More Related