1 / 14

Protection of Classified Information & Cyber Security

Protection of Classified Information & Cyber Security. Bruno VERMEIRE Belgian NSA INFOSEC Competent PRS Authority Federal Public Service Foreign Affairs Bruno.vermeire@diplobel.fed.be ++32.2.501 4573. Overview. Legal Principles Classified Information (CI) a target ? The BEL NSA

trynt
Télécharger la présentation

Protection of Classified Information & Cyber Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Protection of Classified Information&Cyber Security Bruno VERMEIRE Belgian NSA INFOSEC Competent PRS Authority Federal Public Service Foreign Affairs Bruno.vermeire@diplobel.fed.be ++32.2.501 4573

  2. Overview • Legal Principles • Classified Information (CI) a target? • The BEL NSA • Belgian Cyber Security Strategy • Protecting CIS handling CI • Outsourcing • Challenges

  3. Legal Principles • National Security Authority : Preventive • Police : Proactive, Reactive • Justice : Repressive

  4. Classified Information (CI) a target? • Paper world thinking  Cyber thinking • CI = protection of national assets + assets of other states on the territory • CI = targeted with sophisticated tools, even when not connected Are we target ? yes, all CIS handling CI are targeted

  5. The BEL NSA • 8 administrations: • Includes all principles • Collegial decisions • Cyber is not within the legal framework for protecting CI • Legal framework cyber includes the protection of CI • BEL CERT, limited services • Mil CERT

  6. Belgian Cyber Security Strategy • BELNIS • All BEL administrations with cyber security responsibility, includes BEL NSA • Strategy approved by the government • Includes • Mechanism for approving security products • Accreditation of systems beyond protection of CI only • Implementation probably next Government • Strong focus on centralised approach, awareness & education • Appropriate cyber crime regulation • Includes adaption of Budapest Convention on Cybercrime

  7. Protecting CIS handling CI • Pro’s • Appropriate security installed • Appropriate separation • Very good documented • trusted users

  8. Protecting CIS handling CI • Contra • data exchange high risk (MemStick, DVD, …) • patch policy not easy to implement • Off line, direct assessment difficult • Wireless (3G, 4G, WiFi, …)

  9. Outsourcing • Focus on • Vulnerability assessment • Protection • Trusted products • Creating technical legal framework (cyber security standards for CIS handling CI) • Civil accredited evaluators • Government accreditors (BELAC - NSA)

  10. Challenges : taxonomy Electronic Surveillance COMPUSEC Cyber Terrorism Information Assurance Cyber Defense Electronic Warfare Electronic Defense Computer Network Exploitation Information Operations Infosec Cyber Warfare COMSEC Computer Network Defense Cyber Security Emanation security (EMSEC) • Electronic Attack ISTAR Cyber Network Operations Computer Network Attack Information Deception OSINT SIGINT Computer Network Offensive Cyber Monitoring Operations Security (OPSEC)

  11. Challenges : high speed revolution • Gov evolution speed Internet revolution • No global legal framework • Identification of responsibilities • Recognition as an armed attack/military domain

  12. Challenges : collaboration • It takes two to tango • Win/Win  minimal level & equality requirement • Exposure risk • If you know what I can detect, …you also know what I can’t … • Technology advantage

  13. Challenges : means • People • Knowledge & Training • Computers & networks Cyber Capabilities must be developed during personnel and budget cuts…

  14. Thank You !!

More Related