270 likes | 910 Vues
Cooperative Cyber Defence Centre of Excellence. Peeter Lorents Research and Development Branch Chief 3.03.2010. Disclaimer. “This briefing is a product of the CCD COE. It does not represent the opinions or official policies of NATO and is designed to provide an independent position.“.
E N D
Cooperative Cyber Defence Centre of Excellence Peeter Lorents Research and Development Branch Chief 3.03.2010 UNCLASSIFIED
Disclaimer “This briefing is a product of the CCD COE. It does not represent the opinions or officialpolicies of NATO and is designed to provide an independent position.“ UNCLASSIFIED
Outline • Cyber Society • Estonia as an Example of an Early Cyber Society • Cyber Attacks against Estonia (2007) • Lessons Learned from the Estonian Case • The CCD COE: • Structure, • Mission and Tasks, • Major Events. UNCLASSIFIED
Cyber-Society A cyber society is a society where computerized information transfer and information processing is (near) ubiquitous and where the normal functioning of this society (including control) is severely degraded or altogether impossible if the computerized systems no longer function correctly. UNCLASSIFIED
Estonia as an Example of an Early Cyber Society (I) • The financial sector in Estonia (which is equivalent to the blood circulation in the human body) is almost fully computerized. The following facts are a good illustration of this claim: • 98% of all bank transactions are completed via electronic means (on-line payments, credit card use, signing up for new bank services on-line etc). • 88% of all income tax declarations were entered on-line in 2008 and 17% of those on the first day of the declaration period. In 2009, the number of first day declarations rose 43%. UNCLASSIFIED
Estonia as an Example of an Early Cyber Society (II) • The exchange of information is also largely facilitated by computer systems: • major newspapers are represented on-line • some key information forums are only available on-line • medical records available to doctors via a national information system • school grades, homework assignments and messages to and from parents are implemented in an e-school system • Estonian police and courts use an e-case system, which allows for easy sharing of information about criminals UNCLASSIFIED
Estonia as an Example of an Early Cyber Society (III) • Leadership and management of the society is strongly reliant on computer systems: • government holds paperless e-cabinet meetings • local and state elections offer both manual and an electronic vote option UNCLASSIFIED
Remarks • This is not merely using „electronic gadgets“ but information transmitting, processing, storing etc. with computers in order to ensure the running of critical processes at the national level! • Therefore, many (if not all) of these services should be considered critical information infrastructure and any attacks against them should be viewed in the context of national security. • In most cases, attacks against these systems have a tangible effect on ordinary citizens, who can no longer get access to the services they need. • This (the Estonian case) illustrates the dangers of over-dependence between human society and computer networks. UNCLASSIFIED
Cyber-Weapons, Cyber-War • IT-systemsthatare created for destruction or for paralyzing of other IT-systems, including cyber-systems are cyber-weapons. The use ofcyber-weapons for obtaining the political objectivesis a cyber-war. Johannes Kert (1959) Carl von Clausewitz (1780-1831) Examples: Estonia (2007), Georgia (2008). UNCLASSIFIED
Cyber Attacks against Estonia(2007). Nature of the Attack • DoS attacks, some DDoS • Defacement attacks • E-mail and comment spam • Targets: government web sites, news portals • Calls to attack Estonia in the Internet: • Сегодня, проводитсяграндиознаяDoS-атаканасайтихправительстваhttp://www.riik.ee/et/ооуществитьэтолегко - заходим в Пуск - Стандартные - команднаястрока, в открывшемсяокнепишем : ping -n 5000 -l 1000 http://www.riik.ee • наэтовыпотратите 5 мегабайтисходящеготрафика. UNCLASSIFIED
SomeDefensive Actions • Cooperation and coordination • betweenthe public and private sector with nations and • international organizations • Network configuration • filtering • increasing bandwidth • blocking access • white-listing • Information sharing and media coverage UNCLASSIFIED
Lessons Learned from the Estonian Case • Importance of Internal Cooperation • Network of leaders and specialists • Public and private sector cooperation • Proactive defence • Importance of International Cooperation • Cooperation is key for effective defence • There are nophysical borders inthe cyberspace • The cyberspace has be protected like air, sea or land • Defence is a sum of political, legal, technical, … measures UNCLASSIFIED
The Cooperative Cyber Defence Centre of Excellence is • A multinationally manned and sponsored entity currently comprised of 7 Sponsoring Nations • Germany, Italy, Latvia, Lithuania, Slovak Republic, Spain and Estonia • joiningprocess with: Turkey,Hungary, USA • Accredited as a NATO COE (Oct 28th 2008) • Directed and tasked by a Multinational Steering Committee of Sponsoring Nations • actively receives additional NATO requests via Supreme Allied Command of Transformation UNCLASSIFIED
Cooperative Cyber Defence Centre of Excellence is NOT • Part of NATO Command or Force Structure • funded from NATO Common budget • 24/7 NATO Operational Incident Handling Center nor Multinational Computer Emergency Response Team working on behalf of Sponsoring Nations • Group of hackers or “Cyber Warriors” UNCLASSIFIED
Mission To enhance the capability,cooperation and information sharingamong NATO, NATO nations and Partners in cyber defence by virtue of education, research&development, lessons learned, consultation. UNCLASSIFIED
Command& Control Steering Committee AnnualBudget New SponsoringNations Programme ofWork (POW) ContributingParticipants UNCLASSIFIED
Organization Director Chief of Staff Legal and Policy Training and Doctrine Research and Development Administration Administration Branch Assistant BranchAssistant BranchAssistant Scientist Senior Analysts StaffOfficers Scientists Personnel Scientist Senior Analysts Assistants Assistants ITC Budget Public Affairs Security UNCLASSIFIED Vacancies *VNC
Relationships Steering Committee NATO Inputto POW by Syncronizationof POW • NATO Entities • HQ SACT • NATO CDMB • NCIRC • NC3A Tasks & Budget • Other NATO COE-s • COE-DAT • C2 COE Cooperationwith “Bridge” between • Other entities • National CERTs • Academia • Private Sector • International Org. Products & Services • Nations • NATO • Non-NATO • Customers • NATO • SponsoringNations • ContributingParticipants UNCLASSIFIED
Principles of Cooperationin CCD COE Work UNCLASSIFIED
Plans for 2010 Legal and Policy • Legal Project • Policy Project Strategy and Concepts • Concept and Strategy Development • Cyber Defence Glossary • Cyber Defence in Multiple Futures Projects • Cyber Defence in NNEC Environment Tactical Environment • Intelligent Cyber Defence Methods • Cyber Defence Monitoring Solutions • Botnet Mitigation • Introductory Course in IT Systems Attacks and Defence • Forensics and Investigation Capability UNCLASSIFIED
Plans for 2010 (Cont.) Critical Information Infrastructure Protection • Cyber Defence Simulations • Security Methodologies • CCD COE – Sweden Cyber Defence Exercise Supporting Activities • CCD COE Educational and Training Plan • Cyber Defence Lessons Learned • NATO Cyber Defence Exercise • Development of a Cyber Lab Conferences • NATO Cyber Defence Workshop – 26-27 MAY 2010 • CCD COE Annual Conference (CCD COE Conference on Cyber Conflict – C6) – 15-18 JUN 2010 Consultations UNCLASSIFIED
http://www.ccdcoe.org UNCLASSIFIED