150 likes | 415 Vues
Protection of Classified Information & Cyber Security. Bruno VERMEIRE Belgian NSA INFOSEC Competent PRS Authority Federal Public Service Foreign Affairs Bruno.vermeire@diplobel.fed.be ++32.2.501 4573. Overview. Legal Principles Classified Information (CI) a target ? The BEL NSA
E N D
Protection of Classified Information&Cyber Security Bruno VERMEIRE Belgian NSA INFOSEC Competent PRS Authority Federal Public Service Foreign Affairs Bruno.vermeire@diplobel.fed.be ++32.2.501 4573
Overview • Legal Principles • Classified Information (CI) a target? • The BEL NSA • Belgian Cyber Security Strategy • Protecting CIS handling CI • Outsourcing • Challenges
Legal Principles • National Security Authority : Preventive • Police : Proactive, Reactive • Justice : Repressive
Classified Information (CI) a target? • Paper world thinking Cyber thinking • CI = protection of national assets + assets of other states on the territory • CI = targeted with sophisticated tools, even when not connected Are we target ? yes, all CIS handling CI are targeted
The BEL NSA • 8 administrations: • Includes all principles • Collegial decisions • Cyber is not within the legal framework for protecting CI • Legal framework cyber includes the protection of CI • BEL CERT, limited services • Mil CERT
Belgian Cyber Security Strategy • BELNIS • All BEL administrations with cyber security responsibility, includes BEL NSA • Strategy approved by the government • Includes • Mechanism for approving security products • Accreditation of systems beyond protection of CI only • Implementation probably next Government • Strong focus on centralised approach, awareness & education • Appropriate cyber crime regulation • Includes adaption of Budapest Convention on Cybercrime
Protecting CIS handling CI • Pro’s • Appropriate security installed • Appropriate separation • Very good documented • trusted users
Protecting CIS handling CI • Contra • data exchange high risk (MemStick, DVD, …) • patch policy not easy to implement • Off line, direct assessment difficult • Wireless (3G, 4G, WiFi, …)
Outsourcing • Focus on • Vulnerability assessment • Protection • Trusted products • Creating technical legal framework (cyber security standards for CIS handling CI) • Civil accredited evaluators • Government accreditors (BELAC - NSA)
Challenges : taxonomy Electronic Surveillance COMPUSEC Cyber Terrorism Information Assurance Cyber Defense Electronic Warfare Electronic Defense Computer Network Exploitation Information Operations Infosec Cyber Warfare COMSEC Computer Network Defense Cyber Security Emanation security (EMSEC) • Electronic Attack ISTAR Cyber Network Operations Computer Network Attack Information Deception OSINT SIGINT Computer Network Offensive Cyber Monitoring Operations Security (OPSEC)
Challenges : high speed revolution • Gov evolution speed Internet revolution • No global legal framework • Identification of responsibilities • Recognition as an armed attack/military domain
Challenges : collaboration • It takes two to tango • Win/Win minimal level & equality requirement • Exposure risk • If you know what I can detect, …you also know what I can’t … • Technology advantage
Challenges : means • People • Knowledge & Training • Computers & networks Cyber Capabilities must be developed during personnel and budget cuts…
Thank You !!