Itu regional workshop "K "Key ey Aspects ts of - PowerPoint PPT Presentation

Itu regional workshop "K "Key ey Aspects ts of Cybersecuri rity ty in th the Context t of of Internet of of Things (Io IoT)“ )“ Na Natalia alia SPINU NU 18 September, 2017 Tashkent, Uzbekistan

AGENDA 1.INTRODUCTI ON 2.Moldovan public policy on cybersecurity 3.RECOMMEN DATIONS

Introduction

WHY THIS MATTERS TO YOU Across all sectors: individuals, commerce, governments Growing space with rapid § expansion Growing pervasiveness in everything we do § § Cyber criminals, hacktivists, terrorists, state-sponsored, Many threats hackers, amateurs, insiders, trusted partners and many other Considerable uncertainty, broad scope, and ever-changing § dimensions Cyber Security is an unclear concept Cyber security definitions vary widely and lack true § conformity Increasing tension between governments, individuals, private § Cyber is a chaotic and enterprises, commence. ungoverned environment What is cyber defense? § Technological advancement § Early stages of cyber Fast and intense competition § expansion An uncertain future of the cyber domain, the internet and § more Government roles increasing in number and importance

THE CYBER SECURITY CHALLENGE… When… In the Cyber world, The Cyber world lacks a The Cyber world is a security was an single central cyber system of insecure afterthought architect systems The Cyber world is not Innovation is constant, static but constantly and highly evolving unpredictable

WHY? 3) Complex Trust relationships between cyber domains Cyber security affects every Trust is foundational person who Who is not connected in some way? § Uses a smart phone, computer, § automated banking, GPS, and modern How do organizations find the right balance medicine of trust, transparency, and privacy? Rapid expansion. The Internet of Things…. § Machine to machine interaction §

HOWEVER, WHAT DO WE KNOW ABOUT CYBERSPACE? Contested Globally connected environment Mostly in private Great deal of hands anonymity “F “Fifth Domain” Changing New form of environment warfare?

Moldovan public policy on cybersecurity

DIGITAL CONTEXT IC ICT contrib ributes ~10% of In Intern rnet penetratio ion: GD GDP: Overall - 50%; § 153 IT companies; Broadband – 11%; § § 7 major ISPs; Since 2010 some ISPs § § 3 mobile operators; offer 100/100Mbit for § 250 MDL (~13 USD); DIGIT AL Guvernamental Gu Services Se CONT 522 available § EXT 125 are electronic § Inf Infrastru ructure: § Fiber link to 99% of Mobile penetration – Mo localities, last mile is 110%: 110% Ethernet; § High speed 3G internet § Separate 100Mbps dark access since 2008, 3.5G fiber network serving since 2010, 4G since central public 2012; administration

EVOLUTION of Moldovan Public Policy on Cybersecurity 1 2 3 4 5 2009: 2009: 2010: 2010: 2013: 2013: 2015: 2015: 2007: 2007: § Government Law No. 20 of § Government § Government § Law No. 241 of § Decision № 15.11.2007 “on 03.02.2009 Decision No. 746 of decision No. 857 811 of electronic “on 2010 "On the of 31.10.2013 29.10.2015 preventing approval of the “National communications “National and updated Individual Strategy for ” Programme combating Partnership Action information on Cyber cybercrime” Plan the Republic of society Security” Moldova - NATO" development 'Digital Moldova 2020'”

DUALISM OF DEVELOPMENT VECTORS of Moldovan Public Policy on Cybersecurity OVERALL OBJECTI OV TIVE: : To create GOAL: GO : To create and implement secure environment for national cybersecurity management development of information system society NATIONAL PROGRAM ON CYBER 1 “Digital Moldova 2020” 2 SECURITY 2016 – 2020 Education, Preventing Digital Strengthening International and and Access and content and Capacities cyber defense continuous cooperation combating electronic infrastructure and utilization capacities awareness cybercrime services Security and Creation of integrity of Safe data cybersecurity electronic processing, incident communicatio storage and response access, ns networks team at and services national level

KEY ASPECTS of Moldovan Public Policy on Cybersecurity CYBE R SECU INTERNATIO RITY NAL COOPERATIO N

INTERNATIONAL COOPERATION Most active cooperation partners of Moldova on cybersecurity International States and unions organizations European Union International United States Telecommunication Union South Korea Organization for Security and Co-operation in Europe Estonia International CYBERSEC North Atlantic Treaty URITY Organization Cybersecurity COOPERAT Community United States Agency for ION International Development CSIRTs and CSIRT communities Council of Europe Specialized organizations Regional Commonwealth in the field of Communications Private companies Independent experts

MAIN CHALLENGE Insufficiency of international cooperation in identifying risks, vulnerabilities, other events occurring in the world cyberspace, and preventing cross-border cyber threats and attacks. National Programme on Cyber Security Government Decision № 811 of 29.10.2015

INTERNATIONAL COOPERATION Approved course of actions Strengthening cooperation Signing cooperation agreements with US-CERT, NCERT and with international CSIRTs other CSIRTS Development of capacities Creation of platform for international consultation and for technical interaction coordination on cyber threats Development of Public- Establishing of contact points, organisation of regular Private Cooperation meetings Promotion of national interests at international Promotion of national interests at international arena arena Strengthening cooperation between national universities Development of cooperation with (ISC) 2, ISACA, SANS and and leading other institutions EDUCATIONAL companies

EDUCATION AND CONTINUOUS AWARENESS Core problems (1) Citizen are not conscious that their electronic devices might be already hacked § “In spite of a big number of cybersecurity victims, only a few citizen are conscious that their electronic devices (mobile phones, tablets, notebooks, computers, etc.) might be compromised by cyber attacks through the Internet. That fact significantly contributes to the grow of cyber crimes exploiting the vulnerability of human character.” (National Program on Cybersecurity) (2) Lack of continuous education and awareness in cybersecurity area

EDUCATION AND CONTINUOUS AWARENESS Policy plan Development of awareness in the regard of existing Awareness campaigns risks of cyberspace Augmentation of cybersecurity educational Educational curriculum curriculum Creation of awareness portal for informing about Awareness portal current cyber threats Competence Adoption of the requirements to the competence of employees in cybersecurity domain both in requirements private and public sectors Organization and implementation of trainings and Cybersecurity trainings workshops on cybersecurity for public and private personnel, holders of critical infrastructure Cybersecurity Creation of cybersecurity laboratory laboratory

EDUCATION AND CONTINUOUS AWARENESS Policy implementation achievements. Cybersecurity trainings Joint educational activities supported by EU

POLICY IMPLEMENTATION ACHIEVEMENTS Supported by Nato Operational State-OF- since 6 th art oct 2016 Technology Located at Advanced Technical Cyber University training of moldova capacities Through red/blue team exercises

RECOMMENDATI ONS

RECOMMENDATIONS Tips for Implementing a Cybersecurity Program What effect does an attack on your business have and what FOCUS ON CRITICAL INFORMATION can be done about it? What vulnerabilities have been identified and how have they EVALUATE A CYBER INCIDENT RESPONSE PLAN been resolved? Is the cybersecurity budget being used appropriately? LOOK OVER THE BUDGET Do you know enough about defence, monitoring, risk and data BE INFORMED ABOUT KEY RISK INDICATORS protection? Are you constantly being briefed on new developments in WORK WITH INTERNAL AND EXTERNAL SPECIALISTS technology and cybersecurity? What are the privacy and security policies of external FOLLOW THE SAFTEY RULES OF EXTERNAL PROVIDERS providers? Do they meet your requirements? Are you keeping up-to-date with the latest cyber threats and COMPLY WITH LAWS/ REGULATIONS FOR CYBERSECURITY new laws?

RECOMMENDATIONS Tips for dealing with challenges CHALLENGES Change the mass Keep the cyber Ensure effective Allocate resources Understand the culture strategy in mind national and and budgets influence of newly international emerged cyber collaboration threats

THANK YOU! Na Natalia alia SP SPINU natalia.spinu@cts.md natalia.spinu@cert.gov.md