270 likes | 420 Vues
The Swedish Initiative on Critical Infrastructure Protection. Presentation at ETH/ÖCB Workshop Zurich 9 November 2001. Dir. Lars D. Nicander, National Office of IO/CIP-Studies, Swedish National Defence College Secretary of The Cabinet Working-Group on IO-D/CIP.
E N D
The Swedish Initiative on Critical Infrastructure Protection Presentation at ETH/ÖCB Workshop Zurich 9 November 2001 Dir. Lars D. Nicander, National Office of IO/CIP-Studies, Swedish National Defence College Secretary of The Cabinet Working-Group on IO-D/CIP
The Swedish Initiative on Critical Infrastructure Protection • Our view on IO/CIP • Issues • How to organize a National IO-D/CIP-Management • Some proposals • Time frame • Possible areas of international co-operation
CO KK DRE DRE NCP SwSS OMB FI State PTS DoJ Information Warfare - threats, security, protection ÖCB DoD (chair) NDC (secr) TCN DRI GAO JCS Stkt DMA DoInd. Psycdef AFHQ Mil. I&S Telia Teracom SAF SVT SJ/BV Sv.Bf SNUS SR LME Cabinet Working Group on IW-D/CIP(970101-000621) Sv Kraftnät ?
CO/Adm NDC (secr) DoD (chair + dep.) Cabinet Working Group on IO-D/CIP(000622-011231) Council DoD (3) Do Fi DoJ (2) NCID SwSS PTS MoFA (2) NSD ÖCB Information Operations - threats, security, protection FOA DoI,E&C. SwAAD Psycdef AF/Ops Mil. I&S DMA FRA FI SwBA
IO/IW Synergy Strategic/Economic Environment Joint Operations IO/ IW Information, Intelligence Perceptions Information Systems, Infosec
Coalitions Nations Organisations Individuals Levels Classes (W. Schwartau) Coalitions III Nations II Organisations Individuals I
Defensive Information Operations (IO-D)/ Defensive Information Warfare (IW-D) Critical Infrastructure Protection Information Assurance Taxonomy
Threats • First strike attack for nations • Means of diplomatic pressures • Terrorists • Corporate espionage • Drug cartels, criminal organisations • The disgruntled employee
FBI/CSI-Survey • Interviews with 634 companies on IT-incidents • $25 billion losses in year 2000
Some Weapons • Psychological Operations • Blackmail, extortion • Data manipulation • Cryptoanalysis • Virus • Logical bombs • Backdoors • Chipping • EMP; electromagnetic pulse • Physical destruction
Issues • Policy development “Sweden should be a safe marketplace!” • Organisation/structure • Focal point? • Threat overview • Setting security standards for government and recommend standards for critical private infrastructure • National CERT • Programs for awareness, education and training • Funding for security and redundancy incentives • International Co-operation and Regimes
Protective philosophy- Report no 2 • Protect-Detect-React (RM-perspective) • Clarify the hidden statistics of IT-incidents • Define Minimal Essential Critical Information Infrastructure • ”Helpdesk” + responsive functions in real time ---> GovCERT
Structures, responsibilities- Report no 2 • Problem • ”Who´s in charge?” • Need for a new bureaucratic syntesis • Character • Intelligence or operational matter? • Organisational direction • A new agency? • A new function hosted by an established agency?
Criteria for a ”lead agency” • Strong linkage threat-planning • Far-reaching administrative and operational responsibility • Organic relations within the Total Defense Community as well as with the Private Sector (c.f. PCCIP) • Law Enforcement Authorities • Education, training and personal development of a national Red Team-unit
National IO-D Management Cabinet co-ordination group Threat/ IO-intel Security Incident analysis SwSS Joint planning and co-ordination ”Joint Venture” private/public Private Sector ÖCB Statistics unit (Nat. ISAC) GAO PsyB PTS FI AFHQ NCID Counter Psyops/Deception I&W-unit CESG GovCERT Red Team DRE
Defense Bill March -99 Wait Wait OK OK OK Cabinet WG - Report 2- main proposals • Consensus • A co-ordination group within Cabinet Office • A new national IO-D co-ordination body on the Agency-level (separate division within ÖCB) • A GovCERT will be organised by PTS (LEA support) • A National ISAC will be organised • Reporting duty within Government
OK OK OK OK OK Cabinet WG - Report 2- main proposals (cont.) • Expanded Armed Forces mandate for support of vital National Information Systems • An active IT-check function for the government administration will be organised within the Armed Forces • Constitutional amendments • Analysis of perception/desinformation methods on Internet at The National Board of Psychological Defence • New forms of co-operation etc. concerning IC
SWE c.f. US in CIP approaches • More emphasis on the top-down perspective (IO-D) than on the infosec bottom-up perspective (IA). • More emphasis on the CIAO-equivalent and less on the NIPC, due to the assessment of tight linkage between threat and planning • One stop-shop to the Private Sector through the Private Sectors Security Delegation • One Private-Government National ISAC • GovCERT+ deals with private CERTs ---> NatCERT
The Committee on Vulnerability and Security in Civil Society IT security and IO protection: • Presented to The Cabinet 11 May 2001 • Explicit IT security strategy • Cross-boundary co-ordination centre • Overall public IT security responsibility within a new agency for civil planning • National CERT • A new technology competence centre • Certification body
Structure Co-ordination centre Planning, risk assessment Technology Competence Centre National CERT Certification Body
Time frame • Parliament Decision I, May 1999 • Swedish Defence Commission: White Paper 2, September 1999 ”...of great importance to security policy!” • Parliament Decision II, March 2000 • Special Commissioner on Vulnerabilities in Society, May 2001 • Cabinet Bill to Parliament, September 2001 • Parliament Decision III, November 2001 • Implementation 2002-2003 (New agency etc.)
International law (”use of force”) etc International Co-operation, Regimes etc Management issues (”bending pipes”) Three Challenges International tasks • Domestic tasks
Collective Security in Cyberspace • There are no borders in Cyberspace! • A cyber-intrusion could be routed from country A through country B, C and D before it ends up in country E. • How can we trace back these intrusions? • Today: International Law Enforcement or private initiatives (FIRST etc) • Tomorrow: ”Fishwebs” between national CERT:s for tracing intrusions back in real time?
Country A Country B Country C Country D Country E Building fishwebs in Cyberspace Country Z Country Y UN, ITU etc Country X
Areas of international co-operation? • Doctrines concerning use of IO/IW under UN or other international legal auspices (international operations, upholding sanctions etc.) • Principles of building Regimes for defensive actions taken in Cyberspace (tracing, counterhacking etc.)
More info…. Website: <www.fhs.mil.se>