4. 1 Given threat environment what response needed?
2 Outline of different approaches and strategies
3 Commonalities , best practices and lessons
Presentation Identifier Goes Here 4
9. UK Approach
• Launched June 2009
1. Reduce risks to UK use’s of internet
2. Exploit opportunities – gather
intelligence and intervene
3. Improve knowledge, capabilities and
decision making – policies, governance
10. • Strategic leadership across government – coordination
• 8 key work streams
policy and regulatory issues awareness and culture change
technical capabilities/R&D international engagement
• GCHQ, Cheltenham
• Improve UK technical response to cyber incidents
• Disseminate information on risks, attacks and coordinate
action
12. US 60 day Review….
• May 2009 ‐ “Assuring a trusted and resilient information and
communications infrastructure”
• Builds on 2008 Comprehensive National Cyber security
Initiative
• Since the review…
• Enhanced 2009 Cyber security Enhancement Act
• Boost federal R&D, stimulate US workforce
• Estimated to give $396 million
• Cyber Storm Exercise Feb 2010 ‐ Symantec key partner
• Appointment Cyber Tsar
Presentation Identifier Goes Here 12
14. Estonia
• September 2008 strategy
– graduated system of security measures
– Expertise development
– appropriate regulatory and legal framework
– international co‐operation
– Awareness raising
• November 2009 NATO‐accredited Cooperative Cyber Defence
Centre of Excellence (CCDCOE)
– Symantec and NATO memorandum of understanding
– Joint research project to promote cooperation on online threats
– Explore modus operandi of attackers
Presentation Identifier Goes Here 14
15. Singapore
• iN2015 Master Plan 2005 (3 years)
– Intelligent and trusted infocomm infrastructure
• Led by Infocomm Development Authority (IDA)
– Included National Infocomm Security committee
– formulates IT security policies
• Result of 2005 plan
– “enhanced overall security situational awareness”
• So 2nd Master plan launched 2008
“…first Master plan aimed largely at providing the public sector with
measures to counter infocomm security threats, the second Master
plan will expand on that and engage both the public and private
sectors “
Presentation Identifier Goes Here 15
16. Emerging technologies Users International Relations
R&D
Threats Practioners Industry Standards
•Association of
Security Cyber Security CERT-to-CERT
Awareness Alliance
Cyber Watch Centre Professionals Meridan process -
(CWC) (AiSP)
National Infocomm CIIP trust building
security Scholarship
Creation of SISTA
Presentation Identifier Goes Here 16
17. Singapore next steps…
• Singapore Infocomm Technology Security Authority (SITSA)
– Created Oct 2009
– Safeguard Singapore against IT Security Threats
– Develop, execute contingency operations and plans
• Core Activities:
• Partnership Development
• Critical Information Infrastructure Protection
• Technology Development
• Planning, preparedness response
• cyber attack exercises
Presentation Identifier Goes Here 17
19. EU Approach
• Interdependence of European Member State
• Common shared approach to security needed
• Regulation and legislation role
– European Cyber crime Convention ‐2001
– Framework Decision on attacks against information
systems – 2005
– Commission Communication ‐ "Protecting Europe from
large scale cyber‐attacks and disruptions” ‐ 2009
1.Preparedness and prevention
2.Detection and response
3.Mitigation and recovery
4.International and EU wide cooperation
But its not just legislation only…
19
23. Collaboration is key
• Up to 90% of critical infrastructure private sector operated
– Industry, government and law enforcers coming together
– Developing public, private partnerships and approaches
• Symantec’s involvement
– Joint deployment of security intelligence technologies
– Joint exercises – US Cyber storm, UK CWID, US IT‐ Information
Sharing and Analysis Centre (ISAC)
– Joint research projects– EU FP7 , Wombat, Lobster, NATO Estonia
centre
– Participation in expert groups, committees ‐ ENISA, UK IACG, UK
Council for Child Safety, UK e‐Crime Reduction Partnership,
– Sponsoring events and conferences – UK IA09,
Presentation Identifier Goes Here 23
25. Commonalities
Best practices
Lessons
Presentation Identifier Goes Here 25
26. Recognition of interconnected nature of IT systems
Move from attack detection to prevention measures
Role of regulation and legislation
Need for joint approach to protect society
Need to work with private sector partners
Importance of international engagement
Information sharing and trusted networks are needed
Raising awareness and addressing culture change is key
Presentation Identifier Goes Here 26
27. Lessons learnt ‐ Symantec’s top 5 to leave behind…
1. A holistic approach to security policy is required
• Move away from closed, nationally protected computer
networks
• Understand moving threat environment
2. Real time awareness of threat landscape vital
• 24 – 7
• Information and intelligence is power
3. Both proactive and reactive capabilities needed
• Operational and technical
• Threat awareness and analysis based
• Technical expertise and skills needed
Presentation Identifier Goes Here 27